MISP is an open source cyber threat intelligence platform. The base image is secured with UFW Host firewall, OSSEC HIDs, Auditd , Crowdsec IPS , and Auto updates daily.

Software Included

Package Version License
MISP 2.4.192 GNU
Docker 26.1.4 Apache License 2.0
Portainer 2.19.5 Zlib

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Deploy to DO

Creating an App using the API

In addition to creating a Droplet from the MISP 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB MISP Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "decyphertekio-misp"}' \

Getting Started After Deploying MISP


  • MISP is only accessible via Public IP.
  • Please wait up to 10 minutes for initial startup script to have MISP up and running.

Access the server:

  • Click into droplet > select access > Launch Droplet console ( This will also reattach ssh keys to that console )
  • If you want to ssh in from you computer then :
  • Linux + MAC - add .pem key to ~/.ssh/id_rsa > change permisisons > chmod 400 id_rsa
  • ssh root@ip-of-server
  • If using putty or mobaxterm make sure to convert .pem using puttygen.

Passwords - DB AND/OR User:

  • ssh into server
  • cat /root/.docker/.env
  • This will display the randomly generated passwords for DB AND/OR User.

MISP - Access The Server:

  • Login > https://Public-IP
  • Username: admin@misp Password: ( cat /root/.docker/.env > ADMIN_PASSWORD=YOUR-PASSWORD-IS-HERE )
  • Get data feeds > Dashboard > Sync Actions > Feeds > Load Default feed metadata > select pencil indicator, enable , submit > Fetch & store all Feed Data
  • Change Password > Dashboard > Administration > List users > select user > Set Password > Save: Edit User - Confirm with old password
  • Troubleshooting > IF IP changes or no Public IP > Edit .env > vim ~/.docker/.env > BASE_URL=your=server-IP > cd .docker > docker compose down > docker compose up -d
  • MISP Requires a public ip , if you change your public IP please update in /root/.docker/.env > docker compose down > docker compose up -d

Portainer - Manage Docker:

  • How to access Portainer to manage your containers > https://Public-IP:9443
  • Follow the instructions to create a new admin account.
  • Caution - Portainer can timeout if you dont create an account fast enough
  • If this happens you need to restart the container, ssh into the server, then run. > docker restart portainer
  • Once logged into portainer, click get started and select local. You can manage docker from here.