Andras Iklody
b98818ebfb
Small errors with the merge corrected
...
- some errors managed to slip through during the merge, should be fixed
2013-04-25 15:37:49 +02:00
Andras Iklody
4396cec8ea
Integrated ownership, ACL and minor fixes
...
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
2013-04-25 14:04:08 +02:00
Christophe Vandeplas
3be869a9d5
fix sanitization in Events #96
2013-04-24 15:49:35 +02:00
Christophe Vandeplas
665defe7b1
cleanup crappy sanitization
2013-04-22 15:22:20 +02:00
Christophe Vandeplas
23742c543c
rewrote fetching of the related events
2013-04-22 15:04:27 +02:00
Andras Iklody
3e89c80d09
Removed some obsolete code
...
- getName functions removed
- Fixed a reference to it in the logable behaviour
2013-04-18 08:49:59 +02:00
Andras Iklody
ada0fd2bfb
Some fixes to indeces not set
...
- Affecting Event creation, attribute deletion remotely and logging of
event deletion
2013-04-17 15:40:01 +02:00
Andras Iklody
9a6733acfd
Removal of deprecated code
...
- The flag private is deprecated, removed together with the code that was
affected by it
2013-04-17 11:13:09 +02:00
Andras Iklody
9be1f6c550
Fixed a sanitization issue with encrypted emails
2013-04-16 17:39:28 +02:00
Christophe Vandeplas
8029d7fa29
removes multiple correlation engines Fixes #83 but after testing issue
...
#95 comes to light
2013-04-16 16:59:12 +02:00
iglocska
3ab63b4697
Small edit fixes #75
...
- Event was not deleted when another non site-admin org user tried to
delete an event due to the event not being read before its organisation
was compared to that of the logged in user -> fixed.
2013-04-10 10:48:30 +02:00
iglocska
9e9bdcbfa4
Bug with pull
...
- Pulling all from the server list view would cause all new events to be
pulled as intended, but attachments would not be pulled with their
respective attributes
- the few lines of code responsible for loading the file and base64
encrypting it for the transfer were misplaced within a correlation check
- fixed.
2013-03-26 16:33:24 +01:00
iglocska
5d42b81989
First version of an IOC export feature
...
- Builds basic .ioc file of an event, OR-ing all eligible attributes
- mass export via a zip file to be implemented later
2013-03-26 11:02:01 +01:00
iglocska
b134ffd940
Extensions of filenames now validate if a number is included
2013-03-19 14:33:56 +01:00
iglocska
30c4969cbe
Update to the validation of file names to allow _ in the extension
2013-03-19 14:31:35 +01:00
iglocska
ef93e61efb
Related events
...
- Implemented on request: related events created by the same organisation are now coloured red
2013-03-19 10:30:32 +01:00
iglocska
32de082c88
New export feature
...
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication
- the old export features still exist for users with perm_auth enabled
accounts - renamed to automation
- Exporting the events that found attributes belong to in a search
attributes result page
- exporting of individual events to file by clicking a link in event view
2013-03-18 11:48:36 +01:00
iglocska
d634d4ea47
Update to the targets of contact emails and more
...
- The original creator of an event will also get contacted by contact org
if he/she has the contactalerts turned off.
- error in the SQL permissions of normal users and org admins - they
weren't able to modify/delete events of their own organisation that they
themselves didn't create
2013-03-13 16:45:40 +01:00
Andras Iklody
019e976783
Removed the js title bubble for related events
...
- Removed javascripts based title bubble showing the event info in related
events / attributes and in the search attribute view.
- Replaced it with values provided by extra cake queries as the delay for
fetching the info field through a js rest request was annoyingly slow
- some coding standards
2013-03-08 13:16:02 +01:00
Andras Iklody
0e18aa099b
Attribute and event access
...
- Updated the check for authorisation to view an event and attribute as
the system hid some valid combinations (such as a server only attribute
in a higher distribution level event).
2013-03-07 18:16:00 +01:00
Andras Iklody
13f2a274e8
Previous edit was an error
2013-03-06 14:07:37 +01:00
Andras Iklody
e707d1eedb
Error in a previous commit
2013-03-06 14:00:21 +01:00
Andras Iklody
3425a49c7c
Enabled filename whitelisting for GFI sandbox uploads
...
