Threat Intelligence Sharing Platform MISP available: share and deploy threat information faster and easier within your institution

MISP is a threat intelligence platform that enables your institution to detect cyber security risks and threats more quickly and to share threat information with other institutions. MISP can feed systems that you deploy to detect or block Indicators of Compromise (IoCs). Institutions can connect free of charge.
Grafische weergave van code

Threat information from the National Detection Network

An important source of the MISP is the National Detection Network (NDN), a partnership between the National Cyber Security Centre (NCSC), the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD). The NCSC has designated SURFcert as the sectoral Computer Emergency Response Team (CERT) for higher education and research. As a result, SURFcert is also permitted to share the National Detection Network (NDN) data with the institutions connected to the SURF network. The MISP information is intended primarily for the technical staff of SURF's Community of Incident Response Teams (SCIRT) at the institutions.

Automated system with notification option

MISP is a fully automated system that can pass threat information directly to various prevention or detection systems. All threat information from the NDN, SURFcert, affiliated institutions and other relevant threat intel sources can thus be viewed in this platform and exported to all kinds of different formats. As an institution, you decide for yourself what criteria the export of IoCs - whether or not automated - must satisfy. It is also possible for users of MISP to receive a notification via e-mail when threat information has been published.

Threat Intel log4j shared via MISP

Threat Intel about the abuse of the vulnerability in the open source tool log4j has recently been shared on the SCIRT mailing list, the SCIRT chat and SURFcert wiki page. MISP makes it easier to keep track of this; as an individual institution, you no longer have to constantly monitor all channels and manually put IoCs into prevention or detection systems.

MISP: more powerful if many institutions are connected

The more institutions share the technical attack characteristics, the IoCs, of an attack via MISP, the more powerful the platform becomes. This is because institutions often deal with the same actors. This enables you as an institution to act quickly if another institution shares IoCs.

How to join?

All institutions can join free of charge. In order to purchase MISP, the institutional contact person must submit a request in the SURF dashboard (under SURFsoc MISP).

More information