MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-website/_pages/tools.md

3.4 KiB
Raw Blame History

layout title permalink toc
page Tools /tools/ true

Software and Tools

Many open source and proprietary tools integrate MISP support (MISP format or API) in order to extend their tools or MISP itself. A series of additional software are supported and handled by the MISP project. The additional software supported by the MISP project allow the community to rely on additional tools to support their day-to-day operations. The objective is also to explore new ideas, concepts or functionality which can be integrated in MISP core software later on.

Software created by the MISP project

  • misp-modules - Modules for expansion services in MISP
    • Passive Total - doc.
    • CIRCL Passive DNS - a hover and expansion module to expand hostname and IP addresses with passive DNS information.
    • CIRCL Passive SSL - a hover and expansion module to expand IP addresses with the X.509 certificate seen.
    • EUPI API Support (Phishing Initiative project).
    • IPASN - a hover and expansion to get the BGP ASN of an IP address.
    • ASN History - a hover and expansion module to expand an AS number with the ASN description and its history.
    • CVE a hover module to give more information about a vulnerability (CVE).
  • misp-workbench - Tools to export data out of the MISP MySQL database and use and abuse them outside of this platform.
  • MISpego - Maltego Transform to put entities into MISP events.
  • MISP-maltego - Set of Maltego transforms to inferface with a MISP instance.

For the additional software created by the MISP project, check our MISP project organization.

Software or Services with MISP support

  • Viper - is a binary management and analysis framework dedicated to malware and exploit researchers including a MISP module.
  • cve-search - a tool to perform local searches for known vulnerabilities include a MISP plug-in.
  • Cuckoo modified - heavily modified version of Cuckoo Sandbox including a MISP reporting module to put the information into a MISP instance.
  • Hybrid analysis exports in MISP format.
  • Joe Sanbox outputs analysis in MISP format.
  • MISP-Extractor extracts information from MISP via the API and automate some tasks.
  • IntelMQ support MISP to retrieve events and update tags.
  • misp-to-autofocus - script for pulling events from a MISP database and converting them to Autofocus queries.
  • otx_misp imports Alienvault OTX pulses to a MISP instance.
  • FireMISP FireEye Alert json files to MISP Malware information sharing platform (Alpha).
  • cti-toolkit CERT Australia Cyber Threat Intelligence (CTI) Toolkit includes a transform to MISP from STIX.