- attributes in the event view now show the date when they were added / modified
- the alert e-mail now shows which attributes are new since the last commit
- Statistics page has gotten a lot of extra information
- Removed some old junk files
- Made the size of the graph in the memberslist larger to fit all the new attribute types
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
- added scheduler to the export caching
- site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
- started work on scheduling
- view to add scheduled tasks (still needs work)
- moved cache job bulk-code to the job model from the controller
- bootstrap timepicker
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
- fixed an issue where a blacklisted value added through uloadattachments would break the import
- fixed the distribution level of attributes created by the GFI import always being your org only
- removed registry attributes that do not contain a malware sample or a dropped file in the value
- fixed a set of regular expressions dealing with the sanitisation of user names that would fail on user names consisting of more than one word
- added a few regular expressions
Updated this along with whitelist.php to allow for simple entry of names in the whitelist, this file will allow proper application of those blocked names to exported NIDS sigs.
- Contextual comments for proposals
- shows proposal count in the top bar
- new view showing all of the events of the user's organisation with an active proposal
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap
Conflicts:
app/Controller/AppController.php
app/Controller/EventsController.php
- Event.risk has been replaced by Event.threat_level_id.
all functionality remains the same and users should not see
any difference.
ENUM() used for Event.risk is vendor specific and requires
too many hacks to play nicely with bake.
- Added default schema file, SQL dumps should be avoided since
they make updating/upgrading a pain.
- Removed old unused schemas
- adds JSON example to shell scripts
- adds sample JSON event
- ??? for some redundant Attribute model conditions
- updates travis with CakePHP installation
Some small travins changes too.
FYI there's an automated travis build available at
https://travis-ci.org/MISP/MISP
We don't have unit testing and travis setup is subpar so everything will fail
for now.
- Also some improvements to the shadow attributes
- some minor UI changes
Conflicts:
app/Controller/EventsController.php
app/View/Elements/global_menu.ctp
app/View/Layouts/default.ctp
- reworked almost all of the side menues to be centralised
- Some fixes for the IOC export not handling two new-ish types correctly
- Some changes to the menues (including a few options that didn't exist before)
- rework of the popovers in some forms
- ADMIN org removed.
- Siteadmins are now identified by the perm_site_admin flag
- Siteadmins can now be of any organisation
- editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role
- Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin
- If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created)
- Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin.
- __fetchEvent used, which checked the currently logged in user
- instead now, __fetchEvent has a new optional parameter that automation methods can use to pass the org along that was read from the provided auth key
- users can now download attachments using the APIkey
- security issue fixed where a user could download attachments that he/she can't even see by navigating to attributes/download/<attribute_id>
- users can search RESTfully for attributes based on various filtering mechanisms and get either an event that includes the located attribute(s) or just an array of attributes returned.
- users can also request all attributes of a (or several) types and get them returned as an XML
- requires the auth key of a user and the user has to have auth key permission
- user can specify what should be returned (event / attribute) - currently only event is implemented
- user can specify 4 filters (value, type, category, org)
- all these fields can have several values separated by &&
- Values can be negated by putting "!" infront of them
- now uses the unified __fetchEvent method to retrieve the events
- __fetchEvent has a new optional parameter "idList" which restricts the results to an array of event IDs.
- The height calculation did not take into account gaps between child elements caused by them having several children. This caused a newly added sibling's children to overlap. Fixed by compensating for the vertical displacement between children when returning the height data.
- When looking at an event, a user should not be able to delete the pivot path that he/she took to get to that particular event.
- Deleting the root pivot item is an exception, this will simply reset the pivoting.
- conversion of the array in the XML export to be compatible with the XML parser (some invalid characters could break it)
- New separate CSV export that includes all visible unpublished and non IDS signature attributes on request
- we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user
- IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql)
- This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition
- The default value for locked is 0, and all events created on the instance should be set to this value
- events that were synced from another instance should have their locked value set to 1
- this script checks for local organisations and sets the locked field to 1 for all events not created by them
- a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user.
- The script is only accessible by site admins and will return a notification about the number of events altered.
