From 107cc1f2264d575536f5dc432bc01da99014ea01 Mon Sep 17 00:00:00 2001 From: iglocska Date: Wed, 9 Jun 2021 07:47:14 +0200 Subject: [PATCH] 2.4.144 --- _posts/2021-06-07-MISP.2.4.144.released.md | 33 ++++++++-------------- 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/_posts/2021-06-07-MISP.2.4.144.released.md b/_posts/2021-06-07-MISP.2.4.144.released.md index 0346be6..ceebee0 100644 --- a/_posts/2021-06-07-MISP.2.4.144.released.md +++ b/_posts/2021-06-07-MISP.2.4.144.released.md @@ -1,40 +1,31 @@ --- -title: MISP 2.4.143 released (10 year anniversary edition) +title: MISP 2.4.144 released (Document all the things!) layout: post featured: /assets/images/misp/blog/misp-sea.png --- -# MISP 2.4.143 released +# MISP 2.4.144 released -MISP 2.4.143 released including a new audit subsystem, various quality of life improvements and bug fixes. +MISP 2.4.144 released including a massive update to the documentation along with some fixes, including security related fixes. -# 10 year anniversary +# OpenAPI integration -[MISP has, as of the 15th of May, turned 10,](https://twitter.com/MISPProject/status/1393141380369821697) to celebrate the occasion we have a celebratory MISP logo acting as a temporary replacement of the usual one for the duration of this release. +We have a new core team member at MISPProject, Luciano (@righel), who kicked off his tenure with an impressive mapping of all the most important endpoints of MISP to OpenAPI. As of this release, the API documentation is directly available in MISP, along with example payloads and responses. You can also find this information directly on the misp-project website. To all integrators and developers wrangling with the API, we highly recommend you take a look at the API menu in MISP and we wish you happy and headache-free hacking! -It has been a long road since Christophe Vandeplas released the initial version of CyDefsig (later renamed to MISP) in 2011. We would hereby like to thank all contributors and supporters for making MISP what it is today. Looking back at how the tooling and the communities evolved over the decade, we can see how threats and threat intelligence has changed and evolved over the years, molding the platform in the process. Here's to at least another 10 years of active sharing and bringing communities together! +# New diagrams and descriptions -# New audit system +Thanks to the thorough investigations of @mokaddem, we now have the entire synchronisation and authentication flows of MISP mapped in an easy to understand graph - both of these are included as of now directly in your MISP installation, so if you're in doubt about what's going on under the hood, but don't feel aventorous enough to replace your night time reading materials with a hefty chunk of PHP code, have a look at the new graphs! -Thanks to @JakubOnderka, we now have a whole new audit system, storing relevant audit logs in a more concise yet easily machine-parsable way (all changes will be logged as JSON objects). This feature is disabled by default and needs to be enabled in the server settings, though keep in mind that it will not convert existing entries. Especially for new instances, we highly recommend switching to the new system! +# CyCat integration v1 -# Event republish-alert flood protection +CyCat is a new initiative built by a group of individuals with the aim of cataloguing all the techniques and libraries around cyber-security, mostly with the selfish desire to make their own confusing lives easier (along with all those that are in a similar situation). As of this release, you'll be able to enable a first version of the CyCat integration in MISP directly, allowing you to directly see relations to your galaxy clusters via CyCat's own relationship system, giving you an extra layer of background information with the clusters already in use. -As our communities grow and we all build our own internal tooling for processing data in MISP, the more likely it is to run into some slightly frustrating issues. One such issue we've encountered recently came from a tool that seems to have regularly (and frequently!) modified certain events and republished them consecutively. This in itself is not an issue, however, it can generate a lot of noise in terms of alert emails. We have now added a protective measure to counter this, make sure you have a look at the appropriate settings to create lockout timers for alerts that can be issued for a single event. +If you are interested in CyCat and what it can do for you, head over to the [Cycat website](https://cycat.org/). # Improvements -- Event report hints autocomplete while typing in the Markdown has been improved -- Server rules element improved -- MISP modules results now point to the original object itself - -# MISP Modules - -Two new MISP modules were introduced: - -- cof2misp module to allow the import of Passive DNS in [JSON COF Format](https://tools.ietf.org/id/draft-dulaunoy-dnsop-passive-dns-cof-08.html) into MISP -- An improved [onyphe module](https://github.com/MISP/misp-modules/blob/main/misp_modules/modules/expansion/onyphe.py) to do expansion in MISP with full MISP object support - +- Various quality of life improvements and bug fixes, related to synchronisation, sharing groups, event reports and more! +- A security fix that would under certain circumstances result in attributes of an object being misassociated to the wrong sharing group after synchronisation. A massive thank you to Jeroen Pinoy for his diligent work in uncovering this issue! # Acknowledgement We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html)