Update 2019-05-13-MISP.2.4.107.released.md

iglocska-patch-1
Andras Iklody 2019-05-13 22:46:52 +02:00 committed by GitHub
parent e8062adb8a
commit 51a4b1b016
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions

View File

@ -4,33 +4,33 @@ layout: post
featured: /assets/images/misp/blog/similar-objects.png featured: /assets/images/misp/blog/similar-objects.png
--- ---
A new version of MISP ([2.4.107](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and security fixes. We strongly all users to update their MISP installation to this latest version. A new version of MISP ([2.4.107](https://github.com/MISP/MISP/tree/v2.4.107)) has been released with a host of new features, improvements and security fixes. We strongly advise all users to update their MISP installation to this latest version.
# New main features # New main features
## Similar objects and easy merging tool ## Similar objects and an easy to use tool to merge them
MISP objects are now a cornerstone to describe complex data-structure and threat intelligence. We have seen a regular process of analysts to add new objects and having similar objects in their analysis. In MISP 2.4.107 shows similar objects (with common attributes) and proposes merging strategies into existing objects. The user-interface is easy to use and part of the standard project. MISP objects are now a cornerstone of describing complex data-structure along with other aspects of threat intelligence. We have seen a regular process of analysts to add new objects and having similar objects in their analysis. In MISP 2.4.107 shows similar objects (with common attributes) and proposes merging strategies into existing objects. The user-interface is easy to use and part of the standard project.
## Native yara and yara-json export ## Native yara and yara-json export
For a very long time, MISP supports the sharing of [YARA](https://virustotal.github.io/yara/) attributes and objects. We introduced in version 2.4.107 the ability to export YARA rules from any attributes in MISP. The yara and yara-json export allows to generate YARA rules from any attributes or events. Existing YARA rules will remain and will be generated next to the native YARA rules stored in MISP. The export depends on the [Python plyara module](https://github.com/plyara/plyara). For a very long time, MISP supported the sharing of pre-crafted [YARA](https://virustotal.github.io/yara/) attributes and objects. As of 2.4.107, we've introduced the ability to export YARA rules generated from any existing attributes in MISP, via the yara and yara-json exports. Existing YARA rules will remain intact similar to the state before the current release and will be included together with the native YARA rules stored in MISP. The export depends on the [Python plyara module](https://github.com/plyara/plyara).
## API ## API
- New includeWarninglistHits option to the attribute and event search API which includes the result of the warning hits. - New includeWarninglistHits option interested for the attribute and event search APIs, enabling users to query any subset of they're misp repositories using the usual search filters to reveal potential false positives or other warnings.
- Added new export system (attack return format) for restSearch for [ATT&CK](https://attack.mitre.org/). The new export format returns the ATT&CK matrix data as HTML via the API and directly viewable via the REST client. The export was designed during the [EU ATT&CK community](https://www.attack-community.org/) workshop organised at eurocontrol. - Added new export format (attack) for restSearch, opening up the usual search filters to the [ATT&CK](https://attack.mitre.org/) integration. The new export format returns the ATT&CK matrix data as HTML via the API and is therefore directly viewable via the REST client. The export was designed during the [EU ATT&CK community](https://www.attack-community.org/) workshop organised at eurocontrol.
# Various # Various other changes
- New update process included in MISP (to prepare the "zoidberg" version and improve the migration process). - New update process included in MISP (to prepare the merge of the "zoidberg" branch and improve the migration process).
- Installer updated and improved (MISP now works on OpenBSD 6.5 and Debian 9.9). - Installer updated and improved (MISP now works on OpenBSD 6.5 and Debian 9.9).
- Modules selection improved (sorted and nicer looks). - Module selection improved (sorted and improved the look and feel).
- STIX export fixed for email attachments. - STIX export fixed for email attachments.
- RPZ export improved including new RPZ policy actions (based on [IETF draft](https://tools.ietf.org/html/draft-vixie-dnsop-dns-rpz-00)). - RPZ export improved, including new RPZ policy actions (based on [IETF draft](https://tools.ietf.org/html/draft-vixie-dnsop-dns-rpz-00)).
- New quick button to extend a MISP event. - New button to quickly extend a MISP event added in the event view.
- Many bugs fixed. - Many bugs squashed.
# Security fixes # Security fixes