From 069416062480f61d1710e328138eec00e343fba9 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 22 Nov 2021 10:30:33 +0100 Subject: [PATCH] chg: [changelogs] updated --- Changelog | 46091 ++++++++++++++++++++++++++++++ Changelog-PyMISP.txt | 4262 +++ Changelog-misp-galaxy.txt | 6184 ++++ Changelog-misp-modules.txt | 5470 ++++ Changelog-misp-objects.txt | 3480 +++ Changelog-misp-taxonomies.txt | 2474 ++ Changelog-misp-warninglists.txt | 1690 ++ 7 files changed, 69651 insertions(+) create mode 100644 Changelog create mode 100644 Changelog-PyMISP.txt create mode 100644 Changelog-misp-galaxy.txt create mode 100644 Changelog-misp-modules.txt create mode 100644 Changelog-misp-objects.txt create mode 100644 Changelog-misp-taxonomies.txt create mode 100644 Changelog-misp-warninglists.txt diff --git a/Changelog b/Changelog new file mode 100644 index 0000000..b19f9aa --- /dev/null +++ b/Changelog @@ -0,0 +1,46091 @@ +Changelog +========= + + +v2.4.151 (2021-11-22) +--------------------- + +New +~~~ +- [internal] Faster caching. [Jakub Onderka] +- [user] Add sub field for user. [Jakub Onderka] +- [CLI] For redisMemoryUsage show also server cache size. [Jakub + Onderka] +- Support existing worker controls via supervisor api. [Luciano + Righetti] +- Add default config for new background jobs (disabled). [Luciano + Righetti] +- [CLI] Redis memory usage diagnostics. [Jakub Onderka] +- [CLI] admin reencrypt command. [Jakub Onderka] +- [security] Store authkeys for servers encrypted. [Jakub Onderka] +- [UI] Define custom right menu link. [Jakub Onderka] +- [CLI] Allow to set setting value to `null` [Jakub Onderka] +- [internal] Save to config file just what was in file. [Jakub Onderka] +- [internal] encryption_key config. [Jakub Onderka] +- [internal] Fix when authkey is invalid. [Jakub Onderka] +- [internal] BetterSecurity tool. [Jakub Onderka] +- [setting] Allow to encrypt setting. [Jakub Onderka] +- [setting] Add new MISP.system_setting_db setting. [Jakub Onderka] +- Store system settings in database. [Jakub Onderka] +- [MISP fetcher] added to create an offline update package. [iglocska] +- [doc] Initial php8.0 and Ubuntu 22.04. [Steve Clement] +- [test] test_add_duplicate_tags. [Jakub Onderka] +- [test] test_log_new_audit. [Jakub Onderka] +- [test] test_restsearch_event_by_tags. [Jakub Onderka] +- [settings] Allow to use ThreatLevel.name for alert filter. [Jakub + Onderka] +- [API] Return JSON for server index preview. [Jakub Onderka] +- [CLI] New task for removeOrphanedCorrelations and optimiseTables. + [Jakub Onderka] +- [attribute type] ssh-fingerprint - a fingerprint of SSH key material. + [Alexandre Dulaunoy] +- [attribute type] ssh-fingerprint - a fingerprint of SSH key material. + [Alexandre Dulaunoy] +- [test] test_deleted_attributes. [Jakub Onderka] +- [CLI] Assign UserSetting to list output. [Jakub Onderka] +- [oidc] User setting for oidc metadata. [Jakub Onderka] +- [test] test_delete_event_blocklist. [Jakub Onderka] +- [sync] Server sync logging. [Jakub Onderka] +- [test] test_search_index_by_all. [Jakub Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [submodule update] added --init --recursive. [iglocska] +- [internal] Add BACKGROUND_JOB_ID to new process. [Jakub Onderka] +- [CLI] Start worker help. [Jakub Onderka] +- [internal] Bg worker cleanup. [Jakub Onderka] +- [internal] Check if update is possible. [Jakub Onderka] +- [internal] Simplify Attribute::fetchAttributes. [Jakub Onderka] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [object] break on duplicate, include uuid in addition to ID in failure + message, fixes #7929. [iglocska] +- [internal] Use ProcessTool in Server. [Jakub Onderka] +- [internal] Use ProcessTool in PubSubTool. [Jakub Onderka] +- [internal] Use ProcessTool in SecurityAudit. [Jakub Onderka] +- [internal] Use ProcessTool in StixExport. [Jakub Onderka] +- [internal] upload_stix uses ProcessTool. [Jakub Onderka] +- [internal] Use ProcessTool in AttachmentTool. [Jakub Onderka] +- [internal] Simplify checking if folder is writable. [Jakub Onderka] +- [internal] Try to use array for processes. [Jakub Onderka] +- [internal] Better submodule info fetching. [Jakub Onderka] +- [internal] Check if update is possible. [Jakub Onderka] +- [internal] Current branch and commit checking. [Jakub Onderka] +- [internal] More clear method names. [Jakub Onderka] +- [UI] Use TimeHelper for zmq status. [Jakub Onderka] +- [internal] Small optim. [Jakub Onderka] +- [internal] Move version checking to one function. [Jakub Onderka] +- [internal] Use GitTool for remote version fetching. [Jakub Onderka] +- [internal] Faster way how to get current commit. [Jakub Onderka] +- [internal] Authkey resetting. [Jakub Onderka] +- [internal] Simplified remove version checking. [Jakub Onderka] +- [UI] scheduler doesn't exist for SimpleBackgroundJobs. [Jakub Onderka] +- [CLI] Add help for Admin redisReady command. [Jakub Onderka] +- [internal] Avoid shell_exec. [Jakub Onderka] +- [internal] Code style. [Jakub Onderka] +- [internal] pubsub types. [Jakub Onderka] +- [internal] Simplified Feed:getFreetextFeed method. [Jakub Onderka] +- [internal] Simplified feed caching. [Jakub Onderka] +- [internal] searchCaches code cleanup. [Jakub Onderka] +- [internal] Simplify server caching. [Jakub Onderka] +- Setting msg. [Luciano Righetti] +- Remove track_status setting. [Luciano Righetti] +- Remove MISP.use_simple_background_jobs setting in favor of + SimpleBackgroundJobs.enabled. [Luciano Righetti] +- Remove monitor stuff from docbloc. [Luciano Righetti] +- Remove workers monitor script, rely on Supervisor API for all worker- + related stuff. [Luciano Righetti] +- Try to get user via posix method first. [Luciano Righetti] +- Remove sleep from worker poll. [Luciano Righetti] +- Merge develop, fix conflicts. [Luciano Righetti] +- Add background jobs settings to the ui editor. [Luciano Righetti] +- Add fxmlrpc package as suggested. [Luciano Righetti] +- Minor refactor. [Luciano Righetti] +- Reload conf. [Luciano Righetti] +- Add redis namespace globally, add auto json de/serializer setting to + redis client. [Luciano Righetti] +- Move initTool() logic to constructor. [Luciano Righetti] +- Merge develop, fix conflicts. [Luciano Righetti] +- Merge develop, fix conflicts. [Luciano Righetti] +- Rename settings. [Luciano Righetti] +- Rename conf name. [Luciano Righetti] +- Rename conf name. [Luciano Righetti] +- Call supervisor xml-rpc api, add supervisor app required packages. + [Luciano Righetti] +- Add db update. [Luciano Righetti] +- Remove deprecation msg. [Luciano Righetti] +- Merge develop, fix conflicts. [Luciano Righetti] +- Use new bg jobs tool in user model. [Luciano Righetti] +- Use new bg jobs tool in shadow attribute model. [Luciano Righetti] +- Use new bg job tool in job model (cache cmds) [Luciano Righetti] +- Use new bg job tool in post model, refactor command. [Luciano + Righetti] +- Use new bg job tool in log model. [Luciano Righetti] +- Use new bg job tool for publishing galaxy clusters. [Luciano Righetti] +- Use new bg jobs tool in correlation exclusion model. [Luciano + Righetti] +- Use new bg jobs tool in correlation model. [Luciano Righetti] +- Use new bg jobs tool in AttachmentScan. [Luciano Righetti] +- Use new bg jobs tool in AppModel. [Luciano Righetti] +- Use new bg jobs tool in shadow attributes controller. [Luciano + Righetti] +- Use new bg jobs tool in feeds controller. [Luciano Righetti] +- Use new bg jobs tool in servers controller. [Luciano Righetti] +- Use new bg jobs tool in /attributes/generateCorrelation. [Luciano + Righetti] +- Move metadata parameter to last, refactor Server calls to background + jobs to new tool. [Luciano Righetti] +- Add user to worker class, make /servers/getWorkers compatible with new + bg jobs. [Luciano Righetti] +- Fix issues with servershell pull/push commands. [Luciano Righetti] +- Refactor background jobs tool to receive jobId instead of entity. + [Luciano Righetti] +- Refactor server shell background jobs to use new tool. [Luciano + Righetti] +- Refactor all background job calls from event model and controller to + use new tool. [Luciano Righetti] +- Move contact reporter background job to new tool. [Luciano Righetti] +- Fetch job status from redis in jobs view. [Luciano Righetti] +- Remove hardcode response, map shell/cmd names. [Luciano Righetti] +- Pass sql Job to new job handler. [Luciano Righetti] +- Make enqueue method generic for both engines. [Luciano Righetti] +- [installer] Bump to latest version. [Steve Clement] +- [installer] Bump installer to latest version. [Steve Clement] +- [doc] updated dates in copyright section. [Christophe Vandeplas] +- [internal] Code style. [Jakub Onderka] +- [internal] AppController cleanup. [Jakub Onderka] +- [internal] App model cleanup. [Jakub Onderka] +- [internal] Simplify code for pulling events. [Jakub Onderka] +- [internal] Delete system setting when value is empty. [Jakub Onderka] +- [internal] Make system setting more secure. [Jakub Onderka] +- [internal] Deprecate Org::getUUIDs endpoint. [Jakub Onderka] +- [internal] Do not try to fetch empty clusters. [Jakub Onderka] +- [internal] Optimise loading event info in AuditLog. [Jakub Onderka] +- [internal] Unpublish event timestamp. [Jakub Onderka] +- [internal] Simplified editing field. [Jakub Onderka] +- [internal] Simplified attribute pagination. [Jakub Onderka] +- [internal] Remove SysLogLogable from SystemSetting. [Jakub Onderka] +- [internal] Simplify Server model code. [Jakub Onderka] +- [systemsetting] Better checking if setting is sensitive. [Jakub + Onderka] +- [optimise] Reduce number of SQL queries for login page. [Jakub + Onderka] +- [auditlog] Smarter title. [Jakub Onderka] +- [internal] Hide sensitive setting in AuditLog. [Jakub Onderka] +- [internal] Code style. [Jakub Onderka] +- [internal] Faster attaching tags to events. [Jakub Onderka] +- [internal] Assign galaxies in one query. [Jakub Onderka] +- [internal] Optimise loading attributes when doing search. [Jakub + Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc] Document use of local parameter in API for tags/galaxies. [Loïc + Fortemps] +- [doc] minor changes for 22.04 and ethX update. [Steve Clement] +- [install] Update to latest installer. [Steve Clement] +- [doc] Varios small fixes. [Steve Clement] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [auditlog] Remove non exists insertId. [Jakub Onderka] +- [schema] Set object_references.uuid as unique column. [Jakub Onderka] +- [internal] Optimise saving attributes. [Jakub Onderka] +- [internal] Optimise attaching tags to objects. [Jakub Onderka] +- [internal] Optimise AuditLogBehavior. [Jakub Onderka] +- [auditlog] Remove unused variable. [Jakub Onderka] +- [auditlog] Simplify and optimise code. [Jakub Onderka] +- [internal] Optimise Attribute::fetchAttribute. [Jakub Onderka] +- [internal] Optimise updating templates. [Jakub Onderka] +- [internal] Optimise genericPicker. [Jakub Onderka] +- [internal] Use FileAccessTool in MispObject. [Jakub Onderka] +- [internal] Faster fetching object templates for selectbox. [Jakub + Onderka] +- [internal] Optimise bulkSaveRelations. [Jakub Onderka] +- [internal] Optimise AuditLog. [Jakub Onderka] +- [internal] Try to remove possible unused methods. [Jakub Onderka] +- [internal] Optimise Tag::findTagIdsByTagNames. [Jakub Onderka] +- [internal] Optimise fetching events by tags. [Jakub Onderka] +- [internal] Simplify creating tag. [Jakub Onderka] +- [build] Try to run workers under www-data user. [Jakub Onderka] +- [PyMISP] Bump. [Jakub Onderka] +- [internal] Faster importing galaxy relation tags. [Jakub Onderka] +- [internal] Optimise sightings. [Jakub Onderka] +- [internal] Small optimisations. [Jakub Onderka] +- [internal] Code cleanup. [Jakub Onderka] +- [internal] Do not check event tags conflicts. [Jakub Onderka] +- [UI] Check empty event before filtering. [Jakub Onderka] +- [internal] Simplify code for Server::serverGetRequest. [Jakub Onderka] +- [internal] Better error messages when fetching feeds. [Jakub Onderka] +- [internal] Simplified link and boolean validation. [Jakub Onderka] +- [test] testDomainModify. [Jakub Onderka] +- [internal] Optimise converting hash to lowercase. [Jakub Onderka] +- [internal] Faster IPv6 compression. [Jakub Onderka] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [internal] Optimise afterFind and simplify ISODatetimeToUTC. [Jakub + Onderka] +- [internal] Code style. [Jakub Onderka] +- [internal] Move IPv6 compression to one method. [Jakub Onderka] +- [internal] Simplify validation for `domain|ip` [Jakub Onderka] +- [internal] Move ssdeep validation to specific method. [Jakub Onderka] +- [internal] Add ssh-fingerpint validation. [Jakub Onderka] +- [internal] Change params order for validate method. [Jakub Onderka] +- [internal] Move attribute validation to different tool. [Jakub + Onderka] +- [PyMISP] update version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [PyMISP] update to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [stix] Bumped laster version of various stix related libraries. + [chrisr3d] +- [opendata] Bumped latest version. [chrisr3d] +- [misp-stix] Bumped latest version. [chrisr3d] +- [server settings] allow empty baseurl to be saved. [iglocska] +- [stix] allow passing the publish flag to the stix upload. [iglocska] +- [internal] Reduce one SQL query for every request. [Jakub Onderka] +- [internal] Fetch less columns for Tag for event index. [Jakub Onderka] +- [internal] Do not fetch EventTag.id for events index. [Jakub Onderka] +- [internal] Log when object reference could not be captured. [Jakub + Onderka] +- [internal] Add validation for ObjectReference. [Jakub Onderka] +- [schema] Add index for object_references.event_id column. [Jakub + Onderka] +- [internal] Faster attaching references. [Jakub Onderka] +- [internal] Move method for fetching tags to one place. [Jakub Onderka] +- [internal] Simplified Event::attachTagsToEvents. [Jakub Onderka] +- [internal] Faster attaching attribute tags. [Jakub Onderka] +- [internal] Simplify Attribute::runValidation. [Jakub Onderka] +- [internal] Disable order for hasAny method. [Jakub Onderka] +- [internal] Simplified notifications loading. [Jakub Onderka] +- [misp-galaxy] updated to the latest version (ATT&CK v10) [Alexandre + Dulaunoy] +- [internal] Faster tag capturing. [Jakub Onderka] +- [internal] Simplify UserSetting code. [Jakub Onderka] +- [misp-stix] Bumped latest version. [chrisr3d] +- [Server:update] Execute git submodule sync before updating. [Sami + Mokaddem] + + This is done in order to make sure the submodules' remote URL is inline with the value defined in the .gitmodules +- [install] Regenerated install script to include the latest changes + + update installer checksums. [chrisr3d] +- [doc] Update to OpenBSD 7.0. [Steve Clement] +- [doc] Added 3 more optionals. [Steve Clement] +- [github actions] Enabling tests on the `misp-stix` branch (at least + temporarily) [chrisr3d] +- [stix2 export] Using specific filter `stix-version` instead of + `version` that is too generic and used somewhere else. [chrisr3d] +- [schema] Set sharing group name as unique index. [Jakub Onderka] +- [internal] Simplify code for compareDBIndexes. [Jakub Onderka] +- [internal] Change way how to remove focus from URL. [Jakub Onderka] +- [internal] Convert to const array. [Jakub Onderka] +- [internal] Remove duplicates from acceptedFilteringNamedParams. [Jakub + Onderka] +- [API] Simplify handling deleted attributes. [Jakub Onderka] +- [UI] Simplify performQuery method. [Jakub Onderka] +- [UI] Simplify HTML code. [Jakub Onderka] +- [ajax] Return correct error code when user is not logged. [Jakub + Onderka] +- [Server:update] Execute git submodule sync before updating. [Sami + Mokaddem] + + This is done in order to make sure the submodules' remote URL is inline with the value defined in the .gitmodules +- [internal] Faster tag extraction. [Jakub Onderka] +- [auditlog] Optimise fetching old records. [Jakub Onderka] +- [internal] Update correlations just when necessary. [Jakub Onderka] +- [internal] Event::unpublishEvent method. [Jakub Onderka] +- [internal] Simplify validation for Event org_id and orgc_id fields. + [Jakub Onderka] +- [internal] Move UUID generation to beforeSave method. [Jakub Onderka] +- [internal] SaveMany for Event::add_original_file. [Jakub Onderka] +- [internal] Simplify Event::__attachReferences. [Jakub Onderka] +- [internal] Optimise fetching correlations. [Jakub Onderka] +- [internal] Simplify Event::beforeValidate. [Jakub Onderka] +- [internal] Simplify Attribute::beforeValidate. [Jakub Onderka] +- [internal] Simplify validation. [Jakub Onderka] +- [internal] Optimise beforeValidate for object. [Jakub Onderka] +- [internal] Optimise datetimeOrNull method. [Jakub Onderka] +- [internal] Optimise JSONConverterTool. [Jakub Onderka] +- [modules] Use JsonTool. [Jakub Onderka] +- [stix-export] Use JsonTool. [Jakub Onderka] +- [pubsub] Optimise. [Jakub Onderka] +- [internal] Optimise validators. [Jakub Onderka] +- [internal] Remove unused validation rule. [Jakub Onderka] +- [internal] Fix validation for UserSetting value. [Jakub Onderka] +- [internal] Remove unused method. [Jakub Onderka] +- [internal] Use reference for event modification. [Jakub Onderka] +- [internal] Optimise code for fetch proposals for events. [Jakub + Onderka] +- [internal] Simplified attaching sharing groups. [Jakub Onderka] +- [internal] Do not specify fields when fetching object. [Jakub Onderka] +- [internal] Optimise fetching event when pulling. [Jakub Onderka] +- [internal] Fix setting cleanDb admin setting. [Jakub Onderka] +- [internal] Do less work when checking if db is updated. [Jakub + Onderka] +- [internal] Code cleanup for Server::pull method. [Jakub Onderka] +- [UI] For first/last seen show timezone in tooltip. [Jakub Onderka] +- [UI] Event tooltips. [Jakub Onderka] +- [sync] Better exception handling. [Jakub Onderka] +- [sync] Use server sync tool for compatibility check. [Jakub Onderka] +- [internal] Create log entry for compatibility check. [Jakub Onderka] +- [internal] Code cleanup for EventsController::__indexRestResponse. + [Jakub Onderka] +- [internal] Small optimisations for index REST response. [Jakub + Onderka] +- [internal] Remove user id from fetched columns. [Jakub Onderka] +- [API] Fetch sharing groups in different query. [Jakub Onderka] +- [API] Optimise fetching event index. [Jakub Onderka] +- [event-index] Faster fetching empty results. [Jakub Onderka] +- [index] Faster event filtering by multiple tags. [Jakub Onderka] +- [internal] Event tags are deleted by quick delete. [Jakub Onderka] +- [event-index] Simplified condition for minimal search. [Jakub Onderka] +- [test] test_search_index_by_attribute. [Jakub Onderka] +- [test] test_search_index_minimal_published. [Jakub Onderka] +- [event index] For non exists email, do not return any event. [Jakub + Onderka] +- [test] Tests for event index – search not by info. [Jakub Onderka] +- [test] test_search_index_by_email_admin. [Jakub Onderka] +- [internal] Handle non admin search event by email differently. [Jakub + Onderka] +- [test] Tests for event index search by email. [Jakub Onderka] +- [test] Add more test for event index. [Jakub Onderka] +- [internal] Another bunch of event filter optim. [Jakub Onderka] +- [rest] Do not copy data. [Jakub Onderka] +- [rest] Close session to allow concurrent requests. [Jakub Onderka] +- [test] temp folder is not writable. [Jakub Onderka] +- [test] Better tests for event index. [Jakub Onderka] +- [index] Simplified code for org matching. [Jakub Onderka] +- [test] More tests for event index. [Jakub Onderka] +- [test] Tests for event index. [Jakub Onderka] +- [stix-export] Code cleanup. [Jakub Onderka] +- [export] Check method existence rather than another variable. [Jakub + Onderka] +- [stix-export] Throw exception on error. [Jakub Onderka] +- [stix-export] Store temp file in default folder. [Jakub Onderka] +- [stix-export] Try to directly return TmpFileTool. [Jakub Onderka] +- [stix-export] Use more reliable file processing. [Jakub Onderka] +- [stix-export] Use TmpFileTool. [Jakub Onderka] +- [stix-export] Simplified loading python bin. [Jakub Onderka] +- [internal] Use JsonTool for JSON encoding. [Jakub Onderka] +- [internal] Use tmp folder for stix upload. [Jakub Onderka] +- [internal] Use FileAccessTool for STIX upload. [Jakub Onderka] +- [internal] Use FileAccessTool for Event::__getTagNamesFromSynonyms. + [Jakub Onderka] +- [internal] Use FileAccessTool for Feed::unzipFirstFile. [Jakub + Onderka] +- [internal] Use FileAccessTool for publishing sightings. [Jakub + Onderka] + +Fix +~~~ +- ServerShell fails if SimpleBackgroundJobs config does not exists. + [Luciano Righetti] +- [internal] Attaching cluster. [Jakub Onderka] +- [systemSetting] Check if database exists. [Jakub Onderka] +- [internal] Try to create directory if not exist. [Jakub Onderka] +- [user creation] don't show old style API key in the UI if advanced + authkeys are enabled. [iglocska] + + - confusing and unusable anyway +- [user creation] Don't create an advanced authkey by default when + creating a new user. [iglocska] + + - nobody will see the initial key, users can always create API keys for themselves +- [internal] Remove redundant condition. [Jakub Onderka] +- [internal] Correctly count matched attributes. [Jakub Onderka] +- [internal] Skip empty line. [Jakub Onderka] +- [internal] Update JSON. [Jakub Onderka] +- [internal] Param order. [Jakub Onderka] +- [internal] Private property access. [Jakub Onderka] +- [CLI] redisMemoryUsage. [Jakub Onderka] +- [UI] Correct attaching cache timestamp to server. [Jakub Onderka] +- [internal] Remove unused MISP.cached_attachments setting. [Jakub + Onderka] +- Wrong default. [Luciano Righetti] +- Wrong default. [Luciano Righetti] +- Allow start worker by queue type. [Luciano Righetti] +- Issues when worker is stopped, allow null pid and user in worker + class. [Luciano Righetti] +- Do not fail on process_id=null. [Luciano Righetti] +- Class not found issue. [Luciano Righetti] +- Bad merge. [Luciano Righetti] +- Minor cs issues. [Luciano Righetti] +- Revert bad merge. [Luciano Righetti] +- Fix typo. [Luciano Righetti] +- Replace splat operator, follow cake 2.x private methods naming. + [Luciano Righetti] +- Change expected db version. [Luciano Righetti] +- Wrong update query. [Luciano Righetti] +- Use class registry to get job class. [Luciano Righetti] +- Add missing jobId param to enqueue() calls. [Luciano Righetti] +- Fix get worker status. [Luciano Righetti] +- Handle job status not found. [Luciano Righetti] +- Fix typo. [Luciano Righetti] +- Return correct X-Result-Count value in /attributes/restSearch. + [Luciano Righetti] +- [CLI] fixes to the appshell. [iglocska] + + - always load the configload task +- [CLI/background jobs] reverted removal of perform command. [iglocska] +- [email OTP] subject tag fixed. [iglocska] + + - [MISP foo] to [foo MISP] to be aligned with other e-mails +- [doc] Added missing misp-stix to the documentation. [Steve Clement] +- [schema] updated. [iglocska] +- [internal] Remove unused helper. [Jakub Onderka] +- [internal] Remove potentially problematic and non functional + searchAlternate. [Jakub Onderka] +- [config] Remove not used Attributes_Values_Filter_In_Event. [Jakub + Onderka] +- [internal] Fetching clusters. [Jakub Onderka] +- [tags] enforce local_only check on backend. [Loïc Fortemps] +- [API] Object reference view. [Jakub Onderka] +- [auditlog] Fetch event_id when necessary. [Jakub Onderka] +- [API] Do not allow same tags for one object (local/global) [Jakub + Onderka] +- [internal] Attaching tags to attachment attribute. [Jakub Onderka] +- [test] Permission for workers. [Jakub Onderka] +- [API] Exception value. [Jakub Onderka] +- [API] UserSetting::getSetting method. [Jakub Onderka] +- [API] Deleting user setting. [Jakub Onderka] +- [UI] Ignore harvest exception. [Jakub Onderka] +- [UI] Correct link to focus. [Jakub Onderka] +- [API] Remove default filters for viewEventAttributes. [Jakub Onderka] +- [UI] Element name. [Jakub Onderka] +- [UI] Filtering attribute when distribution is zero. [Jakub Onderka] +- [UI] Feed hits. [Jakub Onderka] +- [UI] Add link to full attribute. [Jakub Onderka] +- [validation] Correctly validate filename|tlsh attribute. [Jakub + Onderka] +- [internal] removeOrphanedCorrelations. [Jakub Onderka] +- [internal] Filename|xxx could not contain new line char. [Jakub + Onderka] +- [internal] named pipe validation. [Jakub Onderka] +- [internal] Remove unreachable code. [Jakub Onderka] +- [internal] Simplify Attribute code. [Jakub Onderka] +- [API] Simplify some validations. [Jakub Onderka] +- [cti-python-stix2] Correctly bumped latest version... [chrisr3d] +- [cti-python-stix2] Correctly bumped latest version... [chrisr3d] +- [database] upgrade script using mb4 defaulted to 255 key length. + [iglocska] + + - default should be 191 +- [API] Faster assigning objects and attributes to references. [Jakub + Onderka] +- [internal] Do not duplicate column. [Jakub Onderka] +- [API] Simplify linking proposals to attributes. [Jakub Onderka] +- [API] Simplify fetchEvent code. [Jakub Onderka] +- [internal] Attaching servere/feed correlation to proposals. [Jakub + Onderka] +- [internal] Proposal validation. [Jakub Onderka] +- [schema] Modify User.change_pw column to boolean. [Jakub Onderka] +- [internal] No exception when db logs are disabled. [Jakub Onderka] +- [UI] Correct values for deleted attribute filtering. [Jakub Onderka] +- [github actions] For the tests purpose, installing the stix1 python + library from the submodule. [chrisr3d] +- [gitignore] Removed directories related to python libraries. + [chrisr3d] +- [stix python install] Added STIX python dependencies to the install. + [chrisr3d] +- [validation] TLSH new format validation added. [iglocska] + + - ffs +- [internal] Do not allow deleting SG when object or event reprot is + assigned to that SG. [Jakub Onderka] +- [internal] Prevent duplicate org for sharing group. [Jakub Onderka] +- [CLI] Cluster publishing. [Jakub Onderka] +- [UI] Active rules value. [Jakub Onderka] +- [UI] Event filtering. [Jakub Onderka] +- [ui] Do not call checkAndSetPublishedInfo when no need. [Jakub + Onderka] +- [UI] Correctly handle links to related events. [Jakub Onderka] +- [UI] Broken tag attaching. [Jakub Onderka] +- [internal] Deleting events. [Jakub Onderka] +- [internal] Try to prevent deadlocks when updating event attribute + count. [Jakub Onderka] +- [internal] Fetch event index in CSV. [Jakub Onderka] +- [test] Fix event index tests. [Jakub Onderka] +- [UI] Undefined index. [Jakub Onderka] +- [stix-export] Delete tmp files. [Jakub Onderka] +- [index] Org condition. [Jakub Onderka] +- [index] Remove all virtual fields. [Jakub Onderka] +- [API] Fix fetching events by org UUID. [Jakub Onderka] +- [event index] search by org fixed when using string names, fixes + MISP/PyMISP#799. [iglocska] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7971 from JakubOnderka/apcu. [Jakub Onderka] + + new: [internal] Faster caching +- Merge pull request #7970 from JakubOnderka/fix-diagnostics. [Jakub + Onderka] + + fix: [internal] Try to create directory if not exist +- Merge pull request #7965 from JakubOnderka/bg-worker-simplify. [Jakub + Onderka] + + chg: [internal] Bg worker cleanup +- Merge pull request #7956 from JakubOnderka/fix-attr-count. [Jakub + Onderka] + + fix: [internal] Correctly count matched attributes +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7959 from JakubOnderka/remote-version-checking. + [Jakub Onderka] + + chg: [internal] Simplified remote version checking +- Merge pull request #7958 from JakubOnderka/bg-fix. [Jakub Onderka] + + Bg fix +- Merge pull request #7955 from JakubOnderka/code-style-background-jobs. + [Jakub Onderka] + + chg: [internal] Code style +- Merge pull request #7954 from JakubOnderka/sub. [Jakub Onderka] + + new: [user] Add sub field for user +- Merge pull request #7949 from JakubOnderka/server-caching. [Jakub + Onderka] + + Server caching +- Merge pull request #7953 from JakubOnderka/cached_attachments_remove. + [Jakub Onderka] + + fix: [internal] Remove unused MISP.cached_attachments setting +- Merge pull request #7939 from righel/add_simple_background_jobs. + [Andras Iklody] + + Add simple background jobs +- Merge branch 'develop' into add_simple_background_jobs. [Luciano + Righetti] +- Merge branch 'develop' into add_simple_background_jobs. [Luciano + Righetti] +- Add: add initial new simple background jobs. [Luciano Righetti] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7946 from JakubOnderka/redis-memory-usage. [Jakub + Onderka] + + new: [CLI] Redis memory usage diagnostics +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [Steve Clement] +- Merge pull request #7944 from SteveClement/guides. [Steve Clement] + + fix: [doc] Added missing misp-stix to the documentation +- Merge pull request #7817 from fandigunawan/supports-minio. [Alexandre + Dulaunoy] + + new: Supports MinIO as alternative to AWS S3 +- Adds default TLS validation to true and supports custom CA path. + [Fandi Gunawan] +- Supports MinIO as alternative to AWS S3. [Fandi Gunawan] +- Merge pull request #7938 from JakubOnderka/authkeys-encrypted-vol2. + [Jakub Onderka] + + Authkeys encrypted vol2 +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7937 from JakubOnderka/app-controller-cleanup- + vol4. [Jakub Onderka] + + App controller cleanup vol4 +- Merge pull request #7936 from JakubOnderka/app-model-cleanup. [Jakub + Onderka] + + chg: [internal] App model cleanup +- Merge pull request #7932 from JakubOnderka/pulling-simplify. [Jakub + Onderka] + + chg: [internal] Simplify code for pulling events +- Merge pull request #7935 from JakubOnderka/system-setting-security. + [Jakub Onderka] + + chg: [internal] Make system setting more secure +- Merge pull request #7742 from JakubOnderka/get-uuids-deprecate. [Jakub + Onderka] + + chg: [internal] Deprecate Org::getUUIDs endpoint +- Merge pull request #7934 from JakubOnderka/attribute-pagination. + [Jakub Onderka] + + Attribute pagination +- Merge pull request #7416 from JakubOnderka/menu-custom-right-link. + [Jakub Onderka] + + new: [UI] Define custom right menu link +- Merge pull request #7927 from JakubOnderka/system-setting. [Jakub + Onderka] + + System setting in database +- Merge pull request #7933 from JakubOnderka/attributes-index. [Jakub + Onderka] + + Attributes index +- Merge pull request #7931 from thijskh/shib-doc-fixes. [Alexandre + Dulaunoy] + + Fix docblock formatting and add newer settings to README documentation +- Fix docblock formatting and add newer settings to README + documentation. [Thijs Kinkhorst] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'local_only' into develop. [iglocska] +- Bump DB version. [Loïc Fortemps] +- Merge branch 'develop' into local_tags. [Loïc Fortemps] +- Adding a local_only option for Tags and Galaxies. [Loic Fortemps] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7928 from SteveClement/guides. [Steve Clement] +- Merge pull request #7926 from SteveClement/guides. [Steve Clement] +- Merge pull request #7918 from StefanKelm/2.4. [Luciano Righetti] + + Update openapi.yaml +- Update openapi.yaml. [StefanKelm] + + tiny typo... +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7904 from StefanKelm/2.4. [Luciano Righetti] + + Update openapi.yaml +- Update openapi.yaml. [StefanKelm] + + small copy-n-paste error +- Merge pull request #7854 from JakubOnderka/save-optim. [Jakub Onderka] + + chg: [internal] Optimise saving attributes +- Merge pull request #7915 from JakubOnderka/fix-saving-attribute. + [Jakub Onderka] + + fix: [internal] Attaching tags to attachment attribute +- Merge pull request #7914 from JakubOnderka/audit-log-behaviour-optim. + [Jakub Onderka] + + Audit log behaviour optim +- Merge pull request #7913 from JakubOnderka/fetchAttribute. [Jakub + Onderka] + + chg: [internal] Optimise Attribute::fetchAttribute +- Merge pull request #7910 from JakubOnderka/object-templates. [Jakub + Onderka] + + Object templates +- Merge pull request #7911 from JakubOnderka/bulkSaveRelations. [Jakub + Onderka] + + chg: [internal] Optimise bulkSaveRelations +- Merge pull request #7912 from JakubOnderka/audit-log-optim. [Jakub + Onderka] + + chg: [internal] Optimise AuditLog +- Merge pull request #7908 from + JakubOnderka/test_restsearch_event_by_tags. [Jakub Onderka] + + new: [test] test_restsearch_event_by_tags +- Merge pull request #7909 from JakubOnderka/galaxy-cluster-relation- + tag. [Jakub Onderka] + + chg: [internal] Simplify creating tag +- Merge pull request #7890 from JakubOnderka/thret-level-notification. + [Jakub Onderka] + + new: [settings] Allow to use ThreatLevel.name for alert filter +- Merge pull request #7891 from JakubOnderka/faster-galaxy-import. + [Jakub Onderka] + + chg: [internal] Faster importing galaxy relation tags +- Merge pull request #7852 from JakubOnderka/optimise-sighting. [Jakub + Onderka] + + chg: [internal] Optimise sightings +- Merge pull request #7907 from JakubOnderka/view-event-attriubtes- + ignore. [Jakub Onderka] + + View event attriubtes ignore +- Merge pull request #7905 from JakubOnderka/fix-view-event-attributes. + [Jakub Onderka] + + Fix view event attributes +- Merge pull request #7903 from JakubOnderka/fix-filter-distribution- + zero. [Jakub Onderka] + + fix: [UI] Filtering attribute when distribution is zero +- Merge pull request #7887 from thijskh/patch-1. [Alexandre Dulaunoy] + + Clarify some aspects of the Shibboleth config +- Clarify some aspects of the Shibboleth config. [Thijs Kinkhorst] +- Merge pull request #7902 from JakubOnderka/attribute-list-link. [Jakub + Onderka] + + fix: [UI] Add link to full attribute +- Merge pull request #7901 from JakubOnderka/tlsh-validation-fix. [Jakub + Onderka] + + fix: [validation] Correctly validate filename|tlsh attribute +- Merge pull request #7897 from JakubOnderka/preview-index-api. [Jakub + Onderka] + + Preview index api +- Merge pull request #7899 from JakubOnderka/admin-shell. [Jakub + Onderka] + + new: [CLI] New task for removeOrphanedCorrelations and optimiseTables +- Merge pull request #7900 from JakubOnderka/fetch-feed. [Jakub Onderka] + + chg: [internal] Better error messages when fetching feeds +- Merge pull request #7896 from JakubOnderka/fix-remove-orphaned- + correlation. [Jakub Onderka] + + add: [test] test_remove_orphaned_correlations +- Add: [test] test_remove_orphaned_correlations. [Jakub Onderka] +- Merge pull request #7895 from JakubOnderka/attribute-validation-tool- + fix. [Jakub Onderka] + + Attribute validation tool fix +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7894 from JakubOnderka/attribute-code-style. + [Jakub Onderka] + + fix: [internal] Simplify Attribute code +- Merge pull request #7893 from JakubOnderka/attribute-validation-tool. + [Jakub Onderka] + + Attribute validation tool +- Fixup! chg: [internal] Move attribute validation to different tool. + [Jakub Onderka] +- Add: [test] Basic test for AttributeValidationTool. [Jakub Onderka] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [chrisr3d] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #7878 from imidoriya/patch-2. [Alexandre Dulaunoy] + + Exclude the /venv/* as it causes confusion +- Exclude the /venv/* as it causes confusion. [Deku] +- Merge pull request #7889 from JakubOnderka/reduce-sql. [Jakub Onderka] + + chg: [internal] Reduce one SQL query for every request +- Merge pull request #7881 from JakubOnderka/attribute-tags. [Jakub + Onderka] + + chg: [internal] Faster attaching attribute tags +- Merge pull request #7886 from JakubOnderka/proposals-correaltions. + [Jakub Onderka] + + fix: [internal] Attaching servere/feed correlation to proposals +- Merge pull request #7885 from JakubOnderka/fix-proposal-validation. + [Jakub Onderka] + + fix: [internal] Proposal