Displaying 1 to 13 from 13 results

MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

volatility-misp - Volatility plugin to interface with MISP

  •    Python

volatility-misp is a volatility plugin that allows to pull yara rules from a MISP instance's yara attributes and use them in yarascan.

mail_to_misp - Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails

  •    Python

Connect your mail infrastructure to MISP in order to create events based on the information contained within mails. You should now be able to send your IoC-containing mails to misp_handler@YOURDOMAIN.

misp-dashboard - A dashboard for a real-time overview of threat intelligence from MISP instances

  •    Python

A dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show the contributions of each organisations and how they are ranked over time. The dashboard can be used for SOC (Security Operation Center), security team or during cyber exercise to keep track of what's going on your various MISP instances. ⚠️ Make sure no zmq python3 scripts are running. They block the update.

misp-galaxy - Clusters and elements to attach to MISP events or attributes (like threat actors)

  •    Python

MISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.

misp-modules - Modules for expansion services, import and export in MISP

  •    Python

MISP modules are autonomous modules that can be used for expansion and other services in MISP. The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.

misp-objects - Definition, description and relationship types of MISP objects

  •    Python

MISP objects used in MISP (starting from 2.4.80) system and can be used by other information sharing tool. MISP objects are in addition to MISP attributes to allow advanced combinations of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing. Feel free to propose your own MISP objects to be included in MISP. The system is similar to the misp-taxonomies where anyone can contribute their own objects to be included in MISP without modifying software.

MISP-STIX-Converter - A utility repo to assist with converting between MISP and STIX formats

  •    Python

This is the open-sourced version of BAE Systems' internal sync script. It's a bit limited, and it isn't perfect, nor is it bug-free. should have you covered. This relies on me actually updating PyPI every time I update the project, so I'd use the git repo wherever possible.

misp-takedown - A curses-style interface for automatic takedown notification based on MISP events.

  •    Python

A curses-style interface for generating automatic takedown notifications through RT/RTIR using MISP events as input. This code is a surprisingly well working result of an experiment. However, the code needs improvements here and there. Also, the installation process regarding urlabuse, uwhoisd, MISP and RT/RTIR is not the most straight forward. We'd be happy to find contributors for code improvements and installation documentation. Both could be part of an internship at CIRCL. Reach out if you are interested.

MISP-Taxii-Server - An OpenTAXII Configuration for MISP

  •    Python

A set of configuration files to use with EclecticIQ's OpenTAXII implementation, along with a callback for when data is sent to the TAXII Server's inbox. You'll then need to set up your TAXII database. As you're using MISP, you'll likely already have a MySQL environment running.

misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators

  •    Python

misp-warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. The warning lists are integrated in MISP to display an info/warning box at the event and attribute level if such indicators are available in one of the list. The list can be globally enabled or disabled in MISP following the practices of the organization.