MISP Threat Landscape Analysis

v20260426

analyzing-threat-landscape-with-misp

Use PyMISP to query MISP events, IOC distributions, galaxy clusters, and tag trends so analysts can generate threat landscape reports with top actors, malware families, MITRE techniques, and temporal insights.

MISP Threat Intelligence PyMISP IOC Analysis MITRE ATT&CK Threat Actors Security Monitoring

Get Skill

293 downloads

Overview

Analyzing Threat Landscape with MISP

When to Use

When investigating security incidents that require analyzing threat landscape with misp
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques

Prerequisites

Familiarity with threat intelligence concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Instructions

Install dependencies: pip install pymisp
Configure MISP URL and API key.
Run the agent to generate threat landscape analysis:
- Pull event statistics by threat level and date range
- Analyze attribute type distributions (IP, domain, hash, URL)
- Identify top MITRE ATT&CK techniques from event tags
- Track threat actor activity via galaxy clusters
- Generate temporal trend analysis of IOC submissions

python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json

Examples

Threat Landscape Summary

Period: Last 90 days
Events analyzed: 1,247
Top threat level: High (43%)
Top attribute type: ip-dst (31%), domain (22%), sha256 (18%)
Top MITRE technique: T1566 Phishing (89 events)
Top threat actor: APT28 (34 events)

Info

Category Development

Name analyzing-threat-landscape-with-misp

Version v20260426

Size 8.59KB

Source mukul975/Anthropic-Cybersecurity-Skills

Updated At 2026-05-10