MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
24,128 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

6346 Commits (a41a438290e3126ee4bcfbcfaec49c89036e4853)

Author SHA1 Message Date
iglocska a41a438290
fix: [acl] fixed for taxii servers 2023-06-08 10:50:31 +02:00
iglocska a752d29e03
new: [taxii preview] Browse a taxii server and view the data it contains 
- browse collections
- browse contents of the individual collections and paginate through the data
 2023-06-07 14:31:58 +02:00
Christophe Vandeplas 27ece6afba fix: [AuthKeys] improve readability of add ACL 2023-06-04 09:25:19 +02:00
Christophe Vandeplas d056b8dceb fix: [AuthKey] Cleanup AuhKey permissions fixes #9121 2023-06-04 09:14:11 +02:00
Christophe Vandeplas 132afb7321 fix: [Users] fixes column not found Role.perm_site_admin 2023-06-04 08:18:52 +02:00
Christophe Vandeplas b2bb4f817b fix: [security] Org admins cannot delete site admin accounts see #9121 2023-06-04 07:01:29 +02:00
iglocska 8d596784e3
fix: [privileges] only site admins can remove totp for a user 
- leads to potential privilege check circumvention otherwise (org admin deleting site admin's totp key)
- also, removal should be a nuclear option
 2023-05-31 15:12:54 +02:00
iglocska 3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added 
- without the login the update doesn't execute - chicken & egg issue
 2023-05-31 15:11:51 +02:00
Christophe Vandeplas cb74ad507f chg: [security] OTP support for HOTP 2023-05-25 23:28:14 +02:00
Christophe Vandeplas afbb9fab95 chg: [security] TOTP anti-bruteforce support 2023-05-25 21:12:07 +02:00
Christophe Vandeplas 6311f7d3e6 Merge branch 'develop' into feature/totp 2023-05-25 20:53:06 +02:00
Jakub Onderka 3acccf9875
Merge pull request #8830 from JakubOnderka/access-log-enhancement 
Access log enhancement
 2023-05-24 13:38:06 +02:00
Jakub Onderka 2e753abea1 chg: [internal] Use less memory when encoding big JSON responses 2023-05-24 09:56:43 +02:00
Jakub Onderka 44738e4382 chg: [UI] Show user agent in title in access log 2023-05-24 09:56:43 +02:00
Jakub Onderka 90d7d66ee6
Merge pull request #8906 from JakubOnderka/fix-missing-user-id 
fix: [internal] Missing user_id field for event when editing shadow attribute
 2023-05-24 09:55:24 +02:00
Jakub Onderka b9902618eb
Merge pull request #8909 from JakubOnderka/fix-notice 
fix: [internal] Undefined index for invalid request
 2023-05-24 09:53:50 +02:00
iglocska 7a3b8617eb
Merge branch '2.4' into develop 2023-05-23 10:48:09 +02:00
iglocska a94777231b
fix: [templates controller] remove CSRF protection from the rearranging 
- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care
- removes the annoying blackholing for the drag and drop
 2023-05-23 10:46:54 +02:00
Christophe Vandeplas a5f5a4e113 chg: [user] log last_api_access hourly if MISP.store_api_access_time is not set 2023-05-21 20:12:44 +02:00
Christophe Vandeplas acb258cc52 chg: [security] User index inactive user filter 2023-05-21 19:29:56 +02:00
Christophe Vandeplas c5483cf4b5 fix: [cleanup] removes some TODO messages #103 2023-05-21 10:09:05 +02:00
Christophe Vandeplas dbf827f536 fix: [feeds] fix missing variable for view 2023-05-21 08:49:33 +02:00
Christophe Vandeplas e90083020f chg: [security] Require TOTP and QR code lib for TOTP secret creation 2023-05-20 10:26:45 +02:00
Christophe Vandeplas 8e370fa6f0 chg: [security] TOTP event logging 2023-05-20 10:13:56 +02:00
Christophe Vandeplas dac7aaf7d6 chg: [security] Disallow creation of TOTP token if LinOTP is enabled 2023-05-20 09:20:36 +02:00
Christophe Vandeplas 81db5958d9 chg: [security] Allow enforcement of TOTP 2023-05-20 08:56:40 +02:00
Christophe Vandeplas 856a9e4b4c chg: [security] admins can delete user TOTP 2023-05-20 08:05:48 +02:00
Christophe Vandeplas 61573392ea chg: [security] allow creation of TOTP token 2023-05-19 20:56:52 +02:00
Christophe Vandeplas 6caccac94d new: [security] TOTP authentication 2023-05-19 06:57:16 +02:00
Jakub Onderka 2f1d56509c chg: [internal] Code cleanup for galaxy import 2023-05-17 13:56:17 +02:00
iglocska 9f5e49995a
Merge branch 'new_widgets' into develop 2023-05-16 14:12:59 +02:00
iglocska 712321eb81
new: [dashboard templates] show which modules will be visible to the given user 2023-05-16 14:04:32 +02:00
iglocska a60202d9d1
fix: [junk removed] removed accidentally inserted characters 
- fell asleep on the keyboard?
