AusMISP 

Why it's important

The AusCERT MISP service provides members with threat indicators acquired from trusted communities and organisations. It includes AusCERT’s examination of captured malware and other threat samples, as well as dependable third-party sources and members.  

You will be able to receive and share timely and relevant cyber threat intelligence, including indicators of compromise, attack patterns, and other cyber security-related data. This collaborative intelligence enhances your cyber security posture and helps members better defend against cyber threats and attacks.  

What's included

• Members who opt into AusMISP will be given access to our MISP instance, which is a shared feed of curated threat intelligence, including the ACSC CTIS (Cyber Threat Intelligence Sharing) data.  
• Members can utilise the provided threat indicators to enhance network security by integrating these into defensive controls like SIEMs, firewalls, IDS/IPS, ACLs, web proxies, and mail filters. Access is provided through a web interface or API.  
• AusMISP enables the sharing of diverse security-related data from members. This includes a comprehensive database that stores both technical and non-technical information about malware, incidents, attackers, and intelligence, such as:  
  • Indicators of Compromise (IOCs) 
  • Indicators of Attack (IOAs)  
  • Threat actor information  
  • Network intrusion data  
  • Vulnerabilities  
  • Malware characteristics  
  • Threat intelligence  
  • Phishing data  
  • Financial fraud information.  

• AusMISP can help you identify relationships between attributes and indicators from malware, previous attack campaigns, or analysis through its correlation engine.  This aids in connecting campaigns and understanding the techniques used in incidents.  
• Higher education members are instead provided with a sector specific AHECS-ISAC, which includes AusMISP data and additional threat indicators relevant to the higher education industry.