Release

MISP 2.4.179 released with a host of improvements a security fix and some new tooling.

November 26, 2023

MISP 2.4.179 released with a host of improvements a security fix and some new tooling.

First baby steps taken towards LLM integration

We currently included our first attempt at an LLM integration for report summarisation and extraction. The development is an outcome of our work with @aaronkaplan during hack.lu 2024 and relies on stochasticCTIExtractor for the extraction and interfacing with LLMs.

Continue reading

MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed.

October 30, 2023

MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed.

Improvements

  • [workflow] Added option to provide a custom JSON in the hashpath picker helper.
  • [workflow] New action modules (blocklist, warninglist, counter…) to add event in the blocklist.
  • [workflow] New trigger event before save.
  • [workflow] Various improvements in the quick hashpath filter.
  • [workflow] Improved webhook to support HTTP request method, headers, payload. It also now supports self-signed certificates.
  • [workflow] Many improvements in debugging and workflow logging.
  • [RestClient/OpenAPI] totp_delete added in query builder and API documentation.
  • [STIX upload] Improved in the galaxies handling including more detailed option while importing STIX 2 and creating galaxies/clusters.

Changes

  • [dashboard-widget:worldmap] Added support of custom scale in widget config.
  • [API even:restSearch] Added support of orgc_id as valid filter.
  • [Auditing] API access time is now stored once per hour by default.
  • [API] includeGranularCorrelations is now exposed in the event RestSearch.

Fixes

  • [API] Add sharinggroup as an allowed parameter in attribute search.
  • [objects:edit] Restored behavior of upgrading object to newer template.
  • Many other fixes check the ChangeLog for detailed changes.

Other improvements

MISP Objects

  • New objects added such as cryptocurrency-transaction and many updates to other objects. For detailed changes, MISP objects changelog.

MISP Galaxy

  • Many new objects such as ammunition, firearms and many updates in threat actor, Sigma and many other. For detailed changes, MISP galaxy changelog

MISP warning-lists

  • Warning-lists updated to the latest version. New warning list with known hostname for lookup source IP of the DNS resolver. MISP warning-lists changelog.

Don’t forget to follow us on Mastodon

The MISP projet has its own Mastodon server misp-community.org - don’t forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

Continue reading

MISP 2.4.177 released with various improvements and bugs fixed.

September 27, 2023

MISP 2.4.177 released with various bugs fixed and improvements.

Improvements

  • [dev] added a shell script to generate the restsearch parameters.
  • [CLI] add command to expire active AuthKeys that do not have an IP allowlist set.
  • [cli] Add command to trigger password change on next login for users with old pw.
  • [Users] add last password change timestamp for users.
  • [workflowModules:event_distribution_operation] Added action module.

Changes

  • [tests] testing disabling the timestamp greater as old timestamp for password changes.

    Continue reading

MISP 2.4.176 released with various improvements and bugs fixed.

September 15, 2023

MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the misp-stix library especially on the storing relationships and the description of relationships in the MISP standard format.

Continue reading

MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

August 24, 2023

MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

Improvements

  • Added support of start_date and end_date options in the MISP dashboard widgets.
  • In the user periodic reporting, allow users to set the number of days to include in the reporting (UI).
  • In the MISP dashboard org Widget, added support for first_half_year and second_half_year timeframe.
  • New enrich object functionality added, in order to allow for the enrichment of a complete MISP object. Used by the SigMF module but this can be used with any expansion modules supporting objects.
  • New feeds added.
  • Improve the diagnostics when an instance does not have internet access or does not use the self-update feature

Bugs fixed

  • Update the CA bundle of the CakePHP submodule maintained by the MISP project.
  • IndexFilter: correct index page filtering is now fixed for ReST requets.
  • Prevent push_rules from being required in API requests to the /server/edit endpoint.
  • The annoying MISP event import bug from JSON has been fixed, you can now import MISP JSON events without the Event key.
  • Various fixes in the MISP dashboard interface.
  • Fix

Security fixes

  • CVE-2023-40224 <= MISP 2.4.174 - allows XSS in app/View/Events/index.ctp. (reported by BeDisruptive OSS Team)
  • CVE-2023-41098 <= MISP 2.4.174 - In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.

Thanks to BeDisruptive OSS Team and Centre for Cyber Security Belgium (CCB) for the reporting.

Continue reading

Search

Tags