MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

removed 404 link

pull/3/head
Alexandre Dulaunoy 2018-02-22 14:50:11 +01:00
parent 527992d99f
commit da76a67bc1
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/2018-02-21-MISP.2.4.88.released.md
View File

@ -6,7 +6,7 @@ featured: /assets/images/misp-small.png
A new version of MISP [2.4.88](https://github.com/MISP/MISP/tree/v2.4.88) has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, various API improvements and many bug fixes
Fuzzy hashing (e.g ssdeep or tlsh) is a commonly used technique used to classify malware, binaries or even text. The MISP correlation engine has always been supporting a simple yet powerful matchinging algorithm to find similar attributes. After [an insightful session in Austria](https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html) with Manfred Kaiser working at bmlv.gv.at and based on the previous work of [Brian Wallace](https://github.com/bwall) on ssdeep clustering, MISP 2.4.88 introduces the ability to correlate similar binaries (or just their values) using fuzzy hashing via ssdeep. In addition to the standard and advanced correlation algorithms (e.g. CDIR block matching) in MISP, fuzzy hashing correlation allows the matching of similarities among a set of binaries. The installation of the feature is described in the [README.install](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt#L316) and don't forget to set the correlation threshold for ssdeep in MISP serverSetttings (e.g. MISP.ssdeep_correlation_threshold).
Fuzzy hashing (e.g ssdeep or tlsh) is a commonly used technique used to classify malware, binaries or even text. The MISP correlation engine has always been supporting a simple yet powerful matchinging algorithm to find similar attributes. After an training insightful session in Austria with Manfred Kaiser working at bmlv.gv.at and based on the previous work of [Brian Wallace](https://github.com/bwall) on ssdeep clustering, MISP 2.4.88 introduces the ability to correlate similar binaries (or just their values) using fuzzy hashing via ssdeep. In addition to the standard and advanced correlation algorithms (e.g. CDIR block matching) in MISP, fuzzy hashing correlation allows the matching of similarities among a set of binaries. The installation of the feature is described in the [README.install](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt#L316) and don't forget to set the correlation threshold for ssdeep in MISP serverSetttings (e.g. MISP.ssdeep_correlation_threshold).
As of 2.4.88, MISP supports STIX 1.1.1 XML import from the user-interface similarly to how MISP JSON format data is used to create new events. We hope this will help users to import existing threat intelligence from other sources and benefit from the MISP standard format functionality. If you have any issues with import functionalities feel free to [send us sample STIX 1.1.1 files](https://www.misp-project.org/who/#contact).