MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] add 2.4.174 releases + sub projects

pull/83/head
Alexandre Dulaunoy 2023-07-31 16:18:11 +02:00
parent 258071f24a
commit 892099786a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
content/blog/MISP.2.4.174.released.md
View File

@ -1,18 +1,40 @@
---
title: MISP 2.4.174
title: MISP 2.4.174 released with major workflows enhancement, new features and fixes
date: 2023-07-31
layout: post
banner: /img/blog/dash-new.png
---
# MISP Workflows
We are thrilled to announce the immediate availability of [MISP v2.4.174](https://github.com/MISP/MISP/releases/tag/v2.4.174) with significant workflow improvements, accompanied by a host of quality-of-life enhancements and bug fixes.
## General Improvements
- [Authkeys] We have added a new setting that allows the mandate of IP allowlist for advanced authkeys, providing an extra layer of security.
- [event:publishSightingsRouter] We have changed this from prio worker to default, resulting in better performance and reliability.
## Sync Fixes and Improvements
- [proposal] Sync fixes have been implemented, including the option to disable correlation/proposal to delete fields in the proposal index. This change ensures that the fields are included during pulls, preventing any discrepancies.
- [proposal accept] The issue related to deletions has been fixed, ensuring smooth proposal acceptance.
- [sightings] Now, sightings are only pushed via full push to avoid congestion, optimizing the syncing process.
## Bug Fixes
- [stix export] We have resolved issues related to empty inputs during STIX export, ensuring accurate and consistent results.
- [taxii_push] The `taxii_push` script now correctly passes the standard MISP JSON format to misp-stix, avoiding any format-related problems.
- [security] We now reset otp_secret on logout, enhancing security measures.
- [authkeys] The admin read-only key is now allowed to access audit logs (#9191), improving access control.
These updates and fixes mark a significant step forward for MISP, delivering a more efficient, secure, and reliable experience for our users. We encourage everyone to upgrade to the latest version to take advantage of these improvements. For more details and to access the release, please visit [MISP v2.4.174](https://github.com/MISP/MISP/releases/tag/v2.4.174). Thank you for your continued support and feedback, which has been instrumental in making MISP better with each release. For a more detailed overview of the MISP workflows and various MISP submodules/projects improvement check below:
# MISP Workflows improvements overview
We had the pleasure of being invited to participate in [GeekWeek](https://www.cyber.gc.ca/en/geekweek/geekweek-8) with the main objective of streamlining the identification of false positives and simplifying the process of building workflows. We developed new modules for both the enrichment and the workflow systems and introduced self-contained blueprints acting as building block to make the creation of complexe IoC curation pipeline feels like a breeze.
In addition, this release includes numerous little UI/UX treats for the workflow system hoping to provide a more efficient and user-friendly experience.
Overall, the following work was carried out:
- 5 new workflows modules related to tagging enrichment & curation
- 3 new enrichment modules to improve false-positive detection from different services
- 3 new [enrichment modules](https://github.com/MISP/misp-modules/) to improve false-positive detection from different services
- Many thanks to (TinyHouseHippos)[https://github.com/TinyHouseHippos] for adding support of [Google Safe Browsing](https://safebrowsing.google.com/) and [AbuseIPDB](https://www.abuseipdb.com/)!
- 9 new workflow-blueprints using the above module to make the curation of incoming data a simple task
- Many quality of life improvements for the workflow editor interface
@ -34,7 +56,6 @@ It should be noted that every curation blueprints are configurable in the sense
Should you be interested to check the 9 new blueprints out, the complete list can be found here: https://github.com/MISP/misp-workflow-blueprints#curation-blueprints.
## Workflow editor improvements
Now let's have a quick look at the changes that have been integrated to speed up edition, simpifly complex tasks and make things a little more intuitive.
@ -62,20 +83,35 @@ UI feature to enable framing node that achieve a specific actions. Especially us
## MISP Objects and Relationships
- New object to support [hhhash format](https://github.com/adulau/HHHash).
- Improved [scan-results](https://www.misp-project.org/objects.html#_scan_result) object.
- Improved [ja3s](https://www.misp-project.org/objects.html#_ja3s) object.
- [relationships] Added some relationships defined in STIX 2.1 & updated some opposite relationships in consequence.
- New object templates to support [STIX 2.1 incident extension](https://github.com/MISP/misp-objects/pull/396).
- New object template for [AbuseIPDB](https://www.misp-project.org/objects.html#_abuseipdb).
- new object template for [Google Safe Browsing](https://www.misp-project.org/objects.html#_google_safe_browsing).
For more details, the [misp-object changelog](https://www.misp-project.org/Changelog-misp-objects.txt) is available.
## MISP Galaxy
- Updated threat actor database to include Budapest Convention relation.
- Various updates in the [threat actor MISP galaxy](https://www.misp-project.org/galaxy.html#_threat_actor).
- Various automatic updates from Sigma galaxy.
For more details, the [misp-galaxy changelog](https://www.misp-project.org/Changelog-misp-galaxy.txt) is available.
## MISP warning-lists
- Improvement in the [CRL generation list](https://github.com/MISP/misp-warninglists/blob/main/tools/generate-crl-ip-domains.py).
- All the lists have been updated.
For more details, the [misp-warninglists changelog](https://www.misp-project.org/Changelog-misp-warninglists.txt) is available.
## MISP taxonomies
- Minor improvements in the [cryptocurrency threat](https://www.misp-project.org/taxonomies.html#_cryptocurrency_threat) taxonomy and workflow taxonomy to support the new workflow features.
For more details, the [misp-taxonomies changelog](https://www.misp-project.org/Changelog-misp-taxonomies.txt) is available.
# Don't forget to follow us on Mastodon