MISP Project’s Core Team Releases New Platform for Standardization
The MISP threat sharing platform is the leading free and open source threat intelligence platform. MISP supports and enables information sharing of a wide range of information related to threat intelligence, including, but not limited to, cyber security indicators, financial intelligence and any custom-defined intelligence between sharing communities. The MISP open source software is now a key component of the default toolchain of a wide range of organisations within the private sector, CSIRT/CERT community, military and intelligence sectors. The formats developed
over the past 8 years within the MISP project framework are now the de-facto standards which allow interoperability between many open source and proprietary tools in an effort to support security operations.
In order to preserve and foster the standard and its evolution, the MISP project has spun off a new structure called MISP-standard.org in July 2019, with the aim to standardise the format.
Alexandre Dulaunoy, security researcher at CIRCL (Computer Incident Response Center Luxembourg), said “Over the years, cyber security has evolved from a very isolated activity to a collaborative model where analysts and professionals must share and collaborate efficiently. We develop the MISP project in order to support such forms of collaboration, especially when it comes to sharing contextual information along with technical information. Nowadays, we have reached a level of stability within the MISP format which has elevated it to becoming a key element in interconnecting security devices, equipment, but also people in a wide range of sectors. In order to ease the integration and the longevity of the MISP format, we have spun off this new structure
(part of the MISP project) to support the MISP standards.”
Andras Iklody, lead developer of MISP at CIRCL (Computer Incident Response Center Luxembourg), said “The approach we have taken with the development of the MISP standards was to standardise on the model that we have been actively using ourselves and instead of planning ahead and trying to reach our destination, we have iteratively tried to improve on a minimalistic model. This has given us the opportunity to build standards that are entirely built on the actual requirements that emerged through incidents, interactions with partners and based on the identified shortcomings of our own tool-chains. One of the key advantages of this approach over developing a standard using a more committee based, traditional standards development approach was that through the immediate testing of any new modification was a natural side effect of it being immediately available through our tooling, quickly revealing mistakes we made in our design and allowing us to issue appropriate corrections before being locked into damaging decisions.”.
The MISP standards have come a long way since 2012 and are under constant improvement based on the challenges we, as sharing communities, are facing. The natural evolution of these standards will continue as they have done before. The MISP-standard.org structure is also open to welcoming on-board other efforts, exhausted of being bogged down by the endless formalised processes of standards bodies, in an effort to support them whilst working towards standardising specialised formats/protocols.
The MISP standards are already used in the three following softwares:
- Analysis of Information Leaks - AIL framwork (https://github.com/CIRCL/AIL-framework)
- Malware Information Sharing Platform - MISP Project (https://www.misp-project.org/https://www.misp-project.org/)
- The HIVE (https://thehive-project.org/)