The article introduces FlowIntel 3.0.0 as an open-source platform for handling security investigations in a more structured way, and says its integration with MISP is now a central part of how it works. Instead of keeping an investigation as loose notes and then manually rebuilding everything later in MISP, FlowIntel lets analysts create structured MISP-style objects—such as IPs, domains, hashes, URLs, and email-related artifacts—directly inside a case from the start. The main idea is to keep both the evidence and the investigation context organized and searchable throughout the whole process, so sharing intelligence becomes easier and less error-prone.

The post then explains that the integration works in both directions. A FlowIntel case can be sent to MISP to create a new event or enrich an existing one, with tasks, objects, and notes carried over in structured form; and a MISP event can also be turned into a new FlowIntel case for deeper internal analysis using templates. It also highlights built-in enrichment through MISP modules, case-to-case correlation for repeated indicators, and support for galaxies and taxonomies—including custom ones in version 3.0.0. In simple terms, the article says the goal is to make investigation and intelligence sharing feel like one continuous workflow instead of two separate jobs done in different tools.

‍

Source: https://www.misp-project.org/2026/02/18/flowintel.3.0.0.and.misp.integration.html/