MISP Galaxy

Machine-readable knowledge base of threat intelligence clusters (threat actors, malware families, attack patterns, tools) that attach to MISP events and attributes. Provides standardized JSON-based taxonomies including MITRE ATT&CK (1,242 patterns), Malpedia (3,596 malware entries), and dozens of other security-relevant classification systems.

Evaluated Mar 08, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Security misp threat-intelligence mitre-attack threat-actors malware cve stix taxonomy cyber-security
⚙ Agent Friendliness
51
/ 100
Can an agent use this?
🔒 Security
58
/ 100
Is it safe for agents?
⚡ Reliability
69
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
70
Error Messages
35
Auth Simplicity
95
Rate Limits
90

🔒 Security

TLS Enforcement
60
Auth Strength
50
Scope Granularity
30
Dep. Hygiene
75
Secret Handling
80

Public data repository. No authentication or secrets needed. Ironically, this threat intelligence database has minimal security concerns itself — it is open data.

⚡ Reliability

Uptime/SLA
70
Version Stability
80
Breaking Changes
75
Error Recovery
50
AF Security Reliability

Best When

You need a comprehensive, community-maintained, machine-readable threat intelligence knowledge base for enriching security events, building detection rules, or feeding threat intel into analysis pipelines.

Avoid When

You need real-time threat feeds, proprietary intelligence, or a turnkey threat intel platform rather than raw structured data.

Use Cases

  • Enriching MISP threat intelligence events with standardized threat actor and malware classifications
  • Querying structured threat intelligence data (ATT&CK techniques, adversary groups) from JSON files
  • Building security tools that reference canonical threat intelligence taxonomies
  • Cross-referencing indicators with known threat actor profiles and attack patterns

Not For

  • Real-time threat detection or SIEM alerting
  • Zero-day or proprietary intelligence (covers known/documented threats only)
  • Non-MISP platforms without custom integration work
  • Automated incident response (data source, not action engine)

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Public data repository. No authentication needed. JSON files consumed directly from git or misp-galaxy.org.

Pricing

Model: free
Free tier: Yes
Requires CC: No

Community-maintained open data under a permissive license.

Agent Metadata

Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • No API — data consumed as raw JSON files from git repository; agents must parse directly
  • Repository is 50MB+ — clone or fetch specific cluster files rather than full checkout
  • Cluster completeness varies widely — some categories have 4 entries, others have 5,953
  • No MCP server — would need custom wrapper to expose via MCP
  • Schema validation scripts require Python and jq

Alternatives

mitre-attack-navigator stix-taxii opencti

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for MISP Galaxy.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-08.

6961
Packages Evaluated
25669
Need Evaluation
173
Need Re-evaluation
Community Powered