mirror of https://github.com/MISP/misp-website
removed 404 link
parent
527992d99f
commit
da76a67bc1
|
@ -6,7 +6,7 @@ featured: /assets/images/misp-small.png
|
||||||
|
|
||||||
A new version of MISP [2.4.88](https://github.com/MISP/MISP/tree/v2.4.88) has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, various API improvements and many bug fixes
|
A new version of MISP [2.4.88](https://github.com/MISP/MISP/tree/v2.4.88) has been released including fuzzy hashing correlation (ssdeep), STIX 1.1 import functionality, various API improvements and many bug fixes
|
||||||
|
|
||||||
Fuzzy hashing (e.g ssdeep or tlsh) is a commonly used technique used to classify malware, binaries or even text. The MISP correlation engine has always been supporting a simple yet powerful matchinging algorithm to find similar attributes. After [an insightful session in Austria](https://www.brz.gv.at/BRZ_News/besser_vernetzt_besser_geschuetzt.html) with Manfred Kaiser working at bmlv.gv.at and based on the previous work of [Brian Wallace](https://github.com/bwall) on ssdeep clustering, MISP 2.4.88 introduces the ability to correlate similar binaries (or just their values) using fuzzy hashing via ssdeep. In addition to the standard and advanced correlation algorithms (e.g. CDIR block matching) in MISP, fuzzy hashing correlation allows the matching of similarities among a set of binaries. The installation of the feature is described in the [README.install](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt#L316) and don't forget to set the correlation threshold for ssdeep in MISP serverSetttings (e.g. MISP.ssdeep_correlation_threshold).
|
Fuzzy hashing (e.g ssdeep or tlsh) is a commonly used technique used to classify malware, binaries or even text. The MISP correlation engine has always been supporting a simple yet powerful matchinging algorithm to find similar attributes. After an training insightful session in Austria with Manfred Kaiser working at bmlv.gv.at and based on the previous work of [Brian Wallace](https://github.com/bwall) on ssdeep clustering, MISP 2.4.88 introduces the ability to correlate similar binaries (or just their values) using fuzzy hashing via ssdeep. In addition to the standard and advanced correlation algorithms (e.g. CDIR block matching) in MISP, fuzzy hashing correlation allows the matching of similarities among a set of binaries. The installation of the feature is described in the [README.install](https://github.com/MISP/MISP/blob/2.4/INSTALL/INSTALL.ubuntu1604.txt#L316) and don't forget to set the correlation threshold for ssdeep in MISP serverSetttings (e.g. MISP.ssdeep_correlation_threshold).
|
||||||
|
|
||||||
As of 2.4.88, MISP supports STIX 1.1.1 XML import from the user-interface similarly to how MISP JSON format data is used to create new events. We hope this will help users to import existing threat intelligence from other sources and benefit from the MISP standard format functionality. If you have any issues with import functionalities feel free to [send us sample STIX 1.1.1 files](https://www.misp-project.org/who/#contact).
|
As of 2.4.88, MISP supports STIX 1.1.1 XML import from the user-interface similarly to how MISP JSON format data is used to create new events. We hope this will help users to import existing threat intelligence from other sources and benefit from the MISP standard format functionality. If you have any issues with import functionalities feel free to [send us sample STIX 1.1.1 files](https://www.misp-project.org/who/#contact).
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue