analyzing-threat-landscape-with-misp

Solid

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
73
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Analyzing Threat Landscape with MISP ## When to Use - When investigating security incidents that require analyzing threat landscape with misp - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - Familiarity with threat intelligence concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Instructions 1. Install dependencies: `pip install pymisp` 2. Configure MISP URL and API key. 3. Run the agent to generate threat landscape analysis: - Pull event statistics by threat level and date range - Analyze attribute type distributions (IP, domain, hash, URL) - Identify top MITRE ATT&CK techniques from event tags - Track threat actor activity via galaxy clusters - Generate temporal trend analysis of IOC submissions ```bash python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json ``` ## Examples ### Threat Landscape Summary ``` Period: Last 90 days Events analyzed: 1,247 Top threat level: High (43%) Top attribute type: ip-dst (31%), domain (22%), sha256 (18%) Top MITRE technique: T1566 Phishing (89 events) Top threat actor: APT28 (34 events) ```

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

collecting-threat-intelligence-with-misp

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat

12,642 Updated today
mukul975
AI & Automation Featured

performing-threat-intelligence-sharing-with-misp

Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.

12,642 Updated today
mukul975
AI & Automation Featured

building-threat-feed-aggregation-with-misp

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.

12,642 Updated today
mukul975
AI & Automation Featured

performing-threat-landscape-assessment-for-sector

Conduct a sector-specific threat landscape assessment by analyzing threat actor targeting patterns, common attack vectors, and industry-specific vulnerabilities to inform organizational risk management.

12,642 Updated today
mukul975
AI & Automation Featured

analyzing-threat-actor-ttps-with-mitre-attack

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs) based on real-world observations. This skill covers systematically mapping threat actor beh

12,642 Updated today
mukul975