Which Open Source Threat Intel Platform (TIP)
should you choose? Both MISP and Your Everyday Threat Intelligence (YETI) are popular open source threat intelligence platforms. You may be comparing MISP vs. YETI because you'd like to use an open source platform to handle your threat intelligence, but aren’t sure of the differences between them.
While both platforms share these similarities, they also come with some major differences.
YETI is much newer than MISP. MISP launched in 2012, while YETI was first released to the public in 2017.
Because MISP is more mature and established software, it has a much larger user base than YETI. This has a number of benefits:
New versions of MISP are released approximately every month, whereas YETI is updated roughly once per quarter. This is likely in part because MISP’s contributor team is roughly 4x larger than YETI’s.
It’s worth noting that MISP’s release notes are also much more detailed than YETI’s release notes. This means it may be easier to predict the impact and potential side effects of MISP upgrades vs. YETI upgrades.
The underlying language of your TIP can be important if your team wants to inspect the underlying code in detail, fix issues, or contribute back to the codebase.
If your team has expertise in Python, for example, it may be easier for the team to understand and potentially contribute to the YETI codebase compared to MISP.
While the YETI documentation gives a high-level overview of installation, use cases, YETI objects, extending YETI, and the API, the MISP documentation dives into the fine-grained detail of every aspect of MISP.
If thorough and detailed documentation is important to you and your team, you are likely to be more satisfied with the MISP documentation compared to YETI’s documentation.
If MISP seems like the best fit for your organisation, we recommend CloudMISP, our managed MISP service.