MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
14,047 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

1416 Commits (53482ff76c409d0ebf944853fdae4d8483a5b6f7)

Author SHA1 Message Date
Andras Iklody b98818ebfb Small errors with the merge corrected 
- some errors managed to slip through during the merge, should be fixed
 2013-04-25 15:37:49 +02:00
Andras Iklody 4396cec8ea Integrated ownership, ACL and minor fixes 
- Orgs can propose new attributes or changes to existing attributes for
  events that they do not own

- publishing users of the owner organisation can see, accept or discard
  them

- Reworked the access control

- minor fixes
 2013-04-25 14:04:08 +02:00
Christophe Vandeplas 3be869a9d5 fix sanitization in Events #96 2013-04-24 15:49:35 +02:00
Christophe Vandeplas 665defe7b1 cleanup crappy sanitization 2013-04-22 15:22:20 +02:00
Christophe Vandeplas 23742c543c rewrote fetching of the related events 2013-04-22 15:04:27 +02:00
Andras Iklody 3e89c80d09 Removed some obsolete code 
- getName functions removed

- Fixed a reference to it in the logable behaviour
 2013-04-18 08:49:59 +02:00
Andras Iklody ada0fd2bfb Some fixes to indeces not set 
- Affecting Event creation, attribute deletion remotely and logging of
  event deletion
 2013-04-17 15:40:01 +02:00
Andras Iklody 9a6733acfd Removal of deprecated code 
- The flag private is deprecated, removed together with the code that was
  affected by it
 2013-04-17 11:13:09 +02:00
Andras Iklody 9be1f6c550 Fixed a sanitization issue with encrypted emails 2013-04-16 17:39:28 +02:00
Christophe Vandeplas 8029d7fa29 removes multiple correlation engines Fixes #83 but after testing issue 
#95 comes to light
 2013-04-16 16:59:12 +02:00
iglocska 3ab63b4697 Small edit fixes #75 
- Event was not deleted when another non site-admin org user tried to
  delete an event due to the event not being read before its organisation
  was compared to that of the logged in user -> fixed.
 2013-04-10 10:48:30 +02:00
iglocska 9e9bdcbfa4 Bug with pull 
- Pulling all from the server list view would cause all new events to be
  pulled as intended, but attachments would not be pulled with their
  respective attributes

- the few lines of code responsible for loading the file and base64
  encrypting it for the transfer were misplaced within a correlation check

- fixed.
 2013-03-26 16:33:24 +01:00
iglocska 5d42b81989 First version of an IOC export feature 
- Builds basic .ioc file of an event, OR-ing all eligible attributes

- mass export via a zip file to be implemented later
 2013-03-26 11:02:01 +01:00
iglocska b134ffd940 Extensions of filenames now validate if a number is included 2013-03-19 14:33:56 +01:00
iglocska 30c4969cbe Update to the validation of file names to allow _ in the extension 2013-03-19 14:31:35 +01:00
iglocska ef93e61efb Related events 
- Implemented on request: related events created by the same organisation are now coloured red
 2013-03-19 10:30:32 +01:00
iglocska 32de082c88 New export feature 
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication

- the old export features still exist for users with perm_auth enabled
  accounts - renamed to automation

- Exporting the events that found attributes belong to in a search
  attributes result page

- exporting of individual events to file by clicking a link in event view
 2013-03-18 11:48:36 +01:00
iglocska d634d4ea47 Update to the targets of contact emails and more 
- The original creator of an event will also get contacted by contact org
  if he/she has the contactalerts turned off.

- error in the SQL permissions of normal users and org admins - they
  weren't able to modify/delete events of their own organisation that they
  themselves didn't create
 2013-03-13 16:45:40 +01:00
Andras Iklody 019e976783 Removed the js title bubble for related events 
- Removed javascripts based title bubble showing the event info in related
  events / attributes and in the search attribute view.

