- sometimes the URLs are inconsistent in links within MISP (/shadowAttributes vs shadow_attributes)
- the URL generation now takes both cases into consideration
- Removed the OpenIOC Indicator UUID persistence and moved it to a comment
- this allows for the same OpenIOC report to be imported into separate events and won't result in a UUID collision
- Reworked the composite indicator resolver
- more generic, allows for 3 part composites (to allow for regkeypath/regkey/regvalue combinations)
- Registry values now correctly recognised
- Fixed an issue with the new UUID generation method call in OpenIOC
- Fixed an invalid validation check on the salt key
- Added a note on the server page to make it more obvious that values can be changed by double clicking them
Merge and upgrade of several new features
Conflicts:
VERSION.json
app/Controller/ShadowAttributesController.php
app/Controller/TagsController.php
app/Model/AppModel.php
app/Model/Event.php
app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php
- Added logging of failed login attempts
- Added (optional) logging of successful authentications
- admin setting that has to be enabled
- will log all API calls (both HTTP method and target url)
- optional logging of user IP address for all logs
- each log entry created while this setting is enabled will log the IP address of the client
- disabling it also hides the IPs from the interface
- added new IP field for the log search (only if enabled)
Merging all the new changes from master
Conflicts:
VERSION.json
app/Console/Command/AdminShell.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Log.php
app/Model/Server.php
app/Model/User.php
app/View/Elements/side_menu.ctp
app/View/Pages/administration.ctp
app/View/Users/admin_index.ctp
- OpenIOC import now correctly sets IDS flags based on type
- OpenIOC import specifies the source file in the comments
- Fixed a blackhole issue with the password reset popups
- added support for SHA types
- fixed an issue that caused the import to fail with duplicate attributes (the list gets pruned now)
- fixed an issue where no supplied contextual fields would lead to empty attributes being created
- removed the requirement for the files to have the .ioc extension
- STIX export had 2 issues as pointed out by RichieB2B:
- Incorrect name assigned to incidents due to copy-pasta fail
- Historyitems incorrectly handled
- For the OpenIOC import:
- Mapping DnsEntryItem/Host to hostname
- Mapping of hostnames to Network activity failed due to incorrect capitalistion
- Temporarily removed the ignore function on certain indicators. Ignoring an element in an AND-ed branch happens without a pruning of the element IDs
Andreas Ziegler