MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS but also log analysis tools, SIEMs.
MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:
Exchanging info results in faster detection of targeted attacks and improves the detection ratio while reducing the false positives. We also avoid reversing similar malware as we know very fast that other teams or organizations have already analyzed a specific malware.
A sample event encoded in MISP:
Checkout the website for more information about MISP software, standards, tools and communities.
If you are interested to contribute to the MISP project, review our contributing page. There are many ways to contribute and participate to the project.
Please see our Code of conduct.
Feel free to fork the code, play with it, make some patches and send us the pull requests via the issues.
Feel free to contact us, create issues, if you have questions, remarks or bug reports.
There is one main branch:
and features are developed in separated branches and then regularly merged into the 2.4 stable branch.
This software is licensed under GNU Affero General Public License version 3
For more information, the list of authors and contributors is available.