View MISP Feeds

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • View configured MISP feeds to monitor threat intelligence sources and verify feed status in your ServiceNow instance.

    Before you begin

    Role required: sn_sec_tisc.analyst

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Select the Integrations icon.
    3. Select MISP.
      The MISP feeds within the base system are described in this table.
      Threat Feed Description URL
      DigitalSide Threat Intel OSINT Feed Data source to fetch Open Source Cyberthreat Intelligence information from DigitalSide Threat-Intel OSINT feed, which is mostly based on malware analysis and compromised URLs, IPs and domains. https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/manifest.json
      URLhaus IOCs URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. https://urlhaus.abuse.ch/downloads/misp/manifest.json
      Malware Bazaar MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers. https://bazaar.abuse.ch/downloads/misp/manifest.json
      ThreatFox IOCs ThreatFox is a free platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers. https://threatfox.abuse.ch/downloads/misp/manifest.json
      Note:

      Only REST endpoint URLs ending with [/manifest.json] are supported for MISP feed types.

    4. Select Edit to edit the feed and make necessary updates.
    5. Select Save to apply the changes.