MISP enrichment module
Enrich MISP attributes with malware-focused infrastructure context
Add passive DNS relationships, malware hashes, detected URLs and malware-family context to domains and IPs directly from MISP enrichment and hover workflows — without leaving your instance.
What the module adds
Enrichment context for investigations and pivots
Use the module from MISP enrichment and hover workflows to add context around suspicious infrastructure. Results are returned as MISP-native objects so analysts can correlate indicators, malware samples and related infrastructure without leaving MISP.
- Passive DNS relationships for domains and IP addresses
- Communicating malware samples, including hashes for pivoting and correlation
- Detected URLs associated with enriched IP infrastructure
- Malware-family context represented as MISP objects and relationships
Setup flow
Built for the distributed MISP module
This page is specifically for the PrecisionSec enrichment module shipped with MISP modules. If you are looking for PrecisionSec MISP feed delivery instead, visit the MISP feeds integration page.
- Install or enable the PrecisionSec expansion module in MISP.
- Add your PrecisionSec API key to the module configuration.
- Enrich supported domain, ip-src, and ip-dst attributes from MISP.
Request access
Get a MISP enrichment API key
Tell us about your MISP instance and we’ll follow up within one business day with an evaluation API key and setup instructions.
This request is for the enrichment module API — if you’re looking for MISP feed delivery instead, see the MISP feeds page.