From 046fd49b069b8c948e071f70e0fcd52674113443 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 08:55:56 +0200 Subject: [PATCH 01/16] chg: [periodic_notification] Generate tag trendings for mitre ATTACK if none are provided --- app/Lib/Tools/TrendingTool.php | 4 ++++ app/Model/User.php | 3 ++- app/View/Users/notification_settings.ctp | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/Lib/Tools/TrendingTool.php b/app/Lib/Tools/TrendingTool.php index 089308569..9cdf1f240 100644 --- a/app/Lib/Tools/TrendingTool.php +++ b/app/Lib/Tools/TrendingTool.php @@ -2,6 +2,9 @@ class TrendingTool { private $eventModel; + public const defaultTagNamespaceForTrends = [ + 'misp-galaxy:mitre-attack-pattern', + ]; public function __construct($eventModel) { @@ -10,6 +13,7 @@ class TrendingTool public function getTrendsForTags(array $events, int $baseDayRange, int $rollingWindows=3, $tagFilterPrefixes=null): array { + $tagFilterPrefixes = $tagFilterPrefixes ?: self::defaultTagNamespaceForTrends; $clusteredTags = $this->__clusterTagsForRollingWindow($events, $baseDayRange, $rollingWindows, $tagFilterPrefixes); $trendAnalysis = $this->__computeTrendAnalysis($clusteredTags); return [ diff --git a/app/Model/User.php b/app/Model/User.php index 6d86b8b37..8caa1cb85 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -1787,9 +1787,10 @@ class User extends AppModel $rollingWindows = 2; $trendAnalysis = $this->Event->getTrendsForTagsFromEvents($events, $this->__periodToDays($period), $rollingWindows, $periodicSettings['trending_for_tags']); + $tagFilterPrefixes = $periodicSettings['trending_for_tags'] ?: array_keys($trendAnalysis['all_tags']); $trendData = [ 'trendAnalysis' => $trendAnalysis, - 'tagFilterPrefixes' => $periodicSettings['trending_for_tags'], + 'tagFilterPrefixes' => $tagFilterPrefixes, ]; $trending_summary = $this->__renderTrendingSummary($trendData); diff --git a/app/View/Users/notification_settings.ctp b/app/View/Users/notification_settings.ctp index 691cb569c..8c1a62011 100644 --- a/app/View/Users/notification_settings.ctp +++ b/app/View/Users/notification_settings.ctp @@ -59,7 +59,7 @@ echo $this->element('genericElements/Form/genericForm', [ 'type' => 'tagsPicker', 'placeholder' => '["tlp:red"]', ], - sprintf('

%s

', __('Notification filters')), + sprintf('