- filename wasn't validated before exec() to unzip before
2013-03-06 13:48:02 +01:00
Andras Iklody
b9d4ac9cba
Subscription to alerts from contact reporter
...
- Users can now choose to subscribe to receive e-mails from the "Contact
Reporter" feature.
2013-03-06 11:34:22 +01:00
Andras Iklody
8abe55dd91
Changed email alert
...
- It didn't respect private events and alerted everyone. Fixed.
2013-03-05 17:35:57 +01:00
Andras Iklody
5db23738c1
Removed sanitization of emails
...
- caused linebreaks to be sanitized, it's a plain text e-mail so
sanitization isn't needed.
2013-03-05 17:04:02 +01:00
Andras Iklody
64f304da48
Tighter checks so users can't edit events of other orgs
2013-03-05 16:17:34 +01:00
Andras Iklody
32dc28adb9
Update to the admin privileges
...
- Changed the requirement for a lot of functions to be site admin as
opposed to admin.
2013-03-05 15:19:58 +01:00
Andras Iklody
dc37542be4
Typo...
2013-03-01 11:16:00 +01:00
Andras Iklody
eb5de600b0
Case-sensitivity
2013-03-01 11:11:43 +01:00
Andras Iklody
9645f664dc
SQL update
2013-03-01 10:17:44 +01:00
Andras Iklody
8e6852e037
Export distribution
...
- Export didn't take into account distribution rules, should be fixed
- Fixed a bug with editing attributes
2013-02-28 17:16:52 +01:00
Andras Iklody
6dc73314bf
Changes to the distribution handling of attributes
...
- Only the creating org of the event can change the distribution of
attributes
- Attribute distribution setting are only pushed on edits if they were
manually changed (so that the distribution level of events on the
creating server doesn't get degraded by an edit and push of the event at
a synced server when using connected community settings).
- slight change to the batch attribute search, the search terms are only
echoed up to 9 terms to prevent the mass echoing of a long list
2013-02-25 16:38:04 +01:00
Andras Iklody
0f947085cb
Reworked the sync / release control
...
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
2013-02-19 15:37:35 +01:00
Andras Iklody
e88a3a9cf7
Updates to security
...
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
2013-02-06 17:45:43 +01:00
Andras Iklody
e976242878
Reworked aros_acos creation
...
- moved and fixed the aros_acos creation on the new role creation
- new method in appController that sets all the aros_acos from scratch
(for example for a new instance, or a changed acos / aros table)
- some minor changes, redirects to the terms page on invalid events
removed, etc.
2013-02-05 17:22:37 +01:00
Andras Iklody
7f6f166838
Fixes to access rights, some sanitization, etc
...
- Admins cannot manually change anyone's authkey, they need to generate a
new one via the reset link
- Some pages could be accessed by changing the url - fixed (though needs
further testing)
- Edited a change in the manual that may have been confusing
- Some changes to the way ACL is set up - still needs more work
2013-02-04 17:55:35 +01:00
Noud de Brouwer
a6371f5ad8
coding standards
...
Coding Standards.
2013-01-28 08:32:01 +00:00
Andras
8d88bcb2b5
Fix for the synchronisation
...
An error in the pull fix broke the push/publish feature. Fixed.
2013-01-27 21:27:58 +01:00
Noud de Brouwer
3d40095547
coding standards
...
Coding Standards.
2013-01-25 07:51:20 +00:00
Andras Iklody
24b10579ad
Pull fixed
...
Fixed the issues with pull, should work fine now
2013-01-24 17:32:57 +01:00
Noud de Brouwer
3917e93ae6
coding standards
...
Coding Standards.
2013-01-24 14:35:13 +00:00
Andras Iklody
ce4bf4bd1b
Fixed push/publish
...
Fixed a few issues that caused push/publish not to work
2013-01-24 15:10:59 +01:00
Andras Iklody
879154eab2
Fixed deprecated errors
...
Removed cause of deprecated errors (Pass by reference)
2012-12-20 14:48:23 +01:00
Noud de Brouwer
547a80ba7d
Sanitize
...
Sanitize countermeasures.
2012-12-19 15:28:31 +00:00
Noud de Brouwer
95158d2ef3
Sanitize
...
Sanitize countermeasures.
2012-12-19 12:42:38 +00:00
Noud de Brouwer
a8434d4830
Sanitize
...
Sanitize countermeasures.
