MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: gremar fikses

pull/19/head
iglocska 2020-01-21 11:30:00 +01:00
parent 42761727ec
commit 4533049b92
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
_posts/2020-01-21-MISP.2.4.120.released.md
View File

@ -6,35 +6,35 @@ featured: /assets/images/misp/blog/t-misp-overview.png
# MISP 2.4.120 released
A new version of MISP ([2.4.120](https://github.com/MISP/MISP/tree/v2.4.120)) has been released, including an extension to the data-model which adds first_seen and last_seen values at attribute and object level. The user-interface has been extended with a timeline view/editor per event to see all the occurrences of attributes and objects based on their time. A new quick object edit function has been added to easily add new attributes. Many bugs were fixed and also various improvement were made in the existing features.
A new version of MISP ([2.4.120](https://github.com/MISP/MISP/tree/v2.4.120)) has been released, including an extension to the data-model adding the first_seen and last_seen values at the attribute and object levels. The user-interface has been extended with a timeline view/editor per event, allowing users to see all occurrences of attributes and objects based on time. A new quick object edit tool has been added, enabling users to easily add new attributes to already existing objects. A long list of bugs were fixed and various improvements were made in the existing features.
# Update notes
Don't forget to have the workers running before doing the update, there are some updates on the database which can take time depending of the size of the your MISP instance. The
progress of the update can be verified on the interface of your MISP instance at the following location /servers/updateProgress .
Don't forget to have background workers running before updating, there are some updates to the database which can take time depending on the size of your MISP instance. The
progress of the update can be verified via the interface of your MISP instance using the following endpoint: /servers/updateProgress .
# Timeline feature and improved data-model
<video src="/assets/images/misp/blog/decaying/timeline-video.mp4" title="Overview of the MISP timeline feature" width="800" height="450" controls autoplay loop>
[MISP standard format](https://www.misp-standard.org/) has been extended to support first_seen and last_seen on any attribute or object in a MISP instance. This functionality is fully accessible via the restSearch API and via the user-interface of MISP. first_seen and last_seen can be set at attribute level or object level. A complete timeline viewer and editor has been added to allow users to:
[MISP standard format](https://www.misp-standard.org/) has been extended to support first_seen and last_seen on any attribute or object in a MISP instance. This functionality is fully accessible via the restSearch API and via the user-interface of MISP. first_seen and last_seen can be set at the attribute and/or the object levels. A complete timeline viewer and editor has been added to allow users to:
- Quickly see the overall timeline of attributes and objects;
- Zoom in and out in the timeline (press alt - mouse roller);
- Edit and change the first_seen and last_seen by moving the attributes/objects over the timeline.
- Zoom in and out in the timeline (alt + mouse wheel);
- Edit and change the first_seen and last_seen by moving the attributes/objects directly on the timeline.
![The representation of a spear phishing using the timeline function in MISP](/assets/images/misp/blog/t-misp-overview.png)
![The representation of spear phishing using the timeline function in MISP](/assets/images/misp/blog/t-misp-overview.png)
As an example above, a spear phishing attack and their respective occurrences are displayed on the timeline. This new feature allows to describe complex time-based information while using existing features such as object relationships.
As an example above, a spear phishing attack and their respective occurrences are displayed on the timeline. This new feature allows users to describe complex time-based information whilst using existing features such as object relationships.
# New attribute types
- kusto-query attribute type added - Kusto query is the query language for the Kusto services in Microsoft Azure used to search large dataset. It's used in Windows Defender ATP Hunting-Queries and also Azure Sentinel (Cloud-native SIEM)
- chrome-extension-id attribute type added - This attribute is used by Chrome to uniquely identify extension. This helps to share information about malicious extension within a MISP sharing community.
- kusto-query attribute type added - Kusto query is the query language for the Kusto services in Microsoft Azure used to search large dataset. It's used in Windows Defender ATP Hunting-Queries as well as Azure Sentinel (Cloud-native SIEM)
- chrome-extension-id attribute type added - This attribute is used by Chrome to uniquely identify extensions. This helps the sharing of information about malicious extensions within a MISP sharing community.
# misp-modules version 2.4.120
MISP modules have been improved and many new modules were added in [expansion](http://misp.github.io/misp-modules/expansion/), [export](http://misp.github.io/misp-modules/export_mod/) and [import](http://misp.github.io/misp-modules/import_mod/). Don't forget to update the modules to benefit from the improvements and new features.
MISP modules have been improved and many new modules were added in the following related scopes: [expansion](http://misp.github.io/misp-modules/expansion/), [export](http://misp.github.io/misp-modules/export_mod/) and [import](http://misp.github.io/misp-modules/import_mod/). Don't forget to update the modules to benefit from the improvements and new features.
# Acknowledgement