- Passing full attributes to the new modules
- No changes for the currently used modules
- Using a parameter to specify which format to use
- Current format used if no parameter is set
/!\ WIP, more to be updated soon /!\
galaxy namespace for the matrix view.
This commit aims to still have correct scores in the galaxy_matrix until the fixMitreTags functions is not live and running
- When using the url to query restSearch, withAttachements
is the correct parameter to use instead of includeAttachements
which works btw well with the rest Client anyway
- observer a server prioritising the deleted flag index when filtering attributes, leading to a massive performance loss
- hacky solution to make deleted and object_id (during flattening) indeces unusable
- Added result count to restsearch API via the x-result-count header
- Added the includeProposals parameter to the attribute level restsearch
- Readability of events controller improved
- Fixed a bug blocking malware samples from being added using /events/add when the encrypt=1 flag was set for raw sample inclusion
- if not set, only return published events / to_ids flagged events by default
- setting ignore:0 will result in the default behaviour
- setting ignore:1 will result in unpublished events and non to_ids attributes being filtered out
- fixed a bug that broke the CSV api if ignore:0 was passed
- cache several objects that were loaded over and over before on bulk exports
- includeGranularCorrelations internal flag added to include/exclude correlations from the export for certain types
- some cleanup
- performance gains
- first step in unifying all APIs
- moved the CSV data lookup into fetchattributes
- internal pagination is now more clever with a watchdog flag that can prevent unneeded executions by whatever calls fetchattributes
Export using automation functionnality for ids does not clean the special char like CRLF.
When there is a carriage return in the event info, the csv is broken.
- GET on /events/getEditStrategy/[id]
- where id can be either a local ID or a UUID
- returns a JSON dictionary with the following fields:
- strategy: edit | extend (edit if it's an own event, extend otherwise)
- extensions: list of dictionaries with existing extensions created by the user's org (containing the id, uuid, info fields)
- The algorithms implementing this should prioritise as such:
1. Check if user can edit the event (strategy == edit) - if yes, edit
2. If no, check if extensions exist - if yes, edit one of those
3. If no, create a new extension to the original event
- select and run a set of enrichments on all applicable attributes of the event
- exposed to the API
- exposed to the command line tool
- adheres to attribute distributions