MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
13,016 Commits
41 Branches
370 Tags
181 MiB
Commit Graph

584 Commits (15f572c627b2a340d416698b5d2b92e249cb0c17)

Author SHA1 Message Date
iglocska 226ccd6de5
chg: [sync] Further improvements to the connection test logging 2019-09-09 15:35:05 +02:00
iglocska 6580e951e0
chg: [sync] Connection test POST test logs the full response, not just the expected part 2019-09-09 15:27:36 +02:00
iglocska e89d1a267d
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-09-09 13:03:09 +02:00
iglocska 75acd63c46
fix: [security] Fix to a vulnerability related to the server index 
- along with various support tools
- more information coming soon
 2019-09-09 13:00:21 +02:00
Jakub Onderka 863e38807d chg: Allow to load Crypt_GPG from composer 2019-09-06 21:31:16 +02:00
iglocska b2e026b9ef
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-09-06 11:08:17 +02:00
iglocska 41f5c88c74
fix: [sync] Fixed major performance blocker 
- fix based on the insights of @RichieB2B, the hero we need, not the one we deserve
- added orgc_uuid to the minimal event index
- added handlers for it on the pull side
- when pulling from old instances the new functionality is skipped, resulting in the behaviour we had pre-patch
- both sides of the sync are encouraged to update, especially if the slow pulls are causing issues
 2019-09-06 10:59:48 +02:00
Richard van den Berg e53ec5b0c8 Log reason for event download failure 2019-09-05 15:29:23 +02:00
Richard van den Berg 9ebd5f21be Log all errors from server pull 2019-09-05 15:22:38 +02:00
Bechkalo Evgeny c5d80566a4 fix: SQL-error during obtaining dbSpaceUsage 
Fixed SQL-error in PostgreSQL for viewing Diagnostics Page
Added check for datasource, added PostgreSQL handling (without
reclaimable memory).
 2019-08-27 20:37:03 +03:00
iglocska bbc05b229f
new: [diagnostics] Added SQL table size tool 
- along with various other small fixes
- increased recommended memory size additionally
 2019-08-21 17:01:52 +02:00
iglocska e8c5dba4f3
new: [API] get a single server setting via /servers/getSetting/[setting_name], fixes #4964 2019-08-15 20:01:36 +02:00
iglocska 1cb9489839
fix: [sessions] Several minor fixes to the session handling 
- cookieTimeout setting fixed
- moved the session massaging into a separate function
- added some translation calls for some of the setting errors involved
 2019-08-09 15:57:15 +02:00
iglocska c3a0201195
new: [debug] Added an on-demand sync debug to assist some debug sessions 
- very primitives, simply concatenates events to be pushed into a file
 2019-08-08 14:34:20 +02:00
iglocska e53a0046a9
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2019-08-07 15:04:51 +02:00
iglocska 3feee7e8d3
fix: [internal] testBoolFalse logic error fixed 2019-08-07 15:04:34 +02:00
iglocska d6692c44a0
new: [sync] Previewing a remote instance now passes pagination rules in the request instead of fetching the full data-set and paginating in memory 
- fixes issues with empty preview pages
- massive performance boost
- requires the remote side to be the same version or newer
 2019-08-02 14:42:23 +02:00
chrisr3d 6eb8a9c230
chg: [View] Setting default link value for vulnerability & weakness 2019-08-02 09:16:46 +02:00
chrisr3d 1437c908bb
add: [Model] New attribute type weakness 
- Describing links linking to the provided CWE lookup
 2019-08-01 16:42:10 +02:00
iglocska 122ff89f2f
new: [setting] Disable DB logging completely, fixes #4921 
- Not recommended, but for certain use-cases it might be desirable
 2019-07-31 09:52:05 +02:00
iglocska 90191be3cd
new: [alerting] Block the alerting of events based on the date field as an alternative to the timestamp, fixes #4937 2019-07-30 10:58:15 +02:00
iglocska d1b7639239
fix: [settings] Fixed the text for the block_old_event_alert_age setting, fixes #4909 2019-07-29 12:40:14 +02:00
iglocska 2105ad8691
fix: [servers] Adding a server now requires the name to be set, partially fixes #4889 2019-07-29 10:28:29 +02:00
Richard van den Berg 5367373f9d Make error clearer when canpush bit is missing 2019-07-17 12:59:21 +02:00
iglocska c8018d7daa
new: [API] Proposal sync rework done 2019-07-12 16:03:08 +02:00
iglocska c097f001dc
new: [security] Made certain settings modifiable via the CLI only 
- some settings are too risky to be exposed, even to site admins, so made them CLI accessible only
 2019-06-18 09:57:27 +02:00
iglocska 39a7077096
new: [server settings] Added option to disable the write collision safe rotating config.php handler 2019-06-17 00:43:00 +02:00
iglocska c42c5fe927
fix: [security] Fixed an RCE vulnerability with user controled entries being fed to file_exists 
- phar protocol paths for php file instructions can lead to RCE via meta-data deserialization
- mitigated by the functionalities enabling this being only accessible to site admins

