MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,975 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

19178 Commits (39093e97dd028e4adbe5dda9fe95481d9c036b4d)

Author SHA1 Message Date
Sami Mokaddem 7d791919e6
fix: [workflow-module:tag_if] Added support of galaxy clusters 
Fix #8959
 2023-03-30 11:32:14 +02:00
Sami Mokaddem 8ec8f4b4f2
fix: [db:workflows] Changed workflows.data from TEXT to LONGTEXT 
Should fix issue  #8979
 2023-03-30 10:42:22 +02:00
dnso86 3c74268274 fix: [AccessLog] MySQL command 2023-03-30 00:04:07 +02:00
dnso86 4b0160d78b fix: [adminShell:optimiseTables] MySQL command 2023-03-29 23:50:54 +02:00
Alexandre Dulaunoy 1072912418
chg: [misp-galaxy] updated 2023-03-29 10:39:24 +02:00
Christophe Vandeplas 92ac663ccf
Merge remote-tracking branch 'origin/feature/api_log_and_pin_ip' into develop 2023-03-29 10:30:19 +08:00
Christophe Vandeplas e6001bc9fa
Revert "Feature/api log and pin ip (#8965)" 
This reverts commit d5ce838ddc.
 2023-03-29 09:53:29 +08:00
Christophe Vandeplas d5ce838ddc
Feature/api log and pin ip (#8965) 
* fix: [sightings] don't be case insensitive on code side

