Threat hunts and investigations often start in the browser from blog posts, malware reports, threat actor write-ups and security tool alerting. However, the workflow usually breaks the moment an analyst needs to check whether an indicator has already been shared or quickly push new findings back to the community. While MISP is powerful, many members experience a usability gap. Investigations span dozens of sources, while searching and sharing in MISP still require context switching and multiple UI clicks.
This session introduces MISPBrowserExtension, a lightweight cross-browser extension developed to make searching and sharing to MISP feel native to the analyst workflow. The talk focuses on practical, repeatable workflows that reduce copy-paste-click fatigue and shorten the time between discovery and community defense. When sharing is fast, consistent, and easy, the community can shift from reactive cleanup to proactive prevention… and Protect as One becomes operational instead of aspirational.