2012-12-19 12:13:37 +00:00
Noud de Brouwer
0e668e6b90
coding standards
...
Coding Standards.
2012-12-18 19:51:42 +00:00
Noud de Brouwer
ea9aa8eb3a
coding standards
...
Coding Standards.
2012-12-18 19:25:12 +00:00
Noud de Brouwer
d89ab91dee
coding standards
...
Coding Standards.
2012-12-18 16:44:07 +00:00
Noud de Brouwer
8ca550cbe1
event.analysis
...
set analysis* in view().
2012-12-18 03:59:45 +00:00
Noud de Brouwer
8864ee78f7
generateAllFor<FieldName>
...
so we can use an URL like:
http://localhost/ <TableName>/generateAllFor<FieldName>/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
2012-12-18 03:50:52 +00:00
Noud de Brouwer
68617350e8
Sanitize
...
Sanitize::clean() but redo the info and value fields.
2012-12-18 03:18:48 +00:00
Noud de Brouwer
46ab0d2e58
sanitize
...
small correction on a "\n" in info.
2012-12-17 15:51:14 +00:00
Andras Iklody
1ceadab700
Added features from branch analysis_levels
...
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
2012-12-17 15:51:30 +01:00
noud
2903493205
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
2012-12-13 16:03:35 +01:00
noud
276cb5df10
RESTfull sync
...
this is in responce to the email
From: <User1088@QET.BE>
To: <ndebrouwer@hotmail.com>, <andrzej.dereszowski@ncirc.nato.int>
Subject: Re: sync/REST
Date: Fri, 7 Dec 2012 13:30:10 +0000
in this there is a complaint about the RESTfull sync workings.
the email hints about 2 possible options:
i) RESTfull add event without attributes (conform the web interface)
ii) RESTfull add event with attributes (more conform the code)
both are implemented and can be choisen in bootstrap.php by
Configure::write('CyDefSIG.rest', 'ii') or 'i'.
2012-12-13 15:52:00 +01:00
noud
094719fa01
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Model/Event.php
2012-12-12 18:01:39 +01:00
noud
26c8ad57ee
Role
...
renamed everything group to role (i.s.o. renaming just the visable).
2012-12-12 16:15:01 +01:00
noud
52a7625a9d
Source Code Review
...
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
2012-12-12 14:01:00 +01:00
noud
079ce88793
RESTfull sync
...
Let RESTfull only work conform the web pages (to Christophes wish),
so add/edit event apart from add/edit attribute.
(there is annotation in the code to revert back to full RESTfull and
add/edit the attribute(s) alongside add/edit the event.)
2012-12-11 16:11:45 +01:00
noud
718691a627
RESTfull
...
make RESTfull event add and edit work again.
2012-12-10 13:49:56 +01:00
noud
e24ff690bb
RESTfull/sync
...
redid the sync, so if add and exist, send HTTP 302 and different
Location, and do edit there.
Still, the final result has to compare the attributes and if needed
RESTfull delete.
2012-12-07 13:56:19 +01:00
noud
4ab744ed76
Added bubble when hovering over related events
...
make baseurl variable conform bootstrap.
2012-12-05 09:00:35 +01:00
noud
63811bffb6
Added bubble when hovering over related events
...
make authkey variable conform the authenticated user.
2012-12-05 08:56:58 +01:00
noud
053edeb304
regex and blacklist
...
blacklist, as in, do not input attributes, is working now,
for manual, batch and GFI Sandbox import.
2012-12-03 10:34:28 +01:00
noud
2af02aa100
input regex
...
use RegexBehavior on Event.info and Attribute.value.
2012-11-30 13:52:09 +01:00
noud
2daba5a3c2
correlation
...
do not show the same event id multiple times for one attribute shown.
2012-11-29 14:42:06 +01:00
Christophe Vandeplas
be939c2b9e
fix bug when published event that is added using REST is not pushed to
...
remote servers
2012-11-29 09:15:53 +01:00
noud
d301f201b9
distribution
...
do not do anything upon delete in regard to distribution.
2012-11-28 11:17:55 +01:00
noud
1e4597c009
distribution
...
if distribute upstream, do not alter org, user_id nor distribution
settings.
2012-11-28 11:09:08 +01:00
noud
a3524bb0ee
coding standards
...
correct conform coding standards.
