MISP 2.4.182 released with new features, improvements bugs fixed and an important security fix.
MISP Core
New Features
- [event:view] Added new option
show_server_correlations_for_all_users
allowing non-privileged users to view server correlations. [Sami
Mokaddem]
Changes
-
[Version] bump. [iglocska]
-
[misp-objects] updated to the latest version. [Alexandre Dulaunoy]
-
[misp-stix] Bumped latest version. [Christian Studer]
-
[warning-lists] updated to the latest version. [Alexandre Dulaunoy]
-
[misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
-
[Geo-Open] updated to the latest version. [Alexandre Dulaunoy]
-
[PyMISP] Bump. [Raphaël Vinot]
-
[CLI] runUpdates updated to purge any pending db lock first.
[iglocska] -
[event reports] content field size changed to mediumtext. [Andras
Iklody] -
[logging] fail silently if logging entry can't be saved. [iglocska]
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
-
[events:event-graph] Allow expansion of nodes by double-clicking.
[Sami Mokaddem]In response to significant demand from Terrtia and subsequent evaluation by adulau
-
[feed:attachFeedCorrelations] Added comment. [Sami Mokaddem]
-
[event:view] Show feed meta-information as popup. [Sami Mokaddem]
-
[misp-stix] Bump. [Jakub Onderka]
Fix
-
[db_schema] dump. [iglocska]
-
[correlation] exclusion cleaning was broken for noacl correlations,
fixes #8899. [iglocska] -
[eventReport:editReport] Generate an UUID if new report added from
pull. [Sami Mokaddem] -
[workflows:editor] Prepend baseurl to url. [Lukasz Rzasik]
-
[TOTP] allow deletion of TOTP from edit page. [Christophe Vandeplas]
-
[security] new audit logs lack of ACL controls. [iglocska]
- added proper ACL handling to the new audit logs
- as reported by fukusuket(Fukusuke Takahashi)
- Assigned CVE-2023-50918 for this vulnerability. The new audit log is not enabled by default.
-
[case sensitivity] fix. [iglocska]
-
[login_history] fixes str_contains #9433. [Christophe Vandeplas]
-
[login_history] fixes str_contains #9433. [Christophe Vandeplas]
-
[password reset] required current password for token based reset.
[iglocska] -
[diag] diagnostics page loading issue. [Michael Hirt]
-
[openapi] add version to match spec. fixes #9058. [Luciano Righetti]
-
[caching] remove uuid validation from the feed caching. [iglocska]
- not really needed and it breaks the entire caching if a single old event has an invalid uuid
-
[attribute bulk update] separate out tag deletion as it builds a
ridiculously large query at times. [iglocska] -
[caching] remove uuid validation from the feed caching. [iglocska]
- not really needed and it breaks the entire caching if a single old event has an invalid uuid
MISP project knowledge bases
MISP Objects
Improved shadowserver-malware-url-report and cs-beacon-config object template. Updates in the victim object template and report object template.
MISP Galaxy
Improved Sigma rules galaxy, threat-actors database with many new threat-actors
MISP warning-lists
Warning-lists updated to the latest version from the different sources.
Don't forget to follow us on Mastodon
The MISP project has its own Mastodon server misp-community.org - don't forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.
MISP Professional Services
MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don't hesitate to get in touch with us if you need specific services.