TIOpen source · AGPL-3.0
MISP
Community project
An AGPL-licensed platform for storing and sharing structured threat intelligence, developed and stewarded by CIRCL, Luxembourg's national CERT. Organizations can run their own instance and synchronize selected data with ISACs, national CERTs, and other sharing communities.
Verified Source: 1
- Product type
- Community project
- Deployment
- On-prem
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Free
Capability checklist
TIHow MISP measures up against the full Threat Intelligence taxonomy.
- Curated IOC feeds — supported
- Provides vetted lists of malicious IPs, domains, and file hashes.
- Adversary & TTP profiles — not supported
- Documents known attacker groups and the techniques they typically use.
- Dark web & brand monitoring — not supported
- Watches for leaked credentials, data, or brand impersonation outside the organization.
- SIEM/SOAR enrichment integration — supported
- Automatically feeds intelligence context into alerts and playbooks.
- Vulnerability & exploit intelligence — not supported
- Tracks which vulnerabilities are being actively exploited in the wild.
- Analyst research portal — not supported
- Gives analysts a searchable portal to investigate threats manually.
Alternatives
Other Threat Intelligence tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include MISP.