MISP - MISP 2.4.142 released (with new correlation features, UI sync functionality improved and new dashboard widgets)

2021-04-27T01:00:00+00:00

MISP 2.4.142 released MISP 2.4.142 released including many new features, a security fix and a long list of quality of life improvements.

MONARC - MONARC 2.10.3 released

2021-05-11T23:00:00+00:00

Release 2.10.3 of MONARC

MISP - MISP 2.4.143 released (10 year anniversary edition)

2021-05-14T23:00:00+00:00

MISP 2.4.143 released

MISP 2.4.143 released including a new audit subsystem, various quality of life improvements and bug fixes.

10 year anniversary

MISP has, as of the 15th of May, turned 10, to celebrate the occasion we have a celebratory MISP logo acting as a temporary replacement of the usual one for the duration of this release.

It has been a long road since Christophe Vandeplas released the initial version of CyDefsig (later renamed to MISP) in 2011. We would hereby like to thank all contributors and supporters for making MISP what it is today. Looking back at how the tooling and the communities evolved over the decade, we can see how threats and threat intelligence has changed and evolved over the years, molding the platform in the process. Here’s to at least another 10 years of active sharing and bringing communities together!

New audit system

Thanks to @JakubOnderka, we now have a whole new audit system, storing relevant audit logs in a more concise yet easily machine-parsable way (all changes will be logged as JSON objects). This feature is disabled by default and needs to be enabled in the server settings, though keep in mind that it will not convert existing entries. Especially for new instances, we highly recommend switching to the new system!

Event republish-alert flood protection

As our communities grow and we all build our own internal tooling for processing data in MISP, the more likely it is to run into some slightly frustrating issues. One such issue we’ve encountered recently came from a tool that seems to have regularly (and frequently!) modified certain events and republished them consecutively. This in itself is not an issue, however, it can generate a lot of noise in terms of alert emails. We have now added a protective measure to counter this, make sure you have a look at the appropriate settings to create lockout timers for alerts that can be issued for a single event.

Improvements

Event report hints autocomplete while typing in the Markdown has been improved
Server rules element improved
MISP modules results now point to the original object itself

MISP Modules

Two new MISP modules were introduced:

cof2misp module to allow the import of Passive DNS in JSON COF Format into MISP
An improved onyphe module to do expansion in MISP with full MISP object support

Acknowledgement

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy .

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.143 released (10 year anniversary edition)

2021-05-15T01:00:00+00:00

MISP 2.4.143 released MISP 2.4.143 released including a new audit subsystem, various quality of life improvements and bug fixes. 10 year anniversary MISP has, as of the 15th of May, turned 10, to celebrate the occasion we have a celebratory MISP logo acting as a temporary replacement of the usual one for the duration of this release.

MISP - MISP 2.4.144 released (Document all the things!)

2021-06-06T23:00:00+00:00

MISP 2.4.144 released

MISP 2.4.144 released including a massive update to the documentation along with CyCAT.org integration, improvements and fixes including security related fixes.

OpenAPI integration

We have a new core team member at MISP Project, Luciano (@righel), who kicked off his tenure with an impressive mapping of all the most important endpoints of MISP to OpenAPI. As of this release, the API documentation is directly available in MISP, along with example payloads and responses. You can also find this information directly on the misp-project website. To all integrators and developers wrangling with the API, we highly recommend you take a look at the API menu in MISP and we wish you happy and headache-free hacking!

New diagrams and descriptions

Thanks to the thorough investigations of @mokaddem, we now have the entire synchronisation and authentication flows of MISP mapped in an easy to understand graph - both of these are included as of now directly in your MISP installation, so if you’re in doubt about what’s going on under the hood, but don’t feel adventurous enough to replace your night time reading materials with a hefty chunk of PHP code, have a look at the new graphs!

CyCAT integration v1

CyCAT is a new initiative built by a group of individuals with the aim of cataloguing all the techniques and libraries around cyber-security, mostly with the selfish desire to make their own confusing lives easier (along with all those that are in a similar situation). As of this release, you’ll be able to enable a first version of the CyCAT integration in MISP directly, allowing you to directly see relations to your galaxy clusters via CyCAT’s own relationship system, giving you an extra layer of background information with the clusters already in use.

If you are interested in CyCAT and what it can do for you, head over to the CyCAT website.

To enable the CyCAT integration, got to the Plugin settings and enable the feature.

Improvements

Various quality of life improvements and bug fixes, related to synchronisation, sharing groups, event reports and more!
A security fix that would under certain circumstances result in attributes of an object being misassociated to the wrong sharing group after synchronisation. A massive thank you to Jeroen Pinoy for his diligent work in uncovering this issue!

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.144 released (Document all the things!)

2021-06-07T01:00:00+00:00

MISP 2.4.144 released MISP 2.4.144 released including a massive update to the documentation along with CyCAT.org integration, improvements and fixes including security related fixes.

