iglocska
fc03a21ef7
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-07-17 07:06:52 +02:00
iglocska
064f266159
fix: [API] Attribute edit via uuid fails as non site admin, fixes #3487
2018-07-17 07:04:46 +02:00
Steve Clement
c761f78ee3
fix: [i18n] added missing %s
2018-07-14 23:52:55 +02:00
Steve Clement
112323f49a
Merge remote-tracking branch 'upstream/2.4' into 2.4
2018-07-13 15:26:56 +02:00
iglocska
fefc87ba66
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-07-13 12:09:06 +02:00
iglocska
71bb60a702
new: [Statistics] Added a new tab to the statistics showing the user/organisation additions over the past month/year
2018-07-13 12:08:29 +02:00
Steve Clement
c607729e18
chg: [i18n] More __();
2018-07-12 23:36:47 +02:00
Sami Mokaddem
225c34ef0b
Merge remote-tracking branch 'upstream/2.4' into sharingGraph
2018-07-12 14:47:14 +00:00
iglocska
248439f6fb
fix: [python3] Missed python3 call instead of python
2018-07-12 16:19:01 +02:00
iglocska
cbc09e4540
fix: [i18n] Added default language
2018-07-12 16:12:15 +02:00
iglocska
6b31fc6c2e
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-07-11 10:22:12 +02:00
iglocska
0d45dbc27a
new: [API] Check for malformed JSON requests
2018-07-11 10:16:19 +02:00
Sami Mokaddem
508c7a3b68
Merge remote-tracking branch 'upstream/2.4' into sharingGraph
2018-07-10 08:55:42 +00:00
Sami Mokaddem
692b410f92
chg: [eventGraph] refacto after comments from the Overmind
2018-07-10 08:43:38 +00:00
Andras Iklody
ad15ffa7ce
Merge pull request #3460 from kalyparker/fix-export-events-csv
...
fix: export events csv with CR (fix #3458 )
2018-07-10 09:28:22 +02:00
kalyparker
34f15268d2
fix: export events csv with CR ( fix #3458 )
...
Export using automation functionnality for ids does not clean the special char like CRLF.
When there is a carriage return in the event info, the csv is broken.
2018-07-09 08:58:12 -07:00
Sami Mokaddem
61cab26e18
Merge remote-tracking branch 'upstream/2.4' into sharingGraph
2018-07-09 12:14:20 +00:00
Sami Mokaddem
eb1b8bcba5
chg: [attackMatrix] support of quick tagging from the attackMatrix at
...
event view level
2018-07-09 09:55:17 +00:00
iglocska
f48adaf2bc
fix: [API] Removed unused optional field from the organisation API descriptions.
2018-07-09 00:45:04 +02:00
iglocska
f89d6ba582
fix: [performance] Changed regex clean all function to work in a chunked fashion
2018-07-07 21:30:50 +02:00
Sami Mokaddem
b7a16803f3
chg: [appController] bumped query version
2018-07-06 14:48:14 +00:00
Sami Mokaddem
159feba4ea
Merge remote-tracking branch 'upstream/2.4' into sharingGraph
2018-07-06 14:20:14 +00:00
Sami Mokaddem
4903a54397
chg: [eventGraph] removed useless comments and checks
2018-07-06 13:44:52 +00:00
Sami Mokaddem
b6dc678084
fix: [eventGraph] fix validation and Model class name
2018-07-06 13:26:08 +00:00
Sami Mokaddem
75dd257941
chg: [eventGraph] renaming EventNetworkHistory into simply EventGraph
2018-07-06 13:17:59 +00:00
iglocska
f83d799c5a
fix: [cleanup] Removed duplicate line, fixes #3448
2018-07-06 13:55:32 +02:00
Sami Mokaddem
f836b5650e
Merge remote-tracking branch 'upstream/2.4' into sharingGraph
2018-07-06 09:23:50 +00:00
Sami Mokaddem
e1c9b21b8e
chg: [ACL] bumped to reflect networkHistory controller
2018-07-06 09:12:26 +00:00
Sami Mokaddem
46ecaff0f2
chg: [eventGraph] fixed img_preview size, catch keyboard inputs and
...
removed useless function
2018-07-06 09:10:17 +00:00
Sami Mokaddem
b200b1d02f
new: [eventGraph] added network preview feature
2018-07-06 08:58:25 +00:00
iglocska
8d567782d9
chg: [cleanup] Removed the deprecated GFI sandbox import
...
