- MYSQL.sql file now correctly includes the task entries
- GenerateCorrelation admin task is now a background job
- Organisation of events pulled now get the org in the server object as the owner instead of the one who initiates the pull
- Small fix to wrapping text in the pivot graph
- freetext import now optionally allows setting the comment field
- removing rows in the freetext import result redirects to the event view if all rows are gone
- users can now search on attributes
- attribute search returns any event that has a a sub-string match on the entered attribute
- can also be used to negate (e.g: don't show me any events that have a sub-string match on any of its attributes)
- STIX export had 2 issues as pointed out by RichieB2B:
- Incorrect name assigned to incidents due to copy-pasta fail
- Historyitems incorrectly handled
- For the OpenIOC import:
- Mapping DnsEntryItem/Host to hostname
- Mapping of hostnames to Network activity failed due to incorrect capitalistion
- Temporarily removed the ignore function on certain indicators. Ignoring an element in an AND-ed branch happens without a pruning of the element IDs
- Important! Logo images have now moved to a different location! Make sure that you update your settings!
- Site admins can now manage the uploaded image files and the terms of use file via the server settings interface
- add, link, delete files directly from the interface
- use terms file as before if nothing else specified
- specify a file in the app/files/terms directory via the server settings tool
- specify whether to show it inline or create a download link for users instead
- by default everything is the same as before, except that the MISP installation path is no longer exposed by a non-existing terms file
- tags not filtered correctly
- status bar showing current filters now shows actual strings for tags / analysis / distribution / threat level instead of the IDs
- server setting has to be enabled to allow for this
- can cause issues if the event gets synchronised with an instance that has a different creator organisation for the same event
- it is recommended not to use this, but in some cases it can be very helpful - the setting for it in the configuration is called MISP.take_ownership_xml_import
- XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains
- New option in bootstrap to allow the cached XML export to also include the attachments
- CSV caching slightly rearranged, it's much more memory efficient now
- Some fixes to relatedevent orgs being shown even if showorg is disabled
- Added a new site admin action to generate several 3k events for load testing (slow)
- Tags are now fully shown on the event index
- can be enabled via bootstrap (the Configure::write setting is in the bootstrap.default.php file)
- shorthand distribution names
- narrowed some of the fields down
- STIX export performance greatly improved thanks to 84ce8d8be6376797053668d68e1b863713f008dd
- some junk removed
- fixed some minor pagination issues on the event view
- site admin dummy event creator now has target-* type attributes
MYSQL.sql and upgrade_2.3.sql updated
Fixed incorrect proposal counts showing up due to attributes that are flagged for deletion also being counted
Added some extra fields to the view proposal view to make it more useful
- UI improvements, events appear unpublished after ajax queries that alter attributes
- Events get unpublished by the attribute replace tool and template population as they should
Users could only choose their own organisation in the org filter due to an overly restrictive filtering of the available options. Relaxed to all organisations that have an event that is visible to the user.
- send uuids of events to be pushed together with timestamps to the other instance
- other instance removes events that are already up to date or locally created from the array
- sends the remaining uuids back
- first instance initiates the push of events that were not filtered out
The contributor field in the event view is evaluated based on proposal log entries from the log table affecting the current event. In order to improve performance, the LIKE check for the event ID is moved to the last argument in order to avoid parsing rows that could be ignored by the other arguments quicker.
A change in cakephp version 2.4.8+ has resulted in ajax form submitions breaking. Reason for this was a change in the SecurityComponent taking the url specified in the form into account when generating the CSRF tokens.
This is now fixed by embedding the correct url in the ajax forms.
- currently to_xml() has performance issues, if it's not resolved fast, it would be a good idea to move the export to the background workers
- some UI changes
- first version of templating system complete
- first version of freetext importer complete
- first version of mass attribute replace tool complete
- some UI changes
- resolved bugs with permissions
- fixed the broken mass delete tool
- Fixed an issue with the type not being chosen correctly for file type attributes when created through the templating tool
- Templates can now be created and populated
- Users can populate an event using a template (still needs work)
- File type elements are not yet implemented
- malware samples / attachments couldn't be downloaded
- links weren't actually links
- deleting an attribute / shadowattribute now opens a custom confirmation dialogue. This is also where the CSRF tokens are generated for the post request to execute the delete, resulting in a faster event view load
- Events exported were enclosed in a <response> tag, which the sync automatically filters out, but a manual export and import would fail on edits
- added a conditional that removes the <response> tag if an event is encapsulated in a request to the edit method
- AJAX requests now also respond with a small message at the bottom of the page, notifying the user of the result
- The following actions work now on the event page via ajax:
1. Add / remove tags
2. quick edit any attribute field if eligible
3. quickly create a proposal of any attribute field if not eligible to edit
4. popover attribute creation (also works with batch add)
5. popover proposal creation (also works with batch add)
6. delete attributes
7. accept/discard proposals
8. mass edit / delete attributes
Also, replaced the old memberslist, with a small lightweight css/js based one.