Skip to content

Releases: MISP/MISP

MISP 2.4.188 with major performance improvements and many bugs fixed.

24 Mar 15:01
v2.4.188
8ac96cc
Compare
Choose a tag to compare

MISP 2.4.188 with major performance improvements and many bugs fixed.

New Features

  • Datasource Improvements:
    • Updates to some datasources with the ignoreIndexHint parameter (mysqlExtended, mysqlObserverExtended).
    • Fix for forceIndexHint.
  • Settings:
    • Added setting to temporarily disable the loading of sightings via the API (affects restsearch and /events/view endpoints). This helps with performance issues caused by large sighting data sets.

Changes

  • PyMISP:
    • Multiple version bumps.
  • Version and Internal Updates:
    • General version bump.
    • Improved error handling and marking BadRequestException as fail log in CI.
    • Attempt to fix a failing test.
    • Updated misp-galaxy, misp-object, and warning-lists.
  • Attribute Search Rework:
    • Significant performance improvement when using MysqlExtended or MysqlObserverExtended data sources.
    • Event level lookup moved to subqueries for faster queries.
    • Ignoring the deleted index to improve speed.
  • OpenAPI Updates:
    • Added content for analyst-data and event-reports.
  • Sighting Policy Support:
    • Added support of sighting policy in sightings:getLastSighting.
  • Attribute Search Performance:
    • Improved performance of includeDecayScore by a factor of 5.
  • Attribute Fetch Refactor:
    • Simplified conditions and optimizations.

Fixes

  • Attribute Search:
    • Enforced unpublishedprivate directive.
  • Internal Error Handling:
    • Error handling improvements in AttachmentScan.
  • CurlClient HEAD Request:
    • Added CURLOPT_NOBODY for HEAD requests.
  • CLI and ECS Updates:
    • Fix for redisReady in dragonfly.
    • Change type from Exception to Throwable in ECS.
  • OIDC:
    • Default organization handling if not provided by OIDC.
  • Publishing and Sync Issues:
    • Fix for publishing and sync errors.
  • Performance Improvements:
    • Bulk loading of analyst data to speed up event loading.
  • UI Update:
    • Added MISP.email_reply_to to server config.

Other

  • Multiple merges of branches and updates.
  • Fixes and changes in misp-stix, attachment scan error handling, OIDC default org handling, alert email titles, shadow attribute handling, and community additions (ICS-CSIRT.io).

Community and Contribution Updates

  • Additions and changes to the community, including the introduction of the ICS-CSIRT.io community.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.187 with security fixes, new features and various fixes.

24 Mar 14:56
v2.4.187
661b238
Compare
Choose a tag to compare

MISP 2.4.187 with security fixes, new features and bugs fixes.

New Features

  • CLI Enhancements:
    • Added org list to shell commands.
    • New command to change user role.
    • Fixes to role management.
  • OIDC Update:
    • New option OidcAuth.update_user_role to disable role changes from OIDC.

Changes

  • Version and Software Updates:
    • Version bump.
    • Updates to PyMISP, misp-galaxy, misp-warninglists, misp-objects, and taxonomies.
  • Internal Updates:
    • Added ext-zstd to suggested PHP extensions.
    • Fixed non-focusable relationship dropdown search field in analyst data.

Fixes

  • General Fixes:
    • Corrected variable unset in events:restsearch to prevent attribute override.
    • Ensured sync pulls continue after an event save failure.
    • Database update fixes for older MySQL versions.
    • Improved API consistency.
    • Fixed pulling from remote servers when analyst data is not supported.
    • Logging fix for removeTagFromObject().
    • Security improvements for file and logo uploads. (Thanks to Rémi Matasse and Raphael Lob from Synacktiv for the report)
      • CVE-2024-29859 < MISP 2.4.187 - add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload.
      • CVE-2024-29858 < MISP 2.4.187 - __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
    • Correct message display when disabling a galaxy.
  • CLI Updates:
    • Added new functionalities including listing roles and creating users.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.186 released with analyst data feature including analyst notes, opinions and relationships.

06 Mar 13:30
v2.4.186
708d181
Compare
Choose a tag to compare

Overview of the analyst data feature in MISP

We are pleased to announce the immediate release of MISP 2.4.186, which includes two major new feature called "Analyst Data" and "Collections" along with an extension to the MISP standard format.

