From e7f3d0d9dfa261f0e4a88d37db08033f1f9f459d Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 09:16:34 +0200
Subject: [PATCH 01/73] new: [timeline/*-seen] Initial import of the timeline
 code from the zoidberg branch

---
 app/Controller/AttributesController.php       |  17 +-
 app/Controller/Component/ACLComponent.php     |   6 +
 .../Component/RestResponseComponent.php       |   6 +-
 app/Controller/EventsController.php           |  26 +
 app/Controller/ObjectsController.php          | 301 ++++++++-
 app/Lib/Tools/EventGraphTool.php              |  10 +-
 app/Lib/Tools/EventTimelineTool.php           | 138 +++++
 app/Model/AppModel.php                        |  92 +++
 app/Model/Attribute.php                       |  81 ++-
 app/Model/Event.php                           |   2 +-
 app/Model/MispObject.php                      | 241 +++++--
 app/View/Attributes/add.ctp                   |   3 +-
 .../ajax/attributeEditFirst_seenForm.ctp      |  14 +
 .../ajax/attributeEditLast_seenForm.ctp       |  14 +
 app/View/Elements/Events/View/row_object.ctp  |  10 +-
 app/View/Elements/form_seen_input.ctp         | 444 +++++++++++++
 app/View/Elements/view_timeline.ctp           |  33 +
 app/View/Events/view.ctp                      |   6 +
 app/View/Objects/add.ctp                      |   5 +-
 .../Objects/ajax/objectEditCommentForm.ctp    |  22 +
 .../ajax/objectEditDistributionForm.ctp       |  19 +
 .../Objects/ajax/objectEditFirst_seenForm.ctp |  14 +
 .../Objects/ajax/objectEditLast_seenForm.ctp  |  14 +
 app/View/Objects/ajax/objectViewFieldForm.ctp |   2 +
 .../Objects/ajax/quickAddAttributeForm.ctp    | 156 +++++
 .../templateWithValidObjectAttributes.ctp     |  22 +
 app/View/Objects/revise_object.ctp            |   7 +
 app/webroot/css/event-timeline.css            | 150 +++++
 app/webroot/css/main.css                      |  55 ++
 app/webroot/js/bootstrap-datepicker.js        |  11 +-
 app/webroot/js/contextual_menu.js             |  18 +-
 app/webroot/js/event-graph.js                 |  24 +-
 app/webroot/js/event-timeline.js              | 586 ++++++++++++++++++
 app/webroot/js/misp.js                        | 105 +++-
 34 files changed, 2554 insertions(+), 100 deletions(-)
 create mode 100644 app/Lib/Tools/EventTimelineTool.php
 create mode 100644 app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp
 create mode 100644 app/View/Attributes/ajax/attributeEditLast_seenForm.ctp
 create mode 100644 app/View/Elements/form_seen_input.ctp
 create mode 100644 app/View/Elements/view_timeline.ctp
 create mode 100644 app/View/Objects/ajax/objectEditCommentForm.ctp
 create mode 100644 app/View/Objects/ajax/objectEditDistributionForm.ctp
 create mode 100644 app/View/Objects/ajax/objectEditFirst_seenForm.ctp
 create mode 100644 app/View/Objects/ajax/objectEditLast_seenForm.ctp
 create mode 100644 app/View/Objects/ajax/objectViewFieldForm.ctp
 create mode 100644 app/View/Objects/ajax/quickAddAttributeForm.ctp
 create mode 100644 app/View/Objects/ajax/templateWithValidObjectAttributes.ctp
 create mode 100644 app/webroot/css/event-timeline.css
 create mode 100644 app/webroot/js/event-timeline.js

diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index 6abf54d16..6bc0cd8e8 100644
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -919,7 +919,7 @@ class AttributesController extends AppController
                     $skipTimeCheck = true;
                 }
                 if ($skipTimeCheck || $this->request->data['Attribute']['timestamp'] > $existingAttribute['Attribute']['timestamp']) {
-                    $recoverFields = array('value', 'to_ids', 'distribution', 'category', 'type', 'comment');
+                    $recoverFields = array('value', 'to_ids', 'distribution', 'category', 'type', 'comment', 'first_seen', 'last_seen');
                     foreach ($recoverFields as $rF) {
                         if (!isset($this->request->data['Attribute'][$rF])) {
                             $this->request->data['Attribute'][$rF] = $existingAttribute['Attribute'][$rF];
@@ -958,6 +958,10 @@ class AttributesController extends AppController
                     } else {
                         return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Could not update attribute, reason: ' . json_encode($this->Attribute->validationErrors))),'status' => 200, 'type' => 'json'));
                     }
+                } else {
+                    if (!$result) {
+                        return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Could not update attribute, reason: ' . json_encode($this->Attribute->validationErrors))),'status' => 200, 'type' => 'json'));
+                    }
                 }
             }
             if ($result) {
@@ -975,10 +979,11 @@ class AttributesController extends AppController
                     }
                 }
                 if ($this->_isRest() || $this->response->type() === 'application/json') {
+                    $searchFields = array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value', 'disable_correlation', 'first_seen', 'last_seen');
                     $saved_attribute = $this->Attribute->find('first', array(
                             'conditions' => array('id' => $this->Attribute->id),
                             'recursive' => -1,
-                            'fields' => array('id', 'type', 'to_ids', 'category', 'uuid', 'event_id', 'distribution', 'timestamp', 'comment', 'value', 'disable_correlation'),
+                            'fields' => $searchFields,
                     ));
                     $response = array('response' => array('Attribute' => $saved_attribute['Attribute']));
                     $this->set('response', $response);
@@ -1113,7 +1118,7 @@ class AttributesController extends AppController
         if (!$this->_isRest()) {
             $this->Attribute->Event->insertLock($this->Auth->user(), $this->Attribute->data['Attribute']['event_id']);
         }
-        $validFields = array('value', 'category', 'type', 'comment', 'to_ids', 'distribution');
+        $validFields = array('value', 'category', 'type', 'comment', 'to_ids', 'distribution', 'first_seen', 'last_seen');
         $changed = false;
         if (empty($this->request->data['Attribute'])) {
             $this->request->data = array('Attribute' => $this->request->data);
@@ -1721,7 +1726,7 @@ class AttributesController extends AppController
                 unset($this->request->data['to_ids']);
                 $this->request->data['ignore'] = 1;
             }
-            $paramArray = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags');
+            $paramArray = array('value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags', 'first_seen', 'last_seen');
             $filterData = array(
                 'request' => $this->request,
                 'named_params' => $this->params['named'],
@@ -1934,7 +1939,7 @@ class AttributesController extends AppController
             'value' , 'type', 'category', 'org', 'tags', 'from', 'to', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp',
             'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'event_timestamp', 'threat_level_id', 'includeEventTags',
             'includeProposals', 'returnFormat', 'published', 'limit', 'page', 'requested_attributes', 'includeContext', 'headerless',
-            'includeWarninglistHits', 'attackGalaxy', 'object_relation'
+            'includeWarninglistHits', 'attackGalaxy', 'object_relation', 'first_seen', 'last_seen'
         );
         $filterData = array(
             'request' => $this->request,
@@ -2389,7 +2394,7 @@ class AttributesController extends AppController
 
     public function fetchViewValue($id, $field = null)
     {
-        $validFields = array('value', 'comment', 'type', 'category', 'to_ids', 'distribution', 'timestamp');
+        $validFields = array('value', 'comment', 'type', 'category', 'to_ids', 'distribution', 'timestamp', 'first_seen', 'last_seen');
         if (!isset($field) || !in_array($field, $validFields)) {
             throw new MethodNotAllowedException(__('Invalid field requested.'));
         }
diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php
index 0df253fb7..f497fb8ac 100644
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@@ -117,6 +117,7 @@ class ACLComponent extends Component
                     'getEventGraphReferences' => array('*'),
                     'getEventGraphTags' => array('*'),
                     'getEventGraphGeneric' => array('*'),
+                    'getEventTimeline' => array('*'),
                     'genDistributionGraph' => array('*'),
                     'getDistributionGraph' => array('*'),
                     'getReferenceData' => array('*'),
@@ -250,6 +251,11 @@ class ACLComponent extends Component
                 'edit' => array('perm_add'),
                 'get_row' => array('perm_add'),
                 'orphanedObjectDiagnostics' => array(),
+                'editField' => array('perm_add'),
+                'fetchEditForm' => array('perm_add'),
+                'fetchViewValue' => array('*'),
+                'quickAddAttributeForm' => array('perm_add'),
+                'quickFetchTemplateWithValidObjectAttributes' => array('perm_add'),
                 'proposeObjectsFromAttributes' => array('*'),
                 'groupAttributesIntoObject' => array('perm_add'),
                 'revise_object' => array('perm_add'),
diff --git a/app/Controller/Component/RestResponseComponent.php b/app/Controller/Component/RestResponseComponent.php
index 301d1b3ea..397981ec4 100644
--- a/app/Controller/Component/RestResponseComponent.php
+++ b/app/Controller/Component/RestResponseComponent.php
@@ -20,13 +20,13 @@ class RestResponseComponent extends Component
             'add' => array(
                 'description' => "POST a MISP Attribute JSON to this API to create an Attribute.",
                 'mandatory' => array('value', 'type'),
-                'optional' => array('category', 'to_ids', 'uuid', 'distribution', 'sharing_group_id', 'timestamp', 'comment'),
+                'optional' => array('category', 'to_ids', 'uuid', 'distribution', 'sharing_group_id', 'timestamp', 'comment', 'first_seen', 'last_seen'),
                 'params' => array('event_id')
             ),
             'edit' => array(
                 'description' => "POST a MISP Attribute JSON to this API to update an Attribute. If the timestamp is set, it has to be newer than the existing Attribute.",
                 'mandatory' => array(),
-                'optional' => array('value', 'type', 'category', 'to_ids', 'uuid', 'distribution', 'sharing_group_id', 'timestamp', 'comment'),
+                'optional' => array('value', 'type', 'category', 'to_ids', 'uuid', 'distribution', 'sharing_group_id', 'timestamp', 'comment', 'first_seen', 'last_seen'),
                 'params' => array('attribute_id')
             ),
             'deleteSelected' => array(
@@ -382,6 +382,7 @@ class RestResponseComponent extends Component
         if (isset($this->__convertActionToMessage[$controller][$action['action']])) {
             $stringifiedAction = $this->__convertActionToMessage[$controller][$action['action']];
         }
+        $response['saved'] = false;
         $response['name'] = 'Could not ' . $stringifiedAction . ' ' . Inflector::singularize($controller);
         $response['message'] = $response['name'];
         $response['url'] = $this->__generateURL($action, $controller, $id);
@@ -395,6 +396,7 @@ class RestResponseComponent extends Component
         if (!$message) {
             $message = Inflector::singularize($controller) . ' ' . $action['action'] . ((substr($action['action'], -1) == 'e') ? 'd' : 'ed');
         }
+        $response['saved'] = true;
         $response['name'] = $message;
         $response['message'] = $response['name'];
         $response['url'] = $this->__generateURL($action, $controller, $id);
diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php
index e285e38ec..86b5e7e19 100644
--- a/app/Controller/EventsController.php
+++ b/app/Controller/EventsController.php
@@ -4752,6 +4752,32 @@ class EventsController extends AppController
         return $json;
     }
 
+    public function getEventTimeline($id, $type = 'event')
+    {
+        $validTools = array('event');
+        if (!in_array($type, $validTools)) {
+            throw new MethodNotAllowedException('Invalid type.');
+        }
+
+        App::uses('EventTimelineTool', 'Tools');
+        $grapher = new EventTimelineTool();
+        $data = $this->request->is('post') ? $this->request->data : array();
+        $dataFiltering = array_key_exists('filtering', $data) ? $data['filtering'] : array();
+
+        $extended = isset($this->params['named']['extended']) ? 1 : 0;
+
+        $grapher->construct($this->Event, $this->Auth->user(), $dataFiltering, $extended);
+        $json = $grapher->get_timeline($id);
+
+        array_walk_recursive($json, function (&$item, $key) {
+            if (!mb_detect_encoding($item, 'utf-8', true)) {
+                $item = utf8_encode($item);
+            }
+        });
+        $this->response->type('json');
+        return new CakeResponse(array('body' => json_encode($json), 'status' => 200, 'type' => 'json'));
+    }
+
     public function getDistributionGraph($id, $type = 'event')
     {
         $extended = isset($this->params['named']['extended']) ? 1 : 0;
diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index 2de1f2e64..1e1f78d8e 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -353,7 +353,7 @@ class ObjectsController extends AppController
         $this->set('element', $element);
     }
 
-    public function edit($id, $update_template_available=false)
+    public function edit($id, $update_template_available=false, $onlyAddNewAttribute=false)
     {
         if (Validation::uuid($id)) {
             $conditions = array('Object.uuid' => $id);
@@ -532,7 +532,7 @@ class ObjectsController extends AppController
                 $this->request->data = array('Attribute' => $this->request->data);
             }
             $objectToSave = $this->MispObject->attributeCleanup($this->request->data);
-            $objectToSave = $this->MispObject->deltaMerge($object, $objectToSave);
+            $objectToSave = $this->MispObject->deltaMerge($object, $objectToSave, $onlyAddNewAttribute);
             // we pre-validate the attributes before we create an object at this point
             // This allows us to stop the process and return an error (API) or return
             //  to the add form
@@ -595,6 +595,303 @@ class ObjectsController extends AppController
         $this->render('add');
     }
 
+    // ajax edit - post a single edited field and this method will attempt to save it and return a json with the validation errors if they occur.
+    public function editField($id)
+    {
+        if (Validation::uuid($id)) {
+            $this->MispObject->recursive = -1;
+            $temp = $this->MispObject->findByUuid($id);
+            if ($temp == null) {
+                throw new NotFoundException('Invalid object');
+            }
+            $id = $temp['Object']['id'];
+        } elseif (!is_numeric($id)) {
+            throw new NotFoundException(__('Invalid event id.'));
+        }
+        if ((!$this->request->is('post') && !$this->request->is('put'))) {
+            throw new MethodNotAllowedException();
+        }
+        $this->MispObject->id = $id;
+        if (!$this->MispObject->exists()) {
+            return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid object', $this->response->type());
+        }
+        $this->MispObject->recursive = -1;
+        $this->MispObject->contain('Event');
+        $object = $this->MispObject->read();
+        if (!$this->_isSiteAdmin()) {
+            if ($this->MispObject->data['Event']['orgc_id'] == $this->Auth->user('org_id')
+            && (($this->userRole['perm_modify'] && $this->MispObject->data['Event']['user_id'] != $this->Auth->user('id'))
+            || $this->userRole['perm_modify_org'])) {
+                // Allow the edit
+            } else {
+                return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid attribute', $this->response->type());
+            }
+        }
+        $validFields = array('comment', 'distribution', 'first_seen', 'last_seen');
+        $changed = false;
+        if (empty($this->request->data['Object'])) {
+            $this->request->data = array('Object' => $this->request->data);
+            if (empty($this->request->data['Object'])) {
+                throw new MethodNotAllowedException('Invalid input.');
+            }
+        }
+        foreach ($this->request->data['Object'] as $changedKey => $changedField) {
+            if (!in_array($changedKey, $validFields)) {
+                throw new MethodNotAllowedException('Invalid field.');
+            }
+            if ($object['Object'][$changedKey] == $changedField) {
+                $this->autoRender = false;
+                return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type(), 'nochange');
+            }
+            $object['Object'][$changedKey] = $changedField;
+            $changed = true;
+        }
+        if (!$changed) {
+            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type(), 'nochange');
+        }
+        $date = new DateTime();
+        $object['Object']['timestamp'] = $date->getTimestamp();
+        $this->MispObject->setObjectSeenMetaFromAttribute($object, true);
+        if ($this->MispObject->save($object)) {
+            $event = $this->MispObject->Event->find('first', array(
+                'recursive' => -1,
+                'fields' => array('id', 'published', 'timestamp', 'info', 'uuid'),
+                'conditions' => array(
+                    'id' => $object['Object']['event_id'],
+            )));
+            $event['Event']['timestamp'] = $date->getTimestamp();
+            $event['Event']['published'] = 0;
+            $this->MispObject->Event->save($event, array('fieldList' => array('published', 'timestamp', 'info')));
+            $this->autoRender = false;
+            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type(), 'Field updated');
+        } else {
+            $this->autoRender = false;
+            return $this->RestResponse->saveFailResponse('Objects', 'edit', false, $this->MispObject->validationErrors, $this->response->type());
+        }
+    }
+
+    public function fetchViewValue($id, $field = null)
+    {
+        $validFields = array('timestamp', 'comment', 'distribution', 'first_seen', 'last_seen');
+        if (!isset($field) || !in_array($field, $validFields)) {
+            throw new MethodNotAllowedException('Invalid field requested.');
+        }
+        if (!$this->request->is('ajax')) {
+            throw new MethodNotAllowedException('This function can only be accessed via AJAX.');
+        }
+        $this->MispObject->id = $id;
+        if (!$this->MispObject->exists()) {
+            throw new NotFoundException(__('Invalid object'));
+        }
+        $params = array(
+                'conditions' => array('Object.id' => $id),
+                'fields' => array('id', 'distribution', 'event_id', $field),
+                'contain' => array(
+                        'Event' => array(
+                                'fields' => array('distribution', 'id', 'org_id'),
+                        )
+                ),
+                'flatten' => 1
+        );
+        $object = $this->MispObject->fetchObjectSimple($this->Auth->user(), $params);
+        if (empty($object)) {
+            throw new NotFoundException(__('Invalid object'));
+        }
+        $object = $object[0];
+        $result = $object['Object'][$field];
+        if ($field == 'distribution') {
+            $result=$this->MispObject->shortDist[$result];
+        }
+        $this->set('value', $result);
+        $this->layout = 'ajax';
+        $this->render('ajax/objectViewFieldForm');
+    }
+
+    public function fetchEditForm($id, $field = null)
+    {
+        $validFields = array('distribution', 'comment', 'first_seen', 'last_seen');
+        if (!isset($field) || !in_array($field, $validFields)) {
+            throw new MethodNotAllowedException('Invalid field requested.');
+        }
+        if (!$this->request->is('ajax')) {
+            throw new MethodNotAllowedException('This function can only be accessed via AJAX.');
+        }
+        $this->MispObject->id = $id;
+        if (!$this->MispObject->exists()) {
+            throw new NotFoundException(__('Invalid object'));
+        }
+        $fields = array('id', 'distribution', 'event_id');
+        $fields[] = $field;
+        $params = array(
+            'conditions' => array('Object.id' => $id),
+            'fields' => $fields,
+            'flatten' => 1,
+            'contain' => array(
+                'Event' => array(
+                    'fields' => array('distribution', 'id', 'user_id', 'orgc_id', 'org_id'),
+                )
+            )
+        );
+        $object = $this->MispObject->fetchObjectSimple($this->Auth->user(), $params);
+        if (empty($object)) {
+            throw new NotFoundException(__('Invalid attribute'));
+        }
+        $object = $object[0];
+        if (!$this->_isSiteAdmin()) {
+            if ($object['Event']['orgc_id'] == $this->Auth->user('org_id')
+            && (($this->userRole['perm_modify'] && $object['Event']['user_id'] != $this->Auth->user('id'))
+                    || $this->userRole['perm_modify_org'])) {
+                // Allow the edit
+            } else {
+                throw new NotFoundException(__('Invalid object'));
+            }
+        }
+        $this->layout = 'ajax';
+        if ($field == 'distribution') {
+            $distributionLevels = $this->MispObject->shortDist;
+            unset($distributionLevels[4]);
+            $this->set('distributionLevels', $distributionLevels);
+        }
+        $this->set('object', $object['Object']);
+        $fieldURL = ucfirst($field);
+        $this->render('ajax/objectEdit' . $fieldURL . 'Form');
+    }
+
+    // Construct a template with valid object attributes to add to an object
+    public function quickFetchTemplateWithValidObjectAttributes($id) {
+        $this->MispObject->id = $id;
+        if (!$this->MispObject->exists()) {
+            if ($this->request->is('ajax')) {
+                return $this->RestResponse->saveFailResponse('Objects', 'add', false, 'Invalid object', $this->response->type());
+            } else {
+                throw new NotFoundException(__('Invalid object'));
+            }
+        }
+        $fields = array('template_uuid', 'template_version', 'id');
+        $params = array(
+            'conditions' => array('Object.id' => $id),
+            'fields' => $fields,
+            'flatten' => 1,
+        );
+        // fetchObjects restrict access based on user
+        $object = $this->MispObject->fetchObjects($this->Auth->user(), $params);
+        if (empty($object)) {
+            if ($this->request->is('ajax')) {
+                return $this->RestResponse->saveFailResponse('Objects', 'add', false, 'Invalid object', $this->response->type());
+            } else {
+                throw new NotFoundException(__('Invalid object'));
+            }
+        } else {
+            $object = $object[0];
+        }
+        // get object attributes already set
+        $objectRelation = array();
+        foreach($object['Attribute'] as $attr) {
+            $objectRelation[$attr['object_relation']] = 1;
+        }
+        $objectRelation = array_keys($objectRelation);
+        // get object attribute defined in the object's template
+        $template = $this->MispObject->ObjectTemplate->find('first', array(
+            'conditions' => array(
+                'ObjectTemplate.uuid' => $object['Object']['template_uuid'],
+                'ObjectTemplate.version' => $object['Object']['template_version'],
+            ),
+            'recursive' => -1,
+            'flatten' => 1,
+            'contain' => 'ObjectTemplateElement'
+        ));
+        if (empty($template)) {
+            if ($this->request->is('ajax')) {
+                return $this->RestResponse->saveFailResponse('Objects', 'add', false, 'Invalid template', $this->response->type());
+            } else {
+                throw new NotFoundException(__('Invalid template'));
+            }
+        }
+        // unset object invalid object attribute
+        foreach($template['ObjectTemplateElement'] as $i => $objAttr) {
+            if (in_array($objAttr['object_relation'], $objectRelation) && !$objAttr['multiple']) {
+                unset($template['ObjectTemplateElement'][$i]);
+            }
+        }
+        if ($this->request->is('get') || $this->request->is('post')) {
+            $this->set('template', $template);
+            $this->set('objectId', $object['Object']['id']);
+            $this->render('ajax/templateWithValidObjectAttributes');
+        } else {
+            return $template;
+        }
+    }
+
+    /**
+     * GET: Returns a form allowing to add a valid object attribute to an object
+     * POST/PUT: Add the attribute to the object
+     */
+    public function quickAddAttributeForm($id, $fieldName = null) {
+        if ($this->request->is('GET')) {
+            if (!isset($fieldName)) {
+                throw new MethodNotAllowedException('No field requested.');
+            }
+            $this->MispObject->id = $id;
+            if (!$this->MispObject->exists()) {
+                throw new NotFoundException(__('Invalid object'));
+            }
+            $fields = array('template_uuid', 'template_version', 'id', 'event_id');
+            $params = array(
+                'conditions' => array('Object.id' => $id),
+                'fields' => $fields,
+                'flatten' => 1,
+            );
+            // fetchObjects restrict access based on user
+            $object = $this->MispObject->fetchObjects($this->Auth->user(), $params);
+            if (empty($object)) {
+                throw new NotFoundException(__('Invalid object'));
+            } else {
+                $object = $object[0];
+            }
+            $template = $this->MispObject->ObjectTemplate->find('first', array(
+                'conditions' => array(
+                    'ObjectTemplate.uuid' => $object['Object']['template_uuid'],
+                    'ObjectTemplate.version' => $object['Object']['template_version'],
+                ),
+                'recursive' => -1,
+                'flatten' => 1,
+                'contain' => array(
+                    'ObjectTemplateElement' => array('conditions' => array(
+                        'object_relation' => $fieldName
+                    ))
+                )
+            ));
+            if (empty($template)) {
+                throw new NotFoundException(__('Invalid object'));
+            }
+            if (empty($template['ObjectTemplateElement'])) {
+                throw new NotFoundException(__('Invalid fields') . ' `' . h($fieldName) . '`');
+            }
+
+            // check if fields can be added
+            foreach($object['Attribute'] as $i => $objAttr) {
+                $objectAttrFromTemplate = $template['ObjectTemplateElement'][0];
+                if ($objAttr['object_relation'] == $fieldName && !$objectAttrFromTemplate['multiple']) {
+                    throw new NotFoundException(__('Invalid field'));
+                }
+            }
+            $template = $this->MispObject->prepareTemplate($template, $object);
+            $this->layout = 'ajax';
+            $this->set('object', $object['Object']);
+            $this->set('template', $template);
+            $distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user());
+            $this->set('distributionData', $distributionData);
+            $info = array();
+            foreach ($distributionData['levels'] as $key => $value) {
+                $info['distribution'][$key] = array('key' => $value, 'desc' => $this->MispObject->Event->Attribute->distributionDescriptions[$key]['formdesc']);
+            }
+            $this->set('info', $info);
+            $this->render('ajax/quickAddAttributeForm');
+        } else if ($this->request->is('post') || $this->request->is('put')) {
+            return $this->edit($this->request->data['Object']['id'], true);
+        }
+    }
+
     public function delete($id, $hard = false)
     {
         if (!$this->userRole['perm_modify']) {
diff --git a/app/Lib/Tools/EventGraphTool.php b/app/Lib/Tools/EventGraphTool.php
index 8407b5adf..b9a809d71 100644
--- a/app/Lib/Tools/EventGraphTool.php
+++ b/app/Lib/Tools/EventGraphTool.php
@@ -40,7 +40,7 @@
 
         private function __get_event($id)
         {
-            $this->__json['available_rotation_key'] = $this->__authorized_JSON_key;
+            $this->__json['available_pivot_key'] = $this->__authorized_JSON_key;
 
             $fullevent = $this->__eventModel->fetchEvent($this->__user, array('eventid' => $id, 'flatten' => 0, 'includeTagRelations' => 1, 'extended' => $this->__extended_view));
             $event = array();
@@ -232,12 +232,12 @@
             $event = $this->__get_filtered_event($id);
             $this->__json['items'] = array();
             $this->__json['relations'] = array();
-            
+
             $this->__json['existing_object_relation'] = array();
             if (empty($event)) {
                 return $this->__json;
             }
-            
+
             if (!empty($event['Object'])) {
                 $object = $event['Object'];
             } else {
@@ -312,7 +312,7 @@
             if (empty($event)) {
                 return $this->__json;
             }
-            
+
             if (!empty($event['Object'])) {
                 $object = $event['Object'];
             } else {
@@ -419,7 +419,7 @@
             if (empty($event)) {
                 return $this->__json;
             }
-            
+
             if (!empty($event['Object'])) {
                 $object = $event['Object'];
             } else {
diff --git a/app/Lib/Tools/EventTimelineTool.php b/app/Lib/Tools/EventTimelineTool.php
new file mode 100644
index 000000000..bf94673e9
--- /dev/null
+++ b/app/Lib/Tools/EventTimelineTool.php
@@ -0,0 +1,138 @@
+<?php
+    class EventTimelineTool
+    {
+        private $__lookupTables = array();
+        private $__user = false;
+        private $__json = array();
+        private $__eventModel = false;
+        private $__refModel = false;
+        # Will be use latter on
+        private $__related_events = array();
+        private $__related_attributes = array();
+
+        public function construct($eventModel, $user, $filterRules, $extended_view=0)
+        {
+            $this->__eventModel = $eventModel;
+            $this->__objectTemplateModel = $eventModel->Object->ObjectTemplate;
+            $this->__user = $user;
+            $this->__filterRules = $filterRules;
+            $this->__json = array();
+            $this->__extended_view = $extended_view;
+            $this->__lookupTables = array(
+                'analysisLevels' => $this->__eventModel->analysisLevels,
+                'distributionLevels' => $this->__eventModel->Attribute->distributionLevels
+            );
+            return true;
+        }
+
+        public function construct_for_ref($refModel, $user)
+        {
+            $this->__refModel = $refModel;
+            $this->__user = $user;
+            $this->__json = array();
+            return true;
+        }
+
+        private function __get_event($id)
+        {
+            $fullevent = $this->__eventModel->fetchEvent($this->__user, array('eventid' => $id, 'flatten' => 0, 'includeTagRelations' => 1, 'extended' => $this->__extended_view));
+            $event = array();
+            if (empty($fullevent)) {
+                return $event;
+            }
+
+            if (!empty($fullevent[0]['Object'])) {
+                $event['Object'] = $fullevent[0]['Object'];
+            } else {
+                $event['Object'] = array();
+            }
+
+            if (!empty($fullevent[0]['Attribute'])) {
+                $event['Attribute'] = $fullevent[0]['Attribute'];
+            } else {
+                $event['Attribute'] = array();
+            }
+
+            return $event;
+        }
+
+        public function get_timeline($id)
+        {
+            $event = $this->__get_event($id);
+            $this->__json['items'] = array();
+
+            if (empty($event)) {
+                return $this->__json;
+            }
+
+            if (!empty($event['Object'])) {
+                $object = $event['Object'];
+            } else {
+                $object = array();
+            }
+
+            if (!empty($event['Attribute'])) {
+                $attribute = $event['Attribute'];
+            } else {
+                $attribute = array();
+            }
+
+            // extract links and node type
+            foreach ($attribute as $attr) {
+                $toPush = array(
+                    'id' => $attr['id'],
+                    'uuid' => $attr['uuid'],
+                    'content' => $attr['value'],
+                    'event_id' => $attr['event_id'],
+                    'group' => 'attribute',
+                    'timestamp' => $attr['timestamp'],
+                    'first_seen' => $attr['first_seen'],
+                    'last_seen' => $attr['last_seen'],
+                );
+                array_push($this->__json['items'], $toPush);
+            }
+
+            foreach ($object as $obj) {
+                $toPush_obj = array(
+                    'id' => $obj['id'],
+                    'uuid' => $obj['uuid'],
+                    'content' => $obj['name'],
+                    'group' => 'object',
+                    'meta-category' => $obj['meta-category'],
+                    'template_uuid' => $obj['template_uuid'],
+                    'event_id' => $obj['event_id'],
+                    'timestamp' => $obj['timestamp'],
+                    'Attribute' => array(),
+                );
+
+                $toPush_obj['first_seen'] = $obj['first_seen'];
+                $toPush_obj['last_seen'] = $obj['last_seen'];
+                $toPush_obj['first_seen_overwrite'] = false;
+                $toPush_obj['last_seen_overwrite'] = false;
+
+                foreach ($obj['Attribute'] as $obj_attr) {
+                    // replaced *_seen based on object attribute
+                    if ($obj_attr['object_relation'] == 'first-seen' && is_null($toPush_obj['first_seen'])) {
+                        $toPush_obj['first_seen'] = $obj_attr['value']; // replace first_seen of the object to seen of the element
+                        $toPush_obj['first_seen_overwrite'] = true;
+                    } elseif ($obj_attr['object_relation'] == 'last-seen' && is_null($toPush_obj['last_seen'])) {
+                        $toPush_obj['last_seen'] = $obj_attr['value']; // replace last_seen of the object to seen of the element
+                        $toPush_obj['last_seen_overwrite'] = true;
+                    }
+                    $toPush_attr = array(
+                        'id' => $obj_attr['id'],
+                        'uuid' => $obj_attr['uuid'],
+                        'content' => $obj_attr['value'],
+                        'contentType' => $obj_attr['object_relation'],
+                        'event_id' => $obj_attr['event_id'],
+                        'group' => 'object_attribute',
+                        'timestamp' => $obj_attr['timestamp'],
+                    );
+                    array_push($toPush_obj['Attribute'], $toPush_attr);
+                }
+                array_push($this->__json['items'], $toPush_obj);
+            }
+
+            return $this->__json;
+        }
+    }
diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index ba7ce9d02..aa794994f 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -79,6 +79,26 @@ class AppModel extends Model
     );
 
     public $advanced_updates_description = array(
+        'seenOnAttributeAndObject' => array(
+            'title' => 'First seen/Last seen Attribute table',
+            'description' => 'Update the Attribute table to support first_seen and last_seen feature, with a microsecond resolution.',
+            'liveOff' => true, # should the instance be offline for users other than site_admin
+            'recommendBackup' => true, # should the update recommend backup
+            'exitOnError' => false, # should the update exit on error
+            'requirements' => 'MySQL version must be >= 5.6', # message stating the requirements necessary for the update
+            'record' => true, # should the update success be saved in the admin_table
+            'preUpdate' => 'seenOnAttributeAndObjectPreUpdate', # Function to execute before the update. If it throws an error, it cancels the update
+            'url' => '/servers/updateDatabase/seenOnAttributeAndObject/' # url pointing to the funcion performing the update
+        ),
+        'testUpdate' => array(
+            'title' => 'Test Update',
+            'description' => 'Runs a test update',
+            'liveOff' => true,
+            'recommendBackup' => true,
+            'exitOnError' => true,
+            'preUpdate' => 'failingPreUpdate', # Function to execute before the update. If it returns false, cancel the update
+            'url' => '/servers/updateDatabase/testUpdate/'
+        )
     );
     public $actions_description = array(
         'verifyGnuPGkeys' => array(
@@ -1210,6 +1230,55 @@ class AppModel extends Model
                 $sqlArray[] = 'ALTER TABLE `threads` DROP `org`;';
                 $sqlArray[] = 'ALTER TABLE `users` DROP `org`;';
                 break;
+            case 'seenOnAttributeAndObject':
+                $sqlArray[] =
+                    "ALTER TABLE `attributes`
+                        DROP INDEX uuid,
+                        DROP INDEX event_id,
+                        DROP INDEX sharing_group_id,
+                        DROP INDEX type,
+                        DROP INDEX category,
+                        DROP INDEX value1,
+                        DROP INDEX value2,
+                        DROP INDEX object_id,
+                        DROP INDEX object_relation,
+                        DROP INDEX deleted,
+                    ;";
+                $sqlArray[] =
+                    "ALTER TABLE `attributes`
+                        ADD COLUMN `first_seen` BIGINT(20) NULL DEFAULT NULL,
+                        ADD COLUMN `last_seen` BIGINT(20) NULL DEFAULT NULL,
+                        MODIFY comment TEXT COLLATE utf8_unicode_ci
+                    ;";
+                $sqlArray[] = "
+                    ALTER TABLE `attributes`
+                        ADD INDEX `uuid` (`uuid`),
+                        ADD INDEX `event_id` (`event_id`),
+                        ADD INDEX `sharing_group_id` (`sharing_group_id`),
+                        ADD INDEX `type` (`type`),
+                        ADD INDEX `category` (`category`),
+                        ADD INDEX `value1` (`value1`(255)),
+                        ADD INDEX `value2` (`value2`(255)),
+                        ADD INDEX `object_id` (`object_id`),
+                        ADD INDEX `object_relation` (`object_relation`),
+                        ADD INDEX `deleted` (`deleted`),
+                        ADD INDEX `first_seen` (`first_seen`),
+                        ADD INDEX `last_seen` (`last_seen`),
+                        ADD INDEX `comment` (`comment`(767))
+                    ;";
+                $sqlArray[] = "
+                    ALTER TABLE `objects`
+                        ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,
+                        ADD `last_seen` BIGINT(20) NULL DEFAULT NULL
+                    ;";
+                $indexArray[] = array('objects', 'first_seen');
+                $indexArray[] = array('objects', 'last_seen');
+                break;
+            case 'testUpdate':
+                $sqlArray[] = "SELECT SLEEP(10);";
+                $sqlArray[] = "SELECT SLEEPsdcfsac(4);";
+                $sqlArray[] = "SELECT SLEEP(12);";
+                break;
             default:
                 return false;
                 break;
@@ -1481,6 +1550,29 @@ class AppModel extends Model
         return true;
     }
 
+    // Try to create a table with a BIGINT(20)
+    public function seenOnAttributeAndObjectPreUpdate() {
+        $sqlArray[] = "CREATE TABLE IF NOT EXISTS testtable (
+            `testfield` BIGINT(6) NULL DEFAULT NULL
+        ) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
+        try {
+            foreach($sqlArray as $i => $sql) {
+                $this->query($sql);
+            }
+        } catch (Exception $e) {
+            throw new Exception('Pre update test failed: ' . PHP_EOL . $sql . PHP_EOL . ' The returned error is: ' . $e->getMessage());
+        }
+        // clean up
+        $sqlArray[] = "DROP TABLE testtable;";
+        foreach($sqlArray as $i => $sql) {
+            $this->query($sql);
+        }
+    }
+
+    public function failingPreUpdate() {
+        throw new Exception('Yolo fail');
+    }
+
     public function runUpdates($verbose = false)
     {
         $this->AdminSetting = ClassRegistry::init('AdminSetting');
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 889ae0b60..d39dc42c8 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -360,7 +360,9 @@ class Attribute extends AppModel
         'deleted',
         'disable_correlation',
         'object_id',
-        'object_relation'
+        'object_relation',
+        'first_seen',
+        'last_seen'
     );
 
     public $searchResponseTypes = array(
@@ -508,6 +510,16 @@ class Attribute extends AppModel
                 'rule' => array('inList', array('0', '1', '2', '3', '4', '5')),
                 'message' => 'Options: Your organisation only, This community only, Connected communities, All communities, Sharing group, Inherit event',
                 'required' => true
+        ),
+        'first_seen' => array(
+            'rule' => array('datetimeOrNull'),
+            'required' => false,
+            'message' => array('Invalid ISO 8601 format')
+        ),
+        'last_seen' => array(
+            'rule' => array('datetimeOrNull'),
+            'required' => false,
+            'message' => array('Invalid ISO 8601 format')
         )
     );
 
@@ -586,6 +598,22 @@ class Attribute extends AppModel
             if (isset($v['Attribute']['object_relation']) && $v['Attribute']['object_relation'] === null) {
                 $results[$k]['Attribute']['object_relation'] = '';
             }
+            if (!empty($v['Attribute']['first_seen'])) {
+                $fs = $results[$k]['Attribute']['first_seen'];
+                $fs_sec = $fs / 1000000; // $fs is in micro (10^6)
+                $fs_micro = $fs % 1000000;
+                $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+                $fs = $fs_sec . '.' . $fs_micro;
+                $results[$k]['Attribute']['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
+            }
+            if (!empty($v['Attribute']['last_seen'])) {
+                $ls = $results[$k]['Attribute']['last_seen'];
+                $ls_sec = $ls / 1000000; // $ls is in micro (10^6)
+                $ls_micro = $ls % 1000000;
+                $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+                $ls = $ls_sec . '.' . $ls_micro;
+                $results[$k]['Attribute']['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
+            }
         }
         return $results;
     }
@@ -610,6 +638,27 @@ class Attribute extends AppModel
             }
         }
 
+        // convert into utc and micro sec
+        if (!empty($this->data['Attribute']['first_seen'])) {
+            $d = new DateTime($this->data['Attribute']['first_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $fs_sec = $d->format('U');
+            $fs_micro = $d->format('u');
+            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+            $fs = $fs_sec . $fs_micro;
+            $this->data['Attribute']['first_seen'] = $fs;
+        }
+        if (!empty($this->data['Attribute']['last_seen'])) {
+            $d = new DateTime($this->data['Attribute']['last_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $ls_sec = $d->format('U');
+            $ls_micro = $d->format('u');
+            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+            $ls = $ls_sec . $ls_micro;
+            $this->data['Attribute']['last_seen'] = $ls;
+        }
+
+
         // update correlation... (only needed here if there's an update)
         if ($this->id || !empty($this->data['Attribute']['id'])) {
             $this->__beforeSaveCorrelation($this->data['Attribute']);
@@ -807,6 +856,16 @@ class Attribute extends AppModel
             $date = new DateTime();
             $this->data['Attribute']['timestamp'] = $date->getTimestamp();
         }
+
+        // parse first_seen different formats
+        if (isset($this->data['Attribute']['first_seen'])) {
+            $this->data['Attribute']['first_seen'] = $this->data['Attribute']['first_seen'] === '' ? null : $this->data['Attribute']['first_seen'];
+        }
+        // parse last_seen different formats
+        if (isset($this->data['Attribute']['last_seen'])) {
+            $this->data['Attribute']['last_seen'] = $this->data['Attribute']['last_seen'] === '' ? null : $this->data['Attribute']['last_seen'];
+        }
+
         // TODO: add explanatory comment
         // TODO: i18n?
         $result = $this->runRegexp($this->data['Attribute']['type'], $this->data['Attribute']['value']);
@@ -939,6 +998,20 @@ class Attribute extends AppModel
         return $this->runValidation($value, $this->data['Attribute']['type']);
     }
 
+    // check whether the variable is null or datetime
+    public function datetimeOrNull($fields)
+    {
+        $k = array_keys($fields)[0];
+        $seen = $fields[$k];
+        try {
+            new DateTime($seen);
+            $returnValue = true;
+        } catch (Exception $e) {
+            $returnValue = false;
+        }
+        return $returnValue || is_null($seen);
+    }
+
     private $__hexHashLengths = array(
         'authentihash' => 64,
         'md5' => 32,
@@ -3787,7 +3860,7 @@ class Attribute extends AppModel
                     return true;
                 }
                 // If a field is not set in the request, just reuse the old value
-                $recoverFields = array('value', 'to_ids', 'distribution', 'category', 'type', 'comment', 'sharing_group_id', 'object_id', 'object_relation');
+                $recoverFields = array('value', 'to_ids', 'distribution', 'category', 'type', 'comment', 'sharing_group_id', 'object_id', 'object_relation', 'first_seen', 'last_seen');
                 foreach ($recoverFields as $rF) {
                     if (!isset($attribute[$rF])) {
                         $attribute[$rF] = $existingAttribute['Attribute'][$rF];
@@ -3857,7 +3930,9 @@ class Attribute extends AppModel
             'comment',
             'sharing_group_id',
             'deleted',
-            'disable_correlation'
+            'disable_correlation',
+            'first_seen',
+            'last_seen'
         );
         if ($objectId) {
             $fieldList[] = 'object_id';
diff --git a/app/Model/Event.php b/app/Model/Event.php
index 456b3e8ec..7fc0cc4b2 100755
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -1993,7 +1993,7 @@ class Event extends AppModel
 
         // do not expose all the data ...
         $fields = array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.date', 'Event.threat_level_id', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.user_id', 'Event.locked', 'Event.publish_timestamp', 'Event.sharing_group_id', 'Event.disable_correlation', 'Event.extends_uuid');
-        $fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp', 'Attribute.comment', 'Attribute.sharing_group_id', 'Attribute.deleted', 'Attribute.disable_correlation', 'Attribute.object_id', 'Attribute.object_relation');
+        $fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp', 'Attribute.comment', 'Attribute.sharing_group_id', 'Attribute.deleted', 'Attribute.disable_correlation', 'Attribute.object_id', 'Attribute.object_relation', 'Attribute.first_seen', 'Attribute.last_seen');
         $fieldsObj = array('*');
         $fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.proposal_to_delete', 'ShadowAttribute.timestamp');
         $fieldsOrg = array('id', 'name', 'uuid');
diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 1610a0e6c..5b651c098 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -46,6 +46,8 @@ class MispObject extends AppModel
         ),
     );
 
+    public $shortDist = array(0 => 'Organisation', 1 => 'Community', 2 => 'Connected', 3 => 'All', 4 => ' Sharing Group', 5 => 'Inherit');
+
     public $validate = array(
         'uuid' => array(
             'uuid' => array(
@@ -60,6 +62,51 @@ class MispObject extends AppModel
         )
     );
 
+    public function afterFind($results, $primary = false)
+    {
+        foreach ($results as $k => $v) {
+            if (!empty($v[$this->alias]['first_seen'])) {
+                $fs = $results[$k][$this->alias]['first_seen'];
+                $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
+                $fs_micro = $fs % 1000000;
+                $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+                $fs = $fs_sec . '.' . $fs_micro;
+                $results[$k][$this->alias]['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
+            }
+            if (!empty($v[$this->alias]['last_seen'])) {
+                $ls = $results[$k][$this->alias]['last_seen'];
+                $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
+                $ls_micro = $ls % 1000000;
+                $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+                $ls = $ls_sec . '.' . $ls_micro;
+                $results[$k][$this->alias]['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
+            }
+        }
+        return $results;
+    }
+
+    public function beforeSave($options = array()) {
+        // convert into utc and micro sec
+        if (!empty($this->data[$this->alias]['first_seen'])) {
+            $d = new DateTime($this->data[$this->alias]['first_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $fs_sec = $d->format('U');
+            $fs_micro = $d->format('u');
+            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+            $fs = $fs_sec . $fs_micro;
+            $this->data[$this->alias]['first_seen'] = $fs;
+        }
+        if (!empty($this->data[$this->alias]['last_seen'])) {
+            $d = new DateTime($this->data[$this->alias]['last_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $ls_sec = $d->format('U');
+            $ls_micro = $d->format('u');
+            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+            $ls = $ls_sec . $ls_micro;
+            $this->data[$this->alias]['last_seen'] = $ls;
+        }
+    }
+
     public function beforeValidate($options = array())
     {
         parent::beforeValidate();
@@ -75,6 +122,14 @@ class MispObject extends AppModel
             $date = new DateTime();
             $this->data[$this->alias]['timestamp'] = $date->getTimestamp();
         }
+        // parse first_seen different formats
+        if (isset($this->data[$this->alias]['first_seen'])) {
+            $this->data[$this->alias]['first_seen'] = $this->data[$this->alias]['first_seen'] === '' ? null : $this->data[$this->alias]['first_seen'];
+        }
+        // parse last_seen different formats
+        if (isset($this->data[$this->alias]['last_seen'])) {
+            $this->data[$this->alias]['last_seen'] = $this->data[$this->alias]['last_seen'] === '' ? null : $this->data[$this->alias]['last_seen'];
+        }
         if (empty($this->data[$this->alias]['template_version'])) {
             $this->data[$this->alias]['template_version'] = 1;
         }
@@ -254,6 +309,27 @@ class MispObject extends AppModel
         return $conditions;
     }
 
+    public function fetchObjectSimple($user, $options = array())
+        {
+            $params = array(
+                'conditions' => $this->buildConditions($user),
+                'fields' => array(),
+                'recursive' => -1
+            );
+            if (isset($options['conditions'])) {
+                $params['conditions']['AND'][] = $options['conditions'];
+            }
+            if (isset($options['fields'])) {
+                $params['fields'] = $options['fields'];
+            }
+            $results = $this->find('all', array(
+                'conditions' => $params['conditions'],
+                'recursive' => -1,
+                'fields' => $params['fields'],
+                'sort' => false
+            ));
+            return $results;
+        }
 
     // Method that fetches all objects
     // very flexible, it's basically a replacement for find, with the addition that it restricts access based on user
@@ -493,7 +569,42 @@ class MispObject extends AppModel
         return $attributes;
     }
 