- PGP key of the user shown in the profile instead of always showing N/A
- Contact e-mails now include the instance's owning org in the subject
- Users can now enable/disable contact e-mail subscriptions
- Quickpost without reloading the page with AJAX
- for page changes / adding posts show an animated spinner
- spinner div / styles available from every page (the div is located in the default layout and is hidden unless manually shown)
- Users can now see the path they took while jumping from related event to related event
- Removed the breadcrumbs
- Some UI changes (user menues were not showing the active page, etc)
- Resetting the auth key for a user that doesn't exist created an empty
user
- change_pw showed an admin menu on the side
- rerouting after an incorrect auth request fixed (users/index doesn't
exist)
- temporarily disabled the redirect after login
- GFI import issue fixed with attribute ID 1 not existing causing the
import to fail for several attributes
- GFI import change: registry keys with binary value are now artifacts
dropped instead of persistance mechanism
- GFI import change: files with size of 0 will be omitted
- file attachment download change: moved away from the deprecated media
view in favour of cakeresponse->file()
- Regular expressions are now only checked for attributes
- Regular expressions are now defined and checked on a type by type
basis, with the setting "ALL" affecting all attributes
- creation / deletion of several attributes in one edit to accommodate
for several checked type options
- perform on all admin option now only saves attributes that actually
get changed by the regexp, making the function usable again for larger
databases
- Some feedback on what got changed during a perform on all
- UI changes in the index / regexp add / edit views to reflect the type
sensitivity changes
- Since regexp can be used to blacklist things, there's no need to have
two separate features that accomplish the same thing
- Add a regexp named /1.1.1.1/ with nothing as replacement and it will
behave the same as adding a blacklist for 1.1.1.1 in the old system.
- until now checkAction was used to check permissions of a user
- but since all of the role permissions are checked beforefilter in
appcontroller and saved into a public array, doing a lookup of the
array saves an SQL call for each permission check.
- added the button for the CSV download
- fixed a bug with the csv search result downloader blocking non IOC
results even if the search terms did not specify IOCs only.
- CSV export for individual events, all events, search results
- Whitelists are now preg_matches instead of simple string matches
- whitelist checks are to be applied on almost all exports
(implementation in progress)
- the exception will be the search result exports, if the (to be
implemented) to_ids only checkbox isn't checked
- Use ! to exclude terms in the value/id/org fields
- org search works the same way as value / id now, you can enter several
terms separated by a newline. Also, adding ! infront of a term will
exclude the organisation from the results
- sub string search for organisations
- Affects org and info field
- terms have to be saparated by pipe (|)
- terms can be terms that will be OR-d or excluded terms that will be
AND-ed
- to exclude a term use !
- A valid filter search for info would be: 'term1|term2|!term3'
-> this would result in all events with the info field containing term1
or term2 but not term3
- siteadmins can now search the creator org instead of the owner org
(like normal users would)
- Changed the org search to be a partial match instead of an exact match
- email of the user creating an event shown if current user's org ==
event's orgc
- on export, the check for to_ids will happen outside of the if branch
that sets extra restrictions of non site admins. Otherwise site-admins
would accidentally include attributes that aren't iocs.
- New field for events, locking an event from sending out a contact
e-mail when a proposal is made to it
- Default setting for the new field is 0, if a shadow attribute is
added an e-mail is sent to all subscribing members of the orgc and the
new field is set to 1
- Accepting a change resets the field to 0
- uses the logs to generate a list of actions affecting the selected
event and all of its attributes
- view is very minimalistic, not to show anything restricted
- Fix to the proposed attribute edit that got broken in a previous
commit
- Fix to the org filters for non admin users
- Some changes to the documentation
- _publish doesn't attempt to upload events that have a distribution of
0 or 1 (private and community) but instead just set to published and
return true
- timestamp now correctly compared, events that have an older timestamp
will be discarded, same with attributes
- right now the response is the same as a successful edit though, should
be handled more gracefully
- pull is not yet tested
- attachments and shadow attributes not yet implemented
- backflow is nicely blocked by the timestamp as intended
- needs cleanup (from, dist_change)
- Event correctly changes timestamp when attribute edited in the UI
- Attribute correctly changes timestamp when edited in the UI
- Still very much work in progress, several parts are not supposed to
work yet
- timestamp field added to events and attributes (int length 11 called
timestamp, default value 0)
- timestamps created on add / edit when apprioriate
- during an add, if an event/attribute is not being pushed through a
sync with an existing timestamp, create a timestamp
- on edit, check whether the timestamp is newer than the old one and
only add the attribute or event then
- there was a bug that pushed the data entered into the "published"
filter field to the date fields -> fixed
- Also a bug in the serverscontroller, pulling threw an undefined
warning from the log controller because a single saveField was used and
the logController couldn't save the url data for the action
- visual changes
- date from/until fields
- published field
- a reset form button
- the org of an event added by a sync user will be that of the host
instance's own organisation identifier