mirror of https://github.com/MISP/misp-website
85 lines
4.0 KiB
Markdown
85 lines
4.0 KiB
Markdown
---
|
|
title: MISP 2.4.165 released with many improvements, bugs fixed and security fixes.
|
|
date: 2022-11-21
|
|
layout: post
|
|
banner: /img/blog/workflow.png
|
|
---
|
|
|
|
We are pleased to announce the immediate availability of [MISP v2.4.165](https://github.com/MISP/MISP/releases/tag/v2.4.165) with many improvements to the workflow subsystem along with various performance improvements.
|
|
|
|
# Improvements
|
|
|
|
- [workflow] Module to toggle/remove the to_ids flag
|
|
- [workflow] Added generic module to support attribute edition
|
|
- [workflow] [triggers:event_after_save_new] Added 2 new triggers for new events and new events from pull.
|
|
- [workflow:execute_module] Allow to ignore format conversion before executing module.
|
|
- [workflows:triggers] Added filtering capability on the index
|
|
- [CLI] Feed management added
|
|
- [CLI] Pretty and JSON output added in list and view feeds
|
|
- [Auth] OpenID connect improved
|
|
- [freetext] Fetch security vendor domains from [warninglist](https://github.com/MISP/misp-warninglists)
|
|
- [UI] Allow to disable PGP key fetching
|
|
- [UI] Show warning if user don't have permission to use API
|
|
- [tool:evengraph] Include relationships when using pivot key
|
|
- [UI] Show servers where event will be pushed
|
|
|
|
# Performance improvements
|
|
|
|
- [feed] Store freetext feed compressed in cache
|
|
- [internal] Store some data in Redis compressed to save memory
|
|
- [correlation] Do not correlate over correlating value again for full correlation
|
|
- [internal] Add support for [simdjson](https://github.com/simdjson/simdjson) extension
|
|
- [warninglist] Load warninglist from Redis for TLDs and security vendors
|
|
|
|
# Bugs fixed
|
|
|
|
- [tags] not passing name, filter, search all together would lead to the search not working
|
|
|
|
# Security issues
|
|
|
|
- [security] Permission for tag collections
|
|
- [security] Check user permission when attaching clusters
|
|
|
|
We strongly recommend MISP administrators to update to this latest version.
|
|
|
|
For a more detailed changelog, please see the online [Changelog](https://www.misp-project.org/Changelog.txt).
|
|
|
|
# New workflow blueprints available
|
|
|
|
New [workflow blueprints](https://github.com/MISP/misp-workflow-blueprints/) were added to support new use-cases.
|
|
|
|
- [Attach `tlp:clear` on `tlp:white`](./blueprints/blueprint_attach-tlp_clear-on-tlp_white_1661328256.json) - Attach the `tlp:clear` tag on elements having the `tlp:white` tag.
|
|
- [`PAP:RED` and `tlp:red` Blocking](./blueprints/blueprint_pap_red-and-tlp_red-blocking_1661328258.json) - Block actions if any attributes have the `PAP:RED` or `tlp:red` tag.
|
|
- [Remote `to_ids` flag if the indicator appears in known file list](https://github.com/MISP/misp-workflow-blueprints/blob/main/blueprints/blueprint_disable-to_ids-flag-for-existing-hash-in-hashlookup_1667228944.json) - Disable to_ids flag for existing hash in [hashlookup](https://www.hashlookup.io/).
|
|
- [Set tag based on BGP Ranking maliciousness level](https://github.com/MISP/misp-workflow-blueprints/blob/main/blueprints/blueprint_set-tag-based-on-bgp-ranking-maliciousness-level_1668498668.json) - Set tag based on [BGP Ranking](https://bgpranking.circl.lu) maliciousness level.
|
|
|
|
# New MISP modules
|
|
|
|
- [expansion] Added extract_url_components module to create an object from an URL attribute.
|
|
- [expansion] New [crowdsec](https://www.crowdsec.net/) expansion module added.
|
|
- [expansion] New [VARIoT IoT exploits database](https://www.variotdbs.pl/exploits/) expansion module added.
|
|
- [expansion] Updates on hyasinsight expansion module.
|
|
|
|
# MISP taxonomies
|
|
|
|
- new misp-workflow taxonomy to have a consistent tag message for the MISP workflow.
|
|
- Taxonomy in support of integrating MISP with Sentinel. Sentinel indicator threat types added.
|
|
|
|
For more [details](https://www.misp-project.org/Changelog-misp-taxonomies.txt).
|
|
|
|
# MISP galaxy
|
|
|
|
- Many updates to the threat actor database.
|
|
- Update to the MITRE ATT&CK framework to version 12.0.
|
|
|
|
For more [details](https://www.misp-project.org/Changelog-misp-galaxy.txt).
|
|
|
|
# MISP objects
|
|
|
|
- New object to describe Telegram bots.
|
|
- Updated exploit object.
|
|
|
|
For more [details](https://www.misp-project.org/Changelog-misp-objects.txt).
|
|
|
|
|