Analyst Data Feature

The Analyst Data 🧑‍🔬 feature is an extended and shareable set of capabilities that allows analysts to share and add their own analysis to any MISP event.

The Analyst Data feature comprises three main new features:

  • Adding an Analyst Note to any element in MISP, such as Event, Event Report, Object, Attribute, or Galaxy Cluster.
  • Adding an Analyst Opinion with a rating (between 0 and 100) to any element in MISP, such as Event, Event Report, Object, Attribute, Galaxy Cluster, or Analyst Note.
  • Adding an Analyst Relationship from/to any element in MISP with a specified relationship type.

This enhancement provides highly flexible capabilities for analysts to describe information about specific details. Analyst Data, similarly to Events and Galaxy clusters, are first class citizens, respecting ownership and distribution mechanisms as well as being synchronisable between MISP instances.

For a quick overview, the below screencast can give you an idea of the analyst data feature in action:

Collections Feature

The new collection feature allows users to create collections for organising data shared by the community. These collections can be categorised based on commonalities or as part of the research process. Collections are treated as first-class citizens and adhere to the same sharing rules as, for example, events do. You can create your own collection and share it with your partners on the same MISP instance.

Other fixes

Details changes are available in Changelog.

Don't forget to follow us on Mastodon

The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Galaxy

Major improvement were performed in the MISP galaxy including major updates in the threat-actor knowledge-base, the surveillance vendors. Additional updates were done to add the relationships in the MISP galaxy public website.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.185 released with sighting performance improvements, security and bugs fixes.

20 Feb 09:35
v2.4.185
b2cb4fa
Compare
Choose a tag to compare

We are happy to announce the immediate availability of MISP 2.4.185. This is mainly a bug fix release resolving several issues as well as tightening the security posture of the org image handling.

Security fixes

We have moved the organisation images out of the webroot to avoid a rogue administrator from being able to upload a crafted, malicious organisation image and for unsuspecting users to be redirected to a malicious direct link of the image. Whilst this vulnerability is highly unlikely, requiring a compromised/rogue site administrator as a premise, the issue is valid and has been fixed.

Thanks to Yusuke Nakajima and Andrei Agape of Teliacompany for both delivering reports of this issue.

Bugfixes

Various fixes affecting the API, proxy settings, sighting synchronisation. The synchronisation bug in particular could easily bring large, sighting rich instances (such as our own) to its knees when a remote instance tried to synchronise via a pull.

We would hereby like to again thank for our active community for supplying fixes, bug reports, vulnerability reports and suggestions for the continuous improvement of MISP, the tool definitely wouldn't be what it is today without all your help!

Details changes are available in Changelog.

Don't forget to follow us on Mastodon

The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Galaxy

fin7

Major improvement were performed in the MISP galaxy including major updates in the threat-actor knowledge-base, the surveillance vendors. Additional updates were done to add the relationships in the MISP galaxy public website.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.184 released with performance improvements, security and bugs fixes.

06 Feb 12:56
v2.4.184
fd9c49d
Compare
Choose a tag to compare

MISP 2.4.184 released with performance improvements, security and bugs fixes.

Improvements

  • Speed up improvements in ssdeep correlation and many other parts of MISP. Thanks to Jakub Onderka for the work on this.
  • [objects] restsearch first/last seen filters added.
  • [event:publication] Added new setting to block event publication if the publishing user is the creator.
  • [events:export] Make setting MISP.disable_cached_exports enabled by default. Since the /events/export has been marked deprecated for a years, we are starting the process to phase it out by first disabling the endpoint by default. The MISP ReST search API is the API to be used in the future if you still have very old scripts relying on export. We recommend to start making plans to rework those scripts.
  • [organisation:orgMerge] Added missing models for organisation handover

Security fixes

A series of security fixes were done in this release, the vulnerabilities are accessible to authenticated users, especially those with specific privileges like Org admin. We urge users to update to this version especially if you have different organisations having access to your instances.

  • [security] Improved security checks for organisation logo upload. (low)
  • [security] New auditlogs's fullChange lack of ACL controls. (medium)
  • [security] Enforce usage of POST to start an export generation process. (low)

CVE assignments are pending and will be published on the security page.

Bugs fixed

  • [GalaxyClusters] fix tag_name restsearch filter (#9512).
  • Various UI fixes.