validation +- Merge pull request #7884 from JakubOnderka/faster-notifications. + [Jakub Onderka] + + chg: [internal] Simplified notifications loading +- Merge pull request #7882 from JakubOnderka/change-pw-fix. [Jakub + Onderka] + + fix: [schema] Modify User.change_pw column to boolean +- Merge pull request #7883 from JakubOnderka/skip-db-logs-fix. [Jakub + Onderka] + + fix: [internal] No exception when db logs are disabled +- Merge pull request #7880 from JakubOnderka/deleted-fixes. [Jakub + Onderka] + + fix: [UI] Correct values for deleted attribute filtering +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7872 from JakubOnderka/faster-tag-capturing. + [Jakub Onderka] + + chg: [internal] Faster tag capturing +- Merge pull request #7873 from JakubOnderka/user-setting-cleanup. + [Jakub Onderka] + + chg: [internal] Simplify UserSetting code +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge pull request #7841 from SteveClement/guides. [Steve Clement] +- Merge branch 'MISP:2.4' into guides. [Steve Clement] +- Merge pull request #7840 from amuehlem/2.4. [Alexandre Dulaunoy] + + added 'git submodule sync' before 'git submodule update' +- Added 'git submodule sync' before 'git submodule update' [Andreas + Muehlemann] +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge pull request #7871 from JakubOnderka/duplicate-sg-org. [Jakub + Onderka] + + fix: [internal] Prevent duplicate org for sharing group +- Merge pull request #7870 from JakubOnderka/code-cleanup-vol10. [Jakub + Onderka] + + chg: [internal] Simplify code for compareDBIndexes +- Merge pull request #7866 from JakubOnderka/publish-cluster-fix. [Jakub + Onderka] + + fix: [CLI] Cluster publishing +- Add: [test] Publishing galaxy cluster. [Jakub Onderka] +- Merge pull request #7864 from JakubOnderka/handle-deleted. [Jakub + Onderka] + + chg: [API] Simplify handling deleted attributes +- Merge pull request #7863 from JakubOnderka/advanced-filtering. [Jakub + Onderka] + + Advanced filtering cleanup +- Merge pull request #7862 from JakubOnderka/test_deleted_attributes. + [Jakub Onderka] + + new: [test] test_deleted_attributes +- Merge pull request #7730 from JakubOnderka/user-setting-oidc. [Jakub + Onderka] + + new: [oidc] User setting for oidc metadata +- Merge pull request #7861 from JakubOnderka/ajax-401. [Jakub Onderka] + + chg: [ajax] Return correct error code when user is not logged +- Merge pull request #7859 from JakubOnderka/fix-completeley-broken-ui. + [Jakub Onderka] + + fix: [UI] Broken tag attaching +- Merge pull request #7857 from JakubOnderka/faster-tag-extraction. + [Jakub Onderka] + + chg: [internal] Faster tag extraction +- Merge pull request #7855 from JakubOnderka/delete-event-fix. [Jakub + Onderka] + + fix: [internal] Deleting events +- Merge pull request #7851 from JakubOnderka/better-validation. [Jakub + Onderka] + + Better validation +- Merge pull request #7850 from JakubOnderka/optimise-event-fetch. + [Jakub Onderka] + + chg: [internal] Optimise fetching event when pulling +- Merge pull request #7849 from JakubOnderka/fix-clean-db. [Jakub + Onderka] + + chg: [internal] Fix setting cleanDb admin setting +- Merge pull request #7848 from JakubOnderka/update-less-work. [Jakub + Onderka] + + chg: [internal] Do less work when checking if db is updated +- Merge pull request #7797 from JakubOnderka/server-pull-cleanup. [Jakub + Onderka] + + chg: [internal] Code cleanup for Server::pull method +- Merge pull request #6562 from JakubOnderka/prevent-deadlocks. [Jakub + Onderka] + + fix: [internal] Try to prevent deadlocks when updating event attribute count +- Merge pull request #7036 from JakubOnderka/event-tooltips. [Jakub + Onderka] + + Event tooltips +- Merge pull request #7658 from JakubOnderka/compatiblity-check-log. + [Jakub Onderka] + + chg: [internal] Create log entry for compatibility check +- Merge pull request #7646 from JakubOnderka/server-sync-log. [Jakub + Onderka] + + new: [sync] Server sync logging +- Merge pull request #7584 from JakubOnderka/index-fetch-optim. [Jakub + Onderka] + + Index fetch optim +- Merge pull request #7748 from JakubOnderka/event-index-optim-vol2. + [Jakub Onderka] + + chg: [internal] Another bunch of event filter optim +- Fi: [test] test_search_index_by_email_admin. [Jakub Onderka] +- Merge pull request #7847 from JakubOnderka/rest-search-optim-vol2. + [Jakub Onderka] + + Rest search optim vol2 +- Merge pull request #7844 from JakubOnderka/build-test-vol2. [Jakub + Onderka] + + chg: [test] temp folder is not writable +- Merge pull request #7845 from JakubOnderka/fix-ui-undefined-index. + [Jakub Onderka] + + fix: [UI] Undefined index +- Merge pull request #7846 from JakubOnderka/stix-delete-files. [Jakub + Onderka] + + fix: [stix-export] Delete tmp files +- Merge pull request #7843 from JakubOnderka/index-test-vol2. [Jakub + Onderka] + + Index test vol2 +- Merge pull request #7842 from JakubOnderka/index-test. [Jakub Onderka] + + chg: [test] Tests for event index +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7835 from JakubOnderka/stix-export. [Jakub + Onderka] + + chg: [internal] Simplified loading python bin +- Merge pull request #7832 from JakubOnderka/pulish-sightings-file. + [Jakub Onderka] + + chg: [internal] Use FileAccessTool for publishing sightings + + +v2.4.150 (2021-10-12) +--------------------- + +New +~~~ +- [test] Build test. [Jakub Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- Add missing action buttons. [Luciano Righetti] +- Add tags and galaxies col. [Luciano Righetti] +- Add sightings cols and actions. [Luciano Righetti] +- Add attributes index custom fields. [Luciano Righetti] +- Initial migration of attributes/index view to factory. [Luciano + Righetti] +- Migrate news views to factory. [Luciano Righetti] +- [queryversion] bump. [iglocska] +- [log] Log when saving tags fails for attribute or event. [Jakub + Onderka] +- [internal] Add new submodules to diagnostics page. [Jakub Onderka] +- [UI] Show proper error when uploading event that already exists. + [Jakub Onderka] +- [feed] Move feed cache to proper folder. [Jakub Onderka] +- [feed] Use FileAccessTool. [Jakub Onderka] +- [feed] Simplified code for updating events from MISP feed. [Jakub + Onderka] +- [feed] Support unicode for feed preview search. [Jakub Onderka] +- [feed] Faster saving freetext attributes. [Jakub Onderka] +- [feed] Clean cache after feed modification. [Jakub Onderka] +- [feed] Check ETag when fetching freetext feed. [Jakub Onderka] +- [internal] Use hasAny for Org::canSee method. [Jakub Onderka] +- [internal] Use findColumn for Org::getOrgIdsFromMeta method. [Jakub + Onderka] +- [internal] Use FileAccessTool to read country galaxy cluster. [Jakub + Onderka] +- [internal] Better logging when saving SharingGroup. [Jakub Onderka] +- [internal] Simplify fetching Kafka topic. [Jakub Onderka] +- [internal] Simplify SharingGroup::checkIfAuthorisedToSave. [Jakub + Onderka] +- [internal] Simplify Event::__captureObjects code. [Jakub Onderka] +- [internal] Remove dead code. [Jakub Onderka] +- [internal] No need to initialize Sighting model. [Jakub Onderka] +- [internal] Remove unused attribute from MispObject::captureObject + method. [Jakub Onderka] +- [internal] Remove unused code when saving attributes for event. [Jakub + Onderka] +- [internal] Simplified code for MispObject::captureObject. [Jakub + Onderka] +- [internal] Faster saving attributes. [Jakub Onderka] +- [internal] Save multiple tags in one call. [Jakub Onderka] +- [internal] Simplified SharingGroup::appendOrgsAndServers. [Jakub + Onderka] +- [internal] Remove unused method Tag::findEventTags. [Jakub Onderka] +- [internal] Cache capturing tag results. [Jakub Onderka] +- [internal] Faster validating SG. [Jakub Onderka] +- [internal] Remove unused method. [Jakub Onderka] +- [internal] Simplified SharingGroup::checkIfAuthorised method. [Jakub + Onderka] +- [internal] Use hasAny for SG existence check. [Jakub Onderka] +- [internal] Use ?: operator. [Jakub Onderka] +- [internal] Use hasAny method for checkIfAuthorised methods. [Jakub + Onderka] +- [internal] Simplified Attribute::editAttribute method. [Jakub Onderka] +- [internal] Move Attribute::resizeImage method to AttachmentTool. + [Jakub Onderka] +- [internal] Default distribution method. [Jakub Onderka] +- [internal] Attribute::onDemandEncrypt faster. [Jakub Onderka] +- [internal] Delete unused method Attribute::saveAndEncryptAttribute. + [Jakub Onderka] +- [internal] Faster saving origin file. [Jakub Onderka] +- [internal] Optimise Attribute::valueIsUnique check. [Jakub Onderka] +- [internal] Do not encode/decode base64 for simpleAddMalwareSample. + [Jakub Onderka] +- [internal] Use FileAccessTool in AttachmentTool. [Jakub Onderka] +- [internal] Allow to save raw data. [Jakub Onderka] +- [internal] Background processing refactoring. [Jakub Onderka] +- [PyMISP] Update. [Jakub Onderka] +- [misp-stix] Update. [Jakub Onderka] +- [MISP/cakephp] updated - to get latest CA bundle. [Alexandre Dulaunoy] + +Fix +~~~ +- [attribute index] fixed attribute tag widget. [iglocska] + + - notice errors due to missing variables in the closure +- [attribute index] fix galaxy widget for the attribute index. + [iglocska] + + - notice errors when logged in as a user +- [attribute index] action ACL fixed. [iglocska] +- Incorrect sort keys. [Luciano Righetti] +- [internal] withCredentials property was added into $.ajaxSetup() to + get rid of 403 and 302 responses. [MrBoba] +- [internal] Fix saving tags. [Jakub Onderka] +- [log] Undefined index local. [Jakub Onderka] +- [internal] Remove unused SharingGroup::getSGSyncRules method. [Jakub + Onderka] +- [internal] Remove unused Event::checkIfAuthorised method. [Jakub + Onderka] +- [internal] Deleting event propagation to ZMQ and Kafka. [Jakub + Onderka] +- [shell] EventShell::contactemail command. [Jakub Onderka] +- [community-metadata] Fix typos and improve wording. [Jeroen Pinoy] +- [API] Return correct error message if event is blocklisted. [Jakub + Onderka] +- [attribute] Use `filename-pattern` [Jakub Onderka] +- [internal] Server save setting file. [Jakub Onderka] +- [stix1 export] Removed unnecessary write. [chrisr3d] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'attribute_index' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7633 from righel/migrate-news-views. [Andras + Iklody] + + chg: migrate news views to factory. +- Merge branch '2.4' into develop. [iglocska] +- Revert "fix: [internal] withCredentials property was added into + $.ajaxSetup() to get rid of 403 and 302 responses" [iglocska] + + This reverts commit b496161f5bf2a7f15ce52cf0dec62a52fc9d713e. +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7818 from MrBoba/fix-unauthorized-ajax. [Andras + Iklody] + + fix: [internal] withCredentials property was added into $.ajaxSetup()… +- Merge pull request #7833 from JakubOnderka/fix-local-tags. [Jakub + Onderka] + + fix: [internal] Fix saving tags +- Merge pull request #7831 from marjatech/marjatech-local-tag-import. + [Andras Iklody] + + fix: keep tag local state when importing from json or sync from internal +- Keep tag local state when importing from json or sync from internal. + [misp-test] + + Fixes MISP#7810 + When importing an Event via JSON, local tags inside the json should stay local after import too, and not be attached as global ones. + Same applies for Sync-Operations from internal instances (for any other instance local tags get stripped anyway) +- Merge pull request #7830 from JakubOnderka/audit-log-undefined-index. + [Jakub Onderka] + + fix: [log] Undefined index local +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #7826 from JakubOnderka/new-submodules. [Jakub + Onderka] + + chg: [internal] Add new submodules to diagnostics page +- Merge pull request #7827 from JakubOnderka/upload-stix-existing-uuid. + [Jakub Onderka] + + chg: [UI] Show proper error when uploading event that already exists +- Merge pull request #7798 from JakubOnderka/feed-etag. [Jakub Onderka] + + chg: [feed] Check ETag when fetching freetext feed +- Chf: [feed] Cache MISP feed manifest file. [Jakub Onderka] +- Merge pull request #7824 from JakubOnderka/code-cleanup-vol9. [Jakub + Onderka] + + Code cleanup vol9 +- Merge pull request #7823 from JakubOnderka/faster-attachment. [Jakub + Onderka] + + chg: [internal] Allow to save raw data +- Merge pull request #7821 from JakubOnderka/background-processing-chg. + [Jakub Onderka] + + chg: [internal] Background processing refactoring +- Merge pull request #7820 from JakubOnderka/build-test. [Jakub Onderka] + + new: [test] Build test +- Merge pull request #7819 from Wachizungu/fix-communities-list- + language. [Alexandre Dulaunoy] + + fix: [community-metadata] Fix typos and improve wording +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #7816 from JakubOnderka/update-misp-stix. [Jakub + Onderka] + + chg: [misp-stix] Update +- Merge pull request #7638 from JakubOnderka/add-event-error. [Jakub + Onderka] + + fix: [API] Return correct error message if event is blocklisted +- Merge pull request #7710 from JakubOnderka/filename-pattern. [Jakub + Onderka] + + fix: [attribute] Use `filename-pattern` +- Merge pull request #7814 from JakubOnderka/server-save-setting. [Jakub + Onderka] + + fix: [internal] Server save setting file +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] + + +v2.4.149 (2021-10-09) +--------------------- + +New +~~~ +- [internal] Store MISP live status also in Redis. [Jakub Onderka] +- [internal] OrgBlocklist::removeBlockedEvents. [Jakub Onderka] +- [internal] Method Job::createJob. [Jakub Onderka] +- Support for BECH32 (P2WPKH) BTC address. [Jakub Onderka] +- [CLI] UserShell::ip_user command. [Jakub Onderka] +- [CLI] New tasks that will check if Redis is available. [Jakub Onderka] +- Add more /taxonomies/* endpoints api docs. [Luciano Righetti] +- Add openapi docs for /users_settings/* endpoints. [Luciano Righetti] +- [shell] Tag merging. [Jakub Onderka] +- [event:notification] Added email notification ban system based on + users triggering the notification. [mokaddem] +- [cerebrate:pull_sg] Pull sharing groups from a cerebrate instance. + [mokaddem] +- [UI] Allow to filter attributes by specific warninglist. [Jakub + Onderka] +- [CLI] User shell. [Jakub Onderka] +- [oidc] Allow to automatically unblock user after successful login. + [Jakub Onderka] +- [security] Disable browser autocomplete for authkeys field. [Jakub + Onderka] +- [export:host] RestSearch export for blackholing via host file. + [mokaddem] +- [warninglist] Assign warninglist comment. [Jakub Onderka] +- [sighting:add] Ability to provide filtering parameters when adding + sightings for specific values Fix #7669. [mokaddem] +- [API] Allow to delete multiple events by UUID. [Jakub Onderka] +- [test] Test more endpoints in sync test. [Jakub Onderka] +- [API] Allow more granular specification what data to return when + viewing event. [Jakub Onderka] +- [test] Push to remote server. [Jakub Onderka] +- [test] Sync. [Jakub Onderka] + +Changes +~~~~~~~ +- [stix2 export] Using a specific filter to specify the STIX version. + [chrisr3d] + + - `version` being too generic and used from another + end point, we use `stix-version` in order to + avoid confusion between the 2 filters +- [install] Update installer checksums. [Steve Clement] +- [PyMISP] bump to the latest version. [Alexandre Dulaunoy] +- [GitHub action] install the python-cti-stix2 from the local submodule. + [Alexandre Dulaunoy] +- [GitHub action] raging on venv library path. [Alexandre Dulaunoy] +- [GitHubAction] add2virtualenv the STIX stuff. [Alexandre Dulaunoy] +- [modules] typo fixed. [Alexandre Dulaunoy] +- [gitmodules] fix the branch to main. [Alexandre Dulaunoy] +- [gitmodules] TLS is always fine. [Alexandre Dulaunoy] +- [version] bump. [iglocska] +- [misp-object] updated. [Alexandre Dulaunoy] +- [misp-stix] Bumped latest version including recent PR merged. + [chrisr3d] +- [stix] Bumped latest version of `misp-stix` $ `cti-python-stix2` + python libraries. [chrisr3d] +- [INSTALL] Removing the install commands for the STIX libraries. + [chrisr3d] +- [stix2 export] Moved the stix2 python library with its stix1 friends + in the `scripts` dir. [chrisr3d] +- [users:routeafterlogin] Allow forcing the pre-login URL to be HTTPS. + [Sami Mokaddem] + + This can be achieved by turning the setting MISP.forceHTTPSforPreLoginRequestedURL to true. +- [misp-stix] Bumped the latest version including some fixes and + updates. [chrisr3d] +- [misp-stix] Bumped latest misp-stix version. [chrisr3d] +- [stix export] Removed mapping files not used anymore. [chrisr3d] + + - The STIX1 & STIX2 mapping is now managed with + the misp-stix python library +- [cti-python-stix2] Bumped latest version. [chrisr3d] +- [misp-stix] Bumped latest version. [chrisr3d] +- [stix1 export] Using the misp-stix library to export MISP format into + STIX 1.1.1 or 1.2. [chrisr3d] +- [stix export] Updated Stix export libraries. [chrisr3d] + + - Including parameters to define versions in the + restSearch filters + - New parameters to call the python scripts +- [misp-stix] Bumped latest version. [chrisr3d] +- [misp-stix] Updated to the latest version. [chrisr3d] +- [internal] Generate correlations just once. [Jakub Onderka] +- [internal] Faster adding tags to attributes. [Jakub Onderka] +- [users:routeafterlogin] Allow forcing the pre-login URL to be HTTPS. + [Sami Mokaddem] + + This can be achieved by turning the setting MISP.forceHTTPSforPreLoginRequestedURL to true. +- [internal] Use hasAny. [Jakub Onderka] +- [internal] Faster event tag attaching. [Jakub Onderka] +- [misp-warninglists] updated. [Alexandre Dulaunoy] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [warning-list] updated. [Alexandre Dulaunoy] +- [gitmodules] as Branch 2.x was removed from the original repository, + we now use our own repo. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- Detail attribute categories in openapi doc. [Luciano Righetti] +- Detail attribute types in openapi doc. [Luciano Righetti] +- Detail attribute types in openapi doc. [Luciano Righetti] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Refactor FileAccessTool. [Jakub Onderka] +- [internal] Simplified EventsController::view code. [Jakub Onderka] +- [sync] Use server sync tool for fetching remote events index. [Jakub + Onderka] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [internal] Use AdminSetting::getSetting method. [Jakub Onderka] +- [internal] Fetch just value for AdminSetting::getSetting method. + [Jakub Onderka] +- [internal] Switch admin setting name column to unique index. [Jakub + Onderka] +- [internal] Faster Attribute search. [Jakub Onderka] +- [gitmodules] as Branch 2.x was removed from the original repository, + we now use our own repo. [Alexandre Dulaunoy] +- [internal] Server::command_line_functions is generated on demand. + [Jakub Onderka] +- [internal] Do not try to save config when config file is not + writeable. [Jakub Onderka] +- [internal] Cleanup AdminShell::{updateJSON,runUpdates} [Jakub Onderka] +- [internal] Optimise saving logs. [Jakub Onderka] +- [internal] Cleanup unnecessary permissions. [Jakub Onderka] +- [internal] Simplify ACLComponent. [Jakub Onderka] +- [internal] AppController code cleanup. [Jakub Onderka] +- [internal] Move methods to specific controllers. [Jakub Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- Migrate /event_blocklist/add,edit to view factory. [Luciano Righetti] +- Move org blocklists add and edit to new views factories. [Luciano + Righetti] +- Migrate org_blocklists/index view to factory. [Luciano Righetti] +- Detail attribute categories in openapi doc. [Luciano Righetti] +- Detail attribute types in openapi doc. [Luciano Righetti] +- Detail attribute types in openapi doc. [Luciano Righetti] +- [internal] Code cleanup. [Jakub Onderka] +- [UI] Better error messages when uploading MISP file. [Jakub Onderka] +- [taxonomies] updated. [Alexandre Dulaunoy] +- [internal] Try to fix validation when value1 and value2 provided. + [Jakub Onderka] +- [UI] PGP error message. [Jakub Onderka] +- [internal] Do not fetch authkey from db. [Jakub Onderka] +- [internal] Do not fetch password from db. [Jakub Onderka] +- [internal] Do not fetch keys from db for authkey login. [Jakub + Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Remove deprecated variables. [Jakub Onderka] +- [internal] Optimise fetching event index by org or by email. [Jakub + Onderka] +- [internal] Check if file exists. [Jakub Onderka] +- [internal] Simplify ServerShell code. [Jakub Onderka] +- [internal] Faster capturing organisation. [Jakub Onderka] +- [internal] Remove AdminSetting from AuditLog. [Jakub Onderka] +- [internal] Use faster algo for checking duplicate objects. [Jakub + Onderka] +- [internal] Faster editing attributes when change is required. [Jakub + Onderka] +- [internal] Faster capturing object attributes. [Jakub Onderka] +- [internal] Faster processing freetext import. [Jakub Onderka] +- [UI] Add link to exact attribute for related attribute. [Jakub + Onderka] +- [internal] Do not fetch tags for related attributes. [Jakub Onderka] +- [misp-wipe] wipe auth_keys tables. [Richard van den Berg] +- Add openapi docs for [POST]/admin/logs. [Luciano Righetti] +- [PyMISP] Bump. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- Skip dev dependencies when installing via INSTALL.sh script. [Luciano + Righetti] +- [alert] Deprecate `publish_alerts_summary_only`, this option just + duplicate `event_alert_metadata_only` [Jakub Onderka] +- [user:checkNotificationBanStatus] Typo in comment. [mokaddem] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [internal] Simplify code for editing object. [Jakub Onderka] +- [internal] Simplify code for editing attribute. [Jakub Onderka] +- [internal] Faster calls. [Jakub Onderka] +- [internal] Use correlation object from attribute. [Jakub Onderka] +- [internal] Faster deleting correlation when deleting attribute. [Jakub + Onderka] +- [internal] Optimise ssdeep correlation. [Jakub Onderka] +- [internal] Use object variable and not Configure again and again. + [Jakub Onderka] +- [internal] Do not fetch 'Event.disable_correlation' field. [Jakub + Onderka] +- [internal] Fetch just necessary attributes when editing attribute. + [Jakub Onderka] +- [internal] Fetch less CIDR for correlation. [Jakub Onderka] +- Add openapi docs for [POST]/admin/logs. [Luciano Righetti] +- [sync] Examine less events for sightings pulling. [Jakub Onderka] +- [UI] Sort orgs by name in statistics. [Jakub Onderka] +- [optim] Little optimise sighting statistics. [Jakub Onderka] +- [internal] Throw exception if JSON could not be encoded. [Jakub + Onderka] +- [internal] Simplify capturing object code. [Jakub Onderka] +- [internal] Simplify capturing attribute code. [Jakub Onderka] +- [correlation] Allow to drop Correlation.{date,info} columns. [Jakub + Onderka] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [diagnostic] Bumped updated STIX python libraries versions. [chrisr3d] + + - Should fix diagnostic issues with version mentioned in #7054 +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Server controller cleanup. [Jakub Onderka] +- [security] Use const hasher also for login. [Jakub Onderka] +- [sync] Use server sync to get available sync filtering rules. [Jakub + Onderka] +- [sync] Simplify server post test code. [Jakub Onderka] +- [sync] Use server sync tool for connection test. [Jakub Onderka] +- [security] Mitigate timing attacks when comparing advanced auth keys + hashes. [Jakub Onderka] +- [restResponseComponent] Added doc for new sighting/add filters + parameter. [Sami Mokaddem] +- [sync] Filter out events that do not exist locally when pulling + sightings. [Jakub Onderka] +- [sync] Pull just necessary data when pulling sightings. [Jakub + Onderka] +- [sync] Use sync tool for pulling proposals. [Jakub Onderka] +- [validation] UUID unique validation. [Jakub Onderka] +- [schema] Mark more indexes as unique. [Jakub Onderka] +- [attributes] fixed typo in genCategoriesDefinitions function name. + [Christophe Vandeplas] +- Update openapi spec with new parameters in add sightings endpoint. + [Luciano Righetti] +- [i18n] Updated default.pot. [Steve Clement] +- [UI] Show matched value for warninglist search. [Jakub Onderka] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- Migrate sharing_views/view/[id] to factory. [Luciano Righetti] +- [sync] Remove `commit` and MISP-version from HTTP header. [Jakub + Onderka] +- Remove previous /tags/edit view. [Luciano Righetti] +- Migrate /tags/add view to factory. [Luciano Righetti] +- [schema] Organisation name should be unique. [Jakub Onderka] +- [internal] Fetch just necessary fields when capturing tag. [Jakub + Onderka] +- [internal] Do not fetch attribute tags when editing attribute. [Jakub + Onderka] +- [schema] Tag name should be unique. [Jakub Onderka] +- [internal] Do not load exclusion list from Redis again and again. + [Jakub Onderka] +- [sync] Pull events with less info. [Jakub Onderka] +- [schema] Sightings UUID column should be unique. [Jakub Onderka] +- [internal] Convert PubSubTool to static. [Jakub Onderka] +- [internal] Simplified code for adding events. [Jakub Onderka] +- [internal] Do not keep original variable to save memory. [Jakub + Onderka] +- [internal] Simplified Event::getRelatedAttributes. [Jakub Onderka] +- [internal] Use hash for removing duplicate attributes. [Jakub Onderka] +- [internal] Use one EventLock instance. [Jakub Onderka] +- [internal] Cleanup code responsible for adding events. [Jakub Onderka] +- [rest] Change User-Agent to `MISP REST Client` [Jakub Onderka] +- [UI] Cleanup REST client template. [Jakub Onderka] +- [internal] Do not convert values to lower, since collation is already + case-insensitive. [Jakub Onderka] +- [internal] Code style for event pulling. [Jakub Onderka] +- [sync] Refactor server overlap events fetching. [Jakub Onderka] +- [sync] Better error handling for pulling. [Jakub Onderka] +- [internal] Better exception handling for server sync. [Jakub Onderka] +- [logbehaviour] skipfields reverted to an array from a constant. + [iglocska] + + - keeps ancient PHP versions happy (as happy as anyone can be knowing they run ancient PHP versions) +- [internal] Log exception for remote server POST test. [Jakub Onderka] +- [internal] Optimise updating galaxies. [Jakub Onderka] +- [internal] Remove unused methods. [Jakub Onderka] +- [internal] Galaxy cluster relation UUID must be RFC 4122 valid. [Jakub + Onderka] +- [internal] Faster removing blocked events. [Jakub Onderka] +- [schema] Mark event_blocklist uuid column as unique. [Jakub Onderka] +- [taxonomies] Migrated views to use the UI factories. [mokaddem] +- [ui] Various improvements in factories. [mokaddem] + +Fix +~~~ +- [misp-stix] updated to the latest version (incorrect submodule) + [Alexandre Dulaunoy] + + Fix #7812 +- Sharing groups dropdown not showing when adding a feed with + distribution set to sharing group. [Luciano Righetti] +- [misp-stix] Bumped latest version. [chrisr3d] +- [github actions] removed the cti stix installation as it's no longer + there. [iglocska] +- [github actions] removed the cti stix installation as it's no longer + there. [iglocska] +- [stix2 import] Using path to import the stix2 python library. + [chrisr3d] +- [stix1 export] Added the required stix python library path for their + import. [chrisr3d] + + - Support of the coming changes to use paths instead + of maintaining the pip updates +- [stix1 import] Quick fix due to some recent changes library changes + and the support of STIX 1.2. [chrisr3d] +- [stix export] Aligning path of the STIX2 python library to following + its recent location change. [chrisr3d] +- [stix export] Added all the needed paths to load the required python + libraries. [chrisr3d] +- [misp-stix] Bumped latest version with a quick fix on email objects + export as STIX 2.0 & 2.1. [chrisr3d] +- [diagnostic] Updated stix2 python library requirements. [chrisr3d] +- [stix1 export] Removed debugging prints. [chrisr3d] +- [stix export] Quick single line php `if else` command clean-up. + [chrisr3d] +- [gitmodules] Added current misp-stix branch. [chrisr3d] +- [misp-stix] Dumped latest MISP-STIX Converter version. [chrisr3d] +- [log] Do not call callbacks when deleting. [Jakub Onderka] +- [users] adding/modifying users fails silently for org admins if domain + restriction checks fail. [iglocska] +- [organisations] correctly handle a list of org domain restrictions. + [iglocska] +- [internal] Bad merge. [Jakub Onderka] +- Incorrect check for alertemail and publishSightings event commands. + [Luciano Righetti] +- Incorrect check for publish event command. [Luciano Righetti] +- [shells] Sync improved cmd line help to 9d7da310. [Matjaz Rihtar] +- [shells] Additional command line help. [Matjaz Rihtar] +- [refanging] Fix test for commit b7733615. [Matjaz Rihtar] +- [shells] Fixed/improved command line help. [Matjaz Rihtar] +- [eventReport:contextExtraction] Make sure the cluster's value has + enough characters before trying to perform the replacement. [mokaddem] +- [stix1 import] Fixed STIX header call that made the classification of + the STIX file always being external. [chrisr3d] + + - `from_misp` variable was always False since the + try / catch to get the title always raised an + exception with `event.header` being an invalid + attribute. The valid one is `event.stix_header` +- [internal] Better error handling when uploading STIX file. [Jakub + Onderka] +- [internal] Undefined offset in AppController. [Jakub Onderka] +- Wrong input name. [Luciano Righetti] +- Add missing translation function. [Luciano Righetti] +- Remove CRUDComponent usage. [Luciano Righetti] +- Add missing new line. [Luciano Righetti] +- Remove CRUDComponent usage to mantain same api response. [Luciano + Righetti] +- [eventReport:contextExtraction] Make sure the cluster's value has + enough characters before trying to perform the replacement. [mokaddem] +- [internal] Modifying domain|ip attribute. [Jakub Onderka] +- [misp-retention] use update_tag. [Richard van den Berg] +- Bug correlation exclusion comment overriding value. [Luciano Righetti] +- [internal] Sending external e-mail. [Jakub Onderka] +- [UI] Fix link to user profile. [Jakub Onderka] +- [taxonomies] disabling tags via API call failed. [iglocska] +- [taxonomies] enabling breaks on POST request if named parameters + aren't used. [iglocska] +- [Taxonomy] search for taxonomy by namespace when accessing + /taxonomies/view. [iglocska] +- [internal] Argument parsing for testEventNotificationEmail command. + [Jakub Onderka] +- [object] validation and modification fixes. [iglocska] + + - require certain metafields to be set (such as template uuid, template version, etc) + - allow editing for unknown templates / no templates via the API (was previously incorrectly blocked / generated notices due to some UI related functionalities being triggered) +- [acl] Added routes in ACL. [mokaddem] +- [internal] Remove ssdeep data when deleting attribute. [Jakub Onderka] +- [internal] Filtering warninglist in objects. [Jakub Onderka] +- [UI] Warninglist order. [Jakub Onderka] +- [internal] Typo. [Jakub Onderka] +- Add missing requestBodies to servers endpoint. [Luciano Righetti] +- [internal] Fetching filter rules. [Jakub Onderka] +- [sync] Fix pulling sightings. [Jakub Onderka] +- [sync] Pushing sightings. [Jakub Onderka] +- [ACL] queryAvailableSyncFilteringRules is required just for site + admins. [Jakub Onderka] +- [security] Check permission when viewing shadow attribute picture. + [Jakub Onderka] +- [internal] Code cleanup. [Jakub Onderka] +- [API] Deprecation header. [Jakub Onderka] +- Fix query to make it work on all supported db engines. [Luciano + Righetti] +- [tools] fixed gen_misp_types_categories script. [Christophe Vandeplas] +- Fix broken queries on postgres. [Luciano Righetti] +- [eventReport:reprotFromEvent] Make sure filtering condition are not + empty. [mokaddem] +- [UI] Warninglist form. [Jakub Onderka] +- [event:filter_value] Allow searching for multiple values. [mokaddem] +- [db_schema] Fixed column default value for audit_log table - Fix + #7662. [mokaddem] +- [event:view] Attribute filtering widget `deleted` parameter + inconsistency. [mokaddem] + + - Potentially fix #7594 +- [log] Array to string conversion. [Jakub Onderka] +- [API] Boolean options in index filter conditions. [Jakub Onderka] +- [internal] Shadow attributes don't have tags. [Jakub Onderka] +- [acl] Bumped ACL. [mokaddem] + +Other +~~~~~ +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch 'develop' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'misp-stix' into develop. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Add: [stix export] Submoduled all the required python libraries. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Wip: [misp-stix] Bumped latest version. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Wip: [stix2 export] Args parsing to better handle parameters & Support + for STIX 2.1. [chrisr3d] +- Wip: [stix export, framing] Reworked misp_framing. [chrisr3d] + + - Made it cleaner + - Made it support the STIX framing provided by + misp-stix converter library +- Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix. + [chrisr3d] +- Wip: [stix2 export] Testing MISP-STIX python library with the included + changes on the Export Lib and on the misp2stix2.py script. [chrisr3d] +- Add: [submodules, stix] Added MISP-STIX converter library as + submodule. [chrisr3d] +- Merge pull request #7808 from JakubOnderka/tag-add. [Jakub Onderka] + + chg: [internal] Faster adding tags to attributes +- Merge pull request #7809 from JakubOnderka/audit-log-fix. [Jakub + Onderka] + + fix: [log] Do not call callbacks when deleting +- Merge branch 'feature-force-https-for-pre-login-request' into develop. + [Sami Mokaddem] +- Merge pull request #7805 from JakubOnderka/event-tag-attach. [Jakub + Onderka] + + chg: [internal] Faster event tag attaching +- Merge pull request #7806 from JakubOnderka/bad-merge-fix. [Jakub + Onderka] + + fix: [internal] Bad merge +- Merge remote-tracking branch 'origin/2.4' into develop. [Sami + Mokaddem] +- Merge pull request #7224 from mrihtar/cmdLineHelp. [Andras Iklody] + + fix: [shells] Fixed/improved command line help +- Merge branch '2.4' into cmdLineHelp. [Matjaz Rihtar] + + # Conflicts: + # app/Console/Command/AdminShell.php + # app/Console/Command/EventShell.php + # app/Model/Server.php +- Merge branch 'MISP:2.4' into 2.4. [Matjaz Rihtar] +- Merge branch 'MISP:2.4' into 2.4. [Matjaz Rihtar] +- Merge pull request #1 from MISP/2.4. [Matjaz Rihtar] + + Sync fork with original MISP/MISP +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #7792 from JakubOnderka/misp-live-redis-v2. [Jakub + Onderka] + + new: [internal] Store MISP live status also in Redis +- Merge pull request #7800 from JakubOnderka/file-accesss-tool. [Jakub + Onderka] + + chg: [internal] Refactor FileAccessTool +- Merge pull request #7796 from JakubOnderka/org-blocklist. [Jakub + Onderka] + + new: [internal] OrgBlocklist::removeBlockedEvents +- Merge pull request #7795 from JakubOnderka/event-view-controller. + [Jakub Onderka] + + chg: [internal] Simplified EventsController::view code +- Merge pull request #7688 from JakubOnderka/server-sync-get-ids. [Jakub + Onderka] + + chg: [sync] Use server sync tool for fetching remote events index +- Merge pull request #7779 from JakubOnderka/create-job. [Jakub Onderka] + + new: [internal] Method Job::createJob +- Merge pull request #7791 from JakubOnderka/admin-settings. [Jakub + Onderka] + + Admin settings +- Merge pull request #7789 from JakubOnderka/stix-upload-error. [Jakub + Onderka] + + Stix upload error +- Merge pull request #7788 from JakubOnderka/search-attr-faster. [Jakub + Onderka] + + chg: [internal] Faster Attribute search +- Merge pull request #7778 from JakubOnderka/server-command-line. [Jakub + Onderka] + + chg: [internal] Server::command_line_functions is generated on demand +- Merge pull request #7780 from JakubOnderka/btc-bech32. [Jakub Onderka] + + new: Support for BECH32 (P2WPKH) BTC address +- Merge pull request #7776 from JakubOnderka/user_shell_ip_user. [Jakub + Onderka] + + new: [CLI] UserShell::ip_user command +- Merge pull request #7775 from JakubOnderka/set-setting-not-writeable. + [Jakub Onderka] + + chg: [internal] Do not try to save config when config file is not writeable +- Merge pull request #7772 from JakubOnderka/update-cleanup. [Jakub + Onderka] + + chg: [internal] Cleanup AdminShell::{updateJSON,runUpdates} +- Merge pull request #7774 from JakubOnderka/log-save-optim. [Jakub + Onderka] + + chg: [internal] Optimise saving logs +- Merge pull request #7771 from JakubOnderka/cli-redis-available. [Jakub + Onderka] + + new: [CLI] New tasks that will check if Redis is available +- Merge pull request #7769 from JakubOnderka/app-controller-cleanup- + vol3. [Jakub Onderka] + + chg: [internal] AppController code cleanup +- Merge pull request #7768 from JakubOnderka/app-controller-cleanup- + vol2. [Jakub Onderka] + + chg: [internal] Move methods to specific controllers +- Merge pull request #7767 from JakubOnderka/undefined-offset-fix. + [Jakub Onderka] + + fix: [internal] Undefined offset in AppController +- Merge pull request #7571 from righel/migrate-org_blocklists-index- + view. [Andras Iklody] + + Migrate org blocklists index view +- Revert "chg: migrate /event_blocklist/add,edit to view factory." + [Luciano Righetti] + + This reverts commit 51f226fd8c79d5b7e514d459968e89c211535025. +- Merge pull request #7761 from JakubOnderka/code-cleanup-vol8. [Jakub + Onderka] + + chg: [internal] Code cleanup +- Merge pull request #7762 from JakubOnderka/upload-mistp-file. [Jakub + Onderka] + + chg: [UI] Better error messages when uploading MISP file +- Merge pull request #7722 from JakubOnderka/attribute-validation-fix. + [Jakub Onderka] + + chg: [internal] Try to fix validation when value1 and value2 provided +- Merge pull request #7759 from JakubOnderka/pgp-view-pgp. [Jakub + Onderka] + + chg: [UI] PGP error message +- Add: add initial api docs fo /taxonomies endpoints. [Luciano Righetti] +- Merge pull request #7754 from JakubOnderka/do-not-fetch-keys. [Jakub + Onderka] + + chg: [internal] Do not fetch keys from db for authkey login +- Merge pull request #7758 from JakubOnderka/modify-domain|ip. [Jakub + Onderka] + + fix: [internal] Modifying domain|ip attribute +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7744 from RichieB2B/ncsc-nl/retention. [Sami + Mokaddem] + + fix: [misp-retention] use update_tag +- Merge pull request #7752 from JakubOnderka/fix-sending-external. + [Jakub Onderka] + + fix: [internal] Sending external e-mail +- Merge pull request #7753 from JakubOnderka/deprecated-variables. + [Jakub Onderka] + + cchg: [internal] Remove deprecated variables +- Merge pull request #7590 from JakubOnderka/event-index-optim. [Jakub + Onderka] + + chg: [internal] Optimise fetching event index by org or by email +- Doc: add /auth_keys/* endpoints to openapi spec. [Luciano Righetti] +- Merge pull request #7746 from JakubOnderka/security-audit-file. [Jakub + Onderka] + + chg: [internal] Check if file exists +- Merge pull request #7725 from JakubOnderka/server-shell. [Jakub + Onderka] + + chg: [internal] Simplify ServerShell code +- Merge pull request #7740 from JakubOnderka/capture-org-faster. [Jakub + Onderka] + + chg: [internal] Faster capturing organisation +- Merge pull request #7739 from JakubOnderka/audit-log-admin-setting. + [Jakub Onderka] + + chg: [internal] Remove AdminSetting from AuditLog +- Merge pull request #7733 from JakubOnderka/capture-object-attributes. + [Jakub Onderka] + + chg: [internal] Faster capturing object attributes +- Merge pull request #7738 from JakubOnderka/related-faster. [Jakub + Onderka] + + chg: [internal] Faster processing freetext import +- Merge pull request #7737 from JakubOnderka/related-faster. [Jakub + Onderka] + + chg: [internal] Do not fetch tags for related attributes +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7720 from RichieB2B/ncsc-nl/wipe-auth. [Alexandre + Dulaunoy] + + chg: [misp-wipe] wipe auth_keys tables +- Merge pull request #7734 from righel/add-composer-no-dev-flag. [Steve + Clement] + + chg: skip dev dependencies when installing via INSTALL.sh script. +- Merge pull request #7579 from + JakubOnderka/publish_alerts_summary_only_deprecate. [Jakub Onderka] + + chg: [alert] Deprecate `MISP.publish_alerts_summary_only` +- Merge pull request #7732 from JakubOnderka/tag-merging. [Jakub + Onderka] + + new: [shell] Tag merging +- Merge branch 'migration-taxonomy' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration- + taxonomy. [mokaddem] +- Merge branch 'feature-cerebrate-sg-pull' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into feature-cerebrate- + sg-pull. [mokaddem] +- Merge branch 'feature-email-notification-bans' into develop. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into feature-email- + notification-bans. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into feature-email- + notification-bans. [mokaddem] +- Merge pull request #7728 from JakubOnderka/edit-attr-simplify. [Jakub + Onderka] + + chg: [internal] Simplify code for editing attribute +- Merge pull request #7727 from JakubOnderka/correlation-optim. [Jakub + Onderka] + + Correlation optim +- Merge pull request #7724 from JakubOnderka/attr-edit-speedup. [Jakub + Onderka] + + chg: [internal] Fetch just necessary attributes when editing attribute +- Merge pull request #7723 from JakubOnderka/less-cidr. [Jakub Onderka] + + chg: [internal] Fetch less CIDR for correlation +- Merge pull request #7721 from JakubOnderka/fix-typo. [Jakub Onderka] + + fix: [internal] Typo +- Merge pull request #7719 from JakubOnderka/warninglist-filtering. + [Jakub Onderka] + + new: [UI] Allow to filter attributes by specific warninglist +- Merge pull request #7713 from JakubOnderka/sync-pull-sightings. [Jakub + Onderka] + + chg: [sync] Examine less events for sightings pulling +- Merge pull request #7712 from JakubOnderka/sight-stats-optim. [Jakub + Onderka] + + chg: [optim] Little optimise sighting statistics +- Merge pull request #7708 from JakubOnderka/json-throw-exception. + [Jakub Onderka] + + chg: [internal] Throw exception if JSON could not be encoded +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7704 from JakubOnderka/capture-attr-refactor. + [Jakub Onderka] + + chg: [internal] Simplify capturing attribute code +- Merge pull request #7706 from JakubOnderka/fix-filter-rules. [Jakub + Onderka] + + fix: [internal] Fetching filter rules +- Merge pull request #6021 from JakubOnderka/correlations-dummy-values. + [Jakub Onderka] + + chg: [correlation] Allow to drop Correlation.{date,info} columns +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7691 from JakubOnderka/user-shell. [Jakub Onderka] + + new: [CLI] User shell +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #7696 from JakubOnderka/server-controller-cleanup. + [Jakub Onderka] + + chg: [internal] Server controller cleanup +- Merge pull request #7692 from JakubOnderka/const-hasher-password. + [Jakub Onderka] + + chg: [security] Use const hasher also for login +- Merge pull request #7693 from JakubOnderka/oidc_auth_unblock. [Jakub + Onderka] + + new: [oidc] Allow to automatically unblock user after successful login +- Merge pull request #7683 from JakubOnderka/pull-sightings-optimise. + [Jakub Onderka] + + fix: [sync] Fix pulling sightings +- Merge pull request #7634 from JakubOnderka/fix-sighting-push-vol2. + [Jakub Onderka] + + fix: [sync] Pushing sightings +- Merge pull request #7672 from JakubOnderka/acl-fix. [Jakub Onderka] + + fix: [ACL] queryAvailableSyncFilteringRules is required just for site admins +- Merge pull request #7673 from JakubOnderka/sync-filter-ref. [Jakub + Onderka] + + chg: [sync] Use server sync to get available sync filtering rules +- Merge pull request #7686 from JakubOnderka/code-fixes. [Jakub Onderka] + + Code fixes +- Merge pull request #7685 from JakubOnderka/fix-deprecation-warning. + [Jakub Onderka] + + fix: [API] Deprecation header +- Merge pull request #7678 from JakubOnderka/post-test-simplify. [Jakub + Onderka] + + chg: [sync] Simplify server post test code +- Merge pull request #7676 from JakubOnderka/connection-test-server- + sync. [Jakub Onderka] + + chg: [sync] Use server sync tool for connection test +- Merge pull request #7677 from JakubOnderka/mitigate-timing-attacks. + [Jakub Onderka] + + chg: [security] Mitigate timing attacks +- Merge pull request #7675 from JakubOnderka/authkeys-autocompelte-off. + [Jakub Onderka] + + new: [security] Disable browser autocomplete for authkeys field +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Luciano + Righetti] +- Merge pull request #7649 from JakubOnderka/pull-sightings. [Jakub + Onderka] + + chg: [sync] Pull just necessary data when pulling sightings +- Merge pull request #7650 from JakubOnderka/pull-proposals-vol2. [Jakub + Onderka] + + chg: [sync] Use sync tool for pulling proposals +- Merge pull request #7659 from JakubOnderka/unique-indexes. [Jakub + Onderka] + + chg: [schema] Mark more indexes as unique +- Security: fix unescaped parameter leading to sqli. [Luciano Righetti] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge pull request #7694 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Updated default.pot +- Security: fix unescaped parameter leading to sqli. [Luciano Righetti] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7666 from JakubOnderka/assign-comment. [Jakub + Onderka] + + new: [warninglist] Assign warninglist comment +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7665 from JakubOnderka/fix-7663. [Jakub Onderka] + + fix: [log] Array to string conversion +- Merge pull request #7641 from righel/migrate-sharing-groups-views. + [Andras Iklody] + + chg: migrate sharing_views/view/[id] to factory +- Merge pull request #7648 from JakubOnderka/remove-http-commit. [Andras + Iklody] + + chg: [sync] Remove commit and MISP-version from HTTP header +- Merge pull request #7656 from righel/migrate-tags-views. [Andras + Iklody] + + Migrate tags views +- Merge pull request #7657 from JakubOnderka/org-name-unique. [Jakub + Onderka] + + Org name unique +- Merge pull request #7653 from JakubOnderka/edit-event-optim. [Jakub + Onderka] + + chg: [internal] Do not fetch attribute tags when editing attribute +- Merge pull request #7654 from JakubOnderka/tag-name-unique. [Jakub + Onderka] + + chg: [schema] Tag name should be unique +- Merge pull request #7655 from JakubOnderka/do-not-load-exclusion- + again. [Jakub Onderka] + + chg: [internal] Do not load exclusion list from Redis again and again +- Merge pull request #7651 from JakubOnderka/event-index-filter. [Jakub + Onderka] + + fix: [API] Boolean options in index filter conditions +- Merge pull request #7644 from JakubOnderka/pull-less-info. [Jakub + Onderka] + + chg: [sync] Pull events with less info +- Merge pull request #7645 from JakubOnderka/sightins-uuid-unique. + [Jakub Onderka] + + chg: [schema] Sightings UUID column should be unique +- Merge pull request #7643 from JakubOnderka/pubsub-static. [Jakub + Onderka] + + chg: [internal] Convert PubSubTool to static +- Merge pull request #7541 from JakubOnderka/delete-event-refactor. + [Jakub Onderka] + + new: [API] Allow to delete multiple events by UUID +- Merge pull request #7640 from JakubOnderka/add-event-cleanup-part. + [Jakub Onderka] + + Add event cleanup +- Merge pull request #7587 from JakubOnderka/rest-client-user-agent. + [Jakub Onderka] + + Change User-Agent to MISP REST Client +- Merge pull request #7617 from JakubOnderka/attribute-search. [Jakub + Onderka] + + chg: [internal] Do not convert values to lower, since collation is al… +- Merge pull request #7639 from JakubOnderka/pull-codestyle. [Jakub + Onderka] + + chg: [internal] Code style for event pulling +- Merge pull request #7637 from JakubOnderka/test-syncc. [Jakub Onderka] + + new: [test] Test more endpoints in sync test +- Merge pull request #7636 from JakubOnderka/event-view-spec. [Jakub + Onderka] + + new: [API] Allow more granular specification what data to return when viewing event +- Merge pull request #7635 from JakubOnderka/server-overlap-method. + [Jakub Onderka] + + chg: [sync] Refactor server overlap events fetching +- Merge pull request #7625 from JakubOnderka/pull-error-handling. [Jakub + Onderka] + + chg: [sync] Better error handling for pulling +- Merge pull request #7632 from JakubOnderka/server-sync-exception. + [Jakub Onderka] + + chg: [internal] Better exception handling for server sync +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7627 from JakubOnderka/post-test-error-log. [Jakub + Onderka] + + chg: [internal] Log exception for remote server POST test +- Merge pull request #7610 from JakubOnderka/galaxy-update-vol2. [Jakub + Onderka] + + Galaxy update vol2 +- Merge pull request #7615 from JakubOnderka/event_blocklist_unique. + [Jakub Onderka] + + Event blocklist unique +- Merge pull request #7628 from JakubOnderka/fix-invalid-foreach. [Jakub + Onderka] + + fix: [internal] Shadow attributes don't have tags +- Merge branch 'develop' of github.com:MISP/MISP into migration- + taxonomy. [mokaddem] + + +v2.4.148 (2021-08-05) +--------------------- + +New +~~~ +- [test] Check schema diagnostics in CI. [Jakub Onderka] +- [citation-cff] added. [Alexandre Dulaunoy] +- [citation-cff] added. [Alexandre Dulaunoy] +- [test] Security test for publishing events. [Jakub Onderka] + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [PyMISP] Bump recommended version. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- [internal] Use ServerSyncTool for fetching remote user info. [Jakub + Onderka] +- [internal] org_blocklists.org_uuid should be unique index. [Jakub + Onderka] +- [internal] Organisation and object UUID should be unique. [Jakub + Onderka] +- [zmq] Convert array to JSON at one place. [Jakub Onderka] +- [internal] Optimise loading attribute histogram. [Jakub Onderka] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [opendata] updated and changed parameter handling. [iglocska] +- [shibbauth] added option to block organisation changes at login - New + ApacheShibbAuth.BlockOrgModifications setting added, defaults to + false, boolean. If set to true, will block updates to the organisation + of existing users on authentication. This preserves any modifications + made by a site admin in MISP and is similar to + ApacheShibbauth.BlockRoleModifications (same logic applied to role + modifications). [Liviu Valsan] +- [API] Refactor event publishing. [Jakub Onderka] +- [internal] Convert array to const. [Jakub Onderka] +- [internal] Convert array to const. [Jakub Onderka] +- [internal] Simplified Attribute::deleteAttribute method. [Jakub + Onderka] +- [internal] Removed unused variables. [Jakub Onderka] +- [internal] Remove unused variable. [Jakub Onderka] +- [internal] Convert array to const. [Jakub Onderka] +- [shibbauth] added option to block organisation changes at login - New + ApacheShibbAuth.BlockOrgModifications setting added, defaults to + false, boolean. If set to true, will block updates to the organisation + of existing users on authentication. This preserves any modifications + made by a site admin in MISP and is similar to + ApacheShibbauth.BlockRoleModifications (same logic applied to role + modifications). [Liviu Valsan] +- [compatibility] scoped constant changed to unscoped to allow for 7.0 + compatibility. [iglocska] + + - update your PHP version though + +Fix +~~~ +- [js] Show correct error message for get remote version. [Jakub + Onderka] +- [UI] Show correct error message for get remote user. [Jakub Onderka] +- [sync] Fetching remote server version. [Jakub Onderka] +- [schema] audit_logs.authkey_id columns should be nullable. [Jakub + Onderka] +- [zmq] Add missing `misp_json_warninglist` topic to Python script. + [Jakub Onderka] +- [API] Undefined index when just last_seen is set. [Jakub Onderka] +- [afterHook] for setting changes wasn't returning true, fixes 7477. + [iglocska] + + - this caused the CLI setting change to error out +- [stix2misp] Use describeTypes from PyMISP. [Jakub Onderka] +- [security] Stored XSS when viewing galaxy cluster relationships - As + reported by Dawid Czarnecki. [mokaddem] +- [security] Stored XSS when viewing galaxy cluster elements in JSON + format. [mokaddem] +- [compatibility] several scoped constants reverted. [iglocska] +- [proposal alert email] function call fixed. [iglocska] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #7624 from JakubOnderka/get-remote-user-fixes. + [Jakub Onderka] + + fix: [UI] Show correct error message for get remote user +- Merge pull request #7622 from JakubOnderka/fix-fetching-version. + [Jakub Onderka] + + fix: [sync] Fetching remote server version +- Merge pull request #7619 from JakubOnderka/get-remote-update. [Jakub + Onderka] + + chg: [internal] Use ServerSyncTool for fetching remote user info +- Merge pull request #7620 from JakubOnderka/database-indexes. [Jakub + Onderka] + + Database indexes +- Merge pull request #7568 from JakubOnderka/zmq. [Jakub Onderka] + + Add missing misp_json_warninglist topic to Python script +- Merge pull request #7606 from JakubOnderka/undefined-index-fix. [Jakub + Onderka] + + fix: [API] Undefined index when just last_seen is set +- Merge pull request #7614 from JakubOnderka/optimise-statistics. [Jakub + Onderka] + + chg: [internal] Optimise loading attribute histogram +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7613 from lk-dll/patch-1. [Alexandre Dulaunoy] + + quick fix sticky buffers +- Quick fix sticky buffers. [lk-dll] + + According to documention (https://suricata.readthedocs.io/en/suricata-6.0.3/rules/http-keywords.html#http-keywords) sticky buffers should be before content, http.header and http.uri isn't marked as sticky buffers, but rules are wrongly generated and reported to logs. Tested on stable Suricata v6.0.1+ +- Quick fix sticky buffers. [lk-dll] + + According to documention (https://suricata.readthedocs.io/en/suricata-6.0.3/rules/http-keywords.html#http-keywords) sticky buffers should be before content, http.header and http.uri isn't marked as sticky buffers, but rules are wrongly generated and reported to logs. Tested on stable Suricata v6.0.1+ +- Merge pull request #7500 from JakubOnderka/stix-to-misp-types-path. + [Jakub Onderka] + + Stix to misp types path +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7602 from liviuvalsan/shib_user_org. [Alexandre + Dulaunoy] + + chg: [shibbauth] added option to block organisation changes at login +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #7539 from JakubOnderka/publishing-refactoring. + [Jakub Onderka] + + Refactor publishing event +- Merge pull request #7609 from JakubOnderka/code-cleanup-vol6. [Jakub + Onderka] + + Code cleanup vol6 +- Merge pull request #7607 from JakubOnderka/non-correlationg-types- + const. [Jakub Onderka] + + chg: [internal] Convert array to const +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] + + +v2.4.147 (2021-07-27) +--------------------- + +New +~~~ +- [sync] When saving sightings, push just new sightings. [Jakub Onderka] +- [sync] When pushing event, upload sightings by another call. [Jakub + Onderka] +- [sync] Filter out existing sightings if remote sever supports that + method. [Jakub Onderka] +- [sync] Method for filtering out existing sightings. [Jakub Onderka] +- [API] Taxonomy export. [Jakub Onderka] +- [misp2stix2] Return traceback for error. [Jakub Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] bump. [iglocska] +- [security audit] Check config.php.bk file permission. [Jakub Onderka] +- [internal] Create config backup just when it is necessary. [Jakub + Onderka] +- [internal] Reset PHP cache after config file is successfully changed. + [Jakub Onderka] +- [test] Move PHP tests to different task. [Jakub Onderka] +- [PyMISP] bump. [iglocska] +- [PyMISP] bump. [iglocska] +- [UI] Use time element for event published timestamp. [Jakub Onderka] +- [UI] Raise font size of local org description. [Jakub Onderka] +- [UI] After creating new org, redirect to org details. [Jakub Onderka] +- [UI] Add link to add new organisation. [Jakub Onderka] +- [republish ban] enabled by default on new installs. [iglocska] +- [config] Added missing options Fix #7549. [mokaddem] +- [CLI] better error messages when a setting change fails. [iglocska] + + - explain why it failed + - explain how a user can override it +- [misp-objects] fix #7599. [Alexandre Dulaunoy] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- Migrate threads/index to factory view. [Luciano Righetti] +- Migrate /event_blocklist/add,edit to view factory. [Luciano Righetti] +- Migrate /event_blocklists/index to view factory. [Luciano Righetti] +- Migrate /templates/view/:id to view factory. [Luciano Righetti] +- Reuse add view for /templates/edit. [Luciano Righetti] +- Migrate /templates/add view to factory. [Luciano Righetti] +- Migrate /templates/index view, use CRUD compoenent in + TemplatesController::delete() [Luciano Righetti] +- [internal] Use const arrays. [Jakub Onderka] +- [internal] Use strict comparison. [Jakub Onderka] +- [internal] Use constants that should be faster. [Jakub Onderka] +- [UI] Simplified generating categories that can be malware sample. + [Jakub Onderka] +- [internal] Remove unused method. [Jakub Onderka] +- [internal] Remove unnecessary method calls. [Jakub Onderka] +- [internal] Move variable from AppModel to Server model. [Jakub + Onderka] +- [internal] Convert variable to const. [Jakub Onderka] +- [internal] Remove JS helper from controllers. [Jakub Onderka] +- [user:updateToAdvancedAuthKeys] Functionality accessible via the CLI. + [mokaddem] +- [logs] Add link to SG and Taxonomy in AuditLog. [Jakub Onderka] +- Initial port genericForm changes from cerebrate. [Luciano Righetti] +- Migrate FeedsController to use CRUD component. [Luciano Righetti] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [galaxies:view_relations] Both inbound and outbound relations can be + viewed. [mokaddem] +- [galaxyClusters:view] Both inbound and outbound relations can be + viewed. [mokaddem] +- [genericElement:topbar] Support of raw html. [mokaddem] +- [sync] Faster capturing sighting when pushing whole event. [Jakub + Onderka] +- [sync] Optimise event filtering. [Jakub Onderka] +- [sync] Check if event exists before pushing. [Jakub Onderka] +- [sync] Remove old method for uploading sightings. [Jakub Onderka] +- [sync] Check event existence before pushing sightings. [Jakub Onderka] +- [sync] New separate method for uploading sightings to remote server. + [Jakub Onderka] +- [internal] Disable unicode escaping for JSON. [Jakub Onderka] +- [diagnostic] STIX diagnostics. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Use standardized response output. [Jakub Onderka] +- [internal] Remove redundant checks. [Jakub Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Regenerate warninglist cache just when save was successful. + [Jakub Onderka] +- [internal] Use less memory when inserting warninglist to db. [Jakub + Onderka] +- [API] Deprecate getPyMISPVersion and returns required info in + getVersion. [Jakub Onderka] +- [mispObject:breakOnDuplicate] Provide more feedback. [mokaddem] +- [installer] Update to latest version. [Steve Clement] +- [installer] Update to latest version. [Steve Clement] +- [doc] Guides now compatible with Fedora WS/Server 34. [Steve Clement] +- [warning-list] updated. [Alexandre Dulaunoy] + +Fix +~~~ +- [test] Set expected config for security tests. [Jakub Onderka] +- [test] Check if user is logged. [Jakub Onderka] +- [config defaults] unset the default python bin path. [iglocska] +- [config defaults] changed default attachment storage. [iglocska] +- [Userinit] create advanced auth key when needed. [iglocska] +- [config] Fixed indentation. [mokaddem] +- [test] Redis password can be empty. [Jakub Onderka] +- [test] After CLI setSetting change. [Jakub Onderka] +- [security] Stored XSS when forking a galaxy cluster As reported by + Giuseppe Diego Gianni. [mokaddem] +- [posts] add org field to email job. [iglocska] +- Add missing newline. [Luciano Righetti] +- Rename container div. [Luciano Righetti] +- Add mass selector for deleting event blocklists. [Luciano Righetti] +- Remove old copy. [Luciano Righetti] +- Add view action to index templates. [Luciano Righetti] +- [internal] Remove unused variable. [Jakub Onderka] +- [API] Remove duplicate objects from warninglist. [Jakub Onderka] +- [internal] Remove unused variable. [Jakub Onderka] +- Add missing search parameters for [POST]/events/index. [Luciano + Righetti] +- [UI] Do not use inline JS. [Jakub Onderka] +- [API] Always return bool for perm fields in getVersion response. + [Jakub Onderka] +- Nest noticelist entries inside Noticelist property. [Luciano Righetti] +- Add noticelist entries in view response. [Luciano Righetti] +- Undefined index notice when enable/disable noticelist. [Luciano + Righetti] +- Remove unsused field. [Luciano Righetti] +- Merge develop branch. [Luciano Righetti] +- Fix ui issues on multiple views. [Luciano Righetti] +- Add missing input descriptions. [Luciano Righetti] +- Fix pr comments: add warning notice for local feeds disabled on + feeds/add, fix various ui elements. [Luciano Righetti] +- Add missing refresh to feed pull rules. [Luciano Righetti] +- Fix issue when adding attribute, add optionalField class to inputs. + [Luciano Righetti] +- Fix pr comments: replace whitelist->allowlist, checkbox label inline, + add missing feed fields for csv and freetext. add missing button for + adding basic auth headers. [Luciano Righetti] +- Remove required attr from hidden inputs in add attribute form. + [Luciano Righetti] +- Remove required attr from hidden inputs in add event form. [Luciano + Righetti] +- Escape js variable. [Luciano Righetti] +- Fix error when decoding array feed settings, maintain same response + schema as before. [Luciano Righetti] +- Add type dropdown in all generic forms. [Luciano Righetti] +- Fix pull rules legend not showing on feeds/edit load. [Luciano + Righetti] +- Handle feed rules. [Luciano Righetti] +- Fix genericForm builder issues. [Luciano Righetti] +- Only override values that were set in the input. [Luciano Righetti] +- Allow 0 or '0' to be a possible field value, for example 'selected' + property. [Luciano Righetti] +- [sync] Better error handling when fetching IDs for push/pull. [Jakub + Onderka] +- [tags:attachTagToObject] No longer return a failure message is + relation already exists Fix #6569. [mokaddem] +- [organisations:view] Restored org logo Fix #7491. [mokaddem] +- [event:contact] User object passed in contact reporter Fix #7471. + [mokaddem] +- [sync] Do not append 'metadata:1' when pushing event. [Jakub Onderka] +- [attribute:edit] Make sure event_id cannot be changed. [mokaddem] +- [tags:detachFromObject] Make travis test passes. [mokaddem] +- [internal] Update object relationships when updating JSONs. [Jakub + Onderka] +- [API] Check if user can view object that contains reference. [Jakub + Onderka] +- [UI] Trim object UUID when adding reference. [Jakub Onderka] +- [internal] Change exception type. [Jakub Onderka] +- [internal] Relationship import. [Jakub Onderka] +- [tag] Update object's timestamp and unpublish only if in global + context Fix #5806. [mokaddem] +- [internal] Faster deleting warninglist. [Jakub Onderka] +- [galaxies:add] Missing entry in sidebar Fix #7499. [mokaddem] +- [install:MySQL] Removed org_blacklists table creation Fix #7476. + [mokaddem] +- Wrong attribute value hash computed inside checkForDuplicateObjects + function. [Sebastiano Mariani] +- [doc] Fix conditonal error. [Steve Clement] +- [tools] Catch openssl not being installed. [Steve Clement] +- [galaxies:add] Missing entry in sidebar Fix #7499. [mokaddem] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #7603 from JakubOnderka/fix-tests-vol2. [Jakub + Onderka] + + Fix tests vol2 +- Merge pull request #7596 from JakubOnderka/publishd-time. [Jakub + Onderka] + + chg: [UI] Use time element for event published timestamp +- Merge pull request #7589 from JakubOnderka/org-ui. [Jakub Onderka] + + Org UI +- Merge branch 'config_defaults' into develop. [iglocska] +- Merge pull request #7600 from JakubOnderka/fix-tests. [Jakub Onderka] + + fix: [test] After CLI setSetting change +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge pull request #7578 from Cooper-Dale/patch-1. [Alexandre + Dulaunoy] + + updated suricata legacy modifiers +- Updated suricata legacy modifiers. [Cooper Dale] + + based on https://suricata.readthedocs.io/en/suricata-6.0.3/rules/tls-keywords.html?highlight=tls_sni#tls-sni + https://suricata.readthedocs.io/en/suricata-6.0.3/rules/http-keywords.html#http-keywords + https://suricata.readthedocs.io/en/suricata-6.0.3/rules/dns-keywords.html +- Merge branch 'threads_refactor' into develop. [iglocska] +- Merge branch 'blocklist_refactor' into develop. [iglocska] +- Merge branch 'template_refactor' into develop. [iglocska] +- Merge pull request #7595 from JakubOnderka/code-cleanup-vol4. [Jakub + Onderka] + + Code cleanup vol4 +- Merge pull request #7581 from JakubOnderka/simplified-template. [Jakub + Onderka] + + chg: [UI] Simplified generating categories that can be malware sample +- Merge pull request #7562 from JakubOnderka/warninglist-output. [Jakub + Onderka] + + fix: [API] Remove duplicate objects from warninglist +- Merge pull request #7583 from JakubOnderka/code-cleanup-vol2. [Jakub + Onderka] + + Code cleanup +- Merge pull request #7538 from JakubOnderka/js-helper. [Jakub Onderka] + + chg: [internal] Remove JS helper from controllers +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Luciano + Righetti] +- Updated suricata legacy modifiers. [Cooper Dale] + + based on https://suricata.readthedocs.io/en/suricata-6.0.3/rules/tls-keywords.html?highlight=tls_sni#tls-sni + https://suricata.readthedocs.io/en/suricata-6.0.3/rules/http-keywords.html#http-keywords + https://suricata.readthedocs.io/en/suricata-6.0.3/rules/dns-keywords.html +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch 'shibb' into develop. [iglocska] +- Block org modiufication option for shibb auth. [mzp] +- Merge pull request #7560 from JakubOnderka/audit-sg. [Jakub Onderka] + + Add link to SG and Taxonomy in AuditLog +- Merge pull request #7566 from JakubOnderka/getversion-bool. [Jakub + Onderka] + + fix: [API] Always return bool for perm fields in getVersion response +- Merge pull request #7357 from righel/refactor-noticelists-controller- + to-use-crud-component. [Luciano Righetti] + + chg: refactor noticelists controller to use crud component +- Merge develop. [Luciano Righetti] +- Merge pull request #7520 from righel/migrate-feeds-controller-to-crud- + component. [Luciano Righetti] + + chg: migrate feeds controller to crud component +- Merge branch 'develop' into migrate-feeds-controller-to-crud- + component. [Luciano Righetti] +- Merge branch 'pr-7551' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/develop' into pr-7551. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7433 from JakubOnderka/sync-clusters-error- + handling. [Jakub Onderka] + + fix: [sync] Better error handling when fetching IDs for push/pull +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #6817 from JakubOnderka/upload-sightings. [Jakub + Onderka] + + chg: [sync] New separate method for uploading sightings to remote server +- Merge pull request #7157 from JakubOnderka/sighting-push-filtering. + [Jakub Onderka] + + new: [sync] Method for filtering out existing sightings +- Merge pull request #7558 from JakubOnderka/taxonomy_export. [Jakub + Onderka] + + new: [API] Taxonomy export +- Merge pull request #7553 from JakubOnderka/stix-diagnostics. [Jakub + Onderka] + + chg: [diagnostic] STIX diagnostics +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'fix-5806' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/develop' into fix-5806. + [mokaddem] +- Merge pull request #7530 from JakubOnderka/fix-relationship-import. + [Jakub Onderka] + + fix: [internal] Relationship import +- Merge pull request #7555 from JakubOnderka/misp2stix_traceback. [Jakub + Onderka] + + new: [misp2stix2] Return traceback for error +- Merge remote-tracking branch 'origin' into develop. [Alexandre + Dulaunoy] +- Merge pull request #7540 from MISP/2.4. [Jakub Onderka] + + Merge 2.4 to develop to fix build +- Merge pull request #7532 from JakubOnderka/warninglist-quick-delete. + [Jakub Onderka] + + fix: [internal] Faster deleting warninglist +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7525 from JakubOnderka/deprecate-getpymisp- + version. [Jakub Onderka] + + chg: [API] Deprecate getPyMISPVersion +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7537 from SteveClement/guides. [Steve Clement] + + fix: [doc] Fix conditonal error +- Merge pull request #7536 from SteveClement/tools. [Steve Clement] + + fix: [tools] Catch openssl not being installed +- Merge pull request #7535 from SteveClement/guides. [Steve Clement] + + chg: [doc] Guides now compatible with Fedora WS/Server 34 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Add search bar, fix col widths, show ref field as links. [Luciano + Righetti] +- Deserialize ref and geographical_area fields in index and view + endpoints. [Luciano Righetti] +- Resolve pr comments. [Luciano Righetti] +- Support toggle noticelist enable checkbox. [Luciano Righetti] +- Fix noticelist message not showing. [Luciano Righetti] +- Refactor noticelists index and view to use crud component. [Luciano + Righetti] +- Add crud component noticelists index. [Luciano Righetti] + + +v2.4.146 (2021-06-30) +--------------------- + +New +~~~ +- [API] Read only authkeys. [Jakub Onderka] + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [log] Remove ObjectRelationship from audit log. [Jakub Onderka] +- [internal] Simplify generating some JSON responses. [Jakub Onderka] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [UI] Loading non exists library in Audit log index. [Jakub Onderka] +- [event:add] Typo in accessing sharing group roaming information. + [mokaddem] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #7533 from JakubOnderka/audit-log-ui-fix. [Jakub + Onderka] + + fix: [UI] Loading non exists library in Audit log index +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge pull request #7482 from JakubOnderka/authkey-read-only. [Jakub + Onderka] + + new: [API] Read only authkeys +- Merge pull request #7527 from JakubOnderka/response-simplify. [Jakub + Onderka] + + chg: [internal] Simplify generating some JSON responses +- Merge pull request #7526 from MISP/2.4. [Jakub Onderka] + + Merge 2.4 into develop +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Security: fix stored xss in sharing groups view as reported by Nicolas + Vidal from TEHTRIS. [Luciano Righetti] + + +v2.4.145 (2021-06-28) +--------------------- + +New +~~~ +- [API] Import warninglist. [Jakub Onderka] +- [internal] Support Cake installation by composer. [Jakub Onderka] +- [ZMQ] Send warninglist changes to ZMQ. [Jakub Onderka] +- [API] Export warninglists to CSV. [Jakub Onderka] +- [API] Export warninglists. [Jakub Onderka] +- Custom warninglist. [Jakub Onderka] +- [emailing] added event summaries only as a setting. [iglocska] + + - publish the normal alert report to eligible users + - exclude attributes/objects, so the e-mail will only include a summary + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [doc:authentication_diagrams] Included session and cookie handling. + [mokaddem] +- [servers:add] Fallback to correct json structure if synchronisation + rules are empty. [mokaddem] +- [server] Relaxed url validation rule. [mokaddem] +- [user] Relaxed email validation rule. [mokaddem] +- [warning-list] updated to the latest version. [Alexandre Dulaunoy] +- [composer] Crypt_GPG updated to 1.6.5. [Alexandre Dulaunoy] +- [internal] Remove unused 'full' arg when fetching taxonomies. [Jakub + Onderka] +- [API] Add description to predicates and values. [Jakub Onderka] +- Log remote IP for authkey use attempt if remote IP not allowed by key. + [Jeroen Pinoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Added Rocky Linux 8.4 tweaks. [Steve Clement] +- [doc] Added Rocky Linux 8.4. [Steve Clement] +- [doc] Updated to OpenBSD 6.9. [Steve Clement] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [composer] Crypt_GPG updated to 1.6.5. [Alexandre Dulaunoy] + +Fix +~~~ +- [rest client] Handle state when body is too big to save into rest + client history. [Jakub Onderka] +- [server caching] only push data to redis / logs if there's something + to push. [iglocska] + + - avoids the count() notice if no data was returned by the remote +- Add mising return formats for rest search endpoints. [Luciano + Righetti] +- Add missing returnFormat to restSearch endpoints, move the parameter + as requestBody property. [Luciano Righetti] +- [getSettings] include the options. [iglocska] +- [API] Taxonomy namespace is case insensitive. [Jakub Onderka] +- Copy/pasta, rename galaxy clusters tag, move restSearch endpoints to + resource 1st. [Luciano Righetti] +- [server:edit] Typo in index. [Sami Mokaddem] +- [user edit] lost the set password checkbox. [iglocska] +- [server caching] only push data to redis / logs if there's something + to push. [iglocska] + + - avoids the count() notice if no data was returned by the remote +- Add mising return formats for rest search endpoints. [Luciano + Righetti] +- [user add/edit] added missing JS change to restore the external auth + field. [iglocska] +- [external auth key / password] fields changed, fixes #7488. [iglocska] + + - show what's relevant based on the customauth settings and hide that which is not +- [emailing] added missing if branch for the publish alert summary mode + to trigger. [iglocska] +- [validation] account for the edge-case where a composite attribute + does not yet have a second value. [iglocska] +- [attribute validation] - also check for composite values containing + control characters, fixes #7391. [iglocska] +- [validation] fixed issue introduced in last commit. [iglocska] +- [attribute] validation tightened for empty strings. [iglocska] + + - a value containing only control characters will now be blocked from entry +- [CRUD] accept contain as a parameter for edit, fixes an issue with + auth key edits. [iglocska] +- Typo. [Bart] + + 😅 + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7495 from JakubOnderka/warninglist-import. [Jakub + Onderka] + + Warninglist import +- Merge pull request #7494 from JakubOnderka/cake-composer-support. + [Jakub Onderka] + + new: [internal] Support Cake installation by composer +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7504 from mokaddem/fix-server-url-validation. + [Andras Iklody] + + Fix server url validation +- Merge branch 'develop' of github.com:MISP/MISP into fix-server-url- + validation. [mokaddem] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7502 from mokaddem/fix-user-email-validation. + [Andras Iklody] + + chg: [user] Relaxed email validation rule +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7464 from JakubOnderka/warninglist. [Jakub + Onderka] + + Custom warninglists +- Merge pull request #7444 from JakubOnderka/taxonomy-add-description. + [Jakub Onderka] + + chg: [API] Add description to predicates and values +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7479 from Wachizungu/log-IP-if-not-allowed-for- + authkey. [Andras Iklody] + + chg: log remote IP for authkey use attempt if remote IP not allowed b… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #7524 from SteveClement/tools. [Steve Clement] +- Merge pull request #7523 from SteveClement/guides. [Steve Clement] +- Merge branch 'guides' of github.com:SteveClement/MISP into guides. + [Steve Clement] +- Security: [generic-template:index] Fixed unsanitized input. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7506 from adliwahid/patch-1. [Alexandre Dulaunoy] + + Added 3 feeds sources from APNIC +- Added 3 feeds sources from APNIC. [Adli Wahid] + + Added 3 daily feeds (ssh bruteforce, telnet bruteforce, URLs seen) from the APNIC Community Honeynet Project +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Luciano + Righetti] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Luciano + Righetti] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Luciano + Righetti] +- Merge branch 'develop' of github.com:MISP/MISP into 2.4. [Luciano + Righetti] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Update README.md. [Alexandre Dulaunoy] +- Merge pull request #7483 from bartblaze/2.4. [Alexandre Dulaunoy] + + fix: typo +- Merge pull request #1 from bartblaze/bartblaze-patch-1. [Bart] + + fix: typo + + +v2.4.144 (2021-06-07) +--------------------- + +New +~~~ +- Add initial version of openapi spec, add ReDoc js files. [Luciano + Righetti] +- [doc:sync] Added notes and diagrams about synchornisation logics. + [mokaddem] +- [galaxy] Support of enabled/disabled state at galaxy level. [mokaddem] + + Fix #7019 +- [CyCat integration] v1. [iglocska] + + - lookup on relationshis for a given galaxy cluster +- [UI] Add link to event report history. [Jakub Onderka] +- [doc:auth-diagram] Added authentication diagram. [mokaddem] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] Bump. [Raphaël Vinot] +- [logo] reverted to the non-birthday version. [iglocska] +- [PyMISP] Bump deps. [Raphaël Vinot] +- [galaxyCluster:CyCat relations] Added icon and reference of the + project. [mokaddem] +- [genericElements:accordion] Added possiblity to pass html title. + [mokaddem] +- [cluster:cycat_relations] Added missing view. [mokaddem] +- [galaxyCluster:view] oved CyCat relationships in their own child + elements - Significantly speed up view loading time. [mokaddem] +- [sharinggroup] Allow pushing SG if remote internal server is not in + the list of SG servers. [mokaddem] +- [dashboard:updateSetting] Work with form data in memory rather than in + HTML body. [mokaddem] +- [db_schema] Updated schema. [mokaddem] +- [acl] Updated ACL to support new endpoints. [mokaddem] +- [doc:synchronisation-digrams] Added original diag. file. [mokaddem] +- [doc:synchronisation-diagrams] Added full version for both sync and + clarification about conditions. [mokaddem] +- [doc:synchronisation-diagrams] Added precision regarding index + filtering. [Sami Mokaddem] +- [doc:synchronisation] Renamed files. [mokaddem] +- [UI] Show warning when advanced auth keys are not enabled. [Jakub + Onderka] +- [UI] Make permision titles translatable. [Jakub Onderka] +- [Pip] lock updated. [Alexandre Dulaunoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated fix #7445. [Alexandre Dulaunoy] +- [config] default config now uses RFC2606 example.com domain. + [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [PyMISP] Bump pipenv. [Raphaël Vinot] +- /feeds/add endpoint returns empty 'name' error via api call. [Luciano + Righetti] +- Pr comments, update acl to allow all for /servers/openapi view, remove + rest client from events menu, remove php7 return hint. [Luciano + Righetti] +- [appController] Bumped queryversion. [mokaddem] +- [events:view] Correctly support arrays passed as deleted parameter. + [mokaddem] +- [events:view] Restored previous deleted behavior. [mokaddem] +- [events:view] Replaced correlation scope to behave similarly to the + filtering tool. [mokaddem] +- [events:view] Fixed deleted toggle enabled by default. [mokaddem] +- [galaxyCluster:view] Use CyCat local icon. [mokaddem] +- [galaxyCluster:view] Make sure the cluster contain cycat relations + before inserting content. [mokaddem] +- [galaxyCluster:view] Typo in setting name. [mokaddem] +- [event:__prepareForPushToServer] Slight refactoring. [mokaddem] +- [event:prepareForPush] Gracefully handle the case if + SharingGroupServer is empty. [mokaddem] +- [sharinggroup:capture] Re-use the ID of an existing SG if it exists + instead of the defaulted value 0. [mokaddem] +- [sharinggroup:captureOrg/captureServer] Use the ID of the existing + sharing group. [mokaddem] +- [dashboard:update_settings] Added missing view. [mokaddem] +- [dashbpard:updateSetting] Usage of CSRF token. [mokaddem] +- [security] Always capture attribute sharing groups. [iglocska] + + - via object edits it was omitted, leading to a possible misassociation of sharing groups by using the local ID of a referenced SG + + - as reported by Jeroen Pinoy +- [Event:set_filter_value] Support of wildcard searches. [mokaddem] +- Nonaggregated column mysql error when calling + /sightings/index/[event_id] [Luciano Righetti] +- Decode json ref and geographical_area properties in + /noticelists/view/[noticelist_id] endpoint. [Luciano Righetti] +- [Event:set_filter_value] Reset array indexing. [mokaddem] +- [Event:set_filter_value] Allows searching for composite attributes. + [mokaddem] + + Fix #7119 +- [typo in attribute add] caused the view to fail when adding + attributes. [iglocska] +- [doc:auth-diagram] Filename typo. [mokaddem] +- [UI] Security audit message. [Jakub Onderka] +- [UI] Simplify warninglist view template. [Jakub Onderka] +- Return api error when feed is not enabled. [Luciano Righetti] +- [UI] Show error only if it is not empty. [Jakub Onderka] +- [UI] Add missing event report model in audit log. [Jakub Onderka] +- [events:index] Reindex tag array to always return a list. [mokaddem] +- [markdown-editor:event-report] Fixed MISPElements in table. [mokaddem] +- [organisations:add] Wrong label value. [mokaddem] +- [db] rename org_blacklists to org_blocklists everywhere. [Richard van + den Berg] +- [post:send_mails] Make sure to have full group_by. [mokaddem] +- [attribute add] fixed typo causing the add function to fail. + [iglocska] +- [organisations index] added quickfilter as an alias for the search. + [iglocska] +- [Sharing groups] show roaming state in the API view. [iglocska] +- [UI] Restore notice list warnings when adding or editing attribute. + [Anders Einar Hilden] + + Restore the notice_message div that vanished in commit 0d4df7c98b0fc67618b1c3c298e64efb668fc4fe. +- [security] disable email uniqueness validation for the self + registration. [iglocska] +- [OTP] identifier tag fixed. [iglocska] + + - was hard coded to [MISP] +- [events:index] Reindex tag array to always return a list. [mokaddem] +- [organisations:add] Wrong label value. [mokaddem] +- [group by] error fixed in diagnostics, fixes #7411. [iglocska] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'fix-dahsboard-updateSettings' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into fix-dahsboard- + updateSettings. [mokaddem] +- Merge pull request #7427 from righel/fix-add-feed-api-endpoint. + [Alexandre Dulaunoy] + + fix: /feeds/add endpoint returns empty 'name' error via api call +- Merge pull request #7468 from righel/add-openapi-spec. [Andras Iklody] + + Add openapi spec +- Add /users/initiatePasswordReset/[user_id]/[first_time] openapi spec. + [Luciano Righetti] +- Fix openapi errors, fix default organisation restricted_to_domain + value. [Luciano Righetti] +- Merge branch 'fix-event-view-attribute-toolbar' into develop. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into fix-event-view- + attribute-toolbar. [mokaddem] +- Merge branch 'fix-sg-api-edit' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/develop' into fix-sg-api-edit. + [mokaddem] +- Merge pull request #7470 from mokaddem/improvements-cycat. [Andras + Iklody] + + Improvements for cycat integration +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'fix-composite-attribute-filtering' into develop. + [mokaddem] +- Merge remote-tracking branch 'origin/develop' into fix-composite- + attribute-filtering. [mokaddem] +- Merge branch 'feature-galaxy-disabled' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/develop' into feature-galaxy- + disabled. [mokaddem] +- Merge pull request #7456 from righel/fix-mysql-error-index-sightings- + by-event-id. [Andras Iklody] + + Fix mysql error index sightings by event +- Merge pull request #7455 from righel/fix-non-deserialized-properties- + view-noticelist. [Andras Iklody] + + fix: decode json ref and geographical_area properties in /noticelists… +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch 'doc-sync' into develop. [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7443 from JakubOnderka/fix-securiy-audit. [Jakub + Onderka] + + Fix securiy audit +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #7435 from JakubOnderka/event-report-history. + [Jakub Onderka] + + Event report history +- Merge pull request #7440 from righel/return-api-error-when-fetch-from- + feed-fails. [Alexandre Dulaunoy] + + fix: return api error when fetch from feed fails +- Merge branch 'return-api-error-when-fetch-from-feed-fails' of + github.com:righel/MISP into return-api-error-when-fetch-from-feed- + fails. [Luciano Righetti] +- Return api error when feed is not enabled. [Luciano Righetti] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7432 from JakubOnderka/perm_flags_translatable. + [Jakub Onderka] + + Perm flags translatable +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'airbus-cert-synchronisation_servers_cache_features' into + develop. [Alexandre Dulaunoy] +- Add cacheServerAll documentation. [Amaury Leroy] +- Add 'Cache server' documentation. [Amaury Leroy] +- Add PushAll documentation. [Amaury Leroy] +- Function pushAll -- push all servers. [Amaury Leroy] +- Function cacheServerAll -- cache all server. [Amaury Leroy] +- Revert "Merge pull request #7476 from RichieB2B/ncsc-nl/org_blocklist" + [Alexandre Dulaunoy] + + This reverts commit ea73d2613f457bb0459da874f3f84ffd3444c203, reversing + changes made to 6d8c2eebcf35f4bf68fcd88677331b0d65bbd14a. +- Merge pull request #7476 from RichieB2B/ncsc-nl/org_blocklist. + [Alexandre Dulaunoy] + + fix: [db] rename org_blacklists to org_blocklists everywhere +- Merge pull request #7459 from Kagee/patch-1. [Andras Iklody] + + fix: [UI] Restore notice list warnings when adding or editing attribute +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] + + +v2.4.143 (2021-05-14) +--------------------- + +New +~~~ +- [internal] View event as different user. [Jakub Onderka] +- [event index] add report count. [iglocska] +- [users:index] Batch toggleable fields. [mokaddem] +- [elements:genericForm] Added support of field descriptions. [mokaddem] +- [elements:indexCountry] Added country element to display flags and + nationalities. [mokaddem] +- [log] Add supoort for AuthKeys. [Jakub Onderka] +- [log] Show full change in popup. [Jakub Onderka] +- [log] Audit Log statistics. [Jakub Onderka] +- [log] LogShell. [Jakub Onderka] +- [log] Audit log. [Jakub Onderka] +- [event:alert] Re-publishing ban feature based on configurable + threshold. [mokaddem] +- [event:alert] Re-publishing ban feature based on configurable + threshold. [mokaddem] +- [Correlation exclusions] clean function reworked. [iglocska] + + - does everything on DB side + - no more issues with large lists being passed around + - should also be a fair bit faster + +Changes +~~~~~~~ +- [version] bumped. [iglocska] +- [birthday] logo added. [iglocska] + + - to be removed on the next release +- [routes] fix allowedlists routes. Renamed from whitelists. [Jeroen + Pinoy] +- [PyMISP] Bump version. [Raphaël Vinot] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [setting] Add missing setting fo new audit log. [Jakub Onderka] +- [correlation] Cleanup Correlation model code. [Jakub Onderka] +- [object] Added validation rules for some fields. [mokaddem] +- [organisations:edit] Usage of the add view. [mokaddem] +- [organisations:add] Migrated view to factory. [mokaddem] +- [organisations:index] Migrated view to factory. [mokaddem] +- [elements:indexGenericField] Allow passing implode's glue. [mokaddem] +- [warninglists:index] Moved views to factory - WiP. [mokaddem] +- [UsageData] fix active proposal count, exclude deleted entries. + [Jeroen Pinoy] +- Bumped queryversion. [mokaddem] +- [event-report] Improved hints autocomplete while typing. [mokaddem] + + - Hints available scopes + - Allow searching for object's priority value +- [log] Add link to Role. [Jakub Onderka] +- [log] Add link to ObjectTemplate from audit log. [Jakub Onderka] +- [log] Correctly show request type in user interface. [Jakub Onderka] +- [internal] Return ugly print JSON for AJAX requests. [Jakub Onderka] +- [warninglists:checkValue] Exposed feature in the UI. [mokaddem] +- [server:setting] Added missing config `warning_for_all` [mokaddem] +- [allowedlist] Migrated views to factory. [mokaddem] +- [users:index] Migrated view to factory. [mokaddem] +- Bumped queryversion. [mokaddem] +- [event-report] Improved hints autocomplete while typing. [mokaddem] + + - Hints available scopes + - Allow searching for object's priority value +- [warninglists:checkValue] Exposed feature in the UI. [mokaddem] +- [server:setting] Added missing config `warning_for_all` [mokaddem] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [event:alert] Added option to refresh to ban. [mokaddem] +- [event:getEventRepublishBanStatus] Improved wording. [mokaddem] +- [UI] Link to proposal limited view from proposal event index. [Jakub + Onderka] +- [event:alert] Added option to refresh to ban. [mokaddem] +- [event:getEventRepublishBanStatus] Improved wording. [mokaddem] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [objects] updated to the latest version. [Alexandre Dulaunoy] +- [elements:serverRuleElements] Removed useless spaces. [mokaddem] +- [server:queryAvailableSyncFilteringRules] Returns error message + instead of throwing error. [mokaddem] +- [servers:edit] Added indicative text for serverRuleElements. + [mokaddem] +- [elements:serverRuleServers] Added text for each scopes. [mokaddem] +- [elements:serverRuleElements] Reset widgets state on modal close. + [mokaddem] +- [elements:rules_widget] Added collapsible for freetext inputs. + [mokaddem] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [ACL] added correlation exception edit. [iglocska] +- [elements:indexPostlink] Added possibility to add confirm messages. + [mokaddem] + + Fixed JS error throwing undefined variable in top correlations + +Fix +~~~ +- [jobs view] Typo with $baseurl variable name. [chrisr3d] +- [module results] References between objects returned with module + results and the original object attribute are now pointing to the + original object itself. [chrisr3d] + + - A reference between an object and an object + attribute is supported in the API, but does not + appear on the event graph + - Instead of pointing to the initial object + attribute then, we look for the uuid of the + object containing the attribute and use this + uuid for the reference + - The references between objects returned as + module results and the object containing the + attribute initially used for the enrichment + with a module are then handled properly +- [taxonomies] updated. [Alexandre Dulaunoy] +- [attribute:first_seen/last_seen] First seen value can be equal to the + last_seen value. Fix #7404. [mokaddem] +- [module results] Included the object references handling loop in the + objects handling loop. [chrisr3d] + + - If we did not get any object in a result from + a misp module, the `$references` variable would + not have been defined and would have raised an + issue. The references are related to objects, + it is then obvious to handle them both together +- [modules results] Fixed the query to find the uuid of the attribute + used as input of a misp-module. [chrisr3d] + + - With `Attribute.object_id => 0`, the query did + only return attributes outside of a MISP object + - This was causing issues with references between + the MISP objects returned by the modules and the + attribute used as input to the module. Those + references were visible in the module results + preview, but skipped then after the submit + button is pressed. + - The references are now correctly handled +- [attributes] Enforce FS to be before LS (also for ShadowAttributes & + Objects) [mokaddem] +- Servers cannot be edited via API when MISP.host_org_id setting is + empty. [Luciano Righetti] +- [attribute:first_seen/last_seen] First seen value can be equal to the + last_seen value. Fix #7404. [mokaddem] +- [correlations] Correctly handle exclusion. [Jakub Onderka] +- [internal] Attribute correlation toggle. [Jakub Onderka] +- [attributes] Enforce FS to be before LS (also for ShadowAttributes & + Objects) [mokaddem] +- [internal] Missing variable. [Jakub Onderka] +- [UI] Chosen autofocus for attribute mass edit. [Jakub Onderka] +- [feed] Better error handling when downloading MISP feeds. [Jakub + Onderka] +- [export] YARA export. [Jakub Onderka] +- [warninglists:index] Restored site admin permission requirement for + deletion. [mokaddem] +- [log] Do not log unnecessary data to AuditLog. [Jakub Onderka] +- [feed preview] fixed exception thrown to invalid threat level listing + call. [iglocska] +- [UI] Warning message for event modification warning. [Jakub Onderka] +- [server:settings] Typo. [mokaddem] +- [db_schema] Update to version 68. [Jakub Onderka] +- [files:defaut_feeds] Added trailing slash Fix #7022. [mokaddem] +- [worker] restart not working correctly with SELinux. [iglocska] + + - endless process spawn due to not being able to fetch the user's name +- [server:settings] Typo. [mokaddem] +- [db_schema] Update to version 68. [Jakub Onderka] +- [stix2 export] Making sure timestamps are always converted into the + format STIX likes. [chrisr3d] +- [stix2 export] Making sure attributes have their Galaxy field before + trying to parse it. [chrisr3d] +- [stix2 export] Copy paste issue. [chrisr3d] +- [stix2 export] Trying to make first_seen & last_seen fields are + exported in an iso-formatted datetime format. [chrisr3d] +- [stix2 export] Avoiding issues with MISP events 'Event' field. + [chrisr3d] +- [stix2 import] Added the missing ip address observable parsing + function. [chrisr3d] + + - Should fix #6855 +- [stix2 import] Avoid missing the to_ids flag when set to False. + [chrisr3d] + + - attribute.get('to_ids') with 'to_ids' set to + False will simply skip the field, and let then + MISP set the flag to the default 'to_ids' value + depending on the attribute type + - With the test being `attribute.get('to_ids') is not None` + we make sure even if 'to_ids' is False, we get + the field as it is +- [stix1 import] Avoiding AttributeError exceptions when the STIX + packages have no header. [chrisr3d] +- [worker] restart not working correctly with SELinux. [iglocska] + + - endless process spawn due to not being able to fetch the user's name +- [emailing] password resets and OTP didn't handle line breaks + correctly. [iglocska] +- [elements:serverRuleElementPush] Recover freetext tags not known by + the instance. [mokaddem] +- [decayings:add] Correct usage of the translation function. [mokaddem] +- [UI] Correctly display last login time. [Loïc Fortemps] + + Until now, we were showing the "one before last" login time, this fixes the issue +- [galaxyCluster:export] Only unset fields if they exists. [mokaddem] + + In some cases, galaxy clusters might not have targeting clusters +- [galaxyCluster:export] Only unset fields if they exists. [mokaddem] + + In some cases, galaxy clusters might not have targeting clusters + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7377 from 86x/pi-support. [Andras Iklody] + + fix: Support various Raspberry Pi OS's in SUPPORT_MAP +- Added support for raspberry pi. [User] +- Merge pull request #7334 from Wachizungu/fix-allowedlists-route. + [Andras Iklody] + + chg: [routes] fix allowedlists routes. Renamed from whitelists. +- Merge pull request #7403 from righel/fix-restricted_to_domain-reset- + on-org-edit-allow-json-arrays. [Andras Iklody] + + fix restricted_to_domain reset when updating org, allow arrays via api. +- Fix restricted_to_domain reset when updating org, allow arrays via + api. [Luciano Righetti] +- Merge branch '2.4' of https://github.com/MISP/MISP into develop. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #7405 from righel/fix-edit-servers-via-api-when- + host_org_id-is-empty. [Andras Iklody] + + fix: servers cannot be edited via API when MISP.host_org_id setting i… +- Merge pull request #7397 from JakubOnderka/log-new-setting. [Jakub + Onderka] + + chg: [setting] Add missing setting fo new audit log +- Merge pull request #7400 from JakubOnderka/after-save-correlation-fix. + [Jakub Onderka] + + After save correlation fix +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7189 from JakubOnderka/view-as. [Jakub Onderka] + + new: [internal] View event as different user +- Merge pull request #7390 from JakubOnderka/fix-chosen-autofix. [Jakub + Onderka] + + fix: [UI] Chosen autofocus for attribute mass edit +- Merge pull request #7395 from JakubOnderka/feed-download-error- + handlig. [Jakub Onderka] + + fix: [feed] Better error handling when downloading MISP feeds +- Merge pull request #7018 from JakubOnderka/yara-export-fix. [Jakub + Onderka] + + fix: [export] YARA export +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'migration-allowlists' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration- + allowlists. [mokaddem] +- Merge branch 'migration-users-views' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration-users- + views. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration-users- + views. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration- + allowlists. [mokaddem] +- Merge branch 'migration-organisations-views' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration- + organisations-views. [mokaddem] +- Merge branch 'migration-warninglists' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration- + warninglists. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into migration- + allowlists. [mokaddem] +- Merge pull request #7392 from Wachizungu/fix-usage-data-active- + proposals-count. [Andras Iklody] + + chg: [statistics:UsageData] fix active proposal count, exclude deleted entries +- Merge pull request #6914 from JakubOnderka/audit-log. [Jakub Onderka] + + New Audit log system +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7389 from aaronkaplan/patch-1. [Andras Iklody] + + Update apache.24.misp.ssl +- Update apache.24.misp.ssl. [AaronK] + + StrongCiphers4All! \o/ +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7388 from JakubOnderka/fix-log-warning. [Jakub + Onderka] + + Fix log warning +- Merge branch 'feature-event-republishing-ban' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into feature-event- + republishing-ban. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into develop. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into develop. + [chrisr3d] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7384 from JakubOnderka/fix-db-schema. [Jakub + Onderka] + + fix: [db_schema] Update to version 68 +- Merge pull request #7367 from JakubOnderka/proposal-index-ui. [Jakub + Onderka] + + chg: [UI] Link to proposal limited view from proposal event index +- Merge branch '2.4' of github.com:MISP/MISP into develop. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [chrisr3d] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [chrisr3d] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Update supportFunctions.md. [Raphaël Vinot] + + pull from oirigin main and not origin master in PyMISP +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'improvements-sync-filter-rules2' into develop. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7374 from lfortemps/patch-3. [Alexandre Dulaunoy] + + fix: [UI] Correctly display last login time +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] + + +v2.4.142 (2021-04-27) +--------------------- + +New +~~~ +- [correlation exclusions] now have an optional comment field. + [iglocska] + + - explain why you exclude a value for easier maintenance + - edit existing exclusions to add those comments after the fact +- [top correlations] Redirect to the attribute search when clicking a + value. [iglocska] +- [Index builder] add simple postlink field. [iglocska] +- [Correlations] Added cached toplist. [iglocska] + + - stored via zset in redis + - very fast, but needs to be generated + - generation background processed +- [index top bar] added element to act as a text replacement field + instead of a button. [iglocska] +- [correlations] added new background task for correlating individual + values. [iglocska] +- [Correlations] refactor / rework. [iglocska] + + - moved to own controller and model + - refactored several long incomprehensible functions + + - extracted reused tasks from functions and made them reusable + - added a way to correlate individual values as opposed to attributes + + - Added top correlations index +- [UI] added stupid pagination links. [iglocska] + + - sometimes we want to paginate data not derrived from the usual backend but still have a first/last/next/previous link included +- [correlations] top correlations index view added. [iglocska] +- [Correlations] added dedicated controller/model/views. [iglocska] +- [servers:edit] Fetches available orgs and tags from remote server. + [mokaddem] + + - Componentized views and made them responsive + - Usage of picker for orgs and tags + - For server pull rule, fetches available choices from remote server +- [galaxyCluster:wipe_default] New endpoint to wipe out all default + clusters. [mokaddem] +- [Cache] search allows bulk lookups. [iglocska] + + - it is now possible to search for a list of values such as: + + { + "value": ["1.1.1.1", "8.8.8.8", "8.8.4.4"] + } + + - this will now return a dictionary with the key being the lookup value and the value being a list of hits and their metadata + + - passing a single value will revert to the old behaviour, returning a simple list with the hits and their metadata +- [doc] Add doc on how MISP uses git. [E. Cleopatra] +- [Dashboard] Adding user count evolution widget. [Jeroen Pinoy] +- [Dashboard] Add org count evolution widget. [Jeroen Pinoy] +- [doc] Add roadmap. [E. Cleopatra] +- [event:timeline] Fit visible window from provided start/end dates + + help tooltip. [mokaddem] +- [servers:diagnostic] Tool to remove orphaned correlations. [mokaddem] +- [UI] Smarter events lock checking. [Jakub Onderka] +- [API] REST repose for jobs index. [Jakub Onderka] +- [docs] Added API_Doc. [mokaddem] +- [Console] New API shell to create API documentation from + RestResponseComponent. [mokaddem] +- [Dashboard] Add usage data widget. [Jeroen Pinoy] +- [UI] User column selector. [Jakub Onderka] +- [UI] User can choose columns for event index. [Jakub Onderka] +- [chg] timestamp index field allows a new "x units ago" representation. + [iglocska] + + - just pass "ago": 1 as a parameter to the field + +Changes +~~~~~~~ +- [elements:indexPostlink] Added possibility to add confirm messages. + [mokaddem] + + Fixed JS error throwing undefined variable in top correlations +- [correlations] reverted the division by 2 for the correlation counts. + [iglocska] + + - there are legitimate cases where we get one way correlations + - we use the value field to aggregate the count, which leads to it being incorrect when using advanced correlations (the reverse correlation will use the value of the remote side) +- [CRUD] component - added redirect_controller parameter. [iglocska] + + - redirect to other controllers on demand, not just other actions +- [ACL] added top correlation generation to ACL. [iglocska] +- [version] bump. [iglocska] +- Force perms for logfiles before tests. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] Bump. [Raphaël Vinot] +- [CRUD] component, changed two filtering functions to be accessible + externally. [iglocska] +- [indextable] added stupid pagination options. [iglocska] +- [menues] updated with new correlation functionality. [iglocska] +- [elements:indexTable] Allow passing URL parameters for link actions. + [mokaddem] +- [css:event-report] Improved layout when using objects in markdown + headers. [mokaddem] +- [internal] Do not load not necessary event info for attack export. + [Jakub Onderka] +- [UI] Hide URL from feed and server cache hits. [Jakub Onderka] +- [elements:serverRuleElements] Added notice for older server not + supporting filtering rule queries. [mokaddem] +- [elements:serverRuleElements] Better function name for + maintainability. [mokaddem] +- [element:serverRuleElements] Rules are parsed and build on + rules_widget container. [mokaddem] + + They can later be recovered by external commands without having to rely + on fixed HTML ID properties +- [elements:serverRuleElements] Parametrized display of freetext input. + [mokaddem] +- [servers:add] Removed unused view. [mokaddem] +- [server:queryAvailableSyncFilteringRules] Includes the HTTP return + code in case of errors. [mokaddem] +- [elements:serverRuleElements] Added support of existing rules for + feeds. [mokaddem] +- [elements:serverRuleElements] Inject existing rules into widget. + [mokaddem] +- [elements:serverRuleElements] Support of previous rule states - WiP. + [mokaddem] +- [elements:serverRuleElements] Added preventive sanitizations. + [mokaddem] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [elements:infoModal] Added sanitization. Just in case. [mokaddem] +- [servers:edit] Slight UI adjustements. [mokaddem] +- [servers:edit] Added support of codemirror and delete buttons. + [mokaddem] +- [internal] fetchEventIds refactored. [iglocska] + + - the stupid ordered params were driving me nuts +- [warning-list] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] Bump. [Raphaël Vinot] +- [doc] FIx links. [E. Cleopatra] +- [doc] Some minor changes. [E. Cleopatra] +- [doc] Fix grammatical errors. [E. Cleopatra] +- [doc] update and rename. [E. Cleopatra] +- [doc] Add content. [E. Cleopatra] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] Bump. [Raphaël Vinot] +- [MispObject] fix copy paste error in checkForDuplicateObjects. [Jeroen + Pinoy] +- [MispObject] fix copy paste error in editObject. [Jeroen Pinoy] +- [Dashboard:MultiLineChart] make enabling 'total' line on initial + render configurable. [Jeroen Pinoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [metadata] JSON fixed. [Alexandre Dulaunoy] +- [feed] JSON fixed. [Alexandre Dulaunoy] +- [feed] default feed JSON fixed. [Alexandre Dulaunoy] +- [doc] Minor changes. [E. Cleopatra] +- [installer] Update to latest. [Steve Clement] +- [installer] Update template for rhel7/8. [Steve Clement] +- [doc] Updates to RHEL7/8 doc. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [installer] Updated template for RHEL install. [Steve Clement] +- [fix] Missing version number. [Steve Clement] +- [installer] Installer Update, RHEL support added. [Steve Clement] +- [installer] Minor clean-up. [Steve Clement] +- [doc] More specific tweak to v7 and v8. [Steve Clement] +- [doc] Makes v7/v8 more clear. [Steve Clement] +- [doc] More cohesive docs. [Steve Clement] +- [installer] Latest installer. [Steve Clement] +- [installer] Template update to support RHEL7/8 CentOS7/8. [Steve + Clement] +- [installer] udpated template to install php7.4 on ubuntu18.04. [Steve + Clement] +- [doc] Suggest installing php74 on Ubuntu 18.04. [Steve Clement] +- Bump PyMISP. [Raphaël Vinot] +- [installer] Update to latest installer. [Steve Clement] +- [installer] Added modulesCAKE fn. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [sh] Small fix to make misp-refresh non-interactive. [Steve Clement] +- [doc] lief is in requirements.txt. [Steve Clement] +- [feeds:edit] Improved saving of edits Fix #7293. [mokaddem] +- [event:search] Allow filtering by org uuid. Fix #7288. [mokaddem] +- [internal] Move fetching related attributes to one place. [Jakub + Onderka] +- [internal] Install DebugKit by Composer. [Jakub Onderka] +- [internal] Install random_compat by Composer. [Jakub Onderka] +- [internal] Install CakePHP by Composer. [Jakub Onderka] +- [UI] Correctly handle progress for jobs. [Jakub Onderka] +- [UI] Make possible to filter jobs by prio queue. [Jakub Onderka] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [attributes/restSearch] add clarifying comments. [Jeroen Pinoy] +- [restResponseComponent] Get scoped available endpoints. [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- [doc] Updated cake config defaults. [Steve Clement] +- [doc] Further RHELL tweaks. [Steve Clement] +- [doc] Seperated RHEL 7/8 install fn. Fedora33 supported. [Steve + Clement] +- [doc] some cleanups. [Steve Clement] +- [doc] Seperated cake commands into seperate files. [Steve Clement] +- [doc] fix merge. [Steve Clement] +- Bump pipfile lock. [Raphaël Vinot] +- [UI] Use choosen for tag select. [Jakub Onderka] +- [UI] dblclickElement. [Jakub Onderka] +- [internal] Optimise fetching correlation count for events. [Jakub + Onderka] +- [doc] Automation adaption. [Steve Clement] +- [doc] Updated Changelog.md. [Steve Clement] +- [doc] Added details on MISPvars. [Steve Clement] + +Fix +~~~ +- [attribute search] Don't use form tampering protection for searches. + [iglocska] +- [top correlations] Divide the count by 2. [iglocska] + + - Each correlation has 2 entries in the DB (A->B and B->A) + - this doesn't mean that we should count each of those entries, but rather divide by 2 to get the actual correlation count +- [default feeds] duplicate name resolved, fixes #6978. [iglocska] + + - as reported by @chrisinmtown +- [galaxy] logging - use SYSTEM as the default org name for logging. + [iglocska] +- [galaxy] new logging to catch meta field errors assumed that the user + object was available. [iglocska] + + - [narrator] It wasn't. +- [galaxy] update fails gracefully and skips over malformed meta fields + in a cluster. [iglocska] +- [feeds:edit] Recover event_id if it exists Fix #7293 (second part) + [mokaddem] +- [correlations] added fix for invalid function call. [iglocska] + + - introduced by the refactor, looking up Attribute object variables such as noncorrelatingTypes +- [correlations] Don't barf when trying to add data with no + correlations. [iglocska] +- [correlation exclusions] controller comment fixed. [iglocska] +- [Correlations] controller - added missing components. [iglocska] +- [Correlations] fixed advanced correlations for ssdeep and separated + into own function. [iglocska] +- [stix1 framing] Fixed CIQ Identity namespace. [chrisr3d] +- Add strict commit test function. [Luciano Righetti] +- Allow setting org_id=0 via cake console, add --force option to force + settings. [Luciano Righetti] +- [UI] Event lock warning. [Jakub Onderka] +- [UI] Wrong org id for galaxy matrix stats. [Jakub Onderka] +- [misp.js] Support display on fretext values and removed useless + functions. [mokaddem] +- [servers:edit] Support servers/add with the server/edit view. + [mokaddem] +- [feeds:edit] Display additional filtering rules. [mokaddem] +- [elements:serverRuleElement] Push should not be allowed to set + freetext orgs. [mokaddem] +- [elements:serverRuleElements] Avoid saving the space character as + additional rule. [mokaddem] +- [feeds:edit] Log correct action. Fix #7347. [mokaddem] +- [elements:serverRuleElementPull] Typo. [mokaddem] +- [elements:serverRuleElementsPull] Correctly setup codemirror. + [mokaddem] +- [server:edit] Usage of IDs or raw values on correct context. + [mokaddem] + + - PUSH should use IDs + - PULL should use raw values +- [test] Allow access from IPv6 addresses. [Jakub Onderka] +- [GHA] change in hostname, bump pymisp, fix vhost. [Raphaël Vinot] +- [feed:edit] Fixed bug preventing to recover feed data in the UI. + [mokaddem] +- [doc] moreutils package added (required for sponge) [Alexandre + Dulaunoy] + + Fix #7353 +- [decaying:row_simulation] Removed buggy HTML title. [mokaddem] +- [decaying:row_simulation] Correctly pass event data to galaxy element. + [mokaddem] +- [audit] Better path to cake version file. [Jakub Onderka] +- [decaying:row_simulation] Correctly pass event data to galaxy element. + [mokaddem] +- [decaying:row_simulation] Removed buggy HTML title. [mokaddem] +- Fix remove attribute tag showing text/html content-type. [Luciano + Righetti] +- [CSRF] issues resolved for the dashboards controller. [iglocska] +- [security] Sharing group misassociation on sync. [iglocska] + + - when an object has a sharing group associated on an event edit, the sharing group object is ignored and instead the passed local ID is reused + - as reported by Jeroen Pinoy +- [doc] Small regression. [Steve Clement] +- Remove call to private method, call __alterAttributeCount() from + Attribute::restore() method. [Luciano Righetti] +- [installer] Updated template to fix v7/8. [Steve Clement] +- [installer] Fix merge fup of template. [Steve Clement] +- [webroot:index] Make sure MISP works if cakephp is not installed via + composer. [mokaddem] +- [internal] Organisation object for user is not included all time. + [Jakub Onderka] +- [UI] Hide job retries since this column is always zero. [Jakub + Onderka] +- [UI] Failed jobs are not considered as Queued. [Jakub Onderka] +- [xml] Object can be without attributes. [Jakub Onderka] +- [factories] links and timestamps fixed. [iglocska] + + - really annoying timestamp issue + - as discovered during LS21 +- [tools] Fixed misp-backup. [Steve Clement] +- [emailing] subject restored. [iglocska] + + - view template not having the subject var set defaulted the subject to null +- [UI] Event index filter nicer. [Jakub Onderka] +- [UI] Event index filter edit. [Jakub Onderka] +- [internal] Remove unused code. [Jakub Onderka] +- [doc] CentOS 7 needs to use Remi too. [Steve Clement] +- [installer] Use awk to print until EoF from match. [Steve Clement] +- [installer] globalVariables fix to ignore preceeding lines. [Steve + Clement] +- [tools] now works on MacOS and considers gsed. [Steve Clement] +- [internal] ThreatLevel::list() function renamed. [iglocska] + + - causes issues under certain PHP versions as it's a reserved keyword + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7369 from MISP/fix-link. [Alexandre Dulaunoy] + + Fix link +- Fix link. [E. Cleopatra] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into develop. + [chrisr3d] +- Merge branch 'developt push' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7366 from righel/allow-cake-cli-set-null-settings. + [Andras Iklody] + + fix: allow setting org_id=0 via cake console, add --force option +- Merge branch 'feature-galaxy-cluster-wipe-default' into develop. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into feature-galaxy- + cluster-wipe-default. [mokaddem] +- Merge pull request #7364 from JakubOnderka/galaxy-stats-fix. [Jakub + Onderka] + + Galaxy stats fix +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Security: [feeds] Hide headers for non-site admin users. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7365 from JakubOnderka/feed-url-remove. [Jakub + Onderka] + + chg: [UI] Hide URL from feed and server cache hits +- Merge branch 'develop' of github.com:MISP/MISP into feature-galaxy- + cluster-wipe-default. [mokaddem] +- Merge branch 'improvements-sync-filter-rules' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into improvements-sync- + filter-rules. [mokaddem] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into improvements-sync- + filter-rules. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into improvements-sync- + filter-rules. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7358 from JakubOnderka/fix-security-test. [Jakub + Onderka] + + fix: [test] Allow access from IPv6 addresses +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7230 from jozuatec/patch-2. [Jakub Onderka] + + Update OidcAuthenticate.php +- Update OidcAuthenticate.php. [jozuatec] + + With our IDP the user roles do not get delivered through claims. With this edit (get roles through "requestUserInfo" when claims fails to do so), our IDP can deliver the roles through an "Extra Attributes" field. + I am already using this code in our production, it works fine for us. +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7235 from imidoriya/patch-1. [Andras Iklody] + + chg: [tag] Use detailed message in tag return +- Restored generic when successes > 1. [Deku] + + Generic can handle when more than 1 tag is added. +- Generic message overwrites detailed message. [Deku] + + A detailed message is created on lines 870 and 877, however, they're never used in the response as it is overwritten by the generic message on line 888. +- Merge pull request #7326 from PROTechThor/contribute. [Alexandre + Dulaunoy] + + Improve contributing.md, Add coding style, workflow +- Update STYLE.md. [E. Cleopatra] +- Update GITWORKFLOW.md. [E. Cleopatra] +- Update CONTRIBUTING.md. [E. Cleopatra] +- Update CONTRIBUTING.md. [E. Cleopatra] +- Write coding style guidelines. [E. Cleopatra] +- Merge pull request #7342 from Wachizungu/fix-checkForDuplicateObjects- + typo. [Andras Iklody] + + chg: [MispObject] fix copy paste error in checkForDuplicateObjects +- Merge pull request #7343 from Wachizungu/fix-typo-in-editObject. + [Andras Iklody] + + chg: [MispObject] fix copy paste error in editObject +- Merge pull request #7345 from Wachizungu/user-count-evolution-widget. + [Andras Iklody] + + new: [Dashboard] Add user count evolution widget +- Merge pull request #7350 from Wachizungu/org-count-evolution-widget. + [Andras Iklody] + + new: [Dashboard] Add org count evolution widget +- Merge pull request #7352 from JakubOnderka/revert-composer. [Jakub + Onderka] + + Revert composer +- Revert "chg: [internal] Install CakePHP by Composer" [Jakub Onderka] + + This reverts commit 74eccfe9 +- Revert "chg: [internal] Install random_compat by Composer" [Jakub + Onderka] + + This reverts commit fe7d0a46 +- Merge pull request #7349 from Wachizungu/multilinechart-make-enabling- + total-configurable. [Alexandre Dulaunoy] + + chg: [Dashboard:MultiLineChart] make enabling 'total' line on initial… +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7336 from stevengoossensB/2.4. [Alexandre + Dulaunoy] + + Change config.default.php to have everything needed for Azure AD auth +- Change config.default.php to have everything needed for Azure AD + authentication in there (as suggested in PR 6661) [Steven] +- Merge pull request #7339 from righel/fix-remove-tag-attribute-content- + type-header. [Andras Iklody] + + fix: fix remove attribute tag showing text/html content-type +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7304 from StefanKelm/2.4. [Alexandre Dulaunoy] + + add MalwareBazaar and URLhaus +- Add MalwareBazaar and URLhaus. [StefanKelm] + + https://github.com/MISP/MISP/issues/7176 +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7320 from PROTechThor/roadmap. [Alexandre + Dulaunoy] + + MISP Roadmap +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7309 from SteveClement/guides. [Steve Clement] +- Merge pull request #7308 from SteveClement/tools. [Steve Clement] + + chg: [installer] Update template for rhel7/8 +- Merge pull request #7307 from SteveClement/guides. [Steve Clement] + + chg: [doc] Updates to RHEL7/8 doc +- Merge pull request #7306 from SteveClement/tools. [Steve Clement] +- Merge pull request #7303 from righel/fix-error-when-restoring- + attribute-from-api. [Andras Iklody] + + fix: remove call to private method, call __alterAttributeCount() from… +- Merge pull request #7302 from SteveClement/tools. [Steve Clement] + + chg: [installer] Minor clean-up +- Merge pull request #7301 from SteveClement/tools. [Steve Clement] +- Merge branch 'tools' of github.com:SteveClement/MISP into tools. + [Steve Clement] +- Merge branch 'tools' of github.com:SteveClement/MISP into tools. + [Steve Clement] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into tools. [Steve + Clement] +- Merge pull request #7300 from SteveClement/guides. [Steve Clement] +- Merge pull request #7298 from SteveClement/tools. [Steve Clement] + + chg: [installer] Template update to support RHEL7/8 CentOS7/8 +- Merge pull request #7297 from SteveClement/tools. [Steve Clement] + + chg: [installer] udpated template to install php7.4 on ubuntu18.04 +- Merge pull request #7296 from SteveClement/guides. [Steve Clement] + + chg: [doc] Suggest installing php74 on Ubuntu 18.04 +- Merge pull request #7291 from stevengoossensB/2.4. [Alexandre + Dulaunoy] + + Added Threatfox to default feeds +- Fix typo. [Steven] +- Added Threatfox to default feeds. [Steven] +- Merge pull request #7289 from SteveClement/tools. [Steve Clement] + + chg: [installer] Added modulesCAKE fn +- Merge pull request #7287 from SteveClement/tools. [Steve Clement] +- Merge pull request #7187 from JakubOnderka/related-attributes. [Jakub + Onderka] + + chg: [internal] Move fetching related attributes to one place +- Merge pull request #7227 from JakubOnderka/smarter-event-locks-check. + [Jakub Onderka] + + new: [UI] Smarter events lock checking +- Merge pull request #7158 from JakubOnderka/sg-user-org-id. [Jakub + Onderka] + + fix: [internal] Organisation object for user is not included all time +- Merge pull request #7294 from JakubOnderka/cakephp-composer. [Jakub + Onderka] + + chg: [internal] Install CakePHP by Composer +- Merge pull request #7204 from JakubOnderka/fix-jobs. [Jakub Onderka] + + Fix jobs +- Merge pull request #7267 from JakubOnderka/fix-xml-empty-object. + [Jakub Onderka] + + fix: [xml] Object can be without attributes +- Added Threatfox to default feeds. [Steven] +- Merge pull request #7266 from stephengroat/patch-1. [Jakub Onderka] + + fix recursive submodule checkout +- Fix recursive submodule checkout. [Stephen] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Add: [module results] Catching MISP Objects first_seen & last_seen + values. [chrisr3d] + + - Will probably also check at attribute level to + have it too if needed +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [chrisr3d] +- Merge pull request #7273 from Wachizungu/add-comments-attributes- + restsearch. [Sami Mokaddem] + + chg: [attributes/restSearch] add clarifying comments +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7282 from SteveClement/tools. [Steve Clement] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #7281 from SteveClement/guides. [Steve Clement] + + chg: [doc] Further RHELL tweaks +- Chf: [doc] More amendments to RHEL8. [Steve Clement] +- Add: [module results] Catching MISP Objects first_seen & last_seen + values. [chrisr3d] + + - Will probably also check at attribute level to + have it too if needed +- Merge pull request #7278 from SteveClement/guides. [Steve Clement] +- Merge pull request #7276 from SteveClement/guides. [Steve Clement] + + chg: [doc] some cleanups +- Merge pull request #7275 from SteveClement/guides. [Steve Clement] + + chg: [doc] Seperated cake commands into seperate files +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7263 from Wachizungu/add-usagedata-dashboard- + widget. [Andras Iklody] + + new: [Dashboard] Add usage data widget +- Merge pull request #7228 from JakubOnderka/event-index-custom-columns. + [Jakub Onderka] + + Event index custom columns +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7269 from SteveClement/guides. [Steve Clement] +- Merge pull request #7268 from SteveClement/guides. [Steve Clement] + + chg: [doc] Added details on MISPvars +- Merge pull request #7233 from EvaYiYang/patch-1. [Andras Iklody] + + fix: [internal] Keep AadAuth setting in config.php when modify setting value from UI +- Merge branch '2.4' into patch-1. [Andras Iklody] +- Add AadAuth module as saved settings. [Eva Yang] +- Merge branch '2.4' into develop. [iglocska] + + +v2.4.141 (2021-03-29) +--------------------- + +New +~~~ +- [cli] enable all tags for a taxonomy. [Jeroen Pinoy] +- [eventgraph:viewPicture] Allow access to saved picture from the + eventgraph history. [mokaddem] +- [UI] Reworked galaxy quick view. [Jakub Onderka] +- [UI] Show threat level icons on event index. [Jakub Onderka] +- [freetext] Faster freetext parsing with more tests. [Jakub Onderka] +- [event loader] has a new extensionList parameter. [iglocska] + + - boolean, if set includes a list of extension events, metadata only +- [test] Alert email generating. [Jakub Onderka] +- [email] New setting `MISP.event_alert_metadata_only` [Jakub Onderka] +- [email] Command for testing generated alert email. [Jakub Onderka] +- [email] Allow to set email subject from template. [Jakub Onderka] +- [mail] Add reference for event alert emails. [Jakub Onderka] +- [mail] Move contact alert email to templates. [Jakub Onderka] +- [mail] HTML alert emails. [Jakub Onderka] +- [mail] Backend support for sending HTML emails. [Jakub Onderka] +- [shortcuts] Show help when pressing ? key. [Jakub Onderka] +- [internal] Security setting force_https. [Jakub Onderka] +- [authkeys] Copy key info when resetting key. [Jakub Onderka] +- [authkeys] Allowed IPs. [Jakub Onderka] +- [UI] Render galaxy cluster description as markdown. [Jakub Onderka] + +Changes +~~~~~~~ +- [warning-lists] updated. [Alexandre Dulaunoy] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [doc] when enabling remi 7.4 by default, paths change. [Steve Clement] +- [doc] CentOS8Stream is now supported. [Steve Clement] +- [doc] reshuffle documentation order and archive some older guides. + [Steve Clement] +- [i18n] Updated base strings. [Steve Clement] +- [i8n] Added localization progress. [Steve Clement] +- [i18n] Fix mrg conflict. [Steve Clement] +- [i18n] Updated base strings. [Steve Clement] +- [i18n] Updated translations. [Steve Clement] +- [galaxy] Update. [Jakub Onderka] +- [UI] fix debugon for debug = 1. fix #7131. [Jeroen Pinoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [doc] more fine tuning to RHEL8. [Steve Clement] +- [doc] Balanced RHEL 8 and 7 Docs. [Steve Clement] +- [doc] Move away from expect. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [doc] Added additional hardening and logging defaults. [Steve Clement] +- [doc] Some minor changes and hardening. [Steve Clement] +- [doc] Minor adjustments to permissions setter. [Steve Clement] +- [doc] typo. [Steve Clement] +- [doc] Added symlink to php. [Steve Clement] +- [doc] Be friendly to automation. [Steve Clement] +- [taxonomies] updated. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [auth] if no API key is provided for an API action - log it. + [iglocska] +- [auth key] logging no longer collapsed if the new setting is enabled. + [iglocska] + + Security.log_each_individual_auth_fail will log all API failures instead of collapsing repeated queries +- [statistics] fix typo in statistics_data view - monthly attributes + styling check. [Jeroen Pinoy] +- [ShibbAuth] Add login entry on logging in for audit. [Jeroen Pinoy] +- [statistics] fix typo in statistics_data view - monthly attributes + styling check. [Jeroen Pinoy] +- [ShibbAuth] Add login entry on logging in for audit. [Jeroen Pinoy] +- [feed] Check if value is clean IP without doing expensive operations. + [Jakub Onderka] +- [test] Add test for #7214. [Jakub Onderka] +- [shibbauth] added two extra settings. [iglocska] + + - ApacheShibbauth.DefaultRole: defaults to false, if set, pick the supplied roleID for any user authenticating. Can be used together with BlockRoleModifications + - ApacheShibbauth.BlockRoleModifications: defaults to false, boolean. If set to true, will block any updates to the existing users on authentication. This preserves any modifications made by a site admin in MISP. +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Show number of items in freetext feed. [Jakub Onderka] +- [UI] Make feed event preview nicer. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Threat levels list. [Jakub Onderka] +- [restClient:querybuilder] add events and attributes addTag and + removeTag actions. [Jeroen Pinoy] +- [attributes] fix attribute addtag by name conditions for find not set. + [Jeroen Pinoy] +- [attributes] fix copypasta error leading to internal server error on + addtag with tag name. [Jeroen Pinoy] +- [attributes] fix copypasta error leading to internal server error on + addtag with tag name. [Jeroen Pinoy] +- Bumped queryversion. [mokaddem] +- [optimisation] Faster Model::_findList method. [Jakub Onderka] +- [internal] Faster event locks with Redis. [Jakub Onderka] +- [correlation] Do not update info and date column, since they are not + used anymore. [Jakub Onderka] +- [restClient:querybuilder] fix remove tag from object template. [Jeroen + Pinoy] +- [restClient:querybuilder] add events and attributes addTag and + removeTag actions. [Jeroen Pinoy] +- [attributes] fix attribute addtag by name conditions for find not set. + [Jeroen Pinoy] +- [attributes] fix copypasta error leading to internal server error on + addtag with tag name. [Jeroen Pinoy] +- [email] Move event alert email subject generting. [Jakub Onderka] +- [internal] Fetch attribute UUIDs for sightings in different query. + [Jakub Onderka] +- [UI] It is 2021! Removed -moz and -webkit specific CSS properties. + [Jakub Onderka] +- [UI] Make some parts of MISP nicer. [Jakub Onderka] +- [eventGraph] Improved object coloring strategy. [mokaddem] +- [security audit] removed sharing group recommendation and fixed + grammar. [iglocska] + + - the hide sharing group org setting is actively harmful, we should definitely not promote it +- [sync] Code cleanup. [Jakub Onderka] +- [sync] Do not decode body if is empty. [Jakub Onderka] +- [UI] Nicer pivots. [Jakub Onderka] +- [diagnostics] Show Redis memory fragmentation. [Jakub Onderka] +- [internal] When caching feed, save progress to db less often. [Jakub + Onderka] +- [PyMISP] Bump version. [Raphaël Vinot] +- [PyMISP] Fix tests. [Raphaël Vinot] +- [PyMISP] Bump before release. [Raphaël Vinot] +- [internal] Set cookie name just when no name is set. [Jakub Onderka] +- [schema] Add index for EventReport.event_id. [Jakub Onderka] +- [schema] Convert GalaxyCluster tag name to case insensitive. [Jakub + Onderka] +- [UI] Do not show published for default galaxy clusters. [Jakub + Onderka] +- [internal] Cleanup code that is resposible for fetching server + setting. [Jakub Onderka] +- [UI] Simplify keyboard-shortcuts.js. [Jakub Onderka] +- [UI] Use Page Visibility API. [Jakub Onderka] +- [optimise] Faster loading galaxy cluster index. [Jakub Onderka] + +Fix +~~~ +- [attribute:restSearch] `includeCorrelations` Do not longer returns + soft-deleted attributes. [mokaddem] +- [sharinggroup:captureSG] Correctly capture the roaming state. + [mokaddem] + + Fix #7254 +- [attribute] typo in place-port-of-original-embarkation fixed. + [Alexandre Dulaunoy] +- [doc] Partial fix for misp-modules. [Steve Clement] +- [doc] Fixed a bash variable bug. [Steve Clement] +- [doc] MISP-core now working on RHEL 7.9. [Steve Clement] +- [doc] next stages of the RHEL7 install. [Steve Clement] +- [sync:local-tag] Local tags converted into global after sync for + internal sync. [mokaddem] + + Fix #7253 +- [attribute] typo in place-port-of-original-embarkation fixed. + [Alexandre Dulaunoy] +- [attributes:restSearch] pop attribute timestamp filtering condition. + [mokaddem] + + This avoid the condition to propagates to the event level. + Fix #7096 +- [command:admin] UpdateTaxonomies provides correct feedback Fix #7132. + [mokaddem] +- [tags] More granularity for local and global add cluster buttons. + [mokaddem] +- [tags] More granularity for local and global add tag buttons. + [mokaddem] +- [attributes:addTag] Pass the event to check ACL. [mokaddem] +- [taxonomy] avoid MISP becoming unhappy when trying to enable tags for + a non-existing taxonomy. [iglocska] +- [doc] rhel 7 install doc initial fixes. [Steve Clement] +- [selinux] allow log files rename. [Richard van den Berg] +- [db_schema] Cerebrates's comment default value. [mokaddem] + + Fix #7200, fix #7137 +- [API] Fixes crash when a new indicator in existing event has a + sighting. [Tom King] +- [Sync] Crash when attempting to sync with 'Pull Galaxy Clusters' + enabled. [Tom King] +- [swp] /var/swap.img is not a safe place. [Steve Clement] +- [merge] Local tags should stay local vol. 2. [Jakub Onderka] +- [internal] Keep OidcAuth setting when modify setting value from UI. + [Jakub Onderka] +- Remove broken refang. [Raphaël Vinot] +- [config.php] file permission after changes fixes #7229. [iglocska] + + - will revert to the permissions before the save + - caused by the create -> rename cycle that backs up server settings on each change actually creating a new file instead of modifying it +- [sharing groups] uuid not logged when saving failed due to invalid + variable lookup. [iglocska] +- [UI] signature allowedlist clarification. [iglocska] +- Fixes bug that stops country flag being displayed alongside the coutry + in galaxy clusters. [Tom King] +- [refanging] Removed obnoxious regexes, fixes #7214. [iglocska] + + - refanging \\. and .. to . is a stupid idea +- [shibbauth] fixed invalid varname. [iglocska] +- [test] Repo is missing. [Jakub Onderka] +- [feed] Convert invalid key case. [Jakub Onderka] +- [test] Repo is missing. [Jakub Onderka] +- [internal] Remove unnecessary create call. [Jakub Onderka] +- [workers] Worker name when processing freetext. [Jakub Onderka] +- [merge] Local tags should stay local. [Jakub Onderka] +- [unsafe API keys] fixed. [iglocska] + + - if you really have to use them, they should work again + + - please don't use them, you are disclosing your APIkey via the URL + - apache logs, proxy logs they will all have your APIkey + - adding headers with your APIkey isn't so difficult + - if a tool you use has no way of configuring headers, reach out to your vendor, they ought to do something about that +- [UI] indextable link generation on empty result set. [iglocska] + + - empty string instead of notice barfed back +- [email] Correctly check if user has PGP or S/MIME key. [Jakub Onderka] +- [email] Correct Content-Type header for alternative content. [Jakub + Onderka] +- [email] Correctly set domain for email message ID. [Jakub Onderka] +- [internal] PHP warnings when pivoting. [Jakub Onderka] +- [internal] Warning when object has no attributes. [Jakub Onderka] +- [SG] allow saving sharing groups with empty releasabiltiy tags, fixes + #7165. [iglocska] +- [sync] Warning when sync object without attributes. [Jakub Onderka] +- [UI] event matrix heatmap view correctly flattens the event. + [iglocska] + + - object attributes were excluded +- [UI] fix broken checkbox layout in generic Form builder forms. + [iglocska] +- [Freetext import] handle end of sentence periods and brackets better, + fixes #7163. [iglocska] +- [UI] Module diagnostics view. [Jakub Onderka] +- [UI] event matrix heatmap view correctly flattens the event. + [iglocska] + + - object attributes were excluded +- [UI] Add attribute checkboxes. [Jakub Onderka] +- [UI] Diagnostics box. [Jakub Onderka] +- [UI] Remove warning about old PHP a Python. [Jakub Onderka] +- [diagnostics] Typo in security audit message. [Jakub Onderka] +- [UI] fix broken checkbox layout in generic Form builder forms. + [iglocska] +- [OIDC] Change algo how roles are assigned to users. [Jakub Onderka] +- [internal] Undefined index when importing from module. [Jakub Onderka] + +Other +~~~~~ +- Chg; [version] bump. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7261 from SteveClement/guides. [Steve Clement] + + chg: [doc] when enabling remi 7.4 by default, paths change +- Merge pull request #7260 from SteveClement/guides. [Steve Clement] + + chg: [doc] CentOS8Stream is now supported +- Merge pull request #7259 from SteveClement/guides. [Steve Clement] +- Merge pull request #7257 from SteveClement/i18n. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into i18n. [Steve Clement] +- Merge pull request #7256 from SteveClement/i18n. [Steve Clement] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7264 from JakubOnderka/galaxy-update. [Jakub + Onderka] + + chg: [galaxy] Update +- Merge pull request #7255 from Wachizungu/fix-debugon-gui-logic. + [Alexandre Dulaunoy] + + chg: [UI] fix debugon for debug = 1. fix #7131 +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #7251 from SteveClement/guides. [Steve Clement] + + fix: [doc] Partial fix for misp-modules +- Merge pull request #7250 from SteveClement/guides. [Steve Clement] + + chg: [doc] more fine tuning to RHEL8 +- Merge pull request #7249 from SteveClement/guides. [Steve Clement] +- Merge pull request #7248 from SteveClement/guides. [Steve Clement] + + fix: [doc] Fixed a bash variable bug +- Merge pull request #7247 from SteveClement/guides. [Steve Clement] + + chg: [doc] Added additional hardening and logging defaults +- Merge pull request #7246 from SteveClement/guides. [Steve Clement] +- Merge pull request #7245 from SteveClement/guides. [Steve Clement] +- Merge pull request #7244 from SteveClement/guides. [Steve Clement] + + fix: [doc] MISP-core now working on RHEL 7.9 +- Merge pull request #7243 from SteveClement/guides. [Steve Clement] + + fix: [doc] next stages of the RHEL7 install +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7242 from Wachizungu/add-enable-taxonomy-tags- + cake-command. [Andras Iklody] + + new: [cli] enable all tags for a taxonomy +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7236 from Wachizungu/fix-users-statistics-data- + typo. [Alexandre Dulaunoy] + + chg: [statistics] fix typo in statistics_data view - monthly attribut… +- Merge pull request #7231 from Wachizungu/add-login-log-shibbauth. + [Alexandre Dulaunoy] + + chg: [ShibbAuth] Add login entry on logging in for audit +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7238 from SteveClement/guides. [Steve Clement] +- Merge pull request #7237 from RichieB2B/ncsc-nl/selinux-rename. [Steve + Clement] +- Merge pull request #7206 from tomking2/bug/sighting_crash. [Andras + Iklody] + + fix: [api] Fixes crash when a new indicator in existing event has a sighting +- Merge pull request #7219 from tomking2/bug/galaxy-cluster- + sharinggroup. [Jakub Onderka] + + fix: [sync] Crash when attempting to sync with 'Pull Galaxy Clusters' enabled +- Merge pull request #7215 from SteveClement/tools. [Steve Clement] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7081 from JakubOnderka/galaxy-view-new. [Jakub + Onderka] + + New galaxy view for events +- Merge pull request #6722 from JakubOnderka/threat-level-index. [Jakub + Onderka] + + new: [UI] Show threat level icons on event index +- Merge pull request #7183 from JakubOnderka/merge-local-tags-v2. [Jakub + Onderka] + + fix: [merge] Local tags should stay local vol. 2 +- Merge pull request #7181 from JakubOnderka/freetext-speedup. [Jakub + Onderka] + + new: [freetext] Faster freetext parsing with more tests +- Merge pull request #7213 from JakubOnderka/oidc-keep-setting. [Jakub + Onderka] + + fix: [internal] Keep OidcAuth setting when modify setting value from UI +- Merge pull request #7222 from JakubOnderka/refang-test. [Jakub + Onderka] + + chg: [test] Add test for #7214 +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7205 from tomking2/bug/galaxy_country_flag. [Jakub + Onderka] + + fix: [UI] Fixes bug that stops country flag being displayed alongside country +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #7188 from dataplane/2.4. [Alexandre Dulaunoy] + + added newest DataPlane.org feeds +- Added newest DataPlane.org feeds. [John Kristoff] +- Merge pull request #7207 from JakubOnderka/freetext-feed-view. [Jakub + Onderka] + + chg: [UI] Show number of items in freetext feed +- Merge pull request #7184 from JakubOnderka/feed-event-preview-nicer. + [Jakub Onderka] + + chg: [UI] Make feed event preview nicer +- Merge pull request #7203 from JakubOnderka/fix-build. [Alexandre + Dulaunoy] + + fix: [test] Repo is missing +- Merge pull request #7191 from JakubOnderka/create-no-need. [Jakub + Onderka] + + fix: [internal] Remove unnecessary create call +- Merge pull request #7190 from JakubOnderka/worker-name. [Jakub + Onderka] + + fix: [workers] Worker name when processing freetext +- Merge pull request #7186 from JakubOnderka/threat-level-list. [Jakub + Onderka] + + chg: [internal] Threat levels list +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7182 from JakubOnderka/merge-local-tags. [Jakub + Onderka] + + fix: [merge] Local tags should stay local +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'eventgraph-node-coloring' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into eventgraph-node- + coloring. [mokaddem] +- Merge pull request #7170 from JakubOnderka/find-list-optim. [Jakub + Onderka] + + chg: [optimisation] Faster Model::_findList method +- Merge pull request #7174 from JakubOnderka/event-locks-faster. [Jakub + Onderka] + + chg: [internal] Faster event locks with Redis +- Merge pull request #7173 from JakubOnderka/disable-correlation-info- + date. [Jakub Onderka] + + chg: [correlation] Do not update info and date column +- Merge pull request #7159 from Wachizungu/fix-removetag-querybuilder- + template. [Alexandre Dulaunoy] + + chg: [restClient:querybuilder] fix remove tag from object template +- Merge pull request #7172 from Wachizungu/add-addTag-removeTag-actions- + event-attribute-query-builder. [Alexandre Dulaunoy] + + chg: [restClient:querybuilder] add events and attributes addTag and r… +- Merge pull request #7171 from Wachizungu/fix-attributes-addtag-by- + name. [Alexandre Dulaunoy] + + chg: [attributes] fix attribute addtag by name conditions for find no… +- Merge pull request #7168 from Wachizungu/fix-copypasta-error- + attributes-addTag. [Jakub Onderka] + + chg: [attributes] fix copypasta error leading to internal server erro… +- Merge pull request #6967 from JakubOnderka/html-alert-email. [Jakub + Onderka] + + HTML alert email +- Merge pull request #7161 from JakubOnderka/sighting-different-query. + [Jakub Onderka] + + chg: [internal] Fetch attribute UUIDs for sightings in different query +- Merge pull request #7133 from JakubOnderka/pivot-fix. [Jakub Onderka] + + fix: [internal] PHP warnings when pivoting +- Merge pull request #7156 from JakubOnderka/fix-empty-object. [Jakub + Onderka] + + fix: [internal] Warning when object has no attributes +- Merge pull request #7166 from JakubOnderka/css-nice. [Jakub Onderka] + + CSS nice +- Merge pull request #7167 from JakubOnderka/keyboard-shortucts. [Jakub + Onderka] + + Keyboard shortcuts +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7162 from JakubOnderka/empty-object-sync. [Jakub + Onderka] + + fix: [sync] Warning when sync object without attributes +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #7160 from JakubOnderka/fix-diagnotics. [Jakub + Onderka] + + fix: [UI] Module diagnostics view +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7155 from JakubOnderka/push-optim. [Jakub Onderka] + + Push optim +- Merge pull request #7154 from JakubOnderka/diagnostics. [Jakub + Onderka] + + Diagnostics +- Merge pull request #7150 from JakubOnderka/force-https. [Jakub + Onderka] + + new: [internal] Security setting force_https +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7138 from JakubOnderka/oidc-role-fix. [Jakub + Onderka] + + fix: [OIDC] Change algo how roles are assigned to users +- Merge pull request #7086 from JakubOnderka/save-progress. [Jakub + Onderka] + + chg: [internal] When caching feed, save progress to db less often +- Merge pull request #7104 from JakubOnderka/authkeys-allowed-ips. + [Jakub Onderka] + + new: [authkeys] Allowed IPs +- Merge pull request #7111 from JakubOnderka/cookie-name. [Jakub + Onderka] + + chg: [internal] Set cookie name just when no name is set +- Merge