Updated 1 month ago by TruSTAR

This document explains how to set up and use the MISP premium intelligence source in the TruSTAR platform.

MISP is a threat intelligence platform for gathering, sharing, storing and correlating IOCs from targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Time to Install: 10 minutes

Observables Supported


  • Your MISP Server URL
  • MISP Authentication Key
  • Versions supported: 2.4.93 - 2.4.127
TruSTAR Admin rights are required to activate this Premium Intel feed.

Getting Started

After you have retrieved your MISP URL and Auth Keys follow these steps:

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Click Premium Intel to view the feeds available.
  4. Click Subscribe on the MISP box.
  5. Enter your MISP API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the MISP Enclave using this format.



Report External Id

Event UUID

Report Body

Entire Event Content

Report Tags

Event Tags

Report Update

If an event with the same UUID is observed, the existing report is updated by replacing it with the updated content.

Known Issues

No reported issues.

Please cotanct support@trustar.co if you have issues with this integration.

How Did We Do?