MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch '2.4' of github.com:MISP/MISP into view-migration-galaxy

pull/5699/head
mokaddem 2020-03-24 14:27:29 +01:00
parent d8f5228d83 81a46e2f45
commit b340893593
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
22 changed files with 463 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
INSTALL/INSTALL.sh
View File

@ -988,13 +988,12 @@ genRCLOCAL () {
# Run PyMISP tests
runTests () {
echo "url = '${MISP_BASEURL}'
key = '${AUTH_KEY}'" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
echo "url = \"${MISP_BASEURL}\"
key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
sudo -H -u $WWW_USER git clone https://github.com/viper-framework/viper-test-files.git $PATH_TO_MISP/PyMISP/tests/viper-test-files
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
}

6
INSTALL/INSTALL.sh.sfv
View File

@ -1,5 +1,5 @@
; Generated by RHash v1.3.9 on 2020-03-10 at 18:43.24
; Generated by RHash v1.3.9 on 2020-03-18 at 13:56.48
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
;
; 100109 18:43.24 2020-03-10 INSTALL.sh
INSTALL.sh 68CED66FC4D5C4A7F0041BF7DAC60113FAB614E5 5DFCF61AEB56A736930EE8A77959BD90C2F8AD6AD11CD1B09AB60D1E68D18BD0 D03AECC77CF64A90DA971C562EB49C373954151B712966EF6482F6E032F992B568BB8E0C2FF3EAFB300DB7BF768796E4 3981E487FD3C4822F353232ABFB8A017E299702E1E5B1D75A2DC901D6CC8CF356F848CA944FBD04A25E9CA459645FDC5F03D2AA08A31C471F40E8AABEF01A0EF
; 99980 13:56.48 2020-03-18 INSTALL.sh
INSTALL.sh 04A834FCD3BC9DA5282EDE8A3D2C459FBC625E46 FBCA1473FEC26AD5A6C1AE6AE3D9AF11E47E7758F30B160BC047ABE9978F4476 7281B13AA7D6B016152096D35619C2CECC7EC49F8F41CF8A3B8284335D950D35F273FA56FEA63EC5ADB3669038239C61 FA17DF3AA0CBC54D2B48AE14FB296C91C12FC6CF8E3704B8AF1B2CB2CDE9C6FAF591A2E42A38C01C299C62390868E7766EF682A6B3B556BAFC469688E8AED6E7

2
INSTALL/INSTALL.sh.sha1
View File

@ -1 +1 @@
68ced66fc4d5c4a7f0041bf7dac60113fab614e5 INSTALL.sh
04a834fcd3bc9da5282ede8a3d2c459fbc625e46 INSTALL.sh

2
INSTALL/INSTALL.sh.sha256
View File

@ -1 +1 @@
5dfcf61aeb56a736930ee8a77959bd90c2f8ad6ad11cd1b09ab60d1e68d18bd0 INSTALL.sh
fbca1473fec26ad5a6c1ae6ae3d9af11e47e7758f30b160bc047abe9978f4476 INSTALL.sh

2
INSTALL/INSTALL.sh.sha384
View File

@ -1 +1 @@
d03aecc77cf64a90da971c562eb49c373954151b712966ef6482f6e032f992b568bb8e0c2ff3eafb300db7bf768796e4 INSTALL.sh
7281b13aa7d6b016152096d35619c2cecc7ec49f8f41cf8a3b8284335d950d35f273fa56fea63ec5adb3669038239c61 INSTALL.sh

2
INSTALL/INSTALL.sh.sha512
View File

@ -1 +1 @@
3981e487fd3c4822f353232abfb8a017e299702e1e5b1d75a2dc901d6cc8cf356f848ca944fbd04a25e9ca459645fdc5f03d2aa08a31c471f40e8aabef01a0ef INSTALL.sh
fa17df3aa0cbc54d2b48ae14fb296c91c12fc6cf8e3704b8af1b2cb2cde9c6faf591a2e42a38c01c299c62390868e7766ef682a6b3b556bafc469688e8aed6e7 INSTALL.sh