-    public function deltaMerge($object, $objectToSave)
+    // EUH????? No sure we should do that. Maybe the other way around??? #FIXME
+    // delete first/last-seen object attribute and set object's meta accordingly
+    // set object's meta (fs/ls) and potentially delete objectAttributes
+    public function setObjectSeenMetaFromAttribute($object, $delete=false) {
+        if ( !$delete && isset($object['Object']['first-seen']) && isset($object['Object']['last-seen'])) {
+            return;
+        }
+        if (isset($object['Attribute'])) {
+            foreach($object['Attribute'] as $i => $attribute) {
+                if ($attribute['object_relation'] == 'first-seen') {
+                    // set object meta if unset
+                    if (!isset($object['Object']['first-seen'])) {
+                        $object['Object']['first-seen'] = $attribute['value'];
+                    }
+                    if ($delete) {
+                        $object['Attribute'][$i]['deleted'] = 1;
+                        $this->Event->Attribute->save($object['Attribute'][$i]);
+                    }
+                    continue;
+                }
+                if ($attribute['object_relation'] == 'last-seen') {
+                    // set object meta if unset
+                    if (!isset($object['Object']['last-seen'])) {
+                        $object['Object']['last-seen'] = $attribute['value'];
+                    }
+                    if ($delete) {
+                        $object['Attribute'][$i]['deleted'] = 1;
+                        $this->Event->Attribute->save($object['Attribute'][$i]);
+                    }
+                    continue;
+                }
+            }
+        }
+    }
+
+    public function deltaMerge($object, $objectToSave, $onlyAddNewAttribute=false)
     {
         if (!isset($objectToSave['Object'])) {
             $dataToBackup = array('ObjectReferences', 'Attribute', 'ShadowAttribute');
@@ -512,67 +623,95 @@ class MispObject extends AppModel
             }
             unset($dataToBackup);
         }
-        $object['Object']['comment'] = $objectToSave['Object']['comment'];
-        $object['Object']['distribution'] = $objectToSave['Object']['distribution'];
-        if ($object['Object']['distribution'] == 4) {
-            $object['Object']['sharing_group_id'] = $objectToSave['Object']['sharing_group_id'];
+        if (isset($objectToSave['Object']['comment'])) {
+            $object['Object']['comment'] = $objectToSave['Object']['comment'];
+        }
+        if (isset($objectToSave['Object']['distribution'])) {
+            $object['Object']['distribution'] = $objectToSave['Object']['distribution'];
+            if ($object['Object']['distribution'] == 4) {
+                $object['Object']['sharing_group_id'] = $objectToSave['Object']['sharing_group_id'];
+            }
         }
         $date = new DateTime();
         $object['Object']['timestamp'] = $date->getTimestamp();
+        if (isset($objectToSave['Object']['first_seen'])) {
+            $object['Object']['first_seen'] = $objectToSave['Object']['first_seen'];
+        }
+        if (isset($objectToSave['Object']['last_seen'])) {
+            $object['Object']['last_seen'] = $objectToSave['Object']['last_seen'];
+        }
+        $this->setObjectSeenMetaFromAttribute($object, true);
         $this->save($object);
-        $checkFields = array('category', 'value', 'to_ids', 'distribution', 'sharing_group_id', 'comment', 'disable_correlation');
-        foreach ($objectToSave['Attribute'] as $newKey => $newAttribute) {
-            foreach ($object['Attribute'] as $origKey => $originalAttribute) {
-                if (!empty($newAttribute['uuid'])) {
-                    if ($newAttribute['uuid'] == $originalAttribute['uuid']) {
-                        $different = false;
-                        foreach ($checkFields as $f) {
-                            if ($f == 'sharing_group_id' && empty($newAttribute[$f])) {
-                                $newAttribute[$f] = 0;
+
+        if (!$onlyAddNewAttribute) {
+            $checkFields = array('category', 'value', 'to_ids', 'distribution', 'sharing_group_id', 'comment', 'disable_correlation');
+            foreach ($objectToSave['Attribute'] as $newKey => $newAttribute) {
+                foreach ($object['Attribute'] as $origKey => $originalAttribute) {
+                    if (!empty($newAttribute['uuid'])) {
+                        if ($newAttribute['uuid'] == $originalAttribute['uuid']) {
+                            $different = false;
+                            foreach ($checkFields as $f) {
+                                if ($f == 'sharing_group_id' && empty($newAttribute[$f])) {
+                                    $newAttribute[$f] = 0;
+                                }
+                                if ($newAttribute[$f] != $originalAttribute[$f]) {
+                                    $different = true;
+                                }
                             }
-                            if ($newAttribute[$f] != $originalAttribute[$f]) {
-                                $different = true;
+                            if ($different) {
+                                $newAttribute['id'] = $originalAttribute['id'];
+                                $newAttribute['event_id'] = $object['Object']['event_id'];
+                                $newAttribute['object_id'] = $object['Object']['id'];
+                                $newAttribute['timestamp'] = $date->getTimestamp();
+                                $result = $this->Event->Attribute->save(array('Attribute' => $newAttribute), array(
+                                    'category',
+                                    'value',
+                                    'to_ids',
+                                    'distribution',
+                                    'sharing_group_id',
+                                    'comment',
+                                    'timestamp',
+                                    'object_id',
+                                    'event_id',
+                                    'disable_correlation'
+                                ));
                             }
+                            unset($object['Attribute'][$origKey]);
+                            continue 2;
                         }
-                        if ($different) {
-                            $newAttribute['id'] = $originalAttribute['id'];
-                            $newAttribute['event_id'] = $object['Object']['event_id'];
-                            $newAttribute['object_id'] = $object['Object']['id'];
-                            $newAttribute['timestamp'] = $date->getTimestamp();
-                            $result = $this->Event->Attribute->save(array('Attribute' => $newAttribute), array(
-                                'category',
-                                'value',
-                                'to_ids',
-                                'distribution',
-                                'sharing_group_id',
-                                'comment',
-                                'timestamp',
-                                'object_id',
-                                'event_id',
-                                'disable_correlation'
-                            ));
-                        }
-                        unset($object['Attribute'][$origKey]);
-                        continue 2;
                     }
                 }
-            }
-            $this->Event->Attribute->create();
-            $newAttribute['event_id'] = $object['Object']['event_id'];
-            $newAttribute['object_id'] = $object['Object']['id'];
-            if (!isset($newAttribute['timestamp'])) {
-                $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
-                if ($newAttribute['distribution'] == 'event') {
-                    $newAttribute['distribution'] = 5;
+                $this->Event->Attribute->create();
+                $newAttribute['event_id'] = $object['Object']['event_id'];
+                $newAttribute['object_id'] = $object['Object']['id'];
+                if (!isset($newAttribute['timestamp'])) {
+                    $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
+                    if ($newAttribute['distribution'] == 'event') {
+                        $newAttribute['distribution'] = 5;
+                    }
                 }
+                $this->Event->Attribute->save($newAttribute);
+                $attributeArrays['add'][] = $newAttribute;
+                unset($objectToSave['Attribute'][$newKey]);
+            }
+            foreach ($object['Attribute'] as $origKey => $originalAttribute) {
+                $originalAttribute['deleted'] = 1;
+                $this->Event->Attribute->save($originalAttribute);
+            }
+        } else { // we only add the new attribute
+            $newAttribute = $objectToSave['Attribute'][0];
+            if ($newAttribute != 'last-seen' && $newAttribute != 'first-seen') { // fs/ls should be added in the object's meta
+                $this->Event->Attribute->create();
+                $newAttribute['event_id'] = $object['Object']['event_id'];
+                $newAttribute['object_id'] = $object['Object']['id'];
+                if (!isset($newAttribute['timestamp'])) {
+                    $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
+                    if ($newAttribute['distribution'] == 'event') {
+                        $newAttribute['distribution'] = 5;
+                    }
+                }
+                $this->Attribute->saveAttributes(array($newAttribute));
             }
-            $this->Event->Attribute->save($newAttribute);
-            $attributeArrays['add'][] = $newAttribute;
-            unset($objectToSave['Attribute'][$newKey]);
-        }
-        foreach ($object['Attribute'] as $origKey => $originalAttribute) {
-            $originalAttribute['deleted'] = 1;
-            $this->Event->Attribute->save($originalAttribute);
         }
         return $this->id;
     }
diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp
index 5aaa256ce..1550d2d7c 100644
--- a/app/View/Attributes/add.ctp
+++ b/app/View/Attributes/add.ctp
@@ -1,7 +1,7 @@
 <div class="attributes <?php if (!isset($ajax) || !$ajax) echo 'form';?>">
 <?php
     $url_params = $action == 'add' ? 'add/' . $event_id : 'edit/' . $attribute['Attribute']['id'];
-    echo $this->Form->create('Attribute', array('id', 'url' => '/attributes/' . $url_params));
+    echo $this->Form->create('Attribute', array('id'=>'AttributeForm', 'url' => '/attributes/' . $url_params));
 ?>
     <fieldset>
         <legend><?php echo $action == 'add' ? __('Add Attribute') : __('Edit Attribute'); ?></legend>
@@ -78,6 +78,7 @@
             echo $this->Form->input('batch_import', array(
                     'type' => 'checkbox'
             ));
+            echo $this->element('form_seen_input');
             echo '<div class="input clear"></div>';
             echo $this->Form->input('disable_correlation', array(
                     'type' => 'checkbox'
diff --git a/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp b/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp
new file mode 100644
index 000000000..8859c97e8
--- /dev/null
+++ b/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp
@@ -0,0 +1,14 @@
+<?php
+    echo $this->Form->create('Attribute', array('id' => 'Attribute' . '_' . $object['id'] . '_first_seen_form', 'url' => '/attributes/editField/' . $object['id']));
+?>
+<?php
+    echo $this->Form->input('first_seen', array(
+        'label' => false,
+        'type' => 'text',
+        'value' => 0,
+        'id' => 'Attribute' . '_' . $object['id'] . '_first_seen_field',
+        'div' => false
+    ));
+    echo $this->Form->end();
+?>
+</div>
diff --git a/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp b/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp
new file mode 100644
index 000000000..2f97a1272
--- /dev/null
+++ b/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp
@@ -0,0 +1,14 @@
+<?php
+    echo $this->Form->create('Attribute', array('id' => 'Attribute' . '_' . $object['id'] . '_last_seen_form', 'url' => '/attributes/editField/' . $object['id']));
+?>
+<?php
+    echo $this->Form->input('last_seen', array(
+        'label' => false,
+        'type' => 'text',
+        'value' => 0,
+        'id' => 'Attribute' . '_' . $object['id'] . '_last_seen_field',
+        'div' => false
+    ));
+    echo $this->Form->end();
+?>
+</div>
diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index 27d85a240..bf0537654 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -1,7 +1,7 @@
 <?php
   $tr_class = '';
   $linkClass = 'white';
-  $currentType = 'denyForm';
+  $currentType = 'Object';
   $tr_class = 'tableHighlightBorderTop borderBlue';
   if ($event['Event']['id'] != $object['event_id']) {
     if (!$isSiteAdmin && $event['extensionEvents'][$object['event_id']]['Orgc']['id'] != $me['org_id']) {
@@ -85,8 +85,11 @@
       }
     ?>
   </td>
-  <td class="shortish">
-    <?php echo h($object['comment']); ?>
+  <td class="showspaces bitwider" onmouseenter="quickEditHover(this, 'Object', '<?php echo $object['id']; ?>', 'comment', <?php echo $event['Event']['id'];?>);">
+    <div id = "Object_<?php echo $object['id']; ?>_comment_placeholder" class = "inline-field-placeholder"></div>
+    <div id = "Object_<?php echo $object['id']; ?>_comment_solid" class="inline-field-solid">
+      <?php echo nl2br(h($object['comment'])); ?>&nbsp;
+    </div>
   </td>
   <td colspan="4">&nbsp;
   </td>
@@ -147,5 +150,6 @@
         'child' => $attrKey == $lastElement ? 'last' : true
       ));
     }
+    echo '<tr><td class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="quickFetchValidObjectAttribute(' . h($object['id']) . ')"></td></tr>';
   }
 ?>
diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
new file mode 100644
index 000000000..281e58189
--- /dev/null
+++ b/app/View/Elements/form_seen_input.ctp
@@ -0,0 +1,444 @@
+<?php echo $this->Html->script('moment-with-locales'); ?>
+
+<div class="input-group">
+<?php
+    echo $this->Form->input('first_seen', array(
+            'type' => 'text',
+            'div' => 'input hidden',
+            'required' => false,
+            ));
+    echo $this->Form->input('last_seen', array(
+            'type' => 'text',
+            'div' => 'input hidden',
+            'required' => false,
+            ));
+?>
+</div>
+
+<div class="input clear"></div>
+
+
+<script>
+var controller = "<?php echo(substr(ucfirst($this->params->controller), 0, -1)); ?>"; // get current controller name fo that we can access all form fields
+var time_vals = [
+    ['Hour', 23, 1000*1000*60*60],
+    ['Minute', 59, 1000*1000*60],
+    ['Second', 59, 1000*60],
+    ['ms', 999, 1000],
+    ['us', 999, 1],
+];
+
+class MicroDatetime {
+    constructor(value) {
+        this.isoDatetimeMicroRegex = /(\d{4})-(\d{2})-(\d{2})T(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
+        this.isotimeMicroRegex = /(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
+        this.numberRegex = /^(\-|\+)?([0-9]+|Infinity)$/g;
+
+        if (value === undefined || value === "") {
+            this.moment = undefined;
+            this.micro = 0;
+        } else {
+            // check if timestamp UNIX timestamp (in sec)
+            if (this.numberRegex.test(value)) {
+                var timestamp = parseInt(value);
+                var timestamp_str = String(timestamp);
+                if (timestamp === '' || timestamp === undefined || timestamp === null || isNaN(timestamp)) {
+                    this.moment = moment(0);
+                    this.micro = 0;
+                } else {
+                    var all_milli = parseInt(timestamp)*1000;
+                    all_milli = isNaN(all_milli) || all_milli === undefined ? 0 : all_milli;
+                    this.moment = moment(all_milli);
+                    this.micro = 0;
+                }
+            // check if only a time
+            } else { // let moment parse the date
+                try {
+                    value = String(value);
+                    this.moment = new moment(value);
+                    if (this.moment.isValid()) {
+                        var res = this.isoDatetimeMicroRegex.exec(value);
+                        var micro_str = res !== null ? res[8] : 0;
+                        this.micro = parseInt(micro_str);
+                        this.micro = isNaN(this.micro) ? 0 : this.micro;
+                    } else {
+                        this.moment = undefined;
+                        this.micro = 0;
+                        showMessage('fail', 'Failed to parse the date: <strong>' + value + '</strong>');
+                    }
+                } catch (err) {
+                    if (this.isotimeMicroRegex.test(value)) {
+                        this.moment = moment(value, "HH:mm:ss.SSSSSSZ");
+                        if (this.moment.isValid()) {
+                            var res = this.isotimeMicroRegex.exec(value);
+                            var micro_str = res !== null ? res[8] : 0;
+                            this.micro = parseInt(micro_str);
+                            this.micro = isNaN(this.micro) ? 0 : this.micro;
+                        } else {
+                            this.moment = undefined;
+                            this.micro = 0;
+                            showMessage('fail', 'Failed to parse the date: ' + value);
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    get_microISO() {
+        if (this.moment === undefined || this.moment === null) {
+            return "";
+        }
+        var tz = this.moment.format('Z');
+        var str = this.moment.toISOString(true);
+        str = str.replace(tz, pad_zero(this.micro, 3)+tz);
+        return str;
+    }
+
+    get_date() {
+        if (this.moment === undefined || this.moment === null) {
+            return "";
+        }
+        return this.moment.format('YYYY/MM/DD');
+    }
+
+    get_time() {
+        if (this.moment === undefined || this.moment === null) {
+            return "";
+        }
+        return this.moment.format('HH:mm:ss.SSS')
+            + String(pad_zero(this.micro, 3))
+            + this.moment.format('Z');
+    }
+
+    has_date() {
+        return this.moment !== undefined;
+    }
+
+    has_time() {
+        if (this.moment === undefined) {
+            return false;
+        } else {
+            return this.moment.get('hour') != 0
+                || this.moment.get('minute') != 0
+                || this.moment.get('second') != 0
+                || this.moment.get('millisecond') != 0
+                || this.micro != 0;
+        }
+    }
+}
+
+function pad_zero(val, pad) {
+    var ret = '';
+    for (var i=0; i<(pad-String(val).length); i++) {
+        ret += '0';
+    }
+    ret += String(val);
+    return ret;
+}
+
+function get_slider_and_input(type, scale, factor, max) {
+    var row = $('<tr></tr>');
+    var td1 = $('<td></td>');
+    var td2 = $('<td></td>');
+    var td3 = $('<td></td>');
+    var label = $('<span>'+scale+'</span>').css({fontWeight: 'bold'});
+    var input = $('<input id="input-time-'+type+'-'+scale+'" type="number" min=0 max='+max+' step=1 value=0 factor='+factor+' scale='+scale+'></input>').css({width: '50px', margin: '5px'});
+    var slider_width = '200px';
+    var slider = $('<input id="slider-time-'+type+'-'+scale+'" type="range" min=0 max='+max+' step=1 value=0 factor='+factor+' scale='+scale+'></input>').css({width: slider_width, margin: '5px'});
+
+    row.append(td1.append(label))
+       .append(td2.append(input))
+       .append(td3.append(slider))
+    return row;
+}
+
+function reflect_change_on_sliders(seen, skip_input_update, overwrite) {
+    if (seen == 'both' || seen == 'first') {
+        var f_val = overwrite === undefined ? $('#'+controller+'FirstSeen').val() : overwrite;
+        var f_microdatetime = new MicroDatetime(f_val);
+        var hours = f_microdatetime.moment !== undefined ? f_microdatetime.moment.hours() : 0;
+        var minutes = f_microdatetime.moment !== undefined ? f_microdatetime.moment.minutes() : 0;
+        var seconds = f_microdatetime.moment !== undefined ? f_microdatetime.moment.seconds() : 0;
+        var milli = f_microdatetime.moment !== undefined ? f_microdatetime.moment.milliseconds() : 0;
+        var d = f_microdatetime.moment !== undefined ? f_microdatetime.get_date() : undefined;
+
+        // mirror slider and input field
+        $('#input-time-first-'+time_vals[0]).val(hours);
+        $('#slider-time-first-'+time_vals[0]).val(hours);
+
+        $('#input-time-first-'+time_vals[1]).val(minutes);
+        $('#slider-time-first-'+time_vals[1]).val(minutes);
+
+        $('#input-time-first-'+time_vals[2]).val(seconds);
+        $('#slider-time-first-'+time_vals[2]).val(seconds);
+
+        $('#input-time-first-'+time_vals[3]).val(milli);
+        $('#slider-time-first-'+time_vals[3]).val(milli);
+
+        $('#input-time-first-'+time_vals[4]).val(f_microdatetime.micro);
+        $('#slider-time-first-'+time_vals[4]).val(f_microdatetime.micro);
+
+        $('#date_fs').datepicker('setDate', d);
+        $('#time_fs').val(f_microdatetime.get_time());
+    }
+
+    if (seen == 'both' || seen == 'last') {
+        var l_val = overwrite === undefined ? $('#'+controller+'LastSeen').val() : overwrite;
+        var l_microdatetime = new MicroDatetime(l_val);
+        var hours = l_microdatetime.moment !== undefined ? l_microdatetime.moment.hours() : 0;
+        var minutes = l_microdatetime.moment !== undefined ? l_microdatetime.moment.minutes() : 0;
+        var seconds = l_microdatetime.moment !== undefined ? l_microdatetime.moment.seconds() : 0;
+        var milli = l_microdatetime.moment !== undefined ? l_microdatetime.moment.milliseconds() : 0;
+        var d = l_microdatetime.moment !== undefined ? l_microdatetime.get_date() : undefined;
+
+        // mirror slider and input field
+        $('#input-time-last-'+time_vals[0]).val(hours);
+        $('#slider-time-last-'+time_vals[0]).val(hours);
+
+        $('#input-time-last-'+time_vals[1]).val(minutes);
+        $('#slider-time-last-'+time_vals[1]).val(minutes);
+
+        $('#input-time-last-'+time_vals[2]).val(seconds);
+        $('#slider-time-last-'+time_vals[2]).val(seconds);
+
+        $('#input-time-last-'+time_vals[3]).val(milli);
+        $('#slider-time-last-'+time_vals[3]).val(milli);
+
+        $('#input-time-last-'+time_vals[4]).val(l_microdatetime.micro);
+        $('#slider-time-last-'+time_vals[4]).val(l_microdatetime.micro);
+
+        $('#date_ls').datepicker('setDate', d);
+        $('#time_ls').val(l_microdatetime.get_time());
+    }
+
+    if (!skip_input_update) {
+        reflect_change_on_input(seen);
+    }
+}
+
+// get data stored in sliders
+function get_time_from_slider(which) {
+    var micro = 0;
+    var mom;
+    var dp = which == 'first' ? $('#date_fs') : $('#date_ls');
+    var timej = which == 'first' ? $('#time_fs') : $('#time_ls');
+    if (dp.val() != "") { // no time without a date
+        mom = dp.datepicker('getDate');
+        mom = mom === null ? moment(0) : moment(mom.toISOString());
+        if (timej.val() != "") {
+            $('#precision_tool_'+which).find('input[type="number"]').each(function() {
+                switch($(this).attr('scale')) {
+                    case 'us':
+                        micro = parseInt($(this).val());
+                        break;
+                    case 'ms':
+                        mom.set('ms', parseInt($(this).val()));
+                        break;
+                    case 'Second':
+                        mom.set('s', parseInt($(this).val()));
+                        break;
+                    case 'Minute':
+                        mom.set('m', parseInt($(this).val()));
+                        break;
+                    case 'Hour':
+                        mom.set('h', parseInt($(this).val()));
+                        break;
+                }
+            });
+        } else { // no time, setting it UTC noon
+            micro = 0;
+            mom.set('h', 0);
+        }
+    }
+    microdatetime = new MicroDatetime();
+    microdatetime.moment = mom;
+    microdatetime.micro = micro;
+    return microdatetime;
+}
+
+function reflect_change_on_input(seen, full) {
+    if ($('#seen_precision_tool').prop('checked')) {
+        if (seen == 'both' || seen == 'first') {
+            var microdatetime = get_time_from_slider('first');
+            if($('#date_fs').val() !== '') {
+                $("#time_fs").val(microdatetime.get_time());
+            }
+        }
+
+        if (seen == 'both' || seen == 'last') {
+            var microdatetime = get_time_from_slider('last');
+            if($('#date_ls').val() !== '') {
+                $("#time_ls").val(microdatetime.get_time());
+            }
+        }
+    }
+}
+
+function reflect_change_on_form() {
+    var microdatetime = get_time_from_slider('first');
+    if (microdatetime.moment !== undefined) {
+        $('#'+controller+'FirstSeen').val(microdatetime.get_microISO());
+    } else {
+        $('#'+controller+'FirstSeen').val("");
+    }
+    var microdatetime = get_time_from_slider('last');
+    if (microdatetime.moment !== undefined) {
+        $('#'+controller+'LastSeen').val(microdatetime.get_microISO());
+    } else {
+        $('#'+controller+'LastSeen').val("");
+    }
+}
+
+$(document).ready(function() {
+
+    var sliders_container = "<?php if ($this->params->controller === 'attributes') { echo 'fieldset'; } else { echo '#meta-div'; } ?>";
+    var inputs_container = $('<div class="input-group input-daterange"></div>');
+    // create separate date and time input
+    var date_div_fs = $('<div class="input clear larger-input-field" style="margin-left: 10px;"></div>').append(
+        $('<label><?php echo __('First seen date') . '<span class="fa fa-calendar label-icon"></span>'; ?><input id="date_fs" type="text" style="width: 240px;"></input></label>')
+    );
+    $(inputs_container).append(date_div_fs);
+    var date_div_ls = $('<div class="input text larger-input-field"></div>').append(
+        $('<label><?php echo __('Last seen date') . '<span class="fa fa-calendar label-icon"></span>'; ?><input id="date_ls" type="text" style="width: 240px;"></input></label>')
+    );
+    $(inputs_container).append(date_div_ls);
+    $(sliders_container).append(inputs_container);
+
+    var time_div_fs = $('<div class="input clear larger-input-field" style="margin-left: 10px;"></div>').append(
+        $('<label><?php echo __('First seen time') . '<span class="fa fa-clock-o label-icon"></span>'; ?><input id="time_fs" type="text" style="width: 240px; text-align: center;"></input></label>')
+    );
+    $(sliders_container).append(time_div_fs);
+    var time_div_ls = $('<div class="input larger-input-field"></div>').append(
+        $('<label><?php echo __('Last seen time') . '<span class="fa fa-clock-o label-icon"></span>'; ?><input id="time_ls" type="text" style="width: 240px; text-align: center;"></input></label>')
+    );
+    $(sliders_container).append(time_div_ls);
+
+    // create checkbox
+    var div_checkbox_prec_tool = $('<div class="clear checkbox" style="margin-left: 10px;"></div>').append(
+        $('<label style="display: inline-block"><input id="seen_precision_tool" type="checkbox" style="margin-top: 0px;"></input><?php echo(__('Enable precision tool'))?><span class="fa fa-bullseye label-icon"</span></label>')
+    );
+    $(sliders_container).append(div_checkbox_prec_tool);
+
+    // create sliders
+    var div = $('<div id="precision_tool" class="precision-tool clear" style="display: none"></div>');
+    var content = $('<table id="precision_tool_first" style="float: left;"></table>');
+    for (var i=0; i<time_vals.length; i++) {
+        var type = time_vals[i][0];
+        var max = time_vals[i][1];
+        var factor = time_vals[i][2];
+        var row = get_slider_and_input('first', type, factor, max)
+        content.append(row);
+    }
+    div.append(content);
+    var content = $('<table id="precision_tool_last" style="float:left; margin-left: 15px;"></table>');
+    for (var i=0; i<time_vals.length; i++) {
+        var type = time_vals[i][0];
+        var max = time_vals[i][1];
+        var factor = time_vals[i][2];
+        var row = get_slider_and_input('last', type, factor, max)
+        content.append(row);
+    }
+    div.append(content);
+    $(sliders_container).append(div);
+
+    time_vals.forEach(function(elem) {
+        $('#input-time-first-'+elem[0]).on('input', function(e) {
+            $('#slider-time-first-'+elem[0]).val($(this).val());
+            reflect_change_on_input('first');
+        });
+        $('#slider-time-first-'+elem[0]).on('input', function(e) {
+            $('#input-time-first-'+elem[0]).val($(this).val());
+            reflect_change_on_input('first');
+        });
+
+        $('#input-time-last-'+elem[0]).on('input', function(e) {
+            $('#slider-time-last-'+elem[0]).val($(this).val());
+            reflect_change_on_input('last');
+        });
+        $('#slider-time-last-'+elem[0]).on('input', function(e) {
+            $('#input-time-last-'+elem[0]).val($(this).val());
+            reflect_change_on_input('last');
+        });
+    });
+
+    $('#seen_precision_tool').change(function(e) {
+        if(e.target.checked) {
+            $('#precision_tool').show();
+        } else {
+            $('#precision_tool').hide();
+        }
+    });
+
+    $('#time_fs').on("focus", function(event) {
+        $('#seen_precision_tool').prop('checked', true);
+        $('#precision_tool').show();
+    });
+    $('#time_ls').on("focus", function(event) {
+        $('#seen_precision_tool').prop('checked', true);
+        $('#precision_tool').show();
+    });
+
+    $('#time_fs').on("input", function(event) {
+        reflect_change_on_sliders('first', false, $(this).val());
+    });
+    $('#time_ls').on("input", function(event) {
+        reflect_change_on_sliders('last', false, $(this).val());
+    });
+
+    $('#time_fs').on("paste", function(event) {
+        // prefetch clipboard text and apply change
+        var datetimeString;
+        if (event.originalEvent.clipboardData && event.originalEvent.clipboardData.types
+            && $.inArray('text/plain', event.originalEvent.clipboardData.types) !== -1) {
+            datetimeString = event.originalEvent.clipboardData.getData('text/plain');
+        }
+        else if (window.clipboardData) {
+            datetimeString = window.clipboardData.getData('Text');
+        }
+        $('#'+controller+'FirstSeen').val(datetimeString);
+        reflect_change_on_sliders('first', false);
+        event.preventDefault();
+    });
+
+    $('#time_ls').on("paste", function(event) {
+        // prefetch clipboard text and apply change
+        var datetimeString;
+        if (event.originalEvent.clipboardData && event.originalEvent.clipboardData.types
+            && $.inArray('text/plain', event.originalEvent.clipboardData.types) !== -1) {
+            datetimeString = event.originalEvent.clipboardData.getData('text/plain');
+        }
+        else if (window.clipboardData) {
+            datetimeString = window.clipboardData.getData('Text');
+        }
+        $('#'+controller+'LastSeen').val(datetimeString);
+        reflect_change_on_sliders('last', false);
+        event.preventDefault();
+    });
+
+    $('#date_fs').closest('form').submit(function( event ) {
+        reflect_change_on_form();
+    });
+
+    var d1 = new MicroDatetime($('#'+controller+'FirstSeen').val());
+    var d2 = new MicroDatetime($('#'+controller+'LastSeen').val());
+    if (d1.has_date() || d2.has_date()) {
+        $('#date_fs').val(d1.get_date());
+        $('#date_ls').val(d2.get_date());
+    }
+    if (d1.has_time() || d2.has_time()) {
+        $('#seen_precision_tool').prop('checked', true);
+        $('#precision_tool').show();
+        $('#time_fs').val(d1.get_time());
+        $('#time_ls').val(d2.get_time());
+    }
+
+    $('.input-daterange').datepicker({
+        preventMultipleSet: true,
+        format: 'yyyy/mm/dd',
+        todayHighlight: true
+    })
+    reflect_change_on_sliders('both', true);
+
+});
+</script>
diff --git a/app/View/Elements/view_timeline.ctp b/app/View/Elements/view_timeline.ctp
new file mode 100644
index 000000000..cde3ff8c1
--- /dev/null
+++ b/app/View/Elements/view_timeline.ctp
@@ -0,0 +1,33 @@
+<?php
+    $mayModify = (($isAclModify && $event['Event']['user_id'] == $me['id'] && $event['Orgc']['id'] == $me['org_id']) || ($isAclModifyOrg && $event['Orgc']['id'] == $me['org_id']));
+    $mayPublish = ($isAclPublish && $event['Orgc']['id'] == $me['org_id']);
+?>
+
+<div>
+    <div id="timeline-header" class="eventgraph_header">
+        <label id="timeline-scope" class="btn center-in-network-header network-control-btn">
+            <span class="useCursorPointer fa fa-object-group" style="margin-right: 3px;"></span><?php echo __('Time scope')?>
+        </label>
+        <label id="timeline-display" class="btn center-in-network-header network-control-btn">
+            <span class="useCursorPointer fa fa-list-alt" style="margin-right: 3px;"></span><?php echo __('Display')?>
+            <span id="timeline-display-badge" class="badge"></span>
+        </label>
+
+        <input type="text" id="timeline-typeahead" class="center-in-network-header network-typeahead flushright" data-provide="typeahead" size="20" placeholder="Search for an item">
+    </div>
+
+
+    <div id="event_timeline" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>">
+        <div class="loadingTimeline">
+            <div class="spinner"></div>
+            <div class="loadingText"><?php echo __('Loading');?></div>
+        </div>
+    </div>
+    <span id="fullscreen-btn-timeline" class="fullscreen-btn-timeline btn btn-xs btn-primary" data-toggle="tooltip" data-placement="top" data-title="<?php echo __('Toggle fullscreen');?>"><span class="fa fa-desktop"></span></span>
+</div>
+
+<?php
+    echo $this->Html->script('moment-with-locales');
+    echo $this->Html->script('event-timeline');
+    echo $this->Html->css('event-timeline');
+?>
diff --git a/app/View/Events/view.ctp b/app/View/Events/view.ctp
index fc9a62bf8..b5aeea590 100644
--- a/app/View/Events/view.ctp
+++ b/app/View/Events/view.ctp
@@ -467,6 +467,9 @@
         <button class="btn btn-inverse toggle qet galaxy-toggle-button" id="eventgraph_toggle" data-toggle-type="eventgraph" onclick="enable_interactive_graph();">
             <span class="icon-plus icon-white" title="<?php echo __('Toggle Event graph');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle Event graph');?>" style="vertical-align:top;"></span><?php echo __('Event graph');?>
         </button>
+        <button class="btn btn-inverse toggle qet galaxy-toggle-button" id="eventtimeline_toggle" data-toggle-type="eventtimeline" onclick="enable_timeline();">
+            <span class="icon-plus icon-white" title="<?php echo __('Toggle Event timeline');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle Event timeline');?>" style="vertical-align:top;"></span><?php echo __('Event timeline');?>
+        </button>
         <button class="btn btn-inverse toggle qet galaxy-toggle-button" id="correlationgraph_toggle" data-toggle-type="correlationgraph" onclick="enable_correlation_graph();">
             <span class="icon-plus icon-white" title="<?php echo __('Toggle Correlation graph');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle Correlation graph');?>" style="vertical-align:top;"></span><?php echo __('Correlation graph');?>
         </button>
@@ -492,6 +495,9 @@
     <div id="eventgraph_div" class="info_container_eventgraph_network" style="display: none;" data-fullscreen="false">
         <?php echo $this->element('view_event_graph'); ?>
     </div>
+    <div id="eventtimeline_div" class="info_container_eventtimeline" style="display: none;" data-fullscreen="false">
+        <?php echo $this->element('view_timeline'); ?>
+    </div>
     <div id="correlationgraph_div" class="info_container_eventgraph_network" style="display: none;" data-fullscreen="false">
     </div>
     <div id="attackmatrix_div" class="info_container_eventgraph_network" style="display: none;" data-fullscreen="false" data-mitre-attack-galaxy-id="<?php echo h($mitreAttackGalaxyId)?>">
diff --git a/app/View/Objects/add.ctp b/app/View/Objects/add.ctp
index 4d8e3ea4b..a90e869a9 100644
--- a/app/View/Objects/add.ctp
+++ b/app/View/Objects/add.ctp
@@ -5,7 +5,7 @@
     echo $this->Form->create('Object', array('id', 'url' => $url, 'enctype' => 'multipart/form-data'));
 ?>
 <h3><?php echo ucfirst($action) . ' ' . Inflector::humanize(h($template['ObjectTemplate']['name'])) . __(' Object'); ?></h3>
-<div class="row-fluid" style="margin-bottom:10px;">
+<div id="meta-div" class="row-fluid" style="margin-bottom:10px;">
   <dl class="span8">
     <dt><?php echo __('Object Template');?></dt>
     <dd>
@@ -77,6 +77,9 @@
         ));
       ?>
     </dd>
+    <?php
+        echo $this->element('form_seen_input');
+    ?>
   </dl>
 </div>
 <?php
diff --git a/app/View/Objects/ajax/objectEditCommentForm.ctp b/app/View/Objects/ajax/objectEditCommentForm.ctp
new file mode 100644
index 000000000..dbd5c74e4
--- /dev/null
+++ b/app/View/Objects/ajax/objectEditCommentForm.ctp
@@ -0,0 +1,22 @@
+<?php
+    echo $this->Form->create('Object', array('class' => 'inline-form inline-field-form', 'id' => 'Object_' . $object['id'] . '_comment_form', 'url' => '/objects/editField/' . $object['id']));
+?>
+    <div class='inline-input inline-input-container'>
+    <div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" role="button" tabindex="0" aria-label="<?php echo __('Accept change'); ?>"></span></div>
+    <div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" role="button" tabindex="0" aria-label="<?php echo __('Discard change'); ?>"></span></div>
+        <?php
+            echo $this->Form->input('comment', array(
+                    'type' => 'textarea',
+                    'label' => false,
+                    'value' => $object['comment'],
+                    'error' => array('escape' => false),
+                    'class' => 'inline-input',
+                    'id' => 'Object' . '_' . $object['id'] . '_comment_field',
+                    'div' => false
+            ));
+            echo $this->Form->end();
+?>
+    </div>
+<?php
+    echo $this->Form->end();
+?>
diff --git a/app/View/Objects/ajax/objectEditDistributionForm.ctp b/app/View/Objects/ajax/objectEditDistributionForm.ctp
new file mode 100644
index 000000000..53d87c17d
--- /dev/null
+++ b/app/View/Objects/ajax/objectEditDistributionForm.ctp
@@ -0,0 +1,19 @@
+<?php
+    echo $this->Form->create('Object', array('class' => 'inline-form inline-field-form', 'id' => 'Object_' . $object['id'] . '_distribution_form', 'url' => '/objects/editField/' . $object['id']));
+?>
+<div class='inline-input inline-input-container'>
+    <div class="inline-input-accept inline-input-button inline-input-passive"><span class = "icon-ok" role="button" tabindex="0" aria-label="<?php echo __('Accept change'); ?>"></span></div>
+    <div class="inline-input-decline inline-input-button inline-input-passive"><span class = "icon-remove" role="button" tabindex="0" aria-label="<?php echo __('Discard change'); ?>"></span></div>
+    <?php
+        echo $this->Form->input('distribution', array(
+                'options' => array($distributionLevels),
+                'label' => false,
+                'selected' => $object['distribution'],
+                'error' => array('escape' => false),
+                'class' => 'inline-input',
+                'id' => 'Object_' . $object['id'] . '_distribution_field',
+                'div' => false
+        ));
+        echo $this->Form->end();
+    ?>
+</div>
diff --git a/app/View/Objects/ajax/objectEditFirst_seenForm.ctp b/app/View/Objects/ajax/objectEditFirst_seenForm.ctp
new file mode 100644
index 000000000..0f873d51d
--- /dev/null
+++ b/app/View/Objects/ajax/objectEditFirst_seenForm.ctp
@@ -0,0 +1,14 @@
+<?php
+    echo $this->Form->create('Object', array('id' => 'Object' . '_' . $object['id'] . '_first_seen_form', 'url' => '/objects/editField/' . $object['id']));
+?>
+<?php
+    echo $this->Form->input('first_seen', array(
+            'label' => false,
+            'type' => 'text',
+            'value' => 0,
+            'id' => 'Object' . '_' . $object['id'] . '_first_seen_field',
+            'div' => false
+    ));
+    echo $this->Form->end();
+?>
+</div>
diff --git a/app/View/Objects/ajax/objectEditLast_seenForm.ctp b/app/View/Objects/ajax/objectEditLast_seenForm.ctp
new file mode 100644
index 000000000..6e3fda3d8
--- /dev/null
+++ b/app/View/Objects/ajax/objectEditLast_seenForm.ctp
@@ -0,0 +1,14 @@
+<?php
+    echo $this->Form->create('Object', array('id' => 'Object' . '_' . $object['id'] . '_last_seen_form', 'url' => '/objects/editField/' . $object['id']));
+?>
+<?php
+    echo $this->Form->input('last_seen', array(
+            'label' => false,
+            'type' => 'text',
+            'value' => 0,
+            'id' => 'Object' . '_' . $object['id'] . '_last_seen_field',
+            'div' => false
+    ));
+    echo $this->Form->end();
+?>
+</div>
diff --git a/app/View/Objects/ajax/objectViewFieldForm.ctp b/app/View/Objects/ajax/objectViewFieldForm.ctp
new file mode 100644
index 000000000..236555c43
--- /dev/null
+++ b/app/View/Objects/ajax/objectViewFieldForm.ctp
@@ -0,0 +1,2 @@
+<?php
+    echo nl2br(h($value)) . '&nbsp;';
diff --git a/app/View/Objects/ajax/quickAddAttributeForm.ctp b/app/View/Objects/ajax/quickAddAttributeForm.ctp
new file mode 100644
index 000000000..b47804c7c
--- /dev/null
+++ b/app/View/Objects/ajax/quickAddAttributeForm.ctp
@@ -0,0 +1,156 @@
+<?php
+    $url = '/objects/quickAddAttributeForm/' . $object['id'];
+    $element = $template['ObjectTemplateElement'][0];
+    $k = 0;
+    $action = 'add';
+    echo $this->Form->create('Object', array(
+        'id' => 'Object_' . $object['id'] . '_quick_add_attribute_form',
+        'url' => $url,
+        'class' => 'allDiv'
+    ));
+?>
+
+<fieldset>
+    <legend><?php echo __('Add Object attribute'); ?></legend>
+    <div class="add_attribute_fields">
+    <?php
+        $formSettings = array(
+            'type' => 'hidden',
+            'value' => $element['object_relation'],
+            'label' => false,
+            'div' => false
+        );
+        echo $this->Form->input('Attribute.' . $k . '.object_relation', $formSettings);
+
+        $formSettings['value'] = $object['id'];
+        echo $this->Form->input('Object.id', $formSettings);
+
+        $formSettings['value'] = $object['event_id'];
+        echo $this->Form->input('Object.event_id', $formSettings);
+
+        $formSettings['value'] = $element['type'];
+        echo '<div style="margin-bottom: 5px; font-size: 14px;">';
+        echo $this->Form->input('Attribute.' . $k . '.type', $formSettings);
+        echo '<span class="bold">' . Inflector::humanize(h($element['object_relation'])) . '</span>';
+        echo ' :: ' . h($element['type']) . '';
+        echo '<br>';
+        echo '<span class="immutableAttributeDescription">' . h($element['description']) . '</span>';
+        echo '</div>';
+    ?>
+
+
+    <?php
+        $formSettings = array(
+          'options' => array_combine($element['categories'], $element['categories']),
+          'default' => $element['default_category'],
+          'div' => true
+        );
+        echo $this->Form->input('Attribute.' . $k . '.category', $formSettings);
+    ?>
+
+    <div class="clear">
+    <?php
+        echo '<label for="Attribute' . $k . '.value">' . __('Value') . '</label>';
+        echo $this->element(
+            'Objects/object_value_field',
+            array(
+                'element' => $element,
+                'k' => $k,
+                'action' => $action
+            )
+        );
+    ?>
+    </div>
+
+    <?php
+        echo $this->Form->input('Attribute.' . $k . '.to_ids', array(
+            'type' => 'checkbox',
+            'checked' => $element['to_ids'],
+        ));
+    ?>
+
+    <?php
+        echo $this->Form->input('Attribute.' . $k . '.disable_correlation', array(
+            'type' => 'checkbox',
+            'checked' => $element['disable_correlation'],
+        ));
+    ?>
+
+    <div class='input'>
+    <?php
+        echo $this->Form->input('Attribute.' . $k . '.distribution', array(
+            'class' => 'Attribute_distribution_select',
+            'options' => $distributionData['levels'],
+            'default' => !empty($element['distribution']) ? $element['distribution'] : $distributionData['initial'],
+            'div' => false,
+            'label' => __('Distribution ') . $this->element('formInfo', array('type' => 'distribution')),
+        ));
+    ?>
+    </div>
+    <div class='input'>
+        <div id="SGContainer" style="display:none;">
+            <?php
+                if (!empty($distributionData['sgs'])) {
+                    echo $this->Form->input('Attribute.' . $k . '.sharing_group_id', array(
+                            'options' => $distributionData['sgs'],
+                            'label' => __('Sharing Group')
+                    ));
+                }
+            ?>
+        </div>
+    </div>
+
+    <?php
+        echo $this->Form->input('Attribute.' . $k . '.comment', array(
+            'type' => 'textarea',
+            'required' => false,
+            'allowEmpty' => true,
+            'div' => 'input clear',
+            'class' => 'input-xxlarge'
+        ));
+    ?>
+
+   </div>
+   </fieldset>
+
+    <div class="overlay_spacing">
+    <?php if ($ajax): ?>
+        <span id="submitButton" class="btn btn-primary" style="margin-bottom:5px;float:left;" title="<?php echo __('Submit'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Submit'); ?>" onClick="submitPopoverForm('<?php echo h($object['id']); ?>', 'quickAddAttributeForm', <?php echo h($object['event_id']); ?>)"><?php echo __('Submit'); ?></span>
+    <?php else:
+            echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
+        endif;
+    ?>
+        <span class="btn btn-inverse" style="float:right;" title="<?php echo __('Cancel'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Cancel'); ?>" id="cancel_attribute_add"><?php echo __('Cancel'); ?></span>
+    </div>
+
+<?php
+    echo $this->Form->end();
+?>
+
+
+<script>
+<?php
+    $formInfoTypes = array('distribution' => 'Distribution');
+    echo 'var formInfoFields = ' . json_encode($formInfoTypes) . PHP_EOL;
+    foreach ($formInfoTypes as $formInfoType => $humanisedName) {
+        echo 'var ' . $formInfoType . 'FormInfoValues = {' . PHP_EOL;
+        foreach ($info[$formInfoType] as $key => $formInfoData) {
+            echo '"' . $key . '": "<span class=\"blue bold\">' . h($formInfoData['key']) . '</span>: ' . h($formInfoData['desc']) . '<br />",' . PHP_EOL;
+        }
+        echo '}' . PHP_EOL;
+    }
+?>
+
+$(document).ready(function() {
+    initPopoverContent('Attribute0');
+    $('#Attribute0Distribution').change(function() {
+        initPopoverContent('Attribute0');
+        if ($('#Attribute0Distribution').val() == 4) $('#SGContainer').show();
+        else $('#SGContainer').hide();
+    });
+
+    $('#cancel_attribute_add').click(function() {
+        cancelPopoverForm();
+    });
+});
+</script>
diff --git a/app/View/Objects/ajax/templateWithValidObjectAttributes.ctp b/app/View/Objects/ajax/templateWithValidObjectAttributes.ctp
new file mode 100644
index 000000000..aab0101e5
--- /dev/null
+++ b/app/View/Objects/ajax/templateWithValidObjectAttributes.ctp
@@ -0,0 +1,22 @@
+<div class="popover_choice">
+    <legend><?php echo __('Select Object Attribute To Add');?></legend>
+    <div class="popover_choice_main" id ="popover_choice_main">
+        <table style="width:100%;">
+        <?php foreach ($template['ObjectTemplateElement'] as $objectAttribute): ?>
+            <tr style="border-bottom:1px solid black;" class="templateChoiceButton">
+                <td role="button" tabindex="0" aria-label="<?php echo h($objectAttribute['object_relation']); ?>" title="<?php echo h($objectAttribute['object_relation']); ?>" style="padding-left:10px;padding-right:10px; text-align:center;width:100%;" onClick="fetchAddObjectAttributeForm(<?php echo h($objectId) . ', \'' . h($objectAttribute['object_relation']) . '\''; ?>)"><?php echo '<strong>' . h($objectAttribute['object_relation']) . '</strong>' . ' :: ' . h($objectAttribute['type']) . '<br>' . h($objectAttribute['description']); ?></td>
+            </tr>
+        <?php endforeach; ?>
+        </table>
+    </div>
+    <div role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="templateChoiceButton templateChoiceButtonLast" onClick="cancelPopoverForm();"><?php echo __('Cancel');?></div>
+</div>
+<script type="text/javascript">
+    $(document).ready(function() {
+        resizePopoverBody();
+    });
+
+    $(window).resize(function() {
+        resizePopoverBody();
+    });
+</script>
diff --git a/app/View/Objects/revise_object.ctp b/app/View/Objects/revise_object.ctp
index 70c19dd0d..6ef651c7c 100644
--- a/app/View/Objects/revise_object.ctp
+++ b/app/View/Objects/revise_object.ctp
@@ -49,6 +49,13 @@
             <td class="bold"><?php echo __('Comment');?></td>
             <td><?php echo h($data['Object']['comment']); ?></td>
           </tr>
+          <td class="bold"><?php echo __('First seen');?></td>
+            <td><?php echo h($data['Object']['first_seen']); ?></td>
+          </tr>
+          <tr>
+            <td class="bold"><?php echo __('Last seen');?></td>
+            <td><?php echo h($data['Object']['last_seen']); ?></td>
+          </tr>
           <tr>
             <table id="attribute_table" class="table table-condensed table-striped">
               <thead>
diff --git a/app/webroot/css/event-timeline.css b/app/webroot/css/event-timeline.css
new file mode 100644
index 000000000..26799f823
--- /dev/null
+++ b/app/webroot/css/event-timeline.css
@@ -0,0 +1,150 @@
+.info_container_eventtimeline {
+	margin-top:10px;
+	border: 1px solid #0088cc;
+	border-radius: 7px;
+	box-shadow: 0px 0px 6px #B2B2B2;
+	width: 100%;
+	min-height: 100px;
+	padding: 1px;
+}
+
+.vis-timeline {
+	position: relative;
+	border: none;
+	overflow: hidden;
+	padding: 0;
+	margin: 0;
+	box-sizing: border-box;
+}
+
+.fullscreen-btn-timeline {
+	float: right;
+	display: inline-block;
+	bottom: 33px;
+	position: relative;
+	right: 3px;
+	opacity: 0.7;
+	z-index: 1;
+	cursor: nesw-resize;
+}
+
+.loadingTimeline {
+	display: none;
+	position: absolute;
+	margin-top: 10px;
+	width: 100%;
+	text-align: center;
+}
+
+.loadingTimeline > div.loadingText {
+	left: 0px;
+}
+
+.timestamp-obj {
+	box-shadow: #ff0000 0px 0px 0px 5px;
+}
+
+.timestamp-attr {
+	box-shadow: #ff0000 0px 0px 0px 5px;
+	padding-top: 4px;
+	padding-bottom: 4px;
+}
+
+.vis-item.attribute {
+	background-color: orange;
+	border-color: black;
+}
+.vis-item.attribute.vis-selected {
+	box-shadow: 0 0 20px rgba(82, 168, 236, 1);`
+}
+
+.vis-item.object {
+	background-color: #3465a4;
+	border-color: black;
+	color: white;
+}
+.vis-item.object.vis-selected {
+	box-shadow: 0 0 20px rgba(82, 168, 236, 1);`
+}
+
+.vis-item.object_attribute {
+	background-color: greenyellow;
+	border-color: green;
+}
+
+.timeline-objectName {
+	text-align:left;
+	border-bottom: white solid 1px;
+}
+.timeline-objectAttrType {
+	text-align:left;
+	line-height: 14px;
+	font-style: italic;
+}
+.timeline-objectAttrVal {
+	text-align:left;
+	line-height: 14px;
+	padding-left: 5px;
+}
+
+.vis-delete {
+    top: -8px !important;
+    padding: 3px !important;
+    height: 22px !important;
+    width: 20px !important;
+}
+
+.vis-expand-action {
+    position: absolute;
+
+    padding: 3px 2px !important;
+    height: 22px !important;
+    width: 22px !important;
+
+
+    top: 15px;
+    right: -25px;
+    box-sizing: border-box;
+    cursor: pointer;
+
+    -webkit-transition: background 0.2s linear;
+    -moz-transition: background 0.2s linear;
+    -ms-transition: background 0.2s linear;
+    -o-transition: background 0.2s linear;
+    transition: background 0.2s linear;
+}
+.vis-item .vis-expand-action:after {
+    color: green;
+    font-family: arial, sans-serif;
+    font-size: 22px;
+    font-weight: bold;
+
+    -webkit-transition: color 0.2s linear;
+    -moz-transition: color 0.2s linear;
+    -ms-transition: color 0.2s linear;
+    -o-transition: color 0.2s linear;
+    transition: color 0.2s linear;
+}
+.expand-btn:after {
+    content: "\21d4";
+}
+.collapse-btn:after {
+    content: "\21b5";
+}
+.vis-item .vis-expand-action:hover {
+    background: green;
+}
+.vis-item .vis-expand-action:hover:after {
+    color: white;
+}
+
+.vis-onUpdateTime-tooltip {
+    background: #7b7b7b !important;
+    padding: 0px !important;
+    border-radius: 5px !important;
+    border: solid 1px #000 !important;
+}
+
+#timeline-typeahead {
+    width: 400px;
+}
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 364d49451..6553ba4b4 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -21,6 +21,10 @@ button .full-width {
     margin-bottom:10px;
 }
 
