MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
13,858 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

49 Commits (a98c559bff48842a786f95ed24486b4dc8686533)

Author SHA1 Message Date
Richard van den Berg dd963c2e21 Sync sightings on push, pull and push on add 2019-11-22 21:53:51 +01:00
Pierre-Jean Grenier eada0440a7 fix: [sightings] Fix undefined variable with REST search 2019-10-04 10:16:02 +02:00
mokaddem cd5c9f7d1d
Merge remote-tracking branch 'origin/2.4' into decaying 2019-08-20 15:00:38 +02:00
Pierre-Jean Grenier 8207a64890 chg: Return the sighting when adding one through REST API 2019-08-20 10:52:12 +02:00
iglocska 60e68d1459
fix: [API] get organisation by uuid for sightings/listSightings, fixes #4992 2019-08-14 15:08:37 +02:00
iglocska 519e110f9f
new: [internal / API] new component added to handle repeatable code across all controllers (toolbox controller) 
- added UUID -> ID lookup function and integrated it across several functions
- fixes #4990
- fixes #4999
- fixes #4993
- fixes #4991
- fixes #4989
- fixes #4987
 2019-08-14 15:01:31 +02:00
iglocska 74bf393ead
fix: [API] Delete sightings by UUID, fixes #4987 2019-08-14 11:43:14 +02:00
mokaddem 6ba45b27f8
Merge remote-tracking branch 'origin/2.4' into decaying 2019-08-13 16:32:58 +02:00
iglocska e60f0beff9
fix: [API] sightings/listSightings should also support JSON parameters, fixes #4875 2019-07-29 16:46:02 +02:00
mokaddem bbab646d01
chg: [decaying:simulation] Support of sightings in the decaying simulation 2019-07-16 09:31:49 +02:00
iglocska 884564fb63 fix: [Sightings] ACL fixed 2019-04-24 15:11:00 +02:00
iglocska c225520f72 fix: [sightings] Users with sighting permissions should be able to add sightings even if they don't have event write access 2019-04-24 11:37:44 +02:00
iglocska c69969329d fix: [vulnerability] Fixes a vulnerability where a user can view sightings that they should not be eligible for 
- requires access to the event that has received the sighting
- affects instances with restrictive sighting settings (event only / sighting reported only)

- as reported by Tyler McLellan of CanCyber.org
 2019-02-28 20:27:36 +01:00
Christophe Vandeplas 67efc70bf5 fix: [style] consistent space indentation 2019-02-10 13:08:55 +01:00
mokaddem d9608d2e4b new: [sighting] Searching for attributes allows to add sightings on the 
attribute id or value
 2019-01-29 16:07:03 +01:00
iglocska 2d0259ce13 fix: [CS] coding standards script re-run 2018-11-23 14:11:33 +01:00
mokaddem c20553dfd5 new: [search/sighting] Possiblity to quickly add sightings on ID or VALUE when searching 2018-10-30 17:14:42 +01:00
Sami Mokaddem 84b96f0ef8 fix: [sighting/api] added missing sighting source parameter 2018-10-23 18:26:10 +02:00
Sami Mokaddem 5763a74b96 chg: [sighting/api] improved comments 2018-10-23 13:39:29 +02:00
Sami Mokaddem ff5f5faf02 new: [sighting/api] xml output format + improved error feedback 2018-10-23 13:06:37 +02:00
Sami Mokaddem 01cba114f2 fix: [sightings/api] now support json output format 2018-10-23 12:17:54 +02:00
Sami Mokaddem 99e5f560a8 new: [sighting/api] trying to follow the new API architecture. JSON 
export is broken but CSV is working. WIP...
 2018-10-23 11:24:03 +02:00
Sami Mokaddem 731a4d5e2b new: [Sightings/API] Added possiblity to get sightings based on a 
timerange/source/...
 2018-10-22 23:27:58 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
Andras Iklody e44abe301b
new: add API response for /sightings/listSightings 2018-02-21 10:49:21 +01:00
iglocska 208617c041 chg: Allow the "uuid" key to work as an alternate for "id" when adding sightings 2018-01-25 16:10:35 +01:00
iglocska 63ee8eaa81 fix: Add flatten to advanced sightings add within objects 
- without the flattening the advanced sighting add functionality couldn't be loaded
 2018-01-18 07:49:08 +01:00
iglocska a7aa2358b2 fix: Remove the option for disabling sightings - it's an integral feature of the MISP core. Fixes #2820 2018-01-16 12:50:01 +01:00
iglocska b081b51235 fix: Correctly show advanced sightings for object attributes 2018-01-12 11:36:53 +01:00
iglocska 8d71c37510 new: Add API description to sightings/add, fixes #2806 2018-01-12 11:28:14 +01:00
iglocska 00ad7713f8 fix: Sighting anonymisiation should properly remove the org names from the advanced sighting view 
- as reported by @hel10world
 2018-01-04 22:04:46 +01:00
iglocska 47b5d266b2 fix: Fixed missing flatten for advanced sightings view 
- attributes within objects couldn't generate the advanced sightings view
 2017-12-21 11:52:06 +01:00
iglocska 952fff6252 fix: Fixes to several cases of reflected XSS, fixes #2381 
- as reported by @import-au

