misp-website/content/blog/MISP.2.4.165.released.md

85 lines
4.0 KiB
Markdown
Raw Normal View History

2022-11-21 16:41:53 +01:00
---
title: MISP 2.4.165 released with many improvements, bugs fixed and security fixes.
date: 2022-11-21
layout: post
banner: /img/blog/workflow.png
---
2022-11-22 08:41:21 +01:00
We are pleased to announce the immediate availability of [MISP v2.4.165](https://github.com/MISP/MISP/releases/tag/v2.4.165) with many improvements to the workflow subsystem along with various performance improvements.
2022-11-21 16:41:53 +01:00
# Improvements
- [workflow] Module to toggle/remove the to_ids flag
- [workflow] Added generic module to support attribute edition
- [workflow] [triggers:event_after_save_new] Added 2 new triggers for new events and new events from pull.
- [workflow:execute_module] Allow to ignore format conversion before executing module.
- [workflows:triggers] Added filtering capability on the index
- [CLI] Feed management added
- [CLI] Pretty and JSON output added in list and view feeds
- [Auth] OpenID connect improved
- [freetext] Fetch security vendor domains from [warninglist](https://github.com/MISP/misp-warninglists)
- [UI] Allow to disable PGP key fetching
- [UI] Show warning if user don't have permission to use API
- [tool:evengraph] Include relationships when using pivot key
- [UI] Show servers where event will be pushed
# Performance improvements
- [feed] Store freetext feed compressed in cache
- [internal] Store some data in Redis compressed to save memory
- [correlation] Do not correlate over correlating value again for full correlation
- [internal] Add support for [simdjson](https://github.com/simdjson/simdjson) extension
- [warninglist] Load warninglist from Redis for TLDs and security vendors
# Bugs fixed
- [tags] not passing name, filter, search all together would lead to the search not working
# Security issues
- [security] Permission for tag collections
- [security] Check user permission when attaching clusters
We strongly recommend MISP administrators to update to this latest version.
For a more detailed changelog, please see the online [Changelog](https://www.misp-project.org/Changelog.txt).
# New workflow blueprints available
New [workflow blueprints](https://github.com/MISP/misp-workflow-blueprints/) were added to support new use-cases.
- [Attach `tlp:clear` on `tlp:white`](./blueprints/blueprint_attach-tlp_clear-on-tlp_white_1661328256.json) - Attach the `tlp:clear` tag on elements having the `tlp:white` tag.
- [`PAP:RED` and `tlp:red` Blocking](./blueprints/blueprint_pap_red-and-tlp_red-blocking_1661328258.json) - Block actions if any attributes have the `PAP:RED` or `tlp:red` tag.
- [Remote `to_ids` flag if the indicator appears in known file list](https://github.com/MISP/misp-workflow-blueprints/blob/main/blueprints/blueprint_disable-to_ids-flag-for-existing-hash-in-hashlookup_1667228944.json) - Disable to_ids flag for existing hash in [hashlookup](https://www.hashlookup.io/).
- [Set tag based on BGP Ranking maliciousness level](https://github.com/MISP/misp-workflow-blueprints/blob/main/blueprints/blueprint_set-tag-based-on-bgp-ranking-maliciousness-level_1668498668.json) - Set tag based on [BGP Ranking](https://bgpranking.circl.lu) maliciousness level.
# New MISP modules
- [expansion] Added extract_url_components module to create an object from an URL attribute.
- [expansion] New [crowdsec](https://www.crowdsec.net/) expansion module added.
- [expansion] New [VARIoT IoT exploits database](https://www.variotdbs.pl/exploits/) expansion module added.
- [expansion] Updates on hyasinsight expansion module.
# MISP taxonomies
- new misp-workflow taxonomy to have a consistent tag message for the MISP workflow.
- Taxonomy in support of integrating MISP with Sentinel. Sentinel indicator threat types added.
For more [details](https://www.misp-project.org/Changelog-misp-taxonomies.txt).
# MISP galaxy
2022-11-22 08:41:21 +01:00
- Many updates to the threat actor database.
2022-11-21 16:41:53 +01:00
- Update to the MITRE ATT&CK framework to version 12.0.
For more [details](https://www.misp-project.org/Changelog-misp-galaxy.txt).
# MISP objects
- New object to describe Telegram bots.
- Updated exploit object.
For more [details](https://www.misp-project.org/Changelog-misp-objects.txt).