MISP is an open-source platform for collecting, storing, distributing, and sharing cybersecurity indicators and threat information. MISP is a comprehensive threat intelligence platform used by CERTs, CSIRTs, ISACs, SOCs, and private organizations worldwide.
Automation at the core
MISP allows you to store IOCs in a structured manner and benefit from automated correlation, automated exports for IDS or SIEM systems and synchronization across MISP instances.
Sharing as a principle
Sharing is key to fast and effective detection of attacks. Similar organizations are often targeted by the same threat actor, in the same or different campaigns. MISP makes it easier to share with and receive from trusted partners and trust-groups. Collaborative analysis prevents duplication of work—you avoid doing what someone else has already done.
Beyond indicators of compromise
MISP provides metadata tagging, taxonomies, and galaxies (including MITRE ATT&CK) to classify and contextualize threat information. Feed integration is straightforward, supporting various formats with minimal configuration. Visualization options help analysts transform raw data into actionable intelligence and identify patterns across incidents.
Open and free
MISP is released under an open-source license. There are no licensing costs. Data formats and APIs are completely open standards. Organizations can deploy their own instance on-premise or in the cloud without vendor lock-in.
Training and services
Cubessa is an official MISP service provider. We offer training across three levels—novice, intermediate, and expert—covering platform deployment, daily operations, advanced features, and integration with existing security infrastructure.
cubessa.io 