Releases: MISP/misp-workbench
misp-workbench - [beta-1.2] storage layer refactor
The main change in this release is a significant refactor of the storage layer: events, attributes, and objects are now stored exclusively in OpenSearch, removing the previous duplication with PostgreSQL. This improves scalability and simplifies the data architecture.
Other notable additions include:
- Explore view enhancements: result tabs, filters, and a timeline plot
- CPE hunts support and hunt history deletion, new hunt results highlighted.
- User password reset and simplified role/scope management
- Health endpoint for monitoring
- User creation via org name (CLI)
- S3 key auto-creation and expanded environment variable configuration
- Various bug fixes of prod deployment (CSV feed creation, CORS origins, proxy config, submodule updates)
- Dependency updates across the frontend and API
What's Changed
- fix: mcp docs video path by @righel in #230
- fix: paths by @righel in #231
- build(deps): bump flatted from 3.4.1 to 3.4.2 in /frontend by @dependabot[bot] in #229
- Explore results tabs by @righel in #233
- Add explore filters by @righel in #234
- add: openapi spec to readthedocs by @righel in #238
- refactor: do not store events/attributes/objects in sql, use opensearch by @righel in #239
- build(deps): bump picomatch in /frontend by @dependabot[bot] in #240
- build(deps): bump pygments from 2.19.2 to 2.20.0 in /api by @dependabot[bot] in #244
- build(deps-dev): bump brace-expansion from 1.1.12 to 1.1.13 in /frontend by @dependabot[bot] in #243
- build(deps): bump cryptography from 43.0.3 to 46.0.6 in /api by @dependabot[bot] in #242
- build(deps-dev): bump requests from 2.32.5 to 2.33.0 in /api by @dependabot[bot] in #241
- Add timeline plot explore view by @righel in #245
- add: cpe hunts, delete hunt history by @righel in #248
- chg: [refactor] simplify user roles, enforce scopes in ui accordinly by @righel in #249
- build(deps): bump lodash-es from 4.17.23 to 4.18.1 in /frontend by @dependabot[bot] in #251
- build(deps): bump lodash from 4.17.23 to 4.18.1 in /frontend by @dependabot[bot] in #253
- build(deps): bump aiohttp from 3.13.3 to 3.13.4 in /api by @dependabot[bot] in #250
- add: user password reset by @righel in #255
- fix prod deployment issues, default admin creation by @righel in #257
- fix: add CORS_ORIGINS env var to add custom domains by @righel in #258
- Add some configuration through env vars by @claudex in #261
- add: create s3 keys if not present by @righel in #262
- build(deps-dev): bump vite from 6.4.1 to 6.4.2 in /frontend by @dependabot[bot] in #260
- Health endpoint by @righel in #263
- Fix typo on proxy parameter for uvicorn by @claudex in #264
- add: celery result backend env vars by @righel in #266
- fix: how to properly update submodules by @righel in #267
- fix: csv feeds creation bug by @righel in #268
- fix: error with event_uuid pydantic schema by @righel in #270
- chg: highlight new hunt results by @righel in #271
- chg: use org name instead of id when creating a user via cli by @righel in #272
- chg: show new results first by @righel in #273
- build(deps-dev): bump axios from 1.11.0 to 1.15.0 in /frontend by @dependabot[bot] in #274
- build(deps): bump cryptography from 46.0.6 to 46.0.7 in /api by @dependabot[bot] in #269
New Contributors
Full Changelog: beta-1.1...beta-1.2
Contributors
Assets 2
misp-workbench - [beta-1.1] mcp server release
MISP Workbench beta-1.1 - MCP Server Release
Expose MISP Workbench's OpenSearch-indexed threat intelligence to LLM-powered clients via the Model Context Protocol. Analysts and AI agents can query indicators, correlations, and feed data using natural language, enabling faster triage and investigation directly from tools like Claude Desktop/Code, Cursor, OpenClaw or others.
Screencast.from.2026-03-20.12-20-08.webm
MCP Server Docs
What's Changed
- add: extend docs by @righel in #222
- build(deps): bump flatted from 3.3.3 to 3.4.1 in /frontend by @dependabot[bot] in #221
- build(deps): bump pyjwt from 2.11.0 to 2.12.0 in /api by @dependabot[bot] in #220
- add: misp-modules diagnostics card by @righel in #223
- chg: refactor misp feed edit and view, unify design by @righel in #224
- add: mcp server by @righel in #225
Full Changelog: beta-1.0...beta-1.1
Contributors
Assets 2
misp-workbench - [beta-1.0] first beta release of misp-workbench
MISP Workbench – First Beta Release v1.0
MISP Workbench is a powerful analyst-focused platform designed to tame the challenge of working with large volumes of threat intelligence at scale. It is capable of ingesting data from multiple origins — including MISP instances, external feeds, and other threat intelligence sources — and consolidates them into a unified workspace where analysts can actually get things done.
At its core, MISP Workbench puts the analyst in control: query across your entire data corpus, enrich and process indicators, pivot between related intelligence, and push curated results back to MISP or downstream consumers — all from one place. Whether you're triaging a large batch of incoming indicators, hunting for patterns across feeds, or preparing a finished intelligence product, MISP Workbench is built to cut through the noise and accelerate the workflow from raw data to actionable insight.
This first beta release marks the foundation of that vision — expect rough edges, rapid iteration, and a strong appetite for feedback.
Main features:
| Feature | Description |
|---|---|
| Feed ingestion | Ingest MISP, CSV, JSON, and Freetext feeds on a schedule or on demand |
| Correlations | Batch and incremental correlation scans over indexed attributes |
| Explore | Lucene queries against OpenSearch for fast indicator lookups |
| Enrichments | IOC enrichment powered by misp-modules |
| Hunt | Hunts are saved searches that run periodically and trigger alerts. |
| Notifications | Event-driven notifications processed by Celery workers |
| REST API | FastAPI backend with automatic OpenAPI documentation |
| Storage | Garage (S3-compatible) or local filesystem for attachments |
misp-workbench - [alpha] first release of misp-workbench (previously misp-lite)
Alpha Release – Not Production Ready
This is an early alpha release of misp-lite.
The project is under active development and not suitable for production use.
Features, APIs, and data models may change without notice.
Feedback, testing, and contributions are welcome.