MISP Integration [GOT CREATED]

Since there is an integration with TheHive and Cortex it will be good to have a MISP Integration to send events directly to this service.

MISP Project: GitHub - MISP/MISP: MISP (core software) - Open Source Threat Intelligence and Sharing Platform
MISP Python API: GitHub - MISP/PyMISP: Python library using the MISP Rest API

Hi @Bo_Wyatt , Would you please mention the use case you are interested in? to make sure it is covered when we create the node. Don’t forget to upvote your feature request. Thanks.


For example, creating events based on a list of IPs. There should be an option to create Attributes and add those attributes to the Event. Attributes could be a Network activity, Payload delivery, Antivirus detection, etc. Also there has to be a way to tag attributes and events based on a list of tags (provided by MISP and it’s API).

Basically since there is support for TheHive and Cortex Nodes, we can creates events based on the results from a Cortex analyzer for example and create attributes based on that.

1 Like

Got released with [email protected]

That’s so awesome! I forgot that I requested this integration, i’ll look into it. Great job folks!

1 Like

@Bo_Wyatt would be great to hear whether it covers your use cases.

Hello. My apologies for not testing out this integration.

I’m currently creating a Workflow using this Node so I’ll be reporting any issues if found.


1 Like


I’ve been using the integration and I have some issues.

I can only create attributes with this 3 types Text, URL or Comment but I need more types in order to MISP to clearly identify the attribute.
For example, the MISP documentation lists more types: MISP data models - MISP core format - MISP taxonomies

Useful ones for case uses would be:

  • ip-src
  • ip-dst
  • email-src
  • email-subject
  • email-attachment
  • filename
  • filename|md5