MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [blog] MISP v2.4.116

pull/15/head
Alexandre Dulaunoy 2019-09-17 12:42:58 +02:00
parent 7e26d8788c
commit d4bbc01c69
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
_posts/2019-09-17-MISP.2.4.116.released.md Normal file
View File

@ -0,0 +1,34 @@
---
title: MISP 2.4.116 released (aka the new decaying feature)
layout: post
featured: /assets/images/misp/blog/decay.png
---
# MISP 2.4.116 released
A new version of MISP ([2.4.116](https://github.com/MISP/MISP/tree/v2.4.116)) with a major new feature for decaying indicators, new ATT&CK sightings export and a new sync priority capability.
## Major new feature - decaying indicators
After some years of gathering requirements, doing [some research](https://arxiv.org/abs/1803.11052) and implementation, MISP 2.4.116 finally includes [a new extensive feature for Decaying of Indicators with MISP](https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html) using an improved model to expire indicators based on custom and shareable models.
The feature allows MISP users to have a simple yet customisable system to automatically (or in some cases manually) mark an Indicator Of Compromise (or more generically, an Attribute) as expired. The expiration feature allows to overlay in real-time computer score on all attributes that have been mapped to a decaying model. The feature has been designed to not change the attributes per se but to extend the meta information available about the attribute. The feature is accessible via the user-interface but also via the API to allow the filtering of attributes based on a decaying model.
<img src="/assets/images/misp/blog/decaying/dm-event.png" alt="Decaying Model index" width="700"/>
The feature is exhaustive and we highly recommend to read the [blog post and watch the video of the complete new feature](https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html) or [the slides from the MISP training](https://www.misp-project.org/misp-training/a.5-decaying-indicators.pdf). As usual with MISP project, MISP comes with a set of default decaying model which can be expanded locally or contributed back to the community at large.
## ATT&CK sighting
More and more users and communities are using the ATT&CK framework to contextualise information shared within MISP. The fine team of [ATT&CK recently created a format to share the sightings](https://attack.mitre.org/resources/sightings/) associated with the techniques. MISP 2.4.116 now has a new output format available which allows to export the sighting format and share it back to the community or with MITRE to give insights about the techniques frequently used.
## New sync priority
When having a lot of MISP server to sync with, you might want to prioritise the sync for specific communities or MISP instance. In 2.4.116, we introduced the ability to order the priority of the sync between MISP instances.
# Acknowledgement
We would like to thank all the [contributors](/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.