MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2018-05-16-MISP.2.4.91.released.md

pull/5/head
Andras Iklody 2018-05-16 14:23:43 +02:00 committed by GitHub
parent ba2d462928
commit ce5c405f92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
_posts/2018-05-16-MISP.2.4.91.released.md
View File

@ -8,27 +8,27 @@ A new version of MISP [2.4.91](https://github.com/MISP/MISP/tree/v2.4.91) has be
### Distribution and sharing visualisation
MISP 2.4.91 has a new visualisation aid in order to simply view the distribution and sharing model of all the attributes within an event. As event can
be significantly large with multiple objects and attributes, analyst needs to verify if the proper distributions are applied. The new visualisation
allows to view the distribution per distribution model including the associated sharing groups. The visualisation aid is dynamic and can be used to
filter directly in the event the respective attributes matching a specific distribution.
MISP 2.4.91 has a new visual aid in order to simply view the distribution and sharing model of all the attributes within an event. As events can
become quite larger, with long lists of objects and attributes, analysts need to verify whether the proper distributions are applied. The new visualisation
allows them to view the items per distribution level including the associated sharing groups. The visualisation is dynamic and can be used to
filter the given attributes matching a specific distribution setting within the event.
![Visualisation of a MISP event and how the sharing of the attribute will take place](/assets/images/misp/blog/sharing.png){:class="img-responsive"}
![Visualisation of a MISP event and how the sharing of attributes will take place](/assets/images/misp/blog/sharing.png){:class="img-responsive"}
### Galaxy at attribute level
[MISP Galaxy](/galaxy.html) includes a large number of libraries to better classify event based threat actors, kill chains or actor techniques such as described in [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page). Initially, the MISP galaxy can be attached to the MISP event level. As many users developed new galaxy cluster to map their own model, MISP 2.4.91 is now capable of attaching MISP clusters at the attribute level. In the example below, a vulnerability attribute can be then easily linked to a respective MITRE ATT&CK adversary technique allowing to support analysts to search and pivot per techniques but also to support more advanced automation.
[MISP Galaxy](/galaxy.html) includes a large number of libraries to assist in classifying events based on threat actors, kill chains or actor techniques such as described in the [MITRE ATT&CK](https://attack.mitre.org/wiki/Main_Page) galaxy. Initially, MISP galaxies were limited to be attached to MISP events alone. As many users developed new galaxy cluster to map their own model, MISP 2.4.91 is now capable of attaching MISP clusters at the attribute level. In the example below, a vulnerability attribute can be then easily linked to the respective MITRE ATT&CK adversary technique supporting analysts trying to search for and pivot on techniques, but also supporting various more advanced automation scenarios.
![An example of a MISP galaxy such as MITRE ATT&CK attached to a specific attribute in MISP](/assets/images/misp/blog/exploitation.png){:class="img-responsive"}
### Privacy notice list and GDPR
MISP Project was actively involved in the question of compliance especially about [information sharing and legal compliance](/compliance). In the scope of the CEF-TC-2016-3 - Cyber Security co-fundin helped us to improve the various aspects of compliance while keeping a strong focus on the information sharing aspect.
The MISP Project is actively involved when it comes to questions of compliance, as of lately with a special focus on [information sharing and legal compliance](/compliance). In the scope of the CEF-TC-2016-3 - Cyber Security co-funding helped us to improve the various aspects of compliance while keeping a strong focus on the information sharing aspect.
In MISP 2.4.91, we introduce the [MISP notice](https://github.com/MISP/misp-noticelist) to inform MISP users of the legal, privacy, policy or even technical implications of using specific attributes, categories or objects. The feature was originally designed for the support of the Directive 95/46/EC (General Data Protection Regulation) to notify the analyst about the potential risks while entering specific information. The notice feature is a flexible solution to allow any kind of notice (expressed in a simple JSON format) to be included in MISP forms based on the category or type entered in the system.
In MISP 2.4.91, we introduced the [MISP notice system](https://github.com/MISP/misp-noticelist) to inform MISP users of the legal, privacy, policy or even technical implications of using specific attributes, categories or objects. The feature was originally designed to support the Directive 95/46/EC (General Data Protection Regulation - GDPR) by notifying the analyst about the potential risks while entering specific information. The notice feature is a flexible solution to allow for a wide variety of notice systems (expressed in a simple JSON format) to be included in MISP, based on the category or type entered in the system.
We expect to see organisations using MISP to enable, disable or extend the notice lists to fit their specific policies, legal framework or local regulation framework.
We expect to see organisations using MISP to enable, disable or extend the notice lists to fit their specific policies, legal frameworks or local regulation frameworks.
![GDPR notice about a specific category](/assets/images/misp/blog/not1.png){:class="img-responsive"}
@ -44,11 +44,11 @@ ZMQ feed has been extended to include base64 encoded attachments in order to imp
### Miscellaneous Improvements
Even enrichment (via misp-modules) can now be easily triggered from the event menu to automatically enrich all the attributes in event. This enrichment is also globally accessible via the API and exposed via the command-line too.
Event enrichment (via misp-modules) can now be easily triggered from the event menu to automatically enrich all the attributes in event. This enrichment is also globally accessible via the API and exposed via the command-line too.
STIX 1 import has been improved to support old legacy format including CustomObjects, socket address object, CIQ targets, DNS records object and many others.
The legacy STIX 1 import has been improved to support CustomObjects, socket address objects, CIQ targets, DNS records object and many others.
Many bugs were fixed especially 3245, 3240, 3202 and 3201.
Many bugs were fixed with special note to issues 3245, 3240, 3202 and 3201.
MISP 2.4.91 has been updated to the latest version of CakePHP 2.10 series.