* chg: [AuthKey] store IPs used to connect and show them

* chg: [AuthKey] db change

* fix: [AuthKeys] prevent race condition with double IPs

* chg: [git] exclude DebugKit plugin from git

* fix: [AuthKey] integrate mokaddem's remarks

* chg: [authkey] One-click IP as only allowed IP

* chg: [authkey] pin IP on view page

---------
 2023-03-29 09:18:47 +08:00
iglocska 3df20b30e7
Merge branch '2.4' into develop 2023-03-27 11:03:16 +02:00
iglocska 13d99cfaca
chg: [pymisp] bump 2023-03-27 11:01:42 +02:00
iglocska e498158208
chg: [pymisp] version string bump 2023-03-27 10:51:41 +02:00
vincenzocaputo f001481394 new: [misp-workflow-modules] Event threat level if logic module 2023-03-26 11:28:32 +02:00
Sami Mokaddem b94c7978e5
fix: [security] XSS in community index 
- As reported by Zigrin Security
 2023-03-25 09:27:57 +01:00
Luciano Righetti d2ecd00e8e cgh: add named param support for attributes:add() breakOnDuplicate 2023-03-23 15:34:56 +01:00
Luciano Righetti 287606cf4a fix: consistent hash calculation in object dup checks 2023-03-23 15:03:58 +01:00
Luciano Righetti bedd889fae chg: handle breakOnDuplicate parameter in Attribute:add() to perform upserts instead of failing 2023-03-23 11:20:29 +01:00
Christophe Vandeplas 056436f69d chg: [authkey] pin IP on view page 2023-03-23 04:43:02 +01:00
Christophe Vandeplas ce4cee7cbe chg: [authkey] One-click IP as only allowed IP 2023-03-22 13:16:49 +01:00
Christophe Vandeplas 7de61dec00 fix: [AuthKey] integrate mokaddem's remarks 2023-03-21 07:02:45 +01:00
Christophe Vandeplas cb3b4b43dc fix: [AuthKeys] prevent race condition with double IPs 2023-03-19 11:57:52 +01:00
Christophe Vandeplas 16a2713403 chg: [AuthKey] db change 2023-03-19 11:52:52 +01:00
Christophe Vandeplas 758c4fd829 chg: [AuthKey] store IPs used to connect and show them 2023-03-19 11:37:29 +01:00
iglocska 7614123ed6
Merge branch '2.4' into develop 2023-03-17 15:51:29 +01:00
iglocska aa9dffb03f
fix: [galaxyCluster index] filter by galaxy should accept UUID too not just ID 2023-03-17 15:50:47 +01:00
iglocska 9a153f9a3d
fix: [sightings] don't be case insensitive on code side 2023-03-17 15:34:33 +01:00
iglocska 8594d2ab47
fix: [Galaxy index search] fixed 
- seems to be using the Cerebrate format rather than MISP?
 2023-03-17 15:25:40 +01:00
Christian Studer 947427b7ae
chg: [misp-stix] Bumped latest version 2023-03-14 11:31:17 +01:00
iglocska ddd9700b99
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-03-10 14:31:25 +01:00
iglocska e77a4fced7
fix: [php7.2 compat] make 7.2 happy with no trailing comma in the funciton params 2023-03-10 14:30:20 +01:00
Raphaël Vinot 68c130a099 chg: Bump PyMISP 2023-03-10 15:14:22 +02:00
iglocska 7fa48b8772
chg: [vendor dir check diagnostic] made the execution optional if the required package is missing 2023-03-10 13:56:03 +01:00
Christophe Vandeplas eefb1fc32a Merge branch 'develop' of https://github.com/MISP/MISP into develop 2023-03-10 13:16:36 +01:00
Christophe Vandeplas 5b1bc40ba0 chg: [diagnostics] Report on Vendor dependencies 2023-03-10 13:14:39 +01:00
Sami Mokaddem 8dbcd43b42
Merge branch 'pr-8948' into develop 2023-03-10 11:22:16 +01:00
Sami Mokaddem a78b2d7b77
Merge branch 'pr-8946' into develop 2023-03-10 11:19:42 +01:00
Sami Mokaddem 92c29436d4
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-03-10 11:11:58 +01:00
Sami Mokaddem 78f423451a
fix: [security] XSS in event-graph relationship tooltip 2023-03-10 11:11:13 +01:00
Sami Mokaddem 30255b8d68
fix: [security] XSS in event-graph node tooltips 
- as reported by Cyber Controls from SIX Group
 2023-03-10 11:10:42 +01:00
Anders Einar Hilden b2ad8fc687 new: [ApacheAuthenticate] Add STARTTLS support for LDAP connection 
Controlled by setting `ApacheSecureAuth.starttls`. Default (`ApacheSecureAuth.starttls undefined`) is `false`, since it is a new feature.

