MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Update 2019-01-20-MISP.2.4.101.released.md

pull/8/head
Andras Iklody 2019-01-20 22:08:34 +01:00 committed by GitHub
parent 7862095c92
commit e9dcafa1d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
_posts/2019-01-20-MISP.2.4.101.released.md
View File

@ -4,23 +4,25 @@ layout: post
featured: /assets/images/misp-small.png
---
A new version of MISP ([2.4.101](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with 3 new features (tag collection, improved tag/galaxy selector and MISP instance caching), many improvements and bug fixes.
A new version of MISP ([2.4.101](https://github.com/MISP/MISP/tree/v2.4.100)) has been released with 3 main new features (tag collections, improved tag/galaxy selector and MISP instance caching), along with a host of improvements and bug fixes.
## Tag collections
![](/assets/images/misp/blog/tag-collection-creation.png)
Contextualisation in threat intelligence is a key activity when performing analysis, review or processing information from internal or external sources. The task can be tedious but it's a critical step to ensure quality and the ability to automatically process the information in your MISP instance. MISP 2.4.101 introduces a new concept to improve the time-to-contextualise for users using MISP. Tag collection is a new feature to predefine a set of tags (from taxonomies) and/or galaxy information attached to a collection name. Then analysts can use the collection name as a single step to classify information with all the elements declared in the collection. The functionality is a significant aid to everyone using MISP to lower the time to classify or ensure a complete set of information attached to an event or attribute. This first version is a step before improving the sharing on how analysts are working together by sharing their practices.
Contextualisation in threat intelligence is one of the key activities when performing analysis, reviewing or processing information from internal or external sources. The task can be rather tedious, but nevertheless, it's a critical step in ensuring the quality and the information's capacity to be used for automatic processing in your MISP instance. MISP 2.4.101 introduces a new concept, in an attempt to improve the "time-to-contextualise" information for users using MISP. Tag collections, a new feature in 2.4.101, aim to allow users to predefine re-usable structures consisting of a set of tags (from taxonomies) along with galaxy information attached. Analysts can use these named collections to quickly classify information with all of the contextualisation labels declared in the collection. This functionality enables anyone using MISP to significantly lower the time it takes to classify information and to ensure that all the pre-defined context related information is attached to an event or attribute. This feature is a first step in opening up the sharing of analysis best practices directly via the platform.
## Improved tag/galaxy selector
![](/assets/images/misp/blog/tag-collection.png)
The success of MISP taxonomies and galaxy had a small drawback. The user-interface of MISP (adding tags/galaxy) was originally designed for small set of taxonomies. So adding multiple tags and galaxy became a tedious task when selecting multiple tags and galaxy. To solve this issue, a complete new selector has been added to easily add multiple tags and galaxy. The design was based on various issues and feedback we received from private organisations, CSIRTs and analysts. Let us know what you think about and don't hesitate to [open an issue for bugs or any feedback on the improved selector](https://github.com/MISP/MISP/issues).
The success of MISP taxonomies and galaxies since their inception has been suffering from a minor drawback. When we originally designed the user-interface of MISP (adding tags/galaxy), our immediate intent was to handle a rather small set of taxonomies. Since then we have come a long way and thanks to the many excellent contributions we've received from the community, the ugly side effect of our original design decisions reared its head: adding multiple tags and galaxies has become a tedious chore, especially when trying to contextualise several aspects of the information to be shared, using multiple tags and galaxies.
In order to solve this issue, a complete new selector-system has been added to ease the process of adding multiple tags and galaxies. The design was based on various issues and the feedback we have received from private organisations, CSIRTs and analysts. Let us know what you think about it and don't hesitate to [open an issue for bugs or feedback on the improved selector](https://github.com/MISP/MISP/issues).
## MISP instance caching
Synchronisation between MISP instances is a core functionality for MISP to support information sharing and exchange. This release includes a new feature to perform MISP remote instance caching without the need to synchronise and pull events. The MISP instance caching feature supports the built-in correlation from MISP. The overlap matrix for the feeds also includes the cached remote MISP instances to show the overlapping information between the different sources.
Synchronisation between MISP instances has always been a core functionality of MISP in order to support information sharing and exchange. This release includes a new feature to perform MISP remote instance caching without the need to synchronise and pull events. The MISP instance caching feature supports the built-in correlation system of MISP along with the overlap matrix of the feed system. This allows users to see cross-instsance correlations without the need to ingest the data of other instances directly and to include remote instances in the feed correlation system to compare how the information of feeds stacks up to that contained on other instances. This also opens up a host of possible multi-MISP scenarios when it comes to running collection-oriented "junk" MISPs internally and being able to cross correlate them with the operational instances.
## New attribute type