Skip to content

MISP 2.4.116 released

A new version of MISP (2.4.116) has been release, including a long awaited major new feature that deals with decaying indicators in addition to a new ATT&CK sightings export and a new sync priority capability.

Major new feature - decaying indicators

After several years of gathering requirements, doing research and various implementation attempts, MISP 2.4.116 finally includes a new extensive feature for Decaying Indicators using an advanced model to expire indicators based on custom and shareable models.

The feature allows MISP users to have a simple yet customisable system to automatically (or in some cases semi-manually) mark an Indicator Of Compromise (or more generally, an Attribute) as expired. The expiration system allows for the overlaying of computed scores on all attributes in real-time, based on the configured mappings via a decay model. The feature has been designed not to change the attributes per se, but rather to extend the meta information available about the attributes. As with everything in MISP, this new feature is accessible via both the user-interface and also via the API, in order to allow for the filtering of attributes based on a decay model.

Decay Model index

The feature is exhaustive and we highly recommend to read the blog post and watch the video showing all aspects of the new feature or the slides from the MISP training. As usual, MISP comes with a set of default decay models which can be extended locally or contributed back to the community at large.

ATT&CK sighting

More and more users and communities are using the ATT&CK framework to contextualise information shared within MISP. The fine team of ATT&CK recently created a format to share the sightings associated with the techniques. MISP 2.4.116 now has a new output format available which allows users to export the sightings in the MITRE ATT&CK sightings format and share it back to the community or with MITRE directly. This allows the sharing of insights about the various techniques and their frequency of usage.

New sync priority

When having a lot of MISP server to sync with, you might want to prioritise the sync for specific communities or MISP instance. In 2.4.116, we introduced the ability to order the priority of the sync between MISP instances.

Acknowledgement

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2

MISP 2.4.115 released

A new version of MISP (2.4.115) with a major security fix (CVE-2019-16202) and various small improvements has been released. We strongly recommend all MISP users update to this version.

Fixed major performance blocker in sync

  • fix based on the insights of @RichieB2B, the hero we need, not the one we deserve
  • added orgc_uuid to the minimal event index
  • added handlers for it on the pull side
  • when pulling from old instances the new functionality is skipped, resulting in the behaviour we had pre-patch
  • instances on both sides of the sync are encouraged to update, especially if the slow pulls are causing issues

API and export

  • [export] Add a proper filename to the event restsearch API's output to make downloading events a bit more convenient, fixes #4905.
  • [stix2 import] Dealing with the case of named pipe attribute being imported from custom object.
  • [stix2 export] Avoid fails with named pipe export as custom object.

Many fixes and error handling improvement

Thanks to Jakub Onderka for the tireless review of the code and all the fixes. For a complete overview, check the complete changelog is available.

CVE-2019-16202 - Vulnerability in MISP version <= 2.4.114

Conditions to be vulnerable

Any MISP instance version 2.4.114 or below with sync users or organisation administrators allowing incoming synchronisation connections are affected.

Details

By requesting the /servers/index endpoint via the API, authenticated sync and org admin users have access to all synchronisation servers configured, including the API keys used.

The vulnerability was caused by a combination of 3 separate issues:

  • The decision to allow sync users and org admins to have access to the server index was flawed, the idea was that they could assist with finding misconfigurations towards their home instance
  • The API and the UI code paths handled the query that fetched the server list differently, with the restriction for org admins / sync users missing on the API side
  • The API keys were included in the output via the API, not taking into the account that users besides site admins could have access to the functionality

This allows these users to pivot to the remote instances and authenticate using the acquired sync user keys.

Mitigation

If patching immediately is not an option, whitelisting the IPs of incoming sync accounts to their respective MISP instance IPs avoids any abuse with the obtained keys, though for large sharing communities, this mitigation is not recommended.

Fix

Upgrade to a version of MISP that has tightened the access control for the vulnerable endpoint (>= 2.4.115). This remedies any future attempts to abuse the vulnerability.