config.default.php is updated with `ApacheSecureAuth.starttls = true` as default and extra explanations.
 2023-03-10 10:34:26 +01:00
Anders Einar Hilden da5278d349 [new]: [doc] [ApacheSecureAuth] Add minimal docs for ApacheSecureAuth, and a bigger section about using the /users/logout401 endpoint. 2023-03-10 10:34:05 +01:00
Anders Einar Hilden ec495da477 [new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth 
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
 2023-03-10 10:34:05 +01:00
Alexandre Dulaunoy 9898c68482
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-03-10 08:46:36 +01:00
Alexandre Dulaunoy 066f49f64e
chg: [misp-galaxy] updated to the latest version 2023-03-10 08:45:52 +01:00
Sami Mokaddem 69e3948dea
fix: [workflowModules:splunkHec] Fixed indentation 2023-03-10 08:44:30 +01:00
Sami Mokaddem 7155b9afe2
Merge branch 'pr-8835' into develop 2023-03-10 08:41:22 +01:00
Sami Mokaddem f96abece4f
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-03-10 08:34:01 +01:00
Sami Mokaddem 55bc56d8d7
chg: [command:ls22] Improved scoring for LS shell 2023-03-10 08:33:27 +01:00
Alexandre Dulaunoy 84d620fd9a
chg: [misp-objects] updated to the latest version 2023-03-09 18:10:04 +01:00
Alexandre Dulaunoy b17ea1c38f
chg: [misp-warning] updated to the latest version 2023-03-09 15:13:13 +01:00
iglocska 5720f25888
fix: [LS22 shell] parameter name fixed 2023-03-08 10:08:00 +01:00
iglocska 2872bc1374
Merge branch '2.4' into develop 2023-03-08 10:05:06 +01:00
iglocska 4ece8c74c9
new: [LS22 shell] added setSetting command 2023-03-08 10:04:29 +01:00
Alexandre Dulaunoy 8c8034543d
chg: [misp-galaxy] updated to the latest version 2023-03-07 12:24:27 +01:00
Benni0 82b01aae15
fix: [workflow:module_splunk_hec_export] typo colon removed 2023-03-02 22:15:44 +01:00
iglocska 9619c0e866
fix: [Sighting] rework of the loading via restsearch 
- the chunking and limiting by attribute IDs in the sighting restsearch caused long delays due to a select with two AND-ed in value lists causing the query optimiser to constantly run statistics on the table
- moved the filtering by attribute to PHP side via a loop, it should boost the performance of the function - and with it the sync considerably
 2023-03-02 10:30:43 +01:00
iglocska cdf270606c
fix: [Sighting] rework of the loading via restsearch 
- the chunking and limiting by attribute IDs in the sighting restsearch caused long delays due to a select with two AND-ed in value lists causing the query optimiser to constantly run statistics on the table
- moved the filtering by attribute to PHP side via a loop, it should boost the performance of the function - and with it the sync considerably
 2023-03-02 09:49:44 +01:00
iglocska 68c6563dc8
fix: [attribute correlations] account for both entry points, event view and attribute index 
- to select the correct field for the remote ID (rather than point at an attribute ID in the related events)
 2023-02-28 13:56:07 +01:00
iglocska 91d87b4e44
fix: [correlations] attribute index / search shows incorrect correlations, fixes #8930 
- showed the attribute ID rather than the event ID, also leading to invalid URLs for pivoting
 2023-02-27 14:56:30 +01:00
iglocska d123b27960
fix: [object correlations] fixed - ACL was incorrectly hiding valid correlations for a user, fixes #8929 
- inherit as the object distribution was blocked when showing correlations
 2023-02-27 14:21:47 +01:00
benni0 8eb26b7a9d chg: [workflow:module_splunk_hec_export] added parameter for source type specification 2023-02-26 12:25:24 +00:00
