The MISP Import CDF enables ThreatQ to ingest threat intelligence data from a user-provided, self-hosted MISP (Malware Information Sharing Platform) instance. MISP is a widely adopted open-source threat sharing platform designed to facilitate the exchange of structured threat intelligence using the MISP data model.

This integration retrieves published MISP events through the MISP events/restSearch API endpoint and imports the associated intelligence into ThreatQ for analysis, correlation, and operational use. By leveraging data from MISP, organizations can centralize externally shared intelligence alongside internally curated threat data within the ThreatQ platform.

The integration supports the ingestion of a broad range of intelligence objects and related metadata, including events, indicators, adversaries, malware, attack patterns, tools, signatures, attachments, and associated attributes. This enables analysts to preserve the relationships and context provided by MISP while enhancing visibility and enrichment capabilities within ThreatQ.

The integration provides the following feed:

• MISP Import — Ingests published MISP events from a user-provided, self-hosted MISP server instance.

The integration ingests the following data types:

• Adversaries
  • Adversary Attributes
• Attachments
  • Attachment Attributes
• Attack Patterns
• Courses of Action
  • Event Attributes
• Events
  • Indicator Attributes
• Indicators
• Malware
• Signatures
• Tools