MISP 2.4.163 released with improved periodic notification system and many improvements

We are pleased to announce the immediate availability of MISP v2.4.163 with an updated periodic notification system and many improvements.

Updated periodic notification system

• A new option has been added to set the number of days for the trending calculation.
• New correlation are now showed in the periodic notification.
• Only the top 10 MITRE ATT&CK techniques are displayed and sorted by number of occurrences.
• Layout has been improved in the UI and also in the static email rendering.
• Only show data in the chart for tags having changes over time.

For more information, check out the Periodic summaries - Visualize summaries of MISP data blog.

Continue reading

MISP 2.4.162 released with a new periodic notification system, workflow updates and many improvements

We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.

Continue reading

MISP Guard

Let’s say that by no means should an attribute of type passport-number leave your MISP instance. Aside from the analyst following best practices when encoding the data, MISP does not have a built-in mechanism to prevent these leaks to happen, but now you can achieve this by using a third-party tool called misp-guard.

Continue reading

Periodic summaries - Visualize summaries of MISP data

Periodic summaries - Visualize summaries of MISP data

As of version 2.4.162, MISP includes a periodic summary feature allowing users to consult a summary based on a requested time-frame for data the user has access to.

Continue reading

MISP 2.4.161 released with small improvements and bugs fixed

We are pleased to announce the immediate availability of MISP v2.4.161.

Small improvements

• A new option added to log the last API request of an API key. (Thanks to Tom King for the contribution)
• Overcorrelation features have some new improvements such as:
  • A new tool to generate occurrence counts (real numbers this time)
  • A hook to truncate the over-correlating value table on recorrelation
  • We no longer store the partial counts as occurrences when generating correlations
• Performance improvements in event fetching
• Various performance tuning in the new correlation engine including the full recorrelation

Bugs fixed

• tlp:amber+strict and tlp:clear are now valid tags
• [stix2 import] Better external_references parsing for attack patterns objects

Thanks to all the contributors and users reporting bugs to make the software better.

Continue reading

MISP 2.4.160 released with new workflow feature, new correlation engines and many major improvements

We are pleased to announce the immediate availability of MISP v2.4.160. With the August summer-holiday season kicking into high gear, we have a very special release for you all, containing a long list of major new features, improvements and general quality of life improvements.

Continue reading

MISP web scraper

MISP web scraper

There are a lot of websites that regularly publish reports on new threats, campaigns or actors with useful indicators, references and context information. Unfortunately only a few publish information in an easily accessible and structured format, such as a MISP-feed. As a result, we often find ourself manually scraping these sites, and then copy-pasting this information in new MISP events. These tedious tasks are time-consuming and certainly not the most interesting aspect of CTI-work.

Continue reading

MISP 2.4.159 released with many improvements including performance

We are pleased to announce the immediate availability of MISP v2.4.159. This releases includes many improvements, bug fixes and improvements concerning performance on large datasets.

Continue reading

MISP 2.4.158 security fix and general improvement release

We are pleased to announce the immediate availability of MISP v2.4.158. This release includes a series of security fixes and as such we highly encourage everyone to update to this version as soon as possible.

Continue reading

MISP 2.4.157 released including some usability fixes following the large changes of 2.4.156 along with some improvements

We are pleased to announce the immediate availability of MISP v2.4.157, following a series of bug fixes as a quick follow up to 2.4.156.

Continue reading

MISP 2.4.156 released including a new synchronisation event signing mechanism and many new features

We are pleased to announce the immediate availability of MISP v2.4.156 - a release bringing several new features and fixes two critical vulnerabilities. We highly encourage everyone to update to this version as soon as possible.

Continue reading

MISP 2.4.155 - quick bugfix release

This release is a rapid follow up to v2.4.154, addressing several rather annoying issues

Bugfixes

• Various bugfixes to the sharing group blueprint system (especially to it being more restrictive than intended)
• Updating the DB schema to avoid the diagnostics complaining
• Fixed an issue with organisation meta fields defaulting to null rather than ’’ (causing the blueprint issue mentioned above)
• Rework of the DB schema dumper
• Fixes to the Kali Linux installer

Acknowledgement

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy.

Continue reading

MISP 2.4.154 released including tools for managing rapidly changing communities

MISP 2.4.154 released with a host of new features and fixes, including some new tools that help us navigate the current geo-political landscape when sharing information.

Continue reading

MISP 2.4.153 released with improvements and bugs fixes

MISP 2.4.153 released

• MISP UI translation in Thai added.
• Improved the debugging of the synchronisation, including more meaningful messages in debug logs.
• Significant improvements in the misp-stix library, to support additional import coverage of files along with improvements to the STIX export.
• Improved debugging in the TLS handshake for synchronisation.
• Additional CLI tests for security.
• Markdown-IT library updated to the latest version, including security fixes to version 12.3.2.
• Improvements in the various MISP install scripts.

Many internal improvements and bug fixes.

Continue reading

MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

MISP 2.4.152 released

MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

The LinOTP authentication module has been improved to include a mixed mode where both OTP and MISP’s usual password authentication can be used together.

