A new version of MISP (2.4.103) has been released with significant UI improvements (including a new flexible attribute filtering tool at the event level), many bug fixes and a fix to a security vulnerability (CVE-2019-9482) which was affecting sighting visibility.
A new attribute filtering tool has been added to the event view to replace the previous filtering. Complex filtering rules can be set to easily filter, navigate and paginate over large events with many attributes and objects.
A major project is ongoing to improve the UI accessibility in MISP, UI elements are progressively updated to an adequate templating system to ease the future extension of the UI. This versions already includes a reworked UI for tab UI, index UI, server settings, server preview and much more. The rework is handled in a progressive fashion with the UI being gradually updated to ensure a smooth transition. If you notice any UI specific issues during the transition period, don’t hesitate to open an issue (with a screenshot if possible) to describe the expected behavior.
With the increased use of MITRE ATT&CK and the need of describing similar matrix-like models, generic matrix-like galaxies are now supported. You can create your own matrix with the associated custom kill chains. A first new matrix-like galaxy has been added to MISP called Universal Development and Security Guidelines as Applicable to Election Technology made by the European Commission to model the attack model against election processes and technologies.
In MISP 2.4.102, an authenticated user could view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting in addition to certain conditions aligning - the issue affects instances with restrictive sighting settings (event only / sighting reported only). This vulnerability got has received the designation CVE-2019-9482. Thanks to Tyler McLellan of CanCyber.org for reporting the vulnerability. We are eager to receive security reports and/or analyses about the MISP project, don’t hesitate to contact us.
A host of bugs were squashed and various small improvements were implemented.
MISP galaxy, objects and taxonomies were extended by many contributors, which are also included by default in MISP. Don’t forget to run a
git submodule update and update galaxies, objects and taxonomies via the UI.
MISP modules were also significantly improved especially on the PDF export which includes a complete export of MISP events as a clean and concise PDF report.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.
Don’t hesitate to have a look at our events page to see our next trainings, talks and activities to improve threat intelligence, analytics and automation.