From afd6517cf2fdc9f3eec67d6a182eeba5f3072d08 Mon Sep 17 00:00:00 2001 From: Andras Iklody Date: Wed, 6 Dec 2017 01:27:35 +0100 Subject: [PATCH] Update 2017-12-06-MISP.2.4.83.released.md --- _posts/2017-12-06-MISP.2.4.83.released.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/_posts/2017-12-06-MISP.2.4.83.released.md b/_posts/2017-12-06-MISP.2.4.83.released.md index 48bc8c5..85c27a0 100755 --- a/_posts/2017-12-06-MISP.2.4.83.released.md +++ b/_posts/2017-12-06-MISP.2.4.83.released.md @@ -4,29 +4,29 @@ layout: post featured: /assets/images/misp-small.png --- -A new version of MISP [2.4.83](https://github.com/MISP/MISP/tree/v2.4.83) has been released including attribute level tag filter on synchronisation, full audit logging via ZMQ or Syslog, email restriction at org level, many more improvements and bug fixes. +A new version of MISP [2.4.83](https://github.com/MISP/MISP/tree/v2.4.83) has been released including attribute level tag filtering on synchronisation, full audit logging via ZMQ or Syslog, user email domain restriction at the org level, many more improvements and bug fixes. -Tag filters has been enhanced and filtering is on +Tag filters have been enhanced and filtering is on - all events containing matching tags on event + attribute level (positive lookup) - all events not containing matching tags (negative lookup) - filter attributes within a matched event for blocked attributes (negative lookup) -Tag filtering improved performance for large MISP instance actively when using filtering. +Tag filtering improved performance for large MISP instances actively when using filtering. -A new functionality has been added to limit the use of certain emails addresses to an organisation. This extends the granularity of filtering +A new functionality has been added to limit the use of certain email domains to an organisation. This extends the granularity of filtering for specific organisations to avoid out-of-scope users within a specific organisation. -Audit logging has been improved to log all the audit logs in ZMQ or/and Syslog. syslog logging now includes all audit log entries and it's separated into proper severity levels. ZMQ logging and syslog logging are both optional features. +Audit logging has been improved to log all the audit logs in ZMQ and/or Syslog. syslog logging now includes all audit log entries and it's separated into proper severity levels. ZMQ logging and syslog logging are both optional features. -New types were introduced like mac-address and mac-eui-64 in MISP to allow sharing indicators related to EUI-48 and EUI-64. -Phone type detection is better especially in the free-text import along with the normalisation of the phone attribute type to ensure correlation. +New types were introduced such as mac-address and mac-eui-64 in MISP to allow sharing indicators related to EUI-48 and EUI-64. +Phone type detection is better especially in the free-text import along with the normalisation of the phone attribute type to ensure consistent correlations. -The CSV export improved performance and export flexibility like "value" filter or attribute level tagging. +The CSV export has received an overhaul, improving performance and extending the export's flexibility by new filters such as a "value" filter or the inclusion of attribute level tagging. -ZMQ channel has been improved especially to support complex software relying on the ZMQ feed like the recent [misp-dashboard](https://github.com/MISP/misp-dashboard). +ZMQ channel has been improved to support complex software relying on the ZMQ feed such as the recently released [misp-dashboard](https://github.com/MISP/misp-dashboard). -Feed preview enhanced especially in the MISP OSINT feed format to allow anchor to the correlating value of the attribute. +Feed preview enhanced especially for the MISP feed format to allow quick pivoting to the correlating events in a feed from individual attributes. Many bug fixes and improvement were introduced in this version.