Cooper Dale
6013adfda9
updated suricata legacy modifiers
...
based on https://suricata.readthedocs.io/en/suricata-6.0.3/rules/tls-keywords.html?highlight=tls_sni#tls-sni
https://suricata.readthedocs.io/en/suricata-6.0.3/rules/http-keywords.html#http-keywords
https://suricata.readthedocs.io/en/suricata-6.0.3/rules/dns-keywords.html
2021-07-21 08:20:21 +02:00
Jakub Onderka
0b54c7955e
Merge pull request #7018 from JakubOnderka/yara-export-fix
...
fix: [export] YARA export
2021-05-05 17:32:44 +02:00
Jakub Onderka
dede7f5f30
chg: [internal] Do not load not necessary event info for attack export
2021-04-23 10:17:14 +02:00
Jakub Onderka
7e34c88607
fix: [export] YARA export
2021-02-16 15:05:54 +01:00
mokaddem
149d10fac5
chg: [export:csv] Added support of decaying model. Fix #6734
2021-01-22 11:23:46 +01:00
Alex Resnick
0c4f196289
JA3 Zeek Intel Rules
2020-12-11 19:27:27 -06:00
Alex Resnick
8519f0c968
#6355 Create JA3 Hash Suricata Rules
2020-12-11 08:07:57 -06:00
mokaddem
db1fb361e8
fix: [csvExport] Prevent override when using `includeContext` parameter
...
Fix #3774
2020-11-25 09:36:49 +01:00
iglocska
71ba725fd1
fix: [text export] cull duplicates after fetching the data
...
- pros: No more full group by exceptions
Handles duplicate culling across internally paginated workloads
- cons: The returned dataset's size will not always match the requested count as duplicates are culled
2020-11-25 08:11:28 +01:00
mokaddem
89f307bd07
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0
2020-11-18 09:22:40 +01:00
Jakub Onderka
791dc9deab
new: [internal] JSON stream convert
2020-11-17 19:28:59 +01:00
mokaddem
8c87998981
chg: [export:textExport] Filter out deplicated values
...
Fix #6603 for attribute scope
2020-11-17 12:09:45 +01:00
mokaddem
eb84b3344f
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0
2020-09-22 12:08:12 +02:00
iglocska
ecd8461d43
chg: [openioc] added email type
2020-09-03 12:05:23 +02:00
iglocska
34d186a2dc
chg: [nids] added email type
2020-09-03 12:05:00 +02:00
iglocska
eaeff3ac59
chg: [bro] added email type
2020-09-03 12:04:41 +02:00
iglocska
f82e10d1fb
new: [API] added count returnformat for the REST api, fixes #6233
...
- simply counts the number of attributes/events found (on each respective scope)
2020-08-31 12:32:28 +02:00
mokaddem
ad81c60986
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0
2020-07-21 08:09:25 +02:00
chrisr3d
824f03f0dc
chg: [opendata export] Support of the search functionality + fixed url parameter used in the delete feature
2020-07-16 23:35:44 +02:00
chrisr3d
af502028c5
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2020-07-15 17:11:42 +02:00
mokaddem
b3dbecb318
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0
2020-07-14 16:25:04 +02:00
chrisr3d
f9e4857422
fix: [opendata export] Adding auth param in the python command only if not empty
2020-07-13 22:26:02 +02:00
chrisr3d
92910dd1f7
chg: [opendata export] Parsing portal url parameter + slight parameters parsing changes
...
- As the possibility of specifying the url of the
Open data portal to use instead of the default
one, we support here this parameter and adapt
the way we build the command that will launch
the python script
- Slight changes to replace some isset tests by
empty tests to make sure the concerned fields
are not only set, but also contain a value
2020-07-13 21:02:25 +02:00
Richard van den Berg
36dafcf8e4
fix: [StixExport] suppress unlink warnings
2020-07-11 20:06:18 +02:00
Richard van den Berg
d0d233dfd0
fix: [stix export] log stack trace on error, support 'AMBER NATO ALLIANCE' TLP tags
2020-07-10 21:12:27 +02:00
chrisr3d
6195f81f3e
fix: [opendata export] Fixed resource deletion query creation to avoid silent syntax errors
2020-07-08 15:57:01 +02:00
mokaddem
5c04b9a8c1
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0
2020-05-28 14:06:30 +02:00
mokaddem
51391f8e57
chg: [galaxyCluster] Added drafty version of restSearch
2020-05-26 11:17:58 +02:00
chrisr3d
efadd73a58
fix: [opendata export] Using external_baseurl if set, before baseurl
...
