MISP Project @MISPProject@mastodon.opencloud.lu

I just did a very simple API to query the threat actors from the @MISPProject galaxy. There is a public API and the server is also open source. You can find threat actors name, synonyms and all meta-data with a simple curl query. #ThreatIntel

https://github.com/MISP/threat-actor-intelligence-server#api-and-public-api …pic.twitter.com/NNjdapbomt

On utilise déjà @MISPProject pourtant, qui n'est pas au courant?

MISP project maintains an exhaustive list of threat actors with metadata, relationships and synonyms. The format is machine-parsable and all is open source under CC-0/2-clause BSD license. Feel free to reuse and/or contribute.

https://github.com/MISP/misp-galaxy/blob/master/clusters/threat-actor.json … -
https://www.misp-project.org/galaxy.html#_threat_actor …pic.twitter.com/lEVgeLgU2o

Happy New Year! Thanks to all the 400+ contributors who contributed to the MISP project to improve information sharing and threat intelligence. Thanks to all the users and supporters who helped during 2019. #ThreatIntel #opensource

https://www.misp-project.org/contributors/ pic.twitter.com/JvOe16WMeg

Looking back on 2019 I have learned that by sharing cybersecurity data members of the community are able to lessen the time from first detection anywhere to mitigation. Using a transparent architecture within a SOC like @MISPProject can strength this. #edu19 #BigData #Omnisocpic.twitter.com/6QP2lED0tO

MISP now supports a new attribute type format for Kusto query used in @Azure Sentinel and Microsoft Defender ATP. You can now share more easily queries within information sharing communities and collaborate on defence. @JohnLaTwC @ashwinpatil
https://github.com/MISP/MISP/commit/7a82a9f8d73e3565b8b880476bffccfe08afb57d …

sightingdb version 0.1 has been released by @tricaud (@devo_Inc) Sighting DB is a fast-lookup database for sightings of attributes. The lookup protocol is a MISP standard which is supported by MISP to have many sighting back-ends.
https://github.com/stricaud/sightingdb …
https://www.misp-standard.org/rfc/sightingdb-format.txt …

Don't forget to update your PyMISP library to the latest version especially to fix the issue introduced in the new MISP feed generator.
https://github.com/MISP/PyMISP/  Thanks to @rafi0t for the hard work and refactoring on the Python library to interact with the MISP API.

In the meantime, #infosec community: the best gift you can give this season is not a "hot take", but instead a $ contribution and/or PR to your favorite open source projects!

I released the version 1.0 of git-vuln-finder - Finding potential vulnerabilities in source code repositories by analysing git commit messages.
https://github.com/cve-search/git-vuln-finder/releases/tag/v1.0 … The next release will include an integration with @MISPProject to allow collaborative review of vulnerabilities.pic.twitter.com/M38GuprQEQ

I would love to see more of the energy currently dedicated to this debate directed to a constructive effort like this. Sigma is underrated. Projects like @MISPProject provide easy means to share sigma/yara/snort sigs alongside contextual information
https://twitter.com/shotgunner101/status/1209427380827230208 …

MISP is an awesome project and we are eager to reap the benefits =)
https://twitter.com/VV_X_7/status/1208937874089029634 …

It sounds like @MISPProject may be taking a look at this as well (and are consistently amazing with how fast they develop), but suggest submitting a feature request to
https://github.com/mitre-attack/tram/issues/new?template=feature-request.md ….

Happy Holidays @MISPProject ! The blue team @Ubisoft present MISP-K8S: automated high availability MISP + MISP Dashboard deployment in @awscloud EKS.

https://vvx7.io/posts/2019/12/misp-high-availability-with-amazon-eks/ …
@Xyrodileas @apleks_

Thanks! Now this should lower the bar for adopting @MITREattack. Maybe in a Future release you add the Option for sharing new sub-techniques via @MISPProject.
https://twitter.com/MITREattack/status/1208107214130548744 …

Thanks to @mokaddem_sami for the incredible @MISPProject cookie. Don’t forget we have a flexible data model for information sharing and we even have a cookie object template ;-)
https://www.misp-project.org/objects.html#_cookie …pic.twitter.com/ObNB6M0KEg

New @apivoid expansion module for MISP, @circl_lu passive dns and passive SSL/TLS modules have now support for MISP objects (passive DNS and x.509 objects) and many improvements in misp-modules. Thanks to @chrisred_68 and all the contributors.
https://misp.github.io/misp-modules/expansion/ …pic.twitter.com/Y0hOvM3Tbq

Last Friday we had the first #belgomisp meeting. A big thank you to all participants, good discussions and exchange of ideas on @MISPProject . Presentations are up at
https://github.com/cudeso/misp-usergroups/blob/master/meetings/belgomisp_0x01.md … Stay tuned for the Doodle announcing the next date(s).

Many improvements to @MISPProject and @MaltegoHQ integration - thanks to @cvandeplas for the hard work. #ThreatIntel
https://twitter.com/cvandeplas/status/1207040443231420422 …

Definitely can recommend markdown to make the integration with the upcoming report objects easier