MISP 2.4.100 released (aka happy new year release)
Happy new year! We are so proud of our community which has supported us for the past year and we hope to do even better for 2019. Thanks a lot.
Happy new year! We are so proud of our community which has supported us for the past year and we hope to do even better for 2019. Thanks a lot.
We have just released a new feature for MISP that allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events.
Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators, editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or CNA (CVE Numbering Authorities).
Sighting is an endless topic of discussion. This is a required feature especially when information or indicators are regularly shared to gather feedback from users said shared data. Adequate sightings can be an incredible source of information in order to describe the life-time of an indicator, its evolution and especially to ensure the understanding of indicators among a group of users using the information to detect, mitigate or block malicious activities in their infrastructures. The potential is endless, potentially being a significant gain for organised communities of infosec professionals sharing information or even serve as a requirement for advanced algorithms ranging from machine learning to reinforcement learning. But to reach such a state of a feedback loop, you first require a functional model of sighting.
Here at the MISP project, we are practical oriented people. We create software (from MISP core to MISP workbench), develop data models (such as taxonomies, warning-lists and galaxies) and build practical standards to solve information sharing challenges and improve the general state of information sharing. That’s what we strive for. If we lack something, we build it. If we see a requirement, we fullfil it.
After the recent news of a Threat Intelligence Platform vendor stopping its activities, we have received some questions about our strategies as a Threat Intelligence Platform.
We recently released two Internet-Drafts describing the MISP format:
The misp-rfc project was started to better document and describe MISP formats. The specifications are based from the real implementation cases (code is law). As we received many requests of vendors or software developers willing to integrate MISP. The specifications were designed to support organizations willing to use and integrate MISP formats in their product or software.
The next months for the MISP core team, it is full of interesting activities and upcoming events.
We will participate to the following events:
When collecting information from different places, analysts need sometime to perform OCR on documents (like report, faxes, images) to import and correlate the information in their MISP instance. As MISP 2.4.50 introduced a new modular framework for export and import modules, we decided to build a simple OCR service accessible to MISP user on a local instance. This shows how easy you can extend MISP with the new modules framework.
On September 5th 2016 and after 3 successful editions, the MISP (Malware Information and Threat Sharing Platform) training is traveling to Brussels. This workshop is organized by CIRCL in collaboration with CERT-EU and will take place at the European Economic and Social Committee’s premises.
The 4th August 2016, a MISP hackathon will take place in Luxembourg (at the local hackerspace) and also remotely. It’s a great opportunity to meet the team in a friendly atmosphere and work on your favourite information sharing software in order to improve it and make an even better tool.
A version of MISP has been released: 2.4.49 including many bug fixes, updates and improvements.
For more details check the Changelog.
© MISP project. Software released under approved open source licenses and content of this website released as CC BY-SA 3.0.
Template by Bootstrapious. Ported to Hugo by DevCows.