MONARC - MONARC 2.10.4 released

2021-06-23T23:00:00+00:00

Release 2.10.4 of MONARC

MISP - MISP 2.4.145 and 2.4.146 released (Improved warning-lists)

2021-07-04T23:00:00+00:00

MISP 2.4.145 and 2.4.146 released

MISP 2.4.145 and 2.4.146 released including a massive update to the MISP warning-lists, various improvements and security fixes.

MISP warning-lists improvements.

Warning lists system has been significantly improved (thanks to Jakub Onderka).

Custom warning lists can be created and managed in the MISP user-interface
Warning lists can be now imported via the API
Warning lists changes are exported in the ZMQ channel
Warning lists include new categories to describe the scope

New features

Summary email notification

Email notifications have received a new configuration setting: New event summaries only. This feature publishes the normal alert reports excluding attributes and objects, thereby only describing a summary of the alert. This can be used when encryption cannot be enabled and organisations still require email alerting.

Documentation

New documentation has been added to describe the session and cookie handling in MISP.

API

Thanks to a new feature, you can now create read only authentication keys (don’t forget to enable the advanced authentication key feature for this to work).

Security Fixes

Various fixes regarding XSS and potential escaping issues including CVE-2021-35502.

Thanks to the reporters including Nicolas Vidal from TEHTRIS.

Various improvements

[OpenAPI] - Missing return formats added to the documentation
[server caching] only push data to redis / logs if there’s something to push
[attribute] validation tightened for empty strings. A value containing only control characters will now be blocked from entry.
[feeds] Added 3 daily feeds (ssh bruteforce, telnet bruteforce, URLs seen) from the APNIC Community Honeynet Project

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.145 and 2.4.146 released (Improved warning-lists)

2021-07-05T01:00:00+00:00

MISP 2.4.145 and 2.4.146 released MISP 2.4.145 and 2.4.146 released including a massive update to the MISP warning-lists, various improvements and security fixes.

MISP - MISP 2.4.147 released (improvements and bug fixes release)

2021-07-26T23:00:00+00:00

MISP 2.4.147 released

MISP 2.4.147 released including a massive number of small improvements, bug and security fixes. We strongly recommend all MISP users to upgrade as soon as possible. This release fixes CVE-2021-37534.

Sync improvements

Many improvements were done in the synchronisation such as:

When saving sightings, only push the new sightings.
Filter out existing sightings if remote sever supports that method.
Check if event exists before pushing.
Check event existence before pushing sightings.
Optimise event filtering.

API/CLI

Many improvements in the API and CLI.

This release also includes refactoring of various forms to support future major improvements in MISP.

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.147 released (improvements and bug fixes release)

2021-07-27T01:00:00+00:00

MISP 2.4.147 released MISP 2.4.147 released including a massive number of small improvements, bug and security fixes. We strongly recommend all MISP users to upgrade as soon as possible.

MISP - MISP 2.4.148 released (summer time release)

2021-08-08T23:00:00+00:00

MISP 2.4.148 released

MISP 2.4.148 released including many bugs fixed along with security fixes. This release fixes CVE-2021-37742 and CVE-2021-37743.

New feature

added option to block organisation changes at login on ApacheShibbAuth
Open data export has been refactored
Fix Suricata export concerning sticky buffers
ZMQ now includes misp_json_warninglist topic in the pub-sub channels

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.148 released (summer time release)

2021-08-09T01:00:00+00:00

MISP 2.4.148 released MISP 2.4.148 released including many bugs fixed along with security fixes. This release fixes CVE-2021-37742 and CVE-2021-37743.

MONARC - MONARC 2.11.0 released

2021-09-01T23:00:00+00:00

Release 2.11.0 of MONARC

MISP - MISP 2.4.149 released (Autumn care-package - STIX 2.1 support and Cerebrate integration)

2021-10-10T23:00:00+00:00

MISP 2.4.149 released

MISP 2.4.149 released including many bugs fixed along with some new and improved functionalities

New features

First stage of a massive rework of our STIX integration
Various improvements to the integration with Cerebrate

New STIX libraries

The first version of a long ongoing project to rework our entire STIX integration has finally been merged, thanks to the tireless work of @chrisr3d
Our converter libraries have embarked on a path of their own, becoming a standalone repository included by default in MISP, but also serving as a useful tool for anyone looking for a clean way of converting between the MISP standard format and various STIX versions (1.1.1, 1.2, 2.0, 2.1).
The libraries are still work in progress, but continuously improved, follow misp-stix
Included is also a detailed documentation, which also serves as a knowledge base for the mapping between the two formats, available under the documentation sub-directory
From this release on, you have more control over which STIX version is used when exporting STIX data from MISP, by specifying the “stix_version” to be returned (supported versions for STIX 1: 1.1.1 and 1.2. For STIX 2: 2.0 and 2.1)

Cerebrate integration

Allow the fetching of sharing group data from Cerebrate instances, our new open source tool in development aiming to solve a host of issues revolving around community management and orchestration. Our first official release of the tool is scheduled for the MISP summit coming up this month
To follow the cerebrate project, head over to its github page
For the MISP summit to be held on the 21st of October, don’t forget to watch the misp-summit. You can still apply for the Call-for-Presentation.

mail2misp release 1.0

First official release 1.0 of mail2misp, it’s a tool to connect your mail infrastructure to MISP to create events based on the information contained within mail. The solution can be also used to feed MISP instance with honeypot receiving emails.