- Burn the heretic. Kill the mutant. Purge the unclean.
2018-07-06 10:57:44 +02:00
Sami Mokaddem
f45e49e451
chg: [eventGraph] Usage of fetchEvent function, refacto + sorting on
...
creation date + disabling button if user is not authorized to
save/delete/.. the network
2018-07-06 07:39:48 +00:00
iglocska
5ba322076b
chg: [refactor] Fixed an issue where too many events would cause a query too large for mysql to handle when querying /events/index via the API, fixes #3444
2018-07-05 18:52:25 +02:00
Sami Mokaddem
03a7ee6f9c
chg: [eventGraph] only networkHistory user creator can delete its
...
saved network
2018-07-05 13:15:05 +00:00
Sami Mokaddem
93ba5617ea
chg: [eventGraph] Implemented saving/deleting feature
2018-07-05 11:57:28 +00:00
Dawid Czarnecki
124640ce78
chg: Case insensitive sort of organisation list
2018-07-05 11:09:13 +02:00
iglocska
73c18f8833
new: [API] Updated the timestmap handling in the restSearch APIs to use the new smart-system
2018-07-04 15:53:01 +02:00
iglocska
20c00a33be
new: [galaxies] Force update galaxies and update improvements in general
...
- passing /1 to the galaxy update function now forces updates on all clusters
- performance improvements
2018-07-04 13:08:47 +02:00
iglocska
c3158b50ba
new: [edit strategy API] To support a smoother integration with the Hive, new API that describes what the edit strategy is for an event
...
- GET on /events/getEditStrategy/[id]
- where id can be either a local ID or a UUID
- returns a JSON dictionary with the following fields:
- strategy: edit | extend (edit if it's an own event, extend otherwise)
- extensions: list of dictionaries with existing extensions created by the user's org (containing the id, uuid, info fields)
- The algorithms implementing this should prioritise as such:
1. Check if user can edit the event (strategy == edit) - if yes, edit
2. If no, check if extensions exist - if yes, edit one of those
3. If no, create a new extension to the original event
2018-07-02 17:29:53 +02:00
iglocska
d428f47655
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-07-02 16:57:35 +02:00
iglocska
59b17b5af6
new: [sync] Added flag to avoid using the proxy
...
- in some cases you have internal sync between instances in which case going through the proxy is silly
2018-07-02 16:56:50 +02:00
Alexandre Dulaunoy
e8d8d80aba
chg: [PyMISP] released as 2.4.93
2018-07-01 18:26:06 +02:00
iglocska
09e68880c5
fix: [CSRF] Don't run the CSRF form protection on the attribute search
2018-06-29 13:06:27 +02:00
Sami Mokaddem
04caa5056a
new: [eventGraph] SharingGraph: added skeleton of Model/Controller for
...
saving and sharing the network among organisations (+ javascript
interaction functions)
2018-06-28 07:49:17 +00:00
iglocska
81c0fc2279
new: [API] Added unsafe URL parameter to authenticate users
...
- for legacy tools that cannot pass headers in HTTP requests for some insane reason
- Needs to be enabled by a site admin - default is that it is disabled
- MISP's diagnostic tool WILL complain if this is ever enabled
2018-06-27 14:25:40 +02:00
iglocska
67d074ea63
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-06-24 08:32:05 +02:00
iglocska
eb7901c882
fix: [UI] fixed Event lock breaking the restoration of soft deleted attributes
2018-06-24 08:31:19 +02:00
iglocska
4bff6092e5
fix: Correlation popup format
2018-06-23 23:59:34 +02:00
Sami Mokaddem
6637d19e46
fix: bump query_version and updated queryACL
2018-06-22 13:37:49 +00:00
Sami Mokaddem
05a56a3048
fix: [attackMatrix] only return the result for the last attached galaxy
...