2012-11-27 12:51:00 +01:00
Christophe Vandeplas
4a0e4ada0e
removing update functionality for REST.
2012-11-27 10:08:39 +01:00
noud
bba0088b88
correlation
...
repair correlation after introduction of 'This server-only'.
2012-11-23 14:48:59 +01:00
noud
59bab3e1a4
correlation
...
sort Related Events decending on date and second on id.
2012-11-23 10:02:46 +01:00
noud
6cce4792b4
correlation
...
some correction so no missing correlation.
2012-11-23 08:56:43 +01:00
noud
ab8fd6b9f2
correlation
...
respect the latest added 'This server-only'.
2012-11-22 15:55:22 +01:00
noud
c3c8c1e771
RBAC
...
respect setting for edit event.
2012-11-22 14:48:29 +01:00
noud
ccff6db9a4
private
...
show 'This server-only' events to all on the server.
2012-11-22 13:34:06 +01:00
noud
957b3e27b8
Merge branch 'master' into develop
...
Conflicts:
app/Controller/ServersController.php
2012-11-20 11:01:18 +01:00
noud
b2c268845f
code standards
...
respect code standards.
2012-11-19 14:49:38 +01:00
noud
1cddb6abe0
distribution
...
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities
Push is tested, pull not yet.
2012-11-16 15:25:57 +01:00
noud
5d37e93eb6
code
...
have the distribution description in one place, just the model.
2012-11-16 11:43:47 +01:00
noud
2d3132ef53
code
...
removed small double code.
2012-11-16 10:11:52 +01:00
noud
247525ccbf
sync (publish)
...
Event publish button in events index and event view does
report push failure(s) if any remote server is down.
2012-11-16 10:09:04 +01:00
noud
ea0ab59e4f
code standards
...
corrections toward code standards.
2012-11-14 17:16:36 +01:00
noud
b99d568433
correlation
...
resolved comment typo.
2012-11-14 08:29:05 +01:00
noud
723ef6c3d1
correlation
...
respect distribution Org in correlations.
(for this
add correlations.1_private conform MYSQL.correlaton.sql
and
AppController::generateCorrelation() must be run)
2012-11-13 14:13:38 +01:00
Andrzej Dereszowski
00d1958b86
Merge branch 'master' of /home/git/cydefsig
...
Conflicts:
app/Controller/AppController.php
2012-11-09 14:58:01 +01:00
noud
1183437606
correlation
...
respect distribution Org only.
2012-11-09 13:42:15 +01:00
Christophe Vandeplas
68b038a29a
fixes bug where no email alert is sent when event is added using API
...
(and published)
2012-11-08 11:11:02 +01:00
noud
2785512268
distribution
...
removed No push leftovers as a distribution.
2012-11-07 15:41:50 +01:00
noud
49cf9400aa
NIDS
...
Unpublished events with an attribute flagged for IDS signature will
create an IDS signature (should be published only).
2012-10-30 16:03:58 +01:00
noud
f82c3f5f0c
dropdowns
...
let the risk dropdown in event add and edit behave like the other
dropdowns.
2012-10-30 12:54:04 +01:00
Christophe Vandeplas
8b6c212bf4
fixes bug when alerting and a single gpg key is giving problems
2012-10-30 12:41:19 +01:00
noud
2b24b36639
(internationalization)
...
setFlash using __(), so transletable lateron.
2012-10-30 09:13:35 +01:00
noud
39abe9e589
Distribution
...
distribution changes conform func.spec.
2012-10-29 16:49:04 +01:00
Andrzej Dereszowski
a4eca35c0e
Fixed lost JS helper in EventsController
2012-10-25 11:47:04 +02:00
noud
8bc1b767ef
GFI Sandbox
...
Replace Windows specific info in a $string with environment variables en
registry keys.
2012-10-25 10:14:40 +02:00
Christophe Vandeplas
32db0d82fb
bugfix issue where delete event will also be triggered on servers with
...
no push active.
2012-10-23 18:18:06 +02:00
noud
9790c4b60f
Crypt_GPG
...
small comment about debug and
small note in readme about file rights.
2012-10-23 17:27:50 +02:00
noud
1b570b9183
Pulldowns
...
removed the select optgroup.
2012-10-23 14:58:50 +02:00
noud
fb38f0ca92
GFI Sandbox
...
regexp replacement of usernames.
