Getting started with MISP integration for Security Operations
- UpdatedJul 31, 2025
- 2 minutes to read
- Zurich
- Threat Integration
Review the following information before you set up your MISP integration for Security Operations.
| Setup task | Description |
|---|---|
| Verify that you have assigned the required ServiceNow AI Platform, Threat Intelligence, and Security Incident Response roles. | The following roles are used across the MISP features on the ServiceNow AI Platform:
For more information, see Setup Threat Intelligence. |
| Assign the required MISP user roles. | Review the MISP user roles and the permissions required to use the MISP integration for Security Operations. Note: For more information about the user
roles in MISP, see the Roles section in the MISP documentation website. |
| Verify that you are using MISP version 2.4.137 or later. | The MISP integration for Security Operations is tested with a minimum MISP version 2.4.137. |
| Verify that the ServiceNow core applications that are required to support the MISP module are installed and activated. | Verify that the following Security Operations applications are installed and
activated from the ServiceNow Store. If not installed, install and activate
one application at a time in the following order to ensure a smooth installation.
For more information on setting up your ServiceNow AI Platform instance for the integration, see get entitlement for a Security Operations product or application and activate a ServiceNow Store application. |
| Domain separation | Verify the domain separation section if you intend to separate data, processes, and administrative tasks. |
Related Content
- Install and configure the MISP integration for Security Operations
Install and configure the MISP integration for Security Operations from the ServiceNow Store on your ServiceNow AI Platform instance so that you can start investigating security incidents using the MISP data.
- Review the MISP integration settings
Review the MISP integration for Security Operations settings and modify the default system properties to suit your environment.
- Configure MISP sighting searches
Configure the ServiceNow AI Platform to do sighting searches for observables in the MISP instance. With this information, you can determine how often threats occur.
- Configure how an automatic event is created
Configure the ServiceNow AI Platform to automatically create events in MISP.
- MISP event data
You can review the MISP event data so that you can see detailed information about the MISP events.
- Associated MISP events
You can use the associated MISP events list view to view the events that have been created manually or automatically in the context of a security incident.
- MISP user information
You can use the MISP user information page to view all the associated users for the ServiceNow AI Platform MISP integration for Security Operations.
- Domain separation and MISP
Domain separation is supported in MISP. Domain separation enables you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.
- Troubleshooting MISP integration
This section covers important troubleshooting tips that can help you resolve common issues you can encounter when setting up or running MISP integration.