The @misp project's extensive knowledge base, available at misp-galaxy.org, now features an interactive and dynamic graph. This new addition showcases graph relationships, enhancing your browsing experience with visible, dynamic connections. Plus, you can easily filter through these relationships to find exactly what you need.
Using Zeek’s new JavaScript support for MISP integration.
With Zeek 6.0, experimental JavaScript support was added to Zeek, making Node.js and its vast ecosystem available to Zeek script developers to more easily integrate with external systems.
In recent years, we have strived to update the MISP standard to ensure it remains stable, simple, and extensible. This effort benefits not only the MISP project but also other threat intelligence tools that utilise this format.
Our commitment is to maintain a stable long-term format that allows users to actively reuse the MISP standard without encountering disruptive changes. We are pleased to announce that our standard format is now being used by numerous software applications worldwide. Recently, we have made minor updates to various formats to incorporate necessary changes while ensuring that our current users are not adversely affected.
For more detailed information, please refer to the following links:
We included in the MISP Project galaxy the new MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence System) which can easily be used to describe adversary tactics and techniques based on real-world attack observations and realistic demonstrations from AI red teams and security groups
The MISP playbooks address common use-cases encountered by SOCs, CSIRTs or CTI teams to detect, react and analyse intelligence received by MISP. The project started early 2023 and as we’re now ending the year it’s time to look back at its current state and get an early glimpse of the future features.
Over recent months, the MISP project has undergone significant enhancements and advancements. These developments extend beyond software upgrades, encompassing enrichments in the community-managed MISP standard base, including galaxies, warning-lists, and objects.
MISP 2.4.179 released with a host of improvements a security fix and some new tooling. New steps taken towards LLM integration, Workflow improvements, performance improvements for large edit and many more...
The generic data received rtl_433 (for 433.92 MHz, 868 MHz (SRD), 315 MHz, 345 MHz, and 915 MHz ISM bands has a pull-request to support the SigMF format. 😎
With the recent support of SigMF in MISP @misp then you can have a complete chain of SIGINT for specific frequencies (either decoded or undecoded ones).
If you are curious about the extensive capabilities in MISP automation from API to complex workflow. You might want to watch our latest training session:
Are there any best practices or recommendations around when you would re-use an event id for a feed, vs having a new event id for each time the feed updates?
The CSV and Freetext feed types allow you to specify a Fixed Event. Is this the default / recommended behavior?