- Replaced it with values provided by extra cake queries as the delay for
  fetching the info field through a js rest request was annoyingly slow

- some coding standards
 2013-03-08 13:16:02 +01:00
Andras Iklody 0e18aa099b Attribute and event access 
- Updated the check for authorisation to view an event and attribute as
  the system hid some valid combinations (such as a server only attribute
  in a higher distribution level event).
 2013-03-07 18:16:00 +01:00
Andras Iklody 13f2a274e8 Previous edit was an error 2013-03-06 14:07:37 +01:00
Andras Iklody e707d1eedb Error in a previous commit 2013-03-06 14:00:21 +01:00
Andras Iklody 3425a49c7c Enabled filename whitelisting for GFI sandbox uploads 
- filename wasn't validated before exec() to unzip before
 2013-03-06 13:48:02 +01:00
Andras Iklody b9d4ac9cba Subscription to alerts from contact reporter 
- Users can now choose to subscribe to receive e-mails from the "Contact
  Reporter" feature.
 2013-03-06 11:34:22 +01:00
Andras Iklody 8abe55dd91 Changed email alert 
- It didn't respect private events and alerted everyone. Fixed.
 2013-03-05 17:35:57 +01:00
Andras Iklody 5db23738c1 Removed sanitization of emails 
- caused linebreaks to be sanitized, it's a plain text e-mail so
  sanitization isn't needed.
 2013-03-05 17:04:02 +01:00
Andras Iklody 64f304da48 Tighter checks so users can't edit events of other orgs 2013-03-05 16:17:34 +01:00
Andras Iklody 32dc28adb9 Update to the admin privileges 
- Changed the requirement for a lot of functions to be site admin as
  opposed to admin.
 2013-03-05 15:19:58 +01:00
Andras Iklody dc37542be4 Typo... 2013-03-01 11:16:00 +01:00
Andras Iklody eb5de600b0 Case-sensitivity 2013-03-01 11:11:43 +01:00
Andras Iklody 9645f664dc SQL update 2013-03-01 10:17:44 +01:00
Andras Iklody 8e6852e037 Export distribution 
- Export didn't take into account distribution rules, should be fixed

- Fixed a bug with editing attributes
 2013-02-28 17:16:52 +01:00
Andras Iklody 6dc73314bf Changes to the distribution handling of attributes 
- Only the creating org of the event can change the distribution of
  attributes

- Attribute distribution setting are only pushed on edits if they were
  manually changed (so that the distribution level of events on the
  creating server doesn't get degraded by an edit and push of the event at
  a synced server when using connected community settings).

- slight change to the batch attribute search, the search terms are only
  echoed up to 9 terms to prevent the mass echoing of a long list
 2013-02-25 16:38:04 +01:00
Andras Iklody 0f947085cb Reworked the sync / release control 
- Fixed issues with the sync
	- Secondary publishes on remote servers failed
	- Introduced new fields in events to stop backward traverse of
	  edit information that lead to low performance and eroneous
	  distribution information updates when more than 2 servers were
	  linked
	- Deletion of an attribute now deletes on remote servers

- Changes to the event ownership
	- Original creator org now noted in the event itself
	- Only original creator org can change distribution
	- Events will show up with the original creator org for users
	  (admins can see both that and the owner of the event on the
	  local instance)
	- Server.organization now used in junction with the connecting
	  user's org and the instance's org (from the bootstrap) to
	  determine distribution flow control and access rights

- Lots of minor changes
 2013-02-19 15:37:35 +01:00
Andras Iklody e88a3a9cf7 Updates to security 
- perm_auth new toggle, can disable auth key usage for a role

- prevents sync / rest with a perm_auth == false key

- some changes to sync to provide better feedback on why it failed

- rewording of distribution options
 2013-02-06 17:45:43 +01:00
Andras Iklody e976242878 Reworked aros_acos creation 
- moved and fixed the aros_acos creation on the new role creation

- new method in appController that sets all the aros_acos from scratch
  (for example for a new instance, or a changed acos / aros table)

- some minor changes, redirects to the terms page on invalid events
  removed, etc.
 2013-02-05 17:22:37 +01:00
Andras Iklody 7f6f166838 Fixes to access rights, some sanitization, etc 
- Admins cannot manually change anyone's authkey, they need to generate a
  new one via the reset link

- Some pages could be accessed by changing the url - fixed (though needs
  further testing)

