MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2018-08-06-MISP.2.4.94.released.md

pull/6/head
Andras Iklody 2018-08-06 23:32:46 +02:00 committed by GitHub
parent 70a0773e84
commit ce21aa198b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
_posts/2018-08-06-MISP.2.4.94.released.md
View File

@ -4,38 +4,38 @@ layout: post
featured: /assets/images/misp-small.png featured: /assets/images/misp-small.png
--- ---
A new version of MISP [2.4.94](https://github.com/MISP/MISP/tree/v2.4.94) has been released including an improved event graph interface, a new ElasticSearch plugin, API extended, clean-ups and many improvements. Even it's summertime, we continuously work on the MISP project and a lot of changes were introduced. A new version of MISP [2.4.94](https://github.com/MISP/MISP/tree/v2.4.94) has been released including an improved event graph interface, a new ElasticSearch plugin, various extensions and enhancements to the API, clean-ups and many improvements. Even though it's summertime, we continuously work on the MISP project and a lot of changes were introduced.
A significant improvement has been done in the MISP event graph such as: Major improvements have been implemented in the MISP event graph such as:
- Export functionality added in MISP event graph to export in PNG, JPEG, JSON format and Graphviz dot format. - Export functionality added in the MISP event graph to export in PNG, JPEG, JSON format and Graphviz dot format.
- Saving functionality to save the state of an event graph. This allows a user of an organisation to keep the state of the event graph and retrieve the history. - Saving functionality to save the state of an event graph. This allows a user of an organisation to keep the state of the event graph and retrieve the history.
![New functionality in the MISP event graph to export the graph and save the state of the graph](/assets/images/misp/blog/save-graph.png){:class="img-responsive"} ![New functionality in the MISP event graph to export the graph and save the state of the graph](/assets/images/misp/blog/save-graph.png){:class="img-responsive"}
The MITRE ATT&CK matrix user-interface has been extended to add directly techniques at event level without passing by the galaxy interface. The MITRE ATT&CK matrix user-interface has been extended to add directly techniques at event level without passing by the galaxy interface.
A new contributed functionality to log all MISP activities in an ElasticSearch is now available. It's pretty simple to configure as part of the standard plugin settings where ElasticSearch configuration can be added. A new functionality contributed allows users to log all MISP activities in ElasticSearch. It's pretty simple to configure thanks to its settings being part of the standard plugin settings system, so head over there to find the ElasticSearch configuration options.
![Configuring ElasticSearch with MISP](/assets/images/misp/blog/elasticsearch.png) ![Configuring ElasticSearch with MISP](/assets/images/misp/blog/elasticsearch.png)
The CLI interface has been improved with the ability to get the API of a giving user, force update of taxonomies, warning lists, notice lists and object templates. This helps automation of deployment of MISP instances without the need to use the UI. The CLI interface has been improved with the ability to get the API key of a given user, to force update the taxonomies, warning lists, notice lists and object templates. All of this serves to improve the automation of deployment of MISP instances without the need to use the UI.
MISP Synchronisation has been improved by moving the blacklist event skipping at negotiation phase instead to pull the event and then discard it later. Synchronisation has been improved when a lot of deletions were involved. Sync negotiation is now based on UUID-based lookups instead of using ID. MISP Synchronisation has been improved by moving the blacklist event skipping to the negotiation phase instead of first pulling blacklisted events and discard them after the fact. Synchronisation has also been improved in situations involving a large number of deletions. The pre-sync negotiation is now based on UUID-based lookups instead of relying on local IDs.
MISP API has been extended with an edit strategy API to describe the edit strategy for an event. This has been introduced to help additional tools to edit or extend MISP event such as TheHive project which recently allow to use the new extend event functionality. The MISP API has been introduced allowing users to deduce the prefered edit strategy of a given event. This has been introduced to help additional tools to decide whether to edit or extend MISP events. One such tool is TheHive project, which recently received a new release utilising the extend event functionality through this edit strategy API.
Various UI has been improved to ease the administrating tasks of operating large MISP instances such as the PGP fingerprint added to the verifyGPG interface, a new statistic tab to show how many user/organisations were added over the past months/year. Various UI views have been improved to ease administration tasks for admins operating large MISP instances, including features such as listing the PGP fingerprints via the verifyGPG interface, a new statistic tab to show how many users/organisations were added over the past months/year and more.
Many internal changes and clean-up were performed based on a recent static analysis of the codebase. Many internal changes and clean-ups were performed based on a recent static analysis of the codebase.
For a complete overview of all the changes, the full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available. For a complete overview of all the changes, the full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
New attribute type such as Monero (xmr) added along with the soft validation. [coin-address object template](https://github.com/MISP/misp-objects/blob/master/objects/coin-address/definition.json) updated to match the xmr attribute type. New attribute types such as Monero (xmr) added along with the soft validation. [coin-address object template](https://github.com/MISP/misp-objects/blob/master/objects/coin-address/definition.json) updated to match the xmr attribute type.
Major changes in the STIX2 export and import to improve the scope of the [MISP open standard](https://github.com/MISP/misp-rfc) in the STIX2 JSON format. Major changes in the STIX2 export and import were undertaken to improve the scope of the [MISP open standard](https://github.com/MISP/misp-rfc) and the mapping thereof to the STIX2 JSON format.
A huge thanks to all the [contributors](/contributors) who helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements. A huge thanks to all the [contributors](/contributors) who have tirelessly helped us improve the software and also all the participants in MISP trainings giving us a bunch of interesting feedback for improvements.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI. MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.