MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

add: [blog] v2.4.100 released

pull/8/head
Alexandre Dulaunoy 2019-01-01 11:29:12 +01:00
parent b9c00640dc
commit 203c0ad376
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
_posts/2019-01-01-MISP.2.4.100.released.md Executable file
View File

@ -0,0 +1,44 @@
---
title: MISP 2.4.100 released (aka happy new year release)
layout: post
featured: /assets/images/misp-small.png
---
Happy new year! We are so proud of the community who supported us for the past year and we hope to do even better for 2019. Thanks a lot.
A new version of MISP ([2.4.100](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with improvements in the UI, API, import and export and a new query builder.
![](/assets/images/misp/blog/restsearchbuilder.png)
As querying MISP instances to feed and integrate with network security devices, endpoint security devices or monitoring is critical. We try to improve the life of the users with a
new query builder in the REST interface available in the MISP UI (REST client below the Event Actions). The query builder is a simple interface to create your JSON query to get
your information back for ingestion in your devices and tools easily. You can construct complex queries by a series of clicks. The query builder is intelligent to show you the exact
values supported and give you a dynamic contextual information for each of the query. And you can test your queries and grab the generated code in Python or curl to support your integration.
UI usability has been improved with the following fixes (based on various feedbacks during the MISP trainings):
- Quickedit (double-click on value) on the event view has been replaced by a simpler clicking button to ease cut-and-paste from values. This has been also updated in the category, type and IDS field.
- Hover functionality has been improved to void glitchy popover, scrollbar added and multiple bugs were fixed.
- Clarification of the old hide tag to be a non-selectable tag on the instance.
Two new attribute types were introduced in MISP (thanks to the contributors):
- cdhash - Code Signing which is the canonical hash of the programs CodeDirectory resource on Apple OS ref:[Code Signing Guide](https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html). Thanks to [Daniel Roethlisberger](https://github.com/droe) for the contribution.
- ja3-fingerprint-md5 - is a hash for creating SSL client fingerprints in an easy to produce and shareable way. A tool to extract ja3 from pcap and generate ja3 object in MISP called [ja3toMISP](https://github.com/eCrimeLabs/ja3toMISP) has been developed by [eCrimelabs](https://www.ecrimelabs.com/blog/2018/12/30/ja3-to-misp-tool-released).
The types are also part of [MISP standard core format which has been updated](https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-06). If you see a missing types or object template in MISP, don't hesitate to report it back to us.
Multiple bugs were fixed such as events which were not synced during a pull due to an overzealous protection.
MISP submodule for STIX 2.x now relies on our [fork of the STIX 2 library](https://github.com/MISP/cti-python-stix2) to support import STIX 2.x files (which time-based UUIDs) produced by some vendors and tools. If you have any issue while updating the submodule, don't forget to run a `git submodule sync` before running a `git submodule update` on existing MISP instances. STIX 1 and 2 import/export has been significantly improved based on the numerous sample files received. If you have specific issues with STIX files, feel free to send these to us.
We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
We also released the [complete source code of the MISP training materials](https://github.com/MISP/misp-training) and we hope to see many improvements such as translation, new materials or ideas from the training materials.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next activities to improve threat intelligence, analytics and automation.