December 22, 2021
MISP 2.4.152 released
MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.
The LinOTP authentication module has been improved to include a mixed mode where both OTP and MISP’s usual password authentication can be used together.
The timelining has been improved in several ways, such as the inclusion of images from objects, as well as various improvements in the timeline’s sighting view. Several bugs were affecting this feature have also been fixed.
A new optional synchronisation filtering has been added to allow for the removal of specific attribute or object types when syncing. The functionality is meant to be used by the final recipient organisations of a synchronisation chain, in order to filter out specific types of information due to legal or specific internal policies. The filtering feature is disabled by default and needs to be enabled in the general configuration. This feature is for ISACs or consumer organisations, not redistributing information to other MISP communities.
A new STIX 1 and 2 export for attribute restSearch has been added in complement to the existing event export in STIX 1 and 2. The export works just like the other event level STIX export, all you need to do is specify the given STIX format as the return type when querying the attribute restSearch endpoint.
Many internal improvements and bugs fixed.
MISP Modules
- New Qintel sentry module added.
- CIRCL hashlookup expansion SHA-256 support added.
The MISP modules changelog is available.
MISP Taxonomies
- New political spectrum taxonomy added.
- Improvement in exercise taxonomy.
- New deception taxonomy added.
MISP Taxonomies changelog is available.
MISP Galaxy
- New matrix CONCORDIA Mobile Modelling Framework - Attack Pattern added (thanks to Concordia H2020 project).
- Many update in threat actor, RAT and tools galaxy.
MISP Objects
- New Concordia intrusion set object.
- New temporal event object.
- Many improvements in user, person, postal-address, email object.
- New relationships added such as
found-in
,works-with
,drives
.
Acknowledgement
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy .
As always, a detailed and complete changelog is available with all the fixes, changes and improvements in MISP core.