- new functionality: Event blacklisting by UUID
- site admins cna enable this feature in the server settings
- enabling the feature will make the required db changes
- any deleted event will automatically get blacklisted
- this prevents deleted events from flowing back from a synced instance
- site admins can manually add UUIDs to the list and remove entries
- fix to UUID duplication issues for attributes
- simply run the admin script and it will regenerate the UUID of attributes that are duplicates, if any such exist
- timestamps/event published status will not be affected
- config.core.php now includes a change that prevents from 404 exceptions being logged
- the sync uses 404s to signal that an event with a given uuid does not exist when negotiating proposal synchronisation
- this causes a dangerously high amount of noise in the logs
- Pull request by RichieB2B: CentOS 6 & 7 installation instructions
- Pull request by RichieB2B: STIX exports now include comments for indicators
- Pull request by RichieB2B: Issue fixed with md5 type attributes not generating observables correctly during a STIX export
- Password policy change-able by a site admin via a regex and a min char requirement. Old functionality assumed if not set.
- bug fixed with incorrect jobs being created appearing during a scheduled pull (designates a push)
- slight changes to the installation instructions
- database.default.php now uses localhost instead of 127.0.0.1 and the default MySQL port
- server setting has to be enabled to allow for this
- can cause issues if the event gets synchronised with an instance that has a different creator organisation for the same event
- it is recommended not to use this, but in some cases it can be very helpful - the setting for it in the configuration is called MISP.take_ownership_xml_import
- XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains
- New option in bootstrap to allow the cached XML export to also include the attachments
- CSV caching slightly rearranged, it's much more memory efficient now
- Some fixes to relatedevent orgs being shown even if showorg is disabled
- Added a new site admin action to generate several 3k events for load testing (slow)
- Tags are now fully shown on the event index
- can be enabled via bootstrap (the Configure::write setting is in the bootstrap.default.php file)
- shorthand distribution names
- narrowed some of the fields down
- AJAX requests now also respond with a small message at the bottom of the page, notifying the user of the result
- The following actions work now on the event page via ajax:
1. Add / remove tags
2. quick edit any attribute field if eligible
3. quickly create a proposal of any attribute field if not eligible to edit
4. popover attribute creation (also works with batch add)
5. popover proposal creation (also works with batch add)
6. delete attributes
7. accept/discard proposals
8. mass edit / delete attributes
Also, replaced the old memberslist, with a small lightweight css/js based one.
- during the event id pull, the local server already checks the timestamps, removing the ids of events that are not newer than the local version
- this results in only the event metadata being pulled for all events, and the attributes of only those events that need to be updated are pulled resulting in much quicker pulls
- Fixed an issue with proposals that got pulled not finding the attribute that they are proposals to (for proposals that belong to an attribute)
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
- Event.risk has been replaced by Event.threat_level_id.
all functionality remains the same and users should not see
any difference.
ENUM() used for Event.risk is vendor specific and requires
too many hacks to play nicely with bake.
- Added default schema file, SQL dumps should be avoided since
they make updating/upgrading a pain.
- Removed old unused schemas
Some small travins changes too.
FYI there's an automated travis build available at
https://travis-ci.org/MISP/MISP
We don't have unit testing and travis setup is subpar so everything will fail
for now.
A global configuration CyDefSig.cveurl added to specify the URL
where to reference a CVE/NVD number. CyDefSig.cveurl is optional
and if not existing fallbacks to the original google.com URL.
- Since regexp can be used to blacklist things, there's no need to have
two separate features that accomplish the same thing
- Add a regexp named /1.1.1.1/ with nothing as replacement and it will
behave the same as adding a blacklist for 1.1.1.1 in the old system.