First version of the 2.4.98 release added (screenshots missing)

pull/8/head
Alexandre Dulaunoy 2018-11-26 07:43:39 +01:00
parent 17737fa1d8
commit 95753d6b40
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 41 additions and 0 deletions

View File

@ -0,0 +1,41 @@
---
title: MISP 2.4.98 released (aka usability improvements and SleuthKit mactime import)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP ([2.4.98](https://github.com/MISP/MISP/tree/v2.4.98)) has been released with new features such as UI improved consistency (such as attributes search output), improved validation error messages, a new built-in experimental SleuthKit mactime import, new small features and many bugs fixed.
The user interface has been significantly improved regarding the reporting of validation errors while saving attributes. The user can now directly see the attributes not properly imported and the
reason about the validation failing. A user can view the failed/succeeded saves in batch imports from the UI. Many small fixes in the flash messages displayed to the users.
A new experimental import functionality has been included to import SleuthKit mactime timeline from MISP directly. The user can import one or more mactime timeline in MISP which will be included as a mactime object to describe forensic activities on an analysed file system. The import is a two-step process where the user can cherry pick the forensic events which took place and select the meaningful activity to be added in a MISP event.
The API has been improved with many new features such as:
- The result counts to restsearch API are now visible via the x-result-count header
- The option includeProposals is now functional at attribute level restSearch
- The event controller readability has been improved
- Fixed a bug blocking malware samples from being added using /events/add when the encrypt=1 flag was set for raw sample inclusion
- Sighting restSearch API documentation has been fixed
- Better handling when trying to edit an attribute without adequate permissions
- Throw a proper error when trying to edit an event without access to doing so
- Fixed non exportable tags being included in the attribute level restSearch.
In the CSV export functionality, the ignore flag is restored to the old behaviour:
- If not set, only return published events / to_ids flagged events by default
- Setting ignore:0 will result in the default behaviour
- Setting ignore:1 will result in unpublished events and non to_ids attributes being filtered out
- Fixed a bug that broke the CSV api if ignore:0 was passed
Many long-standing bugs were fixed based on the feedback from various users and organisations.
In STIX 1 import, AIS marking is now included in import as MISP event tag. Many improvement in STIX 1 and STIX 2 import/export, check the changelog for the complete changes.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. New object templates were introduced to better support the description of forensic analysis cases and improve their sharing. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next activities to improve threat intelligence, analytics and automation.