MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
19,436 Commits
33 Branches
364 Tags
186 MiB
Commit Graph

173 Commits (a61caa3a6a541e6f9761ae99c033c7457050bc0b)

Author SHA1 Message Date
Luciano Righetti 2af550c860 fix: pr comments, update acl to allow all for /servers/openapi view, remove rest client from events menu, remove php7 return hint. 2021-06-04 15:54:13 +02:00
Luciano Righetti 546aacec2c new: add initial version of openapi spec, add ReDoc js files. 2021-06-03 17:49:36 +02:00
Jakub Onderka ad1b373766 new: [log] Audit log 2021-05-03 13:44:44 +02:00
iglocska 823a870ca0
Merge branch 'develop' of github.com:MISP/MISP into develop 2021-04-25 17:54:53 +02:00
iglocska 33c6ab7030
chg: [menues] updated with new correlation functionality 2021-04-25 17:37:57 +02:00
Jakub Onderka 4bcf270233 chg: [UI] Simplify keyboard-shortcuts.js 2021-03-02 11:36:23 +01:00
Jeroen Pinoy 131c9e15ce chg: Add can access check for correlation exclusions menu entry 2021-02-21 22:27:08 +00:00
Jeroen Pinoy 557a546815 Adds 'List Auth Keys' button to Administration in global menu 2021-02-18 17:08:21 +01:00
iglocska 065449b33e
chg: [dashboard] added to the root level of the top menu 2021-02-17 13:05:34 +01:00
iglocska a82642cf47
Merge branch '2.4' into develop 2021-01-19 16:07:17 +01:00
iglocska 8283e0fbec
fix: [security] XSS in the user homepage favourite button 
- navigating to a url in MISP with the URL containing a javascript payload would cause the execution of reflected xss
- automatically sanitised by modern browsers, but still confirmed via raw curl fetches
 2021-01-19 16:04:38 +01:00
iglocska b8823b86e2
new: [correlation] added system to exclude certain values from the correlation engine 
- simply add values at /exclude_correlations
- new values coming in will not correlate if they trip over the values listed there
- to remove existing correlations run the cleaner tool on the above endpoint

- values can be 1:1 matches, or substring searches (denoted with a leading, ending, or both '%')
  - https://www.google.com/%  will match anything starting with https://www.google.com/
  - %google.com% will match anything that contains google.com
 2021-01-07 09:31:38 +01:00
Jakub Onderka ba9a33e0a1 chg: [UI] Merge roles index and admin_index 2020-12-22 17:52:58 +01:00
Jakub Onderka fbeb4aee2c
Merge pull request #6720 from JakubOnderka/permission-ui 
Permission UI
 2020-12-09 18:16:33 +01:00
Jakub Onderka 6f8da2c36b fix: [UI] Allow to access delegations index just when delegations are enabled 2020-12-09 17:49:14 +01:00
Jakub Onderka d6bf3710ba fix: [UI] Do not show REST client menu link when user don't have permission 2020-12-09 17:48:37 +01:00
iglocska 90d8504b79
chg: [Cerebrate] added to the global menu 2020-11-30 23:41:08 +01:00
mokaddem f0bc398e60
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-11-16 14:59:17 +01:00
Jakub Onderka 3b8b0019af new: [user] Setting `disable_user_add` to disable user creation by org admins 2020-11-14 17:44:17 +01:00
Jakub Onderka 8e76af6370 new: [user] Allow to disable user password change 2020-11-14 17:44:16 +01:00
mokaddem 150b4cb7d1
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-11-09 10:07:43 +01:00
Jakub Onderka e6157a99c0 fix: [internal] Avoid warnings in global_menu 2020-10-21 09:30:37 +02:00
Jakub Onderka b9f15ab05d fix: [UI] Check more menu ACLs 2020-10-03 16:12:44 +02:00
Jakub Onderka 5900da4915 fix: [UI] User guide link 2020-10-03 16:12:44 +02:00
Jakub Onderka faa9e373ea chg: [internal] Move more global menu rules to ACLComponent 2020-10-03 16:12:44 +02:00
Jakub Onderka 3be0ab9169 chg: [internal] Use ACLComponent for menu item permission 2020-10-03 16:12:44 +02:00
Jakub Onderka 1d580f1f96 chg: [internal] Simplified menu code 2020-09-28 21:36:36 +02:00
mokaddem eb84b3344f
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-09-22 12:08:12 +02:00
Golbark 3a0bedb104 chg: [internal] Using Allowedlist instead of Whitelist 2020-09-01 16:28:20 +02:00
Golbark 3fb47d1cce chg: [internal] Using blocklist instead of blacklist 2020-09-01 16:27:36 +02:00
Loïc Fortemps 8844fd7ada
Event ID translation feature (#6212) 
* new: [sync] Event ID translation between sync servers
 2020-08-26 10:01:14 +02:00
Olivier BERT 9fff3ffc22 A few accessibility fixes for users of screen readers: 
- Added aria label and role for the representation of booleans in generic index tables,
- Fixed Aria label for actions in generic index tables,
- Set titles for actions in the admin user index table,
- Added a few missing aria labels in the global menu.
 2020-08-21 15:57:06 +02:00
iglocska 7d253f87fd
new: [ACL] event blacklisting fully opened up to host org users 
- also added a new special permission for the ACL system host_org_user - which will evaluate whether the user is in the org configured in the MISP.host_org_id directive
 2020-08-21 13:41:48 +02:00
Vito Piserchia d2f424e416 rebase continue 2020-08-17 17:27:31 +02:00
Vito Piserchia 7da8b32ada rebase continue 2020-08-17 17:25:02 +02:00
johndoe d2ddff3e77 fix rebase 2020-08-17 17:14:02 +02:00
Vito Piserchia a393d411e1 rebase continue 2020-08-17 17:13:58 +02:00
Vito Piserchia a1c80378f6 more merge fixes 2020-08-16 13:44:53 +02:00
Vito Piserchia b8c7485712 resolve merge 2020-08-16 13:31:31 +02:00
mokaddem b3dbecb318
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-07-14 16:25:04 +02:00
iglocska bf4610c947
fix: [security] setting a favourite homepage was not CSRF protected 
- a user could be lured into setting a MISP home-page outside of the MISP baseurl
- switched the endpoint to be CSRF protection enabled

