www.misp-project.org
Open in
urlscan Pro
2a00:5980:93::128
Public Scan
URL:
https://www.misp-project.org/
Submission: On November 18 via api from LU — Scanned from US
Submission: On November 18 via api from LU — Scanned from US
Form analysis 1 forms found in the DOM
<form class="navbar-form" role="search">
<div class="input-group">
<input type="text" class="form-control" placeholder="Search">
<span class="input-group-btn">
<button type="submit" class="btn btn-template-main"><i class="fas fa-search"></i></button>
</span>
</div>
</form>Text Content
MISP Open Source Threat Intelligence Platform & Open Standards For Threat
Information Sharing - go to homepage
Toggle Navigation
* Home
* Features
* Data Models
* * Data Models
* MISP core format
* MISP taxonomies
* MISP Galaxy
* MISP Objects
* Default feeds
* Documentation
* DOCUMENTATION
* Documentation
* OpenAPI
* Tools
* Support
* Contributing
* Research projects
* Research topics
LEGAL
* License
* Legal and policy
* GDPR
* ISO/IEC 27010:2015
* NISD
* Communities
* Download
* Events
* Upcoming events
* Past events
* Webinars
* Hackathon
* MISP Summit
* News
* Contact
* REACHING US
* Contact Us
* Press inquiries
* Professional Services
* Commercial Support
* Security Matters
WHO ARE WE?
* The core team
* Contributors
* Governance
OPEN SOURCE THREAT INTELLIGENCE AND SHARING PLATFORM
Share.Store.Correlate.Analyse.
Targeted attacks.Financial Fraud.Counter-terrorism.
VISUALIZATION & DASHBOARDS
Seeing helps understanding.
MISP comes with many visualization options helping analysts find the answers
they are looking for.
A GALAXY OF INFORMATION
MISP is more than Software
It is also a massive collection of open taxonomies that can be used in any
software.
AM!TT for disinformation,
ATT&CK for threat actors, TTPs,
Attack4fraud, TLP, GDPR, Veris, admiralty, estimative language, document
classification, and much more!
THE ART OF INFORMATION SHARING
is to share more, smarter and faster
with your friends and allies
than your adversaries would like to.
THE KEY IS AUTOMATION
Isn’t it sad to have a lot of data and not use it because it’s too much work?
Thanks to MISP you can store your IOCs in a structured manner, and thus enjoy
the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and
synchronize to other MISPs. You can now leverage the value of your data without
effort and in an automated manner. Check out MISP features.
SIMPLIFY THREATS
The primary goal of MISP is to be used. This is why simplicity is the driving
force behind the project. Storing and especially using information about threats
and malware should not be difficult. MISP is there to help you get the maximum
out of your data without unmanageable complexity.
BY GIVING YOU WILL RECEIVE
Sharing is key to fast and effective detection of attacks. Quite often similar
organizations are targeted by the same Threat Actor, in the same or different
Campaign. MISP will make it easier for you to share with, but also to receive
from trusted partners and trust-groups. Sharing also enabled collaborative
analysis and prevents you from doing the work someone else already did before.
Join one of the existing MISP communities.
THREAT INTELLIGENCE
Threat Intelligence is much more than Indicators of Compromise. This is why MISP
provides metadata tagging, feeds, visualization and even allows you to integrate
with other tools for further analysis thanks to its open protocols and data
formats.
VISUALIZATION
Having access to a large amount of Threat information through MISP Threat
Sharing communities gives you outstanding opportunities to aggregate this
information and take the process of trying to understand how all this data fits
together telling a broader story to the next level. We are transforming
technical data or indicators of compromise (IOCs) into cyber threat
intelligence. MISP comes with many visualization options helping analysts find
the answers they are looking for.
OPEN & FREE
The MISP Threat Sharing ecosystem is all about accessibility and
interoperability: The software is free to use, data format and API are
completely open standards and for support you can rely on community and
professional services.
WANT TO TEST AND EVALUATE MISP?
Download now
INITIATIVES
The MISP Threat Sharing project consists of multiple initiatives, from software
to facilitate threat analysis and sharing to freely usable structured Cyber
Threat Information and Taxonomies.
The MISP is an open source software solution for collecting, storing,
distributing and sharing cyber security indicators and threats about cyber
security incidents analysis and malware analysis. MISP is designed by and for
incident analysts, security and ICT professionals or malware reversers to
support their day-to-day operations to share structured information efficiently.
