MISP Ubuntu 18.04 Installation Guide

What is MISP?

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

Installing MISP

This is a simple guide to installing the MISP platform on an Ubuntu VM. You can find the official MISP Ubuntu 18.04 installation guide here.

Step 0: Prerequisites

  • Ubuntu 18.04 virtual machine
  • Sudo user ‘misp’ to install MISP

Step 1: Update the Host

apt-get update && apt-get upgrade -y

Step 2: Install MISP from GitHub

Retreieve MISP from the GitHub repository.

wget -O /tmp/INSTALL.sh https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh

Switch to the user misp and check the installer options first to make the best choice for your install

bash /tmp/INSTALL.sh

This command will install MISP Core

bash /tmp/INSTALL.sh -c

MISP is now installed and accessible through https://localhost:8443

Default Username: admin@admin.test

Default Password: admin

Once you import some feeds and generate your own data, the Events page looks like this.

Tasks To Do After First Login

  • Change site Admin Password
  • Add Active Feeds
  • Setup Users
  • MISP Administration

Last updated for accuracy: July 27, 2020.