MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
21,078 Commits
42 Branches
370 Tags
181 MiB
Commit Graph

1041 Commits (f796071d6494e7b21e4c6fb7a7cbd10b1427be52)

Author SHA1 Message Date
mokaddem 3efaffdefc
fix: [attribute] `only_full_group_by` fixed for `__getCDIRList`. 
Fix #6218
 2020-11-06 08:36:07 +01:00
Jakub Onderka a92c1c4fe4 chg: [internal] Speedup sightings saving 2020-11-03 09:20:22 +01:00
Jakub Onderka 9cf7be802d chg: [rest] Faster attributes restSearch 2020-10-30 18:49:48 +01:00
mokaddem f9e6aa61f9
Merge branch '2.4' of github.com:MISP/MISP into feature-report-extract-data 2020-10-23 22:25:13 +02:00
Andras Iklody c5e0671de9
Merge pull request #6484 from crowface28/2.4 
fix: #6354
 2020-10-22 19:34:32 +02:00
Nick 98494cfda9 fix: #6354 
fix: #6354

Need escape for quote in regex
 2020-10-22 12:05:53 -04:00
Jakub Onderka 49660255fe new: [av] Malware protection for uploaded files 2020-10-22 16:38:07 +02:00
Jakub Onderka 6063ee1547 chg: [UI] For revise object, do not validate unique UUID 2020-10-21 19:38:46 +02:00
Jakub Onderka 28af05528f chg: [internal] Normalize AS type to asplain notation 2020-10-15 22:46:12 +02:00
Alexandre Dulaunoy 40e8d619cc
chg: [attribute] cpe was already present but not specified in any categories 2020-10-15 14:42:10 +02:00
Alexandre Dulaunoy cf05b94cdc
new: [attribute type] cpe Common Platform Enumeration attribute type added 2020-10-15 14:39:26 +02:00
mokaddem b8044d9c07
new: [eventReports] Attributes suggestion replacement + UI - Draft 2020-10-15 11:56:21 +02:00
Jakub Onderka 47d3293880
Merge pull request #6440 from JakubOnderka/event-ui-vol3 
Event ui vol3
 2020-10-14 19:45:20 +02:00
Jakub Onderka 2b24260555 fix: [internal] Missing variable 2020-10-14 18:54:59 +02:00
Jakub Onderka e96b1afafc chg: [validation] Provide better invalid messages for ip-dst|port, ip-src|port and hostname|port 2020-10-14 08:19:49 +02:00
Jakub Onderka 3606d368d1 chg: [validation] Simplify composite validation 2020-10-14 08:19:49 +02:00
Jakub Onderka 0d055b12d7 fix: [validation] Correct validation for iban, bic, btc, dash and xmr attributes 2020-10-14 08:19:49 +02:00
Jakub Onderka cd591e684b fix: [validation] Normalize mac-address and mac-eui-64 to lowercase 2020-10-14 08:19:49 +02:00
Jakub Onderka 335814af88 fix: [validation] Do not accept floats where should be just integers 2020-10-14 08:19:49 +02:00
Jakub Onderka d9abb37c8f
Merge pull request #6438 from JakubOnderka/hostname-port-correlation 
fix: [correlations] Disable correlation for port part in hostname|port
 2020-10-13 23:29:17 +02:00
Jakub Onderka 5f98426f7d fix: [correlations] Disable correlation for port part in hostname|port type 2020-10-13 23:08:59 +02:00
Alexandre Dulaunoy 550f09f628
new: [attribute] telfhash attribute type added - fix #6435 2020-10-13 22:29:43 +02:00
Jakub Onderka e2c65d2a51 chg: [validation] Provide more precise and faster attribute validation 2020-10-13 10:51:18 +02:00
Jakub Onderka d1a6a94f78 chg: [internal] URL is already defang in ComplexTypeTool 2020-10-12 08:24:34 +02:00
Jakub Onderka ace025e085 fix: [internal] Properly convert `hostname|port` when delimiter is `:` 2020-10-12 08:23:49 +02:00
Jakub Onderka 8c6ad2b414 fix: [validation] Convert vulnerability attribute to uppercase 2020-10-12 08:23:49 +02:00
Jakub Onderka 46ea861576 chg: [UI] Validate object when revising 2020-10-12 08:23:46 +02:00
Jakub Onderka a8dcd9aec4 fix: [validation] Float validation 2020-10-12 08:22:56 +02:00
Jakub Onderka 2f4d38b2f1 chg: [internal] Cleanup and simplify ShadowAttribute model code 2020-10-11 15:20:20 +02:00
Jakub Onderka 0b3f5a5eeb chg: [freetext] Process just big number of attributes in background 2020-10-11 12:35:59 +02:00
Jakub Onderka 9a5d906e25 fix: [warnings] enforceWarninglist works again 2020-10-03 15:06:32 +02:00
