MISP Integration with Intel Exchange

Cyware’s Intel Exchange platform includes an out-of-the-box malware information sharing platform (MISP) connector, which enables bidirectional sharing of threat intelligence data with information sharing communities (ISACs/ISAOs and Members), as well as other sharing partners such as suppliers and subsidiaries.

MISP Connector Use Cases

Data Ingestion From Intel Exchange Enterprise into MISP

Scenario: ISAC/ISAO Member has MISP. ISAC/ISAO has Intel Exchange Enterprise.

Allows ISAC/ISAO members to ingest intel in STIX format into MISP from their ISAC/ISAO hubs using Intel Exchange. This can be accomplished using the TAXII credentials provided by the organization sharing intel via Intel Exchange.

Enrichment of Indicators (IOCs) in MISP from Intel Exchange Enterprise

Scenario: ISAC/ISAO Member has MISP. ISAC/ISAO has Intel Exchange Enterprise.

Allows ISAC/ISAO members to enrich indicators in MISP events using Intel Exchange Enterprise. This can be accomplished using the Intel Exchange API credentials provided by the ISAC/ISAO, Parent Organization sharing intel via Intel Exchange to their members or subsidiaries and vendors to perform enrichment.

Data Ingestion From MISP into Intel Exchange Enterprise

Scenario 1: ISAC/ISAO Member has Intel Exchange Enterprise. ISAC/ISAO has MISP.

Scenario 2: Any organization using Intel Exchange Enterprise that wants to ingest MISP events.

The MISP connector in Intel Exchange allows organizations to connect to the MISP instance and pull the MISP feeds into the Intel Exchange platform. The MISP feeds provide details about malicious information such as Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or even counter-terrorism information. MISP integration with Intel Exchange allows security teams to receive real-time threat intelligence feeds.

Benefits

Quick and Seamless

Quick and Seamless

Enjoy powerful and seamless integration between Intel Exchange and MISP requiring minimal setup.

Bidirectional Sharing

Bidirectional Sharing

Enable bidirectional sharing of threat indicators of compromise (IOC), tactics, techniques and procedures (TTPs) and other STIX Domain Objects (SDOs).

STIX 2.x Support

STIX 2.x Support

Ingest and share threat data in multiple formats including the latest STIX standards.