Skip to content

AIL Project version 5.7 released with many improvements with 2FA support, multi-organisation support, improved chat monitoring and more.

Compare
Choose a tag to compare
@adulau adulau released this 18 Sep 09:34
· 56 commits to master since this release
3fe7c14

AIL Framework v5.7 Released!

We are thrilled to announce the release of AIL Framework version 5.7. This update brings a host of new features, improvements, and bug fixes designed to enhance performance, security, and user experience.

Highlights

  • Two-Factor Authentication (2FA): Enhance your account security with new TOTP and HOTP authentication methods.
  • Organizational Support: Introduced organization-level access controls and management for users, trackers, retro hunts, investigations, and cookie jars.
  • Improved Chat Monitoring: Added support for new chat types, placeholders, and enhanced message viewing with usernames and relationships.
  • Dashboard Enhancements: Real-time updates with event streams replacing interval requests for a smoother experience.
  • User Management Overhaul: Refactored user creation and editing processes, including organization assignments and session management.

What's New

Security Enhancements

  • Two-Factor Authentication (2FA):

    • Implemented TOTP and HOTP methods for additional account security.
    • Users and admins can manage 2FA settings directly from their profiles.
  • User Session Management:

    • Administrators can now manually log out users or terminate user sessions.
    • Added metadata for users, including creation date, last edit, last login, last seen, and login status.

Organizational Features

  • Organization-Level Access Control:

    • Introduced organizations to structure data and access.
    • Trackers, retro hunts, investigations, and cookie jars now support organization-specific ACLs.
    • Users can view their organization information in their profiles.
  • User Roles Update:

    • Renamed the "coordinator" role to "org_admin" for clarity.
    • Refactored user roles to better align with organizational structures.

Chat and Messaging Improvements

  • Chat Monitoring:

    • Added support for additional chat types and placeholders.
    • Chats now display usernames for better context.
    • Implemented chat monitoring requests in the chats explorer.
  • Message Relationships:

    • Enhanced relationships by adding message mentions linking chats and user accounts.
    • Introduced chord diagrams to visualize message flow between chats and users.

User Interface and Experience

  • Dashboard Updates:

    • Replaced interval-based requests with event streams for real-time updates.
    • Improved performance and reduced server load.
  • Error Handling:

    • Enhanced UI to gracefully handle 403 and 404 errors.
    • Refined logs to filter out unnecessary SSL errors when clients disconnect.
  • Visualization Tools:

    • Updated D3.js to the latest version.
    • Migrated heatmap to version 7 with improved tooltips.
    • Circos graphs now display the number of inbound and outbound messages in tooltips.

Other Notable Additions

  • Crawler Management:

    • Added functions to delete schedules and manually clear queues.
    • Improved crawler statistics with monthly domain-type stats.
  • Export and Import:

    • Filtered out non-MISP objects during MISP exports.
    • Updated MISP taxonomies and galaxies to the latest versions.

Bug Fixes

  • Crawler Queue Statistics:

    • Resolved multiple issues causing inaccurate crawler queue stats.
  • User Management:

    • Fixed role editing and user validation processes.
    • Corrected issues with users changing their own passwords.
  • Trackers and Retro Hunts:

    • Addressed ACL issues for global trackers.
    • Fixed webhook exports and post-filter selectors.
  • Cookie Jar:

    • Resolved problems when adding cookies with UUIDs.
  • Object Handling:

    • Fixed errors when retrieving objects with None values.
    • Corrected display issues in the object subtype dashboard.
  • User Accounts:

    • Fixed tooltips in chord graphs.
    • Corrected last username timestamp displays.

Upgrading to v5.7

To upgrade to the latest version:

  1. Pull the Latest Changes: Update your local repository to include the latest commits.
  2. Restart Services: Restart the AIL Framework services to apply the new changes. The update script is started automatically.

For a detailed list of changes, visit our GitHub repository.


Funding

MISP-LEA, a collaborative endeavor between Shadowserver and CIRCL, is a 24-month initiative funded by the European Union. The project’s central aim is to establish operational and enduring MISP and AIL instances dedicated specifically to law enforcement agencies. This setup will facilitate a smoother exchange of evidence between law enforcement agencies and improve the onset of collaborative investigations. For this purpose, the system will ingest data from Shadowserver’s ransomware and C2 infrastructure tracking.

Law enforcement agencies willing to discover and leverage the MISP-LEA platform can apply on the misp-lea.org website.

Stay Connected:

Thank you for your continued support. We look forward to your feedback!