Open source threat intelligence sharing platform for collecting, correlating, and exchanging cyber threat data
- Stars6.4k
- Forks1.6k
- Open Issues2.8k
AGPL-3.0
- PHP
- JavaScript
- Python
About MISP
MISP is a threat intelligence platform for collecting, storing, distributing, and sharing cyber security indicators and threats. It serves incident analysts, security and ICT professionals, and malware reversers who need to exchange structured findings from incident and malware analysis.
Atomic data points are organized into rich objects with automatic correlation that surfaces links between events. It supports structured reporting, warning lists, sightings, and an OpenAPI-described REST API, and imports or exports MISP JSON, STIX 1 and 2, CSV, OpenIOC, and IDS rules for Suricata, Snort, and Zeek.
Instances can synchronize with one another to build trusted sharing communities, and GnuPG and S/MIME secure notification encryption and signing. It is self-hosted, whether on premise or on infrastructure you run in the cloud.
Key features
- Automatic correlation across attributes and indicators
- Structured reporting with objects, attributes, and references
- Import and export MISP JSON, STIX 1 and 2, CSV, and IDS formats
- Synchronize events and attributes between MISP instances
- GnuPG and S/MIME notification encryption and signing
Details
- First released
- 2013
- Platforms
- Web
- Deployment
- self-hostable · cloud
- API
- ReST API with OpenAPI
- Encryption
- GnuPG · S/MIME
- Storage
- Structured threat intelligence data