Update 2017-12-22-MISP.2.4.85.released.md

pull/3/head
Andras Iklody 2017-12-22 21:17:11 +01:00 committed by GitHub
parent d8b695301c
commit 3af83c5241
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 15 deletions

View File

@ -4,30 +4,30 @@ layout: post
featured: /assets/images/misp-small.png featured: /assets/images/misp-small.png
--- ---
A new version of MISP [2.4.85](https://github.com/MISP/MISP/tree/v2.4.85) has been released including improvements in feed ingestion performance, warning-lists handling and many bug fixes. A new version of MISP [2.4.85](https://github.com/MISP/MISP/tree/v2.4.85) has been released including improvements to the feed ingestion performance, warning-list handling and many bug fixes.
Warning-lists can now be used for filtering out import when using the API via /attributes/add either pass the url param `/enforceWarninglist:1` or set the `"enforceWarninglist":1` key on individual attributes to be checked. Warning-lists can now be used for filtering out import when using the API via /attributes/add either pass the url param `/enforceWarninglist:1` or set the `"enforceWarninglist":1` key on individual attributes to be checked.
Warning-lists performance is improved especially on the ingestion, the deletion of the warning-lists can be done from the UI and very large warning-lists are now properly to avoid MySQL packet issue. Warning-lists performance is improved especially on the ingestion, the deletion of the warning-lists can be done from the UI and very large warning-lists are now properly updated even on MySQL instances configured with conservative maximum packet sizes.
Feed quick sync is now part of MISP allowing to import attributes using the precalculated cache without parsing the complete feed. We strongly recommend Feed quick sync is now part of MISP allowing the calling of attributes using the precalculated hashes without having to parse the complete feed. We strongly recommend
feed provider to use the [latest feed generator](https://github.com/MISP/PyMISP/commit/195cd6d7fc305ac6628ed8f2ff762b3f69a9b6ca) in PyMISP to benefit from the feed quick sync. feed providers to use the [latest feed generator](https://github.com/MISP/PyMISP/commit/195cd6d7fc305ac6628ed8f2ff762b3f69a9b6ca) in PyMISP to benefit from the quick sync.
Tags can now be restricted to a single user (in addition to the existing restriction per user). This can help to Tags can now be restricted to a single user (in addition to the existing restrictions per organisation). This can help to
support analyst workflow process where a certain type of users can tag or classify in an organisation. support analyst workflows where a certain type of user can tag or classify in an organisation.
Auth keys of user can now be reset from the command line by using `/var/www/MISP/app/Console/cake Authkey [email@of.user]`. Auth keys of users can now be reset from the command line by using `/var/www/MISP/app/Console/cake Authkey [email@of.user]`.
Improvement and cleanup in the event index: Improvement and cleanup in the event index:
- removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases - removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases
- hanged the behaviour when users click on org logoes (redirect to filtered index) - changed the behaviour when users click on org logoes (redirect to filtered index)
Various UI improvement to clear out the interface for the analysts like the collapse of attributes with highly correlating events: Various UI improvements to clean up the interface for the analysts, including changes such as the collapse of attributes with highly correlating events:
![collapse of correlation](/assets/images/misp/blog/collapse.png){:class="img-responsive"} ![collapse of correlation](/assets/images/misp/blog/collapse.png){:class="img-responsive"}
Or sighting view in the object is now properly working. The advanced sighting view on objects is now properly working.
New attribute types were introduced in MISP in order to improve the support of new or improved objects: New attribute types were introduced in MISP in order to improve the support of new or improved objects:
@ -36,18 +36,18 @@ New attribute types were introduced in MISP in order to improve the support of n
- stix2-pattern - to a new [stix2-pattern object](https://www.misp-project.org/objects.html#_stix2_pattern) - stix2-pattern - to a new [stix2-pattern object](https://www.misp-project.org/objects.html#_stix2_pattern)
- whois-registrant-org - to support the updated [whois object](https://www.misp-project.org/objects.html#_whois) - whois-registrant-org - to support the updated [whois object](https://www.misp-project.org/objects.html#_whois)
The STIX 2.0 export significantly improved to support the full range of mapping between MISP standard and STIX 2.0 standard. The STIX 2.0 export had undergone significant improvements to support the full mapping between the MISP and STIX 2.0 standards.
If a mapping is not supported in the STIX 2.0 standard, we also export custom objects to allow organisations to still get If a mapping is not supported in the STIX 2.0 standard, we also export custom objects to allow organisations to still receive
MISP information in the STIX export. The basic logic for STIX 2.0 import has been implemented to make a first version in These often crucial pieces of MISP information in the STIX export. The basic logic for STIX 2.0 import has been implemented for it to make it's debut in
the next release. the next release.
Many bug fixes and improvement were introduced in this version. Many bug fixes and improvement were introduced in this version.
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available. The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
PyMISP has been also updated on a cleverer approach to timestamp handling while updating MISP JSON file. The PyMISP documentation has been updated [PDF](https://media.readthedocs.org/pdf/pymisp/latest/pymisp.pdf). PyMISP has been also updated, boasting a more clever approach to timestamp handling while updating MISP JSON files. The PyMISP documentation has been updated [PDF](https://media.readthedocs.org/pdf/pymisp/latest/pymisp.pdf).
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI. MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on. [For more information and registration](https://www.circl.lu/services/misp-training-materials/). We have also many other trainings and events foreseen in 2018, [for more information](/events/) New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on session. [For more information and registration](https://www.circl.lu/services/misp-training-materials/). We have also many other trainings and events foreseen in 2018, [for more information](/events/)