STAXX vs MISP - integration with SIEM


#1

Hi Team,

Can someone please help me in choosing the correct product? I am specifically looking for MISP and STAXX. We do collect out own proprietary feeds as well as OSINT and wanted those to be then integrated with SIEM like splunk, ELK based, Apache Metron and many other commercials like Qradar, acSight, etc.

So looking at this one which one should I go for STAXX as in community version or full blown MISP?

Please suggest
Blason R


#2

Hi Blason,

Those are fairly advanced requirements and I’d probably point you towards the Anomali Threat Platform.

STAXX is our free to use STIX/TAXII client, and whilst it’s great for consolidating OSINT feeds (e.g. through our Limo feed) with other STIX feeds it’s not designed to provide those integrations with the SIEMs you refer to. MISP is an open source TIP that has a number of strengths but is not commercially supported.

Take a look at https://www.anomali.com/platform and for more information please contact us - click the “Request a demo” link or via info@anomali.com. We’d be happy to walk you through the pros and cons of each platform in more detail.

Cheers,
Niall