iglocska
a41a438290
fix: [acl] fixed for taxii servers
2023-06-08 10:50:31 +02:00
iglocska
a752d29e03
new: [taxii preview] Browse a taxii server and view the data it contains
...
- browse collections
- browse contents of the individual collections and paginate through the data
2023-06-07 14:31:58 +02:00
Christophe Vandeplas
27ece6afba
fix: [AuthKeys] improve readability of add ACL
2023-06-04 09:25:19 +02:00
Christophe Vandeplas
d056b8dceb
fix: [AuthKey] Cleanup AuhKey permissions fixes #9121
2023-06-04 09:14:11 +02:00
Christophe Vandeplas
132afb7321
fix: [Users] fixes column not found Role.perm_site_admin
2023-06-04 08:18:52 +02:00
Christophe Vandeplas
b2bb4f817b
fix: [security] Org admins cannot delete site admin accounts see #9121
2023-06-04 07:01:29 +02:00
iglocska
8d596784e3
fix: [privileges] only site admins can remove totp for a user
...
- leads to potential privilege check circumvention otherwise (org admin deleting site admin's totp key)
- also, removal should be a nuclear option
2023-05-31 15:12:54 +02:00
iglocska
3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added
...
- without the login the update doesn't execute - chicken & egg issue
2023-05-31 15:11:51 +02:00
Christophe Vandeplas
cb74ad507f
chg: [security] OTP support for HOTP
2023-05-25 23:28:14 +02:00
Christophe Vandeplas
afbb9fab95
chg: [security] TOTP anti-bruteforce support
2023-05-25 21:12:07 +02:00
Christophe Vandeplas
6311f7d3e6
Merge branch 'develop' into feature/totp
2023-05-25 20:53:06 +02:00
Jakub Onderka
3acccf9875
Merge pull request #8830 from JakubOnderka/access-log-enhancement
...
Access log enhancement
2023-05-24 13:38:06 +02:00
Jakub Onderka
2e753abea1
chg: [internal] Use less memory when encoding big JSON responses
2023-05-24 09:56:43 +02:00
Jakub Onderka
44738e4382
chg: [UI] Show user agent in title in access log
2023-05-24 09:56:43 +02:00
Jakub Onderka
90d7d66ee6
Merge pull request #8906 from JakubOnderka/fix-missing-user-id
...
fix: [internal] Missing user_id field for event when editing shadow attribute
2023-05-24 09:55:24 +02:00
Jakub Onderka
b9902618eb
Merge pull request #8909 from JakubOnderka/fix-notice
...
fix: [internal] Undefined index for invalid request
2023-05-24 09:53:50 +02:00
iglocska
7a3b8617eb
Merge branch '2.4' into develop
2023-05-23 10:48:09 +02:00
iglocska
a94777231b
fix: [templates controller] remove CSRF protection from the rearranging
...
- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care
- removes the annoying blackholing for the drag and drop
2023-05-23 10:46:54 +02:00
Christophe Vandeplas
a5f5a4e113
chg: [user] log last_api_access hourly if MISP.store_api_access_time is not set
2023-05-21 20:12:44 +02:00
Christophe Vandeplas
acb258cc52
chg: [security] User index inactive user filter
2023-05-21 19:29:56 +02:00
Christophe Vandeplas
c5483cf4b5
fix: [cleanup] removes some TODO messages #103
2023-05-21 10:09:05 +02:00
Christophe Vandeplas
dbf827f536
fix: [feeds] fix missing variable for view
2023-05-21 08:49:33 +02:00
Christophe Vandeplas
e90083020f
chg: [security] Require TOTP and QR code lib for TOTP secret creation
2023-05-20 10:26:45 +02:00
Christophe Vandeplas
8e370fa6f0
chg: [security] TOTP event logging
2023-05-20 10:13:56 +02:00
Christophe Vandeplas
dac7aaf7d6
chg: [security] Disallow creation of TOTP token if LinOTP is enabled
2023-05-20 09:20:36 +02:00
Christophe Vandeplas
81db5958d9
chg: [security] Allow enforcement of TOTP
2023-05-20 08:56:40 +02:00
Christophe Vandeplas
856a9e4b4c
chg: [security] admins can delete user TOTP
2023-05-20 08:05:48 +02:00
Christophe Vandeplas
61573392ea
chg: [security] allow creation of TOTP token
2023-05-19 20:56:52 +02:00
Christophe Vandeplas
6caccac94d
new: [security] TOTP authentication
2023-05-19 06:57:16 +02:00
Jakub Onderka
2f1d56509c
chg: [internal] Code cleanup for galaxy import
2023-05-17 13:56:17 +02:00
iglocska
9f5e49995a
Merge branch 'new_widgets' into develop
2023-05-16 14:12:59 +02:00
iglocska
712321eb81
new: [dashboard templates] show which modules will be visible to the given user
2023-05-16 14:04:32 +02:00
iglocska
a60202d9d1
fix: [junk removed] removed accidentally inserted characters
...