Jakub Onderka b031ad3a07 chg: [internal] Change method name to show that it just filter one attr 2020-10-03 10:17:05 +02:00
Jakub Onderka 66b270b42e chg: [internal] Rename Warninglist::simpleCheckForWarning to checkForWarning 2020-10-03 10:17:05 +02:00
Jakub Onderka bbb08e4074 new: [warninglist] Cache warninglist results 2020-10-03 10:17:05 +02:00
Alexandre Dulaunoy 1ffddca1b2
new: [attribute-type] filename-pattern to describe a filename base on a pattern 
Fix #403

There is no specific validation on the field. This allows us to have a clear
separation between filename and filename-pattern as many users were
using filename for regexp. This also helps the creation of object
template which requires a filename pattern.
 2020-10-01 15:04:13 +02:00
mokaddem d0c7c44a2f
fix: [attribute] Typo in regex. Fix #6354 2020-09-28 09:34:54 +02:00
rmkml 1f08e9a27a fix #6336 vhash 2020-09-27 13:45:23 +02:00
mokaddem eb84b3344f
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-09-22 12:08:12 +02:00
rmkml b33193c4d0 fix #6266 vhash & 2020-09-18 20:40:04 +02:00
Jakub Onderka 935437d1bc chg: [internal] Invalid message for UUID contains that UUID must be RFC 4122 compliant 2020-09-18 10:56:28 +02:00
Jakub Onderka 69955d2fc6
Merge pull request #6272 from JakubOnderka/uuid-validation 
Experimental: UUID validation
 2020-09-08 21:17:53 +02:00
iglocska b6c871309b
fix: [validation] relaxed first/last/middle name validation 2020-09-08 15:53:04 +02:00
Jakub Onderka 0e916bd364 chg: [internal] Ensure that UUID is always lowecase and real UUID 2020-09-08 10:47:28 +02:00
Alexandre Dulaunoy 6f2b94f09a
chg: [attributes] to_ids for new email type 2020-09-04 16:32:23 +02:00
Alexandre Dulaunoy c8b7523063
chg: [attribute] pgp is not php ;-) 2020-09-04 15:56:56 +02:00
iglocska 7e2b0ac087
new: [types] pgp-public-key/pgp-private-key added 2020-09-03 17:40:55 +02:00
iglocska 92391ead44
chg: [type] email-src/email-dst descriptions redefined. Also added email to the person category 2020-09-03 12:15:06 +02:00
iglocska b14e5fbb0e
new: [types] email added as a new type, affects #6281 2020-09-03 12:03:21 +02:00
Jakub Onderka 2f6f97e36e
Merge pull request #6274 from JakubOnderka/acl_filter_attribute_values 
fix: [internal] Respect ACL for event attribute search
 2020-09-02 17:24:16 +02:00
Jakub Onderka 4d819452e4 fix: [internal] Respect ACL for event attribute search 2020-09-02 16:49:45 +02:00
Golbark 3a0bedb104 chg: [internal] Using Allowedlist instead of Whitelist 2020-09-01 16:28:20 +02:00
iglocska f82e10d1fb
new: [API] added count returnformat for the REST api, fixes #6233 
- simply counts the number of attributes/events found (on each respective scope)
 2020-08-31 12:32:28 +02:00
rmkml 6da01364ba add SHA3 Hash on Attribut.php 2020-08-23 18:26:56 +02:00
Andras Iklody eccc3f83e9
Merge pull request #6202 from rmkml/2.4 
add vhash (VirusTotal Hash) on Attribut.php
 2020-08-17 17:05:46 +02:00
rmkml a6eeb676c4 add vhash (VirusTotal Hash) on Attribut.php 2020-08-17 16:36:47 +02:00
Jakub Onderka 261b54e505 chg: [correlation] Use less memory when generating correlation 2020-08-17 10:54:01 +02:00
Jakub Onderka cac497158e chg: [internal] Reuse AttachmentTool instance 2020-08-14 12:30:12 +02:00
Jakub Onderka ba74ddd689 fix: [UI] Showing image thumbnail 2020-08-13 15:34:32 +02:00
Jakub Onderka 83f5d3ada5 chg: [internal] Generate event date even if attachments doesn't exists 2020-08-13 15:34:32 +02:00
Jakub Onderka a411b36666 chg: [internal] Move attachment handling to one place 2020-08-13 15:34:32 +02:00
Jakub Onderka 421e94bc2f fix: [security] Check if user can access sharing group when uploading attachment 2020-08-06 11:52:53 +02:00
Jakub Onderka 8bb2d94c5e fix: [security] ACL check when loading ajax tags 2020-08-04 12:23:41 +02:00
Jakub Onderka 5611374829 fix: [security] ACL check when editing multiple event attributes 2020-08-04 12:23:38 +02:00