- Additionally enforce content-type on all async APIs called by the UI using CakeResponse
 2017-08-08 21:37:03 +02:00
iglocska 3fca8de6bf new: Added activity charts to tag and galaxy cluster indeces 
- bunch of small improvements additionally
 2017-02-24 19:34:18 +01:00
iglocska f215dc1c8e new: Added advanced sightings and sparkline to the event itself 2017-02-23 11:39:02 +01:00
iglocska 3c558c653d fix: Added validation for sighting type and fixed responses for adding sightings 2017-02-20 11:13:39 +01:00
iglocska 589e4c3529 fix: fixed some permission issues preventing non site admins from using some functionalities correctly 2017-02-17 10:40:59 +01:00
iglocska 956758aca5 fix: Some bug fixes 2017-02-17 00:52:56 +01:00
iglocska 94c01d5896 new: First revision of the new sightings system 2017-02-16 22:46:30 +01:00
iglocska cbe759f3c2 chg: Work on the sightings 2017-02-06 14:08:55 +01:00
iglocska 4e41b55572 new: First iteration of the improved sightings 2017-02-05 23:48:18 +01:00
iglocska 8ccd817435 new: Index API for sightings added 2017-01-06 15:25:31 +01:00
iglocska c8a5eb951d new: Sightings API improvements WIP 
- reworked responses
- started work on the new index
 2017-01-05 20:48:03 +01:00
Iglocska a6734c858a new: Sightings enabled by default 2016-11-21 17:27:30 +01:00
Andreas Ziegler 898ea1d97c remove whitespace (space/tab) from empty lines 2016-06-04 01:08:16 +02:00
Iglocska 4c2ca05c9a Second iteration of the sightings 
- Added STIX sighting support
- better API add (via url parameter or POSTed object)
 2016-04-09 18:48:33 +02:00
iglocska 800b29f5bc Cleaned up some leftover junk and some new additions 
- clicking on a sighting count on the event view reveals contributor list
  - list of orgs and number of sightings
  - Orgs only shown (outside of own) if the policy to anonimise orgs is not enabled
  - works on an event and an attribute level
 2015-12-21 01:12:29 +01:00
Iglocska 868d4cdd3f First version of the sightings 
- add / delete sightings via REST
- add sightings via the UI
- View sightings info on an event and attribute level (event view only for now)
- differentiate between own sightings and that of other orgs (additional information via popover still coming)

- settings:
  - 1. enable / disable sightings server wide
  - 2. set sightings policy
    - a. Only Event owner can see sightings + everyone sees what they themeselves contribute
    - b. Anyone that contributes sightings to an event can see the sightings data
    - c. Everyone that can see the event can see the sightings
  - 3. Anonymisisation (in progress, data correctly retrieved in business logic)
    - a. if true, then only own org + "other" is shown
    - b. otherwise all orgs that submitted sightings are shown

Further improvements needed for version 1 of sightings:
  - 1. Delete via the interface
  - 2. View detailed sightings information
  - 3. Graph the sightings data for the event
  - 4. Include the Sightings data in the XML/JSON views
  - 5. View sighting for attribute / event via the API
 2015-12-20 13:41:52 +01:00
iglocska 3a682faf01 Various fixes 
- resolved a missing variable issue on event views with no posts fixes #753
- removed some obsolete code
- sorted tags on the event view when assigning one to an event by name, fixes #416

	modified:   app/Model/Taxonomy.php
 2015-12-16 00:48:30 +01:00