From 37d635151167e94f02035f2f28b37661d6a889b3 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 27 Jun 2018 17:15:06 +0200 Subject: [PATCH] Update 2018-06-27-MISP.2.4.93.released.md --- _posts/2018-06-27-MISP.2.4.93.released.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/_posts/2018-06-27-MISP.2.4.93.released.md b/_posts/2018-06-27-MISP.2.4.93.released.md index fa7d29c..6c281ed 100755 --- a/_posts/2018-06-27-MISP.2.4.93.released.md +++ b/_posts/2018-06-27-MISP.2.4.93.released.md @@ -1,12 +1,12 @@ --- -title: MISP 2.4.93 released (aka ATT&CK integration improvements) +title: MISP 2.4.93 released (aka ATT&CK integration) layout: post featured: /assets/images/misp-small.png --- -A new version of MISP [2.4.93](https://github.com/MISP/MISP/tree/v2.4.93) has been released including an improved [MITRE ATT&CK](https://attack.mitre.org) integration, new event lock functionality, initial support for multilingual MISP interface, various fixes and a security fix ([CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649)). +A new version of MISP [2.4.93](https://github.com/MISP/MISP/tree/v2.4.93) has been released including a much improved and tightly integrated [MITRE ATT&CK](https://attack.mitre.org) interface, a new event locking functionality, initial support for a multilingual interface, various fixes including a security fix ([CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649)). -MITRE ATT&CK offers a nice and efficient way to describe adversarial tactics and techniques to information in MISP (at event or attribute level) and share it with your partners. We included ATT&CK in the [misp-galaxy](https://www.misp-project.org/galaxy.html) from the early beginning but we quickly saw the limitation of using the techniques in MISP. So we decided to improve the user-interface by having the ATT&CK matrix directly accessible in MISP to add techniques and tactics following the model described in MITRE ATT&CK. The global statistics were also extended in order to see the overview of techniques used. +MITRE ATT&CK offers an excellent, efficient and very complete framework to describe adversarial tactics and techniques, which MISP now directly incorporates as a way to contextualise the information contained within (at the event and attribute levels) and to share the contextualised data with your partners. We have been supporting the use of the ATT&CK framework via the [misp-galaxy](https://www.misp-project.org/galaxy.html) from the early beginning but we quickly realised the limitations of using this technique in MISP. So we decided to improve the user-interface by having the ATT&CK matrix directly accessible in MISP in order to be able to more intuitively attach techniques and tactics to MISP data following a method that is more universally linked to ATT&CK. The global statistics were also extended in order to get a quick overview of techniques used.
-A new functionality has been introduced called event lock which shows if another user is editing the event you're viewing (same organisation only). +A new functionality has been introduced called the event lock which shows users if another user is editing the event they're viewing (same organisation only). STIX 2 export now includes PE binaries and better support for MISP objects. -STIX 1 import has been significantly improved to import AIS/US-CERT STIX file including specific relationship for malware samples. +STIX 1 import has been significantly improved in regards to its capabilities when importing AIS/US-CERT STIX files that include specific relationships for malware samples. -A new functionality has been added to allow the switching of the UI language used for the MISP interface (part of the ongoing [internationalization effort](https://github.com/MISP/misp-book/tree/master/translation)) . +A new functionality has been added to allow the toggling of the UI language of the MISP interface (part of the ongoing [internationalization effort](https://github.com/MISP/misp-book/tree/master/translation)) . -[CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649) has been fixed where brute force protection can be bypassed with a PUT request. +[CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649) has been fixed, which allowed attackers to bypass the brute force protection via PUT requests. -Many bug fixes (including install guides) and minor features including impfuzzy validation. +Many bug fixes (including some to the install guides) and minor features including impfuzzy validation. The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available. -A huge thanks to all the [contributors](/contributors) who helped us to improve the software and also all the participants in MISP trainings which give interesting feedback -for improvements. +A huge thanks to all the [contributors](/contributors) who helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements. MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.