Thiago Teixeira
EN | PT

MISP

MISP Project

Open-source threat intelligence platform for sharing IOCs and analysis.

Threat Intelligence Free & Open Source Platform / Suite Learning Linux
Homepage Docs

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain
1 Reconnaissance
2 Weaponization
3 Delivery
4 Exploitation
5 Installation
6 Command & Control
7 Actions on Objectives
Defender — IR Lifecycle
8 Detection / Monitoring
9 Containment & Eradication
10 Post-incident Forensics

Description

MISP (Malware Information Sharing Platform) is the leading open-source threat intelligence platform. Originally developed by CIRCL (Luxembourg CERT), it is now the backbone of many ISAC and national CSIRT sharing communities.

Core concepts to know:

  • Events containing Attributes (IP, hash, URL, file, etc.).
  • Galaxies and Clusters mapping IOCs to MITRE ATT&CK, threat actor groups, malware families.
  • Sharing groups with fine-grained distribution rules.
  • Sightings to record that an IOC was seen in your environment.
  • MISP feeds and the TAXII server module for automated distribution.

Use cases

  • Centralised IOC management for a SOC
  • Sharing intel with sector ISACs and partners
  • Feeding SIEM/EDR with curated indicators via API