MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
14,607 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

534 Commits (d48a013f3a06c740a03ac16cdd4e256f2f0763c7)

Author SHA1 Message Date
iglocska 5f1edc9bad Merge branch 'feature/api_rework2' into 2.4 2018-08-31 13:37:41 +02:00
iglocska a75fa11457 Merge branch 'feature/api_rework2' into 2.4 2018-08-31 13:35:21 +02:00
iglocska ac86f89c6e new: [API] Added the libraries for the JSON, XML and Text exports 2018-08-31 13:23:07 +02:00
iglocska 590f0ac1ea chg: [cleanup] removed leftover converter 2018-08-31 13:18:36 +02:00
iglocska f3558fb18a Merge branch 'feature/api_rework' into 2.4 2018-08-31 12:58:44 +02:00
iglocska a000d86f85 new: [API] Made the NIDS export compatible with the new API 2018-08-30 21:56:00 +02:00
iglocska 7ad08d9553 new: [API] Added the new XML converter 2018-08-30 21:54:47 +02:00
iglocska 80dc30c7bc new: [api] Added new open IOC export system 2018-08-27 23:55:07 +02:00
iglocska 7b233de4cd new: [api] first revision of the attribute export 2018-08-27 23:52:39 +02:00
Daniel Roethlisberger b19e405b32 Fix broken timestamps by using 24 hour clock and ISO 8601 date format 
The event view shows a wrong "Last change", e.g. "2018/08/23 06:01:45"
for "2018/08/23 18:01:45".  The same problem affects the timestamp in
the XML generated by IOCExportTool.php.  Fix by correcting the PHP
date() code "h" to "H".

While here, also switch to a clearer ISO 8601 date representation for
"Last change", using dashes instead of slashes for separation of year,
month and day.
 2018-08-23 18:39:01 +02:00
iglocska f675fb8b29 Merge branch '2.4' into feature/api_rework 2018-08-17 14:49:09 +02:00
Hannah Ward c883a7b6d6
new: Add upload/download for attachments 2018-08-15 14:07:44 +01:00
Hannah Ward 597802501f
new: Add S3 client class 2018-08-15 11:14:03 +01:00
iglocska 006a922e9f chg: [API] further work on the new CSV export 2018-08-14 23:38:01 +02:00
iglocska 1d5ff2f146 fix: [API] Class name fixed 2018-08-13 21:49:47 +02:00
iglocska ffa1a77391 new: [API] CSV export tool added 2018-08-12 23:49:01 +02:00
iglocska 32f79d2eab fix: [cleanup] Fixed an assignment in a comparison 2018-08-05 19:22:07 +02:00
iglocska a81894f14c chg: [CS] Changed to PSR-2 
- to make contributions easier, adopted PSR-2
- used php-cs-fixer to rework the style
- *sniff sniff* Goodbye tab indentation
 2018-07-19 11:48:22 +02:00
Andras Iklody f0964c11f6
Merge pull request #3479 from FloatingGhost/feature-send-logs-to-elasticsearch 
Feature: send logs to elasticsearch
 2018-07-12 12:09:53 +02:00
iglocska 53f974895e fix: [zmq] Fixed execution of the ZMQ start/stop commands still being python 2 2018-07-12 08:01:41 +02:00
iglocska 90a8e9110b fix: [freetext] parser was detecting any number as a phone number, fixes #3469 
- new requirement: must start with + or contain a -
 2018-07-11 15:02:30 +02:00
Hannah Ward a62b23088e
fix: Use spaces entirely 2018-07-10 17:06:56 +01:00
Hannah Ward 09aacabe26
fix: Indentation on ES client 2018-07-10 17:05:42 +01:00
Hannah Ward a70f8e45d8
new: Add ability to log to elasticsearch 2018-07-10 17:01:57 +01:00
iglocska 898aef2e10 new: [data model] Added support for monero - new type xmr 
- soft validation
- secondary validation with warnings for malformed addresses
- supporting epic facial hair styles
 2018-07-04 10:22:58 +02:00
iglocska 59b17b5af6 new: [sync] Added flag to avoid using the proxy 
- in some cases you have internal sync between instances in which case going through the proxy is silly
 2018-07-02 16:56:50 +02:00
Sami Mokaddem e3988c73ad new: [attackMatrix] Also consider attack galaxy at event level in the 
heatmap
fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendTool
 2018-06-18 14:51:29 +00:00
Sami Mokaddem 8d145086f0 new: [attackMatrix] statistic about attack tags used in the instance 
chg: [attackMatrix] moved functions in to model and matrix view into elements
 2018-06-18 09:58:20 +00:00
iglocska 6bf2dd91ab fix: cakephp version bumped to latest 2.x 
- also gets rid of the stupid mcrypt requirement that breaks compatibility with newer ubuntu versions
 2018-05-08 17:48:51 +02:00
iglocska ea389ef3ce fix: Edge case with empty objects caused *barf* 2018-05-08 15:02:22 +02:00
Sami Mokaddem f1cefb3503 fix: [DistributionGraph] include metadata for all distribution level 
When fetching distribution graph data, returns information about all
distribution level (even not concerned).
