[Mantis-ti-discussion] MANTIS Cyber-Threat-Intelligence Management Framework released in version 0.2.0

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Mantis-ti-discussion] MANTIS Cyber-Threat-Intelligence Management Framework released in version 0.2.0

Bernd Grobauer
Administrator
Hi,

Siemens CERT just released version 0.2.0 of the
"MANTIS Cyber-Threat Intelligence Management Framework".

You can find the complete documentation under

http://django-mantis.readthedocs.org/en/latest/

To get an idea of what the system can do in its current version,
have a look at the screenshots:

http://django-mantis.readthedocs.org/en/latest/screenshots.html

The source code is hosted on github:

https://github.com/siemens/django-mantis

(and several other repositories, since the system has a
modular architecture).

To upgrade from a 0.1.0 installation, you must

- install the requirements as listed in

  https://github.com/siemens/django-mantis/blob/master/requirements/base.txt

- carry out the commands listed in

  https://github.com/siemens/django-mantis/blob/master/quickstart.sh

  or

  https://github.com/siemens/django-mantis/blob/master/quickstart_psql.sh


To install from scratch, please refer to

  http://django-mantis.readthedocs.org/en/latest/installation.html


Below, I include a list of changes. For those of you who have
*lot's* of objects in your system, Mantis 0.2.0 will bring
noticeable speedup in the generation of filter-views: an ill-designed
query in Mantis 0.1.0 made the generation of these views painfully
slow for systems with lot's of data inside.

Kind regards,

Bernd Grobauer, Siemens CERT

----------------------------------------------

List of changes in Mantis 0.2.0
===============================


* Changed dependencies for Mantis components
   
  * Mantis now requires DINGOS in version 0.2.0. The differences to 0.1.0 are as follows:

    * New base functionality
     
      * Added framework for managing user-specific data (user configurations,
        saved searches, etc.) and querying user-specific data in templates and views.
   
      * Added tracking of namespace information per component of a fact term
   
    * New/Modified views

      * Modifications to all views

        * Added possibility to switch between horizontal and vertical layout ...
          or have automatic adjustment of the layout depending on screen width.
   
      * Modifications to filter views
   
        * Modified date-picker in filters to enable addition of timespans without
          changing saved searches or messing up order of timespans
   
        * Added several further filter criteria in InfoObject filter
   
      * Added view with basic and still rather restricted editing capabilities for
        InfoObjects -- currently only used for editing user preferences or
        edits by the superuser
   
      * Added view to edit user configuration
   
      * Added view to edit saved searches
   
      * Added per-column ordering to list views
   
      * Added new filter/search that shows unique Facts rather than all
        InfoObjects containing a certain fact.
   
    * New/added capabilities for writing views
   
      * Added framework for ordering list views
   
      * Added per-user configuration for:
   
        * layout (horizontal vs. vertical)

        * number of rows to show in list views

        * number of rows to show in widget displaying objects in which a
          displayed object is embedded
   
    * Bug fixes / Improvements

      * Generation of filter views became unbearably slow when many
        (> 40,000) InfoObjects are in the system. This was, because
        of a badly built query within the dynamically built filter
        form. This has been fixed.
   
      * Further development of JSON export (still needs work to make
        the to_dict function of InfoObjects generic and configurable such as
        the from_dict function)
   
      * Fixed bug in generation of InfoObjects: when a placeholder for a given
        ID already existed, it was not reliably found.
   
    * New/Modified command-line commands
   
      * Import command now fails gracefully if import of a file
        throws an exception: it continues with import of the next file.
   
      * Added command line arguments to basic import command:

        * ability to add IDs of marking objects to be added to imported objects

        * ability to automatically move imported XML files to other folder after
          import
   
      * Added command to reset user-settings and saved searches for a given user.
   
      * Added command to re-calculate object names.
   
        This is useful to run right after an import, recalculating the
        names of 'Observable' InfoObjects created in the past few minutes.  Thus, the
        problem that those Observables that are to be named after the (single)
        object they contain do not carry a proper name (because at creation time
        of the Observable, the Object usually does not exist, yet) can be fixed.

