Specifications used in the MISP project including MISP core format

misp misp-format misp-taxonomy protocol standard

Go to file

Alexandre Dulaunoy cfa09fe7f0 chg: [misp-galaxy] removed unused derivated_from field from MISP galaxy schema This has been validated by @Delta-Sierra and schema got updated. @adulau updated the Internet-Draft following the approval of the TC at unanimity following a debate of 7 seconds which concluded in the approval of the removal of the field. The user-groups relying on the galaxy schema approved that the field was not used and was superseded by the 'related' field which is more convenient and already implemented by @cvandeplas (ref: https://github.com/MISP/misp-galaxy/blob/master/tools/gen_mapping.py) As the TC strictly follows the PMF methodology, the commit was signed off by the quorum required to validate a TC decision. Ref: https://twitter.com/Iglocska/status/1039214679267201026 (TC approval)		2018-09-10 20:11:16 +02:00
misp-core-format	chg: [core-format] bro attribute type added	2018-08-28 21:11:28 +02:00
misp-galaxy-format	chg: [misp-galaxy] removed unused derivated_from field from MISP galaxy	2018-09-10 20:11:16 +02:00
misp-noticelist-format	chg: [misp-notice] some updates and improvement in the notice Internet-Draft	2018-06-08 06:32:17 +02:00
misp-object-template-format	chg: small typo fixed	2018-07-10 07:48:11 +02:00
misp-taxonomy-format	Clarification of the numerical range	2017-11-30 15:37:20 +01:00
misp-warninglist-format	fix title of I-D for misp warning lists	2018-08-03 13:23:47 +02:00
README.md	fix: [misp-galaxy] https://www.ietf.org/id/draft-dulaunoy-misp-galaxy-format-04.txt published	2018-08-23 09:43:36 +02:00

README.md

MISP standards

This repository is the official source of the specification and formats used in the MISP project.

The formats are described to support other implementations which reuse the format and ensuring an interoperability with existing MISP software and other Threat Intelligence Platforms.

All the formats can be freely reused by everyone.

MISP Formats in use and implemented in multiple software

misp-core-format (markdown source) which describes the core JSON format of MISP. Current Internet-Draft: 04
misp-taxonomy-format (markdown source) which describes the taxonomy JSON format of MISP. Current Internet-Draft: 05
misp-galaxy-format which describes the galaxy template format used to expand the threat actor modelling of MISP. Current Internet-Draft: 04
misp-object-template-format which describes the object template format to add combinedand composite object to the MISP core format. Current Internet-Draft: 01

MISP Format in design phase and implemented in at least one software prototype

misp-modules-protocol which describes the misp-modules protocol used between MISP and misp-modules.

MISP Format in design phase

misp-collaborative-voting-format which describes the collaborative voting and scoring format for the feeds providers.

Sample files

If you want to see how a threat intelligence can be easily expressed in MISP standard, the following resources might give you some ideas:

CIRCL OSINT MISP Feed

Installing MISP is also another option to see the MISP standards in action. The MISP standards are actively used in the MISP threat intelligence platform to support the complete chain from intelligence creation, sharing, distribution and synchronisation.

Contribution

If you want to contribute to the MISP specifications, feel free to open an issue.