+form button.btn[disabled] {
+    cursor: not-allowed;
+}
+
 /*.close{
     float:none;
 }*/
@@ -289,6 +293,26 @@ td.highlight3 {
 
 }
 
+table-striped tbody > tr > td.objectAddField {
+    padding: 2px 3px;
+    line-height: normal;
+    display: inline-block;
+    position: relative;
+    top: -13px;
+    left: -4px;
+    color: white;
+    background-color: #1369a0;
+    border: 0px;
+    border-radius: 15px;
+    height: 12px;
+    width: 10px;
+}
+
+.table-striped tbody > tr > td.objectAddField:hover {
+    transform: scale(1.7);
+    cursor: pointer;
+}
+
 tr.highlightBlueSides {
     border-left:2px solid #0088cc;
     border-right:2px solid #0088cc;
@@ -836,6 +860,20 @@ a.proposal_link_red:hover {
     border: 0;
 }
 
+.immutableAttributeDescription:before {
+    background: rgba(255, 255, 255, 0);
+    content: '';
+    margin-right: 5px;
+    margin-left: 2px;
+    border-left: 1px solid;
+    border-bottom: 1px solid;
+    height: 10px;
+    width: 5px;
+    position: relative;
+    display: block;
+    float: left;
+}
+
 .ajax_popover_form {
     display:none;
     width: 700px;
@@ -2219,6 +2257,23 @@ table tr:hover .down-expand-button {
     position: relative;
 }
 
+.nanosec-div {
+    font-weight:bold;
+    position: relative;
+    width: 100%;
+    text-align: center;
+    top: -5px;
+}
+
+.larger-input-field {
+    width: 270px !important;
+}
+
+.precision-tool {
+    margin-left: 10px;
+    display: inline-block;
+}
+
 .fa-as-icon {
     font-size: 20px;
     padding-left: 2px;
diff --git a/app/webroot/js/bootstrap-datepicker.js b/app/webroot/js/bootstrap-datepicker.js
index fb56652e1..42b9d9c2c 100644
--- a/app/webroot/js/bootstrap-datepicker.js
+++ b/app/webroot/js/bootstrap-datepicker.js
@@ -1461,6 +1461,7 @@
 			return i.jquery ? i[0] : i;
 		});
 		delete options.inputs;
+        this.preventMultipleSet = options.preventMultipleSet;
 
 		datepickerPlugin.call($(this.inputs), options)
 			.on('changeDate', $.proxy(this.dateUpdated, this));
@@ -1507,10 +1508,12 @@
 			if (i === -1)
 				return;
 
-			$.each(this.pickers, function(i, p){
-				if (!p.getUTCDate())
-					p.setUTCDate(new_date);
-			});
+			if (!this.preventMultipleSet) {
+				$.each(this.pickers, function(i, p){
+					if (!p.getUTCDate())
+						p.setUTCDate(new_date);
+				});
+			}
 
 			if (new_date < this.dates[j]){
 				// Date being moved earlier/left
diff --git a/app/webroot/js/contextual_menu.js b/app/webroot/js/contextual_menu.js
index 455472d66..bc8ab94c9 100644
--- a/app/webroot/js/contextual_menu.js
+++ b/app/webroot/js/contextual_menu.js
@@ -143,6 +143,7 @@ class ContextualMenu {
     __create_menu_div_bootstrap_popover() {
         var div = document.createElement('div');
         div.classList.add("contextual-menu");
+        div.style.display = 'none';
         this.container.appendChild(div);
         var that = this;
         this.trigger_container.tabIndex = 0; // required for the popover focus feature
@@ -151,19 +152,20 @@ class ContextualMenu {
             container: 'body',
             html: true,
             placement: "bottom",
-            content: function () {return $(that.menu); }, // return contextual menu html
+            content: function () { var html=$(that.menu); html.css('display', 'inline-block'); return html;}, // return contextual menu html
             trigger: "manual",
             template: '<div class="popover" id="popover-contextual-menu-'+this.trigger_container.id+'" role="tooltip" style="'+additional_styling+'"><div class="arrow"></div></h3><div class="popover-content"></div></div>'
         })
 
         // Overwrite the default popover behavior: hidding cause the popover to be detached from the DOM, making impossible to fetch input values in the form
         $(this.trigger_container).click (function(e) {
-            if (that.has_been_shown_once) {
-                $('#popover-contextual-menu-'+this.id).toggle();
-            } else {
-                that.has_been_shown_once = true;
-                $(this).popover('show');
-            }
+            $(this).popover('toggle');
+            // if (that.has_been_shown_once) {
+            //     $('#popover-contextual-menu-'+this.id).toggle();
+            // } else {
+            //     that.has_been_shown_once = true;
+            //     $(this).popover('show');
+            // }
         });
         return div;
     }
@@ -371,7 +373,7 @@ class ContextualMenu {
         this.menu.appendChild(label);
         this.menu.appendChild(div);
         if(options.event !== undefined) {
-            button.addEventListener("click", function(evt) { 
+            button.addEventListener("click", function(evt) {
 		var corresponding_select_id = evt.target.dataset.correspondingId;
 		var selected_value = $('#'+corresponding_select_id).val();
 		options.event(selected_value);
diff --git a/app/webroot/js/event-graph.js b/app/webroot/js/event-graph.js
index cb83f30b0..7c2578e14 100644
--- a/app/webroot/js/event-graph.js
+++ b/app/webroot/js/event-graph.js
@@ -155,7 +155,7 @@ class EventGraph {
             $("#select_graph_scope").val(value);
         }
 
-        if (value == "Rotation key") {
+        if (value == "Pivot key") {
             $("#network-scope-badge").text(value + ": " + eventGraph.scope_keyType);
         } else {
             $("#network-scope-badge").text(value);
@@ -176,30 +176,30 @@ class EventGraph {
             label: "Scope",
             tooltip: "The scope represented by the network",
             event: function(value) {
-                if (value == "Rotation key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected  for Rotation key scope
+                if (value == "Pivot key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected  for Pivot key scope
                     return;
                 } else {
                     eventGraph.update_scope(value);
                     dataHandler.fetch_data_and_update();
                 }
             },
-            options: ["Reference", "Tag", "Rotation key"],
+            options: ["Reference", "Tag", "Pivot key"],
             default: "Reference"
         });
         menu_scope.add_select({
             id: "input_graph_scope_jsonkey",
-            label: "Rotation key",
+            label: "Pivot key",
             tooltip: "The key around which the network will be constructed",
             event: function(value) {
-                if (value == "Rotation key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Rotation key scope
+                if (value == "Pivot key" && $('#input_graph_scope_jsonkey').val() == "") { // no key selected for Pivot key scope
                     return;
                 } else {
                     eventGraph.scope_keyType = value;
-                    eventGraph.update_scope("Rotation key");
+                    eventGraph.update_scope("Pivot key");
                     dataHandler.fetch_data_and_update();
                 }
             },
-            options: dataHandler.available_rotation_key ? dataHandler.available_rotation_key : [],
+            options: dataHandler.available_pivot_key ? dataHandler.available_pivot_key : [],
             default: ""
         });
         return menu_scope;
@@ -298,7 +298,8 @@ class EventGraph {
                 for(var nodeId of objectIds) {
                     eventGraph.expand_node(nodeId);
                 }
-            }
+            },
+            title: "Expanding all nodes may takes some time"
         });
         menu_display.add_button({
             label: "Collapse all nodes",
@@ -310,7 +311,8 @@ class EventGraph {
                 for(var nodeId of objectIds) {
                     eventGraph.collapse_node(nodeId);
                 }
-            }
+            },
+            title: "Collapsing all nodes may takes some time"
         });
         menu_display.add_slider({
             id: 'slider_display_max_char_num',
@@ -1427,8 +1429,8 @@ class DataHandler {
                         return [[index, value]];
                     });
                     dataHandler.update_filtering_selectors(available_object_references, available_tags);
-                    dataHandler.available_rotation_key = data.available_rotation_key;
-                    eventGraph.menu_scope.add_options("input_graph_scope_jsonkey", dataHandler.available_rotation_key);
+                    dataHandler.available_pivot_key = data.available_pivot_key;
+                    eventGraph.menu_scope.add_options("input_graph_scope_jsonkey", dataHandler.available_pivot_key);
                     if (data.items.length < nodes_ask_threshold) {
                         eventGraph.update_graph(data);
                     } else if (data.items.length > nodes_ask_threshold && confirm("The network contains a lot of nodes, displaying it may slow down your browser. Continue?")) {
diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
new file mode 100644
index 000000000..ac03965e0
--- /dev/null
+++ b/app/webroot/js/event-timeline.js
@@ -0,0 +1,586 @@
+var max_displayed_char_timeline = 64;
+var eventTimeline;
+var items_timeline;
+var items_backup;
+var use_local_timezone = true;
+var mapping_text_to_id = new Map();
+var user_manipulation = $('#event_timeline').data('user-manipulation');
+var extended_text = $('#event_timeline').data('extended') == 1 ? "extended:1/" : "";
+var container_timeline = document.getElementById('event_timeline');
+var hardThreshold = 50;
+var softThreshold = 30;
+var timeline_disabled = false;
+var default_editable = {
+    add: false,         // add new items by double tapping
+    updateTime: true,   // drag items horizontally
+    remove: true
+};
+var relationship_type_mapping = {
+   'followed-by': 'after',
+   'preceding-by': 'before',
+}
+var options = {
+    template: function (item, element, data) {
+        switch(item.group) {
+            case "attribute":
+                return build_attr_template(item);
+
+            case "object":
+                return build_object_template(item);
+
+            case "object_attribute":
+                console.log('Error');
+                break;
+
+            default:
+                break;
+        }
+    },
+    moment: function(date) {
+        if (use_local_timezone) {
+            return vis.moment(date);
+        } else {
+            return vis.moment(date).utc();
+        }
+    },
+    verticalScroll: true,
+    zoomKey: 'altKey',
+    maxHeight: 400,
+    minHeight: 400,
+    multiselect: true,
+    editable: user_manipulation ? default_editable : false,
+    tooltipOnItemUpdateTime: true,
+    onRemove: function(item, callback) { // clear timestamps
+        update_seen(item, 'first', null, false, undefined);
+        update_seen(item, 'last', null, false, function() { reflect_change(true); });
+        eventTimeline.setSelection([]);
+        $('.timelineSelectionTooltip').remove()
+    },
+    onMove: function(item, callback) {
+        var newStart = moment(item.start.toISOString());
+        var newEnd = (item.end !== undefined && item.end !== null) ? moment(item.end.toISOString()) : null;
+        var c1 = item.first_seen !== null ? !item.first_seen.isSame(newStart) : true;
+        var c2 = item.last_seen !== null ? !item.last_seen.isSame(newEnd) && item.seen_enabled : true;
+        if (c1) {
+            if (item.first_seen === null) {
+                if (!c2) {
+                    update_seen(item, 'first', newStart, true, undefined);
+                } else {
+                    update_seen(item, 'first', newStart, false, function() { reflect_change(true); });
+                }
+            } else {
+                update_seen(item, 'first', newStart, !c2, undefined);
+            }
+        }
+        if (c2) {
+            update_seen(item, 'last', newEnd, true, undefined);
+        }
+    }
+};
+var timeline_typeaheadDataSearch;
+var timeline_typeaheadOption = {
+    source: function (query, process) {
+        if (timeline_typeaheadDataSearch === undefined) { // caching
+            timeline_typeaheadDataSearch = Array.from(mapping_text_to_id.keys());
+        }
+        process(timeline_typeaheadDataSearch);
+    },
+    updater: function(value) {
+        var id = mapping_text_to_id.get(value);
+        eventTimeline.focus(id);
+        $("#timeline-typeahead").blur();
+    },
+    autoSelect: true
+}
+
+function isDefined(element) {
+    return element !== undefined && element !== null;
+}
+
+function generate_timeline_tooltip(itemID, target) {
+    var item = items_timeline.get(itemID);
+    if (
+        item.first_seen === undefined
+        || item.first_seen === null
+        || item.first_seen_overwrite
+    ) { // do not generate if first_seen not set
+        return;
+    }
+    var closest = $(target.closest(".vis-selected.vis-editable"));
+    var btn_type = item.last_seen !== null ? 'collapse-btn' : 'expand-btn';
+    var fct_type = item.last_seen !== null ? 'collapseItem' : 'expandItem';
+    var btn = $('<div class="timelineSelectionTooltip vis-expand-action '+btn_type+'" data-itemid="'+item.id+'"></div>')
+    if (item.last_seen !== null) {
+        btn.click(collapseItem);
+    } else {
+        btn.click(expandItem);
+    }
+    closest.append(btn);
+}
+
+/* UTIL */
+function collapseItem() {
+    var itemID = $(this).data('itemid');
+    var item = items_timeline.get(itemID);
+    update_seen(item, 'last', null, true, undefined);
+}
+function expandItem() {
+    var itemID = $(this).data('itemid');
+    var item = items_timeline.get(itemID);
+    var newEnd = get_next_step(item.first_seen);
+    update_seen(item, 'last', newEnd, true, undefined);
+}
+
+function get_next_step(mom) {
+    var scale = eventTimeline.timeAxis.step.scale;
+    var momAhead = mom.clone();
+    momAhead.add(1, scale);
+    return momAhead;
+}
+
+function build_attr_template(attr) {
+    var span = $('<span data-itemID="'+attr.id+'">');
+    if (!attr.seen_enabled) {
+        span.addClass('timestamp-attr');
+    }
+    span.text(attr.content);
+    span.data('seen_enabled', attr.seen_enabled);
+    var html = span[0].outerHTML;
+    return html;
+}
+
+function build_object_template(obj) {
+    var table = $('<table>');
+    table.data('seen_enabled', obj.seen_enabled);
+    if (!obj.seen_enabled) {
+        table.addClass('timestamp-obj');
+    }
+    var bolt_html = obj.overwrite_enabled ? " <i class=\"fa fa-bolt\" style=\"color: yellow; font-size: large;\" title=\"Object is (or can be) overwritten by its attributes\">" : "";
+    table.append($('<tr class="timeline-objectName"><th>'+obj.content+bolt_html+'</th><th></th></tr>'));
+    for (var attr of obj.Attribute) {
+        var overwritten = obj.overwrite_enabled && (attr.contentType == "first-seen" || attr.contentType == "last-seen") ? " <i class=\"fa fa-bolt\" style=\"color: yellow;\" title=\"Overwrite object "+attr.contentType+"\"></i>" : "";
+        table.append(
+            $('<tr>').append(
+                $('<td class="timeline-objectAttrType">' + attr.contentType + '</td>'
+                    +'<td class="timeline-objectAttrVal">' + attr.content+overwritten + '</td>'
+                )
+            )
+        )
+    }
+    var html = table[0].outerHTML;
+    return html;
+}
+
+function reflect_change(onIndex, itemType, itemId) {
+    if (onIndex) {
+        updateIndex(scope_id, 'event'); // MISP function
+    } else { // reflect change on item only
+        quick_fetch_seens(itemType, itemId, function(firstSeen, lastSeen) {
+            var updatedItem = items_timeline.get(itemId);
+            updatedItem.first_seen = firstSeen;
+            updatedItem.last_seen = lastSeen;
+            updatedItem.first_seen_overwrite = false;
+            updatedItem.last_seen_overwrite = false;
+            var e = $.extend({}, default_editable);
+            e.remove = true;
+            updatedItem.editable = e;
+            set_spanned_time(updatedItem);
+            items_timeline.remove(updatedItem.id);
+            items_timeline.add(updatedItem);
+        });
+    }
+}
+
+function quick_fetch_seens(itemType, itemId, callback) {
+    var url = "/" + itemType + "/" + "fetchViewValue" + "/" + itemId + "/";
+    var dfs = $.ajax({
+        dataType: "html",
+        cache: false,
+        success: function(data, textStatus) {
+            return data;
+        },
+        url: url+"first_seen"
+    });
+    var dls = $.ajax({
+        dataType: "html",
+        cache: false,
+        success: function(data, textStatus) {
+            return data;
+        },
+        url: url+"last_seen"
+    });
+
+    $.when( dfs, dls).done(function(a1, a2) {
+        firstSeen = a1[0].replace('&nbsp;', '');
+        firstSeen = firstSeen == '' ? null : firstSeen;
+        lastSeen = a2[0].replace('&nbsp;', '');
+        lastSeen = lastSeen == '' ? null : lastSeen;
+        callback(firstSeen, lastSeen);
+    });
+}
+
+function update_seen(item, seenType, value, reflect, callback) {
+    var itemType = item.group + 's';
+    var momentISO = value !== null ? value.toISOString() : null;
+    fetch_form_and_submit(itemType, item, seenType, momentISO, reflect, callback);
+}
+
+function fetch_form_and_submit(itemType, item, seenType, value, reflect, callback) {
+    var url = "/" + itemType + "/fetchEditForm/" + item.id + "/" + seenType+"_seen";
+    $.ajax({
+        beforeSend: function (XMLHttpRequest) {
+            $(".loadingTimeline").show();
+        },
+        dataType:"html",
+        cache: false,
+        success: function (data, textStatus) {
+            var form = $(data);
+            $(container_timeline).append(form);
+            form.css({display: 'none'});
+            var field = form.find('input[name*="' + seenType + '_seen"]');
+            field.val(value);
+            // submit the form
+            $.ajax({
+                data: form.serialize(),
+                cache: false,
+                success:function (data, textStatus) {
+                    if (reflect) {
+                        reflect_change(false, itemType, item.id);
+                    }
+                    form.remove()
+                },
+                error:function() {
+                    console.log('fail', 'Request failed for an unknown reason.');
+                },
+                complete: function () {
+                    $(".loadingTimeline").hide();
+                    if (callback !== undefined) {
+                        callback();
+                    }
+                },
+                type:"post",
+                url: form.attr('action')
+            });
+        },
+        error: function() {
+            console.log('Feature not supported.');
+        },
+        url: url,
+    });
+}
+
+function timestampToMoment(timestamp) {
+    var factor = 1000;
+    var d = moment(timestamp*factor);
+    return d;
+}
+
+function set_spanned_time(item) {
+    var timestamp = item.timestamp;
+    var fs = item.first_seen == null ? null :  moment(item.first_seen);
+    var ls = item.last_seen == null ? null : moment(item.last_seen);
+    item.first_seen = fs;
+    item.last_seen = ls;
+
+    item.seen_enabled = false;
+    item.overwrite_enabled = false;
+    if (fs===null && ls===null) {
+        item.start = timestampToMoment(timestamp);
+        item.type = 'box';
+
+    } else if (fs===null && ls!==null) {
+        item.start = timestampToMoment(timestamp);
+        item.type = 'box';
+
+    } else if (ls===null && fs!==null) {
+        item.start = fs;
+        item.seen_enabled = true;
+        delete item.end;
+        item.type = 'box';
+
+    } else { // fs and ls are defined
+        item.start = fs;
+        item.end = ls;
+        item.seen_enabled = true;
+        if (fs == ls) {
+            item.type = 'box';
+        } else {
+            item.type = 'range';
+        }
+    }
+
+    if (item.first_seen_overwrite === true || item.last_seen_overwrite === true) {
+        var e = $.extend({}, default_editable);
+        e.remove = false;
+        item.editable = e;
+        item.overwrite_enabled = true;
+    }
+}
+
+function map_scope(val) {
+    switch(val) {
+        case 'First seen/Last seen':
+            return 'seen';
+        case 'Object relationship':
+            return 'relationship';
+        default:
+            return 'seen';
+    }
+}
+
+function timelinePopupCallback(state) {
+    if (eventTimeline === undefined) {
+        return;
+    }
+    reload_timeline();
+}
+
+function adjust_text_length(elem) {
+    var maxChar = $('#slider_timeline_display_max_char_num').val();
+    elem.content = elem.content.substring(0, maxChar) + (elem.content.length < maxChar ? "" : "[...]");
+}
+
+function update_badge() {
+    if (use_local_timezone) {
+        $("#timeline-display-badge").text("Timezone: " + ": " + moment().format('Z'));
+    } else {
+        $("#timeline-display-badge").text("Timezone: " + ": " + moment().utc().format('Z (z)'));
+    }
+}
+
+function reload_timeline() {
+    update_badge();
+    var payload = {scope: map_scope($('#select_timeline_scope').val())};
+    $.ajax({
+        url: "/events/"+"getEventTimeline"+"/"+scope_id+"/"+extended_text+"event.json",
+        dataType: 'json',
+        type: 'post',
+        contentType: 'application/json',
+        data: JSON.stringify( payload ),
+        processData: false,
+        beforeSend: function (XMLHttpRequest) {
+            $(".loadingTimeline").show();
+        },
+        success: function( data, textStatus, jQxhr ){
+            items_timeline.clear();
+            for (var item of data.items) {
+                item.className = item.group;
+                set_spanned_time(item);
+                if (item.group == 'object') {
+                    for (var attr of item.Attribute) {
+                        mapping_text_to_id.set(attr.contentType+': '+attr.content+' ('+item.id+')', item.id);
+                        adjust_text_length(attr);
+                    }
+                } else {
+                    mapping_text_to_id.set(item.content+' ('+item.id+')', item.id);
+                    adjust_text_length(item);
+                }
+            }
+            items_timeline.add(data.items);
+            handle_not_seen_enabled($('#checkbox_timeline_display_hide_not_seen_enabled').val())
+        },
+        error: function( jqXhr, textStatus, errorThrown ){
+            console.log( errorThrown );
+        },
+        complete: function() {
+            $(".loadingTimeline").hide();
+        }
+    });
+}
+
+function enable_timeline() {
+    if (eventTimeline !== undefined) {
+        return;
+    }
+
+    init_popover();
+
+    $('#timeline-typeahead').typeahead(timeline_typeaheadOption);
+
+    var payload = {scope: map_scope($('#select_timeline_scope').val())};
+    $.ajax({
+        url: "/events/"+"getEventTimeline"+"/"+scope_id+"/"+extended_text+"event.json",
+        dataType: 'json',
+        type: 'post',
+        contentType: 'application/json',
+        data: JSON.stringify( payload ),
+        processData: false,
+        beforeSend: function (XMLHttpRequest) {
+            $(".loadingTimeline").show();
+        },
+        success: function( data, textStatus, jQxhr ){
+            if (data.items.length > hardThreshold) {
+                $('#eventtimeline_div').html('<div class="alert alert-danger" style="margin: 10px;">Timeline: To much data to show</div>');
+                timeline_disabled = true;
+                return;
+            } else if (data.items.length > softThreshold) {
+                var res = confirm('You are about to draw a lot ('+data.items.length+') of items in the timeline. Do you wish to continue?');
+                if (!res) {
+                    $('#eventtimeline_div').html('<div class="alert alert-danger" style="margin: 10px;">Timeline: To much data to show</div>');
+                    timeline_disabled = true;
+                    return;
+                }
+            }
+
+            for (var item of data.items) {
+                item.className = item.group;
+                set_spanned_time(item);
+                if (item.group == 'object') {
+                    for (var attr of item.Attribute) {
+                        mapping_text_to_id.set(attr.contentType+': '+attr.content+' ('+item.id+')', item.id);
+                        adjust_text_length(attr);
+                    }
+                } else {
+                    mapping_text_to_id.set(item.content+' ('+item.id+')', item.id);
+                    adjust_text_length(item);
+                }
+            }
+            items_timeline = new vis.DataSet(data.items);
+            eventTimeline = new vis.Timeline(container_timeline, items_timeline, options);
+            update_badge();
+
+            eventTimeline.on('select', handle_selection);
+
+            eventTimeline.on('doubleClick', handle_doubleClick);
+
+            items_timeline.on('update', function(eventname, data) {
+                handle_selection({
+                    event: { target: $('span[data-itemID="'+data.items[0]+'"]')},
+                    items: data.items
+                });
+            });
+        },
+        error: function( jqXhr, textStatus, errorThrown ){
+            console.log( errorThrown );
+        },
+        complete: function() {
+            $(".loadingTimeline").hide();
+        }
+    });
+}
+
+function handle_selection(data) {
+    var event = data.event;
+    var target = event.target;
+    var items = data.items;
+
+    if (items.length == 0) {
+            $('.timelineSelectionTooltip').remove()
+    } else {
+        for (var itemID of items) {
+            generate_timeline_tooltip(itemID, target);
+        }
+    }
+}
+
+function edit_item(id, callback) {
+    var group = items_timeline.get(id).group;
+    if (group == 'attribute') {
+        simplePopup('/attributes/edit/'+id);
+    } else if (group == 'object') {
+        window.location = '/objects/edit/'+id;
+    }
+}
+
+function handle_doubleClick(data) {
+    // should be replaced by keyboard shortcut: SHIFT+E ?
+    //edit_item(data.item);
+}
+
+function handle_not_seen_enabled(hide) {
+    if (hide) {
+        var hidden = items_timeline.get({
+            filter: function(item) {
+                return !item.seen_enabled;
+            }
+        });
+        var hidden_ids = [];
+        items_timeline.forEach(function(item) {
+            hidden_ids.push(item.id);
+        });
+        items_timeline.remove(hidden)
+        items_backup = hidden;
+    } else {
+        items_timeline.add(items_backup);
+    }
+}
+
+$('#fullscreen-btn-timeline').click(function() {
+    var timeline_div = $('#eventtimeline_div');
+    var fullscreen_enabled = !timeline_div.data('fullscreen');
+    timeline_div.data('fullscreen', fullscreen_enabled);
+    var height_val = fullscreen_enabled == true ? "calc(100vh - 42px - 42px - 10px)" : "400px";
+
+    timeline_div.css("max-height", height_val);
+    setTimeout(function() { // timeline takes time to be drawn
+        timeline_div[0].scrollIntoView({
+            behavior: "smooth",
+        });
+    }, 1);
+    eventTimeline.setOptions({maxHeight: height_val});
+});
+
+// init_scope_menu
+var menu_scope_timeline, menu_display_timeline;
+function init_popover() {
+    if (timeline_disabled) return;
+    menu_scope_timeline = new ContextualMenu({
+        trigger_container: document.getElementById("timeline-scope"),
+        bootstrap_popover: true,
+        style: "z-index: 1",
+        container: document.getElementById("eventtimeline_div")
+    });
+    menu_scope_timeline.add_select({
+        id: "select_timeline_scope",
+        label: "Scope",
+        tooltip: "The time scope represented by the timeline",
+        event: function(value) {
+            if (value == "First seen/Last seen") {
+                reload_timeline();
+            }
+        },
+        options: ["First seen/Last seen"],
+        default: "First seen/Last seen"
+    });
+
+    menu_display_timeline = new ContextualMenu({
+        trigger_container: document.getElementById("timeline-display"),
+        bootstrap_popover: true,
+        style: "z-index: 1",
+        container: document.getElementById("eventtimeline_div")
+    });
+    menu_display_timeline.add_slider({
+        id: 'slider_timeline_display_max_char_num',
+        label: "Charater to show",
+        title: "Maximum number of charater to display in the label",
+        min: 8,
+        max: 2048,
+        value: max_displayed_char_timeline,
+        step: 8,
+        applyButton: true,
+        event: function(value) {
+            $("#slider_timeline__display_max_char_num").parent().find("span").text(value);
+        },
+        eventApply: function(value) {
+            reload_timeline();
+        }
+    });
+    menu_display_timeline.add_checkbox({
+        id: 'checkbox_timeline_display_hide_not_seen_enabled',
+        label: "Hide first seen not set",
+        title: "Hide items that does not have first seen sets",
+        event: function(value) {
+            handle_not_seen_enabled(value)
+        }
+    });
+    menu_display_timeline.add_checkbox({
+        id: 'checkbox_timeline_display_gmt',
+        label: "Display with current timezone",
+        title: "Set the dates relative to the browser timezone. Otherwise, keep dates in GMT",
+        event: function(value) {
+            use_local_timezone = value;
+            reload_timeline()
+        },
+        checked: true
+    });
+}
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index c3264b84a..88dcb7cec 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -409,6 +409,11 @@ function updateIndex(id, context, newPage) {
             } else {
                 console.log("genericPopupCallback function not defined");
             }
+            if (typeof timelinePopupCallback !== "undefined") {
+                timelinePopupCallback("success");
+            } else {
+                console.log("timelinepopupcallback function not defined");
+            }
         },
         url: url,
     });
@@ -437,15 +442,42 @@ function updateAttributeFieldOnSuccess(name, type, id, field, event) {
     });
 }
 
+function updateObjectFieldOnSuccess(name, type, id, field, event) {
+    $.ajax({
+        beforeSend: function (XMLHttpRequest) {
+            if (field != 'timestamp') {
+                $(".loading").show();
+            }
+        },
+        dataType:"html",
+        cache: false,
+        success:function (data, textStatus) {
+            if (field != 'timestamp') {
+                $(".loading").hide();
+                $(name + '_solid').html(data);
+                $(name + '_placeholder').empty();
+                $(name + '_solid').show();
+            } else {
+                $('#' + type + '_' + id + '_' + 'timestamp_solid').html(data);
+            }
+        },
+        url:"/objects/fetchViewValue/" + id + "/" + field,
+    });
+}
+
 function activateField(type, id, field, event) {
     resetForms();
     if (type == 'denyForm') return;
     var objectType = 'attributes';
+    var containerName = 'Attribute';
     if (type == 'ShadowAttribute') {
         objectType = 'shadow_attributes';
+    } else if (type == 'Object') {
+        objectType = 'objects';
+        containerName = 'Object';
     }
     var name = '#' + type + '_' + id + '_' + field;
-    var container_name = '#Attribute_' + id + '_' + field;
+    var container_name = '#' + containerName + id + '_' + field;
     $.ajax({
         beforeSend: function (XMLHttpRequest) {
             $(".loading").show();
@@ -583,6 +615,8 @@ function submitForm(type, id, field, context) {
     var name = '#' + type + '_' + id + '_' + field;
     if (type == 'ShadowAttribute') {
         object_type = 'shadow_attributes';
+    } else if (type == 'Object') {
+        object_type = 'objects';
     }
     $.ajax({
         data: $(name + '_field').closest("form").serialize(),
@@ -723,7 +757,8 @@ function handleAjaxEditResponse(data, name, type, id, field, event) {
     responseArray = data;
     if (type == 'Attribute') {
         if (responseArray.saved) {
-            showMessage('success', responseArray.success);
+            var msg = responseArray.success !== undefined ? responseArray.success : responseArray.message;
+            showMessage('success', msg);
             updateAttributeFieldOnSuccess(name, type, id, field, event);
             updateAttributeFieldOnSuccess(name, type, id, 'timestamp', event);
             eventUnpublish();
@@ -734,12 +769,75 @@ function handleAjaxEditResponse(data, name, type, id, field, event) {
     }
     if (type == 'ShadowAttribute') {
         updateIndex(event, 'event');
+    } else if (type == 'Object') {
+        if (responseArray.saved) {
+            var msg = responseArray.success !== undefined ? responseArray.success : responseArray.message;
+            showMessage('success', msg);
+            updateObjectFieldOnSuccess(name, type, id, field, event);
+            updateObjectFieldOnSuccess(name, type, id, 'timestamp', event);
+            eventUnpublish();
+        } else {
+            showMessage('fail', 'Validation failed: ' + responseArray.errors.value);
+            updateObjectFieldOnSuccess(name, type, id, field, event);
+        }
     }
     if (responseArray.hasOwnProperty('check_publish')) {
         checkAndSetPublishedInfo();
     }
 }
 
+function quickFetchValidObjectAttribute(objectId) {
+    var itemType = "objects";
+    var formUrl= "quickFetchTemplateWithValidObjectAttributes";
+    var compiledUrlForm = "/" + itemType + "/" + formUrl + "/" + objectId;
+    $.ajax({
+        beforeSend: function (XMLHttpRequest) {
+            $(".loading").show();
+        },
+        success:function (data, textStatus) {
+            if (data.fail !== undefined && data.fail) {
+                showMessage('fail', data.errors);
+            } else {
+                $('#popover_form').html(data);
+                openPopup('#popover_form');
+            }
+        },
+        error:function() {
+            showMessage('fail', 'Could not fetch allowed attribute type.');
+        },
+        complete:function() {
+            $(".loading").hide();
+        },
+        type: "get",
+        url: compiledUrlForm
+    });
+    return false;
+}
+
+function fetchAddObjectAttributeForm(objectId, fieldName) {
+    var itemType = "objects";
+    var formUrl= "quickAddAttributeForm";
+    var compiledUrlForm = "/" + itemType + "/" + formUrl + "/" + objectId + "/" + fieldName;
+    $.ajax({
+        beforeSend: function (XMLHttpRequest) {
+            $(".loading").show();
+        },
+        success:function (data, textStatus) {
+            $('#popover_form').html(data);
+            openPopup('#popover_form');
+        },
+        error:function() {
+            showMessage('fail', 'Could not fetch allowed attribute type.');
+        },
+        complete:function() {
+            $(".loading").hide();
+        },
+        type: "get",
+        url: compiledUrlForm
+    });
+    return false;
+}
+
 function handleGenericAjaxResponse(data, skip_reload) {
     if (typeof skip_reload === "undefined") {
         skip_reload = false;
@@ -1144,6 +1242,9 @@ function submitPopoverForm(context_id, referer, update_context_id) {
         case 'addObjectReference':
             url = "/objectReferences/add/" + context_id;
             break;
+        case 'quickAddAttributeForm':
+           url = "/objects/quickAddAttributeForm/" + context_id;
+           break;
     }
     if (url !== null) {
         $.ajax({

From 8e4011499751c89732d1e1f20e62ae9979a6dad7 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 09:38:39 +0200
Subject: [PATCH 02/73] chg: [app] Improved and integrated *-seen database
 update

---
 app/Model/AppModel.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index aa794994f..760044fdf 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -75,7 +75,7 @@ class AppModel extends Model
         13 => false, 14 => false, 15 => false, 18 => false, 19 => false, 20 => false,
         21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
         27 => false, 28 => false, 29 => false, 30 => false, 31 => false, 32 => false,
-        33 => false, 34 => false, 35 => false
+        33 => false, 34 => false, 35 => false, 36 => false
     );
 
     public $advanced_updates_description = array(
@@ -209,6 +209,9 @@ class AppModel extends Model
             case 34:
                 $this->__fixServerPullPushRules();
                 break;
+            case 36:
+                $this->updateDatabase('seenOnAttributeAndObject', true);
+                break;
             default:
                 $this->updateDatabase($command);
                 break;
@@ -1241,9 +1244,11 @@ class AppModel extends Model
                         DROP INDEX value1,
                         DROP INDEX value2,
                         DROP INDEX object_id,
-                        DROP INDEX object_relation,
-                        DROP INDEX deleted,
-                    ;";
+                        DROP INDEX object_relation;
+                    ";
+                $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX deleted"; // deleted index may not be present
+                $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX first_seen"; // for replayability
+                $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX last_seen"; // for replayability
                 $sqlArray[] =
                     "ALTER TABLE `attributes`
                         ADD COLUMN `first_seen` BIGINT(20) NULL DEFAULT NULL,
@@ -1263,9 +1268,8 @@ class AppModel extends Model
                         ADD INDEX `object_relation` (`object_relation`),
                         ADD INDEX `deleted` (`deleted`),
                         ADD INDEX `first_seen` (`first_seen`),
-                        ADD INDEX `last_seen` (`last_seen`),
-                        ADD INDEX `comment` (`comment`(767))
-                    ;";
+                        ADD INDEX `last_seen` (`last_seen`);
+                    ";
                 $sqlArray[] = "
                     ALTER TABLE `objects`
                         ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,

From 88eb7ee43349766984e1684b06ec4c762e82192a Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 10:34:22 +0200
Subject: [PATCH 03/73] fix: [object:quickAttributeAdd] Fixed response to be of
 JSON type and improved layout

---
 .../Component/RestResponseComponent.php       |  1 +
 app/Controller/ObjectsController.php          | 25 +++++++++++++++----
 app/webroot/css/main.css                      | 14 ++++++++---
 app/webroot/js/misp.js                        |  1 +
 4 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/app/Controller/Component/RestResponseComponent.php b/app/Controller/Component/RestResponseComponent.php
index 397981ec4..e7526b6da 100644
--- a/app/Controller/Component/RestResponseComponent.php
+++ b/app/Controller/Component/RestResponseComponent.php
@@ -397,6 +397,7 @@ class RestResponseComponent extends Component
             $message = Inflector::singularize($controller) . ' ' . $action['action'] . ((substr($action['action'], -1) == 'e') ? 'd' : 'ed');
         }
         $response['saved'] = true;
+        $response['success'] = true;
         $response['name'] = $message;
         $response['message'] = $response['name'];
         $response['url'] = $this->__generateURL($action, $controller, $id);
diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index 1e1f78d8e..1674346b6 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -551,12 +551,27 @@ class ObjectsController extends AppController
                         $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
                         return $this->RestResponse->viewData($objectToSave, $this->response->type());
                     } else {
-                        return $this->RestResponse->saveFailResponse('Objects', 'add', false, $id, $this->response->type());
+                        return $this->RestResponse->saveFailResponse('Objects', 'add', false, $id, false);
                     }
                 } else {
-                    $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
-                    $this->Flash->success('Object saved.');
-                    $this->redirect(array('controller' => 'events', 'action' => 'view', $object['Object']['event_id']));
+                    $message = __('Object attributes saved.');
+                    $error_message = __('Object attributes could not be saved.');
+                    if ($this->request->is('ajax')) {
+                         $this->autoRender = false;
+                         if (is_numeric($objectToSave)) {
+                            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type('application/json'), $message);
+                        } else {
+                            return $this->RestResponse->saveFailResponse('Objects', 'edit', $id, $error_message, $this->response->type('application/json'));
+                        }
+                    }  else {
+                        if (is_numeric($objectToSave)) {
+                            $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
+                            $this->Flash->success($message);
+                        } else {
+                            $this->Flash->error($error_message);
+                        }
+                        $this->redirect(array('controller' => 'events', 'action' => 'view', $object['Object']['event_id']));
+                    }
                 }
             }
         } else {
@@ -888,7 +903,7 @@ class ObjectsController extends AppController
             $this->set('info', $info);
             $this->render('ajax/quickAddAttributeForm');
         } else if ($this->request->is('post') || $this->request->is('put')) {
-            return $this->edit($this->request->data['Object']['id'], true);
+            return $this->edit($this->request->data['Object']['id'], false, true);
         }
     }
 
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 6553ba4b4..2aaf728cf 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -293,8 +293,8 @@ td.highlight3 {
 
 }
 
-table-striped tbody > tr > td.objectAddField {
-    padding: 2px 3px;
+table.table-striped > tbody > tr > td.objectAddField {
+    padding: 0px;
     line-height: normal;
     display: inline-block;
     position: relative;
@@ -304,8 +304,16 @@ table-striped tbody > tr > td.objectAddField {
     background-color: #1369a0;
     border: 0px;
     border-radius: 15px;
+    height: 16px;
+    width: 16px;
+    text-align: center;
+}
+
+table.table-striped > tbody > tr > td.objectAddField:before {
+    left: 2px;
     height: 12px;
-    width: 10px;
+    width: 12px;
+    line-height: 16px;
 }
 
 .table-striped tbody > tr > td.objectAddField:hover {
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index 88dcb7cec..d5193d700 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -1286,6 +1286,7 @@ function handleAjaxPopoverResponse(response, context_id, url, referer, context,
     responseArray = response;
     var message = null;
     var result = "fail";
+    console.log(responseArray);
     if (responseArray.saved) {
         updateIndex(context_id, context);
         if (responseArray.success) {

From 553ea16783b294540aaa4c8a370fdaae3036ec87 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 10:51:59 +0200
Subject: [PATCH 04/73] fix: [object:quickEdit] Fixed response to be of JSON
 type and improved layout

---
 app/Controller/ObjectsController.php         | 12 ++++++------
 app/View/Elements/Events/View/row_object.ctp |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index 1674346b6..eb2c04c7e 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -628,7 +628,7 @@ class ObjectsController extends AppController
         }
         $this->MispObject->id = $id;
         if (!$this->MispObject->exists()) {
-            return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid object', $this->response->type());
+            return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid object');
         }
         $this->MispObject->recursive = -1;
         $this->MispObject->contain('Event');
@@ -639,7 +639,7 @@ class ObjectsController extends AppController
             || $this->userRole['perm_modify_org'])) {
                 // Allow the edit
             } else {
-                return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid attribute', $this->response->type());
+                return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid attribute');
             }
         }
         $validFields = array('comment', 'distribution', 'first_seen', 'last_seen');
@@ -656,13 +656,13 @@ class ObjectsController extends AppController
             }
             if ($object['Object'][$changedKey] == $changedField) {
                 $this->autoRender = false;
-                return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type(), 'nochange');
+                return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'nochange');
             }
             $object['Object'][$changedKey] = $changedField;
             $changed = true;
         }
         if (!$changed) {
-            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type(), 'nochange');
+            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'nochange');
         }
         $date = new DateTime();
         $object['Object']['timestamp'] = $date->getTimestamp();
@@ -678,10 +678,10 @@ class ObjectsController extends AppController
             $event['Event']['published'] = 0;
             $this->MispObject->Event->save($event, array('fieldList' => array('published', 'timestamp', 'info')));
             $this->autoRender = false;
-            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type(), 'Field updated');
+            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'Field updated');
         } else {
             $this->autoRender = false;
-            return $this->RestResponse->saveFailResponse('Objects', 'edit', false, $this->MispObject->validationErrors, $this->response->type());
+            return $this->RestResponse->saveFailResponse('Objects', 'edit', false, $this->MispObject->validationErrors);
         }
     }
 
diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index bf0537654..653b5ce25 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -93,13 +93,13 @@
   </td>
   <td colspan="4">&nbsp;
   </td>
-  <td class="shortish">
+  <td class="shortish" onmouseenter="quickEditHover(this, 'Object', '<?php echo $object['id']; ?>', 'distribution', <?php echo $event['Event']['id'];?>);">
     <?php
       $turnRed = '';
       if ($object['objectType'] == 0 && $object['distribution'] == 0) $turnRed = 'style="color:red"';
     ?>
     <div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_placeholder'; ?>" class = "inline-field-placeholder"></div>
-    <div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_solid'; ?>" <?php echo $turnRed; ?> class="inline-field-solid" ondblclick="activateField('<?php echo $currentType; ?>', '<?php echo $object['id']; ?>', 'distribution', <?php echo $event['Event']['id'];?>);">
+    <div id = "<?php echo $currentType . '_' . $object['id'] . '_distribution_solid'; ?>" <?php echo $turnRed; ?> class="inline-field-solid">
       <?php
         if ($object['objectType'] == 0) {
           if ($object['distribution'] == 4):

From 80fd4465d3a625b81173b6a6903714ab108af46d Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 10:53:34 +0200
Subject: [PATCH 05/73] fix: [object:quickEdit] fix input selector

---
 app/webroot/js/misp.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index d5193d700..45c0f30ad 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -477,7 +477,7 @@ function activateField(type, id, field, event) {
         containerName = 'Object';
     }
     var name = '#' + type + '_' + id + '_' + field;
-    var container_name = '#' + containerName + id + '_' + field;
+    var container_name = '#' + containerName + '_' + id + '_' + field;
     $.ajax({
         beforeSend: function (XMLHttpRequest) {
             $(".loading").show();
@@ -1286,7 +1286,6 @@ function handleAjaxPopoverResponse(response, context_id, url, referer, context,
     responseArray = response;
     var message = null;
     var result = "fail";
-    console.log(responseArray);
     if (responseArray.saved) {
         updateIndex(context_id, context);
         if (responseArray.success) {

From 7d74408bdf5e87d4a43cd4c4ac405bc05ebbe0dd Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 14:14:02 +0200
Subject: [PATCH 06/73] chg: [object:quickAttributeAdd] Replace popover
 selection by the generic picker

---
 app/Controller/ObjectsController.php          |  23 +-
 app/View/Elements/Events/View/row_object.ctp  |   2 +-
 .../Objects/ajax/quickAddAttributeForm.ctp    | 244 +++++++++---------
 .../templateWithValidObjectAttributes.ctp     |  22 --
 app/webroot/css/main.css                      |  10 +
 app/webroot/js/misp.js                        |  57 +---
 6 files changed, 156 insertions(+), 202 deletions(-)
 delete mode 100644 app/View/Objects/ajax/templateWithValidObjectAttributes.ctp

diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index eb2c04c7e..3d1dca04b 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -831,7 +831,24 @@ class ObjectsController extends AppController
         if ($this->request->is('get') || $this->request->is('post')) {
             $this->set('template', $template);
             $this->set('objectId', $object['Object']['id']);
-            $this->render('ajax/templateWithValidObjectAttributes');
+
+            $items = array();
+            foreach ($template['ObjectTemplateElement'] as $objectAttribute) {
+                $name = sprintf('%s :: %s', $objectAttribute['object_relation'], $objectAttribute['type']);
+                $items[] = array(
+                    'name' => $name,
+                    'value' => '/objects/quickAddAttributeForm/' . $object['Object']['id'] . '/' . $objectAttribute['object_relation'],
+                    'template' => array(
+                        'name' => $name,
+                        'infoExtra' => $objectAttribute['description'],
+                    )
+                );
+            }
+            $this->set('options', array(
+                'flag_redraw_chosen' => true
+            ));
+            $this->set('items', $items);
+            $this->render('/Elements/generic_picker');
         } else {
             return $template;
         }
@@ -893,7 +910,9 @@ class ObjectsController extends AppController
             $template = $this->MispObject->prepareTemplate($template, $object);
             $this->layout = 'ajax';
             $this->set('object', $object['Object']);
-            $this->set('template', $template);
+            $template_element = $template['ObjectTemplateElement'][0];
+            unset($template_element['value']); // avoid filling if multiple
+            $this->set('template_element', $template_element);
             $distributionData = $this->MispObject->Event->Attribute->fetchDistributionData($this->Auth->user());
             $this->set('distributionData', $distributionData);
             $info = array();
diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index 653b5ce25..0fde98b93 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -150,6 +150,6 @@
         'child' => $attrKey == $lastElement ? 'last' : true
       ));
     }
-    echo '<tr><td class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="quickFetchValidObjectAttribute(' . h($object['id']) . ')"></td></tr>';
+    echo '<tr><td class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="popoverPopup(this, ' . h($object['id']) . ', \'objects\', \'quickFetchTemplateWithValidObjectAttributes\')"></td></tr>';
   }
 ?>
diff --git a/app/View/Objects/ajax/quickAddAttributeForm.ctp b/app/View/Objects/ajax/quickAddAttributeForm.ctp
index b47804c7c..a94be2b03 100644
--- a/app/View/Objects/ajax/quickAddAttributeForm.ctp
+++ b/app/View/Objects/ajax/quickAddAttributeForm.ctp
@@ -1,132 +1,132 @@
-<?php
-    $url = '/objects/quickAddAttributeForm/' . $object['id'];
-    $element = $template['ObjectTemplateElement'][0];
-    $k = 0;
-    $action = 'add';
-    echo $this->Form->create('Object', array(
-        'id' => 'Object_' . $object['id'] . '_quick_add_attribute_form',
-        'url' => $url,
-        'class' => 'allDiv'
-    ));
-?>
-
-<fieldset>
-    <legend><?php echo __('Add Object attribute'); ?></legend>
-    <div class="add_attribute_fields">
+<div class="generic-picker-embeded-block">
     <?php
-        $formSettings = array(
-            'type' => 'hidden',
-            'value' => $element['object_relation'],
-            'label' => false,
-            'div' => false
-        );
-        echo $this->Form->input('Attribute.' . $k . '.object_relation', $formSettings);
-
-        $formSettings['value'] = $object['id'];
-        echo $this->Form->input('Object.id', $formSettings);
-
-        $formSettings['value'] = $object['event_id'];
-        echo $this->Form->input('Object.event_id', $formSettings);
-
-        $formSettings['value'] = $element['type'];
-        echo '<div style="margin-bottom: 5px; font-size: 14px;">';
-        echo $this->Form->input('Attribute.' . $k . '.type', $formSettings);
-        echo '<span class="bold">' . Inflector::humanize(h($element['object_relation'])) . '</span>';
-        echo ' :: ' . h($element['type']) . '';
-        echo '<br>';
-        echo '<span class="immutableAttributeDescription">' . h($element['description']) . '</span>';
-        echo '</div>';
-    ?>
-
-
-    <?php
-        $formSettings = array(
-          'options' => array_combine($element['categories'], $element['categories']),
-          'default' => $element['default_category'],
-          'div' => true
-        );
-        echo $this->Form->input('Attribute.' . $k . '.category', $formSettings);
-    ?>
-
-    <div class="clear">
-    <?php
-        echo '<label for="Attribute' . $k . '.value">' . __('Value') . '</label>';
-        echo $this->element(
-            'Objects/object_value_field',
-            array(
-                'element' => $element,
-                'k' => $k,
-                'action' => $action
-            )
-        );
-    ?>
-    </div>
-
-    <?php
-        echo $this->Form->input('Attribute.' . $k . '.to_ids', array(
-            'type' => 'checkbox',
-            'checked' => $element['to_ids'],
+        $url = '/objects/quickAddAttributeForm/' . $object['id'];
+        $element = $template_element;
+        $k = 0;
+        $action = 'add';
+        echo $this->Form->create('Object', array(
+            'id' => 'Object_' . $object['id'] . '_quick_add_attribute_form',
+            'url' => $url,
+            'class' => 'allDiv'
         ));
     ?>
 
