mirror of https://github.com/MISP/misp-website
First version of 2.4.85 release
parent
15b9ab0b7c
commit
ed3379f624
|
@ -0,0 +1,53 @@
|
||||||
|
---
|
||||||
|
title: MISP 2.4.85 released (aka feeds and warning-lists improvement and more)
|
||||||
|
layout: post
|
||||||
|
featured: /assets/images/misp-small.png
|
||||||
|
---
|
||||||
|
|
||||||
|
A new version of MISP [2.4.85](https://github.com/MISP/MISP/tree/v2.4.85) has been released including improvements in feed ingestion performance, warning-lists handling and many bug fixes.
|
||||||
|
|
||||||
|
Warning-lists can now be used for filtering out import when using the API via /attributes/add either pass the url param /enforceWarninglist:1 or set the "enforceWarninglist":1 key on individual attributes to be checked.
|
||||||
|
|
||||||
|
Warning-lists performance is improved especially on the ingestion, the deletion of the warning-lists can be done from the UI and very large warning-lists are now properly to avoid MySQL packet issue.
|
||||||
|
|
||||||
|
Feed quick sync is now part of MISP allowing to import attributes using the precalculated cache without parsing the complete feed. We strongly recommend
|
||||||
|
feed provider to use the [latest feed generator](https://github.com/MISP/PyMISP/commit/195cd6d7fc305ac6628ed8f2ff762b3f69a9b6ca) in PyMISP to benefit from the feed quick sync.
|
||||||
|
|
||||||
|
Tags can now be restricted to a single user (in addition to the existing restriction per user). This can help to
|
||||||
|
support analyst workflow process where a certain type of users can tag or classify in an organisation.
|
||||||
|
|
||||||
|
Auth keys of user can now be reset from the command line by using `/var/www/MISP/app/Console/cake Authkey [email@of.user]`.
|
||||||
|
|
||||||
|
Improvement and cleanup in the event index:
|
||||||
|
|
||||||
|
- removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases
|
||||||
|
- hanged the behaviour when users click on org logoes (redirect to filtered index)
|
||||||
|
|
||||||
|
Various UI improvement to clear out the interface for the analysts like the collapse of attributes with high-correlation:
|
||||||
|
|
||||||
|
![collapse of correlation](/assets/images/misp/blog/collapse.png){:class="img-responsive"}
|
||||||
|
|
||||||
|
Or sighting view in the object is now properly working.
|
||||||
|
|
||||||
|
New attribute types were introduced in MISP in order to improve the support of new or improved objects:
|
||||||
|
|
||||||
|
- x509-fingerprint-sha256 - to support the updated [x509 object](https://www.misp-project.org/objects.html#_x509)
|
||||||
|
- x509-fingerprint-md5 - to support the updated [x509 object](https://www.misp-project.org/objects.html#_x509)
|
||||||
|
- stix2-pattern - to a new [stix2-pattern object](https://www.misp-project.org/objects.html#_stix2_pattern)
|
||||||
|
- whois-registrant-org - to support the updated [whois object](https://www.misp-project.org/objects.html#_whois)
|
||||||
|
|
||||||
|
The STIX 2.0 export significantly improved to support the full range of mapping between MISP standard and STIX 2.0 standard.
|
||||||
|
If a mapping is not supported in the STIX 2.0 standard, we also export custom objects to allow organisations to still get
|
||||||
|
MISP information in the STIX export. The basic logic for STIX 2.0 import has been implemented to make a first version in
|
||||||
|
the next release.
|
||||||
|
|
||||||
|
Many bug fixes and improvement were introduced in this version.
|
||||||
|
|
||||||
|
The full change log is available [here](https://www.misp.software/Changelog.txt). [PyMISP change log](https://www.misp.software/PyMISP-Changelog.txt) is also available.
|
||||||
|
|
||||||
|
PyMISP has been also updated on a cleverer approach to timestamp handling while updating MISP JSON file. The PyMISP documentation has been updated [PDF](https://media.readthedocs.org/pdf/pymisp/latest/pymisp.pdf).
|
||||||
|
|
||||||
|
MISP [galaxy](/galaxy.pdf), [objects](/objects.pdf) and [taxonomies](/taxonomies.pdf) were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a `git submodule update` and update galaxies, objects and taxonomies via the UI.
|
||||||
|
|
||||||
|
New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on. [For more information and registration](https://www.circl.lu/services/misp-training-materials/). We have also many other trainings and events foreseen in 2018, [for more information](/events/)
|
||||||
|
|
Loading…
Reference in New Issue