Blogs

HarfangLab Use-Case with MISP

EDR Use-Cases with MISP Historically, teams shared indicators of compromise (IOCs) via email in documents that were often difficult to analyze and challenging to automate for processing.

Continue reading

MISP 2.4.185 released with sighting performance improvements, security and bugs fixes

We are happy to announce the immediate availability of MISP 2.4.185. This is mainly a bug fix release resolving several issues as well as tightening the security posture of the org image handling.

Continue reading

MISP 2.4.184 released with performance improvements, security and bugs fixes.

MISP 2.4.184 released with performance improvements, security and bugs fixes. Improvements Speed up improvements in ssdeep correlation and many other parts of MISP.

Continue reading

MISPbot

MISPbot What is MISPbot? The MISPbot is a simple tool to allow users to interact with MISP via Mastodon or Twitter.

Continue reading

Bridging the Gap: Introducing MISP Airgap for Secure Environments

Bridging the Gap: Introducing MISP Airgap for Secure Environments In an era where cybersecurity threats are ever-evolving, the need for robust and secure information sharing platforms is paramount.

Continue reading

MISP 2.4.183 released with new ECS log feature, improvements and bugs fixed

MISP 2.4.183 released with a new ECS log feature, improvements and bugs fixed. MISP now supports Elastic Common Schema (ECS) security logging.

Continue reading

Using Zeek's new JavaScript support for MISP integration

Using Zeek’s new JavaScript support for MISP integration With Zeek 6.0, experimental JavaScript support was added to Zeek, making Node.js and its vast ecosystem available to Zeek script developers to more easily integrate with external systems.

Continue reading

MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.

MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix. MISP Core New Features [event:view] Added new option show_server_correlations_for_all_users allowing non-privileged users to view server correlations.

Continue reading

MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes.

MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes. Changes [tools:misp-delegation] Do not use self-documented expression in f-string anymore.

Continue reading

MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements.

MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements. New [api] added X-MISP-AUTH as an alternative header to Authorization, fixes #9418.

Continue reading

Current state of the MISP playbooks

Current state of the MISP playbooks The MISP playbooks at https://github.com/MISP/misp-playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse intelligence received by MISP.

Continue reading

MISP 2.4.179 released with a host of improvements a security fix and some new tooling.

MISP 2.4.179 released with a host of improvements a security fix and some new tooling. First baby steps taken towards LLM integration We currently included our first attempt at an LLM integration for report summarisation and extraction.

Continue reading

MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed.

MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed. Improvements [workflow] Added option to provide a custom JSON in the hashpath picker helper.

Continue reading

MISP 2.4.177 released with various improvements and bugs fixed.

MISP 2.4.177 released with various bugs fixed and improvements. Improvements [dev] added a shell script to generate the restsearch parameters. [CLI] add command to expire active AuthKeys that do not have an IP allowlist set.

Continue reading

MISP 2.4.176 released with various improvements and bugs fixed.

MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the misp-stix library especially on the storing relationships and the description of relationships in the MISP standard format.

Continue reading

MISP to Microsoft Sentinel integration with Upload Indicators API

MISP to Microsoft Sentinel integration Introduction The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.

Continue reading

MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

MISP 2.4.175 released with various bugs fixed, improvements and security fixes. Improvements Added support of start_date and end_date options in the MISP dashboard widgets.

Continue reading

MISP now supports Signal Metadata Format Specification SigMF

As one of the outcomes of GeekWeek8, MISP now supports a new set of features useful for handling radio frequency information in the Signal Metadata Format Specification) (SigMF), commonly used in Software Defined Radio (SDR), digital signal processing and data analysis applications.

Continue reading

MISP 2.4.174 released with major workflow enhancements, new features and fixes

We are thrilled to announce the immediate availability of MISP v2.4.174 with significant workflow improvements, accompanied by a host of quality-of-life enhancements and bug fixes.

Continue reading

MISP 2.4.173 released with various bugfixes and improvements

We are pleased to announce the immediate availability of MISP v2.4.173 with a new password reset feature, along with a host of quality of life improvements and fixes.

Continue reading