MISP PORTAL
Many MISP galaxy clusters are already available like MITRE ATT&CK, Exploit-Kit,
Microsoft Activity Group actor, Preventive Measure, Ransomware, TDS, Threat
actor or Tool used by adversaries.
Taxonomies provide a set of already defined classifications modeling estimative
language, CSIRTs/CERTs classifications, national classifications or threat model
classification.
MISP GALAXIES & TAXONOMIES
In a continuous effort since 2016, CIRCL frequently gives practical training
sessions about MISP. The purpose is to reach out to security analysts using MISP
as a threat intelligence platform along with users using it as an information
sharing platform.
All the training materials are open source, include slides and a virtual machine
preconfigured with the latest version of MISP. Reach out if you are looking for
custom training.
MISP DOCU & TRAININGS
PyMISP is a Python library to access MISP platforms via their REST API.
PyMISP allows you to fetch events, add or update events/attributes, add or
update samples or search for attributes programmatically. Discover more
PYMISP
MISP modules are autonomous modules that can be used to extend MISP for new
services such as expansion, import and export.
The modules are written in Python 3 following a simple API interface. The
objective is to ease the extensions of MISP functionalities without modifying
core components.
For more information: Extending MISP with Python modules slides from MISP
training.
MISP MODULES
DO YOU WANT TO JOIN A COMMUNITY?
MISP is an open source software and it is also a large community of MISP users
creating, maintaining and operating communities of users or organizations
sharing information about threats or cyber security indicators worldwide.
Find communities
FROM OUR BLOG
In addition to the news stories below, check out the press, events, hackathon,
MISP Summit pages and full news archive.
Read more
MISP IOC RETROSEARCH WITH MISP42 SPLUNK APP.
By Remi Seguy on October 22, 2024
INTRODUCTION
Hi, in this blog post I am going to share how I have built a framework on Splunk
to retrosearch on MISP indicators of compromise.
Continue reading
Read more
MISP 2.4.198 RELEASED WITH MANY BUGS FIXED, SECURITY FIXES AND IMPROVEMENTS.
on September 17, 2024
MISP V2.4.198 (2024-09-13)
Based on a set of fixes including a security fix, we are pleased to announce the
immediate availability of MISP 2.4.198. You can find a list of the detailed
changes along with new features further below. As with any security release, we
highly encourage everyone to update their instance as soon as possible.
Continue reading
Read more
MISP 2.4.197 RELEASED WITH MANY BUGS FIXED, A SECURITY FIX AND IMPROVEMENTS.
on September 2, 2024
RELEASE NOTES - V2.4.197 (2024-09-02)
NEW FEATURES
* Config Option: Added a new configuration option
user_org_uuid_in_response_header to include a response header with the
requesting user’s organization UUID. [Jeroen Pinoy]
* Build: Display required STIX dependencies versions during the build process.
[Jakub Onderka]
* Bookmark now supports comment.
CHANGES
* Version: Version bump. [iglocska]
* Warning List: Updated the warning list. [Alexandre Dulaunoy]
* Taxonomies: Updated to the latest version. [Alexandre Dulaunoy]
* MISP Galaxy: Updated to the latest version. [Alexandre Dulaunoy]
* PyMISP: Version bump. [Raphaël Vinot]
* Internal Logging: Added logging when an event will not be published. [Jakub
Onderka]
* Global Menu - Bookmarks: Added comment field as the dropdown element’s title
in the global menu bookmark. [Sami Mokaddem]
* Database Upgrade - Bookmarks: Upgraded the database to support bookmark
comments. [Sami Mokaddem]
* Bookmark View: Added a missing comma for the new comment function and added a
field for comments in the bookmark view. [Jan Z.]
* Bookmark Index: Added a field to display comments in the bookmarks index.
[Jan Z.]
* Bookmark Add/Edit: Added a field to add and edit comments for bookmarks. [Jan
Z.]
