MISP

MISP 2.4.204 and 2.5.6 released including new features, performance improvements and many other improvements.

January 13, 2025

Combined Release Notes: MISP v2.5.6 & v2.4.204 (2025-01-03)

The MISP team is excited to announce the release of MISP v2.5.6 and MISP v2.4.204. These updates bring several new features, fixes, and performance improvements to enhance the platform’s usability and efficiency. Here’s a summary of the key changes:

Continue reading

MISP 2.4.203 and 2.5.5 released including new features, improvements and many security improvements.

January 12, 2025

MISP Software Release: Combined Updates for v2.4.203 and v2.5.5

Introduction

We are thrilled to announce the release of MISP v2.4.203 and MISP v2.5.5, bringing a range of new features, improvements, and fixes to enhance the platform’s performance, usability, and security. These updates reflect our ongoing commitment to providing a robust and reliable open-source threat intelligence platform for the community.

Continue reading

MISP 2.4.202 and 2.5.4 released with numerous enhancements including analyst data, bug fixes, and security improvements

December 24, 2024

Changes

Configuration

  • Base URL Setting: Added a new setting to skip base URL coercion for the framework. This resolves issues when running MISP under a subdirectory but may have adverse effects for other setups.

Settings

  • REST Client Settings: Enhanced security by tightening REST client-related settings:
    • rest_client_baseurl is now CLI-only.
    • Updated rest_client_enable_arbitrary_urls description for clarity.
  • Removed Unused Setting: Security.disable_form_security, a legacy setting for testing purposes, has been removed.

Updates

  • Taxonomies, Warning Lists, Objects, Galaxy: Updated to their latest versions.
  • MISP-STIX and PyMISP: Updated to the latest versions.

Analyst Data

  • Analyst Data objects like Notes and Opinions are now flattened lists attached to their data layer instead of nested.
  • Improved handling of analyst data in various endpoints and views.
  • Added new metrics for analyst data and event reports.

UI

  • Minor tweaks and improvements.

Attributes

  • Support for adding combinations of tag collection tags and other tags simultaneously.

Statistics

  • Added metrics for analyst data and event reports.

CI

  • Path fixes and branch updates.

Fixes

Security

  • Resolved multiple vulnerabilities:
    • Stored XSS in JsonTool::encode() used in JavaScript.
    • Tightened template elements endpoint to prevent abuse.
    • File upload process improved to prevent abuse.
    • Prevented TOTP secret logging in audit logs.
  • Updated encoding in the upload_file view element.

Analyst Data

  • Addressed issues with nested data handling and JSON export.
  • Fixed data fetching inconsistencies and restored functionality for viewing nested analyst data.
  • Adjusted deleted flag behavior to improve results consistency.

Miscellaneous

  • Corrected variable definition, CLI arguments, and template index naming.

Other

  • Merge Requests: Integrated various feature and fix branches into 2.4-develop.
  • Community Additions: Added Threatmon MISP Community.
  • Custom Image Path Check: Updated image path validation logic.

This release includes several critical security fixes, updates, and enhancements, improving the overall functionality and stability of MISP. Users are encouraged to update promptly to benefit from the latest improvements and security measures.

Continue reading

MISP v2.5.3 and v2.4.201 released with numerous enhancements, bug fixes, and security improvements to strengthen threat information sharing capabilities.

December 22, 2024

We are excited to announce the latest updates to MISP with versions v2.5.3 and v2.4.201, which bring numerous enhancements, bug fixes, and security improvements to strengthen threat information sharing capabilities. As with any security release, we highly recommend that you update ASAP and inform your partners to do the same.

Continue reading

FlowIntel 1.3.1 released and MISP integration

December 9, 2024

FlowIntel 1.3.1 released and MISP integration

FlowIntel is a lightweight and flexible platform built to help teams manage their tasks and cases efficiently. It offers a range of features, from detailed documentation tools to integration with external platforms, ensuring that workflows remain seamless and adaptable to various needs.

Continue reading

MISP 2.4.200 and 2.5.2 released - Post Hack.lu/CTI-Summit release with many new features

November 19, 2024

The Hack.lu/CTI-Summit once again allowed us to get in touch with the community and sit down to talk about new features and issues to be implemented. As usual, it was a real pleasure to get that much concentrated feedback. In this release, we put a lot of effort trying to fix and create new content as much as possible based on the collected needs of the community.

Continue reading

MISP 2.4.198 released with many bugs fixed, security fixes and improvements.

September 17, 2024

MISP v2.4.198 (2024-09-13)

Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as possible.

Continue reading

MISP 2.4.197 released with many bugs fixed, a security fix and improvements.

