MISP Engineering Bay is a collection of web-based authoring tools for the MISP threat intelligence sharing platform. It eliminates the need to manually craft and maintain the JSON files that define MISP’s core data structures.
The first release includes two tools:
- Object Template Creator — a guided editor for MISP object template definitions (definition.json). It provides real-time validation against MISP’s type system, searchable type/category lookups, and lets users browse, modify, or clone any of the 388+ existing templates.
- Galaxy Editor — a unified editor for MISP galaxy definitions and their cluster collections. It supports both simple galaxies and matrix-style kill chain galaxies (like ATT&CK), with a drag-and-drop matrix view for assigning clusters to kill chain phases across multiple scopes. Users can browse all 112+ existing
galaxies, load and modify them, and export the result as a zip ready to be merged into the misp-galaxy repository.
Both tools run as lightweight Python/Flask applications with no external dependencies beyond a Python virtual environment. They can operate in public mode (read-only authoring with zip/JSON export) or private mode (direct writes to the respective MISP submodule checkouts for maintainers).