- Reported by Dawid Czarnecki
 2019-06-16 19:11:35 +02:00
iglocska 90f4f03b52
fix: [sync] Push all bug with empty events fixed 2019-06-11 09:33:36 +02:00
iglocska 0bd0d7e090
new: [sync] Block pulled events from being saved if they contain no attributes/objects 2019-06-04 14:51:31 +02:00
iglocska 06d155d203
new: [emailing] Server admins can get a threshold for per org e-mail alerts, fixes #4714 2019-06-04 11:30:01 +02:00
iglocska 727057c989
fix: [submodule version check] fixed 2019-05-23 11:53:08 +02:00
iglocska 1aef957d5f
new: [paranoid logging] Added POST/PUT body logging on demand 2019-05-17 12:04:19 +02:00
iglocska e89b4525ad
new: [logging] Added paranoid logging mode 
- will log ANY query's (UI/API):
  - http method
  - requested URL

- optionally disable DB logging for paranoid log entries
 2019-05-17 11:45:20 +02:00
iglocska 5ac27f58f1
new: [logging] Added verbose logging to the server sync test throwing an unexpected error 2019-05-16 11:28:51 +02:00
Andras Iklody 11a0c9ed73
Merge pull request #4600 from pettai/local-data 
rpz: Local-Data
 2019-05-09 10:19:44 +02:00
frpet 63083edcbd fix description 
make the description clearer
 2019-05-09 09:33:26 +02:00
Andras Iklody 2315500751
Merge pull request #4595 from pettai/action-policy-update 
rpz: make NXDOMAIN default
 2019-05-08 17:33:20 +02:00
frpet 38a64e0ba9 rpz: action policy rename (to Local-Data) 
Rename action policy "walled-garden" to "Local-Data" as per the IETF draft (and other documentation for RPZ)
 2019-05-08 15:54:34 +02:00
frpet 9274a9d987 rpz: make NXDOMAIN default 
Update default action policy from DROP --> NXDOMAIN
 2019-05-08 15:22:03 +02:00
frpet be7b344d0e Update Serial description 
Hint about $time, which also is a valid setting
 2019-05-08 07:28:31 +02:00
frpet 6576565de2 fix the testForRPZ... functions 
Make the testForRPZ... functions happy too.
 2019-05-08 07:14:36 +02:00
Andras Iklody 3c6a336774
Merge pull request #4581 from pettai/RPZ-policy-action 
RPZ - Add additional policy actions
 2019-05-07 17:03:27 +02:00
frpet 76fcc6553a Add additional policy actions 
Add the last policy actions from the RPZ draft.
* rpz-passthru allows for testing without applying changes on the returned answer.
* TCP-only forces the client over to use TCP.
 2019-05-07 16:29:32 +02:00
mokaddem 954e75d170 chg: [diagnostic] Improved worker's message when updating the submodules 2019-05-02 13:34:17 +02:00
Steve Clement fc8f7982df
Zoidberg's son: Update system (#4534) 
Zoidberg's son: Update system
 2019-05-01 18:24:41 +09:00
iglocska 8b127f8fab new: [yara] Added diagnostics 2019-04-30 15:36:13 +02:00
mokaddem 676dd970ea fix: [updateSubmodule] Simplified calculation of time difference 2019-04-30 09:08:58 +02:00
mokaddem 47e13c8369 chg: [updates] Implented changes requested by the PR's review #4534. 2019-04-29 11:09:04 +02:00
Sami Mokaddem e86b161d93
fix: [diagnostic:submodules] 
Time difference is correctly calculated. Should solve #4538
 2019-04-29 10:45:24 +02:00