A platform for sharing, storing and correlating Indicators of Compromises of targeted attacks.
Discover how MISP is used today in multiple organisations. Not only to store, share, collaborate on malware, but also to use the IOCs to detect and prevent attacks.
The MISP project launched a questionnaire to get a better view on the user base and on possible support MISP could benefit to coordinate efforts and guarantee MISP governance on long term.
Data you store is immediately available to your colleagues and partners. Store the event id in your ticketing system or be informed by the signed and encrypted email notifications.
By generating Snort/Suricata IDS rules, STIX, OpenIOC, text or csv exports MISP allows you to automatically import data in your detection systems resulting in better and faster detection of intrusions.
Importing data can also be done in various ways: free-text import, OpenIOC, batch import, sandbox result import (Joe Sandbox and GFI SandBox) or using the preconfigured or custom templates.
If you run MISP internally, data can also be uploaded and downloaded automagically from and to externally hosted MISP instances. Thanks to this automation and the effort of others you are now in possession of valuable indicators of compromise with no additional work.
How often has your team analyzed to realise at the end that a colleague had already worked on another, similar, sample? Or that an external report has already been made?
When new data is added MISP will immediately show relations with other observables and indicators. This results in more efficient analysis, but also allows you to have a better picture of the TTPs, related campaigns and attribution.
The discussion feature will also enable conversations between multiple analysts resulting in win-win for everyone.
The roadmap of the MISP software project was created in a collaborative effort using the feedback from various users and communities using MISP. It is possible to accelerate the development of new features by supporting the MISP project. However it is not possible to force new features unilaterally. Things that only benefit your own organisation are free to be developed independently of the official MISP Project.
Full detailed changelog available at http://www.misp-project.org/Changelog.txt
Version 2.3 brings important improvements in features, performance and usability:
The following companies do not have a specific affiliation with the MISP Project except the fact that they are providing commercial services around MISP. This can be integration services, software development, support,...
Contact us if you would like to get your company added.