chg: [blog] WiP for FOSDEM release of MISP 2.4.102

pull/8/head
Alexandre Dulaunoy 2019-02-02 23:04:57 +01:00
parent 9c6387cf82
commit cf6bce4645
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 33 additions and 0 deletions

View File

@ -0,0 +1,33 @@
---
title: MISP 2.4.102 released (aka bug fixes and FOSDEM release)
layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP ([2.4.102](https://github.com/MISP/MISP/tree/v2.4.102)) has been released with multiple fixes, various UI improvements, new types and a praise to the open source community.
## New types
### Anonymisation
Sharing and exchanging information encompasses a lot of models, communities or practices, the MISP project is involved in different discussions and projects building sharing and information exchange communities. A complex topic is often evaluated which is the anonymisation of information exchanged. Sharing anonymised information is once in a while just a step to share knowledge about information. We introduced a new type in MISP called anonymised which can be combined with a new object called [anonymisation](https://www.misp-project.org/objects.html#_anonymisation).
![](/assets/images/misp/blog/anon-graph.png){:class="img-responsive"}
![](/assets/images/misp/blog/anon2.png){:class="img-responsive"}
![](/assets/images/misp/blog/anonymisation.png){:class="img-responsive"}
The model designed is flexible and can be extended with new anonymisation techniques or approaches. We are standing on the shoulders of giants such as open source tools like [Crypto-PAn](https://www.cc.gatech.edu/computing/Networking/projects/cryptopan/), [ipsumpdump](https://github.com/kohler/ipsumdump) or [arx](https://arx.deidentifier.org/).
### Bro -> Zeek
The open source NIDS [Bro project was renamed Zeek](https://blog.zeek.org/2018/10/renaming-bro-project_11.html) in late 2018. Bro has a growing community and NIDS are important to ensure the detection and enforcement at network level of threat intelligence shared within various communities. We added a new MISP type called zeek which can be used just like the bro type (which will remain to ensure backward compatibility). As diversity is important in information security and open source NIDS, MISP standard core format supports [Suricata](https://suricata-ids.org/), [Snort](https://www.snort.org/) and [Zeek](https://www.zeek.org/).
We would like to thank all the contributors, reporters and users who helped us in the past months to improve MISP and information sharing at large. As this is the FOSDEM release, we would like to praise all the open source software and authors who helped us to make the MISP project a reality including (in no particular order and it's not exhaustive) [Redis](https://redis.io/), [PHP](http://php.net/), [Python](https://www.python.org/), [TheHive Project](https://thehive-project.org/), [LIEF - Library to Instrument Executable Formats](https://lief.quarkslab.com/), [MariaDB](https://mariadb.org/), [vis.js](http://visjs.org/index.html)
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
A detailed and [complete changelog is available](http://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.
Don't hesitate to have a look at our [events page](http://www.misp-project.org/events/) to see our next trainings, talks and activities to improve threat intelligence, analytics and automation.