- AJAX requests now also respond with a small message at the bottom of the page, notifying the user of the result
- The following actions work now on the event page via ajax:
1. Add / remove tags
2. quick edit any attribute field if eligible
3. quickly create a proposal of any attribute field if not eligible to edit
4. popover attribute creation (also works with batch add)
5. popover proposal creation (also works with batch add)
6. delete attributes
7. accept/discard proposals
8. mass edit / delete attributes
Also, replaced the old memberslist, with a small lightweight css/js based one.
- Authentication via headers was only allowed if _isRest() returned true
- this only happened for pages returning JSON or XML content
- a new check, _isAutomation() was added that allows authentication via headers for certain methods used by the automation system
- forms are now dynamically pulled onclick
- performance greatly enhanced
- solves the issues with the CSRF protection kicking in if the user edits a field after using the back button
- Exporting a JSON object erroneously included related objects which prevented the exported event from being added back to MISP via the API
- Downloading search results as XML / CSV now correctly includes all of the search results instead of just the 60 visible ones on the UI (cut off by the pagination)
- The tags parameter in the exports now correctly accepts null as a valid value even if it is the last parameter
- users can now edit all fields in an attribute whilst on the event page
- issues left to fix:
- tag changes after an attribute change run into CSRF protection
- batch add not handled gracefully yet
- going back to the event view and editing a field gives users an error message over the CSRF protection - instead, silently check if the page is loaded in a dirty way and refresh the ajax fields silently
- quickadd of attributes still missing
- upgrade script broke adding events via the rest interface if they had an xml_version included
- fixed, also, add now more flexible with directly adding events from an export encapsulated in a response tag
- events/restSearch, attributes/restSearch, events/xml, attributes/returnAttributes
- users can now POST a search array in XML / json instead of sending the parameters in the url
- Users can now elect to receive their attribute search results in the new alternative view
- instead of receiving a list of attributes matching the search options, users are presented with a list of events that contain matching attributes
- number of matches and a percentage of those matches being marked as indicators for IDSes are shown
- the events are ordered by the percentage of IDS worthy attribute
- event level exports from the event view now export all attributes regardless of to_ids value
- to_ids value now has its own column in the csv exports
Adds a check for a true value in GnuPG.onlyencrypted and will only display the "No GPG Key Set in your Profile" message to the user if it is missing AND MISP is set to send only encrypted email. This way orgs not using GPG will not see the banner on every index view.
- It is now possible to restrict the CSV automation export by type / category
- updated the automation page to describe how the syntax works
- fixed an issue with line breaks not being sanitized for the CSV export
- Until now, organisations that have made any change to an event in the past (even including an admin running scripts that update the event) would flag an event as having an extra contributor
- From now on, the Contributors field only shows orgs that have created proposals
- xml export now correctly exports all attachments if specified as parameter
- print view fixes
- disclaimer for old IE versions (< 10) and compatibility mode users when viewing the statistics (The heatmap calendar requires 10+)
- the event changes that a proposal creation creates are also logged (such as disarming the proposal email lock) -> this should not be shown in this log view.
- check lead to the user incorrectly being passed on after authentication, not returning any private data of their own organisation.
- Also, publishing an event with the background jobs enabled now correctly shows that the job was added to the queue instead of telling the user that the event has been published.
- during the event id pull, the local server already checks the timestamps, removing the ids of events that are not newer than the local version
- this results in only the event metadata being pulled for all events, and the attributes of only those events that need to be updated are pulled resulting in much quicker pulls
- Fixed an issue with proposals that got pulled not finding the attribute that they are proposals to (for proposals that belong to an attribute)
- tags can now be set correctly for all events
- some UI changes to the tags
- moved the deletion of all event_tags when a tag gets deleted to beforefilter
- A colon in the tag search tag will render the tag search invalid. Since colons are commonly used in tag names, this poses an issue - users should use a semi-colon instead, which gets automatically converted to a colon.
- Threatconnect import now allows any valid threatconnect csv file to be imported as long as type, value, confidence, description and source are included
- Viewing an event without a discussion thread creates an empty thread in preparation of future posts - these empty threads should not count as active threads though.
- regexp structural changes added to the upgrade script (type)
- Added publish / alert to the background jobs
- fixed a misalignment with the statistics
- only events that could be seen were checked when calculating whether the user's org needs to recache the exports. This meant that the information was incorrect if another org has a visible event that was newer.
