ATT&CK - MISP
By MISP Project
MISP and MITRE ATT&CK Transforms for Maltego
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:
- Querying a MISP instance for Events that include a given IOC
- Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
- Exploring further details from Galaxies and related Events
- Categorizing available related information within the MITRE ATT&CK framework
The Maltego MISP integration also permits visualisation of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.
Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page .
Please read the disclaimer before using these Transforms.
If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/
Typical Users of This Data
- Threat Intel Teams
- Security Analysts
- SOCs and CERTs
- Red Teams and Penetration Testers
- Incident Response
- Trust and Safety Teams
Pricing & Access
Pricing Tier: Free
Hub Type: Commercial Hub and Community Hub
Requirements: All Maltego editions
Access: Install directly from Transform Hub on Maltego Desktop Client
Reach out to us to learn more about this data integration and how to access it.
About MISP Project
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or evencounter-terrorism information.
MISP is a community-driven project lead by the community of users.
For more info, visit: https://www.misp-project.org/