Projects in Awesome Lists tagged with misp
A curated list of projects in awesome lists tagged with misp .
https://github.com/misp/misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
cti cybersecurity fraud-detection fraud-management fraud-prevention information-exchange information-security information-sharing intelligence malware-analysis misp security stix threat-analysis threat-hunting threat-intel threat-intelligence threat-intelligence-platform threat-sharing threatintel
Last synced: 12 May 2025
https://github.com/MISP/MISP
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
cti cybersecurity fraud-detection fraud-management fraud-prevention information-exchange information-security information-sharing intelligence malware-analysis misp security stix threat-analysis threat-hunting threat-intel threat-intelligence threat-intelligence-platform threat-sharing threatintel
Last synced: 30 Mar 2025
https://github.com/thehive-project/thehive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
agplv3 analyzer api cortex dfir digital-forensics free incident-management incident-response incident-response-tooling investigations iocs misp open-source orchestration platform rest scala security-incidents thehive
Last synced: 14 May 2025
https://github.com/TheHive-Project/TheHive
TheHive: a Scalable, Open Source and Free Security Incident Response Platform
agplv3 analyzer api cortex dfir digital-forensics free incident-management incident-response incident-response-tooling investigations iocs misp open-source orchestration platform rest scala security-incidents thehive
Last synced: 07 Apr 2025
https://github.com/eset/malware-ioc
Indicators of Compromises (IOC) of our various investigations
Last synced: 18 Feb 2026
https://github.com/bert-janp/hunting-queries-detection-rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
azure blueteam cybersecurity defender-for-endpoint dfir infosec kql mde mdi misp security sentinel threat-hunting vulnerability-management zero-day
Last synced: 14 May 2025
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
azure blueteam cybersecurity defender-for-endpoint dfir infosec kql mde mdi misp security sentinel threat-hunting vulnerability-management zero-day
Last synced: 31 Mar 2025
https://github.com/emalderson/thephish
ThePhish: an automated phishing email analysis tool
attack cyberdefense cybersecurity detection digital-forensics email free incident-response indicators-of-compromise malware misp phishing phishing-detection python script thehive thehive4 thehive4py threat-intelligence webapp
Last synced: 16 May 2025
https://github.com/emalderson/ThePhish
ThePhish: an automated phishing email analysis tool
attack cyberdefense cybersecurity detection digital-forensics email free incident-response indicators-of-compromise malware misp phishing phishing-detection python script thehive thehive4 thehive4py threat-intelligence webapp
Last synced: 02 Apr 2025
https://github.com/thalesgroup-cert/Watcher
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
certificate-transparency certstream cybersecurity django incident-response misp monitoring nltk osint osint-python phishing reactjs rss-bridge security thehive threat-detection threat-hunting threat-intelligence watcher webapp
Last synced: 07 Apr 2025
https://github.com/InQuest/ThreatIngestor
Extract and aggregate threat intelligence.
dfir fraud-detection indicators-of-compromise intelligence-gathering ioc malware-research misp osint security-tools soar threat-analysis threat-feeds threat-hunting threat-intelligence threat-intelligence-platform threat-sharing threatintel yara
Last synced: 20 Apr 2025
https://github.com/inquest/threatingestor
Extract and aggregate threat intelligence.
dfir fraud-detection indicators-of-compromise intelligence-gathering ioc malware-research misp osint security-tools soar threat-analysis threat-feeds threat-hunting threat-intelligence threat-intelligence-platform threat-sharing threatintel yara
Last synced: 14 Jan 2026
https://github.com/bert-janp/open-source-threat-intel-feeds
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
c2 ioc iocfeed malware misp phishing threat-hunting threat-intelligence
Last synced: 15 May 2025
https://github.com/Bert-JanP/Open-Source-Threat-Intel-Feeds
This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.