Various improvements

A long list of improvements, massive thanks to @JakubOnderka for the continuous stream of improvements and quality of life changes
Thanks to the work of @righel, our OpenAPI documentation is becoming more and more complete, now covering a long list of the more exotic endpoints and options

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.149 released (Autumn care-package - STIX 2.1 support and Cerebrate integration)

2021-10-11T01:00:00+00:00

MISP 2.4.149 released MISP 2.4.149 released including many bugs fixed along with some new and improved functionalities New features First stage of a massive rework of our STIX integration Various improvements to the integration with Cerebrate New STIX libraries The first version of a long ongoing project to rework our entire STIX integration has finally been merged, thanks to the tireless work of @chrisr3d Our converter libraries have embarked on a path of their own, becoming a standalone repository included by default in MISP, but also serving as a useful tool for anyone looking for a clean way of converting between the MISP standard format and various STIX versions (1.

MISP - MISP 2.4.150 released (The “Bloody PKI again” hotfix release)

2021-10-11T23:00:00+00:00

MISP 2.4.150 released

MISP 2.4.150 released, including a new CA bundle to combat the issues with the Letsencrypt root CA expiration. This is a follow-up release to 2.4.149 and has no other major changes besides pointing to our own repository of the framework that includes the new CA bundle.

Sync issues due to the expiration of a Letsencrypt root CA

As described in their blog post, Letsencrpyt had to retire an old Root CA, meaning that that SSL connections when synchronising MISP with other instances would fail if the remote side used letsencrypt. This update includes a new CA bundle that should help you avoid any issues with this.# Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.150 released (The "Bloody PKI again" hotfix release)

2021-10-12T01:00:00+00:00

MISP 2.4.150 released MISP 2.4.150 released, including a new CA bundle to combat the issues with the Letsencrypt root CA expiration.

MONARC - MONARC 2.11.1 released

2021-10-27T23:00:00+00:00

Release 2.11.1 of MONARC

MISP - MISP 2.4.151 released (Black friday threat intel rush release)

2021-11-22T23:00:00+00:00

MISP 2.4.151 released

MISP 2.4.151 released including a host of bug fixes and a bunch of new features

New features

New background processor by @righel
Improvements to the CLI tools
Bug fixes and improvements

New background processor

MISP has been using CakeResque for its background jobs for the better part of a decade. Whilst it has served us well, the library has been stale for a long time and carries a (for us) unnecessary complexity and is generally the most difficult part of the application to debug
Luciano “@righel” Righetti has implemented a completely new, compatible background processing engine using Supervisord
Queue and execute jobs the same way as you are used to from before, monitor worker progress via the tools provided by supervisord in addition to MISP
No scheduling capabilities, these were an unnecessary overhead for us before as we relied on corn jobs as our preferred scheduling mechanism anyway
Expect more improvements to this library over the course of the next months, but feel free to switch to using it already now
Currently it is completely optional and the old background processor will still be supported for a while
Be aware that manual setup steps are required to get the new processor working, refer to the upgrade guide on the procedure, if you decide to start using it already now

Various CLI changes

Jakub Onderka has been doing a fair bit of refactoring and improvement of the CLI libraries
additional administrative tools added to help monitor and manage your MISP instance (such as redis memory diagnostics, mysql table optimisation tool, etc)

Option to move the system settings to the database

Traditionally all system config settings were stored in the config.php file, with a new configuration thanks to Jakub Onderka’s implementation the settings can be moved to the database rather than the file.
This should help with persistence for containerised installations

Various improvements

The previous version introduced a new STIX library as a replacement for the old one. This change did end up causing some update issues for some installations, the built in updater is now aware of this change and should allow you to easily update via the UI/API updater, with the new STIX library working as intended
A long list of improvements, thanks to all contributors! For a detailed list of changes, head over to the changelog

MISP Modules

New Passive SSH expansion expansion module.
Updated Recorded Future expansion module included links and related data.
New CIRCL hashlookup expansion module added.

The MISP modules changelog is available.

MISP Taxonomies

Updated taxonomies for Interactive Cyber Training setup and environment.
Updated fr-classification to match IGI1300.

MISP Taxonomies changelog is available.

