MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] MISP 2.4.120 released

pull/19/head
Alexandre Dulaunoy 2020-01-21 11:21:46 +01:00
parent 2f55eb645d
commit 42761727ec
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
_posts/2020-01-21-MISP.2.4.120.released.md Normal file
View File

@ -0,0 +1,44 @@
---
title: MISP 2.4.120 released (aka the timeline release)
layout: post
featured: /assets/images/misp/blog/t-misp-overview.png
---
# MISP 2.4.120 released
A new version of MISP ([2.4.120](https://github.com/MISP/MISP/tree/v2.4.120)) has been released, including an extension to the data-model which adds first_seen and last_seen values at attribute and object level. The user-interface has been extended with a timeline view/editor per event to see all the occurrences of attributes and objects based on their time. A new quick object edit function has been added to easily add new attributes. Many bugs were fixed and also various improvement were made in the existing features.
# Update notes
Don't forget to have the workers running before doing the update, there are some updates on the database which can take time depending of the size of the your MISP instance. The
progress of the update can be verified on the interface of your MISP instance at the following location /servers/updateProgress .
# Timeline feature and improved data-model
<video src="/assets/images/misp/blog/decaying/timeline-video.mp4" title="Overview of the MISP timeline feature" width="800" height="450" controls autoplay loop>
[MISP standard format](https://www.misp-standard.org/) has been extended to support first_seen and last_seen on any attribute or object in a MISP instance. This functionality is fully accessible via the restSearch API and via the user-interface of MISP. first_seen and last_seen can be set at attribute level or object level. A complete timeline viewer and editor has been added to allow users to:
- Quickly see the overall timeline of attributes and objects;
- Zoom in and out in the timeline (press alt - mouse roller);
- Edit and change the first_seen and last_seen by moving the attributes/objects over the timeline.
![The representation of a spear phishing using the timeline function in MISP](/assets/images/misp/blog/t-misp-overview.png)
As an example above, a spear phishing attack and their respective occurrences are displayed on the timeline. This new feature allows to describe complex time-based information while using existing features such as object relationships.
# New attribute types
- kusto-query attribute type added - Kusto query is the query language for the Kusto services in Microsoft Azure used to search large dataset. It's used in Windows Defender ATP Hunting-Queries and also Azure Sentinel (Cloud-native SIEM)
- chrome-extension-id attribute type added - This attribute is used by Chrome to uniquely identify extension. This helps to share information about malicious extension within a MISP sharing community.
# misp-modules version 2.4.120
MISP modules have been improved and many new modules were added in [expansion](http://misp.github.io/misp-modules/expansion/), [export](http://misp.github.io/misp-modules/export_mod/) and [import](http://misp.github.io/misp-modules/import_mod/). Don't forget to update the modules to benefit from the improvements and new features.
# Acknowledgement
We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.