MISP enrichment module

Enrich MISP attributes with malware-focused infrastructure context

Add passive DNS relationships, malware hashes, detected URLs and malware-family context to domains and IPs directly from MISP enrichment and hover workflows — without leaving your instance.

What the module adds

Enrichment context for investigations and pivots

Use the module from MISP enrichment and hover workflows to add context around suspicious infrastructure. Results are returned as MISP-native objects so analysts can correlate indicators, malware samples and related infrastructure without leaving MISP.

  • Passive DNS relationships for domains and IP addresses
  • Communicating malware samples, including hashes for pivoting and correlation
  • Detected URLs associated with enriched IP infrastructure
  • Malware-family context represented as MISP objects and relationships

Setup flow

Built for the distributed MISP module

This page is specifically for the PrecisionSec enrichment module shipped with MISP modules. If you are looking for PrecisionSec MISP feed delivery instead, visit the MISP feeds integration page.

  1. Install or enable the PrecisionSec expansion module in MISP.
  2. Add your PrecisionSec API key to the module configuration.
  3. Enrich supported domain, ip-src, and ip-dst attributes from MISP.

Request access

Get a MISP enrichment API key

Tell us about your MISP instance and we’ll follow up within one business day with an evaluation API key and setup instructions.

This request is for the enrichment module API — if you’re looking for MISP feed delivery instead, see the MISP feeds page.

Request a MISP API key