Review the MISP integration settings

Release version: Zurich

Updated July 31, 2025

2 minutes to read

Review the MISP integration for Security Operations settings and modify the default system properties to suit your environment.

Before you begin

Role required: sn_si.admin, sn_ti.admin

Procedure

Navigate to All > MISP Integration > Integration Settings.

Modify the following settings as required.

Table 1. MISP Integration settings
Property name		Description
Observable Enrichment	Time (in hours) before fetching new data	Time in hours before you can fetch new data. Type: integer Default value: 24
Sighting Search	Run Sighting Search automatically when new observables are associated with the security incident	Sighting search that runs whenever a new observable is associated with a security incident. Default value: Yes
Sighting Search	Search Interval (in days) for sighting search in MISP	Number of days that the sighting search data is searched in MISP. Use this option only for the automatic sighting search feature. Default value: 90
Data synchronization	Interval period (in minutes) for tags to be fetched and synchronized with MISP	MISP tags that are fetched at the time of the integration configuration. After the data is in the ServiceNow AI Platform, this property defines the frequency at which the data with the MISP server is synchronized. The value is defined in minutes. Default value: 1440 (minutes or 24 hours)
	Interval period (in minutes) to refresh MISP galaxies from configured sources	MISP galaxies that are fetched at the time of the integration configuration. After the data is in the ServiceNow AI Platform, this property defines the frequency at which the data with the MISP server is synchronized. The value is defined in minutes. Default value: 1440 (minutes or 24 hours)
	Interval period (in minutes) for organizations to be fetched and synchronized with MISP	MISP organizations that are fetched at the time of the integration configuration. After the data is in the ServiceNow AI Platform, this property defines the frequency at which the data with the MISP server is synchronized. The value is defined in minutes. Default value: 1440 (minutes or 24 hours)
MITRE™ Technique Extraction	Rollup MITRE-ATT&CK techniques automatically from MISP Observable Enrichment Results (Tags) to security incident	Rollup of MITRE-ATT&CK information from MISP observable enrichment results (tags) to the security incident. Default value: Yes
MITRE™ Technique Extraction	Rollup MITRE-ATT&CK techniques automatically from MISP Observable Enrichment Results (Galaxies) to security incident	Rollup of MITRE-ATT&CK information from the MISP observable enrichment results (galaxies) to the security incident. Default value: Yes

Note:

To use the MITRE™ technique extraction features in MISP, you must enable the MITRE-ATT&CK feature in the Threat Intelligence module.
The MISP integration for Security Operations introduces two base system MITRE-ATT&CK technique extraction rules for MISP - MISP galaxies and MISP tags. For more information on auto-extraction rules in MITRE-ATT&CK, see auto-extract technique rules for importing MITRE-ATT&CK information.

Click Save.

Result

Your modified integration settings are saved and applied.