Specifications used in the MISP project including MISP core format
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Alexandre Dulaunoy 5fe6d9c4ce
chg: [format] updated to match mmark updates
2 years ago
misp-core-format chg: [core] updated attributes type 2 years ago
misp-galaxy-format chg: [galaxy-format] fixed I-D format for mmark 2 years ago
misp-noticelist-format chg: [misp-notice] some updates and improvement in the notice Internet-Draft 5 years ago
misp-object-template-format chg: [format] updated to match mmark updates 2 years ago
misp-query-format chg: [misp-query-format] JSON reference is now RFC 8259 - Comment from Carsten Bormann 4 years ago
misp-taxonomy-format chg: [taxonomy-format] updated to the latest version of mmark2 4 years ago
misp-warninglist-format chg: [misp-warninglist] JSON reference is now RFC 8259 - Comment from Carsten Bormann 4 years ago
sightingdb-format Generate the new txt file 3 years ago
threat-actor-naming chg: [threat-actor-naming] feedback merged + need to add reference to MISP galaxy format 3 years ago
README.md chg: [doc] latest version of the object released 4 years ago


MISP standards and RFCs

This repository is the official source of the specification and formats used in the MISP project.

The formats are described to support other implementations which reuse the format and ensuring an interoperability with existing MISP software, other Threat Intelligence Platforms and security tools at large.

All the formats can be freely reused by everyone.

MISP Formats in use and implemented in multiple software

MISP Format in design phase and implemented in at least one software prototype

  • misp-modules-protocol which describes the misp-modules protocol used between MISP and misp-modules.

MISP Format in design phase

  • misp-collaborative-voting-format which describes the collaborative voting and scoring format for the feeds providers.

Sample files

If you want to see how a threat intelligence can be easily expressed in MISP standard, the following resources might give you some ideas:

Installing MISP is also another option to see the MISP standards in action. The MISP standards are actively used in the MISP threat intelligence platform to support the complete chain from intelligence creation, sharing, distribution and synchronisation.

Building the RFCs

These RFCs use mmark to generate - get a release from the Github Repo and make sure it's in your PATH.

You'll also need xml2rfc - install using sudo pip3 isntall xml2rfc

for directory in $(find . -type d -iname "misp*"); do;
    echo "Building $directory...";
    cd $directory;
    cd ..;


If you want to contribute to the MISP specifications, feel free to open an issue.