Commit Graph

1379 Commits (3f65618845f7f09124748745538fd208a68b85d1)

Author SHA1 Message Date
iglocska 3f65618845 New permission
- tagger: a user that can create / edit / delete the list of tags that is usable for events
2014-01-21 16:59:21 +01:00
iglocska a9d945ff19 Changes to the sync action pages
- fixed access control
- any admin can now encode new servers. Org admins can pull/push for their own instances.

- Upload certificates during an edit
2014-01-21 16:41:32 +01:00
iglocska 89bf5f06b6 Threat level changes
- upgrade script that populates threat level from the old risk field for every event that doesn't have a threat level set.
- threat levels in an event (from a sync for example) that are unknown to the local instance now show the numeric value of the threat level
2014-01-21 13:32:24 +01:00
iglocska 7545de6a6c Changes to the admin methods
- cleaned up the methods, they all now return results without debug mode enabled
- Added a verification method for all user GPG keys (as an expired key for example would send out empty messages)
2014-01-21 11:28:18 +01:00
iglocska 8b1ca649d2 Changes to the misc admin functions
- cleaned them up a bit, views for results
- removed query() and replaced it with CakePHP find()
2014-01-17 09:53:23 +01:00
iglocska 61753690a1 Changes to the automation
- authorization key should be sent through headers.
- passing it in the url is deprecated
- updated automation page to reflect the changes

- csv export now has headers
2014-01-16 17:19:51 +01:00
iglocska 7bd7405a8f Roles correctly visible to users
- users can now check what each role group grants in terms of permissions
- users cannot see a non-working add user / list users button
2014-01-16 10:55:24 +01:00
iglocska a1cd813070 Accepting / Discarding Proposals changed to POST only
- it is not possible to discard / accept a proposal with a GET request anymore
2014-01-16 10:11:44 +01:00
iglocska c10d3e9b95 SSL certificate changes
- you can now upload a certificate file and allow a server link to use a provided self signed certificate. This should solve the issues that some organisations are having when trying to connect their instances
2014-01-16 08:47:25 +01:00
iglocska 50096504f6 Small change to CVE notation fixes #186 2014-01-14 10:38:16 +01:00
iglocska 43e3b98326 Cosmetic changes
- Valid renamed to Published on the event index
- Attributes that are flagged as IDS signatures are now shown with a (IDS) notation at the end of the line in the alert e-mail
2014-01-14 10:15:41 +01:00
iglocska ffcdcaf823 Merge branch 'feature/test_attribute_date' into feature/test 2014-01-13 16:41:33 +01:00
iglocska 2e82ee6a36 Some minor changes and fix to a vulnerability
- fix to the creator of a proposal being able to also accept it
- new attributes are now shown in the e-mail denoted by a * when an event is republished
- the date of an attribute's creation is shown
2014-01-13 16:38:49 +01:00
iglocska 9c649ffe6d Small fix to the date filter
- fixed the datefilter to be inclusive of the border values. Entering all events from the 13th of january should include events that were created on that day, not just the 14th and newer.
2014-01-13 13:02:50 +01:00
iglocska 065f40fdf6 Some changes from master branch
- regexp default list
- GFI improvements (removed a lot of junk imports, distribution taken from the event)
2014-01-13 12:47:43 +01:00
iglocska 2114f55ddd Changes to the attributes
- attributes in the event view now show the date when they were added / modified