%s

', __('Report settings')), [ 'field' => 'periodic_settings.trending_for_tags', 'label' => __('Generate trends for tag namespaces'), From f6a8d4555416572800966fb84dd9b9a0ed90c551 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 09:16:06 +0200 Subject: [PATCH 02/16] chg: [peridioc_notification] Compute event score instead of event base_score taking into account publish_timestamp --- app/Model/DecayingModel.php | 19 ++++++++++--------- app/Model/DecayingModelsFormulas/Base.php | 12 ++++++++++++ app/Model/Event.php | 9 +++++---- app/Model/User.php | 2 +- app/View/Emails/notification_common.ctp | 12 ++++++------ 5 files changed, 34 insertions(+), 20 deletions(-) diff --git a/app/Model/DecayingModel.php b/app/Model/DecayingModel.php index 74b10ec9d..28ec50089 100644 --- a/app/Model/DecayingModel.php +++ b/app/Model/DecayingModel.php @@ -638,7 +638,7 @@ class DecayingModel extends AppModel return $attribute; } - public function attachBaseScoresToEvent($user, $event, $model_id=false, $model_overrides=array(), $include_full_model=0) + public function attachScoresToEvent($user, $event, $model_id=false, $model_overrides=array(), $include_full_model=0) { $models = []; if ($model_id === false) { // fetch all allowed and associated models @@ -650,10 +650,11 @@ class DecayingModel extends AppModel if (!empty($model_overrides)) { $model = $this->overrideModelParameters($model, $model_overrides); } - $basescore = $this->getBaseScoreForEvent($event, $model, $user); - $decayed = $this->isBaseScoreDecayed($model, $basescore); + $eventScore = $this->getScoreForEvent($event, $model); + $decayed = $this->isEventDecayed($model, $eventScore['score']); $to_attach = [ - 'base_score' => $basescore, + 'score' => $eventScore['score'], + 'base_score' => $eventScore['base_score'], 'decayed' => $decayed, 'DecayingModel' => [ 'id' => $model['DecayingModel']['id'], @@ -663,7 +664,7 @@ class DecayingModel extends AppModel if ($include_full_model) { $to_attach['DecayingModel'] = $model['DecayingModel']; } - $event['event_base_score'][] = $to_attach; + $event['event_scores'][] = $to_attach; } return $event; } @@ -687,16 +688,16 @@ class DecayingModel extends AppModel return $this->Computation->computeCurrentScore($user, $model, $attribute); } - public function getBaseScoreForEvent(array $event, array $model): float + public function getScoreForEvent($event, $model): array { $this->Computation = $this->getModelClass($model); - return $this->Computation->computeBasescore($model, $event)['base_score']; + return $this->Computation->computeEventScore($model, $event); } - public function isBaseScoreDecayed(array $model, float $basescore): bool + public function isEventDecayed(array $model, float $score): bool { $threshold = $model['DecayingModel']['parameters']['threshold']; - return $threshold > $basescore; + return $threshold > $score; } public function isDecayed($attribute, $model, $score=false, $user=false) diff --git a/app/Model/DecayingModelsFormulas/Base.php b/app/Model/DecayingModelsFormulas/Base.php index be5f2c543..3d3af1c7c 100644 --- a/app/Model/DecayingModelsFormulas/Base.php +++ b/app/Model/DecayingModelsFormulas/Base.php @@ -157,6 +157,18 @@ abstract class DecayingModelBase return $scores; } + final public function computeEventScore($model, $event, $base_score = false) + { + $base_score = $this->computeBasescore($model, $event)['base_score']; + $last_timestamp = $event['Event']['publish_timestamp']; + $timestamp = time(); + $scores = array( + 'score' => $this->computeScore($model, $event, $base_score, $timestamp - $last_timestamp), + 'base_score' => $base_score + ); + return $scores; + } + // Compute the score for the provided attribute according to the elapsed time with the provided model abstract public function computeScore($model, $attribute, $base_score, $elapsed_time); // Return a True if the attribute should be marked as decayed diff --git a/app/Model/Event.php b/app/Model/Event.php index a7373a18a..ae52a757e 100755 --- a/app/Model/Event.php +++ b/app/Model/Event.php @@ -1621,7 +1621,7 @@ class Event extends AppModel 'includeRelatedTags', 'excludeLocalTags', 'includeDecayScore', - 'includeBaseScoresOnEvent', + 'includeScoresOnEvent', 'includeSightingdb', 'includeFeedCorrelations', 'includeServerCorrelations', @@ -1930,7 +1930,7 @@ class Event extends AppModel $sharingGroupData = $sharingGroupReferenceOnly ? [] : $this->__cacheSharingGroupData($user, $useCache); // Initialize classes that will be necessary during event fetching - if ((!empty($options['includeDecayScore']) || !empty($options['includeBaseScoresOnEvent'])) && !isset($this->DecayingModel)) { + if ((!empty($options['includeDecayScore']) || !empty($options['includeScoresOnEvent'])) && !isset($this->DecayingModel)) { $this->DecayingModel = ClassRegistry::init('DecayingModel'); } if ($options['includeServerCorrelations'] && !$isSiteAdmin && $user['org_id'] != Configure::read('MISP.host_org_id')) { @@ -2027,8 +2027,9 @@ class Event extends AppModel } //$event['RelatedShadowAttribute'] = $this->getRelatedAttributes($user, $event['Event']['id'], true); } - if (!empty($options['includeBaseScoresOnEvent'])) { - $event = $this->DecayingModel->attachBaseScoresToEvent($user, $event); + if (!empty($options['includeScoresOnEvent'])) { + // $event = $this->DecayingModel->attachBaseScoresToEvent($user, $event); + $event = $this->DecayingModel->attachScoresToEvent($user, $event); } $shadowAttributeByOldId = []; if (!empty($event['ShadowAttribute'])) { diff --git a/app/Model/User.php b/app/Model/User.php index 8caa1cb85..a6fcc4e32 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -1837,7 +1837,7 @@ class User extends AppModel $filters = [ 'last' => $this->__genTimerangeFilter($period), 'published' => true, - 'includeBaseScoresOnEvent' => true, + 'includeScoresOnEvent' => true, ]; if (!empty($period_filters['orgc_id'])) { $filters['orgc_id'] = $period_filters['orgc_id']; diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index 4a5b16f2a..262b8620d 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -315,7 +315,7 @@ array_splice($all_tag_amount, 10); fetch('detailed-summary-events'); ?> -

+

@@ -328,7 +328,7 @@ array_splice($all_tag_amount, 10); - + @@ -358,12 +358,12 @@ array_splice($all_tag_amount, 10);
- + - + - - + +
::
From 2710d0459285c3ae2ad245f449b5050e3265a313 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 09:51:47 +0200 Subject: [PATCH 03/16] chg: [periodic_summary] Only show data in chart for tags having changes over time --- app/View/Elements/Events/trending_summary.ctp | 48 ++++++++++++------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/app/View/Elements/Events/trending_summary.ctp b/app/View/Elements/Events/trending_summary.ctp index ae64b17b0..36f89c229 100644 --- a/app/View/Elements/Events/trending_summary.ctp +++ b/app/View/Elements/Events/trending_summary.ctp @@ -36,13 +36,19 @@ $colorForTags = []; $chartData = []; $maxValue = 0; foreach ($allUniqueTags as $i => $tag) { - $colorForTags[$tag] = $COLOR_PALETTE[$i]; - $chartData[$tag] = [ - $clusteredTags[$previousPeriod2][$tag]['occurence'] ?? 0, - $clusteredTags[$previousPeriod][$tag]['occurence'] ?? 0, - $clusteredTags[$currentPeriod][$tag]['occurence'] ?? 0, - ]; - $maxValue = max($maxValue, max($chartData[$tag])); + if ( + !empty($clusteredTags[$previousPeriod2][$tag]['occurence']) || + !empty($clusteredTags[$previousPeriod][$tag]['occurence']) || + !empty($clusteredTags[$currentPeriod][$tag]['occurence']) + ) { + $colorForTags[$tag] = $COLOR_PALETTE[$i]; + $chartData[$tag] = [ + $clusteredTags[$previousPeriod2][$tag]['occurence'] ?? 0, + $clusteredTags[$previousPeriod][$tag]['occurence'] ?? 0, + $clusteredTags[$currentPeriod][$tag]['occurence'] ?? 0, + ]; + $maxValue = max($maxValue, max($chartData[$tag])); + } } $canvasWidth = 600; $canvasHeight = 150; @@ -117,7 +123,7 @@ if (!function_exists('computeLinePositions')) {
- +
@@ -159,7 +165,7 @@ if (!function_exists('computeLinePositions')) { - +
@@ -171,8 +177,8 @@ if (!function_exists('computeLinePositions')) {
- - + + @@ -187,8 +193,8 @@ if (!function_exists('computeLinePositions')) {
## %
- - + + @@ -203,8 +209,8 @@ if (!function_exists('computeLinePositions')) {
## %
- - + + @@ -275,6 +281,16 @@ if (!function_exists('computeLinePositions')) { \ No newline at end of file From 5c09d79caf3a8e7b006898c1e97304ac0683305c Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 12:07:27 +0200 Subject: [PATCH 05/16] chg: [period_notification] Improved layout and limit number of events displayed --- app/View/Elements/Events/trending_summary.ctp | 1 - app/View/Emails/notification_common.ctp | 23 +++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/app/View/Elements/Events/trending_summary.ctp b/app/View/Elements/Events/trending_summary.ctp index e6f3e3fba..40836e9a5 100644 --- a/app/View/Elements/Events/trending_summary.ctp +++ b/app/View/Elements/Events/trending_summary.ctp @@ -281,7 +281,6 @@ if (!function_exists('computeLinePositions')) { $low = '#fee8c8'; $medium = '#f09c8f'; $high = '#bc2f1a'; - // $high = '#9d2815'; $periodColorRatio = $clusteredTags[$currentPeriod][$tagName]['occurence'] / $maxValue; $colorGradient = []; foreach ($periods as $i => $period) { diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index 262b8620d..42fa0cd68 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -20,6 +20,7 @@ if (empty($this->__vars)) { } $default_vars = [ 'event_table_include_basescore' => true, + 'event_table_max_event_count' => 30, 'additional_taxonomy_event_list' => [ 'PAP' => 'PAP:' ], @@ -45,6 +46,9 @@ $tag_color_mapping = []; $mitre_attack_techniques = []; $mitre_galaxy_tag_prefix = 'misp-galaxy:mitre-attack-pattern="'; +$reportLink = sprintf('%s/users/viewPeriodicSummary/%s', $baseurl, $period); +$eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%s/searchPublishTimestamp:%s', $baseurl, h($start_date->format('Y-m-d H:i:s')), h($now->format('Y-m-d H:i:s'))); + foreach ($events as $event) { $unique_tag_per_event = []; $attribute_number += count($event['Attribute']); @@ -230,6 +234,7 @@ array_splice($all_tag_amount, 10);
## %
+ ⮞ @@ -315,7 +320,7 @@ array_splice($all_tag_amount, 10); fetch('detailed-summary-events'); ?> -