The 2.4.115 release version also introduces tools that ease the purging of the potentially exposed keys, along with logging attempts to access the vulnerable functionality.

The fix itself removes the access of all users besides the site admin to the /servers/index end-point and thus removes the necessity to deal with issue 2 or 3 identified in the details.

Site administrators are encouraged to reset all org admin / sync user API keys via the new reset functionality found at the top of the /admin/users/index page, or by POSTing an empty request to /users/resetAllSyncAuthKeys as a site administrator or executing the reset via the CLI command: /var/www/MISP/app/Console/cake resetSyncAuthkeys [sync_user_id]

Administrators are also encouraged to remotely reset their API keys on instances where the above is not executed by the administrators, by navigating to /servers/index on their own instance and issuing a remote reset for their API keys. This will conveniently issue a reset on the remote instance and store the new key in the sync connection.

Credits

Guenaëlle De Julis and Céline Massompierre from CERT-XLM of Excellium Services.

Timeline

  • 2019-09-06 16:25:47: Vulnerability report received from CERT-XLM
  • 2019-09-06 20:25:02 [TLP:amber]: MISP Project confirmed vulnerability to CERT-XLM along with notifying them of an internal fix being ready for co-ordinated publication, scheduled for 2019-09-09 13:00
  • 2019-09-09 13:07:00 [TLP:green]: Co-ordinated limited release, patch released and tagged to GitHub and all known MISP community users notified and encouraged to notify their constituents
  • 2019-09-10 [TLP:white]: CVE ID assignment, publication of tagged version, publishing of this advisory, release of blog post describing the vulnerability

Acknowledgement

We would like to reiterate the importance of continuous security testing and the reporting of findings. Without the diligent work of security professionals in our community, we would have an infinitely harder time of squashing potential vulnerabilities. Thanks again to everyone that has helped us make MISP more secure.

If you have found a vulnerability in MISP and would like to get in touch with us, please read our vulnerability disclosure notice.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2

A new version of MISP (2.4.114) with some new features supporting collaboration and a list of fixes and small improvements. We strongly recommend to update to this version.

Letting the world know about your community

One of the most common questions we get from users is whether we can point them to a community that would fit their profile and needs. This is something that often leaves as stumped. Being an open source project, we only really know the part of our user-base that we directly interact with and even if they do, the question of whether we should point users in their directions in the first place is often a puzzling one.

We've decided to make everyone's life just a tad bit easier. By incorporating an in-application registry of known communities, we not only allow organisations that run an ISAC or other sharing community to let potential new community members know that they exist in the first place, but also we also allow anyone with a MISP installation to conveniently send requests to communities for access.

Simply go to sync actions -> communities, browse the communities vetter or at least known by the MISP project and pick the ones that you consider yourself a good fit for. The system allows you to describe who you are and why you feel that you'd be an asset to the given community and send a request directly to the administrators of the instance.

The list of communities for now is rather brief, if you would like your community to be listed, get in touch us at the MISP project, or create a pull request describing your community.

Keeping an eye on incoming delegation requests

As with all new features in MISP, we often struggle with anticipating the interest a new system would generate, often under-estimating the volume of data that they would generate. When we first implemented the delegation system, we expected it to be more of an edge-case scenario. We were obviously wrong, several communities out there rely quite heavily on being able to pseudo-anonymously publish data.

This is especially the case in ISAC/ISAO driven communities, where a central trusted authority ensures both the quality of the data produced as well as protecting the identity of those that wish to remain unknown when disclosing information that could be considered a successful intrusion.

We have now added an interface that allows users to search both received and issued delegation requests in a more convenient manner.

Quality of life improvements for administrators

Added a new diagnostic tool that allows administrators to keep track of the database table sizes in MISP along with the potentially recoverable space by optimising the table.

