MISP
AGPL-3.0🧠 Threat Intelligence · PHP/Python
MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, and counter-terrorism data. It provides a robust data model for structuring threat data, automatic correlation of attributes and indicators, flexible sharing groups for controlled distribution, and import/export in STIX, OpenIOC, and many other formats. MISP includes a built-in feed system for consuming external threat intelligence, a REST API for automation, and taxonomies and galaxies for consistent classification. It's used by CERTs, SOCs, threat intelligence teams, and law enforcement worldwide as their primary threat intelligence management platform.
Installation
Install script (Ubuntu)
$ curl -o /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh && bash /tmp/INSTALL.shDocker
$ git clone https://github.com/MISP/misp-docker.git && cd misp-docker && docker compose up -dUse Cases
- Collecting and correlating IOCs from multiple sources into a structured database
- Sharing threat intelligence with trusted partners through sharing groups
- Automating threat feed ingestion and IOC enrichment via REST API
- Exporting structured threat data in STIX/TAXII format for SIEM integration
- Tracking threat actor campaigns and malware families across incidents
Tags
Details
- Category
- 🧠 Threat Intelligence
- Language
- PHP/Python
- Repository
- MISP/MISP
- License
- AGPL-3.0
- Platforms
- 🐧linux
Links
Alternatives & Comparisons
OpenCTI
TypeScript/PythonCyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.
Compare MISP vs OpenCTITheHive
Scala/JavaScriptIncident response case management platform. Collaborative investigation with observable analysis, playbooks, and MISP integration.
Compare MISP vs TheHiveGRR Rapid Response
PythonRemote live forensics framework by Google. Deploy agents across thousands of endpoints for artifact collection and analysis.
Compare MISP vs GRR Rapid ResponseKAPE
C#Kroll Artifact Parser and Extractor. Fast triage collection and parsing of forensic artifacts from Windows, macOS, and Linux.
Compare MISP vs KAPECortex
Scala/PythonObservable analysis and active response engine. Analyze IOCs at scale with 100+ analyzers for IPs, hashes, URLs, and domains.
Compare MISP vs Cortexosquery
C++SQL-powered endpoint visibility. Query operating system state as a relational database for security monitoring and compliance.
Compare MISP vs osqueryMore in Threat Intelligence
OpenCTI
TypeScript/PythonCyber threat intelligence platform. Knowledge management for threat data with STIX2 native storage and graph visualization.
TheHive
Scala/JavaScriptIncident response case management platform. Collaborative investigation with observable analysis, playbooks, and MISP integration.
GRR Rapid Response
PythonRemote live forensics framework by Google. Deploy agents across thousands of endpoints for artifact collection and analysis.
KAPE
C#Kroll Artifact Parser and Extractor. Fast triage collection and parsing of forensic artifacts from Windows, macOS, and Linux.
Cortex
Scala/PythonObservable analysis and active response engine. Analyze IOCs at scale with 100+ analyzers for IPs, hashes, URLs, and domains.
osquery
C++SQL-powered endpoint visibility. Query operating system state as a relational database for security monitoring and compliance.