Direct answer
What makes a good MISP feed? Context: provenance, confidence, timestamps, tags, relations and evidence links.
Problem
Sharing communities need events that preserve confidence, provenance and actionability.
PhishNet unique data
PhishNet adds source family, source tier, confirmation state, evidence readiness, liveness, brand/country relevance and graph context.
Public-safe proof module
Public proof includes schema documentation, redacted example rows and cached dashboard modules.
Integration path
MISP exports can align with daily deltas, verified-live URLs, fake platforms, smishing routes, mule routes and campaign clusters.
Conversion path
CTA: request a MISP sample bundle or partner feed discussion.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What makes a good MISP feed?
Context: provenance, confidence, timestamps, tags, relations and evidence links.
Does PhishNet export weak signals?
Yes, but with explicit confirmation state so communities can decide policy.