September 13, 2022
We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.
In addition to the MISP v2.4.162 release, misp-guard has been released which is a mitmproxy addon that inspects the events that MISP is attempting to synchronize with external MISP instances via PUSH
or PULL
and applies a set of customizable rules defined in a JSON file. This is a complementary tool to support MISP users having to interconnect MISP instances between highly sensitive networks.
Periodic notification system
As of version 2.4.162, MISP includes a periodic summary feature allowing users to consult a summary based on a requested time-frame for data the user has access to.
Currently, the summaries can be generated for 3 different periods: daily
, weekly
and monthly
and then sent to all users that subscribed to one of these periods.
In addition to letting users subscribe to a period, they can also specify filtering options such as tags or distribution levels to be applied when generating the report. The summary can then be sent via email or viewed in the MISP User-Interface.
For more information, check out the Periodic summaries - Visualize summaries of MISP data blog.
Workflow improvements
- Added diagnostic support and support of arbitrary URL for webhook module.
- New Microsoft teams module based on the webhook module.
- New email notification module to send email to a list of MISP users including Jinja templating.
- Tag name can now be used in workflows.
For more details about MISP Workflow, check out the training materials.
MISP core improvements
- Allow option to delete tags on event sync prior to soft-delete tag implementation.
- API/[Event:restSearch] Added option
event_tags
to filter for eventTag only. - API/RestSearch - Added support of
static
parameter to produce a static HTML output. - Syslog/logging for certain log entries vital information was omitted by the syslog. If no custom message is specifically set for the log entry, the change field is included.
- Enforce UUIDs uniqueness on MISP data back-end.
Bugs fixed
- [correlations] save the distribution state of the event before/after saving it, fixes #8528.
- [attribute tags] removal broken, fixes #8567.
- Class ‘Folder’ not found #8544.
- Create unique SIDs for email attributes in NIDS export.
Thanks to all the contributors and users reporting bugs to make the software better.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements in MISP core.
Many improvements in the MISP galaxy and especially the threat-actor galaxy. There is a detailed changelog.
Improvement in the false-positive
taxonomy and many other taxonomies. There is a detailed changelog.
Multiple objects were updated and added, for more details.