Blogs

MISP 2.4.172 released with new TOTP/HTOP authentication, many improvements and bugs fixed

We are pleased to announce the immediate availability of MISP v2.4.172 with new TOTP/HTOP authentication, many improvements and bugs fixed.

Continue reading

MISP 2.4.171 released with a long list of fixes, a dashboard rework, STIX 2.1 improvements and more

We are pleased to announce the immediate availability of MISP v2.4.171 with a long list of fixes, major STIX 2 improvements and an overhaul over the dashboard widget toolkit.

Continue reading

How to push to a TAXII server from MISP

If you want to push data from your MISP instance to a TAXII server, there are a few steps you need to follow.

Continue reading

MISP 2.4.170 released with new features, workflow improvements and bugs fixed

We are pleased to announce the immediate availability of MISP v2.4.170 with new features, workflow improvements and bugs fixed. It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.

Continue reading

MISP to Azure Sentinel integration

MISP to Azure Sentinel integration Introduction The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.

Continue reading

MISP 2.4.169 released with various improvements and bug fixes.

We are pleased to announce the immediate availability of MISP v2.4.169 with various improvements and bug fixes. It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.

Continue reading

MISP and fail2ban

fail2ban - MISP fail2ban is known to do a great job at giving attackers a hard time when they try to “test” passwords or enumerate users of a service.

Continue reading

Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167)

Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167) Introduction As of the past 2 months, we’ve received two separate reports of two unrelated SQLi vector vulnerabilities in MISP that can lead to any authenticated user being able to execute arbitrary SQL queries in MISP.

Continue reading

MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support.

We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes. It includes a rather substantial release of misp-stix, the core Python library for importing and exporting STIX (1, 2.

Continue reading

MISP 2.4.167 released with many improvements, bugs fixed and security fixes.

We are pleased to announce the immediate availability of MISP v2.4.167 with new features and fixes, bugs fixed and a security fix.

Continue reading

Training Video - MISP Best Practices for Encoding Threat Intelligence

MISP Training Video December Edition - Best Practices for Encoding Threat Intelligence and Leveraging the information in MISP to Make Threat Landscape Report Content of Training Session MISP data model introduction Best practices - from evidences to actionable evidences Leveraging the information in MISP to Make Threat Landscape Report Jupyter notebook used during the training session.

Continue reading

Training Video - MISP Workflow

MISP Training Video December Edition - Workflow MISP has been a widely used open source CTI platform for the past decade, with a long list of tools that allow users to customise the data models and contextualisation of the platform, yet true customisation of the actual workflows and processes had to be done externally using custom scripts.

Continue reading

MISP 2.4.166 released with many improvements, bugs fixed and security fixes.

We are pleased to announce the immediate availability of MISP v2.4.166 with new features and fixes, including two critical security fixes.

Continue reading

MISP 2.4.165 released with many improvements, bugs fixed and security fixes.

We are pleased to announce the immediate availability of MISP v2.4.165 with many improvements to the workflow subsystem along with various performance improvements.

Continue reading

Curate events with an organisation confidence level

Quality of threat intelligence When you receive threat intelligence from different sources you quickly realise there is a big difference in the quality of the received information.

Continue reading

SACTI - Secure aggregation of cyber threat intelligence

SACTI: Secure aggregation of cyber threat intelligence Overview Communities can share cyber threat intelligence on platforms, such as MISP. In the H2020 project Prometheus TNO has developed a way to securely aggregate cyber threat intelligence and publish the result on MISP.

Continue reading

MISP 2.4.164 released with new tag relationship feature, improvements and a security fix

We are pleased to announce the immediate availability of MISP v2.4.164 with a new tag relationship features, many improvements and a security fix.

Continue reading

MISP 2.4.163 released with improved periodic notification system and many improvements

We are pleased to announce the immediate availability of MISP v2.4.163 with an updated periodic notification system and many improvements.

Continue reading

MISP 2.4.162 released with a new periodic notification system, workflow updates and many improvements

We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.

Continue reading

MISP Guard

Let’s say that by no means should an attribute of type passport-number leave your MISP instance. Aside from the analyst following best practices when encoding the data, MISP does not have a built-in mechanism to prevent these leaks to happen, but now you can achieve this by using a third-party tool called misp-guard.

Continue reading