Open navigation

ATT&CK - MISP

Modified on: Mon, 8 Jul, 2024 at 4:21 PM

Overview

MISP is a threat intelligence platform for sharing, storing, and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information, or even counter-terrorism information.


MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies.


With MISP and MITRE ATT&CK Entities and Transforms, investigators may query data from a MISP Threat Sharing instance, browse through other MISP events, attributes, objects, tags, and galaxies. A typical workflow may involve:


  • Querying a MISP instance for Events that include a given IOC
  • Pivoting a MISP Event into its attributes, objects, tags, galaxies and/or related Events
  • Exploring further details from Galaxies and related Events
  • Categorizing available related information within the MITRE ATT&CK framework


It also permits visualization of the full MITRE ATT&CK framework, the MISP Galaxies, and much more.


For ATT&CK visualization no MISP API keys are required (leave empty). For more information check out https://www.misp-project.org/ , https://attack.mitre.org/.


This set of Transforms is open source and can be downloaded or be installed as Local Transform. More here:

https://github.com/MaltegoTech/misp-maltego.


If you are not yet a member of a MISP community, see: https://www.misp-project.org/communities/.


You can read more about ATT&CK - MISP Transforms for Maltego on our website here.


Pricing & Access

Community Hub

Available free to Maltego CE users (API Key Required): Sign up for a free API key here.


Commercial Hub

Available free to Maltego One users (API Key Required): Sign up for a free API key here.



ATT&CK - MISP Transform

To Objects

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Objects
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameEventToObjects
Short Description 
Input Entitiesmisp.MISPEvent
Output EntitiesPhrase

To Malware/Software/Tools

Transform Meta Info

InformationValue
Display NameTo Malware/Software/Tools
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameGalaxyToSoftware
Short Description 
Input Entitiesmisp.MISPGalaxy
Output EntitiesPhrase

To Attributes/Objects

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Attributes/Objects
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameEventToAttributes
Short Description 
Input Entitiesmisp.MISPEvent
Output EntitiesPhrase

To Tags

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Tags
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameEventToTags
Short Description 
Input Entitiesmisp.MISPEvent
Output EntitiesPhrase

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Related Events
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameEventToRelations
Short Description 
Input Entitiesmisp.MISPEvent
Output EntitiesPhrase

Search in MISP

Description

Use % at the front/end for wildcard search.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameSearch in MISP
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameSearchInMISP
Short DescriptionUse % at the front/end for wildcard search.
Input Entitiesmaltego.Unknown
Output EntitiesPhrase

To Attributes

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Attributes
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameObjectToAttributes
Short Description 
Input Entitiesmisp.MISPObject
Output EntitiesPhrase

To Galaxies / ATTACK

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Galaxies / ATTACK
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameEventToGalaxies
Short Description 
Input Entitiesmisp.MISPEvent
Output EntitiesPhrase

Transform Meta Info

InformationValue
Display NameTo Related Galaxies
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameGalaxyToRelations
Short Description 
Input Entitiesmisp.MISPGalaxy
Output EntitiesPhrase

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo Related Objects
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameObjectToRelations
Short Description 
Input Entitiesmisp.MISPObject
Output EntitiesPhrase

To MISP Events

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo MISP Events
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameAttributeToEvent
Short Description 
Input Entitiesmaltego.Unknown
Output EntitiesPhrase

To All

Description

Expands an Event to Attributes, Objects, Tags, Galaxies

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
mispkeyMISP Server API Keystringyour API keyTrueTrueFalse
mispurlMISP Server URLstringhttps://TrueTrueFalse

Transform Meta Info

InformationValue
Display NameTo All
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameEventToAll
Short DescriptionExpands an Event to Attributes, Objects, Tags, Galaxies
Input Entitiesmisp.MISPEvent
Output EntitiesPhrase

To ThreatActors

Transform Meta Info

InformationValue
Display NameTo ThreatActors
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameGalaxyToThreatActor
Short Description 
Input Entitiesmisp.MISPGalaxy
Output EntitiesPhrase

To Attack Techniques

Transform Meta Info

InformationValue
Display NameTo Attack Techniques
OwnerChristophe Vandeplas
Authorchristophe@vandeplas.com
Data Source 
Transform NameGalaxyToAttackTechnique
Short Description 
Input Entitiesmisp.MISPGalaxy
Output EntitiesPhrase


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.