- If external_baseurl is not set, baseurl is used
2020-05-15 14:22:14 +02:00
chrisr3d
f44b22f8d5
fix: [opendata export] Internalization of the error messages
2020-05-15 14:12:59 +02:00
chrisr3d
932e51d4d7
fix: [opendata export] Less confusing variable name for the parameter to only skip exporting the data and keep only the header
2020-05-15 14:08:34 +02:00
chrisr3d
18d6e38b4f
chg: [restSearch] Option to skip fetching attributes/events when only the metadata is wanted
...
- As for the opendata export we do not need to get
the attributes or event, and are only interested
in using the metadata, a parameter to skip
fetching the actual data collection has been
added, and we avoid iterating through the entire
data collection.
2020-05-11 12:54:11 +02:00
chrisr3d
b8f47718cc
fix: [opendata export] No longer using the returnFormat field as the dataset resource format
...
- The resource format can be defined with a
'format' field within the resource field in the
setup filter
2020-05-08 14:53:41 +02:00
chrisr3d
8265a95d4c
chg: [opendata export] Checking opendata setup and raising exception in case of error
2020-05-08 14:35:35 +02:00
chrisr3d
fc8ef9aefa
add: [opendata export] Support of the deleting abilities
...
- Deleting a dataset or its resource(s) is now
available from the restSearch side as it already
is with the python script
2020-05-07 21:17:15 +02:00
chrisr3d
b3a94a18f5
add: [restSearch] OpenData export module
2020-05-06 18:15:30 +02:00
iglocska
37c5684e79
fix: [export] JSON export used the wrong handler for /objects/restSearch
2020-05-06 09:29:52 +02:00
Cooper Dale
601a0ed4f2
bugfix in Suricata export template
...
PR for reported bug https://github.com/MISP/MISP/issues/5766 based on suggestion @stacsirt, tested on my instance and it is working great
2020-04-27 09:49:09 +02:00
chrisr3d
8f90f79255
fix: [stix2 export] Avoiding the "end" function to return a notice
...
- It looks like depending on the Php version, the
end function does not like to have the reference
of an array. By delaying its call, we pass the
actual array and the notice no longer appears
2020-04-06 15:14:23 +02:00
Andras Iklody
ca85806312
Merge pull request #5672 from patriziotufarolo/2.4
...
Fixes STIX2 export failing with "ANTLR runtime and generated code versions disagree: 4.8!=4.7.1"
2020-04-06 05:18:22 +02:00
iglocska
c8a111447c
fix: [suricata] fixed an invalid validation of https hostnames that blocked the attributes from being included in the exports
2020-03-19 09:16:10 +01:00
iglocska
95eb2af765
fix: [API] Json converter fixed
2020-03-01 22:33:49 +01:00
iglocska
4bfcc3211b
new: [API] object level restSearch added
...
still WiP
2020-02-29 08:57:32 +01:00
Patrizio Tufarolo
44fef2903c
Ensure we only have the last line from the shell command when exporting STIX2
...
Same as e3b1e8c74a
but for exporting STIX2
2020-02-27 12:59:12 +01:00
chrisr3d
88ea4523b8
fix: [stix 1&2 export] Checking is an error message is returned
2020-01-20 11:43:46 +01:00
iglocska
1c5afa49ed
new: [refactor] Massive internal refactor and cleanup of deprecated APIs
...
- new centralised restSearch function in AppController as entry point via all controllers
- new component handling restSearch related support functions, such as parameter mapping
- hollowed out all deprecated export functions on the event/attribute controller
- replaced with a new functionality that remaps them to restSearch
- all functionality should be maintained with all additional advantages introduced with restsearch
- additional cleanup (some unused functions removed)
2019-11-29 10:11:30 +01:00
chrisr3d
b140d6be09
add: [restSearch] Support of stix1 json export
2019-10-15 09:54:48 +02:00
garanews
85c28ce36e
Fix some typo
...
Fix some typo
2019-10-04 13:02:59 +02:00
chrisr3d
f60e66fa00
fix: [stix 1/2 export] Catching potential exceptions and returning it as result in restSearch
2019-10-03 10:39:34 +02:00
chrisr3d
d0b99bebda
Merge branch '2.4' of https://github.com/MISP/MISP into 2.4
2019-09-26 16:54:09 +02:00