MISP 2.4.154 released including tools for managing rapidly changing communities
MISP 2.4.154 released with a host of new features and fixes, including some new tools that help us navigate the current geo-political landscape when sharing information.
MISP 2.4.153 released with improvements and bugs fixes
MISP 2.4.153 released
- MISP UI translation in Thai added.
- Improved the debugging of the synchronisation, including more meaningful messages in debug logs.
- Significant improvements in the misp-stix library, to support additional import coverage of files along with improvements to the STIX export.
- Improved debugging in the TLS handshake for synchronisation.
- Additional CLI tests for security.
- Markdown-IT library updated to the latest version, including security fixes to version 12.3.2.
- Improvements in the various MISP install scripts.
Many internal improvements and bug fixes.
MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.
MISP 2.4.152 released
MISP 2.4.152 released with timeline improvements, optional filtering on sync, LinOTP improvements and more.
The LinOTP authentication module has been improved to include a mixed mode where both OTP and MISP’s usual password authentication can be used together.
MISP 2.4.151 released (Black friday threat intel rush release)
MISP 2.4.151 released
MISP 2.4.151 released including a host of bug fixes and a bunch of new features
New features
- New background processor by @righel
- Improvements to the CLI tools
- Bug fixes and improvements
New background processor
- MISP has been using CakeResque for its background jobs for the better part of a decade. Whilst it has served us well, the library has been stale for a long time and carries a (for us) unnecessary complexity and is generally the most difficult part of the application to debug
- Luciano “@righel” Righetti has implemented a completely new, compatible background processing engine using Supervisord
- Queue and execute jobs the same way as you are used to from before, monitor worker progress via the tools provided by supervisord in addition to MISP
- No scheduling capabilities, these were an unnecessary overhead for us before as we relied on corn jobs as our preferred scheduling mechanism anyway
- Expect more improvements to this library over the course of the next months, but feel free to switch to using it already now
- Currently it is completely optional and the old background processor will still be supported for a while
- Be aware that manual setup steps are required to get the new processor working, refer to the upgrade guide on the procedure, if you decide to start using it already now
Various CLI changes
- Jakub Onderka has been doing a fair bit of refactoring and improvement of the CLI libraries
- additional administrative tools added to help monitor and manage your MISP instance (such as redis memory diagnostics, mysql table optimisation tool, etc)
Option to move the system settings to the database
- Traditionally all system config settings were stored in the config.php file, with a new configuration thanks to Jakub Onderka’s implementation the settings can be moved to the database rather than the file.
- This should help with persistence for containerised installations
Various improvements
- The previous version introduced a new STIX library as a replacement for the old one. This change did end up causing some update issues for some installations, the built in updater is now aware of this change and should allow you to easily update via the UI/API updater, with the new STIX library working as intended
- A long list of improvements, thanks to all contributors! For a detailed list of changes, head over to the changelog
MISP Modules
- New Passive SSH expansion expansion module.
- Updated Recorded Future expansion module included links and related data.
- New CIRCL hashlookup expansion module added.
MISP 2.4.150 released (The "Bloody PKI again" hotfix release)
MISP 2.4.150 released
MISP 2.4.150 released, including a new CA bundle to combat the issues with the Letsencrypt root CA expiration. This is a follow-up release to 2.4.149 and has no other major changes besides pointing to our own repository of the framework that includes the new CA bundle.
MISP 2.4.149 released (Autumn care-package - STIX 2.1 support and Cerebrate integration)
MISP 2.4.149 released
MISP 2.4.149 released including many bugs fixed along with some new and improved functionalities
New features
- First stage of a massive rework of our STIX integration
- Various improvements to the integration with Cerebrate
New STIX libraries
- The first version of a long ongoing project to rework our entire STIX integration has finally been merged, thanks to the tireless work of @chrisr3d
- Our converter libraries have embarked on a path of their own, becoming a standalone repository included by default in MISP, but also serving as a useful tool for anyone looking for a clean way of converting between the MISP standard format and various STIX versions (1.1.1, 1.2, 2.0, 2.1).
- The libraries are still work in progress, but continuously improved, follow misp-stix
- Included is also a detailed documentation, which also serves as a knowledge base for the mapping between the two formats, available under the documentation sub-directory
- From this release on, you have more control over which STIX version is used when exporting STIX data from MISP, by specifying the “stix_version” to be returned (supported versions for STIX 1: 1.1.1 and 1.2. For STIX 2: 2.0 and 2.1)
Cerebrate integration
- Allow the fetching of sharing group data from Cerebrate instances, our new open source tool in development aiming to solve a host of issues revolving around community management and orchestration. Our first official release of the tool is scheduled for the MISP summit coming up this month
- To follow the cerebrate project, head over to its github page
- For the MISP summit to be held on the 21st of October, don’t forget to watch the misp-summit. You can still apply for the Call-for-Presentation.
mail2misp release 1.0
First official release 1.0 of mail2misp, it’s a tool to connect your mail infrastructure to MISP to create events based on the information contained within mail. The solution can be also used to feed MISP instance with honeypot receiving emails.
