MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'new' of github.com:MISP/misp-website into new

pull/104/head
Alexandre Dulaunoy 2024-05-27 10:14:29 +02:00
parent 8d383a5116 2733c86395
commit 9a477fa1da
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
4 changed files with 46 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/blog/MISP.2.4.151.released.md
View File

@ -23,7 +23,7 @@ MISP 2.4.151 released including a host of bug fixes and a bunch of new features
- No scheduling capabilities, these were an unnecessary overhead for us before as we relied on corn jobs as our preferred scheduling mechanism anyway
- Expect more improvements to this library over the course of the next months, but feel free to switch to using it already now
- Currently it is completely optional and the old background processor will still be supported for a while
- Be aware that manual setup steps are required to get the new processor working, refer to [the upgrade guide](https://gist.github.com/righel/8ebc6c84341f2aea7d0bfa124e535ef8) on the procedure, if you decide to start using it already now
- Be aware that manual setup steps are required to get the new processor working, refer to [the upgrade guide](https://github.com/MISP/MISP/blob/2.4/docs/background-jobs-migration-guide.md) on the procedure, if you decide to start using it already now
# Various CLI changes

40
content/blog/MISP.2.4.192.released.md Normal file
View File

@ -0,0 +1,40 @@
---
title: MISP 2.4.192 released with many performance improvement, fixes and updates.
date: 2024-05-07
layout: post
tags: ["MISP", "Threat Intelligence", "release" ]
banner: /img/blog/opinion-view.png
---
### New Features
- **Security Enhancements:**
- Ability to disable TOTP/HTOTP when linked to an identity provider with strong authentication.
- Introduced Fast API Authentication with temporary storage of hashed API keys in Redis to enhance endpoint performance.
- **Logging and Tracking:**
- Enhanced detailed tracking sent to Sentry as breadcrumbs.
- **User Interface Improvements:**
- Addition of missing views for analyst data to enhance UI functionality.
### Changes
- **Performance and Functionality Improvements:**
- Updated CRUD operations to support afterFind in the delete function.
- Removal of redundant UI elements and dependencies, streamlined distribution settings, and enhanced event view loading.
- Upgraded warning lists, MISP galaxies, and MISP objects to the latest versions.
- Simplified JSON structure updates and UI enhancements, including a nicer menu design.
- **Configuration and Security Settings:**
- Improved role management with OIDC and adjusted security settings to disable password resetting when changes are disabled.
### Fixes
- **Security and Stability Fixes:**
- Addressed various security concerns including fixing redirect loops, removing redundant security tests, and patching stored XSS vulnerabilities. CVE-2024-33855
- Restored and fixed the Email OTP feature and ensured the proper functioning of external authentication.
- Made several critical fixes in the handling of analyst data and UI operations, like pagination in logs and event view configurations.
- **Optimization and Error Corrections:**
- Fixed issues in SQL logs, benchmarking, and handling of event indexes related to tags and threat levels.
For a complete list of updates, please refer to the [changelog pages](https://www.misp-project.org/Changelog.txt).

10
content/blog/Using-Your-MISP-IoCs-in-Kunai.md
View File

@ -3,12 +3,12 @@ title: Using your MISP IoCs in Kunai (the open source EDR for Linux)
date: 2024-04-19
layout: post
tags: ["edr", "kunai"]
#banner: /img/blog/poppy/2.png
banner: /img/blog/misp-ioc-kunai.png
---
# Using your MISP IoCs in Kunai
[Kunai](https://github.com/kunai-project/kunai) is an **open-source** security monitoring tool, specifically designed to address the threat-hunting and threat-detection problematic on **Linux**. It has been inspired by [Microsoft Sysmon](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon), to provide a Sysmon alike experience to the end user. However, it comes with some more advanced features such as fine grained event filtering, detection rules and IoC matching. In this blog post, we are going to introduce how to implement real time **MISP IoC** matching in a very short amount of time.
[Kunai](https://github.com/kunai-project/kunai) is an **open-source** security monitoring tool, specifically designed to address the threat-hunting and threat-detection problematic on **Linux**. It has been inspired by [Microsoft Sysmon](https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon), to provide a Sysmon alike experience to the end user. However, it comes with some more advanced features such as fine grained **event filtering**, detection rules and **IoC** matching. In this blog post, we are going to introduce how to implement real time **MISP IoC** matching in a very short amount of time.
## Warm up
@ -187,9 +187,9 @@ We hope you learned useful things or at least that you enjoyed reading this arti
## References
[Kunai project on GitHub](https://github.com/kunai-project/)
[Kunai documentation](https://why.kunai.rocks/docs/quickstart)
[Kunai tools](https://github.com/kunai-project/tools)
[Kunai project on GitHub](https://github.com/kunai-project/)
[Kunai documentation](https://why.kunai.rocks/docs/quickstart)
[Kunai tools](https://github.com/kunai-project/tools)
[PyMISP](https://github.com/MISP/PyMISP)

BIN
static/img/blog/misp-ioc-kunai.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 676 KiB