-    <?php
-        echo $this->Form->input('Attribute.' . $k . '.disable_correlation', array(
-            'type' => 'checkbox',
-            'checked' => $element['disable_correlation'],
-        ));
-    ?>
+    <fieldset>
+        <legend><?php echo __('Add Object attribute'); ?></legend>
+        <div class="add_attribute_fields">
+        <?php
+            $formSettings = array(
+                'type' => 'hidden',
+                'value' => $element['object_relation'],
+                'label' => false,
+                'div' => false
+            );
+            echo $this->Form->input('Attribute.' . $k . '.object_relation', $formSettings);
 
-    <div class='input'>
-    <?php
-        echo $this->Form->input('Attribute.' . $k . '.distribution', array(
-            'class' => 'Attribute_distribution_select',
-            'options' => $distributionData['levels'],
-            'default' => !empty($element['distribution']) ? $element['distribution'] : $distributionData['initial'],
-            'div' => false,
-            'label' => __('Distribution ') . $this->element('formInfo', array('type' => 'distribution')),
-        ));
-    ?>
-    </div>
-    <div class='input'>
-        <div id="SGContainer" style="display:none;">
-            <?php
-                if (!empty($distributionData['sgs'])) {
-                    echo $this->Form->input('Attribute.' . $k . '.sharing_group_id', array(
-                            'options' => $distributionData['sgs'],
-                            'label' => __('Sharing Group')
-                    ));
-                }
-            ?>
+            $formSettings['value'] = $object['id'];
+            echo $this->Form->input('Object.id', $formSettings);
+
+            $formSettings['value'] = $object['event_id'];
+            echo $this->Form->input('Object.event_id', $formSettings);
+
+            $formSettings['value'] = $element['type'];
+            echo '<div style="margin-bottom: 5px; font-size: 14px;">';
+            echo $this->Form->input('Attribute.' . $k . '.type', $formSettings);
+            echo '<span class="bold">' . Inflector::humanize(h($element['object_relation'])) . '</span>';
+            echo ' :: ' . h($element['type']) . '';
+            echo '<br>';
+            echo '<span class="immutableAttributeDescription">' . h($element['description']) . '</span>';
+            echo '</div>';
+        ?>
+
+
+        <?php
+            $formSettings = array(
+              'options' => array_combine($element['categories'], $element['categories']),
+              'default' => $element['default_category'],
+              'div' => true
+            );
+            echo $this->Form->input('Attribute.' . $k . '.category', $formSettings);
+        ?>
+
+        <div class='input'>
+        <?php
+            echo $this->Form->input('Attribute.' . $k . '.distribution', array(
+                'class' => 'Attribute_distribution_select',
+                'options' => $distributionData['levels'],
+                'default' => !empty($element['distribution']) ? $element['distribution'] : $distributionData['initial'],
+                'div' => false,
+                'label' => __('Distribution ') . $this->element('formInfo', array('type' => 'distribution')),
+            ));
+        ?>
+        </div>
+        <div class='input'>
+            <div id="SGContainer" style="display:none;">
+                <?php
+                    if (!empty($distributionData['sgs'])) {
+                        echo $this->Form->input('Attribute.' . $k . '.sharing_group_id', array(
+                                'options' => $distributionData['sgs'],
+                                'label' => __('Sharing Group')
+                        ));
+                    }
+                ?>
+            </div>
+        </div>
+
+        <div class="clear">
+        <?php
+            echo '<label for="Attribute' . $k . '.value">' . __('Value') . '</label>';
+            echo $this->element(
+                'Objects/object_value_field',
+                array(
+                    'element' => $element,
+                    'k' => $k,
+                    'action' => $action
+                )
+            );
+        ?>
+        </div>
+
+        <?php
+            echo $this->Form->input('Attribute.' . $k . '.to_ids', array(
+                'type' => 'checkbox',
+                'checked' => $element['to_ids'],
+            ));
+        ?>
+
+        <?php
+            echo $this->Form->input('Attribute.' . $k . '.disable_correlation', array(
+                'type' => 'checkbox',
+                'checked' => $element['disable_correlation'],
+            ));
+        ?>
+
+        <?php
+            echo $this->Form->input('Attribute.' . $k . '.comment', array(
+                'type' => 'textarea',
+                'required' => false,
+                'allowEmpty' => true,
+                'div' => 'input clear',
+                'class' => 'input-xxlarge'
+            ));
+        ?>
+
+       </div>
+       </fieldset>
+
+        <div class="overlay_spacing">
+        <?php if ($ajax): ?>
+            <span id="submitButton" class="btn btn-primary" style="margin-bottom:5px;float:left;" title="<?php echo __('Submit'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Submit'); ?>" onClick="submitPopoverForm('<?php echo h($object['id']); ?>', 'quickAddAttributeForm', <?php echo h($object['event_id']); ?>, $(this).closest('div.popover').attr('data-dismissid'))"><?php echo __('Submit'); ?></span>
+        <?php else:
+                echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
+            endif;
+        ?>
         </div>
-    </div>
 
     <?php
-        echo $this->Form->input('Attribute.' . $k . '.comment', array(
-            'type' => 'textarea',
-            'required' => false,
-            'allowEmpty' => true,
-            'div' => 'input clear',
-            'class' => 'input-xxlarge'
-        ));
+        echo $this->Form->end();
     ?>
-
-   </div>
-   </fieldset>
-
-    <div class="overlay_spacing">
-    <?php if ($ajax): ?>
-        <span id="submitButton" class="btn btn-primary" style="margin-bottom:5px;float:left;" title="<?php echo __('Submit'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Submit'); ?>" onClick="submitPopoverForm('<?php echo h($object['id']); ?>', 'quickAddAttributeForm', <?php echo h($object['event_id']); ?>)"><?php echo __('Submit'); ?></span>
-    <?php else:
-            echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
-        endif;
-    ?>
-        <span class="btn btn-inverse" style="float:right;" title="<?php echo __('Cancel'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Cancel'); ?>" id="cancel_attribute_add"><?php echo __('Cancel'); ?></span>
-    </div>
-
-<?php
-    echo $this->Form->end();
-?>
-
+</div>
 
 <script>
 <?php
@@ -148,9 +148,5 @@ $(document).ready(function() {
         if ($('#Attribute0Distribution').val() == 4) $('#SGContainer').show();
         else $('#SGContainer').hide();
     });
-
-    $('#cancel_attribute_add').click(function() {
-        cancelPopoverForm();
-    });
 });
 </script>
diff --git a/app/View/Objects/ajax/templateWithValidObjectAttributes.ctp b/app/View/Objects/ajax/templateWithValidObjectAttributes.ctp
deleted file mode 100644
index aab0101e5..000000000
--- a/app/View/Objects/ajax/templateWithValidObjectAttributes.ctp
+++ /dev/null
@@ -1,22 +0,0 @@
-<div class="popover_choice">
-    <legend><?php echo __('Select Object Attribute To Add');?></legend>
-    <div class="popover_choice_main" id ="popover_choice_main">
-        <table style="width:100%;">
-        <?php foreach ($template['ObjectTemplateElement'] as $objectAttribute): ?>
-            <tr style="border-bottom:1px solid black;" class="templateChoiceButton">
-                <td role="button" tabindex="0" aria-label="<?php echo h($objectAttribute['object_relation']); ?>" title="<?php echo h($objectAttribute['object_relation']); ?>" style="padding-left:10px;padding-right:10px; text-align:center;width:100%;" onClick="fetchAddObjectAttributeForm(<?php echo h($objectId) . ', \'' . h($objectAttribute['object_relation']) . '\''; ?>)"><?php echo '<strong>' . h($objectAttribute['object_relation']) . '</strong>' . ' :: ' . h($objectAttribute['type']) . '<br>' . h($objectAttribute['description']); ?></td>
-            </tr>
-        <?php endforeach; ?>
-        </table>
-    </div>
-    <div role="button" tabindex="0" aria-label="<?php echo __('Cancel');?>" title="<?php echo __('Cancel');?>" class="templateChoiceButton templateChoiceButtonLast" onClick="cancelPopoverForm();"><?php echo __('Cancel');?></div>
-</div>
-<script type="text/javascript">
-    $(document).ready(function() {
-        resizePopoverBody();
-    });
-
-    $(window).resize(function() {
-        resizePopoverBody();
-    });
-</script>
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 2aaf728cf..a29e71952 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -1033,6 +1033,16 @@ a.pill-pre-picker {
     position: absolute;
 }
 
+div.generic-picker-wrapper > div.generic-picker-embeded-block {
+    margin-left: 15px;
+    margin-top: -12px;
+    display: inline-block;
+}
+
+div.generic-picker-embeded-block legend {
+    margin-bottom: 0px;
+}
+
 .generic-picker-item-element-check {
     float: right;
     border: 1px solid #999;
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index 45c0f30ad..92e8d3008 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -786,58 +786,6 @@ function handleAjaxEditResponse(data, name, type, id, field, event) {
     }
 }
 
-function quickFetchValidObjectAttribute(objectId) {
-    var itemType = "objects";
-    var formUrl= "quickFetchTemplateWithValidObjectAttributes";
-    var compiledUrlForm = "/" + itemType + "/" + formUrl + "/" + objectId;
-    $.ajax({
-        beforeSend: function (XMLHttpRequest) {
-            $(".loading").show();
-        },
-        success:function (data, textStatus) {
-            if (data.fail !== undefined && data.fail) {
-                showMessage('fail', data.errors);
-            } else {
-                $('#popover_form').html(data);
-                openPopup('#popover_form');
-            }
-        },
-        error:function() {
-            showMessage('fail', 'Could not fetch allowed attribute type.');
-        },
-        complete:function() {
-            $(".loading").hide();
-        },
-        type: "get",
-        url: compiledUrlForm
-    });
-    return false;
-}
-
-function fetchAddObjectAttributeForm(objectId, fieldName) {
-    var itemType = "objects";
-    var formUrl= "quickAddAttributeForm";
-    var compiledUrlForm = "/" + itemType + "/" + formUrl + "/" + objectId + "/" + fieldName;
-    $.ajax({
-        beforeSend: function (XMLHttpRequest) {
-            $(".loading").show();
-        },
-        success:function (data, textStatus) {
-            $('#popover_form').html(data);
-            openPopup('#popover_form');
-        },
-        error:function() {
-            showMessage('fail', 'Could not fetch allowed attribute type.');
-        },
-        complete:function() {
-            $(".loading").hide();
-        },
-        type: "get",
-        url: compiledUrlForm
-    });
-    return false;
-}
-
 function handleGenericAjaxResponse(data, skip_reload) {
     if (typeof skip_reload === "undefined") {
         skip_reload = false;
@@ -1181,7 +1129,7 @@ function clickCreateButton(event, type) {
     simplePopup("/" + destination + "/add/" + event);
 }
 
-function submitPopoverForm(context_id, referer, update_context_id) {
+function submitPopoverForm(context_id, referer, update_context_id, popover_dissmis_id_to_close) {
     var url = null;
     var context = 'event';
     var contextNamingConvention = 'Attribute';
@@ -1253,6 +1201,9 @@ function submitPopoverForm(context_id, referer, update_context_id) {
                 if (closePopover) {
                     $("#gray_out").fadeOut();
                     $("#popover_form").fadeOut();
+                    if (popover_dissmis_id_to_close !== undefined) {
+                        $('[data-dismissid="' + popover_dissmis_id_to_close + '"]').popover('destroy');
+                    }
                 }
             },
             data: $("#submitButton").closest("form").serialize(),

From 93cea354bae406454e660874cb4ea95230bdfd4b Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 14:36:38 +0200
Subject: [PATCH 07/73] fix: [event:timeline] Error when trying to restore
 non-existing backup entries

---
 app/webroot/css/contextual_menu.css |  1 +
 app/webroot/js/event-timeline.js    | 11 +++++++----
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/webroot/css/contextual_menu.css b/app/webroot/css/contextual_menu.css
index 2488079b9..8981b7acf 100644
--- a/app/webroot/css/contextual_menu.css
+++ b/app/webroot/css/contextual_menu.css
@@ -26,6 +26,7 @@
 .contextual-menu > label {
     font-weight: bold;
     margin-right: 3px;
+    user-select: none;
 }
 
 .contextual-menu > div > label {
diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index ac03965e0..ea8e01bf8 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -377,7 +377,7 @@ function reload_timeline() {
                 }
             }
             items_timeline.add(data.items);
-            handle_not_seen_enabled($('#checkbox_timeline_display_hide_not_seen_enabled').val())
+            handle_not_seen_enabled($('#checkbox_timeline_display_hide_not_seen_enabled').prop('checked'), false)
         },
         error: function( jqXhr, textStatus, errorThrown ){
             console.log( errorThrown );
@@ -487,7 +487,8 @@ function handle_doubleClick(data) {
     //edit_item(data.item);
 }
 
-function handle_not_seen_enabled(hide) {
+function handle_not_seen_enabled(hide, include_hidden) {
+    include_hidden = include_hidden !== undefined ? include_hidden : true;
     if (hide) {
         var hidden = items_timeline.get({
             filter: function(item) {
@@ -500,8 +501,10 @@ function handle_not_seen_enabled(hide) {
         });
         items_timeline.remove(hidden)
         items_backup = hidden;
-    } else {
-        items_timeline.add(items_backup);
+    } else if (include_hidden) {
+        if (items_backup !== undefined) {
+            items_timeline.add(items_backup);
+        }
     }
 }
 

From 21332e2d824d313e9c2792373746d38517fd3515 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 15:12:29 +0200
Subject: [PATCH 08/73] fix: [timeline] correctly adapt time scale when
 expanding items

---
 app/webroot/js/event-timeline.js | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index ea8e01bf8..02141763b 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -132,12 +132,34 @@ function expandItem() {
 }
 
 function get_next_step(mom) {
-    var scale = eventTimeline.timeAxis.step.scale;
+    var scale = adapt_scale(eventTimeline.timeAxis.step.scale);
     var momAhead = mom.clone();
     momAhead.add(1, scale);
     return momAhead;
 }
 
+function adapt_scale(scale) {
+    first_letter = scale.charAt(0);
+    if (first_letter !== 'm' && first_letter !== 'w') {
+        return first_letter;
+    } else {
+        switch (scale) {
+            case 'millisecond':
+                return 'ms';
+            case 'minute':
+                return 'm';
+            case 'month':
+                return 'M';
+            case 'week':
+                return 'w';
+            case 'weekday':
+                return 'd';
+            default:
+                return scale;
+        }
+    }
+}
+
 function build_attr_template(attr) {
     var span = $('<span data-itemID="'+attr.id+'">');
     if (!attr.seen_enabled) {

From 0e209b610d7feffa4f72d431c12cd02cc7d47123 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 15:12:59 +0200
Subject: [PATCH 09/73] fix: [attribute:*-seen] Force seconds to be integers
 and allows editForm for *-seen fields

---
 app/Controller/AttributesController.php | 2 +-
 app/Model/Attribute.php                 | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index 6bc0cd8e8..7b124e946 100644
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -2441,7 +2441,7 @@ class AttributesController extends AppController
 
     public function fetchEditForm($id, $field = null)
     {
-        $validFields = array('value', 'comment', 'type', 'category', 'to_ids', 'distribution');
+        $validFields = array('value', 'comment', 'type', 'category', 'to_ids', 'distribution', 'first_seen', 'last_seen');
         if (!isset($field) || !in_array($field, $validFields)) {
             throw new MethodNotAllowedException(__('Invalid field requested.'));
         }
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index d39dc42c8..3a4b0488a 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -600,7 +600,7 @@ class Attribute extends AppModel
             }
             if (!empty($v['Attribute']['first_seen'])) {
                 $fs = $results[$k]['Attribute']['first_seen'];
-                $fs_sec = $fs / 1000000; // $fs is in micro (10^6)
+                $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
                 $fs_micro = $fs % 1000000;
                 $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
                 $fs = $fs_sec . '.' . $fs_micro;
@@ -608,7 +608,7 @@ class Attribute extends AppModel
             }
             if (!empty($v['Attribute']['last_seen'])) {
                 $ls = $results[$k]['Attribute']['last_seen'];
-                $ls_sec = $ls / 1000000; // $ls is in micro (10^6)
+                $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
                 $ls_micro = $ls % 1000000;
                 $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
                 $ls = $ls_sec . '.' . $ls_micro;

From c24081563cdfa88861d08e6629387e3760bce4cf Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 15:14:11 +0200
Subject: [PATCH 10/73] fix: [attribute:view] Correctly pick the matching form

---
 app/View/Elements/form_seen_input.ctp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 281e58189..3ab0cbf6f 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -292,7 +292,7 @@ function reflect_change_on_form() {
 
 $(document).ready(function() {
 
-    var sliders_container = "<?php if ($this->params->controller === 'attributes') { echo 'fieldset'; } else { echo '#meta-div'; } ?>";
+    var sliders_container = "<?php if ($this->params->controller === 'attributes') { echo '#AttributeForm fieldset'; } else { echo '#meta-div'; } ?>";
     var inputs_container = $('<div class="input-group input-daterange"></div>');
     // create separate date and time input
     var date_div_fs = $('<div class="input clear larger-input-field" style="margin-left: 10px;"></div>').append(

From 4b9d69fe5811327edaaf3ff6953ad14835c8dd08 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 15:23:34 +0200
Subject: [PATCH 11/73] fix: [time_precision_tool] Support of IE. Usage of
 prototypes instead of a class

---
 app/View/Elements/form_seen_input.ctp | 100 +++++++++++++-------------
 1 file changed, 51 insertions(+), 49 deletions(-)

diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 3ab0cbf6f..06281293a 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -28,64 +28,66 @@ var time_vals = [
     ['us', 999, 1],
 ];
 
-class MicroDatetime {
-    constructor(value) {
-        this.isoDatetimeMicroRegex = /(\d{4})-(\d{2})-(\d{2})T(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
-        this.isotimeMicroRegex = /(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
-        this.numberRegex = /^(\-|\+)?([0-9]+|Infinity)$/g;
+var MicroDatetime = function(value) {
+    this.isoDatetimeMicroRegex = /(\d{4})-(\d{2})-(\d{2})T(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
+    this.isotimeMicroRegex = /(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
+    this.numberRegex = /^(\-|\+)?([0-9]+|Infinity)$/g;
 
-        if (value === undefined || value === "") {
-            this.moment = undefined;
-            this.micro = 0;
-        } else {
-            // check if timestamp UNIX timestamp (in sec)
-            if (this.numberRegex.test(value)) {
-                var timestamp = parseInt(value);
-                var timestamp_str = String(timestamp);
-                if (timestamp === '' || timestamp === undefined || timestamp === null || isNaN(timestamp)) {
-                    this.moment = moment(0);
-                    this.micro = 0;
+    if (value === undefined || value === "") {
+        this.moment = undefined;
+        this.micro = 0;
+    } else {
+        // check if timestamp UNIX timestamp (in sec)
+        if (this.numberRegex.test(value)) {
+            var timestamp = parseInt(value);
+            var timestamp_str = String(timestamp);
+            if (timestamp === '' || timestamp === undefined || timestamp === null || isNaN(timestamp)) {
+                this.moment = moment(0);
+                this.micro = 0;
+            } else {
+                var all_milli = parseInt(timestamp)*1000;
+                all_milli = isNaN(all_milli) || all_milli === undefined ? 0 : all_milli;
+                this.moment = moment(all_milli);
+                this.micro = 0;
+            }
+        // check if only a time
+        } else { // let moment parse the date
+            try {
+                value = String(value);
+                this.moment = new moment(value);
+                if (this.moment.isValid()) {
+                    var res = this.isoDatetimeMicroRegex.exec(value);
+                    var micro_str = res !== null ? res[8] : 0;
+                    this.micro = parseInt(micro_str);
+                    this.micro = isNaN(this.micro) ? 0 : this.micro;
                 } else {
-                    var all_milli = parseInt(timestamp)*1000;
-                    all_milli = isNaN(all_milli) || all_milli === undefined ? 0 : all_milli;
-                    this.moment = moment(all_milli);
+                    this.moment = undefined;
                     this.micro = 0;
+                    showMessage('fail', 'Failed to parse the date: <strong>' + value + '</strong>');
                 }
-            // check if only a time
-            } else { // let moment parse the date
-                try {
-                    value = String(value);
-                    this.moment = new moment(value);
+            } catch (err) {
+                if (this.isotimeMicroRegex.test(value)) {
+                    this.moment = moment(value, "HH:mm:ss.SSSSSSZ");
                     if (this.moment.isValid()) {
-                        var res = this.isoDatetimeMicroRegex.exec(value);
+                        var res = this.isotimeMicroRegex.exec(value);
                         var micro_str = res !== null ? res[8] : 0;
                         this.micro = parseInt(micro_str);
                         this.micro = isNaN(this.micro) ? 0 : this.micro;
                     } else {
                         this.moment = undefined;
                         this.micro = 0;
-                        showMessage('fail', 'Failed to parse the date: <strong>' + value + '</strong>');
-                    }
-                } catch (err) {
-                    if (this.isotimeMicroRegex.test(value)) {
-                        this.moment = moment(value, "HH:mm:ss.SSSSSSZ");
-                        if (this.moment.isValid()) {
-                            var res = this.isotimeMicroRegex.exec(value);
-                            var micro_str = res !== null ? res[8] : 0;
-                            this.micro = parseInt(micro_str);
-                            this.micro = isNaN(this.micro) ? 0 : this.micro;
-                        } else {
-                            this.moment = undefined;
-                            this.micro = 0;
-                            showMessage('fail', 'Failed to parse the date: ' + value);
-                        }
+                        showMessage('fail', 'Failed to parse the date: ' + value);
                     }
                 }
             }
         }
     }
+}
 
-    get_microISO() {
+MicroDatetime.prototype = {
+    constructor: MicroDatetime,
+
+    get_microISO: function() {
         if (this.moment === undefined || this.moment === null) {
             return "";
         }
@@ -93,29 +95,29 @@ class MicroDatetime {
         var str = this.moment.toISOString(true);
         str = str.replace(tz, pad_zero(this.micro, 3)+tz);
         return str;
-    }
+    },
 
-    get_date() {
+    get_date: function() {
         if (this.moment === undefined || this.moment === null) {
             return "";
         }
         return this.moment.format('YYYY/MM/DD');
-    }
+    },
 
-    get_time() {
+    get_time: function() {
         if (this.moment === undefined || this.moment === null) {
             return "";
         }
         return this.moment.format('HH:mm:ss.SSS')
             + String(pad_zero(this.micro, 3))
             + this.moment.format('Z');
-    }
+    },
 
-    has_date() {
+    has_date: function() {
         return this.moment !== undefined;
-    }
+    },
 
-    has_time() {
+    has_time: function() {
         if (this.moment === undefined) {
             return false;
         } else {

From ded0463498ff7c381153aed53a23559f71335c86 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 13 Jun 2019 16:11:00 +0200
Subject: [PATCH 12/73] fix: [restResponse] Added support of *-seen fields

---
 app/Controller/Component/RestResponseComponent.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/app/Controller/Component/RestResponseComponent.php b/app/Controller/Component/RestResponseComponent.php
index e7526b6da..9f011cafe 100644
--- a/app/Controller/Component/RestResponseComponent.php
+++ b/app/Controller/Component/RestResponseComponent.php
@@ -824,6 +824,12 @@ class RestResponseComponent extends Component
             'operators' => array('equal'),
             'help' => 'A valid external auth key',
         ),
+        'first_seen' => array(
+            'input' => 'text',
+            'type' => 'string',
+            'operators' => array('equal'),
+            'help' => 'A valid ISO 8601 datetime format, up to milli-seconds. i.e.: 2019-06-13T15:56:56.856074+02:00'
+        ),
         'fixed_event' => array(
             'input' => 'select',
             'type' => 'integer',
@@ -934,6 +940,12 @@ class RestResponseComponent extends Component
             'operators' => array('equal', 'not_equal'),
             'help' => 'Events published within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)'
         ),
+        'last_seen' => array(
+            'input' => 'text',
+            'type' => 'string',
+            'operators' => array('equal'),
+            'help' => 'A valid ISO 8601 datetime format, up to milli-seconds. i.e.: 2019-06-13T15:56:56.856074+02:00'
+        ),
         'limit' => array(
             'input' => 'number',
             'type' => 'integer',

From 6af9719a4768f551df0422bb585774bc22641df6 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 24 Jun 2019 10:28:55 +0200
Subject: [PATCH 13/73] new: [shadowAttribute] first_seen and last_seen on
 shadowAttributes

---
 app/Controller/ShadowAttributesController.php | 18 ++---
 app/Model/AppModel.php                        |  7 ++
 app/Model/Event.php                           |  2 +-
 app/Model/ShadowAttribute.php                 | 67 +++++++++++++++++++
 app/View/Elements/form_seen_input.ctp         | 18 ++++-
 app/View/ShadowAttributes/add.ctp             |  1 +
 app/View/ShadowAttributes/edit.ctp            |  1 +
 7 files changed, 103 insertions(+), 11 deletions(-)

diff --git a/app/Controller/ShadowAttributesController.php b/app/Controller/ShadowAttributesController.php
index 97f80cea9..305b6a0c4 100644
--- a/app/Controller/ShadowAttributesController.php
+++ b/app/Controller/ShadowAttributesController.php
@@ -433,7 +433,7 @@ class ShadowAttributesController extends AppController
                             array(
                                 'conditions' => array('ShadowAttribute.id' => $this->ShadowAttribute->id),
                                 'recursive' => -1,
-                                'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp')
+                                'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp', 'first_seen', 'last_seen')
                             )
                         );
                         $this->set('ShadowAttribute', $sa['ShadowAttribute']);
@@ -703,12 +703,12 @@ class ShadowAttributesController extends AppController
             if ($attachment) {
                 $fields = array(
                         'static' => array('old_id' => 'Attribute.id', 'uuid' => 'Attribute.uuid', 'event_id' => 'Attribute.event_id', 'event_uuid' => 'Event.uuid', 'event_org_id' => 'Event.orgc_id', 'category' => 'Attribute.category', 'type' => 'Attribute.type'),
-                        'optional' => array('value', 'to_ids', 'comment')
+                        'optional' => array('value', 'to_ids', 'comment', 'first_seen', 'last_seen')
                 );
             } else {
                 $fields = array(
                         'static' => array('old_id' => 'Attribute.id', 'uuid' => 'Attribute.uuid', 'event_id' => 'Attribute.event_id', 'event_uuid' => 'Event.uuid', 'event_org_id' => 'Event.orgc_id'),
-                        'optional' => array('category', 'type', 'value', 'to_ids', 'comment')
+                        'optional' => array('category', 'type', 'value', 'to_ids', 'comment', 'first_seen', 'last_seen')
                 );
                 if ($existingAttribute['Attribute']['object_id']) {
                     unset($fields['optional']['type']);
@@ -745,7 +745,7 @@ class ShadowAttributesController extends AppController
                             array(
                                     'conditions' => array('ShadowAttribute.id' => $this->ShadowAttribute->id),
                                     'recursive' => -1,
-                                    'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp')
+                                    'fields' => array('id', 'old_id', 'event_id', 'type', 'category', 'value', 'comment','to_ids', 'uuid', 'event_org_id', 'email', 'deleted', 'timestamp', 'first_seen', 'last_seen')
                             )
                     );
                     $this->set('ShadowAttribute', $sa['ShadowAttribute']);
@@ -847,6 +847,8 @@ class ShadowAttributesController extends AppController
                     'type' => $existingAttribute['Attribute']['type'],
                     'to_ids' => $existingAttribute['Attribute']['to_ids'],
                     'value' => $existingAttribute['Attribute']['value'],
+                    'first_seen' => $existingAttribute['Attribute']['first_seen'],
+                    'last_seen' => $existingAttribute['Attribute']['last_seen'],
                     'email' => $this->Auth->user('email'),
                     'org_id' => $this->Auth->user('org_id'),
                     'proposal_to_delete' => true,
@@ -887,7 +889,7 @@ class ShadowAttributesController extends AppController
                 'recursive' => -1,
                 'contain' => 'Event',
                 'fields' => array(
-                    'ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id',
+                    'ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.first_seen', 'ShadowAttribute.last_seen',
                     'Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.distribution', 'Event.uuid'
                 ),
                 'conditions' => array('AND' => array('ShadowAttribute.id' => $id, $distConditions, 'ShadowAttribute.deleted' => 0))
@@ -934,7 +936,7 @@ class ShadowAttributesController extends AppController
         if ($this->_isRest()) {
             $temp = $this->ShadowAttribute->find('all', array(
                     'conditions' => $conditions,
-                    'fields' => array('ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.timestamp', 'ShadowAttribute.proposal_to_delete'),
+                    'fields' => array('ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.timestamp', 'ShadowAttribute.proposal_to_delete', 'ShadowAttribute.first_seen', 'ShadowAttribute.last_seen'),
                     'contain' => array(
                             'Event' => array(
                                     'fields' => array('id', 'org_id', 'info', 'orgc_id'),
@@ -959,7 +961,7 @@ class ShadowAttributesController extends AppController
         } else {
             $this->paginate = array(
                     'conditions' => $conditions,
-                    'fields' => array('ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.timestamp'),
+                    'fields' => array('ShadowAttribute.id', 'ShadowAttribute.old_id', 'ShadowAttribute.event_id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.uuid', 'ShadowAttribute.to_ids', 'ShadowAttribute.value', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.timestamp', 'ShadowAttribute.first_seen', 'ShadowAttribute.last_seen'),
                     'contain' => array(
                             'Event' => array(
                                     'fields' => array('id', 'org_id', 'info', 'orgc_id'),
@@ -1137,7 +1139,7 @@ class ShadowAttributesController extends AppController
             }
         }
 
-        $keys = array_flip(array('uuid', 'event_id', 'value', 'type', 'category', 'to_ids'));
+        $keys = array_flip(array('uuid', 'event_id', 'value', 'type', 'category', 'to_ids', 'first_seen', 'last_seen'));
 
         $proposal = array_intersect_key($attribute['Attribute'], $keys);
         $proposal['email'] = $this->Auth->user('email');
diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 760044fdf..1e6a675cd 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1277,6 +1277,13 @@ class AppModel extends Model
                     ;";
                 $indexArray[] = array('objects', 'first_seen');
                 $indexArray[] = array('objects', 'last_seen');
+                $sqlArray[] = "
+                    ALTER TABLE `shadow_attributes`
+                        ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,
+                        ADD `last_seen` BIGINT(20) NULL DEFAULT NULL
+                    ;";
+                $indexArray[] = array('shadow_attributes', 'first_seen');
+                $indexArray[] = array('shadow_attributes', 'last_seen');
                 break;
             case 'testUpdate':
                 $sqlArray[] = "SELECT SLEEP(10);";
diff --git a/app/Model/Event.php b/app/Model/Event.php
index 7fc0cc4b2..02d0a5bfa 100755
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -1995,7 +1995,7 @@ class Event extends AppModel
         $fields = array('Event.id', 'Event.orgc_id', 'Event.org_id', 'Event.date', 'Event.threat_level_id', 'Event.info', 'Event.published', 'Event.uuid', 'Event.attribute_count', 'Event.analysis', 'Event.timestamp', 'Event.distribution', 'Event.proposal_email_lock', 'Event.user_id', 'Event.locked', 'Event.publish_timestamp', 'Event.sharing_group_id', 'Event.disable_correlation', 'Event.extends_uuid');
         $fieldsAtt = array('Attribute.id', 'Attribute.type', 'Attribute.category', 'Attribute.value', 'Attribute.to_ids', 'Attribute.uuid', 'Attribute.event_id', 'Attribute.distribution', 'Attribute.timestamp', 'Attribute.comment', 'Attribute.sharing_group_id', 'Attribute.deleted', 'Attribute.disable_correlation', 'Attribute.object_id', 'Attribute.object_relation', 'Attribute.first_seen', 'Attribute.last_seen');
         $fieldsObj = array('*');
-        $fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.proposal_to_delete', 'ShadowAttribute.timestamp');
+        $fieldsShadowAtt = array('ShadowAttribute.id', 'ShadowAttribute.type', 'ShadowAttribute.category', 'ShadowAttribute.value', 'ShadowAttribute.to_ids', 'ShadowAttribute.uuid', 'ShadowAttribute.event_uuid', 'ShadowAttribute.event_id', 'ShadowAttribute.old_id', 'ShadowAttribute.comment', 'ShadowAttribute.org_id', 'ShadowAttribute.proposal_to_delete', 'ShadowAttribute.timestamp', 'ShadowAttribute.first_seen', 'ShadowAttribute.last_seen');
         $fieldsOrg = array('id', 'name', 'uuid');
         $fieldsServer = array('id', 'url', 'name');
         if (!$options['includeAllTags']) {
diff --git a/app/Model/ShadowAttribute.php b/app/Model/ShadowAttribute.php
index c08b79d3d..0efe38178 100644
--- a/app/Model/ShadowAttribute.php
+++ b/app/Model/ShadowAttribute.php
@@ -127,6 +127,16 @@ class ShadowAttribute extends AppModel
                         'rule' => array('boolean'),
                 ),
         ),
+        'first_seen' => array(
+            'rule' => array('datetimeOrNull'),
+            'required' => false,
+            'message' => array('Invalid ISO 8601 format')
+        ),
+        'last_seen' => array(
+            'rule' => array('datetimeOrNull'),
+            'required' => false,
+            'message' => array('Invalid ISO 8601 format')
+        )
     );
 
     public function __construct($id = false, $table = null, $ds = null)
@@ -171,6 +181,26 @@ class ShadowAttribute extends AppModel
         if ($this->data['ShadowAttribute']['deleted']) {
             $this->__beforeDeleteCorrelation($this->data['ShadowAttribute']);
         }
+
+        // convert into utc and micro sec
+        if (!empty($this->data['ShadowAttribute']['first_seen'])) {
+            $d = new DateTime($this->data['ShadowAttribute']['first_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $fs_sec = $d->format('U');
+            $fs_micro = $d->format('u');
+            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+            $fs = $fs_sec . $fs_micro;
+            $this->data['ShadowAttribute']['first_seen'] = $fs;
+        }
+        if (!empty($this->data['ShadowAttribute']['last_seen'])) {
+            $d = new DateTime($this->data['ShadowAttribute']['last_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $ls_sec = $d->format('U');
+            $ls_micro = $d->format('u');
+            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+            $ls = $ls_sec . $ls_micro;
+            $this->data['ShadowAttribute']['last_seen'] = $ls;
+        }
         return true;
     }
 
@@ -348,6 +378,29 @@ class ShadowAttribute extends AppModel
         return true;
     }
 
+    public function afterFind($results, $primary = false)
+    {
+        foreach ($results as $k => $v) {
+            if (!empty($v['ShadowAttribute']['first_seen'])) {
+                $fs = $results[$k]['ShadowAttribute']['first_seen'];
+                $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
+                $fs_micro = $fs % 1000000;
+                $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+                $fs = $fs_sec . '.' . $fs_micro;
+                $results[$k]['ShadowAttribute']['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
+            }
+            if (!empty($v['ShadowAttribute']['last_seen'])) {
+                $ls = $results[$k]['ShadowAttribute']['last_seen'];
+                $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
+                $ls_micro = $ls % 1000000;
+                $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+                $ls = $ls_sec . '.' . $ls_micro;
+                $results[$k]['ShadowAttribute']['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
+            }
+        }
+        return $results;
+    }
+
     public function validateTypeValue($fields)
     {
         $category = $this->data['ShadowAttribute']['category'];
@@ -464,6 +517,20 @@ class ShadowAttribute extends AppModel
         return $fails;
     }
 
+    // check whether the variable is null or datetime
+    public function datetimeOrNull($fields)
+    {
+        $k = array_keys($fields)[0];
+        $seen = $fields[$k];
+        try {
+            new DateTime($seen);
+            $returnValue = true;
+        } catch (Exception $e) {
+            $returnValue = false;
+        }
+        return $returnValue || is_null($seen);
+    }
+
     public function setDeleted($id)
     {
         $this->Behaviors->detach('SysLogLogable.SysLogLogable');
diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 06281293a..16496ba21 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -19,7 +19,14 @@
 
 
 <script>
-var controller = "<?php echo(substr(ucfirst($this->params->controller), 0, -1)); ?>"; // get current controller name fo that we can access all form fields
+<?php
+    $temp = explode('_', $this->params->controller);
+    $temp = array_map(function($i, $str) {
+        return $i > 0 ? substr(ucfirst($str), 0, -1) : ucfirst($str);
+    }, array_keys($temp), $temp);
+    $temp = implode('', $temp);
+?>
+var controller = "<?php echo $temp; ?>"; // get current controller name so that we can access all form fields
 var time_vals = [
     ['Hour', 23, 1000*1000*60*60],
     ['Minute', 59, 1000*1000*60],
@@ -294,7 +301,14 @@ function reflect_change_on_form() {
 
 $(document).ready(function() {
 
-    var sliders_container = "<?php if ($this->params->controller === 'attributes') { echo '#AttributeForm fieldset'; } else { echo '#meta-div'; } ?>";
+<?php if ($this->params->controller === 'attributes'): ?>
+    var sliders_container = "<?php echo '#AttributeForm fieldset'; ?>"
+<?php elseif ($this->params->controller === 'shadow_attributes'): ?>
+    var sliders_container = "<?php echo '#ShadowAttributeAddForm fieldset'; ?>"
+<?php else: ?>
+    var sliders_container = "<?php echo '#meta-div'; ?>"
+<?php endif; ?>
+
     var inputs_container = $('<div class="input-group input-daterange"></div>');
     // create separate date and time input
     var date_div_fs = $('<div class="input clear larger-input-field" style="margin-left: 10px;"></div>').append(
diff --git a/app/View/ShadowAttributes/add.ctp b/app/View/ShadowAttributes/add.ctp
index 5fc948821..7f33e00d0 100644
--- a/app/View/ShadowAttributes/add.ctp
+++ b/app/View/ShadowAttributes/add.ctp
@@ -40,6 +40,7 @@
             echo $this->Form->input('batch_import', array(
                     'type' => 'checkbox',
             ));
+            echo $this->element('form_seen_input');
         ?>
     </div>
     </fieldset>
diff --git a/app/View/ShadowAttributes/edit.ctp b/app/View/ShadowAttributes/edit.ctp
index 18232e15c..4eacc1b27 100644
--- a/app/View/ShadowAttributes/edit.ctp
+++ b/app/View/ShadowAttributes/edit.ctp
@@ -40,6 +40,7 @@
         echo $this->Form->input('to_ids', array(
                 'label' => __('IDS Signature?'),
         ));
+        echo $this->element('form_seen_input');
     ?>
     </fieldset>
     <p style="color:red;font-weight:bold;display:none;<?php if (isset($ajax) && $ajax) echo "text-align:center;"?>" id="warning-message"><?php echo __('Warning: You are about to share data that is of a sensitive nature (Attribution / targeting data). Make sure that you are authorised to share this.');?></p>

From 0cc1b7b9dcf0f6ee084454b2a11632f45008dfd3 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 24 Jun 2019 11:19:03 +0200
Subject: [PATCH 14/73] fix: [timeline] Prevent `Column not found` error if
 user has the `user` role

---
 app/Model/MispObject.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 1bc53e555..c44ab6526 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -326,6 +326,7 @@ class MispObject extends AppModel
                 'conditions' => $params['conditions'],
                 'recursive' => -1,
                 'fields' => $params['fields'],
+                'contain' => array('Event' => array('distribution', 'id', 'user_id', 'orgc_id', 'org_id')),
                 'sort' => false
             ));
             return $results;

From ee35522a88ccb8ee59d88d0e3ec7bf5b4573b00f Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 24 Jun 2019 11:33:46 +0200
Subject: [PATCH 15/73] fix: [timeline] Removed illusion of editing timeline
 objects if you are not the owner

---
 app/webroot/js/event-timeline.js | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index 02141763b..b65951909 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -203,9 +203,11 @@ function reflect_change(onIndex, itemType, itemId) {
             updatedItem.last_seen = lastSeen;
             updatedItem.first_seen_overwrite = false;
             updatedItem.last_seen_overwrite = false;
-            var e = $.extend({}, default_editable);
-            e.remove = true;
-            updatedItem.editable = e;
+            if (user_manipulation) {
+                var e = $.extend({}, default_editable);
+                e.remove = true;
+                updatedItem.editable = e;
+            }
             set_spanned_time(updatedItem);
             items_timeline.remove(updatedItem.id);
             items_timeline.add(updatedItem);
@@ -332,9 +334,11 @@ function set_spanned_time(item) {
     }
 
     if (item.first_seen_overwrite === true || item.last_seen_overwrite === true) {
-        var e = $.extend({}, default_editable);
-        e.remove = false;
-        item.editable = e;
+        if (user_manipulation) {
+            var e = $.extend({}, default_editable);
+            e.remove = false;
+            item.editable = e;
+        }
         item.overwrite_enabled = true;
     }
 }

From 0a8c2ccab8b14a8f2065d3a8429273791b6719e7 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 24 Jun 2019 12:17:39 +0200
Subject: [PATCH 16/73] chg: [timeline] Improved controller name parsing (used
 in form) - WiP

---
 app/View/Elements/form_seen_input.ctp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 16496ba21..36db801cc 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -21,10 +21,14 @@
 <script>
 <?php
     $temp = explode('_', $this->params->controller);
-    $temp = array_map(function($i, $str) {
-        return $i > 0 ? substr(ucfirst($str), 0, -1) : ucfirst($str);
-    }, array_keys($temp), $temp);
-    $temp = implode('', $temp);
+    if (count($temp) > 1) {
+        $temp = array_map(function($i, $str) {
+            return $i > 0 ? substr(ucfirst($str), 0, -1) : ucfirst($str);
+        }, array_keys($temp), $temp);
+        $temp = implode('', $temp);
+    } else {
+        $temp = substr(ucfirst($this->params->controller), 0, -1);
+    }
 ?>
 var controller = "<?php echo $temp; ?>"; // get current controller name so that we can access all form fields
 var time_vals = [

From 3a7b398764ad9a9212aaa7f30ee6617598ce2cff Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 1 Jul 2019 10:35:38 +0200
Subject: [PATCH 17/73] fix: [object:setMetraFromAttribte] Pass Object
 reference instead of value

---
 app/Model/MispObject.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index c44ab6526..609888ee2 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -573,7 +573,7 @@ class MispObject extends AppModel
     // EUH????? No sure we should do that. Maybe the other way around??? #FIXME
     // delete first/last-seen object attribute and set object's meta accordingly
     // set object's meta (fs/ls) and potentially delete objectAttributes
-    public function setObjectSeenMetaFromAttribute($object, $delete=false) {
+    public function setObjectSeenMetaFromAttribute(&$object, $delete=false) {
         if ( !$delete && isset($object['Object']['first-seen']) && isset($object['Object']['last-seen'])) {
             return;
         }

From ac797ff2f869b26730f1ebdde014b35aaf433a7e Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 1 Jul 2019 14:34:32 +0200
Subject: [PATCH 18/73] chg: [object:delta] No deletion of ObjectAttribute when
 sync. with Object's FS/LS

---
 app/Model/MispObject.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 609888ee2..d3f7a8513 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -641,7 +641,7 @@ class MispObject extends AppModel
         if (isset($objectToSave['Object']['last_seen'])) {
             $object['Object']['last_seen'] = $objectToSave['Object']['last_seen'];
         }
-        $this->setObjectSeenMetaFromAttribute($object, true);
+        $this->setObjectSeenMetaFromAttribute($object, false);
         $this->save($object);
 
         if (!$onlyAddNewAttribute) {

From 51ea04d91d08f1f52c99dac3c7cc27cd6a05ebff Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 1 Jul 2019 14:35:56 +0200
Subject: [PATCH 19/73] chg: [update] Usage of `indexArray` instead of raw sql

---
 app/Model/AppModel.php | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 1e6a675cd..2aefa8846 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1255,21 +1255,18 @@ class AppModel extends Model
                         ADD COLUMN `last_seen` BIGINT(20) NULL DEFAULT NULL,
                         MODIFY comment TEXT COLLATE utf8_unicode_ci
                     ;";
-                $sqlArray[] = "
-                    ALTER TABLE `attributes`
-                        ADD INDEX `uuid` (`uuid`),
-                        ADD INDEX `event_id` (`event_id`),
-                        ADD INDEX `sharing_group_id` (`sharing_group_id`),
-                        ADD INDEX `type` (`type`),
-                        ADD INDEX `category` (`category`),
-                        ADD INDEX `value1` (`value1`(255)),
-                        ADD INDEX `value2` (`value2`(255)),
-                        ADD INDEX `object_id` (`object_id`),
-                        ADD INDEX `object_relation` (`object_relation`),
-                        ADD INDEX `deleted` (`deleted`),
-                        ADD INDEX `first_seen` (`first_seen`),
-                        ADD INDEX `last_seen` (`last_seen`);
-                    ";
+                $indexArray[] = array('attributes', 'uuid');
+                $indexArray[] = array('attributes', 'event_id');
+                $indexArray[] = array('attributes', 'sharing_group_id');
+                $indexArray[] = array('attributes', 'type');
+                $indexArray[] = array('attributes', 'category');
+                $indexArray[] = array('attributes', 'value1');
+                $indexArray[] = array('attributes', 'value2');
+                $indexArray[] = array('attributes', 'object_id');
+                $indexArray[] = array('attributes', 'object_relation');
+                $indexArray[] = array('attributes', 'deleted');
+                $indexArray[] = array('attributes', 'first_seen');
+                $indexArray[] = array('attributes', 'last_seen');
                 $sqlArray[] = "
                     ALTER TABLE `objects`
                         ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,
@@ -1287,7 +1284,7 @@ class AppModel extends Model
                 break;
             case 'testUpdate':
                 $sqlArray[] = "SELECT SLEEP(10);";
-                $sqlArray[] = "SELECT SLEEPsdcfsac(4);";
+                $sqlArray[] = "SELECT SLEEP(4);";
                 $sqlArray[] = "SELECT SLEEP(12);";
                 break;
             default:

From 3d9a545a004e487a43fe18c40af8d5a95e5c5301 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 1 Jul 2019 16:09:34 +0200
Subject: [PATCH 20/73] fix: [timeline] Prevent collision for Object and
 Attribute having the same ID

---
 app/webroot/js/event-timeline.js | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index b65951909..8a4cff874 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -193,11 +193,11 @@ function build_object_template(obj) {
     return html;
 }
 
