MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
15,528 Commits
58 Branches
373 Tags
196 MiB
Commit Graph

15528 Commits (673edb1e4404bbdab44ccfb69c866a1317fcb7a5)

Author SHA1 Message Date
chrisr3d d0624310a7
fix: [stix2 export] Fixed x509 object export 
- x509 fingerprint hashes parsing was pointing to
  a part of a mapping dict which does not exist
 2020-06-14 14:09:03 +02:00
Andras Iklody f040c4c4ce
Merge pull request #6015 from GlennHD/patch-2 
Removed hosts-file.net feeds from default feeds
 2020-06-13 20:45:58 +02:00
GlennHD a81d49ef21
Removing hosts-files.net files 
Malwarebytes has discontinued the feed:  https://forums.malwarebytes.com/topic/258056-hosts-filenet-domain-lists-are-broken-what-happened/
 2020-06-13 10:57:09 -05:00
Alexandre Dulaunoy c23e4ff2c0
chg: [misp-taxonomies] updated to the latest version 2020-06-12 21:45:09 +02:00
chrisr3d f3e2eb7438
wip: [stix2 import] Importing external process indicators 2020-06-12 19:26:25 +02:00
chrisr3d 0e605d14af
wip: [stix2 import] Importing external url indicator based on the pattern mapping already implemented 
- tl;dr: We just took the parsed attributes and
  callled the appropriate function to handle the
  import case (attribute or object)
 2020-06-12 17:49:27 +02:00
chrisr3d f758a46408
wip: [stix2 import] Importing external user-account indicators 
- Also fixed some user-account and credential
  mapping dictionaries
 2020-06-12 17:21:18 +02:00
chrisr3d 52b6f6452c Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix 2020-06-11 19:31:46 +02:00
chrisr3d 3463c22ac6
fix: [stix2 import] Fixed external pattern parsing for pe section attributes 
- As an example, instead of storing the full
  pattern identifiers, like:
  "file:extensions.'windows-pebinary-ext'.section.name"
  we only store what is usefull (name) for the
  parsing part where we check the mapping dict
  to find the corresponding attribute type and
  object_relation
 2020-06-11 19:24:01 +02:00
Alexandre Dulaunoy 6bbe871769
chg: [misp-warninglists] updated to the latest version 2020-06-11 18:23:49 +02:00
chrisr3d 59b80617bd
fix: [stix2 import] Importing external vulnerabilities as single attribute or object depending on the case 
- In other words, we made available the import of
  vulnerabilities as single attributes when only
  a name is present in the STIX object
- Was only importing vulnerability objects before,
  which does not change if there is more than only
  the name within the STIX vulnerability object
 2020-06-11 14:15:51 +02:00
Andras Iklody 3cb9f4b83b
Merge pull request #5993 from JakubOnderka/pull-progress 
fix: [pull] Correct progress for pull job
 2020-06-11 11:42:22 +02:00
Andras Iklody c0d6f9a4dc
Merge pull request #6007 from imidoriya/2.4 
Fix issue #6006 - sgsids is never set
 2020-06-11 11:41:05 +02:00
deku 651adce333 Fix issue #6006 - sgsids never set 
This value is never set.  I expect it should be $sgids from the incoming function variable.
 2020-06-10 21:48:34 -04:00
chrisr3d 71eda03ad3
fix"[stix2 import] Fixed process observable objects parsing for STIX documents generated with MISP 
- Little typo and copy-paste issue
 2020-06-10 23:03:46 +02:00
chrisr3d 2df7415383
wip: [stix2 import] Parsing external process observable objects 
- Also changed parsing of process observable
  objects from STIX documents generated with MISP
  to apply the same logic to both use cases
 2020-06-10 22:42:17 +02:00
chrisr3d 636c1af4fc
wip: [stix2 import] Parsing external user_account observable objects 
- Mapping into credential or user-account MISP
  objects depending on the case
 2020-06-10 17:01:37 +02:00
chrisr3d 5a2fa2b3d7
wip: [stix2 import] Finally parsing properly external network traffic observable objects with their references and potential extensions 
- After struggling a lot on it, we ended up
  parsing external network traffic observable
  objects independently depending on the actual
  references they have or not
- Chosing this approach instead of the common
  parsing function handling the different use
  cases, we can parse each observable object
  depending on the case, and use common function
  then when we are sure we determined the actual
  situation
- We no longer start from a common function trying
  to determine the case using lots of tests, we
  already know which case it is and go to the
  common point afterwards
 2020-06-10 12:20:43 +02:00
