Changelog

Synapse-MISP Changelog

v3.8.0 - 2024-09-17

Features and Enhancements

  • Added misp.feed.sync command which adds ability to sync MISP feeds published via HTTP repository in MISP standardized format.

v3.7.1 - 2024-08-05

Bugfixes

  • Fix an issue where Event Add warning toast messages were not displayed properly.

v3.7.0 - 2024-06-28

Features and Enhancements

  • Updated typemap to include support for exporting it:sec:cwe nodes.

v3.6.0 - 2024-05-30

Features and Enhancements

  • Added --sharing-group-id option to misp.event.add for specifying the sharing group ID when distribution value is set to value four (“Sharing group.”).

  • Added --threat-level-id option to misp.event.add for specifying the threat level ID of an exported event.

Bugfixes

  • Updated --distribution option to include value four (“Sharing group.”).

v3.5.0 - 2024-05-22

Features and Enhancements

  • Updated typemap to include support for exporting risk:vuln nodes.

  • Added --distribution option to misp.event.add to support specifying the distribution value instead of defaulting to zero (“Your organization only.”).

v3.4.1 - 2024-02-20

Features and Enhancements

  • Update deprecated $lib.dict() usage to JSON style syntax.

v3.4.0 - 2024-01-23

Features and Enhancements

  • Added a node action workflow for misp.event.add.

  • Added --name option to misp.event.add to set a custom event name.

  • Added --set-ids-flag option to misp.event.add to set the IDS flag on exported attributes.

  • Added --typemap option to misp.event.add so users can specify custom MISP types and categories when exporting data to a MISP server.

  • Added --print-typemap option to misp.event.add to print the default typemap to help users create custom typemaps.

  • Added SSL verification boolean to the server configurations.

  • Added misp.setup.server.update to change the SSL verification behavior, rename, change the global flag, and set permissions on a server configuration.

  • Updated misp.setup.server.add to accept a --ssl-noverify option which will cause the server configuration being added to not perform SSL verification.

  • Deprecated misp.setup.server.setglobal, misp.setup.server.setperm, and misp.setup.server.rename commands in favor of misp.setup.server.update.

v3.3.0 - 2023-11-20

Features and Enhancements

  • Added misp.event.add command to add nodes from Synapse to an event on a configured MISP server.

v3.2.0 - 2023-08-11

Features and Enhancements

  • Added support to filter events by reporting organizations.

v3.1.2 - 2023-08-07

Bugfixes

  • Fix misp.sync.byid to use --server rather than --servers and require only a single server argument.

  • Check for IPv4 cidr/slash notation in ip-src and ip-dst fields to prevent unbounded IPv4 address addition.

v3.1.1 - 2023-08-03

Bugfixes

  • Fix a bug where some filenames would cause an error during parsing.

v3.1.0 - 2023-07-28

Features and Enhancements

  • Added support for parsing MISP file objects.

Bugfixes

  • Fix a bug where whois registrar names were being incorrectly parsed as tel:phone instead of inet:whois:rar.

v3.0.1 - 2023-07-06

Bugfixes

  • Fix an issue where the boolean value for a server configuration’s global value would display as an integer rather than a boolean.

  • Fix an issue where renaming a server configuration would not update the displayed name.

v3.0.0 - 2023-07-05

Features and Enhancements

  • Add support for syncing data from multiple MISP servers.

This release contains an automatic data migration that will run when the package is first upgraded. The migration moves any existing configuration data from global and user storage to the new configuration format in jsonstor.

v2.2.0 - 2023-03-14

Features and Enhancements

  • Rotate the readonly API key that is used to connect to the Vertex MISP instance. The existing API key will be revoked on March 31, 2023. Users should upgrade the synapse-misp Rapid Power-Up if they sync data from the Vertex MISP instance.

v2.1.0 - 2023-01-05

Features and Enhancements

  • Add MISP Threat Actor UUID to the risk:threat:org:names property.

  • Set risk:threat:name if unset.

v2.0.0 - 2022-09-28

Features and Enhancements

  • Set the media:news:type property to misp.event.

  • Record the MISP Event URL to the media:news:url property.

  • Record the MISP Event UUID to the media:news:ext:id property.

  • Record the MISP Event Orgc to the media:news:publisher property.

  • Improved identification and ingestion of GalaxyCluster entries.

  • Removed --disable-nodedata option from commands in favor of --save-raw convention. Storing raw MISP event JSON data is now disabled by default.

  • Link hash:sha256 to the media:news node for type sha256 attributes.

v1.3.0 - 2022-06-02

Features and Enhancements

  • Additionally ingest attributes on objects associated with MISP events.

  • Add ou:name and it:prod:softname nodes for threat-actor and tool tags on events.

  • Add media:news nodes for MISP Galaxy Clusters.

v1.2.0 - 2022-05-12

Features and Enhancements

  • Added –disable-nodedata option to misp.sync and misp.sync.byid to disable storing raw event results in nodedata.

v1.1.0 - 2022-02-11

Features and Enhancements

  • Added misp.sync.byid command to pull in individual events by id.

  • Save the raw MISP event to node data on the media:news node using the misp:event key.

v1.0.2 - 2021-08-30

Bugfixes

  • Fix plumbing for –last option to misp.sync

v1.0.1 - 2021-08-20

Bugfixes

  • Added description to power-up definition

v1.0.0 - 2021-08-13

Features and Enhancements

  • Initial release of Synapse-MISP v1.0.0