2012-10-23 12:05:40 +02:00
noud
4b096fa584
distribution
...
changes and cleanup.
2012-10-23 11:28:39 +02:00
noud
1f428e4aa5
Wording change
...
so this works.
2012-10-22 16:39:33 +02:00
Andrzej Dereszowski
25e63dda68
Wording change
...
Changed Private column to Distribution + some minor vocabulary changes.
2012-10-22 16:29:08 +02:00
noud
0d65adc9d5
Merge branch 'master' into develop
2012-10-19 13:31:19 +02:00
Christophe Vandeplas
311a09e2b0
fixes bug 87 - on import of existing event: event info changed, tagged
...
private. Also fixes events tagged private when added using REST api.
2012-10-19 13:28:32 +02:00
noud
897732cd46
Crypt_GPG
...
small comment about debug and
small note in readme about file rights.
2012-10-19 13:17:56 +02:00
noud
eae89d95cd
Private.
...
Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.
Has a generatePrivate for db conversion now.
2012-10-18 11:40:12 +02:00
noud
67e50cb612
Private
...
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).
Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
2012-10-17 14:45:26 +02:00
noud
5bef441aba
GFI Sandbox
2012-10-17 10:42:09 +02:00
noud
870372fb07
Merge branch 'master' into develop
...
Conflicts:
app/Config/bootstrap.php
2012-10-10 08:37:12 +02:00
Andrzej Dereszowski
6698e4c05e
Cosmetic changes
...
Descriptions in the export functionality polished.
2012-10-09 16:08:38 +02:00
noud
d112775251
Merge branch 'master' into develop
2012-10-09 13:10:27 +02:00
noud
a5ad4b734e
Comment.
...
Be able to send comment to Org or Owner/user_id.
2012-10-09 12:49:42 +02:00
noud
8f3d624c1a
Merge branch 'master' into develop
...
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
2012-09-24 16:02:01 +02:00
noud
8179a1a691
Merge and code standards.
...
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
2012-09-24 09:02:09 +02:00
noud
64a354678d
GFI sandbox import.
...
Replace Windows environment variables
%UserProfile% and %AllUsersProfile%.
2012-09-20 13:27:36 +02:00
noud
3199839286
GFI sandbox import.
...
do not load non existing stored_created_file.
2012-09-20 12:07:19 +02:00
noud
113b445bcf
Better placement of plugins (touching RBAC & Audit log)
...
If it's just an existing behavior or lib,
place it in a plugin directory structure in <cydefsig>/plugins.
If there is a need to change an extern existing plugin,
extend the existing plugin by a new plugin in <cydefsig>/app/Plugin.
This way there is a very clean devision between own and external code.
The external code can be updated without touching own nor changed code.
2012-09-20 11:34:41 +02:00
noud
1d04652476
CakePHP Coding Standards
...
changed to camel caps format where needed.
2012-09-19 11:05:10 +02:00
noud
a4c29a812f
XML related.
...
Made tools/curl/input/event.xml more anonymous.
Events/xml/view.ctp wrongly showed category_order.
REST Event add did not work anymore given GFI sandbox import.
2012-09-18 16:50:07 +02:00
noud
94a367c2f5
CakePHP Coding Standards
...
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
2012-09-18 15:30:32 +02:00
noud
253d8e1b58
Merge branch 'master' into develop
...
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
app/View/Events/view.ctp
2012-09-17 13:02:53 +02:00
noud
0f4a0dffea
Sync & Correlation.
...
During sync and correlation = db,
an attachment or malware did not get processed into
Attribute.data, so will not be synced.
Now, conform other correlation methods being 'default' or 'sql'
the attachment or malware is synced as well.
(master has been synced with mil.be not using db correlation,
so should have the data.)
2012-09-13 08:50:30 +02:00
noud
53b22b4c57
Sync.
...
On publish and no configured GnuPG, do tell
event is published but no email sent.
2012-09-05 09:08:44 +02:00
noud
abd3b55fef
Sync and REST.
...
REST delete event working again after uuid change.
2012-09-05 08:45:59 +02:00
Andrzej Dereszowski
2a7f36d5f9
Merge branch 'master' of code.lab.modiss.be:cydefsig
2012-09-04 12:07:34 +02:00
Christophe Vandeplas
fd05d14602
fixes inconsistent relatedAttributes and relatedEvents arrays with
...
different correlation implementations
2012-09-04 16:14:10 +02:00
noud
6303d687ba
Sync and gpg.
