mirror of https://github.com/MISP/misp-website
fix: [layout] changed jekyll image styles to hugo render-image hack
Christophe Vandeplas
parent
adf46f90d0
commit
140c38ffa9
|
|
@ -80,9 +80,9 @@ The module is automatically integrated in MISP via the [misp-modules framework](
|
|||
|
||||
An analyst will have access to the following MISP user-interfaces while using the OCR module. The module just work like an expansion module and the user will see all the potential indicators scanned from the document. The OCR module is included as an example in the misp-modules framework and can be directly enabled in the MISP configuration. In order to use the module, the [Tesseract OCR](http://miphol.com/muse/2013/05/install-tesseract-ocr-on-ubunt.html) have to be installed locally on your MISP instance.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ The following new features were introduced:
|
|||
|
||||
- Freetext feed import: a flexible scheme to import any feed available on Internet and incorporate them automatically in MISP. The feed imported can create new event or update an existing event. The freetext feed feature permits to preview the import and quickly integrates external sources.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
- [Bro NIDS](https://www.bro.org/) export added in MISP in addition to Snort and Suricata.
|
||||
|
||||
|
|
|
|||
|
|
@ -11,8 +11,8 @@ This is the first version introducing the [misp-galaxy](https://github.com/MISP/
|
|||
large objects called cluster that can be attached to MISP events or (in the near future) attributes. A cluster can be composed of one or more elements,
|
||||
which are expressed as key-value pairs. You can now directly benefit from the shared galaxy with threat actors and tools used by attackers in MISP.
|
||||
|
||||
{:class="img-responsive"}
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
|
||||
The release includes various improvements such as:
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ banner: /img/blog/misp-small.png
|
|||
|
||||
A new version of MISP [2.4.58](https://github.com/MISP/MISP/tree/v2.4.58) has been released, including bug fixes and a specific improvement to the correlation feature.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
Correlation can be disabled at the instance level, or, if a new setting is enabled, at the event or at the attribute level by a site admin or the creator of the event. The latter is an optional feature that can be enabled or disabled system-wide in MISP. This allows for a flexible scheme, supporting situations where the correlations of certain events or attributes are not interesting for the analysts. This feature is also available via the API.
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ banner: /img/blog/misp-small.png
|
|||
|
||||
A new version of MISP [2.4.60](https://github.com/MISP/MISP/tree/v2.4.60) has been released, including bug fixes and the long awaited attribute-level tagging feature.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
All tags (local or from taxonomies) can now be also applied at the attribute level. This allows analysts or users to easily classify attributes
|
||||
within an event. Many of the taxonomies have useful properties that can be applied to provide additional contextual information to attributes.
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ banner: /img/blog/misp-small.png
|
|||
|
||||
A new version of MISP [2.4.61](https://github.com/MISP/MISP/tree/v2.4.61) has been released, including a critical bug fix, new features and minor updates. We strongly recommend to update MISP to this latest version.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
[Warning lists](https://github.com/MISP/misp-warninglists) has been significantly updated with two new types: ```hostname``` and ```substring```. This allows
|
||||
to make more granular matching to find additional potential false-positives. The ```hostname``` type allows smart substring matching within URLs.
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ A new version of MISP [2.4.67](https://github.com/MISP/MISP/tree/v2.4.67) has be
|
|||
|
||||
Sighting activities over tags and galaxy clusters are now visualised using sparklines, giving us an interesting outlook of contextual activity:
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
Advanced sighting activity is now available at the event level to view the summary of sightings submitted at the attribute level.
