misp-website/_pages/communities.md

47 lines
3.3 KiB
Markdown
Raw Normal View History

---
layout: page
2016-08-02 07:42:06 +02:00
title: MISP Communities and MISP Feeds
2016-08-01 07:54:59 +02:00
permalink: /communities/
2016-08-02 15:08:10 +02:00
toc: true
---
2016-08-02 07:42:06 +02:00
## MISP Communities
MISP is an open source software and it's also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide. The MISP project doesn't maintain an exhaustive list of all communities relying on MISP especially that some communities use MISP internally or privately.
2016-08-02 07:42:06 +02:00
# Existing communities
Each communities might have specific rules to join them. Take a look and feel free to contact the respective communities that fit your organization. Some of existing public communities might be interconnected and some might be in an island mode. By running MISP, these communities usually allow their members to connect using the MISP API, MISP user-interface or even to synchronize your MISP instance with their communities.
### CIRCL MISP community
[CIRCL](https://www.circl.lu) operates a fairly large MISP community (more than 500 organizations are members) mainly targeting private organizations, companies, financial organizations or IT security companies. [For more information](https://www.circl.lu/services/misp-malware-information-sharing-platform) and how to join this community.
### CiviCERT MISP community
2016-08-02 14:08:19 +02:00
[CiviCERT](https://civicert.org/) is an umbrella organizations formed by the partnership between Internet Content and Service Providers, Non Governmental Organizations and individuals that contribute some of their time and resources to the community in order to globally improve the security awareness of civil society. The community is fairly new but uses MISP into inform its constituents of malicious activities in their infrastructure.
### Fidelis malware/RAT community
2016-08-02 15:08:10 +02:00
[Fidelis Barncat™ Intelligence Database ](https://www.fidelissecurity.com/resources/fidelis-barncat) includes more than 100,000 records with remote access tool (RAT) configuration settings. You can [apply for access](https://www.fidelissecurity.com/resources/fidelis-barncat) at the following location.
### NATO MISP community
2016-08-07 05:34:42 +02:00
The NATO Communications and Information (NCI) Agency provides operates MISP community, [for more information](https://www.ncia.nato.int/Documents/Agency%20publications/Malware%20Information%20Sharing%20Platform%20(MISP).pdf).
2016-08-02 07:42:06 +02:00
## MISP Feed Communities
2016-08-02 15:31:29 +02:00
MISP integrates a functionality called feed that allows to fetch directly MISP events from a server without prior agreement. Two OSINT feeds are included by default in MISP and can be enabled in any new installation. Providers and partners can provide easily their feeds by using the simple [PyMISP feed-generator](https://github.com/CIRCL/PyMISP/tree/master/examples/feed-generator). For more information, an article about "[Using open source intelligence feeds, OSINT, with MISP](https://www.vanimpe.eu/2016/03/23/using-open-source-intelligence-osint-with-misp/)".
2016-08-02 07:42:06 +02:00
### CIRCL OSINT Feed
2016-08-02 15:16:06 +02:00
[CIRCL](https://www.circl.lu/) provides a MISP OSINT feed from various sources including their own analysis.
2016-08-02 07:42:06 +02:00
2016-08-02 15:16:06 +02:00
MISP URL location is [https://www.circl.lu/doc/misp/feed-osint](https://www.circl.lu/doc/misp/feed-osint).
### Botvrij.eu OSINT feed
[Botvrij.eu](http://www.botvrij.eu/) provides a MISP OSINT feed out of public report.
MISP URL location is [http://www.botvrij.eu/data/feed-osint](http://www.botvrij.eu/data/feed-osint).