MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'develop' of github.com:MISP/MISP into develop

feature/workflow-module/publish-event
iglocska 2023-10-05 17:05:59 +02:00
parent a3c728674f b64279afe4
commit 00d22d29b1
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
8 changed files with 162 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
README.md
View File

@ -1,46 +1,53 @@
MISP - Threat Intelligence Sharing Platform
-------------------------------------------
![logo](./INSTALL/logos/misp-logo.png?raw=true "MISP")
<table>
<tr>
<td>Latest Release</td>
<td><a href="https://badge.fury.io/gh/MISP%2FMISP"><img src="https://badge.fury.io/gh/MISP%2FMISP.svg" alt="GitHub version" height="18"></a></td>
</tr>
<tr>
<td>CI Action</td>
<td><a href="https://github.com/MISP/MISP/actions?query=workflow%3Amisp"><img src="https://github.com/MISP/MISP/workflows/misp/badge.svg" /></a></td>
</tr>
<tr>
<td>Gitter</td>
<td><a href="https://gitter.im/MISP/MISP?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"><img src="https://badges.gitter.im/MISP/MISP.svg" /></a></td>
</tr>
<tr>
<td>Twitter</td>
<td><a href="https://twitter.com/MISPProject"><img src="https://img.shields.io/twitter/follow/MISPProject.svg?style=social&label=Follow" /></a></td>
</tr>
<tr>
<td>Localization</td>
<td><a href="https://crowdin.com/project/misp"><img src="https://badges.crowdin.net/misp/localized.svg" /></a></td>
</tr>
<tr>
<td>Contributors</td>
<td><img src="https://img.shields.io/github/contributors/MISP/MISP.svg" /></td>
</tr>
<tr>
<td>License</td>
<td><img src="https://img.shields.io/github/license/MISP/MISP.svg" /></td>
</tr>
</table>
<img align="right" alt="MISP logo" src="./INSTALL/logos/misp-logo.png"/>
MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS but also log analysis tools, SIEMs.
MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#core-functions">Core functions</a>
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#website--support">Website / Support</a>
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#php-and-misp">PHP and MISP</a><br>
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#installation">Installation</a>
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#documentation">Documentation</a>
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#contributing">Contributing</a><br>
&nbsp;&nbsp;&#x25CF;&nbsp;&nbsp;<a href="#license">License</a>
<table>
<tr>
<td>Latest Release</td>
<td><a href="https://badge.fury.io/gh/MISP%2FMISP"><img src="https://badge.fury.io/gh/MISP%2FMISP.svg" alt="GitHub version" height="25"></a></td>
</tr><tr>
<td>CI</td>
<td><a href="https://github.com/MISP/MISP/actions?query=workflow%3Amisp"><img src="https://img.shields.io/github/actions/workflow/status/MISP/MISP/main.yml?label=test" height="25" /></a></td>
</tr>
<tr>
<td>Gitter</td>
<td><a href="https://gitter.im/MISP/MISP?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge"><img src="https://badges.gitter.im/MISP/MISP.svg" height="25" /></a></td>
</tr>
<tr>
<td>Mastodon</td>
<td><a href="https://misp-community.org/@misp"><img src="https://img.shields.io/badge/follow-@misp-purple" height="25" /></a></td>
</tr><tr>
<tr>
<td>Twitter</td>
<td><a href="https://twitter.com/MISPProject"><img src="https://img.shields.io/badge/follow-@MISPProject-blue" height="25" /></a></td>
</tr><tr>
<td>Localization</td>
<td><a href="https://crowdin.com/project/misp"><img src="https://badges.crowdin.net/misp/localized.svg" height="25" /></a></td>
</tr>
<tr>
<td>Contributors</td>
<td><img src="https://img.shields.io/github/contributors/MISP/MISP.svg" height="25" /></td>
</tr><tr>
<td>License</td>
<td><img src="https://img.shields.io/github/license/MISP/MISP.svg" height="25" /></td>
</tr>
</table>
Core functions
------------------
- An **efficient IOC and indicators** database, allowing to store technical and non-technical information about malware samples, incidents, attackers and intelligence.
- Automatic **correlation** finding relationships between attributes and indicators from malware, attack campaigns or analysis. The correlation engine includes correlation between attributes and more advanced correlations like Fuzzy hashing correlation (e.g. ssdeep) or CIDR block matching. Correlation can also be enabled or event disabled per attribute.
- A **flexible data model** where complex [objects](https://www.misp-project.org/objects.html) can be expressed and **linked together to express threat intelligence, incidents or connected elements**.
@ -73,16 +80,27 @@ A sample event encoded in MISP:
Website / Support
------------------
Checkout the [website](https://www.misp-project.org) for more information about MISP software, standards, tools and communities.
Checkout the [website](https://www.misp-project.org) for more information about MISP software, standards, tools and communities.
Information, news and updates are also regularly posted on the [MISP project twitter account](https://twitter.com/MISPProject) or the [news page](https://www.misp-project.org/news/).
Information, news and updates are also regularly posted on the MISP project [Mastodon account](https://misp-community.org/@misp), [twitter account](https://twitter.com/MISPProject) and [news page](https://www.misp-project.org/news/).
PHP and MISP
-------------
MISP currently **requires PHP 7.4**, an end-of-life version of PHP. Because of this it is recommended that you only run MISP on distributions or PHP installs that you know will get security fixes backported, like Red Hat or Debian and derratives.
MISP 3.x, currently in development will support PHP 8.x.
Installation
-------------
For test- og production installations we recommend you check out the possible options on [misp-project.org/download](https://www.misp-project.org/download/).
Documentation
-------------
[MISP user-guide (MISP-book)](https://github.com/MISP/misp-book) is available [online](https://www.circl.lu/doc/misp/) or as [PDF](https://www.circl.lu/doc/misp/book.pdf) or as [EPUB](https://www.circl.lu/doc/misp/book.epub) or as [MOBI/Kindle](https://www.circl.lu/doc/misp/book.mobi).
For the installation guide see the [INSTALL](https://github.com/MISP/MISP/tree/2.4/INSTALL) or [download section](https://www.misp-project.org/download/).
It is also recommended to read the [FAQ](https://github.com/MISP/MISP/wiki/Frequently-Asked-Questions)
Contributing
------------