- Edited a change in the manual that may have been confusing

- Some changes to the way ACL is set up - still needs more work
 2013-02-04 17:55:35 +01:00
Noud de Brouwer a6371f5ad8 coding standards 
Coding Standards.
 2013-01-28 08:32:01 +00:00
Andras 8d88bcb2b5 Fix for the synchronisation 
An error in the pull fix broke the push/publish feature. Fixed.
 2013-01-27 21:27:58 +01:00
Noud de Brouwer 3d40095547 coding standards 
Coding Standards.
 2013-01-25 07:51:20 +00:00
Andras Iklody 24b10579ad Pull fixed 
Fixed the issues with pull, should work fine now
 2013-01-24 17:32:57 +01:00
Noud de Brouwer 3917e93ae6 coding standards 
Coding Standards.
 2013-01-24 14:35:13 +00:00
Andras Iklody ce4bf4bd1b Fixed push/publish 
Fixed a few issues that caused push/publish not to work
 2013-01-24 15:10:59 +01:00
Andras Iklody 879154eab2 Fixed deprecated errors 
Removed cause of deprecated errors (Pass by reference)
 2012-12-20 14:48:23 +01:00
Noud de Brouwer 547a80ba7d Sanitize 
Sanitize countermeasures.
 2012-12-19 15:28:31 +00:00
Noud de Brouwer 95158d2ef3 Sanitize 
Sanitize countermeasures.
 2012-12-19 12:42:38 +00:00
Noud de Brouwer a8434d4830 Sanitize 
Sanitize countermeasures.
 2012-12-19 12:13:37 +00:00
Noud de Brouwer 0e668e6b90 coding standards 
Coding Standards.
 2012-12-18 19:51:42 +00:00
Noud de Brouwer ea9aa8eb3a coding standards 
Coding Standards.
 2012-12-18 19:25:12 +00:00
Noud de Brouwer d89ab91dee coding standards 
Coding Standards.
 2012-12-18 16:44:07 +00:00
Noud de Brouwer 8ca550cbe1 event.analysis 
set analysis* in view().
 2012-12-18 03:59:45 +00:00
Noud de Brouwer 8864ee78f7 generateAllFor<FieldName> 
so we can use an URL like:
http://localhost/<TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
 2012-12-18 03:50:52 +00:00
Noud de Brouwer 68617350e8 Sanitize 
Sanitize::clean() but redo the info and value fields.
 2012-12-18 03:18:48 +00:00
Noud de Brouwer 46ab0d2e58 sanitize 
small correction on a "\n" in info.
 2012-12-17 15:51:14 +00:00
Andras Iklody 1ceadab700 Added features from branch analysis_levels 
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
 2012-12-17 15:51:30 +01:00
noud 2903493205 Merge branch 'master' into develop 
Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
 2012-12-13 16:03:35 +01:00
noud 276cb5df10 RESTfull sync 
this is in responce to the email
From: <User1088@QET.BE>
To: <ndebrouwer@hotmail.com>, <andrzej.dereszowski@ncirc.nato.int>
Subject: Re: sync/REST
Date: Fri, 7 Dec 2012 13:30:10 +0000
in this there is a complaint about the RESTfull sync workings.
the email hints about 2 possible options:
i) RESTfull add event without attributes (conform the web interface)
ii) RESTfull add event with attributes (more conform the code)

both are implemented and can be choisen in bootstrap.php by
Configure::write('CyDefSIG.rest', 'ii') or 'i'.
 2012-12-13 15:52:00 +01:00
noud 094719fa01 Merge branch 'master' into develop 
Conflicts:
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Model/Event.php
 2012-12-12 18:01:39 +01:00
noud 26c8ad57ee Role 
renamed everything group to role (i.s.o. renaming just the visable).
 2012-12-12 16:15:01 +01:00
noud 52a7625a9d Source Code Review 
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
 2012-12-12 14:01:00 +01:00
noud 079ce88793 RESTfull sync 
Let RESTfull only work conform the web pages (to Christophes wish),
so add/edit event apart from add/edit attribute.
(there is annotation in the code to revert back to full RESTfull and
add/edit the attribute(s) alongside add/edit the event.)
 2012-12-11 16:11:45 +01:00
noud 718691a627 RESTfull 
make RESTfull event add and edit work again.
 2012-12-10 13:49:56 +01:00
noud e24ff690bb RESTfull/sync 
redid the sync, so if add and exist, send HTTP 302 and different
Location, and do edit there.
Still, the final result has to compare the attributes and if needed
RESTfull delete.
 2012-12-07 13:56:19 +01:00
noud 4ab744ed76 Added bubble when hovering over related events 
make baseurl variable conform bootstrap.
 2012-12-05 09:00:35 +01:00
noud 63811bffb6 Added bubble when hovering over related events 
make authkey variable conform the authenticated user.
 2012-12-05 08:56:58 +01:00
noud 053edeb304 regex and blacklist 
blacklist, as in, do not input attributes, is working now,
for manual, batch and GFI Sandbox import.
 2012-12-03 10:34:28 +01:00
noud 2af02aa100 input regex 
use RegexBehavior on Event.info and Attribute.value.
 2012-11-30 13:52:09 +01:00
noud 2daba5a3c2 correlation 
do not show the same event id multiple times for one attribute shown.
 2012-11-29 14:42:06 +01:00
Christophe Vandeplas be939c2b9e fix bug when published event that is added using REST is not pushed to 
remote servers
 2012-11-29 09:15:53 +01:00
noud d301f201b9 distribution 
do not do anything upon delete in regard to distribution.
 2012-11-28 11:17:55 +01:00
noud 1e4597c009 distribution 
if distribute upstream, do not alter org, user_id nor distribution
settings.
 2012-11-28 11:09:08 +01:00
noud a3524bb0ee coding standards 
correct conform coding standards.
 2012-11-27 12:51:00 +01:00
Christophe Vandeplas 4a0e4ada0e removing update functionality for REST. 2012-11-27 10:08:39 +01:00
noud bba0088b88 correlation 
repair correlation after introduction of 'This server-only'.
 2012-11-23 14:48:59 +01:00
noud 59bab3e1a4 correlation 
sort Related Events decending on date and second on id.
 2012-11-23 10:02:46 +01:00
noud 6cce4792b4 correlation 
some correction so no missing correlation.
 2012-11-23 08:56:43 +01:00
noud ab8fd6b9f2 correlation 
respect the latest added 'This server-only'.
 2012-11-22 15:55:22 +01:00
noud c3c8c1e771 RBAC 
respect setting for edit event.
 2012-11-22 14:48:29 +01:00
noud ccff6db9a4 private 
show 'This server-only' events to all on the server.
 2012-11-22 13:34:06 +01:00
noud 957b3e27b8 Merge branch 'master' into develop 
Conflicts:
	app/Controller/ServersController.php
 2012-11-20 11:01:18 +01:00
noud b2c268845f code standards 
respect code standards.
 2012-11-19 14:49:38 +01:00
noud 1cddb6abe0 distribution 
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities

Push is tested, pull not yet.
 2012-11-16 15:25:57 +01:00
noud 5d37e93eb6 code 
have the distribution description in one place, just the model.
 2012-11-16 11:43:47 +01:00
noud 2d3132ef53 code 
removed small double code.
 2012-11-16 10:11:52 +01:00
noud 247525ccbf sync (publish) 
Event publish button in events index and event view does
report push failure(s) if any remote server is down.
 2012-11-16 10:09:04 +01:00
noud ea0ab59e4f code standards 
corrections toward code standards.
 2012-11-14 17:16:36 +01:00
noud b99d568433 correlation 
resolved comment typo.
 2012-11-14 08:29:05 +01:00
noud 723ef6c3d1 correlation 
respect distribution Org in correlations.
(for this
add correlations.1_private conform MYSQL.correlaton.sql
and
AppController::generateCorrelation() must be run)
 2012-11-13 14:13:38 +01:00
Andrzej Dereszowski 00d1958b86 Merge branch 'master' of /home/git/cydefsig 
Conflicts:
	app/Controller/AppController.php
 2012-11-09 14:58:01 +01:00
noud 1183437606 correlation 
respect distribution Org only.
 2012-11-09 13:42:15 +01:00
Christophe Vandeplas 68b038a29a fixes bug where no email alert is sent when event is added using API 
(and published)
 2012-11-08 11:11:02 +01:00
noud 2785512268 distribution 
removed No push leftovers as a distribution.
 2012-11-07 15:41:50 +01:00
noud 49cf9400aa NIDS 
Unpublished events with an attribute flagged for IDS signature will
create an IDS signature (should be published only).
 2012-10-30 16:03:58 +01:00
noud f82c3f5f0c dropdowns 
let the risk dropdown in event add and edit behave like the other
dropdowns.
 2012-10-30 12:54:04 +01:00
Christophe Vandeplas 8b6c212bf4 fixes bug when alerting and a single gpg key is giving problems 2012-10-30 12:41:19 +01:00
noud 2b24b36639 (internationalization) 
setFlash using __(), so transletable lateron.
 2012-10-30 09:13:35 +01:00
noud 39abe9e589 Distribution 
distribution changes conform func.spec.
 2012-10-29 16:49:04 +01:00
Andrzej Dereszowski a4eca35c0e Fixed lost JS helper in EventsController 2012-10-25 11:47:04 +02:00
noud 8bc1b767ef GFI Sandbox 
Replace Windows specific info in a $string with environment variables en
registry keys.
 2012-10-25 10:14:40 +02:00
Christophe Vandeplas 32db0d82fb bugfix issue where delete event will also be triggered on servers with 
no push active.
 2012-10-23 18:18:06 +02:00
noud 9790c4b60f Crypt_GPG 
small comment about debug and
small note in readme about file rights.
 2012-10-23 17:27:50 +02:00
noud 1b570b9183 Pulldowns 
removed the select optgroup.
 2012-10-23 14:58:50 +02:00
noud fb38f0ca92 GFI Sandbox 
regexp replacement of usernames.
 2012-10-23 12:05:40 +02:00
noud 4b096fa584 distribution 
changes and cleanup.
 2012-10-23 11:28:39 +02:00
noud 1f428e4aa5 Wording change 
so this works.
 2012-10-22 16:39:33 +02:00
Andrzej Dereszowski 25e63dda68 Wording change 
Changed Private column to Distribution + some minor vocabulary changes.
 2012-10-22 16:29:08 +02:00
noud 0d65adc9d5 Merge branch 'master' into develop 2012-10-19 13:31:19 +02:00
Christophe Vandeplas 311a09e2b0 fixes bug 87 - on import of existing event: event info changed, tagged 
private. Also fixes events tagged private when added using REST api.
 2012-10-19 13:28:32 +02:00
noud 897732cd46 Crypt_GPG 
small comment about debug and
small note in readme about file rights.
 2012-10-19 13:17:56 +02:00
noud eae89d95cd Private. 
Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.

