Download a MISP event
Export Formats
Export IOCs as MISP JSON event
Export IOCs as a MISP-format JSON event ready for import into the MISP threat intelligence platform.
What you get
A single MISP Event object containing one Attribute per IOC. Attribute types are mapped from our internal types:
| SOC Defenders type | MISP type |
|---|---|
| ipv4 | ip-src |
| ipv6 | ip-src |
| domain | domain |
| url | url |
| md5, sha1, sha256, sha512 | matching hash type |
| email-src | |
| cve | vulnerability |
Import to MISP
curl -X POST https://your-misp.example.com/events/add \
-H "Authorization: <misp-key>" \
-H "Content-Type: application/json" \
-d @socdefenders-misp.json
Requires the Pro plan (read:misp scope).
GET
Download a MISP event
Authorizations
API key in X-API-Key header
Query Parameters
Filter by IOC type
Available options:
ipv4, ipv6, domain, url, md5, sha1, sha256, sha512, email, cve Example:
"ipv4"
Lower time bound (ISO 8601). Clamped to your tier lookback.
Example:
"2026-05-15T00:00:00Z"
Max attributes in the event. Tier-capped.
Example:
500
Response
MISP event JSON