First version of the blog post for MISP 2.4.95 release (screenshots are missing)

pull/6/head
Alexandre Dulaunoy 2018-09-06 08:33:12 +02:00
parent 83f68bc655
commit 0417a1300b
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 51 additions and 0 deletions

View File

@ -0,0 +1,51 @@
---
title: MISP 2.4.95 released (aka API search improvement)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.95](https://github.com/MISP/MISP/tree/v2.4.95) has been released with a complete rework and refactoring of the API search allowing more flexibility, improved search capabilities, performance and extendability.
The search API in MISP has been refactored to make the code logic much simpler and coherent among the different format of export (MISP JSON, MISP XML, OpenIOC, Suricata and Snort). Substring matching is now fully supported. The API is also backward compatible with previous and existing tools (let us know if you have [any issue](https://www.github/MISP/MISP)).
With the new API, search query such as exporting all attributes of types ip-src and ip-dst that have a TLP marking and are not marked tlp:red, with the syntax below. String searches are by default exact lookups, but you can use SQL style "%" wildcards to do substring searches.
~~~~
{
"returnFormat": "json",
"type": {
"OR": [
"ip-src",
"ip-dst"
]
},
"tags": {
"NOT": [
"tlp:red"
],
"OR": [
"tlp:%"
]
}
}
~~~~
A complete ReST client has been added in the MISP interface to easily query the API from your MISP. A templating system has been included to assist users to create their ReST queries against the API. The ReST client includes the API enumeration documentation based on the API exposed description.
A debug functionality has been added in any API query to quickly show the SQL queries performed by appending `/sql:1` to any query via the API (debugging mode must be 2).
Many new [MISP modules](https://www.github.com/MISP/misp-modules) were included and we extend MISP to better support enrichment modules with large output (such as the Sigma to search queries converter). In this version, a new on-demand pop-up has been introduced to have a sticky hover to ease cut-and-paste or selection.
A bro NIDS type has been added in MISP to support the exchange of raw bro NIDS signature within MISP communities.
For a complete overview of all the changes, the full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
Improvement in the STIX2 export and import were undertaken to improve the scope of the [MISP open standard](https://github.com/MISP/misp-rfc) and the mapping thereof to the STIX2 JSON format. Relationships between SDOs have been improved in the export to map the MISP relationships with the fixed relationships described in STIX2. valid_until has been mapped in the STIX2 export based on the expiration date used in the expiration type in the sighting available in MISP.
Many new translations were included in MISP for the user-interface localisation. The Japanese translation is completed, French, Danish and Italian improved a lot and many other translations (such as German, Spanish and Korean) are on the way.
A huge thanks to all the [contributors](/contributors) who have tirelessly helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
Don't forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next activities to improve threat intelligence, analytics and automation.