...
If no gnupg installed.. do not tell, for NIAS demo.
2012-09-04 15:53:11 +02:00
noud
2842e4a81f
validation
...
add event and empty info now does not MethodNotAllowedException
but Flash and show the invalid.
2012-09-04 15:29:15 +02:00
Christophe Vandeplas
bc0dbd5b97
removes 'Published from' reference
2012-09-04 15:25:45 +02:00
Andrzej Dereszowski
23bbaa9843
Merge branch 'master' of code.lab.modiss.be:cydefsig
2012-09-03 10:29:21 +02:00
noud
fc1f2c69a4
REST (and Sync)
...
Make REST edit work.
2012-09-03 13:44:19 +02:00
Christophe Vandeplas
8e7312cd9f
Merge branch 'master' of git@code.lab.modiss.be:cydefsig.git
2012-09-03 11:36:16 +02:00
Christophe Vandeplas
111644b16a
refactored uuid integration (moved to beforeFilter)
2012-09-03 11:35:21 +02:00
noud
8a021ba82d
Sync.
...
get the user and org correct,
given authkey them are known to the system.
2012-09-03 10:26:13 +02:00
Christophe Vandeplas
b8fe8bd4eb
cleaned up artifacts from refactored logo display
2012-08-31 10:38:14 +02:00
Andrzej Dereszowski
74764d4e8b
Merge branch 'master' of code.lab.modiss.be:cydefsig
...
Conflicts:
app/Controller/Component/NidsExportComponent.php
2012-08-30 10:59:07 +02:00
noud
4ae71fc963
Sync.
...
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).
To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
2012-08-28 15:36:14 +02:00
Christophe Vandeplas
6673b56c61
fixes bug where expired GPG keys break the email-alert system.
2012-08-27 11:23:55 +02:00
noud
7d98c5f31e
GFI Sandbox upload.
...
If add event, give a GFI Sandbox export file upload field option.
Unzip, read .xml, add attachment malware, created files and ip-dst.
2012-08-22 16:04:55 +02:00
noud
7e23e3bc77
Event.user_id rollback(-part).
2012-08-22 15:19:28 +02:00
noud
8c1cfa731a
loggable behaviour.
...
some merge correction for events and servers, so we log again.
2012-08-22 14:39:41 +02:00
noud
b7a5d8a3f8
Delete (published) event or attribute.
...
Previous, upon delete only on the local server the event or attribute
was deleted.
Now, if delete, look for same event or attribute (using it's uuid)
and delete on remote servers as well.
Also look and delete if not published, so no dangling/zombie copies
remain on remote servers.
2012-08-21 16:55:57 +02:00
noud
43d9f42032
HIDS exports sorted (and small indention correction).
2012-08-08 14:21:28 +02:00
noud
cdc7484944
REST edit Event implementation.
...
Now after publish, edit and (re)publish an event,
that event will be updated on the other servers.
2012-08-07 11:57:52 +02:00
noud
8dc4fa383b
Event.user_id.
...
Event.user_id was re-added but we still missed some,
so an added event would get user_id set to zero.
Now Event gets the correct user_id again from
the person logged in and adding.
(lateron this must not be used during sync.)
2012-08-06 14:27:55 +02:00
noud
2dea0e347d
Correlation performance gain.
...
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');
possible values:
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
(sql improvement possible if result conform db above)
Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)
default db sql
all 25366 16601 15941
24839 16604 15611
paginated 16759 8447 6615
17734 8639 8846
this is used in both:
- events/view/<id>
- attributes/event/<id>
2012-08-03 12:00:16 +02:00
noud
bda5e56f9b
Export HIDS files with MD5 and SHA-1.
2012-07-27 15:19:40 +02:00
Andrzej Dereszowski
3ff180e898
Merge branch 'develop_0.2.2-0.2.3' into develop
...
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
2012-07-24 16:09:48 +02:00
deresz
d879deb027
news: removed some old stuff
...
EventsController: contact mail display name from the config file
2012-07-19 09:48:45 +02:00
deresz
73e87f31e0
Use CyDefSIG.name from Config in alert e-mail subjects.
