MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform) https://www.misp-project.org/
 
 
 
 
 
 
Go to file
Steve Clement 17a351a197 - Updated FreeBSD install to:
-- Do the entire install with binaries (no /usr/ports required)
-- Fixed some Ubuntu remenants
-- Fixed config typos
-- Added all missing dependencies

Status: Works for me (I did have 1 template issue, but that will be fixed soon)
2017-12-30 23:29:54 +01:00
.github Update PULL_REQUEST_TEMPLATE.md 2016-06-03 16:04:04 +02:00
INSTALL - Updated FreeBSD install to: 2017-12-30 23:29:54 +01:00
PyMISP@f447f55268 chg: PyMISP bump 2017-12-22 17:51:53 +01:00
app fix: Naive fix for an issue with tab separated feeds being broken by the switch to str_getcsv 2017-12-29 10:40:03 +01:00
build
cti-python-stix2@ef6dade6f6 add cti-python-stix2 2017-11-10 13:39:28 +00:00
format Add blob in the url 2017-04-07 22:53:53 +02:00
misp-vagrant@8622be9f30 added misp-vagrant module 2017-08-30 09:17:19 +02:00
tests up: test file 2017-09-20 15:57:48 +01:00
tools fix: match the rate of the pulisher in the subscriber as default 2017-12-20 08:05:54 +01:00
travis Cosmetic changes 2017-05-08 00:45:57 +02:00
.coveragerc
.gitchangelog.rc
.gitignore Merge branch '2.4' into objects_wip 2017-09-04 17:38:06 +02:00
.gitmodules add cti-python-stix2 2017-11-10 13:39:28 +00:00
.travis.yml Update travis file, use composer for all PHP deps. 2017-07-17 12:30:23 +02:00
AUTHORS 2017 even if it's not 2049 ;-) 2017-11-10 07:17:52 +01:00
CONTRIBUTING.md Security vulnerability reporting about "high number of published CVEs vs a few swept under the rug" 2017-09-11 11:51:37 +02:00
LICENSE
README.md Merge branch '2.4' of github.com:MISP/MISP into 2.4 2017-09-26 08:52:51 +02:00
VERSION.json chg: Version bumps for everyone! 2017-12-22 17:46:07 +01:00
code_of_conduct.md add: Code of conduct added to the MISP Project - fix #1858 2017-01-25 20:29:34 +01:00

README.md

MISP - Malware Information Sharing Platform and Threat Sharing

logo

Latest Release GitHub version
Travis
Gitter
Twitter
Contributors
License

MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:

  • An efficient IOC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
  • Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
  • A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
  • Built-in sharing functionality to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms.
  • An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate seamlessly between events and their correlations. Advanced filtering functionalities and warning list to help the analysts to contribute events and attributes.
  • storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
  • export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), STIX (XML and JSON), NIDS export (Suricata, Snort and Bro) or RPZ zone. Many other formats easily added via the misp-modules.
  • import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV. Many other formats easily added via the misp-modules.
  • Flexible free text import tool to ease the integration of unstructured reports into MISP.
  • A gentle system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
  • data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP.
  • delegating of sharing: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.
  • Flexible API to integrate MISP with your own solutions. MISP is bundled with PyMISP which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.
  • Adjustable taxonomy to classify and tag events following your own classification schemes or existing classification. The taxonomy can be local to your MISP but also shareable among MISP instances.
  • Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events in MISP.
  • Expansion modules in Python to expand MISP with your own services or activate already available misp-modules.
  • Sighting support to get observations from organizations concerning shared indicators and attributes. Sighting can be contributed via MISP user-interface, API as MISP document or STIX sighting documents.
  • STIX support: export data in the STIX format (XML and JSON). Additional STIX import and export is supported by MISP-STIX-Converter or MISP-Taxii-Server.
  • Integrated encryption and signing of the notifications via PGP and/or S/MIME depending of the user preferences.

Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others team or organizations who already analyzed a specific malware.

MISP 2.4 overview

A sample event encoded in MISP:

MISP event view

Website / Support

Checkout the website for more information about MISP software, standards, tools and communities.

Information, news and updates are also regularly posted on the MISP project twitter account or the news page.

Documentation

MISP user-guide is available online or as PDF or as EPUB or as MOBI/Kindle.

For installation guide see INSTALL or the download section.

Contributing

If you are interested to contribute to the MISP project, review our contributing page. There are many ways to contribute and participate to the project.

Please see our Code of conduct.

Feel free to fork the code, play with it, make some patches and send us the pull requests via the issues.

Feel free to contact us, create issues, if you have questions, remarks or bug reports.

There is one main branch:

  • 2.4 (current stable version): what we consider as stable with frequent updates as hot-fixes.

and features are developed in separated branches and then regularly merged into the 2.4 stable branch.

License

This software is licensed under GNU Affero General Public License version 3

  • Copyright (C) 2012 Christophe Vandeplas
  • Copyright (C) 2012 Belgian Defence
  • Copyright (C) 2012 NATO / NCIRC
  • Copyright (C) 2013-2017 Andras Iklody
  • Copyright (C) 2015-2017 CIRCL - Computer Incident Response Center Luxembourg
  • Copyright (C) 2016 Andreas Ziegler

For more information, the list of authors and contributors is available.