 2018-05-08 07:19:51 +00:00
Sami Mokaddem 9c5b05a679 fix: Directly take the sharing group name from the event 
Do not fetch the sharing group name as it is already included in the
event.
+ fixed a css glitch
 2018-05-04 12:40:35 +00:00
Sami Mokaddem d6f02fe1b6 fix: [DistributionGraph] incorrect number in the sg progressbar tooltip 
Set the correct number of involved sharing instead of the sum of sharing
group in the sg progressbar tooltip
 2018-05-04 12:00:55 +00:00
Sami Mokaddem 37f0281d59 fix: [DistributionGraph] sharing group search and uniqueness of results 
fix a bug where filtering per sharing group was not inlcuding inherit
attributes.
Enforce uniqueness of involved entities.
 2018-05-04 09:33:14 +00:00
Sami Mokaddem 507cd0ee85 chg: Trying not to break the MVC pattern 
Server model is not passed to the constructor anymore, as well as the
Organisation model.
 2018-05-04 06:27:54 +00:00
Sami Mokaddem 6d476814b0 Merge remote-tracking branch 'upstream/2.4' into distributionGraphDonut 2018-05-03 13:52:40 +00:00
Sami Mokaddem 3db21f0396 chg: [distributionGraph] support of the sharing group event distribution 
chg: [distributionGraph] code cleanup
 2018-05-03 12:55:00 +00:00
Sami Mokaddem 73e432f16d chg: sanitization of data for distribution graph 2018-05-03 08:42:53 +00:00
Sami Mokaddem 668488b8c9 chg: add additional distribution info about to whom we are sharing even 
if we don't have element on this distribution level
 2018-05-03 08:27:34 +00:00
Sami Mokaddem f4e4c7b335 chg: moved sharing group outside of the distribution progressbar (as it is a special case), distribution range is displayed when clicking on the pb labels and lots of minor improvements. 2018-05-02 13:37:48 +00:00
iglocska 8cc1d86068 fix: Allow filename as an alternative for parsed domains/hostnames 2018-04-25 15:41:58 +02:00
Sami Mokaddem 7a94612161 new: Possibility to view connected communities and concerned sharing groups in distribution graph's tooltip 2018-04-25 09:48:03 +00:00
Sami Mokaddem 0c593728de removed useless codes 2018-04-24 10:13:28 +00:00
Sami Mokaddem f9414871b8 Initial version of the distribution graph 2018-04-23 12:51:15 +00:00
Andras Iklody 607d203c04
Merge pull request #3170 from mokaddem/ref_graph 
Extended event support and tag filtergin in the event graph
 2018-04-20 13:40:48 +02:00
Sami Mokaddem 7ee1717628 Added confirmation box to draw the network based on a threshold 2018-04-20 11:20:52 +00:00
Sami Mokaddem 677f466c4e perf: unset filtered data instead of adding them to a new array (thus, 
reducing memory consumption by a factor of 2)
 2018-04-20 09:10:51 +00:00
Sami Mokaddem ee1e39360e Being consistent with indentation + removed useless comment. 2018-04-20 08:46:11 +00:00
Sami Mokaddem 2ca3515f10 Feature: Possibility to filter on tags 2018-04-20 08:35:38 +00:00
iglocska 8c2dd6d00a fix: Fix to the invalid refanging (Third time's the charm) 2018-04-18 11:25:58 +02:00
iglocska 5b62965e98 fix: fixed invalid refanging 2018-04-18 11:23:57 +02:00
iglocska d04f263c95 chg: Added [:] to the refanging options 2018-04-18 09:50:04 +02:00
Sami Mokaddem 303ff41ea1 feature: Better support of extended event in event graph - Added a 
colored region for each event extending the current event scope
 2018-04-17 15:23:28 +00:00
Sami Mokaddem f4ae1d4740 fix: bug when plotting event without attribute or object 2018-04-16 13:39:43 +00:00
Sami Mokaddem 368aa2f128 feature: Added support of extended event in event graph 2018-04-16 12:02:43 +00:00
Sami Mokaddem cd0c00384e Replaced scope rotation key typeahead by selector + removed trailling 
spaces
 2018-04-16 09:17:19 +00:00
Sami Mokaddem e2f4aade02 Added filtering based on authorized JSON key + JSON key is displayed in the header scope badge 2018-04-09 12:07:53 +00:00
Sami Mokaddem 09127a24c5 Support of graph per JSON key (using typeahead) 2018-04-09 11:39:45 +00:00
Sami Mokaddem 6ee5419297 feature: Draft of generic graphing from any key 2018-04-09 09:12:26 +00:00
Sami Mokaddem f3b2741843 feature: Support of Tags in the event graph 2018-04-06 14:44:40 +00:00
Sami Mokaddem 921224ed40 Merge branch 'quick-fix-metacategory-graph' into ref_graph 2018-04-06 07:50:27 +00:00
Sami Mokaddem fc168c5a35 Draft of filtering per attribute value 2018-04-05 14:21:40 +00:00
Sami Mokaddem 0ecccee108 Moved reference logique server-side + First draft of filtering capabilities 2018-04-05 10:31:26 +00:00
Sami Mokaddem 3933baf9c9 Compute graph serverside 2018-04-04 13:12:16 +00:00
iglocska 9485dfe5e2 chg: Refactor of the complex type tool 
- makes it more readable
 2018-04-03 22:25:52 +02:00
Sami Mokaddem 5e83caf8fb Added retreiving of object templates in order to let the user choose the field we want to see in the event graph 2018-03-29 16:05:19 +00:00