Continue reading

MISP 2.4.151 released (Black friday threat intel rush release)

MISP 2.4.151 released

MISP 2.4.151 released including a host of bug fixes and a bunch of new features

New features

• New background processor by @righel
• Improvements to the CLI tools
• Bug fixes and improvements

New background processor

• MISP has been using CakeResque for its background jobs for the better part of a decade. Whilst it has served us well, the library has been stale for a long time and carries a (for us) unnecessary complexity and is generally the most difficult part of the application to debug
• Luciano “@righel” Righetti has implemented a completely new, compatible background processing engine using Supervisord
• Queue and execute jobs the same way as you are used to from before, monitor worker progress via the tools provided by supervisord in addition to MISP
• No scheduling capabilities, these were an unnecessary overhead for us before as we relied on corn jobs as our preferred scheduling mechanism anyway
• Expect more improvements to this library over the course of the next months, but feel free to switch to using it already now
• Currently it is completely optional and the old background processor will still be supported for a while
• Be aware that manual setup steps are required to get the new processor working, refer to the upgrade guide on the procedure, if you decide to start using it already now

Various CLI changes

• Jakub Onderka has been doing a fair bit of refactoring and improvement of the CLI libraries
• additional administrative tools added to help monitor and manage your MISP instance (such as redis memory diagnostics, mysql table optimisation tool, etc)

Option to move the system settings to the database

• Traditionally all system config settings were stored in the config.php file, with a new configuration thanks to Jakub Onderka’s implementation the settings can be moved to the database rather than the file.
• This should help with persistence for containerised installations

Various improvements

• The previous version introduced a new STIX library as a replacement for the old one. This change did end up causing some update issues for some installations, the built in updater is now aware of this change and should allow you to easily update via the UI/API updater, with the new STIX library working as intended
• A long list of improvements, thanks to all contributors! For a detailed list of changes, head over to the changelog

MISP Modules

• New Passive SSH expansion expansion module.
• Updated Recorded Future expansion module included links and related data.
• New CIRCL hashlookup expansion module added.

The MISP modules changelog is available.

Continue reading

MISP 2.4.150 released (The "Bloody PKI again" hotfix release)

MISP 2.4.150 released

MISP 2.4.150 released, including a new CA bundle to combat the issues with the Letsencrypt root CA expiration. This is a follow-up release to 2.4.149 and has no other major changes besides pointing to our own repository of the framework that includes the new CA bundle.

Continue reading

MISP 2.4.149 released (Autumn care-package - STIX 2.1 support and Cerebrate integration)

MISP 2.4.149 released

MISP 2.4.149 released including many bugs fixed along with some new and improved functionalities

New features

• First stage of a massive rework of our STIX integration
• Various improvements to the integration with Cerebrate

New STIX libraries

• The first version of a long ongoing project to rework our entire STIX integration has finally been merged, thanks to the tireless work of @chrisr3d
• Our converter libraries have embarked on a path of their own, becoming a standalone repository included by default in MISP, but also serving as a useful tool for anyone looking for a clean way of converting between the MISP standard format and various STIX versions (1.1.1, 1.2, 2.0, 2.1).
• The libraries are still work in progress, but continuously improved, follow misp-stix
• Included is also a detailed documentation, which also serves as a knowledge base for the mapping between the two formats, available under the documentation sub-directory
• From this release on, you have more control over which STIX version is used when exporting STIX data from MISP, by specifying the “stix_version” to be returned (supported versions for STIX 1: 1.1.1 and 1.2. For STIX 2: 2.0 and 2.1)

Cerebrate integration

• Allow the fetching of sharing group data from Cerebrate instances, our new open source tool in development aiming to solve a host of issues revolving around community management and orchestration. Our first official release of the tool is scheduled for the MISP summit coming up this month
• To follow the cerebrate project, head over to its github page
• For the MISP summit to be held on the 21st of October, don’t forget to watch the misp-summit. You can still apply for the Call-for-Presentation.

mail2misp release 1.0

First official release 1.0 of mail2misp, it’s a tool to connect your mail infrastructure to MISP to create events based on the information contained within mail. The solution can be also used to feed MISP instance with honeypot receiving emails.

Continue reading

MISP 2.4.148 released (summer time release)

MISP 2.4.148 released

MISP 2.4.148 released including many bugs fixed along with security fixes. This release fixes CVE-2021-37742 and CVE-2021-37743.

New feature

• added option to block organisation changes at login on ApacheShibbAuth
• Open data export has been refactored
• Fix Suricata export concerning sticky buffers
• ZMQ now includes misp_json_warninglist topic in the pub-sub channels

Acknowledgement

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy .

Continue reading

MISP 2.4.147 released (improvements and bug fixes release)

MISP 2.4.147 released

MISP 2.4.147 released including a massive number of small improvements, bug and security fixes. We strongly recommend all MISP users to upgrade as soon as possible. This release fixes CVE-2021-37534.

Continue reading