MISP | Version 1

MISP version 1 for EclecticIQ Intelligence Center (EIQ IC) offers:

• An incoming feed for ingesting intelligence from your MISP instance in EIQ IC.

• An enricher that adds context from your MISP instance to your intel in EIQ IC.

• An Outgoing feed for exporting data from EIQ IC to MISP.

# Release History
## EclecticIQ MISP Extension

## 3.3.1, 3.2.3, 3.1.8, 2.14.12
## Release date: 08 April 2024

**Fixed**
- Added support for bazaar.abuse.ch feed.
- Maliciousness of the observables that have value true on`to_ids` field for Event.Attribute list is controlled through `include_ids_attr_maliciousness` checkbox. 


## 3.2.2, 3.1.7, 2.14.11
## Release date: 05 Feb 2024

*Changed*

- Removed pymisp dependency from the extension.

## 3.2.1, 3.1.6, 2.14.10
## Release date: 15 Dec 2023

**Changed**

- EIQ Metadata attribute now is controlled through `Include EIQ metadata attribute` checkbox in the outgoing feed.


## 3.1.5, 3.0.9, 2.14.9
## Release date: 03 Nov 2023

**Fixed**

- If distribution is not provided, set distribution level 5 (inherit) for incoming feed and manual upload.

## 3.1.4, 3.0.8, 2.14.8
Release date: 30 Aug 2023

**Changed:**

- TLP:AMBER+STRICT values from MISP are now mapped as TLP:RED values in ingested entities.

## 3.1.3, 3.0.7, 2.14.7
Release date: 18 Aug 2023

**Added:**
- TLP 2.0 values from MISP are now handled as TLP 1.0 values on ingested entities.

**Fixed:**
- Issue where MISP event tags were not added to ingested Report entities.

**Changed:**
- When "Ingest only the events created after this date" field is empty,
  now use a default value so that feed ingests all events created since the beginning of time.

## 3.1.2, 3.0.6, 2.14.6
Release date: 03 Aug 2023

**Fixed:**
- Issue when 'Filter by tags' field is left blank.

## 3.1.1, 3.0.5, 2.14.5
Release date: 27 Jul 2023

**Added:**
- 'Filter by tags' field now allows filtering events by a comma-separated list of tags and taxonomies.

**Changed:**
- Now updates previously ingested entities if they've been modified on the MISP instance since the last time the feed was run.


## 3.2.0, 3.1.0, 3.0.4, 2.14.4
Release date: 30 June 2023

**Fixed**
- Removes option `Reduce lock contention` to fix high memory usage. `Reduce lock contention` was previously added to fix slow ingestion in MISP feeds. Ingestion in EclecticIQ Intelligence Center has since improved, and `Reduce lock contention` is no longer needed.

## 3.0.3
Release date: 22 June 2023

**Fixed:**
- Indicators created from `to_ids` field will have more details in the analysis field.

## 3.0.2

Release date: 20 June 2023

**Fixed:**
- Indicators do not include tags if `to_ids` field is false
- Maliciousness of the observables depends on the value of `to_ids`

## 3.0.1

Release date: 08 June 2023

**Fixed:**
- Children indicators are created and connected to one parent indicator that is connected to the main incident
- Indicators include the `to_ids` field if it is found in the MISP dataset

## 2.13.2, 2.12.2, 2.11.5

Release date: 30 August 2022

**Fixed:**

- Actually fetch data when ingesting embedded files in MISP events.

## 2.13.1, 2.12.1, 2.11.4

Release date: 27 July 2022

**Added:**

- Now supports ingesting embedded files in MISP events.

## 2.10.3, 2.11.3

Release date: 9 March 2022

**Fixed:**

- Issue where outgoing feeds would fail because entities packed
by the IC were missing the "description" field.

## 2.11.2 (02 February 2022)

**Fixed:**

* Issue with the bad urls in reference section.
* Issue with parsing specific values.

**Features:**

* Initial release.
* Now provides the MISP API incoming feed.
* Now provides the MISP API Enricher.
* Now provides the MISP upload outgoing feed.