A new version of MISP (2.4.98) has been released with new features such as improved UI consistency (such as attributes search output), improved validation error messages, a new built-in experimental SleuthKit mactime import, new small features and many bugs fixed.
The user interface has been significantly improved in regards to the reporting of validation errors occuring whilst attempting to save attributes. The user can now view the attributes not properly imported and the reason for the validation failing. A user can view the failed/succeeded saves resulting from batch imports via the UI. Additionally a host of small fixes for the flash message system have been implemented.
The output of the search interface is now consistent with standard attributes view in MISP. The user can now add sighting, tags, galaxies directly in the search results.
A new experimental import functionality has been included to import SleuthKit mactime timelines from MISP directly. The user can import one or more mactime timelines in MISP, which will be included as a mactime object to describe forensic activities on an analysed file system. The import is a two-step process where the user can cherry pick the forensic events which took place and select the meaningful activity to be added in a MISP event.
The API has been improved with many new features such as:
In the CSV export functionality, the ignore flag is restored to the old behaviour:
Many long-standing bugs were fixed based on the feedback from various users and organisations.
In STIX 1 import, AIS marking is now included in import as MISP event tag. Many improvement in STIX 1 and STIX 2 import/export, check the changelog for the complete changes.
MISP galaxy, objects and taxonomies were notably extended by many contributors. New object templates were introduced to improve the support for the description of forensic analysis cases and improve their sharing. These are also included by default in MISP. Don’t forget to do a
git submodule update and update galaxies, objects and taxonomies via the UI.
A detailed and complete changelog is available with all the fixes, changes and improvements.
Don’t hesitate to have a look at our events page to see our next activities to improve threat intelligence, analytics and automation.