mirror of https://github.com/MISP/MISP
Page:
Planned features and functionalities
Pages
3rd party modules
AddNewAttributes
AuthenticationProject
Categories & Types changes CheckList
CommitMessageBestPractices
Contributing to MISP Project
CortexIntegration
Critical aspects or features
DeploymentTools
EnhancedSighting
Frequently Asked Questions
Hackathon
Hardening
Home
Max and min value for first_seen last_seen
NewAttributes
Notes: MISP STIX2
Planned features and functionalities
Presentations about MISP or mentioning MISP
Project dependencies
Proxy
RedisAllocation
ReleaseCheckList
Rename default branches master to main
STIX2.0 to STIX2.1 changes
Sharing guidelines
TaxonomiesResearch
Use cases
UserInterface
23
Planned features and functionalities
Alexandre Dulaunoy edited this page 2017-01-04 11:43:26 +01:00
List of planned features (MISP core) - mid-term
- Modular import/export API support
- Local first_seen / last_seen tags per attributes from sighting value (only being local to an instance for the first implementation).
- If not sighting value is set on the attribute, the value of the event is set for the first_seen and last_seen tags.
- Custom tagging and value ($text)
- First iteration of the implementation will be basically an UI interface change to support custom $text value but it will be standard tags in the back-end (with an additional flags mentioning the origin). The first iteration will include a filtering to avoid flooding new MISP instance with those custom tags.
- Actionable tagging having an effect on MISP directly (UI, API, correlation) - https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json
- Hide from UI or API - Interesting "future" attributes
- Add contributor PGP key - (distribute encrypted contact point - misp:contributor)
- Tagging at attributes level
- Setting, filter, modify tags at pull and/or push level
- User-defined configuration for filters, group of tags or limited categories
- MISP objects
- Stress-test, fuzzing and benchmarking of MISP and MISP API (beta version in PyMISP)
- Hashing value of an event to provide a way to do verification and integrity check (centralized way of checking UUID, hash tuple?)
- Voting and vetting for organization
List of planned features (MISP core) - long-term
-
Gamification of the MISP Platform (as an option)
- Goal is to encourage users to contribute by offering recognition fortheir efforts.
- Profiles with various metrics tracking contribution.
- Opt-in system since it requires a loss of anonymity.
- Gain points by
- Entering events
- Proposing changes (that have to be accepted to get credit)
- Reviewing events and pointing out false positives
-
Synchronise discussions belonging to events
-
Statistical analysis of feeds and server
- Maybe something similar to https://github.com/mlsecproject/tiq-test "Dataviz and Statistical Analysis of Threat Intelligence Indicator feeds"
Ongoing features (in alpha and coding phase) - notes
- Import modules (just like the expansion modules) to import other format into MISP (e.g. Cuckoo reports, FireEye export,...)
- The import modules will be part of the https://github.com/MISP/misp-modules as specific type.
- Design foreseen input via Base64 encoded strings, then processed within the MISP modules and sent back to MISP as attributes (like the expansion modules) or as a full-featured MISP event.
{"attributes":[
{
"value": "",
"type":"",
"category":"",
"comment": "",
"to_ids":"",
"data":""
}]}
if only a value is set, it's going to the free-text import.
For the future misp-objects integration format will be:
{"attributes":[],
"objects":[
{
"name":"",
"_other_meta_fields_":"",
"attributes":[]
}
]
}
Development steps to support "Setting, filter, modify tags at pull and/or push level"
-
- Store last pull time information
-
- Create new fields (creation / sync date) for event_tags and proposals
-
- Create a new sync process for the tags alone
-
- Modify the UI to be able to trigger the new tag sync process per server
-
- Create a new tag type "immutable" tag type that can only be modified by the event owner
Then in the next steps, a new mechanisms of filtering to control the event/attributes, tags will be done but the 5 steps before are required to go further without impacting current MISP users.
Implemented features
- Colour support (via JSON) in tags - 2.4.59
- MISP galaxies - First version implemented in 2.4.56
- Searching within tags - 2.4.52