MISP Galaxy

Updated to MITRE ATT&CK version 10.
Multiple updates in malpedia, threat actor galaxy and Office 365 techniques.

MISP Galaxy changelog

MISP Objects

New JA3 server object added.
New Security playbook object added.
New submarine object added
New Passive SSH object added.
Updated device object.
New hashlookup object added.
New edr-report object added.

MISP objects changelog

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

MISP - MISP 2.4.151 released (Black friday threat intel rush release)

2021-11-23T00:00:00+00:00

MISP 2.4.151 released MISP 2.4.151 released including a host of bug fixes and a bunch of new features New features New background processor by @righel Improvements to the CLI tools Bug fixes and improvements New background processor MISP has been using CakeResque for its background jobs for the better part of a decade.

MISP - MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

2021-12-21T23:00:00+00:00

MISP 2.4.152 released

MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

The LinOTP authentication module has been improved to include a mixed mode where both OTP and MISP’s usual password authentication can be used together.

The timelining has been improved in several ways, such as the inclusion of images from objects, as well as various improvements in the timeline’s sighting view. Several bugs were affecting this feature have also been fixed.

A new optional synchronisation filtering has been added to allow for the removal of specific attribute or object types when syncing. The functionality is meant to be used by the final recipient organisations of a synchronisation chain, in order to filter out specific types of information due to legal or specific internal policies. The filtering feature is disabled by default and needs to be enabled in the general configuration. This feature is for ISACs or consumer organisations, not redistributing information to other MISP communities.

A new STIX 1 and 2 export for attribute restSearch has been added in complement to the existing event export in STIX 1 and 2. The export works just like the other event level STIX export, all you need to do is specify the given STIX format as the return type when querying the attribute restSearch endpoint.

Many internal improvements and bugs fixed.

MISP Modules

New Qintel sentry module added.
CIRCL hashlookup expansion SHA-256 support added.

The MISP modules changelog is available.

MISP Taxonomies

New political spectrum taxonomy added.
Improvement in exercise taxonomy.
New deception taxonomy added.

MISP Taxonomies changelog is available.

MISP Galaxy

New matrix CONCORDIA Mobile Modelling Framework - Attack Pattern added (thanks to Concordia H2020 project).
Many update in threat actor, RAT and tools galaxy.

MISP Galaxy changelog

MISP Objects

New Concordia intrusion set object.
New temporal event object.
Many improvements in user, person, postal-address, email object.
New relationships added such as found-in, works-with, drives.

MISP objects changelog

Acknowledgement

As always, a detailed and complete changelog is available with all the fixes, changes and improvements in MISP core.

MISP - MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

2021-12-22T00:00:00+00:00

MISP 2.4.152 released MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more. The LinOTP authentication module has been improved to include a mixed mode where both OTP and MISP’s usual password authentication can be used together.

MISP - Contributing to MISP Project

2022-02-02T05:00:03.864940+00:00

Contributing to MISP Project MISP project is a large free software project composed of multiple sub-projects which are contributed by different contributors who are generally active users of the MISP project.

MISP - COVID-19 MISP

2022-02-02T05:00:03.869208+00:00

COVID-19 MISP Information Sharing Community COVID-19 MISP is a MISP instance retrofitted for a COVID-19 information sharing community, focusing on two areas of sharing:

MISP - Download

2022-02-02T05:00:03.873695+00:00

Download and Install MISP MISP source code is available on GitHub including documentation and scripts for installation. ChangeLog contains a detailed list of updates for each software release in the core of the MISP software.

MISP - Events around MISP

2022-02-02T05:00:03.877932+00:00

MISP Events Want to join us at an event, discuss opportunities or projects around the MISP project, share your experience about threat intelligence or discuss how MISP could be improved to support security professionals?

MISP - Events around MISP - Next webinar with partners

2022-02-02T05:00:03.882208+00:00

CRAWL, WALK, RUN series – Farsight Security / MISP webinars In this three-parts webinar series Farsight Security and CIRCL will provide an overview of Farsight’s Passive DNS data, how historical Passive DNS objective observations can be used to uncover malicious activities going back in time.

MISP - Help, Support, and Forums

2022-02-02T05:00:03.899911+00:00

Help, Support, and Forums Help and support for MISP is available from the documentation, GitHub issues, and Gitter rooms which are explained below.

MISP - How MISP enables stakeholders identified by the NISD to perform key activities

2022-02-02T05:00:03.904213+00:00

How MISP enables stakeholders identified by the NISD to perform key activities Network and Information Security (NIS) means ‘the ability of a network or an information system to resist accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of data and the related services’ .

