Cyber Tool Stack
All tools
TIOpen source · AGPL-3.0

MISP

Community project

An AGPL-licensed platform for storing and sharing structured threat intelligence, developed and stewarded by CIRCL, Luxembourg's national CERT. Organizations can run their own instance and synchronize selected data with ISACs, national CERTs, and other sharing communities.

Verified Source: 1

Product type
Community project
Deployment
On-prem
Organization size
SMBMid-marketEnterprise
Pricing tier
Free

Capability checklist

TI

How MISP measures up against the full Threat Intelligence taxonomy.

Curated IOC feeds — supported
Provides vetted lists of malicious IPs, domains, and file hashes.
Adversary & TTP profiles — not supported
Documents known attacker groups and the techniques they typically use.
Dark web & brand monitoring — not supported
Watches for leaked credentials, data, or brand impersonation outside the organization.
SIEM/SOAR enrichment integration — supported
Automatically feeds intelligence context into alerts and playbooks.
Vulnerability & exploit intelligence — not supported
Tracks which vulnerabilities are being actively exploited in the wild.
Analyst research portal — not supported
Gives analysts a searchable portal to investigate threats manually.

Alternatives

Other Threat Intelligence tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include MISP.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.