{"id":39862260,"url":"https://github.com/harvard-itsecurity/docker-misp","last_synced_at":"2026-01-18T14:02:06.973Z","repository":{"id":46747557,"uuid":"69327960","full_name":"harvard-itsecurity/docker-misp","owner":"harvard-itsecurity","description":"Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing","archived":false,"fork":false,"pushed_at":"2021-03-23T13:33:46.000Z","size":63,"stargazers_count":177,"open_issues_count":14,"forks_count":44,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-12-02T00:45:23.185Z","etag":null,"topics":["dockerhub","information-security","malware","malware-analysis","misp","security","threat-intelligence","threat-sharing"],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/harvard-itsecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-09-27T06:50:41.000Z","updated_at":"2025-11-26T17:17:30.000Z","dependencies_parsed_at":"2022-08-26T23:41:12.906Z","dependency_job_id":null,"html_url":"https://github.com/harvard-itsecurity/docker-misp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/harvard-itsecurity/docker-misp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harvard-itsecurity%2Fdocker-misp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harvard-itsecurity%2Fdocker-misp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harvard-itsecurity%2Fdocker-misp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harvard-itsecurity%2Fdocker-misp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/harvard-itsecurity","download_url":"https://codeload.github.com/harvard-itsecurity/docker-misp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/harvard-itsecurity%2Fdocker-misp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28537484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T13:04:05.990Z","status":"ssl_error","status_checked_at":"2026-01-18T13:01:44.092Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dockerhub","information-security","malware","malware-analysis","misp","security","threat-intelligence","threat-sharing"],"created_at":"2026-01-18T14:02:05.273Z","updated_at":"2026-01-18T14:02:06.963Z","avatar_url":"https://github.com/harvard-itsecurity.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"Docker MISP Container\n=====================\n### Latest Update: 4-14-2020\n\nFollowing the Official MISP Ubuntu 18.04 LTS build instructions.\n\nLatest Upstream Change Included: a62bca4e169c919413bba4e6ce978e30aae9183e\n\nGithub repo + build script here:\nhttps://github.com/harvard-itsecurity/docker-misp\n(note: after a git pull, update ```build.sh``` with your own passwords/FQDN, and then build the image)\n\n# What is this?\nThis is an easy and highly customizable Docker container with MISP -\nMalware Information Sharing Platform \u0026 Threat Sharing (http://www.misp-project.org)\n\nOur goal was to provide a way to setup + run MISP in less than a minute!\n\nWe follow the official MISP installation steps everywhere possible,\nwhile adding automation around tedious manual steps and configurations.\n\nWe have done this without sacrificing options and the ability to\ncustomize MISP for your unique environment! Some examples include:\nauto changing the salt hash, auto initializing the database, auto generating GPG\nkeys, auto generating working + secure configs, and adding custom\npasswords/domain names/email addresses/ssl certificates.\n\nThe misp-modules extensions functionality has been included and can be\naccessed from http://[dockerhostip]:6666/modules.\n(thanks to Conrad)\n\n# Build Docker container vs using Dockerhub binary?\n\nWe always recommend building your own Docker MISP image using our \"build.sh\" script.\nThis allows you to change all the passwords and customize a few config options.\n\nThat said, you can pull down the Dockerhub binary image, but this is\n_not_ supported or recommended. It's there purely for convenience, and so that you can \"get\na feel\" for MISP without building it. It will by default contain \"LOCALHOST\" as all configured host everywhere, and this will only work on the same system or if you proxy/port forward.\n\n\nBuilding your own MISP Docker image is incredibly simple:\n```\ngit clone https://github.com/harvard-itsecurity/docker-misp.git\ncd docker-misp\n\n# modify build.sh, specifically for:\n# 1.) all passwords (MYSQL, GPG)\n# 2.) change at LEAST \"MISP_FQDN\" to your FQDN (domain)\n\n# Build the docker image - will take a bit, but it's a one time thing!