benni0 6ae140e5a9 fix: [workflow:module_splunk_hec_export] top level event required by splunk hec 2023-02-26 12:23:54 +00:00
iglocska 391a16fa88
Merge branch '2.4' into develop 2023-02-24 02:01:03 +01:00
iglocska 738fd95db2
fix: [taxii servers] invalid baseurl field type 
- copy pasta strikes again
 2023-02-24 02:00:16 +01:00
Sami Mokaddem f179b2db7a
chg: [workflow:module_splunk_hec_export] Small refactoring 2023-02-23 10:47:56 +01:00
Sami Mokaddem 1994f35e95
chg: [workflow:module_webhook] Added support of more parameter to perform a request 2023-02-23 10:46:52 +01:00
Sami Mokaddem d418f33835
fix: [workflow:standalone_module_execute] Clear error output on sucess 2023-02-23 10:45:28 +01:00
Sami Mokaddem 39408794ef
fix: [workflow:baseModule] Removed unused line 2023-02-23 10:45:00 +01:00
Sami Mokaddem 4adcf06b1c
Merge branch 'pr-8835' into develop 2023-02-23 09:14:33 +01:00
Alexandre Dulaunoy 7204fe7720
Merge branch '2.4' into develop 2023-02-21 11:49:04 +01:00
Alexandre Dulaunoy df80a5c369
chg: [misp-galaxy] updated 2023-02-21 11:48:42 +01:00
Sami Mokaddem 34ebd89c43
Merge branch '2.4' into develop 2023-02-20 15:05:10 +01:00
Sami Mokaddem 3bb6f9f43f
fix: [objects:group_attributes_into_object] Typo in find options 2023-02-20 15:04:31 +01:00
Sami Mokaddem 6df6924ca3
fix: [attribute:bro] Restored bro export 
The broExport should probably be rewritten to sue the standard restSearch export later on
 2023-02-17 16:16:49 +01:00
Sami Mokaddem 2c30e9af7e
fix: [attribute:bro] Restored bro export 
The broExport should probably be rewritten to sue the standard restSearch export later on
 2023-02-17 16:14:00 +01:00
Sami Mokaddem edfdc5bfa2
chg: [events:add_misp_export] Handle case of missing Event key 2023-02-17 15:59:34 +01:00
Alexandre Dulaunoy 6343037456
chg: [misp-stix] updated to the latest version 2023-02-16 15:05:19 +01:00
Sami Mokaddem d51bebcbf4
chg: [events:populate] Added support of regeneration of UUIDs 2023-02-14 08:59:06 +01:00
Sami Mokaddem dab1abb2af
chg: [events:populate] Improved support of MISP core format 2023-02-14 08:34:47 +01:00
Sami Mokaddem c92667ce1f
chg: [view:ajaxTags] Added placeholder for highlighted taxonomies without a tag 2023-02-13 10:53:57 +01:00
Sami Mokaddem 92d88f6f9d
fix: [dashboard:widget_render] Use the correct render when using cache 2023-02-09 11:42:21 +01:00
Sami Mokaddem 44dac20bf0
chg: [dashboard-widget:TrendingTags] Added filtering and over time functionalities 2023-02-09 10:06:11 +01:00
iglocska a7905b40ce
Merge branch 'develop' into 2.4 2023-02-01 14:37:06 +01:00
Christophe Vandeplas 827bf50f3c chg: [auth] group authentication code 2023-01-27 02:42:40 +01:00
goodlandsecurity 2211d5e00b
chg: [internal] allow site admins ability to view event_creator_email for all events in export 2023-01-26 10:23:20 -06:00
Sami Mokaddem b074a4c1d9
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-01-25 11:51:49 +01:00
Sami Mokaddem 6aa5f32215
fix: [shadowAttribute:accept] Restored accepting functionality 
Replace cake's magic finder by the standard way to fetch data
 2023-01-25 11:51:41 +01:00
Christian Studer 4a3964880d
fix: [misp-galaxy] Bumped latest version 2023-01-24 01:29:35 +01:00
Christian Studer 9da3991a4a
chg: [misp-stix] Bumped latest version 2023-01-24 01:28:33 +01:00
Alexandre Dulaunoy a988cba4a9
chg: [misp-warninglists] updated to the latest version 2023-01-23 10:25:17 +01:00
Alexandre Dulaunoy c213ede209
chg: [misp-galaxy] updated to the latest version 2023-01-23 10:24:15 +01:00
Alexandre Dulaunoy 6da894dc79
chg: [taxonomies] updated to the latest version 2023-01-23 10:23:54 +01:00
Raphaël Vinot 5edcd9083f chg: [PyMISP] Bump 2023-01-23 10:09:01 +01:00
Sami Mokaddem 356d1c5119
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-01-20 11:03:02 +01:00
Sami Mokaddem 56b9aefb49
chg: [servers:testConnection] Prematurely close the session allowing concurrent requests 2023-01-20 11:02:54 +01:00
Alexandre Dulaunoy 5e4f9e692b
chg: [misp-objects] updated 2023-01-19 11:44:21 +01:00
Sami Mokaddem 93bf15d3bd
fix: [security] Prevent unauthorized access to decaying import function 
- as reported by Cyber Controls from SIX Group
 2023-01-18 15:05:46 +01:00
Sami Mokaddem a46f794a13
fix: [security] XSS in eventgraph preview payload 
- as reported by Cyber Controls from SIX Group
 2023-01-18 15:04:45 +01:00
Sami Mokaddem 72c5424034
fix: [security] XSS through network history name 
- as reported by Cyber Controls from SIX Group
 2023-01-18 15:00:50 +01:00
Sami Mokaddem 2b738d4745
fix: [tags:relationship] Fixed synchronisation of relationship_type 2023-01-13 14:16:28 +01:00
Sami Mokaddem 48997f4bf8
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-01-13 11:10:04 +01:00
Sami Mokaddem 97cd2604d6
fix: [tags:relationship] Fixed synchronisation of relationship_type 2023-01-13 11:09:56 +01:00
Alexandre Dulaunoy 102b625042
chg: [taxonomies] updated to the latest version 2023-01-11 16:20:29 +01:00
Alexandre Dulaunoy f2bb822d39
chg: [taxonomies] updated 2023-01-11 16:19:41 +01:00
Sami Mokaddem 683a90199c
fix: [feed:edit] Make sure to keep orgc_id to its saved value 2023-01-10 12:04:56 +01:00
Sami Mokaddem a44b681aca
chg: [logs:event_index] Added notice about displayed data and usage of LightPaginator 2023-01-10 11:17:07 +01:00
Sami Mokaddem 9b6a9d2ef6
Merge branch 'develop' of github.com:MISP/MISP into develop 2023-01-10 10:05:43 +01:00
Sami Mokaddem f7238fe5e7
fix: [security] XSS in authkey add 
- as reported by Dawid Czarnecki from Zigrin Security
 2023-01-10 10:05:22 +01:00
Christophe Vandeplas 9115a30423 minor code cosmetic fix 2023-01-06 09:19:36 +01:00
Andras Iklody faa1fc5300
fix: [querystring] bumped 2023-01-03 12:20:35 +01:00
Alexandre Dulaunoy 672b33ca20
chg: [warning-lists] updated 2023-01-02 16:16:48 +01:00
iglocska e3d716b9a7
fix: [postTest] speculative fix for case sensitivity of headers 
- as reported by @DavoDirty
 2023-01-02 12:29:33 +01:00
Benni0 74a800c5ed new: [misp-workflow-modules] Splunk HEC export Module implemented 2022-12-29 08:59:28 +01:00
iglocska 5667a3dd84
chg: [event index] changed to the indextable generator 2022-12-24 06:28:42 +01:00
iglocska f551639a96
new: [indexTable] added 3 new simple elements 
- custom_element -> loop the data through an element set via element_path
- model -> for the various log indeces, format the log entry's model entry as MODEL #MODEL_ID
- time -> loop the data through the time helper's time() function
 2022-12-24 06:27:01 +01:00
iglocska 6703d82ad0
chg: [indexTable] added option for the generic Field to set a default value, if the referenced value is empty 
- via the key 'empty'
 2022-12-24 06:25:43 +01:00
Alexandre Dulaunoy b8463ebbbf
chg: [misp-objects] updated to the latest version 2022-12-22 15:52:29 +01:00
Alexandre Dulaunoy c733d83110
chg: [misp-galaxy] updated to the latest version 2022-12-22 15:51:50 +01:00
Alexandre Dulaunoy f6ca38298f
chg: [warning-lists] updated to the latest version 2022-12-22 15:51:25 +01:00
