misp-website/_posts/2018-08-06-MISP.2.4.94.rele...

---
title: MISP 2.4.94 released (aka summer improvements)
layout: post
featured: /assets/images/misp-small.png
---

A new version of MISP [2.4.94](https://github.com/MISP/MISP/tree/v2.4.94) has been released including an improved event graph interface, a new ElasticSearch plugin, API extended, clean-ups and many improvements. Even it's summertime, we continuously work on the MISP project and a lot of changes were introduced.

A significant improvement has been done in the MISP event graph such as:

- Export functionality added in MISP event graph to export in PNG, JPEG, JSON format and Graphviz dot format.
- Saving functionality to save the state of an event graph. This allows a user of an organisation to keep the state of the event graph and retrieve the history.

![New functionality in the MISP event graph to export the graph and save the state of the graph](/assets/images/misp/blog/save-graph.png){:class="img-responsive"}

The MITRE ATT&CK matrix user-interface has been extended to add directly techniques at event level without passing by the galaxy interface.

A new contributed functionality to log all MISP activities in an ElasticSearch is now available. It's pretty simple to configure as part of the standard plugin settings where ElasticSearch configuration can be added.

![Configuring ElasticSearch with MISP](/assets/images/misp/blog/elasticsearch.png)

The CLI interface has been improved with the ability to get the API of a giving user, force update of taxonomies, warning lists, notice lists and object templates. This helps automation of deployment of MISP instances without the need to use the UI.

MISP Synchronisation has been improved by moving the blacklist event skipping at negotiation phase instead to pull the event and then discard it later. Synchronisation has been improved when a lot of deletions were involved. Sync negotiation is now based on UUID-based lookups instead of using ID.

MISP API has been extended with an edit strategy API to describe the edit strategy for an event. This has been introduced to help additional tools to edit or extend MISP event such as TheHive project which recently allow to use the new extend event functionality.

Various UI has been improved to ease the administrating tasks of operating large MISP instances such as the PGP fingerprint added to the verifyGPG interface, a new statistic tab to show how many user/organisations were added over the past months/year.

Many internal changes and clean-up were performed based on a recent static analysis of the codebase.

For a complete overview of all the changes, the full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.

New attribute type such as Monero (xmr) added along with the soft validation. [coin-address object template](https://github.com/MISP/misp-objects/blob/master/objects/coin-address/definition.json) updated to match the xmr attribute type.

Major changes in the STIX2 export and import to improve the scope of the [MISP open standard](https://github.com/MISP/misp-rfc) in the STIX2 JSON format.

A huge thanks to all the [contributors](/contributors) who helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements.

MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.

Don't forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next activities to improve threat intelligence, analytics and automation.
First version of the 2.4.94 release blog post 2018-08-06 23:06:55 +02:00			`---`
			`title: MISP 2.4.94 released (aka summer improvements)`
			`layout: post`
			`featured: /assets/images/misp-small.png`
			`---`

			`A new version of MISP [2.4.94](https://github.com/MISP/MISP/tree/v2.4.94) has been released including an improved event graph interface, a new ElasticSearch plugin, API extended, clean-ups and many improvements. Even it's summertime, we continuously work on the MISP project and a lot of changes were introduced.`

			`A significant improvement has been done in the MISP event graph such as:`

			`- Export functionality added in MISP event graph to export in PNG, JPEG, JSON format and Graphviz dot format.`
			`- Saving functionality to save the state of an event graph. This allows a user of an organisation to keep the state of the event graph and retrieve the history.`

			`![New functionality in the MISP event graph to export the graph and save the state of the graph](/assets/images/misp/blog/save-graph.png){:class="img-responsive"}`

			`The MITRE ATT&CK matrix user-interface has been extended to add directly techniques at event level without passing by the galaxy interface.`

			`A new contributed functionality to log all MISP activities in an ElasticSearch is now available. It's pretty simple to configure as part of the standard plugin settings where ElasticSearch configuration can be added.`

			`![Configuring ElasticSearch with MISP](/assets/images/misp/blog/elasticsearch.png)`

			`The CLI interface has been improved with the ability to get the API of a giving user, force update of taxonomies, warning lists, notice lists and object templates. This helps automation of deployment of MISP instances without the need to use the UI.`

			`MISP Synchronisation has been improved by moving the blacklist event skipping at negotiation phase instead to pull the event and then discard it later. Synchronisation has been improved when a lot of deletions were involved. Sync negotiation is now based on UUID-based lookups instead of using ID.`

			`MISP API has been extended with an edit strategy API to describe the edit strategy for an event. This has been introduced to help additional tools to edit or extend MISP event such as TheHive project which recently allow to use the new extend event functionality.`

			`Various UI has been improved to ease the administrating tasks of operating large MISP instances such as the PGP fingerprint added to the verifyGPG interface, a new statistic tab to show how many user/organisations were added over the past months/year.`

			`Many internal changes and clean-up were performed based on a recent static analysis of the codebase.`

			`For a complete overview of all the changes, the full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.`

			`New attribute type such as Monero (xmr) added along with the soft validation. [coin-address object template](https://github.com/MISP/misp-objects/blob/master/objects/coin-address/definition.json) updated to match the xmr attribute type.`

			`Major changes in the STIX2 export and import to improve the scope of the [MISP open standard](https://github.com/MISP/misp-rfc) in the STIX2 JSON format.`

			`A huge thanks to all the [contributors](/contributors) who helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements.`

			MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.

			`Don't forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next activities to improve threat intelligence, analytics and automation.`