MISP Integration

MISP Threat Sharing (MISP) is an open source threat intelligence platform. The project develops utilities and documentation for more effective threat intelligence, by sharing indicators of compromise.

A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Not only to store, share, collaborate on cyber security indicators, malware analysis, but also to use the IoCs and information to detect and prevent attacks, frauds or threats against ICT infrastructures, organisations or people.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Third-Party tab and navigate to the MISP integration.

  3. Click the plus sign (+) in the lower-right corner of the card. The MISP integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the MISP integration in Cisco XDR.

You can perform the following tasks after you integrate MISP with Cisco XDR:

  • Investigations - Start a new investigation into any combination of IP addresses, domains, hostnames, URLs, SHA-1 hashes, SHA-256 hashes, and MD5 hashes and the results will include any records of them found in your MISP. To verify that this integration is working, and to see what kind of data is returned, investigate one of more observables about which you know MISP has recent information. For details, see Investigate.