Taxonomies improved with the addition of an Industrial control systems and operational technology (ICS/OT) Taxonomy

Industrial control systems and operational technologies (ICS/OT) are often the target of threats, intrusions and attacks. The FIRST.org Cyber Threat Intelligence SIG did a tremendous work of documenting these into a series of taxonomies. To support and actively test the use of the ICS/OT taxonomy, the ics taxonomy is now part of the default MISP taxonomy library. We also encourage any ICS/OT operators to contribute back to the ics taxonomy JSON file in order to improve the taxonomy based on their experiences. By being a taxonomy in MISP, this allows all ICS/OT users to directly tag and contextualise information shared within MISP instances and communities to describe their domain specific incidents and reports along with the related industrial threat intelligence.

Fixes and improvements

  • [contact reporter] Various fixes ensuring that the right users can be contacted
  • [API] A long list of fixes ensuring consistency and proper responses for the less used endpoints, based on @rafiot's exhaustive test suite
  • [API] Fixed output of the attribute histogram. No more STIX-ish barf inducing numeric string keys for dictionaries
  • [Feeds and warninglists] A long list of fixes tuning the performance of said subsystems
  • [PostgreSQL] A list of fixes, making MISP work on psql
  • [Import modules] Ensuring that the new, object supporting import modules can be called via the API
  • [other] Various other fixes touching a long range of features, such as UI issues, object merge problems, invalid links and many more

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

Special shout-outs to Jakub Onderka (@JakubOnderka) for the tireless work around tuning the warninglist systems and fixes all around, to Pierre-Jean Grenier (@zaphodef) for the massive list of fixes ensuring that our APIs behave more sanely and Beckhalo Evgeny (@4ekin) for taming the beast that is PostgreSQL support.

We would also like to make a special dedication to the funding support of CIRCL and INEA under the CEF Telecom 2016-LU-IA-0098 grant.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2

MISP 2.4.113 released

A new version of MISP (2.4.113) with tons of fixes and small improvements. We strongly recommend to update to this version.

API and sync

  • [API] get individual server settings via /servers/getSetting/[setting_name], fixes #4964.
  • [API] Allow posting freetext data for ingestion via the event UUID instead of ID, fixes #4995.
  • [internal / API] new component added to handle repeatable code across all controllers (toolbox controller)
  • [sync] Added a protection from receiving empty published events from other instances.
    • a temporary solution to some older, bugged instances emitting them
  • [sync] Sync object builder tool fixed.
    • was picking the wrong org as the owner of the remote side
  • [sync] Fixed an invalid massaging of object attributes before a sync.
    • on a push, object attributes were not correctly filtered out based on distribution settings
  • [API] Attribute add rework. Handle attribute creation in a unified manner via captureAttributes
  • Show sharing groups' uuids.
  • Delete an object by its uuid, similar syntax to attribute's deletion.
  • [stix test] Updated STIX1 test files with the updated MISP event files export results.
  • [stix test] Updated MISP event test files with the latest objects supported.
  • [logging] Truncate description lengths that would be longer than what
    the DB can store with the default setup.
  • [stix export] Change on leveraged ttp at incident level.
    • No longer referencing ttps created out of MISP objects as leveraged ttps at incident level
    • Making sure all ttps, course of actions, threat actors and so on created from MISP galaxies are referenced at incident level
  • [six export] Handling vulnerability attributes the same way as objects.
    • Fixing at the same time some references (with vulnerability objects related to vulnerability attributes) that were lost
  • [stix export] Better tags handling.
    • Avoid passing event level tags everywhere
    • Using class variable for the tlp markings
  • Modules can now pre-check a checkbox from userConfig.
  • [types] email-subject added as a valid type for network activity.
    • used to describe outgoing e-mail subjects for exfiltration. Perhaps consider adding a new category for exfiltration altogether.
  • [API] servers/serverSettingsEdit now accepts the force parameter in a posted JSON object.
  • [API] get organisation by uuid for sightings/listSightings, fixes #4992.
  • [API] Misp object delete's uuid lookup fixed.
  • [API] removed testing exception.
  • [API] Swapped error messages' content from "don't" to "do not" to avoid weird sanitisation artifacts coming from the exception handler.
  • [API] error message.
  • [API] Attribute edit fixed.
  • [API] /galaxies/view by uuid added, fixes #4993.
  • [API] sightings restSearch now accepts uuids as org_id, fixes #4992.
  • [API] Delete sightings by UUID, fixes #4987.
  • [API] /objects/view should accept UUID as a parameter instead of just ID, fixes #4991.
  • [API] Delete organisations by UUID, fixes #4989.
  • [API] Access event proposals by uuid via shadow_attributes/index/[uuid], fixes #4988.
  • [API] Adding an event without the info field set should never work, fixes #4984.

