Cyber threat information sharing platforms have become a useful weapon for
dealing with cyberattacks, proactively mitigating them and thus reducing risk
exposure. These allow multiple agencies to connect with each other, forming a
community, and share that same intrusion information regarding cyberattacks
or threats with each other.
The Malware Information Sharing Platform (MISP) is particularly developed
to promote the open dissemination of information such as intrusion indicators
within a community. This exchange of information related to threats
or incidents is treated as a data synchronisation procedure between di erent
MISP instances, which may belong to one or more communities, companies or
organisations. However, this platform presents limitations if its information is
considered as classi ed or shared only for a certain period of time. This implies
that this information should be treated only in encrypted form. One solution
is to use MISP with searchable encryption techniques to impose greater control
over information sharing.
In this document, it is present a system that guarantees a controlled synchronisation
of information between entities through the use of encrypted search
techniques to guarantee the con dentiality of the information present in the
MISP platform and also the use of synchronisation policies to control the way
information is exchanged