MISP - Information sharing and cooperation enabled by GDPR

2022-02-02T05:00:03.908402+00:00

Information sharing and cooperation enabled by GDPR Version: 1.1 - Tuesday, 30 January 2018 Introduction The General Data Protection Regulation (GDPR) aims to reduce legal uncertainty and limit the interpretations by setting out clear rules and conditions for the processing and sharing of personal data as well as the protection of natural persons with regard to the processing of personal data.

MISP - MISP as supporting platform for sharing information, following ISO/IEC 27010:2015

2022-02-02T05:00:03.912924+00:00

MISP as supporting platform for sharing information, following ISO/IEC 27010:2015 Malicious cyber actors are becoming more organised, growing smarter and becoming more sophisticated, which is rendering traditional defence methods and tools significantly less effective in dealing with the constantly new threats appearing on the horizon.

MISP - MISP Communities and MISP Feeds

2022-02-02T05:00:03.917196+00:00

MISP Communities MISP is an open source software and it is also a large community of MISP users creating, maintaining and operating communities of users or organizations sharing information about threats or cyber security indicators worldwide.

MISP - MISP contributors per repository

2022-02-02T05:00:03.921541+00:00

Contributors Top contributors per commit MISP The repository MISP is part of the MISP project and has the following top contributors

MISP - MISP data models - MISP core format - MISP taxonomies

2022-02-02T05:00:03.926124+00:00

MISP is not only a software but also a series of data models created by the MISP community. MISP includes a simple and practical information sharing format expressed in JSON that can be used with MISP software or by any other software.

MISP - MISP Default Feeds

2022-02-02T05:00:03.930510+00:00

MISP includes a set of public OSINT feeds in its default configuration. The feeds can be used as a source of correlations for all of your events and attributes without the need to import them directly into your system.

MISP - MISP Documentation and Support

2022-02-02T05:00:03.934867+00:00

MISP Documentation The MISP documentation is maintained in the misp-book project. The documentation is in git book format and we welcome contribution.

MISP - MISP features and functionalities

2022-02-02T05:00:03.939443+00:00

Features of MISP, the open source threat sharing platform. A threat intelligence platform for sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information.

MISP - MISP Model of Governance

2022-02-02T05:00:03.943766+00:00

MISP Model of Governance MISP project is a large open source project with the goal to make viable tools and format to improve information sharing at large.

MISP - MISP OpenAPI spec

2022-02-02T05:00:03.948076+00:00

MISP - MISP Professional Services

2022-02-02T05:00:03.952628+00:00

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project.

MISP - MISP, Overview of the licenses used in the MISP Project (software, libraries and knowledge base)

2022-02-02T05:00:03.957044+00:00

MISP, Overview of the licenses used in the MISP Project (software, libraries and knowledge base) The MISP project is a large open source project, aiming to support and improve information sharing and threat intelligence analysis at large.

MISP - MISP, press

2022-02-02T05:00:03.961379+00:00

Announcements and press releases The general purpose announcements that we publish are available on the news page. Write us an email at info@misp-project.

MISP - MISP, research projects

2022-02-02T05:00:03.969911+00:00

Project (1) Pauline Bourmeau - The Social Perspective in the Intelligence Activity among Information Sharing Communities - CNAM Paris (Supervisor Philippe Baumard).

MISP - Open Source Security hackathon - Monday 25th October 2021 and Tuesday 26th October 2021

2022-02-02T05:00:03.974142+00:00

Open Source Security hackathon - Monday 25th October 2021 and Tuesday 26th October 2021 CIRCL in collaboration with the MISP Project is organising the 5th Open Source Security Software Hackathon, which will take place over two days, on Monday 25th October 2021 and Tuesday 26th October 2021.

MISP - Security Advisories and Reporting Security Vulnerabilities

2022-02-02T05:00:03.978495+00:00

Reporting security vulnerabilities for MISP or related MISP project repositories Reporting security vulnerabilities is of great importance for us, as MISP is used in multiple critical infrastructures.

MISP - Tools

2022-02-02T05:00:03.982985+00:00

Software and Tools Many open source and proprietary tools integrate MISP support (MISP format or API) in order to extend their tools or MISP itself.

MISP - Virtual MISP Summit 0x06 - 21st October 2021

2022-02-02T05:00:03.987122+00:00

Virtual MISP Summit 0x06 - Thursday 21st October 2021 On Thursday 21st October 2021, the 6th MISP summit will take place online.

MISP - Who

2022-02-02T05:00:03.991277+00:00

Who is behind the MISP project? The core team behind the MISP project is composed of motivated people who think that information sharing can be improved and supported by creating practical open source tools, open format and practises.

MISP - MISP 2.4.153 released with improvements and bugs fixes

2022-02-04T00:00:00+00:00

MISP 2.4.153 released MISP UI translation in Thai added. Improved the debugging of the synchronisation, including more meaningful messages in debug logs.

MISP - MISP Commercial Support

2022-02-08T05:00:03.423943+00:00

MISP Commercial Support is an overview of trusted commercial partners providing support for MISP. MISP project also provides MISP Professional Services (MSP) if you want to directly support the MISP project and ensure its sustainability.

