MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-01-01-MISP.2.4.100.released.md

pull/8/head
Andras Iklody 2019-01-01 11:43:15 +01:00 committed by GitHub
parent 203c0ad376
commit 9f0fd207f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
_posts/2019-01-01-MISP.2.4.100.released.md
View File

@ -4,22 +4,22 @@ layout: post
featured: /assets/images/misp-small.png
---
Happy new year! We are so proud of the community who supported us for the past year and we hope to do even better for 2019. Thanks a lot.
Happy new year! We are so proud of our community which has supported us for the past year and we hope to do even better for 2019. Thanks a lot.
A new version of MISP ([2.4.100](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with improvements in the UI, API, import and export and a new query builder.
A new version of MISP ([2.4.100](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with improvements to the UI, API, import and export along with the addition of a new query builder.
![](/assets/images/misp/blog/restsearchbuilder.png)
As querying MISP instances to feed and integrate with network security devices, endpoint security devices or monitoring is critical. We try to improve the life of the users with a
new query builder in the REST interface available in the MISP UI (REST client below the Event Actions). The query builder is a simple interface to create your JSON query to get
your information back for ingestion in your devices and tools easily. You can construct complex queries by a series of clicks. The query builder is intelligent to show you the exact
values supported and give you a dynamic contextual information for each of the query. And you can test your queries and grab the generated code in Python or curl to support your integration.
Considering the criticality of being able to accurately define how we query MISP instances in order to feed and integrate with network security devices, endpoint security devices or monitoring tools, we have tried to improve the life of the users tasked with the above duties via a new query builder, available through the REST client interface (REST client below the Event Actions). The query builder provides a simple interface to create your JSON queries used to get
the information you truly are interested in back for ingestion in your devices and tools easily.
Instead of going through the sometimes headache inducing task of trying to manually craft JSON objects, you can now construct complex queries via a series of simple clicks. The query builder is intelligent in a sense that it attempts to provide the exact values that are supported as options and provide you with dynamic contextual information for each of the query filters. You can subsequently test your queries and grab the code generated based on your filter choices in Python or curl format to support your integration.
UI usability has been improved with the following fixes (based on various feedbacks during the MISP trainings):
- Quickedit (double-click on value) on the event view has been replaced by a simpler clicking button to ease cut-and-paste from values. This has been also updated in the category, type and IDS field.
- Hover functionality has been improved to void glitchy popover, scrollbar added and multiple bugs were fixed.
- Clarification of the old hide tag to be a non-selectable tag on the instance.
- Quickedit (double-click on value) on the event view has been replaced by a more obvious edit icon to ease cutting and pasting values the attribute list. This change has also made for the category, type and IDS fields.
- Hover functionality has been improved to avoid glitchy popovers and a scrollbar was added along with multiple bugs that were fixed.
- Clarification of the old hide tag functionality to clarify it's intended effect (being a non-selectable tag via the interface for the given instance).
Two new attribute types were introduced in MISP (thanks to the contributors):
@ -28,9 +28,9 @@ Two new attribute types were introduced in MISP (thanks to the contributors):
The types are also part of [MISP standard core format which has been updated](https://tools.ietf.org/html/draft-dulaunoy-misp-core-format-06). If you see a missing types or object template in MISP, don't hesitate to report it back to us.
Multiple bugs were fixed such as events which were not synced during a pull due to an overzealous protection.
Multiple bugs were fixed, such as a synchronisation bug causing certain events not getting synced via a pull due to an overzealous protection mechanism.
MISP submodule for STIX 2.x now relies on our [fork of the STIX 2 library](https://github.com/MISP/cti-python-stix2) to support import STIX 2.x files (which time-based UUIDs) produced by some vendors and tools. If you have any issue while updating the submodule, don't forget to run a `git submodule sync` before running a `git submodule update` on existing MISP instances. STIX 1 and 2 import/export has been significantly improved based on the numerous sample files received. If you have specific issues with STIX files, feel free to send these to us.
MISP submodule for STIX 2.x now relies on our [fork of the STIX 2 library](https://github.com/MISP/cti-python-stix2) to support import STIX 2.x files (which time-based UUIDs) produced by some vendors and tools. If you have any issue while updating the submodule, don't forget to run a `git submodule sync` before running a `git submodule update` on existing MISP instances. STIX 1 and 2 import/export has been significantly improved based on the numerous sample files received. If you have specific issues with certain STIX files, feel free to send these to us.
We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large.