- added the ability to select an orgc ID for CSV/freetext feeds
- all events created from this feed will carry the selected orgc_id
- Refactored the index fully
- using the factories
- better warnings against the dangerous new feed each pull setting
- event index search added
- several settings cleaned up / made more clear
- auto reload of default feed configuration disabled, fixes#2542, fixes#5789
- added a button / endpoint to handle that instead to allow for the deleted default feeds to stay deleted
- By adding local feeds, a malicious administrator could point MISP to ingest configuration files that the apache user has access to
- This includes some more sensitive files (database.php / config.php / .gnupg data)
- Whilst this is currently not leading to an exploitable vulnerability as the current implementation wouldn't trigger on the values,
having a setting to disable this will become much more interesting once we have a system in place for custom feed parsers
- The setting can only be enabled/disabled via the CLI
- As reported by Matthias Weckbecker
- various UI issues prevented the freetext/csv feed related fields from being hidden when adding a new MISP feed
- issue that potentially prevented new feeds from being saved if no target event is set (cannot reproduce)
- Added the CSV feed format
- users can specify which fields in the CSV should be parsed
- comment lines are automatically omitted
- new settings system added to feeds, currently only used for the value fields
- Slight rework of the correlation lookup for the feeds
- got the Speed Force treatment
- correctly checks against value1 and value2 instead of value
- Various freetext import fixes
- allow users to override the IDS flags and keep all attributes pulled from a freetext feed IDS = off
- UI changes
- fix to a bug that caused already deleted attributes to be counted as existing ones
- set the distribution and sharing group of a feed
- will set all events received to the appropriate setting
- set a tag that should be applied by default to the events received from the feed
iglocska
Steve Clement