A Look At The MISP Open-Source Malware Information Sharing Platform

Security experts have created MISP, an open-source Malware Information Sharing Platform which features threat sharing and a variety of powerful features. Continue reading to find out more about the software.

MISP Open-Source Malware Information Sharing Platform Is A Formidable Platform

Security experts have created created MISP, a Malware Information Sharing Platform and Threat Sharing. This is an open-source solution that is used for collecting , storing, distributing and sharing cyber security threats and incidents. Its features allow for an in-depth analysis and incident response planning. The suite is created for security professionals that work in penetration testing and incident response teams. The goal of the platform is to help the sharing of structured information within the security community globally. The core functions include the following:

  • An efficient IOC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
  • Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
  • Built-in sharing functionality to ease data sharing using different model of distributions. The platform can synchronize automatically events and attributes among different installations. Advanced filtering functionalities can be used to meet each organization sharing policy including a flexible sharing group capacity and an attribute level distribution mechanisms.
  • An intuitive user-interface for end-users to create, update and collaborate on events and attributes/indicators. A graphical interface to navigate seamlessly between events and their correlations. Advanced filtering functionalities and warning list to help the analysts to contribute events and attributes.
  • storing data in a structured format (allowing automated use of the database for various purposes) with an extensive support of cyber security indicators along fraud indicators as in the financial sector.
  • export: generating IDS, OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools), STIX (XML and JSON), NIDS export (Suricata, Snort and Bro) or RPZ zone. Many other formats easily added via the misp-modules.
  • import: bulk-import, batch-import, import from OpenIOC, GFI sandbox, ThreatConnect CSV. Many other formats easily added via the misp-modules.
  • Flexible free text import tool to ease the integration of unstructured reports into MISP.
  • A gentle system to collaborate on events and attributes allowing MISP users to propose changes or updates to attributes/indicators.
  • data-sharing: automatically exchange and synchronization with other parties and trust-groups using MISP.
  • delegating of sharing: allows a simple pseudo-anonymous mechanism to delegate publication of event/indicators to another organization.
  • Flexible API to integrate the platform with your own solutions. The framework is bundled with PyMISP which is a flexible Python Library to fetch, add or update events attributes, handle malware samples or search for attributes.
  • Adjustable taxonomy to classify and tag events following your own classification schemes or existing classification. The taxonomy can be local to your local running installation¬†but also shareable among MISP instances.
  • Expansion modules in Python to expand the suite with your own services or activate already available misp-modules.
  • Sighting support to get observations from organizations concerning shared indicators and attributes. Sighting can be contributed via the user-interface, API as MISP document or STIX sighting documents.
  • STIX support: export data in the STIX format (XML and JSON). Additional STIX import and export is supported by MISP-STIX-Converter or MISP-Taxii-Server.
  • Integrated encryption and signing of the notifications via PGP and/or S/MIME depending of the user preferences.

In the future additional features will be implemented as the developers have devised a long roadmap. To learn more visit the project’s site.

Avatar

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *