MISP-LEA project started the first June 2023. It consists in an law enforcement agency information sharing community. It’s powered by MISP1 and AIL project2, two leading open source projects led by CIRCL.
Background
MISP, the leading open source project for threat intelligence and information sharing, is used by different actors in the cyber security field including CERTs/CSIRTs, SOCs and law enforcement agencies. MISP is used in different use-cases ranging from investigation, remediation, reporting and cross-border collaboration. Within this project a MISP instance is set up dedicated for law enforcement agencies. The instance is fed with threat intelligence data from CIRCL and Shadowserver. The intelligence provided includes threat intelligence from CSIRT/CERTs networks, OSINT networks, non-governmental organisations and other LEA. Training for law enforcement agencies is provided by CIRCL and Shadowserver.
Who is behind?
The MISP instance is hosted during the project at CIRCL and hosting will be continued after the project at CIRCL in a global sustainability program for law enforcement MISP communities. The project will serve as ground for having an EU-based open source software stack for information sharing in law enforcement agencies. MISP-LEA provides an efficient open source tool along with the intelligence to support pre-investigation to enhance crime reporting. This project is carried out by CIRCL and SHADOWSERVER. CIRCL is the coordinator.
FAQ
I already operate my own MISP instance; why should I connect to MISP ?
MISP-LEA is connected to multiple sharing communities, allowing you to discover which community might have more information on the data under investigation. Additionally, you can both pull and push data from/to your MISP instance.
Due to legal constraints we can only operated MISP-LEA in environments with no Internet connection or called airgapped systems.
As part of MISP-LEA, technical advice and software on setting up MISP in air-gapped environments are shared during the MISP-LEA events. Feel free to join one of these events to ask your questions, or alternatively, you can open issues at https://github.com/MISP/misp-airgap/ to explain your use cases.”
My MISP-instance is not connected to the Internet or I don’t have any MISP server.
No worries. You can connect to MISP-LEA, download the relevant data you are interested in either via the web interface or the API, and use it in other forensic tools.
Do you plan to maintain the MISP-LEA after the end of the EU funding?
Although the MISP-LEA project is co-funded by the European Union, with funding ending on 31/5/2025, CIRCL will continue the maintenance, operation and development of the MISP-LEA platform. Post-project, the upkeep of this equipment will transition to a global sustainability program led by CIRCL. This equipment will be utilized to host a dedicated MISP instance for the Law Enforcement Agency (LEA) community. The primary objective of the project is to bootstrap the community and initiate to information sharing practices. CIRCL will actively promote MISP-LEA within their existing sharing communities, such as ISACs, providing them with the opportunity for real-time data sharing with LEA. MISP-LEA serves as a sharing hub connecting various sharing communities with LEA organizations.
-
MISP is an open source threat intelligence and sharing platform. MISP is a complete platform and standard to collect, structure, model intelligence such as threat intelligene, cyberecurity intelligence, financial fraud, vulnerability information, digital forensic investigations… ↩
-
AIL Project is an open source framework to collect, crawl, dig and analyse unstructured data from different source including Tor. The framework can be used to find information leaks, intelligence, insights and much more. ↩