Start by deploying an Ubuntu VM on any cloud provider (I use GCP)

  1. Install git + docker
sudo apt update
sudo apt install git

sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable"
sudo apt update
apt-cache policy docker-ce

sudo apt install docker-ce
sudo systemctl status docker

# to run docker without sudo
sudo usermod -aG docker ${USER}
# log out from machine & back in

# compose install
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
  1. Clone the misp-docker repository
git clone https://github.com/MISP/misp-docker.git
  1. Copy template.env into .env
cp template.env .env
  1. Export a BASE_URL
export BASE_URL=<your-vps-ip>
  1. Pull and start the containers
cd misp-docker
# alternatively pull the docker containers first
# docker compose pull
docker compose up # add a -d to run them detached
  1. Go to https://your-vps-ip address (ignore the TLS warnings)
  2. Login with admin@admin.test / admin credentials
  3. Go to Sync Actions > Feeds > Select desired feeds > Enable Selected Feeds > Confirm
  4. Fetch and Store All Feed Data

It works!

MISP Instance Screenshot