Many bugs fixed and minor improvements. Feel free to read the detailed changelog

PyMISP

Many improvements in PyMISP including faster JSON parsing with orjson. Feel free to read the detailed changelog

MISP project knowledge bases

MISP Objects

  • [artifact] Changed the payload_bin attribute to attachment type.
  • [flowintel-task] add case-uuid.
  • [process] Environment variables attribute.

MISP Galaxy

A new dedicated website has been developed to easily reference galaxy outside MISP.

MISP warning-lists

Warning-lists updated to the latest version from the different sources.

Don't forget to follow us on Mastodon

The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.183 released with new ECS log feature, improvements and bugs fixed

09 Jan 17:33
v2.4.183
532e5ab
Compare
Choose a tag to compare

MISP screenshot

MISP 2.4.183 released with a new ECS log feature, improvements and bugs fixed.

  • MISP now supports Elastic Common Schema (ECS) security logging. A new option has been added Security.ecs_log to enable this new functionality. A new Security.alert_on_suspicious_logins to security audit has been added.
  • The sync configuration in MISP now supports sharing group blueprints for a simple creation of filter rules based on dynamically updated organisation lists.
  • Major improvement to STIX import handling and especially the misp-stix library such as Parsing PE binary extensions within File observable objects and many more improvements/fixes.
  • API add tag functions updated to also work with uuids, rather than just local IDs.
  • [event:view] Added option to mass local cluster tag.

Many bugs fixed and minor improvements. Feel free to read the detailed changelog

MISP project knowledge bases

MISP Objects

MISP Galaxy

A new dedicated website has been developed to easily reference galaxy outside MISP.

MISP warning-lists

Warning-lists updated to the latest version from the different sources.

Don't forget to follow us on Mastodon

The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.182 released with new features, improvements and bugs fixed

22 Dec 14:47
v2.4.182
8cb184a
Compare
Choose a tag to compare

MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.

MISP Core

New Features

  • [event:view] Added new option show_server_correlations_for_all_users
    allowing non-privileged users to view server correlations. [Sami
    Mokaddem]

Changes

  • [Version] bump. [iglocska]

  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]

  • [misp-stix] Bumped latest version. [Christian Studer]

  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]

  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]

  • [Geo-Open] updated to the latest version. [Alexandre Dulaunoy]

  • [PyMISP] Bump. [Raphaël Vinot]

  • [CLI] runUpdates updated to purge any pending db lock first.
    [iglocska]

  • [event reports] content field size changed to mediumtext. [Andras
    Iklody]

  • [logging] fail silently if logging entry can't be saved. [iglocska]

    • can happen when the log change is too large for example
    • no need to roll back / break sync for example if a log entry is too large, just fail silently.
  • [events:event-graph] Allow expansion of nodes by double-clicking.
    [Sami Mokaddem]

    In response to significant demand from Terrtia and subsequent evaluation by adulau

  • [feed:attachFeedCorrelations] Added comment. [Sami Mokaddem]

  • [event:view] Show feed meta-information as popup. [Sami Mokaddem]

  • [misp-stix] Bump. [Jakub Onderka]

Fix

  • [db_schema] dump. [iglocska]

  • [correlation] exclusion cleaning was broken for noacl correlations,
    fixes #8899. [iglocska]

  • [eventReport:editReport] Generate an UUID if new report added from
    pull. [Sami Mokaddem]

  • [workflows:editor] Prepend baseurl to url. [Lukasz Rzasik]

  • [TOTP] allow deletion of TOTP from edit page. [Christophe Vandeplas]

  • [security] new audit logs lack of ACL controls. [iglocska]

    • added proper ACL handling to the new audit logs
    • as reported by fukusuket(Fukusuke Takahashi)
    • Assigned CVE-2023-50918 for this vulnerability. The new audit log is not enabled by default.
  • [case sensitivity] fix. [iglocska]

  • [login_history] fixes str_contains #9433. [Christophe Vandeplas]

  • [login_history] fixes str_contains #9433. [Christophe Vandeplas]

  • [password reset] required current password for token based reset.
    [iglocska]

  • [diag] diagnostics page loading issue. [Michael Hirt]

  • [openapi] add version to match spec. fixes #9058. [Luciano Righetti]

  • [caching] remove uuid validation from the feed caching. [iglocska]

    • not really needed and it breaks the entire caching if a single old event has an invalid uuid
  • [attribute bulk update] separate out tag deletion as it builds a
    ridiculously large query at times. [iglocska]

  • [caching] remove uuid validation from the feed caching. [iglocska]

    • not really needed and it breaks the entire caching if a single old event has an invalid uuid

MISP project knowledge bases

MISP Objects

Improved shadowserver-malware-url-report and cs-beacon-config object template. Updates in the victim object template and report object template.

