Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
  • Aug 05 2019 13:38
    New CIRCL OSINT: Phishing collection (via URLabuse service)
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - [Emering] FIN7 JScript Loader Malware
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - A journey to Zebrocy land
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - Felipe, a new infostealer Trojan
  • Aug 05 2019 13:38
    New CIRCL OSINT: Kaspersky Lab: Spearphishing attack hits industrial companies
  • Aug 05 2019 13:38
    New CIRCL OSINT: 2019-07-18: Newer "PoSeidon" aka "FindPOS" aka "FindStr" 15.10 Point-of-Sale Malware
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - Repository containting orignal and decompiled files of TRISIS/TRITON/HATMAN malware
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - Very nasty Linux backdoor with multiple components
  • Aug 05 2019 13:38
    New CIRCL OSINT: Targeted phishing - PDF documents / phishkit
  • Aug 05 2019 13:38
    New CIRCL OSINT: 2019-03-08: TerraLoader Signed -> JS RAT
  • Aug 05 2019 13:38
    New CIRCL OSINT: IoT malware - Gafgyt.Gen28 (active) - 20190220 - 20190222
  • Aug 05 2019 13:38
    New CIRCL OSINT: Shamoon potential samples
  • Aug 05 2019 13:38
    New CIRCL OSINT: Turla Outlook White Paper
  • Aug 05 2019 13:38
  • Aug 05 2019 13:38
    New CIRCL OSINT: US-CERT Alert (TA18-149A) HIDDEN COBRA โ€“ Joanap Backdoor Trojan and Brambul Server Message Block Worm
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - Turla renews its arsenal with Topinambour
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - .sg domain used to host malware
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - SWEED: Exposing years of Agent Tesla campaigns
  • Aug 05 2019 13:38
    New CIRCL OSINT: OSINT - Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
oh dear. hahah even more to it now.
Andras Iklody
you (A) are connected to 2 instances, B and C
you set up a sync filter on a tag to not share anything tagged t1 to C
you share the data with distribution set to all communities
with t1 set
it reaches B
and B will happily share it with C
if they sync with each other
let me guess, if B doesnt have the same tag filter it will share it onward
yeah gotcha
Andras Iklody
so there are some tricky things
I guess once you share with B you can't really control onwards distribution
So you want to be trusting your sync partners, or only sharing TLPwhite / stuff you're happy could end up anywhere
good to know.
Andras Iklody
well you can
well, yes but if you don't use "All communities" misp itself will decrement the distribution. that's the simple part
Andras Iklody
using sharing groups
Community only is a good solution
(as long as you rely on the other party pulling rather than you pushing)
arr so if i say community only, it wouldnt onwards share with C
as C wouldnt be in my community, even though its in theirs
Thanks guys. Some good points and considerations i've noted to look into more
Andras Iklody
the community stuff is confusing
for all intents and puroses
replace the name "community" with server
yeah i've used instance as a MISP instance = MISP server
Andras Iklody
there is one caveat - main reason we call it a community
you can connect more than one server to act as a community
using the internal server sync setting
that blocks the downgrade of distribution levels during the sync
so community only on internal instance A will become community only on internal instance B
ok cool
Has anyone used the Crowdstrike integration module with their instance? I inputted my query API key and user, created a hash of a known file, and input it as an event. I have the IDS checked for the event, but I am not receiving any feedback from MISP or Crowdstrike that it sees the hash. Can anyone help?
Joao Paulo A. F.

Hello guys! I would like to know if someone could help me.

I am trying to integrate MISP with IDefense, from Accenture. Does anyone knows how to do that? Or anyone faced a similar integration?

๐™ข๐™ž๐™ก๐™–๐™ฃ๐™ฃ ๐™Ž๐™ƒ๐™๐™€๐™Ž๐™๐™ƒ๐˜ผ ๅคงไฟฎ
Heard about Recorded Future and MISP integration.
How can I add it as sync server with my instance, any insight ??

Hi All,

I am planing to subscribe MISP Project Open source threat intelligence.
Can anyone please share me the prerequisites or any technicals documents or any reference urls.

Hi! I'm trying to have MISP integrated with our AWS S3 through API. The issue is bulky metadata has not been received yet through API. Weโ€™re receiving data depend upon the particular (manually inputting) event id and collecting back passing from lambda function to S3. Can anyone share any reference or suggestions here?

Hi everybody,
I am having some issue with the synchronization between two misp instances.

Is it possible to:

  • create an event1 with an attribute1 on a MISP_A (done)
  • pull this event1 from the MISP_B (done)
  • add an attribute2 to this event1 on the MISP_B (done)
  • push this event1 back to the MISP_A (done)
  • see attribute1 and attribute2 in the event1 on the MISP_A (PROBLEM: we do not see the attribute2 in this event)

I have read on MISP/MISP#5570 that "A MISP server where an event originated (either by hand or API or import) will not accept changes made to that event by another MISP server. This is by design to avoid remote servers to mess with local data."

But is there no way at all to synchronize two MISP instances?

Andras Iklody
this is correct
MISP_A is blocking any changes
to events that were created there locally
it's the tamper protection


I am developing a project to implement the MISP and I would like to know if exist a suggestion of a minimum size setup to use MISP in production?
I believe that using a MISP-sizer should be the best option, but I can not understand about โ€œNumber of usersโ€ and โ€œnumber of attributesโ€. Anyone could help with this?
Number of users = should be people + integrated systems?
Number of attributes/Field values = ????

Abhinav Singh
@elmanoferrer you can proceed with a normal setup. Likewise I am doing going with an ubuntu 18.04 with default config we get in AWS , just added some more storage like from default 8 gb to 30gb. Misp works with minimal specifics..
Hey guys!
I'm totally new to MISP and so far - never used it. I want to get in touch with it and integrate it on several devices for cyber analysis. Since I'm a noob on this, can anyone say me how I install MISP on mac OS? Do I need to setup a VM for it to run? There are no forums or post about it on the web. I'm thankful for any links/readings/related stuff. Thank you guys in advance:)