MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
25,700 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

432 Commits (bf909d5fff52a5d72666eb59faf101069e5d590e)

Author SHA1 Message Date
iglocska bf909d5fff
fix: [OTP] restored 2024-05-03 12:08:43 +02:00
iglocska 9f3735c5c2
fix: [Email OTP] invalid ACL check reverted, allowing the feature to function again 2024-05-03 08:16:28 +02:00
iglocska 304581e2b6
Merge branch 'develop' of github.com:MISP/MISP into develop 2024-05-02 11:27:20 +02:00
iglocska 4795d9c183
fix: [analyst data] UI changes to make the loading on demand in the event view 2024-05-02 10:17:44 +02:00
Jakub Onderka 0ca6a47ef8 chg: [acl] Move site admin check as last check 2024-04-20 14:27:37 +02:00
Jakub Onderka d5ba5af530 chg: [security] Disable resetting password when password change is disabled 2024-04-20 14:27:37 +02:00
Jakub Onderka 79f6124bd2 new: [security] Make possible to disable (T/H)OTP 
This is useful if MISP is connected to identity provider that already provides strong authentication
 2024-04-20 14:27:35 +02:00
iglocska 4544ef2516
new: [benchmarking suite] added 
- collect metrics about the usage of MISP
  - stored in redis
  - per endpoint / user / user-agent collection
  - collection of execution time, php memory use, sql execution time, sql query count
  - the collection happens on a daily basis
- Searchable / filterable interface for the collected data
- Dashboard widget for the collected data
 2024-04-17 15:08:38 +02:00
iglocska e1bc2052ae
chg: [ACL] entries added 2024-04-04 12:40:12 +02:00
Sami Mokaddem 1afd609581
chg: [analyst-data:thread-view] Added possibility to fetch data having a deeper depth 2024-02-13 15:38:23 +01:00
Sami Mokaddem 80f97ad79f
chg: [analyst-data] Added missing ACL entries and improved pre-filtering before negotiation starts 2024-02-06 08:50:21 +01:00
Sami Mokaddem eaf8a2b98a
chg: [analyst-data] Added `locked` flag, support of orgc/org, analyst-data-blocklist and most implementation of push synchronisation - WiP 2024-02-01 14:24:41 +01:00
Sami Mokaddem ceb423ae76
chg: [permission:analyst-data] Added new permission `perm_analyst_data` 2024-01-31 15:05:49 +01:00
Sami Mokaddem b2f3602265
chg: [analyst-data:ACL] Enforced ACL and reflected the change in the UI 2024-01-30 15:15:26 +01:00
Sami Mokaddem 5664a735e2
chg: [analyst-data:ACL] Added ACL rules and fixed side-menu to support ACL 2024-01-30 09:45:51 +01:00
iglocska 846c130fa3
new: [collections] feature added. Still missing sync integration - WiP 2024-01-28 18:05:29 +01:00
iglocska 1cacb3abcc
new: [sg blueprint] encode as sync rule functionality added 2023-12-20 15:32:51 +01:00
iglocska 5bed463416
chg: [logging] fail silently if logging entry can't be saved 
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
 2023-12-07 15:17:58 +01:00
Christophe Vandeplas 7e2cb89f97
Feature/user login profiles2 (#9379) 
* new: [userloginprofiles] start over with previous code

* fix: [user_login_profiles] fixes catching up the backlog

* chg: [userloginprofile] email to org_admin for suspicious login

* chg: [userloginprofile] only inform new device

* chg: [userloginprofiles] view_login_history instead of view_auth_history

* chg: [userloginprofile] make login history visually better

* chg: [userloginprofile] inform admins of malicious report

* fix: [userloginprofile] cleanup

* fix: [userloginprofile] fixes Attribute include in Console

* fix: [userloginprofile] db schema and changes

* chg: [CI] log emails

* chg: [PyMISP] branch change

* chg: [test] test

* fix: [userloginprofile] unique rows

* fix: [userloginprofile] unique rows

* chg: [cleanup]

* Revert "chg: [PyMISP] branch change"

This reverts commit 3f6fb46fee.

* fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1

* fix: [db] dump schema version

* fix: [CI] newer php versions

* fix: [composer] php version

* fix: [php] revert to normal php7.4 tests

---------

Co-authored-by: iglocska <andras.iklody@gmail.com>
 2023-11-24 13:47:59 +01:00
Jakub Onderka f40b3cb2cb fix: [internal] ACL 2023-11-11 14:56:54 +01:00
Sami Mokaddem 9ffcae7155
fix: [sightings:view] Added missing entry in ACL Component 2023-11-07 15:17:54 +01:00
Sami Mokaddem d04053d4b0
chg: [posts:crud] Prevent readonly users to create posts 2023-09-22 10:17:43 +02:00
Andras Iklody 64ef573bfd
fix: [acl] sighting restsearch should be open to all, fixes #9116 2023-07-13 20:35:22 +02:00
iglocska 8ff6dc2ea1
new: [forgotten password] optional feature added 2023-07-10 15:30:28 +02:00
iglocska 15d5b58769
fix: [acl] added missing entries 2023-06-08 14:23:14 +02:00
iglocska a41a438290
fix: [acl] fixed for taxii servers 2023-06-08 10:50:31 +02:00
Christophe Vandeplas b2bb4f817b fix: [security] Org admins cannot delete site admin accounts see #9121 2023-06-04 07:01:29 +02:00
iglocska 8d596784e3
fix: [privileges] only site admins can remove totp for a user 
- leads to potential privilege check circumvention otherwise (org admin deleting site admin's totp key)
- also, removal should be a nuclear option
 2023-05-31 15:12:54 +02:00
Christophe Vandeplas cb74ad507f chg: [security] OTP support for HOTP 2023-05-25 23:28:14 +02:00
Christophe Vandeplas 856a9e4b4c chg: [security] admins can delete user TOTP 2023-05-20 08:05:48 +02:00
Christophe Vandeplas 61573392ea chg: [security] allow creation of TOTP token 2023-05-19 20:56:52 +02:00
Christophe Vandeplas 6caccac94d new: [security] TOTP authentication 2023-05-19 06:57:16 +02:00
Christophe Vandeplas ce4cee7cbe chg: [authkey] One-click IP as only allowed IP 2023-03-22 13:16:49 +01:00
Anders Einar Hilden ec495da477 [new]: [ApacheSecureAuth] Add endpoint /users/logout401 for logging out from HTTP Basic Auth 
This can be used by i.e. ApacheSecureAuth to make a browser forget cached HTTP Basic Auth credentials, which would otherwise result in a logut->login loop.
 2023-03-10 10:34:05 +01:00
Sami Mokaddem 93bf15d3bd
fix: [security] Prevent unauthorized access to decaying import function 
- as reported by Cyber Controls from SIX Group
 2023-01-18 15:05:46 +01:00
Jakub Onderka 9153234885 new: [UI] Allow to create object from freetext 2022-12-15 10:05:13 -05:00
Jakub Onderka e35c13d0f4 new: [UI] Preparation for creating object from freetext 2022-12-15 10:05:13 -05:00
Jakub Onderka 99473feb2c chg: [ACL] Warninglist::checkValue is available for all 2022-12-15 10:04:45 -05:00
Jakub Onderka e6c174fc58
Merge pull request #8751 from JakubOnderka/disable-discussion 
new: [UI] Add ability to disable discussion
 2022-12-02 10:44:51 +01:00
Jakub Onderka b3fd267105 new: [log] Add ability to log sql queries for access log 2022-12-02 09:39:05 +01:00
Luciano Righetti 1d919354d2
Merge pull request #8794 from righel/highlighted-tags 
new: highlighted tags
 2022-12-01 15:32:25 +01:00
iglocska 8267d80e15
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-12-01 14:09:34 +01:00
iglocska 14ebd7c775
fix: [ACL] added admin_destroy 2022-12-01 14:09:18 +01:00
Christophe Vandeplas bc4b1e6f49 fix: [logs] only allow for perm_audit & promote the perm to all 2022-12-01 10:49:50 +01:00
Christophe Vandeplas b34933a4a5 chg: [logs] user can see own logs 2022-12-01 10:03:22 +01:00
Luciano Righetti 2e7d1d30c1
fix: conflics and update db_schema.json 2022-11-30 16:00:17 +01:00
iglocska f7c16aa9bc
chg: [ACL] added entries for taxii 2022-11-21 14:39:10 +01:00
Jakub Onderka dd1d49cc76 fix: [ACL] Event report permission 2022-11-15 09:55:33 +01:00
Jakub Onderka 0888578063 new: [UI] Add ability to disable discussion 2022-11-14 18:02:36 +01:00
Jakub Onderka f33b6e8231
Merge pull request #8603 from JakubOnderka/code-fixes 
News view
 2022-11-14 10:10:50 +01:00