-function reflect_change(onIndex, itemType, itemId) {
+function reflect_change(onIndex, itemType, itemId, item) {
     if (onIndex) {
         updateIndex(scope_id, 'event'); // MISP function
     } else { // reflect change on item only
-        quick_fetch_seens(itemType, itemId, function(firstSeen, lastSeen) {
+        quick_fetch_seens(itemType, item.orig_id, function(firstSeen, lastSeen) {
             var updatedItem = items_timeline.get(itemId);
             updatedItem.first_seen = firstSeen;
             updatedItem.last_seen = lastSeen;
@@ -250,7 +250,7 @@ function update_seen(item, seenType, value, reflect, callback) {
 }
 
 function fetch_form_and_submit(itemType, item, seenType, value, reflect, callback) {
-    var url = "/" + itemType + "/fetchEditForm/" + item.id + "/" + seenType+"_seen";
+    var url = "/" + itemType + "/fetchEditForm/" + item.orig_id + "/" + seenType+"_seen";
     $.ajax({
         beforeSend: function (XMLHttpRequest) {
             $(".loadingTimeline").show();
@@ -269,7 +269,7 @@ function fetch_form_and_submit(itemType, item, seenType, value, reflect, callbac
                 cache: false,
                 success:function (data, textStatus) {
                     if (reflect) {
-                        reflect_change(false, itemType, item.id);
+                        reflect_change(false, itemType, item.id, item);
                     }
                     form.remove()
                 },
@@ -363,6 +363,7 @@ function timelinePopupCallback(state) {
 
 function adjust_text_length(elem) {
     var maxChar = $('#slider_timeline_display_max_char_num').val();
+    maxChar = maxChar === undefined ? 64 : maxChar;
     elem.content = elem.content.substring(0, maxChar) + (elem.content.length < maxChar ? "" : "[...]");
 }
 
@@ -391,14 +392,16 @@ function reload_timeline() {
             items_timeline.clear();
             for (var item of data.items) {
                 item.className = item.group;
+                item.orig_id = item.id;
+                item.id = item.uuid;
                 set_spanned_time(item);
                 if (item.group == 'object') {
                     for (var attr of item.Attribute) {
-                        mapping_text_to_id.set(attr.contentType+': '+attr.content+' ('+item.id+')', item.id);
+                        mapping_text_to_id.set(attr.contentType+': '+attr.content+' ('+item.orig_id+')', item.id);
                         adjust_text_length(attr);
                     }
                 } else {
-                    mapping_text_to_id.set(item.content+' ('+item.id+')', item.id);
+                    mapping_text_to_id.set(item.content+' ('+item.orig_id+')', item.id);
                     adjust_text_length(item);
                 }
             }
@@ -450,14 +453,16 @@ function enable_timeline() {
 
             for (var item of data.items) {
                 item.className = item.group;
+                item.orig_id = item.id;
+                item.id = item.uuid;
                 set_spanned_time(item);
                 if (item.group == 'object') {
                     for (var attr of item.Attribute) {
-                        mapping_text_to_id.set(attr.contentType+': '+attr.content+' ('+item.id+')', item.id);
+                        mapping_text_to_id.set(attr.contentType+': '+attr.content+' ('+item.orig_id+')', item.id);
                         adjust_text_length(attr);
                     }
                 } else {
-                    mapping_text_to_id.set(item.content+' ('+item.id+')', item.id);
+                    mapping_text_to_id.set(item.content+' ('+item.orig_id+')', item.id);
                     adjust_text_length(item);
                 }
             }
@@ -500,11 +505,12 @@ function handle_selection(data) {
 }
 
 function edit_item(id, callback) {
-    var group = items_timeline.get(id).group;
+    var item = items_timeline.get(id);
+    var group = item.group;
     if (group == 'attribute') {
-        simplePopup('/attributes/edit/'+id);
+        simplePopup('/attributes/edit/'+item.orig_id);
     } else if (group == 'object') {
-        window.location = '/objects/edit/'+id;
+        window.location = '/objects/edit/'+item.orig_id;
     }
 }
 

From 66520f4b190ff3a6f6e1d4ed72c99d873f0ba31f Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 1 Jul 2019 16:14:30 +0200
Subject: [PATCH 21/73] chg: [timeline] Removed missleading text in tooltip

---
 app/webroot/js/event-timeline.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index 8a4cff874..8fe5a1334 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -177,7 +177,7 @@ function build_object_template(obj) {
     if (!obj.seen_enabled) {
         table.addClass('timestamp-obj');
     }
-    var bolt_html = obj.overwrite_enabled ? " <i class=\"fa fa-bolt\" style=\"color: yellow; font-size: large;\" title=\"Object is (or can be) overwritten by its attributes\">" : "";
+    var bolt_html = obj.overwrite_enabled ? " <i class=\"fa fa-bolt\" style=\"color: yellow; font-size: large;\" title=\"The Object is overwritten by its attributes\">" : "";
     table.append($('<tr class="timeline-objectName"><th>'+obj.content+bolt_html+'</th><th></th></tr>'));
     for (var attr of obj.Attribute) {
         var overwritten = obj.overwrite_enabled && (attr.contentType == "first-seen" || attr.contentType == "last-seen") ? " <i class=\"fa fa-bolt\" style=\"color: yellow;\" title=\"Overwrite object "+attr.contentType+"\"></i>" : "";

From 1bef45a6f082a97b44fe2a62cab24d94d39670e9 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 1 Jul 2019 16:27:09 +0200
Subject: [PATCH 22/73] chg: [update] DO not execute pre-update test for the
 timeline update anymore (pre-update feature not fully supported yet)

---
 app/Model/AppModel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 2aefa8846..0e31626ae 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -87,7 +87,7 @@ class AppModel extends Model
             'exitOnError' => false, # should the update exit on error
             'requirements' => 'MySQL version must be >= 5.6', # message stating the requirements necessary for the update
             'record' => true, # should the update success be saved in the admin_table
-            'preUpdate' => 'seenOnAttributeAndObjectPreUpdate', # Function to execute before the update. If it throws an error, it cancels the update
+            // 'preUpdate' => 'seenOnAttributeAndObjectPreUpdate', # Function to execute before the update. If it throws an error, it cancels the update
             'url' => '/servers/updateDatabase/seenOnAttributeAndObject/' # url pointing to the funcion performing the update
         ),
         'testUpdate' => array(

From 91b70e5c8267c0fe9c7e8d9135b71599cb0a52ec Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 2 Jul 2019 15:22:21 +0200
Subject: [PATCH 23/73] fix: [update] liveOff recognition and logs when updates
 are locked

---
 app/Model/AppModel.php | 57 ++++++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 21 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 0e31626ae..38a5b57c7 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -86,7 +86,7 @@ class AppModel extends Model
             'recommendBackup' => true, # should the update recommend backup
             'exitOnError' => false, # should the update exit on error
             'requirements' => 'MySQL version must be >= 5.6', # message stating the requirements necessary for the update
-            'record' => true, # should the update success be saved in the admin_table
+            'record' => false, # should the update success be saved in the admin_table
             // 'preUpdate' => 'seenOnAttributeAndObjectPreUpdate', # Function to execute before the update. If it throws an error, it cancels the update
             'url' => '/servers/updateDatabase/seenOnAttributeAndObject/' # url pointing to the funcion performing the update
         ),
@@ -210,7 +210,7 @@ class AppModel extends Model
                 $this->__fixServerPullPushRules();
                 break;
             case 36:
-                $this->updateDatabase('seenOnAttributeAndObject', true);
+                $this->updateDatabase('seenOnAttributeAndObject', false);
                 break;
             default:
                 $this->updateDatabase($command);
@@ -249,8 +249,20 @@ class AppModel extends Model
     // SQL scripts for updates
     public function updateDatabase($command, $useWorker=false)
     {
+        $this->Log = ClassRegistry::init('Log');
         // Exit if updates are locked
         if ($this->isUpdateLocked()) {
+            $this->Log->create();
+            $this->Log->save(array(
+                'org' => 'SYSTEM',
+                'model' => 'Server',
+                'model_id' => 0,
+                'email' => 'SYSTEM',
+                'action' => 'update_database',
+                'user_id' => 0,
+                'title' => __('Updates on database are locked.'),
+                'change' => sprintf(__('Updates will unlock in %s min'), number_format($this->__getRemaingSecondsUntilUpdateUnlock() / 60, 0))
+            ));
             return false;
         }
         $this->__resetUpdateProgress();
@@ -282,16 +294,15 @@ class AppModel extends Model
 
         $liveOff = false;
         $exitOnError = false;
-        if (isset($advanced_updates_description[$command])) {
-            $liveOff = isset($advanced_updates_description[$command]['liveOff']) ? $advanced_updates_description[$command]['liveOff'] : $liveOff;
-            $exitOnError = isset($advanced_updates_description[$command]['exitOnError']) ? $advanced_updates_description[$command]['exitOnError'] : $exitOnError;
+        if (isset($this->advanced_updates_description[$command])) {
+            $liveOff = isset($this->advanced_updates_description[$command]['liveOff']) ? $this->advanced_updates_description[$command]['liveOff'] : $liveOff;
+            $exitOnError = isset($this->advanced_updates_description[$command]['exitOnError']) ? $this->advanced_updates_description[$command]['exitOnError'] : $exitOnError;
         }
 
         $dataSourceConfig = ConnectionManager::getDataSource('default')->config;
         $dataSource = $dataSourceConfig['datasource'];
         $sqlArray = array();
         $indexArray = array();
-        $this->Log = ClassRegistry::init('Log');
         $clean = true;
         switch ($command) {
             case 'extendServerOrganizationLength':
@@ -1718,18 +1729,9 @@ class AppModel extends Model
         $this->AdminSetting->changeSetting('update_locked', $locked);
     }
 
-    private function getUpdateLockState()
+    private function __getRemaingSecondsUntilUpdateUnlock()
     {
-        if (!isset($this->AdminSetting)) {
-            $this->AdminSetting = ClassRegistry::init('AdminSetting');
-        }
-        $locked = $this->AdminSetting->getSetting('update_locked');
-        return is_null($locked) ? false : $locked;
-    }
-
-    public function isUpdateLocked()
-    {
-        $lockState = $this->getUpdateLockState();
+        $lockState = $this->__getUpdateLockState();
         if ($lockState !== false && $lockState !== '') {
             // if lock is old, still allows the update
             // This can be useful if the update process crashes
@@ -1740,11 +1742,24 @@ class AppModel extends Model
                 $this->Server = ClassRegistry::init('Server');
                 $updateWaitThreshold = intval($this->Server->serverSettings['MISP']['updateTimeThreshold']['value']);
             }
-            if ($diffSec < $updateWaitThreshold) {
-                return true;
-            }
+            return $diffSec < $updateWaitThreshold ? $updateWaitThreshold - $diffSec : 0;
         }
-        return false;
+        return 0;
+    }
+
+    private function __getUpdateLockState()
+    {
+        if (!isset($this->AdminSetting)) {
+            $this->AdminSetting = ClassRegistry::init('AdminSetting');
+        }
+        $locked = $this->AdminSetting->getSetting('update_locked');
+        return is_null($locked) ? false : $locked;
+    }
+
+    public function isUpdateLocked()
+    {
+        $remaining_seconds = $this->__getRemaingSecondsUntilUpdateUnlock();
+        return $remaining_seconds > 0 ? true : false;
     }
 
     private function __queueCleanDB()

From 6305b681ede9d06fdd442bca6f170238664ef8d0 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 2 Jul 2019 15:29:49 +0200
Subject: [PATCH 24/73] chg: [update:seen] Switch back to the usage of worker
 for the update

---
 app/Model/AppModel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 38a5b57c7..65f0ee3b2 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -210,7 +210,7 @@ class AppModel extends Model
                 $this->__fixServerPullPushRules();
                 break;
             case 36:
-                $this->updateDatabase('seenOnAttributeAndObject', false);
+                $this->updateDatabase('seenOnAttributeAndObject', true);
                 break;
             default:
                 $this->updateDatabase($command);

From 067b9ca12cade79fda0c5c3082c9ef037d17bdc0 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 2 Jul 2019 15:32:40 +0200
Subject: [PATCH 25/73] chg: [internationalisation] Support of multi-lang for
 the administrator update notice message

---
 app/Controller/AppController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index f72daeb62..c2256c53d 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -374,7 +374,7 @@ class AppController extends Controller
                 $this->Auth->logout();
                 throw new MethodNotAllowedException($message);//todo this should pb be removed?
             } else {
-                $this->Flash->error('Warning: MISP is currently disabled for all users. Enable it in Server Settings (Administration -> Server Settings -> MISP tab -> live). An update might also be in progress, you can see the progress in ' , array('params' => array('url' => $baseurl . '/servers/advancedUpdate/', 'urlName' => 'Advanced Update'), 'clear' => 1));
+                $this->Flash->error(__('Warning: MISP is currently disabled for all users. Enable it in Server Settings (Administration -> Server Settings -> MISP tab -> live). An update might also be in progress, you can see the progress in ') , array('params' => array('url' => $baseurl . '/servers/updateProgress/', 'urlName' => 'Advanced Update'), 'clear' => 1));
             }
         }
 

From 6871c9f3bfc7164594fde85e3b4d99f707d49320 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 2 Jul 2019 16:03:56 +0200
Subject: [PATCH 26/73] chg: Bumped queryversion

---
 app/Controller/AppController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index c2256c53d..dcbac4187 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -46,7 +46,7 @@ class AppController extends Controller
 
     public $helpers = array('Utility', 'OrgImg', 'FontAwesome');
 
-    private $__queryVersion = '78';
+    private $__queryVersion = '79';
     public $pyMispVersion = '2.4.106';
     public $phpmin = '7.0';
     public $phprec = '7.2';

From f6d360bcfe475d10fb5d84a5292b17981c26c254 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 2 Jul 2019 16:12:53 +0200
Subject: [PATCH 27/73] chg: [index] Index Attribute.comment

---
 app/Model/AppModel.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 65f0ee3b2..2677dd913 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1276,6 +1276,7 @@ class AppModel extends Model
                 $indexArray[] = array('attributes', 'object_id');
                 $indexArray[] = array('attributes', 'object_relation');
                 $indexArray[] = array('attributes', 'deleted');
+                $indexArray[] = array('attributes', 'comment', 767);  // https://dev.mysql.com/doc/refman/5.7/en/create-index.html
                 $indexArray[] = array('attributes', 'first_seen');
                 $indexArray[] = array('attributes', 'last_seen');
                 $sqlArray[] = "

From 31c44d78d935c8f1d31d3e6f44561d0ca98bd6bb Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 2 Jul 2019 16:26:05 +0200
Subject: [PATCH 28/73] fix: [sql] updated MySQL.sql and modified comment
 column type

---
 INSTALL/MYSQL.sql      | 26 +++++++++++++++++++++-----
 app/Model/AppModel.php |  9 +++++++--
 2 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql
index 474f2b723..3455ccfe3 100644
--- a/INSTALL/MYSQL.sql
+++ b/INSTALL/MYSQL.sql
@@ -31,9 +31,11 @@ CREATE TABLE IF NOT EXISTS `attributes` (
   `timestamp` int(11) NOT NULL DEFAULT 0,
   `distribution` tinyint(4) NOT NULL DEFAULT 0,
   `sharing_group_id` int(11) NOT NULL,
-  `comment` text COLLATE utf8_bin,
+  `comment` TEXT COLLATE utf8_unicode_ci,
   `deleted` tinyint(1) NOT NULL DEFAULT 0,
   `disable_correlation` tinyint(1) NOT NULL DEFAULT 0,
+  `first_seen` BIGINT(20) NULL DEFAULT NULL,
+  `last_seen` BIGINT(20) NULL DEFAULT NULL,
   PRIMARY KEY (`id`),
   INDEX `event_id` (`event_id`),
   INDEX `object_id` (`object_id`),
@@ -43,6 +45,10 @@ CREATE TABLE IF NOT EXISTS `attributes` (
   INDEX `type` (`type`),
   INDEX `category` (`category`),
   INDEX `sharing_group_id` (`sharing_group_id`),
+  INDEX `comment` (`comment` (767)),
+  INDEX `deleted` (`deleted`),
+  INDEX `first_seen` (`first_seen`),
+  INDEX `last_seen` (`last_seen`),
   UNIQUE INDEX `uuid` (`uuid`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
 
@@ -500,8 +506,10 @@ CREATE TABLE IF NOT EXISTS `objects` (
   `timestamp` int(11) NOT NULL DEFAULT 0,
   `distribution` tinyint(4) NOT NULL DEFAULT 0,
   `sharing_group_id` int(11),
-  `comment` text COLLATE utf8_bin NOT NULL,
+  `comment` text COLLATE utf8_unicode_ci NOT NULL,
   `deleted` tinyint(1) NOT NULL DEFAULT 0,
+  `first_seen` BIGINT(20) NULL DEFAULT NULL,
+  `last_seen` BIGINT(20) NULL DEFAULT NULL,
   PRIMARY KEY (id),
   INDEX `name` (`name`),
   INDEX `template_uuid` (`template_uuid`),
@@ -511,7 +519,10 @@ CREATE TABLE IF NOT EXISTS `objects` (
   INDEX `uuid` (`uuid`),
   INDEX `timestamp` (`timestamp`),
   INDEX `distribution` (`distribution`),
-  INDEX `sharing_group_id` (`sharing_group_id`)
+  INDEX `sharing_group_id` (`sharing_group_id`),
+  INDEX `comment` (`comment` (767)),
+  INDEX `first_seen` (`first_seen`),
+  INDEX `last_seen` (`last_seen`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 -- --------------------------------------------------------
@@ -764,12 +775,14 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` (
   `org_id` int(11) NOT NULL,
   `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci DEFAULT NULL,
   `event_org_id` int(11) NOT NULL,
-  `comment` text COLLATE utf8_bin NOT NULL,
+  `comment` text COLLATE utf8_unicode_ci NOT NULL,
   `event_uuid` varchar(40) COLLATE utf8_bin NOT NULL,
   `deleted` tinyint(1) NOT NULL DEFAULT 0,
   `timestamp` int(11) NOT NULL DEFAULT 0,
   `proposal_to_delete` BOOLEAN NOT NULL DEFAULT 0,
   `disable_correlation` tinyint(1) NOT NULL DEFAULT 0,
+  `first_seen` BIGINT(20) NULL DEFAULT NULL,
+  `last_seen` BIGINT(20) NULL DEFAULT NULL,
   PRIMARY KEY (`id`),
   INDEX `event_id` (`event_id`),
   INDEX `event_uuid` (`event_uuid`),
@@ -779,7 +792,10 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` (
   INDEX `value1` (`value1`(255)),
   INDEX `value2` (`value2`(255)),
   INDEX `type` (`type`),
-  INDEX `category` (`category`)
+  INDEX `category` (`category`),
+  INDEX `comment` (`comment` (767)),
+  INDEX `first_seen` (`first_seen`),
+  INDEX `last_seen` (`last_seen`),
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
 
 -- --------------------------------------------------------
diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 2677dd913..fd4bad792 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1258,6 +1258,7 @@ class AppModel extends Model
                         DROP INDEX object_relation;
                     ";
                 $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX deleted"; // deleted index may not be present
+                $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX comment"; // for replayability
                 $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX first_seen"; // for replayability
                 $sqlArray[] = "ALTER TABLE `attributes` DROP INDEX last_seen"; // for replayability
                 $sqlArray[] =
@@ -1282,17 +1283,21 @@ class AppModel extends Model
                 $sqlArray[] = "
                     ALTER TABLE `objects`
                         ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,
-                        ADD `last_seen` BIGINT(20) NULL DEFAULT NULL
+                        ADD `last_seen` BIGINT(20) NULL DEFAULT NULL,
+                        MODIFY comment TEXT COLLATE utf8_unicode_ci
                     ;";
                 $indexArray[] = array('objects', 'first_seen');
                 $indexArray[] = array('objects', 'last_seen');
+                $indexArray[] = array('objects', 'comment', 767);
                 $sqlArray[] = "
                     ALTER TABLE `shadow_attributes`
                         ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,
-                        ADD `last_seen` BIGINT(20) NULL DEFAULT NULL
+                        ADD `last_seen` BIGINT(20) NULL DEFAULT NULL,
+                        MODIFY comment TEXT COLLATE utf8_unicode_ci
                     ;";
                 $indexArray[] = array('shadow_attributes', 'first_seen');
                 $indexArray[] = array('shadow_attributes', 'last_seen');
+                $indexArray[] = array('shadow_attributes', 'comment', 767);
                 break;
             case 'testUpdate':
                 $sqlArray[] = "SELECT SLEEP(10);";

From e9bc02de25f7894fb3eee82132a24c418c0ec116 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 3 Jul 2019 09:40:52 +0200
Subject: [PATCH 29/73] chg: [diagnostic] Style tweaking to be consistent with
 the UI

---
 app/View/Elements/healthElements/diagnostics.ctp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/View/Elements/healthElements/diagnostics.ctp b/app/View/Elements/healthElements/diagnostics.ctp
index 1e3751cef..c12908ca5 100644
--- a/app/View/Elements/healthElements/diagnostics.ctp
+++ b/app/View/Elements/healthElements/diagnostics.ctp
@@ -66,7 +66,7 @@
         </span><br />
         <pre class="hidden green bold" id="gitResult"></pre>
         <button title="<?php echo __('Pull the latest MISP version from github');?>" class="btn btn-inverse" style="padding-top:1px;padding-bottom:1px;" onClick = "updateMISP();"><?php echo __('Update MISP');?></button>
-        <a title="<?php echo __('Click the following button to go to the update progress page. This page lists all updates that are currently queued and executed.'); ?>" class="btn btn-inverse" style="padding-top:1px;padding-bottom:1px;" href="<?php echo $baseurl; ?>/servers/updateProgress/"><?php echo __('Update Progress');?></a>
+        <a title="<?php echo __('Click the following button to go to the update progress page. This page lists all updates that are currently queued and executed.'); ?>" style="margin-left: 5px;" href="<?php echo $baseurl; ?>/servers/updateProgress/"><i class="fas fa-tasks"></i> <?php echo __('View Update Progress');?></a>
     </div>
     <h3><?php echo __('Submodules version');?>
         <it id="refreshSubmoduleStatus" class="fas fa-sync useCursorPointer" style="font-size: small; margin-left: 5px;" title="<?php echo __('Refresh submodules version.'); ?>"></it>

From ea7e7951b9303fb9d8aa424473158c54888d1746 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 09:33:39 +0200
Subject: [PATCH 30/73] chg: [event:view] Added first_seen/last_seen column
 (event, server and feed)

---
 app/View/Elements/Events/View/row_attribute.ctp       | 3 +++
 app/View/Elements/Events/View/row_object.ctp          | 3 +++
 app/View/Elements/Events/View/row_proposal.ctp        | 3 +++
 app/View/Elements/Events/View/row_proposal_delete.ctp | 3 +++
 app/View/Elements/Events/View/seen_field.ctp          | 9 +++++++++
 app/View/Elements/Feeds/View/row_attribute.ctp        | 3 +++
 app/View/Elements/Feeds/View/row_object.ctp           | 3 +++
 app/View/Elements/Feeds/View/seen_field.ctp           | 9 +++++++++
 app/View/Elements/Feeds/eventattribute.ctp            | 1 +
 app/View/Elements/Servers/View/row_attribute.ctp      | 3 +++
 app/View/Elements/Servers/View/row_object.ctp         | 3 +++
 app/View/Elements/Servers/View/seen_field.ctp         | 9 +++++++++
 app/View/Elements/Servers/eventattribute.ctp          | 1 +
 app/View/Elements/eventattribute.ctp                  | 1 +
 14 files changed, 54 insertions(+)
 create mode 100644 app/View/Elements/Events/View/seen_field.ctp
 create mode 100644 app/View/Elements/Feeds/View/seen_field.ctp
 create mode 100644 app/View/Elements/Servers/View/seen_field.ctp

diff --git a/app/View/Elements/Events/View/row_attribute.ctp b/app/View/Elements/Events/View/row_attribute.ctp
index 0cc9b3ad7..c393332bd 100644
--- a/app/View/Elements/Events/View/row_attribute.ctp
+++ b/app/View/Elements/Events/View/row_attribute.ctp
@@ -54,6 +54,9 @@
     <td class="short context hidden">
       <?php echo h($object['uuid']); ?>
     </td>
+    <td class="short context hidden">
+        <?php echo $this->element('/Events/View/seen_field', array('object' => $object)); ?>
+    </td>
     <td class="short">
       <?php echo date('Y-m-d', $object['timestamp']); ?>
     </td>
diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index 0fde98b93..843f15aab 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -36,6 +36,9 @@
   <td class="short context hidden">
     <?php echo h($object['uuid']); ?>
   </td>
+  <td class="short context hidden">
+      <?php echo $this->element('/Events/View/seen_field', array('object' => $object)); ?>
+  </td>
   <td class="short">
     <?php echo date('Y-m-d', $object['timestamp']); ?>
   </td>
diff --git a/app/View/Elements/Events/View/row_proposal.ctp b/app/View/Elements/Events/View/row_proposal.ctp
index f2e8040b1..bd3385154 100644
--- a/app/View/Elements/Events/View/row_proposal.ctp
+++ b/app/View/Elements/Events/View/row_proposal.ctp
@@ -49,6 +49,9 @@
   <td class="short context hidden">
     <?php echo $object['objectType'] == 0 ? h($object['uuid']) : '&nbsp;'; ?>
   </td>
+  <td class="short context hidden">
+      <?php echo $this->element('/Events/View/seen_field', array('object' => $object)); ?>
+  </td>
   <td class="short">
     <div id = "<?php echo $currentType . '_' . $object['id'] . '_timestamp_solid'; ?>">
       <?php
diff --git a/app/View/Elements/Events/View/row_proposal_delete.ctp b/app/View/Elements/Events/View/row_proposal_delete.ctp
index ea4efec19..42eefd570 100644
--- a/app/View/Elements/Events/View/row_proposal_delete.ctp
+++ b/app/View/Elements/Events/View/row_proposal_delete.ctp
@@ -50,6 +50,9 @@
   <td class="short context hidden">
     <?php echo h($object['uuid']); ?>
   </td>
+  <td class="short context hidden">
+      <?php echo $this->element('/Events/View/seen_field', array('object' => $object)); ?>
+  </td>
   <td style="font-weight:bold;text-align:left;">DELETE</td>
   <?php
     if ($extended):
diff --git a/app/View/Elements/Events/View/seen_field.ctp b/app/View/Elements/Events/View/seen_field.ctp
new file mode 100644
index 000000000..b6af6f9f8
--- /dev/null
+++ b/app/View/Elements/Events/View/seen_field.ctp
@@ -0,0 +1,9 @@
+<?php if ($object['first_seen'] != null || $object['last_seen'] != null): ?>
+    <div>
+        <div><?php echo $object['first_seen'] != null ? h($object['first_seen']) : '<span style="display: block; text-align:center;">_</span>'; ?></div>
+        <i style="display: block; text-align: center;" class="fas fa-arrow-down"></i>
+        <div><?php echo $object['last_seen'] != null ? h($object['last_seen']) : '<span style="display: block; text-align:center;">_</span>'; ?></div>
+    </div>
+<?php else: ?>
+    <div></div>
+<?php endif; ?>
diff --git a/app/View/Elements/Feeds/View/row_attribute.ctp b/app/View/Elements/Feeds/View/row_attribute.ctp
index 7fc8003ff..fb10d13f3 100755
--- a/app/View/Elements/Feeds/View/row_attribute.ctp
+++ b/app/View/Elements/Feeds/View/row_attribute.ctp
@@ -23,6 +23,9 @@ if ($object['value'] == 'MERGE') debug($object);
     <td class="short">
       <?php echo date('Y-m-d', $object['timestamp']); ?>
     </td>
+    <td class="short">
+      <?php echo $this->element('/Servers/View/seen_field', array('object' => $object)); ?>
+    </td>
     <td class="short">
       <div id = "Attribute_<?php echo $object['uuid']; ?>_category_solid" class="inline-field-solid">
         <?php echo h($object['category']); ?>
diff --git a/app/View/Elements/Feeds/View/row_object.ctp b/app/View/Elements/Feeds/View/row_object.ctp
index 97673bee7..afd29ed35 100644
--- a/app/View/Elements/Feeds/View/row_object.ctp
+++ b/app/View/Elements/Feeds/View/row_object.ctp
@@ -12,6 +12,9 @@
   <td class="short">
     <?php echo date('Y-m-d', $object['timestamp']); ?>
   </td>
+  <td class="short">
+    <?php echo $this->element('/Servers/View/seen_field', array('object' => $object)); ?>
+  </td>
   <td colspan="<?php echo $fieldCount -2;?>">
     <span class="bold"><?php echo __('Name: ');?></span><?php echo h($object['name']);?>
     <span class="fa fa-expand useCursorPointer" title="<?php echo __('Expand or Collapse');?>" role="button" tabindex="0" aria-label="<?php echo __('Expand or Collapse');?>" data-toggle="collapse" data-target="#Object_<?php echo h($object['uuid']); ?>_collapsible"></span>
diff --git a/app/View/Elements/Feeds/View/seen_field.ctp b/app/View/Elements/Feeds/View/seen_field.ctp
new file mode 100644
index 000000000..b1b9ca437
--- /dev/null
+++ b/app/View/Elements/Feeds/View/seen_field.ctp
@@ -0,0 +1,9 @@
+<?php if (array_key_exists('first_seen', $object) && ($object['first_seen'] != null || $object['last_seen'] != null)): ?>
+    <div>
+        <div><?php echo $object['first_seen'] != null ? h($object['first_seen']) : '<span style="display: block; text-align:center;">_</span>'; ?></div>
+        <i style="display: block; text-align: center;" class="fas fa-arrow-down"></i>
+        <div><?php echo $object['last_seen'] != null ? h($object['last_seen']) : '<span style="display: block; text-align:center;">_</span>'; ?></div>
+    </div>
+<?php else: ?>
+    <div></div>
+<?php endif; ?>
diff --git a/app/View/Elements/Feeds/eventattribute.ctp b/app/View/Elements/Feeds/eventattribute.ctp
index ee2ac3ed9..97b654325 100644
--- a/app/View/Elements/Feeds/eventattribute.ctp
+++ b/app/View/Elements/Feeds/eventattribute.ctp
@@ -39,6 +39,7 @@
     <table class="table table-striped table-condensed">
         <tr>
             <th><?php echo $this->Paginator->sort('timestamp', __('Date'));?></th>
+            <th><?php echo __('First seen') ?> <i class="fas fa-arrow-right"></i> <?php echo __('Last seen') ?></th>
             <th><?php echo $this->Paginator->sort('category');?></th>
             <th><?php echo $this->Paginator->sort('type');?></th>
             <th><?php echo $this->Paginator->sort('value');?></th>
diff --git a/app/View/Elements/Servers/View/row_attribute.ctp b/app/View/Elements/Servers/View/row_attribute.ctp
index 98cae930c..b6fcb2043 100644
--- a/app/View/Elements/Servers/View/row_attribute.ctp
+++ b/app/View/Elements/Servers/View/row_attribute.ctp
@@ -23,6 +23,9 @@ if ($object['value'] == 'MERGE') debug($object);
     <td class="short">
       <?php echo date('Y-m-d', $object['timestamp']); ?>
     </td>
+    <td class="short">
+      <?php echo $this->element('/Servers/View/seen_field', array('object' => $object)); ?>
+    </td>
     <td class="short">
       <div id = "Attribute_<?php echo $object['id']; ?>_category_placeholder" class = "inline-field-placeholder"></div>
       <div id = "Attribute_<?php echo $object['id']; ?>_category_solid" class="inline-field-solid" ondblclick="activateField('Attribute', '<?php echo $object['id']; ?>', 'category', <?php echo $event['Event']['id'];?>);">
diff --git a/app/View/Elements/Servers/View/row_object.ctp b/app/View/Elements/Servers/View/row_object.ctp
index a92e5ab6c..b10dd1ede 100644
--- a/app/View/Elements/Servers/View/row_object.ctp
+++ b/app/View/Elements/Servers/View/row_object.ctp
@@ -12,6 +12,9 @@
   <td class="short">
     <?php echo date('Y-m-d', $object['timestamp']); ?>
   </td>
+  <td class="short">
+    <?php echo $this->element('/Servers/View/seen_field', array('object' => $object)); ?>
+  </td>
   <td colspan="<?php echo $fieldCount -2;?>">
     <span class="bold"><?php echo __('Name');?>: </span><?php echo h($object['name']);?>
     <span class="fa fa-expand useCursorPointer" title="<?php echo __('Expand or Collapse');?>" role="button" tabindex="0" aria-label="<?php echo __('Expand or Collapse');?>" data-toggle="collapse" data-target="#Object_<?php echo h($object['id']); ?>_collapsible"></span>
diff --git a/app/View/Elements/Servers/View/seen_field.ctp b/app/View/Elements/Servers/View/seen_field.ctp
new file mode 100644
index 000000000..b1b9ca437
--- /dev/null
+++ b/app/View/Elements/Servers/View/seen_field.ctp
@@ -0,0 +1,9 @@
+<?php if (array_key_exists('first_seen', $object) && ($object['first_seen'] != null || $object['last_seen'] != null)): ?>
+    <div>
+        <div><?php echo $object['first_seen'] != null ? h($object['first_seen']) : '<span style="display: block; text-align:center;">_</span>'; ?></div>
+        <i style="display: block; text-align: center;" class="fas fa-arrow-down"></i>
+        <div><?php echo $object['last_seen'] != null ? h($object['last_seen']) : '<span style="display: block; text-align:center;">_</span>'; ?></div>
+    </div>
+<?php else: ?>
+    <div></div>
+<?php endif; ?>
diff --git a/app/View/Elements/Servers/eventattribute.ctp b/app/View/Elements/Servers/eventattribute.ctp
index f2446e258..8493889fb 100644
--- a/app/View/Elements/Servers/eventattribute.ctp
+++ b/app/View/Elements/Servers/eventattribute.ctp
@@ -39,6 +39,7 @@
     <table class="table table-striped table-condensed">
         <tr>
             <th><?php echo $this->Paginator->sort('timestamp', __('Date'));?></th>
+            <th><?php echo __('First seen') ?> <i class="fas fa-arrow-right"></i> <?php echo __('Last seen') ?></th>
             <th><?php echo $this->Paginator->sort('category');?></th>
             <th><?php echo $this->Paginator->sort('type');?></th>
             <th><?php echo $this->Paginator->sort('value');?></th>
diff --git a/app/View/Elements/eventattribute.ctp b/app/View/Elements/eventattribute.ctp
index a157f8c7b..27653877b 100644
--- a/app/View/Elements/eventattribute.ctp
+++ b/app/View/Elements/eventattribute.ctp
@@ -135,6 +135,7 @@
             ?>
             <th class="context hidden"><?php echo $this->Paginator->sort('id');?></th>
             <th class="context hidden">UUID</th>
+            <th class="context hidden"><?php echo __('First seen') ?> <i class="fas fa-arrow-right"></i> <?php echo __('Last seen') ?></th>
             <th><?php echo $this->Paginator->sort('timestamp', __('Date'), array('direction' => 'desc'));?></th>
             <?php
                 if ($extended):

From 05838fb7bcdafe499c4fb0726b4e6e1f77cb5499 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 09:37:39 +0200
Subject: [PATCH 31/73] fix: [event:view] Icons color set to white when
 applicable

---
 app/View/Elements/Events/View/row_object.ctp          | 4 ++--
 app/View/Elements/Events/View/row_proposal.ctp        | 2 +-
 app/View/Elements/Events/View/row_proposal_delete.ctp | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index 843f15aab..939f6f89a 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -122,12 +122,12 @@
     <?php
       if ($mayModify && empty($object['deleted'])) {
         echo sprintf(
-          '<a href="%s/objects/edit/%s" title="Edit" aria-label="Edit" class="fa fa-edit icon-white useCursorPointer"></a>',
+          '<a href="%s/objects/edit/%s" title="Edit" aria-label="Edit" class="fa fa-edit useCursorPointer" style="color: white" ></a>',
           $baseurl,
           h($object['id'])
         );
         echo sprintf(
-          '<span class="fa fa-trash icon-white useCursorPointer" title="%1$s" role="button" tabindex="0" aria-label="%1$s" onClick="%2$s"></span>',
+          '<span style="color: white" class="fa fa-trash useCursorPointer" title="%1$s" role="button" tabindex="0" aria-label="%1$s" onClick="%2$s"></span>',
           (empty($event['Event']['publish_timestamp']) ? __('Permanently delete object') : __('Soft delete object')),
           sprintf(
             'deleteObject(\'objects\', \'delete\', \'%s\', \'%s\');',
diff --git a/app/View/Elements/Events/View/row_proposal.ctp b/app/View/Elements/Events/View/row_proposal.ctp
index bd3385154..b4d19a083 100644
--- a/app/View/Elements/Events/View/row_proposal.ctp
+++ b/app/View/Elements/Events/View/row_proposal.ctp
@@ -188,7 +188,7 @@
         }
         if (($event['Orgc']['id'] == $me['org_id'] && $mayModify) || $isSiteAdmin || ($object['org_id'] == $me['org_id'])) {
         ?>
-          <span class="fa fa-trash icon-white useCursorPointer" title="<?php echo __('Discard proposal');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard proposal');?>" onClick="deleteObject('shadow_attributes', 'discard' ,'<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
+          <span style="color: white" class="fa fa-trash useCursorPointer" title="<?php echo __('Discard proposal');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard proposal');?>" onClick="deleteObject('shadow_attributes', 'discard' ,'<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
         <?php
         }
     ?>
diff --git a/app/View/Elements/Events/View/row_proposal_delete.ctp b/app/View/Elements/Events/View/row_proposal_delete.ctp
index 42eefd570..c4fbef790 100644
--- a/app/View/Elements/Events/View/row_proposal_delete.ctp
+++ b/app/View/Elements/Events/View/row_proposal_delete.ctp
@@ -82,7 +82,7 @@
         }
         if (($event['Orgc']['id'] == $me['org_id'] && $mayModify) || $isSiteAdmin || ($object['org_id'] == $me['org_id'])) {
         ?>
-          <span class="fa fa-trash icon-white useCursorPointer" title="<?php echo __('Discard proposal');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard proposal');?>" onClick="deleteObject('shadow_attributes', 'discard' ,'<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
+          <span style="color: white" class="fa fa-trash useCursorPointer" title="<?php echo __('Discard proposal');?>" role="button" tabindex="0" aria-label="<?php echo __('Discard proposal');?>" onClick="deleteObject('shadow_attributes', 'discard' ,'<?php echo $object['id']; ?>', '<?php echo $event['Event']['id']; ?>');"></span>
         <?php
         }
     ?>

From e9feb6612a872c862d6e47f5a397401faaa7cd76 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 13:50:16 +0200
Subject: [PATCH 32/73] chg: [restResponse] Updated doc about first_seen and
 last_seen

---
 .../Component/RestResponseComponent.php       | 43 +++++++++++--------
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/app/Controller/Component/RestResponseComponent.php b/app/Controller/Component/RestResponseComponent.php
index 9f011cafe..e08c64c45 100644
--- a/app/Controller/Component/RestResponseComponent.php
+++ b/app/Controller/Component/RestResponseComponent.php
@@ -47,7 +47,7 @@ class RestResponseComponent extends Component
                     Besides the parameters listed, other, format specific ones can be passed along (for example: requested_attributes and includeContext for the CSV export).
                     This API allows pagination via the page and limit parameters.",
                 'mandatory' => array('returnFormat'),
-                'optional' => array('page', 'limit', 'value' , 'type', 'category', 'org', 'tags', 'date', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'includeEventTags', 'event_timestamp', 'threat_level_id', 'eventinfo', 'includeProposals'),
+                'optional' => array('page', 'limit', 'value' , 'type', 'category', 'org', 'tags', 'date', 'last', 'eventid', 'withAttachments', 'uuid', 'publish_timestamp', 'timestamp', 'enforceWarninglist', 'to_ids', 'deleted', 'includeEventUuid', 'includeEventTags', 'event_timestamp', 'threat_level_id', 'eventinfo', 'includeProposals', 'first_seen', 'last_seen'),
                 'params' => array()
             )
         ),
@@ -1487,30 +1487,34 @@ class RestResponseComponent extends Component
                                 // add dynamic data and overwrite name collisions
                                 switch($field) {
                                     case "returnFormat":
-                                        $this->__overwriteReturnFormat($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteReturnFormat($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "type":
-                                        $this->__overwriteType($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteType($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "category":
-                                        $this->__overwriteCategory($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteCategory($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "distribution":
-                                        $this->__overwriteDistribution($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteDistribution($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "tag":
                                     case "tags":
                                     case "EventTag":
-                                        $this->__overwriteTags($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteTags($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "nationality":
-                                        $this->__overwriteNationality($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteNationality($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "action":
-                                        $this->__overwriteAction($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteAction($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     case "role_id":
-                                        $this->__overwriteRoleId($scope, $fieldsConstraint[$field]);
+                                        $this->__overwriteRoleId($scope, $action, $fieldsConstraint[$field]);
+                                        break;
+                                    case "first_seen":
+                                    case "last_seen":
+                                        $this->__overwriteSeen($scope, $action, $fieldsConstraint[$field]);
                                         break;
                                     default:
                                         break;
@@ -1526,7 +1530,7 @@ class RestResponseComponent extends Component
     }
 
     // Fetch the correct values based on the scope, then overwrite default value
-    private function __overwriteReturnFormat($scope, &$field) {
+    private function __overwriteReturnFormat($scope, $action, &$field) {
         switch($scope) {
             case "Attribute":
                 $field['values'] = array_keys(ClassRegistry::init($scope)->validFormats);
@@ -1536,7 +1540,7 @@ class RestResponseComponent extends Component
                 break;
         }
     }
-    private function __overwriteType($scope, &$field) {
+    private function __overwriteType($scope, $action, &$field) {
         $field['input'] = 'select';
         switch($scope) {
             case "Attribute":
@@ -1554,16 +1558,16 @@ class RestResponseComponent extends Component
         }
     }
 
-    private function __overwriteCategory($scope, &$field) {
+    private function __overwriteCategory($scope, $action, &$field) {
         $field['values'] = array_keys(ClassRegistry::init("Attribute")->categoryDefinitions);
     }
-    private function __overwriteDistribution($scope, &$field) {
+    private function __overwriteDistribution($scope, $action, &$field) {
         $field['values'] = array();
         foreach(ClassRegistry::init("Attribute")->distributionLevels as $d => $text) {
             $field['values'][] = array('label' => $text, 'value' => $d);
         }
     }
-    private function __overwriteTags($scope, &$field) {
+    private function __overwriteTags($scope, $action, &$field) {
         $this->{$scope} = ClassRegistry::init("Tag");
         $tags = $this->{$scope}->find('list', array(
             'recursive' => -1,
@@ -1576,13 +1580,13 @@ class RestResponseComponent extends Component
         }
         $field['values'] = $tags;
     }
-    private function __overwriteNationality($scope, &$field) {
+    private function __overwriteNationality($scope, $action, &$field) {
         $field['values'] = ClassRegistry::init("Organisation")->countries;
     }
-    private function __overwriteAction($scope, &$field) {
+    private function __overwriteAction($scope, $action, &$field) {
         $field['values'] = array_keys(ClassRegistry::init("Log")->actionDefinitions);
     }
-    private function __overwriteRoleId($scope, &$field) {
+    private function __overwriteRoleId($scope, $action, &$field) {
         $this->{$scope} = ClassRegistry::init("Role");
         $roles = $this->{$scope}->find('list', array(
             'recursive' => -1,
@@ -1590,5 +1594,10 @@ class RestResponseComponent extends Component
         ));
         $field['values'] = $roles;
     }
+    private function __overwriteSeen($scope, $action, &$field) {
+        if ($action == 'restSearch') {
+            $field['help'] = __('Seen within the last x amount of time, where x can be defined in days, hours, minutes (for example 5d or 12h or 30m)');
+        }
+    }
 
 }

From 344f322a7df5e0fc93fc1bdd8aae054c07240aee Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 13:51:36 +0200
Subject: [PATCH 33/73] chg: [attribute:restSearch] Added filtering conditions
 for first_seen and last_seen

---
 app/Controller/AttributesController.php |  2 +-
 app/Model/Attribute.php                 | 26 +++++++++++++++++++++++++
 app/Model/Event.php                     | 21 ++++++++++++++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)

diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index ddce0b90b..37bd746a5 100644
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -1932,7 +1932,7 @@ class AttributesController extends AppController
         $returnFormat = false, $value = false, $type = false, $category = false, $org = false, $tags = false, $from = false,
         $to = false, $last = false, $eventid = false, $withAttachments = false, $uuid = false, $publish_timestamp = false, $published = false,
         $timestamp = false, $enforceWarninglist = false, $to_ids = false, $deleted = false, $includeEventUuid = false, $event_timestamp = false,
-        $threat_level_id = false
+        $threat_level_id = false, $first_seen = false, $last_seen = false
     )
     {
         $paramArray = array(
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index d8d95bee2..3ad34e7f6 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -3563,6 +3563,28 @@ class Attribute extends AppModel
         return $conditions;
     }
 
+    public function setTimestampSeenConditions($timestamp, $conditions, $scope = 'Event.timestamp', $returnRaw = false)
+    {
+        if (is_array($timestamp)) {
+            $timestamp[0] = intval($this->Event->resolveTimeDelta($timestamp[0])) * 1000000; // seen in stored in micro-seconds in the DB
+            $timestamp[1] = intval($this->Event->resolveTimeDelta($timestamp[1])) * 1000000; // seen in stored in micro-seconds in the DB
+            if ($timestamp[0] > $timestamp[1]) {
+                $temp = $timestamp[0];
+                $timestamp[0] = $timestamp[1];
+                $timestamp[1] = $temp;
+            }
+            $conditions['AND'][] = array($scope . ' >=' => $timestamp[0]);
+            $conditions['AND'][] = array($scope . ' <=' => $timestamp[1]);
+        } else {
+            $timestamp = intval($this->Event->resolveTimeDelta($timestamp)) * 1000000; // seen in stored in micro-seconds in the DB
+            $conditions['AND'][] = array($scope . ' >=' => $timestamp);
+        }
+        if ($returnRaw) {
+            return $timestamp;
+        }
+        return $conditions;
+    }
+
     public function setToIDSConditions($to_ids, $conditions)
     {
         if ($to_ids === 'exclude') {
@@ -4087,6 +4109,8 @@ class Attribute extends AppModel
                     'uuid' => array('function' => 'set_filter_uuid'),
                     'deleted' => array('function' => 'set_filter_deleted'),
                     'timestamp' => array('function' => 'set_filter_timestamp'),
+                    'first_seen' => array('function' => 'set_filter_seen'),
+                    'last_seen' => array('function' => 'set_filter_seen'),
                     'to_ids' => array('function' => 'set_filter_to_ids'),
                     'comment' => array('function' => 'set_filter_comment')
                 ),
@@ -4108,6 +4132,8 @@ class Attribute extends AppModel
                 ),
                 'Object' => array(
                     'object_name' => array('function' => 'set_filter_object_name'),
+                    'first_seen' => array('function' => 'set_filter_seen'),
+                    'last_seen' => array('function' => 'set_filter_seen'),
                     'deleted' => array('function' => 'set_filter_deleted')
                 )
             );
diff --git a/app/Model/Event.php b/app/Model/Event.php
index ba470abe5..1803665b1 100755
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -2605,6 +2605,27 @@ class Event extends AppModel
         return $conditions;
     }
 
+    public function set_filter_seen(&$params, $conditions, $options)
+    {
+        if (empty($options['scope'])) {
+            $scope = 'Attribute';
+        } else {
+            $scope = $options['scope'];
+        }
+        $filters = array(
+            'first_seen' => array(
+                'Attribute.first_seen'
+            ),
+            'last_seen' => array(
+                'Attribute.last_seen'
+            )
+        );
+        foreach ($filters[$options['filter']] as $f) {
+            $conditions = $this->Attribute->setTimestampSeenConditions($params[$options['filter']], $conditions, $f);
+        }
+        return $conditions;
+    }
+
     public function set_filter_timestamp(&$params, $conditions, $options)
     {
         if ($options['filter'] == 'from') {

From 59d815b716fa5f3fc390f1adabda32f33a3c93f7 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 13:52:29 +0200
Subject: [PATCH 34/73] chg: [object] Set fs/ls on all attributes when an
 object got its fs/ls sets