Has a generatePrivate for db conversion now.
 2012-10-18 11:40:12 +02:00
noud 67e50cb612 Private 
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).

Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
 2012-10-17 14:45:26 +02:00
noud 5bef441aba GFI Sandbox 2012-10-17 10:42:09 +02:00
noud 870372fb07 Merge branch 'master' into develop 
Conflicts:
	app/Config/bootstrap.php
 2012-10-10 08:37:12 +02:00
Andrzej Dereszowski 6698e4c05e Cosmetic changes 
Descriptions in the export functionality polished.
 2012-10-09 16:08:38 +02:00
noud d112775251 Merge branch 'master' into develop 2012-10-09 13:10:27 +02:00
noud a5ad4b734e Comment. 
Be able to send comment to Org or Owner/user_id.
 2012-10-09 12:49:42 +02:00
noud 8f3d624c1a Merge branch 'master' into develop 
Conflicts:
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Attributes/edit.ctp
	app/View/Attributes/index.ctp
	app/View/Elements/actions_menu.ctp
	app/View/Events/add.ctp
	app/View/Events/index.ctp
	app/View/Events/view.ctp
	app/View/Events/xml/view.ctp
	app/View/Servers/index.ctp
	app/View/Users/admin_index.ctp
 2012-09-24 16:02:01 +02:00
noud 8179a1a691 Merge and code standards. 
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
 2012-09-24 09:02:09 +02:00
noud 64a354678d GFI sandbox import. 
Replace Windows environment variables
%UserProfile% and %AllUsersProfile%.
 2012-09-20 13:27:36 +02:00
noud 3199839286 GFI sandbox import. 
do not load non existing stored_created_file.
 2012-09-20 12:07:19 +02:00
noud 113b445bcf Better placement of plugins (touching RBAC & Audit log) 
If it's just an existing behavior or lib,
place it in a plugin directory structure in <cydefsig>/plugins.

If there is a need to change an extern existing plugin,
extend the existing plugin by a new plugin in <cydefsig>/app/Plugin.

This way there is a very clean devision between own and external code.
The external code can be updated without touching own nor changed code.
 2012-09-20 11:34:41 +02:00
noud 1d04652476 CakePHP Coding Standards 
changed to camel caps format where needed.
 2012-09-19 11:05:10 +02:00
noud a4c29a812f XML related. 
Made tools/curl/input/event.xml more anonymous.
Events/xml/view.ctp wrongly showed category_order.
REST Event add did not work anymore given GFI sandbox import.
 2012-09-18 16:50:07 +02:00
noud 94a367c2f5 CakePHP Coding Standards 
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html

Eclipse:
Window->Preferences
	General->Editors->Text Editors
		Displayed tab width:	4
		Insert spaces for tabs	NOT
	PHP->Code Style->Formatter
		Tab policy:	Tabs
File->Convert Line Delimeters To->Unix [default]