Sami Mokaddem 6a0abcce22 Renamed script again 2018-03-22 16:56:43 +00:00
Sami Mokaddem c78fca0ede Added possibility to edit references on the fly + edit objects on their dedicated webpage 2018-03-22 15:53:53 +00:00
root a3a6a77611 Initial references graphs commit 2018-03-19 08:44:25 +00:00
iglocska c6fe2db137 fix: Added sightings to object attributes in the JSON output, fixes #3007 2018-03-07 13:03:01 +01:00
Andras Iklody 353611e708
Merge pull request #2997 from 0xmilkmix/validate_suricata_rules 
Validate suricata rules
 2018-03-03 23:12:54 +01:00
milkmix 05eac2bfe5 removed tests from class 2018-03-02 19:09:55 +01:00
milkmix ff103277ad finished http validation function using sticky and modifiers 2018-03-02 19:08:59 +01:00
Émilio Gonzalez bb8d4fa634 Fixed a bug regarding filename|ssdeep attributes importing using FreeTextImport. See Issue #2971 2018-02-28 18:34:46 -05:00
iglocska 9fd8a1c14f chg: Use <> as delimiters for the freetext import too, fixes #2978 2018-02-27 18:21:08 +01:00
iglocska 501b933a56 fix: Don't try to refang filepaths, fixes #2926 2018-02-25 23:24:54 +01:00
iglocska 10bd1f69c4 new: Allow requesting of misp standard format for the export modules 
- just set the `require_standard_format` to true in the moduleinfo disctionary
 2018-02-21 11:42:30 +01:00
iglocska 6a29d06566 new: Tie tags into PubSub channel 
- Reset the catastrophic @ilmoka enrage timer for another 5 days
 2018-01-26 19:27:27 +01:00
iglocska 9858d63712 fix: Suricata export URL encodes an IPv6 between [], fixes #2872 2018-01-24 00:27:12 +01:00
milkmix f6d4839123 wrote dns validation func, checking modifier after dns_query keyword 2018-01-19 18:45:18 +01:00
milkmix b25bfac4ab added options extraction function 2018-01-19 18:31:30 +01:00
iglocska 57197f092b fix: Add alternative x509 fingerprint hashes to the freetext import tool, fixes #2821 2018-01-17 10:16:33 +01:00
iglocska 58c97d8263 chg: Tuned the freetext import tool, fixes #2822 
- refang e-mail addresses
- add [@] refanging
 2018-01-16 15:01:21 +01:00
milkmix 940916d034 added validation function for global syntax 2018-01-12 18:22:58 +01:00
milkmix ddf5f82f4c initial regexp to match rule pattern 2018-01-12 17:37:36 +01:00
iglocska 811ea4a6d8 fix: Removed the https url rule for now 2018-01-12 15:17:43 +01:00
iglocska cdffeafbf7 fix: Broken Suricata rules due to removed https branch 
- possible fix, mimicing contents of https://[ip]
 2018-01-12 14:59:17 +01:00
Andras Iklody 9d6c20709e
chg: Add hybrid analysis to the freetext import tool, fixes #2797 2018-01-09 22:43:12 +01:00
dewiestr 90bdb37174
Update NidsSuricataExport.php 
Removed the ':' from the suricata msg as it removes the message after it in squert.
 2018-01-07 12:11:51 +04:00
iglocska 3a45410e10 fix: Naive fix for an issue with tab separated feeds being broken by the switch to str_getcsv 2017-12-29 10:40:03 +01:00
iglocska 0df15f03e1 fix: Fixed the invalid default TLDs if no warninglist is loaded 2017-12-08 12:28:28 +01:00
iglocska 4f6dba5f35 new: various improvements 
- use the feed uuid caches to link directly to affected MISP events
- various UI improvements
- Feed preview pagination / POSTed event ID filters added
 2017-12-05 00:05:11 +01:00
iglocska 67f0acb6c6 fix: Made CSV parser for freetext import tool / feed ingestion compatible with escaped CSVs 
- "" now handled correctly
 2017-11-30 16:52:22 +01:00
iglocska 6135468c41 new: Added full audit logging to ZMQ and Syslog, fixes #2635 
- syslog now includes all audit log entries and it's separated into proper severity levels
- ZMQ logging and syslog logging are both optional features
 2017-11-24 12:01:53 +01:00
Thomas Gardner 93160d69c1 added target-email to FreeText Import types 2017-11-22 11:07:42 -07:00
Milan Pikula 22fbe12762 fix: don't verify peer name on self signed certs; don't verify self signed peer if cert is missing 2017-11-22 16:19:41 +01:00
iglocska 45a2d1a09b new: Added phone number recognition to the freetext import tool 
- also, changed the massaging of phone number type attributes to replace 00 with +
 2017-11-16 16:25:46 +01:00
iglocska 298269fe29 fix: minor tuning of suricata rules 2017-11-07 16:54:07 +01:00
iglocska 68f4833893 new: First version of the zmq reimplementation 2017-10-27 09:10:46 +02:00
iglocska fa7d3fdb36 new: First round of updates to the correlation engine ready 
- node deletion temporarily disabled until a bug is resolved
 2017-10-08 19:50:28 +02:00
iglocska a399ef1186 new: Further work on the graphing engine 2017-10-07 16:18:39 +02:00
iglocska 5290214c9b new: First iteration of the graphing engine rework 2017-10-06 10:05:00 +02:00
iglocska 416ff3f095 fix: Sanitise all the things for XML, fixes #2522 
- Sanitise all the things!