If a galaxy is already attached, just skip the message.
(The return value is a string, we don't want to compare the string value for
each galaxy to be attached)
2018-06-22 12:16:12 +00:00
Sami Mokaddem
062a303cc7
Merge branch '2.4' of https://github.com/MISP/MISP into attackMatrix
2018-06-22 12:02:17 +00:00
iglocska
72050ec5ea
fix: [UI] Fixed a bug with galaxies not being addable
2018-06-22 12:08:26 +02:00
Sami Mokaddem
4730938e5f
new: [attackMatrix] Skeleton of multiple galaxy picking
2018-06-22 09:56:31 +00:00
iglocska
0241ddc0fa
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-06-22 09:35:38 +02:00
iglocska
2aaf2c54c4
chg: [diagnostics] Make the STIX diagnostics a bit less cryptic
2018-06-22 09:34:56 +02:00
Sami Mokaddem
925a1dd3fa
chg: [attackMatrix] ATT&CK Tactic is put at the top when picking
...
galaxies and is shown in All namespace mode
2018-06-22 05:56:31 +00:00
iglocska
6ffacc1e23
fix: [security] Brute force protection can be bypased with a PUT request
...
- fixes an issue where brute forcing the login would work by using PUT requests
- as reported by Silver Saks from CCDCOE
2018-06-21 15:48:32 +02:00
iglocska
437793a65f
fix: Fixed a bug where users couldn't add galaxies after paginating/filtering on event attributes
2018-06-21 09:07:38 +02:00
iglocska
1bafccf30a
fix: Fixed broken correlation toggle on the event view
2018-06-21 06:05:09 +02:00
iglocska
c721142f9b
fix: [sync] pull not working due to invalid lookup against galaxies
2018-06-20 17:03:31 +02:00
iglocska
505cccdbaf
fix: [error messages] made some of the error messages a bit more uniform
2018-06-20 15:12:23 +02:00
iglocska
a930fdeaeb
new: [i18n] Added tools to switch between languages via the server settings
2018-06-20 15:11:43 +02:00
iglocska
214df94bda
chg: [i18n] Made the strings more i18n friendly across the application
2018-06-20 12:56:53 +02:00
iglocska
13c144b962
fix: [galaxies] Fixed query causing MYSQL errors due to group by not containing a silently loaded field
2018-06-20 11:33:45 +02:00
iglocska
381a4b8895
fix: Don't require API users to acept the terms / change password to get going
...
- to get the API key they need to log in anyway via the interface
2018-06-20 07:55:04 +02:00
iglocska
87c152d9f3
fix: Use common code-path for user init via the login page and the CLI
...
- also, be consistent with initial settings
2018-06-20 07:32:52 +02:00
Sami Mokaddem
e3988c73ad
new: [attackMatrix] Also consider attack galaxy at event level in the
...
heatmap
fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendTool
2018-06-18 14:51:29 +00:00
Sami Mokaddem
1f685bf625
fix: [attackMatrix] added missing entries in ACL component
2018-06-18 12:21:45 +00:00
Sami Mokaddem
3a27009775
Merge remote-tracking branch 'upstream/2.4' into attack
2018-06-18 12:18:31 +00:00
Sami Mokaddem
929946f055
new: [attackMatrix] added instance UUID in rest response
2018-06-18 12:04:38 +00:00
Sami Mokaddem
8d145086f0
new: [attackMatrix] statistic about attack tags used in the instance
...
chg: [attackMatrix] moved functions in to model and matrix view into elements
2018-06-18 09:58:20 +00:00
Sami Mokaddem
4785400228
fix: [attackMatrix] cluster ATT&CK Tactic is shown in Mitre namespace
...
