MISP 2.4.138 released (Many improvements including CISA.gov AIS dynamic marking functionality, RSIT galaxy added)

Posted 10 Feb 2021 by

MISP 2.4.138 released

We have released 2.4.138, the latest release for MISP along with an update of the JSON libraries.

Besides that, several usability and performance issues have been resolved along with a host of small improvements, additional API improvements, etc. Make sure that you read the detailed changelog to see all the improvements. Improvements include the use of the threat level for the alert filtering, many bugs fixed in the event graph and many others.

Nested Galaxy Element generator

We have a new tool that allows you to take nested JSON documents and convert it to galaxy cluster elements using a dot delimited format. If you ever want to quickly encoding existing nested data for your custom galaxies, this should make your life easier. This functionality was integrated for the support of the Automated Indicator Sharing (AIS) from DHS/CISA.gov to include dynamic marking. The functionality can be reused for many different use-cases.

RSIT galaxy added with MITRE ATT&CK

Reference Security Incident Taxonomy Working Group, is a joint initiative for CSIRTs to produce a reference taxonomy for the CSIRT community. A new version of RIST has been integrated into MISP along with a complete set of relationships with MITRE ATT&CK, thanks to the galaxy 2.0 feature in MISP. Thanks to Koen Van Impe for this new updated galaxy.

Acknowledgement

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy .

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.