Richard van den Berg
dd963c2e21
Sync sightings on push, pull and push on add
2019-11-22 21:53:51 +01:00
Pierre-Jean Grenier
eada0440a7
fix: [sightings] Fix undefined variable with REST search
2019-10-04 10:16:02 +02:00
mokaddem
cd5c9f7d1d
Merge remote-tracking branch 'origin/2.4' into decaying
2019-08-20 15:00:38 +02:00
Pierre-Jean Grenier
8207a64890
chg: Return the sighting when adding one through REST API
2019-08-20 10:52:12 +02:00
iglocska
60e68d1459
fix: [API] get organisation by uuid for sightings/listSightings, fixes #4992
2019-08-14 15:08:37 +02:00
iglocska
519e110f9f
new: [internal / API] new component added to handle repeatable code across all controllers (toolbox controller)
...
- added UUID -> ID lookup function and integrated it across several functions
- fixes #4990
- fixes #4999
- fixes #4993
- fixes #4991
- fixes #4989
- fixes #4987
2019-08-14 15:01:31 +02:00
iglocska
74bf393ead
fix: [API] Delete sightings by UUID, fixes #4987
2019-08-14 11:43:14 +02:00
mokaddem
6ba45b27f8
Merge remote-tracking branch 'origin/2.4' into decaying
2019-08-13 16:32:58 +02:00
iglocska
e60f0beff9
fix: [API] sightings/listSightings should also support JSON parameters, fixes #4875
2019-07-29 16:46:02 +02:00
mokaddem
bbab646d01
chg: [decaying:simulation] Support of sightings in the decaying simulation
2019-07-16 09:31:49 +02:00
iglocska
884564fb63
fix: [Sightings] ACL fixed
2019-04-24 15:11:00 +02:00
iglocska
c225520f72
fix: [sightings] Users with sighting permissions should be able to add sightings even if they don't have event write access
2019-04-24 11:37:44 +02:00
iglocska
c69969329d
fix: [vulnerability] Fixes a vulnerability where a user can view sightings that they should not be eligible for
...
- requires access to the event that has received the sighting
- affects instances with restrictive sighting settings (event only / sighting reported only)
- as reported by Tyler McLellan of CanCyber.org
2019-02-28 20:27:36 +01:00
Christophe Vandeplas
67efc70bf5
fix: [style] consistent space indentation
2019-02-10 13:08:55 +01:00
mokaddem
d9608d2e4b
new: [sighting] Searching for attributes allows to add sightings on the
...
attribute id or value
2019-01-29 16:07:03 +01:00
iglocska
2d0259ce13
fix: [CS] coding standards script re-run
2018-11-23 14:11:33 +01:00
mokaddem
c20553dfd5
new: [search/sighting] Possiblity to quickly add sightings on ID or VALUE when searching
2018-10-30 17:14:42 +01:00
Sami Mokaddem
84b96f0ef8
fix: [sighting/api] added missing sighting source parameter
2018-10-23 18:26:10 +02:00
Sami Mokaddem
5763a74b96
chg: [sighting/api] improved comments
2018-10-23 13:39:29 +02:00
Sami Mokaddem
ff5f5faf02
new: [sighting/api] xml output format + improved error feedback
2018-10-23 13:06:37 +02:00
Sami Mokaddem
01cba114f2
fix: [sightings/api] now support json output format
2018-10-23 12:17:54 +02:00
Sami Mokaddem
99e5f560a8
new: [sighting/api] trying to follow the new API architecture. JSON
...
export is broken but CSV is working. WIP...
2018-10-23 11:24:03 +02:00
Sami Mokaddem
731a4d5e2b
new: [Sightings/API] Added possiblity to get sightings based on a
...
timerange/source/...
2018-10-22 23:27:58 +02:00
iglocska
a81894f14c
chg: [CS] Changed to PSR-2
...
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
2018-07-19 11:48:22 +02:00
Andras Iklody
e44abe301b
new: add API response for /sightings/listSightings
2018-02-21 10:49:21 +01:00
iglocska
208617c041
chg: Allow the "uuid" key to work as an alternate for "id" when adding sightings
2018-01-25 16:10:35 +01:00
iglocska
63ee8eaa81
fix: Add flatten to advanced sightings add within objects
...
