MISP is primarily PHP. I haven't kept up with it, but a few years ago when my team took it for a test drive it stored malware samples inline in its database, rather than as flat files. We quickly abandoned it.<p>In mid-2020, we stumbled upon OpenCTI (<a href="https://www.opencti.io/en/" rel="nofollow">https://www.opencti.io/en/</a>). It's so much better! It probably doesn't do quite as much as MISP, but it has a nice release tempo and upgrades have been painless.
I was looking at this a couple of weeks ago, and compared to some alternatives (e.g. opencti) it seemed a lot less polished. It was still easier to get running than Cortex though, at least for a basic look.