Overview
MISP is a threat intelligence platform for sharing, storing, and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or even counter-terrorism information.
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies.
With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:
- Querying a MISP instance for Events that include a given IOC
- Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
- Exploring further details from Galaxies and related Events
- Categorizing available related information within the MITRE ATT&CK framework
It also permits visualization of the full MITRE ATT&CK framework, the MISP Galaxies, and much more.
For ATT&CK visualization no MISP API keys are required (leave empty). For more information check out https://www.misp-project.org/ , https://attack.mitre.org/.
This set of Transforms is open source and can be downloaded or be installed as Local Transform. More here: https://github.com/MISP/MISP-maltego.
Please read the disclaimer before using the Transforms: https://github.com/MISP/MISP-maltego/blob/master/TRANSFORM_HUB_DISCLAIMER.md.
If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/.
You can read more about ATT&CK - MISP Transforms for Maltego on our website here.
Pricing & Access
Community Hub
Available free to Maltego CE users (API Key Required): Sign up for a free API key here.
Commercial Hub
Available free to Maltego One users (API Key Required): Sign up for a free API key here.
To Objects
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Objects |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | EventToObjects |
| Short Description | |
| Input Entities | misp.MISPEvent |
| Output Entities | Phrase |
| Display Name | To Malware/Software/Tools |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | GalaxyToSoftware |
| Short Description | |
| Input Entities | misp.MISPGalaxy |
| Output Entities | Phrase |
To Attributes/Objects
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Attributes/Objects |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | EventToAttributes |
| Short Description | |
| Input Entities | misp.MISPEvent |
| Output Entities | Phrase |
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Tags |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | EventToTags |
| Short Description | |
| Input Entities | misp.MISPEvent |
| Output Entities | Phrase |
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Related Events |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | EventToRelations |
| Short Description | |
| Input Entities | misp.MISPEvent |
| Output Entities | Phrase |
Search in MISP
Description
Use % at the front/end for wildcard search.
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | Search in MISP |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | SearchInMISP |
| Short Description | Use % at the front/end for wildcard search. |
| Input Entities | maltego.Unknown |
| Output Entities | Phrase |
To Attributes
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Attributes |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | ObjectToAttributes |
| Short Description | |
| Input Entities | misp.MISPObject |
| Output Entities | Phrase |
To Galaxies / ATTACK
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Galaxies / ATTACK |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | EventToGalaxies |
| Short Description | |
| Input Entities | misp.MISPEvent |
| Output Entities | Phrase |
| Display Name | To Related Galaxies |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | GalaxyToRelations |
| Short Description | |
| Input Entities | misp.MISPGalaxy |
| Output Entities | Phrase |
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To Related Objects |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | ObjectToRelations |
| Short Description | |
| Input Entities | misp.MISPObject |
| Output Entities | Phrase |
To MISP Events
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To MISP Events |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | AttributeToEvent |
| Short Description | |
| Input Entities | maltego.Unknown |
| Output Entities | Phrase |
To All
Description
Expands an Event to Attributes, Objects, Tags, Galaxies
| mispkey | MISP Server API Key | string | your API key | True | True | False |
| mispurl | MISP Server URL | string | https:// | True | True | False |
| Display Name | To All |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | EventToAll |
| Short Description | Expands an Event to Attributes, Objects, Tags, Galaxies |
| Input Entities | misp.MISPEvent |
| Output Entities | Phrase |
To ThreatActors
| Display Name | To ThreatActors |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | GalaxyToThreatActor |
| Short Description | |
| Input Entities | misp.MISPGalaxy |
| Output Entities | Phrase |
To Attack Techniques
| Display Name | To Attack Techniques |
| Owner | Christophe Vandeplas |
| Author | christophe@vandeplas.com |
| Data Source | |
| Transform Name | GalaxyToAttackTechnique |
| Short Description | |
| Input Entities | misp.MISPGalaxy |
| Output Entities | Phrase |