MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS but also log analysis tools, SIEMs.
MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:
- An efficient IOC and indicators database
- A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
- Built-in sharing functionality to ease data sharing using different model of distributions
- An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators.
- storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
- Export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
- Flexible free text import tool to ease the integration of unstructured reports into MISP.
- many more
Download here: https://github.com/MISP/MISP
Disclaimer: This project was created for educational purposes and should not be used in environments without legal authorization.