MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-06-05-MISP.2.4.108.released.md

pull/10/head
Andras Iklody 2019-06-05 16:59:01 +02:00 committed by GitHub
parent 921e65b84c
commit 3efabed887
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
_posts/2019-06-05-MISP.2.4.108.released.md
View File

@ -4,22 +4,22 @@ layout: post
featured: /assets/images/misp/blog/anothergraph.png
---
A new version of MISP ([2.4.108](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and bugs fixed. We strongly advise all users to update their MISP installation to this latest version.
A new version of MISP ([2.4.108](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and bugs fixed. We strongly advise all users to update their MISP installations to this latest version.
# New main features
## A copy-paste-and-sync function
A new tool has been added in MISP to create MISP sync configuration in JSON format from the user-interface. This significantly improved the setup of synchronisation between MISP instances. Synchronisation can now be setup (in addition to the standard setup) in 2 simple steps:
A new tool has been added in MISP to create MISP sync configuration objects in JSON format from the user-interface. This significantly improved the setup of synchronisation links between MISP instances. The synchronisation can now be set up (in addition to the standard setup) in 2 simple steps:
- A sync user can log into a remote MISP instance, extract the sync config in one click;
- paste the sync config into its own instance as a site admin user.
- Use your sync user account on the remote MISP instance to extract the sync config in one click;
- paste the sync config into your own instance as a site-admin user.
That's it, you have a running synchronisation configuration.
That's it, you have the synchronisation configured.
## Improved "paranoid" logging
During the [enforce](https://securitymadein.lu/news/ceis-securitymadein-lu-enforce-project/) training session in Paris, law enforcement officers mention the need for LEA to have extensive audit mechanisms about information read and access. A new optional paranoid logging functionality has been added to log any queries from the user-interface or API in a MISP instance. The feature has two features such as include POST/PUT body in the logs and skipping the database store to publish the audit logs directly in the pub-sub channel (such as ZMQ, Kafka or ElasticSearch ZMQ, Kafka or ElasticSearch).
During the [enforce](https://securitymadein.lu/news/ceis-securitymadein-lu-enforce-project/) training session in Paris, law enforcement officers mentioned the need for LEA to have extensive audit mechanisms in regards to information read and user access in general. A new optional paranoid logging functionality has been added to log any queries from the user-interface and the API of a MISP instance. The feature has two sub-features, allowing administrators to configure their MISPs to log the POST/PUT bodies as well as the ability to force paranoid log entries to skip being stored in the database, instead publish the gathered information exclusively via one of the various pub-sub channels (such as ZMQ, Kafka or ElasticSearch ZMQ, Kafka or ElasticSearch) or via syslog.
## API