─────────────────────────────▄██▄
─────────────────────────────▀███
────────────────────────────────█
───────────────▄▄▄▄▄────────────█
──────────────▀▄────▀▄──────────█
──────────▄▀▀▀▄─█▄▄▄▄█▄▄─▄▀▀▀▄──█
─────────█──▄──█────────█───▄─█─█
─────────▀▄───▄▀────────▀▄───▄▀─█
──────────█▀▀▀────────────▀▀▀─█─█
──────────█───────────────────█─█
▄▀▄▄▀▄────█──▄█▀█▀█▀█▀█▀█▄────█─█
█▒▒▒▒█────█──█████████████▄───█─█
█▒▒▒▒█────█──██████████████▄──█─█
█▒▒▒▒█────█───██████████████▄─█─█
█▒▒▒▒█────█────██████████████─█─█
█▒▒▒▒█────█───██████████████▀─█─█
█▒▒▒▒█───██───██████████████──█─█
▀████▀──██▀█──█████████████▀──█▄█
──██───██──▀█──█▄█▄█▄█▄█▄█▀──▄█▀
──██──██────▀█─────────────▄▀▓█
──██─██──────▀█▀▄▄▄▄▄▄▄▄▄▀▀▓▓▓█
──████────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
──███─────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
──██──────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
──██──────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
──██─────────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
──██────────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█
──██───────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
──██──────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
──██─────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
──██────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌
 2017-09-29 12:21:52 +02:00
iglocska fd45eed6c4 chg: Added .onion to the TLD list for the complext type tool 2017-09-26 09:14:00 +02:00
iglocska 3b6a6f6e5f Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2017-09-25 12:37:11 +02:00
iglocska 3f76fd6ea7 new: Rework of the attachment uploader 
- add attachments and upload_sample now share code
- allow the same features via upload_sample (object creation / use of advanced add attachments)
- new flag: advanced

- example:

  POST to mymisp/events/upload_sample
  BODY:
{"request":{"files": [{"filename": "bla.exe", "data": "U3RhckNyYWZ0IElJIGZvcmV2ZXI="}], "distribution": 1, "advanced":1, "info":"bla"}}

- this commit was brought to you by CEF and

MMMH$= -  .,   ,,.          %H++  ,= %%$$$$X+ ;=== .=  :+HHHMMMHMMM####MMH@@@@@@HHH$=      HHH@HHHHH+XXX$$$$$$$$XXXXXXX+
MMH = -.  . ,-,,-,.         :H@H  =;;++$HH+XX$%+X%+$++=:=.XH@@@HMMMMMMMMH@@@@@@@HHX$   ,X@@@@@@@HHHHHHHHHHXXXXXXXXXXXXXX
  . ---,  -    ,,,            +@ .. ;++$HH+HHH++$+++HH+++, .+%HHMHHHHHHHHH+%%%++++$+   +++HHHHHHH+++++++++HHHHHHHHHHHHHH
- -- ,,,  --,. -                 , ,; +$XHH@@@@HHH@@@HHHH+$+$X+HH+$$+ ;  ;=  .    %   +  ,+$X+++XXXXXXXXXXXXX++HH+++++++
---==,,--,-,-., :     .          -,,:/ $XHH@HMMMMMMMMMM@HHX$H@MHHHHX+H%%$%+H/:.%. $. @,,,. $$XXXXXXXXXXXXXXXXXXXXXXXXXX+
  =  - --,,   , --   ..             =/ +$+H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X+$$  = ,,, - $$XXXXX$$$$X$$$$$$$$$$$$$$X
====== --,,,, ,= =              ,==== ++$$+HHMMM####MH+$$+++HH@+HH@MHMMH@@H@@@HH+$+    ,,, ,. $$+$++$$$$$$$$$$++$$$$$$$X
 :==-===-,. ,., ==   .           :;; +++%$+H@HMMMMMMM%$%$$$+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+$$%%%%%%%%$+%%$$$$$XXXXX
,  =  ==- -  .  ==             . =; ++++%++HHHHHHHHHH++%$$X+@@H+HHHMMMMMMHH@@@+X+    , ,,,,-  , ,$$$$$$$+++++$$$$XXXXX$$
,,-       ,    --=    ..       . ;/ ++++%$X+HHHHHHH  ++$++X+HH+X+H@HMMHHHHHHHH+.       ,,  ,,  , .    +$$$$+%+$$$$$$$$$$
