- The event export buttons have been unified into a single download as... button
- clicking it loads a popup with all of the export formats
- added snort, suricata, text dump to the export options
- added the option for an extra setting for some exports (such as including non IDS flagged attributes, encoding attachments)
- easily extendable system
- moved the hidden popup divs into the general layout, can be easily reused anywhere
- removed the auth refresh option that was re-enabled recently as it seems to sometimes cause issues
- text exports now allow "all" to be specified as type, which will dump all attribute values that the user can see
- text exports now allow restricting the results based on event id
- shows both orgc and org to normal users
- naming convention changed (orgc => source org, org => member org)
- this should allow users to see if an event was generated on their instance or not.
- Tags are now fully shown on the event index
- can be enabled via bootstrap (the Configure::write setting is in the bootstrap.default.php file)
- shorthand distribution names
- narrowed some of the fields down
- new special role for tagging
- can create tags with a name + colour combination (using a colour picker plugin)
- users can assign tags to events
- can filter events by tags on the index
- upgrade script that populates threat level from the old risk field for every event that doesn't have a threat level set.
- threat levels in an event (from a sync for example) that are unknown to the local instance now show the numeric value of the threat level
- Valid renamed to Published on the event index
- Attributes that are flagged as IDS signatures are now shown with a (IDS) notation at the end of the line in the alert e-mail
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap
Conflicts:
app/Controller/AppController.php
app/Controller/EventsController.php
- Event.risk has been replaced by Event.threat_level_id.
all functionality remains the same and users should not see
any difference.
ENUM() used for Event.risk is vendor specific and requires
too many hacks to play nicely with bake.
- Added default schema file, SQL dumps should be avoided since
they make updating/upgrading a pain.
- Removed old unused schemas
- Users can now see the path they took while jumping from related event to related event
- Removed the breadcrumbs
- Some UI changes (user menues were not showing the active page, etc)
- removed the e-mail for non site admins from the event index (they can
still see it in the event view if the event was created by the same org)
- added a text MISP logo
- smaller icons for the event index
- siteadmins can now search the creator org instead of the owner org
(like normal users would)
- Changed the org search to be a partial match instead of an exact match
- email of the user creating an event shown if current user's org ==
event's orgc
- on export, the check for to_ids will happen outside of the if branch
that sets extra restrictions of non site admins. Otherwise site-admins
would accidentally include attributes that aren't iocs.
- old versions of IE didn't handle an incorrect form creation as gracefully as the other browsers
- forms should not be created within a table unless it's within a <td> (it was
on <tr> level before). The normal solution would be to encapsulate the
entire table in a form, but since we have formlinks for the deletes /
publishes this would get flagged as form tampering by the security
components.
- As a fix, filter forms are created separately for the 4 search fields within their <td> now with hidden fields that keep the persistence of the previously
entered filter terms
- Fix to the proposed attribute edit that got broken in a previous
commit
- Fix to the org filters for non admin users
- Some changes to the documentation
- there was a bug that pushed the data entered into the "published"
filter field to the date fields -> fixed
- Also a bug in the serverscontroller, pulling threw an undefined
warning from the log controller because a single saveField was used and
the logController couldn't save the url data for the action
- visual changes
- date from/until fields
- published field
- a reset form button
- the org of an event added by a sync user will be that of the host
instance's own organisation identifier
iglocska