MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

add: [blog] MISP release 2.4.101 (first version)

pull/8/head
Alexandre Dulaunoy 2019-01-20 20:45:39 +01:00
parent 80dd0163f3
commit 7862095c92
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
_posts/2019-01-20-MISP.2.4.101.released.md Executable file
View File

@ -0,0 +1,46 @@
---
title: MISP 2.4.101 released (aka 3 features for free)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP ([2.4.101](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with 3 new features (tag collection, improved tag/galaxy selector and MISP instance caching), many improvements and bug fixes.
## Tag collections
![](/assets/images/misp/blog/tag-collection-creation.png)
Contextualisation in threat intelligence is a key activity when performing analysis, review or processing information from internal or external sources. The task can be tedious but it's a critical step to ensure quality and the ability to automatically process the information in your MISP instance. MISP 2.4.101 introduces a new concept to improve the time-to-contextualise for users using MISP. Tag collection is a new feature to predefine a set of tags (from taxonomies) and/or galaxy information attached to a collection name. Then analysts can use the collection name as a single step to classify information with all the elements declared in the collection. The functionality is a significant aid to everyone using MISP to lower the time to classify or ensure a complete set of information attached to an event or attribute. This first version is a step before improving the sharing on how analysts are working together by sharing their practices.
## Improved tag/galaxy selector
![](/assets/images/misp/blog/tag-collection.png)
The success of MISP taxonomies and galaxy had a small drawback. The user-interface of MISP (adding tags/galaxy) was originally designed for small set of taxonomies. So adding multiple tags and galaxy became a tedious task when selecting multiple tags and galaxy. To solve this issue, a complete new selector has been added to easily add multiple tags and galaxy. The design was based on various issues and feedback we received from private organisations, CSIRTs and analysts. Let us know what you think about and don't hesitate to [open an issue for bugs or any feedback on the improved selector](https://github.com/MISP/MISP/issues).
## MISP instance caching
Synchronisation between MISP instances is a core functionality for MISP to support information sharing and exchange. This release includes a new feature to perform MISP remote instance caching without the need to synchronise and pull events. The MISP instance caching feature supports the built-in correlation from MISP. The overlap matrix for the feeds also includes the cached remote MISP instances to show the overlapping information between the different sources.
## New attribute type
"[HASSH](https://github.com/salesforce/hassh)" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.
hassh-md5 and hasshserver-md5 types are now part of [MISP standard core format which has been updated](https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-06). If you see a missing types or object template in MISP, don't hesitate to report it back to us.
## Many improvements
- A new unpublish action has been added to simplify the process in the user-interface.
- Disable correlation is now accessible when creating/modifying an attribute.
- New default feed added (from [mirai.security.gives](https://mirai.security.gives)).
- Many improvements in the STIX2 import and export.
- Various bugs fixed.
We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automation.