ATT&CK - MISP

MISP and MITRE ATT&CK Transforms for Maltego

MISP is a threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, and browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:

• Querying a MISP instance for Events that include a given IOC
• Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
• Exploring further details from Galaxies and related Events
• Categorizing available related information within the MITRE ATT&CK framework

The Maltego MISP integration also permits visualization of the full MITRE ATT&CK framework. For ATT&CK visualization no MISP API keys are needed.

Note: This set of Transforms is open source and can be downloaded or installed as Local Transforms. More information is available on the project’s Github page.

If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/

Typical Users of This Data

• Threat Intel Teams
• Security Analysts
• SOCs and CERTs
• Red Teams and Penetration Testers
• Incident Response
• Trust and Safety Teams