Manual upload

Manually upload files and archives to the Intelligence Center.

You can upload data files and compressed archives on the fly.
The Intelligence Center ingests and processes uploaded data, and it creates new entities after deduplicating and normalizing it.

Content types

You can upload files in the following formats:

Content type



Categorized and enumerated attack patterns, attack mechanisms, strategies, tactics and techniques retrieved from the CAPEC catalog.

EclecticIQ JSON

JSON format representing entity data as JSON objects.

Email message

Plain text emails. Uploaded emails must be in the MIME formats: text/plain or text/html.


For more information, see Incoming feed MISP.


Standard PDF format, preferably native (not scanned).

RSS HTML from Link

For more information, see Incoming feed - RSS version 2.0.

SpyCloud Breach Data JSON

For more information, see Incoming feed - SpyCloud Watchlist Ingest.

STIX 1.0

STIX data model v. 1.0.

STIX 1.1

STIX data model v. 1.1.

STIX 1.1.1

STIX data model v. 1.1.1.

STIX 1.2

STIX data model v. 1.2.

Text/Plain text value

Plain text format.
This content type enables entering free text and literals, wildcards (where supported), as well as JSON paths to point to specific entity property fields, and regex patterns to filter data.