MISP Workbench is an analyst-focused threat intelligence platform built to handle large-scale indicator data without the overhead of a full MISP deployment. It ingests feeds from multiple sources โ MISP instances, CSV, JSON, and freetext โ consolidates them into a unified OpenSearch-backed workspace, and gives analysts the tools to query, correlate, enrich, and hunt across the full corpus from one place.
Built for speed and practicality: run Lucene queries across millions of indicators, schedule recurring hunts for persistent monitoring, enrich IOCs via misp-modules, and push curated results back to MISP or downstream consumers โ all without writing one-off scripts or jumping between tools.
Docs: misp-workbench documentation
Demo instance: https://misp-workbench.circl.lu/ (request access to luciano.righetti@circl.lu)
Some ideas to work during this hackathon: