2025-10-24 –, Hollenfels
MISP is heavily used by a long list of communities to ingest, share and collaborate on threat intelligence, but its most powerful aspect, it's flexible API, goes under utilised by many of its users.
This workshop aims to walk you through the various ways in which automation can make your life easier, both in producing and ingesting threat intelligence.
Bring your laptop along and if possible, have a MISP installation available locally, as we'll also be tackling modifications to the system!
The workshop aims to walk participants through the various different API techniques that can be used in MISP both to create and to extract information from the system.
Participants will learn to create and enhance information in MISP as well as follow a deep dive into techniques for extracting accurately filtered sub-sets of the information.
We will also take a small detour on how to develop your own integration to cover whatever format MISP doesn't handle by default - either by building a new export modules or, if time permits it, by relying on the workflow system of MISP.
Sami Mokaddem is a software developer who has been contributing to the
open-source community since 2016 in the fields of information sharing
and leak detection. He is working for CIRCL and is part of the MISP core
team where he develops and maintains the software as well as its related
tools.
Andras Iklody works at CIRCL as a software engineer and has been leading the development of the MISP core since early 2013. He is a firm believer that there are no problems that cannot be tackled by building the right tool.