0
1.2.0
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
MISP integration enables you to investigate security incidents by supporting capabilities like sightings search, observable enrichment, and the ability to create and update events in MISP.
This integration contains the following key features:
- Connect to private and public MISP instances.
- Supports manual and automatic sighting search of observables.
- Run sighting search from case management.
- Report or update sightings to an attribute:
- Report an observable as a sighting (Global).
- Report an observable as a false positive (Global).
- Report an observable as expired.
- Supports manual and automatic observable enrichment. Results include the MISP attribute and event information associated with the observables.
- Attribute enrichment in MISP (Bi-directional capability):
- Add or update tags, galaxies, or comments.
- Event creation in MISP from SIR:
- Supports manual and automatic creation of events in MISP from SIR.
- Update a MISP event from SIR:
- Add or update tags, galaxies, or attributes.
- Add SIR-associated observables as attributes to a MISP event.
- Auto-extract MITRE-ATT&CK™ information from MISP events and associate the information to SIR security incidents.
- Automatically add SIR MITRE-ATT&CK™ information as galaxies to a MISP event.
Changed:
- Migration of Workflows to Flow Designer for MISP integration.
Integration dependencies:
- Install the Security Incident Response(SIR) application.
- Verify that you are using MISP version 2.4.137 or later.