\n# Run this from the root of \"docker-misp\"\n./build.sh\n```\n\nThis will produce an image called: ```harvarditsecurity/docker-misp```\n\n# How to run it in 3 steps:\n\nAbout ```$docker-root``` - If you are running Docker on a Mac, there are some mount directory restrictions by default (see: https://docs.docker.com/docker-for-mac/osxfs/#namespaces). Your ```$docker-root``` needs to be either one of the supported defaults (\"Users\", \"Volumes\", \"private\", or \"tmp\"), otherwise, you must go to \"Preferences\" -\u003e \"File Sharing\" and add your chosen $docker-root to the list.\n\nWe would suggest using ```/docker``` for your ```$docker-root```, and if using a Mac, adding that to the File Sharing list.\n\nOnce you have your DB directory created (```mkdir -p /docker/misp-db```), follow the 3 steps:\n\n## 1. Initialize Database\n\n```\ndocker run -it --rm \\\n    -v $docker-root/misp-db:/var/lib/mysql \\\n    harvarditsecurity/misp /init-db\n```\n\n## 2. Start the container\n```\ndocker run -it -d \\\n    -p 443:443 \\\n    -p 80:80 \\\n    -p 3306:3306 \\\n    -p 6666:6666 \\\n    -v $docker-root/misp-db:/var/lib/mysql \\\n    harvarditsecurity/misp\n```\n\n## 3. Access Web URL\n```\nGo to: https://localhost (or your \"MISP_FQDN\" setting)\n\nLogin: admin@admin.test\nPassword: admin\n```\n\nAnd change the password! :)\n\n# What can you customize/pass during build?\nYou can customize the ```build.sh``` script to pass custom:\n\n* MYSQL_MISP_PASSWORD\n* POSTFIX_RELAY_HOST\n* MISP_FQDN\n* MISP_EMAIL\n* MISP_GPG_PASSWORD\n\nSee build.sh for an example on how to customize and build your own image with custom defaults.\n\n# How to use custom SSL Certificates:\nDuring run-time, override ```/etc/ssl/private```\n\n```\ndocker run -it -d \\\n    -p 443:443 \\\n    -p 80:80 \\\n    -p 3306:3306 \\\n    -v $docker-root/certs:/etc/ssl/private \\\n    -v $docker-root/misp-db:/var/lib/mysql \\\n    harvarditsecurity/misp\n```\n\nAnd in your ```/certs``` dir, create private/public certs with file names:\n\n* misp.key\n* misp.crt\n\n# Security note in regards to key generation:\nWe have added \"rng-tools\" in order to help with entropy generation,\nsince users have mentioned that during the pgp generation, some\nsystems have a hard time creating enough \"randomness\". This in turn\nuses a pseudo-random generator, which is not 100% secure. If this is a\nconcern for a production environment, you can either 1.) take out the\n\"rng-tools\" part from the Dockerfile and re-build the container, or\n2.) replace the keys with your own! For most users, this should not\never be an issue. The \"rng-tools\" is removed as part of the build\nprocess after it has been used.\n\n# Using a reverse proxy/SSL offloading (Traefik, Caddy, HAProxy, Nginx, etc)\n\nYou will need to removing the SSL block (see: `/etc/apache2/sites-available/default-ssl.conf`)\n\nAnd replace the HTTP block (see: `/etc/apache2/sites-available/000-default.conf` with:\n\n```\n\u003cVirtualHost *:80\u003e\nServerAdmin admin@localhost\nServerName localhost\nDocumentRoot /var/www/MISP/app/webroot\n\u003cDirectory /var/www/MISP/app/webroot\u003e\nOptions -Indexes\nAllowOverride all\n\u003c/Directory\u003e\nLogLevel warn\nErrorLog /var/log/apache2/misp_error.log\nCustomLog /var/log/apache2/misp_access.log combined\nServerSignature Off\n\u003c/VirtualHost\u003e\n```\n\nIf you don't want to build a new image with this, you can simply add to your run-time:\n(note again: $docker-root is the place holder for your docker container and configs path)\n```\n-v $docker-root/apache.conf:/etc/apache2/sites-available/000-default.conf\n```\n\n\n# Contributions:\nConrad Crampton: @radder5 - RNG Tools and MISP Modules\n\nJeremy Barlow: @jbarlow-mcafee - Cleanup, configs, conveniences, python 2 vs 3 compatibility\n\nMatt Saunders: @matt-saunders - Fixed all install warnings and errors\n\nMatija Čoklica: @XizzoR - Discovered problem where GPG key was empty, lots of python/misp modules debugging (thanks!)\n\n# Help/Questions/Comments:\nFor help or more info, feel free to contact Ventz Petkov: ventz_petkov@harvard.edu\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharvard-itsecurity%2Fdocker-misp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharvard-itsecurity%2Fdocker-misp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharvard-itsecurity%2Fdocker-misp/lists"}