MISP, Malware Information Sharing Platform and Threat Sharing, is free and open source software to aid in sharing of threat and cyber security indicators.
An overview of MISP as derived from the project home page:
- Automation: Store IOCs in a structured manner, and benefit from correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and even to other MISPs.
- Simplicity: the driving force behind the project. Storing and using information about threats and malware should not be difficult. MISP allows getting the maximum out of your data without unmanageable complexity.
- Sharing: the key to fast and effective detection of attacks. Often organizations are targeted by the same Threat Actor, in the same or different Campaign. MISP makes it easier to share with and receive from trusted partners and trust-groups. Sharing also enables collaborative analysis, preventing redundant work.
- Freetext feed import: a flexible scheme to import any feed available on Internet and incorporate them automatically in MISP. The feed imported can create new event or update an existing event. The freetext feed feature permits to preview the import and quickly integrates external sources.
- Bro NIDS export added in MISP in addition to Snort and Suricata.
- A default role can be set allowing flexible role policy.
- Functionality to allow merging of attributes from a different event.
- Many updates and improvement in the MISP user-interface including filtering of proposals at index level.
- XML STIX export has been significantly improved to ensure enhanced compatibility with other platforms.
- Bruteforce protection has been fixed.
- OpenIOC export via the API is now possible.
- Various bugs at the API level were fixed.
Cheers...until next time.