90
app/Console/Command/SupportShell.php Normal file
View File

@ -0,0 +1,90 @@
http://download.geonames.org/export/dump/countryInfo.txt
<?php
class SupportShell extends AppShell {
public $uses = array();
private $__fields = false;
private $__countries = array();
private $__whitelistedFields = array(
'ISO',
'ISO3',
'Country',
'Capital',
'Area',
'Population',
'Continent',
'tld',
'CurrencyCode',
'CurrencyName',
'Languages'
);
public function getGeoNames()
{
$raw = file_get_contents('http://download.geonames.org/export/dump/countryInfo.txt');
$raw = explode(PHP_EOL, $raw);
$lastCommentLine = '';
foreach ($raw as $line) {
if (empty($line)) {
continue;
}
if ($line[0] === '#') {
$lastCommentLine = $line;
} else {
if (!$this->__fields) {
$this->__setHeaders($lastCommentLine);
}
$line = preg_split("/[\t]/", $line);
$temp = array();
foreach ($line as $pos => $value) {
$field = $this->__fields[$pos];
if (in_array($field, $this->__whitelistedFields)) {
$temp[$field] = $value;
}
}
$this->__countries[] = $temp;
}
}
$clusters = array(
'authors' => array('geonames.org'),
'category' => 'country',
'description' => 'Country meta information based on the database provided by geonames.org.',
'name' => 'Country',
'source' => 'MISP Project',
'type' => 'country',
'uuid' => '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',
'version' => empty($this->args[0]) ? 1 : intval($this->args[0])
);
foreach ($this->__countries as $country) {
$countryName = $country['Country'];
unset($country['Country']);
$clusters['values'][] = array(
'description' => $countryName,
'uuid' => '84668357-5a8c-4bdd-9f0f-6b50b2' . bin2hex($country['ISO3']),
'value' => strtolower($countryName),
'meta' => $country
);
}
$galaxy = array(
'description' => 'Country meta information based on the database provided by geonames.org.',
'icon' => 'globe',
'name' => 'Country',
'namespace' => 'misp',
'type' => 'country',
'uuid' => '84668357-5a8c-4bdd-9f0f-6b50b2aee4c1',
'version' => empty($this->args[0]) ? 1 : intval($this->args[0])
);
file_put_contents('cluster.json', json_encode($clusters, JSON_PRETTY_PRINT));
file_put_contents('galaxy.json', json_encode($galaxy, JSON_PRETTY_PRINT));
echo PHP_EOL . PHP_EOL . 'cluster.json and galaxy.json created.' . PHP_EOL . PHP_EOL;
}
private function __setHeaders($line)
{
$line = substr($line, 1);
$this->__fields = preg_split("/[\t]/", $line);
return true;
}
}

1
app/Controller/DashboardsController.php
View File

@ -4,6 +4,7 @@ App::uses('AppController', 'Controller');
class DashboardsController extends AppController
{
public $components = array('Session', 'RequestHandler');
public $helpers = array('ScopedCSS');
public function beforeFilter()
{

2
app/Controller/UsersController.php
View File

@ -723,7 +723,7 @@ class UsersController extends AppController
$user = $this->User->find('first', array('conditions' => array('User.id' => $this->User->id), 'recursive' => -1));
$password = isset($this->request->data['User']['password']) ? $this->request->data['User']['password'] : false;
$result = $this->User->initiatePasswordReset($user, true, true, $password);
if ($result) {
if ($result && empty(Configure::read('MISP.disable_emailing'))) {
$notification_message .= ' User notified of new credentials.';
}
}

22
app/Lib/Export/NidsSuricataExport.php
View File

@ -109,7 +109,6 @@ class NidsSuricataExport extends NidsExport
$data['host'] = '';
}
}
switch ($scheme) {
case "http":
$data['host'] = NidsExport::replaceIllegalChars($data['host']);
@ -126,26 +125,18 @@ class NidsSuricataExport extends NidsExport
} else {
$content = 'flow:to_server,established; content:"' . $data['host'] . '"; fast_pattern; nocase; http_header; content:"' . $data['path'] . '"; nocase; http_uri;';
}
break;
case "https":
$data['host'] = NidsExport::replaceIllegalChars($data['host']);
$tag = 'tag:session,600,seconds;';
# IP: classic IP rule for HTTPS
if (filter_var($data['host'], FILTER_VALIDATE_IP)) {
$suricata_protocol = 'tcp';
$suricata_src_ip = '$HOME_NET';
$suricata_src_port = 'any';
$suricata_dst_ip = $data['host'];
$suricata_dst_port = NidsExport::getProtocolPort($scheme, $data['port']);
$content = 'flow:to_server; app-layer-protocol:tls;';
}
# Domain: rule on https certificate subject
else {
$createRule = false;
}
$suricata_protocol = 'tcp';
$suricata_src_ip = '$HOME_NET';
$suricata_src_port = 'any';
$suricata_dst_ip = $data['host'];
$suricata_dst_port = NidsExport::getProtocolPort($scheme, $data['port']);
$content = 'flow:to_server; app-layer-protocol:tls;';
break;
case "ssh":
@ -196,7 +187,6 @@ class NidsSuricataExport extends NidsExport
break;
}
if ($createRule) {
$attribute['value'] = NidsExport::replaceIllegalChars($attribute['value']); // substitute chars not allowed in rule
$this->rules[] = sprintf(

