- Backported from 2.4
- Running a stix export for a specific ID that doesn't exist results in a full STIX export for the user (events visible to the user)
- This leads for an unnecesarily long export process when a quick export is expected
- Double sanitisation when edditing an attribute/proposal comment removed
- Fixed an issue where an ip/resource was recognised as a CIDR notation IP range instead of a url
- Changed the flash message for publishing without e-mails to something less scary
- defanged URL type attributes are refanged on input
- admin script to do the same for all existing attributes
- admin tool doesn't recognise a word followed by a . as a url
- event index filtering now accepts POST requests with a json object
- format has to be filter syntax passed for each field. Example:
- {"tags":"OSINT|TLP:WHITE|!PRIVINT", "published":"1"}
- Fixed an issue with no tags being recognised leading to the index returning an unfiltered list
- Required for filtered pulls from 2.4
- Discussions
- Event discussion thread initiated on first post instead of first view
- allows for saving an event even if an attribute fails
- logs attributes that fail validation
- same for edit
- add_misp_export updated with the above in mind
- called Add MISP export now
- can be an XML / JSON file
- result browser with explanations of failures
- REST XML/JSON add/edit of events returns errors instead of the partially succeeding event
- Removed the OpenIOC Indicator UUID persistence and moved it to a comment
- this allows for the same OpenIOC report to be imported into separate events and won't result in a UUID collision
- Reworked the composite indicator resolver
- more generic, allows for 3 part composites (to allow for regkeypath/regkey/regvalue combinations)
- Registry values now correctly recognised