- fixed error during update Job date_modified field (SQLSTATE[22008]:
Datetime field overflow: 7 ERROR: date/time field value out of range)
- fixed error during fetching events while updating from feeds (
SQLSTATE[42P01]: Undefined table: 7 ERROR: missing FROM-clause entry for
table events)
- fixed Feed edit view with wrong boolean forms (combobox instead
checkbox)
The enrichment background process did not do anything to update the job
after completing its task. I used the same logic as the adjcacent
'publish' function to record progress, update the message and create a
log entry.
- select and run a set of enrichments on all applicable attributes of the event
- exposed to the API
- exposed to the command line tool
- adheres to attribute distributions
- Fixed file header formatting for the export to Bro format (tabs used consistently).
- Computing the time needed for generating the export to Bro format when done using a background job.
- When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside.
- Changed the file extension of Bro export files from ".intel" to ".txt".
- Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS).
- Fixed some of the API endpoints which were not accepted (ACL issues).
- Added support for a list of events that should be / should not be included in the export.
- Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute.
- Sanitized the exported data for Bro.
- Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
- Tightened the rules for export generation when no valid published events exist
- Corrected various issues with the progress bars
- Added the missing JSON export to the caches
- XML/JSON caches now correctly take into account the cached attachent inclusion setting
- MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not
- Added correct progress bar to the HIDS export
I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
Golbark