MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] MISP 2.4.111 released

pull/12/head
Alexandre Dulaunoy 2019-07-20 15:22:17 +02:00
parent 80ced7a01e
commit bcf1c2e28f
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
_posts/2019-07-19-MISP.2.4.111.released.md Normal file
View File

@ -0,0 +1,41 @@
---
title: MISP 2.4.111 released (aka improved proposal sync improved)
layout: post
featured: /assets/images/misp/blog/comid.jpeg
---
# MISP 2.4.111 released
A new version of MISP ([2.4.111](https://github.com/MISP/MISP/tree/v2.4.111)) has been released with improved proposal sync, minor improvements and bugs fixed.
## Proposal synchronisation rework
The proposal synchronisation has been redone and significantly improved from the original code which was released some years ago. We strongly invite all users of MISP to upgrade
to the latest version to properly receive the proposals via synchronisation. Proposal index has been reworked and proposal pull is now limited to the last 14 days (to avoid trying to pull ancient proposals at each sync).
## New attribute type community-id added
In the MISP project, we are big supporters of new open standards which can help community to reference forensic evidences and especially network forensic evidences. It was always difficult to track down common network flows as many tools and products relies on different methods to build network flow id. Then [Christian Kreibich](https://github.com/ckreibich) from Corelight decided to work on it and created the [Community ID Flow Hashing](https://github.com/corelight/community-id-spec). As the community-id is open with open source implementations which can be reused, various open source projects already support it such as Zeek (Bro), Suricata, Moloch, HELK, Elastic and MISP 2.4.111.
In 2.4.111, the attribute type has been added and the following object templates already include the attribute field such as:
- [Netflow](https://www.misp-project.org/objects.html#_netflow)
- [Network connection](https://www.misp-project.org/objects.html#_network_connection)
This feature allows to easily correlate network forensic flow from different tools or network equipments.
## Improvements and bugs fixed
- [misp-modules enrichment] Fixed index in attribute.
- [API] Deletes broken due to invalid boolean.
- [API] Delete http method/requests properly accepted by some /delete endpoints.
- [sync] Fixed a bug breaking the synchronisation between MISP instances.
- [stix2] Import of User Account objects is now supported.
- Issues #4864, #4861, #4847 fixed
[MISP galaxy](https://www.misp-project.org/galaxy.html), [MISP object templates](https://www.misp-project.org/objects.html) and [MISP warning-lists](https://github.com/MISP/misp-warninglists/) have been updated to the latest version.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.