MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
766 Commits
58 Branches
373 Tags
196 MiB
Commit Graph

288 Commits (fd1a9852515f6704016604229febd1875468d0a0)

Author SHA1 Message Date
noud c8c58fa1b9 PHP 
CakePHP php minimum_version="5.2.8" but lcfirst was introduced in PHP
5.3, so i reverted to 'strtolower(substr('.
 2012-11-19 11:02:59 +01:00
noud 491b225953 users views 
whole menu in admin_view.
active delete button in edit.
 2012-11-19 10:47:36 +01:00
noud 1cddb6abe0 distribution 
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities

Push is tested, pull not yet.
 2012-11-16 15:25:57 +01:00
noud 5d37e93eb6 code 
have the distribution description in one place, just the model.
 2012-11-16 11:43:47 +01:00
noud 51145da87a index 
some line disapeared, in view as well on attribute level.
Andras Iklody suggested a html non breaking space, that worked.
 2012-11-16 10:18:37 +01:00
noud f9190907c0 sync 
admin must be able to delete servers, Andras corrected.
 2012-11-15 13:36:39 +01:00
noud 6cdf440ef6 sync 
admins must be able to delete a server.
 2012-11-15 13:02:56 +01:00
noud 7e01b300b8 logout 
keep the logout in footer as well (besides the logout in menu).
 2012-11-15 11:38:37 +01:00
noud 5bcad4ee99 RBAC 
use $isAclAdd for New Server.
 2012-11-15 11:25:09 +01:00
Andras Iklody ff822c8bb6 Cleaning up and changing the user guide 
- user guide: information about the new number of attributes field in the list of events added
- updated the event showing a list of events
- removed obsolete images
 2012-11-14 17:27:38 +01:00
noud ea0ab59e4f code standards 
corrections toward code standards.
 2012-11-14 17:16:36 +01:00
noud b84bc50c56 index 
some line disapeared.
Andras Iklody suggested a html non breaking space, that worked.
 2012-11-14 16:43:24 +01:00
noud ff9acf6fde count 
result view for AttributesController::checkComposites()
 2012-11-14 16:24:57 +01:00
noud 6b06ba7ff6 count & GFI Sandbox 
count # attributes in events index.
plus various fixes for distribution in correlation of a GFI Sandbox
upload.
 2012-11-14 16:14:04 +01:00
Andras Iklody 5ed034ecea Small change to the user guide 
Fixed the table of contents misalignment and added a line about IE9/10 compatibility mode causing issues
 2012-11-14 11:48:15 +01:00
noud 3af7e001ff RBAC 
corrected mayModify in Attribute/edit.ctp.
 2012-11-13 14:34:37 +01:00
Andras Iklody 7543a2aa06 Change to the user manual 
Again a slight change, removed a script that numbered the <h2> headers for the ToC creation. Also fixed a few images.
 2012-11-09 15:32:39 +01:00
Andras Iklody 0566304530 Update to the new user guide 
The old script to create an automatic table of contents was accidentally left in in the previous version, it is removed now.
 2012-11-09 15:18:30 +01:00
Andras Iklody 051f11fc0e New user guide 
User guide for cydefsig v2
 2012-11-09 14:34:02 +01:00
noud 911c9a8da6 RBAC 
admin can always publish.
 2012-11-09 11:35:32 +01:00
noud bcf5e58888 RBAC 
slight better left menu if no <ul><li>items.
 2012-11-09 11:28:51 +01:00
noud 94926312d9 RBAC 
better users views.
 2012-11-09 11:09:39 +01:00
noud 7eb2c0f4df RBAC 
servers, but add only when Manage Organization Events.
 2012-11-09 10:41:16 +01:00
noud 4d132d4cd7 RBAC 
do not show New Event if no right.
 2012-11-09 10:26:16 +01:00
noud 55f9b594d7 RBAC 
just edit your own did still give edit org as well.
can be tested if now correct.
 2012-11-09 10:14:40 +01:00
noud a2bc237bcd RBAC 
should now respect Manage, so also edit, own and org events.‏
 2012-11-08 14:09:52 +01:00
noud f7c5127da2 RBAC 
change the “Requested Level of User Access” items
conform "draft of Terms-ofUse and Joining Instruction".‏
 2012-11-08 10:31:50 +01:00
noud 12ebfafe16 RBAC 
role only add could still publish her own events,
this should be not possible anymore.
 2012-11-07 16:02:36 +01:00
noud 36292259aa contact reporter 
Submit to org button in the contact reporter view – changed it
to just submit, having the tickbox to contact a person only + the submit
to org button seems a bit confusing.
 2012-11-05 13:28:43 +01:00
noud f66b199f26 distribution 
removed No push as a distribution.
 2012-11-05 13:05:31 +01:00
noud 3e46eaa5ea logout 
moved logout from footer right to Global Actions.
 2012-11-05 12:55:14 +01:00
noud d55f226275 distribution 
now attributes do work same for pull like push.
 2012-11-05 12:49:51 +01:00
noud ed1d5bf063 Search attributes 
disallow invalid combinations of types and
categories which would always throw 0 results.
 2012-11-02 11:51:10 +01:00
noud 60910ae5db RBAC 
name all Role i.s.o. Group.
 2012-10-31 17:10:59 +01:00
noud 49a21bf6a5 version 
show version in footer and only when logged in.
 2012-10-31 16:52:27 +01:00
noud 2b478605a5 Flags 
correct from 50*50 to 48*48, so it's an icon size.
 2012-10-31 15:54:15 +01:00
noud c40ca77aa2 whitelist 
menu in views.
 2012-10-30 15:46:32 +01:00
noud 71179a946f Users 
name Delete User on button i.s.o. Delete.
 2012-10-30 15:32:27 +01:00
noud cbadc469c5 Users 
inactive Delete during edit of My Profile.
 2012-10-30 15:30:08 +01:00
noud f111a5e915 Users 
inactive Delete User in My Profile.
 2012-10-30 15:23:24 +01:00
noud f3066ddbf8 minor 
cleanup of groups, logs and whitelists views.
 2012-10-30 15:01:59 +01:00
noud 2e872430f6 ExtJs 
does not show on production.
this is the ExtJs not being there?
or php (>5.2.8) not build without --disable-json.
 2012-10-30 14:15:07 +01:00
noud 099dd8398f distribution 
border="1"-testleftover removed.
 2012-10-30 13:19:34 +01:00
noud ed56d7c29c distribution 
if distribution is All, so not displayed in an index nor in attributes
per event, there is missing a line-part in IE.
Did add 1 space for All, this will maybe display the line-part again.
 2012-10-30 13:16:46 +01:00
noud f82c3f5f0c dropdowns 
let the risk dropdown in event add and edit behave like the other
dropdowns.
 2012-10-30 12:54:04 +01:00
noud a19571fed4 Internationalisation 
just small __() for translation lateron.
 2012-10-30 10:18:11 +01:00
noud bf6f86c5aa RBAC 
We have a rule(?), if so:
$isAclAdd || $event['Event']['user_id'] == $me['id'].
This rule, i "have add right OR the event was and is already mine".
if that's correct, that was forgotten in the actions_menu.ctp.
 2012-10-26 10:34:24 +02:00
noud f56cb25bed Merge branch 'master' into develop 2012-10-25 15:23:22 +02:00
noud f296a9381e RBAC 
real inactive buttons.
 2012-10-25 15:00:43 +02:00
noud e01dd6de77 distribution 
do not display distribution 'All' in Events index or Event view.
 2012-10-24 08:57:41 +02:00
noud 5149952c9d JQuery 
bump JQuery from 1.7.2(.min) to 1.8.2(.min).
 2012-10-24 08:29:07 +02:00
noud a502b4dde7 IDS Signature 
corrected wrong description for IDS Signature.
 2012-10-24 08:22:49 +02:00
noud 7a7a1142f6 distribution. 
distribution on add is default "All".
 2012-10-23 12:16:16 +02:00
noud 4b096fa584 distribution 
changes and cleanup.
 2012-10-23 11:28:39 +02:00
Andrzej Dereszowski 25e63dda68 Wording change 
Changed Private column to Distribution + some minor vocabulary changes.
 2012-10-22 16:29:08 +02:00
noud e300ab7ffa Merge branch 'master' of ssh://misp.ncirc.nato.int/home/git/cydefsig.git 2012-10-22 15:14:33 +02:00
noud c512be8064 JQuery 
bump JQuery from 1.7.2(.min) to 1.8.2(.min).
 2012-10-22 13:38:52 +02:00
noud e13d6f26e8 IDS Signature 
corrected wrong description for IDS Signature.
 2012-10-22 13:24:45 +02:00
noud e693571fde private 
description in event::view().
 2012-10-22 11:18:53 +02:00
noud 7077d1e8d4 GFI sandbox. 
better representation of a downloadable attribute
in a link (just href the file name, not including the path).
 2012-10-19 10:04:20 +02:00
noud 67e50cb612 Private 
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).

Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
 2012-10-17 14:45:26 +02:00
noud 9435419ebc RBAC 
Group in user profile is no link.
 2012-10-11 17:17:21 +02:00
noud f400755f7c RBAC 
more correct deactivated buttons being gray but as well having no
effect.
 2012-10-10 16:13:53 +02:00
noud e1aed1c4c1 RBAC 
removed a leftover on in-activating buttons that did show on IE.
 2012-10-10 15:51:18 +02:00
noud 870372fb07 Merge branch 'master' into develop 
Conflicts:
	app/Config/bootstrap.php
 2012-10-10 08:37:12 +02:00
Andrzej Dereszowski 6698e4c05e Cosmetic changes 
Descriptions in the export functionality polished.
 2012-10-09 16:08:38 +02:00
noud d112775251 Merge branch 'master' into develop 2012-10-09 13:10:27 +02:00
noud 93720a6228 Comment. 
The actual view to be able to send comment to Org or Owner/user_id.
 2012-10-09 12:57:45 +02:00
noud 0d1cb464b5 Merge branch 'master' into develop 2012-09-25 16:20:15 +02:00
noud f62dbfd595 Code Standards 
Cleanup (again) the AppHelper.
 2012-09-25 16:14:20 +02:00
noud ec0892a6ad Merge branch 'master' into develop 
Conflicts:
	app/Config/bootstrap.php
 2012-09-25 15:54:25 +02:00
noud af6cb0e896 CakePHP 
Removed diffs that already are placed in build/patches.
 2012-09-25 15:46:50 +02:00
noud 18fb8a7a64 CakePHP 
Update from CakePHP to version 2.2.2
as well as needed patch files.
 2012-09-25 15:41:58 +02:00
noud 01ebbbb7d2 Merge branch 'master' into develop 2012-09-25 11:25:27 +02:00
noud c305af94e9 CakePHP 
To be able to update CakePHP (regularly),
we found the current differences and now
put these diffs to build/patches.

Patches are now relative to $CakePHP_HOME.
 2012-09-25 11:22:12 +02:00
noud 8f3d624c1a Merge branch 'master' into develop 
Conflicts:
	app/Controller/AppController.php
	app/Controller/AttributesController.php
	app/Controller/EventsController.php
	app/Controller/ServersController.php
	app/Controller/UsersController.php
	app/Model/Attribute.php
	app/Model/Event.php
	app/Model/Server.php
	app/Model/User.php
	app/View/Attributes/edit.ctp
	app/View/Attributes/index.ctp
	app/View/Elements/actions_menu.ctp
	app/View/Events/add.ctp
	app/View/Events/index.ctp
	app/View/Events/view.ctp
	app/View/Events/xml/view.ctp
	app/View/Servers/index.ctp
	app/View/Users/admin_index.ctp
 2012-09-24 16:02:01 +02:00
noud 8179a1a691 Merge and code standards. 
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
 2012-09-24 09:02:09 +02:00
noud 83c56ebbc0 Pagination 
Same pagination in Events as in Attributes.
 2012-09-21 08:51:00 +02:00
noud 3e5ec0e801 CakePHP 
Located the patches done to CakePHP to be able to upgrade CakePHP.
 2012-09-20 15:59:01 +02:00
noud 1d04652476 CakePHP Coding Standards 
changed to camel caps format where needed.
 2012-09-19 11:05:10 +02:00
noud ef9b71120b RBAC 
Terms page missed button deactivation.
 2012-09-18 17:07:33 +02:00
noud a4c29a812f XML related. 
Made tools/curl/input/event.xml more anonymous.
Events/xml/view.ctp wrongly showed category_order.
REST Event add did not work anymore given GFI sandbox import.
 2012-09-18 16:50:07 +02:00
noud 94a367c2f5 CakePHP Coding Standards 
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html

Eclipse:
Window->Preferences
	General->Editors->Text Editors
		Displayed tab width:	4
		Insert spaces for tabs	NOT
	PHP->Code Style->Formatter
		Tab policy:	Tabs
File->Convert Line Delimeters To->Unix [default]

http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/

Not yet done is all camel caps format.
 2012-09-18 15:30:32 +02:00
noud 253d8e1b58 Merge branch 'master' into develop 
Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
	app/View/Events/view.ctp
 2012-09-17 13:02:53 +02:00
Christophe Vandeplas fd05d14602 fixes inconsistent relatedAttributes and relatedEvents arrays with 
different correlation implementations
 2012-09-04 16:14:10 +02:00
Christophe Vandeplas 35e1a455cd further cleanup of logo improvement 2012-08-31 10:45:54 +02:00
Christophe Vandeplas 05efc43f36 fixes bug of bad implementation of header logo 2012-08-31 10:45:39 +02:00
Christophe Vandeplas be10754474 improve logo and email display features 2012-08-31 10:23:40 +02:00
Andrzej Dereszowski 74764d4e8b Merge branch 'master' of code.lab.modiss.be:cydefsig 
Conflicts:
	app/Controller/Component/NidsExportComponent.php
 2012-08-30 10:59:07 +02:00
noud 5c39a46fc8 Sync. 
Better square and croped images.
 2012-08-29 13:11:00 +02:00
noud 4ae71fc963 Sync. 
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).

To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
 2012-08-28 15:36:14 +02:00
noud 4cec4e69f9 correlation. 
do not use the AttributesController::event now,
just use the old EventsController::view.
 2012-08-24 14:06:08 +02:00
noud 7d98c5f31e GFI Sandbox upload. 
If add event, give a GFI Sandbox export file upload field option.
Unzip, read .xml, add attachment malware, created files and ip-dst.
 2012-08-22 16:04:55 +02:00
Christophe Vandeplas df46c4d93b minor layout improvement on the export info page 2012-08-20 14:32:53 +02:00
noud 17ed90ddc4 Correlation speedup using AttributesController i.s.o. EventsController. 
We forgot to change some view things using the right controller.
 2012-08-07 11:59:11 +02:00
noud b0614c5b95 Whitelist. 
Mention the whitelist for NDIS export on Export page.
 2012-08-06 10:44:16 +02:00
noud b24acfb4a5 Whitelist. 
An admin can maintain a whitelist of host, domain name and ip numbers.
In the NIDS export lines containing whitelist items are commented out.
 2012-08-06 10:42:46 +02:00
noud 2dea0e347d Correlation performance gain. 
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');

possible values: 
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
  (sql improvement possible if result conform db above)

Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)

          default     db    sql
all         25366  16601  15941
            24839  16604  15611
paginated   16759   8447   6615
            17734   8639   8846

this is used in both:
- events/view/<id>
- attributes/event/<id>
 2012-08-03 12:00:16 +02:00
noud bda5e56f9b Export HIDS files with MD5 and SHA-1. 2012-07-27 15:19:40 +02:00
Andrzej Dereszowski 3ff180e898 Merge branch 'develop_0.2.2-0.2.3' into develop 
Conflicts:
	app/Config/Schema/schema_0.2.2.php
	app/Config/routes.php
	app/Controller/AppController.php
	app/Controller/UsersController.php
	app/Model/User.php
	app/README.txt
 2012-07-24 16:09:48 +02:00
git 8ba98a1e57 Rollback of pagination on event view 
Comeback to previous event layout. This does not change the preformance issue so it is not worth to put in stable.
We will move it to the devel branch
 2012-07-24 15:44:04 +02:00
noud de89d28caa Fix, paging on event with lots of attributes. 2012-07-20 13:27:55 +02:00
noud 25d5ff4290 Show events with user.email if admin. 2012-07-19 14:53:12 +02:00
deresz d879deb027 news: removed some old stuff 
EventsController: contact mail display name from the config file
 2012-07-19 09:48:45 +02:00
Andrzej Dereszowski bf98f2db3c Merge branch 'develop_0.2.2_fixes' into develop 
Conflicts:
	app/Model/Attribute.php
 2012-07-11 16:15:27 +02:00
deresz ebec1d7f26 Make the documentation "brand-neutral" to be able to develop it in a community. 2012-07-11 11:03:18 +02:00
noud 50e24c7c56 Upload always ticked if malware-sample, always unticked if attachment. 2012-07-11 09:48:44 +02:00
noud 8f4727e3ad Correction to upload so zip only ticked when malware and not when 
attachement.
 2012-07-10 11:39:43 +02:00
noud 4ac501d54e Only show categories with type attachment or malware-sample in Add 
Attachement view. (this was..No possibility to upload if type
attachement or malware-sample is not in category.)
 2012-07-09 14:14:55 +02:00
noud ed41233f2a No possibility to upload if type attachement or malware-sample is not in 
category.
 2012-07-06 13:48:17 +02:00
deresz dbf7fafea8 Correction to "link" attribute type - links were not actually created. 
Also changed it to proper "cake" way.
 2012-07-04 15:51:19 +02:00
noud 9c1c32f959 Audit and Access Control granulation in News page. 2012-06-29 09:36:47 +02:00
noud 66c5312ea6 DataBase migrate, Audit and Access Control granulation. 2012-06-28 17:24:12 +02:00
root b4558887ce Revert "Audit and ACL first cut." 
This reverts commit 5818231f48.
 2012-06-26 09:40:52 +02:00
noud 5818231f48 Audit and ACL first cut. 2012-06-25 15:54:52 +02:00
Christophe Vandeplas 66a9950d14 minor improvement in usability on index pages 2012-06-25 08:00:08 +02:00
Christophe Vandeplas cd5d53b22b fixed bug in termsaccepted 2012-06-08 17:34:06 +02:00
Christophe Vandeplas 5eb6a89384 removed reference to useless user_id. 
fixed bug where Contact reporter doesn't work when user does not exist
(contact reporter now sends mails to all the org)
 2012-06-08 16:57:10 +02:00
Christophe Vandeplas e453ee0e97 Sanitize::html() to h() for views is the way to go 2012-06-05 10:00:36 +02:00
Christophe Vandeplas 39fb9bca1d Attribute types validation is now a separate function that uses the 
Attribute->type_definitions variable
 2012-05-31 17:12:26 +02:00
Christophe Vandeplas 8505396b25 select boxes with filtering now 2012-05-30 18:11:44 +02:00
Christophe Vandeplas f35c311651 improved documentation 2012-05-30 17:13:35 +02:00
Christophe Vandeplas 24e7139e45 minor fix in Attribute tooltip 
more documentation (autogenerated)
 2012-05-30 10:24:57 +02:00
Andrzej Dereszowski 7ee4d29fac Fixed merge conflicts with HEAD at belmod 
Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop

Conflicts:
	app/Controller/EventsController.php
	app/Model/Attribute.php
 2012-05-29 17:19:36 +02:00
Andrzej Dereszowski 1a91c2f49b Help messages implementation (forms and list views). 2012-05-29 16:53:50 +02:00
Andrzej Dereszowski 51dbbcfa13 Explanation messages implemenented for forms and for list views (using 
"title" html element)
 2012-05-29 16:50:45 +02:00
Christophe Vandeplas e4feaaa013 Part of the documentation added - docu written by Miguel Soria Machado 
(CERT-EU)
 2012-05-25 14:56:58 +02:00
Christophe Vandeplas 747c211723 auto-upload when publish event 2012-05-25 09:31:14 +02:00
Christophe Vandeplas efa590de23 moved some functions around 2012-05-25 08:13:40 +02:00
Christophe Vandeplas cd30bb5d30 push / pull seems to work with attachment support. Lots of testing 
required.
 2012-05-23 16:32:46 +02:00
Christophe Vandeplas 6d8b0a98b0 attachment support in REST API 2012-05-22 13:58:37 +02:00
Christophe Vandeplas 93c96ff7c3 minor layout improvement 2012-05-21 13:42:16 +02:00
Christophe Vandeplas c713d6498f fixes previous commit 2012-05-21 13:41:04 +02:00
Christophe Vandeplas 04ffe374a1 layout improvement in attribute display 2012-05-21 13:34:53 +02:00
Christophe Vandeplas 6da1906bf4 fixes typo in alert message 2012-05-16 10:27:09 +02:00
Christophe Vandeplas c426537c73 fix recommendation of pentest for autocomplete 2012-05-14 10:48:23 +02:00
Christophe Vandeplas e452460242 added CyDefSIG.name to allow changing the title of the site 2012-05-04 09:52:45 +02:00
Christophe Vandeplas f675d7d6d0 more fixes for the sync 2012-05-03 14:52:49 +02:00
Christophe Vandeplas 9e9837d59d Basic sync push seems to work 2012-05-03 14:32:49 +02:00
Christophe Vandeplas e5c0c5b081 do not show related events if the variable was not set 2012-04-26 18:50:58 +02:00
Christophe Vandeplas f0b8f89d50 fixes lowercase attribute bug in xml output of Events/view and hide 
value1 and value2 from the output
 2012-04-26 18:48:05 +02:00
Christophe Vandeplas 7ee4ab7035 fixes issue 64 2012-04-26 15:18:33 +02:00
Christophe Vandeplas 8bd7b45248 Fixes issue 66 - https://code.lab.modiss.be/p/cydefsig/issues/66/ 2012-04-26 11:15:12 +02:00
Christophe Vandeplas aea079b8c4 bugfix in Attribute validation 
Do not search for related attributes for specific types
 2012-04-25 10:30:23 +02:00
Christophe Vandeplas d0b52de85e fixed typo 2012-04-25 09:50:40 +02:00
Christophe Vandeplas 388f3cc445 Merge commit '280baac98902789ee69186539474a2e82156659e' into develop 
Resolved Conflicts in:
	app/View/Events/view.ctp
 2012-04-25 09:04:07 +02:00
Andrzej Dereszowski 280baac989 patched deleting of attributes 2012-04-15 19:41:50 +02:00
Andrzej Dereszowski 29c5411ece minor cosmetic changes 2012-04-13 10:53:53 +02:00
Christophe Vandeplas 87e12448ab Start of documentation concerning REST. 2012-04-07 09:38:15 +02:00
Christophe Vandeplas c2975a77a4 Allow saving of data using REST API 2012-04-07 08:31:01 +02:00