MISP 2.4.100 released (aka happy new year release)
Happy new year! We are so proud of our community which has supported us for the past year and we hope to do even better for 2019. Thanks a lot.
Introducing The New Extended Events Feature in MISP
Introducing Extended Events
We have just released a new feature for MISP that allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events.
Using MISP to share vulnerability information efficiently
Using MISP to share vulnerability information efficiently
Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators, editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or CNA (CVE Numbering Authorities).
Sighting the next level
Sighting is an endless topic of discussion. This is a required feature especially when information or indicators are regularly shared to gather feedback from users said shared data. Adequate sightings can be an incredible source of information in order to describe the life-time of an indicator, its evolution and especially to ensure the understanding of indicators among a group of users using the information to detect, mitigate or block malicious activities in their infrastructures. The potential is endless, potentially being a significant gain for organised communities of infosec professionals sharing information or even serve as a requirement for advanced algorithms ranging from machine learning to reinforcement learning. But to reach such a state of a feedback loop, you first require a functional model of sighting.
Information Sharing Maturity Model
Here at the MISP project, we are practical oriented people. We create software (from MISP core to MISP workbench), develop data models (such as taxonomies, warning-lists and galaxies) and build practical standards to solve information sharing challenges and improve the general state of information sharing. That’s what we strive for. If we lack something, we build it. If we see a requirement, we fullfil it.
Independence and Threat Intelligence Platforms
After the recent news of a Threat Intelligence Platform vendor stopping its activities, we have received some questions about our strategies as a Threat Intelligence Platform.
MISP Internet Drafts Published
We recently released two Internet-Drafts describing the MISP format:
- misp-core-format - the core JSON format of MISP which describes the Event format including meta-information, attributes, shadow attributes. In addition, the Manifest format which bundles MISP events is described.
- misp-taxonomy-format - The MISP taxonomy JSON format describes how to define the complete namespace of machine tags in a parseable format.
The misp-rfc project was started to better document and describe MISP formats. The specifications are based from the real implementation cases (code is law). As we received many requests of vendors or software developers willing to integrate MISP. The specifications were designed to support organizations willing to use and integrate MISP formats in their product or software.
MISP Upcoming Activities in October and November 2016
The next months for the MISP core team, it is full of interesting activities and upcoming events.
We will participate to the following events:
Building an OCR import module in MISP
Building an Optical Character Recognition module in MISP
When collecting information from different places, analysts need sometime to perform OCR on documents (like report, faxes, images) to import and correlate the information in their MISP instance. As MISP 2.4.50 introduced a new modular framework for export and import modules, we decided to build a simple OCR service accessible to MISP user on a local instance. This shows how easy you can extend MISP with the new modules framework.
MISP training, “the Brussels Edition”, CIRCL in collaboration with CERT.EU - September 5th 2016
On September 5th 2016 and after 3 successful editions, the MISP (Malware Information and Threat Sharing Platform) training is traveling to Brussels. This workshop is organized by CIRCL in collaboration with CERT-EU and will take place at the European Economic and Social Committee’s premises.
MISP Hackathon 2016
MISP Hackathon 2016
The 4th August 2016, a MISP hackathon will take place in Luxembourg (at the local hackerspace) and also remotely. It’s a great opportunity to meet the team in a friendly atmosphere and work on your favourite information sharing software in order to improve it and make an even better tool.
MISP 2.4.49 released with many improvements and fixes
A version of MISP has been released: 2.4.49 including many bug fixes, updates and improvements.
- Updates to the MISP module interface to allow a timeout on hover modules and allowing to timeout slow modules queries.
- Tag restriction functionality added to limit the use of tag to a specific organization.
- Important fixes in the sharing groups functionality including a new roaming setup.
For more details check the Changelog.