---
 app/Controller/ObjectsController.php | 20 ++++++++++++++++-
 app/Model/MispObject.php             | 33 ++++++++++++++++++++++++++--
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index 3d1dca04b..f85a0e2e1 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -650,6 +650,7 @@ class ObjectsController extends AppController
                 throw new MethodNotAllowedException('Invalid input.');
             }
         }
+        $seen_changed = false;
         foreach ($this->request->data['Object'] as $changedKey => $changedField) {
             if (!in_array($changedKey, $validFields)) {
                 throw new MethodNotAllowedException('Invalid field.');
@@ -658,6 +659,7 @@ class ObjectsController extends AppController
                 $this->autoRender = false;
                 return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'nochange');
             }
+            $seen_changed = $changedKey == 'first_seen' || $changedKey == 'last_seen';
             $object['Object'][$changedKey] = $changedField;
             $changed = true;
         }
@@ -666,7 +668,7 @@ class ObjectsController extends AppController
         }
         $date = new DateTime();
         $object['Object']['timestamp'] = $date->getTimestamp();
-        $this->MispObject->setObjectSeenMetaFromAttribute($object, true);
+        $this->MispObject->setObjectSeenMetaFromAttribute($object, false);
         if ($this->MispObject->save($object)) {
             $event = $this->MispObject->Event->find('first', array(
                 'recursive' => -1,
@@ -676,6 +678,22 @@ class ObjectsController extends AppController
             )));
             $event['Event']['timestamp'] = $date->getTimestamp();
             $event['Event']['published'] = 0;
+            if ($seen_changed) {
+                // Set seen of object at attribute level
+                $attributes = $this->MispObject->find('first', array(
+                    'conditions' => array('id' => $object['Object']['id']),
+                    'contain' => array('Attribute')
+                ))['Attribute'];
+                foreach ($attributes as $k => $attribute) {
+                    if (is_null($attribute['first_seen']) && !is_null($object['Object']['first_seen'])) {
+                        $attributes[$k]['first_seen'] = $object['Object']['first_seen'];
+                    }
+                    if (is_null($attribute['last_seen']) && !is_null($object['Object']['last_seen'])) {
+                        $attributes[$k]['last_seen'] = $object['Object']['last_seen'];
+                    }
+                }
+                $this->MispObject->Attribute->saveAttributes($attributes);
+            }
             $this->MispObject->Event->save($event, array('fieldList' => array('published', 'timestamp', 'info')));
             $this->autoRender = false;
             return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'Field updated');
diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index d3f7a8513..d3a836e18 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -239,6 +239,12 @@ class MispObject extends AppModel
             $result = $this->id;
             foreach ($object['Attribute'] as $k => $attribute) {
                 $object['Attribute'][$k]['object_id'] = $this->id;
+                if (is_null($object['Attribute'][$k]['first_seen']) && !is_null($object['first_seen'])) {
+                    $object['Attribute'][$k]['first_seen'] = $object['first_seen'];
+                }
+                if (is_null($object['Attribute'][$k]['last_seen']) && !is_null($object['last_seen'])) {
+                    $object['Attribute'][$k]['last_seen'] = $object['last_seen'];
+                }
             }
             $this->Attribute->saveAttributes($object['Attribute']);
         } else {
@@ -635,13 +641,13 @@ class MispObject extends AppModel
         }
         $date = new DateTime();
         $object['Object']['timestamp'] = $date->getTimestamp();
+        $this->setObjectSeenMetaFromAttribute($object, false);
         if (isset($objectToSave['Object']['first_seen'])) {
             $object['Object']['first_seen'] = $objectToSave['Object']['first_seen'];
         }
         if (isset($objectToSave['Object']['last_seen'])) {
             $object['Object']['last_seen'] = $objectToSave['Object']['last_seen'];
         }
-        $this->setObjectSeenMetaFromAttribute($object, false);
         $this->save($object);
 
         if (!$onlyAddNewAttribute) {
@@ -658,6 +664,15 @@ class MispObject extends AppModel
                                 if ($newAttribute[$f] != $originalAttribute[$f]) {
                                     $different = true;
                                 }
+                                // Set seen of object at attribute level
+                                if (is_null($newAttribute['first_seen']) && !is_null($object['first_seen'])) {
+                                    $newAttribute['first_seen'] = $object['first_seen'];
+                                    $different = true;
+                                }
+                                if (is_null($newAttribute['last_seen']) && !is_null($object['last_seen'])) {
+                                    $newAttribute['last_seen'] = $object['last_seen'];
+                                    $different = true;
+                                }
                             }
                             if ($different) {
                                 $newAttribute['id'] = $originalAttribute['id'];
@@ -685,6 +700,13 @@ class MispObject extends AppModel
                 $this->Event->Attribute->create();
                 $newAttribute['event_id'] = $object['Object']['event_id'];
                 $newAttribute['object_id'] = $object['Object']['id'];
+                // Set seen of object at attribute level
+                if (is_null($newAttribute['first_seen']) && !is_null($object['first_seen'])) {
+                    $newAttribute['first_seen'] = $object['first_seen'];
+                }
+                if (is_null($newAttribute['last_seen']) && !is_null($object['last_seen'])) {
+                    $newAttribute['last_seen'] = $object['last_seen'];
+                }
                 if (!isset($newAttribute['timestamp'])) {
                     $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
                     if ($newAttribute['distribution'] == 'event') {
@@ -701,10 +723,17 @@ class MispObject extends AppModel
             }
         } else { // we only add the new attribute
             $newAttribute = $objectToSave['Attribute'][0];
-            if ($newAttribute != 'last-seen' && $newAttribute != 'first-seen') { // fs/ls should be added in the object's meta
+            if ($newAttribute['object_relation'] != 'last-seen' && $newAttribute['object_relation'] != 'first-seen') { // fs/ls should be added in the object's meta
                 $this->Event->Attribute->create();
                 $newAttribute['event_id'] = $object['Object']['event_id'];
                 $newAttribute['object_id'] = $object['Object']['id'];
+                // Set seen of object at attribute level
+                if (is_null($newAttribute['first_seen']) && !is_null($object['first_seen'])) {
+                    $newAttribute['first_seen'] = $object['first_seen'];
+                }
+                if (is_null($newAttribute['last_seen']) && !is_null($object['last_seen'])) {
+                    $newAttribute['last_seen'] = $object['last_seen'];
+                }
                 if (!isset($newAttribute['timestamp'])) {
                     $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
                     if ($newAttribute['distribution'] == 'event') {

From d616acc92a6eaa8c23878653e9013718cd00365a Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 14:05:47 +0200
Subject: [PATCH 35/73] fix: [object:add] Catch exception if fs/ls doesn't
 exists

---
 app/Model/MispObject.php | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index d3a836e18..e475dc024 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -239,11 +239,17 @@ class MispObject extends AppModel
             $result = $this->id;
             foreach ($object['Attribute'] as $k => $attribute) {
                 $object['Attribute'][$k]['object_id'] = $this->id;
-                if (is_null($object['Attribute'][$k]['first_seen']) && !is_null($object['first_seen'])) {
-                    $object['Attribute'][$k]['first_seen'] = $object['first_seen'];
+                if (
+                    (!array_key_exists('first_seen', $object['Attribute'][$k]) || is_null($object['Attribute'][$k]['first_seen'])) &&
+                    !is_null($object['Object']['first_seen'])
+                ) {
+                    $object['Attribute'][$k]['first_seen'] = $object['Object']['first_seen'];
                 }
-                if (is_null($object['Attribute'][$k]['last_seen']) && !is_null($object['last_seen'])) {
-                    $object['Attribute'][$k]['last_seen'] = $object['last_seen'];
+                if (
+                    (!array_key_exists('last_seen', $object['Attribute'][$k]) || is_null($object['Attribute'][$k]['last_seen'])) &&
+                    !is_null($object['Object']['last_seen'])
+                ) {
+                    $object['Attribute'][$k]['last_seen'] = $object['Object']['last_seen'];
                 }
             }
             $this->Attribute->saveAttributes($object['Attribute']);
@@ -665,12 +671,18 @@ class MispObject extends AppModel
                                     $different = true;
                                 }
                                 // Set seen of object at attribute level
-                                if (is_null($newAttribute['first_seen']) && !is_null($object['first_seen'])) {
-                                    $newAttribute['first_seen'] = $object['first_seen'];
+                                if (
+                                    (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
+                                    !is_null($object['Object']['first_seen'])
+                                ) {
+                                    $newAttribute['first_seen'] = $object['Object']['first_seen'];
                                     $different = true;
                                 }
-                                if (is_null($newAttribute['last_seen']) && !is_null($object['last_seen'])) {
-                                    $newAttribute['last_seen'] = $object['last_seen'];
+                                if (
+                                    (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
+                                    !is_null($object['Object']['last_seen'])
+                                ) {
+                                    $newAttribute['last_seen'] = $object['Object']['last_seen'];
                                     $different = true;
                                 }
                             }
@@ -689,7 +701,9 @@ class MispObject extends AppModel
                                     'timestamp',
                                     'object_id',
                                     'event_id',
-                                    'disable_correlation'
+                                    'disable_correlation',
+                                    'first_seen',
+                                    'last_seen'
                                 ));
                             }
                             unset($object['Attribute'][$origKey]);

From 11bee7c6e5dcca6a65f6b1bbe1bf307d26bf85a3 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 14:13:23 +0200
Subject: [PATCH 36/73] chg: [object:edit] Support of fs/ls sync on object for
 `edit` and `addQuickField`

---
 app/Model/MispObject.php | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index e475dc024..3d613f789 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -715,11 +715,17 @@ class MispObject extends AppModel
                 $newAttribute['event_id'] = $object['Object']['event_id'];
                 $newAttribute['object_id'] = $object['Object']['id'];
                 // Set seen of object at attribute level
-                if (is_null($newAttribute['first_seen']) && !is_null($object['first_seen'])) {
-                    $newAttribute['first_seen'] = $object['first_seen'];
+                if (
+                    (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
+                    !is_null($object['Object']['first_seen'])
+                ) {
+                    $newAttribute['first_seen'] = $object['Object']['first_seen'];
                 }
-                if (is_null($newAttribute['last_seen']) && !is_null($object['last_seen'])) {
-                    $newAttribute['last_seen'] = $object['last_seen'];
+                if (
+                    (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
+                    !is_null($object['Object']['last_seen'])
+                ) {
+                    $newAttribute['last_seen'] = $object['Object']['last_seen'];
                 }
                 if (!isset($newAttribute['timestamp'])) {
                     $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
@@ -742,11 +748,18 @@ class MispObject extends AppModel
                 $newAttribute['event_id'] = $object['Object']['event_id'];
                 $newAttribute['object_id'] = $object['Object']['id'];
                 // Set seen of object at attribute level
-                if (is_null($newAttribute['first_seen']) && !is_null($object['first_seen'])) {
-                    $newAttribute['first_seen'] = $object['first_seen'];
+                if (
+                    (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
+                    !is_null($object['Object']['first_seen'])
+                ) {
+                    $newAttribute['first_seen'] = $object['Object']['first_seen'];
                 }
-                if (is_null($newAttribute['last_seen']) && !is_null($object['last_seen'])) {
-                    $newAttribute['last_seen'] = $object['last_seen'];
+                if (
+                    (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
+                    !is_null($object['Object']['last_seen'])
+                ) {
+                    $newAttribute['last_seen'] = $object['Object']['last_seen'];
+                    $different = true;
                 }
                 if (!isset($newAttribute['timestamp'])) {
                     $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');

From b8b6a170fed3904c70e390ec133afcd3ddf99ad4 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 15:08:05 +0200
Subject: [PATCH 37/73] chg: [attribute:restSearch] Search support for
 first_seen and last_seen

---
 app/Model/AppModel.php                |  1 -
 app/Model/Attribute.php               | 10 ++++++----
 app/Model/Event.php                   | 18 ++----------------
 app/View/Attributes/search.ctp        |  2 ++
 app/View/Elements/form_seen_input.ctp |  8 +++++++-
 5 files changed, 17 insertions(+), 22 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index fd4bad792..feb26146c 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -2396,7 +2396,6 @@ class AppModel extends Model
             $multiplier = $multiplierArray[$lastChar];
             $delta = substr($delta, 0, -1);
         } else if(strtotime($delta) !== false) {
-            debug(strtotime($delta));
             return strtotime($delta);
         } else {
             // invalid filter, make sure we don't return anything
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 3ad34e7f6..9a3760f0b 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -3563,7 +3563,7 @@ class Attribute extends AppModel
         return $conditions;
     }
 
-    public function setTimestampSeenConditions($timestamp, $conditions, $scope = 'Event.timestamp', $returnRaw = false)
+    public function setTimestampSeenConditions($timestamp, $conditions, $scope = 'Attribute.first_seen', $returnRaw = false)
     {
         if (is_array($timestamp)) {
             $timestamp[0] = intval($this->Event->resolveTimeDelta($timestamp[0])) * 1000000; // seen in stored in micro-seconds in the DB
@@ -3577,7 +3577,11 @@ class Attribute extends AppModel
             $conditions['AND'][] = array($scope . ' <=' => $timestamp[1]);
         } else {
             $timestamp = intval($this->Event->resolveTimeDelta($timestamp)) * 1000000; // seen in stored in micro-seconds in the DB
-            $conditions['AND'][] = array($scope . ' >=' => $timestamp);
+            if ($scope == 'Attribute.first_seen') {
+                $conditions['AND'][] = array($scope . ' >=' => $timestamp);
+            } else {
+                $conditions['AND'][] = array($scope . ' <=' => $timestamp);
+            }
         }
         if ($returnRaw) {
             return $timestamp;
@@ -4132,8 +4136,6 @@ class Attribute extends AppModel
                 ),
                 'Object' => array(
                     'object_name' => array('function' => 'set_filter_object_name'),
-                    'first_seen' => array('function' => 'set_filter_seen'),
-                    'last_seen' => array('function' => 'set_filter_seen'),
                     'deleted' => array('function' => 'set_filter_deleted')
                 )
             );
diff --git a/app/Model/Event.php b/app/Model/Event.php
index 1803665b1..a50fcbb0c 100755
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -2607,22 +2607,8 @@ class Event extends AppModel
 
     public function set_filter_seen(&$params, $conditions, $options)
     {
-        if (empty($options['scope'])) {
-            $scope = 'Attribute';
-        } else {
-            $scope = $options['scope'];
-        }
-        $filters = array(
-            'first_seen' => array(
-                'Attribute.first_seen'
-            ),
-            'last_seen' => array(
-                'Attribute.last_seen'
-            )
-        );
-        foreach ($filters[$options['filter']] as $f) {
-            $conditions = $this->Attribute->setTimestampSeenConditions($params[$options['filter']], $conditions, $f);
-        }
+        $f = $options['scope'] . '.' . $options['filter'];
+        $conditions = $this->Attribute->setTimestampSeenConditions($params[$options['filter']], $conditions, $f);
         return $conditions;
     }
 
diff --git a/app/View/Attributes/search.ctp b/app/View/Attributes/search.ctp
index 5ab7e5d9d..cf1b9ee10 100755
--- a/app/View/Attributes/search.ctp
+++ b/app/View/Attributes/search.ctp
@@ -33,6 +33,8 @@
                     'label' => __('Alternate Search Result (Events)')
             ));
         ?>
+        <div class="input clear"></div>
+        <?php echo $this->element('form_seen_input'); ?>
     </fieldset>
 <?php
     echo $this->Form->button(__('Search'), array('class' => 'btn btn-primary'));
diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 36db801cc..08e0e9448 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -306,7 +306,13 @@ function reflect_change_on_form() {
 $(document).ready(function() {
 
 <?php if ($this->params->controller === 'attributes'): ?>
-    var sliders_container = "<?php echo '#AttributeForm fieldset'; ?>"
+    <?php if ($this->params->action === 'add'): ?>
+        var sliders_container = "<?php echo '#AttributeForm fieldset'; ?>"
+    <?php elseif ($this->params->action === 'search'): ?>
+        var sliders_container = "<?php echo '#AttributeSearchForm fieldset'; ?>"
+    <?php else: ?>
+        var sliders_container = "<?php echo '#AttributeForm fieldset'; ?>"
+    <?php endif; ?>
 <?php elseif ($this->params->controller === 'shadow_attributes'): ?>
     var sliders_container = "<?php echo '#ShadowAttributeAddForm fieldset'; ?>"
 <?php else: ?>

From 2f6629ee1dd2cd8dc15ab944d023cec7653278e8 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 4 Jul 2019 15:28:34 +0200
Subject: [PATCH 38/73] chg: [shadow_attributes:edit] Support of first_seen and
 last_seen

---
 app/View/Attributes/search.ctp        | 5 ++++-
 app/View/Elements/form_seen_input.ctp | 8 +++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/app/View/Attributes/search.ctp b/app/View/Attributes/search.ctp
index cf1b9ee10..b2ab4bafe 100755
--- a/app/View/Attributes/search.ctp
+++ b/app/View/Attributes/search.ctp
@@ -33,7 +33,10 @@
                     'label' => __('Alternate Search Result (Events)')
             ));
         ?>
-        <div class="input clear"></div>
+        <div class="clear">
+        <h3><?php echo __('First seen and Last seen.'); ?></h3>
+        <p><?php echo __('Attributes not having first seen or last seen set might not appear in the search'); ?></p>
+    </div>
         <?php echo $this->element('form_seen_input'); ?>
     </fieldset>
 <?php
diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 08e0e9448..ce2a36a6c 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -314,7 +314,13 @@ $(document).ready(function() {
         var sliders_container = "<?php echo '#AttributeForm fieldset'; ?>"
     <?php endif; ?>
 <?php elseif ($this->params->controller === 'shadow_attributes'): ?>
-    var sliders_container = "<?php echo '#ShadowAttributeAddForm fieldset'; ?>"
+    <?php if ($this->params->action === 'add'): ?>
+        var sliders_container = "<?php echo '#ShadowAttributeAddForm fieldset'; ?>"
+    <?php elseif ($this->params->action === 'edit'): ?>
+        var sliders_container = "<?php echo '#ShadowAttributeEditForm fieldset'; ?>"
+    <?php else: ?>
+        var sliders_container = "<?php echo '#ShadowAttributeAddForm fieldset'; ?>"
+    <?php endif; ?>
 <?php else: ?>
     var sliders_container = "<?php echo '#meta-div'; ?>"
 <?php endif; ?>

From 5beae4718b049a499d5c2f7974401692ed555239 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 5 Jul 2019 09:41:32 +0200
Subject: [PATCH 39/73] chg: [mysql] Reverted all changes in `MYSQL.sql` as the
 update is done when logging in for the first time

---
 INSTALL/MYSQL.sql | 26 +++++---------------------
 1 file changed, 5 insertions(+), 21 deletions(-)

diff --git a/INSTALL/MYSQL.sql b/INSTALL/MYSQL.sql
index 3455ccfe3..474f2b723 100644
--- a/INSTALL/MYSQL.sql
+++ b/INSTALL/MYSQL.sql
@@ -31,11 +31,9 @@ CREATE TABLE IF NOT EXISTS `attributes` (
   `timestamp` int(11) NOT NULL DEFAULT 0,
   `distribution` tinyint(4) NOT NULL DEFAULT 0,
   `sharing_group_id` int(11) NOT NULL,
-  `comment` TEXT COLLATE utf8_unicode_ci,
+  `comment` text COLLATE utf8_bin,
   `deleted` tinyint(1) NOT NULL DEFAULT 0,
   `disable_correlation` tinyint(1) NOT NULL DEFAULT 0,
-  `first_seen` BIGINT(20) NULL DEFAULT NULL,
-  `last_seen` BIGINT(20) NULL DEFAULT NULL,
   PRIMARY KEY (`id`),
   INDEX `event_id` (`event_id`),
   INDEX `object_id` (`object_id`),
@@ -45,10 +43,6 @@ CREATE TABLE IF NOT EXISTS `attributes` (
   INDEX `type` (`type`),
   INDEX `category` (`category`),
   INDEX `sharing_group_id` (`sharing_group_id`),
-  INDEX `comment` (`comment` (767)),
-  INDEX `deleted` (`deleted`),
-  INDEX `first_seen` (`first_seen`),
-  INDEX `last_seen` (`last_seen`),
   UNIQUE INDEX `uuid` (`uuid`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
 
@@ -506,10 +500,8 @@ CREATE TABLE IF NOT EXISTS `objects` (
   `timestamp` int(11) NOT NULL DEFAULT 0,
   `distribution` tinyint(4) NOT NULL DEFAULT 0,
   `sharing_group_id` int(11),
-  `comment` text COLLATE utf8_unicode_ci NOT NULL,
+  `comment` text COLLATE utf8_bin NOT NULL,
   `deleted` tinyint(1) NOT NULL DEFAULT 0,
-  `first_seen` BIGINT(20) NULL DEFAULT NULL,
-  `last_seen` BIGINT(20) NULL DEFAULT NULL,
   PRIMARY KEY (id),
   INDEX `name` (`name`),
   INDEX `template_uuid` (`template_uuid`),
@@ -519,10 +511,7 @@ CREATE TABLE IF NOT EXISTS `objects` (
   INDEX `uuid` (`uuid`),
   INDEX `timestamp` (`timestamp`),
   INDEX `distribution` (`distribution`),
-  INDEX `sharing_group_id` (`sharing_group_id`),
-  INDEX `comment` (`comment` (767)),
-  INDEX `first_seen` (`first_seen`),
-  INDEX `last_seen` (`last_seen`)
+  INDEX `sharing_group_id` (`sharing_group_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 -- --------------------------------------------------------
@@ -775,14 +764,12 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` (
   `org_id` int(11) NOT NULL,
   `email` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci DEFAULT NULL,
   `event_org_id` int(11) NOT NULL,
-  `comment` text COLLATE utf8_unicode_ci NOT NULL,
+  `comment` text COLLATE utf8_bin NOT NULL,
   `event_uuid` varchar(40) COLLATE utf8_bin NOT NULL,
   `deleted` tinyint(1) NOT NULL DEFAULT 0,
   `timestamp` int(11) NOT NULL DEFAULT 0,
   `proposal_to_delete` BOOLEAN NOT NULL DEFAULT 0,
   `disable_correlation` tinyint(1) NOT NULL DEFAULT 0,
-  `first_seen` BIGINT(20) NULL DEFAULT NULL,
-  `last_seen` BIGINT(20) NULL DEFAULT NULL,
   PRIMARY KEY (`id`),
   INDEX `event_id` (`event_id`),
   INDEX `event_uuid` (`event_uuid`),
@@ -792,10 +779,7 @@ CREATE TABLE IF NOT EXISTS `shadow_attributes` (
   INDEX `value1` (`value1`(255)),
   INDEX `value2` (`value2`(255)),
   INDEX `type` (`type`),
-  INDEX `category` (`category`),
-  INDEX `comment` (`comment` (767)),
-  INDEX `first_seen` (`first_seen`),
-  INDEX `last_seen` (`last_seen`),
+  INDEX `category` (`category`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
 
 -- --------------------------------------------------------

From 9462424a64ee23bd0f30d7aacb2877879da48868 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 5 Jul 2019 10:03:31 +0200
Subject: [PATCH 40/73] fix: [object:save] fail-safe if Object doesn't have
 fs/ls set

---
 app/Model/MispObject.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 3d613f789..fa91f11aa 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -241,13 +241,13 @@ class MispObject extends AppModel
                 $object['Attribute'][$k]['object_id'] = $this->id;
                 if (
                     (!array_key_exists('first_seen', $object['Attribute'][$k]) || is_null($object['Attribute'][$k]['first_seen'])) &&
-                    !is_null($object['Object']['first_seen'])
+                    (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
                 ) {
                     $object['Attribute'][$k]['first_seen'] = $object['Object']['first_seen'];
                 }
                 if (
                     (!array_key_exists('last_seen', $object['Attribute'][$k]) || is_null($object['Attribute'][$k]['last_seen'])) &&
-                    !is_null($object['Object']['last_seen'])
+                    (!array_key_exists('last_seen', $object['Object']) &&  !is_null($object['Object']['last_seen']))
                 ) {
                     $object['Attribute'][$k]['last_seen'] = $object['Object']['last_seen'];
                 }
@@ -673,14 +673,14 @@ class MispObject extends AppModel
                                 // Set seen of object at attribute level
                                 if (
                                     (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
-                                    !is_null($object['Object']['first_seen'])
+                                    (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
                                 ) {
                                     $newAttribute['first_seen'] = $object['Object']['first_seen'];
                                     $different = true;
                                 }
                                 if (
                                     (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
-                                    !is_null($object['Object']['last_seen'])
+                                    (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
                                 ) {
                                     $newAttribute['last_seen'] = $object['Object']['last_seen'];
                                     $different = true;
@@ -717,13 +717,13 @@ class MispObject extends AppModel
                 // Set seen of object at attribute level
                 if (
                     (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
-                    !is_null($object['Object']['first_seen'])
+                    (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
                 ) {
                     $newAttribute['first_seen'] = $object['Object']['first_seen'];
                 }
                 if (
                     (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
-                    !is_null($object['Object']['last_seen'])
+                    (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
                 ) {
                     $newAttribute['last_seen'] = $object['Object']['last_seen'];
                 }
@@ -750,13 +750,13 @@ class MispObject extends AppModel
                 // Set seen of object at attribute level
                 if (
                     (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
-                    !is_null($object['Object']['first_seen'])
+                    (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
                 ) {
                     $newAttribute['first_seen'] = $object['Object']['first_seen'];
                 }
                 if (
                     (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
-                    !is_null($object['Object']['last_seen'])
+                    (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
                 ) {
                     $newAttribute['last_seen'] = $object['Object']['last_seen'];
                     $different = true;

From 8ecc01390b8c7a8ed18bcc5215b5b524b2ecb056 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 5 Jul 2019 10:40:00 +0200
Subject: [PATCH 41/73] fix: [object:save] Inversed condition. copy/pasta
 fail...

---
 app/Model/MispObject.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index fa91f11aa..cceb1dcb1 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -241,13 +241,13 @@ class MispObject extends AppModel
                 $object['Attribute'][$k]['object_id'] = $this->id;
                 if (
                     (!array_key_exists('first_seen', $object['Attribute'][$k]) || is_null($object['Attribute'][$k]['first_seen'])) &&
-                    (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
+                    (array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
                 ) {
                     $object['Attribute'][$k]['first_seen'] = $object['Object']['first_seen'];
                 }
                 if (
                     (!array_key_exists('last_seen', $object['Attribute'][$k]) || is_null($object['Attribute'][$k]['last_seen'])) &&
-                    (!array_key_exists('last_seen', $object['Object']) &&  !is_null($object['Object']['last_seen']))
+                    (array_key_exists('last_seen', $object['Object']) &&  !is_null($object['Object']['last_seen']))
                 ) {
                     $object['Attribute'][$k]['last_seen'] = $object['Object']['last_seen'];
                 }

From 13efab98a156e5bb65c4898d6fc8e6c3da812188 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 11 Jul 2019 10:10:48 +0200
Subject: [PATCH 42/73] fix: [database] bumped db update number for fs/ls
 update

---
 app/Model/AppModel.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index dea7abf09..1d82ad6d5 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -75,7 +75,7 @@ class AppModel extends Model
         13 => false, 14 => false, 15 => false, 18 => false, 19 => false, 20 => false,
         21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
         27 => false, 28 => false, 29 => false, 30 => false, 31 => false, 32 => false,
-        33 => false, 34 => false, 35 => false, 36 => false
+        33 => false, 34 => false, 35 => false, 36 => false, 37 => false
     );
 
     public $advanced_updates_description = array(
@@ -209,7 +209,7 @@ class AppModel extends Model
             case 34:
                 $this->__fixServerPullPushRules();
                 break;
-            case 36:
+            case 37:
                 $this->updateDatabase('seenOnAttributeAndObject', true);
                 break;
             default:

From e1fef56c7fea52407dad7ba3e462e9fac9a21d30 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 11 Jul 2019 10:11:48 +0200
Subject: [PATCH 43/73] chg: [attribute:edit] reverted useless line of code

---
 app/Controller/AttributesController.php | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index 74f74cc76..14b1a3745 100644
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -958,10 +958,6 @@ class AttributesController extends AppController
                     } else {
                         return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Could not update attribute, reason: ' . json_encode($this->Attribute->validationErrors))),'status' => 200, 'type' => 'json'));
                     }
-                } else {
-                    if (!$result) {
-                        return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'Could not update attribute, reason: ' . json_encode($this->Attribute->validationErrors))),'status' => 200, 'type' => 'json'));
-                    }
                 }
             }
             if ($result) {

From d0361cecfc6e9031b779b23247a5a8bf19cb68f0 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 11 Jul 2019 10:36:37 +0200
Subject: [PATCH 44/73] chg: [object:edit] Reverted useless code

---
 app/Controller/ObjectsController.php | 22 ++++------------------
 1 file changed, 4 insertions(+), 18 deletions(-)

diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index f85a0e2e1..14da72f71 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -617,22 +617,19 @@ class ObjectsController extends AppController
             $this->MispObject->recursive = -1;
             $temp = $this->MispObject->findByUuid($id);
             if ($temp == null) {
-                throw new NotFoundException('Invalid object');
+                throw new NotFoundException(__('Invalid object'));
             }
             $id = $temp['Object']['id'];
         } elseif (!is_numeric($id)) {
             throw new NotFoundException(__('Invalid event id.'));
         }
         if ((!$this->request->is('post') && !$this->request->is('put'))) {
-            throw new MethodNotAllowedException();
+            throw new MethodNotAllowedException(__('This function can only be accessed via POST or PUT'));
         }
-        $this->MispObject->id = $id;
-        if (!$this->MispObject->exists()) {
+        $object = $this->MispObject->find('first', array('contain' => 'Event', 'recursive' => -1));
+        if (empty($object)) {
             return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid object');
         }
-        $this->MispObject->recursive = -1;
-        $this->MispObject->contain('Event');
-        $object = $this->MispObject->read();
         if (!$this->_isSiteAdmin()) {
             if ($this->MispObject->data['Event']['orgc_id'] == $this->Auth->user('org_id')
             && (($this->userRole['perm_modify'] && $this->MispObject->data['Event']['user_id'] != $this->Auth->user('id'))
@@ -695,10 +692,8 @@ class ObjectsController extends AppController
                 $this->MispObject->Attribute->saveAttributes($attributes);
             }
             $this->MispObject->Event->save($event, array('fieldList' => array('published', 'timestamp', 'info')));
-            $this->autoRender = false;
             return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'Field updated');
         } else {
-            $this->autoRender = false;
             return $this->RestResponse->saveFailResponse('Objects', 'edit', false, $this->MispObject->validationErrors);
         }
     }
@@ -712,10 +707,6 @@ class ObjectsController extends AppController
         if (!$this->request->is('ajax')) {
             throw new MethodNotAllowedException('This function can only be accessed via AJAX.');
         }
-        $this->MispObject->id = $id;
-        if (!$this->MispObject->exists()) {
-            throw new NotFoundException(__('Invalid object'));
-        }
         $params = array(
                 'conditions' => array('Object.id' => $id),
                 'fields' => array('id', 'distribution', 'event_id', $field),
@@ -749,16 +740,11 @@ class ObjectsController extends AppController
         if (!$this->request->is('ajax')) {
             throw new MethodNotAllowedException('This function can only be accessed via AJAX.');
         }
-        $this->MispObject->id = $id;
-        if (!$this->MispObject->exists()) {
-            throw new NotFoundException(__('Invalid object'));
-        }
         $fields = array('id', 'distribution', 'event_id');
         $fields[] = $field;
         $params = array(
             'conditions' => array('Object.id' => $id),
             'fields' => $fields,
-            'flatten' => 1,
             'contain' => array(
                 'Event' => array(
                     'fields' => array('distribution', 'id', 'user_id', 'orgc_id', 'org_id'),

From 17763f7cee7c86fe7db5270b1cadb19863f682e0 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 2 Oct 2019 11:54:42 +0200
Subject: [PATCH 45/73] chg: [object:quickAddAttribute:ui] Adjusted qcuik add
 buton placement

---
 app/View/Elements/Events/View/row_object.ctp |  2 +-
 app/webroot/css/main.css                     | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index e66be90f0..53c0d35c2 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -156,6 +156,6 @@
         'child' => $attrKey == $lastElement ? 'last' : true
       ));
     }
-    echo '<tr><td class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="popoverPopup(this, ' . h($object['id']) . ', \'objects\', \'quickFetchTemplateWithValidObjectAttributes\')"></td></tr>';
+    echo '<tr><td style="position:absolute"><span class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="popoverPopup(this, ' . h($object['id']) . ', \'objects\', \'quickFetchTemplateWithValidObjectAttributes\')"></span></td></tr>';
   }
 ?>
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index d597be93f..eddb9d5fd 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -301,13 +301,13 @@ td.highlight3 {
 
 }
 
-table.table-striped > tbody > tr > td.objectAddField {
+table.table-striped > tbody > tr > td > span.objectAddField {
     padding: 0px;
     line-height: normal;
     display: inline-block;
     position: relative;
-    top: -13px;
-    left: -4px;
+    top: -19px;
+    left: -10px;
     color: white;
     background-color: #1369a0;
     border: 0px;
@@ -317,14 +317,14 @@ table.table-striped > tbody > tr > td.objectAddField {
     text-align: center;
 }
 
-table.table-striped > tbody > tr > td.objectAddField:before {
+table.table-striped > tbody > tr > td > span.objectAddField:before {
     left: 2px;
     height: 12px;
     width: 12px;
     line-height: 16px;
 }
 
-.table-striped tbody > tr > td.objectAddField:hover {
+.table-striped tbody > tr > td > span.objectAddField:hover {
     transform: scale(1.7);
     cursor: pointer;
 }

From 302d93134d987b16ce98112b96f84596956ea4ed Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 2 Oct 2019 12:02:31 +0200
Subject: [PATCH 46/73] chg: [timeline] Improved loading icon UI

---
 app/View/Elements/view_timeline.ctp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/View/Elements/view_timeline.ctp b/app/View/Elements/view_timeline.ctp
index cde3ff8c1..6381f55d3 100644
--- a/app/View/Elements/view_timeline.ctp
+++ b/app/View/Elements/view_timeline.ctp
@@ -17,7 +17,7 @@
     </div>
 
 
-    <div id="event_timeline" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>">
+    <div id="event_timeline" style="min-height: 100px;" data-user-manipulation="<?php echo $mayModify || $isSiteAdmin ? 'true' : 'false'; ?>" data-extended="<?php echo $extended; ?>">
         <div class="loadingTimeline">
             <div class="spinner"></div>
             <div class="loadingText"><?php echo __('Loading');?></div>

From 14b7c0f82665fbceb87c6c80e492a545b4e43fec Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 2 Oct 2019 13:35:50 +0200
Subject: [PATCH 47/73] chg: [timeline:ui] Replaced typeahead by chosen

---
 app/View/Elements/view_timeline.ctp |  4 ++--
 app/webroot/css/event-timeline.css  |  1 +
 app/webroot/js/event-timeline.js    | 36 +++++++++++++++--------------
 3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/app/View/Elements/view_timeline.ctp b/app/View/Elements/view_timeline.ctp
index 6381f55d3..87ea4ead7 100644
--- a/app/View/Elements/view_timeline.ctp
+++ b/app/View/Elements/view_timeline.ctp
@@ -12,8 +12,8 @@
             <span class="useCursorPointer fa fa-list-alt" style="margin-right: 3px;"></span><?php echo __('Display')?>
             <span id="timeline-display-badge" class="badge"></span>
         </label>
-
-        <input type="text" id="timeline-typeahead" class="center-in-network-header network-typeahead flushright" data-provide="typeahead" size="20" placeholder="Search for an item">
+        <select id="timeline-typeahead" class="center-in-network-header network-typeahead flushright position-absolute max-width-400" style="display:none" data-provide="typeahead" size="20" placeholder="Search for an item">
+        </select>
     </div>
 
 
diff --git a/app/webroot/css/event-timeline.css b/app/webroot/css/event-timeline.css
index 26799f823..d5653e776 100644
--- a/app/webroot/css/event-timeline.css
+++ b/app/webroot/css/event-timeline.css
@@ -1,4 +1,5 @@
 .info_container_eventtimeline {
+	position: relative;
 	margin-top:10px;
 	border: 1px solid #0088cc;
 	border-radius: 7px;
diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index 8fe5a1334..6bfd8c074 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -77,21 +77,6 @@ var options = {
         }
     }
 };
-var timeline_typeaheadDataSearch;
-var timeline_typeaheadOption = {
-    source: function (query, process) {
-        if (timeline_typeaheadDataSearch === undefined) { // caching
-            timeline_typeaheadDataSearch = Array.from(mapping_text_to_id.keys());
-        }
-        process(timeline_typeaheadDataSearch);
-    },
-    updater: function(value) {
-        var id = mapping_text_to_id.get(value);
-        eventTimeline.focus(id);
-        $("#timeline-typeahead").blur();
-    },
-    autoSelect: true
-}
 
 function isDefined(element) {
     return element !== undefined && element !== null;
@@ -424,8 +409,10 @@ function enable_timeline() {
 
     init_popover();
 
-    $('#timeline-typeahead').typeahead(timeline_typeaheadOption);
-
+    var chosen_options_timeline = {
+        max_shown_results: 20,
+        inherit_select_classes: true
+    };
     var payload = {scope: map_scope($('#select_timeline_scope').val())};
     $.ajax({
         url: "/events/"+"getEventTimeline"+"/"+scope_id+"/"+extended_text+"event.json",
@@ -480,6 +467,21 @@ function enable_timeline() {
                     items: data.items
                 });
             });
+
+            var $selectTypeahead = $('#timeline-typeahead');
+            Array.from(mapping_text_to_id.keys()).forEach(function(element) {
+                var value = mapping_text_to_id[element];
+                var $option = $('<option></option>');
+                $option.text(element);
+                $option.attr('value', value);
+                $selectTypeahead.append($option);
+            });
+            $selectTypeahead.css('display', '').chosen(chosen_options_timeline).on('change', function(evt, params) {
+                var value = params.selected;
+                var id = mapping_text_to_id.get(value);
+                eventTimeline.focus(id);
+                $("#timeline-typeahead").blur();
+            });
         },
         error: function( jqXhr, textStatus, errorThrown ){
             console.log( errorThrown );

From 265f96dac8b16fc29d70c68461bfbc5513bed6c2 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Wed, 2 Oct 2019 14:30:34 +0200
Subject: [PATCH 48/73] chg: [object:quickAddAttribute] Improved feedback when
 creation fails

---
 app/Controller/ObjectsController.php | 71 ++++++++++++++--------------
 app/Model/Attribute.php              |  5 +-
 app/Model/MispObject.php             |  3 +-
 app/webroot/js/misp.js               | 10 +++-
 4 files changed, 49 insertions(+), 40 deletions(-)

diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index bca640a30..b7ed91d49 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -537,46 +537,45 @@ class ObjectsController extends AppController
             // we pre-validate the attributes before we create an object at this point
             // This allows us to stop the process and return an error (API) or return
             //  to the add form
-            if (empty($error)) {
-                if ($this->_isRest()) {
-                    if (is_numeric($objectToSave)) {
-                        $objectToSave = $this->MispObject->find('first', array(
-                            'recursive' => -1,
-                            'conditions' => array('Object.id' => $id),
-                            'contain' => array(
-                                'Attribute' => array(
-                                    'fields' => $this->MispObject->Attribute->defaultFields
-                                )
+            if ($this->_isRest()) {
+                if (is_numeric($objectToSave)) {
+                    $objectToSave = $this->MispObject->find('first', array(
+                        'recursive' => -1,
+                        'conditions' => array('Object.id' => $id),
+                        'contain' => array(
+                            'Attribute' => array(
+                                'fields' => $this->MispObject->Attribute->defaultFields
                             )
-                        ));
-                        if (!empty($objectToSave)) {
-                            $objectToSave['Object']['Attribute'] = $objectToSave['Attribute'];
-                            unset($objectToSave['Attribute']);
-                        }
-                        $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
-                        return $this->RestResponse->viewData($objectToSave, $this->response->type());
-                    } else {
-                        return $this->RestResponse->saveFailResponse('Objects', 'add', false, $id, false);
+                        )
+                    ));
+                    if (!empty($objectToSave)) {
+                        $objectToSave['Object']['Attribute'] = $objectToSave['Attribute'];
+                        unset($objectToSave['Attribute']);
                     }
+                    $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
+                    return $this->RestResponse->viewData($objectToSave, $this->response->type());
                 } else {
-                    $message = __('Object attributes saved.');
-                    $error_message = __('Object attributes could not be saved.');
-                    if ($this->request->is('ajax')) {
-                         $this->autoRender = false;
-                         if (is_numeric($objectToSave)) {
-                            return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, $this->response->type('application/json'), $message);
-                        } else {
-                            return $this->RestResponse->saveFailResponse('Objects', 'edit', $id, $error_message, $this->response->type('application/json'));
-                        }
-                    }  else {
-                        if (is_numeric($objectToSave)) {
-                            $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
-                            $this->Flash->success($message);
-                        } else {
-                            $this->Flash->error($error_message);
-                        }
-                        $this->redirect(array('controller' => 'events', 'action' => 'view', $object['Object']['event_id']));
+                    return $this->RestResponse->saveFailResponse('Objects', 'add', false, $id, false);
+                }
+            } else {
+                $message = __('Object attributes saved.');
+                $error_message = __('Object attributes could not be saved.');
+                if ($this->request->is('ajax')) {
+                        $this->autoRender = false;
+                    if (is_numeric($objectToSave)) {
+                        $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
+                        return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => $message)), 'status'=>200, 'type' => 'json'));
+                    } else {
+                        return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'errors' => $error_message)), 'status'=>200, 'type' => 'json'));
                     }
+                }  else {
+                    if (is_numeric($objectToSave)) {
+                        $this->MispObject->Event->unpublishEvent($object['Object']['event_id']);
+                        $this->Flash->success($message);
+                    } else {
+                        $this->Flash->error($error_message);
+                    }
+                    $this->redirect(array('controller' => 'events', 'action' => 'view', $object['Object']['event_id']));
                 }
             }
         } else {
diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 4159d053b..a1cb562d9 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -3562,6 +3562,7 @@ class Attribute extends AppModel
                 $defaultDistribution = Configure::read('MISP.default_attribute_distribution');
             }
         }
+        $saveResult = true;
         foreach ($attributes as $k => $attribute) {
             if (!empty($attribute['encrypt']) && $attribute['encrypt']) {
                 $attribute = $this->onDemandEncrypt($attribute);
@@ -3571,9 +3572,9 @@ class Attribute extends AppModel
             }
             unset($attribute['Attachment']);
             $this->create();
-            $this->save($attribute);
+            $saveResult = $saveResult && $this->save($attribute);
         }
-        return true;
+        return $saveResult;
     }
 
     public function onDemandEncrypt($attribute)
diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 95ba57a18..747de66f6 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -770,7 +770,8 @@ class MispObject extends AppModel
                         $newAttribute['distribution'] = 5;
                     }
                 }
-                $this->Attribute->saveAttributes(array($newAttribute));
+                $saveAttributeResult = $this->Attribute->saveAttributes(array($newAttribute));
+                return $saveAttributeResult ? $this->id : $this->validationErrors;
             }
         }
         return $this->id;
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index 417ac030c..a0802228b 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -1253,7 +1253,15 @@ function submitPopoverForm(context_id, referer, update_context_id, popover_dissm
                     $('#sightingsListAllToggle').removeClass('btn-inverse');
                     $('#sightingsListAllToggle').addClass('btn-primary');
                 }
-                if (context == 'event' && (referer == 'add' || referer == 'massEdit' || referer == 'replaceAttributes' || referer == 'addObjectReference')) eventUnpublish();
+                if (
+                    (
+                        context == 'event' &&
+                        (referer == 'add' || referer == 'massEdit' || referer == 'replaceAttributes' || referer == 'addObjectReference')
+                    ) || 
+                    referer == 'quickAddAttributeForm'
+                ){
+                    eventUnpublish();
+                }
                 $(".loading").hide();
             },
             type:"post",

From 6652b922e6d6e67588d5c7bb8f77dce04fb4d610 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Tue, 8 Oct 2019 14:14:24 +0200
Subject: [PATCH 49/73] chg: [appModel] Fixed merge conflict

---
 app/Model/AppModel.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 737fb41f5..75171aaef 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -76,7 +76,7 @@ class AppModel extends Model
         21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
         27 => false, 28 => false, 29 => false, 30 => false, 31 => false, 32 => false,
         33 => false, 34 => false, 35 => false, 36 => false, 37 => false, 38 => false,
-        39 => false, 40 => false, 41 => false
+        39 => false, 40 => false, 41 => false, 42 => false
     );
 
     public $advanced_updates_description = array(
@@ -214,7 +214,7 @@ class AppModel extends Model
                 $this->updateDatabase($command);
                 $this->__addServerPriority();
                 break;
-            case 41:
+            case 42:
                 $this->updateDatabase('seenOnAttributeAndObject', true);
                 break;
             default:

From 6eda00f701ebf11bd25c9cef46a577de405609c5 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 28 Oct 2019 15:45:33 +0100
Subject: [PATCH 50/73] chg: [timeline] Synchronize *-seen at Object and
 ObjectAttribute level, few fixes and Improved UI

---
 app/Controller/ObjectsController.php |  26 ++---
 app/Model/MispObject.php             | 157 ++++++++++++++-------------
 app/webroot/js/event-timeline.js     |  19 +++-
 3 files changed, 108 insertions(+), 94 deletions(-)

diff --git a/app/Controller/ObjectsController.php b/app/Controller/ObjectsController.php
index b7ed91d49..b912fc8ce 100644
--- a/app/Controller/ObjectsController.php
+++ b/app/Controller/ObjectsController.php
@@ -630,7 +630,11 @@ class ObjectsController extends AppController
         if ((!$this->request->is('post') && !$this->request->is('put'))) {
             throw new MethodNotAllowedException(__('This function can only be accessed via POST or PUT'));
         }
-        $object = $this->MispObject->find('first', array('contain' => 'Event', 'recursive' => -1));
+        $object = $this->MispObject->find('first', array(
+            'conditions' => array('Object.id' => $id),
+            'contain' => 'Event',
+            'recursive' => -1
+        ));
         if (empty($object)) {
             return $this->RestResponse->saveFailResponse('Objects', 'edit', false, 'Invalid object');
         }
@@ -664,12 +668,15 @@ class ObjectsController extends AppController
             $object['Object'][$changedKey] = $changedField;
             $changed = true;
         }
+        $forcedSeenOnElements = array();
         if (!$changed) {
             return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'nochange');
+        } elseif ($seen_changed) {
+            $forcedSeenOnElements[$changedKey] = $changedField;
         }
         $date = new DateTime();
         $object['Object']['timestamp'] = $date->getTimestamp();
-        $this->MispObject->setObjectSeenMetaFromAttribute($object, false);
+        $object = $this->MispObject->syncObjectAndAttributeSeen($object, $forcedSeenOnElements);
         if ($this->MispObject->save($object)) {
             $event = $this->MispObject->Event->find('first', array(
                 'recursive' => -1,
@@ -680,20 +687,7 @@ class ObjectsController extends AppController
             $event['Event']['timestamp'] = $date->getTimestamp();
             $event['Event']['published'] = 0;
             if ($seen_changed) {
-                // Set seen of object at attribute level
-                $attributes = $this->MispObject->find('first', array(
-                    'conditions' => array('id' => $object['Object']['id']),
-                    'contain' => array('Attribute')
-                ))['Attribute'];
-                foreach ($attributes as $k => $attribute) {
-                    if (is_null($attribute['first_seen']) && !is_null($object['Object']['first_seen'])) {
-                        $attributes[$k]['first_seen'] = $object['Object']['first_seen'];
-                    }
-                    if (is_null($attribute['last_seen']) && !is_null($object['Object']['last_seen'])) {
-                        $attributes[$k]['last_seen'] = $object['Object']['last_seen'];
-                    }
-                }
-                $this->MispObject->Attribute->saveAttributes($attributes);
+                $this->MispObject->Attribute->saveAttributes($object['Attribute']);
             }
             $this->MispObject->Event->save($event, array('fieldList' => array('published', 'timestamp', 'info')));
             return $this->RestResponse->saveSuccessResponse('Objects', 'edit', $id, false, 'Field updated');
diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 747de66f6..fe251fab3 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -583,39 +583,43 @@ class MispObject extends AppModel
         return $attributes;
     }
 
