Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium
search

MISP Threat Sharing

A MISP is an open-source platform for collecting, analysing and sharing cyber threat information in a structured manner in order to stand stronger together against cyber attacks.

Strengthen your organisation’s defences by connecting to Belgium’s national threat intelligence ecosystem

MISP Threat Sharing is an open-source platform for collecting, storing, analysing, and distributing threat intelligence. It enables organisations to share information about cyber threats in a structured, automated, and secure manner.

Why connect to the CCB MISP?

The Centre for Cybersecurity Belgium (CCB) operates a central MISP instance dedicated to protecting Belgian interests. By synchronising your server with ours, you gain access to high-fidelity, curated threat data originating from:

  • Structured Public Intelligence: We ingest and structure public reports, security blogs, and OSINT into MISP format, sharing them daily so they are immediately actionable for your security tools.
  • International Partners: Verified intelligence from our global network of CSIRTs and international security authorities.
  • Early Warnings: Strategic and tactical data to help you preemptively block malicious activity before it reaches your network.
  • National Incidents: Indicators of Compromise (IoCs) identified within the Belgian digital landscape.

Actionable Data for your Security Stack

The information we share is designed to be directly ingested by your SIEM, Firewalls, or EDR, including:

  • Indicators of Compromise (IoCs): Malicious IPs, domain names, URLs, and file hashes.
  • Phishing & Malware: Details on active campaigns targeting Belgian organisations.
  • TTPs: Insights into the tactics, techniques, and procedures used by known threat actors.
  • Vulnerabilities: Contextual information on critical CVEs. Detailed vulnerability alerts and security bulletins can also be found in our Advisories section.

Request a Connection

If your organisation already manages its own MISP instance, you can request to synchronise with the CCB server. This allows for an automated, real-time exchange of threat events.

Who is this for?

This service is available to:

  • Belgian organisations or those with a significant presence in Belgium.
  • Trusted security partners and international CSIRTs.

Please note: Every onboarding request is subject to internal verification. The CCB will perform the necessary checks to confirm eligibility and will always provide a formal response to your request.

How to get started:

  1. Preparation: Ensure you have an operational MISP server (version 2.4.x or higher recommended).
  2. Request: Send an email to info@ccb.belgium.be with the subject line: “MISP Onboarding Request”. In the body of your email, please clearly state your organisation’s name and its CBE number (Crossroads Bank for Enterprises).
  3. Onboarding: We will review your request and guide you through the synchronisation process, including the exchange of Auth keys and server sync credentials.
More information about setting up your own MISP server