- you can now upload a certificate file and allow a server link to use a provided self signed certificate. This should solve the issues that some organisations are having when trying to connect their instances
- Valid renamed to Published on the event index
- Attributes that are flagged as IDS signatures are now shown with a (IDS) notation at the end of the line in the alert e-mail
- fix to the creator of a proposal being able to also accept it
- new attributes are now shown in the e-mail denoted by a * when an event is republished
- the date of an attribute's creation is shown
- attributes in the event view now show the date when they were added / modified
- the alert e-mail now shows which attributes are new since the last commit
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
- added scheduler to the export caching
- site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
- started work on scheduling
- view to add scheduled tasks (still needs work)
- moved cache job bulk-code to the job model from the controller
- bootstrap timepicker
- fixed an issue where a blacklisted value added through uloadattachments would break the import
- fixed the distribution level of attributes created by the GFI import always being your org only
- removed registry attributes that do not contain a malware sample or a dropped file in the value
- fixed a set of regular expressions dealing with the sanitisation of user names that would fail on user names consisting of more than one word
- added a few regular expressions
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap
Conflicts:
app/Controller/AppController.php
app/Controller/EventsController.php
- Event.risk has been replaced by Event.threat_level_id.
all functionality remains the same and users should not see
any difference.
ENUM() used for Event.risk is vendor specific and requires
too many hacks to play nicely with bake.
- Added default schema file, SQL dumps should be avoided since
they make updating/upgrading a pain.
- Removed old unused schemas
- adds JSON example to shell scripts
- adds sample JSON event
- ??? for some redundant Attribute model conditions
- updates travis with CakePHP installation
- some changes to remove strict messages caused by an update to cakephp
- added missing changes to the sql files - all changes from the merge are reflected in ROLECHANGE.sql, import that to upgrade your instance!
- Also some improvements to the shadow attributes
- some minor UI changes
Conflicts:
app/Controller/EventsController.php
app/View/Elements/global_menu.ctp
app/View/Layouts/default.ctp
- ADMIN org removed.
- Siteadmins are now identified by the perm_site_admin flag
- Siteadmins can now be of any organisation
- editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role
- Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin
- If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created)
- Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
sha256, http-method, named-pipe and mutex added to the
shadow attributes. Fixing #170
This is not solving the core issue of having duplicate
attributes declaration in MISP but this is fixing the
consistency issue between attributes and shadow attributes.
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user
- IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql)
- This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition
- The default value for locked is 0, and all events created on the instance should be set to this value
- events that were synced from another instance should have their locked value set to 1
- this script checks for local organisations and sets the locked field to 1 for all events not created by them
- a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user.
- The script is only accessible by site admins and will return a notification about the number of events altered.
The attribute HTTP method added. By default, the values
must match the known HTTP method from RFC2616, RFC2518,
RFC3253, RFC3648, RFC3744, RFC5789, RFC5323. The method
is case sensitive.