- xml export now correctly exports all attachments if specified as parameter
- print view fixes
- disclaimer for old IE versions (< 10) and compatibility mode users when viewing the statistics (The heatmap calendar requires 10+)
- the event changes that a proposal creation creates are also logged (such as disarming the proposal email lock) -> this should not be shown in this log view.
- check lead to the user incorrectly being passed on after authentication, not returning any private data of their own organisation.
- Also, publishing an event with the background jobs enabled now correctly shows that the job was added to the queue instead of telling the user that the event has been published.
- during the event id pull, the local server already checks the timestamps, removing the ids of events that are not newer than the local version
- this results in only the event metadata being pulled for all events, and the attributes of only those events that need to be updated are pulled resulting in much quicker pulls
- Fixed an issue with proposals that got pulled not finding the attribute that they are proposals to (for proposals that belong to an attribute)
- tags can now be set correctly for all events
- some UI changes to the tags
- moved the deletion of all event_tags when a tag gets deleted to beforefilter
- A colon in the tag search tag will render the tag search invalid. Since colons are commonly used in tag names, this poses an issue - users should use a semi-colon instead, which gets automatically converted to a colon.
- Threatconnect import now allows any valid threatconnect csv file to be imported as long as type, value, confidence, description and source are included
- Viewing an event without a discussion thread creates an empty thread in preparation of future posts - these empty threads should not count as active threads though.
- regexp structural changes added to the upgrade script (type)
- Added publish / alert to the background jobs
- fixed a misalignment with the statistics
- only events that could be seen were checked when calculating whether the user's org needs to recache the exports. This meant that the information was incorrect if another org has a visible event that was newer.
- MYSQL.sql updated
- upgrade_2.2.sql updated
- List of active proposals for you and your organisation now shows the org logos of the contributing organisations
- contributors shown on the event view (list of the organisation logos of users that have contributed through proposals)
- these link to the event history containing only entries from their organisation
- changes to the activity heatmap
- heatmap now dynamically changes the range on the graph based on the obtained values
- performance improved
- buttons to move back or forward in time on the calendar
- Attributes:
- warning for the user if he/she has selected the attribute category "targeting-data" or "attribution" as these could contain classified information
- UI improvements across most attribute and shadowattribute input views
- Updated cal-heatmap to the newest version
- xml version now included in the xml exports
- MISP will now check the xml version on all imports related to sync / add MISP XML and try to update the incoming info if it detects an older version
- exports now take tag names as a parameter (affected exports: XML, text, HIDS, NIDS)
- eventtags now correctly get removed when an event is deleted
- Scheduled tasks for pull / push now working as intended
- Rescheduling of all tasks fixed
- protection against the rescheduled task ending up in the past
- further event history fixes
- fixed lots of erroneous logging
- performance improvement with logging (no longer loading controllers for no reason)
- logging extra actions that weren't logged before (proposal accept / discard, server pull / push)
- View Event history now shows the logo of the org whose action triggered the log entry
- View Event History now shows different fields than before
- Proposals now logged
- Accepting / Discarding a proposal now doesn't create junk edit / delete entries as before.
- Creators of an event can now see all of the log entries altering an event in the event history log. This includes deleted events.
- new special role for tagging
- can create tags with a name + colour combination (using a colour picker plugin)
- users can assign tags to events
- can filter events by tags on the index
- upgrade script that populates threat level from the old risk field for every event that doesn't have a threat level set.
- threat levels in an event (from a sync for example) that are unknown to the local instance now show the numeric value of the threat level
- cleaned up the methods, they all now return results without debug mode enabled
- Added a verification method for all user GPG keys (as an expired key for example would send out empty messages)
- authorization key should be sent through headers.
- passing it in the url is deprecated
- updated automation page to reflect the changes
- csv export now has headers
- you can now upload a certificate file and allow a server link to use a provided self signed certificate. This should solve the issues that some organisations are having when trying to connect their instances
- fix to the creator of a proposal being able to also accept it
- new attributes are now shown in the e-mail denoted by a * when an event is republished
- the date of an attribute's creation is shown
- fixed the datefilter to be inclusive of the border values. Entering all events from the 13th of january should include events that were created on that day, not just the 14th and newer.
- attributes in the event view now show the date when they were added / modified
- the alert e-mail now shows which attributes are new since the last commit
- Statistics page has gotten a lot of extra information
- Removed some old junk files
- Made the size of the graph in the memberslist larger to fit all the new attribute types
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
- added scheduler to the export caching
- site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
- started work on scheduling
- view to add scheduled tasks (still needs work)
- moved cache job bulk-code to the job model from the controller
- bootstrap timepicker
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
- fixed an issue where a blacklisted value added through uloadattachments would break the import
- fixed the distribution level of attributes created by the GFI import always being your org only
- removed registry attributes that do not contain a malware sample or a dropped file in the value
- fixed a set of regular expressions dealing with the sanitisation of user names that would fail on user names consisting of more than one word
- added a few regular expressions
Updated this along with whitelist.php to allow for simple entry of names in the whitelist, this file will allow proper application of those blocked names to exported NIDS sigs.
- Contextual comments for proposals
- shows proposal count in the top bar
- new view showing all of the events of the user's organisation with an active proposal
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap
Conflicts:
app/Controller/AppController.php
app/Controller/EventsController.php
- Event.risk has been replaced by Event.threat_level_id.
all functionality remains the same and users should not see
any difference.
ENUM() used for Event.risk is vendor specific and requires
too many hacks to play nicely with bake.
- Added default schema file, SQL dumps should be avoided since
they make updating/upgrading a pain.
- Removed old unused schemas
- adds JSON example to shell scripts
- adds sample JSON event
- ??? for some redundant Attribute model conditions
- updates travis with CakePHP installation
Some small travins changes too.
FYI there's an automated travis build available at
https://travis-ci.org/MISP/MISP
We don't have unit testing and travis setup is subpar so everything will fail
for now.
- Also some improvements to the shadow attributes
- some minor UI changes
Conflicts:
app/Controller/EventsController.php
app/View/Elements/global_menu.ctp
app/View/Layouts/default.ctp
- reworked almost all of the side menues to be centralised
- Some fixes for the IOC export not handling two new-ish types correctly
- Some changes to the menues (including a few options that didn't exist before)
- rework of the popovers in some forms
- ADMIN org removed.
- Siteadmins are now identified by the perm_site_admin flag
- Siteadmins can now be of any organisation
- editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role
- Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin
- If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created)
- Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
- __fetchEvent used, which checked the currently logged in user
- instead now, __fetchEvent has a new optional parameter that automation methods can use to pass the org along that was read from the provided auth key
- users can now download attachments using the APIkey
- security issue fixed where a user could download attachments that he/she can't even see by navigating to attributes/download/<attribute_id>
- users can search RESTfully for attributes based on various filtering mechanisms and get either an event that includes the located attribute(s) or just an array of attributes returned.
- users can also request all attributes of a (or several) types and get them returned as an XML
- requires the auth key of a user and the user has to have auth key permission
- user can specify what should be returned (event / attribute) - currently only event is implemented
- user can specify 4 filters (value, type, category, org)
- all these fields can have several values separated by &&
- Values can be negated by putting "!" infront of them
- now uses the unified __fetchEvent method to retrieve the events
- __fetchEvent has a new optional parameter "idList" which restricts the results to an array of event IDs.
- The height calculation did not take into account gaps between child elements caused by them having several children. This caused a newly added sibling's children to overlap. Fixed by compensating for the vertical displacement between children when returning the height data.
- When looking at an event, a user should not be able to delete the pivot path that he/she took to get to that particular event.
- Deleting the root pivot item is an exception, this will simply reset the pivoting.
- conversion of the array in the XML export to be compatible with the XML parser (some invalid characters could break it)
- New separate CSV export that includes all visible unpublished and non IDS signature attributes on request
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user
- IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql)
- This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition
- The default value for locked is 0, and all events created on the instance should be set to this value
- events that were synced from another instance should have their locked value set to 1
- this script checks for local organisations and sets the locked field to 1 for all events not created by them
- a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user.
- The script is only accessible by site admins and will return a notification about the number of events altered.
- PGP key of the user shown in the profile instead of always showing N/A
- Contact e-mails now include the instance's owning org in the subject
- Users can now enable/disable contact e-mail subscriptions
- Quickpost without reloading the page with AJAX
- for page changes / adding posts show an animated spinner
- spinner div / styles available from every page (the div is located in the default layout and is hidden unless manually shown)
- Users can now see the path they took while jumping from related event to related event
- Removed the breadcrumbs
- Some UI changes (user menues were not showing the active page, etc)
- Resetting the auth key for a user that doesn't exist created an empty
user
- change_pw showed an admin menu on the side
- rerouting after an incorrect auth request fixed (users/index doesn't
exist)
- temporarily disabled the redirect after login