Skip to content

dtan9/MISP

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,144 Commits

INSTALL

INSTALL

 
 

PyMISP @ 3a2414b

PyMISP @ 3a2414b

 
 

app

app

 
 

build

build

 
 

format

format

 
 

plugins

plugins

 
 

tools

tools

 
 

travis

travis

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

.pydevproject

.pydevproject

 
 

.travis.yml

.travis.yml

 
 

AUTHORS

AUTHORS

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

VERSION.json

VERSION.json

 
 

Repository files navigation

Build Status

MISP - Malware Information Sharing Platform

logo

MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Detection Intrusion System (NIDS), LIDS but also log analysis tools, SIEMs.

MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:

  • An efficient IOC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
  • Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
  • Built-in sharing functionality to ease data sharing using different model of distributions. MISP can synchronize automatically events and attributes among different MISP. Advanced filtering functionalities can be used to meet each organization sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms.
  • An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate seamlessly between events and their correlations.
  • storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
  • export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
  • import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV.
  • Flexible free text import tool to ease the integration of unstructured reports into MISP.
  • A gentle system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
  • data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP.
  • Flexible API to integrate MISP with your own solutions. MISP is bundled with PyMISP which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.
  • Adjustable taxonomy to classify and tag events following your own classification schemes or existing classification. The taxonomy can be local to your MISP but also shareable among MISP instances.
  • STIX support: export data in the STIX format (XML and JSON).

Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that others team or organizations who already analyzed a specific malware.

MISP 2.4 overview

A sample event encoded in MISP:

red october

red october

Website / Support

Checkout the website for more information about MISP like features, roadmap, (commercial) support, ... : http://misp-project.org

Documentation

MISP user-guide is available online or as PDF or as EPUB or as MOBI/Kindle.

Contributing

Feel free to fork the code, play with it, make some patches and send us the pull requests via the issues.

Feel free to contact us, create issues, if you have questions, remarks or bug reports.

There are 2 branches:

  • develop: (very active development) new features and improvements.
  • 2.4 (current stable version): what we consider as stable with frequent updates as hot-fixes.

License

This software is licensed under GNU Affero General Public License version 3

  • Copyright (C) 2012 Christophe Vandeplas
  • Copyright (C) 2012 Belgian Defence
  • Copyright (C) 2012 NATO / NCIRC
  • Copyright (C) 2013-2015 Andras Iklody
  • Copyright (C) 2015 CIRCL - Computer Incident Response Center Luxembourg

For more information, the list of authors and contributors is available.

About

MISP - Malware Information Sharing Platform & Threat Sharing

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

178 tags

Packages

No packages published

Languages

  • PHP 92.4%
  • JavaScript 3.0%
  • CSS 2.7%
  • Python 1.6%
  • Shell 0.3%
  • Batchfile 0.0%