mirror of https://github.com/MISP/MISP
Merge branch '2.4' into develop
commit
1bbbafddd2
|
@ -6080,6 +6080,7 @@ class Server extends AppModel
|
|||
'value' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
'redacted' => true
|
||||
),
|
||||
),
|
||||
'Security' => array(
|
||||
|
@ -6788,6 +6789,7 @@ class Server extends AppModel
|
|||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
'afterHook' => 'zmqAfterHook',
|
||||
'redacted' => true
|
||||
),
|
||||
'ZeroMQ_redis_host' => array(
|
||||
'level' => 2,
|
||||
|
@ -6811,6 +6813,7 @@ class Server extends AppModel
|
|||
'value' => '',
|
||||
'type' => 'string',
|
||||
'afterHook' => 'zmqAfterHook',
|
||||
'redacted' => true
|
||||
),
|
||||
'ZeroMQ_redis_database' => array(
|
||||
'level' => 2,
|
||||
|
|
|
@ -1825,7 +1825,6 @@ class User extends AppModel
|
|||
$finalContext = $this->Event->restSearch($user, 'context', $filtersForRestSearch, false, false, $elementCounter, $renderView);
|
||||
$finalContext = JsonTool::decode($finalContext->intoString());
|
||||
$aggregated_context = $this->__renderAggregatedContext($finalContext);
|
||||
|
||||
$rollingWindows = $periodicSettings['trending_period_amount'] ?: 2;
|
||||
$trendAnalysis = $this->Event->getTrendsForTagsFromEvents($events, $this->periodToDays($period), $rollingWindows, $periodicSettings['trending_for_tags']);
|
||||
$tagFilterPrefixes = $periodicSettings['trending_for_tags'] ?: array_keys($trendAnalysis['all_tags']);
|
||||
|
@ -1876,6 +1875,30 @@ class User extends AppModel
|
|||
return $view->render($viewFile, false);
|
||||
}
|
||||
|
||||
private function __getUsableFilters(array $period_filters, string $period='daily'): array
|
||||
{
|
||||
$filters = [
|
||||
'last' => $this->__genTimerangeFilter($period),
|
||||
'published' => true,
|
||||
'includeScoresOnEvent' => true,
|
||||
];
|
||||
if (!empty($period_filters['orgc_id'])) {
|
||||
$filters['orgc_id'] = $period_filters['orgc_id'];
|
||||
}
|
||||
if (isset($period_filters['distribution']) && $period_filters['distribution'] >= 0) {
|
||||
$filters['distribution'] = intval($period_filters['distribution']);
|
||||
}
|
||||
if (!empty($period_filters['sharing_group_id'])) {
|
||||
$filters['sharing_group_id'] = $period_filters['sharing_group_id'];
|
||||
}
|
||||
if (!empty($period_filters['event_info'])) {
|
||||
$filters['event_info'] = $period_filters['event_info'];
|
||||
}
|
||||
if (!empty($period_filters['tags'])) {
|
||||
$filters['tags'] = $period_filters['tags'];
|
||||
}
|
||||
return $filters;
|
||||
}
|
||||
private function __genTimerangeFilter(string $period='daily'): string
|
||||
{
|
||||
return $this->periodToDays($period) . 'd';
|
||||
|
|
|
@ -54,7 +54,6 @@ $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%
|
|||
|
||||
$processed_correlations = [];
|
||||
$new_correlations = [];
|
||||
|
||||
foreach ($events as $event) {
|
||||
$unique_tag_per_event = [];
|
||||
$attribute_number += count($event['Attribute']);
|
||||
|
@ -213,6 +212,7 @@ uasort($mitre_attack_techniques, function($tag1, $tag2) use ($all_tag_amount) {
|
|||
|
||||
array_splice($attribute_types, 10);
|
||||
array_splice($object_types, 10);
|
||||
array_splice($all_tag_amount, 10);
|
||||
array_splice($mitre_attack_techniques, 10);
|
||||
?>
|
||||
|
||||
|
@ -453,7 +453,6 @@ array_splice($mitre_attack_techniques, 10);
|
|||
<?php endif; ?>
|
||||
|
||||
<?php if ($this->fetch('detailed-summary-correlations')) : ?>
|
||||
<?= $this->fetch('detailed-summary-correlations'); ?>
|
||||
<?php else: ?>
|
||||
<?php if (!empty($new_correlations)) : ?>
|
||||
<h4><?= __('New correlations') ?><small style="color: #999999;"><?= sprintf(' (%s)', count($new_correlations)) ?></small></h4>
|
||||
|
@ -524,8 +523,6 @@ array_splice($mitre_attack_techniques, 10);
|
|||
<?php endif; ?>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</div>
|
||||
<?php endif; // detailed-summary-full
|
||||
?>
|
||||
|
||||
<?php if ($this->fetch('trending-summary')) : ?>
|
||||
|
|
|
@ -4,14 +4,23 @@ info:
|
|||
description: |
|
||||
|
||||
### Getting Started
|
||||
Automation functionality is designed to automatically generate signatures for intrusion detection systems.
|
||||
To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
|
||||
Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature
|
||||
generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts.
|
||||
Support for more attribute types is planned. To make this functionality available for automated tools an authentication
|
||||
key is used. This makes it easier for your tools to access the data without further form-based-authentication.
|
||||
The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key can be found and managed under My Profile page (/users/view/me)
|
||||
on a MISP instance.
|
||||
|
||||
MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event),
|
||||
[Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute).
|
||||
This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data.
|
||||
|
||||
It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more.
|
||||
|
||||
To get an API key there are several options:
|
||||
* **[UI]** Go to [Administration -> Auth Keys](/auth_keys/index) page and click on `+ Add authentication key`
|
||||
|
||||
* **[UI]** Go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key`
|
||||
|
||||
* **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]`
|
||||
|
||||
* **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint.
|
||||
|
||||
> **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets.
|
||||
|
||||
#### Accept and Content-Type headers
|
||||
When performing your request, depending on the type of request, you might need to explicitly specify in what content
|
||||
|
|
Loading…
Reference in New Issue