MISP Connector Use Cases
Data Ingestion From CTIX Enterprise into MISP
Scenario: ISAC/ISAO Member has MISP. ISAC/ISAO has CTIX Enterprise.
Allows ISAC/ISAO members to ingest intel in STIX format into MISP from their ISAC/ISAO hubs using CTIX. This can be accomplished using the TAXII credentials provided by the organization sharing intel via CTIX.
Enrichment of Indicators (IOCs) in MISP from CTIX Enterprise
Scenario: ISAC/ISAO Member has MISP. ISAC/ISAO has CTIX Enterprise.
Allows ISAC/ISAO members to enrich indicators in MISP events using CTIX Enterprise. This can be accomplished using the CTIX API credentials provided by the ISAC/ISAO, Parent Organization sharing intel via CTIX to their members or subsidiaries and vendors to perform enrichment.
Data Ingestion From MISP into CTIX Enterprise
Scenario 1: ISAC/ISAO Member has CTIX Enterprise. ISAC/ISAO has MISP.
Scenario 2: Any organization using CTIX Enterprise that wants to ingest MISP events.
The MISP connector in CTIX allows organizations to connect to the MISP instance and pull the MISP feeds into the CTIX platform. The MISP feeds provide details about malicious information such as Indicators of Compromise (IOCs) of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or even counter-terrorism information. MISP integration with CTIX allows security teams to receive real-time threat intelligence feeds.
Benefits
Quick and Seamless
Enjoy powerful and seamless integration between CTIX and MISP requiring minimal setup.
Bidirectional Sharing
Enable bidirectional sharing of threat indicators of compromise (IOC), tactics, techniques and procedures (TTPs) and other STIX Domain Objects (SDOs).
STIX 2.x Support
Ingest and share threat data in multiple formats including the latest STIX standards.