From ed3379f624b329e89ef50b2417670854e1a3fcc6 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 22 Dec 2017 21:02:01 +0100 Subject: [PATCH] First version of 2.4.85 release --- _posts/2017-12-22-MISP.2.4.85.released.md | 53 +++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100755 _posts/2017-12-22-MISP.2.4.85.released.md diff --git a/_posts/2017-12-22-MISP.2.4.85.released.md b/_posts/2017-12-22-MISP.2.4.85.released.md new file mode 100755 index 0000000..36ad77b --- /dev/null +++ b/_posts/2017-12-22-MISP.2.4.85.released.md @@ -0,0 +1,53 @@ +--- +title: MISP 2.4.85 released (aka feeds and warning-lists improvement and more) +layout: post +featured: /assets/images/misp-small.png +--- + +A new version of MISP [2.4.85](https://github.com/MISP/MISP/tree/v2.4.85) has been released including improvements in feed ingestion performance, warning-lists handling and many bug fixes. + +Warning-lists can now be used for filtering out import when using the API via /attributes/add either pass the url param /enforceWarninglist:1 or set the "enforceWarninglist":1 key on individual attributes to be checked. + +Warning-lists performance is improved especially on the ingestion, the deletion of the warning-lists can be done from the UI and very large warning-lists are now properly to avoid MySQL packet issue. + +Feed quick sync is now part of MISP allowing to import attributes using the precalculated cache without parsing the complete feed. We strongly recommend +feed provider to use the [latest feed generator](https://github.com/MISP/PyMISP/commit/195cd6d7fc305ac6628ed8f2ff762b3f69a9b6ca) in PyMISP to benefit from the feed quick sync. + +Tags can now be restricted to a single user (in addition to the existing restriction per user). This can help to +support analyst workflow process where a certain type of users can tag or classify in an organisation. + +Auth keys of user can now be reset from the command line by using `/var/www/MISP/app/Console/cake Authkey [email@of.user]`. + +Improvement and cleanup in the event index: + +- removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases +- hanged the behaviour when users click on org logoes (redirect to filtered index) + +Various UI improvement to clear out the interface for the analysts like the collapse of attributes with high-correlation: + +![collapse of correlation](/assets/images/misp/blog/collapse.png){:class="img-responsive"} + +Or sighting view in the object is now properly working. + +New attribute types were introduced in MISP in order to improve the support of new or improved objects: + +- x509-fingerprint-sha256 - to support the updated [x509 object](https://www.misp-project.org/objects.html#_x509) +- x509-fingerprint-md5 - to support the updated [x509 object](https://www.misp-project.org/objects.html#_x509) +- stix2-pattern - to a new [stix2-pattern object](https://www.misp-project.org/objects.html#_stix2_pattern) +- whois-registrant-org - to support the updated [whois object](https://www.misp-project.org/objects.html#_whois) + +The STIX 2.0 export significantly improved to support the full range of mapping between MISP standard and STIX 2.0 standard. +If a mapping is not supported in the STIX 2.0 standard, we also export custom objects to allow organisations to still get +MISP information in the STIX export. The basic logic for STIX 2.0 import has been implemented to make a first version in +the next release. + +Many bug fixes and improvement were introduced in this version. + +The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available. + +PyMISP has been also updated on a cleverer approach to timestamp handling while updating MISP JSON file. The PyMISP documentation has been updated [PDF](https://media.readthedocs.org/pdf/pymisp/latest/pymisp.pdf). + +MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI. + +New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on. [For more information and registration](https://www.circl.lu/services/misp-training-materials/). We have also many other trainings and events foreseen in 2018, [for more information](/events/) +