A new version of MISP (2.4.128) has been released with a significant refactoring of the STIX import/export along with many improvements and bugs fixed.
A major refactoring of the STIX (version 1 and version 2) import/export has been performed by Christian Studer. We invite you to read the Changelog for the complete set of changes and improvements. The most significant change is the import of threat-actors, tools and alike. As of this version on, the import process automatically maps the data-points to existing galaxies. As an example, if a synonym of a threat-actor is found in the original STIX file, the import process will attach the existing threat-actor from the MISP galaxy library. It also works with tags.
|[correlations] Enable CIDR correlations for ip-src||port and ip-dst||port types|
Many other improvements are documented in the complete changelog is available.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.