January 9, 2024
MISP 2.4.183 released with a new ECS log feature, improvements and bugs fixed.
- MISP now supports Elastic Common Schema (ECS) security logging. A new option has been added
Security.ecs_logto enable this new functionality. A new
Security.alert_on_suspicious_loginsto security audit has been added.
- The sync configuration in MISP now supports sharing group blueprints for a simple creation of filter rules based on dynamically updated organisation lists.
- Major improvement to STIX import handling and especially the misp-stix library such as Parsing PE binary extensions within File observable objects and many more improvements/fixes.
- API add tag functions updated to also work with uuids, rather than just local IDs.
- [event:view] Added option to mass local cluster tag.
Many bugs fixed and minor improvements. Feel free to read the detailed changelog
MISP project knowledge bases
- New flowintel CM object added.
A new dedicated website has been developed to easily reference galaxy outside MISP.
- Improved Sigma rules galaxy, threat-actors database with many new threat-actors
- New disarm galaxy is now available. Including Actor Types, Countermeasures, Detections and Techniques.
- New MITRE Atlas framework added. MITRE ATLAS Attack Pattern, MITRE ATLAS Course of Action
Warning-lists updated to the latest version from the different sources.
Don’t forget to follow us on Mastodon
The MISP project has its own Mastodon server misp-community.org - don’t forget to follow @email@example.com on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
MISP Professional Services
MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don’t hesitate to get in touch with us if you need specific services.