iglocska a2c0010d48
fix: [unicode] Temporarily escape 4 byte characters until we move the attribute value fields to mb4, fixes #5123 
- fixes sync/feed issues related to 4 byte unicode characters
 2020-07-30 09:17:27 +02:00
Jakub Onderka d7f7bc725b chg: [internal] Faster loading sighting 2020-07-28 09:50:28 +02:00
mokaddem cda56bdbd3
fix: [attribute:editableFields] Typo in variable name 2020-07-24 16:19:02 +02:00
mokaddem f53ba3675e
chg: [AttributeTags:handleAttributeTags] More generic way to handle 
capture and association
 2020-07-24 14:30:41 +02:00
mokaddem 6c1bbf0fde
chg: [attribute] Added tag handling when saving attributes and objects 2020-07-24 13:55:34 +02:00
mokaddem 5b4cef3e6c
Merge branch 'feature/tags-deletion' into fix-update-tags-on-attribute-edit 2020-07-24 11:41:27 +02:00
mokaddem 0086fcd1dd
chg: [attribute:editAttribute] Uage of `editableFields` instead of 
hardcoded array
 2020-07-24 10:59:42 +02:00
mokaddem 3fc896eaaa
fix: [attribute] Allow editing attributes 
Added raw values fields in the `editableFields`
 2020-07-23 12:44:07 +02:00
mokaddem 77f2a983b2
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-07-23 11:19:41 +02:00
mokaddem d3f9184f21
fix: [attribute:edit] Prevent the edition of system reserved fields 2020-07-23 11:15:01 +02:00
iglocska 6750a05003
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-07-22 13:12:50 +02:00
iglocska 662cdbc7b7
fix: [sync] drop the republishing of events when the modification is merely a timestamp bump 
- due to an already fixed issue still lingering, invalid event edits keep getting synchronised between instances
- these events still generate publish alerts erroneously

- this fix compares the previous state of the event to the modification, if there are no material changes (attributes, objects, object relations, event tags added/updated) then the publishing is dropped.
 2020-07-22 13:10:52 +02:00
mokaddem ad81c60986
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-07-21 08:09:25 +02:00
Jakub Onderka 35e2aa5837 chg: [internal] Faster generating correlations when enabling for event by toggle 2020-07-17 09:46:34 +02:00
Jakub Onderka 91a1913fed new: [attribute] Add support for IDN domains 2020-07-16 17:23:49 +02:00
mokaddem b3dbecb318
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-07-14 16:25:04 +02:00
Jakub Onderka 3afcf1e070
Merge pull request #5929 from JakubOnderka/fuzzy-purge 
fix: [correlations] Purge ssdeep table after attribute delete
 2020-07-13 22:48:10 +02:00
Andras Iklody 6dca14a6b0
Merge pull request #6067 from JakubOnderka/fix-composite-type-uniquenes 
fix: [attributes] Possible duplicate attributes
 2020-07-10 09:59:55 +02:00
Andras Iklody bfb2bf1bfd
Merge pull request #6070 from JakubOnderka/cidr-correlation-optim 
Cidr correlation optim
 2020-07-07 12:23:35 +02:00
Andras Iklody e6995dab67
Merge pull request #6035 from JakubOnderka/rest-search-optim 
chg: [internal] Attribute REST search optimisations and error handling
 2020-07-07 12:18:29 +02:00
mokaddem f3a9481c61
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-07-01 16:22:55 +02:00
Jakub Onderka 4d95426ca8 chg: [correlations] Faster checking if CIDR is IPv4 or IPv6 version 2020-06-28 10:15:31 +02:00
Jakub Onderka e96d632055 chg: [correlations] Just check if redis key exists 2020-06-28 10:14:40 +02:00
Jakub Onderka 08e1fb3b49 fix: [attributes] Possible duplicate attributes 2020-06-26 22:43:16 +02:00
iglocska 6b95047c1e
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-06-22 11:11:31 +02:00
iglocska 609bfbd450
fix: [security] missing ACL lookup on attribute correlations 
- attribute correlation ACL checks are skipped when querying the attribute restsearch API revealing metadata about a correlating but unreachable attribute.

