MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,666 Commits
35 Branches
366 Tags
190 MiB
Commit Graph

1672 Commits (fe83ea6b7ae36bf2d65e461013d529f28c6ddce1)

Author SHA1 Message Date
iglocska e24d3bf2d3
fix: [correlations] save the distribution state of the event before/after saving it, fixes #8528 
- only trigger a correlation update with the new distribution if it actually changed
- should remove a massive additional load on the table

- thanks to @github-germ for noticing this!
 2022-08-12 16:06:08 +02:00
iglocska d923fe23aa
new: [taxii integration] wip 
- all MISP side code implemented for being able to have filtered pushes
- still missing proper result handling as we need a working test implementation of the python scripts first
- some assumptions made that need to be revisited
 2022-08-12 15:10:06 +02:00
iglocska 0f15344cff
Merge branch 'value1' into develop 2022-08-11 14:22:34 +02:00
iglocska 54821e6297
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-08-11 14:00:03 +02:00
iglocska 7dbb0a6669
fix: [emailing] speculative fix for #8523 2022-08-11 13:59:01 +02:00
Jakub Onderka 48c8a7eab3 chg: [internal] Code cleanup 2022-08-11 12:55:23 +02:00
Jakub Onderka 14501e8a78 chg: [internal] Use less SQL queries for event fetching 2022-08-11 12:55:23 +02:00
Luciano Righetti 057a9883a0
chg: allow to restsearch attributes by value1 and value2 2022-08-10 16:07:43 +02:00
iglocska f9c76acc90
fix: [pubsub] gracefully handle events with attribute-less objects 2022-08-10 11:05:45 +02:00
iglocska b5596f687f
chg: [publishing] reverted the speculative fix 2022-08-05 14:47:03 +02:00
iglocska a3f0347a45
fix: [speculative] fix for the event publishing timing issues 2022-08-05 14:44:37 +02:00
iglocska 2516c25eae
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-08-05 14:41:44 +02:00
iglocska 77eaa86225
fix: [speculative fix] for event publishing timing issues 2022-08-05 14:41:00 +02:00
Sami Mokaddem f478841401
chg: [Tag] Helper function to attach/detach tags and bump timestamps 2022-08-05 14:33:15 +02:00
Sami Mokaddem 33d3eebd9c
chg: [event:publish] Only fetch full event if needed + added site_admin perms for the user 2022-08-05 13:16:38 +02:00
Sami Mokaddem 49575533ad
Merge remote-tracking branch 'origin/develop' into feature-workflows-2 2022-08-04 10:08:56 +02:00
iglocska a04f3964e7
new: [correlation rework] round 2 
- long list of fixes
- update scripts
- correlation engine management interface
- recorrelation/truncation tools
- various performance tunings and bug fixes
 2022-08-03 15:44:27 +02:00
Sami Mokaddem 151d23a8c2
Merge branch 'develop' of github.com:MISP/MISP into feature-workflows-2 2022-08-01 09:59:44 +02:00
iglocska 3ce754d595
Merge branch 'develop' into new_correlations 2022-07-31 23:58:40 +02:00
iglocska 3a4289d631
new: [correlation] engine rewrite 
- allow for multiple concurrent engines
  - default: similar behaviour as before, ACL enforced
  - No ACL: for endpoint misps, disable the enforcement of ACL for correlations altogether

- rework:
  - correlation entries are fully indexed reference tables
  - values are now stored separately
  - built in protection against overcorrelating values (defaults to 20 max)
  - 1 way correlations to cut the size in half
  - unsigned IDs to double the ID space
  - loads of performance improvements
  - fix to the broken event index with correlation counts enabled

- UI improvements
  - search for values from the correlation column directly (in case there are non-correlating versions of the same value)
  - added correlations to the attribute search/index

