The goal of this tutorial is to integrate MISP with Wazuh, enabling automated threat intelligence correlation. When a new file is created on a monitored endpoint, Wazuh will query its hash against indicators stored in the MISP instance. If a match is found, Wazuh will automatically generate an alert, enhancing detection and response capabilities.
We are pleased to announce the release of MISP v2.5.22.
This release brings new features, improvements, fixes, and important updates to keep MISP stable and up to date.
To ensure effective threat intelligence sharing, MISP allows data synchronisation between different instances. The administrators of each instance can decide whether they want to send or receive data with the instances they want. In addition, synchronization also allows filtering between the data you want between public and private internal instances. However, this synchronisation mechanism must follow strict rules that define how and to what extent information can be shared.
We are pleased to announce the release of MISP v2.5.21.
This version introduces new features affecting the various correlation tools, important fixes, and various updates to objects, taxonomies, and galaxy.
Release date: 2025-08-20
MISP 2.5.19 brings important fixes, improvements to the on-demand correlation engine, refinements in the task scheduler, and better error handling.
We are pleased to announce the release of MISP v2.5.18, featuring a brand-new on-demand correlation engine, new improved task scheduling, Forgejo CI integration, and a wide range of fixes and refinements.
We are thrilled to announce two new releases for the MISP project: a significant feature and performance release, v2.5.16, and a stable maintenance release, v2.4.214.
We are thrilled to announce a dual release of MISP, bringing significant enhancements to both our stable and development branches with versions 2.4.213 and 2.5.15.
We are excited to announce the parallel release of two new MISP versions: 2.5.13 for our latest branch and 2.4.211 for the 2.4 branch. These releases are packed with critical security patches, a major overhaul of the search functionality, and a host of improvements and bug fixes to enhance your threat intelligence experience.
This release provides a critical round of security fixes, significant improvements to attribute validation, and UI enhancements for event views and analyst workflows. Multiple components including Galaxy, STIX, and warning lists were also updated. Special attention has been given to improving compatibility, performance, and documentation.
This release introduces several new features, important security fixes, and major improvements to the workflow engine, sharing group logic, and plugin handling. It also includes enhancements developed during hackathon.lu 2025.
MISP already offers several ways to examine what is happening on your instance:
.json to the URL to retrieve the raw data.)These tools are invaluable for quick checks, yet they stop short of answering a few questions:
This release introduces important security fixes, enhancements in authentication plugin handling, and better cache management in the workflow editor. It also updates various MISP components and improves remote sync behavior.
This dual release of MISP (versions 2.4.207 and 2.5.9) brings significant stability improvements, better performance, and architectural refinements, particularly around background job handling, workflow modules, and Galaxy cluster operations.
MISP v2.4.206 and v2.5.8 introduces new workflow modules, enhanced object relationship management and significant improvements to the event synchronisation mechanism. Key highlights include improved a reworked attribute search functionality, better handling of event reports, and various security fixes. Additionally, numerous optimizations and bug fixes enhance stability and performance.
The MISP Project is pleased to announce the release of MISP v2.5.7 and v2.4.205, bringing several new features, important fixes, and enhancements to improve the overall user experience and platform functionality. This release addresses critical improvements in synchronization filtering, correlation management, and UI enhancements, ensuring a more stable and efficient MISP environment.
The MISP Analyst Data format, part of the broader MISP-standard.org ecosystem, represents a significant step forward in structuring and exchanging cyber threat intelligence. Developed in collaboration with industry partners, this format builds upon the lessons learned from OASIS STIX, addressing its practical shortcomings while ensuring greater efficiency, flexibility, and usability for analysts.
The MISP team is excited to announce the release of MISP v2.5.6 and MISP v2.4.204. These updates bring several new features, fixes, and performance improvements to enhance the platform’s usability and efficiency. Here’s a summary of the key changes:
We are thrilled to announce the release of MISP v2.4.203 and MISP v2.5.5, bringing a range of new features, improvements, and fixes to enhance the platform’s performance, usability, and security. These updates reflect our ongoing commitment to providing a robust and reliable open-source threat intelligence platform for the community.
rest_client_baseurl is now CLI-only.rest_client_enable_arbitrary_urls description for clarity.Security.disable_form_security, a legacy setting for testing purposes, has been removed.JsonTool::encode() used in JavaScript.upload_file view element.2.4-develop.This release includes several critical security fixes, updates, and enhancements, improving the overall functionality and stability of MISP. Users are encouraged to update promptly to benefit from the latest improvements and security measures.
© MISP project. Software released under approved open source licenses and content of this website released as CC BY-SA 3.0.
Template by Bootstrapious. Ported to Hugo by DevCows.