Direct answer
Can PhishNet integrate with MISP? Yes. The product model includes MISP-ready export profiles and evidence/detail URLs for operational context.
Problem
Cyber teams already use MISP, STIX, TAXII, SIEM and SOAR workflows. A new intelligence platform must fit those workflows rather than force analysts into another silo.
PhishNet unique data
Rows include source family, source tier, confirmation state, Belgian/country relevance, evidence readiness, liveness state, campaign/kit context, graph links and export audit context.
Public-safe proof module
Public pages can show schema examples, redacted sample rows and daily public dashboard metrics while full operational values remain authenticated.
Integration path
Provide saved export profiles for confirmed domains, confirmed URLs, verified-live URLs, mule routes, smishing routes, fake financial platforms, ads evidence and campaign clusters.
Conversion path
CTA: request MISP feed access, request STIX sample bundle, or ask for a CERT integration briefing.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
Can PhishNet integrate with MISP?
Yes. The product model includes MISP-ready export profiles and evidence/detail URLs for operational context.
Are review candidates mixed with confirmed threats?
No. Confirmation state stays explicit in exports and APIs.