MISP 2.4.61 released
A new version of MISP 2.4.61 has been released, including a critical bug fix, new features and minor updates. We strongly recommend to update MISP to this latest version.
MISP 2.4.60 released
A new version of MISP 2.4.60 has been released, including bug fixes and the long awaited attribute-level tagging feature.
All tags (local or from taxonomies) can now be also applied at the attribute level. This allows analysts or users to easily classify attributes within an event. Many of the taxonomies have useful properties that can be applied to provide additional contextual information to attributes. The attribute level tagging feature introduces many new potential use-cases where MISP can be used to better the day-to-day tasks of incident handlers, analysts or security engineers.
Information Sharing Maturity Model
Here at the MISP project, we are practical oriented people. We create software (from MISP core to MISP workbench), develop data models (such as taxonomies, warning-lists and galaxies) and build practical standards to solve information sharing challenges and improve the general state of information sharing. That’s what we strive for. If we lack something, we build it. If we see a requirement, we fullfil it.
MISP 2.4.58 released
A new version of MISP 2.4.58 has been released, including bug fixes and a specific improvement to the correlation feature.
Correlation can be disabled at the instance level, or, if a new setting is enabled, at the event or at the attribute level by a site admin or the creator of the event. The latter is an optional feature that can be enabled or disabled system-wide in MISP. This allows for a flexible scheme, supporting situations where the correlations of certain events or attributes are not interesting for the analysts. This feature is also available via the API.
MISP 2.4.57 released
A new version of MISP 2.4.57 has been released, including bug fixes and improvements.
Two major new features were introduced in 2.4.57. One of them is the addition of new attribute types and categories
to support the new use-cases in MISP, including the Person, Social network and Support tool categories. The
new attribute types include additional email header types along with attributes describing a natural person and even an attribute type for describing mobile application identifiers.
For a complete overview of the new types, you can have a look at the wiki page “New Attributes”.
MISP 2.4.56 released
A new version of MISP 2.4.56 has been released, including bug fixes and improvements.
This is the first version introducing the misp-galaxy. MISP galaxy is a simple method to express large objects called cluster that can be attached to MISP events or (in the near future) attributes. A cluster can be composed of one or more elements, which are expressed as key-value pairs. You can now directly benefit from the shared galaxy with threat actors and tools used by attackers in MISP.
MISP 2.4.55 released
A new version of MISP 2.4.55 has just been released, including bug fixes and improvements.
This release is a transient release before the galaxy release (TTP-like support) coming up soon.
Independence and Threat Intelligence Platforms
After the recent news of a Threat Intelligence Platform vendor stopping its activities, we have received some questions about our strategies as a Threat Intelligence Platform.
MISP 2.4.54 released
A new version 2.4.54 of MISP including new features, bug and security fixes.
We strongly recommend to update to this latest version.
MISP 2.4.53 released
A new version 2.4.53 of MISP including several security fixes has been released.
We strongly recommend to update to this latest version as soon as possible.
MISP Internet Drafts Published
We recently released two Internet-Drafts describing the MISP format:
- misp-core-format - the core JSON format of MISP which describes the Event format including meta-information, attributes, shadow attributes. In addition, the Manifest format which bundles MISP events is described.
- misp-taxonomy-format - The MISP taxonomy JSON format describes how to define the complete namespace of machine tags in a parseable format.
The misp-rfc project was started to better document and describe MISP formats. The specifications are based from the real implementation cases (code is law). As we received many requests of vendors or software developers willing to integrate MISP. The specifications were designed to support organizations willing to use and integrate MISP formats in their product or software.
MISP 2.4.52 released including new features and major improvements
We are glad to announce MISP 2.4.52 including new features, improvements and bug fixes.
The following new features were introduced:
MISP Upcoming Activities in October and November 2016
The next months for the MISP core team, it is full of interesting activities and upcoming events.
We will participate to the following events:
MISP 2.4.51 released including new features and many bug fixes.
A version of MISP has been released: 2.4.51 including many new features, bug fixes and improvements.
- New Internal MISP sync mode to allow a set of MISP instances belonging to the same organisation to replicate data (useful when a single organisation has multiple MISP instances).
- Enhanced internal STIX export to better handle bulk exports.
- Added X.509 certificate authentication for MISP synchronisations.
- Many fixes and improvement in misp-modules handling.
- MISP Correlation has been sped-up.
- warning-list loading improved.
- Default role option added.
- Inline screenshot functionality
- Many other fixes.
We strongly recommend to also update your misp-modules installation.
Building an OCR import module in MISP
Building an Optical Character Recognition module in MISP
When collecting information from different places, analysts need sometime to perform OCR on documents (like report, faxes, images) to import and correlate the information in their MISP instance. As MISP 2.4.50 introduced a new modular framework for export and import modules, we decided to build a simple OCR service accessible to MISP user on a local instance. This shows how easy you can extend MISP with the new modules framework.
MISP training, “the Brussels Edition”, CIRCL in collaboration with CERT.EU - September 5th 2016
On September 5th 2016 and after 3 successful editions, the MISP (Malware Information and Threat Sharing Platform) training is traveling to Brussels. This workshop is organized by CIRCL in collaboration with CERT-EU and will take place at the European Economic and Social Committee’s premises.
MISP 2.4.50 released including new features, security and bug fixes.
A version of MISP has been released: 2.4.50 including many bug fixes, updates and improvements.
- New export and import MISP module framework in MISP. You can now write your own Python modules for import and export without touching the MISP core software. Samples modules are available in misp-modules repository.
- A XSS vulnerability has been fixed into the handling of the external feed.
- New feature to view the public attributes of an event.
- Multiple fixes in the caching exports (useful for large exports).
- New SSO plug-in Shibboleth based.
- Many other fixes.
Thanks to all the contributors and especially the new ones who joined us at our first hackathon.
MISP Hackathon 2016
MISP Hackathon 2016
The 4th August 2016, a MISP hackathon will take place in Luxembourg (at the local hackerspace) and also remotely. It’s a great opportunity to meet the team in a friendly atmosphere and work on your favourite information sharing software in order to improve it and make an even better tool.
MISP 2.4.49 released with many improvements and fixes
A version of MISP has been released: 2.4.49 including many bug fixes, updates and improvements.
- Updates to the MISP module interface to allow a timeout on hover modules and allowing to timeout slow modules queries.
- Tag restriction functionality added to limit the use of tag to a specific organization.
- Important fixes in the sharing groups functionality including a new roaming setup.
For more details check the Changelog.