sha256, http-method, named-pipe and mutex added to the
shadow attributes. Fixing #170
This is not solving the core issue of having duplicate
attributes declaration in MISP but this is fixing the
consistency issue between attributes and shadow attributes.
- conversion of the array in the XML export to be compatible with the XML parser (some invalid characters could break it)
- New separate CSV export that includes all visible unpublished and non IDS signature attributes on request
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user
- IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql)
- This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition
- The default value for locked is 0, and all events created on the instance should be set to this value
- events that were synced from another instance should have their locked value set to 1
- this script checks for local organisations and sets the locked field to 1 for all events not created by them
- a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user.
- The script is only accessible by site admins and will return a notification about the number of events altered.
- PGP key of the user shown in the profile instead of always showing N/A
- Contact e-mails now include the instance's owning org in the subject
- Users can now enable/disable contact e-mail subscriptions
- Quickpost without reloading the page with AJAX
- for page changes / adding posts show an animated spinner
- spinner div / styles available from every page (the div is located in the default layout and is hidden unless manually shown)
A global configuration CyDefSig.cveurl added to specify the URL
where to reference a CVE/NVD number. CyDefSig.cveurl is optional
and if not existing fallbacks to the original google.com URL.
The attribute HTTP method added. By default, the values
must match the known HTTP method from RFC2616, RFC2518,
RFC3253, RFC3648, RFC3744, RFC5789, RFC5323. The method
is case sensitive.
If a file terms exists in app/View/Users, the terms are included.
If not, the default message is included to inform the admin. This
avoids to overwrite local terms when updating MISP code.
- Users can now see the path they took while jumping from related event to related event
- Removed the breadcrumbs
- Some UI changes (user menues were not showing the active page, etc)
- Resetting the auth key for a user that doesn't exist created an empty
user
- change_pw showed an admin menu on the side
- rerouting after an incorrect auth request fixed (users/index doesn't
exist)
- temporarily disabled the redirect after login
- GFI import issue fixed with attribute ID 1 not existing causing the
import to fail for several attributes
- GFI import change: registry keys with binary value are now artifacts
dropped instead of persistance mechanism
- GFI import change: files with size of 0 will be omitted
- file attachment download change: moved away from the deprecated media
view in favour of cakeresponse->file()
- Regular expressions are now only checked for attributes
- Regular expressions are now defined and checked on a type by type
basis, with the setting "ALL" affecting all attributes
- creation / deletion of several attributes in one edit to accommodate
for several checked type options
- perform on all admin option now only saves attributes that actually
get changed by the regexp, making the function usable again for larger
databases
- Some feedback on what got changed during a perform on all
- UI changes in the index / regexp add / edit views to reflect the type
sensitivity changes
- Since regexp can be used to blacklist things, there's no need to have
two separate features that accomplish the same thing
- Add a regexp named /1.1.1.1/ with nothing as replacement and it will
behave the same as adding a blacklist for 1.1.1.1 in the old system.
- The previous UI changes fixed the top and the bottom bar to the
viewport
- It was great for the UI with the debug disabled, but it obstructed the
debug info with it on
- now, turning debug off fixes the top bar and the bottom bar, turning
it on returns it to the top and bottom of the page, as it was in earlier
versions
- login screen looks a bit fancier and is more customisable
- admins can add a Logo next to the login fields, there's a MISP logo
ontop with a line of text above and below it, editable via bootstrap.php
- Footer re-added, has the PGP key download and the center footer text
from MISP 1.1
- A logo on the right side of the footer, optionally added by
bootstrap.php
- Header, Footer, menu are now fixed and not affected by scrolling the
screen
- Places an optional logo to the left
- MISP logo above the login fields, with an optional pre and post text
- define them in the bootstrap as indicated in bootsrap.default.php
- until now checkAction was used to check permissions of a user
- but since all of the role permissions are checked beforefilter in
appcontroller and saved into a public array, doing a lookup of the
array saves an SQL call for each permission check.
- added the button for the CSV download
- fixed a bug with the csv search result downloader blocking non IOC
results even if the search terms did not specify IOCs only.
- CSV export for individual events, all events, search results
- Whitelists are now preg_matches instead of simple string matches
- whitelist checks are to be applied on almost all exports
(implementation in progress)
- the exception will be the search result exports, if the (to be
implemented) to_ids only checkbox isn't checked
- removed the e-mail for non site admins from the event index (they can
still see it in the event view if the event was created by the same org)
- added a text MISP logo
- smaller icons for the event index
- Use ! to exclude terms in the value/id/org fields
- org search works the same way as value / id now, you can enter several
terms separated by a newline. Also, adding ! infront of a term will
exclude the organisation from the results
- sub string search for organisations
- Affects org and info field
- terms have to be saparated by pipe (|)
- terms can be terms that will be OR-d or excluded terms that will be
AND-ed
- to exclude a term use !
- A valid filter search for info would be: 'term1|term2|!term3'
-> this would result in all events with the info field containing term1
or term2 but not term3
- siteadmins can now search the creator org instead of the owner org
(like normal users would)
- Changed the org search to be a partial match instead of an exact match
- email of the user creating an event shown if current user's org ==
event's orgc
- on export, the check for to_ids will happen outside of the if branch
that sets extra restrictions of non site admins. Otherwise site-admins
would accidentally include attributes that aren't iocs.
- old versions of IE didn't handle an incorrect form creation as gracefully as the other browsers
- forms should not be created within a table unless it's within a <td> (it was
on <tr> level before). The normal solution would be to encapsulate the
entire table in a form, but since we have formlinks for the deletes /
publishes this would get flagged as form tampering by the security
components.
- As a fix, filter forms are created separately for the 4 search fields within their <td> now with hidden fields that keep the persistence of the previously
entered filter terms
- New field for events, locking an event from sending out a contact
e-mail when a proposal is made to it
- Default setting for the new field is 0, if a shadow attribute is
added an e-mail is sent to all subscribing members of the orgc and the
new field is set to 1
- Accepting a change resets the field to 0