diff --git a/_posts/2020-11-10-MISP.2.4.134.released.md b/_posts/2020-11-10-MISP.2.4.134.released.md new file mode 100644 index 0000000..50cc70f --- /dev/null +++ b/_posts/2020-11-10-MISP.2.4.134.released.md @@ -0,0 +1,56 @@ +--- +title: MISP 2.4.134 released (new import extractor for the event report, various improvements and fixes) +layout: post +featured: /assets/images/misp/blog/event-reports/report-modal.png +--- + +# MISP 2.4.134 released + +In the previous version of MISP, the new [Event Report functionality](https://www.misp-project.org/2020/10/08/Event-Reports.html) has been introduced to edit, visualize and share report in Markdown format which includes the ability to reference elements from within the MISP event. + +In this version, the Event Report has been extended to support the automatic discovery of attributes, galaxies and tags from any website captured. + +![Overview video of the new MISP event report functionality and discover of elements](https://www.misp-project.org/assets/images/misp/blog/event-report-demo-extraction-from-url2.mp4) + +This functionality allows the analysts to collect external report and automatically discover information which can be used in MISP. +The Event Report fetching requires the [misp-modules](https://github.com/MISP/misp-modules) to be activated. + +# Optional A/V scanning in MISP + +A new feature has been added to scan automatically any attachment in MISP. The functionality is optional and can be enabled in the global configuration. + +# ATT&CK sub-techniques + +MISP now includes the ATT&CK sub-techniques as a MISP galaxy. + +# Example script for direct STIX ingestion into MISP + +A new [Ingest STIX](https://github.com/MISP/MISP/tree/2.4/tools/ingest_stix) script is available to show how to easily ingest STIX 1 and 2 files in MISP while using the parsing functionality of MISP core. + + +# Security fix - CVE-2020-28043 + +A security vulnerability [CVE-2020-28043](https://cve.circl.lu/cve/CVE-2020-28043) has been fixed. MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. + +- by using the full path parameter in the rest client, users could issue queries to any server +- this becomes especially problematic when the MISP server is able to query other internal servers, + as external users could trigger those +- new server setting added that allows enabling the full path option, this is now disabled by default +- new server setting added to add an override baseurl for the rest client, removing the need for the full + path option in the first place (for example for the training VM with its port forwarding) +- Thanks to Heitor GouvĂȘa for reporting this vulnerability + +# Many bugs fixed and small improvements + +- Tag index has been improved with a simple view excludes eventtags / attributetags / sightings +- Many UI improvements (thanks to Jakub Onderka for his continuous effort and attention to details) + +A host of other improvements are documented in the [complete changelog is available](https://www.misp-project.org/Changelog.txt). + +# Acknowledgement + +We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html) +. + +As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements. +