MISP 2.4.171 released with a long list of fixes, a dashboard rework, STIX 2.1 improvements and more

May 18, 2023

We are pleased to announce the immediate availability of MISP v2.4.171 with a long list of fixes, major STIX 2 improvements and an overhaul over the dashboard widget toolkit.

Dashboard rework

  • In order to support communities’ need to monitor ongoing trends, community growth and sharing activities in general, we’ve added and reworked a host of dashboard widgets.

  • A large focus of the improvements was making the widgets more configurable, especially in terms of being able to create dashboards showing individual data per groups of organisations. Groupings happen on the metadata of organisations, such as country, sector or the adaptable “type” field, allowing administrators to lump organisations into buckets based on commonalities in their community, such as membership status, sub-groups, etc.

image

  • Additionally time range definitions have been added for a host of the new and reworked widgets, allowing to see changes in the current month, past x days or the current year.

  • New widgets include:

    • A new, filterable organisation evolution line-chart widget
    • World map showing country representation of the given community
    • A ticker showing the latest Users being enrolled in the system
    • A ticker showing the latest organisations being enrolled in the system
    • List of UI login counts for the configured timeframe
    • List of UI authentications for the configured timeframe
    • Published event line-chart
    • Contributing organisation and user top lists (the latter requires the enabling of a security setting)
    • Filterable trending attribute values widget

Workflows

  • Work has begun on a larger rework allowing the creation of filtered paths in workflows, allowing the workflow creator to temporarily restrict the data in individual paths based on custom, configurable filtering.
    • This will further allow administrators to configure workflow execution paths that only trigger on more refined subsets of the data, rather than on anything passing through
  • As always, workflows are still heavily a work in progress and are becoming tighter integrated with the core MISP functionalities with each release.

STIX 2.1 and TAXII integration improvements

  • We would like to thank all users reporting unexpected misalignments in the STIX 2.1 conversion, we’re striving for a 100% coverage of the standard and at times removing the ambiguity created by such a large standard can be difficult to catch until we see those edge cases actually used by the various implementations.
    • We appreciate the submission of any (sanitised) STIX 2.1 samples that cause unwanted results when ingested in MISP or any (sanitised) MISP events that cause incorrect or inconsistently mapped STIX 2.1 to be generated
  • This release addresses a host of the bugs and misalignments reported, thanks to the tireless work of @chrisr3d
  • TAXII integration is still in its infancy and currently only supporting a subset of tested target tools. Please let us know about anything that doesn’t work for you or if you have (successfully or unsuccessfully) integrated a taxii server with MISP using the new feature.

Fixes

  • A long list of fixes affecting:
    • the workflows
    • the event index search, including the ability to search for attributes via performant full string searches
    • STIX 2.1
    • TAXII
    • PyMISP

For a detailed list of changes affecting the MISP core in this release, head over to the changelog.

Go to the detailed changelog for more details about the changes to the MISP core software.

Other updates and changes in the MISP project

MISP Objects and Relationships

  • New risk-assessment-report object to share risk assessment report such as the ones generated by MONARC.
  • New object template for AI chat prompt such as ChatGPT.

For more details, the misp-object changelog is available.

MISP Galaxy

  • MITRE ATT&CK galaxy updated to version 13.
  • Sigma galaxy updated to the latest version.
  • Threat actor galaxies updated with new threat actors and improved.
  • Major improvements in the list of relationship between the threat-actor galaxy and the other galaxies.
  • Microsoft new threat-actor taxonomy added along with the relationships from the previous microsoft naming.
  • Improve tooling to manage relationships between the different galaxy clusters.

For more details, the misp-galaxy changelog is available.

MISP warning-lists

  • Updated warning-lists for all sources.

For more details, the misp-warninglists changelog is available.

MISP taxonomies

  • Updated and expanded dark-web taxonomy.

For more details, the misp-taxonomies changelog is available.

Don’t forget to follow us on Mastodon

The MISP projet has its own Mastodon server misp-community.org - don’t forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don’t hesitate to get in touch with us if you need specific services.