MISP Threat Sharing (MISP), Malware Information Sharing Platform is an open source threat intelligence platform. The project develops utilities and documentation for more effective threat intelligence, by sharing indicators of compromise.[2] There are several organizations who run MISP instances, who are listed on the website.[3]

MISP Threat Sharing
Original author(s)Christophe Vandeplas
Developer(s)Andras Iklody (lead developer), and other contributors
Stable release
2.5.2[1] / 19 November 2024; 7 days ago (19 November 2024)
Repositoryhttps://github.com/MISP/MISP
Written inPHP
LicenseAGPLv3
Websitemisp-project.org Edit this on Wikidata

History

edit

This project started around June 2011 when Christophe Vandeplas had a frustration that way too many Indicators of Compromise (IOCs) were shared by email, or in pdf documents and were not parsable by automatic machines. So at home he started to play around with CakePHP and made a proof of concept of his idea. He called it CyDefSIG: Cyber Defence Signatures.[4]

Mid July 2011 he presented his personal project at work (Belgian Defence) where the feedback was rather positive. After giving access to CyDefSIG running on his personal server the Belgian Defence started to use CyDefSIG officially starting mid August 2011. Christophe was then allowed to spend some time on CyDefSIG during his work-hours, while still working on it at home.[4]

At some point NATO heard about this project. In January 2012 a first presentation was done to introduce them in more depth to the project. They looked at other products that the market offered, but it seemed they deemed the openness of CyDefSIG to be of a great advantage. Andrzej Dereszowski was the first part-time developer from NATO side.[4]

One thing led to another and some months later NATO hired a full-time developer to improve the code and add more features. A collaborative development started from that date. As with many personal projects the license was not explicitly written yet, it was collaboratively decided that the project would be released publicly under the Affero GPL license. This to share the code with as many people as possible and to protect it from any harm.[4]

The project was then renamed to MISP: Malware Information Sharing Project, a name invented by Alex Vandurme from NATO.[4]

In January 2013 Andras Iklody became the main full-time developer of MISP, during the day initially hired by NATO and during the evening and week-end contributor to an open source project.[4]

Meanwhile other organisations started to adopt the software and promoted it around the CERT world (CERT-EU, CIRCL, and many others).[4]

Nowadays, Andras Iklody is the lead developer of the MISP project and works for CIRCL.[4]

As the MISP project expanded, MISP is not only covering the malware indicators but also fraud or vulnerability information. The name is now MISP Threat Sharing, which includes the core MISP software and a myriad of tools (PyMISP) and format (core format, MISP taxonomies, warning-lists) to support MISP. MISP is now a community project led by a team of volunteers.[4]

Funding

edit

The project is funded by the European Union (through the Connecting Europe Facility[5]) and the Computer Incident Response Center Luxembourg.

Intelligence Integration

edit

Indicators of compromise which are managed by MISP may originate from a variety of sources; including internal incident investigation teams, intelligence sharing partners or commercial intelligence sources. Commercial sources with integration to MISP include Symantec's DeepSight Intelligence (now called Broadcom), Kaspersky threat feeds and McAfee Active Response. MISP integrations with open-source and commercial threat intelligence platforms include the ThreatQuotient Platform and EclecticIQ Platform.

References

edit
  1. ^ "Release 2.5.2". 19 November 2024. Retrieved 26 November 2024.
  2. ^ "MISP threat sharing platform". media.ccc.de. 7 August 2017. Retrieved 19 February 2019.
  3. ^ "MISP Communities". www.misp-project.org. Retrieved 19 February 2019.
  4. ^ a b c d e f g h i "Who is behind the MISP project?". MISP-Project.org. Retrieved 24 February 2019.   Material was copied from this source, which is available under a Creative Commons Attribution-ShareAlike 3.0 Unported license.
  5. ^ "Digital Single Market - MISP". ec.europe.eu. Retrieved 19 February 2019.
edit