- Performance improvements for the event search exports
- JSON view code moved to Lib
- Fixed an issue that didn't restrict the dates correctly with the from / to parameters
- Caused by a 1k variable / form limit imposed by php since 5.3.9
- Form data now collected by JS and passed as a single JSON in the POST request
- Allows massive IOC lists to be imported
- improved performance
- Unified the way exports accept negated parameters
- Fixed the documentation
- Most exports are now restrictable by the event date (From/To parameters)
- none cached XML export now writes to file after converting each event, clearing the memory and resolving any potential memory issues
- The event export buttons have been unified into a single download as... button
- clicking it loads a popup with all of the export formats
- added snort, suricata, text dump to the export options
- added the option for an extra setting for some exports (such as including non IDS flagged attributes, encoding attachments)
- easily extendable system
- moved the hidden popup divs into the general layout, can be easily reused anywhere
- removed the auth refresh option that was re-enabled recently as it seems to sometimes cause issues
- text exports now allow "all" to be specified as type, which will dump all attribute values that the user can see
- text exports now allow restricting the results based on event id
- freetext import now optionally allows setting the comment field
- removing rows in the freetext import result redirects to the event view if all rows are gone
- shows both orgc and org to normal users
- naming convention changed (orgc => source org, org => member org)
- this should allow users to see if an event was generated on their instance or not.
- users can now search on attributes
- attribute search returns any event that has a a sub-string match on the entered attribute
- can also be used to negate (e.g: don't show me any events that have a sub-string match on any of its attributes)
- server setting has to be enabled to allow for this
- can cause issues if the event gets synchronised with an instance that has a different creator organisation for the same event
- it is recommended not to use this, but in some cases it can be very helpful - the setting for it in the configuration is called MISP.take_ownership_xml_import
- XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains
- New option in bootstrap to allow the cached XML export to also include the attachments
- CSV caching slightly rearranged, it's much more memory efficient now
- Some fixes to relatedevent orgs being shown even if showorg is disabled
- Added a new site admin action to generate several 3k events for load testing (slow)
- Tags are now fully shown on the event index
- can be enabled via bootstrap (the Configure::write setting is in the bootstrap.default.php file)
- shorthand distribution names
- narrowed some of the fields down
- UI improvements, events appear unpublished after ajax queries that alter attributes
- Events get unpublished by the attribute replace tool and template population as they should
- send uuids of events to be pushed together with timestamps to the other instance
- other instance removes events that are already up to date or locally created from the array
- sends the remaining uuids back
- first instance initiates the push of events that were not filtered out
- currently to_xml() has performance issues, if it's not resolved fast, it would be a good idea to move the export to the background workers
- some UI changes
- first version of templating system complete
- first version of freetext importer complete
- first version of mass attribute replace tool complete
- some UI changes
- malware samples / attachments couldn't be downloaded
- links weren't actually links
- deleting an attribute / shadowattribute now opens a custom confirmation dialogue. This is also where the CSRF tokens are generated for the post request to execute the delete, resulting in a faster event view load
- AJAX requests now also respond with a small message at the bottom of the page, notifying the user of the result
- The following actions work now on the event page via ajax:
1. Add / remove tags
2. quick edit any attribute field if eligible
3. quickly create a proposal of any attribute field if not eligible to edit
4. popover attribute creation (also works with batch add)
5. popover proposal creation (also works with batch add)
6. delete attributes
7. accept/discard proposals
8. mass edit / delete attributes
Also, replaced the old memberslist, with a small lightweight css/js based one.
- Exporting a JSON object erroneously included related objects which prevented the exported event from being added back to MISP via the API
- Downloading search results as XML / CSV now correctly includes all of the search results instead of just the 60 visible ones on the UI (cut off by the pagination)
- The tags parameter in the exports now correctly accepts null as a valid value even if it is the last parameter