From 3c4be85d7ff9318a0106d8997b3c8edd0f71b3d8 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Sat, 20 Jul 2019 15:29:45 +0200 Subject: [PATCH] Update 2019-07-19-MISP.2.4.111.released.md --- _posts/2019-07-19-MISP.2.4.111.released.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/_posts/2019-07-19-MISP.2.4.111.released.md b/_posts/2019-07-19-MISP.2.4.111.released.md index 0e9eab0..896ec4b 100644 --- a/_posts/2019-07-19-MISP.2.4.111.released.md +++ b/_posts/2019-07-19-MISP.2.4.111.released.md @@ -6,23 +6,23 @@ featured: /assets/images/misp/blog/comid.jpeg # MISP 2.4.111 released -A new version of MISP ([2.4.111](https://github.com/MISP/MISP/tree/v2.4.111)) has been released with improved proposal sync, minor improvements and bugs fixed. +A new version of MISP ([2.4.111](https://github.com/MISP/MISP/tree/v2.4.111)) has been released with an improved proposal sync, minor improvements and bugs fixed. ## Proposal synchronisation rework -The proposal synchronisation has been redone and significantly improved from the original code which was released some years ago. We strongly invite all users of MISP to upgrade -to the latest version to properly receive the proposals via synchronisation. Proposal index has been reworked and proposal pull is now limited to the last 14 days (to avoid trying to pull ancient proposals at each sync). +The proposal synchronisation has undergone a long over-due rewrite and as a result it has been significantly improved ompared to the original implementation, which was released several years ago. We strongly invite all users of MISP to upgrade +to the latest version to restore the fetchong of proposals via the synchronisation. The proposal index has been reworked and proposal pull is now limited to the last 14 days (to avoid trying to pull ancient proposals at each sync). ## New attribute type community-id added -In the MISP project, we are big supporters of new open standards which can help community to reference forensic evidences and especially network forensic evidences. It was always difficult to track down common network flows as many tools and products relies on different methods to build network flow id. Then [Christian Kreibich](https://github.com/ckreibich) from Corelight decided to work on it and created the [Community ID Flow Hashing](https://github.com/corelight/community-id-spec). As the community-id is open with open source implementations which can be reused, various open source projects already support it such as Zeek (Bro), Suricata, Moloch, HELK, Elastic and MISP 2.4.111. +At the MISP project, we are big supporters of new open standards, which can help communities in an effort to reference forensic evidences, especially network forensic evidences. It has always been difficult to track down common network flows as many tools and products rely on different methods to build network flow ids. [Christian Kreibich](https://github.com/ckreibich) from Corelight decided to take a bash at resolving this issue and has been working on creating the [Community ID Flow Hashing](https://github.com/corelight/community-id-spec) format. As the community-id is open to open source implementations which can be reused, various open source projects already support it such as Zeek (Bro), Suricata, Moloch, HELK, Elastic and now also MISP, as of version 2.4.111. -In 2.4.111, the attribute type has been added and the following object templates already include the attribute field such as: +In 2.4.111, a new attribute type has thus been added, along with the following object templates already including the new attribute field: - [Netflow](https://www.misp-project.org/objects.html#_netflow) - [Network connection](https://www.misp-project.org/objects.html#_network_connection) -This feature allows to easily correlate network forensic flow from different tools or network equipments. +This feature allows to easily correlate network forensic flows from different tools or network equipment. ## Improvements and bugs fixed