MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-03-26-MISP.2.4.104.released.md

iglocska-patch-1
Andras Iklody 2019-03-27 15:32:14 +01:00 committed by GitHub
parent bd6c65db55
commit 35bba63e2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
_posts/2019-03-26-MISP.2.4.104.released.md
View File

@ -4,44 +4,42 @@ layout: post
featured: /assets/images/misp/blog/distribution-graph.png
---
A new version of MISP ([2.4.104](https://github.com/MISP/MISP/tree/v2.4.104)) has been released with a series of new features such as new overlap feed comparator, a new graph visualisation o
f event and attribute distribution, bookmarked history in REST client and many others.
A new version of MISP ([2.4.104](https://github.com/MISP/MISP/tree/v2.4.104)) has been released with a host of new features such as new overlap feed comparator, a new graph visualisation of event and attribute distributions, a history/bookmark system for the REST client and many others.
# New features
## New overlap feed comparator
Feed can now be compared to other feeds (cached feeds and cached MISP servers). This helps if you can cover the contents with a combination of other cached feeds. This feature can be useful to carefully evaluate new feeds against other ones.
Cached feeds can now be compared to the entire set or a subset of the other cached feeds, assisting users in their decision making process for acquiring new feeds based on being able to cover the contents of the new feed with their combination nof existing ingested feeds.
![Comparing a MISP feed to other feeds and check its coverage](/assets/images/misp/blog/feed-coverage.png)
## Distribution graph
A new distribution visualisation graph has been introduced to quickly view where information will be distributed. This allows users to get an overview how far events and attributes will be distributed and shows the member of the community who will get the information shared.
A new distribution visualisation graph has been introduced to quickly display the potential recipients of the data. This allows users to get an overview of how far events and attributes will be distributed and shows the members of the community who will receive the information shared.
![MISP distribution graph example](/assets/images/misp/blog/distribution-graph.png)
## Bookmark and history in REST client
The MISP UI REST Client now keeps an history of all the queries performed. The queries can be recalled and bookmarked for later use. No more need to keep track of your queries in your notes,
The MISP UI REST Client now keeps a history of the 10 most recently performed queries. Additionally, queries can now be recalled and bookmarked for later use, so there's no longer a need to manually keep track of your queries in your notes,
it's now in your MISP instance.
![MISP REST Client bookmarks](/assets/images/misp/blog/rest-bookmarks.png)
## Required taxonomy
On a MISP instance, you can now require to have at least one tag set from one or more taxonomy before publishing an event. This feature is useful for organisations who have mandatory taxonomies to be set (such as CSIRTs with TLP, military organisation with mandatory classification or an ISAC with required contextualisation).
It is now possible to retrict the publication of new events via the UI as long as certain tagging conditions aren't met. Administrators can configure "required" taxonomies, thereby enforcing their use in the community (such as TLP for CSIRTs, mandatory classification for military organisation or other required contextualisation requirements for ISACs).
## Kafka publishing
CERN provided an outstanding contribution which includes a [Kafka](https://kafka.apache.org/) streaming functionality in MISP in addition to the standard ZMQ already included. This allows
to include a real-time stream of actions (such as new events, update, new sighting, new tags) from MISP into advanced processing security workflow. For more information, the [CERN presentation](https://indico.cern.ch/event/775579/contributions/3306040/attachments/1808103/2951821/2019-02-20__WLCG_SOC_WG_CERN_SOC_Update.pdf) gives a good insight.
CERN provided an outstanding contribution which includes a [Kafka](https://kafka.apache.org/) streaming functionality for MISP in addition to the existing ZMQ pubsub channel. This allows the inclusion of a real-time stream of actions (such as new events, update, new sighting, new tags) from MISP into advanced processing security workflows. For more information, the [CERN presentation](https://indico.cern.ch/event/775579/contributions/3306040/attachments/1808103/2951821/2019-02-20__WLCG_SOC_WG_CERN_SOC_Update.pdf) gives some good insights.
## Improvements
- A new ATT&CK heatmap is now displayed per threat-actor aggregating information from the various events and attributes in MISP where the techniques are linked to a specific threat actor.
- All galaxy matrix type are now included in the statistic page.
- [API] Pagination is now available to the event index.
- A new ATT&CK heatmap is now displayed per galaxy cluster, aggregating information from the various events and attributes in MISP where the techniques are linked to the given cluster (for example a threat actor).
- The matrix-heatmap representation of all matrix type galaxies are now included in the statistic page.
- [API] Pagination is now available for the event index.
- Galaxies can now be deleted from the user-interface.
- A new exercise setup script has been introduced to setup MISP instances for training or exercise:
- assumes a hub MISP and a set of training MISPs for different participating teams
@ -53,14 +51,13 @@ to include a real-time stream of actions (such as new events, update, new sighti
- Upgraded to the latest version of CakePHP.
- Bro/Zeek export fixed including the cached export feature.
- STIX 2 export various fixes.
- The STIX 2 export received various fixes.
- Some improvements to the RPZ export format to include serial.
- Multiple bugs fixed in the ZMQ.
A host of bugs were squashed and various small improvements were implemented.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf), [taxonomies](/taxonomies.pdf) and [warning-lists](https://www.github.com/MISP/misp-warninglists) were extended by many contributors, whic
h are also included by default in MISP. Don't forget to run a `git submodule update` and update galaxies, objects and taxonomies via the UI.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf), [taxonomies](/taxonomies.pdf) and [warning-lists](https://www.github.com/MISP/misp-warninglists) were extended by many contributors, which are also included by default in MISP. Don't forget to run a `git submodule update` and update galaxies, objects and taxonomies via the UI.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.