Integration capability with MISP Open Source Threat Intelligence platform

Loginsoft, a leading cyber engineering services company has integrated its partner’s feed with MISP Open Source software for Threat Information sharing.

The Malware Information Sharing Platform (MISP) is an open source repository for sharing, storing and correlating Indicators of Compromises of targeted attacks. This integration allows organization’s security analysts to search for event attributes (files, IPs, hash, malware, URLs, etc.) in MISP from Threat Intelligence sources.

MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and detection.

MISP Integration includes:

• Query Cyber Threat Intelligence source using Third Party API
• Feed response is converted into MISP Events (JSON format files) that are stored either on a Local Web Server or in the Cloud
• MISP Events can be imported into MISP platform in two ways:
• Using MISP Instances Synchronization
• Using Feeds that are configured in the MISP platform
• Scheduler is used to automate importing of events into MISP platform at a scheduled time

Python v3.8 is used for the integration.

High Level Design for Integration:

List of events imported into MISP Platform:

Sample Event with Attributes: