mirror of https://github.com/MISP/MISP
Merge branch '2.4' into develop
commit
1bbbafddd2
|
@ -6080,6 +6080,7 @@ class Server extends AppModel
|
||||||
'value' => '',
|
'value' => '',
|
||||||
'test' => 'testForEmpty',
|
'test' => 'testForEmpty',
|
||||||
'type' => 'string',
|
'type' => 'string',
|
||||||
|
'redacted' => true
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
'Security' => array(
|
'Security' => array(
|
||||||
|
@ -6788,6 +6789,7 @@ class Server extends AppModel
|
||||||
'test' => 'testForEmpty',
|
'test' => 'testForEmpty',
|
||||||
'type' => 'string',
|
'type' => 'string',
|
||||||
'afterHook' => 'zmqAfterHook',
|
'afterHook' => 'zmqAfterHook',
|
||||||
|
'redacted' => true
|
||||||
),
|
),
|
||||||
'ZeroMQ_redis_host' => array(
|
'ZeroMQ_redis_host' => array(
|
||||||
'level' => 2,
|
'level' => 2,
|
||||||
|
@ -6811,6 +6813,7 @@ class Server extends AppModel
|
||||||
'value' => '',
|
'value' => '',
|
||||||
'type' => 'string',
|
'type' => 'string',
|
||||||
'afterHook' => 'zmqAfterHook',
|
'afterHook' => 'zmqAfterHook',
|
||||||
|
'redacted' => true
|
||||||
),
|
),
|
||||||
'ZeroMQ_redis_database' => array(
|
'ZeroMQ_redis_database' => array(
|
||||||
'level' => 2,
|
'level' => 2,
|
||||||
|
|
|
@ -1825,7 +1825,6 @@ class User extends AppModel
|
||||||
$finalContext = $this->Event->restSearch($user, 'context', $filtersForRestSearch, false, false, $elementCounter, $renderView);
|
$finalContext = $this->Event->restSearch($user, 'context', $filtersForRestSearch, false, false, $elementCounter, $renderView);
|
||||||
$finalContext = JsonTool::decode($finalContext->intoString());
|
$finalContext = JsonTool::decode($finalContext->intoString());
|
||||||
$aggregated_context = $this->__renderAggregatedContext($finalContext);
|
$aggregated_context = $this->__renderAggregatedContext($finalContext);
|
||||||
|
|
||||||
$rollingWindows = $periodicSettings['trending_period_amount'] ?: 2;
|
$rollingWindows = $periodicSettings['trending_period_amount'] ?: 2;
|
||||||
$trendAnalysis = $this->Event->getTrendsForTagsFromEvents($events, $this->periodToDays($period), $rollingWindows, $periodicSettings['trending_for_tags']);
|
$trendAnalysis = $this->Event->getTrendsForTagsFromEvents($events, $this->periodToDays($period), $rollingWindows, $periodicSettings['trending_for_tags']);
|
||||||
$tagFilterPrefixes = $periodicSettings['trending_for_tags'] ?: array_keys($trendAnalysis['all_tags']);
|
$tagFilterPrefixes = $periodicSettings['trending_for_tags'] ?: array_keys($trendAnalysis['all_tags']);
|
||||||
|
@ -1876,6 +1875,30 @@ class User extends AppModel
|
||||||
return $view->render($viewFile, false);
|
return $view->render($viewFile, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function __getUsableFilters(array $period_filters, string $period='daily'): array
|
||||||
|
{
|
||||||
|
$filters = [
|
||||||
|
'last' => $this->__genTimerangeFilter($period),
|
||||||
|
'published' => true,
|
||||||
|
'includeScoresOnEvent' => true,
|
||||||
|
];
|
||||||
|
if (!empty($period_filters['orgc_id'])) {
|
||||||
|
$filters['orgc_id'] = $period_filters['orgc_id'];
|
||||||
|
}
|
||||||
|
if (isset($period_filters['distribution']) && $period_filters['distribution'] >= 0) {
|
||||||
|
$filters['distribution'] = intval($period_filters['distribution']);
|
||||||
|
}
|
||||||
|
if (!empty($period_filters['sharing_group_id'])) {
|
||||||
|
$filters['sharing_group_id'] = $period_filters['sharing_group_id'];
|
||||||
|
}
|
||||||
|
if (!empty($period_filters['event_info'])) {
|
||||||
|
$filters['event_info'] = $period_filters['event_info'];
|
||||||
|
}
|
||||||
|
if (!empty($period_filters['tags'])) {
|
||||||
|
$filters['tags'] = $period_filters['tags'];
|
||||||
|
}
|
||||||
|
return $filters;
|
||||||
|
}
|
||||||
private function __genTimerangeFilter(string $period='daily'): string
|
private function __genTimerangeFilter(string $period='daily'): string
|
||||||
{
|
{
|
||||||
return $this->periodToDays($period) . 'd';
|
return $this->periodToDays($period) . 'd';
|
||||||
|
|
|
@ -54,7 +54,6 @@ $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%
|
||||||
|
|
||||||
$processed_correlations = [];
|
$processed_correlations = [];
|
||||||
$new_correlations = [];
|
$new_correlations = [];
|
||||||
|
|
||||||
foreach ($events as $event) {
|
foreach ($events as $event) {
|
||||||
$unique_tag_per_event = [];
|
$unique_tag_per_event = [];
|
||||||