- TODO:
  - upgrade scripts
 2022-07-31 23:48:38 +02:00
Sami Mokaddem b146902a01
fix: [event:publish] Call correct trigger 2022-07-29 10:58:39 +02:00
Sami Mokaddem 7f5ce84288
new: [workflow:trigger_event_after_save] New trigger Event.afterSave 2022-07-27 10:45:05 +02:00
Sami Mokaddem 79e6d2bf54
chg: [workflow] Usage of format converter tool to convert passed data into MISP core format 2022-07-21 11:18:59 +02:00
Sami Mokaddem 354594f5ca
chg: [workflow] Made sure data is correctly converted before calling the trigger 2022-07-20 16:51:53 +02:00
Sami Mokaddem 508424aa37
chg: [workflow] Convert to MISP Core format before passing data to the workflow 2022-07-18 13:42:10 +02:00
Sami Mokaddem 6f15d18e62
chg: [workflow:tag_if] Added support of `event_attribute` scope and improved integration with queryModuleServer 2022-07-15 14:49:16 +02:00
Sami Mokaddem 74ff67d564
Merge branch 'develop' of github.com:MISP/MISP into feature-workflows-2 2022-07-12 14:14:47 +02:00
Jakub Onderka 26cc86fde2
Merge pull request #8205 from JakubOnderka/pull-optim 
Pull optim
 2022-07-09 09:01:54 +02:00
Sami Mokaddem 99a76812bc
Merge remote-tracking branch 'origin/develop' into feature-workflows-2 2022-07-07 09:09:39 +02:00
Sami Mokaddem dbcedbc505
chg: [workflow] Various improvement and added support of `enrichment_before_query` trigger 2022-07-05 11:19:18 +02:00
Jakub Onderka 83190f31c2
Merge pull request #8452 from JakubOnderka/restSearchExport-description 
chg: [UI] Event export description
 2022-06-30 10:10:06 +02:00
Jakub Onderka 640a732c29
Merge pull request #8358 from JakubOnderka/memory-leak-fix 
fix: [internal] PHP memory leak
 2022-06-29 13:32:26 +02:00
Sami Mokaddem a13c1a39e9
chg: [workflow] Improved logging capabilities and stop aborting execution if non-blocking module return false 2022-06-24 11:22:26 +02:00
Sami Mokaddem 1461f06638
chg: [workflow] Added WorkflowBaseTriggerModule class to be extended by triggers 2022-06-24 09:25:02 +02:00
Jakub Onderka 1885e972d9 fix: [internal] RestSearchExport: fetch published and unpublished events 2022-06-16 16:38:25 +02:00
Sami Mokaddem 5a7da21f04
chg: [workflow] Small improvements and refactored behavior of if blocks 2022-06-09 14:08:43 +02:00
Jakub Onderka 21f5f52988 chg: [internal] Unsubscribe code 2022-06-07 15:07:28 +02:00
Jakub Onderka c46fd203a9 new: [email] Unsubscribe 2022-06-06 18:09:46 +02:00
Sami Mokaddem 99f0c39dba
chg: [Event:enrichment] Allow specifying alist of attribute UUIDs to be enriched 2022-06-01 10:40:06 +02:00
Sami Mokaddem ec896fe1cd
chg: [workflow] Improved login and `walkGraph` execution logic 2022-05-31 11:58:18 +02:00
Sami Mokaddem e75bc1b0b0
chg: [event:publish] Publishing execute `publish` trigger 2022-05-30 15:09:25 +02:00
Sami Mokaddem d8f8225b9e
Merge branch 'develop' of github.com:MISP/MISP into feature-workflows 2022-05-30 14:37:36 +02:00
Jakub Onderka 0326d35387 chg: [sync] Reuse ServerSyncTool for pushing sightings 2022-05-30 08:28:22 +02:00
Jakub Onderka 46037748a2 chg: [sync] Use ServerSyncTool for pushing events 2022-05-30 08:28:22 +02:00
Jakub Onderka d4deca9330 chg: [sync] Optimise event filtering for push 2022-05-30 08:28:22 +02:00
Jakub Onderka b50daa886f chg: [sync] Remove duplicate blocklist checking 2022-05-30 08:28:17 +02:00
Jakub Onderka b8fb127a35 chg: [sync] Optimise checking block rule 2022-05-30 08:27:38 +02:00
Jakub Onderka f7af3c4e4e chg: [sync] Optimise removing old evens when pulling 2022-05-30 08:27:38 +02:00
Jakub Onderka d68d3d48a9
Merge pull request #8415 from JakubOnderka/faster-search 