MISP Galaxy

Improved Sigma rules galaxy, threat-actors database with many new threat-actors

MISP warning-lists

Warning-lists updated to the latest version from the different sources.

Don't forget to follow us on Mastodon

The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.

MISP 2.4.181 hot fix release

22 Dec 14:31
v2.4.181
2d20c41
Compare
Choose a tag to compare

MISP 2.4.181 hot fix release to disable by default the alert on suspicious login plus some minor fixes.

Changes

  • [tools:misp-delegation] Do not use self-documented expression in
    f-string anymore. [Sami Mokaddem]
  • [version] bump. [iglocska]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [tests] search for errors in logs. [Christophe Vandeplas]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]

Fix

  • [Alert on suspicious logins] disabled by default. [iglocska]
    • requires logs table to be better indexed currently to not be a bottleneck (user_id and action fields)
    • Will be made default in an upcoming version once the performance issues are resolved
  • [tests] fix path in logs_tests.sh. [Christophe Vandeplas]
  • [tests] fixes path of logs_tests. [Christophe Vandeplas]
  • [userloginprofiles] undefined variable #9424. [Christophe Vandeplas]
  • [customauth] missing Class init fixes #9425. [Christophe Vandeplas]

MISP 2.4.180 released with user login profile feature, bugs fixed and many improvements.

22 Dec 14:28
v2.4.180
2613715
Compare
Choose a tag to compare

MISP 2.4.180 released with a new security user login profile feature, bugs fixed and many improvements.

v2.4.180 (2023-11-30)

New

  • [api] added X-MISP-AUTH as an alternative header to Authorization,
    fixes #9418. [iglocska]

Changes

  • [VERSION] bump. [iglocska]
  • [workflows] restored 7.2 and 7.3. [iglocska]
  • [user login profile] old version compatibility. [iglocska]
  • [event index] hover over ID will show the info field, generally more
    useful than the threat level. [iglocska]

Fix

  • [login] fixes bad fix and catches first login after update.
    [Christophe Vandeplas]
  • [revert] dumb check. [iglocska]
  • [compatibility] make the ancient gods happy. [iglocska]
  • [user login profile] skip checks for ancient php versions. [iglocska]
  • [Attribute:EditPostProcessing] Make sure the ID is set. [Sami
    Mokaddem]
  • [attribute:editPostProcessing] Fixed typo in condition preventing tags
    to be detached. [Sami Mokaddem]
  • [attributes] type field added to editable fields. [iglocska]
  • [RPZ] export custom parameters ingored, fixes #9420. [iglocska]
  • [Attribute:editPostProcessing] Fixed sighting capture. [Sami Mokaddem]
  • [Attribute:EditPostProcessing] Make sure the ID is set. [Sami
    Mokaddem]
  • [attribute:validation] Typo in function name. [Sami Mokaddem]
  • [attribute:editPostProcessing] Fixed typo in condition preventing tags
    to be detached. [Sami Mokaddem]

Other

  • Merge remote-tracking branch 'origin/develop' into 2.4. [Christophe
    Vandeplas]

  • Merge branch 'develop' into 2.4. [iglocska]

  • Merge branch '2.4' into develop. [iglocska]

  • Merge branch 'develop' into 2.4. [iglocska]

  • Revert "chg: [workflows] restored 7.2 and 7.3" [iglocska]

    This reverts commit 206d2af.

  • Merge branch '2.4' into develop. [iglocska]

  • Merge branch '2.4' of github.com:MISP/MISP into develop. [Sami
    Mokaddem]

  • Merge remote-tracking branch 'origin/2.4' into develop. [Sami
    Mokaddem]

  • Merge branch '2.4' of github.com:MISP/MISP into develop. [Sami
    Mokaddem]

  • Merge branch 'develop' of github.com:MISP/MISP into develop.
    [iglocska]

  • Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
    Mokaddem]

  • Feature/user login profiles2 (#9379) [Christophe Vandeplas, iglocska]