only
2018-06-15 13:14:45 +00:00
Sami Mokaddem
bc156ab13a
new: [AttackMatrix] added Mobile/Pre-Attack Matrix support, UI
...
improvements and code refacto
2018-06-15 09:19:53 +00:00
iglocska
5d925cbf96
fix: [bug] Endless loop when terms are not accepted / password not reset fixed, fixes #3336
2018-06-12 22:41:57 +02:00
iglocska
3e5e432436
fix: Fixed permission check for adding tags to an event
2018-06-12 17:01:54 +02:00
iglocska
1a980185d4
fix: [ACL] added new functions to the ACL
2018-06-12 16:39:08 +02:00
Sami Mokaddem
95e694f054
fix: [AttackMatrix] picking Att&ck tactic correctly redirect on the
...
matrix
2018-06-12 14:25:43 +00:00
iglocska
ac0663862f
chg: [version bump] querystring bumped
2018-06-12 16:10:49 +02:00
iglocska
48feb7b7d2
new: [functionality] Kick user out if the session is expired instead of only doing it on a page load
2018-06-12 16:09:50 +02:00
iglocska
5b16dda5fa
fix: [bug] invalid function call for the event lock via the objects controller
2018-06-12 16:08:32 +02:00
Sami Mokaddem
6c8bdeaff6
chg: [attackMatrix] Restrict view to be ajax only
2018-06-12 13:16:23 +00:00
Sami Mokaddem
635d1fcc5d
new: [GalaxyPicking] Choose the galaxy namespace first before showing
...
related galaxies
2018-06-12 13:11:29 +00:00
Sami Mokaddem
5f36725ede
new: [attackMatrix] Ability to attach Mitre att&ck galaxy from the
...
matrix
2018-06-12 12:39:48 +00:00
iglocska
6890b734cc
new: [UI/UX] Event lock initial version
...
- Show if another user is editing the event you're viewing (same org only)
2018-06-12 09:40:23 +02:00
chrisr3d
009dac1e43
add: [Diagnostic] Added maec python library requirements
2018-06-11 16:27:13 +02:00
Sami Mokaddem
34c69d00e2
fix: [eventView] Hide galaxy tags after search
2018-06-11 14:05:45 +00:00
Sami Mokaddem
5d8c2ccf5e
new: [attackMatrix] legend scale of the heatmap with dynamic updates
2018-06-11 10:24:55 +00:00
Sami Mokaddem
4fdf7f6340
new: [attackMatrix] force kill chaine header order
2018-06-08 14:28:42 +00:00
Sami Mokaddem
775001f2cc
new: [attackMatrix] addition of heatmap on tiles depending on occurence
...
of the tag
2018-06-08 14:16:40 +00:00
iglocska
e3eb71b29a
new: [ACL] Added new role permission: publish_zmq
...
- permission flag to use the "publish to ZMQ" button
2018-06-07 17:52:01 +02:00
Sami Mokaddem
cd0d75a4c6
new: Initial skeleton of Mitre attack matrix
2018-06-07 14:43:04 +00:00
Raphaël Vinot
4ee0e8dced
chg: Bump PyMISP version.
2018-06-07 12:12:29 +02:00
iglocska
1917ebd096
Merge branch 'deadlockfix' into 2.4
2018-06-05 18:07:06 +02:00
iglocska
ed09fdedbf
new: [performance] Made the deadlock fix optional
...
- old behaviour by default or if the setting is disabled
- new behaviour with non transactional attribute add / correlation add
2018-06-05 18:06:02 +02:00
iglocska
043c74beaf
chg: [API] Adding a tag will no longer throw exceptions if the tag already exists
...
- instead the existing tag is returned for further reuse along with a HTTP code of 200
2018-06-05 17:52:08 +02:00
iglocska
e3c8f80421
new: batch delete should hard delete if event hasn't been published yet, fixes #3311
2018-06-05 17:50:26 +02:00
iglocska
020157df00
new: [API] objects/add now supports uuids and the version number
...