-    // EUH????? No sure we should do that. Maybe the other way around??? #FIXME
-    // delete first/last-seen object attribute and set object's meta accordingly
-    // set object's meta (fs/ls) and potentially delete objectAttributes
-    public function setObjectSeenMetaFromAttribute(&$object, $delete=false) {
-        if ( !$delete && isset($object['Object']['first-seen']) && isset($object['Object']['last-seen'])) {
-            return;
+    // Set Object's *-seen (and ObjectAttribute's *-seen and ObjectAttribute's value if requested) to the provided *-seen value
+    // Therefore, synchronizing the 3 values
+    public function syncObjectAndAttributeSeen($object, $forcedSeenOnElements, $applyOnAttribute=True) {
+        if (empty($forcedSeenOnElements)) {
+            return $object;
         }
-        if (isset($object['Attribute'])) {
-            foreach($object['Attribute'] as $i => $attribute) {
-                if ($attribute['object_relation'] == 'first-seen') {
-                    // set object meta if unset
-                    if (!isset($object['Object']['first-seen'])) {
-                        $object['Object']['first-seen'] = $attribute['value'];
+        if (isset($forcedSeenOnElements['first_seen'])) {
+            $object['Object']['first_seen'] = $forcedSeenOnElements['first_seen'];
+        }
+        if (isset($forcedSeenOnElements['last_seen'])) {
+            $object['Object']['last_seen'] = $forcedSeenOnElements['last_seen'];
+        }
+        if ($applyOnAttribute) {
+            if (isset($object['Attribute'])) {
+                $attributes = $object['Attribute'];
+            } else {
+                $attributes = $this->find('first', array(
+                    'conditions' => array('id' => $object['Object']['id']),
+                    'contain' => array('Attribute')
+                ))['Attribute'];
+            }
+            foreach($attributes as $i => $attribute) {
+                if (isset($forcedSeenOnElements['first_seen'])) {
+                    $attributes[$i]['first_seen'] = $forcedSeenOnElements['first_seen'];
+                    if ($attribute['object_relation'] == 'first-seen') {
+                        $attributes[$i]['value'] = $forcedSeenOnElements['first_seen'];
                     }
-                    if ($delete) {
-                        $object['Attribute'][$i]['deleted'] = 1;
-                        $this->Event->Attribute->save($object['Attribute'][$i]);
+                } elseif (isset($forcedSeenOnElements['last_seen'])) {
+                    $attributes[$i]['last_seen'] = $forcedSeenOnElements['last_seen'];
+                    if ($attribute['object_relation'] == 'last-seen') {
+                        $attributes[$i]['value'] = $forcedSeenOnElements['last_seen'];
                     }
-                    continue;
-                }
-                if ($attribute['object_relation'] == 'last-seen') {
-                    // set object meta if unset
-                    if (!isset($object['Object']['last-seen'])) {
-                        $object['Object']['last-seen'] = $attribute['value'];
-                    }
-                    if ($delete) {
-                        $object['Attribute'][$i]['deleted'] = 1;
-                        $this->Event->Attribute->save($object['Attribute'][$i]);
-                    }
-                    continue;
                 }
             }
+            $object['Attribute'] = $attributes;
         }
+        return $object;
     }
 
     public function deltaMerge($object, $objectToSave, $onlyAddNewAttribute=false)
@@ -648,17 +652,18 @@ class MispObject extends AppModel
         }
         $date = new DateTime();
         $object['Object']['timestamp'] = $date->getTimestamp();
-        $this->setObjectSeenMetaFromAttribute($object, false);
+        $forcedSeenOnElements = array();
         if (isset($objectToSave['Object']['first_seen'])) {
-            $object['Object']['first_seen'] = $objectToSave['Object']['first_seen'];
+            $forcedSeenOnElements['first_seen'] = $objectToSave['Object']['first_seen'];
         }
         if (isset($objectToSave['Object']['last_seen'])) {
-            $object['Object']['last_seen'] = $objectToSave['Object']['last_seen'];
+            $forcedSeenOnElements['last_seen'] = $objectToSave['Object']['last_seen'];
         }
+        $object = $this->syncObjectAndAttributeSeen($object, $forcedSeenOnElements, false);
         $this->save($object);
 
         if (!$onlyAddNewAttribute) {
-            $checkFields = array('category', 'value', 'to_ids', 'distribution', 'sharing_group_id', 'comment', 'disable_correlation');
+            $checkFields = array('category', 'value', 'to_ids', 'distribution', 'sharing_group_id', 'comment', 'disable_correlation', 'first_seen', 'last_seen');
             if (!empty($objectToSave['Attribute'])) {
                 foreach ($objectToSave['Attribute'] as $newKey => $newAttribute) {
                     foreach ($object['Attribute'] as $origKey => $originalAttribute) {
@@ -673,18 +678,18 @@ class MispObject extends AppModel
                                         $different = true;
                                     }
                                     // Set seen of object at attribute level
-                                    if (
-                                        (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
-                                        (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
-                                    ) {
-                                        $newAttribute['first_seen'] = $object['Object']['first_seen'];
+                                    if (isset($forcedSeenOnElements['first_seen'])) {
+                                        $newAttribute['first_seen'] = $forcedSeenOnElements['first_seen'];
+                                        if ($newAttribute['object_relation'] == 'first-seen') {
+                                            // $newAttribute['value'] = $forcedSeenOnElements['first_seen'];
+                                        }
                                         $different = true;
                                     }
-                                    if (
-                                        (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
-                                        (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
-                                    ) {
-                                        $newAttribute['last_seen'] = $object['Object']['last_seen'];
+                                    if (isset($forcedSeenOnElements['last_seen'])) {
+                                        $newAttribute['last_seen'] = $forcedSeenOnElements['last_seen'];
+                                        if ($newAttribute['object_relation'] == 'last-seen') {
+                                            // $newAttribute['value'] = $forcedSeenOnElements['last_seen'];
+                                        }
                                         $different = true;
                                     }
                                 }
@@ -717,17 +722,17 @@ class MispObject extends AppModel
                     $newAttribute['event_id'] = $object['Object']['event_id'];
                     $newAttribute['object_id'] = $object['Object']['id'];
                     // Set seen of object at attribute level
-                    if (
-                        (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
-                        (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
-                    ) {
-                        $newAttribute['first_seen'] = $object['Object']['first_seen'];
+                    if (isset($forcedSeenOnElements['first_seen'])) {
+                        $newAttribute['first_seen'] = $forcedSeenOnElements['first_seen'];
+                        if ($newAttribute['object_relation'] == 'first-seen') {
+                            $newAttribute['value'] = $forcedSeenOnElements['first_seen'];
+                        }
                     }
-                    if (
-                        (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
-                        (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
-                    ) {
-                        $newAttribute['last_seen'] = $object['Object']['last_seen'];
+                    if (isset($forcedSeenOnElements['last_seen'])) {
+                        $newAttribute['last_seen'] = $forcedSeenOnElements['last_seen'];
+                        if ($newAttribute['object_relation'] == 'last-seen') {
+                            $newAttribute['value'] = $forcedSeenOnElements['last_seen'];
+                        }
                     }
                     if (!isset($newAttribute['timestamp'])) {
                         $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
@@ -746,33 +751,31 @@ class MispObject extends AppModel
             }
         } else { // we only add the new attribute
             $newAttribute = $objectToSave['Attribute'][0];
-            if ($newAttribute['object_relation'] != 'last-seen' && $newAttribute['object_relation'] != 'first-seen') { // fs/ls should be added in the object's meta
-                $this->Event->Attribute->create();
-                $newAttribute['event_id'] = $object['Object']['event_id'];
-                $newAttribute['object_id'] = $object['Object']['id'];
-                // Set seen of object at attribute level
-                if (
-                    (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
-                    (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
-                ) {
-                    $newAttribute['first_seen'] = $object['Object']['first_seen'];
-                }
-                if (
-                    (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
-                    (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
-                ) {
-                    $newAttribute['last_seen'] = $object['Object']['last_seen'];
-                    $different = true;
-                }
-                if (!isset($newAttribute['timestamp'])) {
-                    $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
-                    if ($newAttribute['distribution'] == 'event') {
-                        $newAttribute['distribution'] = 5;
-                    }
-                }
-                $saveAttributeResult = $this->Attribute->saveAttributes(array($newAttribute));
-                return $saveAttributeResult ? $this->id : $this->validationErrors;
+            $this->Event->Attribute->create();
+            $newAttribute['event_id'] = $object['Object']['event_id'];
+            $newAttribute['object_id'] = $object['Object']['id'];
+            // Set seen of object at attribute level
+            if (
+                (!array_key_exists('first_seen', $newAttribute) || is_null($newAttribute['first_seen'])) &&
+                (!array_key_exists('first_seen', $object['Object']) && !is_null($object['Object']['first_seen']))
+            ) {
+                $newAttribute['first_seen'] = $object['Object']['first_seen'];
             }
+            if (
+                (!array_key_exists('last_seen', $newAttribute) || is_null($newAttribute['last_seen'])) &&
+                (!array_key_exists('last_seen', $object['Object']) && !is_null($object['Object']['last_seen']))
+            ) {
+                $newAttribute['last_seen'] = $object['Object']['last_seen'];
+                $different = true;
+            }
+            if (!isset($newAttribute['timestamp'])) {
+                $newAttribute['distribution'] = Configure::read('MISP.default_attribute_distribution');
+                if ($newAttribute['distribution'] == 'event') {
+                    $newAttribute['distribution'] = 5;
+                }
+            }
+            $saveAttributeResult = $this->Attribute->saveAttributes(array($newAttribute));
+            return $saveAttributeResult ? $this->id : $this->validationErrors;
         }
         return $this->id;
     }
diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index 6bfd8c074..cd00ae926 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -178,6 +178,19 @@ function build_object_template(obj) {
     return html;
 }
 
+function contain_seen_attribute(obj) {
+    if (obj['Attribute'] === undefined) {
+        return false;
+    }
+    for (var i = 0; i < obj['Attribute'].length; i++) {
+        var attribute = obj['Attribute'][i];
+        if (attribute['contentType'] == 'first-seen' || attribute['contentType'] == 'last-seen') {
+            return true;
+        }
+    }
+    return false;
+}
+
 function reflect_change(onIndex, itemType, itemId, item) {
     if (onIndex) {
         updateIndex(scope_id, 'event'); // MISP function
@@ -254,7 +267,11 @@ function fetch_form_and_submit(itemType, item, seenType, value, reflect, callbac
                 cache: false,
                 success:function (data, textStatus) {
                     if (reflect) {
-                        reflect_change(false, itemType, item.id, item);
+                        if (contain_seen_attribute(item)) {
+                            reflect_change(true, itemType, item.id, item);
+                        } else {
+                            reflect_change(false, itemType, item.id, item);
+                        }
                     }
                     form.remove()
                 },

From 5ff9c29fb82150e36c74cdaa8fcd5796c234fc95 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 9 Dec 2019 09:53:18 +0100
Subject: [PATCH 51/73] fix: [update] Function name conflict introduced by the
 merge + UI Improvements

---
 app/Model/AppModel.php                       | 4 ++--
 app/View/Elements/Events/View/row_object.ctp | 2 +-
 app/webroot/css/main.css                     | 5 +++++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index afccfa335..bcc61413c 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -244,7 +244,7 @@ class AppModel extends Model
                 $this->__addServerPriority();
                 break;
             case 46:
-                $dbUpdateSuccess = $this->updateDatabase('seenOnAttributeAndObject', true);
+                $dbUpdateSuccess = $this->updateDatabase('seenOnAttributeAndObject');
                 break;
             default:
                 $dbUpdateSuccess = $this->updateDatabase($command);
@@ -2007,7 +2007,7 @@ class AppModel extends Model
 
     public function getLockRemainingTime()
     {
-        $lockState = $this->__getUpdateLockState();
+        $lockState = $this->getUpdateLockState();
         if ($lockState !== false && $lockState !== '') {
             // if lock is old, still allows the update
             // This can be useful if the update process crashes
diff --git a/app/View/Elements/Events/View/row_object.ctp b/app/View/Elements/Events/View/row_object.ctp
index 762d9ca78..a811500f9 100644
--- a/app/View/Elements/Events/View/row_object.ctp
+++ b/app/View/Elements/Events/View/row_object.ctp
@@ -161,6 +161,6 @@
         'child' => $attrKey == $lastElement ? 'last' : true
       ));
     }
-    echo '<tr><td style="position:absolute"><span class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="popoverPopup(this, ' . h($object['id']) . ', \'objects\', \'quickFetchTemplateWithValidObjectAttributes\')"></span></td></tr>';
+    echo '<tr class="objectAddFieldTr"><td><span class="fa fa-plus-circle objectAddField" title="' . __('Add an Object Attribute') .'" onclick="popoverPopup(this, ' . h($object['id']) . ', \'objects\', \'quickFetchTemplateWithValidObjectAttributes\')"></span></td></tr>';
   }
 ?>
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 3dd7cb1e5..9e16a6ba7 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -305,6 +305,11 @@ td.highlight3 {
 
 }
 
+table.table-striped > tbody > tr.objectAddFieldTr > td {
+    position: absolute;
+    background-color: #ffffff00;
+}
+
 table.table-striped > tbody > tr > td > span.objectAddField {
     padding: 0px;
     line-height: normal;

From d5ff95fa66cda485860a3e122f5c763c424415f7 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 9 Dec 2019 10:17:12 +0100
Subject: [PATCH 52/73] chg: [popoverPopup] Display errors whenever available

---
 app/webroot/js/misp.js | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index 5e53b9157..cbd8b9f84 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -1738,8 +1738,22 @@ function popoverPopup(clicked, id, context, target, admin) {
                 $clicked.popover('show');
             }
         },
-        error:function() {
-            popover.options.content =  '<div class="alert alert-error" style="margin-bottom: 0px;">Something went wrong - the queried function returned an exception. Contact your administrator for further details (the exception has been logged).</div>';
+        error:function(jqXHR, textStatus, errorThrown ) {
+            var errorJSON = '';
+            try {
+                errorJSON = JSON.parse(jqXHR.responseText);
+                errorJSON = errorJSON['errors'];
+                if (errorJSON === undefined) {
+                    errorJSON = '';
+                }
+            } catch (SyntaxError) {
+                // no error provided
+            }
+            var errorText = '<div class="alert alert-error" style="margin-bottom: 3px;">Something went wrong - the queried function returned an exception. Contact your administrator for further details (the exception has been logged).</div>';
+            if (errorJSON !== '') {
+                errorText += '<div class="well"><strong>Returned error:</strong>' + $('<span/>').text(errorJSON).html() + '</div>';
+            }
+            popover.options.content = errorText;
             $clicked.popover('show');
         },
         url: url

From 8d6946b3866ca5ad37aa93f11be3ac5d3d168060 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 16 Dec 2019 09:57:10 +0100
Subject: [PATCH 53/73] chg: [eventTimeline] Cleaner array append

---
 app/Lib/Tools/EventTimelineTool.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Lib/Tools/EventTimelineTool.php b/app/Lib/Tools/EventTimelineTool.php
index bf94673e9..d2eb44943 100644
--- a/app/Lib/Tools/EventTimelineTool.php
+++ b/app/Lib/Tools/EventTimelineTool.php
@@ -89,7 +89,7 @@
                     'first_seen' => $attr['first_seen'],
                     'last_seen' => $attr['last_seen'],
                 );
-                array_push($this->__json['items'], $toPush);
+                $this->__json['items'][] = $toPush;
             }
 
             foreach ($object as $obj) {
@@ -128,9 +128,9 @@
                         'group' => 'object_attribute',
                         'timestamp' => $obj_attr['timestamp'],
                     );
-                    array_push($toPush_obj['Attribute'], $toPush_attr);
+                    $toPush_obj['Attribute'][] = $toPush_attr;
                 }
-                array_push($this->__json['items'], $toPush_obj);
+                $this->__json['items'][] = $toPush_obj;
             }
 
             return $this->__json;

From 092348ffcda5fd5818a934b4dae08da369315eed Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 16 Dec 2019 10:47:07 +0100
Subject: [PATCH 54/73] chg: [Attribute:seen] Moved conversion iso<->utc of
 fs/ls in dedicated functions

---
 app/Model/Attribute.php       | 82 ++++++++++++++++++++---------------
 app/Model/MispObject.php      | 37 +---------------
 app/Model/ShadowAttribute.php | 36 +--------------
 3 files changed, 50 insertions(+), 105 deletions(-)

diff --git a/app/Model/Attribute.php b/app/Model/Attribute.php
index 53546cb80..4cb66e320 100644
--- a/app/Model/Attribute.php
+++ b/app/Model/Attribute.php
@@ -616,22 +616,7 @@ class Attribute extends AppModel
             if (isset($v['Attribute']['object_relation']) && $v['Attribute']['object_relation'] === null) {
                 $results[$k]['Attribute']['object_relation'] = '';
             }
-            if (!empty($v['Attribute']['first_seen'])) {
-                $fs = $results[$k]['Attribute']['first_seen'];
-                $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
-                $fs_micro = $fs % 1000000;
-                $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
-                $fs = $fs_sec . '.' . $fs_micro;
-                $results[$k]['Attribute']['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
-            }
-            if (!empty($v['Attribute']['last_seen'])) {
-                $ls = $results[$k]['Attribute']['last_seen'];
-                $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
-                $ls_micro = $ls % 1000000;
-                $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
-                $ls = $ls_sec . '.' . $ls_micro;
-                $results[$k]['Attribute']['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
-            }
+            $results[$k] = $this->UTCToISODatetime($results[$k], $this->alias);
         }
         return $results;
     }
@@ -664,26 +649,7 @@ class Attribute extends AppModel
             }
         }
 
-        // convert into utc and micro sec
-        if (!empty($this->data['Attribute']['first_seen'])) {
-            $d = new DateTime($this->data['Attribute']['first_seen']);
-            $d->setTimezone(new DateTimeZone('GMT'));
-            $fs_sec = $d->format('U');
-            $fs_micro = $d->format('u');
-            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
-            $fs = $fs_sec . $fs_micro;
-            $this->data['Attribute']['first_seen'] = $fs;
-        }
-        if (!empty($this->data['Attribute']['last_seen'])) {
-            $d = new DateTime($this->data['Attribute']['last_seen']);
-            $d->setTimezone(new DateTimeZone('GMT'));
-            $ls_sec = $d->format('U');
-            $ls_micro = $d->format('u');
-            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
-            $ls = $ls_sec . $ls_micro;
-            $this->data['Attribute']['last_seen'] = $ls;
-        }
-
+        $this->data = $this->ISODatetimeToUTC($this->data, $this->alias);
 
         // update correlation... (only needed here if there's an update)
         if ($this->id || !empty($this->data['Attribute']['id'])) {
@@ -2215,6 +2181,50 @@ class Attribute extends AppModel
         return $fails;
     }
 
+    public function ISODatetimeToUTC($data, $alias)
+    {
+        // convert into utc and micro sec
+        if (!empty($data[$alias]['first_seen'])) {
+            $d = new DateTime($data[$alias]['first_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $fs_sec = $d->format('U');
+            $fs_micro = $d->format('u');
+            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+            $fs = $fs_sec . $fs_micro;
+            $data[$alias]['first_seen'] = $fs;
+        }
+        if (!empty($data[$alias]['last_seen'])) {
+            $d = new DateTime($data[$alias]['last_seen']);
+            $d->setTimezone(new DateTimeZone('GMT'));
+            $ls_sec = $d->format('U');
+            $ls_micro = $d->format('u');
+            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+            $ls = $ls_sec . $ls_micro;
+            $data[$alias]['last_seen'] = $ls;
+        }
+        return $data;
+    }
+
+    public function UTCToISODatetime($data, $alias)
+    {
+        if (!empty($data[$alias]['first_seen'])) {
+            $fs = $data[$alias]['first_seen'];
+            $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
+            $fs_micro = $fs % 1000000;
+            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
+            $fs = $fs_sec . '.' . $fs_micro;
+            $data[$alias]['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
+        }
+        if (!empty($data[$alias]['last_seen'])) {
+            $ls = $data[$alias]['last_seen'];
+            $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
+            $ls_micro = $ls % 1000000;
+            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
+            $ls = $ls_sec . '.' . $ls_micro;
+            $data[$alias]['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
+        }
+        return $data;
+    }
 
     public function hids($user, $type, $tags = '', $from = false, $to = false, $last = false, $jobId = false, $enforceWarninglist = false)
     {
diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 8140c77ad..1c581470f 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -65,46 +65,13 @@ class MispObject extends AppModel
     public function afterFind($results, $primary = false)
     {
         foreach ($results as $k => $v) {
-            if (!empty($v[$this->alias]['first_seen'])) {
-                $fs = $results[$k][$this->alias]['first_seen'];
-                $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
-                $fs_micro = $fs % 1000000;
-                $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
-                $fs = $fs_sec . '.' . $fs_micro;
-                $results[$k][$this->alias]['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
-            }
-            if (!empty($v[$this->alias]['last_seen'])) {
-                $ls = $results[$k][$this->alias]['last_seen'];
-                $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
-                $ls_micro = $ls % 1000000;
-                $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
-                $ls = $ls_sec . '.' . $ls_micro;
-                $results[$k][$this->alias]['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
-            }
+            $results[$k] = $this->Attribute->UTCToISODatetime($results[$k], $this->alias);
         }
         return $results;
     }
 
     public function beforeSave($options = array()) {
-        // convert into utc and micro sec
-        if (!empty($this->data[$this->alias]['first_seen'])) {
-            $d = new DateTime($this->data[$this->alias]['first_seen']);
-            $d->setTimezone(new DateTimeZone('GMT'));
-            $fs_sec = $d->format('U');
-            $fs_micro = $d->format('u');
-            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
-            $fs = $fs_sec . $fs_micro;
-            $this->data[$this->alias]['first_seen'] = $fs;
-        }
-        if (!empty($this->data[$this->alias]['last_seen'])) {
-            $d = new DateTime($this->data[$this->alias]['last_seen']);
-            $d->setTimezone(new DateTimeZone('GMT'));
-            $ls_sec = $d->format('U');
-            $ls_micro = $d->format('u');
-            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
-            $ls = $ls_sec . $ls_micro;
-            $this->data[$this->alias]['last_seen'] = $ls;
-        }
+        $this->data = $this->Attribute->ISODatetimeToUTC($this->data, $this->alias);
     }
 
     public function beforeValidate($options = array())
diff --git a/app/Model/ShadowAttribute.php b/app/Model/ShadowAttribute.php
index e7ec3c3d4..6946b368e 100644
--- a/app/Model/ShadowAttribute.php
+++ b/app/Model/ShadowAttribute.php
@@ -189,24 +189,7 @@ class ShadowAttribute extends AppModel
         }
 
         // convert into utc and micro sec
-        if (!empty($this->data['ShadowAttribute']['first_seen'])) {
-            $d = new DateTime($this->data['ShadowAttribute']['first_seen']);
-            $d->setTimezone(new DateTimeZone('GMT'));
-            $fs_sec = $d->format('U');
-            $fs_micro = $d->format('u');
-            $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
-            $fs = $fs_sec . $fs_micro;
-            $this->data['ShadowAttribute']['first_seen'] = $fs;
-        }
-        if (!empty($this->data['ShadowAttribute']['last_seen'])) {
-            $d = new DateTime($this->data['ShadowAttribute']['last_seen']);
-            $d->setTimezone(new DateTimeZone('GMT'));
-            $ls_sec = $d->format('U');
-            $ls_micro = $d->format('u');
-            $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
-            $ls = $ls_sec . $ls_micro;
-            $this->data['ShadowAttribute']['last_seen'] = $ls;
-        }
+        $this->data = $this->Attribute->ISODatetimeToUTC($this->data, $this->alias);
         return true;
     }
 
@@ -391,22 +374,7 @@ class ShadowAttribute extends AppModel
     public function afterFind($results, $primary = false)
     {
         foreach ($results as $k => $v) {
-            if (!empty($v['ShadowAttribute']['first_seen'])) {
-                $fs = $results[$k]['ShadowAttribute']['first_seen'];
-                $fs_sec = intval($fs / 1000000); // $fs is in micro (10^6)
-                $fs_micro = $fs % 1000000;
-                $fs_micro = str_pad($fs_micro, 6, "0", STR_PAD_LEFT);
-                $fs = $fs_sec . '.' . $fs_micro;
-                $results[$k]['ShadowAttribute']['first_seen'] = DateTime::createFromFormat('U.u', $fs)->format('Y-m-d\TH:i:s.uP');
-            }
-            if (!empty($v['ShadowAttribute']['last_seen'])) {
-                $ls = $results[$k]['ShadowAttribute']['last_seen'];
-                $ls_sec = intval($ls / 1000000); // $ls is in micro (10^6)
-                $ls_micro = $ls % 1000000;
-                $ls_micro = str_pad($ls_micro, 6, "0", STR_PAD_LEFT);
-                $ls = $ls_sec . '.' . $ls_micro;
-                $results[$k]['ShadowAttribute']['last_seen'] = DateTime::createFromFormat('U.u', $ls)->format('Y-m-d\TH:i:s.uP');
-            }
+            $results[$k] = $this->Attribute->UTCToISODatetime($results[$k], $this->alias);
         }
         return $results;
     }

From ba0619027036038fb6d127db0f6d0a006ad6b602 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 16 Dec 2019 13:43:07 +0100
Subject: [PATCH 55/73] fix: [Object:quickAddAttribute] Correctly closes the
 popover after submission.

---
 app/View/Objects/ajax/quickAddAttributeForm.ctp |  2 +-
 app/webroot/js/misp.js                          | 14 ++++++--------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/app/View/Objects/ajax/quickAddAttributeForm.ctp b/app/View/Objects/ajax/quickAddAttributeForm.ctp
index a94be2b03..f9f6b952d 100644
--- a/app/View/Objects/ajax/quickAddAttributeForm.ctp
+++ b/app/View/Objects/ajax/quickAddAttributeForm.ctp
@@ -116,7 +116,7 @@
 
         <div class="overlay_spacing">
         <?php if ($ajax): ?>
-            <span id="submitButton" class="btn btn-primary" style="margin-bottom:5px;float:left;" title="<?php echo __('Submit'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Submit'); ?>" onClick="submitPopoverForm('<?php echo h($object['id']); ?>', 'quickAddAttributeForm', <?php echo h($object['event_id']); ?>, $(this).closest('div.popover').attr('data-dismissid'))"><?php echo __('Submit'); ?></span>
+            <span id="submitButton" class="btn btn-primary" style="margin-bottom:5px;float:left;" title="<?php echo __('Submit'); ?>" role="button" tabindex="0" aria-label="<?php echo __('Submit'); ?>" onClick="submitPopoverForm('<?php echo h($object['id']); ?>', 'quickAddAttributeForm', <?php echo h($object['event_id']); ?>, 0, $(this).closest('div.popover').attr('data-dismissid'))"><?php echo __('Submit'); ?></span>
         <?php else:
                 echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
             endif;
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index b14376ea4..6efe34adb 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -1185,8 +1185,7 @@ function openGenericModal(url) {
     });
 }
 
-// function submitPopoverForm(context_id, referer, update_context_id, popover_dissmis_id_to_close) {
-function submitPopoverForm(context_id, referer, update_context_id, modal) {
+function submitPopoverForm(context_id, referer, update_context_id, modal, popover_dissmis_id_to_close) {
     var url = null;
     var context = 'event';
     var contextNamingConvention = 'Attribute';
@@ -1246,9 +1245,9 @@ function submitPopoverForm(context_id, referer, update_context_id, modal) {
                 if (closePopover) {
                     $("#gray_out").fadeOut();
                     $("#popover_form").fadeOut();
-                    // if (popover_dissmis_id_to_close !== undefined) {
-                    //     $('[data-dismissid="' + popover_dissmis_id_to_close + '"]').popover('destroy');
-                    // }
+                    if (popover_dissmis_id_to_close !== undefined) {
+                        $('[data-dismissid="' + popover_dissmis_id_to_close + '"]').popover('destroy');
+                    }
                     $(".loading").show();
                 }
             }
@@ -1276,9 +1275,8 @@ function submitPopoverForm(context_id, referer, update_context_id, modal) {
             if (
                 (
                     context == 'event' &&
-                    (referer == 'add' || referer == 'massEdit' || referer == 'replaceAttributes' || referer == 'addObjectReference')
-                ) || 
-                referer == 'quickAddAttributeForm' // FIXME: Why no inline with the others?
+                    (referer == 'add' || referer == 'massEdit' || referer == 'replaceAttributes' || referer == 'addObjectReference' || referer == 'quickAddAttributeForm')
+                )
             ){
                 eventUnpublish();
             }

From a2127bea838d70fa4f5fe56511a8477d23fd8520 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 16 Dec 2019 14:59:53 +0100
Subject: [PATCH 56/73] fix: [update:index] Correctly log index addition errors

---
 app/Model/AppModel.php | 47 ++++++++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 22 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index bcc61413c..4a8f30fae 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -92,15 +92,6 @@ class AppModel extends Model
             // 'preUpdate' => 'seenOnAttributeAndObjectPreUpdate', # Function to execute before the update. If it throws an error, it cancels the update
             'url' => '/servers/updateDatabase/seenOnAttributeAndObject/' # url pointing to the funcion performing the update
         ),
-        'testUpdate' => array(
-            'title' => 'Test Update',
-            'description' => 'Runs a test update',
-            'liveOff' => true,
-            'recommendBackup' => true,
-            'exitOnError' => true,
-            'preUpdate' => 'failingPreUpdate', # Function to execute before the update. If it returns false, cancel the update
-            'url' => '/servers/updateDatabase/testUpdate/'
-        )
     );
     public $actions_description = array(
         'verifyGnuPGkeys' => array(
@@ -1374,8 +1365,8 @@ class AppModel extends Model
                 $indexArray[] = array('attributes', 'sharing_group_id');
                 $indexArray[] = array('attributes', 'type');
                 $indexArray[] = array('attributes', 'category');
-                $indexArray[] = array('attributes', 'value1');
-                $indexArray[] = array('attributes', 'value2');
+                $indexArray[] = array('attributes', 'value1', 255);
+                $indexArray[] = array('attributes', 'value2', 255);
                 $indexArray[] = array('attributes', 'object_id');
                 $indexArray[] = array('attributes', 'object_relation');
                 $indexArray[] = array('attributes', 'deleted');
@@ -1401,11 +1392,6 @@ class AppModel extends Model
                 $indexArray[] = array('shadow_attributes', 'last_seen');
                 $indexArray[] = array('shadow_attributes', 'comment', 767);
                 break;
-            case 'testUpdate':
-                $sqlArray[] = "SELECT SLEEP(10);";
-                $sqlArray[] = "SELECT SLEEP(4);";
-                $sqlArray[] = "SELECT SLEEP(12);";
-                break;
             default:
                 return false;
                 break;
@@ -1424,7 +1410,7 @@ class AppModel extends Model
         $this->__setUpdateProgress(0, $total_update_count, $command);
         $str_index_array = array();
         foreach($indexArray as $toIndex) {
-            $str_index_array[] = __('Indexing ') . implode($toIndex, '->');
+            $str_index_array[] = __('Indexing ') . sprintf('%s -> %s', $toIndex[0], $toIndex[1]);
         }
         $this->__setUpdateCmdMessages(array_merge($sqlArray, $str_index_array));
         $flagStop = false;
@@ -1500,11 +1486,21 @@ class AppModel extends Model
                 foreach ($indexArray as $i => $iA) {
                     $this->__setUpdateProgress(count($sqlArray)+$i, false);
                     if (isset($iA[2])) {
-                        $this->__addIndex($iA[0], $iA[1], $iA[2]);
+                        $indexSuccess = $this->__addIndex($iA[0], $iA[1], $iA[2]);
                     } else {
-                        $this->__addIndex($iA[0], $iA[1]);
+                        $indexSuccess = $this->__addIndex($iA[0], $iA[1]);
+                    }
+                    if ($indexSuccess['success']) {
+                        $this->__setUpdateResMessages(count($sqlArray)+$i, __('Successfuly indexed ') . sprintf('%s -> %s', $iA[0], $iA[1]));
+                    } else {
+                        $this->__setUpdateResMessages(count($sqlArray)+$i, sprintf('%s %s %s %s', 
+                            __('Failed to add index'),
+                            sprintf('%s -> %s', $iA[0], $iA[1]),
+                            __('The returned error is:') . PHP_EOL,
+                            $indexSuccess['errorMessage']
+                        ));
+                        $this->__setUpdateError(count($sqlArray)+$i);
                     }
-                    $this->__setUpdateResMessages(count($sqlArray)+$i, __('Successfuly indexed ') . implode($iA, '->'));
                 }
             }
             $this->__setUpdateProgress(count($sqlArray)+count($indexArray), false);
@@ -1600,10 +1596,12 @@ class AppModel extends Model
         }
         $result = true;
         $duplicate = false;
+        $errorMessage = '';
         try {
             $this->query($addIndex);
         } catch (Exception $e) {
             $duplicate = (strpos($e->getMessage(), '1061') !== false);
+            $errorMessage = $e->getMessage();
             $result = false;
         }
         $this->Log->create();
@@ -1614,9 +1612,14 @@ class AppModel extends Model
                 'email' => 'SYSTEM',
                 'action' => 'update_database',
                 'user_id' => 0,
-                'title' => ($result ? 'Added index ' : 'Failed to add index ') . $field . ' to ' . $table . ($duplicate ? ' (index already set)' : ''),
-                'change' => ($result ? 'Added index ' : 'Failed to add index ') . $field . ' to ' . $table . ($duplicate ? ' (index already set)' : ''),
+                'title' => ($result ? 'Added index ' : 'Failed to add index ') . $field . ' to ' . $table . ($duplicate ? ' (index already set)' : $errorMessage),
+                'change' => ($result ? 'Added index ' : 'Failed to add index ') . $field . ' to ' . $table . ($duplicate ? ' (index already set)' : $errorMessage),
         ));
+        $additionResult = array('success' => $result || $duplicate);
+        if (!$result) {
+            $additionResult['errorMessage'] = $errorMessage;
+        }
+        return $additionResult;
     }
 
     public function cleanCacheFiles()

From aabc568b90db572ed6cbb6b88c6ad536f788f3fd Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 16 Dec 2019 15:00:30 +0100
Subject: [PATCH 57/73] fix: [Object:DeltaMerge] Gracefully catch if *_seen
 field is not present in the pushed Object

---
 app/Model/MispObject.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/Model/MispObject.php b/app/Model/MispObject.php
index 1c581470f..ba6178e9f 100644
--- a/app/Model/MispObject.php
+++ b/app/Model/MispObject.php
@@ -545,6 +545,12 @@ class MispObject extends AppModel
                 $tmpfile->delete();
                 $tmpfile->close();
             }
+            if (!isset($attributes['Attribute'][$k]['first_seen'])) {
+                $attributes['Attribute'][$k]['first_seen'] = null;
+            }
+            if (!isset($attributes['Attribute'][$k]['last_seen'])) {
+                $attributes['Attribute'][$k]['last_seen'] = null;
+            }
             unset($attributes['Attribute'][$k]['save']);
         }
         return $attributes;

From 615e0ff7fb4163ca0b0bb3def6ac5e12a08ff170 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Thu, 19 Dec 2019 10:49:46 +0100
Subject: [PATCH 58/73] fix: [db_schema] Bumped db schema to support *-seen and
 indexes

---
 db_schema.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db_schema.json b/db_schema.json
index 2977ab44f..ad9408368 100644
--- a/db_schema.json
+++ b/db_schema.json
@@ -1 +1 @@
-{"schema":{"admin_settings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"setting","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"attribute_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"attributes":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"object_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"object_relation","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"value1","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"value2","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"comment","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"disable_correlation","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"bruteforces":[{"column_name":"ip","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"username","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expire","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null}],"cake_sessions":[{"column_name":"id","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"data","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expires","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"correlations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"1_event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"1_attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"a_distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"a_sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date","is_nullable":"NO","data_type":"date","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"decaying_model_mappings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"model_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"decaying_models":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"parameters","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"attribute_types","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"org_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"all_orgs","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"ref","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"formula","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"default","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"event_blacklists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"event_info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"comment","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"event_orgc","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"event_delegations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"requester_org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"message","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"-1"},{"column_name":"sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"event_graph":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"network_name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"network_json","is_nullable":"NO","data_type":"mediumtext","character_maximum_length":"16777215","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"preview_img","is_nullable":"YES","data_type":"mediumtext","character_maximum_length":"16777215","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null}],"event_locks":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"event_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"events":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date","is_nullable":"NO","data_type":"date","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"published","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"analysis","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"attribute_count","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"orgc_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"proposal_email_lock","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"locked","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"threat_level_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"publish_timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"sighting_timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"disable_correlation","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"extends_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":""}],"favourite_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"feeds":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"provider","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"url","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"rules","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"enabled","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"default","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"source_format","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":"misp"},{"column_name":"fixed_event","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"delta_merge","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"publish","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"override_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"settings","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"input_source","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":"network"},{"column_name":"delete_local_file","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"lookup_visible","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"headers","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"caching_enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"force_to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"fuzzy_correlate_ssdeep":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"chunk","is_nullable":"NO","data_type":"varchar","character_maximum_length":"12","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"galaxies":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"icon","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"namespace","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":"misp"},{"column_name":"kill_chain_order","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"galaxy_clusters":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"collection_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"tag_name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"galaxy_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"source","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"authors","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"galaxy_elements":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"galaxy_cluster_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"key","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"galaxy_reference":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"galaxy_cluster_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"referenced_galaxy_cluster_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"referenced_galaxy_cluster_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_galaxy_cluster_type","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_galaxy_cluster_value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"jobs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"worker","is_nullable":"NO","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"job_type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"job_input","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"status","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"retries","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"message","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"progress","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"process_id","is_nullable":"YES","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null}],"logs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"title","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"model","is_nullable":"NO","data_type":"varchar","character_maximum_length":"80","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"model_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"action","is_nullable":"NO","data_type":"varchar","character_maximum_length":"20","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"change","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"email","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"org","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"ip","is_nullable":"NO","data_type":"varchar","character_maximum_length":"45","numeric_precision":null,"collation_name":"utf8_bin","column_default":""}],"news":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"message","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"title","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"noticelist_entries":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"noticelist_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"data","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}],"noticelists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"expanded_name","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"ref","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"geographical_area","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"1"},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"notification_logs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"object_references":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"object_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"source_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"referenced_type","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"relationship_type","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"comment","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"object_relationships":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"format","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"object_template_elements":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"object_template_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"object_relation","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"ui-priority","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"categories","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"sane_default","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"values_list","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"disable_correlation","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"multiple","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"object_templates":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"meta-category","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"requirements","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"fixed","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"active","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"objects":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"meta-category","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"template_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"template_version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"comment","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"org_blacklists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"org_name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"comment","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}],"organisations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"type","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"nationality","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"sector","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"created_by","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"contacts","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"restricted_to_domain","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"landingpage","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}],"posts":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"contents","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"post_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"thread_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"regexp":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"regexp","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"replacement","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_bin","column_default":"ALL"}],"rest_client_histories":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"headers","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"body","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"url","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"http_method","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"use_full_path","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"show_result","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"skip_ssl","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"outcome","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"bookmark","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"bookmark_name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":""}],"roles":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"YES","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"modified","is_nullable":"YES","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"perm_add","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_modify","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_modify_org","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_publish","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_delegate","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_sync","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_admin","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_audit","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_full","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_auth","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_site_admin","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_regexp_access","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_tagger","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_template","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_sharing_group","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_tag_editor","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_sighting","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_object_template","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"default_role","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"memory_limit","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"max_execution_time","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"restricted_to_site_admin","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_publish_zmq","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_publish_kafka","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_decaying","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"enforce_rate_limit","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"rate_limit_count","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"servers":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"url","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"authkey","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"push","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"pull","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"push_sightings","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"lastpulledid","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"lastpushedid","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"organization","is_nullable":"YES","data_type":"varchar","character_maximum_length":"10","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"remote_org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"publish_without_email","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"unpublish_event","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"self_signed","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"pull_rules","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"push_rules","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"cert_file","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"client_cert_file","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"internal","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"skip_proxy","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"caching_enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"priority","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"shadow_attribute_correlations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"a_distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"a_sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"1_shadow_attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"1_event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"shadow_attributes":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"old_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value1","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value2","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"email","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"event_org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"comment","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"event_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"proposal_to_delete","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"disable_correlation","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"sharing_group_orgs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"extend","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"sharing_group_servers":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"server_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"all_orgs","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"sharing_groups":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"releasability","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"organisation_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sync_user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"active","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"roaming","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"sightingdb_orgs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sightingdb_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"sightingdbs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":null},{"column_name":"owner","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":""},{"column_name":"host","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":"http:\/\/localhost"},{"column_name":"port","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"9999"},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"skip_proxy","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"ssl_skip_verification","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"namespace","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":""}],"sightings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_sighting","is_nullable":"NO","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"source","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"type","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"tag_collection_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_collection_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"tag_collections":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"all_orgs","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"colour","is_nullable":"NO","data_type":"varchar","character_maximum_length":"7","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"exportable","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"hide_tag","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"numerical_value","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"tasks":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timer","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"scheduled_time","is_nullable":"NO","data_type":"varchar","character_maximum_length":"8","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":"6:00"},{"column_name":"process_id","is_nullable":"YES","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"next_execution_time","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"message","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"taxonomies":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"namespace","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"exclusive","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"required","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"taxonomy_entries":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"taxonomy_predicate_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expanded","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"colour","is_nullable":"YES","data_type":"varchar","character_maximum_length":"7","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"numerical_value","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"taxonomy_predicates":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"taxonomy_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expanded","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"colour","is_nullable":"YES","data_type":"varchar","character_maximum_length":"7","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"exclusive","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"numerical_value","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"template_element_attributes":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_element_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"complex","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"mandatory","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"batch","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"template_element_files":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_element_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"malware","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"mandatory","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"batch","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"template_element_texts":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"template_element_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"text","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"template_elements":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"position","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"element_definition","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"template_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"templates":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"share","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"threads":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"post_count","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"title","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"threat_levels":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"50","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"form_description","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null}],"user_settings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"setting","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"users":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"password","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"server_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"email","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"autoalert","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"authkey","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"invited_by","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"gpgkey","is_nullable":"YES","data_type":"longtext","character_maximum_length":"4294967295","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"certif_public","is_nullable":"YES","data_type":"longtext","character_maximum_length":"4294967295","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"nids_sid","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"termsaccepted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"newsread","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"role_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"change_pw","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"contactalert","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"disabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"expiration","is_nullable":"YES","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"current_login","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"last_login","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"force_logout","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"date_created","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null}],"warninglist_entries":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"warninglist_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"warninglist_types":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"warninglist_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"warninglists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":"string"},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"1"},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"warninglist_entry_count","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"whitelist":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}]},"indexes":{"admin_settings":["id"],"attribute_tags":["id","attribute_id","event_id","tag_id"],"attributes":["id","uuid","event_id","object_id","object_relation","value1","value2","type","category","sharing_group_id"],"bruteforces":[],"cake_sessions":["id","expires"],"correlations":["id","value","event_id","1_event_id","attribute_id","1_attribute_id","org_id","sharing_group_id","a_sharing_group_id"],"decaying_model_mappings":["id","model_id"],"decaying_models":["id","uuid","name","org_id","enabled","all_orgs","version"],"event_blacklists":["id","event_uuid","event_orgc"],"event_delegations":["id","org_id","event_id"],"event_graph":["id","event_id","user_id","org_id","timestamp"],"event_locks":["id","event_id","user_id","timestamp"],"event_tags":["id","event_id","tag_id"],"events":["id","uuid","info","sharing_group_id","org_id","orgc_id","extends_uuid"],"favourite_tags":["id","user_id","tag_id"],"feeds":["id","input_source"],"fuzzy_correlate_ssdeep":["id","chunk","attribute_id"],"galaxies":["id","name","uuid","type","namespace"],"galaxy_clusters":["id","value","uuid","collection_uuid","galaxy_id","version","tag_name","type"],"galaxy_elements":["id","key","value","galaxy_cluster_id"],"galaxy_reference":["id","galaxy_cluster_id","referenced_galaxy_cluster_id","referenced_galaxy_cluster_value","referenced_galaxy_cluster_type"],"jobs":["id"],"logs":["id"],"news":["id"],"noticelist_entries":["id","noticelist_id"],"noticelists":["id","name","geographical_area"],"notification_logs":["id","org_id","type"],"object_references":["id","source_uuid","referenced_uuid","timestamp","object_id","referenced_id","relationship_type"],"object_relationships":["id","name"],"object_template_elements":["id","object_relation","type"],"object_templates":["id","user_id","org_id","uuid","name","meta-category"],"objects":["id","name","template_uuid","template_version","meta-category","event_id","uuid","timestamp","distribution","sharing_group_id"],"org_blacklists":["id"],"organisations":["id","uuid","name"],"posts":["id","post_id","thread_id"],"regexp":["id"],"rest_client_histories":["id","org_id","user_id","timestamp"],"roles":["id"],"servers":["id","org_id","priority","remote_org_id"],"shadow_attribute_correlations":["id","org_id","attribute_id","a_sharing_group_id","event_id","1_event_id","sharing_group_id","1_shadow_attribute_id"],"shadow_attributes":["id","event_id","event_uuid","event_org_id","uuid","old_id","value1","value2","type","category"],"sharing_group_orgs":["id","org_id","sharing_group_id"],"sharing_group_servers":["id","server_id","sharing_group_id"],"sharing_groups":["id","uuid","org_id","sync_user_id","organisation_uuid"],"sightingdb_orgs":["id","sightingdb_id","org_id"],"sightingdbs":["id","name","owner","host","port"],"sightings":["id","attribute_id","event_id","org_id","uuid","source","type"],"tag_collection_tags":["id","tag_collection_id","tag_id"],"tag_collections":["id","uuid","user_id","org_id"],"tags":["id","name","org_id","user_id","numerical_value"],"tasks":["id"],"taxonomies":["id"],"taxonomy_entries":["id","taxonomy_predicate_id","numerical_value"],"taxonomy_predicates":["id","taxonomy_id","numerical_value"],"template_element_attributes":["id"],"template_element_files":["id"],"template_element_texts":["id"],"template_elements":["id"],"template_tags":["id"],"templates":["id"],"threads":["id","user_id","event_id","org_id","sharing_group_id"],"threat_levels":["id"],"user_settings":["id","setting","user_id","timestamp"],"users":["id","email","org_id","server_id"],"warninglist_entries":["id","warninglist_id"],"warninglist_types":["id"],"warninglists":["id"],"whitelist":["id"]},"db_version":"45"}
\ No newline at end of file
+{"schema":{"admin_settings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"setting","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"attribute_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"attributes":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"object_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"object_relation","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"value1","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"value2","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"comment","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"disable_correlation","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"first_seen","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"last_seen","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null}],"bruteforces":[{"column_name":"ip","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"username","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expire","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null}],"cake_sessions":[{"column_name":"id","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"data","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expires","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"correlations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"1_event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"1_attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"a_distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"a_sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date","is_nullable":"NO","data_type":"date","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"decaying_model_mappings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"model_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"decaying_models":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"parameters","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"attribute_types","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"org_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"all_orgs","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"ref","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"formula","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"default","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"event_blacklists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"event_info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"comment","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"event_orgc","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"event_delegations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"requester_org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"message","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"-1"},{"column_name":"sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"event_graph":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"network_name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"network_json","is_nullable":"NO","data_type":"mediumtext","character_maximum_length":"16777215","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"preview_img","is_nullable":"YES","data_type":"mediumtext","character_maximum_length":"16777215","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null}],"event_locks":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"event_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"events":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date","is_nullable":"NO","data_type":"date","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"published","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"analysis","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"attribute_count","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"orgc_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"proposal_email_lock","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"locked","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"threat_level_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"publish_timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"sighting_timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"disable_correlation","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"extends_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":""}],"favourite_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"feeds":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"provider","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"url","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"rules","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"enabled","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"default","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"source_format","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":"misp"},{"column_name":"fixed_event","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"delta_merge","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"publish","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"override_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"settings","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"input_source","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":"network"},{"column_name":"delete_local_file","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"lookup_visible","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"headers","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"caching_enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"force_to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"fuzzy_correlate_ssdeep":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"chunk","is_nullable":"NO","data_type":"varchar","character_maximum_length":"12","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"galaxies":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"icon","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"namespace","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":"misp"},{"column_name":"kill_chain_order","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"galaxy_clusters":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"collection_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"tag_name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"galaxy_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"source","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"authors","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"galaxy_elements":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"galaxy_cluster_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"key","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"galaxy_reference":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"galaxy_cluster_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"referenced_galaxy_cluster_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"referenced_galaxy_cluster_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_galaxy_cluster_type","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_galaxy_cluster_value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"jobs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"worker","is_nullable":"NO","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"job_type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"job_input","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"status","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"retries","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"message","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"progress","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"process_id","is_nullable":"YES","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null}],"logs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"title","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"model","is_nullable":"NO","data_type":"varchar","character_maximum_length":"80","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"model_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"action","is_nullable":"NO","data_type":"varchar","character_maximum_length":"20","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"change","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"email","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"org","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"ip","is_nullable":"NO","data_type":"varchar","character_maximum_length":"45","numeric_precision":null,"collation_name":"utf8_bin","column_default":""}],"news":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"message","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"title","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"noticelist_entries":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"noticelist_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"data","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}],"noticelists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"expanded_name","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"ref","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"geographical_area","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"1"},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"notification_logs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"object_references":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"object_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"source_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"referenced_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"referenced_type","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"relationship_type","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"comment","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"object_relationships":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"format","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"object_template_elements":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"object_template_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"object_relation","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"ui-priority","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"categories","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"sane_default","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"values_list","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"disable_correlation","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"multiple","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"object_templates":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"meta-category","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"requirements","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"fixed","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"active","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"objects":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"meta-category","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"template_uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"template_version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"comment","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"first_seen","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"last_seen","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null}],"org_blacklists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"org_name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"comment","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}],"organisations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"type","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"nationality","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"sector","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"created_by","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"contacts","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"restricted_to_domain","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"landingpage","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}],"posts":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"contents","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"post_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"thread_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"regexp":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"regexp","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"replacement","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_bin","column_default":"ALL"}],"rest_client_histories":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"headers","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"body","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"url","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"http_method","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"use_full_path","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"show_result","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"skip_ssl","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"outcome","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"bookmark","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"bookmark_name","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":""}],"roles":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"created","is_nullable":"YES","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"modified","is_nullable":"YES","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"perm_add","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_modify","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_modify_org","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_publish","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_delegate","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_sync","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_admin","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_audit","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_full","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"perm_auth","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_site_admin","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_regexp_access","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_tagger","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_template","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_sharing_group","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_tag_editor","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_sighting","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_object_template","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"default_role","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"memory_limit","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"max_execution_time","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"restricted_to_site_admin","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_publish_zmq","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_publish_kafka","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"perm_decaying","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"enforce_rate_limit","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"rate_limit_count","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"servers":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"url","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"authkey","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"push","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"pull","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"push_sightings","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"lastpulledid","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"lastpushedid","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"organization","is_nullable":"YES","data_type":"varchar","character_maximum_length":"10","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"remote_org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"publish_without_email","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"unpublish_event","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"self_signed","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"pull_rules","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"push_rules","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"cert_file","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"client_cert_file","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"internal","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"skip_proxy","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"caching_enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"priority","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"shadow_attribute_correlations":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_general_ci","column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"a_distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"a_sharing_group_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"1_shadow_attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"1_event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"info","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"shadow_attributes":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"old_id","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value1","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value2","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"email","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"event_org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"comment","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"event_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"deleted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"proposal_to_delete","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"disable_correlation","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"first_seen","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"last_seen","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null}],"sharing_group_orgs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"extend","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"sharing_group_servers":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"server_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"all_orgs","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"sharing_groups":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"releasability","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"organisation_uuid","is_nullable":"NO","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sync_user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"active","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"local","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"roaming","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"sightingdb_orgs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sightingdb_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"sightingdbs":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":null},{"column_name":"owner","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":""},{"column_name":"host","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":"http:\/\/localhost"},{"column_name":"port","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"9999"},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"skip_proxy","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"ssl_skip_verification","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"namespace","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8mb4_general_ci","column_default":""}],"sightings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"attribute_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_sighting","is_nullable":"NO","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"source","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":""},{"column_name":"type","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"}],"tag_collection_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_collection_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"tag_collections":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"uuid","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"all_orgs","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"colour","is_nullable":"NO","data_type":"varchar","character_maximum_length":"7","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"exportable","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"hide_tag","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"numerical_value","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"tasks":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"100","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"timer","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"scheduled_time","is_nullable":"NO","data_type":"varchar","character_maximum_length":"8","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":"6:00"},{"column_name":"process_id","is_nullable":"YES","data_type":"varchar","character_maximum_length":"32","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"next_execution_time","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"message","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"taxonomies":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"namespace","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"exclusive","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"required","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"}],"taxonomy_entries":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"taxonomy_predicate_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expanded","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"colour","is_nullable":"YES","data_type":"varchar","character_maximum_length":"7","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"numerical_value","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"taxonomy_predicates":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"taxonomy_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"expanded","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"colour","is_nullable":"YES","data_type":"varchar","character_maximum_length":"7","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"exclusive","is_nullable":"YES","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"numerical_value","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"template_element_attributes":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_element_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"to_ids","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"1"},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"complex","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"mandatory","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"batch","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"template_element_files":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_element_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"category","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"malware","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"mandatory","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"batch","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"template_element_texts":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"template_element_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"text","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"template_elements":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"position","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"element_definition","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null}],"template_tags":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"template_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"tag_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"templates":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"description","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"share","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null}],"threads":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"date_created","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"NO","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"distribution","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"post_count","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"event_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"title","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"sharing_group_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"threat_levels":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"50","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"description","is_nullable":"YES","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null},{"column_name":"form_description","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"latin1_swedish_ci","column_default":null}],"user_settings":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"setting","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"user_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"timestamp","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"users":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"password","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"org_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"server_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"email","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"autoalert","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"authkey","is_nullable":"YES","data_type":"varchar","character_maximum_length":"40","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"invited_by","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"gpgkey","is_nullable":"YES","data_type":"longtext","character_maximum_length":"4294967295","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"certif_public","is_nullable":"YES","data_type":"longtext","character_maximum_length":"4294967295","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"nids_sid","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"termsaccepted","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"newsread","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"role_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"change_pw","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"contactalert","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"disabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"expiration","is_nullable":"YES","data_type":"datetime","character_maximum_length":null,"numeric_precision":null,"collation_name":null,"column_default":null},{"column_name":"current_login","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"last_login","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"0"},{"column_name":"force_logout","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"date_created","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null},{"column_name":"date_modified","is_nullable":"YES","data_type":"bigint","character_maximum_length":null,"numeric_precision":"19","collation_name":null,"column_default":null}],"warninglist_entries":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"value","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null},{"column_name":"warninglist_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"warninglist_types":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"warninglist_id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"warninglists":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"type","is_nullable":"NO","data_type":"varchar","character_maximum_length":"255","numeric_precision":null,"collation_name":"utf8_bin","column_default":"string"},{"column_name":"description","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_bin","column_default":null},{"column_name":"version","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":"1"},{"column_name":"enabled","is_nullable":"NO","data_type":"tinyint","character_maximum_length":null,"numeric_precision":"3","collation_name":null,"column_default":"0"},{"column_name":"warninglist_entry_count","is_nullable":"YES","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null}],"whitelist":[{"column_name":"id","is_nullable":"NO","data_type":"int","character_maximum_length":null,"numeric_precision":"10","collation_name":null,"column_default":null},{"column_name":"name","is_nullable":"NO","data_type":"text","character_maximum_length":"65535","numeric_precision":null,"collation_name":"utf8_unicode_ci","column_default":null}]},"indexes":{"admin_settings":["id"],"attribute_tags":["id","attribute_id","tag_id","event_id"],"attributes":["id","uuid","event_id","sharing_group_id","type","category","value1","value2","object_id","object_relation","deleted","comment","first_seen","last_seen"],"bruteforces":[],"cake_sessions":["id","expires"],"correlations":["id","value","event_id","1_event_id","attribute_id","1_attribute_id","org_id","sharing_group_id","a_sharing_group_id"],"decaying_model_mappings":["id","model_id"],"decaying_models":["id","uuid","name","org_id","enabled","all_orgs","version"],"event_blacklists":["id","event_uuid","event_orgc"],"event_delegations":["id","org_id","event_id"],"event_graph":["id","event_id","user_id","org_id","timestamp"],"event_locks":["id","event_id","user_id","timestamp"],"event_tags":["id","event_id","tag_id"],"events":["id","uuid","info","sharing_group_id","org_id","orgc_id","extends_uuid"],"favourite_tags":["id","user_id","tag_id"],"feeds":["id","input_source"],"fuzzy_correlate_ssdeep":["id","chunk","attribute_id"],"galaxies":["id","name","uuid","type","namespace"],"galaxy_clusters":["id","value","uuid","collection_uuid","galaxy_id","version","tag_name","type"],"galaxy_elements":["id","key","value","galaxy_cluster_id"],"galaxy_reference":["id","galaxy_cluster_id","referenced_galaxy_cluster_id","referenced_galaxy_cluster_value","referenced_galaxy_cluster_type"],"jobs":["id"],"logs":["id"],"news":["id"],"noticelist_entries":["id","noticelist_id"],"noticelists":["id","name","geographical_area"],"notification_logs":["id","org_id","type"],"object_references":["id","source_uuid","referenced_uuid","timestamp","object_id","referenced_id","relationship_type"],"object_relationships":["id","name"],"object_template_elements":["id","object_relation","type"],"object_templates":["id","user_id","org_id","uuid","name","meta-category"],"objects":["id","name","template_uuid","template_version","meta-category","event_id","uuid","timestamp","distribution","sharing_group_id","first_seen","last_seen","comment"],"org_blacklists":["id"],"organisations":["id","uuid","name"],"posts":["id","post_id","thread_id"],"regexp":["id"],"rest_client_histories":["id","org_id","user_id","timestamp"],"roles":["id"],"servers":["id","org_id","priority","remote_org_id"],"shadow_attribute_correlations":["id","org_id","attribute_id","a_sharing_group_id","event_id","1_event_id","sharing_group_id","1_shadow_attribute_id"],"shadow_attributes":["id","event_id","event_uuid","event_org_id","uuid","old_id","value1","value2","type","category","first_seen","last_seen","comment"],"sharing_group_orgs":["id","org_id","sharing_group_id"],"sharing_group_servers":["id","server_id","sharing_group_id"],"sharing_groups":["id","uuid","org_id","sync_user_id","organisation_uuid"],"sightingdb_orgs":["id","sightingdb_id","org_id"],"sightingdbs":["id","name","owner","host","port"],"sightings":["id","attribute_id","event_id","org_id","uuid","source","type"],"tag_collection_tags":["id","tag_collection_id","tag_id"],"tag_collections":["id","uuid","user_id","org_id"],"tags":["id","name","org_id","user_id","numerical_value"],"tasks":["id"],"taxonomies":["id"],"taxonomy_entries":["id","taxonomy_predicate_id","numerical_value"],"taxonomy_predicates":["id","taxonomy_id","numerical_value"],"template_element_attributes":["id"],"template_element_files":["id"],"template_element_texts":["id"],"template_elements":["id"],"template_tags":["id"],"templates":["id"],"threads":["id","user_id","event_id","org_id","sharing_group_id"],"threat_levels":["id"],"user_settings":["id","setting","user_id","timestamp"],"users":["id","email","org_id","server_id"],"warninglist_entries":["id","warninglist_id"],"warninglist_types":["id"],"warninglists":["id"],"whitelist":["id"]},"db_version":"46"}
\ No newline at end of file

