MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

MISP 2.4.91 released

pull/5/head
Alexandre Dulaunoy 2018-05-16 13:51:56 +02:00
parent 7d2fe7b070
commit ba2d462928
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
_posts/2018-05-16-MISP.2.4.91.released.md Executable file
View File

@ -0,0 +1,61 @@
---
title: MISP 2.4.91 released (aka distribution visualisation, galaxy at attribute level and privacy notice list)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.91](https://github.com/MISP/MISP/tree/v2.4.91) has been released including new major features, improvements and bug fixes.
### Distribution and sharing visualisation
MISP 2.4.91 has a new visualisation aid in order to simply view the distribution and sharing model of all the attributes within an event. As event can
be significantly large with multiple objects and attributes, analyst needs to verify if the proper distributions are applied. The new visualisation
allows to view the distribution per distribution model including the associated sharing groups. The visualisation aid is dynamic and can be used to
filter directly in the event the respective attributes matching a specific distribution.
![Visualisation of a MISP event and how the sharing of the attribute will take place](/assets/images/misp/blog/sharing.png){:class="img-responsive"}
### Galaxy at attribute level
[MISP Galaxy](/galaxy.html) includes a large number of libraries to better classify event based threat actors, kill chains or actor techniques such as described in [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page). Initially, the MISP galaxy can be attached to the MISP event level. As many users developed new galaxy cluster to map their own model, MISP 2.4.91 is now capable of attaching MISP clusters at the attribute level. In the example below, a vulnerability attribute can be then easily linked to a respective MITRE ATT&CK adversary technique allowing to support analysts to search and pivot per techniques but also to support more advanced automation.
![An example of a MISP galaxy such as MITRE ATT&CK attached to a specific attribute in MISP](/assets/images/misp/blog/exploitation.png){:class="img-responsive"}
### Privacy notice list and GDPR
MISP Project was actively involved in the question of compliance especially about [information sharing and legal compliance](/compliance). In the scope of the CEF-TC-2016-3 - Cyber Security co-fundin helped us to improve the various aspects of compliance while keeping a strong focus on the information sharing aspect.
In MISP 2.4.91, we introduce the [MISP notice](https://github.com/MISP/misp-noticelist) to inform MISP users of the legal, privacy, policy or even technical implications of using specific attributes, categories or objects. The feature was originally designed for the support of the Directive 95/46/EC (General Data Protection Regulation) to notify the analyst about the potential risks while entering specific information. The notice feature is a flexible solution to allow any kind of notice (expressed in a simple JSON format) to be included in MISP forms based on the category or type entered in the system.
We expect to see organisations using MISP to enable, disable or extend the notice lists to fit their specific policies, legal framework or local regulation framework.
![GDPR notice about a specific category](/assets/images/misp/blog/not1.png){:class="img-responsive"}
and notice lists are easily configurable:
![Notice lists are configurable](/assets/images/misp/blog/not2.png){:class="img-responsive"}
### API
[Feed](/feeds) management, in 2.4.91, can be also be done via the API such as add/edit/delete feeds. API documentation is directly accessible via the API if a GET request is performed instead of a POST.
ZMQ feed has been extended to include base64 encoded attachments in order to improve the integration with the CSP platform (MeliCERTes) and other application relying on the ZMQ feed (3169 fixed).
### Miscellaneous Improvements
Even enrichment (via misp-modules) can now be easily triggered from the event menu to automatically enrich all the attributes in event. This enrichment is also globally accessible via the API and exposed via the command-line too.
STIX 1 import has been improved to support old legacy format including CustomObjects, socket address object, CIQ targets, DNS records object and many others.
Many bugs were fixed especially 3245, 3240, 3202 and 3201.
MISP 2.4.91 has been updated to the latest version of CakePHP 2.10 series.
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
PyMISP has been also updated, boasting a more clever approach to timestamp handling while updating MISP JSON files. The PyMISP documentation has been updated [PDF](https://media.readthedocs.org/pdf/pymisp/latest/pymisp.pdf).
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI. To get the MISP notice list, don't forget to perform a `git submodule init; git submodule update` to initialise the new external dependency.
Don't forget that the MISP Threat Intelligence Summit 0x4 will take place the Monday 15th October 2018 before hack.lu 2018. A [Call-for-Papers is open](https://cfp.hack.lu/misp0x4/) for the MISP Threat Intelligence Summit 0x4. We would be glad to see users, contributors or organisations actively using MISP or/and threat intelligence to share their experiences and presentation to the CfP.