- Thanks to Jakub Onderka for his tireless work and for reporting this!
 2020-06-22 11:00:56 +02:00
Jakub Onderka 3d12cb3f3c chg: [internal] Attribute REST search optimisations and error handling 2020-06-19 23:45:22 +02:00
Jakub Onderka 7eb464a58f
fix: [UI] Typo 2020-06-18 16:34:01 +02:00
Jakub Onderka 5346190afb new: [correlations] Enable CIDR correlations for ip-src|port and ip-dst|port types 2020-06-17 11:11:51 +02:00
Jakub Onderka 48c9c32e48 chg: [correlations] Faster IPv4 CIDR correlation 2020-06-17 09:17:57 +02:00
Jakub Onderka 8454ca38c7 chg: [correlations] Faster IPv6 correlation 2020-06-17 09:17:57 +02:00
Jakub Onderka 1d0d913972 chg: [correlations] Big speedup when correlating CIDR 2020-06-17 09:17:57 +02:00
mokaddem a5e7e46cd4
Merge branch '2.4' of github.com:MISP/MISP into decaying-v2 2020-06-08 08:26:15 +02:00
Jakub Onderka 9665b8a091
fix: [internal] Removing attributes from empty event 2020-06-05 16:48:53 +02:00
mokaddem bb167029eb
new: [userSettings] New setting `default_restsearch_parameters` 
It allows users to supply restSearch parameters that will be injected
(and possibly overridden) into the restSearch filters.
 2020-05-29 15:23:27 +02:00
mokaddem 591bd8f9c5
fix: [attribute:fetchAttribute] Prevent notices if tags not set while 
computing decay
 2020-05-29 15:20:07 +02:00
mokaddem 5c04b9a8c1
Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0 2020-05-28 14:06:30 +02:00
Raphaël Vinot 27cdcf2c65
Merge pull request #5941 from MISP/git-commit-id 
new: [type] git-commit-id
 2020-05-26 15:03:52 +02:00
Andras Iklody 130e2970b5
Merge pull request #5942 from JakubOnderka/correlation-saving 
Correlation saving
 2020-05-26 14:28:51 +02:00
Jakub Onderka f1a1f3d81f chg: [correlation] When generating correlation, just fetch attributes that can correlate 2020-05-26 13:15:19 +02:00
Jakub Onderka 04c783afd7 chg: [correlations] Refactored correlation saving 
* Always show other correlating value (useful for CIDR correlations)
* Make correlation saving faster (move more work to database, do not fetch not necessary fields) 
* Fix some small bugs
 2020-05-26 13:14:57 +02:00
Raphaël Vinot c03670cf0d new: [type] git-commit-id 2020-05-26 12:26:24 +02:00
Andras Iklody ffed7fed4c
Merge pull request #5906 from JakubOnderka/fix-ipv4-cidr-validation 
fix: [attribute] Do not allow for IPv4 CIDR masklen bigger than 32
 2020-05-26 08:59:05 +02:00
Jakub Onderka a8bc7868cf fix: [correlations] Purge ssdeep table after attribute delete 2020-05-21 17:54:40 +02:00
chrisr3d 932e51d4d7
fix: [opendata export] Less confusing variable name for the parameter to only skip exporting the data and keep only the header 2020-05-15 14:08:34 +02:00
chrisr3d 2bf534a882 Merge branch '2.4' of https://github.com/MISP/MISP into opendata 2020-05-15 11:40:20 +02:00
Jakub Onderka c8c599653e fix: [attribute] Do not allow for IPv4 CIDR masklen bigger than 32 2020-05-14 18:13:39 +02:00
mokaddem 45d2eccd6a
fix: [attribute:simpleAddMalwareSample] Typo in loading `Object` class. 
