diff --git a/docs/MISP b/docs/MISP
new file mode 100644
index 0000000..d26af02
--- /dev/null
+++ b/docs/MISP
@@ -0,0 +1,34 @@
+# MISP
+
+### API Access
+
+MISP (Malware Information Sharing Platform) is a free and open source software platform for sharing cyber security indicators and threat intelligence. It can also be used as an integration point for connecting to other security solutions and platforms. Integrating MISP with Shuffle is an effective way to help automate many of the processes related to threat detection, investigation and response.
+
+1. Start by logging into your MISP instance.
+
+2. Create a new API Key under the “Configuration” tab.
+
+3. Copy the API Key and make sure it is securely stored in a safe place.
+
+4. Next, log in to your Shuffle instance and create a new integration using the MISP API.
+
+5. Enter the URL for your MISP instance, as well as the API Key you just generated.
+
+6. Ensure that the integration is configured correctly, including setting up any necessary filters or parameters.
+
+7. Once the integration is complete, you should be able to begin using the MISP API for operations.
+
+8. You may now begin querying the MISP instance for specific threat indicators or other pieces of intelligence that could be useful for analysis or incident response operations.
+
+9. Finally, once you have retrieved any data from MISP, you can use Shuffle to automate tasks based on that data, such as running automated investigations or taking actions to remediate threats detected in your environment.
+
+### Useful API queries:
+
+* Getting all Events associated with a Tag: GET /tags/{tag_name}/events
+* Getting all Attributes of a given Event: GET /attributes/{event_id}
+* Adding new Sightings associated with an Event: POST /sightings/add 
+* Retrieving all Sightings associated with an Event: GET /sightings/view/{event_id} 
+* Retrieving existing Taxonomies, or creating new ones: POST /taxonomies/{taxonomy_name}
+* Retrieving all TTPs associated with an Event: GET /ttps/getTTPsByEventId/{event_id} 
+* Adding a new Link between two Events: POST /links/add 
+* Retrieving all Links between two Events: GET /links/getLinksByEventId/{event_id}