mirror of https://github.com/MISP/misp-website
Update 2018-02-21-MISP.2.4.88.released.md
parent
8913e1c8f3
commit
527992d99f
|
@ -4,11 +4,11 @@ layout: post
|
||||||
featured: /assets/images/misp-small.png
|
featured: /assets/images/misp-small.png
|
||||||
---
|
---
|
||||||
|
|
||||||
A new version of MISP [2.4.88](https://github.com/MISP/MISP/tree/v2.4.88) has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, new API improvements and many bug fixes
|
A new version of MISP [2.4.88](https://github.com/MISP/MISP/tree/v2.4.88) has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, various API improvements and many bug fixes
|
||||||
|
|
||||||
Fuzzy hashing (e.g ssdeep or tlsh) is a commonly used technique classify malware, binaries or even text. MISP correlation supports the matching of similar attributes. After [an insightful session in Austria](https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html) with Manfred Kaiser working at bmlv.gv.at and based on the previous work of [Brian Wallace](https://github.com/bwall) on ssdeep clustering, MISP 2.4.88 introduces the ability to correlate similar binaries (or just their values) using fuzzy hashing in ssdeep. In addition to standard correlation and advanced correlation (e.g. CDIR block matching) in MISP, the fuzzy hashing correlation allows to find similarities among set of binaries. The installation of the feature is described in the [README.install](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt#L316) and don't forget to set the correlation threshold for ssdeep in MISP serverSetttings (e.g. MISP.ssdeep_correlation_threshold).
|
Fuzzy hashing (e.g ssdeep or tlsh) is a commonly used technique used to classify malware, binaries or even text. The MISP correlation engine has always been supporting a simple yet powerful matchinging algorithm to find similar attributes. After [an insightful session in Austria](https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html) with Manfred Kaiser working at bmlv.gv.at and based on the previous work of [Brian Wallace](https://github.com/bwall) on ssdeep clustering, MISP 2.4.88 introduces the ability to correlate similar binaries (or just their values) using fuzzy hashing via ssdeep. In addition to the standard and advanced correlation algorithms (e.g. CDIR block matching) in MISP, fuzzy hashing correlation allows the matching of similarities among a set of binaries. The installation of the feature is described in the [README.install](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt#L316) and don't forget to set the correlation threshold for ssdeep in MISP serverSetttings (e.g. MISP.ssdeep_correlation_threshold).
|
||||||
|
|
||||||
In MISP 2.4.88, MISP now supports STIX 1.1.1 XML import from the user-interface such as the MISP JSON import to create new events. We hope this would help user to import existing threat intelligence from other sources and benefit from the MISP standard format functionality. If you have any issues with some import, feel free to [send us sample STIX 1.1.1 files](https://www.misp-project.org/who/#contact).
|
As of 2.4.88, MISP supports STIX 1.1.1 XML import from the user-interface similarly to how MISP JSON format data is used to create new events. We hope this will help users to import existing threat intelligence from other sources and benefit from the MISP standard format functionality. If you have any issues with import functionalities feel free to [send us sample STIX 1.1.1 files](https://www.misp-project.org/who/#contact).
|
||||||
|
|
||||||
The workflow for merging organisations has been improved to make it more intuitive for the administrators of the MISP instance.
|
The workflow for merging organisations has been improved to make it more intuitive for the administrators of the MISP instance.
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ The freetext import (the functionality to pass raw text to MISP and automaticall
|
||||||
|
|
||||||
Keyboard shortcuts have been added application-wide in MISP to allow easier navigation for the analysts.
|
Keyboard shortcuts have been added application-wide in MISP to allow easier navigation for the analysts.
|
||||||
|
|
||||||
API to manage sharing groups have been updated and it's now extremely flexible to update sharing groups:
|
API to manage sharing groups has been updated and it's now extremely flexible to update sharing groups:
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
- added functions to manage the additions/removals of objects from sharing groups
|
- added functions to manage the additions/removals of objects from sharing groups
|
||||||
|
|
Loading…
Reference in New Issue