MISP 2.4.89 released (aka Event graph viewer/editor)
A new version of MISP 2.4.89 has been released including a new MISP event graph viewer/editor, many API improvements and critical bug fixes (including security related bug fixes).
MISP 2.4.88 released (aka Fuzzy hashing correlation, STIX 1.1 import and many API improvements)
A new version of MISP 2.4.88 has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, various API improvements and many bug fixes
MISP 2.4.87 released (aka translate everything, improvements everywhere and more)
A new version of MISP 2.4.87 has been released including a massive contribution enabling support for internationalisation and localisation in the MISP UI (a huge thank to Steve Clement of CIRCL for the tedious work), as well as a host of improvements to the UI, feed and APIs, including bug fixes and speed improvements.
MISP 2.4.86 released (aka sharing groups improvement, large information sharing communities support and more)
A new version of MISP 2.4.86 has been released including improvements to the sharing groups and their respective APIs, granular access control of MISP-modules at an instance-level along with the usual set of bug fixes.
Using MISP to share vulnerability information efficiently
Using MISP to share vulnerability information efficiently
Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators, editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or CNA (CVE Numbering Authorities).
MISP 2.4.85 released (aka feeds and warning-lists improvement and more)
A new version of MISP 2.4.85 has been released including improvements to the feed ingestion performance, warning-list handling and many bug fixes.
MISP 2.4.83 released (aka attributes-level tag filtering and more)
A new version of MISP 2.4.83 has been released including attribute level tag filtering on synchronisation, full audit logging via ZMQ or Syslog, user email domain restriction at the org level, many more improvements and bug fixes.
MISP 2.4.82 released (aka improved pub-sub ZMQ)
A new version of MISP 2.4.82 has been released including an improved publish-subscribe ZMQ format, improvements in the feeds system, sightings are now ingested and synchronised among MISP instances, many bug fixes and export improvements.
MISP 2.4.80 released (aka MISP objects release)
A new version of MISP 2.4.80 has been released including the most awaited MISP objects feature along with other new features, security fix CVE-2017-14337 and improvements.
MISP 2.4.81 released (aka new graphical visualisation and STIX 2.0 export)
A new version of MISP 2.4.81 has been released including a significant rework of the graphical visualisation, support for STIX 2.0 export, multiple bug-fixes and improvements for misp-objects.
MISP 2.4.79 released
A new version of MISP 2.4.79 has been released including an important security fix (persistent XSS on comment field), multiple bug fixes and new functionalities.
MISP 2.4.78 released
A new version of MISP 2.4.78 has been released including an important security fix (if you use sharing groups), multiple bug fixes and some new functionalities.
MISP 2.4.77 released
A new version of MISP 2.4.77 has been released including security fixes, bug fixes and various improvements.
This version includes multiple security fixes reported by cert.govt.nz including:
MISP 2.4.76 released
A new version of MISP 2.4.76 has been released including bug fixes and a set of performance improvements at the ingestion level.
MISP 2.4.75 released
A new version of MISP 2.4.75 has been released including bug fixes and a set of performance improvements.
In this release the most important improvement is performance tuning to improve the day-to-day life of the users. The performance improvements are most explicitly on:
MISP 2.4.74 released
A new version of MISP 2.4.74 has been released including new features, improvements and bug fixes.
The ZeroMQ pub-sub feature has been significantly improved in MISP to allow for a complete flexible notification scheme for a host of actions which take place within a MISP instance, such as:
MISP 2.4.73 released
A new version of MISP 2.4.73 has been released including new features, improvements and bug fixes.
A new module type Cortex has been introduced allowing for easy integration of MISP and Cortex. Cortex is the analysis engine part of the TheHive Project which supports expansion services from Cortex within MISP. A new setting has been added to support Cortex similarly to MISP expansion modules where you set the remote Cortex instance. MISP includes a new Cortex attribute type to allow for the raw analysis to be stored along with the event for subsequent analysis.
MISP 2.4.72 released
A new version of MISP 2.4.72 has been released including improvements and important bug fixes.
Improvements have been introduced to better support large MISP instances:
MISP 2.4.71 released
A new version of MISP 2.4.71 has been released including new features, improvements and important bug fixes.
- Distribution can now be set in the free-text and modules import.
- Password complexity default tightened to allow passphrase-like in addition to password.
- Password regexp (can be considered a CTF-challenge for some users) is now available as a hint.
- API restsearch has been significantly improved allowing to support alternate download types from the restsearch (currently OpenIOC is supported). OpenIOC export and CIDR tool refactored.
- Organisation blacklist is now enabled by default and sample UUIDs/organisations are now blacklisted by default.
- API The “proposal to delete flag” is now available in the API output.
- Improved error handling when failing to add a tag.
- API Event history is now available via the API.
- Set comment field to an empty string in the attributes pre-validation (to avoid null comment field).
- Correlation can now be disabled for site admin even if (s)he is not the owner.
Various bugs fixed in the sharing group synchronisation and delegation. Improvements to the UI popups when using low-resolution (aka potato displays).
MISP 2.4.70 released
A new version of MISP 2.4.70 has been released including new features, improvements and important bug fixes.
- A significant improvement has been introduced to the MISP user-interface to make it more accessible especially for visually impaired users.
- API improvements introduced to allow adding several attributes in one go.
- API extended to support the functionality of adding and editing MISP servers.
- A simple update feature from the user-interface was introduced to ease the update process of MISP.
- New attribute types (hex, sigma and impfuzzy) have been introduced for new misp-objects and to improve the support of the new sigma format. Sigma is a generic signature format for SIEM Systems. This new attribute type will help the development of a sigma converter via misp-modules.
- Test and diagnostic for the MISP server synchronisation has been significantly improved. The old legacy and mangle sync for very old MISP instances (2.3x) has been removed in an effort to make the code cleaner and improve the synchronisation process with recent MISP instances.
Many other bugs fixed and minor features added.