MISP ioC retrosearch with misp42 Splunk app.
Introduction
Hi, in this blog post I am going to share how I have built a framework on Splunk to retrosearch on MISP indicators of compromise.
Hi, in this blog post I am going to share how I have built a framework on Splunk to retrosearch on MISP indicators of compromise.
Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as possible.
user_org_uuid_in_response_header
to include a response header with the requesting user’s organization UUID. [Jeroen Pinoy]For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!
hh:mm:ss
accuracy to log searches, allowing for more precise time-based queries. This update also includes significant refactoring to improve code quality. [iglocska]publish_timestamp
and introduced the X-Skipped-Elements-Count
header to improve pagination during REST searches. [Benni0]beforeFilter
to avoid redis errors during benchmarking. [iglocska]workflow:getEnabledModules
. [Sami Mokaddem]For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!
Practical experience is essential for skill development, and effective training must be both engaging and capable of identifying gaps in understanding. That’s why we’re pleased to launch version 1.0.0 of SkillAegis, your new training companion.
We are pleased to announce the immediate availability of MISP v2.4.195, a summer release aiming to introduce new features, fix a long list of reported bugs and deficiencies as well as give your servers a breather in the scorching summer heat by taking a load off your CPUs thanks to a set of impactful performance fixes.
Maltego Integration with MISP
Understanding How Maltego Integrates with MISP Data for Enhanced Cyber Threat Analysis
Many organizations run MISP instances with other cybersecurity tools and OSINT for data-driven investigations. Investigators can integrate both internal and external data to map with MISP data in various ways. This blog details how to look up information directly in the MISP community using MISP Transforms on Maltego Graph, highlighting its seamless integration for efficient and comprehensive investigations.
The JTAN (Joint Threat Analysis Network) Project, co-funded by the European Union’s CEF program, addresses the critical need for efficient and effective threat intelligence sharing among cybersecurity teams. As cyber threats grow in complexity and scale, the ability to quickly exchange and analyze threat data across organizations has become essential for maintaining robust security.
MISP 2.4.194 released with new functionalities and various bugs fixed.
/users/heartbeat
endpoint./users/view
, /admin/users/view
, /admin/users/index
endpoints.exposed_to_org
field.mysql.sql
.mysql.sql
.For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!
MISP 2.4.193 released with many bugs fixed, API improvements and security fixes
[attributes/enrich] endpoint added.
/attributes/enrich/[attribute_id|attribute_uuid]
{"dns": 1, "foo_bar_baz": 1}
listing all modules to execute.[misp-community] MISP-LEA information sharing community added.
Security Enhancements:
Logging and Tracking:
We are excited to announce the release of MISP v2.4.190. This latest version introduces a slew of new features, improvements, and fixes designed to streamline operations and enhance security measures for our users.
Kunai is an open-source security monitoring tool, specifically designed to address the threat-hunting and threat-detection problematic on Linux. It has been inspired by Microsoft Sysmon, to provide a Sysmon alike experience to the end user. However, it comes with some more advanced features such as fine grained event filtering, detection rules and IoC matching. In this blog post, we are going to introduce how to implement real time MISP IoC matching in a very short amount of time.
We are pleased to announce the immediate release of MISP 2.4.189, released with bug fixes, performance improvements and a new blocklist feature.
This lab explains how to connect MISP to the Elastic Stack in order to leverage IOCs from MISP and trigger alerts based on user defined rules.
The MISP Project, renowned for its threat intelligence sharing platform, and Yeti Platform, the Forensics Intelligence platform supporting CTI and DFIR practitioners, are coming together to create a more robust and interconnected open source landscape.
We are pleased to announce the immediate release of MISP 2.4.188, with major performance improvements and many bugs fixed.
ignoreIndexHint
parameter (mysqlExtended
, mysqlObserverExtended
).forceIndexHint
.restsearch
and /events/view
endpoints). This helps with performance issues caused by large sighting data sets.BadRequestException
as fail log in CI.misp-galaxy
, misp-object
, and warning-lists
.analyst-data
and event-reports
.sightings:getLastSighting
.includeDecayScore
by a factor of 5.unpublishedprivate
directive.CURLOPT_NOBODY
for HEAD requests.redisReady
in dragonfly.Exception
to Throwable
in ECS.MISP.email_reply_to
to server config.misp-stix
, attachment scan error handling, OIDC default org handling, alert email titles, shadow attribute handling, and community additions (ICS-CSIRT.io).Details changes are available in Changelog.
At CIRCL we use regularly bloom filters for some of our use cases especially in digital forensic. Such as providing a small, fast and shareable caching mechanism for Hashlookup database which can be used by incident responders.
We are pleased to announce the immediate release of MISP 2.4.187, including security fixes, new features and bugs fixes.
org list
to shell commands.OidcAuth.update_user_role
to disable role changes from OIDC.ext-zstd
to suggested PHP extensions.removeTagFromObject()
.Details changes are available in Changelog.
In the ever-evolving landscape of information security, the need for adaptable and efficient tools has never been greater. The MISP project, known for facilitating the sharing of structured threat information, has taken a significant leap forward. We’re excited to announce a pivotal enhancement to the misp-modules, a collection of modules for MISP, extending their functionality to operate not only as an integral part of MISP but also as a standalone web application.
© MISP project. Software released under approved open source licenses and content of this website released as CC BY-SA 3.0.
Template by Bootstrapious. Ported to Hugo by DevCows.