MISP 2.4.83 released

pull/3/head
Alexandre Dulaunoy 2017-12-06 01:16:33 +01:00
parent daad32dccc
commit c2aaef2ae0
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 38 additions and 0 deletions

View File

@ -0,0 +1,38 @@
---
title: MISP 2.4.83 released (aka attributes-level tag filtering and more)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP [2.4.83](https://github.com/MISP/MISP/tree/v2.4.83) has been released including attribute level tag filter on synchronisation, full audit logging via ZMQ or Syslog, email restriction at org level, many more improvements and bug fixes.
Tag filters has been enhanced and filtering is on
- all events containing matching tags on event + attribute level (positive lookup)
- all events not containing matching tags (negative lookup)
- filter attributes within a matched event for blocked attributes (negative lookup)
Tag filtering improved performance for large MISP instance actively when using filtering.
A new functionality has been added to limit the use of certain emails addresses to an organisation. This extends the granularity of filtering
for specific organisations to avoid out-of-scope users within a specific organisation.
Audit logging has been improved to log all the audit logs in ZMQ or/and Syslog. syslog logging now includes all audit log entries and it's separated into proper severity levels. ZMQ logging and syslog logging are both optional features.
New types were introduced like mac-address and mac-eui-64 in MISP to allow sharing indicators related to EUI-48 and EUI-64.
Phone type detection is better especially in the free-text import along with the normalisation of the phone attribute type to ensure correlation.
The CSV export improved performance and export flexibility like "value" filter or attribute level tagging.
ZMQ channel has been improved especially to support complex software relying on the ZMQ feed like the recent [misp-dashboard](https://github.com/MISP/misp-dashboard).
Feed preview enhanced especially in the MISP OSINT feed format to allow anchor to the correlating value of the attribute.
Many bug fixes and improvement were introduced in this version.
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on. [For more information and registration](https://www.circl.lu/services/misp-training-materials/).