c2 ioc iocfeed malware misp phishing threat-hunting threat-intelligence
Last synced: 10 Apr 2025
https://github.com/MISP/misp-galaxy
Clusters and elements to attach to MISP events or attributes (like threat actors)
adversaries adversary-groups attack-patternon classification information-exchange malware misp misp-galaxy mitre-adversarial-tactics stix threat-actors threat-hunting threat-intelligence
Last synced: 29 Mar 2026
https://github.com/misp/misp-warninglists
Warning lists to inform users of MISP about potential false-positives or other information in indicators
dfir false-positive misp misp-warninglists network-forensics threat-intelligence
Last synced: 15 May 2025
https://github.com/MISP/misp-warninglists
Warning lists to inform users of MISP about potential false-positives or other information in indicators
dfir false-positive misp misp-warninglists network-forensics threat-intelligence
Last synced: 15 Apr 2025
https://github.com/misp/misp-galaxy
Clusters and elements to attach to MISP events or attributes (like threat actors)
adversaries adversary-groups attack-patternon classification information-exchange malware misp misp-galaxy mitre-adversarial-tactics stix threat-actors threat-hunting threat-intelligence
Last synced: 08 May 2025
https://github.com/misp/pymisp
Python library using the MISP Rest API
api api-client misp threat-sharing threatintel
Last synced: 16 Feb 2026
https://github.com/cloudtracer/ThreatPinchLookup
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
alienvault censys cert chrome-extension circl cve dfir ibm-xforce incident-response misp osint passivetotal security shodan threat-hunting threat-sharing threatintel threatminer virustotal whois
Last synced: 06 Apr 2025
https://github.com/misp/misp-modules
Modules for expansion services, enrichment, import and export in MISP and other tools.
cti domaintools enrichment expansion misp misp-modules osint passive-dns passivetotal threat-intelligence
Last synced: 08 May 2025
https://github.com/misp/misp-book
User guide of MISP
documentation information-exchange information-sharing misp misp-book
Last synced: 08 May 2025
https://github.com/tenzir/threatbus
🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
cif cif3 ids misp opencti opencti-connector sightings threat-bus threat-hunting threat-intelligence threat-intelligence-data threatintel zeek
Last synced: 30 Dec 2025
https://github.com/MISP/misp-book
User guide of MISP
documentation information-exchange information-sharing misp misp-book
Last synced: 12 Jul 2025
https://github.com/coolacid/docker-misp
A (nearly) production ready Dockered MISP
docker misp security security-tools threat-intelligence threat-sharing
Last synced: 10 Feb 2026
https://github.com/misp/misp-dashboard
A live dashboard for a real-time overview of threat intelligence from MISP instances
cyber-security cybersecurity dashboard misp threat-intelligence threatintel
Last synced: 08 May 2025
https://github.com/misp/misp-playbooks
MISP Playbooks
cti cyber-security misp misp-playbooks playbooks threat-intelligence
Last synced: 08 May 2025
https://github.com/harvard-itsecurity/docker-misp
Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing
dockerhub information-security malware malware-analysis misp security threat-intelligence threat-sharing
Last synced: 18 Jan 2026
https://github.com/misp/misp-maltego
Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.
analysis attack graph maltego misp misp-maltego mitre-attack pivoting threat-intel threat-intelligence transform visualisation
Last synced: 06 Apr 2025
https://github.com/davidonzo/Threat-Intel
Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS
cybersecurity cybox incident-response-service malware-analisys-lab misp misp-feed osint stix stix2 taxii taxii2 threat-intel threat-intelligence
Last synced: 29 Mar 2026
https://github.com/misp/misp-objects
Definition, description and relationship types of MISP objects
information-exchange information-sharing misp misp-objects
Last synced: 08 May 2025
https://github.com/cerebrate-project/cerebrate
Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.
cerebrate cerebrate-project information-sharing misp security-automation
Last synced: 04 Mar 2026
https://github.com/misp/misp-taxii-server
An OpenTAXII Configuration for MISP
information-exchange information-sharing misp stix taxii-hooks taxii-server
Last synced: 08 May 2025
https://github.com/0xthiebaut/sigmai
Import specific data sources into the Sigma generic and open signature format.
ids logging misp monitoring security siem sigma signatures
Last synced: 10 Oct 2025
https://github.com/jonrau1/SyntheticSun
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
anomaly-detection automation aws aws-security aws-serverless data-science data-visualization elasticsearch geolocation guardduty incident-response kibana machine-learning misp sagemaker security-automation security-tools serverless threat-detection threat-intelligence
Last synced: 12 Jul 2025
https://github.com/typosquatter/ail-typo-website
Website for ail-typo-squatting library
misp threat-intelligence typosquatting typosquatting-domains
Last synced: 08 Apr 2026
https://github.com/misp/misp-stix-converter
A utility repo to assist with converting between MISP and STIX formats
conversion misp stix threat-sharing
Last synced: 09 Sep 2025
https://github.com/misp/mail_to_misp
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
misp misp-api threat-hunting threat-intelligence threatintel
Last synced: 08 May 2025
https://github.com/adulau/misp-osint-collection
Collection of best practices to add OSINT into MISP and/or MISP communities
cyber-security misp osint threat-intelligence threat-sharing
Last synced: 02 Feb 2026
https://github.com/cedricbonhomme/pyhids
A HIDS (host-based intrusion detection system) for verifying the integrity of a system.
