3.8 KiB
Executable File
| title | layout | featured |
|---|---|---|
| MISP 2.4.85 released (aka feeds and warning-lists improvement and more) | post | /assets/images/misp-small.png |
A new version of MISP 2.4.85 has been released including improvements in feed ingestion performance, warning-lists handling and many bug fixes.
Warning-lists can now be used for filtering out import when using the API via /attributes/add either pass the url param /enforceWarninglist:1 or set the "enforceWarninglist":1 key on individual attributes to be checked.
Warning-lists performance is improved especially on the ingestion, the deletion of the warning-lists can be done from the UI and very large warning-lists are now properly to avoid MySQL packet issue.
Feed quick sync is now part of MISP allowing to import attributes using the precalculated cache without parsing the complete feed. We strongly recommend feed provider to use the latest feed generator in PyMISP to benefit from the feed quick sync.
Tags can now be restricted to a single user (in addition to the existing restriction per user). This can help to support analyst workflow process where a certain type of users can tag or classify in an organisation.
Auth keys of user can now be reset from the command line by using /var/www/MISP/app/Console/cake Authkey [email@of.user].
Improvement and cleanup in the event index:
- removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases
- hanged the behaviour when users click on org logoes (redirect to filtered index)
Various UI improvement to clear out the interface for the analysts like the collapse of attributes with highly correlating events:
{:class="img-responsive"}
Or sighting view in the object is now properly working.
New attribute types were introduced in MISP in order to improve the support of new or improved objects:
- x509-fingerprint-sha256 - to support the updated x509 object
- x509-fingerprint-md5 - to support the updated x509 object
- stix2-pattern - to a new stix2-pattern object
- whois-registrant-org - to support the updated whois object
The STIX 2.0 export significantly improved to support the full range of mapping between MISP standard and STIX 2.0 standard. If a mapping is not supported in the STIX 2.0 standard, we also export custom objects to allow organisations to still get MISP information in the STIX export. The basic logic for STIX 2.0 import has been implemented to make a first version in the next release.
Many bug fixes and improvement were introduced in this version.
The full change log is available here. PyMISP change log is also available.
PyMISP has been also updated on a cleverer approach to timestamp handling while updating MISP JSON file. The PyMISP documentation has been updated PDF.
MISP galaxy, objects and taxonomies were notably extended by many contributors. These are also included by default in MISP. Don't forget to do a git submodule update and update galaxies, objects and taxonomies via the UI.
New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on. For more information and registration. We have also many other trainings and events foreseen in 2018, for more information