- as discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
 2020-07-13 12:19:11 +02:00
mokaddem f3a9481c61
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-07-01 16:22:55 +02:00
iglocska 3ec5fcba0b
new: [event block rule system] added 
- add simple tag filters to block events from being added.
- it will not stop a manual creation of an event with subsequent adding of the tag in a later stage
- it will however block synced events
 2020-06-30 10:45:36 +02:00
mokaddem 23d24c3c9e
chg: [clusterRelations] Model linking and basic index 2020-05-07 11:03:18 +02:00
iglocska 4ebc0a7988
new: [inbox] system added 
- user self-registration is the first use-case
- if the feature is enabled, users can unauthenticated send a registration request to MISP
  - request includes information on desired org and some privileges (sync / org admin / publisher)
- requests land in the inbox, admins can inspect the registration requests
  - they can accept/discard them individually or en masse
  - users will be notified of their credentials automatically
  - quick user creation if the user asks for an org that doesn't exist yet
 2020-04-07 13:21:01 +02:00
iglocska 0e635548b9
new: [favourite] glow orange when on the page that is already bookmarked 
- thanks to @mokaddem (graphman) for the idea
 2020-03-02 23:05:40 +01:00
iglocska 1bcc7cdf2b
fix: [homepage] redirects fixed 2020-03-02 10:30:24 +01:00
iglocska 0d4df7c98b
new: [Dashboard] system 
- Dashboard
  - modular similar to restSearch
  - build your own widgets
  - use a set of visualisation options (more coming!)
  - full access to internal functions for queries
  - auto discover core and 3rd party widgets
  - rearrange / configure widgets for each user individually
  - rearrange / resize widgets
  - settings can be configured by a site-admin on behalf of others
  - modules have a self-explain mode to guide users
  - caching mechanism for the modules / org

- set homepage / user
- various other fixes
 2020-03-01 18:05:21 +01:00
Jakub Onderka a3c07277c4 fix: Proper logout when `CustomAuth_custom_logout` is set 2020-01-23 16:46:02 +01:00
iglocska c4f1d4d15e
new: [SightingDB] Added integration with SightingDB 
- Added configuration tool
- Added lookups from the event view
- Added includeSightingdb flag for the restSearch searches
- Added SightingDB search tool
- Added SightingDB connection test tool
 2019-11-06 21:20:04 +01:00