Using the MISP Platform to Collect Incident Data

Cyberthreat awareness and the timely exchange of threat intelligence among stakeholders are critical components of effective cybersecurity. However, despite ongoing efforts to strengthen cyber defenses, many countries continue to face significant challenges in facilitating the rapid and efficient sharing of relevant threat data. This deficiency often leads to severe consequences, including financial losses, reputational damage, and even threats to national security. This study investigates the feasibility of establishing an effective platform for cyberthreat data sharing, with a particular focus on organizations and insti- tutions that lack access to costly commercial threat intelligence solutions. The proposed approach leverages open-source tools, such as the Malware Information Sharing Platform (MISP), to provide a cost-effective and scalable solution for threat informa- tion exchange. The research presents a hybrid data collection model in which threat intelligence is aggregated through two primary methods: 1- manual input derived from structured reports and, 2- automated ingestion via scripts designed to process and sanitize raw threat data. This dual approach ensures both flexibility and efficiency in compiling actionable intelligence. The findings suggest that a freely available and user-friendly platform, such as MISP, can serve as a viable foundation for structured cyberthreat information sharing among stakeholders. By improving the accessibility and reliability of threat data, such a system can enhance incident response capabilities and support the implementation of proactive cybersecurity measures.