MISP API sorcery workshop
2025-10-24 , Hollenfels

MISP is heavily used by a long list of communities to ingest, share and collaborate on threat intelligence, but its most powerful aspect, it's flexible API, goes under utilised by many of its users.

This workshop aims to walk you through the various ways in which automation can make your life easier, both in producing and ingesting threat intelligence.

Bring your laptop along and if possible, have a MISP installation available locally, as we'll also be tackling modifications to the system!


The workshop aims to walk participants through the various different API techniques that can be used in MISP both to create and to extract information from the system.

Participants will learn to create and enhance information in MISP as well as follow a deep dive into techniques for extracting accurately filtered sub-sets of the information.

We will also take a small detour on how to develop your own integration to cover whatever format MISP doesn't handle by default - either by building a new export modules or, if time permits it, by relying on the workflow system of MISP.

Andras Iklody works at CIRCL as a software engineer and has been leading the development of the MISP core since early 2013. He is a firm believer that there are no problems that cannot be tackled by building the right tool.