Which Open Source Threat Intel Platform (TIP)
should you choose? Both MISP and Your Everyday Threat Intelligence (YETI) are popular open source threat intelligence platforms. You may be comparing MISP vs. YETI because you'd like to use an open source platform to handle your threat intelligence, but aren’t sure of the differences between them.

The good news is that both platforms share the benefits of being open source software.

  • Both MISP and YETI are scrutinised and patched by the security community. Being open source, many people have the chance to spot and patch potential vulnerabilities before they make it into a production release. With open source software, you can also inspect the code to be sure there are no exploitable flaws. With closed source software, you have no option but to trust that the company behind the software follows secure development practices. One difference to note is that MISP has around 200 open source contributors where YETI has a smaller contributor team of around 50.
  • Both MISP and YETI are free to use, provided you are prepared to host the platforms on your own infrastructure. The downside of free is that these platforms don’t come with any guarantee of support if things go wrong. You’ll need to rely on volunteers in the open source community for whom you are not a #1 priority. That’s why some folks have opted for managed and supported versions of these platforms, like CloudMISP.

While both platforms share these similarities, they also come with some major differences.

The MISP community is larger and has a richer ecosystem

YETI is much newer than MISP. MISP launched in 2012, while YETI was first released to the public in 2017.

Because MISP is more mature and established software, it has a much larger user base than YETI. This has a number of benefits:

  • A larger community means there are more learning resources available, like tutorials, guides, StackExchange answers, forum discussions, and documentation
  • MISP has a richer ecosystem, with many more open source modules and integrations available
  • Since MISP is more widely used than YETI, there is a wider range of professional services available if you end up needing expert help

MISP is more frequently updated and has better quality release notes

New versions of MISP are released approximately every month, whereas YETI is updated roughly once per quarter. This is likely in part because MISP’s contributor team is roughly 4x larger than YETI’s.

It’s worth noting that MISP’s release notes are also much more detailed than YETI’s release notes. This means it may be easier to predict the impact and potential side effects of MISP upgrades vs. YETI upgrades.

MISP is mainly written in PHP, whereas YETI is mainly written in Python

The underlying language of your TIP can be important if your team wants to inspect the underlying code in detail, fix issues, or contribute back to the codebase.

If your team has expertise in Python, for example, it may be easier for the team to understand and potentially contribute to the YETI codebase compared to MISP.

MISP’s documentation is much more comprehensive

While the YETI documentation gives a high-level overview of installation, use cases, YETI objects, extending YETI, and the API, the MISP documentation dives into the fine-grained detail of every aspect of MISP.

If thorough and detailed documentation is important to you and your team, you are likely to be more satisfied with the MISP documentation compared to YETI’s documentation.

If MISP seems like the best fit for your organisation, we recommend CloudMISP, our managed MISP service.