Get Started with Maltego
Please share your contact information for a personalized session.
Thank you!
We will contact you soon.
In the meantime, check out our product overview
to learn more about the Maltego platform.
ATT&CK - MISP
By MISP Project
Query MISP threat sharing instances and other MISP events, attributes, objects, tags, and galaxies.
MISP and MITRE ATT&CK Transforms for Maltego
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.
With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, and browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:
- Querying a MISP instance for Events that include a given IOC
- Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
- Exploring further details from Galaxies and related Events
- Categorizing available related information within the MITRE ATT&CK framework
The Maltego MISP integration also permits visualization of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.
Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page.
If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/
Typical Users of This Data
- Threat Intel Teams
- Security Analysts
- SOCs and CERTs
- Red Teams and Penetration Testers
- Incident Response
- Trust and Safety Teams
Resources
Terms and Conditions
Learn more about the Terms and Conditions of ATT&CK - MISP at: Terms and Conditions
About MISP Project
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or evencounter-terrorism information.
MISP is a community-driven project lead by the community of users.
For more info, visit https://www.misp-project.org/.