bloom-filter hashlookup hids intrusion-detection irc misp python rsa-signature security yara
Last synced: 05 Apr 2025
https://github.com/neolea/neolea-training-materials
Open source training materials for law-enforcement and organisations interested in DFIR.
dfir law-enforcement misp neola
Last synced: 15 Jan 2026
https://github.com/misp/misp-stix
MISP-STIX-Converter - Python library to handle the conversion between MISP and STIX formats
cyberthreatintelligence misp stix stix2
Last synced: 08 May 2025
https://github.com/MISP/misp-rfc
Specifications used in the MISP project including MISP core format
information-exchange internet-draft json-format misp misp-format misp-taxonomy protocol standard threat-sharing
Last synced: 11 May 2025
https://github.com/ntddk/virustream
A script to track malware IOCs with OSINT on Twitter.
downloader malware misp osint slack twitter
Last synced: 07 Feb 2026
https://github.com/misp/threat-actor-intelligence-server
A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the known threat actors.
misp misp-galaxy threat-actors threat-intelligence
Last synced: 13 Sep 2025
https://github.com/misp/misp-wireshark
Lua plugin to extract data from Wireshark and convert it into MISP format
dfir misp misp-format network-forensic threat-intelligence wireshark wireshark-plugin
Last synced: 15 Jun 2025
https://github.com/misp/misp-rfc
Specifications used in the MISP project including MISP core format
information-exchange internet-draft json-format misp misp-format misp-taxonomy protocol standard threat-sharing
Last synced: 08 May 2025
https://github.com/misp/best-practices-in-threat-intelligence
Best practices in threat intelligence
information-sharing misp threat-intelligence threat-sharing threatintel
Last synced: 26 Oct 2025
https://github.com/misp/misp-vagrant
Deploy MISP Project software with Vagrant.
deployment misp vagrant virtual-machine
Last synced: 08 May 2025
https://github.com/misp/misp-compliance
Legal, procedural and policies document templates for operating MISP and information sharing communities
cybersecurity gdpr information-exchange information-sharing legal misp
Last synced: 23 Jan 2026
https://github.com/CERN-CERT/pDNSSOC
Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.
dns dnstap misp security security-tools threat-intelligence
Last synced: 27 Sep 2025
https://github.com/misp/intelligence-icons
intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.
icons intelligence misp threat-intelligence
Last synced: 08 May 2025
https://github.com/ninoseki/iocingestor
An extendable tool to extract and aggregate IoCs from threat feeds
Last synced: 18 Oct 2025
https://github.com/jaegeral/firemisp
FireEye Alert json files to MISP Malware information sharing plattform (Alpha)
cyber cybersecurity fireeye fireeye-alert misp misp-api misp-instance threatintel
Last synced: 20 Jun 2025
https://github.com/3c7/aptmap
A map displaying threat actors from the misp-galaxy
advanced apt intelligence misp persistent threat
Last synced: 30 Dec 2025
https://github.com/misp/misp-packer
Build Automated Machine Images for MISP
Last synced: 08 May 2025
https://github.com/CERT-Bund/yara-exporter
Exporting MISP event attributes to yara rules usable with Thor apt scanner
analysis apt cert csirt incident-response misp scanner thor yara
Last synced: 11 Jul 2025
https://github.com/ilyaglow/dockerfiles
🌊 Dockerfiles for apps I use. Also take a look at https://github.com/security-dockerfiles
cortex cve-2018-15473 dockerfile echoip fi6s gopkg goproxy jq manalyze misp quicksand socksproxy squid thehive tor wfuzz whatweb ysoserial
Last synced: 20 Mar 2025
https://github.com/misp/misp-workbench
Built for the frontlines of cyber defense, our next-generation MISP empowers edge deployments and threat hunters with fast, lightweight, and actionable intelligence, anytime, anywhere.
misp threat-hunting threat-intelligence
Last synced: 13 Apr 2026
https://github.com/misp/pymispgalaxies
Pythonic way to work with the galaxies defined there: https://github.com/MISP/misp-galaxy
Last synced: 11 Sep 2025
https://github.com/misp/misp-takedown
A curses-style interface for automatic takedown notification based on MISP events.
abuse-detection information-sharing misp misp-api threat-intelligence threat-sharing
Last synced: 08 May 2025
https://github.com/misp/misp-airgap
Scripts to deploy and update MISP in air-gapped environments
air-gapped classified intelligence-community misp threat-intelligence
Last synced: 22 Jul 2025
https://github.com/misp/misp-grafana
A real-time Grafana dashboard using MISP ZeroMQ message queue and InfluxDB
cybersecurity dashboard grafana grafana-dashboard influxdb metrics misp threat-intelligence
Last synced: 26 Feb 2026
https://github.com/misp/misp-sighting-server
MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a space efficient way.