September 2, 2024

Release Notes - v2.4.197 (2024-09-02)

New Features

  • Config Option: Added a new configuration option user_org_uuid_in_response_header to include a response header with the requesting user’s organization UUID. [Jeroen Pinoy]
  • Build: Display required STIX dependencies versions during the build process. [Jakub Onderka]
  • Bookmark now supports comment.

Changes

  • Version: Version bump. [iglocska]
  • Warning List: Updated the warning list. [Alexandre Dulaunoy]
  • Taxonomies: Updated to the latest version. [Alexandre Dulaunoy]
  • MISP Galaxy: Updated to the latest version. [Alexandre Dulaunoy]
  • PyMISP: Version bump. [Raphaël Vinot]
  • Internal Logging: Added logging when an event will not be published. [Jakub Onderka]
  • Global Menu - Bookmarks: Added comment field as the dropdown element’s title in the global menu bookmark. [Sami Mokaddem]
  • Database Upgrade - Bookmarks: Upgraded the database to support bookmark comments. [Sami Mokaddem]
  • Bookmark View: Added a missing comma for the new comment function and added a field for comments in the bookmark view. [Jan Z.]
  • Bookmark Index: Added a field to display comments in the bookmarks index. [Jan Z.]
  • Bookmark Add/Edit: Added a field to add and edit comments for bookmarks. [Jan Z.]
  • MISP Object: Updated to the latest version. [Alexandre Dulaunoy]

Fixes

  • UI/Footer: Improved UI footer to avoid confusion for some users. [Alexandre Dulaunoy]
  • IOC Import: Added a check to ensure the provided XML is valid. [Jakub Onderka]
  • Schema: Updated schema version. [Jakub Onderka]
  • UI: Fixed tag popover to return already parsed data. [Jakub Onderka]
  • Bookmarks - Add: Lower-cased the comment field. [Sami Mokaddem]
  • Sightings: Correctly retrieve sightings per the requested event. [Tom King]
  • Bookmarks - Verbose Returns: Fixed an issue with overly verbose returns from bookmarks when shared with the organization. This fix was reported by Sharad Kumar Dahal of Green Tick Nepal Pvt. Ltd. [iglocska] This fixes a security issue recorded as CVE-2024-45509.
  • Feed: When pulling feeds, events are now checked against specified rules if any rules are provided. [Benni0]

Other

  • Merged pull requests addressing issues with unpublished events logging, tag popover parsing, sightings restSearch performance, and STIX dependencies version display. [Jakub Onderka, Andras Iklody, Andrew Hicks]
  • Fixed issues related to sightings restSearch negation of organization ID. [Andrew Hicks]

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

Continue reading

MISP 2.4.196 released with many bugs fixed and improvements.

August 21, 2024

MISP 2.4.196 released with many bugs fixed and improvements.

New Features

  • Decaying Model: Introduced a new DecayingModel that leverages true positive and false positive sightings for better decision-making. [Marcel Slotema]
  • Log Search Enhancement: Added an optional hh:mm:ss accuracy to log searches, allowing for more precise time-based queries. This update also includes significant refactoring to improve code quality. [iglocska]
  • User Log Review: Improved the functionality of the “review user logs” button. It now links directly to logs relevant to the specific user, considering the new audit log system. Future enhancements will include email-based log searches. [iglocska]

Changes

  • PyMISP Update: Updated PyMISP to the latest version. [Raphaël Vinot]
  • Decaying Model Formulas: Enhanced error handling by catching undefined indexes in decaying model formulas. [Sami Mokaddem]
  • Attributes Search: Added support for sorting by publish_timestamp and introduced the X-Skipped-Elements-Count header to improve pagination during REST searches. [Benni0]
  • Reverse Proxy Handling: Fixed issues with base URL handling for reverse proxies, eliminating problematic redirects. Special thanks to Mitch Germansky for the extensive debugging. [iglocska]
  • MISP Components Update: Updated MISP Object, Galaxy, and STIX components to their latest versions. [Alexandre Dulaunoy, Christian Studer]

Fixes

  • STIX 2 Import: Updated the STIX 2 parsers following recent changes in MISP-STIX. [Christian Studer]
  • Base URL Setting: Adjusted the priority order in beforeFilter to avoid redis errors during benchmarking. [iglocska]
  • Image Helper: Allowed for variable-width organization logos without overlapping text. [iglocska]
  • Workflow Module: Ensured correct type return if redis fails to load during workflow:getEnabledModules. [Sami Mokaddem]
  • Settings Management: Fixed multiple issues related to changing instance settings, including improvements to CLI checks. [iglocska]
  • Attribute Search Ordering: Reverted ID-based sliding window ordering due to performance concerns. [iglocska]