- without the flattening the advanced sighting add functionality couldn't be loaded
2018-01-18 07:49:08 +01:00
iglocska
a7aa2358b2
fix: Remove the option for disabling sightings - it's an integral feature of the MISP core. Fixes #2820
2018-01-16 12:50:01 +01:00
iglocska
b081b51235
fix: Correctly show advanced sightings for object attributes
2018-01-12 11:36:53 +01:00
iglocska
8d71c37510
new: Add API description to sightings/add, fixes #2806
2018-01-12 11:28:14 +01:00
iglocska
00ad7713f8
fix: Sighting anonymisiation should properly remove the org names from the advanced sighting view
...
- as reported by @hel10world
2018-01-04 22:04:46 +01:00
iglocska
47b5d266b2
fix: Fixed missing flatten for advanced sightings view
...
- attributes within objects couldn't generate the advanced sightings view
2017-12-21 11:52:06 +01:00
iglocska
952fff6252
fix: Fixes to several cases of reflected XSS, fixes #2381
...
- as reported by @import-au
- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
2017-08-08 21:37:03 +02:00
iglocska
3fca8de6bf
new: Added activity charts to tag and galaxy cluster indeces
...
- bunch of small improvements additionally
2017-02-24 19:34:18 +01:00
iglocska
f215dc1c8e
new: Added advanced sightings and sparkline to the event itself
2017-02-23 11:39:02 +01:00
iglocska
3c558c653d
fix: Added validation for sighting type and fixed responses for adding sightings
2017-02-20 11:13:39 +01:00
iglocska
589e4c3529
fix: fixed some permission issues preventing non site admins from using some functionalities correctly
2017-02-17 10:40:59 +01:00
iglocska
956758aca5
fix: Some bug fixes
2017-02-17 00:52:56 +01:00
iglocska
94c01d5896
new: First revision of the new sightings system
2017-02-16 22:46:30 +01:00
iglocska
cbe759f3c2
chg: Work on the sightings
2017-02-06 14:08:55 +01:00
iglocska
4e41b55572
new: First iteration of the improved sightings
2017-02-05 23:48:18 +01:00
iglocska
8ccd817435
new: Index API for sightings added
2017-01-06 15:25:31 +01:00
iglocska
c8a5eb951d
new: Sightings API improvements WIP
...
- reworked responses
- started work on the new index
2017-01-05 20:48:03 +01:00
Iglocska
a6734c858a
new: Sightings enabled by default
2016-11-21 17:27:30 +01:00
Andreas Ziegler
898ea1d97c
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Iglocska
4c2ca05c9a
Second iteration of the sightings
...
- Added STIX sighting support
- better API add (via url parameter or POSTed object)
2016-04-09 18:48:33 +02:00
iglocska
800b29f5bc
Cleaned up some leftover junk and some new additions
...
- clicking on a sighting count on the event view reveals contributor list
- list of orgs and number of sightings
- Orgs only shown (outside of own) if the policy to anonimise orgs is not enabled
- works on an event and an attribute level
2015-12-21 01:12:29 +01:00
Iglocska
868d4cdd3f
First version of the sightings
...
- add / delete sightings via REST
- add sightings via the UI
- View sightings info on an event and attribute level (event view only for now)
- differentiate between own sightings and that of other orgs (additional information via popover still coming)
- settings:
- 1. enable / disable sightings server wide
- 2. set sightings policy
- a. Only Event owner can see sightings + everyone sees what they themeselves contribute
- b. Anyone that contributes sightings to an event can see the sightings data
- c. Everyone that can see the event can see the sightings
- 3. Anonymisisation (in progress, data correctly retrieved in business logic)
- a. if true, then only own org + "other" is shown
- b. otherwise all orgs that submitted sightings are shown
Further improvements needed for version 1 of sightings:
- 1. Delete via the interface
- 2. View detailed sightings information
- 3. Graph the sightings data for the event
- 4. Include the Sightings data in the XML/JSON views
- 5. View sighting for attribute / event via the API
2015-12-20 13:41:52 +01:00
iglocska
3a682faf01
Various fixes
...
- resolved a missing variable issue on event views with no posts fixes #753
- removed some obsolete code
- sorted tags on the event view when assigning one to an event by name, fixes #416
modified: app/Model/Taxonomy.php
2015-12-16 00:48:30 +01:00