MISP 2.4.148 released (summer time release)
MISP 2.4.148 released
MISP 2.4.148 released including many bugs fixed along with security fixes. This release fixes CVE-2021-37742 and CVE-2021-37743.
New feature
- added option to block organisation changes at login on ApacheShibbAuth
- Open data export has been refactored
- Fix Suricata export concerning sticky buffers
- ZMQ now includes misp_json_warninglist topic in the pub-sub channels
Acknowledgement
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in misp-objects, misp-taxonomies and misp-galaxy .
MISP 2.4.147 released (improvements and bug fixes release)
MISP 2.4.147 released
MISP 2.4.147 released including a massive number of small improvements, bug and security fixes. We strongly recommend all MISP users to upgrade as soon as possible. This release fixes CVE-2021-37534.
MISP 2.4.145 and 2.4.146 released (Improved warning-lists)
MISP 2.4.145 and 2.4.146 released
MISP 2.4.145 and 2.4.146 released including a massive update to the MISP warning-lists, various improvements and security fixes.
MISP 2.4.144 released (Document all the things!)
MISP 2.4.144 released
MISP 2.4.144 released including a massive update to the documentation along with CyCAT.org integration, improvements and fixes including security related fixes.
MISP 2.4.143 released (10 year anniversary edition)
MISP 2.4.143 released
MISP 2.4.143 released including a new audit subsystem, various quality of life improvements and bug fixes.
10 year anniversary
MISP has, as of the 15th of May, turned 10, to celebrate the occasion we have a celebratory MISP logo acting as a temporary replacement of the usual one for the duration of this release.
MISP 2.4.142 released (with new correlation features, UI sync functionality improved and new dashboard widgets)
MISP 2.4.142 released
MISP 2.4.142 released including many new features, a security fix and a long list of quality of life improvements.
MISP 2.4.141 released (Many improvements from email notification, UI, API and installation scripts)
MISP 2.4.141 released
MISP 2.4.141 released including many improvements from email notification, UI, API and installation scripts.
User-Interface
- [UI] Render galaxy cluster description as markdown.
- [UI] Show threat level icons on event index.
- [eventgraph:viewPicture] Allow access to saved picture from the eventgraph history.
- [eventGraph] Improved object coloring strategy.
- [UI] fix debugon for debug = 1. fix #7131.
- [UI] Show number of items in freetext feed.
- [UI] Make feed event preview nicer.
- [UI] It is 2021! Removed -moz and -webkit specific CSS properties.
- [UI] Make some parts of MISP nicer.
- [UI] Nicer pivots.
- [UI] Simplify keyboard-shortcuts.js.
- [UI] Use Page Visibility API.
and many more updates check the changelog for details.
Creating a MISP Object, 101
MISP Objects
MISP objects are containers around contextually linked attributes. They support analysts in grouping related attributes and describing the relations that exist between the data points in a threat event. Combining these objects and relations is something that can then be used to represent the story of what is being told in the threat event.
MISP 2.4.140 released (OpenID support, cross object references in extended events and many improvements)
MISP 2.4.140 released
We have released 2.4.140, the latest release for MISP, introducing a host of new features, including integrations with various authentication systems, various improvements to the handling of objects, CLI improvements as well as a package containing general bug fixes, along with the usual update of the JSON libraries.
MISP 2.4.139 released (Quality of life and bugfix release)
MISP 2.4.139 released
We have released 2.4.139, the latest release for MISP squashes a set of pretty annoying bugs, whilst also adding some shiny new features to play with, along with the usual update of the JSON libraries.
MISP 2.4.138 released (Many improvements including CISA.gov AIS dynamic marking functionality, RSIT galaxy added)
MISP 2.4.138 released
We have released 2.4.138, the latest release for MISP along with an update of the JSON libraries.
MISP 2.4.137 released (New exclusion module for the correlation engine, many improvements and security vulnerabilities resolved)
MISP 2.4.137 released
We have released 2.4.137, a security and bug fix release including a collection of fixes and improvements collected over the past month.
MISP 2.4.136 released (Cerebrate project integration)
MISP 2.4.136 released
Though we’re rather late with the release notes, we did have some goodies to share for the winter festivities, bundled neatly into the 2.4.136 release.
MISP 2.4.135 released (galaxy 2.0)
MISP 2.4.135 released
Don’t let the minor version number change fool you, this release is a game changer for MISP and information sharing in general. Galaxy 2.0 brings about the ability to customise Galaxy clusters (threat-actors, @MITREattack or any knowledge base element) as well as to extend and share it within your community. This release also includes many new improvements such as a new authkey system to better handle your API keys in MISP.