- fell asleep on the keyboard?
2023-05-16 13:41:44 +02:00
iglocska
9e763ba0e5
new: [auth] log api key usage in redis
...
- lightweight per day slice of api key use
- built as a ranked set in redis for the dashboards
2023-05-16 13:39:31 +02:00
Raphaël Vinot
1d53868c99
chg: [PyMISP] Bump version
2023-05-12 00:10:36 +02:00
Sami Mokaddem
a2719e3c82
chg: [appController] Bumped queryVersion
2023-05-04 09:13:01 +02:00
Sami Mokaddem
8507fc5d6b
Merge branch 'feature-workflow-filtering-modules' into develop
2023-05-04 09:12:19 +02:00
Jakub Onderka
9e4c67b900
fix: [internal] Warning when searchvalue is not defined
2023-05-03 18:15:40 +02:00
Sami Mokaddem
dc9a1489e1
Merge branch 'develop' of github.com:MISP/MISP into feature-workflow-filtering-modules
2023-05-03 14:57:04 +02:00
Sami Mokaddem
a548fbc8a9
chg: [workflow] Updated filter add/reset and added support + fixed bunch of bugs
...
Also added raw (patched) drawflow library source code
2023-05-03 14:56:38 +02:00
Luciano Righetti
ce3a8ec9b7
Merge pull request #9050 from righel/add-searchvalue-param
...
new: add param to get exact matches on attribute values
2023-05-02 15:12:14 +02:00
Luciano Righetti
a8076f6344
fix: fix query
2023-05-02 09:58:10 +02:00
Luciano Righetti
bb9e406f85
new: add param to get exact matches on attribute values
2023-05-02 09:49:48 +02:00
Christian Studer
ed1ac9c8c8
Merge branch 'misp-stix' of github.com:MISP/MISP into develop
2023-04-26 14:01:03 +02:00
Christian Studer
2ea3bde1a2
fix: [upload_stix] PHP is not python
...
- `array_key_exists` is the friend we were looking for here
- `in_array` only tests the values of an array and not the keys
2023-04-21 16:36:54 +02:00
Christian Studer
50c7b930f6
fix: [upload_stix] Fixed the `distribution` & `sharing_group_id` values checking
...
- we have to convert them to int to check with the
list of distributions and sharing groups that
have int keys
2023-04-21 16:26:09 +02:00
Christian Studer
9fc2a954b2
add: [stix2 import] Handling sharing group id parameters to pass to the resulting MISP Event
2023-04-21 15:21:29 +02:00
Christian Studer
334ddbc533
add: [stix2 import] Added `distribution` to the `upload_stix` form so we can pass its value to `misp-stix`
2023-04-20 20:37:02 +02:00
Christian Studer
1e1980a2ae
chg: [stix import] Updated the `upload_stix` form params to be inline with the support of multiple STIX 1 & 2 versions
2023-04-19 16:32:39 +02:00
Luciano Righetti
1f4e2af37a
fix: admin logs pagination
2023-04-18 16:58:35 +02:00