MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

2.4.80 released

pull/2/head
Alexandre Dulaunoy 2017-09-18 22:26:50 +02:00
parent feb83aa49d
commit 991f3dcd1f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
_posts/2017-09-18-MISP.2.4.80.released.md Executable file
View File

@ -0,0 +1,39 @@
---
title: MISP 2.4.80 released (aka MISP objects release)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.80](https://github.com/MISP/MISP/tree/v2.4.80) has been released including the most awaited [MISP objects](https://github.com/MISP/misp-objects) feature along with other new features, security fix (CVE-2017-14337)[https://www.circl.lu/advisory/CVE-2017-14337/] and improvements.
## MISP Objects
MISP now includes the support for the MISP objects. This allows MISP to support complex and combined objects in a flexible way along with their [relationships](http://www.misp-project.org/objects.html#_relationships) towards other objects or even attributes.
MISP objects already available by default are documented in [HTML](https://www.misp-project.org/objects.html) or [PDF](https://www.misp-project.org/objects.pdf).
The object model allows MISP users to add objects in addition to standard attributes in event. Objects are composed of one or more attributes which are defined by templates.
The [templates of the objects](https://github.com/MISP/misp-objects/tree/master/objects) are public and can be easily contributed by everyone. This allows analysts, users, security professionals to build their own representation of objects and share it back to their communities.
The default MISP object included are: ail-leak, cookie, credit-card, ddos, domain|ip, elf, elf-section, email, file, geolocation, http-request, ip|port, macho, macho-section, passive-dns, pe, pe-section, person, phone, r2graphity, regexp, registry-key, tor-node, url, vulnerability, whois, x509, yabin.
An example which describes a DGA (Domain Generation Algorithm) linked to two domain indicators using the MISP object functionality:
![DGA expressed as MISP object](/assets/images/misp/blog/DGA-in-MISP.png){:class="img-responsive"}
Relationships can be described from an existing list of link types (e.g. `executed-by`, `impersonates`, `communicates-with`,...) or from your own relationship vocabulary. This allows to
model a fairly large set of cases from incident, collected intelligence, attacks or course-of-action to malware analysis.
The version 2.4.80 also includes an extended import of file binary relying on [PyMISP](https://github.com/MISP/PyMISP/blob/master/pymisp/tools/create_misp_object.py) and [LIEF](https://lief.quarkslab.com/) to create parsed file objects for PE, ELF and MachOS binary formats.
We are expecting to see many creative use of the new MISP object feature and improvement in the following weeks.
This release includes many bug fixes, improvements and new features.
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
Don't hesitate to [open an issue](https://github.com/MISP/MISP/issues) if you have any feedback, found a bug or want to propose new features.
Don't forget our [MISP summit 0x3](https://2017.hack.lu/misp-summit/) before the [hack.lu](https://2017.hack.lu/) 2017 conference which will take place from 14:00 to 18:00, Monday 16 October 2017. The core team of MISP will also join the [hack.lu open source security software hackathon 0x2 ](https://hackathon.hack.lu/) which will take place 19-20 October 2017.
A new MISP training will take place in Luxembourg the 21st November 2017, [registration is now open](https://www.eventbrite.com/e/misp-training-november-edition-tickets-36347289722).