+

@@ -334,8 +339,11 @@ array_splice($all_tag_amount, 10); - + $event) : ?> $vars['event_table_max_event_count']-1) { + break; + } $workflowTag = findAndBuildTag($event['EventTag'], 'workflow:', $this); $analysisHtml = !empty($workflowTag) ? $workflowTag : ''; $tlpTag = findAndBuildTag($event['EventTag'], 'tlp:', $this); @@ -380,6 +388,17 @@ array_splice($all_tag_amount, 10);

+ $vars['event_table_max_event_count']) : ?> + ⮞ %s', count($events) - $vars['event_table_max_event_count']) + ) + ?> + + From a069b67ecf4386e46bb9146c434f10e78bf3c605 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 14:19:28 +0200 Subject: [PATCH 06/16] chg: [periodic_notification] Small UI improvements --- app/Controller/AppController.php | 2 +- app/webroot/css/main.css | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php index 0ac713715..b9ff80597 100755 --- a/app/Controller/AppController.php +++ b/app/Controller/AppController.php @@ -35,7 +35,7 @@ class AppController extends Controller public $helpers = array('OrgImg', 'FontAwesome', 'UserName'); - private $__queryVersion = '144'; + private $__queryVersion = '145'; public $pyMispVersion = '2.4.162'; public $phpmin = '7.2'; public $phprec = '7.4'; diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css index 53326bff6..8891e28b5 100644 --- a/app/webroot/css/main.css +++ b/app/webroot/css/main.css @@ -996,7 +996,8 @@ a.proposal_link_red:hover { } .report-container { - margin: 0 0; + margin: 0 auto; + max-width: 1500px; justify-content: center; padding: 10px 15px; overflow-y: auto; From 7578a65dc8d16d1ecff813cfc07c407e48147b5e Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 09:46:14 +0200 Subject: [PATCH 07/16] chg: [periodic_notification] Only show top 10 mitre attack techniques --- app/View/Emails/notification_common.ctp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index 42fa0cd68..903663597 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -166,10 +166,12 @@ $unique_tag_number = count(array_keys($all_tag_amount)); arsort($attribute_types); arsort($object_types); arsort($all_tag_amount); +arsort($mitre_attack_techniques); array_splice($attribute_types, 10); array_splice($object_types, 10); array_splice($all_tag_amount, 10); +array_splice($mitre_attack_techniques, 10); ?> fetch('prepend-html')) : ?> @@ -251,10 +253,13 @@ array_splice($all_tag_amount, 10); fetch('detailed-summary-mitre-attack'); ?> -

