MISP 2.4.173 released with various bugfixes and improvements
We are pleased to announce the immediate availability of MISP v2.4.173 with a new password reset feature, along with a host of quality of life improvements and fixes.
MISP 2.4.172 released with new TOTP/HTOP authentication, many improvements and bugs fixed
We are pleased to announce the immediate availability of MISP v2.4.172 with new TOTP/HTOP authentication, many improvements and bugs fixed.
Time-based and Single Use One-time password support (TOTP / HOTP)
New TOTP support are now included in MISP. This functionality works in two modes:
MISP 2.4.171 released with a long list of fixes, a dashboard rework, STIX 2.1 improvements and more
We are pleased to announce the immediate availability of MISP v2.4.171 with a long list of fixes, major STIX 2 improvements and an overhaul over the dashboard widget toolkit.
How to push to a TAXII server from MISP
If you want to push data from your MISP instance to a TAXII server, there are a few steps you need to follow. Firstly, you’ll need to ensure that your MISP instance is configured to export data in a format that the TAXII server can accept. This typically involves converting the data to STIX 2.x format by using the builtin misp-stix converter. Next, you’ll need to establish a connection between your MISP instance and the TAXII server by configuring the appropriate API and collection endpoints in the MISP sync action. Once this is done, you can initiate the data transfer from your MISP instance to the TAXII server by pushing the searched data to the designated API and collection.
MISP 2.4.170 released with new features, workflow improvements and bugs fixed
We are pleased to announce the immediate availability of MISP v2.4.170 with new features, workflow improvements and bugs fixed.
It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.0 and 2.1).
MISP to Azure Sentinel integration
MISP to Azure Sentinel integration
Introduction
The MISP to Azure / Sentinel integration allows you to upload indicators from MISP to Microsoft Sentinel. It relies on PyMISP to get indicators from MISP and an Azure App and Threat Intelligence Data Connector in Azure.
MISP 2.4.169 released with various improvements and bug fixes.
We are pleased to announce the immediate availability of MISP v2.4.169 with various improvements and bug fixes.
It includes many improvement release of misp-stix, the core Python library for importing and exporting STIX (1, 2.0 and 2.1).
MISP and fail2ban
fail2ban - MISP
fail2ban is known to do a great job at giving attackers a hard time when they try to “test” passwords or enumerate users of a service. fail2ban constantly analyses relevant log files and keeps track of IP addresses trying to log into such services. If a configurable threshold is reached, it uses the Linux firewall (Netfilter / iptables) to block the suspected attackers.
Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167)
Critical SQL injection vulnerabilities in MISP (fixed in v2.4.166 and v2.4.167)
Introduction
As of the past 2 months, we’ve received two separate reports of two unrelated SQLi vector vulnerabilities in MISP that can lead to any authenticated user being able to execute arbitrary SQL queries in MISP.
MISP 2.4.168 released with bugs fixed, security fixes and major improvements in STIX support.
We are pleased to announce the immediate availability of MISP v2.4.168 with bugs fixed and various security fixes.
It includes a rather substantial release of misp-stix, the core Python library for importing and exporting STIX (1, 2.0 and 2.1).
MISP 2.4.167 released with many improvements, bugs fixed and security fixes.
We are pleased to announce the immediate availability of MISP v2.4.167 with new features and fixes, bugs fixed and a security fix.
Training Video - MISP Best Practices for Encoding Threat Intelligence
MISP Training Video December Edition - Best Practices for Encoding Threat Intelligence and Leveraging the information in MISP to Make Threat Landscape Report
Content of Training Session
- MISP data model introduction
- Best practices - from evidences to actionable evidences
- Leveraging the information in MISP to Make Threat Landscape Report
Jupyter notebook used during the training session.
Training Video - MISP Workflow
MISP Training Video December Edition - Workflow
MISP has been a widely used open source CTI platform for the past decade, with a long list of tools that allow users to customise the data models and contextualisation of the platform, yet true customisation of the actual workflows and processes had to be done externally using custom scripts.
MISP 2.4.166 released with many improvements, bugs fixed and security fixes.
We are pleased to announce the immediate availability of MISP v2.4.166 with new features and fixes, including two critical security fixes.
MISP 2.4.165 released with many improvements, bugs fixed and security fixes.
We are pleased to announce the immediate availability of MISP v2.4.165 with many improvements to the workflow subsystem along with various performance improvements.
Curate events with an organisation confidence level
Quality of threat intelligence
When you receive threat intelligence from different sources you quickly realise there is a big difference in the quality of the received information. Where some organisations go to great length to ensure their events are accurate, complete and contextualised, other organisations use different standards. Some of these differences are caused by particular use cases but can also be caused by human errors or maturity growing pains. Regardless of what’s causing these differences, as a consumer, it costs time to wade through events and manually curate them.
SACTI - Secure aggregation of cyber threat intelligence
SACTI: Secure aggregation of cyber threat intelligence
Overview
Communities can share cyber threat intelligence on platforms, such as MISP. In the H2020 project Prometheus TNO has developed a way to securely aggregate cyber threat intelligence and publish the result on MISP.
MISP 2.4.164 released with new tag relationship feature, improvements and a security fix
We are pleased to announce the immediate availability of MISP v2.4.164 with a new tag relationship features, many improvements and a security fix.
MISP 2.4.163 released with improved periodic notification system and many improvements
We are pleased to announce the immediate availability of MISP v2.4.163 with an updated periodic notification system and many improvements.
Updated periodic notification system
- A new option has been added to set the number of days for the trending calculation.
- New correlation are now showed in the periodic notification.
- Only the top 10 MITRE ATT&CK techniques are displayed and sorted by number of occurrences.
- Layout has been improved in the UI and also in the static email rendering.
- Only show data in the chart for tags having changes over time.
For more information, check out the Periodic summaries - Visualize summaries of MISP data blog.
MISP 2.4.162 released with a new periodic notification system, workflow updates and many improvements
We are pleased to announce the immediate availability of MISP v2.4.162 with a new periodic notification system, workflow updates and many improvements.