cti information-security misp sighting sightings threat-intelligence
Last synced: 06 Sep 2025
https://github.com/misp/misp-guard
misp-guard is a mitmproxy addon that inspects and blocks outgoing events to external MISP instances via sync mechanisms (pull/push) based on a set of customizable block rules.
air-gapped misp misp-api misp-guard
Last synced: 28 Jul 2025
https://github.com/splunk/ta-misp_es
MISP to Splunk Enterprise Security Theat Intelligence Framework Integration
enterprise-security misp splunk threat-intelligence
Last synced: 17 Feb 2026
https://github.com/voxpupuli/puppet-misp
This module installs and configures MISP (Malware Information Sharing Platform)
centos-puppet-module hacktoberfest linux-puppet-module misp puppet
Last synced: 16 Mar 2025
https://github.com/misp/misp-privacy-aware-exchange
A privacy-aware exchange module to securely and privately share your indicators
information-exchange misp privacy
Last synced: 08 May 2025
https://github.com/misp/misp-workflow-blueprints
Library of blueprints usable in MISP Workflows
misp threat-intelligence threatintel workflow
Last synced: 08 May 2025
https://github.com/circl/volatility-misp
Volatility plugin to interface with MISP
Last synced: 13 Oct 2025
https://github.com/certtools/tag2domain
A mapping project between tags (annotations, labels) and domain names
cybersecurity machine-tags misp taxonomies taxonomy taxonomy-database
Last synced: 04 Apr 2026
https://github.com/misp/cexf
Common Exercise Format - CEXF
cyber-range cybersecurity exercise misp
Last synced: 01 Jul 2025
https://github.com/misp/misp-decaying-models
MISP decaying models
dfir misp network-security threat-analysis threat-intelligence threatintel
Last synced: 08 May 2025
https://github.com/ag-michael/emailscanner
EmailScanner is an integration application in python that uses `exchangelib` to process mail items in Microsoft exchange.
active-directory correlation cuckoo-sandbox elasticsearch exchange exchangelib falcon fireeye incident-response integration ldap misp orchestration phishing python thehive
Last synced: 08 Apr 2025
https://github.com/misp/misp-bump
Simple and secure synchronisation of MISP instances with mobile phones
api-client misp misp-api misp-synchronisation
Last synced: 08 May 2025
https://github.com/misp/misp-noticelist
Notice lists to inform users of MISP about legal or technical implication for some attributes, categories and objects
gdpr legal misp privacy threat-intelligence
Last synced: 24 Jan 2026
https://github.com/misp/misp-opendata
Tool to submit / delete data from MISP to opendata portal
Last synced: 15 Aug 2025
https://github.com/jaegeral/pysight2misp
PySight2MISP is a project that can be run to be used as glue between iSight intel API and MISP API
glue isight isight-intel-api misp misp-api
Last synced: 02 May 2025
https://github.com/hazcod/misp2sentinel
A Python integration that fetches Threat Intelligence from MISP and publishes it to Microsoft Sentinel SIEM.
Last synced: 19 Apr 2025
https://github.com/ecrimelabs/securityonion-ecrimelabs
Implementation of informaiton from MISP through the eCrimeLabs API and into SecurityOnion
Last synced: 11 May 2025
https://github.com/dcso/tiffy
TIE Feed Generator for MISP (replaces tie2misp)
Last synced: 26 Jul 2025
https://github.com/misp/misp-darwin
MISP darwin is a model and tools to automatically translate in natural language technical or structured information from MISP
Last synced: 08 May 2025
https://github.com/aleprada/exposed-assets
A tool for gathering IT/OT exposed assets on the Internet and sending the results to a MISP instance for further Threat Intelligence analysis.
ics-security misp pymisp python shodan threat-intelligence zoomeye
Last synced: 12 Jul 2025
https://github.com/dcso/misp-dockerized-server
apache2 docker docker-image dockerfile misp
Last synced: 26 Jul 2025
https://github.com/misp/misp-usage-statistics
MISP usage statistics using bokeh (as a static webpage)
misp threat-intelligence-platform
Last synced: 16 Jun 2025
https://github.com/misp/luamisp
Lua Library to create and manipulate MISP entities
Last synced: 08 May 2025
https://github.com/floatingghost/misp-testable
A self-contained docker image for integration tests against MISP
continuous-integration docker-image integration-testing misp misp-api
Last synced: 02 Aug 2025