mirror of https://github.com/MISP/misp-book
chg: fix #221 replace blacklist/whitelist by blocklist/allowedlist
parent
624f59ca1d
commit
9a0dd37e16
|
@ -302,19 +302,19 @@ Administrators can add, edit or delete regular expression rules, these "expressi
|
||||||
|
|
||||||
![Add, edit or remove Regexp entries that will affect all newly created attributes here.](figures/regexp.png)
|
![Add, edit or remove Regexp entries that will affect all newly created attributes here.](figures/regexp.png)
|
||||||
|
|
||||||
## Managing the Signature whitelist
|
## Managing the Signature allowedlist
|
||||||
|
|
||||||
The signature whitelist view, accessible through the administration menu on the left, allows administrators to create and maintain a list of addresses that are whitelisted from ever being added to the NIDS signatures. Addresses listed here will be commented out when exporting the NIDS list.
|
The signature allowedlist view, accessible through the administration menu on the left, allows administrators to create and maintain a list of addresses that are allowlisted from ever being added to the NIDS signatures. Addresses listed here will be commented out when exporting the NIDS list.
|
||||||
|
|
||||||
### Whitelisting an address
|
### Allowlisting an address
|
||||||
|
|
||||||
While in the whitelist view, click on New Whitelist on the left to bring up the "add whitelist" view to add a new address.
|
While in the allowedlist view, click on New Allowedlist on the left to bring up the "add allowedlist" view to add a new address.
|
||||||
|
|
||||||
### Managing the list
|
### Managing the list
|
||||||
|
|
||||||
When viewing the list of whitelisted addresses, the following data is shown: The ID of the whitelist entry (assigned automatically when a new address is added), the address itself that is being whitelisted and a set of controls allowing you to delete the entry or edit the address.
|
When viewing the list of allowlisted addresses, the following data is shown: The ID of the allowlist entry (assigned automatically when a new address is added), the address itself that is being allowlisted and a set of controls allowing you to delete the entry or edit the address.
|
||||||
|
|
||||||
![You can edit or delete currently white-listed addresses using the action buttons on this list.](figures/whitelist.png)
|
![You can edit or delete currently allowlisted addresses using the action buttons on this list.](figures/allowedlist.png)
|
||||||
|
|
||||||
## Using MISP logs
|
## Using MISP logs
|
||||||
|
|
||||||
|
@ -327,7 +327,7 @@ Generally, the following actions are logged:
|
||||||
* **ShadowAttribute:** Creation, deletion, Accept, Discard
|
* **ShadowAttribute:** Creation, deletion, Accept, Discard
|
||||||
* **Roles:** Creation, deletion, modification
|
* **Roles:** Creation, deletion, modification
|
||||||
* **Blocklist:** Creation, deletion, modification
|
* **Blocklist:** Creation, deletion, modification
|
||||||
* **Whitelist:** Creation, deletion, modification
|
* **Allowlist:** Creation, deletion, modification
|
||||||
* **Regexp:** Creation, deletion, modification
|
* **Regexp:** Creation, deletion, modification
|
||||||
|
|
||||||
|
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 21 KiB |
Binary file not shown.
Before Width: | Height: | Size: 8.4 KiB |
|
@ -66,143 +66,422 @@ Example:
|
||||||
|
|
||||||
~~~~json
|
~~~~json
|
||||||
{
|
{
|
||||||
"2": {
|
"3": {
|
||||||
"name": "User",
|
"name": "User",
|
||||||
"urls": [
|
"urls": [
|
||||||
"/attributes/add/*",
|
"/*/restSearch",
|
||||||
"/attributes/add_attachment/*",
|
"/attributes/add",
|
||||||
"/attributes/add_threatconnect/*",
|
"/attributes/add_attachment",
|
||||||
"/attributes/attributeReplace/*",
|
"/attributes/add_threatconnect",
|
||||||
"/attributes/delete/*",
|
"/attributes/addTag",
|
||||||
"/attributes/deleteSelected/*",
|
"/attributes/attributeReplace",
|
||||||
"/attributes/download/*",
|
"/attributes/attributeStatistics",
|
||||||
"/attributes/downloadAttachment/*",
|
"/attributes/bro",
|
||||||
"/attributes/downloadSample/*",
|
"/attributes/delete",
|
||||||
"/attributes/edit/*",
|
"/attributes/deleteSelected",
|
||||||
"/attributes/editField/*",
|
"/attributes/describeTypes",
|
||||||
"/attributes/editSelected/*",
|
