collecting-threat-intelligence-with-misp

Featured

MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Collecting Threat Intelligence with MISP ## Overview MISP (Malware Information Sharing Platform) is an open-source threat intelligence platform for gathering, sharing, storing, and correlating Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or counter-terrorism information. This skill covers deploying MISP, configuring threat feeds, using the PyMISP API for programmatic access, and building automated collection pipelines that aggregate IOCs from multiple community and commercial sources. ## When to Use - When managing security operations that require collecting threat intelligence with misp - When improving security program maturity and operational processes - When establishing standardized procedures for security team workflows - When integrating threat intelligence or vulnerability data into operations ## Prerequisites - Python 3.9+ with `pymisp` library installed - Docker and Docker Compose for MISP deployment - Understanding of STIX 2.1 and TAXII 2.1 protocols - Familiarity with IOC types: hashes, IP addresses, domains, URLs, email addresses - Network access to MISP community feeds (circl.lu, botvrij.eu) ## Key Concepts ### MISP Architecture MISP operates on an event-based model where threat intelligence is organized into events containing attributes (IOCs), objects (structured groupings of attributes), galaxies (threat actor/malware clusters linked to MITRE ATT&CK), and tags for...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Docker · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

building-threat-feed-aggregation-with-misp

Deploy MISP (Malware Information Sharing Platform) to aggregate, correlate, and distribute threat intelligence feeds from multiple sources for centralized IOC management and automated SIEM integration.

12,642 Updated today
mukul975
AI & Automation Featured

performing-threat-intelligence-sharing-with-misp

Use PyMISP to create, enrich, and share threat intelligence events on a MISP platform, including IOC management, feed integration, STIX export, and community sharing workflows.

12,642 Updated today
mukul975
AI & Automation Solid

analyzing-threat-landscape-with-misp

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.

12,642 Updated today
mukul975
AI & Automation Featured

building-threat-intelligence-platform

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified system for collecting, analyzing, enriching, and disseminating threat intelligence. T

12,642 Updated today
mukul975
AI & Automation Featured

building-threat-intelligence-feed-integration

Builds automated threat intelligence feed integration pipelines connecting STIX/TAXII feeds, open-source threat intel, and commercial TI platforms into SIEM and security tools for real-time IOC matching and alerting. Use when SOC teams need to operationalize threat intelligence by automating feed ingestion, normalization, scoring, and distribution to detection systems.

12,642 Updated today
mukul975