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ A new version of MISP [2.4.73](https://github.com/MISP/MISP/tree/v2.4.73) has be
|
|||
|
||||
A new module type Cortex has been introduced allowing for easy integration of MISP and Cortex. [Cortex](https://github.com/CERT-BDF/Cortex) is the analysis engine part of the [TheHive Project](https://thehive-project.org/) which supports expansion services from Cortex within MISP. A new setting has been added to support Cortex similarly to MISP expansion modules where you set the remote Cortex instance. MISP includes a new Cortex attribute type to allow for the raw analysis to be stored along with the event for subsequent analysis.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
The MISP feed handling was reworked to expand the functionality and avoid the past limitation:
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ The default MISP object templates included are: ail-leak, cookie, credit-card, d
|
|||
|
||||
An example which describes a DGA (Domain Generation Algorithm) linked to two domain indicators using the MISP object functionality:
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
Relationships can be described from an existing list of relationship types (e.g. `executed-by`, `impersonates`, `communicates-with`,...) or by values from your own relationship vocabulary. This allows to
|
||||
model a fairly large set of cases from incident, collected intelligence, attacks or course-of-action to malware analysis.
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ The new correlation graph has been improved and now includes the correlation at
|
|||
The navigation and expansion within the correlation graph has now a series of shortcut keys (`q` and `e`) to quickly navigate within large graphs. There is also a new contextual information pane,
|
||||
to quickly show the currently selected and hovered nodes. This improves the navigation over large graphs and quickly expands the information from the selected nodes.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
STIX 2.0 is now supported as an export format in this release. Even though the STIX 2.0 format is still unpublished and at an early stage, we decided to implement a first export tool to see the gaps of
|
||||
the format and helps our users to test the export with potential tools which start to support the version 2.0. As MISP commitment is to support the maximum of format, STIX 1.1 has been also expanded
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ Improvement and cleanup in the event index:
|
|||
|
||||
Various UI improvements to clean up the interface for the analysts, including changes such as the collapse of attributes with highly correlating events:
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
The advanced sighting view on objects is now properly working.
|
||||
|
||||
|
|
|
|||
|
|
@ -28,13 +28,13 @@ To create an extension event, simply enter the UUID or ID of the event in the "E
|
|||
|
||||
Users viewing the original report, will now see a new field called "Extended by" as shown below:
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
Clicking on the atomic view / extended view toggle button will allow you to jump from the classical event view to the extended event view. The extended view will add all of the relations, tags, galaxy clusters, attributes and objects of the extender events. The attribute list in extended view also shows the event it originates from along with the creator organisation. Keep in mind that duplicates across several events are not culled.
|
||||
|
||||
Extending an event is easy and a nifty lookup interface helps you to select the appropriate event to extend:
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
In the above case, OSINT information contained within an event is extended with additional threat hunting information which are limited to your organisation. The major advantage of such an approach is allowing any organisation to expand information without touching the original event.
|
||||
|
||||
|
|
|
|||
|
|
@ -14,14 +14,14 @@ become quite larger, with long lists of objects and attributes, analysts need to
|
|||
allows them to view the items per distribution level including the associated sharing groups. The visualisation is dynamic and can be used to
|
||||
filter the given attributes matching a specific distribution setting within the event.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
### Galaxy at attribute level
|
||||
|
||||
[MISP Galaxy](/galaxy.html) includes a large number of libraries to assist in classifying events based on threat actors, kill chains or actor techniques such as described in the [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page) galaxy. Initially, MISP galaxies were limited to be attached to MISP events alone. As many users developed new galaxy cluster to map their own model, MISP 2.4.91 is now capable of attaching MISP clusters at the attribute level. In the example below, a vulnerability attribute can be then easily linked to the respective MITRE ATT&CK adversary technique supporting analysts trying to search for and pivot on techniques, but also supporting various more advanced automation scenarios.
|
||||
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
### Privacy notice list and GDPR
|
||||
|
||||
|
|
@ -31,11 +31,11 @@ In MISP 2.4.91, we introduced the [MISP notice system](https://github.com/MISP/m
|
|||
|
||||
We expect to see organisations using MISP to enable, disable or extend the notice lists to fit their specific policies, legal frameworks or local regulation frameworks.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
and notice lists are easily configurable:
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
### API
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ Major improvements have been implemented in the MISP event graph such as:
|
|||
- Export functionality added in the MISP event graph to export in PNG, JPEG, JSON format and Graphviz dot format.