Faster search
 2022-05-30 08:08:33 +02:00
Jakub Onderka 9675c93cd4 fix: [internal] Search attribute by multiple values 2022-05-29 20:15:57 +02:00
Jakub Onderka 21afe562ef fix: [internal] Faster RegexpBehavior 2022-05-29 17:39:10 +02:00
Jakub Onderka 5c4a126aaa fix: [internal] Checking if event exists typo 2022-05-29 16:21:25 +02:00
Jakub Onderka 7ea7b16113 chg: [internal] Faster check if org is blocked 2022-05-29 16:21:25 +02:00
Jakub Onderka bb9567f671 new: [UI] Allow to upload MISP event by pasting data to textarea 2022-05-29 16:21:25 +02:00
Jakub Onderka c4a85b4998 chg: [internal] Escape table and column name 2022-05-24 14:57:19 +02:00
Jakub Onderka 2f644a2a33 chg: [internal] Use SORT_REGULAR for array_unique 2022-05-22 18:20:12 +02:00
Jakub Onderka d086f22284 new: [internal] New method SharingGroup::authorizedIds 2022-05-22 18:03:16 +02:00
Jakub Onderka 4998ed672e chg: [internal] Delete event in transaction 2022-05-21 12:46:12 +02:00
Jakub Onderka e293da740f chg: [internal] Remove QueryTool 2022-05-21 11:40:18 +02:00
Sami Mokaddem c5af331bc5
Merge branch 'develop' of github.com:MISP/MISP into feature-workflows 2022-05-16 10:50:47 +02:00
Jakub Onderka 2f7c671adb new: [internal] Simplify checking if connection is MySQL/MariaDB 2022-05-14 10:17:06 +02:00
Sami Mokaddem 140b771989
Merge branch 'webhook' of github.com:MISP/MISP into feature-workflows 2022-05-11 13:05:15 +02:00
iglocska a4cba3fdc6
new: [modules] action module type added 
- hooking function type
- add a hooking point via `$this->Module->executeActions($hook_name, $user, $input, $logging_options, $error)`
- will execute the enabled modules for the hook name and depending on the module's type (blocking/not blocking) allow for breaking the execution when false is returned.
- For a sample skeleton, see the misp-modules project
 2022-05-04 01:23:13 +02:00
Jakub Onderka d7bdc32c1f new: [UI] Filtering attributes by correlated event ID 2022-04-30 18:12:04 +02:00
Tom King d3f2dc07c8 fix: Enable sharing group filter for Event controller not just attribute 2022-04-21 11:16:26 +01:00
Luciano Righetti 5fd52252e7 fix: revert ec2cb29fe0 2022-04-20 12:33:26 +02:00
Tom King 5de04ecffa chg: Merge from develop 2022-04-20 08:07:36 +01:00
Jakub Onderka eb86544b72
Merge pull request #8281 from JakubOnderka/freetext-import-simplify 
chg: [internal] Simplify and speedup code for freetext importing
 2022-04-18 20:11:19 +02:00
Jakub Onderka 104ea79afc chg: [internal] Simplify and speedup code for freetext importing 2022-04-15 14:31:17 +02:00
Luciano Righetti 204ec386b2
Merge pull request #8277 from tomking2/feature/restSearch_SharingGroup 
Add in new RestAPI parameter to filter by sharing group on Event or Attribute search
 2022-04-14 17:25:59 +02:00
Tom King 37ea0ddee1 chg: Add in new RestAPI parameter to filter by sharing group on Event or Attribute search 2022-04-13 16:27:20 +01:00
Jakub Onderka ff150b8834 chg: [internal] Do not generate export array when initializing Event class 2022-04-10 09:49:21 +02:00
iglocska 08ccdf23e2
chg: [server sync] update to the previous fix to include the recursive condition 
- instead of just replacing the condition with the contain list, include both to get the performance gains back
 2022-03-24 16:11:29 +01:00
iglocska b1f1b4d2cd
Merge branch '2.4' into develop 2022-03-24 15:37:21 +01:00
iglocska 15820bb5af
fix: [sync] publishing sharing group events fail to sync - fixed 
- code cleanup removed related models, including remote org which is needed to check if the remote is to receive an event