"/attributes/download",
|
||||||
"/attributes/fetchEditForm/*",
|
"/attributes/downloadAttachment",
|
||||||
"/attributes/fetchViewValue/*",
|
"/attributes/downloadSample",
|
||||||
"/attributes/hoverEnrichment/*",
|
"/attributes/edit",
|
||||||
"/attributes/index/*",
|
"/attributes/editField",
|
||||||
"/attributes/restSearch/*",
|
"/attributes/editSelected",
|
||||||
"/attributes/returnAttributes/*",
|
"/attributes/exportSearch",
|
||||||
"/attributes/rpz/*",
|
"/attributes/fetchEditForm",
|
||||||
"/attributes/search/*",
|
"/attributes/fetchViewValue",
|
||||||
"/attributes/searchAlternate/*",
|
"/attributes/getMassEditForm",
|
||||||
"/attributes/text/*",
|
"/attributes/hoverEnrichment",
|
||||||
"/attributes/updateAttributeValues/*",
|
"/attributes/index",
|
||||||
"/attributes/view/*",
|
"/attributes/removeTag",
|
||||||
"/eventDelegations/acceptDelegation/*",
|
"/attributes/restore",
|
||||||
"/eventDelegations/delegateEvent/*",
|
"/attributes/restSearch",
|
||||||
"/eventDelegations/deleteDelegation/*",
|
"/attributes/returnAttributes",
|
||||||
"/eventDelegations/view/*",
|
"/attributes/rpz",
|
||||||
"/events/add/*",
|
"/attributes/search",
|
||||||
"/events/addIOC/*",
|
"/attributes/searchAlternate",
|
||||||
"/events/addTag/*",
|
"/attributes/toggleCorrelation",
|
||||||
"/events/add_misp_export/*",
|
"/attributes/text",
|
||||||
"/events/contact/*",
|
"/attributes/toggleToIDS",
|
||||||
"/events/csv/*",
|
"/attributes/updateAttributeValues",
|
||||||
"/events/delegation_index/*",
|
"/attributes/view",
|
||||||
"/events/delete/*",
|
"/attributes/viewPicture",
|
||||||
"/events/downloadExport/*",
|
"/authKeys/add",
|
||||||
"/events/downloadOpenIOCEvent/*",
|
"/authKeys/delete",
|
||||||
"/events/downloadSearchResult/*",
|
"/authKeys/edit",
|
||||||
"/events/edit/*",
|
"/authKeys/index",
|
||||||
"/events/export/*",
|
"/authKeys/view",
|
||||||
"/events/exportChoice/*",
|
"/auth_keys/add",
|
||||||
"/events/filterEventIndex/*",
|
"/auth_keys/delete",
|
||||||
"/events/freeTextImport/*",
|
"/auth_keys/edit",
|
||||||
"/events/hids/*",
|
"/auth_keys/index",
|
||||||
"/events/index/*",
|
"/auth_keys/view",
|
||||||
"/events/nids/*",
|
"/dashboards/getForm",
|
||||||
"/events/proposalEventIndex/*",
|
"/dashboards/index",
|
||||||
"/events/queryEnrichment/*",
|
"/dashboards/updateSettings",
|
||||||
"/events/removePivot/*",
|
"/dashboards/getEmptyWidget",
|
||||||
"/events/removeTag/*",
|
"/dashboards/renderWidget",
|
||||||
"/events/restSearch/*",
|
"/dashboards/listTemplates",
|
||||||
"/events/saveFreeText/*",
|
"/dashboards/saveTemplate",
|
||||||
"/events/stix/*",
|
"/dashboards/export",
|
||||||
"/events/updateGraph/*",
|
"/dashboards/import",
|
||||||
"/events/view/*",
|
"/dashboards/deleteTemplate",
|
||||||
"/events/viewEventAttributes/*",
|
"/decayingModel/export",
|
||||||
"/events/viewGraph/*",
|
"/decayingModel/import",
|
||||||
"/events/xml/*",
|
"/decayingModel/view",
|
||||||
"/jobs/cache/*",
|
"/decayingModel/index",
|
||||||
"/jobs/getGenerateCorrelationProgress/*",
|
"/decayingModel/add",
|
||||||
"/jobs/getProgress/*",
|
"/decayingModel/edit",
|
||||||
"/logs/event_index/*",
|
"/decayingModel/delete",
|
||||||
"/logs/maxDateActivity/*",
|
"/decayingModel/enable",
|
||||||
"/logs/returnDates/*",
|
"/decayingModel/disable",
|
||||||
"/organisations/fetchOrgsForSG/*",
|
"/decayingModel/decayingTool",
|
||||||
"/organisations/fetchSGOrgRow/*",
|
"/decayingModel/getAllDecayingModels",
|
||||||
"/organisations/index/*",
|
"/decayingModel/decayingToolBasescore",
|
||||||
"/organisations/landingpage/*",
|
"/decayingModel/decayingToolSimulation",
|
||||||
"/organisations/view/*",
|
"/decayingModel/decayingToolRestSearch",
|
||||||
"/pages/display/*",
|
"/decayingModel/decayingToolComputeSimulation",
|
||||||
"/posts/add/*",
|
"/decaying_model/export",
|
||||||
"/posts/delete/*",
|
"/decaying_model/import",
|
||||||
"/posts/edit/*",
|
"/decaying_model/view",
|
||||||
"/regexp/index/*",
|
"/decaying_model/index",
|
||||||
"/roles/index/*",
|
"/decaying_model/add",
|
||||||
"/roles/view/*",
|
"/decaying_model/edit",
|
||||||
"/servers/fetchServersForSG/*",
|
"/decaying_model/delete",
|
||||||
"/shadowAttributes/accept/*",
|
"/decaying_model/enable",
|
||||||
"/shadowAttributes/acceptSelected/*",
|
"/decaying_model/disable",
|
||||||
"/shadowAttributes/add/*",
|
"/decaying_model/decayingTool",
|
||||||
"/shadowAttributes/add_attachment/*",
|
"/decaying_model/getAllDecayingModels",
|
||||||
"/shadowAttributes/delete/*",
|
"/decaying_model/decayingToolBasescore",
|
||||||
"/shadowAttributes/discard/*",
|
"/decaying_model/decayingToolSimulation",
|
||||||
"/shadowAttributes/discardSelected/*",
|
"/decaying_model/decayingToolRestSearch",
|
||||||
"/shadowAttributes/download/*",
|
"/decaying_model/decayingToolComputeSimulation",
|
||||||
"/shadowAttributes/edit/*",
|
"/decayingModelMapping/viewAssociatedTypes",
|
||||||
"/shadowAttributes/editField/*",
|
"/decayingModelMapping/linkAttributeTypeToModel",
|
||||||
"/shadowAttributes/fetchEditForm/*",
|
"/decaying_model_mapping/viewAssociatedTypes",
|
||||||
"/shadowAttributes/index/*",
|
"/decaying_model_mapping/linkAttributeTypeToModel",
|
||||||
"/shadowAttributes/view/*",
|
"/eventBlocklists/add",
|
||||||
"/sharingGroups/index/*",
|
"/eventBlocklists/delete",
|
||||||
"/sharingGroups/view/*",
|
"/eventBlocklists/edit",
|
||||||
"/sightings/add/*",
|
"/eventBlocklists/index",
|
||||||
"/sightings/delete/*",
|
"/eventBlocklists/massDelete",
|
||||||
"/tags/add/*",
|
"/event_blocklists/add",
|
||||||
"/tags/delete/*",
|
"/event_blocklists/delete",
|
||||||
"/tags/edit/*",
|
"/event_blocklists/edit",
|
||||||
"/tags/index/*",
|
"/event_blocklists/index",
|
||||||
"/tags/quickAdd/*",
|
"/event_blocklists/massDelete",
|
||||||
"/tags/selectTag/*",
|
"/eventReports/add",
|
||||||
"/tags/selectTaxonomy/*",
|
"/eventReports/view",
|
||||||
"/tags/showEventTag/*",
|
"/eventReports/viewSummary",
|
||||||
"/tags/view/*",
|
"/eventReports/edit",
|
||||||
"/tags/viewTag/*",
|
"/eventReports/delete",
|
||||||
"/taxonomies/index/*",
|
"/eventReports/reportFromEvent",
|
||||||
"/taxonomies/taxonomyMassConfirmation/*",
|
"/eventReports/restore",
|
||||||
"/taxonomies/view/*",
|
"/eventReports/index",
|
||||||
"/templateElements/index/*",
|
"/eventReports/getProxyMISPElements",
|
||||||
"/templates/deleteTemporaryFile/*",
|
"/eventReports/extractAllFromReport",
|
||||||
"/templates/index/*",
|
"/eventReports/extractFromReport",
|
||||||
"/templates/populateEventFromTemplate/*",
|
"/eventReports/replaceSuggestionInReport",
|
||||||
"/templates/submitEventPopulation/*",
|
"/eventReports/importReportFromUrl",
|
||||||
"/templates/templateChoices/*",
|
"/event_reports/add",
|
||||||
"/templates/uploadFile/*",
|
"/event_reports/view",
|
||||||
"/templates/view/*",
|
"/event_reports/viewSummary",
|
||||||
"/threads/index/*",
|
"/event_reports/edit",
|
||||||
"/threads/view/*",
|
"/event_reports/delete",
|
||||||
"/threads/viewEvent/*",
|
"/event_reports/reportFromEvent",
|
||||||
"/users/dashBoard/*",
|
"/event_reports/restore",
|
||||||
"/users/downloadTerms/*",
|
"/event_reports/index",
|
||||||
"/users/edit/*",
|
"/event_reports/getProxyMISPElements",
|
||||||
"/users/histogram/*",
|
"/event_reports/extractAllFromReport",
|
||||||
"/users/index/*",
|
"/event_reports/extractFromReport",
|
||||||
"/users/login/*",
|
"/event_reports/replaceSuggestionInReport",
|
||||||
"/users/logout/*",
|
"/event_reports/importReportFromUrl",
|
||||||
"/users/memberslist/*",
|
"/events/add",
|
||||||
"/users/resetauthkey/*",
|
"/events/addIOC",
|
||||||
"/users/routeafterlogin/*",
|
"/events/addTag",
|
||||||
"/users/statistics/*",
|
"/events/add_misp_export",
|
||||||
"/users/terms/*",
|
"/events/automation",
|
||||||
"/users/updateLoginTime/*",
|
"/events/checkLocks",
|
||||||
"/users/view/*",
|
"/events/checkPublishedStatus",
|
||||||
"/whitelists/index/*"
|
"/events/contact",
|
||||||
|
"/events/csv",
|
||||||
|
"/events/delegation_index",
|
||||||
|
"/events/delete",
|
||||||
|
"/events/deleteNode",
|
||||||
|
"/events/downloadExport",
|
||||||
|
"/events/downloadOpenIOCEvent",
|
||||||
|
"/events/edit",
|
||||||
|
"/events/enrichEvent",
|
||||||
|
"/events/export",
|
||||||
|
"/events/exportChoice",
|
||||||
|
"/events/exportModule",
|
||||||
|
"/events/filterEventIndex",
|
||||||
|
"/events/freeTextImport",
|
||||||
|
"/events/getEditStrategy",
|
||||||
|
"/events/getEventInfoById",
|
||||||
|
"/events/getEventGraphReferences",
|
||||||
|
"/events/getEventGraphTags",
|
||||||
|
"/events/getEventGraphGeneric",
|
||||||
|
"/events/getEventTimeline",
|
||||||
|
"/events/genDistributionGraph",
|
||||||
|
"/events/getDistributionGraph",
|
||||||
|
"/events/getReferenceData",
|
||||||
|
"/events/getReferences",
|
||||||
|
"/events/getObjectTemplate",
|
||||||
|
"/events/handleModuleResults",
|
||||||
|
"/events/hids",
|
||||||
|
"/events/index",
|
||||||
|
"/events/importChoice",
|
||||||
|
"/events/importModule",
|
||||||
|
"/events/merge",
|
||||||
|
"/events/nids",
|
||||||
|
"/events/proposalEventIndex",
|
||||||
|
"/events/publishSightings",
|
||||||
|
"/events/queryEnrichment",
|
||||||
|
"/events/removePivot",
|
||||||
|
"/events/removeTag",
|
||||||
|
"/events/restSearch",
|
||||||
|
"/events/runTaxonomyExclusivityCheck",
|
||||||
|
"/events/saveFreeText",
|
||||||
|
"/events/stix",
|
||||||
|
"/events/stix2",
|
||||||
|
"/events/toggleCorrelation",
|
||||||
|
"/events/unpublish",
|
||||||
|
"/events/updateGraph",
|
||||||
|
"/events/upload_analysis_file",
|
||||||
|
"/events/upload_sample",
|
||||||
|
"/events/upload_stix",
|
||||||
|
"/events/view",
|
||||||
|
"/events/viewClusterRelations",
|
||||||
|
"/events/viewEventAttributes",
|
||||||
|
"/events/viewGraph",
|
||||||
|
"/events/viewGalaxyMatrix",
|
||||||
|
"/events/xml",
|
||||||
|
"/favouriteTags/toggle",
|
||||||
|
"/favouriteTags/getToggleField",
|
||||||
|
"/favourite_tags/toggle",
|
||||||
|
"/favourite_tags/getToggleField",
|
||||||
|
"/feeds/compareFeeds",
|
||||||
|
"/feeds/feedCoverage",
|
||||||
|
"/feeds/index",
|
||||||
|
"/feeds/previewEvent",
|
||||||
|
"/feeds/previewIndex",
|
||||||
|
"/feeds/searchCaches",
|
||||||
|
"/feeds/view",
|
||||||
|
"/galaxies/attachCluster",
|
||||||
|
"/galaxies/attachMultipleClusters",
|
||||||
|
"/galaxies/export",
|
||||||
|
"/galaxies/forkTree",
|
||||||
|
"/galaxies/index",
|
||||||
|
"/galaxies/relationsGraph",
|
||||||
|
"/galaxies/selectGalaxy",
|
||||||
|
"/galaxies/selectGalaxyNamespace",
|
||||||
|
"/galaxies/selectCluster",
|
||||||
|
"/galaxies/showGalaxies",
|
||||||
|
"/galaxies/view",
|
||||||
|
"/galaxies/viewGraph",
|
||||||
|
"/galaxyClusters/attachToEvent",
|
||||||
|
"/galaxyClusters/detach",
|
||||||
|
"/galaxyClusters/index",
|
||||||
|
"/galaxyClusters/restSearch",
|
||||||
|
"/galaxyClusters/view",
|
||||||
|
"/galaxyClusters/viewGalaxyMatrix",
|
||||||
|
"/galaxyClusters/viewRelations",
|
||||||
|
"/galaxyClusters/viewRelationTree",
|
||||||
|
"/galaxy_clusters/attachToEvent",
|
||||||
|
"/galaxy_clusters/detach",
|
||||||
|
"/galaxy_clusters/index",
|
||||||
|
"/galaxy_clusters/restSearch",
|
||||||
|
"/galaxy_clusters/view",
|
||||||
|
"/galaxy_clusters/viewGalaxyMatrix",
|
||||||
|
"/galaxy_clusters/viewRelations",
|
||||||
|
"/galaxy_clusters/viewRelationTree",
|
||||||
|
"/galaxyClusterRelations/index",
|
||||||
|
"/galaxyClusterRelations/view",
|
||||||
|
"/galaxy_cluster_relations/index",
|
||||||
|
"/galaxy_cluster_relations/view",
|
||||||
|
"/galaxyElements/index",
|
||||||
|
"/galaxy_elements/index",
|
||||||
|
"/jobs/cache",
|
||||||
|
"/jobs/getGenerateCorrelationProgress",
|
||||||
|
"/jobs/getProgress",
|
||||||
|
"/logs/event_index",
|
||||||
|
"/logs/returnDates",
|
||||||
|
"/modules/index",
|
||||||
|
"/modules/queryEnrichment",
|
||||||
|
"/news/index",
|
||||||
|
"/noticelists/index",
|
||||||
|
"/noticelists/view",
|
||||||
|
"/objects/add",
|
||||||
|
"/objects/addValueField",
|
||||||
|
"/objects/delete",
|
||||||
|
"/objects/edit",
|
||||||
|
"/objects/get_row",
|
||||||
|
"/objects/editField",
|
||||||
|
"/objects/fetchEditForm",
|
||||||
|
"/objects/fetchViewValue",
|
||||||
|
"/objects/quickAddAttributeForm",
|
||||||
|
"/objects/quickFetchTemplateWithValidObjectAttributes",
|
||||||
|
"/objects/restSearch",
|
||||||
|
"/objects/proposeObjectsFromAttributes",
|
||||||
|
"/objects/groupAttributesIntoObject",
|
||||||
|
"/objects/revise_object",
|
||||||
|
"/objects/view",
|
||||||
|
"/objectReferences/add",
|
||||||
|
"/objectReferences/delete",
|
||||||
|
"/objectReferences/view",
|
||||||
|
"/object_references/add",
|
||||||
|
"/object_references/delete",
|
||||||
|
"/object_references/view",
|
||||||
|
"/objectTemplates/objectChoice",
|
||||||
|
"/objectTemplates/objectMetaChoice",
|
||||||
|
"/objectTemplates/view",
|
||||||
|
"/objectTemplates/viewElements",
|
||||||
|
"/objectTemplates/index",
|
||||||
|
"/object_templates/objectChoice",
|
||||||
|
"/object_templates/objectMetaChoice",
|
||||||
|
"/object_templates/view",
|
||||||
|
"/object_templates/viewElements",
|
||||||
|
"/object_templates/index",
|
||||||
|
"/objectTemplateElements/viewElements",
|
||||||
|
"/object_template_elements/viewElements",
|
||||||
|
"/organisations/fetchSGOrgRow",
|
||||||
|
"/organisations/index",
|
||||||
|
"/organisations/view",
|
||||||
|
"/pages/display",
|
||||||
|
"/posts/add",
|
||||||
|
"/posts/delete",
|
||||||
|
"/posts/edit",
|
||||||
|
"/regexp/index",
|
||||||
|
"/restClientHistory/delete",
|
||||||
|
"/restClientHistory/index",
|
||||||
|
"/rest_client_history/delete",
|
||||||
|
"/rest_client_history/index",
|
||||||
|
"/roles/index",
|
||||||
|
"/roles/view",
|
||||||
|
"/servers/getApiInfo",
|
||||||
|
"/servers/getPyMISPVersion",
|
||||||
|
"/servers/getVersion",
|
||||||
|
"/servers/idTranslator",
|
||||||
|
"/servers/postTest",
|
||||||
|
"/servers/rest",
|
||||||
|
"/shadowAttributes/accept",
|
||||||
|
"/shadowAttributes/acceptSelected",
|
||||||
|
"/shadowAttributes/add",
|
||||||
|
"/shadowAttributes/add_attachment",
|
||||||
|
"/shadowAttributes/delete",
|
||||||
|
"/shadowAttributes/discard",
|
||||||
|
"/shadowAttributes/discardSelected",
|
||||||
|
"/shadowAttributes/download",
|
||||||
|
"/shadowAttributes/edit",
|
||||||
|
"/shadowAttributes/index",
|
||||||
|
"/shadowAttributes/view",
|
||||||
|
"/shadowAttributes/viewPicture",
|
||||||
|
"/shadow_attributes/accept",
|
||||||
|
"/shadow_attributes/acceptSelected",
|
||||||
|
"/shadow_attributes/add",
|
||||||
|
"/shadow_attributes/add_attachment",
|
||||||
|
"/shadow_attributes/delete",
|
||||||
|
"/shadow_attributes/discard",
|
||||||
|
"/shadow_attributes/discardSelected",
|
||||||
|
"/shadow_attributes/download",
|
||||||
|
"/shadow_attributes/edit",
|
||||||
|
"/shadow_attributes/index",
|
||||||
|
"/shadow_attributes/view",
|
||||||
|
"/shadow_attributes/viewPicture",
|
||||||
|
"/sharingGroups/index",
|
||||||
|
"/sharingGroups/view",
|
||||||
|
"/sharing_groups/index",
|
||||||
|
"/sharing_groups/view",
|
||||||
|
"/sightings/add",
|
||||||
|
"/sightings/restSearch",
|
||||||
|
"/sightings/advanced",
|
||||||
|
"/sightings/delete",
|
||||||
|
"/sightings/index",
|
||||||
|
"/sightings/listSightings",
|
||||||
|
"/sightings/quickDelete",
|
||||||
|
"/sightings/viewSightings",
|
||||||
|
"/sightings/bulkSaveSightings",
|
||||||
|
"/sightings/quickAdd",
|
||||||
|
"/tagCollections/index",
|
||||||
|
"/tagCollections/view",
|
||||||
|
"/tag_collections/index",
|
||||||
|
"/tag_collections/view",
|
||||||
|
"/tags/attachTagToObject",
|
||||||
|
"/tags/index",
|
||||||
|
"/tags/removeTagFromObject",
|
||||||
|
"/tags/search",
|
||||||
|
"/tags/selectTag",
|
||||||
|
"/tags/selectTaxonomy",
|
||||||
|
"/tags/showEventTag",
|
||||||
|
"/tags/showAttributeTag",
|
||||||
|
"/tags/showTagControllerTag",
|
||||||
|
"/tags/tagStatistics",
|
||||||
|
"/tags/view",
|
||||||
|
"/tags/viewGraph",
|
||||||
|
"/tags/viewTag",
|
||||||
|
"/taxonomies/index",
|
||||||
|
"/taxonomies/taxonomyMassConfirmation",
|
||||||
|
"/taxonomies/taxonomyMassHide",
|
||||||
|
"/taxonomies/taxonomyMassUnhide",
|
||||||
|
"/taxonomies/view",
|
||||||
|
"/taxonomies/unhideTag",
|
||||||
|
"/taxonomies/hideTag",
|
||||||
|
"/templateElements/index",
|
||||||
|
"/template_elements/index",
|
||||||
|
"/templates/deleteTemporaryFile",
|
||||||
|
"/templates/index",
|
||||||
|
"/templates/populateEventFromTemplate",
|
||||||
|
"/templates/submitEventPopulation",
|
||||||
|
"/templates/templateChoices",
|
||||||
|
"/templates/uploadFile",
|
||||||
|
"/templates/view",
|
||||||
|
"/threads/index",
|
||||||
|
"/threads/view",
|
||||||
|
"/threads/viewEvent",
|
||||||
|
"/users/attributehistogram",
|
||||||
|
"/users/change_pw",
|
||||||
|
"/users/checkIfLoggedIn",
|
||||||
|
"/users/dashboard",
|
||||||
|
"/users/downloadTerms",
|
||||||
|
"/users/edit",
|
||||||
|
"/users/email_otp",
|
||||||
|
"/users/searchGpgKey",
|
||||||
|
"/users/fetchGpgKey",
|
||||||
|
"/users/histogram",
|
||||||
|
"/users/login",
|
||||||
|
"/users/logout",
|
||||||
|
"/users/register",
|
||||||
|
"/users/resetauthkey",
|
||||||
|
"/users/request_API",
|
||||||
|
"/users/routeafterlogin",
|
||||||
|
"/users/statistics",
|
||||||
|
"/users/tagStatisticsGraph",
|
||||||
|
"/users/terms",
|
||||||
|
"/users/updateLoginTime",
|
||||||
|
"/users/view",
|
||||||
|
"/users/getGpgPublicKey",
|
||||||
|
"/userSettings/index",
|
||||||
|
"/userSettings/view",
|
||||||
|
"/userSettings/setSetting",
|
||||||
|
"/userSettings/getSetting",
|
||||||
|
"/userSettings/delete",
|
||||||
|
"/userSettings/setHomePage",
|
||||||
|
"/user_settings/index",
|
||||||
|
"/user_settings/view",
|
||||||
|
"/user_settings/setSetting",
|
||||||
|
"/user_settings/getSetting",
|
||||||
|
"/user_settings/delete",
|
||||||
|
"/user_settings/setHomePage",
|
||||||
|
"/warninglists/checkValue",
|
||||||
|
"/warninglists/index",
|
||||||
|
"/warninglists/view",
|
||||||
|
"/allowedlists/index",
|
||||||
|
"/eventGraph/view",
|
||||||
|
"/eventGraph/add",
|
||||||
|
"/eventGraph/delete",
|
||||||
|
"/event_graph/view",
|
||||||
|
"/event_graph/add",
|
||||||
|
"/event_graph/delete"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -341,7 +341,7 @@ An example for a Suricata export for all events excluding those tagged tag1, wit
|
||||||
https://<misp url>/events/nids/suricata/download/null/true/!tag1
|
https://<misp url>/events/nids/suricata/download/null/true/!tag1
|
||||||
~~~~
|
~~~~
|
||||||
|
|
||||||
Administration is able to maintain a white-list containing host, domain name and IP numbers to exclude from the NIDS export.
|
Administration is able to maintain an allowedlist containing host, domain name and IP numbers to exclude from the NIDS export.
|
||||||
|
|
||||||
### GET /events/hids Hash - HIDS database export
|
### GET /events/hids Hash - HIDS database export
|
||||||
|
|
||||||
|
@ -1368,7 +1368,7 @@ https://<misp url>/attributes/text/download/[type]/[tags]/[event_id]/[allowNonID
|
||||||
<dt>tags</dt>
|
<dt>tags</dt>
|
||||||
<dd>To include a tag in the results just write its names into this parameter. To exclude a tag prepend it with a '!'. You can also chain several tag commands together with the '&&' operator. Please be aware the colons (:) cannot be used in the tag search. Use semicolons instead (the search will automatically search for colons instead).</dd>
|
<dd>To include a tag in the results just write its names into this parameter. To exclude a tag prepend it with a '!'. You can also chain several tag commands together with the '&&' operator. Please be aware the colons (:) cannot be used in the tag search. Use semicolons instead (the search will automatically search for colons instead).</dd>
|
||||||
<dt>allowNonIDS</dt>
|
<dt>allowNonIDS</dt>
|
||||||
<dd>Include attributes that would normally be excluded due to the IDS flag not being set or due to being whitelisted</dd>
|
<dd>Include attributes that would normally be excluded due to the IDS flag not being set or due to being allowlisted</dd>
|
||||||
<dt>from</dt>
|
<dt>from</dt>
|
||||||
<dd>Set the lowest "date" field value that should be included in the export (format YYYY-MM-DD)</dd>
|
<dd>Set the lowest "date" field value that should be included in the export (format YYYY-MM-DD)</dd>
|
||||||
<dt>to</dt>
|
<dt>to</dt>
|
||||||
|
|
|
@ -52,9 +52,9 @@ The following two organisations are regularly used as example:
|
||||||
* Setec Astronomy with UUID `58d38339-7b24-4386-b4b4-4c0f950d210f`
|
* Setec Astronomy with UUID `58d38339-7b24-4386-b4b4-4c0f950d210f`
|
||||||
* Acme Finance with UUID `58d38326-eda8-443a-9fa8-4e12950d210f`
|
* Acme Finance with UUID `58d38326-eda8-443a-9fa8-4e12950d210f`
|
||||||
|
|
||||||
Starting from MISP 2.4.71, the example organisations with the above mentioned UUID are **black-listed** to avoid
|
Starting from MISP 2.4.71, the example organisations with the above mentioned UUID are **blocklisted** to avoid
|
||||||
large distribution of sample events while testing a MISP instance. If you want to test your distribution, the
|
large distribution of sample events while testing a MISP instance. If you want to test your distribution, the
|
||||||
sample organisation black-listing can be removed in `Administration`/`Manage Org Blacklists`.
|
sample organisation blocklisting can be removed in `Administration`/`Manage Org blocklists`.
|
||||||
|
|
||||||
## Example IOCs
|
## Example IOCs
|
||||||
|
|
||||||
|
@ -65,4 +65,3 @@ The following IOC examples have been used:
|
||||||
* [Sirefef](https://www.misp-project.org/galaxy.html#_zeroaccess) (aka ZeroAccess) Sample Event ID: #31337
|
* [Sirefef](https://www.misp-project.org/galaxy.html#_zeroaccess) (aka ZeroAccess) Sample Event ID: #31337
|
||||||
* [WannaCry](https://www.misp-project.org/galaxy.html#_wannacry) Sample Event ID: #42
|
* [WannaCry](https://www.misp-project.org/galaxy.html#_wannacry) Sample Event ID: #42
|
||||||
* [Dridex](https://www.misp-project.org/galaxy.html#_dridex) Sample Event ID: #23
|
* [Dridex](https://www.misp-project.org/galaxy.html#_dridex) Sample Event ID: #23
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ This menu contains all of the main functions of the site as a series of dropdown
|
||||||
* **Home button:** This button will return you to the start screen of the application, which is the event index page (more about this later).
|
* **Home button:** This button will return you to the start screen of the application, which is the event index page (more about this later).
|
||||||
* **Event Actions:** All the malware data entered into MISP is made up of an event object that is described by its connected attributes. The Event actions menu gives access to all the functionality that has to do with the creation, modification, deletion, publishing, searching and listing of events and attributes.
|
* **Event Actions:** All the malware data entered into MISP is made up of an event object that is described by its connected attributes. The Event actions menu gives access to all the functionality that has to do with the creation, modification, deletion, publishing, searching and listing of events and attributes.
|
||||||
* **Galaxies:** Shortcut to the list of [MISP Galaxies](../galaxy/) on the MISP instance.
|
* **Galaxies:** Shortcut to the list of [MISP Galaxies](../galaxy/) on the MISP instance.
|
||||||
* **Input Filters:** Input filters alter what and how data can be entered into this instance. Apart from the basic validation of attribute entry by type, it is possible for the site administrators to define regular expression replacements and blacklists for certain values in addition to blocking certain values from being exportable. Users can view these replacement and blacklist rules here whilst administrator can alter them.
|
* **Input Filters:** Input filters alter what and how data can be entered into this instance. Apart from the basic validation of attribute entry by type, it is possible for the site administrators to define regular expression replacements and blocklists for certain values in addition to blocking certain values from being exportable. Users can view these replacement and blocklist rules here whilst administrator can alter them.
|
||||||
* **Global Actions:** This menu gives you access to information about MISP and this instance. You can view and edit your own profile, view the manual, read the news or the terms of use again, see a list of the active organizations on this instance and a histogram of their contributions by attribute type.
|
* **Global Actions:** This menu gives you access to information about MISP and this instance. You can view and edit your own profile, view the manual, read the news or the terms of use again, see a list of the active organizations on this instance and a histogram of their contributions by attribute type.
|
||||||
* **MISP:** Simple link to your BASEURL
|
* **MISP:** Simple link to your BASEURL
|
||||||
* **Steve:** Name (Auto generated from Mail address) of current logged in user
|
* **Steve:** Name (Auto generated from Mail address) of current logged in user
|
||||||
|
@ -87,7 +87,7 @@ This menu contains all of the main functions of the site as a series of dropdown
|
||||||
|
|
||||||
* **Import Regexp:** You can view the Regular Expression rules, which modify the data that can be entered into the system. This can and should be used to help filter out personal information from automatic imports (such as removing the username from windows file paths), having unified representation for certain common values for easier correlation or simply standardizing certain input. It is also possible to block certain values from being inserted. As a site administrator or a user with regex permission, you can also edit these rules.
|
* **Import Regexp:** You can view the Regular Expression rules, which modify the data that can be entered into the system. This can and should be used to help filter out personal information from automatic imports (such as removing the username from windows file paths), having unified representation for certain common values for easier correlation or simply standardizing certain input. It is also possible to block certain values from being inserted. As a site administrator or a user with regex permission, you can also edit these rules.
|
||||||
|
|
||||||
* **Signature Whitelist:** You can view the whitelist rules, which contains the values that are blocked from being used for exports and automation on this instance. Site administrators have access to editing this list.
|
* **Signature Allowlist:** You can view the allowlist rules, which contains the values that are blocked from being used for exports and automation on this instance. Site administrators have access to editing this list.
|
||||||
|
|
||||||
* **List Warninglists:** MISP warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. The warning lists are integrated in MISP to display an info/warning box at the event and attribute level.
|
* **List Warninglists:** MISP warninglists are lists of well-known indicators that can be associated to potential false positives, errors or mistakes. The warning lists are integrated in MISP to display an info/warning box at the event and attribute level.
|
||||||
|
|
||||||
|
@ -169,16 +169,16 @@ The system will automatically generate a message for you, but it is also possibl
|
||||||
|
|
||||||
* **Scheduled Tasks:** Schedule the pre-defined tasks for your instance (this currently includes export caching, server pull and server push).
|
* **Scheduled Tasks:** Schedule the pre-defined tasks for your instance (this currently includes export caching, server pull and server push).
|
||||||
|
|
||||||
* **Blacklist Event:** Link to form where you can quickly add an event to a blacklist with it's UUID.
|
* **Blocklist Event:** Link to form where you can quickly add an event to a blocklist with it's UUID.
|
||||||
<!-- #Todo: Double check if blacklists and their impacts are explained at all -->
|
<!-- #Todo: Double check if blocklists and their impacts are explained at all -->
|
||||||
|
|
||||||
* **Manage Event Blacklists:** List of blacklisted events on MISP instance.