* MISP Object: Updated to the latest version. [Alexandre Dulaunoy]
FIXES
* UI/Footer: Improved UI footer to avoid confusion for some users. [Alexandre
Dulaunoy]
* IOC Import: Added a check to ensure the provided XML is valid. [Jakub
Onderka]
* Schema: Updated schema version. [Jakub Onderka]
* UI: Fixed tag popover to return already parsed data. [Jakub Onderka]
* Bookmarks - Add: Lower-cased the comment field. [Sami Mokaddem]
* Sightings: Correctly retrieve sightings per the requested event. [Tom King]
* Bookmarks - Verbose Returns: Fixed an issue with overly verbose returns from
bookmarks when shared with the organization. This fix was reported by Sharad
Kumar Dahal of Green Tick Nepal Pvt. Ltd. [iglocska] This fixes a security
issue recorded as CVE-2024-45509.
* Feed: When pulling feeds, events are now checked against specified rules if
any rules are provided. [Benni0]
OTHER
* Merged pull requests addressing issues with unpublished events logging, tag
popover parsing, sightings restSearch performance, and STIX dependencies
version display. [Jakub Onderka, Andras Iklody, Andrew Hicks]
* Fixed issues related to sightings restSearch negation of organization ID.
[Andrew Hicks]
For a complete list of updates, please refer to the changelog pages. Many thanks
to all the diligent contributors that ensure that MISP keeps improving rapidly!
Continue reading
Read more
MISP 2.4.196 RELEASED WITH MANY BUGS FIXED AND IMPROVEMENTS.
on August 21, 2024
MISP 2.4.196 RELEASED WITH MANY BUGS FIXED AND IMPROVEMENTS.
NEW FEATURES
* Decaying Model: Introduced a new DecayingModel that leverages true positive
and false positive sightings for better decision-making. [Marcel Slotema]
* Log Search Enhancement: Added an optional hh:mm:ss accuracy to log searches,
allowing for more precise time-based queries. This update also includes
significant refactoring to improve code quality. [iglocska]
* User Log Review: Improved the functionality of the “review user logs” button.
It now links directly to logs relevant to the specific user, considering the
new audit log system. Future enhancements will include email-based log
searches. [iglocska]
CHANGES
* PyMISP Update: Updated PyMISP to the latest version. [Raphaël Vinot]
* Decaying Model Formulas: Enhanced error handling by catching undefined
indexes in decaying model formulas. [Sami Mokaddem]
* Attributes Search: Added support for sorting by publish_timestamp and
introduced the X-Skipped-Elements-Count header to improve pagination during
REST searches. [Benni0]
* Reverse Proxy Handling: Fixed issues with base URL handling for reverse
proxies, eliminating problematic redirects. Special thanks to Mitch Germansky
for the extensive debugging. [iglocska]
* MISP Components Update: Updated MISP Object, Galaxy, and STIX components to
their latest versions. [Alexandre Dulaunoy, Christian Studer]
FIXES
* STIX 2 Import: Updated the STIX 2 parsers following recent changes in
MISP-STIX. [Christian Studer]
* Base URL Setting: Adjusted the priority order in beforeFilter to avoid redis
errors during benchmarking. [iglocska]
* Image Helper: Allowed for variable-width organization logos without
overlapping text. [iglocska]
* Workflow Module: Ensured correct type return if redis fails to load during
workflow:getEnabledModules. [Sami Mokaddem]
* Settings Management: Fixed multiple issues related to changing instance
settings, including improvements to CLI checks. [iglocska]
* Attribute Search Ordering: Reverted ID-based sliding window ordering due to
performance concerns. [iglocska]
OTHER
* Merged several development branches to integrate recent changes, updates, and
fixes from various contributors. Notably, the branches related to attribute
search order, skipped elements count, and environment dependencies were
integrated into the main branch. [iglocska, Christian Studer, Sami Mokaddem,
Alexandre Dulaunoy, Stefano Ortolani, Andras Iklody]
For a complete list of updates, please refer to the changelog pages. Many thanks
to all the diligent contributors that ensure that MISP keeps improving rapidly!
Continue reading
ABOUT US
About us
--------------------------------------------------------------------------------
RECENT POSTS
MISP IOC RETROSEARCH WITH MISP42 SPLUNK APP.
MISP 2.4.198 RELEASED WITH MANY BUGS FIXED, SECURITY FIXES AND IMPROVEMENTS.
MISP 2.4.197 RELEASED WITH MANY BUGS FIXED, A SECURITY FIX AND IMPROVEMENTS.
--------------------------------------------------------------------------------
CONTACT
Go to contact page
--------------------------------------------------------------------------------
© MISP project. Software released under approved open source licenses and
content of this website released as CC BY-SA 3.0.
Template by Bootstrapious. Ported to Hugo by DevCows.