Integration capability with MISP Open Source Threat Intelligence platform

Integration capability with MISP Open Source Threat Intelligence platform

May 29, 2020
Profile Icon

Jason Franscisco

Loginsoft, a leading cyber engineering services company has integrated its partner’s feed with MISP Open Source software for Threat Information sharing.

The Malware Information Sharing Platform (MISP) is an open source repository for sharing, storing and correlating Indicators of Compromises of targeted attacks. This integration allows organization’s security analysts to search for event attributes (files, IPs, hash, malware, URLs, etc.) in MISP from Threat Intelligence sources.

MISP users benefit from the collaborative knowledge about existing malware or threats. The aim of this trusted platform is to help improving the counter-measures used against targeted attacks and set-up preventive actions and detection.

MISP Integration includes:

  • Query Cyber Threat Intelligence source using Third Party API
  • Feed response is converted into MISP Events (JSON format files) that are stored either on a Local Web Server or in the Cloud
  • MISP Events can be imported into MISP platform in two ways:
  • Using MISP Instances Synchronization
  • Using Feeds that are configured in the MISP platform
  • Scheduler is used to automate importing of events into MISP platform at a scheduled time

Python v3.8 is used for the integration.

High Level Design for Integration:

MISP Platform - High Level Design for Integration

List of events imported into MISP Platform:

List of events imported into MISP Platform

Sample Event with Attributes:

MISP Platform - Sample Event with Attributes
MISP Platform - Sample Event with Attributes

Explore Cybersecurity Platforms

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros.

Learn more
white arrow pointing top right

About Loginsoft

For over 16 years, leading companies in Telecom, Cybersecurity, Healthcare, Banking, New Media and more have come to rely on Loginsoft as a trusted resource for technology talent. Whether Onsite, Offsite, or Offshore, we deliver.

Loginsoft is a leading Cybersecurity services company providing Security Advisory Research to generate metadata for vulnerabilities in Open source components, Discovering ZeroDay Vulnerabilities, Developing Vulnerability Detection signatures using MITRE OVAL Language.

Expertise in Integrations with Threat Intelligence and Security Products, integrated more than 200+ integrations with leading TIP, SIEM, SOAR and Ticketing Platforms such as Cortex XSOAR, Anomali, ThreatQ, Splunk, IBM QRadar, IBM Resilient, Microsoft Azure Sentinel, ServiceNow, Swimlane, Siemplify, MISP, Maltego, Cryptocurrency APIs with Digital Exchange Platforms, CISCO, Datadog, Symantec, Carbonblack, F5, Fortinet and so on.

Interested to learn more? Let’s start a conversation.

Book a meeting


Latest Articles

Get practical solutions to real-world challenges, straight from experts who conquered them.

View all our articles

Sign up to our Newsletter