View MISP Feeds

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • View the MISP Feeds that are configured in the base system.

    Before you begin

    Role required: sn_sec_tisc.analyst

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Click on Integrations icon.
    3. Select MISP.
      The MISP feeds within the base system are described in the following table.
      Threat Feed Description URL
      DigitalSide Threat Intel OSINT Feed Data source to fetch Open Source Cyber Threat Intelligence information from DigitalSide Threat-Intel OSINT feed, which is mostly based on malware analysis and compromised URLs, IPs and domains. https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/manifest.json
      URLhaus IOCs URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution. https://urlhaus.abuse.ch/downloads/misp/manifest.json
      Malware Bazaar MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers. https://bazaar.abuse.ch/downloads/misp/manifest.json
      ThreatFox IOCs ThreatFox is a free platform from abuse.ch with the goal of sharing indicators of compromise (IOCs) associated with malware with the infosec community, AV vendors and threat intelligence providers. https://threatfox.abuse.ch/downloads/misp/manifest.json
    4. Click Edit to edit the feed.