Skill

analyzing-threat-landscape-with-misp

From asi

Analyzes threat landscape using MISP via PyMISP: queries event statistics, IOC attribute distributions, top threat actors/malware families, tag trends over time. Generates reports for SOC threat hunting.

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When investigating security incidents that require analyzing threat landscape with misp

SKILL.md

Similar Skills

analyzing-threat-landscape-with-misp

5.9k

Analyzes MISP data via PyMISP for threat landscape reports: event stats, IOC type breakdowns, top threat actors/malware, MITRE techniques, and temporal trends.

3 files

cybersecurity-skills

analyzing-threat-landscape-with-misp

Analyzes threat landscape from MISP using PyMISP: pulls events by threat level/date, computes IOC/attribute distributions, identifies top threat actors/MITRE techniques/galaxy clusters/tags, generates time-series reports.

3 files

cybersecurity-skills-zh

performing-threat-intelligence-sharing-with-misp

Uses PyMISP to create, enrich, and share threat intelligence events on MISP, managing IOCs, feeds, STIX exports, and community sharing. For security assessments and incident response.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Analyzing Threat Landscape with MISP

When to Use

When investigating security incidents that require analyzing threat landscape with misp

When building detection rules or threat hunting queries for this domain

When SOC analysts need structured procedures for this analysis type

When validating security monitoring coverage for related attack techniques

Prerequisites

Familiarity with threat intelligence concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Install dependencies: pip install pymisp

Configure MISP URL and API key.

Run the agent to generate threat landscape analysis:

Pull event statistics by threat level and date range
Analyze attribute type distributions (IP, domain, hash, URL)
Identify top MITRE ATT&CK techniques from event tags
Track threat actor activity via galaxy clusters
Generate temporal trend analysis of IOC submissions

python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json

Examples

Threat Landscape Summary

Period: Last 90 days Events analyzed: 1,247 Top threat level: High (43%) Top attribute type: ip-dst (31%), domain (22%), sha256 (18%) Top MITRE technique: T1566 Phishing (89 events) Top threat actor: APT28 (34 events)