From 4525f263c9c4a09600277f71bc81e72abc06da8c Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 17 Jan 2020 09:23:18 +0100
Subject: [PATCH 59/73] fix: [Attribute:comment] Do not index the `comment`
 field anymore

---
 app/Model/AppModel.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index 4a8f30fae..aa5c8d573 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1370,7 +1370,6 @@ class AppModel extends Model
                 $indexArray[] = array('attributes', 'object_id');
                 $indexArray[] = array('attributes', 'object_relation');
                 $indexArray[] = array('attributes', 'deleted');
-                $indexArray[] = array('attributes', 'comment', 767);  // https://dev.mysql.com/doc/refman/5.7/en/create-index.html
                 $indexArray[] = array('attributes', 'first_seen');
                 $indexArray[] = array('attributes', 'last_seen');
                 $sqlArray[] = "

From 73b3acda9489ec40b6327e0c40b4cb875003077f Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 17 Jan 2020 10:20:13 +0100
Subject: [PATCH 60/73] fix: [model:comment] Do not index the `comment` field
 anymore for shadowAttribute and Objects

---
 app/Model/AppModel.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index aa5c8d573..ad394cf65 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1380,7 +1380,6 @@ class AppModel extends Model
                     ;";
                 $indexArray[] = array('objects', 'first_seen');
                 $indexArray[] = array('objects', 'last_seen');
-                $indexArray[] = array('objects', 'comment', 767);
                 $sqlArray[] = "
                     ALTER TABLE `shadow_attributes`
                         ADD `first_seen` BIGINT(20) NULL DEFAULT NULL,
@@ -1389,7 +1388,6 @@ class AppModel extends Model
                     ;";
                 $indexArray[] = array('shadow_attributes', 'first_seen');
                 $indexArray[] = array('shadow_attributes', 'last_seen');
-                $indexArray[] = array('shadow_attributes', 'comment', 767);
                 break;
             default:
                 return false;

From 509e5c9a82f8e0b0cf9a855f70a1408e665aeb65 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 17 Jan 2020 14:05:32 +0100
Subject: [PATCH 61/73] fix: [UI] small fixes

---
 .../ajax/attributeEditFirst_seenForm.ctp      |  5 ++-
 .../ajax/attributeEditLast_seenForm.ctp       |  7 ++--
 app/webroot/js/event-timeline.js              | 33 +++++++++++++++----
 3 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp b/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp
index 8859c97e8..703e87b67 100644
--- a/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp
+++ b/app/View/Attributes/ajax/attributeEditFirst_seenForm.ctp
@@ -1,5 +1,8 @@
 <?php
-    echo $this->Form->create('Attribute', array('id' => 'Attribute' . '_' . $object['id'] . '_first_seen_form', 'url' => '/attributes/editField/' . $object['id']));
+    echo $this->Form->create('Attribute', array(
+      'id' => 'Attribute' . '_' . $object['id'] . '_first_seen_form',
+      'url' => '/attributes/editField/' . $object['id']
+    ));
 ?>
 <?php
     echo $this->Form->input('first_seen', array(
diff --git a/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp b/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp
index 2f97a1272..c9771f061 100644
--- a/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp
+++ b/app/View/Attributes/ajax/attributeEditLast_seenForm.ctp
@@ -1,7 +1,8 @@
 <?php
-    echo $this->Form->create('Attribute', array('id' => 'Attribute' . '_' . $object['id'] . '_last_seen_form', 'url' => '/attributes/editField/' . $object['id']));
-?>
-<?php
+    echo $this->Form->create('Attribute', array(
+      'id' => 'Attribute' . '_' . $object['id'] . '_last_seen_form',
+      'url' => '/attributes/editField/' . $object['id']
+    ));
     echo $this->Form->input('last_seen', array(
         'label' => false,
         'type' => 'text',
diff --git a/app/webroot/js/event-timeline.js b/app/webroot/js/event-timeline.js
index cd00ae926..dcc4b971c 100644
--- a/app/webroot/js/event-timeline.js
+++ b/app/webroot/js/event-timeline.js
@@ -51,8 +51,9 @@ var options = {
     editable: user_manipulation ? default_editable : false,
     tooltipOnItemUpdateTime: true,
     onRemove: function(item, callback) { // clear timestamps
-        update_seen(item, 'first', null, false, undefined);
-        update_seen(item, 'last', null, false, function() { reflect_change(true); });
+        update_seen(item, 'first', null, false, function() {
+          update_seen(item, 'last', null, false, function() { reflect_change(true); });
+        });
         eventTimeline.setSelection([]);
         $('.timelineSelectionTooltip').remove()
     },
@@ -66,14 +67,34 @@ var options = {
                 if (!c2) {
                     update_seen(item, 'first', newStart, true, undefined);
                 } else {
-                    update_seen(item, 'first', newStart, false, function() { reflect_change(true); });
+                    update_seen(
+                        item,
+                        'first',
+                        newStart,
+                        false,
+                        function() {
+                            update_seen(
+                                item,
+                                'last',
+                                newEnd,
+                                true,
+                                function() {
+                                    reflect_change(true);
+                                }
+                            );
+                        }
+                    );
                 }
             } else {
-                update_seen(item, 'first', newStart, !c2, undefined);
+                update_seen(item, 'first', newStart, false, function() {
+                    if (c2) {
+                        update_seen(item, 'last', newEnd, true, undefined);
+                    }
+                });
             }
         }
-        if (c2) {
-            update_seen(item, 'last', newEnd, true, undefined);
+        if (c2 && !c1) {
+          update_seen(item, 'last', newEnd, true, undefined);
         }
     }
 };

From e0871ed377a7e94d3c2d7ed560b2663ec3a6317f Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 17 Jan 2020 15:13:38 +0100
Subject: [PATCH 62/73] chg: [PyMISP] bump

---
 PyMISP | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PyMISP b/PyMISP
index 2e7215bbe..c4c05e43b 160000
--- a/PyMISP
+++ b/PyMISP
@@ -1 +1 @@
-Subproject commit 2e7215bbec6c2fa1d527e09be99d4280fdda3fd1
+Subproject commit c4c05e43b3c6468dd42c8921a1cea21c38b0798c

From 86e44df07d8818f057a674db12430d341d37f1e2 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 17 Jan 2020 15:14:13 +0100
Subject: [PATCH 63/73] chg: [VERSION] bump

---
 VERSION.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/VERSION.json b/VERSION.json
index 6b2d3074f..feac7e9e9 100644
--- a/VERSION.json
+++ b/VERSION.json
@@ -1 +1 @@
-{"major":2, "minor":4, "hotfix":119}
+{"major":2, "minor":4, "hotfix":120}

From a577c6911843de030664e14421f67bdbf1fc6829 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Fri, 17 Jan 2020 15:14:53 +0100
Subject: [PATCH 64/73] chg: [versions] requirements for languages changed

---
 app/Controller/AppController.php                 | 10 ++++++----
 app/Controller/ServersController.php             |  3 +++
 app/View/Elements/healthElements/diagnostics.ctp |  2 +-
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index f647572ad..ec06280b9 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -46,10 +46,12 @@ class AppController extends Controller
 
     public $helpers = array('Utility', 'OrgImg', 'FontAwesome', 'UserName');
 
-    private $__queryVersion = '94';
-    public $pyMispVersion = '2.4.119';
-    public $phpmin = '7.0';
-    public $phprec = '7.2';
+    private $__queryVersion = '95';
+    public $pyMispVersion = '2.4.120';
+    public $phpmin = '7.2';
+    public $phprec = '7.4';
+    public $pythonmin = '3.6';
+    public $pythonrec = '3.7';
     public $isApiAuthed = false;
 
     public $baseurl = '';
diff --git a/app/Controller/ServersController.php b/app/Controller/ServersController.php
index 43e1e7c4e..df2746803 100644
--- a/app/Controller/ServersController.php
+++ b/app/Controller/ServersController.php
@@ -1135,6 +1135,9 @@ class ServersController extends AppController
             $this->set('phpversion', phpversion());
             $this->set('phpmin', $this->phpmin);
             $this->set('phprec', $this->phprec);
+            $this->set('pythonmin', $this->pythonmin);
+            $this->set('pythonrec', $this->pythonrec);
+            $this->set('pymisp', $this->pymisp);
         }
     }
 
diff --git a/app/View/Elements/healthElements/diagnostics.ctp b/app/View/Elements/healthElements/diagnostics.ctp
index 0330b2629..581e919c7 100644
--- a/app/View/Elements/healthElements/diagnostics.ctp
+++ b/app/View/Elements/healthElements/diagnostics.ctp
@@ -159,7 +159,7 @@
     <p><span class="bold"><?php echo __('PHP ini path');?></span>:… <span class="green"><?php echo h($php_ini); ?></span><br />
     <span class="bold"><?php echo __('PHP Version');?> (><?php echo $phprec; ?> <?php echo __('recommended');?>): </span><span class="<?php echo $phpversions['web']['phpcolour']; ?>"><?php echo h($phpversions['web']['phpversion']) . ' (' . $phpversions['web']['phptext'] . ')';?></span><br />
     <span class="bold"><?php echo __('PHP CLI Version');?> (><?php echo $phprec; ?> <?php echo __('recommended');?>): </span><span class="<?php echo $phpversions['cli']['phpcolour']; ?>"><?php echo h($phpversions['cli']['phpversion']) . ' (' . $phpversions['cli']['phptext'] . ')';?></span></p>
-    <p class="red bold"><?php echo __('Please note that the we will be dropping support for Python 2.7 and PHP 7.1 as of 2020-01-01 and are henceforth considered deprecated (but supported until the end of 2019). Both of these versions will by then reached End of Life and will become a liability. Furthermore, by dropping support for these outdated versions of the languages, we\'ll be able to phase out support for legacy code that exists solely to support them. Make sure that you plan ahead accordingly. More info: ');?><a href="https://secure.php.net/supported-versions.php">PHP</a>, <a href="https://www.python.org/dev/peps/pep-0373">Python</a>.</p>
+    <p class="red bold"><?php echo __('Please note that the support for Python versions below 3.6 and below PHP 7.2 has been dropped as of 2020-01-01 and are henceforth considered unsupported. More info: ');?><a href="https://secure.php.net/supported-versions.php">PHP</a>, <a href="https://www.python.org/dev/peps/pep-0373">Python</a>.</p>
     <p><?php echo __('The following settings might have a negative impact on certain functionalities of MISP with their current and recommended minimum settings. You can adjust these in your php.ini. Keep in mind that the recommendations are not requirements, just recommendations. Depending on usage you might want to go beyond the recommended values.');?></p>
     <?php
         foreach ($phpSettings as $settingName => &$phpSetting):

From 3fb5221cf3809e52112b6eff4fcf0c5f2cf2ba62 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Fri, 17 Jan 2020 16:48:42 +0100
Subject: [PATCH 65/73] chg: [UI:formSeenInput] Re-vamped the UI to be more
 usuable

---
 app/View/Attributes/add.ctp           |   3 +-
 app/View/Elements/form_seen_input.ctp | 416 ++------------------------
 2 files changed, 29 insertions(+), 390 deletions(-)

diff --git a/app/View/Attributes/add.ctp b/app/View/Attributes/add.ctp
index 2614d687c..188650dbd 100644
--- a/app/View/Attributes/add.ctp
+++ b/app/View/Attributes/add.ctp
@@ -68,7 +68,6 @@
                 array(
                     'field' => 'first_seen',
                     'type' => 'text',
-                    'stayInLine' => 1,
                     'hidden' => true
                 ),
                 array(
@@ -87,7 +86,7 @@
                 )
             ),
             'metaFields' => array(
-                '<div id="bothSeenSliderContainer"></div>'
+                '<div id="bothSeenSliderContainer" style="height: 170px;"></div>'
             )
         )
     ));
diff --git a/app/View/Elements/form_seen_input.ctp b/app/View/Elements/form_seen_input.ctp
index 1c3ae475a..ad3c8001f 100644
--- a/app/View/Elements/form_seen_input.ctp
+++ b/app/View/Elements/form_seen_input.ctp
@@ -13,275 +13,23 @@
     }
 ?>
 var controller = "<?php echo $temp; ?>"; // get current controller name so that we can access all form fields
-var time_vals = [
-    ['Hour', 23, 1000*1000*60*60],
-    ['Minute', 59, 1000*1000*60],
-    ['Second', 59, 1000*60],
-    ['ms', 999, 1000],
-    ['us', 999, 1],
-];
-
-var MicroDatetime = function(value) {
-    this.isoDatetimeMicroRegex = /(\d{4})-(\d{2})-(\d{2})T(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
-    this.isotimeMicroRegex = /(\d{2})\:(\d{2})\:(\d{2})\.(\d{3})(\d*)(\D\S*)/g;
-    this.numberRegex = /^(\-|\+)?([0-9]+|Infinity)$/g;
-
-    if (value === undefined || value === "") {
-        this.moment = undefined;
-        this.micro = 0;
-    } else {
-        // check if timestamp UNIX timestamp (in sec)
-        if (this.numberRegex.test(value)) {
-            var timestamp = parseInt(value);
-            var timestamp_str = String(timestamp);
-            if (timestamp === '' || timestamp === undefined || timestamp === null || isNaN(timestamp)) {
-                this.moment = moment(0);
-                this.micro = 0;
-            } else {
-                var all_milli = parseInt(timestamp)*1000;
-                all_milli = isNaN(all_milli) || all_milli === undefined ? 0 : all_milli;
-                this.moment = moment(all_milli);
-                this.micro = 0;
-            }
-        // check if only a time
-        } else { // let moment parse the date
-            try {
-                value = String(value);
-                this.moment = new moment(value);
-                if (this.moment.isValid()) {
-                    var res = this.isoDatetimeMicroRegex.exec(value);
-                    var micro_str = res !== null ? res[8] : 0;
-                    this.micro = parseInt(micro_str);
-                    this.micro = isNaN(this.micro) ? 0 : this.micro;
-                } else {
-                    this.moment = undefined;
-                    this.micro = 0;
-                    showMessage('fail', 'Failed to parse the date: <strong>' + value + '</strong>');
-                }
-            } catch (err) {
-                if (this.isotimeMicroRegex.test(value)) {
-                    this.moment = moment(value, "HH:mm:ss.SSSSSSZ");
-                    if (this.moment.isValid()) {
-                        var res = this.isotimeMicroRegex.exec(value);
-                        var micro_str = res !== null ? res[8] : 0;
-                        this.micro = parseInt(micro_str);
-                        this.micro = isNaN(this.micro) ? 0 : this.micro;
-                    } else {
-                        this.moment = undefined;
-                        this.micro = 0;
-                        showMessage('fail', 'Failed to parse the date: ' + value);
-                    }
-                }
-            }
-        }
-    }
-}
-
-MicroDatetime.prototype = {
-    constructor: MicroDatetime,
-
-    get_microISO: function() {
-        if (this.moment === undefined || this.moment === null) {
-            return "";
-        }
-        var tz = this.moment.format('Z');
-        var str = this.moment.toISOString(true);
-        str = str.replace(tz, pad_zero(this.micro, 3)+tz);
-        return str;
-    },
-
-    get_date: function() {
-        if (this.moment === undefined || this.moment === null) {
-            return "";
-        }
-        return this.moment.format('YYYY/MM/DD');
-    },
-
-    get_time: function() {
-        if (this.moment === undefined || this.moment === null) {
-            return "";
-        }
-        return this.moment.format('HH:mm:ss.SSS')
-            + String(pad_zero(this.micro, 3))
-            + this.moment.format('Z');
-    },
-
-    has_date: function() {
-        return this.moment !== undefined;
-    },
-
-    has_time: function() {
-        if (this.moment === undefined) {
-            return false;
-        } else {
-            return this.moment.get('hour') != 0
-                || this.moment.get('minute') != 0
-                || this.moment.get('second') != 0
-                || this.moment.get('millisecond') != 0
-                || this.micro != 0;
-        }
-    }
-}
-
-function pad_zero(val, pad) {
-    var ret = '';
-    for (var i=0; i<(pad-String(val).length); i++) {
-        ret += '0';
-    }
-    ret += String(val);
-    return ret;
-}
-
-function get_slider_and_input(type, scale, factor, max) {
-    var row = $('<tr></tr>');
-    var td1 = $('<td></td>');
-    var td2 = $('<td></td>');
-    var td3 = $('<td></td>');
-    var label = $('<span>'+scale+'</span>').css({fontWeight: 'bold'});
-    var input = $('<input id="input-time-'+type+'-'+scale+'" type="number" min=0 max='+max+' step=1 value=0 factor='+factor+' scale='+scale+'></input>').css({width: '50px', margin: '5px'});
-    var slider_width = '200px';
-    var slider = $('<input id="slider-time-'+type+'-'+scale+'" type="range" min=0 max='+max+' step=1 value=0 factor='+factor+' scale='+scale+'></input>').css({width: slider_width, margin: '5px'});
-
-    row.append(td1.append(label))
-       .append(td2.append(input))
-       .append(td3.append(slider))
-    return row;
-}
-
-function reflect_change_on_sliders(seen, skip_input_update, overwrite) {
-    if (seen == 'both' || seen == 'first') {
-        var f_val = overwrite === undefined ? $('#'+controller+'FirstSeen').val() : overwrite;
-        var f_microdatetime = new MicroDatetime(f_val);
-        var hours = f_microdatetime.moment !== undefined ? f_microdatetime.moment.hours() : 0;
-        var minutes = f_microdatetime.moment !== undefined ? f_microdatetime.moment.minutes() : 0;
-        var seconds = f_microdatetime.moment !== undefined ? f_microdatetime.moment.seconds() : 0;
-        var milli = f_microdatetime.moment !== undefined ? f_microdatetime.moment.milliseconds() : 0;
-        var d = f_microdatetime.moment !== undefined ? f_microdatetime.get_date() : undefined;
-
-        // mirror slider and input field
-        $('#input-time-first-'+time_vals[0]).val(hours);
-        $('#slider-time-first-'+time_vals[0]).val(hours);
-
-        $('#input-time-first-'+time_vals[1]).val(minutes);
-        $('#slider-time-first-'+time_vals[1]).val(minutes);
-
-        $('#input-time-first-'+time_vals[2]).val(seconds);
-        $('#slider-time-first-'+time_vals[2]).val(seconds);
-
-        $('#input-time-first-'+time_vals[3]).val(milli);
-        $('#slider-time-first-'+time_vals[3]).val(milli);
-
-        $('#input-time-first-'+time_vals[4]).val(f_microdatetime.micro);
-        $('#slider-time-first-'+time_vals[4]).val(f_microdatetime.micro);
-
-        $('#date_fs').datepicker('setDate', d);
-        $('#time_fs').val(f_microdatetime.get_time());
-    }
-
-    if (seen == 'both' || seen == 'last') {
-        var l_val = overwrite === undefined ? $('#'+controller+'LastSeen').val() : overwrite;
-        var l_microdatetime = new MicroDatetime(l_val);
-        var hours = l_microdatetime.moment !== undefined ? l_microdatetime.moment.hours() : 0;
-        var minutes = l_microdatetime.moment !== undefined ? l_microdatetime.moment.minutes() : 0;
-        var seconds = l_microdatetime.moment !== undefined ? l_microdatetime.moment.seconds() : 0;
-        var milli = l_microdatetime.moment !== undefined ? l_microdatetime.moment.milliseconds() : 0;
-        var d = l_microdatetime.moment !== undefined ? l_microdatetime.get_date() : undefined;
-
-        // mirror slider and input field
-        $('#input-time-last-'+time_vals[0]).val(hours);
-        $('#slider-time-last-'+time_vals[0]).val(hours);
-
-        $('#input-time-last-'+time_vals[1]).val(minutes);
-        $('#slider-time-last-'+time_vals[1]).val(minutes);
-
-        $('#input-time-last-'+time_vals[2]).val(seconds);
-        $('#slider-time-last-'+time_vals[2]).val(seconds);
-
-        $('#input-time-last-'+time_vals[3]).val(milli);
-        $('#slider-time-last-'+time_vals[3]).val(milli);
-
-        $('#input-time-last-'+time_vals[4]).val(l_microdatetime.micro);
-        $('#slider-time-last-'+time_vals[4]).val(l_microdatetime.micro);
-
-        $('#date_ls').datepicker('setDate', d);
-        $('#time_ls').val(l_microdatetime.get_time());
-    }
-
-    if (!skip_input_update) {
-        reflect_change_on_input(seen);
-    }
-}
-
-// get data stored in sliders
-function get_time_from_slider(which) {
-    var micro = 0;
-    var mom;
-    var dp = which == 'first' ? $('#date_fs') : $('#date_ls');
-    var timej = which == 'first' ? $('#time_fs') : $('#time_ls');
-    if (dp.val() != "") { // no time without a date
-        mom = dp.datepicker('getDate');
-        mom = mom === null ? moment(0) : moment(mom.toISOString());
-        if (timej.val() != "") {
-            $('#precision_tool_'+which).find('input[type="number"]').each(function() {
-                switch($(this).attr('scale')) {
-                    case 'us':
-                        micro = parseInt($(this).val());
-                        break;
-                    case 'ms':
-                        mom.set('ms', parseInt($(this).val()));
-                        break;
-                    case 'Second':
-                        mom.set('s', parseInt($(this).val()));
-                        break;
-                    case 'Minute':
-                        mom.set('m', parseInt($(this).val()));
-                        break;
-                    case 'Hour':
-                        mom.set('h', parseInt($(this).val()));
-                        break;
-                }
-            });
-        } else { // no time, setting it UTC noon
-            micro = 0;
-            mom.set('h', 0);
-        }
-    }
-    microdatetime = new MicroDatetime();
-    microdatetime.moment = mom;
-    microdatetime.micro = micro;
-    return microdatetime;
-}
-
-function reflect_change_on_input(seen, full) {
-    if ($('#seen_precision_tool').prop('checked')) {
-        if (seen == 'both' || seen == 'first') {
-            var microdatetime = get_time_from_slider('first');
-            if($('#date_fs').val() !== '') {
-                $("#time_fs").val(microdatetime.get_time());
-            }
-        }
-
-        if (seen == 'both' || seen == 'last') {
-            var microdatetime = get_time_from_slider('last');
-            if($('#date_ls').val() !== '') {
-                $("#time_ls").val(microdatetime.get_time());
-            }
-        }
-    }
-}
 
 function reflect_change_on_form() {
-    var microdatetime = get_time_from_slider('first');
-    if (microdatetime.moment !== undefined) {
-        $('#'+controller+'FirstSeen').val(microdatetime.get_microISO());
-    } else {
-        $('#'+controller+'FirstSeen').val("");
-    }
-    var microdatetime = get_time_from_slider('last');
-    if (microdatetime.moment !== undefined) {
-        $('#'+controller+'LastSeen').val(microdatetime.get_microISO());
-    } else {
-        $('#'+controller+'LastSeen').val("");
+    var first_seen = $('#date_fs').val() + 'T' + $("#time_fs").val();
+    var last_seen = $('#date_ls').val() + 'T' + $("#time_ls").val();
+    $('#'+controller+'FirstSeen').val(first_seen);
+    $('#'+controller+'LastSeen').val(last_seen);
+}
+
+function extractDatetimePart(text) {
+    try {
+        var split = text.split('T')
+        return {
+            date: split[0],
+            time: split[1]
+        }
+    } catch (error) {
+        return { date: '', time: ''}
     }
 }
 
@@ -290,149 +38,41 @@ $(document).ready(function() {
     var inputs_container = $('<div class="input-group input-daterange"></div>');
     // create separate date and time input
     var date_div_fs = $('<div class="input clear larger-input-field" style="margin-left: 10px;"></div>').append(
-        $('<label><?php echo __('First seen date') . '<span class="fa fa-calendar label-icon"></span>'; ?><input id="date_fs" type="text" style="width: 240px;"></input></label>')
+        $('<label><?php echo __('First seen date') . '<span class="fas fa-calendar label-icon"></span>'; ?><input id="date_fs" type="text" style="width: 240px;"></input></label>')
     );
     $(inputs_container).append(date_div_fs);
     var date_div_ls = $('<div class="input text larger-input-field"></div>').append(
-        $('<label><?php echo __('Last seen date') . '<span class="fa fa-calendar label-icon"></span>'; ?><input id="date_ls" type="text" style="width: 240px;"></input></label>')
+        $('<label><?php echo __('Last seen date') . '<span class="fas fa-calendar label-icon"></span>'; ?><input id="date_ls" type="text" style="width: 240px;"></input></label>')
     );
     $(inputs_container).append(date_div_ls);
     $(sliders_container).append(inputs_container);
 
     var time_div_fs = $('<div class="input clear larger-input-field" style="margin-left: 10px;"></div>').append(
-        $('<label><?php echo __('First seen time') . '<span class="fa fa-clock-o label-icon"></span>'; ?><input id="time_fs" type="text" style="width: 240px; text-align: center;"></input></label>')
+        $('<label><?php echo __('First seen time') . '<span class="fas fa-clock label-icon"></span>'; ?><input id="time_fs" type="text" style="width: 240px; text-align: center; margin-bottom: 0px" placeholder="HH:MM:SS.ssssss+TT:TT"></input></label>'),
+        $('<span class="apply_css_arrow"></span>').text('<?php echo __('Expected format: HH:MM:SS.ssssss+TT:TT') ?>')
     );
     $(sliders_container).append(time_div_fs);
     var time_div_ls = $('<div class="input larger-input-field"></div>').append(
-        $('<label><?php echo __('Last seen time') . '<span class="fa fa-clock-o label-icon"></span>'; ?><input id="time_ls" type="text" style="width: 240px; text-align: center;"></input></label>')
+        $('<label><?php echo __('Last seen time') . '<span class="fas fa-clock label-icon"></span>'; ?><input id="time_ls" type="text" style="width: 240px; text-align: center; margin-bottom: 0px" placeholder="HH:MM:SS.ssssss+TT:TT"></input></label>'),
+        $('<span class="apply_css_arrow"></span>').text('<?php echo __('Expected format: HH:MM:SS.ssssss+TT:TT') ?>')
     );
     $(sliders_container).append(time_div_ls);
 
-    // create checkbox
-    var div_checkbox_prec_tool = $('<div class="clear checkbox" style="margin-left: 10px;"></div>').append(
-        $('<label style="display: inline-block"><input id="seen_precision_tool" type="checkbox" style="margin-top: 0px;"></input><?php echo(__('Enable precision tool'))?><span class="fa fa-bullseye label-icon"</span></label>')
-    );
-    $(sliders_container).append(div_checkbox_prec_tool);
-
-    // create sliders
-    var div = $('<div id="precision_tool" class="precision-tool clear" style="display: none"></div>');
-    var content = $('<table id="precision_tool_first" style="float: left;"></table>');
-    for (var i=0; i<time_vals.length; i++) {
-        var type = time_vals[i][0];
-        var max = time_vals[i][1];
-        var factor = time_vals[i][2];
-        var row = get_slider_and_input('first', type, factor, max)
-        content.append(row);
-    }
-    div.append(content);
-    var content = $('<table id="precision_tool_last" style="float:left; margin-left: 15px;"></table>');
-    for (var i=0; i<time_vals.length; i++) {
-        var type = time_vals[i][0];
-        var max = time_vals[i][1];
-        var factor = time_vals[i][2];
-        var row = get_slider_and_input('last', type, factor, max)
-        content.append(row);
-    }
-    div.append(content);
-    $(sliders_container).append(div);
-
-    time_vals.forEach(function(elem) {
-        $('#input-time-first-'+elem[0]).on('input', function(e) {
-            $('#slider-time-first-'+elem[0]).val($(this).val());
-            reflect_change_on_input('first');
-        });
-        $('#slider-time-first-'+elem[0]).on('input', function(e) {
-            $('#input-time-first-'+elem[0]).val($(this).val());
-            reflect_change_on_input('first');
-        });
-
-        $('#input-time-last-'+elem[0]).on('input', function(e) {
-            $('#slider-time-last-'+elem[0]).val($(this).val());
-            reflect_change_on_input('last');
-        });
-        $('#slider-time-last-'+elem[0]).on('input', function(e) {
-            $('#input-time-last-'+elem[0]).val($(this).val());
-            reflect_change_on_input('last');
-        });
-    });
-
-    $('#seen_precision_tool').change(function(e) {
-        if(e.target.checked) {
-            $('#precision_tool').show();
-        } else {
-            $('#precision_tool').hide();
-        }
-    });
-
-    $('#time_fs').on("focus", function(event) {
-        $('#seen_precision_tool').prop('checked', true);
-        $('#precision_tool').show();
-    });
-    $('#time_ls').on("focus", function(event) {
-        $('#seen_precision_tool').prop('checked', true);
-        $('#precision_tool').show();
-    });
-
-    $('#time_fs').on("input", function(event) {
-        reflect_change_on_sliders('first', false, $(this).val());
-    });
-    $('#time_ls').on("input", function(event) {
-        reflect_change_on_sliders('last', false, $(this).val());
-    });
-
-    $('#time_fs').on("paste", function(event) {
-        // prefetch clipboard text and apply change
-        var datetimeString;
-        if (event.originalEvent.clipboardData && event.originalEvent.clipboardData.types
-            && $.inArray('text/plain', event.originalEvent.clipboardData.types) !== -1) {
-            datetimeString = event.originalEvent.clipboardData.getData('text/plain');
-        }
-        else if (window.clipboardData) {
-            datetimeString = window.clipboardData.getData('Text');
-        }
-        $('#'+controller+'FirstSeen').val(datetimeString);
-        reflect_change_on_sliders('first', false);
-        event.preventDefault();
-    });
-
-    $('#time_ls').on("paste", function(event) {
-        // prefetch clipboard text and apply change
-        var datetimeString;
-        if (event.originalEvent.clipboardData && event.originalEvent.clipboardData.types
-            && $.inArray('text/plain', event.originalEvent.clipboardData.types) !== -1) {
-            datetimeString = event.originalEvent.clipboardData.getData('text/plain');
-        }
-        else if (window.clipboardData) {
-            datetimeString = window.clipboardData.getData('Text');
-        }
-        $('#'+controller+'LastSeen').val(datetimeString);
-        reflect_change_on_sliders('last', false);
-        event.preventDefault();
-    });
-
     $('#'+controller+'FirstSeen').closest('form').submit(function( event ) {
         reflect_change_on_form();
     });
 
-    var d1 = new MicroDatetime($('#'+controller+'FirstSeen').val());
-    var d2 = new MicroDatetime($('#'+controller+'LastSeen').val());
-    if (d1.has_date() || d2.has_date()) {
-        $('#date_fs').val(d1.get_date());
-        $('#date_ls').val(d2.get_date());
-    }
-    if (d1.has_time() || d2.has_time()) {
-        $('#seen_precision_tool').prop('checked', true);
-        $('#precision_tool').show();
-        $('#time_fs').val(d1.get_time());
-        $('#time_ls').val(d2.get_time());
-    }
+    var d1 = extractDatetimePart($('#'+controller+'FirstSeen').val());
+    var d2 = extractDatetimePart($('#'+controller+'LastSeen').val());
+    $('#date_fs').val(d1.date);
+    $('#time_fs').val(d1.time);
+    $('#date_ls').val(d2.date);
+    $('#time_ls').val(d2.time);
 
     $('.input-daterange').datepicker({
         preventMultipleSet: true,
-        format: 'yyyy/mm/dd',
+        format: 'yyyy-mm-dd',
         todayHighlight: true
     })
-    reflect_change_on_sliders('both', true);
-
 });
 </script>

From 3d473ca29fc7c21a284d002c4e74f67cfd6ca759 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 20 Jan 2020 06:37:35 +0100
Subject: [PATCH 66/73] chg: [pymisp] bump

---
 PyMISP | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PyMISP b/PyMISP
index c4c05e43b..adf97dfef 160000
--- a/PyMISP
+++ b/PyMISP
@@ -1 +1 @@
-Subproject commit c4c05e43b3c6468dd42c8921a1cea21c38b0798c
+Subproject commit adf97dfeff25d28837ade5e8b47fc1cc28bbb082

From 43079f6dc189caf028a6d36a8981e396086d6878 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 20 Jan 2020 10:07:11 +0100
Subject: [PATCH 67/73] fix: [settings] purge previous setting, push new one

---
 app/Model/AdminSetting.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/Model/AdminSetting.php b/app/Model/AdminSetting.php
index eea0f6736..b178ef80f 100644
--- a/app/Model/AdminSetting.php
+++ b/app/Model/AdminSetting.php
@@ -21,19 +21,19 @@ class AdminSetting extends AppModel
         $setting_object = $this->find('first', array(
             'conditions' => array('setting' => $setting)
         ));
-        if (!empty($setting_object)) {
-            $setting_object['AdminSetting']['value'] = $value;
-        } else {
-            $this->create();
-            $setting_object['AdminSetting'] = array('setting' => $setting, 'value' => $value);
-        }
+        $this->deleteAll('setting' => $setting);
+        $this->create();
+        $setting_object['AdminSetting'] = array('setting' => $setting, 'value' => $value);
         if ($this->save($setting_object)) {
             return true;
         } else {
+            $this->create();
+            $this->save($setting_object);
             return $this->validationErrors;
         }
     }
 
+
     public function getSetting($setting)
     {
         $setting_object = $this->find('first', array(

From 24d13b769c85a870ce17360b06b24fa0ad7cb21e Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 20 Jan 2020 10:18:00 +0100
Subject: [PATCH 68/73] fix: [update] typo fixed

---
 app/Model/AdminSetting.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/AdminSetting.php b/app/Model/AdminSetting.php
index b178ef80f..25102dbc3 100644
--- a/app/Model/AdminSetting.php
+++ b/app/Model/AdminSetting.php
@@ -21,7 +21,7 @@ class AdminSetting extends AppModel
         $setting_object = $this->find('first', array(
             'conditions' => array('setting' => $setting)
         ));
-        $this->deleteAll('setting' => $setting);
+        $this->deleteAll(array('setting' => $setting));
         $this->create();
         $setting_object['AdminSetting'] = array('setting' => $setting, 'value' => $value);
         if ($this->save($setting_object)) {

From 22b2e82ace35e8065034722fb9d436ff356282e8 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 20 Jan 2020 10:23:51 +0100
Subject: [PATCH 69/73] fix: [upgrade] Added a safety net for launching
 superfluous updates

---
 app/Model/AppModel.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index ad394cf65..fbcb8bd5b 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -146,6 +146,9 @@ class AppModel extends Model
     // this could become useful in the future
     public function updateMISP($command)
     {
+        if (!$this->_isSiteAdmin() && (!Configure::read('MISP.live') || $this->_isRest())) {
+            return false;
+        }
         $dbUpdateSuccess = false;
         switch ($command) {
             case '2.4.20':
@@ -1490,7 +1493,7 @@ class AppModel extends Model
                     if ($indexSuccess['success']) {
                         $this->__setUpdateResMessages(count($sqlArray)+$i, __('Successfuly indexed ') . sprintf('%s -> %s', $iA[0], $iA[1]));
                     } else {
-                        $this->__setUpdateResMessages(count($sqlArray)+$i, sprintf('%s %s %s %s', 
+                        $this->__setUpdateResMessages(count($sqlArray)+$i, sprintf('%s %s %s %s',
                             __('Failed to add index'),
                             sprintf('%s -> %s', $iA[0], $iA[1]),
                             __('The returned error is:') . PHP_EOL,
@@ -1759,8 +1762,7 @@ class AppModel extends Model
             $job = $this->Job->find('first', array(
                 'conditions' => array('Job.id' => $processId)
             ));
-
-            if (!empty($updates)) {
+            if (empty($updates)) {
                 // Exit if updates are locked.
                 // This is not as reliable as a real lock implementation
                 // However, as all updates are re-playable, there is no harm if they

From 379c6c3443051572cb5769b2ced9695080b8b6a3 Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Mon, 20 Jan 2020 10:25:00 +0100
Subject: [PATCH 70/73] fix: [upgrade] removed test change

---
 app/Model/AppModel.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Model/AppModel.php b/app/Model/AppModel.php
index fbcb8bd5b..3a2350b3a 100644
--- a/app/Model/AppModel.php
+++ b/app/Model/AppModel.php
@@ -1762,7 +1762,7 @@ class AppModel extends Model
             $job = $this->Job->find('first', array(
                 'conditions' => array('Job.id' => $processId)
             ));
-            if (empty($updates)) {
+            if (!empty($updates)) {
                 // Exit if updates are locked.
                 // This is not as reliable as a real lock implementation
                 // However, as all updates are re-playable, there is no harm if they

From 6dc79425dda08334761a843392c00ce8c4f90281 Mon Sep 17 00:00:00 2001
From: mokaddem <sami.mokaddem@circl.lu>
Date: Mon, 20 Jan 2020 10:39:50 +0100
Subject: [PATCH 71/73] chg: [queryVersion] Bumped version

---
 app/Controller/AppController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index ec06280b9..dcbb253af 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -46,7 +46,7 @@ class AppController extends Controller
 
     public $helpers = array('Utility', 'OrgImg', 'FontAwesome', 'UserName');
 
-    private $__queryVersion = '95';
+    private $__queryVersion = '96';
     public $pyMispVersion = '2.4.120';
     public $phpmin = '7.2';
     public $phprec = '7.4';

From 887cfa1cc25864652ca403e330c5258003009c33 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 20 Jan 2020 11:26:05 +0100
Subject: [PATCH 72/73] chg: [misp-galaxy] updated to the latest version

---
 app/files/misp-galaxy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/files/misp-galaxy b/app/files/misp-galaxy
index 5da0c7bd5..dbaab413b 160000
--- a/app/files/misp-galaxy
+++ b/app/files/misp-galaxy
@@ -1 +1 @@
-Subproject commit 5da0c7bd545ee93cf40786c1c535b9d4897943b1
+Subproject commit dbaab413b6b4680ae458a7d7a8ac6e1917fcc357

From 918b415486fae52c2c373c127d74d883d2bb1328 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 20 Jan 2020 11:26:49 +0100
Subject: [PATCH 73/73] chg: [misp-objects] updated to the latest version

---
 app/files/misp-objects | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/files/misp-objects b/app/files/misp-objects
index bce101832..fa6348039 160000
--- a/app/files/misp-objects
+++ b/app/files/misp-objects
@@ -1 +1 @@
-Subproject commit bce101832597b5f62679ac0299b2b4ef4681a145
+Subproject commit fa634803911d211f993049242d41eebaf342a9c4