analyzing-threat-landscape-with-misp

Analyze the threat landscape using MISP (Malware Information Sharing Platform) by querying event statistics, attribute distributions, threat actor galaxy clusters, and tag trends over time. Uses PyMISP to pull event data, compute IOC type breakdowns, identify top threat actors and malware families, and generate threat landscape reports with temporal trends.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "analyzing-threat-landscape-with-misp" with this command: npx skills add mukul975/anthropic-cybersecurity-skills/mukul975-anthropic-cybersecurity-skills-analyzing-threat-landscape-with-misp

Instructions

  1. Install dependencies: pip install pymisp
  2. Configure MISP URL and API key.
  3. Run the agent to generate threat landscape analysis:
    • Pull event statistics by threat level and date range
    • Analyze attribute type distributions (IP, domain, hash, URL)
    • Identify top MITRE ATT&CK techniques from event tags
    • Track threat actor activity via galaxy clusters
    • Generate temporal trend analysis of IOC submissions
python scripts/agent.py --misp-url https://misp.local --api-key YOUR_KEY --days 90 --output landscape_report.json

Examples

Threat Landscape Summary

Period: Last 90 days
Events analyzed: 1,247
Top threat level: High (43%)
Top attribute type: ip-dst (31%), domain (22%), sha256 (18%)
Top MITRE technique: T1566 Phishing (89 events)
Top threat actor: APT28 (34 events)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

analyzing-android-malware-with-apktool

No summary provided by upstream source.

Repository SourceNeeds Review
10-mukul975
Security

analyzing-cyber-kill-chain

No summary provided by upstream source.

Repository SourceNeeds Review
10-mukul975
Security

analyzing-certificate-transparency-for-phishing

No summary provided by upstream source.

Repository SourceNeeds Review
9-mukul975
Security

analyzing-network-traffic-with-wireshark

No summary provided by upstream source.

Repository SourceNeeds Review
9-mukul975