The Hack.lu/CTI-Summit once again allowed us to get in touch with the community and sit down to talk about new features and issues to be implemented. As usual, it was a real pleasure to get that much concentrated feedback. In this release, we put a lot of effort trying to fix and create new content as much as possible based on the collected needs of the community.
Hi, in this blog post I am going to share how I have built a framework on Splunk to retrosearch on MISP indicators of compromise.
Based on a set of fixes including a security fix, we are pleased to announce the immediate availability of MISP 2.4.198. You can find a list of the detailed changes along with new features further below. As with any security release, we highly encourage everyone to update their instance as soon as possible.
user_org_uuid_in_response_header to include a response header with the requesting user’s organization UUID. [Jeroen Pinoy]For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!
hh:mm:ss accuracy to log searches, allowing for more precise time-based queries. This update also includes significant refactoring to improve code quality. [iglocska]publish_timestamp and introduced the X-Skipped-Elements-Count header to improve pagination during REST searches. [Benni0]beforeFilter to avoid redis errors during benchmarking. [iglocska]workflow:getEnabledModules. [Sami Mokaddem]For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!
Practical experience is essential for skill development, and effective training must be both engaging and capable of identifying gaps in understanding. That’s why we’re pleased to launch version 1.0.0 of SkillAegis, your new training companion.
We are pleased to announce the immediate availability of MISP v2.4.195, a summer release aiming to introduce new features, fix a long list of reported bugs and deficiencies as well as give your servers a breather in the scorching summer heat by taking a load off your CPUs thanks to a set of impactful performance fixes.
Maltego Integration with MISP
Understanding How Maltego Integrates with MISP Data for Enhanced Cyber Threat Analysis
Many organizations run MISP instances with other cybersecurity tools and OSINT for data-driven investigations. Investigators can integrate both internal and external data to map with MISP data in various ways. This blog details how to look up information directly in the MISP community using MISP Transforms on Maltego Graph, highlighting its seamless integration for efficient and comprehensive investigations.
The JTAN (Joint Threat Analysis Network) Project, co-funded by the European Union’s CEF program, addresses the critical need for efficient and effective threat intelligence sharing among cybersecurity teams. As cyber threats grow in complexity and scale, the ability to quickly exchange and analyze threat data across organizations has become essential for maintaining robust security.
MISP 2.4.194 released with new functionalities and various bugs fixed.
/users/heartbeat endpoint./users/view, /admin/users/view, /admin/users/index endpoints.exposed_to_org field.mysql.sql.mysql.sql.For a complete list of updates, please refer to the changelog pages. Many thanks to all the diligent contributors that ensure that MISP keeps improving rapidly!
MISP 2.4.193 released with many bugs fixed, API improvements and security fixes
[attributes/enrich] endpoint added.
/attributes/enrich/[attribute_id|attribute_uuid]{"dns": 1, "foo_bar_baz": 1} listing all modules to execute.[misp-community] MISP-LEA information sharing community added.
Security Enhancements:
Logging and Tracking:
We are excited to announce the release of MISP v2.4.190. This latest version introduces a slew of new features, improvements, and fixes designed to streamline operations and enhance security measures for our users.
Kunai is an open-source security monitoring tool, specifically designed to address the threat-hunting and threat-detection problematic on Linux. It has been inspired by Microsoft Sysmon, to provide a Sysmon alike experience to the end user. However, it comes with some more advanced features such as fine grained event filtering, detection rules and IoC matching. In this blog post, we are going to introduce how to implement real time MISP IoC matching in a very short amount of time.
We are pleased to announce the immediate release of MISP 2.4.189, released with bug fixes, performance improvements and a new blocklist feature.
This lab explains how to connect MISP to the Elastic Stack in order to leverage IOCs from MISP and trigger alerts based on user defined rules.
The MISP Project, renowned for its threat intelligence sharing platform, and Yeti Platform, the Forensics Intelligence platform supporting CTI and DFIR practitioners, are coming together to create a more robust and interconnected open source landscape.
We are pleased to announce the immediate release of MISP 2.4.188, with major performance improvements and many bugs fixed.
ignoreIndexHint parameter (mysqlExtended, mysqlObserverExtended).forceIndexHint.restsearch and /events/view endpoints). This helps with performance issues caused by large sighting data sets.BadRequestException as fail log in CI.misp-galaxy, misp-object, and warning-lists.analyst-data and event-reports.sightings:getLastSighting.includeDecayScore by a factor of 5.unpublishedprivate directive.CURLOPT_NOBODY for HEAD requests.redisReady in dragonfly.Exception to Throwable in ECS.MISP.email_reply_to to server config.misp-stix, attachment scan error handling, OIDC default org handling, alert email titles, shadow attribute handling, and community additions (ICS-CSIRT.io).Details changes are available in Changelog.
At CIRCL we use regularly bloom filters for some of our use cases especially in digital forensic. Such as providing a small, fast and shareable caching mechanism for Hashlookup database which can be used by incident responders.
We are pleased to announce the immediate release of MISP 2.4.187, including security fixes, new features and bugs fixes.
org list to shell commands.OidcAuth.update_user_role to disable role changes from OIDC.ext-zstd to suggested PHP extensions.removeTagFromObject().Details changes are available in Changelog.
© MISP project. Software released under approved open source licenses and content of this website released as CC BY-SA 3.0.
Template by Bootstrapious. Ported to Hugo by DevCows.