chg: [blog] 2.4.135 added

pull/35/head
Alexandre Dulaunoy 2020-12-23 18:19:25 +01:00
parent ed963cd5bb
commit e239ec6a2a
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 41 additions and 0 deletions

View File

@ -0,0 +1,41 @@
---
title: MISP 2.4.135 released (galaxy 2.0)
layout: post
featured: /assets/images/galaxy2.0/4.jpeg
---
# MISP 2.4.135 released
Dont let the minor version number change fool you, this release is a game changer for MISP and information sharing in general. Galaxy 2.0 is the ability to customise Galaxy cluster (threat-actor, @MITREattack or any knowledge base) but also to extend and share it within your community or at large scale. This release also includes many new improvements such as a new authkey system to better handle your API keys in MISP.
![](https://www.misp-project.org/assets/images/galaxy2.0/1.jpeg)
![](https://www.misp-project.org/assets/images/galaxy2.0/2.jpeg)
![](https://www.misp-project.org/assets/images/galaxy2.0/3.jpeg)
![](https://www.misp-project.org/assets/images/galaxy2.0/4.jpeg)
The galaxy 2.0 feature is large and provide many new features. For a complete overview, the [following slide deck](https://www.misp-project.org/misp-training/a.10-galaxy-2.0.pdf) provides a good introduction to galaxy 2.0.
# New Advanced API authkeys
Advanced authkeys will allow each user to create and manage a set of authkeys for themselves, each with individual expirations and comments. API keys are stored in a hashed state and can no longer be recovered from MISP. Users will be prompted to note down their key when creating a new authkey. You can generate a new set of API keys for all users on demand in the diagnostics page, or by triggering the advanced upgrade. If you upgrade your MISP, you need to enable this new feature in the security configuration (Security.advanced_authkeys).
# JARM fingerprint format added
MISP (and MISP standard format) now includes the support for [JARM](https://github.com/salesforce/jarm), active Transport Layer Security (TLS) server fingerprinting tool.
# STIX 2 import improvement
- Fixed parsing of objects mapped into galaxies for external STIX.
- For objects from external STIX content that should be mapped as galaxies (such as malware, threat actor, and so on), we do not only test the perfect match with one of the galaxy names in the mapping dictionary, we also test now if the galaxy name is contained in any of the known galaxy names of the dictionary
A host of other improvements are documented in the [complete changelog is available](https://www.misp-project.org/Changelog.txt).
# Acknowledgement
We would like to thank all the [contributors](https://www.misp-project.org/contributors), reporters and users who have helped us in the past months to improve MISP and information sharing at large. This release includes multiple updates in [misp-objects](https://www.misp-project.org/objects.html), [misp-taxonomies](https://www.misp-project.org/taxonomies.html) and [misp-galaxy](https://www.misp-project.org/galaxy.html)
.
As always, a detailed and [complete changelog is available](https://www.misp-project.org/Changelog.txt) with all the fixes, changes and improvements.