\item The Analyst Data feature\footnote{Extending the MISP standard format} is an extended and shareable set of capabilities that allows analysts \textbf{to share and add their own analysis to any MISP event}.
\item The Analyst Data feature comprises three main components:
\begin{itemize}
\item Adding an \textbf{Analyst Note} to any element in MISP, such as Event, Event Report, Object, Attribute, or Galaxy Cluster.
\item Adding an \textbf{Analyst Opinion} with a rating (between 0 and 100) to any element in MISP, such as Event, Event Report, Object, Attribute, Galaxy Cluster, or Analyst Note.
\item Adding an \textbf{Analyst Relationship} from/to any element in MISP with a specified relationship type.
\item MISP modules\footnote{\url{https://github.com/MISP/misp-modules/}} are companions for expansion, export, and import for external services or tooling
\item New modules added, such as the {\bf Google Threat Intelligence expansion module}
\item New workflow action modules added, such as Slack, with improvements to the Mattermost module
\item Many improvements and fixes to all the modules
\item MISP Modules\footnote{\url{https://www.misp-project.org/2024/03/12/Introducing.standalone.MISP.modules.html/}} can now function independently of the MISP platform.
\item A versatile web interface is now available where you can query different modules, keep a history, and facilitate pivoting.
\item 149 ready-to-use taxonomies are now available in MISP\footnote{\url{https://github.com/MISP/misp-taxonomies/}} (used in MISP and many other tools)
\item Improved \textbf{dark-web} taxonomy to map the use of JRC with the AIL project\footnote{\url{https://www.ail-project.org/}}
\item Many improvements to the different taxonomies including \textbf{workflow}, \textbf{event-type}, and many others
\item New website for MISP galaxy\footnote{\url{https://www.misp-galaxy.org/}} is now online including inter-relationship between galaxies
\item Latest MITRE ATT\&CK version 15.1 updated for the MISP galaxy
\item New {\bf producer} galaxy to facilitate the link to security reports with their respective producers
\item New {\bf INTERPOL Dark Web and Virtual Assets Taxonomies}, {\bf UKHSA Culture Collections}, {\bf Threat Matrix for Storage Services}, {\bf Intel Agencies}, {\bf Tidal}
\item Major updates in {\bf Disarm}, {\bf threat-actor}, {\bf Surveillance Vendor} and {bf ransomware} galaxies
\item misp-stix\footnote{\url{https://github.com/MISP/misp-stix}} is standalone Python library support MISP standard format and all the STIX version (1.1.1, 1.2, 2.0 and 2.1)
\item Two people from CIRCL are {\bf co-sharing the OASIS Cyber Threat Intelligence (CTI) TC and CTI STIX subcommittee}
\item Ensuring alignment between the standards, interoperability and an open source standard library
\item Cerebrate v1.19\footnote{\url{https://www.cerebrate-project.org/2024/05/15/Cerebrate-version-1.19-released.html}} released with several usability and functionality fixes (v1.20 is expected this week)
\item Many \textbf{improvements and bugs fixed} following feedback from various organizations deploying Cerebrate, such as the ENISA CSIRT network
\item Deployment of the \textbf{PoC for NATO users is ongoing} - Cerebrate instance will be available on 15th September 2024
\item Largest ongoing work is the work on {\bf MISP3}
\item Already announced long ago, development is now underway\footnote{\url{https://github.com/MISP/MISP/tree/3.x}}
\item New {\bf tech stack} based on Cerebrate's advances (CakePHP 4.x+, PHP 8.2+, Bootstrap 5+)
\item Longer project, will bring long needed improvements
\end{itemize}
\end{frame}
\section{MISP 3 Status}
\begin{frame}
\frametitle{3.x Migration status}
\begin{itemize}
\item Migration status is available online in the MISP project page on GitHub\footnote{\url{https://github.com/orgs/MISP/projects/2/views/4}}
\end{itemize}
\begin{center}
\includegraphics[scale=0.12]{misp3-project.png}
\end{center}
\begin{itemize}
\item 26 Pull Requests (1 Open, 1 Draft)
\item{\bf +105,165 lines of code added} and {\bf 20,992 lines of code removed}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{3.x - UI revamp}
\begin{itemize}
\item{\bf Event View Page Redesign} - We are working on a complete overhaul of this page, with a focus on catering to multiple use-cases for different user-personas, enhancing responsiveness, integrating multiple charts, and emphasizing critical elements of MISP events. We’re also separating attributes and objects for clearer comprehension.
\item{\bf Navigation Menu Redesign} - We’re restructuring the navigation menu for better organization, incorporating intuitive groupings, icons, and support for mobile devices through a hamburger menu.
\item{\bf Bootstrap Upgrade} - Moving from Bootstrap 2 to Bootstrap 4 ensures a more modern and adaptable framework.
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{3.x - UI revamp}
\begin{itemize}
\item{\bf Application-Wide Color Schemes} - We’re introducing support for customizable color schemes, including the much-requested dark mode.
\item{\bf Settings and Diagnostics Page Redesign} - These sections will undergo a makeover to improve usability, accessibility and make them less overwhelming.
\item{\bf Removal of Deprecated Features} - We aim to focus MISP’s functionality on core capabilities, we’re eliminating deprecated features that are no longer actively used or supported. This includes functionalities like Discussions or Threads, News, Scheduled Tasks, and Populate Event from Template.
\item MISP Airgap\footnote{\url{https://www.misp-project.org/2024/01/12/MISP-airgap.html/}} is a solution designed to \textbf{deploy MISP in air-gapped or isolated networks}.
\item By leveraging the power of Linux containers (LXD), it ensures a secure, efficient, and manageable deployment of MISP instances.
\item Furthermore, it enables users to frequently update their MISP instance in an environment cut off from the internet.
