diff --git a/app/Model/Server.php b/app/Model/Server.php index d780c5438..e6eecf069 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -6080,6 +6080,7 @@ class Server extends AppModel 'value' => '', 'test' => 'testForEmpty', 'type' => 'string', + 'redacted' => true ), ), 'Security' => array( @@ -6788,6 +6789,7 @@ class Server extends AppModel 'test' => 'testForEmpty', 'type' => 'string', 'afterHook' => 'zmqAfterHook', + 'redacted' => true ), 'ZeroMQ_redis_host' => array( 'level' => 2, @@ -6811,6 +6813,7 @@ class Server extends AppModel 'value' => '', 'type' => 'string', 'afterHook' => 'zmqAfterHook', + 'redacted' => true ), 'ZeroMQ_redis_database' => array( 'level' => 2, diff --git a/app/Model/User.php b/app/Model/User.php index 9151043ad..40630ce9c 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -1825,7 +1825,6 @@ class User extends AppModel $finalContext = $this->Event->restSearch($user, 'context', $filtersForRestSearch, false, false, $elementCounter, $renderView); $finalContext = JsonTool::decode($finalContext->intoString()); $aggregated_context = $this->__renderAggregatedContext($finalContext); - $rollingWindows = $periodicSettings['trending_period_amount'] ?: 2; $trendAnalysis = $this->Event->getTrendsForTagsFromEvents($events, $this->periodToDays($period), $rollingWindows, $periodicSettings['trending_for_tags']); $tagFilterPrefixes = $periodicSettings['trending_for_tags'] ?: array_keys($trendAnalysis['all_tags']); @@ -1876,6 +1875,30 @@ class User extends AppModel return $view->render($viewFile, false); } + private function __getUsableFilters(array $period_filters, string $period='daily'): array + { + $filters = [ + 'last' => $this->__genTimerangeFilter($period), + 'published' => true, + 'includeScoresOnEvent' => true, + ]; + if (!empty($period_filters['orgc_id'])) { + $filters['orgc_id'] = $period_filters['orgc_id']; + } + if (isset($period_filters['distribution']) && $period_filters['distribution'] >= 0) { + $filters['distribution'] = intval($period_filters['distribution']); + } + if (!empty($period_filters['sharing_group_id'])) { + $filters['sharing_group_id'] = $period_filters['sharing_group_id']; + } + if (!empty($period_filters['event_info'])) { + $filters['event_info'] = $period_filters['event_info']; + } + if (!empty($period_filters['tags'])) { + $filters['tags'] = $period_filters['tags']; + } + return $filters; + } private function __genTimerangeFilter(string $period='daily'): string { return $this->periodToDays($period) . 'd'; diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index 300d4634b..f477680de 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -54,7 +54,6 @@ $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:% $processed_correlations = []; $new_correlations = []; - foreach ($events as $event) { $unique_tag_per_event = []; $attribute_number += count($event['Attribute']); @@ -213,6 +212,7 @@ uasort($mitre_attack_techniques, function($tag1, $tag2) use ($all_tag_amount) { array_splice($attribute_types, 10); array_splice($object_types, 10); +array_splice($all_tag_amount, 10); array_splice($mitre_attack_techniques, 10); ?> @@ -453,7 +453,6 @@ array_splice($mitre_attack_techniques, 10); fetch('detailed-summary-correlations')) : ?> - fetch('detailed-summary-correlations'); ?>

@@ -524,8 +523,6 @@ array_splice($mitre_attack_techniques, 10); - - fetch('trending-summary')) : ?> diff --git a/app/webroot/doc/openapi.yaml b/app/webroot/doc/openapi.yaml index 4d31d3179..e4a133660 100644 --- a/app/webroot/doc/openapi.yaml +++ b/app/webroot/doc/openapi.yaml @@ -4,14 +4,23 @@ info: description: | ### Getting Started - Automation functionality is designed to automatically generate signatures for intrusion detection systems. - To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes. - Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature - generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts. - Support for more attribute types is planned. To make this functionality available for automated tools an authentication - key is used. This makes it easier for your tools to access the data without further form-based-authentication. - The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key can be found and managed under My Profile page (/users/view/me) - on a MISP instance. + + MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event), + [Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute). + This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data. + + It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more. + + To get an API key there are several options: + * **[UI]** Go to [Administration -> Auth Keys](/auth_keys/index) page and click on `+ Add authentication key` + + * **[UI]** Go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key` + + * **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]` + + * **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint. + + > **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets. #### Accept and Content-Type headers When performing your request, depending on the type of request, you might need to explicitly specify in what content