MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-07-19-MISP.2.4.111.released.md

pull/12/head
Andras Iklody 2019-07-20 15:29:45 +02:00 committed by GitHub
parent bcf1c2e28f
commit 3c4be85d7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
_posts/2019-07-19-MISP.2.4.111.released.md
View File

@ -6,23 +6,23 @@ featured: /assets/images/misp/blog/comid.jpeg
# MISP 2.4.111 released
A new version of MISP ([2.4.111](https://github.com/MISP/MISP/tree/v2.4.111)) has been released with improved proposal sync, minor improvements and bugs fixed.
A new version of MISP ([2.4.111](https://github.com/MISP/MISP/tree/v2.4.111)) has been released with an improved proposal sync, minor improvements and bugs fixed.
## Proposal synchronisation rework
The proposal synchronisation has been redone and significantly improved from the original code which was released some years ago. We strongly invite all users of MISP to upgrade
to the latest version to properly receive the proposals via synchronisation. Proposal index has been reworked and proposal pull is now limited to the last 14 days (to avoid trying to pull ancient proposals at each sync).
The proposal synchronisation has undergone a long over-due rewrite and as a result it has been significantly improved ompared to the original implementation, which was released several years ago. We strongly invite all users of MISP to upgrade
to the latest version to restore the fetchong of proposals via the synchronisation. The proposal index has been reworked and proposal pull is now limited to the last 14 days (to avoid trying to pull ancient proposals at each sync).
## New attribute type community-id added
In the MISP project, we are big supporters of new open standards which can help community to reference forensic evidences and especially network forensic evidences. It was always difficult to track down common network flows as many tools and products relies on different methods to build network flow id. Then [Christian Kreibich](https://github.com/ckreibich) from Corelight decided to work on it and created the [Community ID Flow Hashing](https://github.com/corelight/community-id-spec). As the community-id is open with open source implementations which can be reused, various open source projects already support it such as Zeek (Bro), Suricata, Moloch, HELK, Elastic and MISP 2.4.111.
At the MISP project, we are big supporters of new open standards, which can help communities in an effort to reference forensic evidences, especially network forensic evidences. It has always been difficult to track down common network flows as many tools and products rely on different methods to build network flow ids. [Christian Kreibich](https://github.com/ckreibich) from Corelight decided to take a bash at resolving this issue and has been working on creating the [Community ID Flow Hashing](https://github.com/corelight/community-id-spec) format. As the community-id is open to open source implementations which can be reused, various open source projects already support it such as Zeek (Bro), Suricata, Moloch, HELK, Elastic and now also MISP, as of version 2.4.111.
In 2.4.111, the attribute type has been added and the following object templates already include the attribute field such as:
In 2.4.111, a new attribute type has thus been added, along with the following object templates already including the new attribute field:
- [Netflow](https://www.misp-project.org/objects.html#_netflow)
- [Network connection](https://www.misp-project.org/objects.html#_network_connection)
This feature allows to easily correlate network forensic flow from different tools or network equipments.
This feature allows to easily correlate network forensic flows from different tools or network equipment.
## Improvements and bugs fixed