MISP 2.4.100 released (aka happy new year release)
Happy new year! We are so proud of our community which has supported us for the past year and we hope to do even better for 2019. Thanks a lot.
MISP 2.4.99 released (aka API/UI fixes and critical security vulnerability fixed)
A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.
MISP 2.4.98 released (aka usability improvements and SleuthKit mactime import)
A new version of MISP (2.4.98) has been released with new features such as improved UI consistency (such as attributes search output), improved validation error messages, a new built-in experimental SleuthKit mactime import, new small features and many bugs fixed.
MISP 2.4.97 released (aka so many new features)
A new version of MISP (2.4.97) has been released with new features such as related tags, the sighting restSearch API, a new French localisation along with many improvements to the API and he import/export capabilities, such as improved support for DHS AIS STIX 1 files.
MISP 2.4.96 released (aka API everywhere release)
A new version of MISP (2.4.96) has been released with a complete rework, refactoring and simplification of the restSearch API, allowing for more flexibility, improved search capabilities, performance and extendability.
MISP 2.4.95 released (aka API search improvement)
A new version of MISP (2.4.95) has been released with the first stage of a complete rework and refactoring of the API exports, allowing for more flexibility, improved search capabilities, performance and extendability.
MISP 2.4.94 released (aka summer improvements)
A new version of MISP 2.4.94 has been released including an improved event graph interface, a new Elasticsearch plugin, various extensions and enhancements to the API, clean-ups and many improvements. Even though it’s summertime, we continuously work on the MISP project and a lot of changes were introduced.
MISP 2.4.93 released (aka ATT&CK integration)
A new version of MISP 2.4.93 has been released including a much improved and tightly integrated MITRE ATT&CK interface, a new event locking functionality, initial support for a multilingual interface, various fixes including a security fix (CVE-2018-12649).
MISP 2.4.92 released (aka performance improvement)
A new version of MISP 2.4.92 has been released including aggressive performance boosts, various improvements and bug fixes.
We received feedback from various users about the negative impact on performance when the MISP warning-lists are enabled (a feature allowing the detection and filtering of false positive attributes in MISP). The performance hit incurred by enabling warning-lists has been reduced to such an extend that enabling them will barely have any impact on performance when viewing or browsing events. We hope this performance gain will increase the overall adoption of the warning-lists.
MISP 2.4.91 released (aka distribution visualisation, galaxy at attribute level and privacy notice list)
A new version of MISP 2.4.91 has been released including new major features, improvements and bug fixes.
Distribution and sharing visualisation
MISP 2.4.91 has a new visual aid in order to simply view the distribution and sharing model of all the attributes within an event. As events can become quite larger, with long lists of objects and attributes, analysts need to verify whether the proper distributions are applied. The new visualisation allows them to view the items per distribution level including the associated sharing groups. The visualisation is dynamic and can be used to filter the given attributes matching a specific distribution setting within the event.
MISP 2.4.90 released (aka Extended Events release)
A new version of MISP 2.4.90 has been released including the new extended events feature along with many updates in improvements in the API, user-interface (including many improvement in the graph editor) and many bug fixes.
Introducing The New Extended Events Feature in MISP
Introducing Extended Events
We have just released a new feature for MISP that allows users to build full blown events that extend an existing event, giving way to a combined event view that includes a sum total of the event along with all extending events.
MISP 2.4.89 released (aka Event graph viewer/editor)
A new version of MISP 2.4.89 has been released including a new MISP event graph viewer/editor, many API improvements and critical bug fixes (including security related bug fixes).
MISP 2.4.88 released (aka Fuzzy hashing correlation, STIX 1.1 import and many API improvements)
A new version of MISP 2.4.88 has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, various API improvements and many bug fixes
MISP 2.4.87 released (aka translate everything, improvements everywhere and more)
A new version of MISP 2.4.87 has been released including a massive contribution enabling support for internationalisation and localisation in the MISP UI (a huge thank to Steve Clement of CIRCL for the tedious work), as well as a host of improvements to the UI, feed and APIs, including bug fixes and speed improvements.
MISP 2.4.86 released (aka sharing groups improvement, large information sharing communities support and more)
A new version of MISP 2.4.86 has been released including improvements to the sharing groups and their respective APIs, granular access control of MISP-modules at an instance-level along with the usual set of bug fixes.
Using MISP to share vulnerability information efficiently
Using MISP to share vulnerability information efficiently
Software and hardware vulnerabilities are often discussed, shared, prepared, analysed and reviewed before publication. This process can be tedious as it often includes multiple exchanges between the parties involved, including reporters, proxy-reporters, coordinators, editors and even impacted parties. Some vulnerabilities might be shared and exchanged among trusted parties for months before being officially disclosed. This can generate a significant workload on the staff dealing with a security team, vulnerability assessment team or CNA (CVE Numbering Authorities).
MISP 2.4.85 released (aka feeds and warning-lists improvement and more)
A new version of MISP 2.4.85 has been released including improvements to the feed ingestion performance, warning-list handling and many bug fixes.
MISP 2.4.83 released (aka attributes-level tag filtering and more)
A new version of MISP 2.4.83 has been released including attribute level tag filtering on synchronisation, full audit logging via ZMQ or Syslog, user email domain restriction at the org level, many more improvements and bug fixes.
MISP 2.4.82 released (aka improved pub-sub ZMQ)
A new version of MISP 2.4.82 has been released including an improved publish-subscribe ZMQ format, improvements in the feeds system, sightings are now ingested and synchronised among MISP instances, many bug fixes and export improvements.