,-----=-=--,   ,==             ..;/ +% +%$XX+HH++HH+/+$%++H@@HHXHHH@@@@@@@@HXX  .   .,,,.  ,,,,     ,-=$$$$$$$$$$$$$$$$$
 - ,- --  -,   ,-=     .         =/++%++%+++++XXXXX$$+.  +HHH@+$XHHHHHHHHH++$        -,,,  ,,      ,,,.   ,+$$$$$$$$$$$$
 ---,-----, .   ==               =/+%+++%++$$+++$X$$$$++,$$+++XXHHHHHHHH+X$+%       ,-,-,        ,,    .  .  ,+$$+++++++
== --, -- =--, ,,=          .    ./++$$++$+X$+/++$$XXXX$$$$XXXXXXH+HH+H+X$%%/     .,,,,,,    ..  ..    ,. ,,,-=+%+++ /++
+   -- -  -,,-  .,    .  . .      = +$$++++HH+.  ,+$$+++++++$XX$X$XHHH+X$$+      ..--,-    .. .        .    ,-, = ======
MH - ---- --,,,    .       .. ,      %++$$X++++ +%++++++++%++$$$$$+H++X$$+        --,    .         .   .        =  .====
MM=,-, ---,,,,,    . .     ...,,,   =/++%$$XXXX+/+++@@H@HX$+%$$+HHHHH$$$+:       ,--    .     ,. ..       .. ==::;=-:;;;
MM+ ,----,,,,              , .. ,.      +++X+HH+++++%++$++++$$+HHH+++$$          ,-          ,   .       .   : ;/ +%+.
MMH ,-,-,, ,,.        .    -,     =     = +$+H@HH++++$$X$$+++HHH+++$                       ,    ..       ,  +++++++%%+%+
MM@,--,-,,,,,. .     ,,     .    ,-,    .=+$XHHHXXHHHHHHHH@@@@HX$%+:          ,, .      ..,,  .....    ...%%%%++%%%%%%%%
M@@== ,,,  ,                               ++++XX++HHHHHH++HHH+,              ,         ,  .  ....     . +$+%%%%%%+%%%%%
H@H+=,,,  ..                                  ,,+%$+H@HHHXX++,               ,         ,,  .  ...   . ,$$$$$%%%%%+%+%%%%
@H+,-,,.....       .                          .,.;; ++$$X+%+:-              ,  .     .,,,  .  ...   . XXX$$$%%%%%%+%%%%%
+++ -, . ...                             .  .======== === ,                          ,, . .  ..   . -,XXX$X$+$+%%%%%%%%%
$+     .                                ===:; ++++ ++++-,.  ,                       ,-,          .  $X+XX+XXX$$+%++%%%%%
++: ,. .                         ,-,,-==:; %%%%%+%$$%$$X$$$+%+:==        .        . ,,           ..+X$XXXXXX$$$+%%$$%%%%
=:                              ,,,  ==   ++++++$+$$%+++$$$++$+ . ==     .        .,,,             +$$$$$$$$$$$$$$+$%%%+
 ,                          ,---, =:;/++$$XX$$$$$$X+H@H@HHH$%%%$X$++;===== .      .,            .. +%%+$++$%$$$$$$%%++%+
                               ===; +++$$$$+ +%+++%+HH@@@@HH+++ ++%+$+,  ===      ..             ,=;   +++++++++..   :;;
                      .   =:;   /++%$$++,  ,++HHMMHH@@@@HHHH@HH++++++ ,+$$+ .     ..                :=;;:;;;;;==========
                  .,,-==;;;+%  %%+$$$$ /+++@@@@@@@@@@HH@M@MH@@@HHHHH$$% /%$XXX$X  .                -=====::::=========::
                .    =;  ++++++$+++  , +%H@@@HHH@HH++HHH@MHHH@HHHHHH++++ , +%%+$                    ,, -       --- ==:=:
               ====;    ++++$$+%  ++H@HHHHHHH+X++X++@@@HHH@MMMMHHHHHH@HHHH+++++.                        ,,,,-,--- =:==;;
     .,., ==;// / ++++%+%+%+++$$+@H@@@@H@HHH+XXX$%+HHHH@@HH@HMMMMMMMMMMMMMMH@+%;                       ...,,,,,--==;;;/;
 .  ...=    .,+%$++%+$XXX$++%+++H@@@@HHH@HHH+++.   ++++H+HHHHHHHMMMMMMMMMMMM@++:                            ,,, ===;;;;;
==: .  ++++++++HH%H+++X++HH+H@HHHH@HHHHHHH+++++%++%%+%%++ . ,   = ++$H@@HMHMMH%=                                .  ..,,=
+++%$XXHHHHHH@H@@@@@H@HH@MMM@@HH@HH+HXH@HH%%+HH+XX$$$+++/;:=== ,,,,,, = ::; % :,                                   ...,,
%+++HHH@HHH@@HMHHHH@HHHMHMHHHHHH+XH+HHH++++HHHH@HHHHH++%+ -,  = ,=== ,,  ,,, .
