Merge branch '2.4' of github.com:MISP/MISP into 2.4

PyMISP

@@ -1 +1 @@
-Subproject commit 5d16c97178453f2624ad0ffdccb06b16578401af
+Subproject commit 8b8459ce5322a205454d87f0cf95ff042c9eb53a

app/Lib/Tools/IOCExportTool.php

@@ -55,7 +55,7 @@ class IOCExportTool
     {
         $temp = '';
         // We will start adding all the components that will be in the xml file here
-        $date = date("Y-m-d\Th:i:s");
+        $date = date("Y-m-d\TH:i:s");
         $temp .= '<?xml version="1.0" encoding="utf-8"?>' . PHP_EOL;
         $temp .= '<ioc xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" id="' . CakeText::uuid() . '" last-modified="' . $date . '" xmlns="http://schemas.mandiant.com/2010/ioc">' . PHP_EOL;
         $temp .= '  <short_description>Filtered indicator list</short_description>' . PHP_EOL;

app/Model/Attribute.php

@@ -144,6 +144,7 @@ class Attribute extends AppModel
             'regkey|value' => array('desc' => "Registry value + data separated by |", 'default_category' => 'Persistence mechanism', 'to_ids' => 1),
             'AS' => array('desc' => 'Autonomous system', 'default_category' => 'Network activity', 'to_ids' => 0),
             'snort' => array('desc' => 'An IDS rule in Snort rule-format', 'formdesc' => "An IDS rule in Snort rule-format. This rule will be automatically rewritten in the NIDS exports.", 'default_category' => 'Network activity', 'to_ids' => 1),
+            'bro' => array('desc' => 'An NIDS rule in the Bro rule-format', 'formdesc' => "An NIDS rule in the Bro rule-format.", 'default_category' => 'Network activity', 'to_ids' => 1),
             'pattern-in-file' => array('desc' => 'Pattern in file that identifies the malware', 'default_category' => 'Payload installation', 'to_ids' => 1),
             'pattern-in-traffic' => array('desc' => 'Pattern in network traffic that identifies the malware', 'default_category' => 'Network activity', 'to_ids' => 1),
             'pattern-in-memory' => array('desc' => 'Pattern in memory dump that identifies the malware', 'default_category' => 'Payload installation', 'to_ids' => 1),
@@ -318,7 +319,7 @@ class Attribute extends AppModel
                     ),
             'Network activity' => array(
                     'desc' => 'Information about network traffic generated by the malware',
-                    'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-sha1', 'other', 'hex', 'cookie', 'hostname|port')
+                    'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-sha1', 'other', 'hex', 'cookie', 'hostname|port', 'bro')
                     ),
             'Payload type' => array(
                     'desc' => 'Information about the final payload(s)',
@@ -332,7 +333,7 @@ class Attribute extends AppModel
             'External analysis' => array(
                     'desc' => 'Any other result from additional analysis of the malware like tools output',
                     'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.',
-                    'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'mac-address', 'mac-eui-64', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'github-repository', 'other', 'cortex')
+                    'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'mac-address', 'mac-eui-64', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'bro','pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'github-repository', 'other', 'cortex')
                     ),
             'Financial fraud' => array(
                     'desc' => 'Financial Fraud indicators',
@@ -403,7 +404,7 @@ class Attribute extends AppModel
     // This helps generate quick filtering for the event view, but we may reuse this and enhance it in the future for other uses (such as the API?)
     public $typeGroupings = array(
         'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy','authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash', 'malware-sample', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'x509-fingerprint-md5'),
-        'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'mac-address', 'mac-eui-64', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-traffic', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256'),
+        'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'mac-address', 'mac-eui-64', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'bro','pattern-in-traffic', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256'),
         'financial' => array('btc', 'xmr', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number')
     );
 
@@ -1123,6 +1124,7 @@ class Attribute extends AppModel
             case 'mutex':
             case 'AS':
             case 'snort':
+            case 'bro' :
             case 'pattern-in-file':
             case 'pattern-in-traffic':
             case 'pattern-in-memory':

app/Model/Feed.php

@@ -229,7 +229,8 @@ class Feed extends AppModel
             if ($doFetch) {
                 $fetchIssue = false;
                 try {
-                    $response = $this->__getRecursive($feed['Feed']['url'], '', array());
+					$request = $this->__createFeedRequest($feed['Feed']['headers']);
+                    $response = $this->__getRecursive($feed['Feed']['url'], '', $request);
                     //$response = $HttpSocket->get($feed['Feed']['url'], '', array());
                 } catch (Exception $e) {
                     return $e->getMessage();

app/View/Events/view.ctp

@@ -170,7 +170,7 @@
                 <dd><?php echo h($attribute_count);?></dd>
                 <dt><?php echo __('Last change');?></dt>
                 <dd>
-                    <?php echo date('Y/m/d h:i:s', $event['Event']['timestamp']);; ?>
+                    <?php echo date('Y-m-d H:i:s', $event['Event']['timestamp']);; ?>
                     &nbsp;
                 </dd>
                 <dt><?php echo __('Extends');?></dt>

app/files/misp-objects

@@ -1 +1 @@
-Subproject commit 3036ec875c3f82d2284dff8b858d2d6474f8a175
+Subproject commit e90b1ce4575c122d410f143d5205771614004d9f