|
||||
- Saving functionality to save the state of an event graph. This allows a user of an organisation to keep the state of the event graph and retrieve the history.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
The MITRE ATT&CK matrix user-interface has been extended to add directly techniques at event level without passing by the galaxy interface.
|
||||
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ A debug functionality has been added in any API query to quickly show the SQL qu
|
|||
|
||||
Many new [MISP modules](https://www.github.com/MISP/misp-modules) were included and we extend MISP to better support enrichment modules with large output (such as the Sigma to search queries converter). In this version, a new on-demand pop-up has been introduced to have a sticky hover to ease cut-and-paste or selection.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
A bro NIDS type has been added in MISP to support the exchange of raw bro NIDS signature within MISP communities.
|
||||
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ A new version of MISP ([2.4.101](https://github.com/MISP/MISP/tree/v2.4.101)) ha
|
|||
|
||||
## Tag collections
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
Contextualisation in threat intelligence is one of the key activities when performing analysis and when reviewing or processing information from internal or external sources. The task can be rather tedious, but nevertheless, it's a critical step in ensuring the quality and the information's capacity to be used for automatic processing. MISP 2.4.101 introduces a new concept, in an attempt to improve the "time-to-contextualise" information for users using the platform. Tag collections, a new feature in 2.4.101, aim to allow users to predefine re-usable structures consisting of a set of tags (from taxonomies) along with galaxy information attached. Analysts can use these named collections to quickly classify information with all of the contextualisation labels declared in the collection. This functionality enables anyone using MISP to significantly lower the time it takes to classify information and to ensure that all the pre-defined context related information is attached to an event or attribute. This feature is a first step in opening up the sharing of analysisMISP best practices directly via the platform itself.
|
||||
|
||||
## Improved tag/galaxy selector
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
The success of MISP taxonomies and galaxies since their inception has been suffering from a minor but annoying drawback. When we originally designed the user-interfaces of the tag and galaxy systems in MISP, our immediate intent was to handle a rather small set of taxonomies. Since then we have come a long way and thanks to the many excellent contributions we've received from the community, the ugly side-effect of our original design decisions reared its head: adding multiple tags and galaxies has become a tedious chore, especially when trying to contextualise several aspects of the information to be shared, using multiple tags and galaxies.
|
||||
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ A new version of MISP ([2.4.102](https://github.com/MISP/MISP/tree/v2.4.102)) ha
|
|||
|
||||
Sharing and exchanging information encompasses a lot of different models, communities or practices, with the MISP project being involved in various discussions and projects centered around building sharing and information exchange communities. A complex topic comes up regularly, namely the anonymisation of the information exchanged. Sharing anonymised information often aims to simply share the existence of knowledge about information. We introduced a new attribute type in MISP called "anonymised", which can be combined with a newly introduced object called [anonymisation](https://www.misp-project.org/objects.html#_anonymisation).
|
||||
|
||||
{:class="img-responsive"}
|
||||
{:class="img-responsive"}
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
|
||||
|
||||
The design is flexible and can be extended with new anonymisation techniques and/or approaches. We are standing on the shoulders of giants, for example open source tools such as [Crypto-PAn](https://www.cc.gatech.edu/computing/Networking/projects/cryptopan/), [ipsumpdump](https://github.com/kohler/ipsumdump) or [arx](https://arx.deidentifier.org/).
|
||||
|
||||
|
|
@ -26,7 +26,7 @@ The open source NIDS [Bro project was renamed Zeek](https://blog.zeek.org/2018/1
|
|||
|
||||
## Sighting
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
- MISP UI has been improved to allow sighting at the attribute level or at the global level.
|
||||
- Various improvements to the sighting hover such as a generic hovering support.
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ A new version of MISP ([2.4.103](https://github.com/MISP/MISP/tree/v2.4.103)) ha
|
|||
|
||||
A new attribute filtering tool has been added to the event view to replace the previous filtering. Complex filtering rules can be set to easily filter, navigate and paginate over large events with many attributes and objects.
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
{:class="img-responsive"}
|
||||
|
||||
|
||||
## Improved hover behavior for expansion services.
|
||||
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue