ATT&CK - MISP
By MISP Project
Query MISP threat sharing instances and other MISP events, attributes, objects, tags, and galaxies.
MISP and MITRE ATT&CK Transforms for Maltego
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:
- Querying a MISP instance for Events that include a given IOC
- Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
- Exploring further details from Galaxies and related Events
- Categorizing available related information within the MITRE ATT&CK framework
The Maltego MISP integration also permits visualisation of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.
Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page.
Please read the disclaimer before using these Transforms.
If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/
Typical Users of This Data
- Threat Intel Teams
- Security Analysts
- SOCs and CERTs
- Red Teams and Penetration Testers
- Incident Response
- Trust and Safety Teams
About MISP Project
MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or evencounter-terrorism information.
MISP is a community-driven project lead by the community of users.
For more info, visit: https://www.misp-project.org/