Fix #5864

- Was not spotted before because the fixed line was if fact doing
nothing as the class's key was already used
 2020-05-14 15:00:43 +02:00
iglocska a24fe930da
Merge branch '2.4' of github.com:MISP/MISP into 2.4 2020-05-14 09:52:45 +02:00
iglocska 15d6c30649
new: [sync] (for now) undocumented force pull added 
- can only be triggered via the CLI for now
- usage: /var/www/MISP/app/Console/cake Server pull [user_id] [server_id] [technique] [force]
  - the force flag has to be passed as 'force' to avoid accidentally triggering it

- What it does:
  - pulls ignoring the timetamp differences
  - this means that even older states of events, attributes, objects are ingested
  - useful for when wanting to reset an event / all events to align with an upstream server
- Caveats:
  - attributes added on the low side are maintained
  - tags added on the low side are maintained
  - keep in mind this WILL override attributes that are soft deleted
 2020-05-14 09:34:49 +02:00
Andras Iklody 049ee88aa7
Merge pull request #5889 from JakubOnderka/attribute_correlation 
IPv6 CIDR correlations
 2020-05-14 08:28:15 +02:00
Andras Iklody f659ee5871
Merge pull request #5892 from JakubOnderka/fixed_event_freetext_feed_speedup 
Fixed event freetext feed speedup
 2020-05-12 08:43:46 +02:00
Jakub Onderka 47d32a46f4 chg: [internal] Faster saving attributes 2020-05-11 18:18:17 +02:00
chrisr3d 18d6e38b4f
chg: [restSearch] Option to skip fetching attributes/events when only the metadata is wanted 
- As for the opendata export we do not need to get
  the attributes or event, and are only interested
  in using the metadata, a parameter to skip
  fetching the actual data collection has been
  added, and we avoid iterating through the entire
  data collection.
 2020-05-11 12:54:11 +02:00
Jakub Onderka e56629daf1 fix: [correlations] Do not correlate CIDR with CIDR 2020-05-10 14:40:04 +02:00
Jakub Onderka 1cf9f3ce2e fix: [attribute] modifyBeforeValidation fix for `domain|ip` type 2020-05-09 09:42:40 +02:00
Jakub Onderka 5509bb84f5 fix: [correlations] Return just unique values for CIDR list 2020-05-08 22:28:58 +02:00
Jakub Onderka 9269d92147 chg: [correlations] Faster inserting data to Redis 2020-05-08 22:24:28 +02:00
Jakub Onderka 29dba5637a fix: [correlations] IPv6 CIDR correlations works 2020-05-08 21:40:26 +02:00
Jakub Onderka 7b26546252 fix: [correlations] Removed unnecessary Redis call 2020-05-08 21:39:50 +02:00
Jakub Onderka c09ef4b8c2 fix: [correlations] Remove references to not exists type 'domain-ip' 2020-05-08 21:28:45 +02:00
Jakub Onderka 91139482cf chg: [correlations] Use faster algorithm for IPv6 correlations 2020-05-08 21:16:33 +02:00
chrisr3d b3a94a18f5 add: [restSearch] OpenData export module 2020-05-06 18:15:30 +02:00
chrisr3d 83fe3c1b4c add: [restSearch] Added opendata to the valid formats 2020-05-06 18:15:18 +02:00
iglocska eed82bff99
new: [API] added threat_level_id as a restSearch filter 2020-05-05 18:07:51 +02:00
iglocska e2bbece354
Merge branch '2.4' of github.com:MISP/MISP into 5802 2020-04-30 08:30:01 +02:00
mokaddem 720aa4a7db
Merge remote-tracking branch 'origin/2.4' into feature/tags-deletion 2020-04-29 09:00:31 +02:00
iglocska 1c3dc3fe51
Merge branch '2.4' into 5272 2020-04-28 15:31:17 +02:00
mokaddem 94bf826841
Merge remote-tracking branch 'origin/2.4' into JakubOnderka-event_loading_speedup 2020-04-28 11:39:51 +02:00
Jakub Onderka f0ada41963 chg: [internal] Speed up of loading event page 2020-04-27 16:00:28 +02:00
mokaddem eebde57ee1
fix: [attribute:restSearch] Make sure to always pass all tags to Decaying's 
computation function
 2020-04-27 10:45:19 +02:00
mokaddem 3547a8a888
fix: [correlations] Update correlations on Attribute or Event 
`distribution` change
 2020-04-17 11:29:09 +02:00
mokaddem dd1be03597
Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0 2020-04-09 14:26:48 +02:00
iglocska 20e1c62d11
fix: [API] fixes to set_filter_uuid 2020-04-02 07:02:24 +02:00
iglocska 150b5f7338
fix: [search] Fixed the UUID / ID searches on the attribute scope, fixes #5636 2020-04-01 23:14:29 +02:00
mokaddem 04dcdebb1f
new: [galaxyCluster] Initial import of Galaxy2.0 codebase - WiP 2020-03-12 10:26:09 +01:00
mokaddem 4f3ed331f0
chg: Removed unwanted indentation 2020-03-06 10:58:50 +01:00
mokaddem 2061707932
fix: [attribute:validation] Better validation of IPv6-[dst/src] and 
improved display.

