This release includes a major new feature: a graph visualisation for the MISP standard and STIX format, making it easier to explore, understand, and present CTI data structures directly from JSON.

CTI Transmute is an online service available at cti-transmute.org and also an open source project available on GitHub.

The FIRST CTI 2026 conference in Munich was a great source of feedback for this release. Many of the improvements and new features introduced in v1.2 came directly from discussions, demonstrations, and feedback gathered during the event. Thank you to everyone who tested, commented, challenged ideas, and shared practical use cases.

#cti #stix #misp #standard #interoperability #cybersecurity

🔗 Release notes CTI Transmute https://github.com/MISP/cti-transmute
🔗 Release notes misp-stix https://github.com/MISP/misp-stix/releases/tag/2026.5.13

⚡ Fresh Talk Alert for BSides Luxembourg 2026!

𝗬𝗢𝗨𝗥 𝗖𝗧𝗜 𝗥𝗘𝗣𝗢𝗥𝗧𝗦 𝗔𝗥𝗘 𝗨𝗦𝗘𝗟𝗘𝗦𝗦 𝗪𝗜𝗧𝗛𝗢𝗨𝗧 𝗦𝗧𝗥𝗨𝗖𝗧𝗨𝗥𝗘: 𝗙𝗥𝗢𝗠 𝗨𝗡𝗦𝗧𝗥𝗨𝗖𝗧𝗨𝗥𝗘𝗗 𝗧𝗛𝗥𝗘𝗔𝗧 𝗜𝗡𝗧𝗘𝗟 𝗧𝗢 𝗦𝗧𝗜𝗫 𝗞𝗡𝗢𝗪𝗟𝗘𝗗𝗚𝗘 𝗚𝗥𝗔𝗣𝗛𝗦 𝗪𝗜𝗧𝗛 𝗟𝗟𝗠𝗦 𝗔𝗡𝗗 𝗠𝗖𝗣 𝗦𝗘𝗥𝗩𝗘𝗥 – Antonio Formato

Turn unstructured threat intelligence into actionable, machine-readable defense logic in this deep dive from the Actionable CTI & Detection Engineering Village. Every week, critical threat reports are published in PDFs and blog posts — rich in insight but unusable for SIEMs, SOARs, or AI agents. This talk shows how to bridge that gap using a hybrid architecture that combines deterministic extraction and LLM-based semantic inference to generate STIX 2.1 knowledge graphs.

You’ll explore how threat reports can be transformed into structured intelligence objects, mapped to MITRE ATT&CK, and visualized as interactive knowledge graphs. The session also introduces TI Mindmap HUB, an independent research platform that converts real-world reports into multi-layered CTI views including ATT&CK heatmaps, Diamond Model structures, and CVE prioritization.

A key focus is the Model Context Protocol (MCP), which exposes structured CTI as tool calls for AI agents—making intelligence directly usable in automated workflows, SOC tooling, and AI copilots. The talk concludes with emerging research into LLM-inferred threat intelligence knowledge graphs and cross-report correlation at scale.

Antonio Formato is a Senior Cybersecurity Solution Engineer at Microsoft and an independent researcher focused on Generative AI for Cyber Threat Intelligence. He is the creator of TI Mindmap HUB and co-author of academic research on automated STIX 2.1 generation currently under peer review.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #CTI #ThreatIntelligence #STIX #MITREATTACK #AISecurity #DetectionEngineering

food for naught

#patheticsnake #food #sticks #stix #cheezit #groceries #supermarket #shopping #grocerystore #fooddesert

Consultatie over standaarden voor dreigingsinformatie

Forum Standaardisatie is een internetconsultatie gestart over het verplicht stellen van vernieuwde standaarden voor het delen van cyberdreigingsinformatie binnen de overheid. Reageren kan tot en met 16 februari 2026.

Om welke verplichting gaat het?

De consultatie gaat over versie 2.1 van de standaarden STIX en TAXII. Deze maken het mogelijk om informatie over cyberdreigingen gestructureerd en geautomatiseerd uit te wisselen tussen organisaties. Zoals Security Operations Centers en CERT’s.

Op dit moment staan oudere versies van deze standaarden op de lijst ‘pas toe of leg uit’. Met de consultatie wordt voorgesteld om versie 2.1 hiervoor in de plaats te laten komen. Deze versie sluit beter aan op de huidige praktijk en wordt al gebruikt door onder andere het NCSC (Nationaal Cyber Security Centrum).

Mening geven?

Via internetconsultatie.nl kun je reageren op het expertadvies om deze versie verplicht te stellen. De reacties worden meegenomen in het definitieve advies van Forum Standaardisatie aan het Overheidsbreed Beleidsoverleg Digitale Overheid (OBDO).

Dit is een automatisch geplaatst bericht. Vragen of opmerkingen kun je richten aan @[email protected]

#cyberdreigingen #digitaleWeerbaarheid #forumStandaardisatie #gegevensuitwisseling #informatiebeveiliging #internetconsultatie #NDS #nieuwsbrief22026 #openStandaarden #overheidIt #pasToeLegUit #STIX #TAXII

CTI-Transmute v1.0 released

An online and open source service for converting cyber threat intelligence format, built to promote interoperability and seamless data exchange.

#opensource #cti #stix #misp #openstandard

@misp

🔗 Online version https://cti-transmute.org/
🔗 Source code https://github.com/MISP/cti-transmute

We are pleased to announce the release of CTI-Transmute.org, a new free and open-source service designed to facilitate conversions between MISP and STIX 2.x formats.

The service is available both through a web interface and an API, allowing users to convert CTI data easily. The web UI also gives users the option to share or keep private their conversions for further review or collaboration.

You can view an example conversion here: 🔗 https://cti-transmute.org/convert/detail/4

Access the service: 🔗 https://cti-transmute.org

Source code of the service: 🔗 https://github.com/MISP/cti-transmute

Our goal is to make the use of standard CTI formats easier and to support the sharing and review of online conversions within the community.

The service will be gradually extended to support additional formats, such as detection rules and other widely used CTI standards.

We invite you to try the service and report any issues or feature requests directly on GitHub.

#cti #interoperability #misp #cybersecurity #threatintelligence #threatintel #stix #opensource

@circl @misp

Support for #STIX and #TAXII in #IntelMQ

For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...

After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.

The commits are currently waiting in pull request in IntelMQ GitHub:
https://github.com/certtools/intelmq/pull/2611

#cybersecurity #development #blueteam #cyberdefense #soc #siem

@avuko

There's STIG. I know some of the people who work[ed?] on it at INL.

https://github.com/idaholab/STIG

#STIX #OpenCTI #infosec

I'll try to find time during the following weekends to retake my preliminary work on what I've called #STIX Patterns Universal Conversor (SPUC)... I had already done some work to build simple Snort and Suricata rules in the past and had started targetting other query languages but now I understand that I probably need a nearly full refactor of the code.

I'll try to make something testable in the following weeks.