MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2018-06-27-MISP.2.4.93.released.md

pull/6/head
Andras Iklody 2018-06-27 17:15:06 +02:00 committed by GitHub
parent b8277d1af5
commit 37d6351511
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_posts/2018-06-27-MISP.2.4.93.released.md
View File

@ -1,12 +1,12 @@
---
title: MISP 2.4.93 released (aka ATT&CK integration improvements)
title: MISP 2.4.93 released (aka ATT&CK integration)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.93](https://github.com/MISP/MISP/tree/v2.4.93) has been released including an improved [MITRE ATT&CK](https://attack.mitre.org) integration, new event lock functionality, initial support for multilingual MISP interface, various fixes and a security fix ([CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649)).
A new version of MISP [2.4.93](https://github.com/MISP/MISP/tree/v2.4.93) has been released including a much improved and tightly integrated [MITRE ATT&CK](https://attack.mitre.org) interface, a new event locking functionality, initial support for a multilingual interface, various fixes including a security fix ([CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649)).
MITRE ATT&CK offers a nice and efficient way to describe adversarial tactics and techniques to information in MISP (at event or attribute level) and share it with your partners. We included ATT&CK in the [misp-galaxy](https://www.misp-project.org/galaxy.html) from the early beginning but we quickly saw the limitation of using the techniques in MISP. So we decided to improve the user-interface by having the ATT&CK matrix directly accessible in MISP to add techniques and tactics following the model described in MITRE ATT&CK. The global statistics were also extended in order to see the overview of techniques used.
MITRE ATT&CK offers an excellent, efficient and very complete framework to describe adversarial tactics and techniques, which MISP now directly incorporates as a way to contextualise the information contained within (at the event and attribute levels) and to share the contextualised data with your partners. We have been supporting the use of the ATT&CK framework via the [misp-galaxy](https://www.misp-project.org/galaxy.html) from the early beginning but we quickly realised the limitations of using this technique in MISP. So we decided to improve the user-interface by having the ATT&CK matrix directly accessible in MISP in order to be able to more intuitively attach techniques and tactics to MISP data following a method that is more universally linked to ATT&CK. The global statistics were also extended in order to get a quick overview of techniques used.
<div class="myvideo">
<video style="display:block; width:100%; height:auto;" autoplay controls loop="loop">
@ -14,22 +14,21 @@ MITRE ATT&CK offers a nice and efficient way to describe adversarial tactics and
</video>
</div>
A new functionality has been introduced called event lock which shows if another user is editing the event you're viewing (same organisation only).
A new functionality has been introduced called the event lock which shows users if another user is editing the event they're viewing (same organisation only).
STIX 2 export now includes PE binaries and better support for MISP objects.
STIX 1 import has been significantly improved to import AIS/US-CERT STIX file including specific relationship for malware samples.
STIX 1 import has been significantly improved in regards to its capabilities when importing AIS/US-CERT STIX files that include specific relationships for malware samples.
A new functionality has been added to allow the switching of the UI language used for the MISP interface (part of the ongoing [internationalization effort](https://github.com/MISP/misp-book/tree/master/translation)) .
A new functionality has been added to allow the toggling of the UI language of the MISP interface (part of the ongoing [internationalization effort](https://github.com/MISP/misp-book/tree/master/translation)) .
[CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649) has been fixed where brute force protection can be bypassed with a PUT request.
[CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649) has been fixed, which allowed attackers to bypass the brute force protection via PUT requests.
Many bug fixes (including install guides) and minor features including impfuzzy validation.
Many bug fixes (including some to the install guides) and minor features including impfuzzy validation.
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
A huge thanks to all the [contributors](/contributors) who helped us to improve the software and also all the participants in MISP trainings which give interesting feedback
for improvements.
A huge thanks to all the [contributors](/contributors) who helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.