H@HHHH#M#M#MHHHM#MMMMMMMHHHH@H@H++@H$+++HHM#MMMMHMMH@@HHHHHH%+++++%%%+++    ,  .
%%%%%%%%%%%%%%++++%%++   ..   ...  ..  .                                   +++%+++++++%++++%+++++++++%+%++%+%%++%++++++%
 2017-09-25 12:22:19 +02:00
Kyle Parrish c5d3ae7b1f RPZExport - Alternate NS 
Added option to add an alternate nameserver to RPZ export.
 2017-09-19 13:25:17 -04:00
iglocska 09dfb7aa14 fix: Reverted CakePHP version 2017-09-19 15:50:19 +02:00
iglocska 76ec7f1c10 fix: Fixed the XML view 
- please stop using XML, for your own sanity, I beg of you!
 2017-09-19 12:05:21 +02:00
iglocska 48b1679216 Merge branch '2.4' into objects_wip 2017-09-18 10:41:54 +02:00
iglocska 50911c9f85 chg: cakephp updated 2017-09-18 10:19:37 +02:00
iglocska 864b680774 fix: Updated the xml export tool to support objects 
- though why do we still support XML?...
 2017-09-13 14:25:13 +02:00
iglocska a931af7223 chg: Some tuning to the freetext import tool 2017-09-12 10:20:38 +02:00
iglocska 40ea22a272 Merge branch '2.4' into objects_wip 2017-09-04 17:38:06 +02:00
Andras Iklody ad60bddc2d fix: Removed url -> tls_cert_subject rule conversion for the suricata export, fixes #2396 2017-08-28 14:09:23 +02:00
iglocska eae062bdb6 fix: Fix to the max items displayed / page using the custom pagination tool 2017-08-25 14:39:23 +02:00
iglocska 0e7dd2eddc new: Added first iteration of object references and other changes 
- various fixes
- rework of the pagination library
 2017-08-09 17:53:25 +02:00
iglocska 3b004d5686 Merge branch '2.4' into objects_wip 2017-08-03 11:20:34 +02:00
iglocska 02464da6f2 fix: cakephp updated 2017-07-05 11:25:11 +02:00
Kevin Allix e7d3991bc3 Use a password to connect to Redis if MISP.redis_password is set in config.php 2017-07-03 12:11:26 +02:00
iglocska df5daae664 chg: Further work on the objects 
- view events with objects via the API
- Further improvements to adding objects
 2017-07-02 22:42:44 +02:00
Andras Iklody 3cd94c7e7c Revert "Use posix_getpgid to check whether a pid is running" 2017-06-26 11:07:59 +02:00
Kevin Allix bee2dc3c49 Use posix_getpgid to check whether a pid is running 2017-06-25 22:34:55 +02:00
Kevin Allix a124aef569 grepping the output of ps: the grep pattern should be ^pid_value$ 2017-06-25 12:23:30 +02:00
iglocska 98d45d2d9f fix: Fixed sanitisation of feed correlation fields 2017-06-22 23:12:06 +02:00
iglocska 926a16310c fix: meta field in galaxy cluster should be a dict even if empty in the JSON output, fixes #2280 2017-06-22 23:06:45 +02:00
iglocska 894415f82a fix: Fixed an issue in the XML export due to neglect 2017-06-19 15:30:16 +02:00
iglocska 473fc9897c fix: Further performance improvements to the zmq module 
- should make inserting data faster
 2017-06-16 10:08:36 +02:00
iglocska bcc3923e8e Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2017-06-16 08:45:16 +02:00
iglocska 57857c3a32 new: Performance improvements for the pub-sub modules 
- Only load and open connection to redis for the pub-sub connection once.
