MISP Communities

MISP is an open source software and it’s also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide. The MISP project doesn’t maintain an exhaustive list of all communities relying on MISP especially that some communities use MISP internally or privately.

Known Existing Communities

Each communities might have specific rules to join them. Take a look and feel free to contact the respective communities that fit your organization. Some of existing public communities might be interconnected and some might be in an island mode. By running MISP, these communities usually allow their members to connect using the MISP API, MISP user-interface or even to synchronize your MISP instance with their communities. If you want to add your MISP community in the list,don’t hesitate to contact us.

CIRCL MISP Community

CIRCL operates a fairly large MISP community (more than 500 organizations are members) mainly targeting private organizations, companies, financial organizations or IT security companies. For more information and how to join this community.

CiviCERT MISP Community

CiviCERT is an umbrella organizations formed by the partnership between Internet Content and Service Providers, Non Governmental Organizations and individuals that contribute some of their time and resources to the community in order to globally improve the security awareness of civil society. The community is fairly new but uses MISP into inform its constituents of malicious activities in their infrastructure.

Fidelis malware/RAT Community

Fidelis Barncat™ Intelligence Database includes more than 100,000 records with remote access tool (RAT) configuration settings. You can apply for access at the following location.

NATO MISP Community

The NATO Communications and Information (NCI) Agency operates a MISP community, for more information.

MISP Feed Communities

MISP integrates a functionality called feed that allows to fetch directly MISP events from a server without prior agreement. Two OSINT feeds are included by default in MISP and can be enabled in any new installation. Providers and partners can provide easily their feeds by using the simple PyMISP feed-generator. For more information, an article about “Using open source intelligence feeds, OSINT, with MISP”.


CIRCL provides a MISP OSINT feed from various sources including their own analysis.

MISP URL location is https://www.circl.lu/doc/misp/feed-osint.

Botvrij.eu OSINT feed

Botvrij.eu provides a MISP OSINT feed out of public report.

MISP URL location is http://www.botvrij.eu/data/feed-osint.