A new version of MISP ([2.4.104](https://github.com/MISP/MISP/tree/v2.4.104)) has been released with a series of new features such as new overlap feed comparator, a new graph visualisation o
f event and attribute distribution, bookmarked history in REST client and many others.
Feed can now be compared to other feeds (cached feeds and cached MISP servers). This helps if you can cover the contents with a combination of other cached feeds. This feature can be useful to carefully evaluate new feeds against other ones.
A new distribution visualisation graph has been introduced to quickly view where information will be distributed. This allows users to get an overview how far events and attributes will be distributed and shows the member of the community who will get the information shared.
The MISP UI REST Client now keeps an history of all the queries performed. The queries can be recalled and bookmarked for later use. No more need to keep track of your queries in your notes,
On a MISP instance, you can now require to have at least one tag set from one or more taxonomy before publishing an event. This feature is useful for organisations who have mandatory taxonomies to be set (such as CSIRTs with TLP, military organisation with mandatory classification or an ISAC with required contextualisation).
CERN provided an outstanding contribution which includes a [Kafka](https://kafka.apache.org/) streaming functionality in MISP in addition to the standard ZMQ already included. This allows
to include a real-time stream of actions (such as new events, update, new sighting, new tags) from MISP into advanced processing security workflow. For more information, the [CERN presentation](https://indico.cern.ch/event/775579/contributions/3306040/attachments/1808103/2951821/2019-02-20__WLCG_SOC_WG_CERN_SOC_Update.pdf) gives a good insight.
- A new ATT&CK heatmap is now displayed per threat-actor aggregating information from the various events and attributes in MISP where the techniques are linked to a specific threat actor.
- All galaxy matrix type are now included in the statistic page.
- [API] Pagination is now available to the event index.
- Galaxies can now be deleted from the user-interface.
- A new exercise setup script has been introduced to setup MISP instances for training or exercise:
- assumes a hub MISP and a set of training MISPs for different participating teams
- This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
- each instance has to have the same API key for the site admin (the idea is to clone training VMs)
- configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances
## Bug fixes
- Upgraded to the latest version of CakePHP.
- Bro/Zeek export fixed including the cached export feature.
- STIX 2 export various fixes.
- Some improvements to the RPZ export format to include serial.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf), [taxonomies](/taxonomies.pdf) and [warning-lists](https://www.github.com/MISP/misp-warninglists) were extended by many contributors, whic
h are also included by default in MISP. Don't forget to run a `git submodule update` and update galaxies, objects and taxonomies via the UI.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automati
