The MISP threat intelligence sharing platform is a free and open-source software used to gather, share, store and correlate indicators of compromise, threat intelligence, and more. This reputable and powerful tool is used by thousands of organizations worldwide and has many helpful, active communities. The platform is feature-rich and boasts the following (and more) capabilities and options:

• “An efficient IoC and indicators database allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
• Automatic correlation finding relationships between attributes and indicators from malware, attacks campaigns or analysis.
• A flexible data model where complex objects can be expressed and linked together to express threat intelligence, incidents or connected elements.
• Built-in sharing functionality to ease data sharing using different model of distributions.
• Export: generating IDS (Suricata, Snort and Bro are supported by default), OpenIOC, plain text, CSV, MISP XML or JSON output to integrate with other systems (network IDS, host IDS, custom tools)
• Import: bulk-import, batch-import, free-text import, import from OpenIOC, GFI sandbox, ThreatConnect CSV or MISP format.
• Feed import: flexible tool to import and integrate MISP feed and any threatintel or OSINT feed from third parties. Many default feeds are included in standard MISP installation.
• Flexible API to integrate MISP with your own solutions.
• Adjustable taxonomy to classify and tag events following your own classification schemes or existing taxonomies.
• Intelligence vocabularies called MISP galaxy and bundled with existing threat actors, malware, RAT, ransomware or MITRE ATT&CK which can be easily linked with events in MISP.
• Expansion modules in Python to expand MISP with your own services or activate already available misp-modules.”