MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,716 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

41 Commits (92a07b01a4eebfa623699db6b30083551de40b25)

Author SHA1 Message Date
Jakub Onderka 507e07b868 chg: [export] Fix notice in NISD export 2024-01-27 17:07:36 +01:00
Jakub Onderka 5f8d979877 chg: [export] NidsExport code cleanup 2024-01-27 16:06:31 +01:00
Jakub Onderka 098d95545b fix: [export] Skip empty objects 2022-09-27 08:45:27 +02:00
Jakub Onderka 948c6f2b0a chg: [internal] Mark NidsExport class as abstract 2022-09-22 14:44:58 +02:00
Johannes Bader e6d039ede8 fixes issue 6379 2022-08-11 17:48:18 +02:00
Sami Mokaddem 4ab4121d05
Merge remote-tracking branch 'origin/develop' into emmekappa86-feature-snort-rule-from-network-connection 2022-06-29 12:37:50 +02:00
Johannes Bader 27e6c60b89 Fixes issue #6379 
The NIDS export creates two rules for attributes with type 'email' (a
src and dst rule). However, the same SID was used for both rules. Since
SIDs must be unique for a ruleset, this will be logged as an error by
Suricata and the rule is not loaded (see issue #6379).

This fixes the issue by incrementing the SID before creating the second
email rule.
 2022-06-07 21:23:02 +02:00
Marco Caselli 653fe1c901 Fixed indentation 2021-10-01 11:21:49 +02:00
Marco Caselli 0180da6b57 Fixing mistake ("data" -> "event") 2021-10-01 11:17:02 +02:00
Marco Caselli a04694a5b4 Code polishing 2021-09-15 12:59:19 +02:00
Marco Caselli e71e46c118 fixes + ddos object handling 2021-09-15 12:34:26 +02:00
Marco Caselli 3e88fe35d7 new: update to handle network connection objects 2021-06-22 08:18:56 +02:00
Alex Resnick 8519f0c968 #6355 Create JA3 Hash Suricata Rules 2020-12-11 08:07:57 -06:00
iglocska 34d186a2dc
chg: [nids] added email type 2020-09-03 12:05:00 +02:00
garanews 85c28ce36e Fix some typo 
Fix some typo
 2019-10-04 13:02:59 +02:00
Richard van den Berg 9da8ed86c5 Fix errors on NIDS export when whitelist is empty 2019-07-17 12:46:43 +02:00
Richard van den Berg 22cc03bb23 Match EDNS packets with snort rules 2019-05-17 14:34:18 +02:00
iglocska 2e7dfc9273 new: [API] Correctly handle objects in flat exports and exposed text export to event level search 2018-09-14 14:34:01 +02:00
iglocska 7c3ddacd1e new: [API] NIDS exports now correctly support event and attribute level exports 
- also, suricata/snort rules now include both the event and the attribute tags in the metadata
 2018-09-03 17:50:08 +02:00
iglocska a000d86f85 new: [API] Made the NIDS export compatible with the new API 2018-08-30 21:56:00 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
Andras Iklody eef8b55120 Merge pull request #2128 from deloittem/2.4 
Snort attribute generation rule now contains the initial msg field
 2017-05-09 10:46:47 +02:00
Ángel González 926895733b Cosmetic changes 
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
 2017-05-08 00:45:57 +02:00
deloittem 5c2bc871ca Update rule generation for attribute snort: generated rule now contains the initial snort rule msg 2017-04-10 15:57:33 +02:00
Mathieu Deloitte 47bcd264e2 Manage the new attributes IP-SRC|PORT and IP-DST|PORT when exporting NIDS rules 2017-03-22 16:19:32 +01:00
Mathieu Deloitte 59df951071 Only display the tag name if the array contains values (depending if the tag is exportable or not) 2017-03-09 08:48:22 +01:00
Mathieu Deloitte 27b2effffd Add the attribute tags to the msg field (Suricata rule) to sort easier the raised alerts 2017-03-08 15:04:45 +01:00
Mathieu Deloitte 98864fb82e NidsSuricataExport refactoring for attribute *URL* 2017-02-08 14:12:30 +01:00
Armins 4c67f0a2c8 Added fast_pattern 2016-12-07 18:07:12 +02:00
Iglocska 7e75aafc22 fix: Added domain|ip to nids exports 2016-11-09 17:08:06 +01:00
Andreas Ziegler 4b8a82098d chg: replace 4 spaces after tab by double tab 2016-09-05 00:45:51 +02:00
iglocska d85fd0d813 fix: Fixed a newly introduced bug that breaks the NIDS exports, as referenced in #1489 2016-09-01 14:44:03 +02:00
iglocska 8f528ae881 fix: Removed incorrect uses of pass by reference, fixes #1472 2016-08-24 09:50:19 +02:00
Andreas Ziegler c1eda1e04b remove single spaces after tabs 2016-06-04 01:54:19 +02:00
Andreas Ziegler dc0974a55b misc cleanup 2016-05-21 05:10:49 +02:00
Iglocska 684be69ed0 Incremental export generation for HIDS and NIDS exports 
- Instead of fetching all events at once for the export, events are fetched one by one
- Greatly reduces memory footprint (It mostly depends on the event with the most eligible attributes now, instead of the combined list of all events)
- Because of the lower memory usage, the time taken for the export is also slashed to a fragment of what it was before
 2015-07-20 16:25:16 +02:00
iglocska b178358f2a Default config.php added 2014-09-10 11:48:48 +02:00
Christophe Vandeplas f4e6e3fb12 regex bugfix in the ids export + suricata export using dns keyword 2014-07-29 14:28:34 +02:00
iglocska 22c8105f58 Mass replace replace of the old CyDefSig name to MISP - fixes #82 2014-02-05 15:01:26 +01:00
iglocska 50f3fa40d0 Merge branch 'develop' into feature/CakeResque 
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap

Conflicts:
	app/Controller/AppController.php
	app/Controller/EventsController.php
 2013-12-04 11:58:01 +01:00
iglocska 48383fe25b Next version of exports done 2013-11-19 11:03:30 +01:00