Overview
What is MISP Threat Sharing?
MISP Threat Sharing is an open source software and set of standards to share, create and validate threatintel and intelligence. As an open source project MSP Threat Sharing is free to participate in, and use.
Recent Reviews
Leaving a review helps other professionals like you evaluate Threat Intelligence Platforms
Be the first one in your network to review MISP Threat Sharing, and make your voice heard!
Get StartedPricing
N/A
Unavailable
What is MISP Threat Sharing?
MISP Threat Sharing is an open source software and set of standards to share, create and validate threatintel and intelligence. As an open source project MSP Threat Sharing is free to participate in, and use.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
1 person also want pricing
Alternatives Pricing
What is Webroot Endpoint Protection?
Webroot Endpoint Protection is the OpenText company's business class multi-vector endpoint protection application, providing centralized endpoint management, deep learning intelligence, and advanced behavioral analytics. For SMBs, Webroot Smarter Cybersecurity solutions were designed from the…
What is EclecticIQ Platform?
EclecticIQ Platform is an analyst-centric Threat Intelligence Platform (TIP). The vendor says it is optimized for the collection of intelligence data from open sources, commercial suppliers and industry partnerships into a single collaborative analyst workbench. EclecticIQ Platform aims to…
Product Details
- About
- Tech Details
What is MISP Threat Sharing?
MISP, the open source threat sharing platform.
A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. MISP is used today in multiple organisations not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks, frauds or threats against ICT infrastructures, organisations or people.
MISP Features:
MISP Features:
- An IoC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
- Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis. Correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can be also enabled or event disabled per attribute.
- A data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
- Built-in sharing functionality to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms.
- A user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate between events and their correlations. An event graph functionality to create and view relationships between objects and attributes. Advanced filtering functionalities and warning list to help the analysts to contribute events and attributes.
- Storing data in a structured format (allowing automated use of the database for various purposes) with support of cyber security indicators along fraud indicators as in the financial sector.
- Export: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools.
- import: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.
- Free text import tool to ease the integration of unstructured reports into MISP.
- A system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
- Data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP.
- Feed import: flexible tool to import and integrate MISP feed and any threatintel or OSINT feed from third parties. Many default feeds are included in standard MISP installation.
- Delegation of sharing: allows a pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.
- An API to integrate MISP with one's solutions. MISP is bundled with PyMISP which is a Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.
- Adjustable taxonomy to classify and tag events following classification schemes or existing taxonomies. The taxonomy can be local to MISP but also shareable among MISP instances. MISP comes with a default set of well-known taxonomies and classification schemes to support standard classification as used by ENISA, Europol, DHS, CSIRTs or many other organisations.
- Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events in MISP.
- Expansion modules in Python to expand MISP with services or activate already available misp-modules.
- Sighting support to get observations from organizations concerning shared indicators and attributes. Sighting can be contributed via MISP user-interface, API as MISP document or STIX sighting documents. Starting with MISP 2.4.66, Sighting has been extended to support false-negative sighting or expiration sighting.
- STIX support: export data in the STIX format (XML and JSON) including export/import in STIX 2.0 format.
- Integrated encryption and signing of the notifications via PGP and/or S/MIME depending of the user preferences.
- Real-time publish-subscribe channel within MISP to automatically get all changes (e.g. new events, indicators, sightings or tagging) in ZMQ (e.g. misp-dashboard) or Kafka.
Sharing with humans
Data stored is immediately available to colleagues and partners. The user can store the event id in a ticketing system or be informed by the signed and encrypted email notifications.
Sharing with machines
By generating Snort/Suricata/Bro/Zeek IDS rules, STIX, OpenIOC, text or csv exports MISP allows the user to automatically import data in detection systems, driving better and faster detection of intrusions. Importing data can also be done in various ways: free-text import, OpenIOC, batch import, sandbox result import or using the preconfigured or custom templates. If MISP is run internally, data can also be uploaded and downloaded automagically from and to externally hosted MISP instances. With this automation and the effort of others, the user gains possession of indicators of compromise with no additional work.
Collaborative sharing of analysis and correlation
When new data is added MISP will show relations with other observables and indicators. This results in more efficient analysis, but also allows the user to have a better picture of the TTPs, related campaigns and attribution. The discussion feature will also enable conversations between multiple analysts resulting in win-win for everyone.
MISP Threat Sharing Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
