Blogs

MISP 2.4.100 released (aka happy new year release)

Happy new year! We are so proud of our community which has supported us for the past year and we hope to do even better for 2019. Thanks a lot.

Continue reading

Introducing The New Extended Events Feature in MISP

Introducing Extended Events

We have just released a new feature for MISP that allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events.

Continue reading

Using MISP to share vulnerability information efficiently

Using MISP to share vulnerability information efficiently

Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators, editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or CNA (CVE Numbering Authorities).

Continue reading

Sighting the next level

Sighting is an endless topic of discussion. This is a required feature especially when information or indicators are regularly shared to gather feedback from users said shared data. Adequate sightings can be an incredible source of information in order to describe the life-time of an indicator, its evolution and especially to ensure the understanding of indicators among a group of users using the information to detect, mitigate or block malicious activities in their infrastructures. The potential is endless, potentially being a significant gain for organised communities of infosec professionals sharing information or even serve as a requirement for advanced algorithms ranging from machine learning to reinforcement learning. But to reach such a state of a feedback loop, you first require a functional model of sighting.

Continue reading

Information Sharing Maturity Model

Here at the MISP project, we are practical oriented people. We create software (from MISP core to MISP workbench), develop data models (such as taxonomies, warning-lists and galaxies) and build practical standards to solve information sharing challenges and improve the general state of information sharing. That’s what we strive for. If we lack something, we build it. If we see a requirement, we fullfil it.

Continue reading

Independence and Threat Intelligence Platforms

After the recent news of a Threat Intelligence Platform vendor stopping its activities, we have received some questions about our strategies as a Threat Intelligence Platform.

Continue reading

MISP Internet Drafts Published

We recently released two Internet-Drafts describing the MISP format:

  • misp-core-format - the core JSON format of MISP which describes the Event format including meta-information, attributes, shadow attributes. In addition, the Manifest format which bundles MISP events is described.
  • misp-taxonomy-format - The MISP taxonomy JSON format describes how to define the complete namespace of machine tags in a parseable format.

The misp-rfc project was started to better document and describe MISP formats. The specifications are based from the real implementation cases (code is law). As we received many requests of vendors or software developers willing to integrate MISP. The specifications were designed to support organizations willing to use and integrate MISP formats in their product or software.

Continue reading

MISP Upcoming Activities in October and November 2016

The next months for the MISP core team, it is full of interesting activities and upcoming events.

We will participate to the following events:

Continue reading

Building an OCR import module in MISP

Building an Optical Character Recognition module in MISP

When collecting information from different places, analysts need sometime to perform OCR on documents (like report, faxes, images) to import and correlate the information in their MISP instance. As MISP 2.4.50 introduced a new modular framework for export and import modules, we decided to build a simple OCR service accessible to MISP user on a local instance. This shows how easy you can extend MISP with the new modules framework.

Continue reading

MISP training, “the Brussels Edition”, CIRCL in collaboration with CERT.EU - September 5th 2016

On September 5th 2016 and after 3 successful editions, the MISP (Malware Information and Threat Sharing Platform) training is traveling to Brussels. This workshop is organized by CIRCL in collaboration with CERT-EU and will take place at the European Economic and Social Committee’s premises.

Continue reading

MISP Hackathon 2016

MISP Hackathon 2016

The 4th August 2016, a MISP hackathon will take place in Luxembourg (at the local hackerspace) and also remotely. It’s a great opportunity to meet the team in a friendly atmosphere and work on your favourite information sharing software in order to improve it and make an even better tool.

Continue reading

MISP 2.4.49 released with many improvements and fixes

A version of MISP has been released: 2.4.49 including many bug fixes, updates and improvements.

  • Updates to the MISP module interface to allow a timeout on hover modules and allowing to timeout slow modules queries.
  • Tag restriction functionality added to limit the use of tag to a specific organization.
  • Important fixes in the sharing groups functionality including a new roaming setup.

For more details check the Changelog.

Continue reading