MISP - MISP 2.4.154 released including tools for managing rapidly changing communities

2022-03-02T00:00:00+00:00

MISP 2.4.154 released with a host of new features and fixes, including some new tools that help us navigate the current geo-political landscape when sharing information.

MISP - MISP 2.4.155 - quick bugfix release

2022-03-03T00:00:00+00:00

This release is a rapid follow up to v2.4.154, addressing several rather annoying issues Bugfixes Various bugfixes to the sharing group blueprint system (especially to it being more restrictive than intended) Updating the DB schema to avoid the diagnostics complaining Fixed an issue with organisation meta fields defaulting to null rather than ’’ (causing the blueprint issue mentioned above) Rework of the DB schema dumper Fixes to the Kali Linux installer Acknowledgement We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

MISP - MISP 2.4.156 released including a new synchronisation event signing mechanism and many new features

2022-03-18T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.156 - a release bringing several new features and fixes two critical vulnerabilities.

MISP - MISP 2.4.157 released including some usability fixes following the large changes of 2.4.156 along with some improvements

2022-03-25T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.157, following a series of bug fixes as a quick follow up to 2.

MISP - MISP 2.4.158 security fix and general improvement release

2022-04-20T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.158. This release includes a series of security fixes and as such we highly encourage everyone to update to this version as soon as possible.

MISP - MISP 2.4.159 released with many improvements including performance

2022-05-30T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.159. This releases includes many improvements, bug fixes and improvements concerning performance on large datasets.

MONARC - MONARC 2.12.1 released

2022-06-21T23:00:00+00:00

Release 2.12.1 of MONARC

MONARC - MONARC 2.12.2 released

2022-06-28T23:00:00+00:00

Release 2.12.2 of MONARC

MISP - Sizing your MISP instance

2022-07-01T04:00:05.063063+00:00

Sizing your MISP instance Sizing a MISP instance highly depends on how the instance will be used. The number of users, data ingested, data points used, number of events, number of correlations and API usage are all parameters which should be considered while sizing your instance.

MISP - Past MISP-related events

2022-08-04T04:00:05.402935+00:00

Past conferences Past conferences featuring MISP core members talking about MISP and/or threat intelligence. Some links include video recordings. 2021 Video: MISP Fundamentals

MISP - MISP web scraper

2022-08-08T01:00:00+00:00

MISP web scraper There are a lot of websites that regularly publish reports on new threats, campaigns or actors with useful indicators, references and context information.

MISP - MISP 2.4.160 released with new workflow feature, new correlation engines and many major improvements

2022-08-08T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.160. With the August summer-holiday season kicking into high gear, we have a very special release for you all, containing a long list of major new features, improvements and general quality of life improvements.

MISP - MISP 2.4.161 released with small improvements and bugs fixed

2022-08-11T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.161. Small improvements A new option added to log the last API request of an API key.

MISP - Periodic summaries - Visualize summaries of MISP data

2022-09-12T01:00:00+00:00

Periodic summaries - Visualize summaries of MISP data As of version 2.4.162, MISP includes a periodic summary feature allowing users to consult a summary based on a requested time-frame for data the user has access to.

MISP - MISP 2.4.162 released with a new periodic notification system, workflow updates and many improvements

2022-09-13T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.

MISP - MISP Guard

2022-09-13T01:00:00+00:00

Let’s say that by no means should an attribute of type passport-number leave your MISP instance. Aside from the analyst following best practices when encoding the data, MISP does not have a built-in mechanism to prevent these leaks to happen, but now you can achieve this by using a third-party tool called misp-guard.

MISP - MISP 2.4.163 released with improved periodic notification system and many improvements

2022-09-26T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.163 with an updated periodic notification system and many improvements.

MONARC - MONARC 2.12.3 released

2022-10-09T23:00:00+00:00

Release 2.12.3 of MONARC

MISP - MISP 2.4.164 released with new tag relationship feature, improvements and a security fix

2022-10-10T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.164 with a new tag relationship features, many improvements and a security fix.

MISP - SACTI - Secure aggregation of cyber threat intelligence

2022-10-27T01:00:00+00:00

SACTI: Secure aggregation of cyber threat intelligence Overview Communities can share cyber threat intelligence on platforms, such as MISP. In the H2020 project Prometheus TNO has developed a way to securely aggregate cyber threat intelligence and publish the result on MISP.

MONARC - MONARC 2.12.4 released

2022-11-13T23:00:00+00:00

Release 2.12.4 of MONARC

MISP - Curate events with an organisation confidence level

2022-11-14T00:00:00+00:00

Quality of threat intelligence When you receive threat intelligence from different sources you quickly realise there is a big difference in the quality of the received information.

