- python server running in the background doing the publishing
- MISP -> python script communication via redis
- configurable / controllable via the admin UI
- by installing the requirements described in the update and the install instructions (ubuntu only for now, centos/red-hat versions to be tested and described), administrators can enable the pub/sub feature
- assign a port to the service via the interface
- each time an event is published, MISP will use ZMQ's PUB feature to push out a MISP JSON package using the "misp_json" prefix
- users can specify an alternate gnupg executable
- Since GnuPG2 is not compatible with the last stable CryptGPG version, there are 3 options for CentOS / Red Hat users:
1. Don't use a passphrase for the server's PGP key
2. Install the beta version of CryptGPG (1.4.0b4)
3. Install GnuPG classic and point MISP to the executable
- This patch enables option 3, administrators can point MISP to the alternate executable in the server settings
- Events published / pushed will now refuse to sync if the situation arises where no attributes would be eligible to be synced
- Events pulled that contain no attributes will be thrown away
- Reworking the way e-mails are sent - all of it goes through a centralised e-mail method
- just pass the recipient, recipient encryption key collection, body, alternate body if the message cannot be encrypted, subject, reply to address and pgp key for reply to along and the method will do the rest
- encrypt if possible, check if sending without encryption is allowed, signing, adding attachment for reply to encryption key, using alternate sanitised body if it is enforced for accounts that cannot use encryption is all done in one place
- easy to maintain and expand with future changes (such as the S/MIME pull request on github)
- documented in automation view
- right now it follows the simple rule of user > admin settings > default values when generating the export
- Parameters can be passed via url / JSON object / XML object
- filters include filter on event ID, date range, tags
TODO:
- buttons for a per event download via the UI
- introduce new export option for normal users (via background workers and the old style export)
- server settings and validation work
- configurable template via settings
- configurable via API as well
- Also trying to define the structure for future Plugin settings
- The idea is to have them in a separate tab all prepended with the plugin name
- since this is not yet part of the future flexible plugin system, it is still kept in the main codebase, but the idea is to get the naming conventions ready for the future version
- add the remote organisation while adding a server
- remote organisation can be chosen from the list of local or known remote organisations. Alternatively a new remote org can be created on the fly
- Several UI changes
- decision to be revised: exports don't expose Sharing groups / org uuids to users unless they are admin (for the future: at least sync users have to be added for the new sync)
- Scheduled pulls should work correctly now
- Scheduled pushes and pulls correctly display in the logs
- Scheduled caching correctly sets the next date of execution
- MYSQL.sql file now correctly includes the task entries
- GenerateCorrelation admin task is now a background job
- Organisation of events pulled now get the org in the server object as the owner instead of the one who initiates the pull
- Small fix to wrapping text in the pivot graph
- shows both orgc and org to normal users
- naming convention changed (orgc => source org, org => member org)
- this should allow users to see if an event was generated on their instance or not.
- Important! Logo images have now moved to a different location! Make sure that you update your settings!
- Site admins can now manage the uploaded image files and the terms of use file via the server settings interface
- add, link, delete files directly from the interface
- use terms file as before if nothing else specified
- specify a file in the app/files/terms directory via the server settings tool
- specify whether to show it inline or create a download link for users instead
- by default everything is the same as before, except that the MISP installation path is no longer exposed by a non-existing terms file
- server setting has to be enabled to allow for this
- can cause issues if the event gets synchronised with an instance that has a different creator organisation for the same event
- it is recommended not to use this, but in some cases it can be very helpful - the setting for it in the configuration is called MISP.take_ownership_xml_import
- send uuids of events to be pushed together with timestamps to the other instance
- other instance removes events that are already up to date or locally created from the array
- sends the remaining uuids back
- first instance initiates the push of events that were not filtered out
- during the event id pull, the local server already checks the timestamps, removing the ids of events that are not newer than the local version
- this results in only the event metadata being pulled for all events, and the attributes of only those events that need to be updated are pulled resulting in much quicker pulls
- Fixed an issue with proposals that got pulled not finding the attribute that they are proposals to (for proposals that belong to an attribute)
- Scheduled tasks for pull / push now working as intended
- Rescheduling of all tasks fixed
- protection against the rescheduled task ending up in the past
- further event history fixes
- fixed lots of erroneous logging
- performance improvement with logging (no longer loading controllers for no reason)
- logging extra actions that weren't logged before (proposal accept / discard, server pull / push)
- you can now upload a certificate file and allow a server link to use a provided self signed certificate. This should solve the issues that some organisations are having when trying to connect their instances
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
If it's just an existing behavior or lib,
place it in a plugin directory structure in <cydefsig>/plugins.
If there is a need to change an extern existing plugin,
extend the existing plugin by a new plugin in <cydefsig>/app/Plugin.
This way there is a very clean devision between own and external code.
The external code can be updated without touching own nor changed code.
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).
To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
Iglocska