6
app/View/Dashboards/widget_loader.ctp
View File

@ -1,6 +1,10 @@
<?php
$widgetHtml = $this->element('/dashboard/Widgets/' . $config['render']);
$scopedHtml = $this->ScopedCSS->createScopedCSS($widgetHtml);
?>
<div id="widgetContentInner_<?= h($widget_id) ?>">
<?php
echo $this->element('/dashboard/Widgets/' . $config['render']);
echo $scopedHtml['bundle'];
?>
</div>
<script type="text/javascript">

32
app/View/Elements/dashboard/Widgets/MultiBarChart.ctp
View File

@ -1,32 +0,0 @@
<table style="border-spacing:0px;">
<?php
if (!empty($data['logarithmic'])) {
$max = max($data['logarithmic']);
} else {
$max = max($data['data']);
}
foreach ($data['data'] as $entry => $count) {
$value = $count;
if (!empty($data['logarithmic'])) {
$value = $data['logarithmic'][$entry];
}
echo sprintf(
'<tr><td style="%s">%s</td><td style="%s">%s</td></tr>',
'text-align:right;width:33%;',
h($entry),
'width:100%',
sprintf(
'<div title="%s" style="%s">%s</div>',
h($entry) . ': ' . h($count),
sprintf(
'background-color:%s; width:%s; color:white; text-align:center;',
(empty($data['colours'][$entry]) ? '#0088cc' : h($data['colours'][$entry])),
100 * h($value) / $max . '%;'
),
h($count)
),
'&nbsp;'
);
}
?>
</table>

119
app/View/Elements/dashboard/Widgets/MultiLineChart.ctp Normal file
View File

@ -0,0 +1,119 @@
<?php
echo $this->Html->script('d3');
$seed = rand();
if (!empty($data['formula'])) {
echo sprintf(
'<div style="width:100%%;text-align:center;" class="blue bold">%s</div>',
h($data['formula'])
);
}
?>
<svg id="svg-<?= $seed ?>" width="960" height="500"></svg>
<script>
var margin = {top: 20, right: 80, bottom: 30, left: 50},
width = 960 - margin.left - margin.right,
height = 500 - margin.top - margin.bottom;
var parseDate = d3.time.format("%Y-%m-%d").parse;
var x = d3.time.scale()
.range([0, width]);
var y = d3.scale.linear()
.range([height, 0]);
var color = d3.scale.category10();
var xAxis = d3.svg.axis()
.scale(x)
.orient("bottom");
var yAxis = d3.svg.axis()
.scale(y)
.orient("left");
var line = d3.svg.line()
.interpolate("basis")
.x(function(d) { return x(d.date); })
.y(function(d) { return y(d.count); });
var svg = d3.select('#svg-<?= $seed ?>')
.attr("width", width + margin.left + margin.right)
.attr("height", height + margin.top + margin.bottom)
.append("g")
.attr("transform", "translate(" + margin.left + "," + margin.top + ")");
var data = <?= json_encode($data['data']) ?>;
var insight = "<?= h($data['insight']) ?>";
color.domain(d3.keys(data[0]).filter(function(key) { return key !== "date"; }));
data.forEach(function(d) {
d.date = parseDate(d.date);
});
var data_nodes = color.domain().map(function(name) {
return {
name: name,
values: data.map(function(d) {
return {
date: d.date, count: +d[name]
};
})
};
});
x.domain(d3.extent(data, function(d) { return d.date; }));
y.domain([
d3.min(data_nodes, function(c) { return d3.min(c.values, function(v) { return v.count; }); }),
d3.max(data_nodes, function(c) { return d3.max(c.values, function(v) { return v.count; }); })
]);
svg.append("g")
.attr("class", "x axis axis_multi_line_chart")
.attr("transform", "translate(0," + height + ")")
.call(xAxis);
svg.append("g")
.attr("class", "y axis axis_multi_line_chart")
.call(yAxis)
var data_node = svg.selectAll(".data-node-<?= $seed ?>")
.data(data_nodes)
.enter().append("g")
.attr("class", "data-node-<?= $seed ?>");
data_node.append("path")
.attr("class", "line path_multi_line_chart")
.attr("d", function(d) { return line(d.values); })
.style("stroke", function(d) { return color(d.name); });
data_node.append("text")
.datum(function(d) { return {name: d.name, value: d.values[d.values.length - 1]}; })
.attr("transform", function(d) { return "translate(" + x(d.value.date) + "," + y(d.value.count) + ")"; })
.attr("x", 3)
.attr("dy", ".35em")
.text(function(d) { return d.name; });
</script>
<style widget-scoped>
.path_multi_line_chart {
stroke-width: 1;
fill: none;
stroke-linejoin: round;
stroke-linecap: round;
}
.path_multi_line_chart {
stroke-width: 1;
}
.axis_multi_line_chart path,
.axis_multi_line_chart line {
fill: none;
stroke: grey;
stroke-width: 1;
shape-rendering: crispEdges;
}
</style>

