MISP-LEA project started the first June 2023. It consists in an law enforcement agency information sharing community. It’s powered by MISP¹ and AIL project², two leading open source projects led by CIRCL.

Background

MISP, the leading open source project for threat intelligence and information sharing, is used by different actors in the cyber security field including CERTs/CSIRTs, SOCs and law enforcement agencies. MISP is used in different use-cases ranging from investigation, remediation, reporting and cross-border collaboration. Within this project a MISP instance is set up dedicated for law enforcement agencies. The instance is fed with threat intelligence data from CIRCL and Shadowserver. The intelligence provided includes threat intelligence from CSIRT/CERTs networks, OSINT networks, non-governmental organisations and other LEA. Training for law enforcement agencies is provided by CIRCL and Shadowserver.

Who is behind?

The MISP instance is hosted during the project at CIRCL and hosting will be continued after the project at CIRCL in a global sustainability program for law enforcement MISP communities. The project will serve as ground for having an EU-based open source software stack for information sharing in law enforcement agencies. MISP-LEA provides an efficient open source tool along with the intelligence to support pre-investigation to enhance crime reporting. This project is carried out by CIRCL and SHADOWSERVER. CIRCL is the coordinator.

Sustainability

Although the MISP-LEA project is co-funded by the European Union, with funding ending on 31/5/2025, CIRCL will continue the maintenance of the MISP-LEA platform. Post-project, the upkeep of this equipment will transition to a global sustainability program led by CIRCL. This equipment will be utilized to host a dedicated MISP instance for the Law Enforcement Agency (LEA) community. The primary objective of the project is to bootstrap the community and initiate to information sharing practices. CIRCL will actively promote MISP-LEA within their existing sharing communities, such as ISACs, providing them with the opportunity for real-time data sharing with LEA. MISP-LEA serves as a sharing hub connecting various sharing communities with LEA organizations.

1. MISP is an open source threat intelligence and sharing platform. MISP is a complete platform and standard to collect, structure, model intelligence such as threat intelligene, cyberecurity intelligence, financial fraud, vulnerability information, digital forensic investigations… ↩

2. AIL Project is an open source framework to collect, crawl, dig and analyse unstructured data from different source including Tor. The framework can be used to find information leaks, intelligence, insights and much more. ↩