fix #5682
 2020-03-06 10:54:06 +01:00
mokaddem 5de5453dbd
Merge branch '2.4' of github.com:MISP/MISP into pr-feature/tags_deletion 2020-02-27 11:19:53 +01:00
mokaddem 8d11600e2b
chg: [tag] Support of untagging in Object's Attribute and other fixes 
- deleted: 0 is correctly handled
- stopped usage of `editAttribute` from Attribute Controller
 2020-02-27 11:17:21 +01:00
iglocska 9913d194fa
fix: [correlations] fix to an issue where attribute edits could purge correlations 
- bug introduced by a merge gone wrong
- attribute edits that modify fields that do not affect the correlations (such as to_ids, comment, etc) would cause correlations to be purged
 2020-02-26 14:28:29 +01:00
mokaddem f94c693aa0
fix: [decaying] Attributes not having a DM associated will be defaulted 
as `not decayed`
 2020-02-21 14:47:52 +01:00
Tom King bee49f7028 Merge remote-tracking branch 'upstream/2.4' into feature/tags_deletion 2020-02-13 16:17:03 +00:00
mokaddem 8e2da13e0e
Merge branch '2.4' into enforce-iso-datetime 2020-02-10 14:18:14 +01:00
iglocska 4806652448
fix: [API] several fixes to the Bro API 
- always use flatten:1 to also include object attributes
- fix the generated full export to only include the header once
 2020-01-31 11:45:23 +01:00
iglocska bae2717eaf
new: [API] Enveloping improvements 
- user controlled envelope settings to control memory estimation for attribute/event sizes
- logging of potentially too large events for the current memory envelope
- tuning of the default values
- added a divider for the event:attribute conversion to account for objects / event level contextualisation / correlations
 2020-01-29 22:33:27 +01:00
mokaddem b03d86221b
chg: [attribute:type] Datetime value is forced to be a valid ISO format 
- It is converted into UTC in the server
- /attribute/add Form includes javascript validation part
 2020-01-28 14:38:58 +01:00
Jakub Onderka ed6bb367e3 chg: [UI] Disable Advanced extraction button if it is not installed 2020-01-26 18:56:41 +01:00
Jakub Onderka 73b9513a38 chg: [internal] Refactoring malware handling 2020-01-26 18:56:41 +01:00
Jakub Onderka 6f212dd97c
chg: [UI] Resizing images 2020-01-24 10:58:01 +01:00
mokaddem d16369f4b3
Merge branch '2.4' of github.com:MISP/MISP into pr-view_picutre 2020-01-24 10:42:35 +01:00
iglocska f88743cb7a
fix: [internal] slight tuning to the attribute restsearch memory envelop size 2020-01-23 09:45:27 +01:00
Alexandre Dulaunoy 42f106610b
chg: [attributes] new attribute type 'chrome-extension-id' 
This attribute is used by Chrome to uniquely identify extension.
 2020-01-21 09:40:25 +01:00
mokaddem 2a5112cc1e
Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final 2020-01-17 09:20:49 +01:00
mokaddem 96c1f41ffd
chg: [attributeTag] Stop pruning outdated attribute tag when syncing. 
