Open Source Threat Intelligence and Sharing Platform
Share.Store.Correlate.Analyse.
Targeted attacks.Financial Fraud.Counter-terrorism.
Visualization & Dashboards
Seeing helps understanding.
MISP comes with many visualization options helping analysts find the answers they are looking for.
A galaxy of information
MISP is more than Software
It is also a massive collection of open taxonomies that can be used in any software.
AM!TT for disinformation,
ATT&CK for threat actors, TTPs,
Attack4fraud, TLP, GDPR, Veris, admiralty, estimative language, document classification, and much more!
The art of information sharing
is to share more, smarter and faster
with your friends and allies
than your adversaries would like to.
The key is Automation
Isn’t it sad to have a lot of data and not use it because it’s too much work? Thanks to MISP you can store your IOCs in a structured manner, and thus enjoy the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and synchronize to other MISPs. You can now leverage the value of your data without effort and in an automated manner.Check out MISP features.
Simplify Threats
The primary goal of MISP is to be used. This is why simplicity is the driving force behind the project. Storing and especially using information about threats and malware should not be difficult. MISP is there to help youget the maximum out of your data without unmanageable complexity.
By giving you will receive
Sharing is key to fast and effective detection of attacks. Quite often similar organizations are targeted by the same Threat Actor, in the same or different Campaign. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.
Join one of the existing MISP communities.
Threat Intelligence
Threat Intelligence is much more thanIndicators of Compromise. This is why MISP providesmetadata tagging,feeds, visualization and even allows you to integrate with othertools for further analysis thanks to itsopen protocols and data formats.
Visualization
Having access to a large amount of Threat information through MISP Threat Sharing communities gives you outstanding opportunities to aggregate this information and take the process of trying to understand how all this data fits together telling a broader story to the next level. We are transforming technical data or indicators of compromise (IOCs) into cyber threat intelligence. MISP comes with many visualization options helping analysts find the answers they are looking for.
Open & Free
The MISP Threat Sharing ecosystem is all about accessibility and interoperability: Thesoftware isfree to use, data format and API are completelyopen standards and forsupport you can rely oncommunity andprofessional services.
Initiatives
The MISP Threat Sharing project consists of multiple initiatives, from software to facilitate threat analysis and sharing to freely usable structured Cyber Threat Information and Taxonomies.
The MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
MISP Portal
Many MISPgalaxy clusters are already available like MITRE ATT&CK, Exploit-Kit, Microsoft Activity Group actor, Preventive Measure, Ransomware, TDS, Threat actor or Tool used by adversaries.
Taxonomies provide a set of already defined classifications modeling estimative language, CSIRTs/CERTs classifications, national classifications or threat model classification.
MISP Galaxies & Taxonomies
In a continuous effort since 2016,CIRCL frequently gives practical training sessions about MISP. The purpose is to reach out to security analysts using MISP as a threat intelligence platform along with users using it as an information sharing platform.
All thetraining materials are open source, include slides and a virtual machine preconfigured with the latest version of MISP.Reach out if you are looking for custom training.
MISP Docu & Trainings
PyMISP is a Python library to access MISP platforms via their REST API.
PyMISP allows you to fetch events, add or update events/attributes, add or update samples or search for attributes programmatically.Discover more
PyMISP
MISP modules are autonomous modules that can be used to extend MISP for new services such as expansion, import and export.
The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components.
For more information:Extending MISP with Python modules slides from MISPtraining.
MISP Modules
Do you want to join a community?
MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.
From our blog
In addition to thenews stories below, check out thepress,events,hackathon,MISP Summit pages and fullnews archive.
FlowIntel 3.0.0 released and MISP integration
on February 18, 2026
FlowIntel & MISP
FlowIntel in a Nutshell
FlowIntel is an open-source platform built for handling security investigations in a structured way. It combines case management, task tracking, documentation, and collaboration in one place.
MISP architecture choices
ByKoen Van Impe on February 11, 2026
MISP architecture
Getting yourMISP architecture right from the start makes all the difference. A well-designed deployment keeps your threat intelligence platform running smoothly, protects your data, and ensures your analysts have what they need when they need it. Poor choices lead to performance bottlenecks, security gaps, and maintenance headaches that only get worse as your data grows.
MISP v2.5.32 released bringing new workflow capabilities, enhancement, security fix and various bugs fixed
on January 15, 2026
We are pleased to announce the release ofMISP v2.5.32, bringing new workflow capabilities, improvements to attachment handling, security fixes, and multiple dependency updates.
NGSOTI: Building an Integrated Threat-Intelligence and Information Sharing Ecosystem for the Next Generation of SOC Analysts
on January 2, 2026
TheNext Generation Security Operator Training Infrastructure (NGSOTI) initiative was created to address a growing gap in cybersecurity education: the need to train analysts not only on tools, but onreal-world workflows, collaboration models, and operational constraints. Rather than focusing on isolated technologies, NGSOTI brings together a coherent ecosystem of open-source projects designed to reflect how modern Security Operations Centers (SOCs) actually function.
© MISP project. Software released underapproved open source licenses and content of this website released as CC BY-SA 3.0.
Template byBootstrapious. Ported to Hugo byDevCows.