From c2aaef2ae01b53153e91ec65df6d8513d0ef66d5 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 6 Dec 2017 01:16:33 +0100 Subject: [PATCH] MISP 2.4.83 released --- _posts/2017-12-06-MISP.2.4.83.released.md | 38 +++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100755 _posts/2017-12-06-MISP.2.4.83.released.md diff --git a/_posts/2017-12-06-MISP.2.4.83.released.md b/_posts/2017-12-06-MISP.2.4.83.released.md new file mode 100755 index 0000000..48bc8c5 --- /dev/null +++ b/_posts/2017-12-06-MISP.2.4.83.released.md @@ -0,0 +1,38 @@ +--- +title: MISP 2.4.83 released (aka attributes-level tag filtering and more) +layout: post +featured: /assets/images/misp-small.png +--- + +A new version of MISP [2.4.83](https://github.com/MISP/MISP/tree/v2.4.83) has been released including attribute level tag filter on synchronisation, full audit logging via ZMQ or Syslog, email restriction at org level, many more improvements and bug fixes. + +Tag filters has been enhanced and filtering is on + +- all events containing matching tags on event + attribute level (positive lookup) +- all events not containing matching tags (negative lookup) +- filter attributes within a matched event for blocked attributes (negative lookup) + +Tag filtering improved performance for large MISP instance actively when using filtering. + +A new functionality has been added to limit the use of certain emails addresses to an organisation. This extends the granularity of filtering +for specific organisations to avoid out-of-scope users within a specific organisation. + +Audit logging has been improved to log all the audit logs in ZMQ or/and Syslog. syslog logging now includes all audit log entries and it's separated into proper severity levels. ZMQ logging and syslog logging are both optional features. + +New types were introduced like mac-address and mac-eui-64 in MISP to allow sharing indicators related to EUI-48 and EUI-64. +Phone type detection is better especially in the free-text import along with the normalisation of the phone attribute type to ensure correlation. + +The CSV export improved performance and export flexibility like "value" filter or attribute level tagging. + +ZMQ channel has been improved especially to support complex software relying on the ZMQ feed like the recent [misp-dashboard](https://github.com/MISP/misp-dashboard). + +Feed preview enhanced especially in the MISP OSINT feed format to allow anchor to the correlating value of the attribute. + +Many bug fixes and improvement were introduced in this version. + +The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available. + +MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI. + +New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on. [For more information and registration](https://www.circl.lu/services/misp-training-materials/). +