UI

  • [enrichment] Handling correctly comments at objects level.
    • Objects level comments were displayed but not handled at the end, they are now displayed, users can modify them as comments at attributes level, and they are handled then with the saved results
  • [UI] Handle settings being removed from config.php more gracefully in the UI.
  • [UI] Row description added in View Warninglists.
  • [UI] Improved the accessibility of the galaxy matrix view for screen readers. The table elements are now focusable, and only a short text is brailled/spoken by default.

internal

  • [session handling] Session handling fixes.
    • changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts
      sharing sessions
    • timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
  • [debug] Added an on-demand sync debug to assist some debug sessions.
    • very primitives, simply concatenates events to be pushed into a file
  • [internal] Default field list added for attributes.
    • let's try to standardised on things we output instead of doing it manually. It's a first step
  • [warning-list] Filter CIDR warning list before eval.
  • [internal] Potential fix for a race condition generating orphaned attributes, fixes #4886.
    • This fix will avoid issues where the delay is introduced by the deferred start of the execution via the background workers
    • deleting an event whilst data is being actively added will still not be interrupted
  • [internal] Feed lookup by UUID removed as feeds don't actually have UUIDs, fixes #4998.

misp-modules

misp-modules have been improved with new modules especially an improved cuckoo import module (thanks to Pierre-Jean Grenier). The documentation has been also improved (thanks to all the contributors who helped us on the documentation).

MISP galaxies, MISP object templates and MISP warning-lists have been updated to the latest version. MISP galaxy now includes a target-location galaxy to improve classification.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2

MISP 2.4.112 released

A new version of MISP (2.4.112) has been released with a host of API fixes, improvements and a security fix.

Improvements

  • [sync] Event index cleaned up, total count of listed events added as X-Result-Count header

  • [sync] Previewing a remote instance now passes pagination rules in the request instead of fetching the full data-set and paginating in memory. This also include a fix to issues with empty preview pages. Massive performance boost when previewing a remote instance. This requires the remote side to be the same version or newer.

  • [API] New parameters added to attributes/restSearch to include additional context, fixes #4935, fixes #4940, affects MISP/PyMISP#415.

    • includeSightings: include sightings for all attributes returned
    • includeCorrelations: include the correlations to other attributes (includes a light-weight event object with each attribute)
  • [cli] Added cleanCaches command.

  • [API] Disable background processing on-demand via URL parameters.

  • [API] Disable DB logging completely, fixes #4921.

  • [API] IncludeContext now includes the additional event fields in the attributes/restSearch results (in JSON format).

  • [data model] New attribute type weakness (CWS) added

  • [alerting] Block the alerting of events based on the date field as an alternative to the timestamp, fixes #4937.

  • [warning-list] Speedup improvement in the CIDR lookup.

  • [UI] Add a quick button for the event attribute toolbar for the showing of related tags.

  • [restClient] Do not override query body if url hasn't changed.

  • [feed-metadata] Panels Tracker feed added.

  • [eventGraph:search] Usage of chosen instead of bootstrap with non- stripped label.

Bugs fixed

Many bugs fixed based on the extensive PyMISP test cases in addition to manual reviews. All fixes are documented in the changelog.

CVE-2019-14286 fixed

CVE-2019-14286 has been fixed. In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability. This vulnerability has been fixed in MISP 2.4.112. We strongly encourage everyone to update as soon as possible. Thanks to David Heise who reported the vulnerability.

misp-modules

misp-modules have been improved with new modules especially with a new advanced CVE module which includes the ability to import CVEs along with their associated weaknesses and attack techniques (as you can see in the screenshot). The documentation has been also improved (thanks to all the contributors who helped us on the documentation).