 2023-05-16 13:41:44 +02:00
iglocska 9e763ba0e5
new: [auth] log api key usage in redis 
- lightweight per day slice of api key use
- built as a ranked set in redis for the dashboards
 2023-05-16 13:39:31 +02:00
Raphaël Vinot 1d53868c99 chg: [PyMISP] Bump version 2023-05-12 00:10:36 +02:00
Sami Mokaddem a2719e3c82
chg: [appController] Bumped queryVersion 2023-05-04 09:13:01 +02:00
Sami Mokaddem 8507fc5d6b
Merge branch 'feature-workflow-filtering-modules' into develop 2023-05-04 09:12:19 +02:00
Jakub Onderka 9e4c67b900 fix: [internal] Warning when searchvalue is not defined 2023-05-03 18:15:40 +02:00
Sami Mokaddem dc9a1489e1
Merge branch 'develop' of github.com:MISP/MISP into feature-workflow-filtering-modules 2023-05-03 14:57:04 +02:00
Sami Mokaddem a548fbc8a9
chg: [workflow] Updated filter add/reset and added support + fixed bunch of bugs 
Also added raw (patched) drawflow library source code
 2023-05-03 14:56:38 +02:00
Luciano Righetti ce3a8ec9b7
Merge pull request #9050 from righel/add-searchvalue-param 
new: add param to get exact matches on attribute values
 2023-05-02 15:12:14 +02:00
Luciano Righetti a8076f6344 fix: fix query 2023-05-02 09:58:10 +02:00
Luciano Righetti bb9e406f85 new: add param to get exact matches on attribute values 2023-05-02 09:49:48 +02:00
Christian Studer ed1ac9c8c8 Merge branch 'misp-stix' of github.com:MISP/MISP into develop 2023-04-26 14:01:03 +02:00
Christian Studer 2ea3bde1a2
fix: [upload_stix] PHP is not python 
- `array_key_exists` is the friend we were looking for here
- `in_array` only tests the values of an array and not the keys
 2023-04-21 16:36:54 +02:00
Christian Studer 50c7b930f6
fix: [upload_stix] Fixed the `distribution` & `sharing_group_id` values checking 
- we have to convert them to int to check with the
  list of distributions and sharing groups that
  have int keys
 2023-04-21 16:26:09 +02:00
Christian Studer 9fc2a954b2
add: [stix2 import] Handling sharing group id parameters to pass to the resulting MISP Event 2023-04-21 15:21:29 +02:00
Christian Studer 334ddbc533
add: [stix2 import] Added `distribution` to the `upload_stix` form so we can pass its value to `misp-stix` 2023-04-20 20:37:02 +02:00
Christian Studer 1e1980a2ae
chg: [stix import] Updated the `upload_stix` form params to be inline with the support of multiple STIX 1 & 2 versions 2023-04-19 16:32:39 +02:00
Luciano Righetti 1f4e2af37a fix: admin logs pagination 2023-04-18 16:58:35 +02:00