This guide introduces MISP, the open source threat intelligence sharing platform. It is intended for ICT professionals such as security analysts, incident responders, and malware reverse engineers who share threat intelligence with MISP or integrate MISP into other security monitoring tools. The guide covers day-to-day use of the MISP graphical user interface together with its automated interfaces (API) so that teams can integrate MISP into their security environment and operate one or more MISP instances.

The MISP user guide is a collaborative effort involving contributors to MISP, including:

• Belgian Ministry of Defence (CERT)
• CIRCL Computer Incident Response Center Luxembourg
• Iklody IT Solutions
• NATO NCIRC
• Cthulhu Solutions
• CERT-EU

and many other contributors, especially those who participated in the MISP hackathons.

We welcome contributions to the MISP book. If you want to contribute, see our contributing guide.

The MISP book is available in HTML, PDF, ePub, and Kindle mobi format.

The MISP user guide is dual-licensed under GNU Affero General Public License version 3 and CC-BY-SA 4.0 international.

• Copyright (C) 2012 Christophe Vandeplas
• Copyright (C) 2012 Belgian Defence
• Copyright (C) 2012 NATO / NCIRC
• Copyright (C) 2013-2021 Andras Iklody
• Copyright (C) 2015-2022 Alexandre Dulaunoy
• Copyright (C) 2014-2022 CIRCL - Computer Incident Response Center Luxembourg
• Copyright (C) 2018 Camille Schneider
• Copyright (C) 2018-2022 Steve Clement
• Copyright (C) 2021 Jeroen Pinoy