Alexandre Dulaunoy b627bb392a
chg: [taxonomies] updated to the latest version 2022-12-22 15:50:50 +01:00
iglocska 684d3e5139
fix: [security] XSS in the template file uploads 
- as reported by Dawid Czarnecki from Zigrin Security
 2022-12-22 15:37:43 +01:00
iglocska 206f540f02
chg: [runaway function] split into easier to comprehend ones 2022-12-22 15:35:30 +01:00
iglocska 8574067e03
fix: [index actions] urlencode the parameter values, otherwise certain functionalities passing for example tag names around won't work 
- fixes #8820
 2022-12-22 14:28:23 +01:00
iglocska 1edbc25699
chg: [cleanup] indexfilter unused leftover functionality reworked 2022-12-22 13:11:57 +01:00
Jakub Onderka ea2e0421b6
Merge pull request #8613 from JakubOnderka/fix-ui 
Fix UI
 2022-12-22 12:54:56 +01:00
Raphaël Vinot 68571e8534 chg: [PyMISP] Bump version 2022-12-22 11:37:28 +01:00
Jakub Onderka 2305c4d15e fix: [internal] Migration 105 2022-12-22 10:08:38 +01:00
Jakub Onderka 55e4a1ce89 fix: [UI] Add missing space after tag 2022-12-21 12:59:17 +01:00
Sami Mokaddem 0aa2475c1b
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-12-20 13:03:37 +01:00
Sami Mokaddem 83cfe23052
new: [event-timeline] Added Timestamp distribution chart when the timeline cannot show all items 2022-12-20 13:03:29 +01:00
Sami Mokaddem ba533e9b3d
chg: [graph.js] Updated to version 4.1.1 2022-12-20 13:02:32 +01:00
StefanKelm 9bba80ccd7
Update correlations.ctp 
tiny typo
 2022-12-17 06:39:40 +01:00
Jakub Onderka c2b9c472f9 chg: [internal] Add blackhole exception logging 2022-12-15 10:05:13 -05:00
Jakub Onderka 4ba72eb14e fix: [UI] Fix user sorting 2022-12-15 10:05:13 -05:00
Jakub Onderka 34a1661722 fix: [UI] Prevent default action when showing sightings 2022-12-15 10:05:13 -05:00
Jakub Onderka cc4c5ff27f fix: [UI] Do not show model ID in audit log if it is zero 2022-12-15 10:05:13 -05:00
Jakub Onderka 95bdc013f3 chg: [UI] Add titles for attribute actions 2022-12-15 10:05:13 -05:00
Jakub Onderka 7613016cac fix: [UI] Undefined shortDist array 2022-12-15 10:05:13 -05:00
Jakub Onderka 716014d5b2 fix: [UI] Warnings when user don't have permission to see sharing group orgs 2022-12-15 10:05:13 -05:00
Jakub Onderka f1c1d95b1c chg: [UI] Show exception message to user when importing MISP file 2022-12-15 10:05:13 -05:00
Jakub Onderka 511d2aa0db fix: [UI] Galaxy cluster distribution levels 2022-12-15 10:05:13 -05:00
Jakub Onderka cd4bd53d68 fix: [UI] View action should be last 2022-12-15 10:05:13 -05:00
Jakub Onderka ed4cf8172a fix: [UI] Galaxy cluster UI cleanup 2022-12-15 10:05:13 -05:00
Jakub Onderka 359d692ff0 fix: [UI] Use correct menu for categories_and_types page 2022-12-15 10:05:13 -05:00
Jakub Onderka ce850e209c fix: [UI] Remove duplicate autoalert field in user profile 2022-12-15 10:05:13 -05:00
Jakub Onderka d5dc274cd1 fix: [UI] Show user column for auth keys just for admins 2022-12-15 10:05:13 -05:00
Jakub Onderka d1dbde5404 fix: [UI] Correctly fetch data from resolved MISP format 2022-12-15 10:05:13 -05:00
Jakub Onderka a3d44283dc fix: [UI] Show correct message when creating event when MISP.unpublishedprivate is enabled 2022-12-15 10:05:13 -05:00
Jakub Onderka 9ff1d02700 chg: [import] Do not put same comment to all attribute in object 2022-12-15 10:05:13 -05:00
Jakub Onderka e4fd5280fd fix: [UI] Margin fixes for resolved_misp_format.ctp 2022-12-15 10:05:13 -05:00
Jakub Onderka ece1461f78 fix: [UI] To IDS checkbox for attribute search 2022-12-15 10:05:13 -05:00