misp-website/_posts/2019-02-02-MISP.2.4.102.rel...

---
title: MISP 2.4.102 released (aka bug fixes and FOSDEM release)
layout: post
featured: /assets/images/misp-small.png
---

A new version of MISP ([2.4.102](https://github.com/MISP/MISP/tree/v2.4.102)) has been released with multiple fixes, various UI improvements, new types and a praise to the open source community.

## New types

### Anonymisation

Sharing and exchanging information encompasses a lot of models, communities or practices, the MISP project is involved in different discussions and projects building sharing and information exchange communities. A complex topic is often evaluated which is the anonymisation of information exchanged. Sharing anonymised information is once in a while just a step to share knowledge about information. We introduced a new type in MISP called anonymised which can be combined with a new object called [anonymisation](https://www.misp-project.org/objects.html#_anonymisation).

![](/assets/images/misp/blog/anon-graph.png){:class="img-responsive"}
![](/assets/images/misp/blog/anon2.png){:class="img-responsive"}
![](/assets/images/misp/blog/anonymisation.png){:class="img-responsive"}

The model designed is flexible and can be extended with new anonymisation techniques or approaches. We are standing on the shoulders of giants such as open source tools like [Crypto-PAn](https://www.cc.gatech.edu/computing/Networking/projects/cryptopan/), [ipsumpdump](https://github.com/kohler/ipsumdump) or [arx](https://arx.deidentifier.org/).

### Bro -> Zeek

The open source NIDS [Bro project was renamed Zeek](https://blog.zeek.org/2018/10/renaming-bro-project_11.html) in late 2018. Bro has a growing community and NIDS are important to ensure the detection and enforcement at network level of threat intelligence shared within various communities. We added a new MISP type called zeek which can be used just like the bro type (which will remain to ensure backward compatibility). As diversity is important in information security and open source NIDS, MISP standard core format supports [Suricata](https://suricata-ids.org/), [Snort](https://www.snort.org/) and [Zeek](https://www.zeek.org/).


## Sighting

![](/assets/images/misp/blog/sighting-UI.png){:class="img-responsive"}

- MISP UI has been improved to allow sighting at attribute level or global level.
- Various improvements to the sighting hover such as a generic hovering support.
- ReST API for sighting improved.
- ReST API bug fixed where sighting was added to every single attributes when addSighting failed.
- Search results now includes sighting results too.

## Enhancements

- Server settings have been refactored and streamlined with the UI server settings.
- [Installation documentation](https://misp.github.io/MISP/) has been improved with a generic Debian installer script.
- restSearch APIs improved to function better with URL parameters.
- Feed correlation is no more visible when attribute has correlation disabled.
- Translations of the UI were improved and added (Updated: Czech 4%, Danish 53%, German 21%, French 95%, Italian 39%, Japanese 95%, Korean 3%, Brazilian Portuguese 6%, Spanish 3% new: [i18n] Hungarian, Russian, Ukrainian, Simplified Chinese.)
- STIX 1 and 2 export are now using the restSearch API instead of the old download interface.
- Major improvement in the handling of malware sample in STIX 1 and 2 format.

Many bugs were fixed and various small improvements were performed. A significant fix to improve speed for older versions of MySQL where the wrong index was used in some specific queries.

MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.

We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large. As this is the FOSDEM release, we would like to praise all the open source software and authors who helped us to make the MISP project a reality including (in no particular order and it's not exhaustive) [Redis](https://redis.io/), [PHP](http://php.net/), [Python](https://www.python.org/), [TheHive Project](https://thehive-project.org/), [LIEF - Library to Instrument Executable Formats](https://lief.quarkslab.com/), [MariaDB](https://mariadb.org/), [vis.js](http://visjs.org/index.html), [ZMQ](http://zeromq.org/) ...

A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.

Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automation.
chg: [blog] WiP for FOSDEM release of MISP 2.4.102 2019-02-02 23:04:57 +01:00			`---`
			`title: MISP 2.4.102 released (aka bug fixes and FOSDEM release)`
			`layout: post`
			`featured: /assets/images/misp-small.png`
			`---`

			`A new version of MISP ([2.4.102](https://github.com/MISP/MISP/tree/v2.4.102)) has been released with multiple fixes, various UI improvements, new types and a praise to the open source community.`

			`## New types`

			`### Anonymisation`

			Sharing and exchanging information encompasses a lot of models, communities or practices, the MISP project is involved in different discussions and projects building sharing and information exchange communities. A complex topic is often evaluated which is the anonymisation of information exchanged. Sharing anonymised information is once in a while just a step to share knowledge about information. We introduced a new type in MISP called anonymised which can be combined with a new object called [anonymisation](https://www.misp-project.org/objects.html#_anonymisation).

			`![](/assets/images/misp/blog/anon-graph.png){:class="img-responsive"}`
			`![](/assets/images/misp/blog/anon2.png){:class="img-responsive"}`
			`![](/assets/images/misp/blog/anonymisation.png){:class="img-responsive"}`

			`The model designed is flexible and can be extended with new anonymisation techniques or approaches. We are standing on the shoulders of giants such as open source tools like [Crypto-PAn](https://www.cc.gatech.edu/computing/Networking/projects/cryptopan/), [ipsumpdump](https://github.com/kohler/ipsumdump) or [arx](https://arx.deidentifier.org/).`

			`### Bro -> Zeek`

			The open source NIDS [Bro project was renamed Zeek](https://blog.zeek.org/2018/10/renaming-bro-project_11.html) in late 2018. Bro has a growing community and NIDS are important to ensure the detection and enforcement at network level of threat intelligence shared within various communities. We added a new MISP type called zeek which can be used just like the bro type (which will remain to ensure backward compatibility). As diversity is important in information security and open source NIDS, MISP standard core format supports [Suricata](https://suricata-ids.org/), [Snort](https://www.snort.org/) and [Zeek](https://www.zeek.org/).


chg: [blog] MISP 2.4.102 released 2019-02-03 10:28:36 +01:00			`## Sighting`

			`![](/assets/images/misp/blog/sighting-UI.png){:class="img-responsive"}`

			`- MISP UI has been improved to allow sighting at attribute level or global level.`
			`- Various improvements to the sighting hover such as a generic hovering support.`
			`- ReST API for sighting improved.`
			`- ReST API bug fixed where sighting was added to every single attributes when addSighting failed.`
			`- Search results now includes sighting results too.`

			`## Enhancements`

			`- Server settings have been refactored and streamlined with the UI server settings.`
			`- [Installation documentation](https://misp.github.io/MISP/) has been improved with a generic Debian installer script.`
			`- restSearch APIs improved to function better with URL parameters.`
			`- Feed correlation is no more visible when attribute has correlation disabled.`
			`- Translations of the UI were improved and added (Updated: Czech 4%, Danish 53%, German 21%, French 95%, Italian 39%, Japanese 95%, Korean 3%, Brazilian Portuguese 6%, Spanish 3% new: [i18n] Hungarian, Russian, Ukrainian, Simplified Chinese.)`
			`- STIX 1 and 2 export are now using the restSearch API instead of the old download interface.`
			`- Major improvement in the handling of malware sample in STIX 1 and 2 format.`

			`Many bugs were fixed and various small improvements were performed. A significant fix to improve speed for older versions of MySQL where the wrong index was used in some specific queries.`
chg: [blog] WiP for FOSDEM release of MISP 2.4.102 2019-02-02 23:04:57 +01:00
			MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.

chg: [blog] MISP 2.4.102 released 2019-02-03 10:28:36 +01:00			We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large. As this is the FOSDEM release, we would like to praise all the open source software and authors who helped us to make the MISP project a reality including (in no particular order and it's not exhaustive) [Redis](https://redis.io/), [PHP](http://php.net/), [Python](https://www.python.org/), [TheHive Project](https://thehive-project.org/), [LIEF - Library to Instrument Executable Formats](https://lief.quarkslab.com/), [MariaDB](https://mariadb.org/), [vis.js](http://visjs.org/index.html), [ZMQ](http://zeromq.org/) ...

chg: [blog] WiP for FOSDEM release of MISP 2.4.102 2019-02-02 23:04:57 +01:00			`A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.`

			`Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automation.`