MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' into develop

pull/8617/head
iglocska 2022-09-26 13:10:04 +02:00
parent 893be74ac4 0b68c508a3
commit 1bbbafddd2
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
4 changed files with 45 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Model/Server.php
View File

@ -6080,6 +6080,7 @@ class Server extends AppModel
'value' => '',
'test' => 'testForEmpty',
'type' => 'string',
'redacted' => true
),
),
'Security' => array(
@ -6788,6 +6789,7 @@ class Server extends AppModel
'test' => 'testForEmpty',
'type' => 'string',
'afterHook' => 'zmqAfterHook',
'redacted' => true
),
'ZeroMQ_redis_host' => array(
'level' => 2,
@ -6811,6 +6813,7 @@ class Server extends AppModel
'value' => '',
'type' => 'string',
'afterHook' => 'zmqAfterHook',
'redacted' => true
),
'ZeroMQ_redis_database' => array(
'level' => 2,

25
app/Model/User.php
View File

@ -1825,7 +1825,6 @@ class User extends AppModel
$finalContext = $this->Event->restSearch($user, 'context', $filtersForRestSearch, false, false, $elementCounter, $renderView);
$finalContext = JsonTool::decode($finalContext->intoString());
$aggregated_context = $this->__renderAggregatedContext($finalContext);
$rollingWindows = $periodicSettings['trending_period_amount'] ?: 2;
$trendAnalysis = $this->Event->getTrendsForTagsFromEvents($events, $this->periodToDays($period), $rollingWindows, $periodicSettings['trending_for_tags']);
$tagFilterPrefixes = $periodicSettings['trending_for_tags'] ?: array_keys($trendAnalysis['all_tags']);
@ -1876,6 +1875,30 @@ class User extends AppModel
return $view->render($viewFile, false);
}
private function __getUsableFilters(array $period_filters, string $period='daily'): array
{
$filters = [
'last' => $this->__genTimerangeFilter($period),
'published' => true,
'includeScoresOnEvent' => true,
];
if (!empty($period_filters['orgc_id'])) {
$filters['orgc_id'] = $period_filters['orgc_id'];
}
if (isset($period_filters['distribution']) && $period_filters['distribution'] >= 0) {
$filters['distribution'] = intval($period_filters['distribution']);
}
if (!empty($period_filters['sharing_group_id'])) {
$filters['sharing_group_id'] = $period_filters['sharing_group_id'];
}
if (!empty($period_filters['event_info'])) {
$filters['event_info'] = $period_filters['event_info'];
}
if (!empty($period_filters['tags'])) {
$filters['tags'] = $period_filters['tags'];
}
return $filters;
}
private function __genTimerangeFilter(string $period='daily'): string
{
return $this->periodToDays($period) . 'd';

5
app/View/Emails/notification_common.ctp
View File

@ -54,7 +54,6 @@ $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%
$processed_correlations = [];
$new_correlations = [];
foreach ($events as $event) {
$unique_tag_per_event = [];
$attribute_number += count($event['Attribute']);
@ -213,6 +212,7 @@ uasort($mitre_attack_techniques, function($tag1, $tag2) use ($all_tag_amount) {
array_splice($attribute_types, 10);
array_splice($object_types, 10);
array_splice($all_tag_amount, 10);
array_splice($mitre_attack_techniques, 10);
?>
@ -453,7 +453,6 @@ array_splice($mitre_attack_techniques, 10);
<?php endif; ?>
<?php if ($this->fetch('detailed-summary-correlations')) : ?>
<?= $this->fetch('detailed-summary-correlations'); ?>
<?php else: ?>
<?php if (!empty($new_correlations)) : ?>
<h4><?= __('New correlations') ?><small style="color: #999999;"><?= sprintf(' (%s)', count($new_correlations)) ?></small></h4>
@ -524,8 +523,6 @@ array_splice($mitre_attack_techniques, 10);
<?php endif; ?>
<?php endif; ?>
</div>
</div>
<?php endif; // detailed-summary-full
?>
<?php if ($this->fetch('trending-summary')) : ?>

25
app/webroot/doc/openapi.yaml
View File

@ -4,14 +4,23 @@ info:
description: |
### Getting Started
Automation functionality is designed to automatically generate signatures for intrusion detection systems.
To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature
generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts.
Support for more attribute types is planned. To make this functionality available for automated tools an authentication
key is used. This makes it easier for your tools to access the data without further form-based-authentication.
The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key can be found and managed under My Profile page (/users/view/me)
on a MISP instance.
MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event),
[Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute).
This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data.
It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more.
To get an API key there are several options:
* **[UI]** Go to [Administration -> Auth Keys](/auth_keys/index) page and click on `+ Add authentication key`
* **[UI]** Go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key`
* **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]`
* **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint.
> **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets.
#### Accept and Content-Type headers
When performing your request, depending on the type of request, you might need to explicitly specify in what content