misp-website/_posts/2019-06-05-MISP.2.4.108.rel...

---
title: MISP 2.4.108 released (aka copy-paste-and-sync feature)
layout: post
featured: /assets/images/misp/blog/anothergraph.png
---

A new version of MISP ([2.4.108](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and bugs fixed. We strongly advise all users to update their MISP installation to this latest version.

# New main features

## A copy-paste-and-sync function

A new tool has been added in MISP to create MISP sync configuration in JSON format from the user-interface. This significantly improved the setup of synchronisation between MISP instances. Synchronisation can now be setup (in addition to the standard setup) in 2 simple steps:

- A sync user can log into a remote MISP instance, extract the sync config in one click;
- paste the sync config into its own instance as a site admin user.

That's it, you have a running synchronisation configuration.

## Improved "paranoid" logging

During the [enforce](https://securitymadein.lu/news/ceis-securitymadein-lu-enforce-project/) training session in Paris, law enforcement officers mention the need for LEA to have extensive audit mechanisms about information read and access. A new optional paranoid logging functionality has been added to log any queries from the user-interface or API in a MISP instance. The feature has two features such as include POST/PUT body in the logs and skipping the database store to publish the audit logs directly in the pub-sub channel (such as ZMQ, Kafka or ElasticSearch ZMQ, Kafka or ElasticSearch).


## API

- New logical 'AND' for tag filters has been added in restSearch API.
- Added object_relation as a filter for both the event/attribute restSearch functions.
- [restResponse] Added documentation for adding tags on Objects.
- [API] Allow more flexibility on the return content types. [iglocska]

# Various improvements

- [logging] Added verbose logging to the server sync test throwing an unexpected error.
- [bug] A bug in the event graph displayed broken icons to some specific browsers. The bug was fixed by updating font-awesome 5.8.2 and the loading of font-awesome in visjs.
- [event:view] Correctly display title to large by truncating (+ellipsis).
- [diagnostic:view] Improved visibility of the `updateAllJson` update button.
- [object:add] Disable the first select's option when adding a new row.
- [object:add] Added empty option support in select inputs when creating an object.
- [UI] Event lock concatinating quoted empty strings.
- [UI] Double sanitisation of org view fixed, fixes #4704.
- [sync] Further fixes to the deleted flag changes breaking things.
- [authkey] Fixed The authkey variable (Viper should work again) (#4694)
- [sync] Critical bug fixed that blocked attributes from being included in a push. due to the change to the deleted flag that was not reflected in the way we prepare events for the synchronisation
- [UI] Add the create server sync description menu to the server list.
- [sync] whitelist fields that can be added via the JSON config.
- [UI] Invalid redirect fixed.
- [organisation:view] Fixed spinner when viewing events from an org.
- [API] Weird responses from JSON objects fixed when data returned is empty.
- [API]  Wrong JSON output when /events/index returns empty result, fixes #4690.
- [UI] Org index filter fixed.
- [stix2 import] Fixed external domain & x509 patterns import.
- [freetext import] Fixed shadow attribute import.
- [event:view] Correctly support the new `deleted` parameter behavior.
- [UI] Fixed checklocks polluting the top bar.
- [enrichment:popover] Correctly fadeout when clicking on the close button.
- [STIX] STIX upload fixed for API use.
- [galaxy:add] Consider both model names when doing a mass cluster addition.
- [installer] Checksum checker has been fixed and improved.
- [stix import] Fixed email attachments parsing.
- [stix import] Supporting multi attachment attributes for the email object.

# MISP modules

Many new [MISP modules](https://github.com/MISP/misp-modules) were added such as Joe Sandbox integration.

# MISP galaxy, object templates and warning-lists updated

[MISP galaxy](https://www.misp-project.org/galaxy.html), [MISP object templates](https://www.misp-project.org/objects.html) and [MISP warning-lists](https://github.com/MISP/misp-warninglists/) have been updated to the latest version.

