performing-threat-intelligence-sharing-with-misp
CommunityAutomate threat intel sharing on MISP with PyMISP.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Sharing threat intelligence across teams and tools is often manual, inconsistent, and slow. This skill automates creating, enriching, and distributing threat intelligence events on a MISP platform using PyMISP, enabling structured IOC management, feed integration, STIX export, and community sharing workflows.
Core Features & Use Cases
- Create MISP events with indicators such as IPs, domains, file hashes, and URLs; enrich events with MITRE ATT&CK tags; and manage distribution and sharing groups
- Integrate threat intelligence feeds and export events in STIX 2.1 format for interoperability with other platforms
- Support OSINT investigations, incident response workflows, scheduled testing, and security assessments requiring scalable threat intel sharing
- Validate sharing configurations and ensure proper tagging and distribution levels
Quick Start
Configure your MISP instance and run the agent to start creating events, enriching IOCs, and sharing intelligence.
Dependency Matrix
Required Modules
pymisp
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: performing-threat-intelligence-sharing-with-misp Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#performing-threat-intelligence-sharing-with-misp Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.