    • new: [userloginprofiles] start over with previous code

    • fix: [user_login_profiles] fixes catching up the backlog

    • chg: [userloginprofile] email to org_admin for suspicious login

    • chg: [userloginprofile] only inform new device

    • chg: [userloginprofiles] view_login_history instead of view_auth_history

    • chg: [userloginprofile] make login history visually better

    • chg: [userloginprofile] inform admins of malicious report

    • fix: [userloginprofile] cleanup

    • fix: [userloginprofile] fixes Attribute include in Console

    • fix: [userloginprofile] db schema and changes

    • chg: [CI] log emails

    • chg: [PyMISP] branch change

    • chg: [test] test

    • fix: [userloginprofile] unique rows

    • fix: [userloginprofile] unique rows

    • chg: [cleanup]

    • Revert "chg: [PyMISP] branch change"

    This reverts commit 3f6fb46.

    • fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1

    • fix: [db] dump schema version

    • fix: [CI] newer php versions

    • fix: [composer] php version

    • fix: [php] revert to normal php7.4 tests


  • Merge branch '2.4' into develop. [iglocska]

MISP 2.4.179 released with a host of improvements a security fix and some new tooling.

26 Nov 08:45
v2.4.179
5ec0ac9
Compare
Choose a tag to compare

MISP 2.4.179 released with a host of improvements a security fix and some new tooling.

First baby steps taken towards LLM integration

We currently included our first attempt at an LLM integration for report summarisation and extraction. The development is an outcome of our work with @aaronkaplan during hack.lu 2024 and relies on stochasticCTIExtractor for the extraction and interfacing with LLMs.

Expect to see more in this space in the near future!

For a sneak peak, head over to our lightning talk video on the topic.

Workflow improvements

As always, @mokaddem is hard at work in his arcane laboratory, improving the workflow tooling. This time, among a host of improvements, he's also concocted up a new IF module that makes decisions based on the number of elements (counts) matching certain criteria. For a full list of changes, have a look at the Changelog.

Performance improvements for large event edits

The edit performance when it comes to large events has been reworked to speed the process up somewhat. In addition a new "fast_update" mode has been added for special cases when no major changes are expected to an event or when additional precautions have been taken (As a main difference, validation of duplicate handling has been removed from this path).

For some benchmarks of what this means in practice for an event, assuming 20.000 attributes with a single tag being added to each and the last seen being altered:

MISP 2.4.178

Time taken: 171.2364685535431

MISP 2.4.179

Time taken (standard mode): 97.22623372077942
Time taken (fast mode): 40.74654579162598

This new method is currently exclusively used by the /events/edit endpoint, so expect it to show up in other endpoints in later releases.

A new tool for remote delegations

Though more of an edge case, we've seen the need for some communities to be able to cross-instance automatically delegate publications, for example in the case of an ISAC republishing the data of their constituency anonymously, or an organisation providing data produced by a service provider being released under their own umbrella. If you have any such use-cases, head over to the new delegation tool and read up on how it works, what you can do with it - misp-delegation

Security: XSS fixed in the event timeline

This release also contains a security fix, a stored XSS trigerable via the event timeline widget, as reported by fukusuket(Fukusuke Takahashi). Thanks a lot for the report and we encourage the community at large to update their MISP instances to this release as well as to similarly report all their findings to us based on our Security policy.

Other improvements

MISP Taxonomies

Various improvements and inclusions of new taxonomies, such as an update to PAP, a taxonomy used by SRB-CERT as well as a taxonomy for doping-substances.

The PAP (Permissible Actions Protocol) has been updated to be inline with TLPv2. Thanks to the contribution and discussions with ANSSI-FR/CERT-FR about the marking topic.

MISP Objects

Various fixes to a host of object templates as well as some new templates such as Crowdstrike Report objects were added in this release.

MISP Galaxy

  • A host of new clusters were added, mostly targeting the threat-actors galaxy library - a huge thanks goes to @Mathieu4141 for all the diligent work. Automatically ingested galaxies, such as the global sigma rule library have also been updated.

The MISP galaxy MITRE ATT&CK has been updated to the version 14. A new NAICS galaxy has been created to support North American Industry Classification System.

MISP warning-lists

  • Warning-lists updated to the latest version. Several warninglists have been brought up to the latest release as well as new warninglists such as the findip-host warninglist have been added.

For all other changes, please refer to the Changelog.

Don't forget to follow us on Mastodon

The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.