http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/

Not yet done is all camel caps format.
 2012-09-18 15:30:32 +02:00
noud 253d8e1b58 Merge branch 'master' into develop 
Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/View/Events/view.ctp
 2012-09-17 13:02:53 +02:00
noud 0f4a0dffea Sync & Correlation. 
During sync and correlation = db,
an attachment or malware did not get processed into
Attribute.data, so will not be synced.
Now, conform other correlation methods being 'default' or 'sql'
the attachment or malware is synced as well.
(master has been synced with mil.be not using db correlation,
so should have the data.)
 2012-09-13 08:50:30 +02:00
noud 53b22b4c57 Sync. 
On publish and no configured GnuPG, do tell
event is published but no email sent.
 2012-09-05 09:08:44 +02:00
noud abd3b55fef Sync and REST. 
REST delete event working again after uuid change.
 2012-09-05 08:45:59 +02:00
Andrzej Dereszowski 2a7f36d5f9 Merge branch 'master' of code.lab.modiss.be:cydefsig 2012-09-04 12:07:34 +02:00
Christophe Vandeplas fd05d14602 fixes inconsistent relatedAttributes and relatedEvents arrays with 
different correlation implementations
 2012-09-04 16:14:10 +02:00
noud 6303d687ba Sync and gpg. 
If no gnupg installed.. do not tell, for NIAS demo.
 2012-09-04 15:53:11 +02:00
noud 2842e4a81f validation 
add event and empty info now does not MethodNotAllowedException
but Flash and show the invalid.
 2012-09-04 15:29:15 +02:00
Christophe Vandeplas bc0dbd5b97 removes 'Published from' reference 2012-09-04 15:25:45 +02:00
Andrzej Dereszowski 23bbaa9843 Merge branch 'master' of code.lab.modiss.be:cydefsig 2012-09-03 10:29:21 +02:00
noud fc1f2c69a4 REST (and Sync) 
Make REST edit work.
 2012-09-03 13:44:19 +02:00
Christophe Vandeplas 8e7312cd9f Merge branch 'master' of git@code.lab.modiss.be:cydefsig.git 2012-09-03 11:36:16 +02:00
Christophe Vandeplas 111644b16a refactored uuid integration (moved to beforeFilter) 2012-09-03 11:35:21 +02:00
noud 8a021ba82d Sync. 
get the user and org correct,
given authkey them are known to the system.
 2012-09-03 10:26:13 +02:00
Christophe Vandeplas b8fe8bd4eb cleaned up artifacts from refactored logo display 2012-08-31 10:38:14 +02:00
Andrzej Dereszowski 74764d4e8b Merge branch 'master' of code.lab.modiss.be:cydefsig 
Conflicts:
	app/Controller/Component/NidsExportComponent.php
 2012-08-30 10:59:07 +02:00
noud 4ae71fc963 Sync. 
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).

To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
 2012-08-28 15:36:14 +02:00
Christophe Vandeplas 6673b56c61 fixes bug where expired GPG keys break the email-alert system. 2012-08-27 11:23:55 +02:00
noud 7d98c5f31e GFI Sandbox upload. 
If add event, give a GFI Sandbox export file upload field option.
Unzip, read .xml, add attachment malware, created files and ip-dst.
 2012-08-22 16:04:55 +02:00
noud 7e23e3bc77 Event.user_id rollback(-part). 2012-08-22 15:19:28 +02:00
noud 8c1cfa731a loggable behaviour. 
some merge correction for events and servers, so we log again.
 2012-08-22 14:39:41 +02:00
noud b7a5d8a3f8 Delete (published) event or attribute. 
Previous, upon delete only on the local server the event or attribute
was deleted.
Now, if delete, look for same event or attribute (using it's uuid)
and delete on remote servers as well.
Also look and delete if not published, so no dangling/zombie copies
remain on remote servers.
 2012-08-21 16:55:57 +02:00
noud 43d9f42032 HIDS exports sorted (and small indention correction). 2012-08-08 14:21:28 +02:00
noud cdc7484944 REST edit Event implementation. 
Now after publish, edit and (re)publish an event,
that event will be updated on the other servers.
 2012-08-07 11:57:52 +02:00
noud 8dc4fa383b Event.user_id. 
Event.user_id was re-added but we still missed some,
so an added event would get user_id set to zero.
Now Event gets the correct user_id again from
the person logged in and adding.
(lateron this must not be used during sync.)
 2012-08-06 14:27:55 +02:00
noud 2dea0e347d Correlation performance gain. 
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');

possible values: 
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
  (sql improvement possible if result conform db above)

Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)

          default     db    sql
all         25366  16601  15941
            24839  16604  15611
paginated   16759   8447   6615
            17734   8639   8846

this is used in both:
- events/view/<id>
- attributes/event/<id>
 2012-08-03 12:00:16 +02:00
noud bda5e56f9b Export HIDS files with MD5 and SHA-1. 2012-07-27 15:19:40 +02:00
Andrzej Dereszowski 3ff180e898 Merge branch 'develop_0.2.2-0.2.3' into develop 
Conflicts:
	app/Config/Schema/schema_0.2.2.php
	app/Config/routes.php
	app/Controller/AppController.php
	app/Controller/UsersController.php
	app/Model/User.php
	app/README.txt
 2012-07-24 16:09:48 +02:00
deresz d879deb027 news: removed some old stuff 
EventsController: contact mail display name from the config file
 2012-07-19 09:48:45 +02:00
deresz 73e87f31e0 Use CyDefSIG.name from Config in alert e-mail subjects. 2012-07-04 17:15:01 +02:00
Christophe Vandeplas 09c4656944 improved NIDS output 2012-06-29 13:41:23 +02:00
noud 66c5312ea6 DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
Christophe Vandeplas 500418cb61 fixed silly bug in priority assignment of nids export 2012-06-28 14:58:19 +02:00
root b4558887ce Revert "Audit and ACL first cut." 
This reverts commit 5818231f48.
 2012-06-26 09:40:52 +02:00
noud 5818231f48 Audit and ACL first cut. 2012-06-25 15:54:52 +02:00
Christophe Vandeplas 5993e3eec8 fixed nids snort rule conversion because of greedy * and + 2012-06-25 10:18:45 +02:00
Christophe Vandeplas f023d98b5b improvement of nids - level and message 2012-06-22 13:48:35 +02:00
Christophe Vandeplas 2268bd73dd micro fix in nids export 2012-06-22 12:46:07 +02:00
Christophe Vandeplas 8c313bc054 changed classtype 2012-06-22 11:49:02 +02:00
Christophe Vandeplas 957e4f232b minor memory usage improvements by referencing in foreach ($array as 
&$value) loop
 2012-06-11 11:40:31 +02:00
Christophe Vandeplas 2d335f5dbe cleanup of comments and todos 
minor memory performance improvement
 2012-06-11 11:01:58 +02:00
Christophe Vandeplas 5eb6a89384 removed reference to useless user_id. 
fixed bug where Contact reporter doesn't work when user does not exist
(contact reporter now sends mails to all the org)
 2012-06-08 16:57:10 +02:00
Christophe Vandeplas 9cd1b0469d minor change 2012-06-06 11:03:08 +02:00
Christophe Vandeplas 1a0586f14f unique attribute for nids export 2012-06-04 12:06:46 +02:00
Christophe Vandeplas f455405475 better error outputting 2012-06-03 22:51:56 +02:00
Christophe Vandeplas 39fb9bca1d Attribute types validation is now a separate function that uses the 
Attribute->type_definitions variable
 2012-05-31 17:12:26 +02:00
Christophe Vandeplas aac2f5926f minor fixes 2012-05-31 08:55:51 +02:00
Christophe Vandeplas d319860268 fixes security issue (overwrite existing event) 2012-05-31 08:47:49 +02:00
Andrzej Dereszowski 7ee4d29fac Fixed merge conflicts with HEAD at belmod 
Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop

Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
 2012-05-29 17:19:36 +02:00
Andrzej Dereszowski 1a91c2f49b Help messages implementation (forms and list views). 2012-05-29 16:53:50 +02:00
Christophe Vandeplas 155f9fe720 fixed logic bug 2012-05-25 10:01:59 +02:00
Christophe Vandeplas ad69aeb38f only sync event on publish when sync feature is on 2012-05-25 09:34:54 +02:00
Christophe Vandeplas 747c211723 auto-upload when publish event 2012-05-25 09:31:14 +02:00
Christophe Vandeplas cd30bb5d30 push / pull seems to work with attachment support. Lots of testing 
required.
 2012-05-23 16:32:46 +02:00
Christophe Vandeplas aa043a445b limit saveAssociated using fieldList 2012-05-22 15:52:55 +02:00
Christophe Vandeplas 6d8b0a98b0 attachment support in REST API 2012-05-22 13:58:37 +02:00
Christophe Vandeplas 00d62ab722 REST XML request also received base64 encoded file content 2012-05-21 15:20:25 +02:00
Christophe Vandeplas 9462902d97 workaround for bug where uuid is not set when empty. See bug 
http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2893
 2012-05-21 13:14:28 +02:00
Christophe Vandeplas 395f29dd21 fixes bugs in NIDS export with duplicate SIDs 2012-05-09 15:17:16 +02:00
Christophe Vandeplas fa167bc2c8 . 2012-05-04 14:47:50 +02:00
Christophe Vandeplas 03ad7d3acd fixes event with no attributes in REST request 2012-05-04 12:44:27 +02:00
Christophe Vandeplas e1189e576a fixes problem of not being able to import events with single attribute 2012-05-04 12:37:31 +02:00
Christophe Vandeplas 9e9837d59d Basic sync push seems to work 2012-05-03 14:32:49 +02:00
Christophe Vandeplas 37ee17510e fixes security bug in XML REST request 2012-05-03 13:53:47 +02:00
Christophe Vandeplas 60a5b1e1c6 moved alert email functionality to separate function _sendAlertEmail() 
REST event add requests also send out mails where necessary
 2012-04-26 14:54:04 +02:00
Christophe Vandeplas aea079b8c4 bugfix in Attribute validation 
Do not search for related attributes for specific types
 2012-04-25 10:30:23 +02:00
Christophe Vandeplas a2d073b7b9 REST POST of event and signatures works (basics, no error-handling) 2012-04-10 15:47:42 +02:00
Christophe Vandeplas c2975a77a4 Allow saving of data using REST API 2012-04-07 08:31:01 +02:00
Christophe Vandeplas fb958eaacc Logging in for REST using Authorized HTTP header field. 2012-04-06 16:32:33 +02:00
Christophe Vandeplas 49aaced78a Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop 
Fixed conflicts in: app/View/Events/view.ctp
 2012-04-04 17:53:51 +02:00
Andrzej Dereszowski 6c5a5aa427 - small bug with "No GPG key" message marked in the code 
- path to homedir for GPG added in User.php
 2012-04-02 12:14:27 +02:00
Christophe Vandeplas 41d03e69f3 Merge commit 'dee8a866e691fde2eedbd9a2418a6027f88d07cf' into develop 2012-04-01 20:08:07 +02:00
Christophe Vandeplas dee8a866e6 Fixed bug where GPG homedir was not set in a few places 2012-04-01 19:23:46 +02:00
Christophe Vandeplas bf8ae66e9c First version or REST API to export data 2012-04-01 17:30:00 +02:00
Christophe Vandeplas 19eaa12050 Allow publishing of events without sending email. 2012-03-31 22:07:35 +02:00
Christophe Vandeplas 95455f51a6 Fixed minor bugs 2012-03-27 18:58:11 +02:00
Christophe Vandeplas 20cddd07db changed alerted -> published 
other minor fixes
 2012-03-27 14:49:31 +02:00
Christophe Vandeplas da99625a6c minor change in getRelatedAttributes function 2012-03-27 14:02:49 +02:00
Christophe Vandeplas 7c4394682d Renamed Signature to Attribute 2012-03-26 19:56:44 +02:00
Christophe Vandeplas 28cf7d44e9 XML export ... woohoo !!! 2012-03-26 15:06:01 +02:00
Christophe Vandeplas df7efb9d88 number of entries in the index lists 2012-03-26 13:11:06 +02:00
Christophe Vandeplas a1b8719db4 fix error when there are no related events/signatures, or simply 
signatures
 2012-03-26 12:40:18 +02:00
Christophe Vandeplas 04c9028008 preformance improvement when searching for related events (by reusing 
results from related signatures search)
 2012-03-25 16:21:51 +02:00
Christophe Vandeplas 7b1673d212 md5 and sha1 hashes now automatically lowercase 
cleaned up some code and fixed some vulnerabilities
 2012-03-25 15:56:29 +02:00
Christophe Vandeplas da2687846b Implemented file-upload of attachment or password protected 
malware-samples. Base code contributed by Andrzej Dereszowski
 2012-03-23 20:04:22 +01:00
Christophe Vandeplas 23d161f332 minor micro changes 2012-03-21 21:44:18 +01:00
Christophe Vandeplas 23572019bb Signature is now known as Attribute 2012-03-21 21:25:16 +01:00
Christophe Vandeplas 4bbbfc36c3 Not finished editing -> not published 2012-03-21 11:01:37 +01:00
Christophe Vandeplas 7a3be6953c fix bug of login/authinfo not refreshed when reseting authkey 2012-03-20 15:44:39 +01:00
Christophe Vandeplas ce0c0aba0e isAuthorized now handles permissions on admin,delete,edit,... actions 2012-03-20 14:57:52 +01:00
Christophe Vandeplas 495cc1a6c2 UUID support for syncing 2012-03-20 13:40:58 +01:00
Christophe Vandeplas 865a24d0bd Migration to CakePHP 2.1. 
Most of the functionality migrated, Q&A review required.
 2012-03-15 15:06:45 +01:00