Other

  • Merged several development branches to integrate recent changes, updates, and fixes from various contributors. Notably, the branches related to attribute search order, skipped elements count, and environment dependencies were integrated into the main branch. [iglocska, Christian Studer, Sami Mokaddem, Alexandre Dulaunoy, Stefano Ortolani, Andras Iklody]

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

Continue reading

MISP 2.4.195 - hot summer olympic release

August 9, 2024

MISP 2.4.195 - hot summer olympic release

We are pleased to announce the immediate availability of MISP v2.4.195, a summer release aiming to introduce new features, fix a long list of reported bugs and deficiencies as well as give your servers a breather in the scorching summer heat by taking a load off your CPUs thanks to a set of impactful performance fixes.

Continue reading

MISP 2.4.194 released with new functionalities and various bugs fixed

June 21, 2024

MISP 2.4.194 released with new functionalities and various bugs fixed.

New Features

  • Bookmark Functionality:
    • Users can now create bookmarks.
    • Bookmarks can be shared with all users in the same organization.
  • Heartbeat Endpoint:
    • New /users/heartbeat endpoint.
    • Accessible without authentication; returns a 200 response to indicate the instance is operational.
    • Designed for quick checks to see if the instance is up and running.
  • Skip OTP Requirement:
    • New role permission to exclude certain roles from OTP requirements.
    • Useful for filtered, local service accounts.
  • Users API Update:
    • Added a new boolean field indicating whether TOTP is set up for the user.
    • Applicable to /users/view, /admin/users/view, /admin/users/index endpoints.

Changes

  • Various Version Bumps:
    • Updates for misp-stix, schema, PyMISP, warning-lists, misp-galaxy, and misp-objects.
  • Bookmark Improvements:
    • Added title documentation for the exposed_to_org field.
    • Enhanced quick search support for bookmarks.
  • ACL and Schema Updates:
    • Heartbeat added to the ACL component.
    • Updates to schema and mysql.sql.

Fixes

  • Default Roles and Permissions:
    • Added delegation permission for sync user and publisher roles.
    • Readded default roles.
    • Fixed issues with PyMISP tests, default roles, and various editor and ingestion bugs.
  • UI and Functional Fixes:
    • Corrected event report markdown editor to display tags.
    • Included user agent in feed ingestion to address issues with specific feeds.
    • Fixed editing view for galaxycluster blocklist.
    • Readded missing org logo in the decaying model.
    • Corrected JSON response handling in the decaying tool.
    • Fixed object reference links for proper view refocus.
    • Corrected errors in the server edit view.
    • Fixed typo in bookmark description.
    • Adjusted default role settings in mysql.sql.
    • Updated local flag in EventTags to be boolean.
    • Corrected filenames in RHEL background worker migration guide.
    • Improved performance by increasing chunk size for sighting sync.

For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!

Continue reading

MISP 2.4.193 released with many bugs fixed, API improvements and security fixes

June 7, 2024

MISP 2.4.193 released with many bugs fixed, API improvements and security fixes

New

  • [attributes/enrich] endpoint added.

    • Simply post a list of modules you wish to enrich the attribute by.
    • URL: /attributes/enrich/[attribute_id|attribute_uuid]
    • Post body format: {"dns": 1, "foo_bar_baz": 1} listing all modules to execute.

  • [misp-community] MISP-LEA information sharing community added.

    Continue reading

MISP 2.4.192 released with many performance improvement, fixes and updates.

May 7, 2024

New Features

  • Security Enhancements:

    • Ability to disable TOTP/HTOTP when linked to an identity provider with strong authentication.
    • Introduced Fast API Authentication with temporary storage of hashed API keys in Redis to enhance endpoint performance.

  • Logging and Tracking:

    Continue reading

MISP 2.4.190 (and 2.4.191) released with new feed improvement, workflows and a new benchmarking suite.

April 22, 2024

We are excited to announce the release of MISP v2.4.190. This latest version introduces a slew of new features, improvements, and fixes designed to streamline operations and enhance security measures for our users.

Continue reading

MISP 2.4.189 released with bug fixes, performance improvements and a new blocklist feature.

April 12, 2024

We are pleased to announce the immediate release of MISP 2.4.189, released with bug fixes, performance improvements and a new blocklist feature.

Continue reading

MISP - Elastic Stack - Docker Lab

By Luciano Righetti

April 5, 2024

MISP - Elastic Stack - Docker

This lab explains how to connect MISP to the Elastic Stack in order to leverage IOCs from MISP and trigger alerts based on user defined rules.

