MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-06-14-MISP.2.4.109.released.md

pull/10/head
Andras Iklody 2019-06-13 22:11:04 +02:00 committed by GitHub
parent abf01083d7
commit e95487b028
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
_posts/2019-06-14-MISP.2.4.109.released.md
View File

@ -4,26 +4,26 @@ layout: post
featured: /assets/images/misp/blog/attribute-to-object.gif
---
A new version of MISP ([2.4.109](https://github.com/MISP/MISP/tree/v2.4.109)) has been released with a host of new features, improvements, bugs fixed and a minor security fix. We strongly advise all users to update their MISP installations to this latest version.
A new version of MISP ([2.4.109](https://github.com/MISP/MISP/tree/v2.4.109)) has been released with a host of new features, improvements, bug fixes and a minor security fix. We strongly advise all users to update their MISP installations to this latest version.
# New main features
## New easy attributes to object functionality
## Encapsulate existing attributes into an object
![](https://www.misp-project.org/assets/images/misp/blog/attribute-to-object.gif)
When an analyst inserts information in MISP, it's very common to start with a set of unstructured indicators/attributes. At a later stage, common structures emerge and combining attributes into an object makes sense. But it was a cumbersome process as you had to pick a object and encode again the attributes in a object. We introduced a new feature to easily select a set of attributes and propose automatically the possible object templates. Then you select the template and the object is created.
When an analyst inserts information into MISP, it's very common to start with a set of unstructured indicators/attributes. At a later stage, common structures emerge and combining attributes into objects start making more and more sense. However, the effort spent on the process of attribute creation would have to be repeated in prior versions via the object creation interface, something that resulted in analysts deciding to save time and effort and move on, leaving the unstructured data as is. To reduce the workload needed to bring structure to our prior work, we have now introduced a new feature, allowing users to easily select a set of attributes and automatically propose suitable object templates depending on the combination of types of the selected attributes. These in turncan be gathered and processed into the desired object.
## Improved ATT&CK and ATT&CK-like matrix support
![](https://www.misp-project.org/assets/images/misp/blog/attack-new.png)
![](https://www.misp-project.org/assets/images/misp/blog/fraud-tactics.png)
We received exhaustive feedback during FIRST.org CTI conference in London and the [ATT&CK EU community](https://www.attack-community.org/) workshop at Eurocontrol concerning the ATT&CK integration in MISP. The matrix visualisation is improved by sorting the elements based on their scores. The statistics for all the matrix-like galaxy can now be easily queried per time-range or organisation.
We received exhaustive feedback during the FIRST.org CTI conference in London and the [ATT&CK EU community](https://www.attack-community.org/) workshop at Eurocontrol concerning the ATT&CK integration in MISP. The matrix visualisation has been improved by sorting and reorganising the individual techniques based on their aggregate scores. These statistics can now easily be queried based on time-ranges, organisations, tags, along with all other restSearch enabled filters to generate Att&ck like matrix views..
# Security fix - CVE-2019-12794
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this. [CVE-2019-12794](https://cve.circl.lu/cve/CVE-2019-12794) Thanks to Raymond Schippers for the report.
An issue was discovered in MISP 2.4.108. Organisation admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users) or impersonate them by reusing their API keys. This could be abused in a situation where the host organisation of an instance decides to use organisation admins to further manage their own users. The potential for abuse is limited to situations where the host organisation of an instance creates lower-privilege organisation admins instead of the usual site admins, so whilst it was indeed in the spirit of what the powers of organisation admins are, we agree that this was a bad design decision. [CVE-2019-12794](https://cve.circl.lu/cve/CVE-2019-12794) Thanks to Raymond Schippers for the report.
## API
@ -37,7 +37,7 @@ An issue was discovered in MISP 2.4.108. Organization admins could reset credent
# Bugs fixed
- A long-standing bug has been fixed when adding tag or galaxy while using Firefox.
- A long-standing bug has been fixed when adding tags or galaxies whilst using Firefox.
- [permissions] Fixed the default sync/user/publisher permissions to include perm_tagger and perm_tag_editor(sync only).
- And many other [fixes](https://www.misp-project.org/Changelog.txt).
@ -53,5 +53,5 @@ As always, a detailed and [complete changelog is available](https://www.misp-pro
# Warning: Next release 2.4.110
The next version of MISP will include major changes in the data-model to introduce new functionalities to support forensic capabilities and especially improved time representation for MISP attributes and objects. The next release will update various tables but the automatic update might take some more time (between 30 and 45 minutes) depending how large is your attributes table. During that update, your MISP instance will be unavailable until the update is performed. We notify in advance our users to prepare their upgrade plan for the next release 2.4.110.
The next version of MISP will include major changes to the data-model by introducing new functionalities that support forensic capabilities, with a special focus on improving the time representation of MISP attributes and objects. The next release will update various tables in the database as usual, but the automatic update might take longer than usual (on larger instances between 30 and 45 minutes) depending on the number of attributes stored in the instance. During the update procedure, MISP will be unavailable until the update is complete. We will notify our users in advance to prepare their upgrade plan for the next release 2.4.110.