The Polarity - MISP integration(s) enable a user to have an immediate understanding of their threat landscape when looking at indicators. Polarity has two integrations with MISP, 1 that enables a user to see the threat information on indicators and one to bulk submit indicators to MISP, enabling security analysts across teams to contribute and gain immediate awareness. Polarity - MISP - provides context around indicators in MISP. Polarity -MISP IOC Submission - enables analysts to bulk submit IOCs to MISP.

MISP Solutions

Security Operations, Threat Hunting, Incident Response

Configuring MISP

This integration requires you to complete a few extra steps in order to use it.

In order to use the Polarity - MISP integrations, instance URL and an API Key are required.

Both MISP and the MISP IOC submission integrations require the same configuration options.

Configuration Options

Indicator Types - IPs, Emails, Hashes, Domains

Url - The URL for your MISP server which should include the schema (i.e., http, https) and port if required.

API Key - API Key for the provided user. To create an API key within MISP, please navigate settings and create a Polarity API account.

Enable Adding Tags - If selected, users can add tags to an event in MISP.

Enable Removing Tags - If selected, users can remove tags from an event in MISP.

Allow IOC Deletion - If selected, analysts running the IOC Submission integration can delete indicators from Threatstream.