MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] MISP 2.4.109 released

pull/10/head
Alexandre Dulaunoy 2019-06-13 21:54:58 +02:00
parent 13c2002332
commit abf01083d7
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 57 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
_posts/2019-06-14-MISP.2.4.109.released.md Normal file
View File

@ -0,0 +1,57 @@
---
title: MISP 2.4.109 released (aka cool attributes-to-object)
layout: post
featured: /assets/images/misp/blog/attribute-to-object.gif
---
A new version of MISP ([2.4.109](https://github.com/MISP/MISP/tree/v2.4.109)) has been released with a host of new features, improvements, bugs fixed and a minor security fix. We strongly advise all users to update their MISP installations to this latest version.
# New main features
## New easy attributes to object functionality
![](https://www.misp-project.org/assets/images/misp/blog/attribute-to-object.gif)
When an analyst inserts information in MISP, it's very common to start with a set of unstructured indicators/attributes. At a later stage, common structures emerge and combining attributes into an object makes sense. But it was a cumbersome process as you had to pick a object and encode again the attributes in a object. We introduced a new feature to easily select a set of attributes and propose automatically the possible object templates. Then you select the template and the object is created.
## Improved ATT&CK and ATT&CK-like matrix support
![](https://www.misp-project.org/assets/images/misp/blog/attack-new.png)
![](https://www.misp-project.org/assets/images/misp/blog/fraud-tactics.png)
We received exhaustive feedback during FIRST.org CTI conference in London and the [ATT&CK EU community](https://www.attack-community.org/) workshop at Eurocontrol concerning the ATT&CK integration in MISP. The matrix visualisation is improved by sorting the elements based on their scores. The statistics for all the matrix-like galaxy can now be easily queried per time-range or organisation.
# Security fix - CVE-2019-12794
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this. [CVE-2019-12794](https://cve.circl.lu/cve/CVE-2019-12794) Thanks to Raymond Schippers for the report.
## API
- [API] added new restSearch filter - date.
- deprecated to and from
- date works similarly to timestamp, accepted syntax options:
- time ranges in the shorthand format (7d or 24h, etc)
- timestamps
- fallback parsing for other formats (2019-01-01, "fortnight ago", etc)
- date ranges using lists [14d, 7d]
# Bugs fixed
- A long-standing bug has been fixed when adding tag or galaxy while using Firefox.
- [permissions] Fixed the default sync/user/publisher permissions to include perm_tagger and perm_tag_editor(sync only).
- And many other [fixes](https://www.misp-project.org/Changelog.txt).
# MISP galaxy, object templates and warning-lists updated
[MISP galaxy](https://www.misp-project.org/galaxy.html), [MISP object templates](https://www.misp-project.org/objects.html) and [MISP warning-lists](https://github.com/MISP/misp-warninglists/) have been updated to the latest version.
New [default feeds](https://www.misp-project.org/feeds/) were added in MISP. Don't hesitate to contact us if you have any idea for new feeds.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
# Warning: Next release 2.4.110
The next version of MISP will include major changes in the data-model to introduce new functionalities to support forensic capabilities and especially improved time representation for MISP attributes and objects. The next release will update various tables but the automatic update might take some more time (between 30 and 45 minutes) depending how large is your attributes table. During that update, your MISP instance will be unavailable until the update is performed. We notify in advance our users to prepare their upgrade plan for the next release 2.4.110.