Threat Intelligence

MISP 2.4.185 released with sighting performance improvements, security and bugs fixes

We are happy to announce the immediate availability of MISP 2.4.185. This is mainly a bug fix release resolving several issues as well as tightening the security posture of the org image handling.

Continue reading

MISP 2.4.184 released with performance improvements, security and bugs fixes.

MISP 2.4.184 released with performance improvements, security and bugs fixes. Improvements Speed up improvements in ssdeep correlation and many other parts of MISP.

Continue reading

MISP 2.4.183 released with new ECS log feature, improvements and bugs fixed

MISP 2.4.183 released with a new ECS log feature, improvements and bugs fixed. MISP now supports Elastic Common Schema (ECS) security logging.

Continue reading

MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.

MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix. MISP Core New Features [event:view] Added new option show_server_correlations_for_all_users allowing non-privileged users to view server correlations.

Continue reading

MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes.

MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes. Changes [tools:misp-delegation] Do not use self-documented expression in f-string anymore.

Continue reading

MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements.

MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements. New [api] added X-MISP-AUTH as an alternative header to Authorization, fixes #9418.

Continue reading

MISP 2.4.179 released with a host of improvements a security fix and some new tooling.

MISP 2.4.179 released with a host of improvements a security fix and some new tooling. First baby steps taken towards LLM integration We currently included our first attempt at an LLM integration for report summarisation and extraction.

Continue reading

MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed.

MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed. Improvements [workflow] Added option to provide a custom JSON in the hashpath picker helper.

Continue reading

MISP 2.4.177 released with various improvements and bugs fixed.

MISP 2.4.177 released with various bugs fixed and improvements. Improvements [dev] added a shell script to generate the restsearch parameters. [CLI] add command to expire active AuthKeys that do not have an IP allowlist set.

Continue reading

MISP 2.4.176 released with various improvements and bugs fixed.

MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the misp-stix library especially on the storing relationships and the description of relationships in the MISP standard format.

Continue reading

MISP to Microsoft Sentinel integration with Upload Indicators API

MISP to Microsoft Sentinel integration Introduction The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.

Continue reading

MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

MISP 2.4.175 released with various bugs fixed, improvements and security fixes. Improvements Added support of start_date and end_date options in the MISP dashboard widgets.

Continue reading

MISP now supports Signal Metadata Format Specification SigMF

As one of the outcomes of GeekWeek8, MISP now supports a new set of features useful for handling radio frequency information in the Signal Metadata Format Specification) (SigMF), commonly used in Software Defined Radio (SDR), digital signal processing and data analysis applications.

Continue reading

MISP to Azure Sentinel integration

MISP to Azure Sentinel integration Introduction The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.

Continue reading

MISP and fail2ban

fail2ban - MISP fail2ban is known to do a great job at giving attackers a hard time when they try to “test” passwords or enumerate users of a service.

Continue reading

MISP web scraper

MISP web scraper There are a lot of websites that regularly publish reports on new threats, campaigns or actors with useful indicators, references and context information.

Continue reading

Creating a MISP Object, 101

MISP Objects MISP objects are containers around contextually linked attributes. They support analysts in grouping related attributes and describing the relations that exist between the data points in a threat event.

Continue reading

Create an import script for MISP , step-by-step tutorial

Create an import script for MISP in Python, step-by-step tutorial Script description Example add_github_user.py Here the goal is to push to MISP information gathered on Github.

Continue reading

MISP service monitoring with Cacti

MISP service monitoring with Cacti Introduction A previous post covered how to do MISP service monitoring with OpenNSM. Because having different options is good, this post covers how to achieve similar results with Cacti.

Continue reading

MISP service monitoring (and a bit of healing) with OpenNMS

MISP service monitoring (and a bit of healing) with OpenNMS Introduction: Many organisations adore how quick and easy MISP can be set up.

Continue reading