A new version of MISP (2.4.114) with some new features supporting collaboration and a list of fixes and small improvements. We strongly recommend to update to this version.
One of the most common questions we get from users is whether we can point them to a community that would fit their profile and needs. This is something that often leaves as stumped. Being an open source project, we only really know the part of our user-base that we directly interact with and even if they do, the question of whether we should point users in their directions in the first place is often a puzzling one.
We’ve decided to make everyone’s life just a tad bit easier. By incorporating an in-application registry of known communities, we not only allow organisations that run an ISAC or other sharing community to let potential new community members know that they exist in the first place, but also we also allow anyone with a MISP installation to conveniently send requests to communities for access.
Simply go to sync actions -> communities, browse the communities vetter or at least known by the MISP project and pick the ones that you consider yourself a good fit for. The system allows you to describe who you are and why you feel that you’d be an asset to the given community and send a request directly to the administrators of the instance.
The list of communities for now is rather brief, if you would like your community to be listed, get in touch us at the MISP project, or create a pull request describing your community.
As with all new features in MISP, we often struggle with anticipating the interest a new system would generate, often under-estimating the volume of data that they would generate. When we first implemented the delegation system, we expected it to be more of an edge-case scenario. We were obviously wrong, several communities out there rely quite heavily on being able to pseudo-anonymously publish data.
This is especially the case in ISAC/ISAO driven communities, where a central trusted authority ensures both the quality of the data produced as well as protecting the identity of those that wish to remain unknown when disclosing information that could be considered a successful intrusion.
We have now added an interface that allows users to search both received and issued delegation requests in a more convenient manner.
Added a new diagnostic tool that allows administrators to keep track of the database table sizes in MISP along with the potentially recoverable space by optimising the table.
Industrial control systems and operational technologies (ICS/OT) are often the target of threats, intrusions and attacks. The FIRST.org Cyber Threat Intelligence SIG did a tremendous work of documenting these into a series of taxonomies. To support and actively test the use of the ICS/OT taxonomy, the ics taxonomy is now part of the default MISP taxonomy library. We also encourage any ICS/OT operators to contribute back to the ics taxonomy JSON file in order to improve the taxonomy based on their experiences. By being a taxonomy in MISP, this allows all ICS/OT users to directly tag and contextualise information shared within MISP instances and communities to describe their domain specific incidents and reports along with the related industrial threat intelligence.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
Special shout-outs to Jakub Onderka (@JakubOnderka) for the tireless work around tuning the warninglist systems and fixes all around, to Pierre-Jean Grenier (@zaphodef) for the massive list of fixes ensuring that our APIs behave more sanely and Beckhalo Evgeny (@4ekin) for taming the beast that is PostgreSQL support.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.