Skip to content

MISP User Training

MISP is the de facto standard in cyber threat intelligence sharing. Organisations large and small, public and private, leverage it to share CTI ranging from IOCs to strategic information.

Together with TMBC, Steel Wing developed and delivers a one day MISP user training, enabling your analysts to kickstart your threat intel storage, correlation and sharing. This allows your organisation to tap into the vast amount of intelligence that’s out there, as well as transforming your standalone incidents into an organisational body of knowledge.

What will you learn?

Participants will learn about:

  • MISP’s data model
  • How to properly create rich events, that can be used to:
    • Feed your SIEM/IDS/IPS
    • Correlate incidents with historical and ongoing events
    • Generate timelines and event graphs for human consumption
    • Aggregation for statistical purposes
    • In short: use cases that are useful on technical, tactical and strategic levels
  • Retrieving your information in smart ways
  • Sharing your intelligence with other organisations

Who should attend?

MISP is in widespread use by CERT, CSIRT and SOC teams. Members of those type of teams should attend this training to learn how to work with MISP. This training is aimed at using the MISP platform. It does not focus on installing and/or administering the platform.


The MISP user training is delivered both as a public training and as an in-company training. The next public training will be held the 5th of July, 2024.

The costs are €1100,- ex taxes per participant. This includes course materials and access to the lab environment.

Course materials are in English, the training can be delivered in Dutch or English.


Participants should bring a laptop. Ideally, participants have one or more of their organisation’s own incidents to model. If this is not possible, examples are provided by us.

Let’s do it!

Do you need more information or do you want to plan a training? Send us an email at