A new version of MISP (2.4.119) has been released, including several functionalities that should make the operation of a MISP instance more convenient.
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. The vulnerability has been fixed in 2.4.119 and assigned the following CVE-2019-19379. We strongly recommend to update to this version. Thanks to Christophe Vandeplas for the reporting.
There is a new sub-system in the diagnostics tool that will compare the current state of your MISP database to the reference db schema, highlighting potential issues / divergences. Keep in mind, not all issues are necessarily cause for concern, but generally it is recommended to fix the issues that are deemed critical. If you have doubts about why your DB looks different from what is expected, feel free to open up a github issue and we’ll try to point you in the right direction.
On top of flagging diverging traits of your DB compared to the reference, the system also allows users to generate SQL queries that would rectify the potential issues. Please make sure that you back your database up before running the suggested queries and keep in mind that altering existing tables with high volumes of data can temporarily double the disk space requirements of the given table along with taking a long amount of time (especially true for large log, correlation and sighting tables).
attribute_timestamp flag added to attributes/restSearch. Now 4 different timestamp filters exist in MISP and can be used. An explanation of the 4 timestamp filters:
The preparations for MISPs large refactor are well underway, this time we’ve added a new system that will start tracking deprecated endpoints in MISP and warning users of their state. The new system has the following functionalities:
To view the results of the collection, just navigate to the diagnostics page.
All of the deprecated export APIs (such as /events/hids export, /events/stix or /events/xml) have been refactored and are using restSearch under the hood now. Nothing should change from a user perspective except for a size-able gain in peformance thanks to all of the restSearch optimisations.
If you do notice some of your legacy scripts misbehaving, please open a github issue and describe what went wrong.
Sightings are now synchronising much more reliably, with a new sighting push setting being added to the server connection and a new publish sighting button being available for users with sighting rights on the event view.
We would like to thank all the contributors, reporters and users who have helped us in the past months to improve MISP and information sharing at large.
As always, a detailed and complete changelog is available with all the fixes, changes and improvements.