List of planned features (MISP core) - mid-term

Modular import/export API support
Local first_seen / last_seen tags per attributes from sighting value (only being local to an instance for the first implementation).
- If not sighting value is set on the attribute, the value of the event is set for the first_seen and last_seen tags.
Custom tagging and value ($text)
- First iteration of the implementation will be basically an UI interface change to support custom $text value but it will be standard tags in the back-end (with an additional flags mentioning the origin). The first iteration will include a filtering to avoid flooding new MISP instance with those custom tags.
Actionable tagging having an effect on MISP directly (UI, API, correlation) - https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json
- Hide from UI or API - Interesting "future" attributes
- Add contributor PGP key - (distribute encrypted contact point - misp:contributor)
Tagging at attributes level
Setting, filter, modify tags at pull and/or push level
User-defined configuration for filters, group of tags or limited categories
MISP objects
Stress-test, fuzzing and benchmarking of MISP and MISP API (beta version in PyMISP)
Hashing value of an event to provide a way to do verification and integrity check (centralized way of checking UUID, hash tuple?)
Voting and vetting for organization

List of planned features (MISP core) - long-term

Gamification of the MISP Platform (as an option)
- Goal is to encourage users to contribute by offering recognition fortheir efforts.
- Profiles with various metrics tracking contribution.
- Opt-in system since it requires a loss of anonymity.
- Gain points by
  - Entering events
  - Proposing changes (that have to be accepted to get credit)
  - Reviewing events and pointing out false positives
Synchronise discussions belonging to events
Statistical analysis of feeds and server
- Maybe something similar to https://github.com/mlsecproject/tiq-test "Dataviz and Statistical Analysis of Threat Intelligence Indicator feeds"

Ongoing features (in alpha and coding phase) - notes

Import modules (just like the expansion modules) to import other format into MISP (e.g. Cuckoo reports, FireEye export,...)
- The import modules will be part of the https://github.com/MISP/misp-modules as specific type.
- Design foreseen input via Base64 encoded strings, then processed within the MISP modules and sent back to MISP as attributes (like the expansion modules) or as a full-featured MISP event.

{"attributes":[
{
"value": "",
"type":"",
"category":"",
"comment": "",
"to_ids":"",
"data":""
}]}

if only a value is set, it's going to the free-text import.

For the future misp-objects integration format will be:

{"attributes":[],
"objects":[
{
  "name":"",
  "_other_meta_fields_":"",
  "attributes":[]
}
]
}

Development steps to support "Setting, filter, modify tags at pull and/or push level"

1. Store last pull time information
1. Create new fields (creation / sync date) for event_tags and proposals
1. Create a new sync process for the tags alone
1. Modify the UI to be able to trigger the new tag sync process per server
1. Create a new tag type "immutable" tag type that can only be modified by the event owner

Then in the next steps, a new mechanisms of filtering to control the event/attributes, tags will be done but the 5 steps before are required to go further without impacting current MISP users.

Implemented features

Colour support (via JSON) in tags - 2.4.59
MISP galaxies - First version implemented in 2.4.56
Searching within tags - 2.4.52