Blogs

MISP 2.4.145 and 2.4.146 released (Improved warning-lists)

MISP 2.4.145 and 2.4.146 released

MISP 2.4.145 and 2.4.146 released including a massive update to the MISP warning-lists, various improvements and security fixes.

Continue reading

MISP 2.4.144 released (Document all the things!)

MISP 2.4.144 released

MISP 2.4.144 released including a massive update to the documentation along with CyCAT.org integration, improvements and fixes including security related fixes.

Continue reading

MISP 2.4.143 released (10 year anniversary edition)

MISP 2.4.143 released

MISP 2.4.143 released including a new audit subsystem, various quality of life improvements and bug fixes.

10 year anniversary

MISP has, as of the 15th of May, turned 10, to celebrate the occasion we have a celebratory MISP logo acting as a temporary replacement of the usual one for the duration of this release.

Continue reading

MISP 2.4.142 released (with new correlation features, UI sync functionality improved and new dashboard widgets)

MISP 2.4.142 released

MISP 2.4.142 released including many new features, a security fix and a long list of quality of life improvements.

Continue reading

MISP 2.4.141 released (Many improvements from email notification, UI, API and installation scripts)

MISP 2.4.141 released

MISP 2.4.141 released including many improvements from email notification, UI, API and installation scripts.

User-Interface

  • [UI] Render galaxy cluster description as markdown.
  • [UI] Show threat level icons on event index.
  • [eventgraph:viewPicture] Allow access to saved picture from the eventgraph history.
  • [eventGraph] Improved object coloring strategy.
  • [UI] fix debugon for debug = 1. fix #7131.
  • [UI] Show number of items in freetext feed.
  • [UI] Make feed event preview nicer.
  • [UI] It is 2021! Removed -moz and -webkit specific CSS properties.
  • [UI] Make some parts of MISP nicer.
  • [UI] Nicer pivots.
  • [UI] Simplify keyboard-shortcuts.js.
  • [UI] Use Page Visibility API.

and many more updates check the changelog for details.

Continue reading

Creating a MISP Object, 101

MISP Objects

MISP objects are containers around contextually linked attributes. They support analysts in grouping related attributes and describing the relations that exist between the data points in a threat event. Combining these objects and relations is something that can then be used to represent the story of what is being told in the threat event.

Continue reading

MISP 2.4.140 released (OpenID support, cross object references in extended events and many improvements)

MISP 2.4.140 released

We have released 2.4.140, the latest release for MISP, introducing a host of new features, including integrations with various authentication systems, various improvements to the handling of objects, CLI improvements as well as a package containing general bug fixes, along with the usual update of the JSON libraries.

Continue reading

MISP 2.4.139 released (Quality of life and bugfix release)

MISP 2.4.139 released

We have released 2.4.139, the latest release for MISP squashes a set of pretty annoying bugs, whilst also adding some shiny new features to play with, along with the usual update of the JSON libraries.

Continue reading

MISP 2.4.138 released (Many improvements including CISA.gov AIS dynamic marking functionality, RSIT galaxy added)

MISP 2.4.138 released

We have released 2.4.138, the latest release for MISP along with an update of the JSON libraries.

Continue reading

MISP 2.4.137 released (New exclusion module for the correlation engine, many improvements and security vulnerabilities resolved)

MISP 2.4.137 released

We have released 2.4.137, a security and bug fix release including a collection of fixes and improvements collected over the past month.

Continue reading

MISP 2.4.136 released (Cerebrate project integration)

MISP 2.4.136 released

Though we’re rather late with the release notes, we did have some goodies to share for the winter festivities, bundled neatly into the 2.4.136 release.

Continue reading

MISP 2.4.135 released (galaxy 2.0)

MISP 2.4.135 released

Don’t let the minor version number change fool you, this release is a game changer for MISP and information sharing in general. Galaxy 2.0 brings about the ability to customise Galaxy clusters (threat-actors, @MITREattack or any knowledge base element) as well as to extend and share it within your community. This release also includes many new improvements such as a new authkey system to better handle your API keys in MISP.

Continue reading

MISP 2.4.134 released (new import extractor for the event report, various improvements and fixes)

MISP 2.4.134 released

In the previous version of MISP, the new Event Report functionality has been introduced to edit, visualise and share reports in Markdown format, which includes the ability to reference elements from within a MISP event.

Continue reading

MISP 2.4.133 released (major improvements such as the markdown report feature and many UI improvements)

MISP 2.4.133 released with major improvements such as the markdown report feature and many UI improvements.

Unstructured/semi-structured report feature

MISP is widely known as a powerful tool to gather, correlate and share information. As a response to the growing information-sharing maturity of the community, more features have been introduced over the past few years to meet analyst skills and requirements.

Continue reading

Event Report - A convenient mechanism to edit, visualize and share reports

Event Report: A convenient mechanism to edit, visualize and share reports

MISP is widely known as a powerful tool to gather, correlate and share information. As a response to the growing information-sharing maturity of the community, more features have been introduced over the past few years to meet analyst skills and requirements.

Continue reading

Create an import script for MISP , step-by-step tutorial

Create an import script for MISP in Python, step-by-step tutorial

Script description

Example add_github_user.py

Here the goal is to push to MISP information gathered on Github. The script add_github_user.py will be used as an example.

Continue reading

MISP 2.4.132 released (security fix CVE-2020-25766 and bugs fixed)

MISP 2.4.132 released

A new version of MISP (2.4.132) has been released with several bugs fixed including an important security fix CVE-2020-25766.

Continue reading

MISP 2.4.131 released (improvements, bug fixes and major update to JavaScript dependencies)

MISP 2.4.131 released

A new version of MISP (2.4.131) has been released with improvements, bug fixes and a major update to JavaScript libraries.

Continue reading

MISP service monitoring with Cacti

MISP service monitoring with Cacti

Introduction

A previous post covered how to do MISP service monitoring with OpenNSM. Because having different options is good, this post covers how to achieve similar results with Cacti. For those not familiar with Cacti: it is a network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality.

Continue reading

MISP 2.4.130 released (Various fixes, performance improvements and new features)

MISP 2.4.130 released

A new version of MISP (2.4.130) has been released with performance improvements, multiple bugs fixed and new features.

Continue reading