chrisr3d a954e4183f Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix 2020-06-10 12:17:37 +02:00
Alexandre Dulaunoy ac6ed3235d
Merge pull request #5990 from cudeso/2.4 
Dashboard widgets
 2020-06-10 08:48:04 +02:00
Alexandre Dulaunoy be545bac6e
Merge pull request #6003 from GlennHD/patch-1 
Fixed typo
 2020-06-10 08:46:46 +02:00
chrisr3d bed26bc4d8
wip: [stix2 import] Network traffic references parsing function for further reuse 2020-06-09 23:59:46 +02:00
GlennHD 7c7787ec14
Fixed typo 
Fixed typo
 2020-06-09 16:55:54 -05:00
Koen Van Impe bb9674b480 Avoid us of extra variable treshold 2020-06-09 23:17:21 +02:00
Andras Iklody 23a2ad962d
Merge pull request #5999 from JakubOnderka/pull-all 
new: [cli] Command for pulling from all remote servers
 2020-06-09 10:37:20 +02:00
Jakub Onderka fdb7f1d78b new: [cli] Command for pulling from all remote servers 2020-06-09 10:19:22 +02:00
chrisr3d 5a4cc6a783
fix: [stix2 import] Removed unused variable that was used for debug purposes 2020-06-08 17:47:58 +02:00
chrisr3d 2c8bcd5087
wip: [stix2 import] Importing external autonomous system observable objects 2020-06-08 17:47:21 +02:00
chrisr3d 0f7b747057
fix: [stix2 import] Cleaner autonomous system observable import 
(for STIX documents generated with MISP)
 2020-06-08 17:46:21 +02:00
chrisr3d c41f2a4deb Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix 2020-06-08 16:51:26 +02:00
chrisr3d de114bb43c
fix: [stix2 import] Parsing timeline features on single attributes 
- As it is parsed for imported objects
- It adds timestamp, first_seen & last_seen values
  on single attributes accordingly
 2020-06-08 16:48:51 +02:00
chrisr3d 1a92beb6a5
wip: [stix2 import] Importing external x509 observable objects 2020-06-08 16:46:58 +02:00
chrisr3d 10943986e5
wip: [stix2 import] Importing mac-address external observable objects 
- Also changed the recently changed mutex import
  to reuse a function to parse all observable
  objects of an observed-data object at once to
  import single attributes
 2020-06-08 16:03:55 +02:00
chrisr3d e74f1cb846
fix: [stix2 import] Fixed email reply-to single attribute import 2020-06-08 15:42:41 +02:00
chrisr3d 6cc14251b9
fix: [stix2 import] Fixed payload_bin import into single MISP attribute 2020-06-08 15:31:12 +02:00
Andras Iklody deb268bce0
Merge pull request #5996 from JakubOnderka/bump-cake 
chg: [internal] Bump CakePHP to 2.10.22
 2020-06-08 13:27:03 +02:00
chrisr3d e62181d9f1
wip: [stix2 import] Importing external mutex observable objects 
- Also change on a function name for more clarity
  and to differenciate more easily functions for
  observable objects and patterns
 2020-06-08 13:08:06 +02:00
Jakub Onderka 91cb7cc299 chg: [internal] Bump CakePHP to 2.10.22 2020-06-08 12:55:27 +02:00
Andras Iklody a4963f167f
Merge pull request #5991 from JakubOnderka/drop-big-index 
chg: [internal] Drop correlations indexes
 2020-06-08 10:40:09 +02:00
mokaddem 44df9548b0
Merge branch 'decaying-v2' into 2.4 2020-06-08 08:27:50 +02:00
mokaddem a5e7e46cd4
Merge branch '2.4' of github.com:MISP/MISP into decaying-v2 2020-06-08 08:26:15 +02:00
mokaddem f75a0865df
chg: [decayingModel:listTaxoWithNumericalValue] Cleaner usage of 
uppercased tag
 2020-06-08 08:25:25 +02:00
Jakub Onderka b2c193c984 fix: [pull] Correct progress for pull job 2020-06-07 22:25:32 +02:00
Jakub Onderka 90498fa1e2 chg: [internal] Log exception if exception is thrown during event downloading 2020-06-07 20:25:39 +02:00
Jakub Onderka aab0dc75a9 chg: [internal] Drop correlations.{org_id,sharing_group_id,a_sharing_group_id} indexes 2020-06-07 19:16:33 +02:00
Jakub Onderka ad9a729ffe chg: [internal] Drop correlations.value index 2020-06-07 18:58:04 +02:00
Koen Van Impe 306eda5328 Dashboard widgets 
- Widget to display system resources (df, cpu, mem)
- Widget to display the latest sightings
- Widget to display the false positive sightings above certain treshold
 2020-06-06 16:17:21 +02:00
chrisr3d 32799d6d4c
wip: [stix2 import] Importing external registry-key observable objects 2020-06-05 19:00:35 +02:00
chrisr3d c18d65315c Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix 2020-06-05 18:59:46 +02:00
chrisr3d 81bb75ebd3
wip: [stix2 import] Updated external observable mapping: files with artifact & directory references 
- The parsing logic is already there since files
  with artifact references and files with directory
  references are supported. We just updated here
  the mapping dictionary
 2020-06-05 17:54:40 +02:00