+

    $tag) : ?>
  • + + + element('tag', ['tag' => $tag]) From e90af9dcfb518d429b4d8abc387e2a6cb2693c6b Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 15:02:52 +0200 Subject: [PATCH 08/16] chg: [peridioc_notification] Small UI improvement for email rendering --- app/View/Elements/Events/trending_summary.ctp | 5 +++-- app/View/Emails/notification_common.ctp | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/app/View/Elements/Events/trending_summary.ctp b/app/View/Elements/Events/trending_summary.ctp index 40836e9a5..3f8890d91 100644 --- a/app/View/Elements/Events/trending_summary.ctp +++ b/app/View/Elements/Events/trending_summary.ctp @@ -354,6 +354,7 @@ if (!function_exists('computeLinePositions')) { } .x-axis-label { + font-size: 12px; position: absolute; white-space: nowrap; translate: -50%; @@ -368,7 +369,7 @@ if (!function_exists('computeLinePositions')) { padding-left: inherit; } - .y-axis-container>div { + .y-axis-container > div { position: relative; height: 100%; } @@ -376,7 +377,7 @@ if (!function_exists('computeLinePositions')) { .y-axis-label { position: absolute; white-space: nowrap; - /* transform: translate(-100%, 0%); */ + font-size: 12px; padding: 0 5px; } diff --git a/app/View/Emails/notification_common.ctp b/app/View/Emails/notification_common.ctp index 903663597..4ae7d26d8 100644 --- a/app/View/Emails/notification_common.ctp +++ b/app/View/Emails/notification_common.ctp @@ -257,7 +257,7 @@ array_splice($mitre_attack_techniques, 10);
      $tag) : ?>
    • - + $amount) : ?>
    • - + element('tag', ['tag' => ['Tag' => ['name' => $tag_name, 'colour' => $tag_color_mapping[$tag_name]]]]) ?> From 1c636e1e6a319883d07a243327ae9fa12bbf4015 Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 15:03:47 +0200 Subject: [PATCH 09/16] fix: [user:extractPeriodicSummary] Fallback default values for periodic settings --- app/Model/User.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/Model/User.php b/app/Model/User.php index a6fcc4e32..127a71a52 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -1665,6 +1665,16 @@ class User extends AppModel $periodic_settings = array_values(array_filter($user['UserSetting'], function ($userSetting) { return $userSetting['setting'] == self::PERIODIC_USER_SETTING_KEY; })); + if (empty($periodic_settings)) { + $periodic_settings = [['value' => [ + 'orgc_id' => '', + 'distribution' => -1, + 'sharing_group_id' => '', + 'event_info' => '', + 'tags' => '[]', + 'trending_for_tags' => '[]' + ]]]; + } $periodic_settings_indexed = []; if (!empty($periodic_settings)) { foreach ($filter_names as $filter_name) { From 6f4ce9809579bfefafe952d3918cdbcd64d183db Mon Sep 17 00:00:00 2001 From: Sami Mokaddem Date: Mon, 12 Sep 2022 15:04:29 +0200 Subject: [PATCH 10/16] fix: [serverShell:sendPeriodicSummaryToUsers] Typo in periods --- app/Console/Command/ServerShell.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Console/Command/ServerShell.php b/app/Console/Command/ServerShell.php index 4ef8a0a57..2fd887541 100644 --- a/app/Console/Command/ServerShell.php +++ b/app/Console/Command/ServerShell.php @@ -601,10 +601,10 @@ class ServerShell extends AppShell $today = new DateTime(); $periods = ['daily']; if ($today->format('j') == 1) { - $periods[] = 'weekly'; + $periods[] = 'monthly'; } if ($today->format('N') == 1) { - $periods[] = 'monthly'; + $periods[] = 'weekly'; } return $periods; } From f9e7a5f495fc3ead74e1207c20b5226e493b9718 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 14 Sep 2022 07:42:56 +0200 Subject: [PATCH 11/16] chg: [misp-galaxy] updated --- app/files/misp-galaxy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index 258515f9a..000cd8c38 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit 258515f9a8836ce7f49f00242f45d987fac43b24 +Subproject commit 000cd8c385780d3bd9ab242faa78fec4ddffd03a From fc0f70ba5c568a9bafecfa5f3d3a9fd131e07b21 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 14 Sep 2022 11:03:14 +0200 Subject: [PATCH 12/16] chg: [misp-galaxy] updated --- app/files/misp-galaxy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy index 000cd8c38..1c8d82cfc 160000 --- a/app/files/misp-galaxy +++ b/app/files/misp-galaxy @@ -1 +1 @@ -Subproject commit 000cd8c385780d3bd9ab242faa78fec4ddffd03a +Subproject commit 1c8d82cfcc6ca14791d2c3311181170449de19dc From 4135e10b7618af14e34d3dbb3b984727c58057cd Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 14 Sep 2022 11:13:32 +0200 Subject: [PATCH 13/16] chg: update openapi desc --- app/webroot/doc/openapi.yaml | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/app/webroot/doc/openapi.yaml b/app/webroot/doc/openapi.yaml index 