MISP - MISP 2.4.165 released with many improvements, bugs fixed and security fixes.

2022-11-21T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.165 with many improvements in workflows but also performance improvements.

MISP - MISP 2.4.166 released with many improvements, bugs fixed and security fixes.

2022-11-30T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.166 with new features and fixes, including two critical security fixes.

MISP - Training Video - MISP Best Practices for Encoding Threat Intelligence

2022-12-15T00:00:00+00:00

MISP Training Video December Edition - Best Practices for Encoding Threat Intelligence and Leveraging the information in MISP to Make Threat Landscape Report Content of Training Session MISP data model introduction Best practices - from evidences to actionable evidences Leveraging the information in MISP to Make Threat Landscape Report Jupyter notebook used during the training session.

MISP - Training Video - MISP Workflow

2022-12-15T00:00:00+00:00

MISP Training Video December Edition - Workflow MISP has been a widely used open source CTI platform for the past decade, with a long list of tools that allow users to customise the data models and contextualisation of the platform, yet true customisation of the actual workflows and processes had to be done externally using custom scripts.

MONARC - MONARC 2.12.5 released

2022-12-20T23:00:00+00:00

Release 2.12.5 of MONARC

MISP - MISP 2.4.167 released with many improvements, bugs fixed and security fixes.

2022-12-26T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.167 with new features and fixes, bugs fixed and a security fix.

MISP - MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support.

2023-02-16T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes. It includes a rather substantial release of misp-stix, the core Python library for importing and exporting STIX (1, 2.

MISP - Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167)

2023-02-20T00:00:00+00:00

Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167) Introduction As of the past 2 months, we’ve received two separate reports of two unrelated SQLi vector vulnerabilities in MISP that can lead to any authenticated user being able to execute arbitrary SQL queries in MISP.

MISP - MISP and fail2ban

2023-02-23T00:00:00+00:00

fail2ban - MISP fail2ban is known to do a great job at giving attackers a hard time when they try to “test” passwords or enumerate users of a service.

MISP - MISP 2.4.169 released with various improvements and bug fixes.

2023-03-14T00:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.169 with various improvements and bug fixes. It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.

MISP - MISP to Azure Sentinel integration

2023-04-03T01:00:00+00:00

MISP to Azure Sentinel integration Introduction The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.

MISP - MISP 2.4.170 released with new features, workflow improvements and bugs fixed

2023-04-13T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.170 with new features, workflow improvements and bugs fixed. It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.

MISP - MISP, Sponsoring - Thanks Page

2023-04-15T04:00:05.230896+00:00

Thank you! The MISP project owes its existence and continuous improvement to the invaluable support of numerous organizations and individuals. We are deeply grateful to the following organizations, whose ongoing contributions have helped us enhance the project and ensure its long-term sustainability.

MONARC - MONARC 2.12.6 released

2023-04-24T23:00:00+00:00

Release 2.12.6 of MONARC

MISP - How to push to a TAXII server from MISP

2023-04-29T01:00:00+00:00

If you want to push data from your MISP instance to a TAXII server, there are a few steps you need to follow.

MISP - MISP 2.4.171 released with a long list of fixes, a dashboard rework, STIX 2.1 improvements and more

2023-05-18T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.171 with a long list of fixes, major STIX 2 improvements and an overhaul over the dashboard widget toolkit.

MISP - MISP 2.4.172 released with new TOTP/HTOP authentication, many improvements and bugs fixed

2023-06-13T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.172 with new TOTP/HTOP authentication, many improvements and bugs fixed.

MISP - MISP 2.4.173 released with various bugfixes and improvements

2023-07-11T01:00:00+00:00

We are pleased to announce the immediate availability of MISP v2.4.173 with a new password reset feature, along with a host of quality of life improvements and fixes.

MISP - MISP 2.4.174 released with major workflow enhancements, new features and fixes

2023-07-31T01:00:00+00:00

We are thrilled to announce the immediate availability of MISP v2.4.174 with significant workflow improvements, accompanied by a host of quality-of-life enhancements and bug fixes.

pyHIDS - pyHIDS 0.6.1

2023-08-04T10:00:00+00:00

The new version of pyHIDS features the integration of Hashlookup and Pandora.

You can install it from Pypi, for example with pipx:

$ pipx install pyHIDS
$ export PYHIDS_CONFIG=~/.pyHIDS/conf.cfg

Example of usage:

$ pyhids gen-keys --size 2048
Generating 2048 bits RSA keys ...
Dumping Keys
Done.

$ pyhids gen-base --sign
Generating database...
2427 files in the database.

$ pyhids run --check-signature
Verifying the integrity of the base of hashes...
Database integrity verified.
Verifying the integrity of the files...