2
app/View/Elements/serverRuleElements/pull.ctp
View File

@ -58,7 +58,7 @@
</table>
<div>
<p style="color:green;font-weight:bold;"><?php echo __('Additional sync parameters (based on the event index filters)');?></p>
<input style="width:650px;" placeholder='{"timestamp": "30d"}' maxlength="40" type="text" value="" id="urlParams" required="required" data-original-title="" title="">
<input style="width:650px;" placeholder='{"timestamp": "30d"}' type="text" value="" id="urlParams" required="required" data-original-title="" title="">
</div>
</div>
<div>

2
app/View/Events/automation.ctp
View File

@ -124,7 +124,7 @@
echo 'Accept: application/json' . PHP_EOL;
echo 'Content-type: application/json';
?></pre>
<code>{"request": {"type":"ip", "eventid":["!51","!62"],"withAttachment":false,"tags":["APT1","!OSINT"],"from":false,"to":"2015-02-15"}}</code><br /><br />
<code>{"request": {"type": "ip", "eventid": ["!51","!62"],"withAttachment": false,"tags": ["APT1","!OSINT"],"from": false,"to": "2015-02-15"}}</code><br /><br />
<p>XML:</p>
<pre><?php
echo 'Headers' . PHP_EOL;

93
app/View/Helper/ScopedCSSHelper.php Normal file
View File

@ -0,0 +1,93 @@
<?php
App::uses('AppHelper', 'View/Helper');
// prepend user names on the header with some text based on the given rules
class ScopedCSSHelper extends AppHelper {
private function endsWith($haystack, $needle)
{
$length = strlen($needle);
if ($length == 0) {
return true;
}
return (substr($haystack, -$length) === $needle);
}
private function preppendScopedId($css, $seed)
{
$prependSelector = sprintf('[data-scoped="%s"]', $seed);
$cssLines = explode(PHP_EOL, $css);
foreach ($cssLines as $i => $line) {
if (strlen($line) > 0) {
if ($this->endsWith($line, "{") || $this->endsWith($line, ",")) {
$cssLines[$i] = sprintf("%s %s", $prependSelector, $line);
}
}
}
$cssScopedLines = implode(PHP_EOL, $cssLines);
return sprintf("<style>%s%s%s</style>", PHP_EOL, $cssScopedLines, PHP_EOL);
}
/**
* Replace a declared CSS scoped style and prepend a random CSS data filter to any CSS selector discovered.
* Usage: Add the following style tag `<style widget-scoped>` to use the scoped feature. Nearly every selector path will have their rule modified to adhere to the scope
* Restrictions:
* - Applying class to the root document (i.e. `body`) will not work
* - Selector rules must end with either `{` or `,`, their content MUST be put in a new line:
* [bad]
* element { ... }
* [good]
* element {
* ...
* }
* - Selectors with the `and` (`,`) rule MUST be split in multiple lines:
* [bad]
* element,element {
* ...
* }
* [good]
* element,
* element {
* ...
* }
* @param string $param1 HTML potentially containing scoped CSS
* @return array Return an array composed of 3 keys (html, css and seed)
* - bundle: Include both scoped HTML and scoped CSS or the original html if the scoped feature is not requested
* - html: Untouched HTML including nested in a scoped DIV or original html if the scoped feature is not requested
* - css: CSS with an additional filter rule prepended to every selectors or the empty string if the scoped feature is not requested
* - seed: The random generated number
* - originalHtml: Untouched HTML
*/
public function createScopedCSS(string $html) : array
{
$css = "";
$seed = "";
$originalHtml = $html;
$bundle = $originalHtml;
$scopedHtml = $html;
$scopedCss = "";
$htmlStyleTag = "<style widget-scoped>";
$styleClosingTag = "</style>";
$styleTagIndex = strpos($html, $htmlStyleTag);
$closingStyleTagIndex = strpos($html, $styleClosingTag, $styleTagIndex) + strlen($styleClosingTag);
if ($styleTagIndex !== false && $closingStyleTagIndex !== false && $closingStyleTagIndex > $styleTagIndex) { // enforced scoped css
$seed = rand();
$css = substr($html, $styleTagIndex, $closingStyleTagIndex);
$html = str_replace($css, "", $html); // remove CSS part
$css = str_replace($htmlStyleTag, "", $css); // remove the style node
$css = str_replace($styleClosingTag, "", $css); // remove closing style node
$scopedCss = $this->preppendScopedId($css, $seed);
$scopedHtml = sprintf("<div %s>%s</div>", sprintf("data-scoped=\"%s\" ", $seed), $html);
$bundle = sprintf("%s %s", $scopedHtml, $scopedCss);
}
return array(
"bundle" => $bundle,
"html" => $scopedHtml,
"css" => $scopedCss,
"seed" => $seed,
"originalHtml" => $originalHtml,
);
}
}

