MISP is a platform for threat intelligence, not for incident management. Specifically, MISP helps manage Indicators of Compromise (IoCs) in a structured way, and therefore it must be integrated into an existing ecosystem.

Very often, TheHive is used as the incident management platform, but integration requests also commonly involve Splunk , Elastic , Maltego , and detection and prevention systems (antispam, honeypot, firewall, etc.).

A MISP event does not represent a security incident, but rather a threat that is analyzed and evaluated from a threat intelligence perspective. Much of the work (defining IoCs and artifacts) has likely already been carried out on other platforms: we are evaluating the event and its associated IoCs to determine whether they provide added value for us and for the communities we are part of.

Automating MISP Tasks

The following activities can be identified for automation:

Continue reading the post on Patreon .