|
* **Manage Event Blocklists:** List of blocklisted events on MISP instance.
|
||||||
|
|
||||||
* **Blacklists Organisation:** Link to for where you can quickly add an organisation to a blacklist with it's UUID.
|
* **blocklist Organisation:** Link to for where you can quickly add an organisation to a blocklist with it's UUID.
|
||||||
|
|
||||||
<!-- #Todo: Double check if blacklists and their impacts are explained at all -->
|
<!-- #Todo: Double check if blocklists and their impacts are explained at all -->
|
||||||
|
|
||||||
* **Manage Org Blacklists:** List of blacklisted Organisations on this instance.
|
* **Manage Org blocklists:** List of blocklisted Organisations on this instance.
|
||||||
|
|
||||||
##### Audit
|
##### Audit
|
||||||
|
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 52 KiB After Width: | Height: | Size: 52 KiB |
Binary file not shown.
Before Width: | Height: | Size: 17 KiB After Width: | Height: | Size: 17 KiB |
|
@ -135,7 +135,7 @@ Folder: View
|
||||||
- - [ ] missing_connection.ctp
|
- - [ ] missing_connection.ctp
|
||||||
- - [ ] missing_datasource_config.ctp
|
- - [ ] missing_datasource_config.ctp
|
||||||
- - [ ] pdo_error.ctp
|
- - [ ] pdo_error.ctp
|
||||||
- [ ] EventBlacklists
|
- [ ] EventBlocklists
|
||||||
- - [ ] add.ctp
|
- - [ ] add.ctp
|
||||||
- - [ ] edit.ctp
|
- - [ ] edit.ctp
|
||||||
- - [ ] index.ctp
|
- - [ ] index.ctp
|
||||||
|
@ -284,7 +284,7 @@ Folder: View
|
||||||
- - - [ ] delete.ctp
|
- - - [ ] delete.ctp
|
||||||
- - [ ] get_row.ctp
|
- - [ ] get_row.ctp
|
||||||
- - [ ] revise_object.ctp
|
- - [ ] revise_object.ctp
|
||||||
- [ ] OrgBlacklists
|
- [ ] OrgBlocklists
|
||||||
- - [ ] add.ctp
|
- - [ ] add.ctp
|
||||||
- - [ ] edit.ctp
|
- - [ ] edit.ctp
|
||||||
- - [ ] index.ctp
|
- - [ ] index.ctp
|
||||||
|
@ -448,7 +448,7 @@ Folder: View
|
||||||
- - - [ ] getToggleField.ctp
|
- - - [ ] getToggleField.ctp
|
||||||
- - [ ] index.ctp
|
- - [ ] index.ctp
|
||||||
- - [ ] view.ctp
|
- - [ ] view.ctp
|
||||||
- [ ] Whitelists
|
- [ ] Allowedlists
|
||||||
- - [ ] admin_add.ctp
|
- - [ ] admin_add.ctp
|
||||||
- - [ ] admin_edit.ctp
|
- - [ ] admin_edit.ctp
|
||||||
- - [ ] admin_index.ctp
|
- - [ ] admin_index.ctp
|
||||||
|
|
|
@ -51,7 +51,7 @@ Keep in mind that the system searches for regular expressions in the value field
|
||||||
* **Distribution:** This drop-down list allows you to control who will be able to see this attribute. The distribution is inherited by attributes: the most restrictive setting wins. For more info, read the distribution information in the creating an event section - [click here](#creating-an-event)
|
* **Distribution:** This drop-down list allows you to control who will be able to see this attribute. The distribution is inherited by attributes: the most restrictive setting wins. For more info, read the distribution information in the creating an event section - [click here](#creating-an-event)
|
||||||
* **Value:** The actual value of the attribute, enter data about the value based on what is valid for the chosen attribute type. For example, for an attribute of type ip-src (source IP address), 11.11.11.11 would be a valid value. For more information on types and values, [click here](../categories-and-types)
|
* **Value:** The actual value of the attribute, enter data about the value based on what is valid for the chosen attribute type. For example, for an attribute of type ip-src (source IP address), 11.11.11.11 would be a valid value. For more information on types and values, [click here](../categories-and-types)
|
||||||
* **Contextual Comment:** You can add some comments to the attribute that will not be used for correlation but instead serves as purely an informational field.
|
* **Contextual Comment:** You can add some comments to the attribute that will not be used for correlation but instead serves as purely an informational field.
|
||||||
* **For Intrusion Detection System:** This option allows the attribute to be used as an IDS signature when exporting the NIDS data, unless it is being overruled by the white-list. For more information about the white-list, head over to the [administration](#administration) section. If the IDS flag is not set, the attribute is considered as contextual information and not to be used for automatic detection.
|
* **For Intrusion Detection System:** This option allows the attribute to be used as an IDS signature when exporting the NIDS data, unless it is being overruled by the allowedlist. For more information about the allowedlist, head over to the [administration](#administration) section. If the IDS flag is not set, the attribute is considered as contextual information and not to be used for automatic detection.
|
||||||
* **Batch import:** If there are several attributes of the same type to enter (such as a list of IP addresses, it is possible to enter them all into the same value-field, separated by a line break between each line. This will allow the system to create separate lines for the each attribute.
|
* **Batch import:** If there are several attributes of the same type to enter (such as a list of IP addresses, it is possible to enter them all into the same value-field, separated by a line break between each line. This will allow the system to create separate lines for the each attribute.
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue