diff --git a/PyMISP b/PyMISP index 5d16c9717..8b8459ce5 160000 --- a/PyMISP +++ b/PyMISP @@ -1 +1 @@ -Subproject commit 5d16c97178453f2624ad0ffdccb06b16578401af +Subproject commit 8b8459ce5322a205454d87f0cf95ff042c9eb53a diff --git a/app/Lib/Tools/IOCExportTool.php b/app/Lib/Tools/IOCExportTool.php index 024dafab0..382438a91 100644 --- a/app/Lib/Tools/IOCExportTool.php +++ b/app/Lib/Tools/IOCExportTool.php @@ -55,7 +55,7 @@ class IOCExportTool { $temp = ''; // We will start adding all the components that will be in the xml file here - $date = date("Y-m-d\Th:i:s"); + $date = date("Y-m-d\TH:i:s"); $temp .= '' . PHP_EOL; $temp .= '' . PHP_EOL; $temp .= ' Filtered indicator list' . PHP_EOL; diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php index 234826c49..bbabccf36 100644 --- a/app/Model/Attribute.php +++ b/app/Model/Attribute.php @@ -144,6 +144,7 @@ class Attribute extends AppModel 'regkey|value' => array('desc' => "Registry value + data separated by |", 'default_category' => 'Persistence mechanism', 'to_ids' => 1), 'AS' => array('desc' => 'Autonomous system', 'default_category' => 'Network activity', 'to_ids' => 0), 'snort' => array('desc' => 'An IDS rule in Snort rule-format', 'formdesc' => "An IDS rule in Snort rule-format. This rule will be automatically rewritten in the NIDS exports.", 'default_category' => 'Network activity', 'to_ids' => 1), + 'bro' => array('desc' => 'An NIDS rule in the Bro rule-format', 'formdesc' => "An NIDS rule in the Bro rule-format.", 'default_category' => 'Network activity', 'to_ids' => 1), 'pattern-in-file' => array('desc' => 'Pattern in file that identifies the malware', 'default_category' => 'Payload installation', 'to_ids' => 1), 'pattern-in-traffic' => array('desc' => 'Pattern in network traffic that identifies the malware', 'default_category' => 'Network activity', 'to_ids' => 1), 'pattern-in-memory' => array('desc' => 'Pattern in memory dump that identifies the malware', 'default_category' => 'Payload installation', 'to_ids' => 1), @@ -318,7 +319,7 @@ class Attribute extends AppModel ), 'Network activity' => array( 'desc' => 'Information about network traffic generated by the malware', - 'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-sha1', 'other', 'hex', 'cookie', 'hostname|port') + 'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'mac-address', 'mac-eui-64', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'stix2-pattern', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-sha1', 'other', 'hex', 'cookie', 'hostname|port', 'bro') ), 'Payload type' => array( 'desc' => 'Information about the final payload(s)', @@ -332,7 +333,7 @@ class Attribute extends AppModel 'External analysis' => array( 'desc' => 'Any other result from additional analysis of the malware like tools output', 'formdesc' => 'Any other result from additional analysis of the malware like tools output Examples: pdf-parser output, automated sandbox analysis, reverse engineering report.', - 'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'mac-address', 'mac-eui-64', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'github-repository', 'other', 'cortex') + 'types' => array('md5', 'sha1', 'sha256','filename', 'filename|md5', 'filename|sha1', 'filename|sha256', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'mac-address', 'mac-eui-64', 'hostname', 'domain', 'domain|ip', 'url', 'user-agent', 'regkey', 'regkey|value', 'AS', 'snort', 'bro','pattern-in-file', 'pattern-in-traffic', 'pattern-in-memory', 'vulnerability', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'x509-fingerprint-sha1', 'x509-fingerprint-md5', 'x509-fingerprint-sha256', 'github-repository', 'other', 'cortex') ), 'Financial fraud' => array( 'desc' => 'Financial Fraud indicators', @@ -403,7 +404,7 @@ class Attribute extends AppModel // This helps generate quick filtering for the event view, but we may reuse this and enhance it in the future for other uses (such as the API?) public $typeGroupings = array( 'file' => array('attachment', 'pattern-in-file', 'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy','authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash', 'filename|pehash', 'malware-sample', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256', 'x509-fingerprint-md5'), - 'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'mac-address', 'mac-eui-64', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-traffic', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256'), + 'network' => array('ip-src', 'ip-dst', 'ip-src|port', 'ip-dst|port', 'mac-address', 'mac-eui-64', 'hostname', 'hostname|port', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'bro','pattern-in-traffic', 'x509-fingerprint-md5', 'x509-fingerprint-sha1', 'x509-fingerprint-sha256'), 'financial' => array('btc', 'xmr', 'iban', 'bic', 'bank-account-nr', 'aba-rtn', 'bin', 'cc-number', 'prtn', 'phone-number') ); @@ -1123,6 +1124,7 @@ class Attribute extends AppModel case 'mutex': case 'AS': case 'snort': + case 'bro' : case 'pattern-in-file': case 'pattern-in-traffic': case 'pattern-in-memory': diff --git a/app/Model/Feed.php b/app/Model/Feed.php index 7d7f3394c..4e9676b53 100644 --- a/app/Model/Feed.php +++ b/app/Model/Feed.php @@ -229,7 +229,8 @@ class Feed extends AppModel if ($doFetch) { $fetchIssue = false; try { - $response = $this->__getRecursive($feed['Feed']['url'], '', array()); + $request = $this->__createFeedRequest($feed['Feed']['headers']); + $response = $this->__getRecursive($feed['Feed']['url'], '', $request); //$response = $HttpSocket->get($feed['Feed']['url'], '', array()); } catch (Exception $e) { return $e->getMessage(); diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp index e0bbdf150..0232e6f4f 100644 --- a/app/View/Events/view.ctp +++ b/app/View/Events/view.ctp @@ -170,7 +170,7 @@
- +  
diff --git a/app/files/misp-objects b/app/files/misp-objects index 3036ec875..e90b1ce45 160000 --- a/app/files/misp-objects +++ b/app/files/misp-objects @@ -1 +1 @@ -Subproject commit 3036ec875c3f82d2284dff8b858d2d6474f8a175 +Subproject commit e90b1ce4575c122d410f143d5205771614004d9f