MISP changes—impact on users and steps to take
This page has been added to inform you about an upcoming update to the MISP server, which will result in a temporary service interruption.
Scheduled downtime
•Start: November 20, 2024
•End: November 22, 2024
During this period, the MISP server will be unavailable as we implement important updates and improvements. We apologize for any inconvenience this may cause and appreciate your understanding.
Key updates
•MISP Tags:
oUpdated tlp:amber to tlp:amber+strict.
oAdded new tags: Activity Report and Threat Report.
oRenamed MonthlyOverview to Monthly Overview and MonthlyDigest to Monthly Digest.
•MISP Galaxies:
oAll MISP events have been updated with ESET Threat Actor galaxies.
•MISP Events:
oPDFs will no longer be attached to events (as of March 2025); instead, a direct download link and API ID to the ETI portal will be provided within MISP fields.
oUpdates related to MISP Victim object to ensure consistency:
▪Fixed typos in country names and verticals.
▪Fixed objects where verticals were not in MISP victim object definition (https://github.com/MISP/misp-objects/blob/12c4d69bce296588e94715a559ab380ed99dc126/objects/victim/definition.json#L79).
▪Fixed an issue where an event contains one victim object with multiple attributes instead of one victim object per victim/vertical.
▪Events that did not have the victim object (before mid-2022) stay without the victim object.
oFixed old MISP events info that did not respect the name convention.
oFixed old Activity Summary did not have a Report event.
oMonthly Digest extends the Monthly Overview that extends the Activity Summary and Technical Analysis of the month.
oAdded old and recent Pre-Release (PRE) events.
•PDFs in MISP:
oThere will be a dual regime until the end of February 2025, when all the PDF, the PDF download link and the PDF API ID are available.
oBoth PDF API ID and PDF download link can only be used with the new ESET Threat Intelligence portal.
oMore information is available on the MISP page.
Impact on users and steps to take
•All events will be re-published during the downtime, but there are no new IoCs.
•We recommend re-importing the data to benefit from the updates, although this step is optional.
•If you currently retrieve PDF reports directly from the MISP event, update your process to download them via the portal link. PDFs will continue to be attached to events until the end of February 2025. After that date, only the ETI Portal download link and ETI Portal Report ID will be available.
•The new ETI version 2.3.0.0 was released on November 8, 2024. You can check the new APT tagging system already implemented. All the tags will be refreshed during the maintenance window.
For more information on using the new ETI Portal download links and ETI Portal Report IDs, refer to the ESET Threat Intelligence Portal MISP page.
We appreciate your cooperation and understanding as we work to improve the ESET Threat Intelligence services. If you have any questions or need further assistance, do not hesitate to contact the support team.