A new version of MISP (2.4.120) has been released, including an extension to the data-model adding the first_seen and last_seen values at the attribute and object levels. The user-interface has been extended with a timeline view/editor per event, allowing users to see all occurrences of attributes and objects based on time. A new quick object edit tool has been added, enabling users to easily add new attributes to already existing objects. A long list of bugs were fixed and various improvements were made in the existing features.
Don’t forget to have background workers running before updating, there are some updates to the database which can take time depending on the size of your MISP instance. The progress of the update can be verified via the interface of your MISP instance using the following endpoint: /servers/updateProgress .
MISP standard format has been extended to support first_seen and last_seen on any attribute or object in a MISP instance. This functionality is fully accessible via the restSearch API and via the user-interface of MISP. first_seen and last_seen can be set at the attribute and/or the object levels. A complete timeline viewer and editor has been added to allow users to:
As an example above, a spear phishing attack and their respective occurrences are displayed on the timeline. This new feature allows users to describe complex time-based information whilst using existing features such as object relationships.
MISP modules have been improved and many new modules were added in the following related scopes: expansion, export and import. Don’t forget to update the modules to benefit from the improvements and new features.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.