Continue reading

Partnership Collaboration between the MISP Project and the Yeti Platform

March 28, 2024

The MISP Project, renowned for its threat intelligence sharing platform, and Yeti Platform, the Forensics Intelligence platform supporting CTI and DFIR practitioners, are coming together to create a more robust and interconnected open source landscape.

Continue reading

MISP 2.4.188 released major performance improvements and many bugs fixed.

March 25, 2024

We are pleased to announce the immediate release of MISP 2.4.188, with major performance improvements and many bugs fixed.

New Features

  • Datasource Improvements:
    • Updates to some datasources with the ignoreIndexHint parameter (mysqlExtended, mysqlObserverExtended).
    • Fix for forceIndexHint.
  • Settings:
    • Added setting to temporarily disable the loading of sightings via the API (affects restsearch and /events/view endpoints). This helps with performance issues caused by large sighting data sets.

Changes

  • PyMISP:
    • Multiple version bumps.
  • Version and Internal Updates:
    • General version bump.
    • Improved error handling and marking BadRequestException as fail log in CI.
    • Attempt to fix a failing test.
    • Updated misp-galaxy, misp-object, and warning-lists.
  • Attribute Search Rework:
    • Significant performance improvement when using MysqlExtended or MysqlObserverExtended data sources.
    • Event level lookup moved to subqueries for faster queries.
    • Ignoring the deleted index to improve speed.
  • OpenAPI Updates:
    • Added content for analyst-data and event-reports.
  • Sighting Policy Support:
    • Added support of sighting policy in sightings:getLastSighting.
  • Attribute Search Performance:
    • Improved performance of includeDecayScore by a factor of 5.
  • Attribute Fetch Refactor:
    • Simplified conditions and optimizations.

Fixes

  • Attribute Search:
    • Enforced unpublishedprivate directive.
  • Internal Error Handling:
    • Error handling improvements in AttachmentScan.
  • CurlClient HEAD Request:
    • Added CURLOPT_NOBODY for HEAD requests.
  • CLI and ECS Updates:
    • Fix for redisReady in dragonfly.
    • Change type from Exception to Throwable in ECS.
  • OIDC:
    • Default organization handling if not provided by OIDC.
  • Publishing and Sync Issues:
    • Fix for publishing and sync errors.
  • Performance Improvements:
    • Bulk loading of analyst data to speed up event loading.
  • UI Update:
    • Added MISP.email_reply_to to server config.

Other

  • Multiple merges of branches and updates.
  • Fixes and changes in misp-stix, attachment scan error handling, OIDC default org handling, alert email titles, shadow attribute handling, and community additions (ICS-CSIRT.io).

Community and Contribution Updates

Details changes are available in Changelog.

Continue reading

MISP 2.4.187 released with security fixes, new features and bugs fixes.

March 24, 2024

We are pleased to announce the immediate release of MISP 2.4.187, including security fixes, new features and bugs fixes.

New Features

  • CLI Enhancements:
    • Added org list to shell commands.
    • New command to change user role.
    • Fixes to role management.
  • OIDC Update:
    • New option OidcAuth.update_user_role to disable role changes from OIDC.

Changes

  • Version and Software Updates:
    • Version bump.
    • Updates to PyMISP, misp-galaxy, misp-warninglists, misp-objects, and taxonomies.
  • Internal Updates:
    • Added ext-zstd to suggested PHP extensions.
    • Fixed non-focusable relationship dropdown search field in analyst data.

Fixes

  • General Fixes:
    • Corrected variable unset in events:restsearch to prevent attribute override.
    • Ensured sync pulls continue after an event save failure.
    • Database update fixes for older MySQL versions.
    • Improved API consistency.
    • Fixed pulling from remote servers when analyst data is not supported.
    • Logging fix for removeTagFromObject().
    • Security improvements for file and logo uploads. (Thanks to Rémi Matasse and Raphael Lob from Synacktiv for the report)
      • CVE-2024-29859 < MISP 2.4.187 - add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
      • CVE-2024-29858 < MISP 2.4.187 - __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
    • Correct message display when disabling a galaxy.
  • CLI Updates:
    • Added new functionalities including listing roles and creating users.

Details changes are available in Changelog.

Continue reading

Introducing Standalone Functionality to MISP Modules - A New Era of Flexibility and Efficiency

March 12, 2024

Introducing Standalone Functionality to MISP Modules: A New Era of Flexibility and Efficiency

In the ever-evolving landscape of information security, the need for adaptable and efficient tools has never been greater. The MISP project, known for facilitating the sharing of structured threat information, has taken a significant leap forward. We’re excited to announce a pivotal enhancement to the misp-modules, a collection of modules for MISP, extending their functionality to operate not only as an integral part of MISP but also as a standalone web application.

Continue reading

Search

Tags