2012-07-04 17:15:01 +02:00
Christophe Vandeplas
09c4656944
improved NIDS output
2012-06-29 13:41:23 +02:00
noud
66c5312ea6
DataBase migrate, Audit and Access Control granulation.
2012-06-28 17:24:12 +02:00
Christophe Vandeplas
500418cb61
fixed silly bug in priority assignment of nids export
2012-06-28 14:58:19 +02:00
root
b4558887ce
Revert "Audit and ACL first cut."
...
This reverts commit 5818231f48
.
2012-06-26 09:40:52 +02:00
noud
5818231f48
Audit and ACL first cut.
2012-06-25 15:54:52 +02:00
Christophe Vandeplas
5993e3eec8
fixed nids snort rule conversion because of greedy * and +
2012-06-25 10:18:45 +02:00
Christophe Vandeplas
f023d98b5b
improvement of nids - level and message
2012-06-22 13:48:35 +02:00
Christophe Vandeplas
2268bd73dd
micro fix in nids export
2012-06-22 12:46:07 +02:00
Christophe Vandeplas
8c313bc054
changed classtype
2012-06-22 11:49:02 +02:00
Christophe Vandeplas
957e4f232b
minor memory usage improvements by referencing in foreach ($array as
...
&$value) loop
2012-06-11 11:40:31 +02:00
Christophe Vandeplas
2d335f5dbe
cleanup of comments and todos
...
minor memory performance improvement
2012-06-11 11:01:58 +02:00
Christophe Vandeplas
5eb6a89384
removed reference to useless user_id.
...
fixed bug where Contact reporter doesn't work when user does not exist
(contact reporter now sends mails to all the org)
2012-06-08 16:57:10 +02:00
Christophe Vandeplas
9cd1b0469d
minor change
2012-06-06 11:03:08 +02:00
Christophe Vandeplas
1a0586f14f
unique attribute for nids export
2012-06-04 12:06:46 +02:00
Christophe Vandeplas
f455405475
better error outputting
2012-06-03 22:51:56 +02:00
Christophe Vandeplas
39fb9bca1d
Attribute types validation is now a separate function that uses the
...
Attribute->type_definitions variable
2012-05-31 17:12:26 +02:00
Christophe Vandeplas
aac2f5926f
minor fixes
2012-05-31 08:55:51 +02:00
Christophe Vandeplas
d319860268
fixes security issue (overwrite existing event)
2012-05-31 08:47:49 +02:00
Andrzej Dereszowski
7ee4d29fac
Fixed merge conflicts with HEAD at belmod
...
Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
2012-05-29 17:19:36 +02:00
Andrzej Dereszowski
1a91c2f49b
Help messages implementation (forms and list views).
2012-05-29 16:53:50 +02:00
Christophe Vandeplas
155f9fe720
fixed logic bug
2012-05-25 10:01:59 +02:00
Christophe Vandeplas
ad69aeb38f
only sync event on publish when sync feature is on
2012-05-25 09:34:54 +02:00
Christophe Vandeplas
747c211723
auto-upload when publish event
2012-05-25 09:31:14 +02:00
Christophe Vandeplas
cd30bb5d30
push / pull seems to work with attachment support. Lots of testing
...
required.
2012-05-23 16:32:46 +02:00
Christophe Vandeplas
aa043a445b
limit saveAssociated using fieldList
2012-05-22 15:52:55 +02:00
Christophe Vandeplas
6d8b0a98b0
attachment support in REST API
2012-05-22 13:58:37 +02:00
Christophe Vandeplas
00d62ab722
REST XML request also received base64 encoded file content
2012-05-21 15:20:25 +02:00
Christophe Vandeplas
9462902d97
workaround for bug where uuid is not set when empty. See bug
...
http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2893
2012-05-21 13:14:28 +02:00
Christophe Vandeplas
395f29dd21
fixes bugs in NIDS export with duplicate SIDs
2012-05-09 15:17:16 +02:00
Christophe Vandeplas
fa167bc2c8
.
2012-05-04 14:47:50 +02:00
Christophe Vandeplas
03ad7d3acd
fixes event with no attributes in REST request
2012-05-04 12:44:27 +02:00
Christophe Vandeplas
e1189e576a
fixes problem of not being able to import events with single attribute
2012-05-04 12:37:31 +02:00
Christophe Vandeplas
9e9837d59d
Basic sync push seems to work
2012-05-03 14:32:49 +02:00
Christophe Vandeplas
37ee17510e
fixes security bug in XML REST request
2012-05-03 13:53:47 +02:00
Christophe Vandeplas
60a5b1e1c6
moved alert email functionality to separate function _sendAlertEmail()
...
