MISP Communities

MISP is an open source software and it’s also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide. The MISP project doesn’t maintain an exhaustive list of all communities relying on MISP especially that some communities use MISP internally or privately.

Known Existing Communities

Each communities might have specific rules to join them. Take a look and feel free to contact the respective communities that fit your organization. Some of existing public communities might be interconnected and some might be in an island mode. By running MISP, these communities usually allow their members to connect using the MISP API, MISP user-interface or even to synchronize your MISP instance with their communities. If you want to add your MISP community in the list,don’t hesitate to contact us.

CIRCL MISP Community

CIRCL operates a fairly large MISP community (more than 500 organizations are members) mainly targeting private organizations, companies, financial organizations or IT security companies. For more information and how to join this community.

CiviCERT MISP Community

CiviCERT is an umbrella organizations formed by the partnership between Internet Content and Service Providers, Non Governmental Organizations and individuals that contribute some of their time and resources to the community in order to globally improve the security awareness of civil society. The community is fairly new but uses MISP into inform its constituents of malicious activities in their infrastructure.

Fidelis malware/RAT Community

Fidelis Barncat™ Intelligence Database includes more than 100,000 records with remote access tool (RAT) configuration settings. You can apply for access at the following location.

FIRST MISP Community

Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever growing Internet. FIRST brings together a wide variety of security and incident response teams including especially product security teams from the government, commercial, and academic sectors.

FIRST MISP instance allows FIRST members to efficiently share and store technical and non-technical information about malware samples, attackers and incidents. It also enables members who have not yet gained experience leveraging threat intelligence to connect with a wider community of organizations that have, increasing their own capabilities.

NATO MISP Community

The NATO Communications and Information (NCI) Agency operates a MISP community, for more information.

MISP Feed Communities

MISP integrates a functionality called feed that allows to fetch directly MISP events from a server without prior agreement. Two OSINT feeds are included by default in MISP and can be enabled in any new installation. Providers and partners can provide easily their feeds by using the simple PyMISP feed-generator. For more information, an article about “Using open source intelligence feeds, OSINT, with MISP”.

CIRCL OSINT Feed

CIRCL provides a MISP OSINT feed from various sources including their own analysis.

MISP URL location is https://www.circl.lu/doc/misp/feed-osint.

Botvrij.eu OSINT feed

Botvrij.eu provides a MISP OSINT feed out of public report.

MISP URL location is http://www.botvrij.eu/data/feed-osint.