15
app/files/community-metadata/defaults.json
View File

@ -77,5 +77,20 @@
"pgp_key": "\r\n\r\n-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQINBF49WD4BEADpDaqhEU1mWlCbqvWWxRLJcBJara4Cg7yGAlabAU/trfw2x0Ob\r\non9Lh6p/CpyTY/CPcJ6fH4IrU18U8wN8RaWxmHLyml0GGKBHcSYNisDu7E4nCC5P\r\nSY8F0OH6yQ9dwX2Os3s6fJNo9ZqC3u9lxzBf0+OzH6cV6x4Olto7slGQAP1922s6\r\nies8M21GhCJ4X+XO1sO9ap1nDlAT/44OvxQuQdYVXy46Letehk3QXo/RU8iVgqDQ\r\n1v/YIaFEibk9/6teeBTe1y77lULUfgl1pd9PnD68+w/WhNUuX+RECmsGH7Snm+kb\r\nL1x+WClQgYDJioVpTA+e4R2KYIBidKfhNw3F2Hcg70wo7Bq6u/i2iM3mtK5kALyb\r\n7jn1MHKpIGUq7vtHCzEa+d9wB1cMPj4HYF7tXIfDdtcl3bTv6IiOsNT6rhpI1+vy\r\nupNXyRplSGRQ6RV1kZ3ACqG8kErEp6L9g2AxCh1S5b4cf79JJvHMkkS60DLPnsF0\r\np8RwZL1JxlNHbQ1UxgWkSHAie2d5FLY8cpTmQwTJ6/z48b68wUS7cvtntvyf6+bq\r\nPKZrUPK4I/ly/tcMlrShx1N+aC5oHGDujuQUmmQjax9Ec2MkLBilBZJd94+avyY3\r\nxZGuI4sfEQurD8cP89/cJOtGNZ24ZVM8NRQVAVEaqDV1r3RzF30XbVdy0QARAQAB\r\ntDVNSVNQIFRocmVhdCBTaGFyaW5nIChlQ3JpbWVMYWJzKSA8bWlzcEBlY3JpbWVs\r\nYWJzLmRrPokCTgQTAQoAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMcp\r\nObUHQyZwszqsoacaYbhQMh7/BQJePVjHAAoJEKcaYbhQMh7/4scP/14BEKdF8qse\r\nf0a4v8VrAjLEuiB97p/RI5EYqvdrPT4FqhpLOLrpGM8lBtemspzRiZyPOE9BQjN6\r\nLPhJumzGukolbCLCwF5/pMXwkAIz1vDL01qLRx1nG/OSdAY/US/gpkjhbAK9J4sU\r\nGpqiHqUwGFT7RMiUlRIzhz1xZaTITBK/LbkVnayU9UX3eoEq9q6k3yqp6dhqyM6r\r\nMF5ai0oouWJ0MaoPmjRSR/r9FA6WMAI2Ni8pnWZqJVJVSmwaZJLMFR7JyXTUpNXP\r\nAwrI+T3VEErMDx3bLhF2salZFCWS0HfQN313yhv81Nk9pDSl4JDahhao77gpSjtm\r\nmp7MaFeGaeOnS3CWI8I57/fMn4Fax9dAoHwoaG4cPTZ9mML6yH39eMCx4ik77Ucs\r\nF5vt4MImF5tucQga3P6JiYAzkDyBSzd5gQR0ocWECYnK7fMF9PmdYj6p56XqVwVs\r\nvR+0rDXc6NrqpELf62NHwnCegn9bPTwNOK158m5CHcZ+veuQBitL/6AbjHX8K7cf\r\nbb0iVJQpCskkIRq9oidNOXBDOt2vyrwLoG0RcfKS6uOJWoQakyO1TNCI87oo+fo3\r\nlUfyUqHhDCXX72lBmW2kXIPAPRhpJmVUaAyc3nzYBU5/5xV1xrH0VhXeyw17tj6w\r\nXpSrwosJzIkrJzto2oaJhAqehBPMTO0n\r\n=FHjc\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n",
