MISP 2.5.38 - UI and security update
A focused release with two security fixes, a new workflow action module, continued Overmind UI migration of the Sync tab, TAXII 2 conformance work, and the usual round of community-contributed bug fixes.
MISP 2.5.37 - Templates, Assemble!
We are happy to announce the release of MISP v2.5.37, headlined by the brand-new Event Templating system — a complete redesign that replaces the legacy templating engine. This release also introduces a dedicated suricata attribute type, continues the Overmind UI migration, switches the STIX 2 stack to the upstream library bundled with misp-stix, ships several security fixes, and brings new performance tooling for large instances.
MISP v2.5.35: Decomposed Event Views, Overmind UI Enhancements, Security Hardening and MISP-STIX major update
The MISP v2.5.35 release introduces significant architectural improvements to the Event View, massive performance optimizations for attribute searching, and critical security hardening for installers. This version marks a major step forward in the “Overmind” UI project, transitioning toward a more modern, responsive user experience.
Setting up UniqueSignal in MISP
Note: This post also appeared on the VMRay website: Setting up UniqueSignal in MISP.
VMRay UniqueSignal
Last year VMRay announced UniqueSignal, a threat intelligence feed that includes:
MISP-STIX 2026.3.13 Released
MISP-STIX v2026.3.13: Improved Indicator-Observable Matching and Expanded STIX Coverage
Introduction
misp-stix is the Python library powering bidirectional conversion between MISP and STIX (versions 1.x, 2.0, and 2.1).
It is used by MISP core software, available as misp-stix on PyPI, and also available directly as a conversion service on cti-transmute.org.
MISP Workbench `v1.0` (beta) Released
MISP Workbench – First Release v1.0 (beta)
MISP Workbench is a powerful analyst-focused platform designed to tame the challenge of working with large volumes of threat intelligence at scale. It is capable of ingesting data from multiple origins — including MISP instances, external feeds, and other threat intelligence sources — and consolidates them into a unified workspace where analysts can actually get things done. At its core, MISP Workbench puts the analyst in control: query across your entire data corpus, enrich and process indicators, pivot between related intelligence, and push curated results back to MISP or downstream consumers — all from one place. Whether you’re triaging a large batch of incoming indicators, hunting for patterns across feeds, or preparing a finished intelligence product, MISP Workbench is built to cut through the noise and accelerate the workflow from raw data to actionable insight.
Have You Ever Thought About Drones in MISP?
Have You Ever Thought About Drones in MISP?
The Drone Threat
Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, are increasingly present in civilian, industrial and military environments. While they provide many legitimate capabilities, they also introduce new security risks. In recent years, incidents have illustrated how drones are becoming a recurring operational and security concern across multiple sectors.
The Economic Power of Federated Threat Intelligence
The Economic Power of Federated Threat Intelligence
Introduction: Why Policy Matters to Developers
As developers of the MISP project, we spend most of our time thinking about UUIDs, JSON schemas, and API synchronization performance. However, every so often, a piece of academic research comes along that reminds us why this work matters beyond the code.
MISP v2.5.33: Performance, Security, and the New Overmind Theme
MISP v2.5.33 Release Notes (2026-02-27)
🎨 A Fresh Look: The “Overmind” Evolution
The UI is undergoing its most significant transformation in years. With the introduction of the Overmind theme, MISP is transitioning to a modern stack.
FlowIntel 3.0.0 released and MISP integration
FlowIntel & MISP
FlowIntel in a Nutshell
FlowIntel is an open-source platform built for handling security investigations in a structured way. It combines case management, task tracking, documentation, and collaboration in one place.
MISP architecture choices
MISP architecture
Getting your MISP architecture right from the start makes all the difference. A well-designed deployment keeps your threat intelligence platform running smoothly, protects your data, and ensures your analysts have what they need when they need it. Poor choices lead to performance bottlenecks, security gaps, and maintenance headaches that only get worse as your data grows.
MISP v2.5.32 released bringing new workflow capabilities, enhancement, security fix and various bugs fixed
We are pleased to announce the release of MISP v2.5.32, bringing new workflow capabilities, improvements to attachment handling, security fixes, and multiple dependency updates.
NGSOTI: Building an Integrated Threat-Intelligence and Information Sharing Ecosystem for the Next Generation of SOC Analysts
The Next Generation Security Operator Training Infrastructure (NGSOTI) initiative was created to address a growing gap in cybersecurity education: the need to train analysts not only on tools, but on real-world workflows, collaboration models, and operational constraints. Rather than focusing on isolated technologies, NGSOTI brings together a coherent ecosystem of open-source projects designed to reflect how modern Security Operations Centers (SOCs) actually function.
Empowering the Ecosystem: MISP’s 2025 Progress and the Open Source Future
In 2025, the MISP project hit its stride with the transition to the 2.5 branch, delivering a major UI/UX overhaul and modernized background processing to enhance platform performance. This progress was bolstered by significant updates to satellite projects, including taxonomies, objects, galaxy, misp-modules, misp-guard, and SkillAegis, ensuring that 2026 will be full of new surprises for both contributors and users as the ecosystem evolves.
MISP v2.5.31 released - Stability, Synchronization Improvements & Year-End Knowledge Base Refresh
MISP v2.5.31 Release Notes
📅 Release date: 2025-12-23
Stability, Synchronization Improvements & Year-End Knowledge Base Refresh
We are happy to announce the release of MISP v2.5.31, a maintenance-focused update bringing refreshed knowledge bases, UI refinements, improved synchronization behavior, and several important fixes.
MISP v2.5.30 and v2.5.29 released: Beta UI/UX Mode, New Workflow modules and Performance Enhancements
This release introduces a foundational beta UI/UX mode (which will be the foundation for the next versions, feedback is more than welcome), new workflow modules, improvements to the Event Index, and important security updates.
MISP v2.5.28 Release: Security, Dashboard Upgrade, and Community Enhancements
MISP v2.5.28 Release Notes (2025-12-10)
MISP v2.5.28 delivers critical security fixes, a major dashboard upgrade to Gridstack 12, and significant platform stability enhancements. This release includes extensive XSS vulnerability patching, refined tag filtering logic, and better support for Meta Communities.
MISP v2.5.27 - released with new features and various fixes
This release delivers important new modules, major internal performance optimisations, updates to validation logic, and several security fixes. A large amount of work focused on improving JSON handling, filter pipelines, encoding performance, and overall system robustness.
MISP v2.5.26 - released with performance improvements and interoperability fixes
This release brings new features focused on performance improvements, logging enhancements, and data standardisation with the introduction of the UUID attribute type. It also includes several important bug fixes and dependency updates.
MISP v2.5.25 - Performance Update
This release introduces a security fix, significant performance improvements for REST searches, new default feeds, and several important bug fixes.