- a user could be lured into setting a MISP home-page outside of the MISP baseurl
- switched the endpoint to be CSRF protection enabled
- as discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
- request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
- they can accept/discard them individually or en masse
- users will be notified of their credentials automatically
- quick user creation if the user asks for an org that doesn't exist yet
- site admins can set the monitoring flag on a user if the feature is enabled on the instance
- monitored users will have all requests logged along with POST bodies
- keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation
- Dashboard
- modular similar to restSearch
- build your own widgets
- use a set of visualisation options (more coming!)
- full access to internal functions for queries
- auto discover core and 3rd party widgets
- rearrange / configure widgets for each user individually
- rearrange / resize widgets
- settings can be configured by a site-admin on behalf of others
- modules have a self-explain mode to guide users
- caching mechanism for the modules / org
- set homepage / user
- various other fixes
- feature is optional and needs to be enabled in the server settings
- on successful login logs the associated user ID for a given IP (30 day retention)
- also logs the IP for the associated user ID (indefinite retention)
- added two command line tools to query
- Get IPs For User ID: MISP/app/Console/cake Admin UserIP [user_id]
- Get User ID For User IP: MISP/app/Console/cake Admin IPUser [ip]