Posted 16 Oct 2020 by
MISP is widely known as a powerful tool to gather, correlate and share information. As a response to the growing information-sharing maturity of the community, more features have been introduced over the past few years to meet analyst skills and requirements.
MISP has evolved to support a richer data structure allowing analysts and operators to describe and visualize complex scenarios. Data stored in MISP can be adjusted and linked in a comprehensive manner turning them into explorable graphs or timelines representing their activity or events.
However, in the current threat intelligence scene, information is often explained and shared in the form of article and using MISP’s raw text comments is far from ergonomic and appealing. Consequently, a crucial piece of data structure was missing and had to be supported: Reports.
In MISP 2.4.133, the report feature has been introduced including a complete Markdown editor to edit one or more report(s) attach to an event. The report feature including a complete editor to allow an interactive method to add structured information from the MISP event including attributes, objects, galaxies or tags into the report.
The report editor provides features such as:
Event reports have all the standard properties regarding information sharing available MISP such as distribution level, sharing communities. A report can be shared to specific groups while structured information can be shared to a wider audience as an example.
Event reports also offer a wide range of new possibilities that were not doable efficiently before. For example, Counter analysis on cases can be explained, resolution steps and recommendations can be supplied, and complete articles can be included inside an event.
For more details, check out our blog post: Event Report: A convenient mechanism to edit, visualize and share reports.
filename-pattern
filename-pattern to describe a filename based on a pattern (to avoid ambiguity from the filename attribute).cpe
attribute to share and describe CPE - Common Platform Enumeration - and associated object like cpe-assettelfhash
attribute type added and associate file object updated. For more details about telfhash.AS
type to asplain notation.A host of other improvements are documented in the complete changelog is available.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy .
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.