MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.
show_server_correlations_for_all_users
allowing non-privileged users to view server correlations. [Sami
Mokaddem][Version] bump. [iglocska]
MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements.
Merge remote-tracking branch ‘origin/develop’ into 2.4. [Christophe Vandeplas]
MISP 2.4.179 released with a host of improvements a security fix and some new tooling.
We currently included our first attempt at an LLM integration for report summarisation and extraction. The development is an outcome of our work with @aaronkaplan during hack.lu 2024 and relies on stochasticCTIExtractor for the extraction and interfacing with LLMs.
MISP 2.4.178 released with many workflow improvements, enhancement and bugs fixed.
totp_delete added in query builder and API documentation.orgc_id as valid filter.includeGranularCorrelations is now exposed in the event RestSearch.cryptocurrency-transaction and many updates to other objects. For detailed changes, MISP objects changelog.ammunition, firearms and many updates in threat actor, Sigma and many other. For detailed changes, MISP galaxy changelogThe MISP projet has its own Mastodon server misp-community.org - don’t forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
MISP 2.4.177 released with various bugs fixed and improvements.
[tests] testing disabling the timestamp greater as old timestamp for password changes.
MISP 2.4.176 released with various improvements and bugs fixed. This version also includes major improvements in the misp-stix library especially on the storing relationships and the description of relationships in the MISP standard format.
The MISP to Microsoft Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App to connect to Sentinel.
MISP 2.4.175 released with various bugs fixed, improvements and security fixes.
start_date and end_date options in the MISP dashboard widgets.first_half_year and second_half_year timeframe.push_rules from being required in API requests to the /server/edit endpoint.Event key.Thanks to BeDisruptive OSS Team and Centre for Cyber Security Belgium (CCB) for the reporting.
As one of the outcomes of GeekWeek8, MISP now supports a new set of features useful for handling radio frequency information in the Signal Metadata Format Specification) (SigMF), commonly used in Software Defined Radio (SDR), digital signal processing and data analysis applications.
The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App and Threat Intelligence Data Connector in Azure.
fail2ban is known to do a great job at giving attackers a hard time when they try to “test” passwords or enumerate users of a service. fail2ban constantly analyses relevant log files and keeps track of IP addresses trying to log into such services. If a configurable threshold is reached, it uses the Linux firewall (Netfilter / iptables) to block the suspected attackers.
There are a lot of websites that regularly publish reports on new threats, campaigns or actors with useful indicators, references and context information. Unfortunately only a few publish information in an easily accessible and structured format, such as a MISP-feed. As a result, we often find ourself manually scraping these sites, and then copy-pasting this information in new MISP events. These tedious tasks are time-consuming and certainly not the most interesting aspect of CTI-work.
MISP objects are containers around contextually linked attributes. They support analysts in grouping related attributes and describing the relations that exist between the data points in a threat event. Combining these objects and relations is something that can then be used to represent the story of what is being told in the threat event.
Here the goal is to push to MISP information gathered on Github. The script add_github_user.py will be used as an example.
A previous post covered how to do MISP service monitoring with OpenNSM. Because having different options is good, this post covers how to achieve similar results with Cacti. For those not familiar with Cacti: it is a network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality.
Many organisations adore how quick and easy MISP can be set up. Once it’s running, people start integrating it into their processes and begin to rely on it, for instance by exporting indicators and using them in security or network focused software. Usually this is the time when MISP becomes a fundamental part in the portfolio of fighting attacks, and the need for reliability grows rapidly.
MISP Galaxies and Clusters are an easy way to add context to data. Compared to the relatively simple concept of tags and taxonomies, they allow you to add more complex data structures. There is already a large list of galaxies and clusters available as a community effort, and directly accessible within MISP, but it’s always possible these do not fully address your needs.
We’re proud to announce the CogSec Collab MISP Community - the first public MISP sharing group dedicated to misinformation and information campaigns.
© MISP project. Software released under approved open source licenses and content of this website released as CC BY-SA 3.0.
Template by Bootstrapious. Ported to Hugo by DevCows.