If you want to check the database of hashes against Hashlookup and Pandora for known malicious files:

$ pyhids hashlookup

$ pyhids pandora

MISP - MISP now supports Signal Metadata Format Specification SigMF

2023-08-23T01:00:00+00:00

As one of the outcomes of GeekWeek8, MISP now supports a new set of features useful for handling radio frequency information in the Signal Metadata Format Specification) (SigMF), commonly used in Software Defined Radio (SDR), digital signal processing and data analysis applications.

MISP - MISP 2.4.175 released with various bugs fixed, improvements and security fixes.

2023-08-24T01:00:00+00:00

MISP 2.4.175 released with various bugs fixed, improvements and security fixes. Improvements Added support of start_date and end_date options in the MISP dashboard widgets.

MISP - MISP to Microsoft Sentinel integration with Upload Indicators API

2023-08-26T01:00:00+00:00

MISP to Microsoft Sentinel integration Introduction The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel.

MISP - MISP 2.4.176 released with various improvements and bugs fixed.

2023-09-15T01:00:00+00:00

MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the misp-stix library especially on the storing relationships and the description of relationships in the MISP standard format.

MISP - MISP 2.4.177 released with various improvements and bugs fixed.

2023-09-27T01:00:00+00:00

MISP 2.4.177 released with various bugs fixed and improvements. Improvements [dev] added a shell script to generate the restsearch parameters. [CLI] add command to expire active AuthKeys that do not have an IP allowlist set.

pyHIDS - pyHIDS 0.8.0

2023-10-06T11:50:45+00:00

The new version of pyHIDS offers the integration of MISP and of YARA.

A MISP server can be queried in order to find potentially malicious files from the checksums in the database of pyHIDS.
The YARA module allows you to provide a set of YARA rules to apply to the monitoried files.

As a reminder, a recent previous version of pyHIDS introduced the integration of Hashlookup and of Pandora.

To be honest, I’m pretty happy with this new version.

Of course, you are invited to submit your ideas of new features!

MISP - MISP, research topics

2023-10-14T20:58:02.060969+00:00

MISP Research topics Exploring New Horizons in Cyber security and threat intelligence with MISP: Research Opportunities Welcome to the MISP Research Initiative!

Recent news

MISP - MISP 2.4.142 released (with new correlation features, UI sync functionality improved and new dashboard widgets)

MONARC - MONARC 2.10.3 released

MISP - MISP 2.4.143 released (10 year anniversary edition)

MISP 2.4.143 released

10 year anniversary

New audit system

Event republish-alert flood protection

Improvements

MISP Modules

Acknowledgement

MISP - MISP 2.4.143 released (10 year anniversary edition)

MISP - MISP 2.4.144 released (Document all the things!)

MISP 2.4.144 released

OpenAPI integration

New diagrams and descriptions

CyCAT integration v1

Improvements

Acknowledgement

MISP - MISP 2.4.144 released (Document all the things!)

MONARC - MONARC 2.10.4 released

MISP - MISP 2.4.145 and 2.4.146 released (Improved warning-lists)

MISP 2.4.145 and 2.4.146 released

MISP warning-lists improvements.

New features

Summary email notification

Documentation

API

Security Fixes

Various improvements

Acknowledgement

MISP - MISP 2.4.145 and 2.4.146 released (Improved warning-lists)

MISP - MISP 2.4.147 released (improvements and bug fixes release)

MISP 2.4.147 released

Sync improvements

API/CLI

Acknowledgement

MISP - MISP 2.4.147 released (improvements and bug fixes release)

MISP - MISP 2.4.148 released (summer time release)

MISP 2.4.148 released

New feature

Acknowledgement

MISP - MISP 2.4.148 released (summer time release)

MONARC - MONARC 2.11.0 released

MISP - MISP 2.4.149 released (Autumn care-package - STIX 2.1 support and Cerebrate integration)

MISP 2.4.149 released

New features

New STIX libraries

Cerebrate integration

mail2misp release 1.0

Various improvements

Acknowledgement

MISP - MISP 2.4.149 released (Autumn care-package - STIX 2.1 support and Cerebrate integration)

MISP - MISP 2.4.150 released (The “Bloody PKI again” hotfix release)

MISP 2.4.150 released

Sync issues due to the expiration of a Letsencrypt root CA

MISP - MISP 2.4.150 released (The "Bloody PKI again" hotfix release)

MONARC - MONARC 2.11.1 released

MISP - MISP 2.4.151 released (Black friday threat intel rush release)

MISP 2.4.151 released

New features

New background processor

Various CLI changes

Option to move the system settings to the database

Various improvements

MISP Modules

MISP Taxonomies

MISP Galaxy

MISP Objects

Acknowledgement

MISP - MISP 2.4.151 released (Black friday threat intel rush release)

MISP - MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

MISP 2.4.152 released

MISP Modules

MISP Taxonomies

MISP Galaxy

MISP Objects

Acknowledgement

MISP - MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.

MISP - Contributing to MISP Project