- API: /objects/add/[template_id]/[version]
- template_id can be a UUID
- version is an optional parameter to select the specific version of a template if searching by uuid
2018-06-05 16:30:26 +02:00
iglocska
755e0c3b34
fix: [object references] Object references can be added to deleted objects/attributes, fixes #3312
2018-06-05 15:35:26 +02:00
iglocska
feadeb3ae9
fix: [cleanup] Removed non-sensical line
2018-06-02 23:23:55 +02:00
iglocska
a2746418ae
fix: Allow updateDatabase to accept numbers
2018-05-31 14:39:28 +02:00
iglocska
ba5b5447f4
fix: Added missing lookup for pymisp versions via the diagnostics
2018-05-31 14:34:00 +02:00
iglocska
4e41aa940c
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-05-27 23:34:58 +02:00
iglocska
2ed4ecec02
new: Stricter validation of baseurl when coming via the API tool
2018-05-26 06:55:28 +02:00
iso
215a61895d
Remove leading tab
2018-05-26 01:15:55 +09:00
iglocska
008ef4fa35
fix: [API] Add object request has been black-holed. #3271
...
- blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
2018-05-23 11:11:35 +02:00
iglocska
e631025dac
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-05-23 10:34:47 +02:00
iglocska
9ffd05e57d
fix: [API] Add object request has been black-holed. #3271
...
- blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions
2018-05-23 10:33:40 +02:00
iglocska
d644d9411d
fix: [API] Fixed a black hole on API actions via the Objects controller, fixes #3271
...
- Blanket disabling the security component due to the changes in cakePHP for API requests had the side effect that explicit security component stance changes would lead to exceptions
2018-05-23 10:31:09 +02:00
Andras Iklody
093bfc47fe
Merge pull request #3267 from mokaddem/issue_3247
...
fix: [UI filtering] be sure that '0' is not interpreted as empty.
2018-05-22 16:24:17 +02:00
iglocska
37b856d60a
fix: Invalid flash message fixed when editing an attribute
...
- was showing an error on success
2018-05-22 16:18:13 +02:00
Sami Mokaddem
00ec493414
chg: [UI Filtering] Do not set searchFor in the URL if no value.
...
After a discussion with iglocksa, it is better to fix it js side than
server side.
2018-05-22 14:16:27 +00:00
Sami Mokaddem
4d39d3296a
fix: [UI filtering] be sure that '0' is not interpreted as empty.
2018-05-22 13:49:03 +00:00
iglocska
6ad4a16718
fix: potential fix for the deadlock issue addressing #3264
...
- This will mean a performance hit for correlations / adding attributes in general, but let's see how it goes
2018-05-22 13:56:46 +02:00
iglocska
5780d0c5d8
fix: [UI filtering] Attribute quick filter broke all the tabbed filters, fixes #3247
2018-05-22 11:29:17 +02:00
iglocska
1dae56527f
fix: Fixed editing servers to add a server certificate not saving said certificate
2018-05-18 10:03:50 +02:00
iglocska
2b2a0c25a4
fix: Various fixes to the add feed action/view
2018-05-17 10:03:26 +02:00
iglocska
a21fcadd94
fix: Ignore camelised vs underscored controller name differences in the ACL
2018-05-17 09:39:15 +02:00
iglocska
c6957ad121
fix: Fixed some issues with the new notifications
2018-05-16 19:56:12 +02:00
iglocska
68b8266584
new: New flash message system, fixes #3252
...
- 3 types of flash messages (success, error, warning)
- uses bootstrap's own classes/structure
2018-05-16 19:32:38 +02:00
iglocska
dc57eee534
fix: Fixed invalid org lookup on the attribute index resulting in some notices thrown
2018-05-16 13:39:29 +02:00
iglocska
645d996c14
new: Remove galaxy cluster information from the sync mechanism for now
...