"misp_project_vetted": true,
"scope_of_data_to_be_shared": "Cybersecurity Threat Intelligence including indicators, threat intelligence information, reports, contextual threat actor information or financial fraud information."
},
{
"name": "Cognitive Security Collaborative",
"uuid": "1ea46a83-cd51-40f5-a375-104e0acd6729",
"org_uuid": "5e2dd31a-3bcc-45e8-ba7e-2ab890d945c8",
"org_name": "Cogsec Collab",
"description": "The Cognitive Security Collaborative operates as a sharing community dedicated to information operations.",
"url": "https://www.cogsec-collab.org",
"sector": "undefined",
"nationality": "International",
"type": "Vetted Information Sharing Community",
"email": "misp@cogsec-collab.org",
"pgp_key": "\r\n\r\n-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQGNBF55bdcBDAC6+Fcey+0GcUw4iP4j15+/FylnvGa4wl8MRkYR5XryJn+n/O4s\r\nZbNCKpxwUA7lb2prn37lWMX7LswjvoxfmCTKi78UY1YH7Fqg3JG2PsV9Lw7uYnzC\r\nAImyAflzDpewo+eCF1aknvcbcbGkYFwdQ/37UfG/BkwCDQQGrBZ5EtL6CYXXNX/P\r\nX+4vYv23AVuchHvxeyW2dPLL3A6t3Mx8pZQBdN1cGZ1QAtE9IN0Yn2y+rMsNpDG4\r\ncOQ6bRqmue2I8JEB4AsQcufcqx69imBvBERsIZEyGZekLjmiuqDKI9Gti2VKZe/t\r\nxdl++gjplq6OAkdzXDGsMNtwxSk21IBrugAXK6K+4RPiMrPpBh81VGzBe2PRKUwT\r\nAZi06KZdaZudehvzIMLsNP5Aeep4+GXxoZ7Yrka/08SIv7SN5XY4o6xkli658Z+l\r\n8WAj2JiI684D/TK5MlvcBDQk1yKdDI2iC4eTFLkJ2PiDToUDT+vACrcnevstU+c8\r\nrNPFbvbB1DUIIo8AEQEAAbQ5Q29nbml0aXZlIFNlY3VyaXR5IENvbGxhYm9yYXRp\r\ndmUgPG1pc3BAY29nc2VjLWNvbGxhYi5vcmc+iQHUBBMBCAA+FiEEm65FjZ6Jbfp9\r\nCN50hA2Itf18R2cFAl55bdcCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC\r\nF4AACgkQhA2Itf18R2e/ewv7BuCpmNIR0YOJld8RqrS4g5MV6eKJUuTRYUOxDyw9\r\nvgdpdvM1FgHPZ7pJcsijKQ+S+dL7ADmEbsCLWe1UhcwbnVRxJ0T+1yxRf6ONQA0/\r\ntRLmrcF4j6JCkl01irWRnYxMI1w1ABOQj4/J7BcTCzbYUdnxSuWhcZBqcsYIHf8J\r\nHnfbVd7OIML/80IRZbRXn1ST6OeXK9RpzqO7bnfPGnd506dt8sfHCWRidUSv2max\r\nrsi9xSyXeSKSNPQFVBgYnMVwBVUGIaWTnt7Ly4I8Bs5P9NWUpLYrRgYLMbDzLWaD\r\nxX7qNQjAKkNCx9k7qQN0Ck9YqeUIuJQPq2doGuLKnqjJBXizsXbAFqcKitQz7WV2\r\nPUsN/QUguVyZbhy7oJELlWDiDWxS6EwpU+q0SODHjCFKoUXvWFkk9bz1K4/kLDFO\r\nOdTABp7i65nJst5b3pVXimoTKqW7JRyCUWz3aaaqjWSTPKP2GmQbxOwM86rgmnGX\r\nqq8Ces6LQw6zGw08ubDDotEKuQGNBF55bdcBDACbmsVMV7azLYys6iMXTLVERasT\r\nUnw8FpKADA2uDgQme5o3CjeFtBBkgBNe8zdOEEslggETVmntp4n6woQzOknDHNx/\r\nVMliUaGuIYgmC8hTDTF269fdRTpKMrcwu2aBEUpHpG7Xvz91HIr213FTwU0LLq0g\r\n+DefSlwdcMPJiCUqshLw8q/D3qVg/VYVen5li55RQBBFLgYYNgag3WnSejE41uqz\r\nvt40FZ4C88Pj0I3f+PRtfHHeXTZehUjs3+W4jn1fLWNmbIScmIhwp/Vqh8R7JHf2\r\n69UGgWr4cOaLGh6C2Io+TVJ+Sq7TMt47qB6eO53Vr2nyizXTxjrmAWqjw3OLc8QX\r\nWsjbpTMqUaPisnCpog/3SqnE4Fe2rQYkroQao6dRL3FrmgvnyhLgjUtjk6fAfx1+\r\nH6fQFH/JJGCNefG9AWo41Er3oHGoV0yqlI697uk0QGdx/848hc0gXLrus82bw+BI\r\nx36ycevxkpmfvzC8lew/vLEB7t/jqXH2H9Qqtm0AEQEAAYkBvAQYAQgAJhYhBJuu\r\nRY2eiW36fQjedIQNiLX9fEdnBQJeeW3XAhsMBQkJZgGAAAoJEIQNiLX9fEdnmYsM\r\nAJzX6MCYoGPED1VXMoPXVS9s7V7hv+0Q4SKcoUxqROwA0wb3NwvdnzO/WAQlzIIj\r\ny1Sk9VX8qZkATN7+nti8jfhKnlMVqAXFFg9fMsq68WlTzHiyGm06DnM2DXBvdLRT\r\nwbcm5H4Ly1/bCFww6Spbxo3zScrSCeRrIHHGOHEzr/vhcZavRDpFmdpTCD6ID7oG\r\nw5jR6GdSCpvBT6Lq7M2xe6cVw/A9z5tE3cIf75uikKfch8HFVV2l1B9XLJVpvhqv\r\nYf+kUa7l7VP893yyTyf9G6SSaS77VKlHxn+OQ9AX+wdgSpD5SgVkvRFXejXw8oIZ\r\nBeTNYTvYYgV75ApnvT+hyeirGDCRRiTiuva0ijd71PzTRk+5Ad80rav1Jy864dUt\r\nDcSklY5T+wjJf7kb/3nIE5vqO/3YkJxdDTvZM23T+IZsCvamQ5pyyp+bP3HTAZkr\r\no6oiGFXbv5OF6/wkUG6vQ5w1RCUQVLfrM6Dh675dx/sdI+p0JMt6BlvlRUJSofu0\r\nWw==\r\n=4aXp\r\n-----END PGP PUBLIC KEY BLOCK-----\r\n",
"misp_project_vetted": true,
"scope_of_data_to_be_shared": "Information Operation Threat Intelligence including disinformation, indicators, threat intelligence information, reports, contextual threat actor information or financial fraud information."
}
]