MISP galaxies, MISP object templates and MISP warning-lists have been updated to the latest version. MISP galaxy has been updated to include the July edition of the MITRE ATT&CK model.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2

@adulau adulau released this Jul 20, 2019 · 883 commits to 2.4 since this release

MISP 2.4.111 released

A new version of MISP (2.4.111) has been released with an improved proposal sync, minor improvements and bugs fixed.

Proposal synchronisation rework

The proposal synchronisation has undergone a long over-due rewrite and as a result it has been significantly improved ompared to the original implementation, which was released several years ago. We strongly invite all users of MISP to upgrade
to the latest version to restore the fetch-on of proposals via the synchronisation. The proposal index has been reworked and proposal pull is now limited to the last 14 days (to avoid trying to pull ancient proposals at each sync).

New attribute type community-id added

At the MISP project, we are big supporters of new open standards, which can help communities in an effort to reference forensic evidences, especially network forensic evidences. It has always been difficult to track down common network flows as many tools and products rely on different methods to build network flow ids. Christian Kreibich from Corelight decided to take a bash at resolving this issue and has been working on creating the Community ID Flow Hashing format. As the community-id is open to open source implementations which can be reused, various open source projects already support it such as Zeek (Bro), Suricata, Moloch, HELK, Elastic and now also MISP, as of version 2.4.111.

In 2.4.111, a new attribute type has thus been added, along with the following object templates already including the new attribute field:

This feature allows to easily correlate network forensic flows from different tools or network equipment.

Improvements and bugs fixed

  • [misp-modules enrichment] Fixed index in attribute.
  • [API] Deletes broken due to invalid boolean.
  • [API] Delete http method/requests properly accepted by some /delete endpoints.
  • [sync] Fixed a bug breaking the synchronisation between MISP instances.
  • [stix2] Import of User Account objects is now supported.
  • Issues #4864, #4861, #4847 fixed

MISP galaxy, MISP object templates and MISP warning-lists have been updated to the latest version.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2
Jul 12, 2019

rm

hotfix-2.4.111

MISP 2.4.110 released

A new version of MISP (2.4.110) has been released with a host of new features, improvements, many bugs fixed and one security fix. Even under the searing summer sun, the MISP project team is hard at work, whilst enjoying some cocktails (with or without booze).

New main features

MISP modules extended to support the full MISP standard format

misp-modules now support MISP objects and relationships. The revamped system is still compatible with the old modules, whilst the new modules bolster up the complete MISP standard format. New modules such as url-haus, joe sandbox query and many others support the new MISP standard format. This new feature allows module developers to create more advanced modules, generating MISP objects and associated relationships from any type of expansion, import or export modules in one click.


Local tags introduced

The long awaited feature "local tags" is now finally available. You can create tags locally if you are a member of the given MISP instance's host organisation, enabling "in-place" tagging for synchronisation and export filtering. MISP events are not modified while using the local tags and are in turn always stripped before being synchronised with other MISP instances and sharing communities. Local tags allow users to avoid violating the ownership model of MISP, but still be able to tag any event or attribute for further dissemination and data contextualisation. Local tagging works for tags, tag collections, galaxies and matrix-like galaxies such as ATT&CK.

New Norwegian translation

Thanks to the contribution from Kortho, the MISP user-interface now includes a Norwegian translation in addition to the previously contributed Japanese, French translations along with multiple work in progress translation efforts getting closer to full coverage, such as Russian, German and Chinese. If you wish to contribute, feel free to join the crowdin page for MISP. It's simple and efficient, translations can be easily done via the web interface.

