Register for our upcoming webinar about corporate security! Cyber Meets Physical Security: Threat Assessment for Corporate Security with Prescient on Wednesday, April 03, 2024 at 17:30 CET. Register now! close
home Transform Hub data categories - Malware

ATT&CK - MISP

By MISP Project
Query MISP threat sharing instances and other MISP events, attributes, objects, tags, and galaxies.
ATT&CK - MISP integration in Maltego
Malware TTPs Incident Response Threat Hunting

MISP and MITRE ATT&CK Transforms for Maltego

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:

  • Querying a MISP instance for Events that include a given IOC
  • Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
  • Exploring further details from Galaxies and related Events
  • Categorizing available related information within the MITRE ATT&CK framework

The Maltego MISP integration also permits visualisation of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.

Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page.

Please read the disclaimer before using these Transforms.

If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/

Typical Users of This Data

  • Threat Intel Teams
  • Security Analysts
  • SOCs and CERTs
  • Red Teams and Penetration Testers
  • Incident Response
  • Trust and Safety Teams

alt MISP and MITRE ATT&CK Transforms for Maltego

Pricing & Access

Community Hub

Available for users with Maltego CE.

  • Free (API Key Required): Sign up for a free API key here.

Commercial Hub

Users with Maltego One have the following access or purchase options:

  • Free (API Key Required): Sign up for a free API key here.

Contact


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About MISP Project

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or evencounter-terrorism information.

MISP is a community-driven project lead by the community of users.

For more info, visit https://www.misp-project.org/.

Pick the right product and get started.