160
app/files/feed-metadata/defaults.json
View File

@ -1795,67 +1795,103 @@
}
},
{
"Feed": {
"id": "114",
"name": "DigitalSide Threat-Intel OSINT Feed",
"provider": "osint.digitalside.it",
"url": "https:\/\/osint.digitalside.it\/Threat-Intel\/digitalside-misp-feed\/",
"rules": "",
"enabled": false,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "0",
"default": false,
"source_format": "misp",
"fixed_event": true,
"delta_merge": false,
"event_id": "0",
"publish": false,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": false,
"headers": "",
"caching_enabled": false,
"force_to_ids": false,
"cache_timestamp": "1568901075"
}
},
{
"Feed": {
"id": "115",
"name": "Metasploit exploits with CVE assigned",
"provider": "eCrimeLabs",
"url": "https:\/\/feeds.ecrimelabs.net\/data\/metasploit-cve",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "0",
"default": false,
"source_format": "csv",
"fixed_event": true,
"delta_merge": true,
"event_id": "",
"publish": true,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": true,
"headers": "",
"caching_enabled": true,
"force_to_ids": false,
"cache_timestamp": "1571206806"
},
"Tag": {
"id": "615",
"name": "osint:source-type=\"block-or-filter-list\"",
"colour": "#004577",
"exportable": true,
"org_id": "0",
"hide_tag": false
}
"Feed": {
"id": "114",
"name": "DigitalSide Threat-Intel OSINT Feed",
"provider": "osint.digitalside.it",
"url": "https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/",
"rules": "",
"enabled": false,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "0",
"default": false,
"source_format": "misp",
"fixed_event": true,
"delta_merge": false,
"event_id": "0",
"publish": false,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": false,
"headers": "",
"caching_enabled": false,
"force_to_ids": false,
"cache_timestamp": "1568901075"
}
},
{
"Feed": {
"id": "115",
"name": "Metasploit exploits with CVE assigned",
"provider": "eCrimeLabs",
"url": "https://feeds.ecrimelabs.net/data/metasploit-cve",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]}}",
"enabled": true,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "615",
"default": false,
"source_format": "csv",
"fixed_event": true,
"delta_merge": true,
"event_id": "0",
"publish": true,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": true,
"headers": "",
"caching_enabled": true,
"force_to_ids": false,
"cache_timestamp": "1571206806"
},
"Tag": {
"id": "615",
"name": "osint:source-type=\"block-or-filter-list\"",
"colour": "#004577",
"exportable": true,
"org_id": "0",
"hide_tag": false
}
},
{
"Feed": {
"id": "116",
"name": "Malware Bazaar",
"provider": "abuse.ch",
"url": "https://bazaar.abuse.ch/export/txt/md5/full/",
"rules": "{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"\"}",
"enabled": false,
"distribution": "0",
"sharing_group_id": "0",
"tag_id": "615",
"default": false,
"source_format": "csv",
"fixed_event": true,
"delta_merge": false,
"event_id": "0",
"publish": false,
"override_ids": false,
"settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\\/^#.*\\/i\"}}",
"input_source": "network",
"delete_local_file": false,
"lookup_visible": true,
"headers": "",
"caching_enabled": false,
"force_to_ids": false,
"cache_timestamp": "1571206806"
},
"Tag": {
"id": "615",
"name": "osint:source-type=\"block-or-filter-list\"",
"colour": "#004577",
"exportable": true,
"org_id": "0",
"hide_tag": false
}
}
]

2
app/files/misp-galaxy

@ -1 +1 @@
Subproject commit e37f320df5a6ba4d9c67662a3670b160e9941bcf
Subproject commit 777c3188db6fd1f04fc81106a6c2eb293bb19d12

2
app/files/taxonomies

@ -1 +1 @@
Subproject commit 0edcb08fa618f15b51a2bbf0eae6b89c5f603ded
Subproject commit d89d185997fd5b9fd47574785141a0ee81383a7e

20
app/webroot/css/multi-line-chart.css Normal file
View File

@ -0,0 +1,20 @@
path {
stroke-width: 1;
fill: none;
stroke-linejoin: round;
stroke-linecap: round;
}
circle {
stroke-width: 1;
}
.axis path,
.axis line {
fill: none;
stroke: grey;
stroke-width: 1;
shape-rendering: crispEdges;
}
.legend, .label, .hover-text{
font-size: x-small;
background-color: white;
}

5
docs/generic/supportFunctions.md
View File

@ -833,13 +833,12 @@ genRCLOCAL () {
# Run PyMISP tests
runTests () {
echo "url = '${MISP_BASEURL}'
key = '${AUTH_KEY}'" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
echo "url = \"${MISP_BASEURL}\"
key = \"${AUTH_KEY}\"" |sudo tee ${PATH_TO_MISP}/PyMISP/tests/keys.py
sudo chown -R $WWW_USER:$WWW_USER $PATH_TO_MISP/PyMISP/
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && git submodule foreach git pull origin master"
sudo -H -u $WWW_USER ${PATH_TO_MISP}/venv/bin/pip install -e $PATH_TO_MISP/PyMISP/.[fileobjects,neo,openioc,virustotal,pdfexport]
sudo -H -u $WWW_USER git clone https://github.com/viper-framework/viper-test-files.git $PATH_TO_MISP/PyMISP/tests/viper-test-files
sudo -H -u $WWW_USER sh -c "cd $PATH_TO_MISP/PyMISP && ${PATH_TO_MISP}/venv/bin/python tests/testlive_comprehensive.py"
}