About MISP Integration

This topic explains how the malware information sharing platform (MISP) integrates with TheHive.

Upgrading MISP from 2.4.x to 2.5.x

If you have upgraded MISP from version 2.4.x to 2.5.x, ensure that you update the database configuration in MISP to avoid potential issues.

What's MISP?

MISP is an open-source threat intelligence platform designed to improve the sharing of structured threat information. This includes indicators of compromise (IOCs), tactics, techniques, procedures (TTPs), and other relevant data.

MISP enables organizations to share, store, and correlate security information to enhance their cybersecurity efforts and collaborate with other organizations or threat intelligence communities.

Connections with TheHive

TheHive integrates with MISP in several ways:

• Default import of MISP taxonomies during TheHive installation
• Automatic connections to retrieve events from one or more MISP servers and convert them into alerts in TheHive
• Manual import of MISP events into TheHive as cases
• Manual export of cases to MISP as events for sharing observables marked as IOCs with the community

Permissions

Required permissions

Only users with an admin-type profile that has the managePlatform permission can manage MISP server connections in TheHive.

Next steps

• Connect a MISP Server
• Delete a MISP Server Connection