Free MISP feed · MISP OSINT feed
See PrecisionSec's threat classification inside your own MISP, free
You'll find it in MISP's default feed list as the PrecisionSec MISP OSINT feed. Enable it and you'll start pulling curated, pre-classified domains, URLs and C2 indicators straight into your instance, no CSV import and no custom parser to write.
What you're pulling is a subset of PrecisionSec's premium feed: ClickFix coverage, delayed 30 days, with a rolling 30-day window of indicators.
Bundled with MISP · no signup required

This is what lands in your instance: classified events, not a raw indicator dump.
What you get
Curated indicators, ready to pull
- A free subset of PrecisionSec's premium feed, bundled right in MISP
- No CSV import and no custom parser to write
- Curated domains, URLs and C2 indicators from active threat infrastructure
- Pre-classified events with malware-family context, not raw indicator dumps
- A rolling 30-day indicator window, delayed by 30 days from the premium feed
- Free access for MISP teams evaluating PrecisionSec data quality
How it works
Enable it from the MISP feed list
- Open your MISP instance and go to Sync Actions → Feeds
- Find PrecisionSec MISP OSINT feed in the feed list
- Enable the feed, fetch events, and pull curated indicators into your instance
Why free?
Evaluate PrecisionSec OSINT data inside your own MISP instance
You get a low-friction way to evaluate PrecisionSec intelligence right inside your own instance: curated indicators and pre-classified events, no CSV import workflow. It's a rolling 30-day subset of the premium feed, delayed by 30 days.
The full PrecisionSec MISP integration goes deeper: current, full-coverage intelligence across every malware family we track, MISP Galaxies and Objects, infrastructure-to-sample relationships, campaign context and MITRE ATT&CK mapping. When you're ready for full coverage, start a MISP feeds evaluation below.
Setup in MISP
Enable the PrecisionSec MISP OSINT feed
The free feed is bundled with MISP, so there is no signup form and no feed URL to request. Open your MISP instance, go to Sync Actions → Feeds, search for PrecisionSec MISP OSINT feed, enable it, and fetch events.
Once enabled, the feed pulls curated, pre-classified indicators into your MISP instance in the native feed workflow. The bundled feed is a 30-day delayed subset of the premium feed and contains a rolling 30-day indicator window.
- Feed name
- PrecisionSec MISP OSINT feed
- Location
- MISP → Sync Actions → Feeds
- Access
- Bundled with MISP, no signup required
- Coverage
- Premium-feed subset, delayed 30 days
- Window
- Rolling 30 days of indicators
- Format
- Native MISP feed
Ready for full coverage?
Evaluate the full, premium feed
Tell us how your team uses MISP for threat intelligence sharing and correlation. You'll get an evaluation of PrecisionSec's full, premium MISP feed: live curated indicators across every malware family we track, plus MISP Galaxy and Object correlation and MITRE ATT&CK mapping.
Want full MISP coverage?
The bundled MISP OSINT feed is a free, 30-day delayed subset with a rolling 30-day window. The full MISP integration adds current coverage for every malware family we track, plus MISP Galaxy and Object correlation and MITRE ATT&CK mapping on every event.