Introduction

Hi, in this blog post I am going to share how I have built a framework on Splunk to retrosearch on MISP indicators of compromise.

MISP 2.4.198 released with many bugs fixed, security fixes and improvements.

September 17, 2024

MISP v2.4.198 (2024-09-13)

Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as possible.

MISP 2.4.197 released with many bugs fixed, a security fix and improvements.

September 2, 2024

Release Notes - v2.4.197 (2024-09-02)

New Features

Config Option: Added a new configuration option user_org_uuid_in_response_header to include a response header with the requesting user’s organization UUID. [Jeroen Pinoy]
Build: Display required STIX dependencies versions during the build process. [Jakub Onderka]
Bookmark now supports comment.

Changes

Version: Version bump. [iglocska]
Warning List: Updated the warning list. [Alexandre Dulaunoy]
Taxonomies: Updated to the latest version. [Alexandre Dulaunoy]
MISP Galaxy: Updated to the latest version. [Alexandre Dulaunoy]
PyMISP: Version bump. [Raphaël Vinot]
Internal Logging: Added logging when an event will not be published. [Jakub Onderka]
Global Menu - Bookmarks: Added comment field as the dropdown element’s title in the global menu bookmark. [Sami Mokaddem]
Database Upgrade - Bookmarks: Upgraded the database to support bookmark comments. [Sami Mokaddem]
Bookmark View: Added a missing comma for the new comment function and added a field for comments in the bookmark view. [Jan Z.]
Bookmark Index: Added a field to display comments in the bookmarks index. [Jan Z.]
Bookmark Add/Edit: Added a field to add and edit comments for bookmarks. [Jan Z.]
MISP Object: Updated to the latest version. [Alexandre Dulaunoy]

Fixes

UI/Footer: Improved UI footer to avoid confusion for some users. [Alexandre Dulaunoy]
IOC Import: Added a check to ensure the provided XML is valid. [Jakub Onderka]
Schema: Updated schema version. [Jakub Onderka]
UI: Fixed tag popover to return already parsed data. [Jakub Onderka]
Bookmarks - Add: Lower-cased the comment field. [Sami Mokaddem]
Sightings: Correctly retrieve sightings per the requested event. [Tom King]
Bookmarks - Verbose Returns: Fixed an issue with overly verbose returns from bookmarks when shared with the organization. This fix was reported by Sharad Kumar Dahal of Green Tick Nepal Pvt. Ltd. [iglocska] This fixes a security issue recorded as CVE-2024-45509.
Feed: When pulling feeds, events are now checked against specified rules if any rules are provided. [Benni0]

Other

Merged pull requests addressing issues with unpublished events logging, tag popover parsing, sightings restSearch performance, and STIX dependencies version display. [Jakub Onderka, Andras Iklody, Andrew Hicks]
Fixed issues related to sightings restSearch negation of organization ID. [Andrew Hicks]

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

MISP 2.4.196 released with many bugs fixed and improvements.

August 21, 2024

MISP 2.4.196 released with many bugs fixed and improvements.

New Features

Decaying Model: Introduced a new DecayingModel that leverages true positive and false positive sightings for better decision-making. [Marcel Slotema]
Log Search Enhancement: Added an optional hh:mm:ss accuracy to log searches, allowing for more precise time-based queries. This update also includes significant refactoring to improve code quality. [iglocska]
User Log Review: Improved the functionality of the “review user logs” button. It now links directly to logs relevant to the specific user, considering the new audit log system. Future enhancements will include email-based log searches. [iglocska]

Changes

PyMISP Update: Updated PyMISP to the latest version. [Raphaël Vinot]
Decaying Model Formulas: Enhanced error handling by catching undefined indexes in decaying model formulas. [Sami Mokaddem]
Attributes Search: Added support for sorting by publish_timestamp and introduced the X-Skipped-Elements-Count header to improve pagination during REST searches. [Benni0]
Reverse Proxy Handling: Fixed issues with base URL handling for reverse proxies, eliminating problematic redirects. Special thanks to Mitch Germansky for the extensive debugging. [iglocska]
MISP Components Update: Updated MISP Object, Galaxy, and STIX components to their latest versions. [Alexandre Dulaunoy, Christian Studer]

Fixes

STIX 2 Import: Updated the STIX 2 parsers following recent changes in MISP-STIX. [Christian Studer]
Base URL Setting: Adjusted the priority order in beforeFilter to avoid redis errors during benchmarking. [iglocska]
Image Helper: Allowed for variable-width organization logos without overlapping text. [iglocska]
Workflow Module: Ensured correct type return if redis fails to load during workflow:getEnabledModules. [Sami Mokaddem]
Settings Management: Fixed multiple issues related to changing instance settings, including improvements to CLI checks. [iglocska]
Attribute Search Ordering: Reverted ID-based sliding window ordering due to performance concerns. [iglocska]

Other

Merged several development branches to integrate recent changes, updates, and fixes from various contributors. Notably, the branches related to attribute search order, skipped elements count, and environment dependencies were integrated into the main branch. [iglocska, Christian Studer, Sami Mokaddem, Alexandre Dulaunoy, Stefano Ortolani, Andras Iklody]

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

SkillAegis

August 14, 2024

Design and Execute Cyber Threat Intelligence Scenarios with SkillAegis

Practical experience is essential for skill development, and effective training must be both engaging and capable of identifying gaps in understanding. That’s why we’re pleased to launch version 1.0.0 of SkillAegis, your new training companion.

MISP 2.4.195 - hot summer olympic release

August 9, 2024

MISP 2.4.195 - hot summer olympic release

We are pleased to announce the immediate availability of MISP v2.4.195, a summer release aiming to introduce new features, fix a long list of reported bugs and deficiencies as well as give your servers a breather in the scorching summer heat by taking a load off your CPUs thanks to a set of impactful performance fixes.

Maltego Integration with MISP

By Maltego

July 16, 2024

Maltego Integration with MISP

Understanding How Maltego Integrates with MISP Data for Enhanced Cyber Threat Analysis

Introduction

Many organizations run MISP instances with other cybersecurity tools and OSINT for data-driven investigations. Investigators can integrate both internal and external data to map with MISP data in various ways. This blog details how to look up information directly in the MISP community using MISP Transforms on Maltego Graph, highlighting its seamless integration for efficient and comprehensive investigations.

Collaborative Threat Intelligence Sharing and Automated Information Exchange - Insights from the JTAN Project Experience

July 1, 2024

The JTAN (Joint Threat Analysis Network) Project, co-funded by the European Union’s CEF program, addresses the critical need for efficient and effective threat intelligence sharing among cybersecurity teams. As cyber threats grow in complexity and scale, the ability to quickly exchange and analyze threat data across organizations has become essential for maintaining robust security.