What is MISP?
The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.
A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.
This is a simple guide to installing the MISP platform on an Ubuntu VM. You can find the official MISP Ubuntu 18.04 installation guide here.
Step 0: Prerequisites
- Ubuntu 18.04 virtual machine
- Sudo user ‘misp’ to install MISP
Step 1: Update the Host
apt-get update && apt-get upgrade -y
Step 2: Install MISP from GitHub
Retreieve MISP from the GitHub repository.
wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh
Switch to the user misp and check the installer options first to make the best choice for your install
This command will install MISP Core
bash /tmp/INSTALL.sh -c
MISP is now installed and accessible through https://localhost:8443
Default Username: firstname.lastname@example.org
Default Password: admin
Once you import some feeds and generate your own data, the Events page looks like this.
Tasks To Do After First Login
- Change site Admin Password
- Add Active Feeds
- Setup Users
- MISP Administration
Last updated for accuracy: July 27, 2020.