MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-09-17-MISP.2.4.116.released.md

pull/15/head
Andras Iklody 2019-09-17 12:53:02 +02:00 committed by GitHub
parent d4bbc01c69
commit 66892c9427
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
_posts/2019-09-17-MISP.2.4.116.released.md
View File

@ -6,21 +6,21 @@ featured: /assets/images/misp/blog/decay.png
# MISP 2.4.116 released
A new version of MISP ([2.4.116](https://github.com/MISP/MISP/tree/v2.4.116)) with a major new feature for decaying indicators, new ATT&CK sightings export and a new sync priority capability.
A new version of MISP ([2.4.116](https://github.com/MISP/MISP/tree/v2.4.116)) has been release, including a long awaited major new feature that deals with decaying indicators in addition to a new ATT&CK sightings export and a new sync priority capability.
## Major new feature - decaying indicators
After some years of gathering requirements, doing [some research](https://arxiv.org/abs/1803.11052) and implementation, MISP 2.4.116 finally includes [a new extensive feature for Decaying of Indicators with MISP](https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html) using an improved model to expire indicators based on custom and shareable models.
After several years of gathering requirements, doing [research](https://arxiv.org/abs/1803.11052) and various implementation attempts, MISP 2.4.116 finally includes [a new extensive feature for Decaying Indicators](https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html) using an advanced model to expire indicators based on custom and shareable models.
The feature allows MISP users to have a simple yet customisable system to automatically (or in some cases manually) mark an Indicator Of Compromise (or more generically, an Attribute) as expired. The expiration feature allows to overlay in real-time computer score on all attributes that have been mapped to a decaying model. The feature has been designed to not change the attributes per se but to extend the meta information available about the attribute. The feature is accessible via the user-interface but also via the API to allow the filtering of attributes based on a decaying model.
The feature allows MISP users to have a simple yet customisable system to automatically (or in some cases semi-manually) mark an Indicator Of Compromise (or more generally, an Attribute) as expired. The expiration system allows for the overlaying of computed scores on all attributes in real-time, based on the configured mappings via a decay model. The feature has been designed not to change the attributes per se, but rather to extend the meta information available about the attributes. As with everything in MISP, this new feature is accessible via both the user-interface and also via the API, in order to allow for the filtering of attributes based on a decay model.
<img src="/assets/images/misp/blog/decaying/dm-event.png" alt="Decaying Model index" width="700"/>
<img src="/assets/images/misp/blog/decaying/dm-event.png" alt="Decay Model index" width="700"/>
The feature is exhaustive and we highly recommend to read the [blog post and watch the video of the complete new feature](https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html) or [the slides from the MISP training](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf). As usual with MISP project, MISP comes with a set of default decaying model which can be expanded locally or contributed back to the community at large.
The feature is exhaustive and we highly recommend to read the [blog post and watch the video showing all aspects of the new feature](https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html) or [the slides from the MISP training](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf). As usual, MISP comes with a set of default decay models which can be extended locally or contributed back to the community at large.
## ATT&CK sighting
More and more users and communities are using the ATT&CK framework to contextualise information shared within MISP. The fine team of [ATT&CK recently created a format to share the sightings](https://attack.mitre.org/resources/sightings/) associated with the techniques. MISP 2.4.116 now has a new output format available which allows to export the sighting format and share it back to the community or with MITRE to give insights about the techniques frequently used.
More and more users and communities are using the ATT&CK framework to contextualise information shared within MISP. The fine team of [ATT&CK recently created a format to share the sightings](https://attack.mitre.org/resources/sightings/) associated with the techniques. MISP 2.4.116 now has a new output format available which allows users to export the sightings in the Mitre ATT&CK sightings format and share it back to the community or with MITRE directly. This allows the sharing of insights about the various techniques and their frequency of usage.
## New sync priority