- python server running in the background doing the publishing
- MISP -> python script communication via redis
- configurable / controllable via the admin UI
- by installing the requirements described in the update and the install instructions (ubuntu only for now, centos/red-hat versions to be tested and described), administrators can enable the pub/sub feature
- assign a port to the service via the interface
- each time an event is published, MISP will use ZMQ's PUB feature to push out a MISP JSON package using the "misp_json" prefix
- contact reporter first tries to contact orgc users on the instance, if they don't exist, it will contact the owner (instead of going straight to the owner)
- hostname / domain name validation change broke validation of hostnames/domain names / email addresses with a "-"
- Some documentation changes for the REST API (more coming)
- some tuning of the freetext import
- added the new flag "last" to the list of parameters
- exports affected: XML, CSV, NIDS, HIDS, STIX, Text, RestSearch
- Valid values: number + format where format can be d, m, h for day, minute, hour (examples: 5d or 12h or 30m)
- Popover_form purged after the form has been submitted
- a duplicate hidden div was created for confirmation popups within the attribute creation popup and clicking publish populated the wrong div
- comma separated values now correctly parsed
- Ports in IP/url/link/domain/hostname now added as a comment
- virustotal now automatically recognised as external analysis / link
- Events published / pushed will now refuse to sync if the situation arises where no attributes would be eligible to be synced
- Events pulled that contain no attributes will be thrown away
- Reworking the way e-mails are sent - all of it goes through a centralised e-mail method
- just pass the recipient, recipient encryption key collection, body, alternate body if the message cannot be encrypted, subject, reply to address and pgp key for reply to along and the method will do the rest
- encrypt if possible, check if sending without encryption is allowed, signing, adding attachment for reply to encryption key, using alternate sanitised body if it is enforced for accounts that cannot use encryption is all done in one place
- easy to maintain and expand with future changes (such as the S/MIME pull request on github)
- Users being logged on would not be able to use the actions that are also used for automation
- Those actions trigger a check of the authorization header, which in certain use cases can be set with values that is outside of the scope of MISP
- MISP will now try to only detect MISP auth keys in the headers and if it detects something else it ignores it
- Unified the way exports accept negated parameters
- Fixed the documentation
- Most exports are now restrictable by the event date (From/To parameters)
- none cached XML export now writes to file after converting each event, clearing the memory and resolving any potential memory issues
- Pull request by RichieB2B: CentOS 6 & 7 installation instructions
- Pull request by RichieB2B: STIX exports now include comments for indicators
- Pull request by RichieB2B: Issue fixed with md5 type attributes not generating observables correctly during a STIX export
- Password policy change-able by a site admin via a regex and a min char requirement. Old functionality assumed if not set.
- bug fixed with incorrect jobs being created appearing during a scheduled pull (designates a push)
- slight changes to the installation instructions
- database.default.php now uses localhost instead of 127.0.0.1 and the default MySQL port
- Scheduled pulls should work correctly now
- Scheduled pushes and pulls correctly display in the logs
- Scheduled caching correctly sets the next date of execution
- Deleting attributes on connected MISP instances can cause serious performance issues on multiple interconnected instnaces, temporarily removed
- Version number incremented
- Important! Logo images have now moved to a different location! Make sure that you update your settings!
- Site admins can now manage the uploaded image files and the terms of use file via the server settings interface
- add, link, delete files directly from the interface
- use terms file as before if nothing else specified
- specify a file in the app/files/terms directory via the server settings tool
- specify whether to show it inline or create a download link for users instead
- by default everything is the same as before, except that the MISP installation path is no longer exposed by a non-existing terms file