IntelMQ vs MISP
GitHub Stats
About IntelMQ
IntelMQ is a solution for IT security teams (CERTs, CSIRTs, abuse departments) to collect and process security feeds, pastebins, and tweets using a message queue protocol. It provides a modular bot framework where collector bots fetch data from sources, parser bots normalize it into a standard format (IDEA), expert bots enrich and filter, and output bots distribute to databases, ticketing systems, or downstream tools. IntelMQ handles hundreds of feed formats (abuse.ch, Shadowserver, MISP, PhishTank, etc.) and deduplicates across sources. The web management interface (IntelMQ Manager) allows visual pipeline configuration and monitoring.
About MISP
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, and counter-terrorism data. It provides a robust data model for structuring threat data, automatic correlation of attributes and indicators, flexible sharing groups for controlled distribution, and import/export in STIX, OpenIOC, and many other formats. MISP includes a built-in feed system for consuming external threat intelligence, a REST API for automation, and taxonomies and galaxies for consistent classification. It's used by CERTs, SOCs, threat intelligence teams, and law enforcement worldwide as their primary threat intelligence management platform.
Platform Support
Tags
IntelMQ only
MISP only