chg: [blog] 2.4.104 updated

iglocska-patch-1
Alexandre Dulaunoy 2019-03-27 07:46:36 +01:00
parent a816ae1071
commit dcdc3c8b56
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 28 additions and 4 deletions

View File

@ -11,15 +11,13 @@ f event and attribute distribution, bookmarked history in REST client and many o
## New overlap feed comparator ## New overlap feed comparator
Feed can now be compared to other feeds (cached feeds and cached MISP servers). This helps if you can cover the contents with a combination of other cached feeds. This feature can be useful Feed can now be compared to other feeds (cached feeds and cached MISP servers). This helps if you can cover the contents with a combination of other cached feeds. This feature can be useful to carefully evaluate new feeds against other ones.
to carefully evaluate new feeds against other ones.
![Comparing a MISP feed to other feeds and check its coverage](/assets/images/misp/blog/feed-coverage.png) ![Comparing a MISP feed to other feeds and check its coverage](/assets/images/misp/blog/feed-coverage.png)
## Distribution graph ## Distribution graph
A new distribution visualisation graph has been introduced to quickly view where information will be distributed. This allows users to get an overview how far events and attributes will be d A new distribution visualisation graph has been introduced to quickly view where information will be distributed. This allows users to get an overview how far events and attributes will be distributed and shows the member of the community who will get the information shared.
istributed and shows the member of the community who will get the information shared.
![MISP distribution graph example](/assets/images/misp/blog/distribution-graph.png) ![MISP distribution graph example](/assets/images/misp/blog/distribution-graph.png)
@ -30,6 +28,32 @@ The MISP UI REST Client now keeps an history of all the queries performed. The q
![MISP REST Client bookmarks](/assets/images/misp/blog/rest-bookmarks.png) ![MISP REST Client bookmarks](/assets/images/misp/blog/rest-bookmarks.png)
## Required taxonomy
On a MISP instance, you can now require to have at least one tag set from one or more taxonomy before publishing an event. This feature is useful for organisations who have mandatory taxonomies to be set (such as CSIRTs with TLP, military organisation with mandatory classification or an ISAC with required contextualisation).
## Kafka publishing
## Improvements
- A new ATT&CK heatmap is now displayed per threat-actor aggregating information from the various events and attributes in MISP where the techniques are linked to a specific threat actor.
- All galaxy matrix type are now included in the statistic page.
- [API] Pagination is now available to the event index.
- Galaxies can now be deleted from the user-interface.
- A new exercise setup script has been introduced to setup MISP instances for training or exercise:
- assumes a hub MISP and a set of training MISPs for different participating teams
- This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
- each instance has to have the same API key for the site admin (the idea is to clone training VMs)
- configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances
## Bug fixes
- Upgraded to the latest version of CakePHP.
- Bro/Zeek export fixed including the cached export feature.
- STIX 2 export various fixes.
- Some improvements to the RPZ export format to include serial.
- Multiple bugs fixed in the ZMQ.
A host of bugs were squashed and various small improvements were implemented. A host of bugs were squashed and various small improvements were implemented.
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf), [taxonomies](/taxonomies.pdf) and [warning-lists](https://www.github.com/MISP/misp-warninglists) were extended by many contributors, whic MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf), [taxonomies](/taxonomies.pdf) and [warning-lists](https://www.github.com/MISP/misp-warninglists) were extended by many contributors, whic