MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-03-04-MISP.2.4.103.released.md

iglocska-patch-1
Andras Iklody 2019-03-07 12:49:25 +01:00 committed by GitHub
parent 2f585d125f
commit 60fcc8148e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
_posts/2019-03-04-MISP.2.4.103.released.md
View File

@ -4,14 +4,13 @@ layout: post
featured: /assets/images/misp/blog/filtering.png
---
A new version of MISP ([2.4.103](https://github.com/MISP/MISP/tree/v2.4.103)) has been released with significant UI improvements (a new flexible attribute filtering tool at event level), many bug fixes and a fix to a security vulnerability (CVE-2019-9482) which was affecting sighting visibility.
A new version of MISP ([2.4.103](https://github.com/MISP/MISP/tree/v2.4.103)) has been released with significant UI improvements (including a new flexible attribute filtering tool at the event level), many bug fixes and a fix to a security vulnerability (CVE-2019-9482) which was affecting sighting visibility.
# New features
## Improved attribute filtering tool
A new attribute filtering tool has been added to the event view to replace the previous filtering. Complex filtering rules can
be set to easily filter, navigate and paginate over large events with many attributes and objects.
A new attribute filtering tool has been added to the event view to replace the previous filtering. Complex filtering rules can be set to easily filter, navigate and paginate over large events with many attributes and objects.
![MISP screenshot - new attribute filtering tool at event level](/assets/images/misp/blog/filtering.png){:class="img-responsive"}
@ -21,7 +20,7 @@ be set to easily filter, navigate and paginate over large events with many attri
Thanks to [Wesley Agena](https://github.com/wesleya) from DomainTools for the improvement in the hover placement while using [misp-modules](https://github.com/MISP/misp-modules) expansion services in MISP. The hover improvements include:
- add some logic to choose better hover placement
- add some logic to choose a better hover placement
- make hover hide on outside click, to allow using the scrollbar to view
full hover
- add an icon in the hover tooltip to turn it into a popup
@ -31,18 +30,18 @@ Thanks to [Wesley Agena](https://github.com/wesleya) from DomainTools for the im
# UI rework
A major project is ongoing to improve the UI accessibility in MISP, UI elements are progressively updated to an adequate templating system to ease future extension of the UI. This versions already includes a reworked UI for tab UI, index UI, server settings, server preview and many more. The transition is a progressive step and UI will be gradually updated to ensure a smooth transition. If you notice any specific UI issues during the transition, don't hesitate to open an [issue](https://github.com/MISP/MISP/issues) (with a screenshot if possible) to describe the expected behavior.
A major project is ongoing to improve the UI accessibility in MISP, UI elements are progressively updated to an adequate templating system to ease the future extension of the UI. This versions already includes a reworked UI for tab UI, index UI, server settings, server preview and much more. The rework is handled in a progressive fashion with the UI being gradually updated to ensure a smooth transition. If you notice any UI specific issues during the transition period, don't hesitate to open an [issue](https://github.com/MISP/MISP/issues) (with a screenshot if possible) to describe the expected behavior.
## Generic matrix-like galaxies are now supported
With the increase use of MITRE ATT&CK and the need of describing similar matrix-like models, generic matrix-like galaxies are now supported.
With the increased use of MITRE ATT&CK and the need of describing similar matrix-like models, generic matrix-like galaxies are now supported.
You can create your own matrix with the associated custom kill chains. A first [new matrix-like galaxy](https://www.misp-project.org/galaxy.html#_election_guidelines) has been added to MISP called *Universal Development and Security Guidelines as Applicable to Election Technology* made by the [European Commission](https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf) to model the attack model against election processes and technologies.
If you want to create your own matrix-like, [a slide deck called MISP Galaxy](https://www.misp-project.org/misp-training/3.2-misp-galaxy.pdf) part of the [MISP training materials](https://github.com/MISP/misp-training#misp-training-materials) explains the basics.
# Security fix (CVE-2019-9482)
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only). This vulnerability got the [CVE-2019-9482](https://cve.circl.lu/cve/CVE-2019-9482). Thanks to Tyler McLellan of CanCyber.org for the reporting. We are eager to receive security reports and/or analysis about MISP project, [don't hesitate to contact us](https://github.com/MISP/MISP/blob/2.4/CONTRIBUTING.md#reporting-security-vulnerabilities).
In MISP 2.4.102, an authenticated user could view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting in addition to certain conditions aligning - the issue affects instances with restrictive sighting settings (event only / sighting reported only). This vulnerability got has received the designation [CVE-2019-9482](https://cve.circl.lu/cve/CVE-2019-9482). Thanks to Tyler McLellan of CanCyber.org for reporting the vulnerability. We are eager to receive security reports and/or analyses about the MISP project, [don't hesitate to contact us](https://github.com/MISP/MISP/blob/2.4/CONTRIBUTING.md#reporting-security-vulnerabilities).
## Enhancements
@ -60,11 +59,11 @@ In MISP 2.4.102, an authenticated user can view sightings that they should not b
- Event view now includes a sparkline to track changes on the event over time.
- Many docs and installer guides have been improved.
Many bugs were fixed and various small improvements were performed.
A host of bugs were squashed and various small improvements were implemented.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors, which are also included by default in MISP. Don't forget to run a `git submodule update` and update galaxies, objects and taxonomies via the UI.
[MISP modules](https://github.com/MISP/misp-modules) were also significantly improved especially on the PDF export which include a complete export of MISP event as clean and concise PDF report.
[MISP modules](https://github.com/MISP/misp-modules) were also significantly improved especially on the PDF export which includes a complete export of MISP events as a clean and concise PDF report.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.