December 22, 2017
A new version of MISP 2.4.85 has been released including improvements to the feed ingestion performance, warning-list handling and many bug fixes.
Warning-lists can now be used for filtering out import when using the API via /attributes/add either pass the url param
/enforceWarninglist:1 or set the
"enforceWarninglist":1 key on individual attributes to be checked.
Warning-lists performance is improved especially on the ingestion, the deletion of the warning-lists can be done from the UI and very large warning-lists are now properly updated even on MySQL instances configured with conservative maximum packet sizes.
Feed quick sync is now part of MISP allowing the calling of attributes using the precalculated hashes without having to parse the complete feed. We strongly recommend feed providers to use the latest feed generator in PyMISP to benefit from the quick sync.
Tags can now be restricted to a single user (in addition to the existing restrictions per organisation). This can help to support analyst workflows where a certain type of user can tag or classify in an organisation.
Auth keys of users can now be reset from the command line by using
/var/www/MISP/app/Console/cake Authkey [firstname.lastname@example.org].
Improvement and cleanup in the event index:
- removed threat level and analysis from the index as they’re eclipsed by the taxonomies for most use-cases
- changed the behaviour when users click on org logoes (redirect to filtered index)
Various UI improvements to clean up the interface for the analysts, including changes such as the collapse of attributes with highly correlating events:
The advanced sighting view on objects is now properly working.
New attribute types were introduced in MISP in order to improve the support of new or improved objects:
- x509-fingerprint-sha256 - to support the updated x509 object
- x509-fingerprint-md5 - to support the updated x509 object
- stix2-pattern - to a new stix2-pattern object
- whois-registrant-org - to support the updated whois object
The STIX 2.0 export had undergone significant improvements to support the full mapping between the MISP and STIX 2.0 standards. If a mapping is not supported in the STIX 2.0 standard, we also export custom objects to allow organisations to still receive These often crucial pieces of MISP information in the STIX export. The basic logic for STIX 2.0 import has been implemented for it to make it’s debut in the next release.
Many bug fixes and improvement were introduced in this version.
PyMISP has been also updated, boasting a more clever approach to timestamp handling while updating MISP JSON files. The PyMISP documentation has been updated PDF.
MISP galaxy, objects and taxonomies were notably extended by many contributors. These are also included by default in MISP. Don’t forget to do a
git submodule update and update galaxies, objects and taxonomies via the UI.
New MISP trainings are foreseen the 17/01 and 18/01 in Luxembourg including a full-day API and extension hands-on session. For more information and registration. We have also many other trainings and events foreseen in 2018, for more information