  * Mantis now requires the Mantis-Core in version 0.2.0.
    The differences to 0.1.0 are as follows:
 
    * Added corresponding abstract model classes for
      models introduced in DINGOS 0.2.0.
 
  * Mantis now requires the STIX/CybOX Importer in version 0.2.0.
    The differences to 0.1.0 are as follows:
   
    * Added ability to generate identifier for top-level element
      (usually a STIX_Package) if an identifier for that element is
      missing: if a default namespace has been defined, then
      an identifier is generated by taking the MD5-hash of the
      xml file.
       
    * Timestamp present in `STIX_Header/Information_Source/Time/Produced_Time`
      is read.
   
    * Added a command-line argument to add a default-timestamp to the STIX import
      command.
       
    * Bug fixes:
   
      * Attributes other than `id` and `idref` that contained a namespace were not
        handled correctly. The handler function `attr_with_namespace_handler`
        fixes this.

      * In `0.1.0`, the `xsi:type` attribute was not recorded, because in most cases,
        its information is used for determining the data type of elements and
        InfoObjects. But there are cases, e.g., in Markings, where this is not the
        case. For these cases, the `xsi:type` attribute is kept in the InfoObject.

      * Family revision info was not recorded; this has been fixed.

  * Mantis now requires the OpenIOC Importer in version 0.2.0.
    The differences to 0.1.0 are as follows:

    * Fixed bug in import of timestamp


_______________________________________________
Mantis-ti-discussion mailing list
[hidden email]
https://tiss.trusted-introducer.org/mailman/listinfo/mantis-ti-discussion
Reply | Threaded
Open this post in threaded view
|

Re: [Mantis-ti-discussion] MANTIS Cyber-Threat-Intelligence Management Framework released in version 0.2.0

Bernd Grobauer
Administrator
Hi Jonny,

> Great news. Do you guys have any estimate in regards to the initial
> realase of django-mantis-taxii?

I would like to have a _very_ basic django-mantis-taxii ready at
the end of March (but this will at first only provide very basic import
facilities). Currently we are waiting for the release of Yeti 1.1.,
because we want to build on top of that.

Kind regards,

Bernd

PS:

@all: one of the email addresses I sent the initial posting to was
wrong: I wrote (or rather, Outlook autocompleted) [hidden email]
what should have been [hidden email].
Please do not relpy to the former address, since this will attempt
to join you to the Mantis mailing list ... Sorry for that!


_______________________________________________
Mantis-ti-discussion mailing list
[hidden email]
https://tiss.trusted-introducer.org/mailman/listinfo/mantis-ti-discussion
Reply | Threaded
Open this post in threaded view
|

[Mantis-ti-discussion] MANTIS Cyber-Threat-Intelligence Management Framework: slide-set and upcoming features for 0.3.0

Bernd Grobauer
Administrator
In reply to this post by Bernd Grobauer
Hi,

I am pretty sure that all of you are on the STIX-discussion list,
so there is no need for me to send you yet another copy of the
slide deck I sent along with my answer to Lech; if you
are not on the list and want a copy, please drop me an email.

In the slide set you will find screenshots of two new
features for v0.3.0 that I am pretty excited about:

- custom search with a query language
- support for authoring STIX/CybOX documents

And maybe, we will also get the REST-API into a shape that is
fit for publication in v0.3.0.

I hope to have release 0.3.0 ready in time for this year's FIRST
conference in Boston, where I will be giving a talk on MANTIS:

http://www.first.org/conference/2014/program#pthe-mantis-framework-cyber-threat-intelligence-management-for-certs

Maybe I will get to meet some of you in one of the several
STIX/CybOX-related talks and workshops at the conference?

Kind regards,

Bernd

------------

Bernd Grobauer, Siemens CERT


_______________________________________________
Mantis-ti-discussion mailing list
[hidden email]
https://tiss.trusted-introducer.org/mailman/listinfo/mantis-ti-discussion