Various updates and improvements

  • Following SANS courses feedback, physics can be enabled/disabled on demand.
  • [UI] Filter has been added in the template object index.
  • [API] On-demand inclusion of attribute relations via the event view endpoint. Thanks to Siemens for the ideas and feedback.
  • [security] Made certain settings modifiable via the CLI only. Some settings are too risky to be exposed, even to site admins, so made them CLI accessible only.
  • [API] New option to excludeLocalTags to events/restSearch.
  • [UI] Many improvements in the event view regarding related events. In case of multiple correlations, the related events are now in a scrollable box.
  • [Doc] Installation guides and scripts were improved.
  • [Bug] Fix an old hard-coded path for the temp directory.
  • [API] Simple worker management added.

Security fix (CVE-2019-12868)

CVE-2019-12868 has been fixed in MISP 2.4.110. MISP 2.4.109 had remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialisation. This vulnerability can only be triggered by the site admin. Thanks to Dawid Czarnecki for reporting it.

STIX improvements

  • Parsing observable compositions from external STIX files.
  • Fixing issues with 'parse' being called on bundles containing custom objects.
  • Fixed user account pattern and user account observable extension in STIX 2.0 export.
  • Fixed socket extension parsing.
  • Fixed registry-key keys and values parsing for patterns.

MISP galaxy, MISP object templates and MISP warning-lists have been updated to the latest version.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Assets 2

A new version of MISP (2.4.109) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version.

New main features

Encapsulate existing attributes into an object

When an analyst inserts information into MISP, it's very common to start with a set of unstructured indicators/attributes. At a later stage, common structures emerge and combining attributes into objects start making more and more sense. However, the effort spent on the process of attribute creation would have to be repeated in prior versions via the object creation interface, something that resulted in analysts deciding to save time and effort and move on, leaving the unstructured data as is. To reduce the workload needed to bring structure to our prior work, we have now introduced a new feature, allowing users to easily select a set of attributes and automatically propose suitable object templates depending on the combination of types of the selected attributes. These in turncan be gathered and processed into the desired object.

Improved ATT&CK and ATT&CK-like matrix support


We received exhaustive feedback during the FIRST.org CTI conference in London and the ATT&CK EU community workshop at Eurocontrol concerning the ATT&CK integration in MISP. The matrix visualisation has been improved by sorting and reorganising the individual techniques based on their aggregate scores. These statistics can now easily be queried based on time-ranges, organisations, tags, along with all other restSearch enabled filters to generate ATT&CK like matrix views.

Security fix - CVE-2019-12794

An issue was discovered in MISP 2.4.108. Organisation admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users) or impersonate them by reusing their API keys. This could be abused in a situation where the host organisation of an instance decides to use organisation admins to further manage their own users. The potential for abuse is limited to situations where the host organisation of an instance creates lower-privilege organisation admins instead of the usual site admins, so whilst it was indeed in the spirit of what the powers of organisation admins are, we agree that this was a bad design decision. CVE-2019-12794 Thanks to Raymond Schippers for the report.

API

  • [API] added new restSearch filter - date.
    • deprecated to and from
    • date works similarly to timestamp, accepted syntax options:
      • time ranges in the shorthand format (7d or 24h, etc)
      • timestamps
      • fallback parsing for other formats (2019-01-01, "fortnight ago", etc)
      • date ranges using lists [14d, 7d]

Bugs fixed

  • A long-standing bug has been fixed when adding tags or galaxies whilst using Firefox.
  • [permissions] Fixed the default sync/user/publisher permissions to include perm_tagger and perm_tag_editor(sync only).
  • And many other fixes.

MISP galaxy, object templates and warning-lists updated

MISP galaxy, MISP object templates and MISP warning-lists have been updated to the latest version.

New default feeds were added in MISP. Don't hesitate to contact us if you have any idea for new feeds.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Warning: Next release 2.4.110

The next version of MISP will include major changes to the data-model by introducing new functionalities that support forensic capabilities, with a special focus on improving the time representation of MISP attributes and objects. The next release will update various tables in the database as usual, but the automatic update might take longer than usual (on larger instances between 30 and 45 minutes) depending on the number of attributes stored in the instance. During the update procedure, MISP will be unavailable until the update is complete. We will notify our users in advance to prepare their upgrade plan for the next release 2.4.110.

Assets 2
You can’t perform that action at this time.