- currently galaxy clusters aren't shared anyway, no point in blowing up the data size / processing time
2018-05-15 07:44:37 +02:00
iglocska
d49a190f99
fix: Version bump
2018-05-14 23:22:35 +02:00
iglocska
2be71c596c
version bump
2018-05-14 23:22:18 +02:00
iglocska
962461890c
new: Added attribute level galaxy clusters
2018-05-14 23:20:09 +02:00
iglocska
5acfac3539
fix: Some cleanup
2018-05-12 17:26:16 +02:00
iglocska
74e77b0511
chg: [API] Attaching a tag to an object no longer throws an exception if the tag already exists, fixes #3245
...
- just emits positive vibes by saying that no changes had to be made
2018-05-11 09:00:46 +02:00
iglocska
abd745ce16
chg: [debug] Added debug of failed mass edits to returned JSON
2018-05-10 12:19:05 +02:00
iglocska
db7419c96e
fix: Don't lowercase the controllername for the ACL Component
2018-05-10 11:55:10 +02:00
iglocska
fefe92bde8
new: [Export] Added a secondary CSV export that includes more context to the UI download tool
2018-05-09 14:10:23 +02:00
iglocska
e1721e0177
fix: [ACL] Made the ACL system's behaviour more lax when it comes to capitalisation mistakes in the URL, fixes #3240
2018-05-09 13:23:30 +02:00
iglocska
42d86d7b18
fix: [API] Tightened the disabling of the security component to counter the effects of cakephp 2.10.x
2018-05-09 13:08:42 +02:00
iglocska
39f66eb868
fix: Restart the workers due to the new cakephp version causing issues
2018-05-09 09:15:18 +02:00
iglocska
776084130f
fix: Remove form tampering for REST requests
...
- makes MISP compatible with 2.10.x
- No point in running the security component's test since no form is submitted via REST anyway.
2018-05-08 18:50:27 +02:00
iglocska
436c9c9a01
fix: Fixed broken objects/edit
2018-05-08 14:07:40 +02:00
iglocska
3c33d82244
fix: Fixed object add
2018-05-08 14:00:19 +02:00
iglocska
c01f2d54f0
chg: Allow /objects/edit/id to accept a UUID instead of a local ID
2018-05-08 11:33:36 +02:00
iglocska
d49e3cb83f
fix: Handle no template being passed to objects/add correctly
2018-05-08 09:44:04 +02:00
iglocska
b325a5d2a4
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-05-08 07:52:32 +02:00
iglocska
14c46b11c0
Merge branch 'smallfixes' into 2.4
2018-05-08 07:41:05 +02:00
Sami Mokaddem
680311f68f
chg: [Controllers] sets the ajax variable globally
...
As well as removing useless set in controllers and accessing it instead
of passing through the request.
2018-05-07 14:44:59 +00:00
Sami Mokaddem
36fc897e71
fix: [CorrelationGraph] set the undefined ajax variable when pivoting from a taxonomy tag / galaxy cluster in fullscreen
2018-05-07 13:53:38 +00:00
iglocska
05cf0563e1
new: First implementation of the Noticelist system ready
2018-05-07 10:43:21 +02:00
iglocska
13e407fd7c
new: added noticelist view
2018-05-07 06:36:56 +02:00
iglocska
2f8686aec3
fix: Don't redirect users to terms page if no terms page is set
2018-05-06 22:42:21 +02:00
iglocska
5b1689071d
new: Noticelist system added
2018-05-05 23:04:10 +02:00
iglocska
eef8279c40
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2018-05-04 12:37:07 +02:00
iglocska
5e77af9cb0
fix: Fixed a bug that prevented servers from being added
2018-05-04 12:36:33 +02:00
Sami Mokaddem
a3d6fb3497
chg: [EventController] replaced if/else by ternary condition
2018-05-04 06:32:59 +00:00
Sami Mokaddem
507cd0ee85
chg: Trying not to break the MVC pattern
...
Server model is not passed to the constructor anymore, as well as the
Organisation model.
2018-05-04 06:27:54 +00:00
Sami Mokaddem
6d476814b0
Merge remote-tracking branch 'upstream/2.4' into distributionGraphDonut
2018-05-03 13:52:40 +00:00