New [default feeds](https://www.misp-project.org/feeds/) were added in MISP. Don't hesitate to contact us if you have any idea for new feeds.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
add: [blog] first version before NZR 2019-06-05 16:28:57 +02:00			`---`
			`title: MISP 2.4.108 released (aka copy-paste-and-sync feature)`
			`layout: post`
chg: [blog] image graph updated 2019-06-05 16:31:24 +02:00			`featured: /assets/images/misp/blog/anothergraph.png`
add: [blog] first version before NZR 2019-06-05 16:28:57 +02:00			`---`

			`A new version of MISP ([2.4.108](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and bugs fixed. We strongly advise all users to update their MISP installation to this latest version.`

			`# New main features`

			`## A copy-paste-and-sync function`

			`A new tool has been added in MISP to create MISP sync configuration in JSON format from the user-interface. This significantly improved the setup of synchronisation between MISP instances. Synchronisation can now be setup (in addition to the standard setup) in 2 simple steps:`

			`- A sync user can log into a remote MISP instance, extract the sync config in one click;`
			`- paste the sync config into its own instance as a site admin user.`

			`That's it, you have a running synchronisation configuration.`

			`## Improved "paranoid" logging`

			During the [enforce](https://securitymadein.lu/news/ceis-securitymadein-lu-enforce-project/) training session in Paris, law enforcement officers mention the need for LEA to have extensive audit mechanisms about information read and access. A new optional paranoid logging functionality has been added to log any queries from the user-interface or API in a MISP instance. The feature has two features such as include POST/PUT body in the logs and skipping the database store to publish the audit logs directly in the pub-sub channel (such as ZMQ, Kafka or ElasticSearch ZMQ, Kafka or ElasticSearch).


			`## API`

			`- New logical 'AND' for tag filters has been added in restSearch API.`
			`- Added object_relation as a filter for both the event/attribute restSearch functions.`
			`- [restResponse] Added documentation for adding tags on Objects.`
			`- [API] Allow more flexibility on the return content types. [iglocska]`

			`# Various improvements`

			`- [logging] Added verbose logging to the server sync test throwing an unexpected error.`
			`- [bug] A bug in the event graph displayed broken icons to some specific browsers. The bug was fixed by updating font-awesome 5.8.2 and the loading of font-awesome in visjs.`
			`- [event:view] Correctly display title to large by truncating (+ellipsis).`
			- [diagnostic:view] Improved visibility of the `updateAllJson` update button.
			`- [object:add] Disable the first select's option when adding a new row.`
			`- [object:add] Added empty option support in select inputs when creating an object.`
			`- [UI] Event lock concatinating quoted empty strings.`
			`- [UI] Double sanitisation of org view fixed, fixes #4704.`
			`- [sync] Further fixes to the deleted flag changes breaking things.`
			`- [authkey] Fixed The authkey variable (Viper should work again) (#4694)`
			`- [sync] Critical bug fixed that blocked attributes from being included in a push. due to the change to the deleted flag that was not reflected in the way we prepare events for the synchronisation`
			`- [UI] Add the create server sync description menu to the server list.`
			`- [sync] whitelist fields that can be added via the JSON config.`
			`- [UI] Invalid redirect fixed.`
			`- [organisation:view] Fixed spinner when viewing events from an org.`
			`- [API] Weird responses from JSON objects fixed when data returned is empty.`
			`- [API] Wrong JSON output when /events/index returns empty result, fixes #4690.`
			`- [UI] Org index filter fixed.`
			`- [stix2 import] Fixed external domain & x509 patterns import.`
			`- [freetext import] Fixed shadow attribute import.`
			- [event:view] Correctly support the new `deleted` parameter behavior.
			`- [UI] Fixed checklocks polluting the top bar.`
			`- [enrichment:popover] Correctly fadeout when clicking on the close button.`
			`- [STIX] STIX upload fixed for API use.`
			`- [galaxy:add] Consider both model names when doing a mass cluster addition.`
			`- [installer] Checksum checker has been fixed and improved.`
			`- [stix import] Fixed email attachments parsing.`
			`- [stix import] Supporting multi attachment attributes for the email object.`

			`# MISP modules`

			`Many new [MISP modules](https://github.com/MISP/misp-modules) were added such as Joe Sandbox integration.`

			`# MISP galaxy, object templates and warning-lists updated`

			`[MISP galaxy](https://www.misp-project.org/galaxy.html), [MISP object templates](https://www.misp-project.org/objects.html) and [MISP warning-lists](https://github.com/MISP/misp-warninglists/) have been updated to the latest version.`

			`New [default feeds](https://www.misp-project.org/feeds/) were added in MISP. Don't hesitate to contact us if you have any idea for new feeds.`

			`We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.`

			`As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.`