MISPbot
MISPbot What is MISPbot? The MISPbot is a simple tool to allow users to interact with MISP via Mastodon or Twitter.
Current state of the MISP playbooks
Current state of the MISP playbooks The MISP playbooks at https://github.com/MISP/misp-playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse intelligence received by MISP.
MISP to Microsoft Sentinel integration with Upload Indicators API
MISP to Microsoft Sentinel integration Introduction The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.
MISP to Azure Sentinel integration
MISP to Azure Sentinel integration Introduction The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.
Curate events with an organisation confidence level
Quality of threat intelligence When you receive threat intelligence from different sources you quickly realise there is a big difference in the quality of the received information.
MISP web scraper
MISP web scraper There are a lot of websites that regularly publish reports on new threats, campaigns or actors with useful indicators, references and context information.
Creating a MISP Object, 101
MISP Objects MISP objects are containers around contextually linked attributes. They support analysts in grouping related attributes and describing the relations that exist between the data points in a threat event.
MISP service monitoring with Cacti
MISP service monitoring with Cacti Introduction A previous post covered how to do MISP service monitoring with OpenNSM. Because having different options is good, this post covers how to achieve similar results with Cacti.
Creating a MISP Galaxy, 101
MISP Galaxies MISP Galaxies and Clusters are an easy way to add context to data. Compared to the relatively simple concept of tags and taxonomies, they allow you to add more complex data structures.