Will be re-enabled in the future
 2020-01-16 15:13:10 +01:00
mokaddem 5c97c5da53
fix: [Attribute:editTag] Correctly escalate the timestamp refresh to the 
Object
 2020-01-16 11:02:56 +01:00
Tom King 0a4fbc80c5 Merge branch '2.4' into feature/tags_deletion 2020-01-14 10:03:44 +00:00
Alexandre Dulaunoy 7a82a9f8d7
new: [attribute type] kusto-query attribute type 
Kusto query is the query language for the Kusto services in Azure used
to search large dataset. It's used in Windows Defender ATP Hunting-Queries
and also Azure Sentinel (Cloud-native SIEM).

To fix #5475
 2019-12-28 15:21:19 +01:00
mokaddem 7797aeed94
Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final 
Not a simple merge. Needed to fix forms and simplified how
form_seen_input works
 2019-12-16 13:36:01 +01:00
mokaddem 092348ffcd
chg: [Attribute:seen] Moved conversion iso<->utc of fs/ls in dedicated 
functions
 2019-12-16 10:47:07 +01:00
iglocska 208e9e9cfc
fix: [API] include the local flag in tags when using restSearch 2019-12-11 10:29:45 +01:00
mokaddem a1fdea754d
Merge branch 'zoidberg-timeline' into zoidberg-final 2019-12-06 15:40:51 +01:00
Alexandre Dulaunoy a740d14593
chg: [types] new eppn attribute type added - EduPersonPricincipalName 
Fix #5448
 2019-12-05 19:22:38 +01:00
iglocska bde75e9443
fix: [internal] attribute restsearch - handle empty lines returned from the module better 
- no more empty lines hopefully in some exports
 2019-12-05 09:42:49 +01:00
iglocska 5768ff9485
fix: [internal] hard delete of attributes after a soft delete fixed 2019-12-04 16:11:38 +01:00
iglocska 1c5afa49ed
new: [refactor] Massive internal refactor and cleanup of deprecated APIs 
- new centralised restSearch function in AppController as entry point via all controllers
- new component handling restSearch related support functions, such as parameter mapping
- hollowed out all deprecated export functions on the event/attribute controller
  - replaced with a new functionality that remaps them to restSearch
  - all functionality should be maintained with all additional advantages introduced with restsearch
- additional cleanup (some unused functions removed)
 2019-11-29 10:11:30 +01:00
Andras Iklody ae5c228c05
Merge pull request #5273 from JakubOnderka/patch-54 
fix: [internal] Remove unused function
 2019-11-26 13:42:56 +01:00
Tom King 34c5570692 new: Allow for attribute tag deletion via Event or Attribute edit. Clean and return the attribute tags on response from editing an attribute, update code to remove legacy 2019-11-26 12:27:15 +00:00
iglocska e4c82eb9ff
fix: [API] adding objects now has better validation errors 
- instead of silently dropping attributes in certain cases
 2019-11-15 14:11:24 +01:00
iglocska 0f40cef0f1
fix: [internal] Attribute/Event connectors for attribute_timestamp added 2019-11-11 16:09:54 +01:00
mokaddem e396941dcf
fix: [attributes:restSearch] Fixed typo 2019-11-08 15:25:53 +01:00
mokaddem 437490872b
chg: [restSearch] Improved meta-search code 
- Correctly returns nothing if search on metas does not return anything
- Renamed `orgc.sector` into `org.sector` while still being `orgc`
behind the hood
- Removed duplicated code
 2019-11-08 11:37:43 +01:00
mokaddem 8e60c3d8d4
Merge branch '2.4' of github.com:MISP/MISP into feature-meta-search 2019-11-08 11:15:34 +01:00
iglocska c4f1d4d15e
new: [SightingDB] Added integration with SightingDB 
- Added configuration tool
- Added lookups from the event view
- Added includeSightingdb flag for the restSearch searches
- Added SightingDB search tool
- Added SightingDB connection test tool
 2019-11-06 21:20:04 +01:00
mokaddem a53a06d080
new: [attribute:restSearch] Support of Orgc and GalaxyElement meta searches 2019-11-06 11:12:30 +01:00
Jakub Onderka caa62220ff new: [internal] Attribute::isImage method 2019-10-12 09:34:49 +02:00
mokaddem 015ec7d989
Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline 2019-10-08 14:12:38 +02:00
iglocska 173054ccd3
fix: [internal] Set attribute restsearch page to 1 if limit is set without setting the page number 2019-10-08 08:27:21 +02:00
Jakub Onderka 87b568526f
fix: [internal] Remove unused function 2019-10-05 23:17:19 +02:00
garanews 85c28ce36e Fix some typo 
Fix some typo
 2019-10-04 13:02:59 +02:00
mokaddem b44b369eec
Merge remote-tracking branch 'origin/2.4' into zoidberg-timeline 2019-10-02 14:35:00 +02:00
mokaddem 265f96dac8
chg: [object:quickAddAttribute] Improved feedback when creation fails 2019-10-02 14:30:34 +02:00
mokaddem bb3cf85776
Merge branch '2.4' into zoidberg-timeline 2019-10-02 11:23:04 +02:00
Alexandre Dulaunoy 11e4884628
add: [attributes] new dash cryptocurrency address attribute type 2019-10-01 19:47:26 +02:00
iglocska c53f34e33d
fix: [correlation] Skip correlation on tasks that modify an attribute in a way that wouldn't warrant a recorrelation, fixes #5204 
- Only recorrelate attribute if:
  - attribute is new
  - attribute already exists and value, disable_correlation, type is updated
 2019-09-29 21:07:35 +02:00
iglocska 8168cc79db
fix: [API] proposals overriding attributes wasn't always working as expected, fixes #4032 
- until now it was bound to the to_ids setting (badly) which caused nothing but headache
- moved the new configuration to instead use the non-permissive nature of the given export formats

- non-permissive export: if the proposal block is enabled, override attributes
- permissive export types: ignore the proposals

The reasoning is simple: we use the permissive export types for types that can express additional structures such as proposals, IDS flags, publish flags etc (meaning the MISP JSON/XML formats for example)
 2019-09-29 20:35:51 +02:00
iglocska 480e3b2969
Merge branch 'dev_session' into 2.4 2019-09-29 20:23:00 +02:00
iglocska bf35987835
fix: [internal] Proposals block attributes setting broken when to_ids is an array 2019-09-29 18:33:32 +02:00
iglocska 40cf160c53
new: [API] Netfilter added as new export format 2019-09-25 20:17:25 +02:00
iglocska 946602a696
new: [User settings] Added user settings system 
- set settings / user
- settings can be set by user themselves or their org admin / site admin
- added first setting: publish_alert_filter
- accepts boolean branched filter options
  - supports deep logical trees
  - OR/NOT/AND
  - currently supports filtering on tags and the creator organisation
 2019-09-25 11:50:54 +02:00
chrisr3d c0aec75a09 Merge branch '2.4' of https://github.com/MISP/MISP into 2.4 2019-09-12 17:13:19 +02:00
chrisr3d fbb25bad6f
new: [restSearch] restSearch module for ATT&CK Sightings 
- Returning ATTA&CK Sightings in json format for
  events and attributes with mitre-attack-pattern
  galaxies attached
- For further details on the ATT&CK Sightings,
  please visit https://attack.mitre.org/resources/sightings/
- Also thanks to @johnwunder for the clarification
  on the output format
 2019-09-12 17:03:35 +02:00
mokaddem f6f1310a50
chg: [decaying:model] Third batch of fix from the PR review - WiP (not tested) 2019-09-12 11:17:33 +02:00
mokaddem 515f0572df
chg: [decaying] Added alias `score` to override on-the-fly the treshold 
of a model
 2019-09-06 14:55:12 +02:00
mokaddem 893dd617c8
chg: [attribute:restSearch] New paramter `includeFullModel` to attach 
full model information
 2019-09-06 11:32:54 +02:00
mokaddem a5d06d1333
Merge branch '2.4' of github.com:MISP/MISP into decaying 2019-08-29 10:52:18 +02:00
Pierre-Jean Grenier 1994750db1 fix: Fix 'contain' param in app/Model/Attribute.php:fetchAttributes() 
When we specified eg. 'contain': array('Event'), the merge done by the function was incorrect, and only kept more restrictive stuff,
while we wanted to get all the keys related to the Event.
 2019-08-26 17:59:12 +02:00