- Massive performance boost when the ZMQ functionality is enabled
 2017-06-16 08:41:12 +02:00
Hannah Ward 9ab1331bfb
new: Push new Discussion items to ZMQ 
Under the topic misp_json_conversation
 2017-06-15 15:30:43 +01:00
iglocska 859a2eb436 fix: typo fixed 2017-06-09 12:44:48 +02:00
iglocska 8b4fc61189 chg: Performance tuning: Custom pagination tool 
- changed set operation to a more performance alternative
 2017-06-09 11:44:46 +02:00
iglocska 95429723ed fix: 
- cleanup refactoring of pub sub tool
- better handling of no access to redis
 2017-06-09 11:43:53 +02:00
iglocska bce780090f new: Added User and Organisation addition/change data to the ZMQ feed 2017-05-29 16:18:37 +02:00
iglocska ab9f282a44 new: Added sightings to ZMQ pub sub system 2017-05-28 00:33:20 +10:00
iglocska 56c079642d new: Added attribute JSONs to pubsub system 
- also made mispzmq a but more generic
 2017-05-22 14:30:58 +02:00
iglocska 4c4f9a4dbb chg: Allow for \t to be used as a CSV feed delimiter 2017-05-11 14:46:20 +02:00
iglocska 468834b210 fix: Updated cakephp solving TLS 1.2 issues 2017-05-11 08:38:50 +02:00
Andras Iklody eef8b55120 Merge pull request #2128 from deloittem/2.4 
Snort attribute generation rule now contains the initial msg field
 2017-05-09 10:46:47 +02:00
Ángel González 926895733b Cosmetic changes 
Change space indents to tabs
Remove ?> at end of file
Add or remove some indentation where appropriate
 2017-05-08 00:45:57 +02:00
Pablo Panero 153926e0af BroExport types updeted 2017-05-05 16:38:38 +02:00
deloittem 5c2bc871ca Update rule generation for attribute snort: generated rule now contains the initial snort rule msg 2017-04-10 15:57:33 +02:00
iglocska 6d33845701 fix: Fixed a typo in the previous commit 2017-04-07 16:56:55 +02:00
iglocska dadd9b3c81 fix: remove sharing groups from json output if empty 2017-04-07 16:51:37 +02:00
iglocska 3b6807ef72 new: Rework of the restsearch APIs 
- allows for alternate download types (supported for now: openioc)
- major refactor of the openioc export
- refactor of the CIDR tool
 2017-03-31 19:27:34 +02:00
Mathieu Deloitte 47bcd264e2 Manage the new attributes IP-SRC|PORT and IP-DST|PORT when exporting NIDS rules 2017-03-22 16:19:32 +01:00
Andras Iklody edaeaf9194 Merge pull request #2031 from deloittem/2.4 
Suricata export update
 2017-03-09 09:43:30 +01:00
Mathieu Deloitte 59df951071 Only display the tag name if the array contains values (depending if the tag is exportable or not) 2017-03-09 08:48:22 +01:00
iglocska 717786d70a chg: cakephp updated 2017-03-08 15:08:27 +01:00
Mathieu Deloitte 27b2effffd Add the attribute tags to the msg field (Suricata rule) to sort easier the raised alerts 2017-03-08 15:04:45 +01:00
Mathieu Deloitte d8feddd47f Initialize host to empty value when the URL is formed incorrectly 2017-03-08 14:52:40 +01:00
iglocska 35cdd5eefe fix: Missing file added 2017-03-02 12:02:36 +01:00
iglocska a59aab9b23 fix: Re-added the accidentally removed code in a merge, fixes #1965 
- affects f0e1a27b7d
 2017-02-20 18:43:36 +01:00
iglocska dc8a9707c0 Merge branch '2.4' into feature/enhanced_sightings 2017-02-16 22:52:53 +01:00
Alexandre Dulaunoy 5ace946502 Merge branch '2.4' into 2.4 2017-02-15 17:44:51 +01:00
iglocska ab7aadb924 fix: Fixed a bug with the freetext import that broke the detection of IP addresses 2017-02-14 16:51:07 +01:00
Alexandre Dulaunoy 5bd06f86e5 Merge branch '2.4' into 2.4 2017-02-12 11:41:41 +01:00
iglocska e1f5463a82 fix: Added correct recognition of ip:port indicators to the freetext import tool, fixes #1919 2017-02-10 17:59:35 +01:00
iglocska ca22435831 fix: Added (dot) to the refanging 2017-02-10 10:32:43 +01:00
Mathieu Deloitte 98864fb82e NidsSuricataExport refactoring for attribute *URL* 2017-02-08 14:12:30 +01:00
iglocska a229af43ae fix: Empty delimiter for CSV feeds causing grief 2017-01-25 06:02:55 +01:00
Alexandre Dulaunoy 16d31458a8
fix: whois-registrant-email added as type when an email is detected in freetext 2017-01-18 14:13:36 +01:00
iglocska 4ad022b03c Merge branch '2.4' into feature/attribute-tagging 2017-01-16 16:15:06 +01:00
iglocska 7dcc11f0f7 fix: Copy paste fail 2017-01-01 16:29:50 +01:00
iglocska 734ff59cb4 fix: Left off changes to the complextypetool 
- oops
 2017-01-01 16:28:23 +01:00
iglocska 76e9398df9 new: Various new feed features 
- import feed descriptor json pastes to add a list of pre-defined feeds
- improvements to the feed pull (a single non validating attribute shouldn't break the process)
- altered the saving of the attributes to happen in chunks during a feed pull to avoid very large feeds from stalling the process
- split the feeds into 3 tabs: default, custom, all
 2016-12-31 09:04:46 +01:00
iglocska 7f8a81e161 new: Added caching and pagination to freetext/csv feeds 2016-12-30 16:16:56 +01:00
iglocska 7146652059 Merge branch '2.4' into feature/attribute-tagging 2016-12-26 23:30:21 +01:00
iglocska da433c3549 Merge branch '2.4' of https://github.com/MISP/MISP into feature/disable_correlation 2016-12-22 21:01:58 +01:00
iglocska 3a2e051b91 fix: Added an alternative to bcmod if it doesn't exist 
- simply threw an exception if the module wasn't loaded on the event view if it contained an IBAN number
 2016-12-22 18:06:20 +01:00
Andras Iklody ac994530e6 fix: broken bro export 
- Sanitisation issues with linebreaks in comments breaking the export
 2016-12-21 17:35:00 +01:00
iglocska 4155e32629 fix: Added additional refanging patterns to the complex type tool, fixes #470 2016-12-12 14:20:07 +01:00
iglocska 01f078344c fix: Fixed an issue with the freetext importer 
- It looks like PHP does parse single quoted strings and replaces double backslashes with a single literal backslash
 2016-12-09 08:59:59 +01:00
Armins 7ba143bcd1 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2016-12-07 18:12:49 +02:00
Armins 4c67f0a2c8 Added fast_pattern 2016-12-07 18:07:12 +02:00
Andras Iklody 44ec75e462 Merge pull request #1726 from liviuvalsan/bro_export_improvements 
Performance improvements, bug fixes and new features for the export to Bro
 2016-12-07 16:52:15 +01:00
Liviu Valsan 4c022beafc - Performance improvements when exporting a large number of attributes into Bro format. 