- the alert e-mail now shows which attributes are new since the last commit
2014-01-13 11:39:35 +01:00
iglocska 5fa7759e40 File left off from previous commit 2014-01-10 15:11:33 +01:00
iglocska 772f60ff40 Proposal changes
- anyone can see proposals that can see an event
- fixed a vulnerability where a user could add a proposal to an event blindly that he couldn't see
2014-01-10 14:56:21 +01:00
iglocska 89c80a8b7c Some security fixes 2014-01-10 13:56:35 +01:00
iglocska 65753a096a Some minor changes
- Statistics page has gotten a lot of extra information
- Removed some old junk files
- Made the size of the graph in the memberslist larger to fit all the new attribute types
2014-01-09 17:13:07 +01:00
iglocska 261a1cd147 Left off files added
-Missing view file for statistics
-Added includes needed for the heatmaps (using http://kamisama.github.io/cal-heatmap)
2014-01-09 11:08:13 +01:00
Chris Clark 00ea48b734 Error When Exporting as IOC if not Site Admin
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
2014-01-09 10:38:33 +01:00
Chris Clark a6999597f1 Tweak to allow IOC Export of events you don't own but are shared
Conflicts:
	app/Controller/Component/IOCExportComponent.php
2014-01-09 10:35:25 +01:00
Chris Clark d222ebbbdf Added Attribute Category and Types to Track Targeting Data 2014-01-09 10:23:11 +01:00
iglocska ba4e136ace First version of the new statistics page
- shows a heatmap of user activity based on the logs
- can show it for all users or for users of a specific org
2014-01-09 10:04:53 +01:00
iglocska f8424d484b Bug fixes
- Fix to some of the exports not working in legacy (non background-job) mode
- Issue also occured while using automation
2014-01-08 17:08:32 +01:00
iglocska 9eb5b7ffb7 Fixed vulnerability
- Persistent XSS through the thread title fixed
2014-01-08 16:57:00 +01:00
iglocska 6e842da5bc Serious bug with the discussion boards
- A malformed [Thread][/Thread] tag can lead to an infinite loop on the event / thread view. Fixed.
2014-01-07 16:12:47 +01:00
iglocska cbcd7ac625 Some small fixes
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
2014-01-07 11:08:21 +01:00
iglocska d1094c92d0 Fix of a new pagination rule overwriting the rest allowing users to see more than they should 2014-01-06 12:16:47 +01:00
iglocska 785f57143a Merge branch 'feature/CakeResque' into feature/test 2014-01-06 12:12:51 +01:00
iglocska c6fd29fb29 Several features
- Sync for background jobs (pull + push)
- more e-mailing delegated to background jobs
- A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
iglocska a380ab444a Work on the background job and the proposals
- Proposals now get synced on pull
- several bug fixes
- new startup script for the background workers
2014-01-05 21:30:39 +01:00
iglocska b2bc0460c6 Small change to the tasks index
- removed script that after changes was basically a copy of another one
2014-01-03 15:39:54 +01:00
iglocska 54b1b44080 More work on the background jobs
- added scheduler to the export caching
- site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
iglocska ae23b288e5 Further work on the background jobs
- started work on scheduling
- view to add scheduled tasks (still needs work)
- moved cache job bulk-code to the job model from the controller
- bootstrap timepicker
2014-01-02 15:51:41 +01:00
iglocska 1c997992d8 Revert "Merge branch 'master' into develop"
This reverts commit fbe2eddc7a, reversing
changes made to b59965b971.
2013-12-20 11:17:41 +01:00
iglocska fbe2eddc7a Merge branch 'master' into develop
Conflicts:
	INSTALL/MYSQL.sql
	app/Controller/EventsController.php
	app/Model/Attribute.php
2013-12-20 11:02:21 +01:00
Chris Clark 8678103d59 Tweak to allow IOC Export of events you don't own but are shared 2013-12-19 14:27:53 -05:00
Chris Clark 1aec3ac01b Merge pull request #1 from Xen0ph0n/patch-2
Error When Exporting as IOC if not Site Admin
2013-12-19 11:12:25 -08:00
Chris Clark 6a4b4d2870 Error When Exporting as IOC if not Site Admin
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
2013-12-19 14:11:17 -05:00
Chris Clark 7d370a9703 Error When Exporting as IOC if not Site Admin
Fixed Syntax error if not site admin.. also fix in event component which was comparing wrong values to establish ownership of event
2013-12-19 14:08:35 -05:00
iglocska 7f3e8a5910 Merge branch 'hotfix-2.1.33' 2013-12-18 17:10:08 +01:00
iglocska 31477ac611 Few minor tweaks 2013-12-18 17:09:50 +01:00
iglocska dac0545620 Merge branch 'master' of https://github.com/MISP/MISP 2013-12-18 16:36:46 +01:00
iglocska e0dd74a7ba Update to the GFI import
- fixed an issue where a blacklisted value added through uloadattachments would break the import

- fixed the distribution level of attributes created by the GFI import always being your org only

- removed registry attributes that do not contain a malware sample or a dropped file in the value

- fixed a set of regular expressions dealing with the sanitisation of user names that would fail on user names consisting of more than one word

- added a few regular expressions
2013-12-18 16:31:42 +01:00
iglocska 0e744871bd Further work on the scheduled tasks
- Also some changes left off from the previous commit
2013-12-17 11:38:06 +01:00
iglocska bc42fb99a8 Preparing for the scheduled tasks
- incorporated cidr from develop
- some other improvements to the background jobs
2013-12-17 10:15:04 +01:00
Chris Clark 629ab27275 Update to allow clean entry of Whitelist Items
Updated this along with whitelist.php to allow for simple entry of names in the whitelist, this file will allow proper application of those blocked names to exported NIDS sigs.
2013-12-16 10:21:08 -05:00
Chris Clark 7b1d054ea7 Update to allow clean entry of Whitelist Items
Added non alpha delimiters hardcoded so no preg_match errors and entries in whitelist can be human redable w/out extra leading and trailing chars.
2013-12-16 10:19:25 -05:00