MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-website/_posts/2019-03-26-MISP.2.4.104.rel...

3.9 KiB
Raw Blame History

title layout featured
MISP 2.4.104 released (aka too many new features) post /assets/images/misp/blog/distribution-graph.png

A new version of MISP (2.4.104) has been released with a series of new features such as new overlap feed comparator, a new graph visualisation o f event and attribute distribution, bookmarked history in REST client and many others.

New features

New overlap feed comparator

Feed can now be compared to other feeds (cached feeds and cached MISP servers). This helps if you can cover the contents with a combination of other cached feeds. This feature can be useful to carefully evaluate new feeds against other ones.

Comparing a MISP feed to other feeds and check its coverage

Distribution graph

A new distribution visualisation graph has been introduced to quickly view where information will be distributed. This allows users to get an overview how far events and attributes will be distributed and shows the member of the community who will get the information shared.

MISP distribution graph example

Bookmark and history in REST client

The MISP UI REST Client now keeps an history of all the queries performed. The queries can be recalled and bookmarked for later use. No more need to keep track of your queries in your notes, it's now in your MISP instance.

MISP REST Client bookmarks

Required taxonomy

On a MISP instance, you can now require to have at least one tag set from one or more taxonomy before publishing an event. This feature is useful for organisations who have mandatory taxonomies to be set (such as CSIRTs with TLP, military organisation with mandatory classification or an ISAC with required contextualisation).

Kafka publishing

Improvements

  • A new ATT&CK heatmap is now displayed per threat-actor aggregating information from the various events and attributes in MISP where the techniques are linked to a specific threat actor.
  • All galaxy matrix type are now included in the statistic page.
  • [API] Pagination is now available to the event index.
  • Galaxies can now be deleted from the user-interface.
  • A new exercise setup script has been introduced to setup MISP instances for training or exercise:
    • assumes a hub MISP and a set of training MISPs for different participating teams
    • This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
    • each instance has to have the same API key for the site admin (the idea is to clone training VMs)
    • configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances

Bug fixes

  • Upgraded to the latest version of CakePHP.
  • Bro/Zeek export fixed including the cached export feature.
  • STIX 2 export various fixes.
  • Some improvements to the RPZ export format to include serial.
  • Multiple bugs fixed in the ZMQ.

A host of bugs were squashed and various small improvements were implemented.

MISP galaxy, objects, taxonomies and warning-lists were extended by many contributors, whic h are also included by default in MISP. Don't forget to run a git submodule update and update galaxies, objects and taxonomies via the UI.

We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.

As always, a detailed and complete changelog is available with all the fixes, changes and improvements.

Don't hesitate to have a look at our events page to see our next trainings, talks and activities to improve threat intelligence, analytics and automati on.