I was looking at this a couple of weeks ago, and compared to some alternatives (e.g. opencti) it seemed a lot less polished. It was still easier to get running than Cortex though, at least for a basic look.
It isn't polished and is more involved but it is well supported both by products for integration and as a project by EU. It has a very flexible API as well. It lacks features paid platforms have like a builtin taxii server but it is like most OSS projects continually evolving and dependent on PRs.
It all depends on your requirements. I have seen industry wide orgs using a spreadsheet for sharing intel. And then you have theatconnect and SOAR's with builtin TIPs.
It's not for everyone but it is a good starting point. It you are trying to figure out how to best operationalize threat intel, use MISP. It will help you define what your requirements are at least. Setting it up and dealing with occasional issues can be a pain but that aisde works smoothly. Once you get it to help you define your threat intel program and pipeline you can decide if something else that costs six figures or is new to the market can get the job done and provides better value. Just my $0.02
badrabbit|4 years ago
It all depends on your requirements. I have seen industry wide orgs using a spreadsheet for sharing intel. And then you have theatconnect and SOAR's with builtin TIPs.
It's not for everyone but it is a good starting point. It you are trying to figure out how to best operationalize threat intel, use MISP. It will help you define what your requirements are at least. Setting it up and dealing with occasional issues can be a pain but that aisde works smoothly. Once you get it to help you define your threat intel program and pipeline you can decide if something else that costs six figures or is new to the market can get the job done and provides better value. Just my $0.02