REST event add requests also send out mails where necessary
2012-04-26 14:54:04 +02:00
Christophe Vandeplas
aea079b8c4
bugfix in Attribute validation
...
Do not search for related attributes for specific types
2012-04-25 10:30:23 +02:00
Christophe Vandeplas
a2d073b7b9
REST POST of event and signatures works (basics, no error-handling)
2012-04-10 15:47:42 +02:00
Christophe Vandeplas
c2975a77a4
Allow saving of data using REST API
2012-04-07 08:31:01 +02:00
Christophe Vandeplas
fb958eaacc
Logging in for REST using Authorized HTTP header field.
2012-04-06 16:32:33 +02:00
Christophe Vandeplas
49aaced78a
Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop
...
Fixed conflicts in: app/View/Events/view.ctp
2012-04-04 17:53:51 +02:00
Andrzej Dereszowski
6c5a5aa427
- small bug with "No GPG key" message marked in the code
...
- path to homedir for GPG added in User.php
2012-04-02 12:14:27 +02:00
Christophe Vandeplas
41d03e69f3
Merge commit 'dee8a866e691fde2eedbd9a2418a6027f88d07cf' into develop
2012-04-01 20:08:07 +02:00
Christophe Vandeplas
dee8a866e6
Fixed bug where GPG homedir was not set in a few places
2012-04-01 19:23:46 +02:00
Christophe Vandeplas
bf8ae66e9c
First version or REST API to export data
2012-04-01 17:30:00 +02:00
Christophe Vandeplas
19eaa12050
Allow publishing of events without sending email.
2012-03-31 22:07:35 +02:00
Christophe Vandeplas
95455f51a6
Fixed minor bugs
2012-03-27 18:58:11 +02:00
Christophe Vandeplas
20cddd07db
changed alerted -> published
...
other minor fixes
2012-03-27 14:49:31 +02:00
Christophe Vandeplas
da99625a6c
minor change in getRelatedAttributes function
2012-03-27 14:02:49 +02:00
Christophe Vandeplas
7c4394682d
Renamed Signature to Attribute
2012-03-26 19:56:44 +02:00
Christophe Vandeplas
28cf7d44e9
XML export ... woohoo !!!
2012-03-26 15:06:01 +02:00
Christophe Vandeplas
df7efb9d88
number of entries in the index lists
2012-03-26 13:11:06 +02:00
Christophe Vandeplas
a1b8719db4
fix error when there are no related events/signatures, or simply
...
signatures
2012-03-26 12:40:18 +02:00
Christophe Vandeplas
04c9028008
preformance improvement when searching for related events (by reusing
...
results from related signatures search)
2012-03-25 16:21:51 +02:00
Christophe Vandeplas
7b1673d212
md5 and sha1 hashes now automatically lowercase
...
cleaned up some code and fixed some vulnerabilities
2012-03-25 15:56:29 +02:00
Christophe Vandeplas
da2687846b
Implemented file-upload of attachment or password protected
...
malware-samples. Base code contributed by Andrzej Dereszowski
2012-03-23 20:04:22 +01:00
Christophe Vandeplas
23d161f332
minor micro changes
2012-03-21 21:44:18 +01:00
Christophe Vandeplas
23572019bb
Signature is now known as Attribute
2012-03-21 21:25:16 +01:00
Christophe Vandeplas
4bbbfc36c3
Not finished editing -> not published
2012-03-21 11:01:37 +01:00
Christophe Vandeplas
7a3be6953c
fix bug of login/authinfo not refreshed when reseting authkey
2012-03-20 15:44:39 +01:00
Christophe Vandeplas
ce0c0aba0e
isAuthorized now handles permissions on admin,delete,edit,... actions
2012-03-20 14:57:52 +01:00
Christophe Vandeplas
495cc1a6c2
UUID support for syncing
2012-03-20 13:40:58 +01:00
Christophe Vandeplas
865a24d0bd
Migration to CakePHP 2.1.
...
Most of the functionality migrated, Q&A review required.
2012-03-15 15:06:45 +01:00