Changelog

Synapse-MISP Changelog

v5.1.0 - 2025-10-10

Features and Enhancements

  • Added --publish argument to misp.event.add command to publish events on the MISP server. Events to be published can be new events as they are being exported or existing events specified by event ID.

v5.0.0 - 2025-07-10

Automatic Migrations

  • Migrated all existing server configurations to have a proxy server value of true which will use the Cortex proxy server settings.

Features and Enhancements

  • Updated the Power-Up to support proxy server settings in the server configurations.

  • Updated the misp.setup.server.add and misp.setup.server.updated commands to support adding/updating proxy server settings.

v4.0.0 - 2025-04-25

Automatic Migrations

  • Migrated and removed all inet:web:acct nodes created by Synapse-MISP as identified by <(seen)- edges from meta:source:type=synapse.misp or meta:source:type=synapse.misp.feed source nodes. These nodes were migrated to inet:service:account nodes.

Features and Enhancements

  • Updated Power-Up to make inet:service:account instead of deprecated inet:web:account nodes.

Bugfixes

  • Fixed a bug where the misp.sync command would not use the default tag prefix when syncing events.

v3.13.0 - 2025-03-12

Features and Enhancements

  • Updated misp.search to populate the it:exec:query:opts property.

Automatic Migrations

  • Removed :url and :url:fqdn properties from media:news nodes that were incorrectly created by the misp.feed.sync command.

Bugfixes

  • Fixed a bug where the misp.feed.sync command would incorrectly create :url and :url:fqdn properties on media:news nodes.

  • Fixed a bug where MISP “filename|md5”, “filename|sha1”, or “filename|sha256” types with invalid values may raise an exception and cause a sync to fail to complete.

  • Fixed an issue where the it:exec:query:synuser property was not being populated for misp.search command.

  • Fixed an issue where it:exec:query nodes from the misp.search command were not unique per query.

v3.12.0 - 2025-03-10

Features and Enhancements

  • Added support for ingesting and file parsing MISP “malware-sample” attribute types.

v3.11.1 - 2025-02-19

Bugfixes

  • Fixed a bug where the misp.sync command wouldn’t download event attachments.

v3.11.0 - 2025-02-14

Features and Enhancements

  • Added misp.search command for searching events on configured MISP servers.

v3.10.0 - 2025-02-05

Automatic Migrations

  • Removed the meta:source:_misp:feed:updated and meta:source:_misp:feed:sha256 extended properties and moved the data to meta:source:ingest:latest and meta:source:ingest:cursor respectively.

Features and Enhancements

  • Added support for ingesting and file parsing MISP “attachment” attribute types.

  • Added --no-fileparser option to misp.sync, misp.sync.byid, and misp.feed.sync commands to prevent sending attachments to Synapse-FileParser.

  • Updated ingest logic to use the meta:source:ingest:latest and meta:source:ingest:cursor extended properties for tracking the last time a MISP feed was updated.

  • Added support for applying MISP tags to nodes created when ingesting MISP events and attributes.

  • Added --tagpref option to misp.setup.server.add command to support tag prefixes when adding a MISP server configuration.

  • Added --tagpref and --del-tagpref options to misp.setup.server.update command to support modifying tag prefixes on configured MISP servers.

  • Added --tagpref option to misp.feed.sync command to support tag prefixes when ingesting data from MISP feeds.

v3.9.0 - 2025-01-17

Features and Enhancements

  • Removed deprecated commands misp.setup.server.rename, misp.setup.server.setglobal, and misp.setup.server.setperm.

v3.8.0 - 2024-09-17

Features and Enhancements

  • Added misp.feed.sync command which adds ability to sync MISP feeds published via HTTP repository in MISP standardized format.

v3.7.1 - 2024-08-05

Bugfixes

  • Fix an issue where Event Add warning toast messages were not displayed properly.

v3.7.0 - 2024-06-28

Features and Enhancements

  • Updated typemap to include support for exporting it:sec:cwe nodes.

v3.6.0 - 2024-05-30

Features and Enhancements

  • Added --sharing-group-id option to misp.event.add for specifying the sharing group ID when distribution value is set to value four (“Sharing group.”).

  • Added --threat-level-id option to misp.event.add for specifying the threat level ID of an exported event.

Bugfixes

  • Updated --distribution option to include value four (“Sharing group.”).

v3.5.0 - 2024-05-22

Features and Enhancements

  • Updated typemap to include support for exporting risk:vuln nodes.

  • Added --distribution option to misp.event.add to support specifying the distribution value instead of defaulting to zero (“Your organization only.”).

v3.4.1 - 2024-02-20

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

v3.4.0 - 2024-01-23

Features and Enhancements

  • Added a node action workflow for misp.event.add.

  • Added --name option to misp.event.add to set a custom event name.

  • Added --set-ids-flag option to misp.event.add to set the IDS flag on exported attributes.

  • Added --typemap option to misp.event.add so users can specify custom MISP types and categories when exporting data to a MISP server.

  • Added --print-typemap option to misp.event.add to print the default typemap to help users create custom typemaps.

  • Added SSL verification boolean to the server configurations.

  • Added misp.setup.server.update to change the SSL verification behavior, rename, change the global flag, and set permissions on a server configuration.

  • Updated misp.setup.server.add to accept a --ssl-noverify option which will cause the server configuration being added to not perform SSL verification.

  • Deprecated misp.setup.server.setglobal, misp.setup.server.setperm, and misp.setup.server.rename commands in favor of misp.setup.server.update.

v3.3.0 - 2023-11-20

Features and Enhancements

  • Added misp.event.add command to add nodes from Synapse to an event on a configured MISP server.

v3.2.0 - 2023-08-11

Features and Enhancements

  • Added support to filter events by reporting organizations.

v3.1.2 - 2023-08-07

Bugfixes

  • Fix misp.sync.byid to use --server rather than --servers and require only a single server argument.

  • Check for IPv4 cidr/slash notation in ip-src and ip-dst fields to prevent unbounded IPv4 address addition.

v3.1.1 - 2023-08-03

Bugfixes

  • Fix a bug where some filenames would cause an error during parsing.

v3.1.0 - 2023-07-28

Features and Enhancements

  • Added support for parsing MISP file objects.

Bugfixes

  • Fix a bug where whois registrar names were being incorrectly parsed as tel:phone instead of inet:whois:rar.

v3.0.1 - 2023-07-06

Bugfixes

  • Fix an issue where the boolean value for a server configuration’s global value would display as an integer rather than a boolean.

  • Fix an issue where renaming a server configuration would not update the displayed name.

v3.0.0 - 2023-07-05

Features and Enhancements

  • Add support for syncing data from multiple MISP servers.

This release contains an automatic data migration that will run when the package is first upgraded. The migration moves any existing configuration data from global and user storage to the new configuration format in jsonstor.

v2.2.0 - 2023-03-14

Features and Enhancements

  • Rotate the readonly API key that is used to connect to the Vertex MISP instance. The existing API key will be revoked on March 31, 2023. Users should upgrade the synapse-misp Rapid Power-Up if they sync data from the Vertex MISP instance.

v2.1.0 - 2023-01-05

Features and Enhancements

  • Add MISP Threat Actor UUID to the risk:threat:org:names property.

  • Set risk:threat:name if unset.

v2.0.0 - 2022-09-28

Features and Enhancements

  • Set the media:news:type property to misp.event.

  • Record the MISP Event URL to the media:news:url property.

  • Record the MISP Event UUID to the media:news:ext:id property.

  • Record the MISP Event Orgc to the media:news:publisher property.

  • Improved identification and ingestion of GalaxyCluster entries.

  • Removed --disable-nodedata option from commands in favor of --save-raw convention. Storing raw MISP event JSON data is now disabled by default.

  • Link hash:sha256 to the media:news node for type sha256 attributes.

v1.3.0 - 2022-06-02

Features and Enhancements

  • Additionally ingest attributes on objects associated with MISP events.

  • Add ou:name and it:prod:softname nodes for threat-actor and tool tags on events.

  • Add media:news nodes for MISP Galaxy Clusters.

v1.2.0 - 2022-05-12

Features and Enhancements

  • Added –disable-nodedata option to misp.sync and misp.sync.byid to disable storing raw event results in nodedata.

v1.1.0 - 2022-02-11

Features and Enhancements

  • Added misp.sync.byid command to pull in individual events by id.

  • Save the raw MISP event to node data on the media:news node using the misp:event key.

v1.0.2 - 2021-08-30

Bugfixes

  • Fix plumbing for –last option to misp.sync

v1.0.1 - 2021-08-20

Bugfixes

  • Added description to power-up definition

v1.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-MISP v1.0.0