When I added the threat-actor @misp galaxy type on Mar 4, 2016, I didn’t expect that, years later, vendors would still invent new names for already known threat actors, avoid using UUIDs, reuse similar names for different actors, and create confusing names by mixing tools or software used by the actors.

That’s why we continue the tedious work of maintaining a proper threat-actor database, with relationships to other galaxies such as MITRE ATT&CK, Malpedia, and more.

After years of this monastic effort, we’re seeing the benefits—many open-source and proprietary tools now rely on the MISP galaxy, which serves as both an open standard and a public knowledge base.

We also maintain a dedicated website for all MISP galaxies. Here’s an example from the threat-actor database:
https://www.misp-galaxy.org/threat-actor/relations/fa80877c-f509-4daf-8b62-20aba1635f68/

Repository https://github.com/MISP/misp-galaxy/
Public website https://www.misp-galaxy.org/threat-actor/

If you’d like to become a monk (just kidding!) and contribute, feel free to open an issue or submit a pull request on the misp-galaxy repo.

In MISP, you can directly benefit from all the galaxies, and you also have advanced functionalities like forking and maintaining an up-to-date private version of the threat-actor database.

Last chance to share your thoughts! Our CrowdSec WAF & MISP survey closes tomorrow (July 23).

Fill it out, and you might win some special swag — yes, including the alpaca plush!

Survey https://docs.google.com/forms/d/e/1FAIpQLSfJIbHu990Mv1nMjFuirQX0hBjRTrOoo0KaDgrzte3UuO5dgA/viewform

Thanks for helping us make CrowdSec even better!

We are thrilled to announce two new releases for the MISP project: a significant feature and performance release, v2.5.16, and a stable maintenance release, v2.4.214.

While v2.4.214 is a focused maintenance update, v2.5.16 is packed with new tools, major performance enhancements, and a host of crucial bug fixes that will make your MISP instance faster.

#misp #threatintelligence #opensource #tip #informationsharing #threatintel #cybersecurity

https://www.misp-project.org/2025/07/19/misp.2.5.16.and.2.4.214.html/

MISP taxonomy format has just been updated and published.

The key change is full UUID support for every entry (taxonomies, predicates, and value) giving you more flexibility when renaming or updating MISP taxonomies.

#standard #threatintelligence #misp

MISP Standard Format for Taxonomy https://www.misp-standard.org/rfc/misp-standard-taxonomy-format.html
IETF I-D https://datatracker.ietf.org/doc/html/draft-dulaunoy-misp-taxonomy-format-10

MISP 2.4.213 & 2.5.15 Released - A Double Dose of Security, Search, and Stability.

This release is packed with major reworks under the hood, performance boosts, new features, and a host of bug fixes to improve your threat intelligence experience. A huge thank you to all the contributors who made this release possible!

#misp #opensource #cybersecurity

https://www.misp-project.org/2025/06/24/misp.2.5.15.and.2.4.113.html/

Today at the @firstdotorg conference, we’re presenting Draugnet, an open-source, lightweight submission tool designed to make sharing cyber threat intelligence easier.

With @treyka @iglocska

@misp

https://github.com/draugnet/draugnet

There's some cool sounding training on its way from @circl

CIRCL - Virtual Summer School (VSS) 2025

https://www.circl.lu/pub/vss-2025/

New release: FlowIntel 1.6.0 — an open-source case management tool — now with extended support for importing MISP events as cases, a timeline view for attributes, a new templating system for notes, and many other new features!

https://github.com/flowintel/flowintel/releases/tag/1.6.0
https://github.com/flowintel/flowintel

@misp @circl

#opensource #threatintel #threatintel #dfir #cti #misp #flowintel

Thanks to @davcru for the continuous work on the project and all the new contributors.

This project is a SIEM with SIRP and Threat Intel, all in one.

https://github.com/V1D1AN/S1EM

#MISP connector available in Cyberbro demo thanks to the @circl that allowed it!

Cyberbro has now a #MISP connector!

Use your MISP events to check observables:

- last seen
- first seen
- top 5 latest MISP events
- Research link in MISP

#ioc #cti #threathunting

https://github.com/stanfrbd/cyberbro/

Poke @misp @circl

Just a reminder: our free MISP online training is happening tomorrow, Wednesday.

https://misp-project.org/events/

First cool and impressive outcome of hackathon.lu 2025, MISP fleet commander. An open source project which supports organisation to manage large fleet of MISP instances, tests synchronisation and many other features.

https://github.com/MISP/MISP-Fleet-Commander

@misp

@circl

We just opened a discourse for the hackathon.lu to coordinate more on the different projects, tasks or ideas.

https://discourse.ossbase.org/c/hackathon-lu/5
https://hackathon.lu/

It's a 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity. We aim to convene diverse developer groups to collaborate on complex programming challenges within key cybersecurity areas, such as information sharing, threat intelligence, network and system forensics, data mining, network and computer exploitation, and defense techniques.

#opensource #cybersecurity #misp

@Discourse

MISP v2.4.206 and v2.5.8 introduces new workflow modules, enhanced object relationship management and significant improvements to the event synchronisation mechanism. Key highlights include improved a reworked attribute search functionality, better handling of event reports, and various security fixes. Additionally, numerous optimizations and bug fixes enhance stability and performance.

#opensource #threatintel #misp

Release notes https://www.misp-project.org/2025/03/19/MISP.2.5.8.and.2.4.206.released.html/

The MISP project maintains and offers a comprehensive knowledge base covering threat actors, ransomware groups, malware, and more.

Even if you don't use MISP, you can now easily search across all MISP Project knowledge bases, including galaxies, taxonomies, and MISP object templates.

https://search.misp-community.org

The MISP Project is pleased to announce the release of MISP v2.5.7 and v2.4.205, bringing several new features, important fixes, and enhancements to improve the overall user experience and platform functionality. This release addresses critical improvements in synchronization filtering, correlation management, and UI enhancements, ensuring a more stable and efficient MISP environment.

#opensource #threatintel #threatintelligence #misp

https://www.misp-project.org/2025/02/24/MISP.2.5.7.and.2.4.205.release.html/

If you're running MISP in a compartmentalized, classified, or sensitive network, controlling the flow of information is crucial. You need a simple yet independent and auditable tool to manage data exchange between MISP instances effectively.

We’re pleased to announce the release of misp-guard version 1.1, incorporating multiple improvements based on feedback from various organizations, including military and intelligence agencies.

https://github.com/MISP/misp-guard/releases/tag/v1.1

MISP Analyst Data Format - Enhancing STIX 2.1 Integration

The MISP Analyst Data format, part of the broader MISP-standard.org ecosystem, represents a significant step forward in structuring and exchanging cyber threat intelligence. Developed in collaboration with partners, this format builds upon the lessons learned addressing its practical shortcomings while ensuring greater efficiency, flexibility, and usability for analysts.

https://www.misp-project.org/2025/02/07/MISP_Support_for_Analyst_Data_converter_from_STIX2.html/

The MISP team is excited to announce the release of MISP v2.5.6 and MISP v2.4.204. These updates bring several new features, fixes, and performance improvements to enhance the platform’s usability and efficiency.

https://www.misp-project.org/2025/01/13/MISP.2.5.6.and.2.4.204.release.html/