5
app/Controller/Component/RestResponseComponent.php
View File

@ -323,6 +323,11 @@ class RestResponseComponent extends Component
'description' => 'Simply GET the url endpoint to view the API output of the statistics API. Additional statistics are available via the following tab-options similar to the UI: data, orgs, users, tags, attributehistogram, sightings, attackMatrix',
'params' => array('tab'),
'http_method' => 'GET'
),
'totp_delete' => array(
'description' => 'Simply do a DELETE or POST request to the url',
'params' => array('user_id'),
'http_method' => 'DELETE'
)
),
'UserSetting' => array(

1
app/Controller/Component/RestSearchComponent.php
View File

@ -52,6 +52,7 @@ class RestSearchComponent extends Component
'first_seen',
'last_seen',
'eventinfo',
'sharinggroup',
'allow_proposal_blocking',
'flatten',
'list',

20
app/Controller/GalaxiesController.php
View File

@ -350,14 +350,14 @@ class GalaxiesController extends AppController
$items = array(
array(
'name' => __('All clusters'),
'value' => $this->baseurl . "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'. '/local:' . $local . '/eventid:' . $eventid
'value' => $this->baseurl . "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/0'. '/local:' . h($local) . '/eventid:' . h($eventid)
)
);
foreach ($galaxies as $galaxy) {
if (!isset($galaxy['Galaxy']['kill_chain_order']) || $noGalaxyMatrix) {
$items[] = array(
'name' => h($galaxy['Galaxy']['name']),
'value' => $this->baseurl . "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'] . '/local:' . $local . '/eventid:' . $eventid,
'value' => $this->baseurl . "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/' . $galaxy['Galaxy']['id'] . '/local:' . h($local) . '/eventid:' . h($eventid),
'template' => array(
'preIcon' => 'fa-' . $galaxy['Galaxy']['icon'],
'name' => $galaxy['Galaxy']['name'],
@ -367,14 +367,14 @@ class GalaxiesController extends AppController
} else { // should use matrix instead
$param = array(
'name' => $galaxy['Galaxy']['name'],
'value' => $this->baseurl . "/galaxies/selectCluster/" . $target_id . '/' . $target_type . '/' . $galaxy['Galaxy']['id'] . '/local:' . $local . '/eventid:' . $eventid,
'value' => $this->baseurl . "/galaxies/selectCluster/" . h($target_id) . '/' . h($target_type) . '/' . $galaxy['Galaxy']['id'] . '/local:' . h($local) . '/eventid:' . h($eventid),
'functionName' => sprintf(
"getMatrixPopup('%s', '%s', '%s/local:%s/eventid:%s')",
$target_type,
$target_id,
$galaxy['Galaxy']['id'],
$local,
$eventid
h($target_type),
h($target_id),
h($galaxy['Galaxy']['id']),
h($local),
h($eventid)
),
'isPill' => true,
'isMatrix' => true
@ -405,12 +405,12 @@ class GalaxiesController extends AppController
$noGalaxyMatrix = $noGalaxyMatrix ? '1' : '0';
$items = [[
'name' => __('All namespaces'),
'value' => $this->baseurl . "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/0' . '/' . $noGalaxyMatrix . '/local:' . $local . '/eventid:' . $eventid
'value' => $this->baseurl . "/galaxies/selectGalaxy/" . h($target_id) . '/' . h($target_type) . '/0' . '/' . h($noGalaxyMatrix) . '/local:' . h($local) . '/eventid:' . h($eventid)
]];
foreach ($namespaces as $namespace) {
$items[] = array(
'name' => $namespace,
'value' => $this->baseurl . "/galaxies/selectGalaxy/" . $target_id . '/' . $target_type . '/' . $namespace . '/' . $noGalaxyMatrix . '/local:' . $local . '/eventid:' . $eventid
'value' => $this->baseurl . "/galaxies/selectGalaxy/" . h($target_id) . '/' . h($target_type) . '/' . h($namespace) . '/' . h($noGalaxyMatrix) . '/local:' . h($local) . '/eventid:' . h($eventid)
);
}

