From 0d21b4ea3df84fa099f15850c9dd630f5b4a82da Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Thu, 6 Sep 2018 08:55:32 +0200 Subject: [PATCH] Update 2018-09-06-MISP.2.4.95.released.md --- _posts/2018-09-06-MISP.2.4.95.released.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/_posts/2018-09-06-MISP.2.4.95.released.md b/_posts/2018-09-06-MISP.2.4.95.released.md index 76447fe..3fba74f 100755 --- a/_posts/2018-09-06-MISP.2.4.95.released.md +++ b/_posts/2018-09-06-MISP.2.4.95.released.md @@ -4,11 +4,11 @@ layout: post featured: /assets/images/misp-small.png --- -A new version of MISP [2.4.95](https://github.com/MISP/MISP/tree/v2.4.95) has been released with a complete rework and refactoring of the API search allowing more flexibility, improved search capabilities, performance and extendability. +A new version of MISP ([2.4.95](https://github.com/MISP/MISP/tree/v2.4.95)) has been released with the first stage of a complete rework and refactoring of the API exports, allowing for more flexibility, improved search capabilities, performance and extendability. -The search API in MISP has been refactored to make the code logic much simpler and coherent among the different format of export (MISP JSON, MISP XML, OpenIOC, Suricata and Snort). Substring matching is now fully supported. The API is also backward compatible with previous and existing tools (let us know if you have [any issue](https://www.github/MISP/MISP)). +The search API in MISP has been refactored to streamline and simplify the code's logic and to bring consistency among the various export formats (MISP JSON, MISP XML, OpenIOC, Suricata, Snort and the text export) especially in regards to filtering. The filter system now assumes exact string matches by default and allows users to insert wild-card characters for substring searches across all filters. This provides both performance boosts along with more accurate results when substring matching is not needed along with the flexibility of setting search terms such as starts with or endswith. The API is also backwards compatible with previous versions and existing tools (let us know if you have [any issue](https://www.github/MISP/MISP)). -With the new API, search query such as exporting all attributes of types ip-src and ip-dst that have a TLP marking and are not marked tlp:red, with the syntax below. String searches are by default exact lookups, but you can use SQL style "%" wildcards to do substring searches. +With the new API, building search queries has become more natural and simple to build programmatically. For example, exporting all attributes of types ip-src and ip-dst that have a TLP marking and are not marked tlp:red, can be achieved with the query below. String searches are by default exact lookups, but you can use SQL style "%" wildcards to do substring searches. ~~~~ { @@ -30,9 +30,11 @@ With the new API, search query such as exporting all attributes of types ip-src } ~~~~ -A complete ReST client has been added in the MISP interface to easily query the API from your MISP. A templating system has been included to assist users to create their ReST queries against the API. The ReST client includes the API enumeration documentation based on the API exposed description. +All old parameter syntaxes are still supported, though passing ordered parameters via the URL has been deprecated. We are also currently in the process of baking all existing export APIs into the standard API search functionality - simply pass your usual standardised list of parameters as described in the API and choose the return format. Make sure you query the correct scope (/events/restSearch for all events matching a query and /attributes/restSearch for all attributes matching a query). -A debug functionality has been added in any API query to quickly show the SQL queries performed by appending `/sql:1` to any query via the API (debugging mode must be 2). +A complete ReST client has been added in the MISP interface to easily query the API from your MISP. A templating system has been included to assist users to create their ReST queries against the API. The ReST client includes the API enumeration documentation based on the API exposed description. Use this tool to build and test queries that you would like to use via other tools and applications. + +A debug functionality has been added in any API query to quickly show the SQL queries performed by appending `/sql:1` to any query via the API (debugging mode must be set to "debug with SQL dump" - option 2). Many new [MISP modules](https://www.github.com/MISP/misp-modules) were included and we extend MISP to better support enrichment modules with large output (such as the Sigma to search queries converter). In this version, a new on-demand pop-up has been introduced to have a sticky hover to ease cut-and-paste or selection. @@ -40,11 +42,11 @@ A bro NIDS type has been added in MISP to support the exchange of raw bro NIDS s For a complete overview of all the changes, the full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available. -Improvement in the STIX2 export and import were undertaken to improve the scope of the [MISP open standard](https://github.com/MISP/misp-rfc) and the mapping thereof to the STIX2 JSON format. Relationships between SDOs have been improved in the export to map the MISP relationships with the fixed relationships described in STIX2. valid_until has been mapped in the STIX2 export based on the expiration date used in the expiration type in the sighting available in MISP. +Enhancements to the STIX2 export and import were undertaken to improve the scope coverage of the [MISP open standard](https://github.com/MISP/misp-rfc) and the mapping thereof to the STIX2 JSON format. Relationships between SDOs have been improved in the export to map the MISP relationships with the fixed relationships described in STIX2. valid_until has been mapped in the STIX2 export based on the expiration date used in the expiration sightings available in MISP. -Many new translations were included in MISP for the user-interface localisation. The Japanese translation is completed, French, Danish and Italian improved a lot and many other translations (such as German, Spanish and Korean) are on the way. +Several new translations were included in MISP for the user-interface localisation. The Japanese translation has been completed, French, Danish and Italian have been improved drastically and many other translations (such as German, Spanish and Korean) are on the way. -A huge thanks to all the [contributors](/contributors) who have tirelessly helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements. +A huge thanks to all the [contributors](/contributors) who have tirelessly helped us improve the software and also all the participants in the MISP trainings giving us a bunch of interesting feedback for ideas for improvements. MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.