mirror of https://github.com/MISP/misp-website
37 lines
3.1 KiB
Markdown
37 lines
3.1 KiB
Markdown
|
---
|
||
|
|
title: MISP 2.4.93 released (aka ATT&CK integration improvements)
|
||
|
|
layout: post
|
||
|
|
featured: /assets/images/misp-small.png
|
||
|
|
---
|
||
|
|
|
||
|
|
A new version of MISP [2.4.93](https://github.com/MISP/MISP/tree/v2.4.93) has been released including an improved [MITRE ATT&CK](https://attack.mitre.org) integration, new event lock functionality, initial support for multilingual MISP interface, various fixes and a security fix ([CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649)).
|
||
|
|
|
||
|
|
MITRE ATT&CK offers a nice and efficient way to describe adversarial tactics and techniques to information in MISP (at event or attribute level) and share it with your partners. We included ATT&CK in the [misp-galaxy](https://www.misp-project.org/galaxy.html) from the early beginning but we quickly saw the limitation of using the techniques in MISP. So we decided to improve the user-interface by having the ATT&CK matrix directly accessible in MISP to add techniques and tactics following the model described in MITRE ATT&CK. The global statistics were also extended in order to see the overview of techniques used.
|
||
|
|
|
||
|
|
<div class="myvideo">
|
||
|
|
<video style="display:block; width:100%; height:auto;" autoplay controls loop="loop">
|
||
|
|
<source src="{{ site.baseurl }}/assets/images/misp/video/attack.webm" type="video/webm" />
|
||
|
|
</video>
|
||
|
|
</div>
|
||
|
|
|
||
|
|
A new functionality has been introduced called event lock which shows if another user is editing the event you're viewing (same organisation only).
|
||
|
|
|
||
|
|
STIX 2 export now includes PE binaries and better support for MISP objects.
|
||
|
|
|
||
|
|
STIX 1 import has been significantly improved to import AIS/US-CERT STIX file including specific relationship for malware samples.
|
||
|
|
|
||
|
|
A new functionality has been added to allow the switching of the UI language used for the MISP interface (part of the ongoing [internationalization effort](https://github.com/MISP/misp-book/tree/master/translation)) .
|
||
|
|
|
||
|
|
[CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649) has been fixed where brute force protection can be bypassed with a PUT request.
|
||
|
|
|
||
|
|
Many bug fixes (including install guides) and minor features including impfuzzy validation.
|
||
|
|
|
||
|
|
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
|
||
|
|
|
||
|
|
A huge thanks to all the [contributors](/contributors) who helped us to improve the software and also all the participants in MISP trainings which give interesting feedback
|
||
|
|
for improvements.
|
||
|
|
|
||
|
|
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
|
||
|
|
|
||
|
|
Don't forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. A [Call-for-Papers is open](https://cfp.hack.lu/misp0x4/) for the MISP Threat Intelligence Summit 0x4. We would be glad to see users, contributors or organisations actively using MISP or/and threat intelligence to share their experiences and presentation to the CfP.
|