MISP 2.4.93 released

pull/6/head
Alexandre Dulaunoy 2018-06-27 16:55:55 +02:00
parent 4030f41db0
commit b8277d1af5
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 36 additions and 0 deletions

View File

@ -0,0 +1,36 @@
---
title: MISP 2.4.93 released (aka ATT&CK integration improvements)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.93](https://github.com/MISP/MISP/tree/v2.4.93) has been released including an improved [MITRE ATT&CK](https://attack.mitre.org) integration, new event lock functionality, initial support for multilingual MISP interface, various fixes and a security fix ([CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649)).
MITRE ATT&CK offers a nice and efficient way to describe adversarial tactics and techniques to information in MISP (at event or attribute level) and share it with your partners. We included ATT&CK in the [misp-galaxy](https://www.misp-project.org/galaxy.html) from the early beginning but we quickly saw the limitation of using the techniques in MISP. So we decided to improve the user-interface by having the ATT&CK matrix directly accessible in MISP to add techniques and tactics following the model described in MITRE ATT&CK. The global statistics were also extended in order to see the overview of techniques used.
<div class="myvideo">
<video style="display:block; width:100%; height:auto;" autoplay controls loop="loop">
<source src="{{ site.baseurl }}/assets/images/misp/video/attack.webm" type="video/webm" />
</video>
</div>
A new functionality has been introduced called event lock which shows if another user is editing the event you're viewing (same organisation only).
STIX 2 export now includes PE binaries and better support for MISP objects.
STIX 1 import has been significantly improved to import AIS/US-CERT STIX file including specific relationship for malware samples.
A new functionality has been added to allow the switching of the UI language used for the MISP interface (part of the ongoing [internationalization effort](https://github.com/MISP/misp-book/tree/master/translation)) .
[CVE-2018-12649](https://cve.circl.lu/cve/CVE-2018-12649) has been fixed where brute force protection can be bypassed with a PUT request.
Many bug fixes (including install guides) and minor features including impfuzzy validation.
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
A huge thanks to all the [contributors](/contributors) who helped us to improve the software and also all the participants in MISP trainings which give interesting feedback
for improvements.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
Don't forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. A [Call-for-Papers is open](https://cfp.hack.lu/misp0x4/) for the MISP Threat Intelligence Summit 0x4. We would be glad to see users, contributors or organisations actively using MISP or/and threat intelligence to share their experiences and presentation to the CfP.