- Fixed file header formatting for the export to Bro format (tabs used consistently).
- Computing the time needed for generating the export to Bro format when done using a background job.
- When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside.
- Changed the file extension of Bro export files from ".intel" to ".txt".
- Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS).
- Fixed some of the API endpoints which were not accepted (ACL issues).
- Added support for a list of events that should be / should not be included in the export.
- Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute.
- Sanitized the exported data for Bro.
- Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
 2016-12-07 16:33:17 +01:00
Iglocska 1e7dccf272 Merge branch '2.4' into feature/galaxy 2016-12-06 16:11:59 +01:00
Iglocska 8f220378ce new: First RC of MISP galaxies 1.0 2016-12-06 15:52:20 +01:00
Iglocska 576d58462d fix: Trim strings of brackets before running the freetext detection on them 2016-12-01 12:24:42 +01:00
Iglocska 162e024eb8 fix: Temporary fix for a keyword mismatch between the import modules and the freetext import 2016-11-29 11:56:16 +01:00
Iglocska 6e52070f48 fix: Fixed an issue that prevented the feeds from working in CSV mode if no value field was set 2016-11-24 09:50:22 +01:00
Iglocska 7e75aafc22 fix: Added domain|ip to nids exports 2016-11-09 17:08:06 +01:00
Iglocska c2fc803fed chg: Use the TLD lists from the warninglists, fixes #1149 
- simply load any enable warninglist entries from the pre-defined TLD warninglists
- Pass the resulting array to the complex type tool
- during domain type heuristics, if the TLD list is not empty use the supplied list
- alternatively generate a list based on the old TLD rules
- does not alter any functionality otherwise
 2016-10-25 22:23:01 +02:00
Iglocska 6ffa949657 fix: Invalid bro export generation due to invalid syntax on the intel field 2016-10-25 12:48:51 +02:00
Iglocska 9891234662 new: CSV feeds and various fixes 
- Added the CSV feed format
  - users can specify which fields in the CSV should be parsed
  - comment lines are automatically omitted
  - new settings system added to feeds, currently only used for the value fields

- Slight rework of the correlation lookup for the feeds
  - got the Speed Force treatment
  - correctly checks against value1 and value2 instead of value

- Various freetext import fixes
 2016-10-08 14:36:24 +02:00
Iglocska 721cfd8d98 fix: Fixes to the ssdeep detection as it was way too loose 2016-10-07 20:20:53 +02:00
Iglocska 503661a240 new: First implementation of the freetext feed pull 2016-10-07 17:33:54 +02:00
Andreas Ziegler 0e3fc2192e fix: export attributetags as Tag elements (like eventtags) 2016-09-29 16:53:04 +02:00
Cristian Bell 5be1e17bce Revert "fix: missing new TLDs in free text import, solves #1149 (#1574)" 
This reverts commit e3bb9d3a42.
 2016-09-27 16:38:35 +02:00
Cristian Bell e3bb9d3a42 fix: missing new TLDs in free text import, solves #1149 (#1574) 
* fix: missing new TLDs in free text import, solves #1149
 2016-09-27 15:53:43 +02:00
Iglocska 9b7191f878 fix: Don't show the org restriction of a tag in the event view JSON 2016-09-27 09:38:32 +02:00
Andreas Ziegler a6e93d6020 chg: update cakephp to 2.8.9 (#1560) 2016-09-23 04:36:26 +02:00
iglocska f6187f8fa5 fix: Fallback to insecure random for php 5.x if the random_compat submodule isn't loaded 2016-09-18 16:11:33 +02:00
iglocska 62a2211a23 Merge branch '2.4' into 1457 2016-09-18 13:06:03 +02:00
iglocska a599ec24f7 Merge branch '2.4' into 1501 2016-09-18 11:07:10 +02:00
Iglocska 6d822ee45e fix: Refactor of the bro export to always create a zip archive with separate files if "all" types are queried 2016-09-16 16:49:54 +02:00
Iglocska 1991f7a208 fix: Some changes to the bro export 
- moved the whitelisting out of the plugin
- source now contains the instance host org name (if applicable), the event UUID and the creator org name
 2016-09-16 14:55:25 +02:00
Iglocska 2cede15e68 Merge branch '2.4' into feature/bro-export 
Conflicts:
	app/Model/Event.php
 2016-09-15 18:00:25 +02:00