10
app/Model/Server.php
View File

@ -5615,7 +5615,7 @@ class Server extends AppModel
),
'store_api_access_time' => array(
'level' => 1,
'description' => __('If enabled, MISP will capture the last API access time following a successful authentication using API keys, stored against a user under the last_api_access field.'),
'description' => __('If enabled, MISP will capture a users\' last API access time following every successful authentication using API keys (as opposed to once max per hour by default). Stored as last_api_access time for the user.'),
'value' => false,
'test' => 'testBool',
'type' => 'boolean',
@ -6407,6 +6407,14 @@ class Server extends AppModel
'type' => 'boolean',
'null' => true
),
'limit_site_admins_to_host_org' => array(
'level' => self::SETTING_RECOMMENDED,
'description' => __('If enabled, it will only be possible to assign site admin roles to users belonging to the instance\'s host org.'),
'value' => false,
'test' => 'testBool',
'type' => 'boolean',
'null' => true
),
'disable_browser_cache' => array(
'level' => 0,
'description' => __('If enabled, HTTP headers that block browser cache will be send. Static files (like images or JavaScripts) will still be cached, but not generated pages.'),

10
app/Model/User.php
View File

@ -262,6 +262,16 @@ class User extends AppModel
if (empty($user['nids_sid'])) {
$user['nids_sid'] = mt_rand(1000000, 9999999);
}
if (!empty(Configure::read('Security.limit_site_admins_to_host_org'))){
if (!empty($user['role_id']) and !empty($user['org_id'] and $user['org_id'] != Configure::read('MISP.host_org_id'))){
$role = $this->Role->find('first', array(
'conditions' => array('Role.id' => $user['role_id'])
));
if (!empty($role) and $role['Role']['perm_site_admin'] === true){
$this->invalidate('role_id', "Site admin roles can only be assigned to users of the host org on this instance.");
}
}
}
return true;
}

66
app/webroot/doc/openapi.yaml
View File

@ -914,6 +914,24 @@ paths:
default:
$ref: "#/components/responses/ApiErrorResponse"
/users/totp_delete/{userId}:
delete:
summary: "Delete user TOTP"
operationId: deleteUserTotp
tags:
- Users
parameters:
- $ref: "#/components/parameters/userIdParameter"
responses:
"200":
$ref: "#/components/responses/DeleteUserTotpResponse"
"403":
$ref: "#/components/responses/UnauthorizedApiErrorResponse"
"404":
$ref: "#/components/responses/NotFoundUserTotpDeleteResponse"
default:
$ref: "#/components/responses/ApiErrorResponse"
/admin/organisations/add:
post:
summary: "Add organisation"
@ -5879,6 +5897,23 @@ components:
type: string
example: "/attributes/1234"
NotFoundUserTotpDeleteError:
type: object
required:
- name
- message
- url
properties:
name:
type: string
example: "Invalid user"
message:
type: string
example: "Invalid user"
url:
type: string
example: "/users/totp_delete/1"
parameters:
eventIdParameter:
name: eventId
@ -7573,6 +7608,30 @@ components:
type: string
example: "/admin/users/delete/1"
DeleteUserTotpResponse:
description: "Delete user TOTP response"
content:
application/json:
schema:
type: object
properties:
saved:
type: boolean
success:
type: boolean
name:
type: string
example: "User TOTP deleted."
message:
type: string
example: "User TOTP deleted."
url:
type: string
example: "/users/totp_delete/1"
id:
type: string
example: "1"
OrganisationResponse:
description: "Organisation list response"
content:
@ -9081,6 +9140,13 @@ components:
schema:
$ref: "#/components/schemas/NotFoundApiError"
NotFoundUserTotpDeleteResponse:
description: "The specified resource was not found"
content:
application/json:
schema:
$ref: "#/components/schemas/NotFoundUserTotpDeleteError"
UnauthorizedApiErrorResponse:
description: "Authentication failed. Please make sure you pass the API key of an API enabled user along in the Authorization header."
content:

6
app/webroot/js/restClient.js
View File

@ -165,7 +165,11 @@ var debounceTimerUpdate;
var previously_selected_template = $('#ServerUrl').data('urlWithoutParam')
if (selected_template !== '' && allValidApis[selected_template] !== undefined) {
$('#template_description').show();
$('#ServerMethod').val('POST');
if(allValidApis[selected_template].http_method !== undefined){
$('#ServerMethod').val(allValidApis[selected_template].http_method);
} else {
$('#ServerMethod').val('POST');
}
var server_url_changed = $('#ServerUrl').val() != allValidApis[selected_template].url;
$('#ServerUrl')
.val(allValidApis[selected_template].url)