Skip to main content
Skip table of contents

Threat Intelligence

This page and it’s child pages covers all aspects of the Threat Intelligence module.

Malware Information Sharing Platform (MISP) is an open-source software solution use to collect, store, distribute, and share cyber security indicators and threats about cyber security incidents analysis and malware analysis.

The objective of MISP is to promote the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS) and log analysis tools like Security Information and Event Management (SIEM).

MISP is accessible from different interfaces like a web interface (for analysts or incident handlers) or via a REST API (for systems pushing and pulling IOCs). The inherent goal of MISP is to be a robust platform that ensures a smooth operation from revealing, maturing, and exploiting threat information.

There are many different types of users of an information sharing platform like MISP:

  • Malware reversers willing to share indicators of analysis with respective colleagues

  • Security analysts searching, validating, and using indicators in operational security

  • Intelligence analysts gathering information about specific adversary groups

  • Law-enforcement relying on indicators to support or bootstrap their DFIR cases

  • Risk analysis teams willing to know about the new threats, likelihood, and occurrences

  • Fraud analysts willing to share financial indicators to detect financial frauds

The objective of the MISP, open-source threat intelligence and sharing platform is to:

  • Facilitate the storage of technical and non-technical information about seen malware and attacks

  • Create automatic relations between malware and their attributes

  • Store data in a structured format (allowing automated use of the database to feed detection systems or forensic tools)

  • Generate rules for Network Intrusion Detection System (NIDS) that can be imported on IDS systems (e.g. IP addresses, domain names, hashes of malicious files, pattern in memory)

  • Share malware and threat attributes with other parties and trust-groups

  • Improve malware detection and reversing to promote information exchange among organizations (e.g. avoiding duplicate works)

  • Create a platform of trust - trusted information from trusted partners

  • Store locally all information from other instances (ensuring confidentiality on queries)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.