From 203c0ad376908531a63d9e03aab2111acb65adb0 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Tue, 1 Jan 2019 11:29:12 +0100 Subject: [PATCH] add: [blog] v2.4.100 released --- _posts/2019-01-01-MISP.2.4.100.released.md | 44 ++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 _posts/2019-01-01-MISP.2.4.100.released.md diff --git a/_posts/2019-01-01-MISP.2.4.100.released.md b/_posts/2019-01-01-MISP.2.4.100.released.md new file mode 100755 index 0000000..c919106 --- /dev/null +++ b/_posts/2019-01-01-MISP.2.4.100.released.md @@ -0,0 +1,44 @@ +--- +title: MISP 2.4.100 released (aka happy new year release) +layout: post +featured: /assets/images/misp-small.png +--- + +Happy new year! We are so proud of the community who supported us for the past year and we hope to do even better for 2019. Thanks a lot. + +A new version of MISP ([2.4.100](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with improvements in the UI, API, import and export and a new query builder. + +![](/assets/images/misp/blog/restsearchbuilder.png) + +As querying MISP instances to feed and integrate with network security devices, endpoint security devices or monitoring is critical. We try to improve the life of the users with a +new query builder in the REST interface available in the MISP UI (REST client below the Event Actions). The query builder is a simple interface to create your JSON query to get +your information back for ingestion in your devices and tools easily. You can construct complex queries by a series of clicks. The query builder is intelligent to show you the exact +values supported and give you a dynamic contextual information for each of the query. And you can test your queries and grab the generated code in Python or curl to support your integration. + +UI usability has been improved with the following fixes (based on various feedbacks during the MISP trainings): + +- Quickedit (double-click on value) on the event view has been replaced by a simpler clicking button to ease cut-and-paste from values. This has been also updated in the category, type and IDS field. +- Hover functionality has been improved to void glitchy popover, scrollbar added and multiple bugs were fixed. +- Clarification of the old hide tag to be a non-selectable tag on the instance. + +Two new attribute types were introduced in MISP (thanks to the contributors): + +- cdhash - Code Signing which is the canonical hash of the program’s CodeDirectory resource on Apple OS ref:[Code Signing Guide](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html). Thanks to [Daniel Roethlisberger](https://github.com/droe) for the contribution. +- ja3-fingerprint-md5 - is a hash for creating SSL client fingerprints in an easy to produce and shareable way. A tool to extract ja3 from pcap and generate ja3 object in MISP called [ja3toMISP](https://github.com/eCrimeLabs/ja3toMISP) has been developed by [eCrimelabs](https://www.ecrimelabs.com/blog/2018/12/30/ja3-to-misp-tool-released). + +The types are also part of [MISP standard core format which has been updated](https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-06). If you see a missing types or object template in MISP, don't hesitate to report it back to us. + +Multiple bugs were fixed such as events which were not synced during a pull due to an overzealous protection. + +MISP submodule for STIX 2.x now relies on our [fork of the STIX 2 library](https://github.com/MISP/cti-python-stix2) to support import STIX 2.x files (which time-based UUIDs) produced by some vendors and tools. If you have any issue while updating the submodule, don't forget to run a `git submodule sync` before running a `git submodule update` on existing MISP instances. STIX 1 and 2 import/export has been significantly improved based on the numerous sample files received. If you have specific issues with STIX files, feel free to send these to us. + +We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large. + +MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI. + +A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements. + +We also released the [complete source code of the MISP training materials](https://github.com/MISP/misp-training) and we hope to see many improvements such as translation, new materials or ideas from the training materials. + +Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next activities to improve threat intelligence, analytics and automation. +