- as reported by @treyka
 2022-03-24 15:36:11 +01:00
Jakub Onderka ec0fae0c94 fix: [internal] Code style 2022-03-20 14:21:31 +01:00
Jakub Onderka f208c656ea chg: [cryptograhicKey] Simplified code for event pushing 2022-03-17 13:58:25 +01:00
iglocska e8dcb31623
Merge branch 'feature/protected_mode' into develop 2022-03-17 01:43:44 +01:00
iglocska 8ea0b2cb56
chg: [unused endpoint] removed 2022-03-17 00:57:41 +01:00
iglocska 259a19a374
fix: [sync] removed newly added locked field as a sanitized sync field 
- ends up creating unlocked events on the remote, preventing future edits
 2022-03-16 15:36:58 +01:00
iglocska d60e8a39a1
Merge branch 'feature/protected_mode' of github.com:MISP/MISP into feature/protected_mode 2022-03-15 23:11:19 +01:00
iglocska f592053f5a
fix: [event] include the protected field in the saving to allow syncing of protected events 2022-03-15 23:10:09 +01:00
iglocska e5c7e50fcf
fix: [internal] event rearranging before push fixed 
- some elements were at a misaligned level in the array
 2022-03-15 07:16:19 +01:00
iglocska 0774086ad2
fix: [event model] fixes 
- fixed class name typo
- removed placeholder exception / breakpoint
 2022-03-14 00:33:41 +01:00
iglocska 8e96e2fd00
chg: [cryptographic key] move capture function to a bulk delta function 2022-03-13 17:02:50 +01:00
iglocska 4c381157a6
chg: [cryptographickey] execute key update on add() 2022-03-13 15:13:32 +01:00
iglocska d165b092f3
new: [event signing] sign events function added 2022-03-13 12:37:02 +01:00
Jakub Onderka cac0e81001
Merge pull request #8154 from JakubOnderka/server-sync-push 
chg: [sync] Use ServerSyncTool for pushing events
 2022-03-12 13:19:54 +01:00
Jakub Onderka b00ef27fb5
Merge pull request #8179 from JakubOnderka/upload-event-cleanup 
chg: [internal] Simplify code for pushing events
 2022-03-12 13:18:33 +01:00
Jakub Onderka 2e87d6b7b4
Merge pull request #8197 from JakubOnderka/push-sightings-refactor 
chg: [sync] Simplify code for sighting pushing
 2022-03-12 13:17:38 +01:00
Sami Mokaddem b6c730f8f4
chg: [events:restSearch] Added `context-markdown` export format 2022-03-09 17:49:34 +01:00
Sami Mokaddem f08d29f1e7
Merge branch 'develop' of github.com:MISP/MISP into develop 2022-03-08 13:40:37 +01:00
Sami Mokaddem 155bf23776
new: [events:restSearch] Added `context` export format 
The `context` export format includes:
- List of used taxonomies
- List of used galaxy cluster
- List of custom tags
- Mitre Att&ck matrix
 2022-03-08 13:40:15 +01:00
Jakub Onderka 90cd99685f chg: [sync] Simplify code for sighting pushing 2022-03-07 17:45:06 +01:00
Jakub Onderka 1c97d4de2a chg: [internal] Simplify code for pushing events 2022-02-28 14:54:18 +01:00
Jakub Onderka 1950ca6ab8
Merge pull request #8155 from JakubOnderka/bg-jobs-read-timeout 
new: [bgjobs] Allow to set Redis read timeout
 2022-02-27 09:00:43 +01:00
Jakub Onderka 29e0695df7
Merge pull request #8173 from JakubOnderka/fix-id-translator 
fix: [internal] Event ID translator
 2022-02-26 11:16:12 +01:00
Jakub Onderka 5ec36f8d4b fix: [internal] Event ID translator 2022-02-26 09:37:27 +01:00
Jakub Onderka 341687cb61 chg: [internal] Simplify logging when pulling events 2022-02-23 16:05:42 +01:00
Jakub Onderka 9bc899e3a4 fix: [internal] Append variable just when not null 2022-02-23 16:05:41 +01:00