MISP is a framework written in cakePHP, which has brilliant community support. The objective of the framework is to collect threat intelligence form various feed sources that publish malicious content and store it in the backend repository. The same content can be retrieved for analysis later on and shared with security tools such as SIEM, Firewall, and IDS/IPS systems. The tool has got lots of features, which include the following:

• It has a central parser, which is capable of parsing all kinds of IOC feed files such as free text, CSV, TSV, JSON, and XML. This is a big advantage, because it means we don't have to worry about the format in which the intelligence is supplied from the source feed. Different feed sources provide intelligence in different formats. The central parser parses the IOC information and transforms it in a consistent format to match the backend schema that MISP supports.
• It has an API that gives us the flexibility to share the intelligence directly with the SIEM tools (note that this is a disadvantage, however, as MISP doesn't yet have false positive elimination capability).
• It has the capability to integrate with other MISP instances and have a server to serve threat sharing.
• It has a role-based access to the web interface, which allows analysts to understand and co-relate the IOC gathered.
• It has a queue-based backend worker system, in which a collection of feeds can be scheduled to any time/hour of the day. We can also change how often this should be repeated. The backend worker and queuing system is based upon Redis and CakeResque.
• Not only is MISP very good at collecting threat information, it's also very good at correlating it and sharing the information in multiple formats such as CSV, STIX, JSON, Text, XML, and Bro-IDS signatures.