Blogs

MISP 2.4.177 released with various improvements and bugs fixed.

September 27, 2023

MISP 2.4.177 released with various bugs fixed and improvements.

Improvements

  • [dev] added a shell script to generate the restsearch parameters.
  • [CLI] add command to expire active AuthKeys that do not have an IP allowlist set.
  • [cli] Add command to trigger password change on next login for users with old pw.
  • [Users] add last password change timestamp for users.
  • [workflowModules:event_distribution_operation] Added action module.

Changes

  • [tests] testing disabling the timestamp greater as old timestamp for password changes.

    Continue reading

MISP 2.4.176 released with various improvements and bugs fixed.

September 15, 2023

MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the misp-stix library especially on the storing relationships and the description of relationships in the MISP standard format.

Continue reading

MISP to Microsoft Sentinel integration with Upload Indicators API

By Koen Van Impe

August 26, 2023

MISP to Microsoft Sentinel integration

Introduction

The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App to connect to Sentinel.

Continue reading

MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

August 24, 2023

MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

Improvements

  • Added support of start_date and end_date options in the MISP dashboard widgets.
  • In the user periodic reporting, allow users to set the number of days to include in the reporting (UI).
  • In the MISP dashboard org Widget, added support for first_half_year and second_half_year timeframe.
  • New enrich object functionality added, in order to allow for the enrichment of a complete MISP object. Used by the SigMF module but this can be used with any expansion modules supporting objects.
  • New feeds added.
  • Improve the diagnostics when an instance does not have internet access or does not use the self-update feature

Bugs fixed

  • Update the CA bundle of the CakePHP submodule maintained by the MISP project.
  • IndexFilter: correct index page filtering is now fixed for ReST requets.
  • Prevent push_rules from being required in API requests to the /server/edit endpoint.
  • The annoying MISP event import bug from JSON has been fixed, you can now import MISP JSON events without the Event key.
  • Various fixes in the MISP dashboard interface.
  • Fix

Security fixes

  • CVE-2023-40224 <= MISP 2.4.174 - allows XSS in app/View/Events/index.ctp. (reported by BeDisruptive OSS Team)
  • CVE-2023-41098 <= MISP 2.4.174 - In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.

Thanks to BeDisruptive OSS Team and Centre for Cyber Security Belgium (CCB) for the reporting.

Continue reading

MISP now supports Signal Metadata Format Specification SigMF

August 23, 2023

As one of the outcomes of GeekWeek8, MISP now supports a new set of features useful for handling radio frequency information in the Signal Metadata Format Specification) (SigMF), commonly used in Software Defined Radio (SDR), digital signal processing and data analysis applications.

Continue reading

MISP 2.4.174 released with major workflow enhancements, new features and fixes

July 31, 2023

We are thrilled to announce the immediate availability of MISP v2.4.174 with significant workflow improvements, accompanied by a host of quality-of-life enhancements and bug fixes.

Continue reading

MISP 2.4.173 released with various bugfixes and improvements

July 11, 2023

We are pleased to announce the immediate availability of MISP v2.4.173 with a new password reset feature, along with a host of quality of life improvements and fixes.

Continue reading

MISP 2.4.172 released with new TOTP/HTOP authentication, many improvements and bugs fixed

June 13, 2023

We are pleased to announce the immediate availability of MISP v2.4.172 with new TOTP/HTOP authentication, many improvements and bugs fixed.

Time-based and Single Use One-time password support (TOTP / HOTP)

New TOTP support are now included in MISP. This functionality works in two modes:

Continue reading

MISP 2.4.171 released with a long list of fixes, a dashboard rework, STIX 2.1 improvements and more

May 18, 2023

We are pleased to announce the immediate availability of MISP v2.4.171 with a long list of fixes, major STIX 2 improvements and an overhaul over the dashboard widget toolkit.

Continue reading

How to push to a TAXII server from MISP

April 29, 2023

If you want to push data from your MISP instance to a TAXII server, there are a few steps you need to follow. Firstly, you’ll need to ensure that your MISP instance is configured to export data in a format that the TAXII server can accept. This typically involves converting the data to STIX 2.x format by using the builtin misp-stix converter. Next, you’ll need to establish a connection between your MISP instance and the TAXII server by configuring the appropriate API and collection endpoints in the MISP sync action. Once this is done, you can initiate the data transfer from your MISP instance to the TAXII server by pushing the searched data to the designated API and collection.

Continue reading

MISP 2.4.170 released with new features, workflow improvements and bugs fixed

April 13, 2023

We are pleased to announce the immediate availability of MISP v2.4.170 with new features, workflow improvements and bugs fixed.

It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.0 and 2.1).

Continue reading

MISP to Azure Sentinel integration

By Koen Van Impe

April 3, 2023

MISP to Azure Sentinel integration

Introduction

The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App and Threat Intelligence Data Connector in Azure.

Continue reading

MISP 2.4.169 released with various improvements and bug fixes.

March 14, 2023

We are pleased to announce the immediate availability of MISP v2.4.169 with various improvements and bug fixes.

It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.0 and 2.1).

Continue reading

MISP and fail2ban

By Sascha Rommelfangen

February 23, 2023

fail2ban - MISP

fail2ban is known to do a great job at giving attackers a hard time when they try to “test” passwords or enumerate users of a service. fail2ban constantly analyses relevant log files and keeps track of IP addresses trying to log into such services. If a configurable threshold is reached, it uses the Linux firewall (Netfilter / iptables) to block the suspected attackers.

Continue reading

Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167)

February 20, 2023

Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167)

Introduction

As of the past 2 months, we’ve received two separate reports of two unrelated SQLi vector vulnerabilities in MISP that can lead to any authenticated user being able to execute arbitrary SQL queries in MISP.

Continue reading

MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support.

February 16, 2023

We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes.

It includes a rather substantial release of misp-stix, the core Python library for importing and exporting STIX (1, 2.0 and 2.1).

Continue reading

MISP 2.4.167 released with many improvements, bugs fixed and security fixes.

December 26, 2022

We are pleased to announce the immediate availability of MISP v2.4.167 with new features and fixes, bugs fixed and a security fix.

Continue reading

Training Video - MISP Best Practices for Encoding Threat Intelligence

December 15, 2022

MISP Training Video December Edition - Best Practices for Encoding Threat Intelligence and Leveraging the information in MISP to Make Threat Landscape Report

Content of Training Session

Jupyter notebook used during the training session.

Continue reading

Training Video - MISP Workflow

December 15, 2022

MISP Training Video December Edition - Workflow

MISP has been a widely used open source CTI platform for the past decade, with a long list of tools that allow users to customise the data models and contextualisation of the platform, yet true customisation of the actual workflows and processes had to be done externally using custom scripts.

Continue reading

MISP 2.4.166 released with many improvements, bugs fixed and security fixes.

November 30, 2022

We are pleased to announce the immediate availability of MISP v2.4.166 with new features and fixes, including two critical security fixes.

Continue reading

Search

Tags