$attribute_number += count($event['Attribute']);
|
$attribute_number += count($event['Attribute']);
|
||||||
|
@ -213,6 +212,7 @@ uasort($mitre_attack_techniques, function($tag1, $tag2) use ($all_tag_amount) {
|
||||||
|
|
||||||
array_splice($attribute_types, 10);
|
array_splice($attribute_types, 10);
|
||||||
array_splice($object_types, 10);
|
array_splice($object_types, 10);
|
||||||
|
array_splice($all_tag_amount, 10);
|
||||||
array_splice($mitre_attack_techniques, 10);
|
array_splice($mitre_attack_techniques, 10);
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
@ -453,7 +453,6 @@ array_splice($mitre_attack_techniques, 10);
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
<?php if ($this->fetch('detailed-summary-correlations')) : ?>
|
<?php if ($this->fetch('detailed-summary-correlations')) : ?>
|
||||||
<?= $this->fetch('detailed-summary-correlations'); ?>
|
|
||||||
<?php else: ?>
|
<?php else: ?>
|
||||||
<?php if (!empty($new_correlations)) : ?>
|
<?php if (!empty($new_correlations)) : ?>
|
||||||
<h4><?= __('New correlations') ?><small style="color: #999999;"><?= sprintf(' (%s)', count($new_correlations)) ?></small></h4>
|
<h4><?= __('New correlations') ?><small style="color: #999999;"><?= sprintf(' (%s)', count($new_correlations)) ?></small></h4>
|
||||||
|
@ -524,8 +523,6 @@ array_splice($mitre_attack_techniques, 10);
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
|
||||||
<?php endif; // detailed-summary-full
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php if ($this->fetch('trending-summary')) : ?>
|
<?php if ($this->fetch('trending-summary')) : ?>
|
||||||
|
|
|
@ -4,14 +4,23 @@ info:
|
||||||
description: |
|
description: |
|
||||||
|
|
||||||
### Getting Started
|
### Getting Started
|
||||||
Automation functionality is designed to automatically generate signatures for intrusion detection systems.
|
|
||||||
To enable signature generation for a given attribute, Signature field of this attribute must be set to Yes.
|
MISP API allows you to query, create, modify data models, such as [Events](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-event),
|
||||||
Note that not all attribute types are applicable for signature generation, currently we only support NIDS signature
|
[Objects](https://www.circl.lu/doc/misp/misp-objects/), [Attributes](https://www.circl.lu/doc/misp/GLOSSARY.html#misp-attribute).
|
||||||
generation for IP, domains, host names, user agents etc., and hash list generation for MD5/SHA1 values of file artefacts.
|
This is extremly useful for interconnecting MISP with external tools and feeding other systems with threat intel data.
|
||||||
Support for more attribute types is planned. To make this functionality available for automated tools an authentication
|
|
||||||
key is used. This makes it easier for your tools to access the data without further form-based-authentication.
|
It also lets you perform administrative tasks such as creating users, organisations, altering MISP settings, and much more.
|
||||||
The [API](https://www.circl.lu/doc/misp/GLOSSARY.html#api) key can be found and managed under My Profile page (/users/view/me)
|
|
||||||
on a MISP instance.
|
To get an API key there are several options:
|
||||||
|
* **[UI]** Go to [Administration -> Auth Keys](/auth_keys/index) page and click on `+ Add authentication key`
|
||||||
|
|
||||||
|
* **[UI]** Go to the the [Administration -> List Users -> View](/admin/users/view/[id]) page of the user you want to create an auth key for and on the `Auth keys` section click on `+ Add authentication key`
|
||||||
|
|
||||||
|
* **[CLI]** Use the following command: `./app/Console/cake user change_authkey [e-mail/user_id]`
|
||||||
|
|
||||||
|
* **API** Provided you already have an admin level API key, you can create an API key for another user using the `[POST]/auth_keys/add/{{user_id}}` endpoint.
|
||||||
|
|
||||||
|
> **NOTE:** The authentication key will only be displayed once, so take note of it or store it properly in your application secrets.
|
||||||
|
|
||||||
#### Accept and Content-Type headers
|
#### Accept and Content-Type headers
|
||||||
When performing your request, depending on the type of request, you might need to explicitly specify in what content
|
When performing your request, depending on the type of request, you might need to explicitly specify in what content
|
||||||
|
|
Loading…
Reference in New Issue