- MYSQL.sql updated
- upgrade_2.2.sql updated
- List of active proposals for you and your organisation now shows the org logos of the contributing organisations
- contributors shown on the event view (list of the organisation logos of users that have contributed through proposals)
- these link to the event history containing only entries from their organisation
- changes to the activity heatmap
- heatmap now dynamically changes the range on the graph based on the obtained values
- performance improved
- buttons to move back or forward in time on the calendar
- Attributes:
- warning for the user if he/she has selected the attribute category "targeting-data" or "attribution" as these could contain classified information
- UI improvements across most attribute and shadowattribute input views
- Updated cal-heatmap to the newest version
- xml version now included in the xml exports
- MISP will now check the xml version on all imports related to sync / add MISP XML and try to update the incoming info if it detects an older version
- exports now take tag names as a parameter (affected exports: XML, text, HIDS, NIDS)
- eventtags now correctly get removed when an event is deleted
- Scheduled tasks for pull / push now working as intended
- Rescheduling of all tasks fixed
- protection against the rescheduled task ending up in the past
- further event history fixes
- fixed lots of erroneous logging
- performance improvement with logging (no longer loading controllers for no reason)
- logging extra actions that weren't logged before (proposal accept / discard, server pull / push)
- View Event history now shows the logo of the org whose action triggered the log entry
- View Event History now shows different fields than before
- Proposals now logged
- Accepting / Discarding a proposal now doesn't create junk edit / delete entries as before.
- Creators of an event can now see all of the log entries altering an event in the event history log. This includes deleted events.
- new special role for tagging
- can create tags with a name + colour combination (using a colour picker plugin)
- users can assign tags to events
- can filter events by tags on the index
- upgrade script that populates threat level from the old risk field for every event that doesn't have a threat level set.
- threat levels in an event (from a sync for example) that are unknown to the local instance now show the numeric value of the threat level
- cleaned up the methods, they all now return results without debug mode enabled
- Added a verification method for all user GPG keys (as an expired key for example would send out empty messages)
- authorization key should be sent through headers.
- passing it in the url is deprecated
- updated automation page to reflect the changes
- csv export now has headers
- you can now upload a certificate file and allow a server link to use a provided self signed certificate. This should solve the issues that some organisations are having when trying to connect their instances
- fix to the creator of a proposal being able to also accept it
- new attributes are now shown in the e-mail denoted by a * when an event is republished
- the date of an attribute's creation is shown
- fixed the datefilter to be inclusive of the border values. Entering all events from the 13th of january should include events that were created on that day, not just the 14th and newer.
- attributes in the event view now show the date when they were added / modified
- the alert e-mail now shows which attributes are new since the last commit
- Statistics page has gotten a lot of extra information
- Removed some old junk files
- Made the size of the graph in the memberslist larger to fit all the new attribute types
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
- Corrected some weak notifications on background jobs
- Changed the view slightly to view background jobs
- fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin
- added scheduler to the export caching
- site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
- started work on scheduling
- view to add scheduled tasks (still needs work)
- moved cache job bulk-code to the job model from the controller
- bootstrap timepicker
This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin.
- fixed an issue where a blacklisted value added through uloadattachments would break the import
- fixed the distribution level of attributes created by the GFI import always being your org only
- removed registry attributes that do not contain a malware sample or a dropped file in the value
- fixed a set of regular expressions dealing with the sanitisation of user names that would fail on user names consisting of more than one word
- added a few regular expressions
Updated this along with whitelist.php to allow for simple entry of names in the whitelist, this file will allow proper application of those blocked names to exported NIDS sigs.
- Contextual comments for proposals
- shows proposal count in the top bar
- new view showing all of the events of the user's organisation with an active proposal
Also, more work on the background jobs
- started work on publishing
- started making the background jobs an optional setting in bootstrap
Conflicts:
app/Controller/AppController.php
app/Controller/EventsController.php
- Event.risk has been replaced by Event.threat_level_id.
all functionality remains the same and users should not see
any difference.
ENUM() used for Event.risk is vendor specific and requires
too many hacks to play nicely with bake.
- Added default schema file, SQL dumps should be avoided since
they make updating/upgrading a pain.
- Removed old unused schemas
- adds JSON example to shell scripts
- adds sample JSON event
- ??? for some redundant Attribute model conditions
- updates travis with CakePHP installation
Some small travins changes too.
FYI there's an automated travis build available at
https://travis-ci.org/MISP/MISP
We don't have unit testing and travis setup is subpar so everything will fail
for now.
- Also some improvements to the shadow attributes
- some minor UI changes
Conflicts:
app/Controller/EventsController.php
app/View/Elements/global_menu.ctp
app/View/Layouts/default.ctp
- reworked almost all of the side menues to be centralised
- Some fixes for the IOC export not handling two new-ish types correctly
- Some changes to the menues (including a few options that didn't exist before)
- rework of the popovers in some forms