4d31d3179..5f2785660 100644 --- a/app/webroot/doc/openapi.yaml +++ b/app/webroot/doc/openapi.yaml @@ -4,14 +4,23 @@ info: description: | ### Getting Started - Automation functionality is designed to automatically generate signatures for intrusion detection systems. - To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes. - Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature - generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts. - Support for more attribute types is planned. To make this functionality available for automated tools an authentication - key is used. This makes it easier for your tools to access the data without further form-based-authentication. - The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key can be found and managed under My Profile page (/users/view/me) - on a MISP instance. + + MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event), + [Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute). + This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data. + + It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more. + + To get an API key there are several options: + * **[UI]** Go to [Administration -> Auth Keys](/auth_keys/index) page and click on `+ Add authentication key` + + * **[UI]** Go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key` + + * **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]` + + * **API** Provided you already have an admin level API key, you can create an API for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint. + + > **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets. #### Accept and Content-Type headers When performing your request, depending on the type of request, you might need to explicitly specify in what content From 814e14069744c4e802e0e9492b53a596acd4d6be Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Wed, 14 Sep 2022 11:20:48 +0200 Subject: [PATCH 14/16] chg: typo --- app/webroot/doc/openapi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/webroot/doc/openapi.yaml b/app/webroot/doc/openapi.yaml index 5f2785660..e4a133660 100644 --- a/app/webroot/doc/openapi.yaml +++ b/app/webroot/doc/openapi.yaml @@ -18,7 +18,7 @@ info: * **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]` - * **API** Provided you already have an admin level API key, you can create an API for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint. + * **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint. > **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets. From 760d2ee04866d4d8e5ed247e0af8ea82c0e1b2b7 Mon Sep 17 00:00:00 2001 From: szopin Date: Wed, 21 Sep 2022 13:53:56 +0200 Subject: [PATCH 15/16] Redact sensitive settings Proxy password, ZeroMQ password and ZeroMQ redis password were not redacted as all other password fields --- app/Model/Server.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/Model/Server.php b/app/Model/Server.php index eebb058ad..b3e7bfdd7 100644 --- a/app/Model/Server.php +++ b/app/Model/Server.php @@ -6038,6 +6038,7 @@ class Server extends AppModel 'value' => '', 'test' => 'testForEmpty', 'type' => 'string', + 'redacted' => true ), ), 'Security' => array( @@ -6746,6 +6747,7 @@ class Server extends AppModel 'test' => 'testForEmpty', 'type' => 'string', 'afterHook' => 'zmqAfterHook', + 'redacted' => true ), 'ZeroMQ_redis_host' => array( 'level' => 2, @@ -6769,6 +6771,7 @@ class Server extends AppModel 'value' => '', 'type' => 'string', 'afterHook' => 'zmqAfterHook', + 'redacted' => true ), 'ZeroMQ_redis_database' => array( 'level' => 2, From 0b68c508a34f5403baeb3b925f41f47b6bdd1b92 Mon Sep 17 00:00:00 2001 From: Luciano Righetti Date: Thu, 22 Sep 2022 12:35:23 +0200 Subject: [PATCH 16/16] fix: fixed events and target event id not properly set --- app/View/Feeds/add.ctp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/View/Feeds/add.ctp b/app/View/Feeds/add.ctp index 81dd5c23c..47ccdefbd 100755 --- a/app/View/Feeds/add.ctp +++ b/app/View/Feeds/add.ctp @@ -81,13 +81,13 @@ echo $this->element('genericElements/Form/genericForm', [ [ 'field' => 'fixed_event', 'label' => __('Target Event'), - 'options' => ['Fixed Event', 'New Event Each Pull'], + 'options' => [1 =>'Fixed Event', 0 => 'New Event Each Pull'], 'type' => 'dropdown', 'div' => ['id' => 'TargetDiv', 'style' => 'display:none', 'class' => 'optionalField'], 'class' => 'form-control span6' ], [ - 'field' => 'target_event', + 'field' => 'event_id', 'label' => __('Target Event ID'), 'placeholder' => __('Leave blank unless you want to reuse an existing event.'), 'div' => ['id' => 'TargetEventDiv', 'style' => 'display:none', 'class' => 'optionalField'],