pull request #7060 from JakubOnderka/galaxy-cluster-tag-name-ci. + [Jakub Onderka] + + chg: [schema] Convert GalaxyCluster tag name to case insensitive +- Merge pull request #7112 from JakubOnderka/galaxy-cluster-md. [Jakub + Onderka] + + new: [UI] Render galaxy cluster description as markdown +- Merge pull request #7127 from JakubOnderka/server-setting-cleanup. + [Jakub Onderka] + + chg: [internal] Cleanup code that is resposible for fetching setting +- Merge pull request #7117 from JakubOnderka/keyboard-shortcuts. [Jakub + Onderka] + + chg: [UI] Simplify keyboard-shortcuts.js +- Merge pull request #7116 from JakubOnderka/page-visibility-api. [Jakub + Onderka] + + chg: [UI] Use Page Visibility API +- Merge pull request #7125 from JakubOnderka/fix-undefined-index. [Jakub + Onderka] + + fix: [internal] Undefined index when importing from module +- Merge pull request #7113 from JakubOnderka/optimise-loading-clusters. + [Jakub Onderka] + + chg: [optimise] Faster loading galaxy cluster index +- Merge branch '2.4' into develop. [iglocska] + + +v2.4.140 (2021-03-03) +--------------------- + +New +~~~ +- [test] Password change. [Jakub Onderka] +- [server shell] list servers, fixes #7115. [iglocska] + + - simple human readable listing + - kept the old weird JSON producing listServers intact +- [oidc] Readme. [Jakub Onderka] +- [security] Content-Security-Policy support. [Jakub Onderka] +- [CLI] check if updates are done yet or not. [iglocska] + + usage: + + - /var/www/MISP/app/Console/cake Admin updatesDone [blocking] + - returns True or False based on whether it is done + - When the blocking parameter is set, it will not return until all updates are done +- [api] When creating object, allow to mark tag as local. [Jakub + Onderka] +- [type] new dkim and dkim-signature attribute type. [Alexandre + Dulaunoy] +- [objectReference] Allow adding reference across extended events. + [mokaddem] + + Fix #6255 +- [UI] Event locks for background jobs and automatic tools. [Jakub + Onderka] +- [UI] Show tag info in taxonomy view. [Jakub Onderka] +- [sync] Compressed requests support. [Jakub Onderka] +- [security] Security audit. [Jakub Onderka] +- [oidc] OpenID Connect authentication. [Jakub Onderka] +- [devshell] added a new shell for developer related tasks. [iglocska] + + - 1 task currently, cleanFeedDefault + - runs some cleanup on the feed definition file to remove local IDs etc +- [object] Allows updating from an unknown object templates. [mokaddem] + +Changes +~~~~~~~ +- [csp] Add Security.csp_enforce to server setting. [Jakub Onderka] +- [csp] Report only by default. [Jakub Onderka] +- [PyMISP] Bump version. [Raphaël Vinot] +- [PyMISP] Fix tests. [Raphaël Vinot] +- [PyMISP] Bump before release. [Raphaël Vinot] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [version] bump. [iglocska] +- [UI] fix keyboard shortcut manager popup triangle. [Jeroen Pinoy] +- [UI] Add small description of what event block rules do. [Jeroen + Pinoy] +- [sighting] Simplified sighting deletion. [Jakub Onderka] +- Bump PyMISP. [Raphaël Vinot] +- [genericForm] added description field to the explanation. [iglocska] +- Add small description of what org blocklist does. Fix #4363. [Jeroen + Pinoy] +- [oidc] Use first match as user role. [Jakub Onderka] +- [UI] correct edit org blocklist entries view. [Jeroen Pinoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Disable sync XHR. [Jakub Onderka] +- [ineternal] Opimise GalaxyCluster::fetchGalaxyClusters when full is + True. [Jakub Onderka] +- [UI] Put type under name for object add form. [Jakub Onderka] +- [UI] Nicer Object pre-save review. [Jakub Onderka] +- [UI] Make different forms nicer. [Jakub Onderka] +- [internal] Check missing taxonomies at one place. [Jakub Onderka] +- [internal] New method Taxonomy::splitTagToComponents. [Jakub Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Add can access check for correlation exclusions menu entry. [Jeroen + Pinoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [js] Use proper message when remote server returns 401. [Jakub + Onderka] +- [internal] Faster fetching galaxy clusters when fetching event. [Jakub + Onderka] +- [UI] Remove authors from galaxy cluster popover. [Jakub Onderka] +- [UI] Do not create links for galaxy cluster source popover. [Jakub + Onderka] + + Links are not clickable in popovers +- [UI] Do not show refs for galaxy cluster popover, becasue links are + not clickable. [Jakub Onderka] +- [UI] Do not show description if is empty for galaxy cluster popover. + [Jakub Onderka] +- [galaxy] Make Galaxy cluster description optional. [Jakub Onderka] +- [server] DBSchemaDiagnostic consider nullable inconsistencies as + critical. [mokaddem] +- [genericPicker] Allow using picker for galaxy matrixes. [mokaddem] +- [objectReference] Renamed function. [mokaddem] +- [events:eventGraph] Improved hull algorithm and UI. [mokaddem] +- [js] Move code from template to misp.js. [Jakub Onderka] +- [internal] Faster Event::removeOlder method used when pulling from + remote server. [Jakub Onderka] +- [internal] Simplified ServersController::serverSettings. [Jakub + Onderka] +- Use a more suitable Sighting creation function as recommended, grab + the Org ID from the user if present. [Tom King] +- Add in ability to update sightings against each attribute from a + POSTed MISP Event. [Tom King] +- [feed] Simplified code for loading feeds. [Jakub Onderka] +- [restResponse] Return role_id along with its name. [mokaddem] +- [objectReference] Added objectReference/view endpoint. [mokaddem] +- [dashboard] added to the root level of the top menu. [iglocska] +- [internal] Make Redis connection static. [Jakub Onderka] +- [internal] Faster updating taxonomies. [Jakub Onderka] + +Fix +~~~ +- [csp] Incorrect variable name. [Jakub Onderka] +- [csp] Custom policies. [Jakub Onderka] +- [Sharing groups] capturing a sharing group correctly ignores the + incoming data's active flag when editing. [iglocska] + + - based on PR #7101 by @lfortemps +- [sync] prevent local tags from being pulled. [Golbark] +- [email_otp] Trim value for increased UX. [Loïc Fortemps] +- [sharing groups] fixed regression with updating local sharing groups. + [iglocska] +- [comments] updated for two recent changes in the code. [iglocska] +- [sharing groups] Allow users to see events they own, even if their + organisation is not explicitly mentioned in the SG. [iglocska] + + - however, show a clear message that this is the case + - in-line with the rest of the ACL +- [security] sharing group all org flag too lax. [iglocska] + + - the all org flag was used as a trigger to make the sharing group obejct itself viewable to all local organisations + - even if the all org flag was set for an instance other than the local one + + - as reported by Jeroen Pinoy +- [tag index] remove sorting on count fields. [iglocska] + + - doesn't work anyway +- [galaxyCluster] Revoke relations on sync. [mokaddem] + + - Relationships are now re-build from scratch for the cluster being sync + - This cancels any modification done locally (which should not have + happened in the first place) +- [galaxyClusterRelations] Bump cluster's timestamp after performing + CRUD on relations. [mokaddem] +- [pull] invalid internal vs external server lookup when deciding + whether to pull local tags. [iglocska] +- [sharing group] saving fixed. [iglocska] + + invalid boolean operator when encoding the local org +- [email_otp] skip OTP for disabled users. [Loïc Fortemps] +- [internal] Empty object when getting event info for event report. + [Jakub Onderka] +- [internal] Correctly save log. [Jakub Onderka] +- [Sharing group] refactored and fixed. [iglocska] + + - include own org in pulled sharing groups (to avoid implicit inclusion not being visible after a pull) + - refactor the pulling method to be more maintainable + - avoid pulling proposals/sightings on each event cherry pick +- [internal] Incorrect tag three components split. [Jakub Onderka] +- [UI] Fetch GalaxyElements for event index. [Jakub Onderka] +- [UI] Pagination for event reports in event view. [Jakub Onderka] +- [internal] Bad 7085. [Jakub Onderka] +- [internal] Bad merge that prevents language change. [Jakub Onderka] +- [sync] Undefined index when pushing sightings. [Jakub Onderka] +- [internal] perm_tag_editor can just create tags. [Jakub Onderka] +- [internal] Include cluster elements for user interface. [Jakub + Onderka] +- [internal] Really disable password change. [Jakub Onderka] +- [sync] Fixed a critical issue causing sharing groups to lose + orgs/instance information on sync when using non sync users on a pull. + [iglocska] +- Ui _ function does not exist, l10n function is __ [Patrizio Tufarolo] +- Syntax error in constructTaxonomyInfo() [Fredrik Soderblom] +- [server] Add application/x-pie-executable to the list of accepted + mimetypes in testForBinExec. [Patrizio Tufarolo] +- [schema feed] remove non-required fields in feed format. [Alexandre + Dulaunoy] +- [API] password reset was broken for admins. [iglocska] +- [tools] misp-wipe updated list of table to truncate. [mokaddem] +- [js] Use error callback for relevant ajax calls. [Jakub Onderka] +- [js] Remove async default value. [Jakub Onderka] +- [galaxy] GalaxyClusterRelation doesn't have Org and Orgc. [Jakub + Onderka] +- [restsearch] fixed a bug introduced via the new page/limit filters. + [iglocska] +- [caching] monkey-patching a client side MISP bug causing the caching + to loop endlessly. [iglocska] + + - MISP caching can run into an endless loop if errors are returned for whatever reason + - This patch handles the specific case when the remote MISP requests an attribute range for caching that has an offset beyond the highest ID (should never happen) + + - It's a dirty fix but should have nearly no impact on performance whilst resolving the issue +- [server] Caching a server ensures that the returned data is an actual + UUID. [mokaddem] +- [ACL] opened up postTest to all roles. [Andras Iklody] +- [securityAudit] Display python version. [mokaddem] +- [dashboard] Saving an invalid JSON when importing templates shows an + error. [mokaddem] +- [galaxy] Missing variable when editing relation. [Jakub Onderka] +- [attributes] full_group_by fix for statistics. Fix #7014. [mokaddem] +- [event] Fix retreiving selected referenced element data. [mokaddem] +- [event] Provide text for missing referenced elements. [mokaddem] + + - The event might not contain the referenced elements if they belong to + an extended event +- [events:eventGraph] Make sure to include event_id for attribute nodes. + [mokaddem] +- [post] Do not send emails to disabled user for new posts. [Jakub + Onderka] +- [UI] Attribute create button nicer. [Jakub Onderka] +- [internal] Remove unused ServerTag. [Jakub Onderka] +- [internal] Remove unused layouts. [Jakub Onderka] +- [internal] Remove unused roboto font. [Jakub Onderka] +- [UI] Remove unnecessary CSS from default template. [Jakub Onderka] +- [restClient] Make sure to split value on strings. [mokaddem] + + Fix #7032 +- [objectReference] Make sure to bump timestamp. [mokaddem] +- [objectReference] Make sure to save source_uuid field as well. + [mokaddem] +- [Event] Correctly save references after sync. [mokaddem] +- [galaxy] Fix undefined variable when capturing clusters. [Jakub + Onderka] +- [feed defaults] Removed some required properties in the validation + schema. [mokaddem] + + - Propoerties like IDs are instance dependant and therefore are not + necessary +- [dashboard] Saving an invalid JSON shows an error. [mokaddem] + + Fix #6975 +- [feed defaults] removed a bunch of feeds and clarified the description + of some, fixes #7006. [iglocska] +- [UI] Galaxy pagination. [Jakub Onderka] +- [feed] edit ignored changes to the header, fixes #6780. [iglocska] +- [UI] Showing date and time in user profile. [Jakub Onderka] +- [UI] Object template pagination. [Jakub Onderka] +- [feeds] feed edit ignored the headers field, ffixes #6780. [iglocska] +- Allow cluster authors to be an actual array. [Tom King] +- Allow 'hard' param in POSTed body for deleting a cluster, send back a + proper message. [Tom King] + +Other +~~~~~ +- Merge pull request #7149 from JakubOnderka/csp-setting. [Jakub + Onderka] + + chg: [csp] Add Security.csp_enforce to server setting +- Merge pull request #7145 from JakubOnderka/fix-change-pw. [Jakub + Onderka] + + new: [test] Password change by org admin +- Merge pull request #7147 from JakubOnderka/fix-csp-again. [Jakub + Onderka] + + fix: [csp] Incorrect variable name +- Merge branch 'jakub' into 2.4. [iglocska] +- Merge pull request #7142 from JakubOnderka/fix-csp. [Jakub Onderka] + + fix: [csp] Custom policies +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6661 from cudeso/2.4. [Andras Iklody] + + Azure Active Directory Authentication +- Avoid "TODO" in the README to avoid CodeFactor. [Koen Van Impe] +- Azure Active Directory Authentication. [Koen Van Impe] +- Merge pull request #7100 from lfortemps/local-tags-fix. [Andras + Iklody] + + Prevent pulling local tags +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7130 from Wachizungu/fix-shortcut-manager- + triangle-popup. [Andras Iklody] + + chg: [UI] fix keyboard shortcut manager popup triangle +- Merge pull request #7114 from Wachizungu/add-short-event-block-rule- + explanation. [Andras Iklody] + + chg: [UI] Add small description of what event block rules do +- Merge pull request #6736 from JakubOnderka/sighting-deletion. [Andras + Iklody] + + chg: [sighting] Simplified sighting deletion +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7059 from adammchugh/patch-1. [Andras Iklody] + + Inclusion of full-name under person +- Inclusion of full-name under person. [adammchugh] + + Proposing the inclusion of full-name under person to allow for better capture and correlation of full names of identified persons in events. Particularly where there are multiple identities within an event which may create confusion with multiple first-name and last-name entries. +- Merge pull request #7080 from StefanKelm/2.4. [Andras Iklody] + + Update resolved_misp_format.ctp +- Update resolved_misp_format.ctp. [StefanKelm] + + slight rewording +- Merge pull request #7092 from lfortemps/patch-2. [Andras Iklody] + + fix: [email_otp] Trim value for increased UX +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7094 from JakubOnderka/oidc-readme. [Jakub + Onderka] + + new: [oidc] Readme +- Merge pull request #7106 from Wachizungu/add-short-org-blocklist- + explanation. [Alexandre Dulaunoy] + + chg: [UI] Add small description of what org blocklist does. Fix #4363 +- Merge pull request #7105 from JakubOnderka/oidc-roles. [Jakub Onderka] + + chg: [oidc] Use first match as user role +- Merge pull request #7107 from Wachizungu/change-edit-org-blocklist- + view-title. [Jakub Onderka] + + chg: [UI] correct edit org blocklist entries view +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #7091 from Golbark/patch-1. [Alexandre Dulaunoy] + + fix: [email_otp] skip OTP for disabled users +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #7095 from JakubOnderka/event-report-empty-objects. + [Jakub Onderka] + + fix: [internal] Empty object when getting event info for event report +- Merge pull request #7097 from JakubOnderka/csp. [Jakub Onderka] + + new: [security] Content-Security-Policy support +- Merge pull request #7102 from JakubOnderka/disable-sync-xhr. [Jakub + Onderka] + + chg: [UI] Disable sync XHR +- Merge pull request #7090 from JakubOnderka/fix-saving-log. [Jakub + Onderka] + + fix: [internal] Correctly save log +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7089 from JakubOnderka/fix-tag-split. [Jakub + Onderka] + + fix: [internal] Incorrect tag three components split +- Merge pull request #7083 from JakubOnderka/event-index-galaxy- + elements. [Jakub Onderka] + + fix: [UI] Fetch GalaxyElements for event index +- Merge pull request #7088 from JakubOnderka/event-report-pagination. + [Jakub Onderka] + + fix: [UI] Pagination for event reports in event view +- Merge pull request #7087 from JakubOnderka/fix-7085. [Jakub Onderka] + + fix: [internal] Bad 7085 +- Merge pull request #7085 from JakubOnderka/optimise-cluster-fetch. + [Jakub Onderka] + + Optimise cluster fetch +- Merge pull request #7084 from JakubOnderka/fix-bad-merge-lang. [Jakub + Onderka] + + fix: [internal] Bad merge that prevents language change +- Merge pull request #7049 from JakubOnderka/ui-form-fixes. [Jakub + Onderka] + + chg: [UI] Make different forms nicer +- Merge pull request #7079 from JakubOnderka/fix-sightings-pushing. + [Jakub Onderka] + + fix: [sync] Undefined index when pushing sightings +- Merge pull request #7078 from JakubOnderka/missing-taxonomies. [Jakub + Onderka] + + Missing taxonomies +- Merge pull request #7069 from JakubOnderka/tag-edit-delete. [Jakub + Onderka] + + fix: [internal] perm_tag_editor can just create tags +- Merge pull request #7073 from JakubOnderka/include-cluster-meta. + [Jakub Onderka] + + fix: [internal] Include cluster elements for user interface +- Merge pull request #7065 from JakubOnderka/disable-password-change. + [Jakub Onderka] + + fix: [internal] Really disable password change +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7056 from Wachizungu/add-can-access-check-for- + menu-entry-correlation-exclusions. [Jakub Onderka] + + chg: [UI] Add can access check for correlation exclusions menu entry +- Merge pull request #7070 from fsoderblom/fix-syntaxerror. [Andras + Iklody] + + fix: syntax error in constructTaxonomyInfo() +- Update misp-wipe.sql. [Raphaël Vinot] + + Rename whitelist -> allowedlist / blacklist -> blocklist +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #7037 from Wachizungu/add-list-auth-keys-button-to- + global-menu. [Alexandre Dulaunoy] + + Adds 'List Auth Keys' button to Administration in global menu +- Adds 'List Auth Keys' button to Administration in global menu. [Jeroen + Pinoy] +- Merge pull request #7052 from patriziotufarolo/patch-1. [Alexandre + Dulaunoy] + + fix: [server] Add application/x-pie-executable to the list of accepted mimetypes in testForBinExec +- Merge pull request #7053 from eCrimeLabs/2.4. [Alexandre Dulaunoy] + + Fix for ZeroMQ - #7040 and #7039 +- Fix for #7040 and #7039. [eCrimeLabs] + + The following commit contains the fix for ZeroMQ only listening on 0.0.0.0 +- Merge pull request #7033 from MISP/fix-misp-wipe. [Andras Iklody] + + fix: [tools] misp-wipe updated list of table to truncate +- Merge pull request #7048 from JakubOnderka/xhr-401-handling. [Jakub + Onderka] + + XHR 401 handling +- Merge pull request #7055 from JakubOnderka/fast-event-galaxies. [Jakub + Onderka] + + chg: [internal] Faster fetching galaxy clusters when fetching event +- Merge pull request #7057 from JakubOnderka/tag-local. [Jakub Onderka] + + new: [api] When creating object, allow to mark tag as local +- Merge pull request #7050 from JakubOnderka/cluster-relation. [Jakub + Onderka] + + fix: [galaxy] GalaxyClusterRelation doesn't have Org and Orgc +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7027 from JakubOnderka/galaxy-view-mini. [Jakub + Onderka] + + Galaxy view mini +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7029 from JakubOnderka/galaxy-cluster-description. + [Jakub Onderka] + + chg: [galaxy] Make Galaxy cluster description optional +- Merge pull request #7043 from JakubOnderka/cluster-relattion-missing- + var. [Jakub Onderka] + + fix: [galaxy] Missing variable when editing relation +- Merge branch 'feature-reference-for-extended-event' into develop. + [mokaddem] +- Merge branch 'develop' into feature-reference-for-extended-event. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #6742 from JakubOnderka/post-user-disabled. [Jakub + Onderka] + + fix: [post] Do not send emails to disabled user for new posts +- Merge pull request #6925 from JakubOnderka/event-locks. [Jakub + Onderka] + + new: [UI] Event locks for background jobs and automatic tools +- Merge pull request #6943 from JakubOnderka/ui-create-button. [Jakub + Onderka] + + fix: [UI] Attribute create button nicer +- Merge pull request #7002 from JakubOnderka/code-cleanup. [Jakub + Onderka] + + fix: [UI] Remove unnecessary CSS from default template +- Merge pull request #7034 from JakubOnderka/taxonomy-tag-info. [Jakub + Onderka] + + new: [UI] Show tag info in taxonomy view +- Merge pull request #6906 from JakubOnderka/compressed-requests. [Jakub + Onderka] + + new: [sync] Compressed requests support +- Merge pull request #6871 from JakubOnderka/faster-pull. [Jakub + Onderka] + + chg: [internal] Faster Event::removeOlder method used when pulling +- Merge pull request #6741 from JakubOnderka/security-diagnostics. + [Jakub Onderka] + + new: [security] Security diagnostics +- Merge pull request #6938 from tomking2/feature/attribute_sightings. + [Jakub Onderka] + + [API] Update attribute sightings from REST POST +- Merge remote-tracking branch 'upstream/2.4' into + feature/attribute_sightings. [Tom King] +- Merge branch '2.4' into feature/attribute_sightings. [Tom King] +- Merge pull request #6984 from JakubOnderka/oidc. [Jakub Onderka] + + new: [oidc] OpenID Connect authentication +- Merge pull request #7020 from JakubOnderka/feed-saving-simplified. + [Jakub Onderka] + + chg: [feed] Simplified code for saving feed +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'fix-sync-object-relations' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-sync-object- + relations. [mokaddem] +- Merge pull request #7035 from JakubOnderka/galaxy-fix-undefined- + variable. [Jakub Onderka] + + fix: [galaxy] Fix undefined variable when capturing clusters +- Merge branch 'tomking2-bug/galaxy_cluster' into develop. [mokaddem] +- Merge remote-tracking branch 'origin/develop' into + tomking2-bug/galaxy_cluster. [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7017 from JakubOnderka/fix-galaxies-pagination. + [Jakub Onderka] + + fix: [UI] Galaxy pagination +- Merge pull request #7015 from JakubOnderka/redis-static. [Jakub + Onderka] + + chg: [internal] Make Redis connection static +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7016 from JakubOnderka/fix-user-view-time. [Jakub + Onderka] + + fix: [UI] Showing date and time in user profile +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #7008 from JakubOnderka/update-taxnomies-faster. + [Jakub Onderka] + + chg: [internal] Faster updating taxonomies +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7007 from JakubOnderka/object-template. [Jakub + Onderka] + + fix: [UI] Object template +- Merge branch '2.4' into develop. [iglocska] +- Merge remote-tracking branch 'upstream/2.4' into bug/galaxy_cluster. + [Tom King] + + +v2.4.139 (2021-02-16) +--------------------- + +New +~~~ +- [widget] Eventstream widget and index widget UI added. [iglocska] + + - EventStream + - add a lightweight event index to your dashboard + - configure filters for the events you're interested in (tags, orgs, published) + - set the number of events to display (limit) + - set the list of fields it should display (id, orgc, info, tags, threat_level, analysis, date) + + - Index widget UI + - uses the generic index builder + - build simple index like UIs +- [event] Added supports of eventReport coming from modules. [mokaddem] +- [modules] Export module can specify event fetch options. [Jakub + Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [array lookup index field] updatd to work correctly. [iglocska] +- [event model] fetchEvent() now accepts page/limit/order as parameters. + [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [events] Enables index search for object. Fix #6961. [mokaddem] +- [organisation] "International" typo fixed + Europe added. [Alexandre + Dulaunoy] + + Notes TODO: Improve the selection using the region galaxy in addition to + country galaxy +- [installer] Updated installer Checksums. [Steve Clement] +- [installer] The installer is compatible with Ubuntu 21.04 LTS. [Steve + Clement] +- [LogsController] add missing EventReport in log search. [Alexandre + Dulaunoy] +- [organisation] "International" typo fixed + Europe added. [Alexandre + Dulaunoy] + + Notes TODO: Improve the selection using the region galaxy in addition to + country galaxy +- [UI] Make event preview nicer. [Jakub Onderka] +- [UI] Highlight column for roles table. [Jakub Onderka] +- [internal] Faster updating warninglist. [Jakub Onderka] +- [UI] Allow filter enabled/disabled warninglists. [Jakub Onderka] +- [internal] Small optimisation for filterEventIds. [Jakub Onderka] +- [internal] Use RestResponse for filterEventIdsForPush. [Jakub Onderka] +- [internal] Update moment javascript library. [Jakub Onderka] +- [internal] Update composer to 2.0.9. [Jakub Onderka] +- [UI] Use TimeHelper for datetime formatting. [Jakub Onderka] +- [internal] Refactor TagsController::view. [Jakub Onderka] +- [event fetcher] add limit and page parameters to the event fetcher. + [iglocska] +- [connection test] clarified that read only users can pull. [iglocska] + + - Reduced error level to "orange" + - Added a clarification that they can still pull + +Fix +~~~ +- [dashboard] removed training example left in the code. [iglocska] + + - restricted new module to only 3 user IDs +- [event index] changed the galaxy cluster field width. [iglocska] + + - no longer looks like it was sandwiched between two semis +- [UI] Escaping in row_attribute. [Jakub Onderka] +- [internal] Field name in HttpSocketExtended. [Jakub Onderka] +- [breakOnDuplicate] on event add fixed, fixes #6917. [iglocska] + + - add breakOnDuplicate on the event level as a flag + - {"Event":{"breakOnDuplicate":1, "info": "foo", ...}} + + - correctly handle 2 equal objects added to the same event in memory +- [auto logout] disabled. [iglocska] + + - this crap just causes issues and is pretty pointless +- [event] `merge from` feature correctly saves object relations. Fix + #6969. [mokaddem] +- [event] Includes eventReport when using the `merge from` feature. + [mokaddem] +- [dashboard] Typo breakig the dashboards fixed. [iglocska] +- [eventreport] add fixed to avoid ID collisions. [iglocska] +- [STIX] fix typo in message. [Alexandre Dulaunoy] +- [events] Attach cluster from matrix in multiselect. Fix #6956. + [mokaddem] +- [eventTimeline] Refrsh attribute index when dragging. Fix #6958. + [mokaddem] +- [STIX] fix typo in message. [Alexandre Dulaunoy] +- [taxonomy] Hide unselectable tags by default. Fix #6912. [mokaddem] +- [event] Publishing to pub/sub queues includes all tags. [mokaddem] +- [internal] Bad variable. [Jakub Onderka] +- [UI] Undefined variables in authkeys view. [Jakub Onderka] +- [idTranslator] Distinguish between not found and unreachable. [Jakub + Onderka] +- [UI] Broken checkboxes for role permissions. [Jakub Onderka] +- [internal] GalaxyCluster::getCluster also accepts ID. [Jakub Onderka] +- Correctly show hidden tags in tag-list. [marjatech] +- [UI] Attach correct count of enabled taxonomy tags. [Jakub Onderka] +- [UI] Remove right margin from form seen input. [Jakub Onderka] +- [feed] Feed name is required. [Jakub Onderka] +- [internal] idTranslator could show invalid results. [Jakub Onderka] +- [generic_picker] Improved perfs by adding a debounce for redrawing + results. [mokaddem] +- [logs] aded eventgraph to log search. [iglocska] +- [UI] Undefined variables in authkeys view. [Jakub Onderka] +- [galaxyClusters:view_relation_tree] Fix inital draw of the tree. + [mokaddem] + + - Declare variables before assigning value +- Elasticsearch complains when an IP is an empty string. [Tom King] +- [tag collections] typo causing tag collections to break completely + fixed. [iglocska] +- [bro] export fixed. [iglocska] + + - invalid group by statement removed + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #7012 from JakubOnderka/row-attribute-escaping. + [Jakub Onderka] + + fix: [UI] Escaping in row_attribute +- Merge pull request #7011 from JakubOnderka/http-socket-fied-name. + [Jakub Onderka] + + fix: [internal] Field name in HttpSocketExtended +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #7009 from SteveClement/guides. [Steve Clement] + + chg: [installer] The installer is compatible with Ubuntu 21.04 LTS +- Merge pull request #7001 from JakubOnderka/nicer-event-preview. [Jakub + Onderka] + + chg: [UI] Make event preview nicer +- Merge pull request #7004 from JakubOnderka/bad-variable. [Jakub + Onderka] + + fix: [internal] Bad variable +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #6999 from JakubOnderka/authkey-undefined- + variables. [Jakub Onderka] + + fix: [UI] Undefined variables in authkeys view +- Merge pull request #6997 from JakubOnderka/id-translator-fixes. [Jakub + Onderka] + + fix: [idTranslator] Distinguish between not found and unreachable +- Merge pull request #6995 from JakubOnderka/fix-role-edit-view. [Jakub + Onderka] + + fix: [UI] Broken checkboxes for role permissions +- Merge pull request #6996 from JakubOnderka/highlight-column-role. + [Jakub Onderka] + + chg: [UI] Highlight column for roles table +- Merge pull request #6994 from JakubOnderka/get-cluster-id. [Jakub + Onderka] + + fix: [internal] GalaxyCluster::getCluster also accepts ID +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #6993 from JakubOnderka/warninglist-index. [Jakub + Onderka] + + chg: [UI] Allow filter enabled/disabled warninglists +- Merge pull request #6816 from JakubOnderka/filter-event-ids- + optimisation. [Jakub Onderka] + + chg: [internal] Small optimisation for filterEventIds +- Merge pull request #6872 from JakubOnderka/rest-response-filter-event. + [Jakub Onderka] + + chg: [internal] Use RestResponse for filterEventIdsForPush +- Merge pull request #6898 from JakubOnderka/export-module-fetch- + options. [Jakub Onderka] + + new: [modules] Export module can specify event fetch options +- Merge pull request #6937 from marjatech/fix_list_hidden_tags. [Jakub + Onderka] + + fix: correctly show hidden tags in tag-list +- Merge pull request #6992 from JakubOnderka/taxonomy-attach-real-count. + [Jakub Onderka] + + fix: [UI] Attach correct count of enabled taxonomy tags +- Merge branch '2.4' into develop. [mokaddem] +- Merge pull request #6989 from JakubOnderka/moment-update. [Jakub + Onderka] + + chg: [internal] Update moment javascript library +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #6985 from JakubOnderka/form-seen-fix. [Jakub + Onderka] + + fix: [UI] Remove right margin from form seen input +- Merge pull request #6986 from JakubOnderka/feed-name-required. [Jakub + Onderka] + + fix: [feed] Feed name is required +- Merge pull request #6983 from JakubOnderka/composer-update-2. [Jakub + Onderka] + + chg: [internal] Update composer to 2.0.9 +- Merge pull request #6982 from JakubOnderka/time-helper. [Jakub + Onderka] + + chg: [UI] Use TimeHelper for datetime formatting +- Merge pull request #6980 from JakubOnderka/tag-view-refactor. [Jakub + Onderka] + + chg: [internal] Refactor TagsController::view +- Merge pull request #6977 from JakubOnderka/fix-idTranslator. [Jakub + Onderka] + + fix: [internal] idTranslator could show invalid results +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6988 from tomking2/bug/elasticsearch_ip. + [Alexandre Dulaunoy] + + fix: Elasticsearch complains when an IP is an empty string + + +v2.4.138 (2021-02-08) +--------------------- + +New +~~~ +- [settings] Allow to use ThreatLevel.name for alert filter. [Jakub + Onderka] +- [test] Update github actions build to Ubuntu 20.04. [Jakub Onderka] +- [internal] Cidr tool for faster checking CIDR ranges. [Jakub Onderka] +- [objectTemplate] Allow fetching the raw template stored on disk by + UUID or name. [mokaddem] +- [PHP] version notification. [iglocska] + + - 8.0 is not supported, let users know in a more obvious way + +Changes +~~~~~~~ +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [version] bump. [iglocska] +- Bump PyMISP & version. [Raphaël Vinot] +- [ACLComponent] Added new galaxy element endpoints. [mokaddem] +- [tools] Removed useless library. [mokaddem] +- [galaxyClusters:view_relation] Reuse already fetched relations. + [mokaddem] +- [galaxyElement] Added individual deletion and JSON + flattening/expanding. [mokaddem] +- [misp.js] Allow index filtering without searchbox. [mokaddem] +- [galaxyElements] Migrated galaxy element index to generic factory. + [mokaddem] +- [galaxyElement] Added draft of element flattening and unflattening. + [mokaddem] +- [internal] Optimise fetching trending tags widget. [Jakub Onderka] +- [internal] Cache warninglist for eight hours. [Jakub Onderka] +- [UI] Make toggle buttons nicer. [Jakub Onderka] +- [internal] Optimise correlation exclusion. [Jakub Onderka] +- [internal] Optimise CidrTool. [Jakub Onderka] +- [PyMISP] Bump, update deps (reportlab release removed) [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [objecTemplate:getRaw] Refactored and optimized feature. [mokaddem] +- [eventReports:delete] Make delete/restore call consistent with other + models. [mokaddem] +- [internal] Raise memory limit for TmptFileTool to 5 MB. [Jakub + Onderka] +- [internal] Generate event to TmpFile. [Jakub Onderka] +- [eventReports:delete] Accept hard flag to be passed in POST body. + [mokaddem] +- Bumped queryversion. [mokaddem] +- [eventReports] Improved manual extraction layout. [mokaddem] +- [export:csv] Added support of decaying model. Fix #6734. [mokaddem] +- [console:admin] Improved feedback when updating object templates. Fix + #6715. [mokaddem] +- [objects:delete] Support of hard flag in posted body. Fix #6689. + [mokaddem] +- [PyMISP] bump to latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] fixes to misp-modules. [Steve Clement] +- [misp-modules] some reqs are not in sync, fixing manually. [Steve + Clement] +- [installer] Update to latest installer. [Steve Clement] +- [misp-objects] updated to the latest. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [cake] Make misp-after-installer less yellow. [Steve Clement] +- [misp-galaxy] updated (RSIT galaxy added) [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Bumped queryversion. [mokaddem] +- [objects:delete] Support of hard flag in posted body. Fix #6689. + [mokaddem] +- Bumped queryversion. [mokaddem] + +Fix +~~~ +- [zmq/kafka] attribute edits should include non exportable attributes. + [iglocska] +- [UI] notice resolved on the feed index. [iglocska] +- [internal] Do not throw warning when user don't have collections. + [Jakub Onderka] +- [galaxyCluster] Delete elements if field is empty. [mokaddem] +- [galaxyCluster] Integrated changes of improved index factory. + [mokaddem] +- [CLI] Check user existence. [Jakub Onderka] +- [UI] passedArgs should be JSON encoded. [Jakub Onderka] +- [widget] Typo in MispSystemResourceWidget. [Jakub Onderka] +- [internal] First check if attribute value is valid composite, then run + other checks. [Jakub Onderka] +- [internal] Bump CakePHP to 2.10.24. [Jakub Onderka] +- [internal] Bump PyMISP. [Jakub Onderka] +- [UI] Nicer forms. [Jakub Onderka] +- [internal] Fix some warnings. [Jakub Onderka] +- [logs:event] Added missing line breaks. [mokaddem] +- [log] Allow to filter logs by org name. [Jakub Onderka] +- [acl] Added missing ACL entry. [mokaddem] +- [objectTemplate:update] Typo instance variable. [mokaddem] +- [shadowAttributes:viewPicture] Allows shadow attribute's pictures to + be displayed. [mokaddem] +- [attributes:viewPicture] Allow viewing pictures of deleted attributes. + [mokaddem] +- [events:eventGraph] Deleted object reference are no longer shown in + the graph. [mokaddem] + + - Fix #6487 +- [UI] Allow to download attachments from attribute index. [Jakub + Onderka] +- [internal] Remove compact method call that do nothing. [Jakub Onderka] +- [eventReport:getProxyElement] Prevent crash if viewing a report for an + extended event. [mokaddem] + + - Make sure merging array happens in existing keys +- [server:recoveyQuery] Only add `unsigned` when applicable. Fix #6762. + [mokaddem] + + - Correctly compare return value of strpos +- [UI] Show proper unit for diagnostics. [Jakub Onderka] +- [servers:rest] Speed up rest client and improved reactivity. + [mokaddem] + + - Added debounce when typing + - Only update query builder when its displayed +- [warninglists:index] Fixed URL for ID. [mokaddem] +- [UI] Remote event preview. [Jakub Onderka] +- [stix2 import] Fixed pattern parsing. [chrisr3d] + + - Stripping patterns to avoid issue with space + characters at the beginning or at the end of the + patterns +- [UI] hard-delete option missing for soft-deleted objects. [iglocska] +- [internal] timestmaping when adding clusters to attributes wasn't + working. [iglocska] + + - added it as a quick fix, should be moved in the future to a more generic place +- [extended event] layout broken, fixes #6946. [iglocska] +- [internal] Capturing sightings for attributes. [Jakub Onderka] +- [kali] Fixed Kali installer, now only works on 2020.4 and higher. + [Steve Clement] +- [breakOnDuplicate] invalid placement return, affects #6917. [iglocska] + + - as reported by @github-germ +- [UI] Allow to sort feeds by name. [Jakub Onderka] +- [eventReport:edit] Editing event via /events/edit should work as + expected. [mokaddem] + + - Correct call to editReport + - Force local ID to match provided UUID +- [dashboards] saving the dashboard state failed due to uninitialised + model. [Andras Iklody] +- [events:eventTimeline] Correctly restore elements after changing + context or group. [mokaddem] + + - Fix #6885 +- [events:eventGraph] Makes additions and editions of nodes working as + expected. [mokaddem] + + Fix #6877 +- Bump PyMISP, make gh actions happy. [Raphaël Vinot] +- [eventReport:getProxyElement] Prevent crash if viewing a report for an + extended event. [mokaddem] + + - Make sure merging array happens in existing keys +- [server:recoveyQuery] Only add `unsigned` when applicable. Fix #6762. + [mokaddem] + + - Correctly compare return value of strpos +- [servers:rest] Speed up rest client and improved reactivity. + [mokaddem] + + - Added debounce when typing + - Only update query builder when its displayed +- [warninglists:index] Fixed URL for ID. [mokaddem] +- [diagnostics] complain about PHP >= 8.0. [iglocska] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #6939 from JakubOnderka/warnings-fix. [Jakub + Onderka] + + fix: [internal] Do not throw warning when user don't have collections +- Merge branch 'feature-galaxy-element-tree-view' into develop. + [mokaddem] +- Merge remote-tracking branch 'origin/develop' into feature-galaxy- + element-tree-view. [mokaddem] +- Merge branch 'develop' into feature-galaxy-element-tree-view. + [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into feature-galaxy- + element-tree-view. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-galaxy- + element-tree-view. [mokaddem] +- Merge pull request #6973 from JakubOnderka/check-user-existence. + [Jakub Onderka] + + fix: [CLI] Check user existence +- Merge pull request #6971 from JakubOnderka/threat-level-notification- + filter. [Jakub Onderka] + + new: [settings] Allow to use ThreatLevel.name for alert filter +- Merge pull request #6948 from JakubOnderka/fix-passed-args. [Jakub + Onderka] + + fix: [UI] passedArgs should be JSON encoded +- Merge pull request #6962 from JakubOnderka/trending-tags-optimisation. + [Jakub Onderka] + + chg: [internal] Optimise fetching trending tags widget +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [chrisr3d] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #6964 from JakubOnderka/attribute-validation-order. + [Jakub Onderka] + + fix: [internal] First check if attribute value is valid composite +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [Steve Clement] +- Merge pull request #6950 from JakubOnderka/bump-cakephp. [Jakub + Onderka] + + fix: [internal] Bump CakePHP to 2.10.24 +- Merge pull request #6949 from JakubOnderka/bump-pymisp-v2. [Jakub + Onderka] + + fix: [internal] Bump PyMISP +- Merge pull request #6944 from JakubOnderka/warninglist-cache-raise. + [Jakub Onderka] + + chg: [internal] Cache warninglist for eight hours +- Merge pull request #6935 from JakubOnderka/event-toggle-buttons. + [Jakub Onderka] + + chg: [UI] Make toggle buttons nicer +- Merge pull request #6894 from JakubOnderka/github-actions-os. [Jakub + Onderka] + + new: [test] Update github actions build to Ubuntu 20.04 +- Merge pull request #6888 from JakubOnderka/form-ui-fixes. [Jakub + Onderka] + + fix: [UI] Nicer forms +- Merge pull request #6927 from JakubOnderka/correlation-exclusion- + optimise. [Jakub Onderka] + + chg: [internal] Optimise correlation exclusion +- Merge pull request #6926 from JakubOnderka/faster-cidr-tool. [Jakub + Onderka] + + chg: [internal] Optimise CidrTool +- Merge pull request #6899 from marjatech/smime-signature. [Andras + Iklody] + + fix: generate S/MIME Signature in DETACHED mode +- Switch S/MIME Signature generation to DETACHED mode. [marjatech] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #6924 from JakubOnderka/cidr-tool. [Jakub Onderka] + + new: [internal] Cidr tool for faster checking CIDR ranges +- Merge pull request #6922 from JakubOnderka/warnings-fixes. [Jakub + Onderka] + + fix: [internal] Fix some warnings +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #6889 from JakubOnderka/log-org-filter. [Jakub + Onderka] + + fix: [log] Allow to filter logs by org name +- Merge branch 'feature-getRawObjectTemplate' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into feature- + getRawObjectTemplate. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #6873 from JakubOnderka/event-output. [Jakub + Onderka] + + Event output +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' into develop. [mokaddem] +- Merge pull request #6900 from JakubOnderka/attribute-index-attachment- + download. [Jakub Onderka] + + fix: [UI] Allow to download attachments from attribute index +- Merge pull request #6737 from JakubOnderka/remove-compat. [Andras + Iklody] + + fix: [internal] Remove compact method call that do nothing +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [mokaddem] +- Merge pull request #6890 from JakubOnderka/php-diagnostics-unit. + [Jakub Onderka] + + fix: [UI] Show proper unit for diagnostics +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge pull request #6881 from JakubOnderka/remote-event-preview-fix. + [Jakub Onderka] + + fix: [UI] Remote event preview +- Merge pull request #6976 from StefanKelm/2.4. [Jakub Onderka] + + Update Server.php +- Update Server.php. [StefanKelm] + + wording +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6951 from JakubOnderka/fix-sighting-capture. + [Jakub Onderka] + + fix: [internal] Capturing sightings for attributes +- Merge pull request #6953 from SteveClement/guides. [Steve Clement] + + chg: [misp-modules] some reqs are not in sync, fixing manually. +- Merge pull request #6952 from SteveClement/guides. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge pull request #6916 from JakubOnderka/feed-sort. [Jakub Onderka] + + fix: [UI] Allow to sort feeds by name + + +v2.4.137 (2021-01-21) +--------------------- + +New +~~~ +- [UI] Show event count in server popover for comparison. [Jakub + Onderka] +- [object add] make add event / edit event breakOnDuplicate aware. + [iglocska] + + - cull objects that would be duplicates + - cache the fetching of existing objects to speed up the query + + - thanks to @github-germ for the suggested fixes to the duplicate checking to accomodate this patch +- [API] update command got new branch parameter. [iglocska] + + - instruct the update process to be prepended by a checkout of a given branch + - passed via a URL parameter (/servers/update/branch:develop) + OR + - passed via a JSON object ({"branch": "develop"}) +- [server] Compare server events overlap. [Jakub Onderka] +- [internal] New ability to get JSON data from event preview. [Jakub + Onderka] +- [doc] Added doc about how to change the installer generator. [Steve + Clement] +- [taxonomy] Importing taxonomy in machinetag format by REST API. [Jakub + Onderka] +- [UI] Show link to event preview for ID translator. [Jakub Onderka] +- [idTranslator] Allow check event on different servers from event view. + [Jakub Onderka] +- [UI] Show sharing groups in org view. [Jakub Onderka] +- [sync] Enable compression for server sync. [Jakub Onderka] +- [feed] Support brotli compression. [Jakub Onderka] +- [correlation] added system to exclude certain values from the + correlation engine. [iglocska] + + - simply add values at /exclude_correlations + - new values coming in will not correlate if they trip over the values listed there + - to remove existing correlations run the cleaner tool on the above endpoint + + - values can be 1:1 matches, or substring searches (denoted with a leading, ending, or both '%') + - https://www.google.com/% will match anything starting with https://www.google.com/ + - %google.com% will match anything that contains google.com +- [UI] Allow to sort orgs by number of orgs. [Jakub Onderka] +- [sighting] New setting that will allow users to see host org + sightings. [Jakub Onderka] +- [UI] Show tag description if tag belongs to taxonomy. [Jakub Onderka] +- [internal] New model method find('column') [Jakub Onderka] +- [security] Check org list when accessing distribution graph. [Jakub + Onderka] +- [security] Test for hide_organisations_in_sharing_groups setting. + [Jakub Onderka] +- [security] Setting to hide orgs form sharing group view. [Jakub + Onderka] +- [internal] Allow to output directly TmpFileTool. [Jakub Onderka] +- [UI] Show number of unique IPs for key usage. [Jakub Onderka] +- [UI] Show last key usage in index table. [Jakub Onderka] +- [UI] Show information about key expiration in server list. [Jakub + Onderka] +- [security] Cancel API session right after auth key is deleted. [Jakub + Onderka] +- [security] Put information about key expiration into response header. + [Jakub Onderka] +- [security] Allow to set key validity. [Jakub Onderka] +- [security] New setting Security.username_in_response_header. [Jakub + Onderka] +- [test] Check when `MISP.authkey_keep_session` is true. [Jakub Onderka] +- [internal] Show auth key usage in key view page. [Jakub Onderka] +- [internal] Allow to log authkey usage in Redis. [Jakub Onderka] +- [rest] Allow to search sightings by event or attribute UUID. [Jakub + Onderka] +- [UI] Download GPG public key from GPG homedir. [Jakub Onderka] +- [type] favicon-mmh3 is the murmur3 hash of a favicon as used in + Shodan. [Alexandre Dulaunoy] +- [Statistics shell] Added new statistics shell. [iglocska] + + - (R)etrieval (o)f (m)etrics (m)atrix (e)xtended (f)or (s)tatistics + + - run it via /var/www/MISP/app/Console/cake Statistics rommelfs + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- Bump PyMISP version. [Raphaël Vinot] +- [pgp] default pgp key server updated to openpgp.circl.lu. [Alexandre + Dulaunoy] + + openpgp.circl.lu is the replacement keyserver of pgp.circl.lu +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- Add authenticode support in generate_file_objects. [Raphaël Vinot] +- [PyMISP] Bump package (new lief). [Raphaël Vinot] +- [internal] Faster fetching galaxy clusters by REST API. [Jakub + Onderka] +- [internal] Simplified code for index and event preview. [Jakub + Onderka] +- [internal] Remove deprecated Set class calls. [Jakub Onderka] +- [internal] Optimise fetching tags for event index API requests. [Jakub + Onderka] +- [internal] Optimise filter event index window. [Jakub Onderka] +- [UI] Simplified event ajax index template. [Jakub Onderka] +- [UI] Generate pagination just once. [Jakub Onderka] +- [internal] Fetch user email just when user is site admin. [Jakub + Onderka] +- [internal] Optimise appending tags to events. [Jakub Onderka] +- [internal] Do not fetch unnecessary fields. [Jakub Onderka] +- [internal] Do not fetch full clusters for rest event index. [Jakub + Onderka] +- [internal] Optimise fetching tags for rest client. [Jakub Onderka] +- [internal] Optimise fetching event index by API. [Jakub Onderka] +- [UI] Optimise fetching tags for picker. [Jakub Onderka] +- [misp-warninglists] updated. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Updated installer. [Steve Clement] +- [doc] Considered $DBHOST. [Steve Clement] +- [UI] Optimise loading taxonomy tags for for tagging form. [Jakub + Onderka] +- [sync] Simplified fetching version from remote server. [Jakub Onderka] +- [taxonomy] Faster fetching event and attribute counts for tag. [Jakub + Onderka] +- [installer] Update to latest. [Steve Clement] +- [git] Made the checkouts more proxy friendly. [Steve Clement] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated. [Alexandre Dulaunoy] +- [idTranslator] Allow to use from GET request. [Jakub Onderka] +- [idTranslator] Check also servers that we push. [Jakub Onderka] +- [UI] Optimise generic picker. [Jakub Onderka] +- [UI] Faster paginator for index table. [Jakub Onderka] +- [UI] Faster event paginator. [Jakub Onderka] +- [internal] Remove unnecessary Attribute::defaultCategories array. + [Jakub Onderka] +- [internal] Call array_values method just when necessary. [Jakub + Onderka] +- [internal] Use strict comparison for in_array. [Jakub Onderka] +- [internal] Generate server settings just when need. [Jakub Onderka] +- [internal] Generate type definitions just when required. [Jakub + Onderka] +- [UI] Deduplicate sightings form. [Jakub Onderka] +- [internal] Optimise sightings saving. [Jakub Onderka] +- [UI] Make server index view nicer. [Jakub Onderka] +- [sync] Optimise version compatibility checking to save sql queries. + [Jakub Onderka] +- [sync] Return content encoding in postTest. [Jakub Onderka] +- [sync] Convert connection timeout to exception. [Jakub Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [optimisation] Faster Tag::fetchSimpleEventsForTag method. [Jakub + Onderka] +- [optimisation] Faster fetching attributes with tags. [Jakub Onderka] +- [optimisation] Decode JSON input from request just once. [Jakub + Onderka] +- [internal] Remove unused methods. [Jakub Onderka] +- [distribution-graph] Optimise loading. [Jakub Onderka] +- [internal] Use find('column') on more places. [Jakub Onderka] +- [internal] Do not load sightings for event log. [Jakub Onderka] +- [taxonomies] updated. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [internal] Use find('column') on more places. [Jakub Onderka] +- [internal] Optimise loading event correlation graph. [Jakub Onderka] +- [UI] Use chosen when select contains more than 10 sharing groups. + [Jakub Onderka] +- [role] Do not allow delete role when is still assigned to user. [Jakub + Onderka] +- [UI] Show cancel button for event report filter. [Jakub Onderka] +- [UI] Merge roles index and admin_index. [Jakub Onderka] +- [UI] Rotate header for role index table. [Jakub Onderka] +- [UI] Site admin redirects from role index to admin index. [Jakub + Onderka] +- [UI] Set dbclickAction for user index. [Jakub Onderka] +- [UI] Go directly to edit mode after clicking to "Edit report" button. + [Jakub Onderka] +- [UI] Make event report page nicer. [Jakub Onderka] +- [sighting] Faster and memory efficient rest search. [Jakub Onderka] +- [log] Do not log request type logs to syslog. [Jakub Onderka] +- [REST] Close session early for `authkey_keep_session` connections. + [Jakub Onderka] +- [test] Update testlive_security.py to new version. [Jakub Onderka] +- [internal] Code cleanup. [Jakub Onderka] +- [internal] Small optimisations. [Jakub Onderka] +- [interna] AppController code cleanup. [Jakub Onderka] +- [internal] Rename MISP.log_user_ips_auth -> + MISP.log_user_ips_authkeys. [Jakub Onderka] +- [internal] Move access monitoring to own method. [Jakub Onderka] +- [internal] Force to update session data after database update. [Jakub + Onderka] +- [internal] Allow to reuse session for API requests. [Jakub Onderka] +- [internal] Do not log full authkeys. [Jakub Onderka] +- [internal] Simplify User::describeAuthFields. [Jakub Onderka] +- [internal] Update role changes immediately. [Jakub Onderka] +- [internal] Do not fetch user settings for User::getAuthUser. [Jakub + Onderka] +- [UI] Change description for user edit checkboxes. [Jakub Onderka] +- [internal] Load just necessary info when loading homepage info. [Jakub + Onderka] +- [internal] Load user role info from session data. [Jakub Onderka] +- [internal] Move user checks to one place. [Jakub Onderka] +- [UI] Convert taxonomies to default view. [Jakub Onderka] +- [sync] When pushing event to remote server, request back just + metadata. [Jakub Onderka] +- [eventReport] Load tags in one call. [Jakub Onderka] +- [shibb] Better log messages for ApacheShibbAuthenticate. [Jakub + Onderka] +- [sighting] Optimise bulk sighting saving. [Jakub Onderka] +- [debug] cleanup. [iglocska] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [taxonomies] updated. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [warning-list] updated to the latest version. [Alexandre Dulaunoy] +- [doc] From Travis to GH action. [Alexandre Dulaunoy] +- [veracode] removed. [Alexandre Dulaunoy] +- [installer] Latest update. [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] update to latest. [Steve Clement] +- [fix] typo. [Steve Clement] +- [doc] OpenBSD 6.8 update. [Steve Clement] +- [php] Added 2 missing modules. [Steve Clement] +- [doc] Added new default flags. [Steve Clement] + +Fix +~~~ +- [helper:genericPicker] Adding object from pill selector - Prevents + double encoding of the passed data. [mokaddem] +- [login] Correctly convert old password hash to blowfish. [Jakub + Onderka] +- [login] Convert old password hash to blowfish. [Jakub Onderka] +- [update] fixed due to issues introduced with the branch flag. + [iglocska] +- [security] Reflective XSS in the RestClient. [mokaddem] +- [security] XSS in the user homepage favourite button. [iglocska] + + - navigating to a url in MISP with the URL containing a javascript payload would cause the execution of reflected xss + - automatically sanitised by modern browsers, but still confirmed via raw curl fetches +- [security] XSS via galaxy cluster element values for reference types + could contain javascript links. [iglocska] + + - ref type elements are automatically converted to links. A user would have to click a javascript: link for it to trigger, it's still too risky to keep as is + - only urls starting with http:// and https:// are converted from here on + + - As reported by Patrik Kontura from ESET +- [security] Stored XSS in the galaxy cluster view. [iglocska] + + - Galaxy cluster names were vulnerable to XSS injection + + - As reported by Patrik Kontura of ESET +- [security] Require password confirmations by default. [iglocska] + + - the setting is optional, but the default should be that it's required unless disabled + + - As reported by Patrix Kontura from ESET +- [UI] Nicer first and last seen form. [Jakub Onderka] +- [log] Correctly handle limit and page params. [Jakub Onderka] +- [internal] Group for getting sightings for tag. [Jakub Onderka] +- [taxonomy] Support unicode chars in tag names. [Jakub Onderka] +- [S/MIME] don't sign e-mails if no signing key is set. [iglocska] + + - fixes e-mails not going out on instances where no signing key was provided +- [server] Handle case when checking CLI version is not possible. [Jakub + Onderka] +- [object] the optional blocking of duplicates fixed for objects + including malware samples. [iglocska] + + - also looping the attributes through the pre-validation massaging ensures that attributes modified by it are correctly compared +- [objects] breakonduplicate fixed. [iglocska] +- [sighting] Order must contain group for some mysql servers. [Jakub + Onderka] +- [UI] Make event paginator universal. [Jakub Onderka] +- [UI] Remove nonsense paginator options. [Jakub Onderka] +- [UI] Chosen autofocus. [Jakub Onderka] +- [internal] Remove unused method isOwnedByOrg. [Jakub Onderka] +- [internal] Remove duplicate array definition. [Jakub Onderka] +- [rest] Allow to edit roaming mode of sharing group. [Jakub Onderka] +- [dbSchema] Update to v65. [Jakub Onderka] +- MIssing dependency. [Raphaël Vinot] +- Call the security test suite properly. [Raphaël Vinot] +- Remove call to python script out of the virtenv. [Raphaël Vinot] +- [S/MIME] don't sign e-mails if no signing key is set. [iglocska] + + - fixes e-mails not going out on instances where no signing key was provided +- [inernal] Remove duplicates from server correlations. [Jakub Onderka] +- [internal] Attaching warninglist for feed event preview without + attributes. [Jakub Onderka] +- [UI] Multiple popovers for cluster relations. [Jakub Onderka] +- [UI] Change role name for admin view and add title. [Jakub Onderka] +- [UI] Redirect after add role modal to index page. [Jakub Onderka] +- [UI] Cancelling search didn't work for index table. [Jakub Onderka] +- [UI] Add Object works again for all databases. [Jakub Onderka] +- [UI] Remove unnecessary padding from form. [Jakub Onderka] +- [UI] Correctly show contributors in event view. [Jakub Onderka] +- [UI] Fix attribte search in event view. [Jakub Onderka] +- [UI] Show error message when galaxy info couldn't be loaded. [Jakub + Onderka] +- [sighting] Grouping sighting fetch for tags. [Jakub Onderka] +- [sighting] Order must contain group for some mysql servers. [Jakub + Onderka] +- [UI] Move debug mode variable before setting database connection. + [Jakub Onderka] +- [monitoring] Do not encode payload, it is string. [Jakub Onderka] +- [UI] Enable quick filter for auth keys. [Jakub Onderka] +- [UI] Auth Key index and view changes and fixes. [Jakub Onderka] +- [UI] Days to expire count. [Jakub Onderka] +- [security] Do not return hashed authentication key after creation. + [Jakub Onderka] +- [internal] Check if setting value is scalar. [Jakub Onderka] +- [security] Auth key must be always random generated at server side. + [Jakub Onderka] +- [security] Do not allow to use API key authenticated session to do non + API calls. [Jakub Onderka] +- [internal] Remove unused variables. [Jakub Onderka] +- [internal] Remove unused $user siteadmin variable. [Jakub Onderka] +- [UI] Use generic style for taxonomy view. [Jakub Onderka] +- [UI] Autofocus generic picker. [Jakub Onderka] +- [UI] Replace GnuPG with PGP. [Jakub Onderka] +- [UI] Empty field for galaxy 'Forked From' and 'Forked By' [Jakub + Onderka] +- [UI] Use correct font for Show all. [Jakub Onderka] +- [UI] Send request just when opening event detail windows. [Jakub + Onderka] +- [eventReport] Smarter extractWithReplacements. [Jakub Onderka] +- [eventReport] Replace defanged values. [Jakub Onderka] +- [eventReport] Notice when galaxy value is not separated by ` - ` + [Jakub Onderka] +- [stix2 import] Checking if attack-pattern, course-of-action and + vulnerability names are known galaxies before importing them as MISP + object. [chrisr3d] +- [tags] truncate tag names that are too long. [Andras Iklody] + + Otherwise we run into issues on the DB level anyway. For the future, perhaps change the field length. +- [installer] Typo. [Steve Clement] +- [search] don't append the same quicksearch value more than once in the + URL. [iglocska] +- [statistics] Local org flag fixed to show the correct count. + [iglocska] +- [mistake in a comment fixed] [iglocska] +- [internal] sharing_group graph missing org_ids - throwing notices. + [iglocska] +- [internal] further promises removed from the galaxy model. [iglocska] + + - easier than getting people to stop using EOL software +- [installer] type in php-bcmath package. [Steve Clement] +- [installer] forgot to add sfv. [Steve Clement] +- [internal] removed function promises in crud component. [iglocska] + + - to appease EOL php versions... +- [delegation] invalid user call. [iglocska] + +Other +~~~~~ +- Merge pull request #6896 from JakubOnderka/fix-old-password-convert. + [Jakub Onderka] + + fix: [login] Correctly convert old password hash to blowfish +- Merge branch 'old-hash-transfer' into 2.4. [Christophe Vandeplas] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #6880 from JakubOnderka/server-compare-count. + [Jakub Onderka] + + new: [UI] Show event count in server popover for comparison +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge remote-tracking branch 'origin/2.4' into develop. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #6879 from JakubOnderka/first-seen-input-format. + [Jakub Onderka] + + fix: [UI] Nicer first and last seen form +- Merge pull request #6870 from JakubOnderka/galaxy-cluster-rest-search. + [Jakub Onderka] + + chg: [internal] Faster fetching galaxy clusters by REST API +- Merge pull request #6860 from JakubOnderka/log-fix. [Jakub Onderka] + + fix: [log] Correctly handle limit and page params +- Merge pull request #6874 from JakubOnderka/preview-server. [Jakub + Onderka] + + Preview server +- Merge pull request #6869 from JakubOnderka/event-index-tags. [Jakub + Onderka] + + chg: [internal] Optimise fetching tags for event index API requests +- Merge pull request #6868 from JakubOnderka/event-index-rest-optim. + [Jakub Onderka] + + Event index rest optim +- Merge pull request #6867 from JakubOnderka/event-index-rest-optim. + [Jakub Onderka] + + chg: [internal] Optimise fetching event index by API +- Merge pull request #6866 from JakubOnderka/fix-bad-merge. [Jakub + Onderka] + + fix: [internal] Group for getting sightings for tag +- Merge pull request #6863 from JakubOnderka/tag-fetching-optimisation. + [Jakub Onderka] + + chg: [UI] Optimise fetching tags for picker +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #6865 from SteveClement/guides. [Andras Iklody] + + chg: [doc] Considered $DBHOST +- Merge pull request #6858 from SteveClement/guides. [Steve Clement] + + new: [doc] Added doc about how to change the installer generator +- Merge pull request #6862 from JakubOnderka/tag-chose-optimise. [Jakub + Onderka] + + chg: [UI] Optimise loading taxonomy tags for for tagging form +- Merge pull request #6861 from JakubOnderka/taxonomy-unicode. [Jakub + Onderka] + + fix: [taxonomy] Support unicode chars in tag names +- Merge branch '2.4' into develop. [Steve Clement] +- Merge pull request #6854 from JakubOnderka/server-pull-version. [Jakub + Onderka] + + chg: [sync] Simplified fetching version from remote server +- Merge pull request #6851 from JakubOnderka/taxonomy-import. [Jakub + Onderka] + + new: [taxonomy] Importing taxonomy in machinetag format by REST API +- Merge pull request #6853 from JakubOnderka/server-diagnostic-fix. + [Jakub Onderka] + + fix: [server] Handle case when checking CLI version is not possible +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #6835 from MISP/dependabot/pip/lxml-4.6.2. + [Alexandre Dulaunoy] + + build(deps): bump lxml from 4.3.3 to 4.6.2 +- Build(deps): bump lxml from 4.3.3 to 4.6.2. [dependabot[bot]] + + Bumps [lxml](https://github.com/lxml/lxml) from 4.3.3 to 4.6.2. + - [Release notes](https://github.com/lxml/lxml/releases) + - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) + - [Commits](https://github.com/lxml/lxml/compare/lxml-4.3.3...lxml-4.6.2) +- Merge pull request #6825 from StefanKelm/2.4. [Alexandre Dulaunoy] + + Update index.ctp +- Update index.ctp. [StefanKelm] + + Tinies of typos... +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6826 from SteveClement/guides. [Steve Clement] + + chg: [git] Made the checkouts more proxy friendly +- Fix git urls to https (users behind proxy) [Alexandre Dulaunoy] + + Fix git urls to https (users behind proxy) +- Merge pull request #6849 from JakubOnderka/id-translator-preview-link. + [Jakub Onderka] + + new: [UI] Show link to event preview for ID translator +- Merge pull request #6833 from JakubOnderka/id-translator-push. [Jakub + Onderka] + + chg: [idTranslator] Check also servers that we push +- Merge pull request #6845 from JakubOnderka/generic-picker- + optimisation. [Jakub Onderka] + + chg: [UI] Optimise generic picker +- Merge pull request #6841 from JakubOnderka/paginator-fix. [Jakub + Onderka] + + Paginator fix +- Merge pull request #6843 from JakubOnderka/choosen-autofocus-fix. + [Jakub Onderka] + + fix: [UI] Chosen autofocus +- Merge pull request #6842 from JakubOnderka/small-optims. [Jakub + Onderka] + + Small optims +- Merge pull request #6840 from JakubOnderka/translate-optimisation. + [Jakub Onderka] + + Translate optimisation +- Merge pull request #6839 from JakubOnderka/deduplicate-sighting-form. + [Jakub Onderka] + + chg: [UI] Deduplicate sightings form +- Merge pull request #6809 from JakubOnderka/optimise-sightings-saving. + [Jakub Onderka] + + chg: [internal] Optimise sightings saving +- Merge pull request #6827 from JakubOnderka/sharing_groups_org. [Jakub + Onderka] + + new: [UI] Show sharing groups in org view +- Merge pull request #6830 from JakubOnderka/sg-roaming-edit. [Jakub + Onderka] + + fix: [rest] Allow to edit roaming mode of sharing group +- Merge pull request #6837 from JakubOnderka/db-schema. [Jakub Onderka] + + fix: [dbSchema] Update to v65 +- Merge pull request #6831 from JakubOnderka/server-view-ui. [Jakub + Onderka] + + chg: [UI] Make server index view nicer +- Merge pull request #6828 from JakubOnderka/check-version- + compatibility-optim. [Jakub Onderka] + + chg: [sync] Optimise version compatibility checking to save sql queries +- Merge pull request #6822 from JakubOnderka/server-sync-compression. + [Jakub Onderka] + + new: [sync] Enable compression for server sync +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #6821 from JakubOnderka/http-socket-brotli. [Jakub + Onderka] + + new: [feed] Support brotli compression +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #6820 from MISP/Rafiot-patch-6. [Raphaël Vinot] + + [Test] Run the security suite from the virtualenv +- [Test] Run the security suite from the virtualenv. [Raphaël Vinot] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [chrisr3d] +- Merge pull request #6813 from JakubOnderka/feed-cache-deduplicate. + [Jakub Onderka] + + fix: [inernal] Remove duplicates from server correlations +- Merge pull request #6812 from JakubOnderka/feed-warninglist. [Jakub + Onderka] + + fix: [internal] Attaching warninglist for feed event preview without … +- Merge pull request #6811 from JakubOnderka/attach-tags-to-attributes. + [Jakub Onderka] + + Attach tags to attributes +- Merge pull request #6810 from JakubOnderka/json-decode-just-once. + [Jakub Onderka] + + chg: [optimisation] Decode JSON input from request just once +- Merge pull request #6804 from JakubOnderka/optimisations-vol2. [Jakub + Onderka] + + Optimisations vol2 +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #6797 from JakubOnderka/optimisations. [Jakub + Onderka] + + Optimisations +- Merge pull request #6745 from JakubOnderka/user-sort. [Jakub Onderka] + + User sort +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #6772 from JakubOnderka/sighting-policy-host-org. + [Jakub Onderka] + + new: [sighting] New setting that will allow users to see host org sig… +- Merge pull request #6778 from JakubOnderka/tag-info. [Jakub Onderka] + + Tag info popover +- Merge pull request #6749 from JakubOnderka/hide-orgs-from-sg. [Jakub + Onderka] + + Hide orgs from sharing group view +- Merge pull request #6788 from JakubOnderka/ui-fixes. [Jakub Onderka] + + UI fixes +- Merge pull request #6789 from JakubOnderka/sighting-tag-group. [Jakub + Onderka] + + Sighting tag group +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Alexandre Dulaunoy] +- Merge pull request #6497 from JakubOnderka/experimental-cake-tmp- + response. [Jakub Onderka] +- Merge pull request #6787 from JakubOnderka/sighting-rest-optim. [Jakub + Onderka] + + chg: [sighting] Faster and memory efficient rest search +- Merge pull request #6786 from JakubOnderka/sighting-bug-6773. [Jakub + Onderka] + + fix: [sighting] Order must contain group for some mysql servers +- Merge pull request #6581 from JakubOnderka/newsread-loading. [Jakub + Onderka] + + chg: [internal] Move user checks to one place +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge branch '2.4' into develop. [Steve Clement] +- Merge pull request #6782 from JakubOnderka/taxonomies-view. [Jakub + Onderka] + + chg: [UI] Convert taxonomies to default view +- Merge pull request #6760 from JakubOnderka/sighting-rest-uuid. [Jakub + Onderka] + + new: [rest] Allow to search sightings by event or attribute UUID +- Merge pull request #6781 from JakubOnderka/another-ui-fixes. [Jakub + Onderka] + + Another UI fixes +- Merge pull request #6776 from JakubOnderka/event-push-metadata. [Jakub + Onderka] + + chg: [sync] When pushing event to remote server, request back just me… +- Merge pull request #6779 from JakubOnderka/event-report-extract-fix. + [Jakub Onderka] + + Event report extract fix +- Merge pull request #6755 from JakubOnderka/shibb-log-messages. [Jakub + Onderka] + + chg: [shibb] Better log messages for ApacheShibbAuthenticate +- Merge pull request #6759 from JakubOnderka/bulk-sighting-saving-optim. + [Jakub Onderka] + + chg: [sighting] Optimise bulk sighting saving +- Merge pull request #5234 from JakubOnderka/gpg_key_footer. [Jakub + Onderka] + + new: [UI] Download GPG public key from GPG homedir +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6747 from legoguy1000/ja3_zeek_intel_rules. + [Alexandre Dulaunoy] + + Create JA3 Hash Zeek Intel Rules +- JA3 Zeek Intel Rules. [Alex Resnick] +- Merge pull request #6799 from simonflood/patch-1. [Alexandre Dulaunoy] + + INSTALL.rhel8.md - update EoL for CentOS 8 +- INSTALL.rhel8.md - update EoL for CentOS 8. [Simon Flood] + + Maintenance for CentOS 8 will now end on 31 December 2021 +- Merge pull request #6795 from sdenel/patch-2. [Alexandre Dulaunoy] + + Typo in Server.php: currenty -> currently +- Typo in Server.php. [Simon DENEL] +- Veracode added. [Alexandre Dulaunoy] +- CodeQL added. [Alexandre Dulaunoy] +- HandlerSSL should be true. [Alexandre Dulaunoy] +- Merge pull request #6785 from StefanKelm/2.4. [Alexandre Dulaunoy] + + Typos +- Update indexForEvent.ctp. [StefanKelm] +- Update importReportFromUrl.ctp. [StefanKelm] +- Merge pull request #6783 from FafnerKeyZee/patch-1. [Alexandre + Dulaunoy] + + Add the possibility to have a '-' in the baseurl +- Add the possibility to have a '-' in the baseurl. [Fafner [_KeyZee_]] + + With the actual regex in testBaseURL, we can not have a '-' inside the BaseURL, I did a quick fix +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6767 from SteveClement/guides. [Steve Clement] +- Merge pull request #6764 from Natsec/patch-1. [Andras Iklody] + + Typo caused fail of dependency installation +- Typo caused fail of dependency installation. [Kamil] + + Hello, + + During installation, I would get the following error : + ```shell + Cloning into '/var/www/MISP/app/files/scripts/python-cybox'... + remote: Enumerating objects: 343, done. + remote: Counting objects: 100% (343/343), done. + remote: Compressing objects: 100% (191/191), done. + remote: Total 14731 (delta 180), reused 253 (delta 152), pack-reused 14388 + Receiving objects: 100% (14731/14731), 7.39 MiB | 3.10 MiB/s, done. + Resolving deltas: 100% (10487/10487), done. + ERROR: Invalid requirement: '/var/www/MISP/app/files/scripts/CybOXProject/python-cybox' + Hint: It looks like a path. File '/var/www/MISP/app/files/scripts/CybOXProject/python-cybox' does not exist. + apt is maybe locked, waiting 3 seconds. + Cloning into '/var/www/MISP/app/files/scripts/python-stix'... + remote: Enumerating objects: 298, done. + remote: Counting objects: 100% (298/298), done. + remote: Compressing objects: 100% (215/215), done. + remote: Total 13777 (delta 190), reused 155 (delta 83), pack-reused 13479 + Receiving objects: 100% (13777/13777), 5.78 MiB | 2.58 MiB/s, done. + Resolving deltas: 100% (10076/10076), done. + ERROR: Invalid requirement: '/var/www/MISP/app/files/scripts/STIXProject/python-stix' + Hint: It looks like a path. File '/var/www/MISP/app/files/scripts/STIXProject/python-stix' does not exist. + apt is maybe locked, waiting 3 seconds. + Cloning into '/var/www/MISP/app/files/scripts/python-maec'... + remote: Enumerating objects: 59, done. + remote: Counting objects: 100% (59/59), done. + remote: Compressing objects: 100% (39/39), done. + remote: Total 4472 (delta 32), reused 40 (delta 20), pack-reused 4413 + Receiving objects: 100% (4472/4472), 1.29 MiB | 1.90 MiB/s, done. + Resolving deltas: 100% (2992/2992), done. + ERROR: Invalid requirement: '/var/www/MISP/app/files/scripts/MAECProject/python-maec' + Hint: It looks like a path. File '/var/www/MISP/app/files/scripts/MAECProject/python-maec' does not exist. + apt is maybe locked, waiting 3 seconds. + Cloning into '/var/www/MISP/app/files/scripts/mixbox'... + remote: Enumerating objects: 39, done. + remote: Counting objects: 100% (39/39), done. + remote: Compressing objects: 100% (26/26), done. + remote: Total 1055 (delta 20), reused 27 (delta 13), pack-reused 1016 + Receiving objects: 100% (1055/1055), 278.98 KiB | 901.00 KiB/s, done. + Resolving deltas: 100% (696/696), done. + ERROR: Invalid requirement: '/var/www/MISP/app/files/scripts/CybOXProject/mixbox' + Hint: It looks like a path. File '/var/www/MISP/app/files/scripts/CybOXProject/mixbox' does not exist. + ``` + + Making the modification fixed the installation of the dependencies. + + Best regards, + Kamil + + +v2.4.136 (2020-12-16) +--------------------- + +New +~~~ +- [CLI] Import events with compressed file support. [Jakub Onderka] + + Useful for importing big files +- [UI] Find org images also by uuid and support SVG images. [Jakub + Onderka] +- [UI] Make possible to filter users by active/disabled. [Jakub Onderka] +- [UI] Show number of events for sharing group. [Jakub Onderka] +- [test] View org page. [Jakub Onderka] +- [UI] Allow to search in sharing group list. [Jakub Onderka] +- [security] Test if user can see sharing groups. [Jakub Onderka] +- [factories] generic confirmation UI factory added. [iglocska] +- [Cerebrates] added Cerebrate sync functionality. [iglocska] + + - add/modify cerebrate links + - preview cerebrate instanes for organisations + - fetch organisations from cerebrate + - ingests new organisations and updates existing ones + + - More to come in the future +- [Cerebrate] db update added. [iglocska] +- [view factories rework] [iglocska] + + indextable: + - org lookup field cleaned up and made more resilient + - remote status: status field for checking of the local vs remote state of objects added + - pagination system updated to allow for ajax pagination + - random named container added for the index table's scaffolding + + side menu: + - added cerebrate options + + side panels: + - new factory type added for side panel elements (for the usual 2:1 split views) + - added logo element + + single views: + - child reworked to use the accordion element + - added side panel support +- [auth] Allow to enforce auth plugin authentication. [Jakub Onderka] +- [shibb] Test for organisation UUID HTTP header. [Jakub Onderka] +- [shibb] Allow to get organisation UUID from HTTP headers. [Jakub + Onderka] +- [test] Test for ApacheShibbAuth. [Jakub Onderka] +- [test] Security test suite. [Jakub Onderka] +- [security] New setting to check `Sec-Fetch-Site` header. [Jakub + Onderka] +- [security] Add new `Security.disable_browser_cache` option to disable + saving data to browser cache. [Jakub Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [UI] Nicer galaxy cluster view. [Jakub Onderka] +- [UI] Nicer icon for discussion reply. [Jakub Onderka] +- [UI] Move org UUID after ID to match other page style. [Jakub Onderka] +- [UI] Add cancel for sharing group search. [Jakub Onderka] +- [UI] Nicer title when creating event report. [Jakub Onderka] +- [security] For `hide_organisation_index_from_users` hide orgs that + make contribution that user cannot see. [Jakub Onderka] +- [composer] Add ext-rdkafka as suggested dependency. [Jakub Onderka] +- [UI] Use PGP instead of GnuGP, GnuPG is implementation. [Jakub + Onderka] +- [UI] Hide some fields from user profile and use better description. + [Jakub Onderka] +- [internal] HEAD check if org exists. [Jakub Onderka] +- [internal] Simplified SharingGroup::checkIfOwner method. [Jakub + Onderka] +- [internal] Load orgs just when it is necessary. [Jakub Onderka] +- [UI] Use standardised view for sharging group. [Jakub Onderka] +- [composer] Raise minimal PHP version to 7.2 and disable support for + 8.0. [Jakub Onderka] +- [shibb] Newly created org should be local. [Jakub Onderka] +- [galaxyClusters:view_relation_tree] Adjust height based on the number + of nodes. [mokaddem] +- [actions] added develop branch. [iglocska] +- [ACL] cerebrate added to the ACL. [iglocska] +- [querystring] bump. [iglocska] +- [image] added cerebrate logo. [iglocska] +- [js] runIndexQuickFilter changes. [iglocska] + + - added optional url parameter to set a fixed URL to search from + - added target parameter for ajax refreshes (target css selector) + - added possibility to pass ordered parameters in addition to key value pairs + - added ajax lookups +- [Cerebrate] added to the global menu. [iglocska] +- [synctool] added custom model support for the setuphttpsocket() + function. [iglocska] +- [CRUD component] call model functions in the afterfind. [iglocska] + + - added the option to either use anonymous functions or call model functions in the hook + - fixed a bug with a missing modelname in the lookup scope for fields (carryover from cerebrate) +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Update to latest version. [Steve Clement] +- [installer] Leveled installer out. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [installer] More fixes to replayability. [Steve Clement] +- [actions] added to the develop branch. [iglocska] +- [UI] Normalize date format to match rest of MISP. [Jakub Onderka] +- [installer] Update to latest. [Steve Clement] +- [installer] misp-modules install refactor. [Steve Clement] +- [installer] Refactor the core MISP checkout. [Steve Clement] +- [installer] Update to latest. [Steve Clement] +- [fmt] Make it look better. [Steve Clement] +- [sighting] Support for postgres. [Jakub Onderka] +- [tag] Simplified taxonomy handling. [Jakub Onderka] +- [tag] Fetch event count for tags in one query. [Jakub Onderka] +- [sighting] Speedup loading sighting for tags and galaxies. [Jakub + Onderka] +- [sighting] Speedups list all sightings. [Jakub Onderka] +- [sighting] Reworked listing sightings. [Jakub Onderka] +- [sighting] Sighting statistics. [Jakub Onderka] +- [installer] Deploy latest. [Steve Clement] +- [doc] The installer takes certain env_vars into account. [Steve + Clement] +- [installer] Deploy latest installer with automation fixes. [Steve + Clement] +- [installer] Removed expect, this will ease automation. [Steve Clement] +- [internal] Fetch just necessary orgs and server object for sharing + groups. [Jakub Onderka] +- [misp-galaxy] MITRE ATT&CK updated. [Alexandre Dulaunoy] +- [vhash] removed validation altogether. [Andras Iklody] + + - vhash is like a box of chocolates, you never know what you're going to get. +- [internal] Better exception description for PGP key validation. [Jakub + Onderka] +- [PyMISP] Bump version, again. [Raphaël Vinot] +- [PyMISP] Bump version. [Raphaël Vinot] +- [internal] Attach event correlations in one call for attribute UI + search. [Jakub Onderka] +- [internal] Attach feed correlations in one call for attribute UI + search. [Jakub Onderka] +- [internal] Optimise attribute search in UI. [Jakub Onderka] +- [internal] removed void return promise. [iglocska] + + - to make EOL php versions happy +- [events:view] Possibility to fetch events without attachments via the + API. [mokaddem] +- [galaxyCluster:relationsTreeTool] Ignore duplicated cluster UUIDs. + [mokaddem] + + - Some default clusters have the same UUID. They are the same entity but + stored in a different cluster package. It should be addressed in the + future + +Fix +~~~ +- [UI] Contact form text. [Jakub Onderka] +- [distribution graph] Graph doesn't work for non sync users when event + is shared to sharing group. [Jakub Onderka] +- [UI] Show correct sync org for sharing group view. [Jakub Onderka] +- [UI] Change order for sg view. [Jakub Onderka] +- [UI] Do not show authkey if advanced authkeys are enabled. [Jakub + Onderka] +- [UI] For accorddion external link do not propagate click. [Jakub + Onderka] +- [UI] Send email link should be visible just for admin view. [Jakub + Onderka] +- [UI] User search keeps filter. [Jakub Onderka] +- [UI] Show correct menu for EventsController::importModule action. + [Jakub Onderka] +- [UI] For import show correct active menu. [Jakub Onderka] +- [UI] For tags show actions just when user can permission to use them. + [Jakub Onderka] +- [UI] For Taxonomies show actions just when user can permission to use + them. [Jakub Onderka] +- [UI] Show correct menu for Contact Reporter page. [Jakub Onderka] +- [UI] Remove unused All button from galaxy index. [Jakub Onderka] +- [UI] Show feed cache buttons just to site admins. [Jakub Onderka] +- [UI] For fail when uploading stix, show unit for maximum size. [Jakub + Onderka] +- [UI] Button border when adding thread port. [Jakub Onderka] +- [UI] Show REST client menu item just when user has perm_auth. [Jakub + Onderka] +- [internal] Undefined variable $passedArgs. [Jakub Onderka] +- [internal] Undefined variables when GitHub is not reachable. [Jakub + Onderka] +- [internal] Undefined variable me. [Jakub Onderka] +- [UI] Better error message for permission denied. [Jakub Onderka] +- [security] Do not leak org names when + hide_organisation_index_from_users enabled. [Jakub Onderka] +- [UI] Nicer error message for CSRF. [Jakub Onderka] +- [internal] User should be able to see his org. [Jakub Onderka] +- [UI] Toggle doesn't work with absolute URLs. [Jakub Onderka] +- [UI] Confusing messages after object template is deleted. [Jakub + Onderka] +- [UI] Do not mention that STIX 2 export require library. [Jakub + Onderka] + + This information can be useful just for site administrators, but not for users +- [UI] Do not show REST client menu link when user don't have + permission. [Jakub Onderka] +- [UI] Do not show taxonomy delete menu link when user don't have + permission. [Jakub Onderka] +- [UI] Do not show proposals menu link when user don't have permission. + [Jakub Onderka] +- [UI] Do not show extend this event button when user don't have + permission to do that. [Jakub Onderka] +- [UI] Allow to access delegations index just when delegations are + enabled. [Jakub Onderka] +- [UI] Show `Add Cluster` in menu just when user has permission to add + cluster. [Jakub Onderka] +- [sighting] Make sure that correct columns are processed. [Jakub + Onderka] +- [rest-client] Do not raise exception for not site admin. [Jakub + Onderka] +- [UI] Link to role edit. [Jakub Onderka] +- [UI] Show delete and edit button for SG just when user has permission. + [Jakub Onderka] +- [UI] Sort countries by name. [Jakub Onderka] +- [db_schema] added cerebrate. [iglocska] +- [baseurl] validation relaxed. [iglocska] + + - no more arbitrary junk blocking https://localhost +- [communities] search fixed, context no longer defaults to "pending" + which is an unknown value. [iglocska] +- [authkey] fixed a bug causing recurring authkey lookups via model + binding failing. [iglocska] + + - missing parameter caused the linking to be single use +- [community] removed invalid filter field causing notice errors. + [iglocska] +- [custompagination tool] hardcoded modelname fixed. [iglocska] +- [doc] Location typo fixed. [Alexandre Dulaunoy] +- [pgp] Key info for older GPG versions. [Jakub Onderka] +- [security] XSS in authkey comment field. [Jakub Onderka] +- [sightings] Support mysql in sql_mode=only_full_group_by. [Jakub + Onderka] +- [security] Remove hashed advanced keys from response. [Jakub Onderka] +- [bindmodel] added reset = false to the linking of users to authkeys. + [Andras Iklody] + + - added reset = false in parameters (otherwise consecutive calls to the user model will not include the relation) +- [UI] Correctly handle truncated values for import. [Jakub Onderka] +- [UI] Favourite only for tags. [Jakub Onderka] +- [installer] fi was forgotten, #hotfix. [Steve Clement] +- [installer] sfv file was forgotten. [Steve Clement] +- [internal] Remove unused method from AppController. [Jakub Onderka] +- [csvExport] Prevent override when using `includeContext` parameter Fix + #3774. [mokaddem] +- [internal] Redis unlink method for old Redis versions. [Jakub Onderka] +- [text export] cull duplicates after fetching the data. [iglocska] + + - pros: No more full group by exceptions + Handles duplicate culling across internally paginated workloads + + - cons: The returned dataset's size will not always match the requested count as duplicates are culled +- [authkey] only link the model if the instance is already updated. + [iglocska] +- [UI] user add. [iglocska] + + S/MIME label misaligned + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge pull request #6754 from JakubOnderka/fix-contact-ui. [Jakub + Onderka] + + fix: [UI] Contact form text +- Merge pull request #6752 from JakubOnderka/distribution_graph_sg_fix. + [Jakub Onderka] + + fix: [distribution graph] Graph doesn't work for non sync users +- Merge pull request #6698 from JakubOnderka/small-ui-fixes. [Jakub + Onderka] + + Small UI fixes +- Merge pull request #6716 from JakubOnderka/cli-import. [Jakub Onderka] + + new: [CLI] Import events with compressed file support +- Merge pull request #6730 from JakubOnderka/org-image-svg-uuid. [Jakub + Onderka] + + new: [UI] Find org images also by uuid and support SVG images +- Merge pull request #6746 from JakubOnderka/rest-client-menu- + permission. [Jakub Onderka] + + Rest client menu permission +- Merge pull request #6743 from JakubOnderka/undefined-me. [Jakub + Onderka] + + fix: [internal] Undefined variables +- Merge pull request #6744 from JakubOnderka/user-filter. [Jakub + Onderka] + + new: [UI] Make possible to filter users by active/disabled +- Merge pull request #6739 from JakubOnderka/error-message. [Jakub + Onderka] + + fix: [UI] Better error message for permission denied +- Merge pull request #6738 from JakubOnderka/hide-orgs-dont-leak. [Jakub + Onderka] + + fix: [security] Do not leak org names +- Merge pull request #6735 from JakubOnderka/error-message. [Jakub + Onderka] + + fix: [UI] Nicer error message for CSRF +- Merge pull request #6732 from JakubOnderka/hide-orgs-show-his-org. + [Jakub Onderka] + + fix: [internal] User should be able to see his org +- Merge pull request #6727 from JakubOnderka/fix-toggle-url. [Jakub + Onderka] + + fix: [UI] Toggle doesn't work with absolute URLs +- Merge pull request #6721 from JakubOnderka/org-can-see. [Jakub + Onderka] + + chg: [security] For `hide_organisation_index_from_users` hide more orgs +- Merge pull request #6725 from JakubOnderka/object-delete-ui. [Jakub + Onderka] + + fix: [UI] Confusing messages after object template is deleted +- Merge pull request #6724 from JakubOnderka/kafka-suggested-ext. [Jakub + Onderka] + + Kafka suggested ext +- Merge pull request #6707 from JakubOnderka/event-export-library- + mention. [Jakub Onderka] + + fix: [UI] Do not mention that STIX 2 export require library +- Merge pull request #6720 from JakubOnderka/permission-ui. [Jakub + Onderka] + + Permission UI +- Merge pull request #6719 from JakubOnderka/delegation-access. [Jakub + Onderka] + + fix: [UI] Allow to access delegations index just when delegations are enabled +- Merge pull request #6717 from JakubOnderka/sharing-group-events. + [Jakub Onderka] + + new: [UI] Show number of events for sharing group +- Merge pull request #6696 from JakubOnderka/user-profile-ui. [Jakub + Onderka] + + chg: [UI] Hide some fields from user profile and use better description +- Merge pull request #6695 from JakubOnderka/add-cluster-menu-view. + [Jakub Onderka] + + fix: [UI] Show `Add Cluster` in menu just when user has permission to… +- Merge branch 'develop' into add-cluster-menu-view. [Jakub Onderka] +- Merge pull request #6676 from JakubOnderka/fix-sighting-columns. + [Jakub Onderka] + + fix: [sighting] Make sure that correct columns are processed +- Merge pull request #6694 from JakubOnderka/invalid-controller-name- + fix. [Jakub Onderka] + + fix: [rest-client] Do not raise exception for non site admin +- Merge pull request #6706 from JakubOnderka/role-edit-fix. [Jakub + Onderka] + + fix: [UI] Link to role edit +- Merge pull request #6699 from folbricht-stripe/s3-fix-writable-check. + [Jakub Onderka] + + fix: Don't fail writable attachment dir test for S3 +- Don't fail writable attachment dir test for S3. [Frank Olbricht] +- Merge pull request #6703 from JakubOnderka/org-view. [Jakub Onderka] + + new: [test] View org page +- Merge pull request #6700 from JakubOnderka/sg-view. [Jakub Onderka] + + Sharing group view +- Merge pull request #6701 from JakubOnderka/security-sg-view. [Jakub + Onderka] + + new: [security] Test if user can see sharing groups +- Merge pull request #6662 from JakubOnderka/php-test. [Jakub Onderka] + + Disable PHP 8 support +- Merge pull request #6693 from JakubOnderka/countries-order. [Jakub + Onderka] + + fix: [UI] Sort countries by name +- Merge pull request #6691 from JakubOnderka/shibb-new-org-local. [Jakub + Onderka] + + chg: [shibb] Newly created org should be local +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge branch '2.4' into develop. [iglocska] +- Merge branch '2.4' into cerebrate. [iglocska] +- Merge pull request #6733 from legoguy1000/#6355-Suricata-JA3-Rules. + [Alexandre Dulaunoy] + + Create JA3 Hash Suricata Rules +- #6355 Create JA3 Hash Suricata Rules. [Alex Resnick] +- Merge pull request #6697 from JakubOnderka/gpg-key-import-fix. [Jakub + Onderka] + + fix: [pgp] Key info for older GPG versions +- Merge pull request #6690 from JakubOnderka/xss-authkey-fix. [Jakub + Onderka] + + fix: [security] XSS in authkey comment field +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6675 from SteveClement/guides. [Steve Clement] + + chg: [installer] Leveled installer out +- Merge pull request #6674 from SteveClement/guides. [Steve Clement] + + chg: [installer] More fixes to replayability. +- Merge pull request #6673 from JakubOnderka/news-date-format-change. + [Jakub Onderka] + + chg: [UI] Normalize date format to match rest of MISP +- Merge pull request #6672 from JakubOnderka/fix-full-group. [Jakub + Onderka] + + fix: [sightings] Support mysql in sql_mode=only_full_group_by +- Merge pull request #6656 from JakubOnderka/auth-plugin-enforce. [Jakub + Onderka] + + new: [auth] Allow to enforce auth plugin authentication +- Merge pull request #6669 from StefanKelm/2.4. [Andras Iklody] + + Update event-timeline.js +- Update event-timeline.js. [StefanKelm] + + Few typos... +- Merge pull request #6668 from SteveClement/guides. [Steve Clement] +- Merge pull request #6665 from JakubOnderka/remove-hashed-keys. [Jakub + Onderka] + + fix: [security] Remove hashed advanced keys from response +- Merge pull request #6664 from SteveClement/guides. [Steve Clement] + + chg: [fmt] Make it look better +- Merge pull request #6663 from JakubOnderka/fix-import-truncated- + values. [Jakub Onderka] + + fix: [UI] Correctly handle truncated values for import +- Merge pull request #6578 from JakubOnderka/sighting-statistics. [Jakub + Onderka] +- Merge pull request #6660 from SteveClement/guides. [Steve Clement] + + chg: [doc] The installer takes certain env_vars into account +- Merge pull request #6658 from SteveClement/guides. [Steve Clement] + + chg: [installer] Removed expect, this will ease automation. +- Merge pull request #6657 from JakubOnderka/app-controller-cleanup. + [Jakub Onderka] + + fix: [internal] Remove unused method from AppController +- Merge pull request #6633 from JakubOnderka/sg-fetching-optim. [Jakub + Onderka] + + chg: [internal] Fetch just necessary orgs and server object for sg +- Merge pull request #6624 from JakubOnderka/shibb-org-uuid. [Jakub + Onderka] + + new: [shibb] Allow to get organisation UUID from HTTP headers +- Merge pull request #6613 from JakubOnderka/security-tests. [Jakub + Onderka] + + new: [test] Security test suite +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6081 from + JakubOnderka/security_disable_browser_cache. [Jakub Onderka] + + new: [security] HTTP headers hardening +- Merge pull request #6646 from JakubOnderka/gpg-key-validation. [Jakub + Onderka] + + chg: [internal] Better exception description for PGP key validation +- Merge pull request #6644 from JakubOnderka/fix-redis-unlink. [Jakub + Onderka] + + fix: [internal] Redis unlink method for old Redis versions +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6634 from JakubOnderka/attribute-search- + optimisation. [Jakub Onderka] + + chg: [internal] Optimise attribute search in UI + + +v2.4.135 (2020-11-24) +--------------------- + +New +~~~ +- [datamodels] added jarm-fingerprint type. [Kory Kyzar] +- [galaxyCluster:index] Added badge showing number of custom clusters. + [mokaddem] +- [UI] Allow to sort attributes or objects by first and last seen. + [Jakub Onderka] +- [diagnostic] Check extensions version. [Jakub Onderka] +- [internal] JSON stream convert. [Jakub Onderka] +- [eventReport] Report from event. [mokaddem] +- Github action. [Raphaël Vinot] +- [diagnostic] Show installed GnuPG version. [Jakub Onderka] +- [user] Setting `disable_user_add` to disable user creation by org + admins. [Jakub Onderka] +- [user] Disabling password and login changes apply also for org admins. + [Jakub Onderka] +- [UI] Add `disable_user_password_change` and + `disable_user_login_change` setting. [Jakub Onderka] +- [user] Allow to disable user login change. [Jakub Onderka] +- [user] Allow to disable user password change. [Jakub Onderka] +- [authkey] generate authkeys automatically when creating users. + [iglocska] + + - when using the new authkey system +- [standardised delete] view factory added. [iglocska] +- [advanced authkey] system. [iglocska] +- [CRUD component] backport from Cerebrate. [iglocska] +- [genericForm] system backport from Cerebrate. [iglocska] +- [indextable] scaffolding added along with a list of improvements. + [iglocska] +- [advanced authkey] API key copy to the new system added to + diagnostics. [iglocska] +- [CRUD] component port from Cerebrate, initial version. [iglocska] +- [indextable] factories added. [iglocska] +- [js] submit form in place. [iglocska] + + - for popup forms, have the option to display the result directly in the popover +- [generic templates] added with a single view for now (delete) + [iglocska] +- [Authkey] system added. [iglocska] +- [SingleView factories] added. [iglocska] +- [accordion] element added. [iglocska] +- [advanced authkeys] toggle added. [iglocska] +- [API] Fast check object or attribute existence by HEAD method. [Jakub + Onderka] +- [events] endpoint `runTaxonomyExclusivityCheck` for event elements. + [mokaddem] +- [rest] Allow to return just metadata after creating or editing event. + [Jakub Onderka] +- [API] Allow event existence check by HEAD method. [Jakub Onderka] +- [GalaxyCluster] Added soft and hard deletion. [mokaddem] +- [clusterBlocklist] Added initial blocklist similar to the event one. + [mokaddem] +- [galaxyCluster:publish] Upon publishing, push the cluster to remote + servers. [mokaddem] +- [server:pull_relevant_cluster] Added new cluster pull technique. + [mokaddem] + + It fetches remote clusters based on cluster tags known locally +- [galaxyCluster:restSearch] Possibility to search for clusters + contained in an Event. [mokaddem] +- [tag] Added 2 new columns to fetch tags from galaxies faster. + [mokaddem] +- [galaxyCluster] Added `published` flag to clusters. [mokaddem] +- [clusterRelations:view] Added endpoint for rest query only. [mokaddem] +- [server] Added `pull_galaxy_cluster` option in the server config. + [mokaddem] +- [events:view] Added Cluster relationship network graph. [mokaddem] +- [clusterRelations:edit] Added endpoint. [mokaddem] +- [clusterRelation] Early work on Galaxy Cluster Relations. [mokaddem] +- [galaxyClusters:updateCluster] Added draft version to align a forked + cluster's elements to his parent. [mokaddem] +- [galaxyClusters:add] Added UI to create/edit GalaxyClusterElements. + [mokaddem] +- [galaxyCluster] Initial import of Galaxy2.0 codebase - WiP. [mokaddem] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] Bump version. [Raphaël Vinot] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [attribute] new process-state type. [Alexandre Dulaunoy] +- Add optional dep (email) [Raphaël Vinot] +- Add optional dep (email) [Raphaël Vinot] +- [PyMISP] updated for jarm-fingerprint type. [Alexandre Dulaunoy] +- [PyMISP] Bump. [Raphaël Vinot] +- [installer] Update to latest version. [Steve Clement] +- Improve actions. [Raphaël Vinot] +- [PyMISP] Bump version. [Raphaël Vinot] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [servers:schema_diagnostic] Added notice concerning benign deltas. + [mokaddem] +- [installer] Updated installer. [Steve Clement] +- [internal] Faster updating JSON structures. [Jakub Onderka] +- [event:index] Allow passing list when filtering. [mokaddem] +- [galaxy update] improvements. [iglocska] + + - should be a fair bit faster +- [installer] even out changes from 20.04. [Steve Clement] +- [installer] Updated installer. [Steve Clement] +- [sh] If env vars exist, use that value. [Steve Clement] +- [doc] Added ignore file mode. [Steve Clement] +- [UI] Allow to set syslog setting from UI. [Jakub Onderka] +- [internal] Code style. [Jakub Onderka] +- [logging] Allow to define syslog identifier. [Jakub Onderka] +- [logging] Allow to disable syslog logging to stderr. [Jakub Onderka] +- [internal] Throw exception if setting name doesn't exists. [Jakub + Onderka] +- [galaxyClusterRelations:index] Show edit button for users having the + permission. [mokaddem] +- [galaxyCluster:view_relations] Moved custom relation option at the + top. [mokaddem] +- [galaxyClusterRelations:add] Added picker for relation type. + [mokaddem] +- [galaxyClusterBlocklist:add] Added picker for cluster. [mokaddem] +- [galaxyClusters] Sort by version then by value. [mokaddem] +- [UI] Change colors for auth key expiration field. [Jakub Onderka] +- [UI] Always use auth key with space in UI. [Jakub Onderka] +- [UI] Use quick click select for new generated authkey. [Jakub Onderka] +- [UI] Use monospace font for showing autkeys. [Jakub Onderka] +- [UI] Add information about key expiration to title. [Jakub Onderka] +- [feed] Optimise freetext feed caching. [Jakub Onderka] +- [galaxy] Do not fetch full galaxy info for event view UI. [Jakub + Onderka] +- Bumped db_schema. [mokaddem] +- [mysql] Backported forgotten update. [mokaddem] +- [UI] For search field, by default put current search term. [Jakub + Onderka] +- [test] Do not run workers in background. [Jakub Onderka] +- [test] Run under multiple PHP versions. [Jakub Onderka] +- [test] Merge common commands. [Jakub Onderka] +- [diagnostic] Smarter PHP extension diagnostics. [Jakub Onderka] +- [warning-list] updated. [Alexandre Dulaunoy] +- [export:textExport] Filter out deplicated values Fix #6603 for + attribute scope. [mokaddem] +- [eventReport:reportFromEvent] Added support of attributes and objects. + [mokaddem] +- Set USER everywhere. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Try to fix weirdness in PyMISP git history. [Raphaël Vinot] +- Bump PyMISP. [Jakub Onderka] +- Bump PyMISP. [Raphaël Vinot] +- Bump warning-lists. [Raphaël Vinot] +- [mysql] Reverted changes to be aligned with db_version. [mokaddem] +- [internal] Allow to fetch two orgs in one query. [Jakub Onderka] +- [rest] For attribute REST search with includeContext, fetch events + just once. [Jakub Onderka] +- [UI] Simplified user edit forms and interface. [Jakub Onderka] +- [internal] Simplified ACLComponent::printRoleAccess. [Jakub Onderka] +- [UI] Authkey reset position. [Jakub Onderka] +- [UI] Ajax user list. [Jakub Onderka] +- [ACL] User different way how to use dynamic rules. [Jakub Onderka] +- [UI] Add link to user org from profile. [Jakub Onderka] +- [automation] page updated to accomodate new authkey system. [iglocska] + + - since the API keys can no longer be retrieved, point the user to where they can manage their keys +- [user] views aligned with new authkeys. [iglocska] + + - adding users should display the newly created authkey + - other views should not show anything + - API responses fixed +- [cleanup] removed superfluous [iglocska] +- [boolean] field added to the single view fields. [iglocska] +- [user view] removed separate admin view. [iglocska] +- [authkey] add view added. [iglocska] +- [REST client] adapted to the APIkey changes. [iglocska] +- [Roles] CRUD rework. [iglocska] +- [users] admin view updated to optionally use the new authkeys. + [iglocska] +- [indexfilter] component updated with several improvements. [iglocska] +- [user] admin view now loads advanced authkeys when appropriate. + [iglocska] +- [authkey] system tied into authentication. [iglocska] +- [user index] don't show the old style authkeys when advanced authkeys + are enabled. [iglocska] +- [side menu] authkeyindex added. [iglocska] +- [form] generator minor improvements. [iglocska] +- [authkey] model tied to user model. [iglocska] +- [galaxyCluster] Remote feature support check is based on flag rather + than strict version number. [mokaddem] +- [internal] Simplified getApiInfo method. [Jakub Onderka] +- [galaxyClusters] Returns created json blob instead of interface + response. [mokaddem] +- [events:automation] Added entry for galaxy cluster restSearch. + [mokaddem] +- [galaxyCluster:add] Adapt page title if forking. [mokaddem] +- [galaxyCluster:view_relations] Improved UI for relations. [mokaddem] +- [galaxyCluster] Drop all elements before capture. [mokaddem] +- [server:index] Changed icon for pull relevant clusters. [mokaddem] +- [galaxy] Added logging behavior for galaxies, clusters and relations. + [mokaddem] +- [appModel] Logout users after update. [mokaddem] +- [galaxyCluster:publish] Returns true regardless of the result for + pushing to other servers. [mokaddem] +- [galaxyClusters:index] Added local ID in the index. [mokaddem] +- Bumped queryversion. [mokaddem] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [warninglists:index] Migrated index to factory view. [mokaddem] +- [events:view] Renamed object's `name` key into `Object name` + [mokaddem] + + - This is done to emphasis that elements bordered with a blue line are + in fact MISP Objects +- [galaxy:export] Improved misp-galaxy format export and added notice. + [mokaddem] +- [galaxy:export] Started conversion tool to misp-galaxy format - WiP. + [mokaddem] +- [galaxies:export] Added form entry to specify the export format - WiP. + [mokaddem] +- Bumped queryversion. [mokaddem] +- [rest] Faster attributes restSearch. [Jakub Onderka] +- [UI] Small fixes for report view. [Jakub Onderka] +- [UI] Put 'Add Event Report' to one line with other buttons. [Jakub + Onderka] +- [UI] Make related event little bit nicer. [Jakub Onderka] +- Bumped queryversion. [mokaddem] +- [PyMISP] Bump. [Raphaël Vinot] +- [object:editField] Make the behavior of fs/ls similar to object/edit. + [mokaddem] +- [taxonomy] Include if the predicate is exclusive at entry level. + [mokaddem] +- [restResponseComponent] Added doc for `tags/search` [mokaddem] +- [internal] Speedup sightings saving. [Jakub Onderka] +- [use full path] added conditional to the toggle, instead of silently + ignoring the setting when it's disabled server side. [iglocska] +- [servers:rest] Added CodeMirror support in REST Client and improve + url's path parsing. [mokaddem] +- [internal] Slightly optimise JSONConverterTool. [Jakub Onderka] +- [feed] Check also URL without protocol. [Jakub Onderka] +- [galaxyClusterRelations] GetExistingRelationships also returns + ObjectReference relation names. [mokaddem] +- [galaxyClusterRelation] Make sure sourceCluster is always contained. + [mokaddem] +- [galaxyCluster] Do not display publish button for default clusters. + [mokaddem] +- [galaxyCluster] Display value of the cluster in the header. [mokaddem] +- [galaxyClusterRelations] Displays error while posting. [mokaddem] +- [galaxyClusterRelations] Changed add/edit relationships to singular. + [mokaddem] +- [galaxyClusterRelations] Allow unpublished clusters in the picker. + [mokaddem] +- [galaxyClusterRelations] Display org and orgc. [mokaddem] +- [galaxy] Fixed baseurl typo. [mokaddem] +- [galaxyCluster] Allow all clusters to be forked as long as user can + edit galaxies. [mokaddem] +- [galaxyCluster] Show published status of default clusters as N/A. + [mokaddem] +- [galaxyClusters] Hide more actions based on users permisions. + [mokaddem] +- [galaxyClusters] Added warning regarding useability of clusters. + [mokaddem] +- [sidebar] Move add cluster for more consistency. [mokaddem] +- [sidemenu] `Export Galaxy Clusters` is now visible when viewing + galaxy_cluster/view. [mokaddem] +- [side_menu] Small glitches due to merge. [mokaddem] +- [galaxyClusterBlocklist] Replaced blacklist by blocklist. [mokaddem] +- [clustersRelations:add] Redirect to the index after adding a relation. + [mokaddem] +- [clusterRelations:add] Added helps about relationship type field. + [mokaddem] +- [genericElement] Allow default organisation to be used as a picture. + [mokaddem] + + - The default MISP organisation uses the MISP logo +- [OrgImgHelper] Do not return link for Orgnisation without a valid ID. + [mokaddem] +- [clusterBlocklists:add] Improved validation and added form help. + [mokaddem] +- [clusterRelations:add] Force no galaxy matrix when picking clusters. + [mokaddem] +- [galaxyClusters:index] Do not propose edit for default clusters. + [mokaddem] +- [galaxyClusters:view] Renamed extended_by/from with forked_by/from. + [mokaddem] +- [galaxyClusters:add] Improved form layout and galaxy element ui. + [mokaddem] +- [galaxyClusters] Added more entries in side menu. [mokaddem] +- [restResponseComponent] Added doc for rest client. [mokaddem] +- [restResponseComponent] Added doc for cluster and cluster relations. + [mokaddem] +- [galaxyClusters:selectCluster] Only offers non-deleted clusters. + [mokaddem] +- [galaxyCluster:publish] Slightly simplified save process. [mokaddem] +- [galaxyClusters:publish] Return job id if rest call. [mokaddem] +- [ACLComponent] Added cluster blocklist endpoints. [mokaddem] +- [clusterBlocklist:index] Added base url in table actions. [mokaddem] +- [galaxyCluster] Prevent creation if UUID is in blocklist. Added + default distribution fallback. [mokaddem] +- [clusterBlocklist:delete] Possibility to delete entry by cluster_uuid. + [mokaddem] +- [clusterBlocklist] Added forms and endpoints to interract with the + model. [mokaddem] +- [galaxyCluster:delete] Creates entry in cluster blocklist whenever + hard-deleting. [mokaddem] +- [galaxyCluster] Unset ids before capturing. [mokaddem] +- Removed empty line. [mokaddem] +- [genericElements:extended] Renamed `extended` related fields into + `tree` and added doc. [mokaddem] +- [galaxy_cluster_link] Added doc. [mokaddem] +- [genericElements:cluster_link] Renamed `cluster_link` into + `galaxy_cluster_link` [mokaddem] +- Added more doc. [mokaddem] +- [galaxyClusterRelation] Code refactoring and documentation. [mokaddem] +- [galaxyCluster] Added bunch of doc. [mokaddem] +- [galaxy] Improved doc. [mokaddem] +- Added more docs. [mokaddem] +- [ClusterRelationsGraphTool] Refacto and simplified code. [mokaddem] +- Removed integer type hinting in controllers. [mokaddem] +- [galaxyClusters] Doc and code reuse. [mokaddem] +- [galaxyClusters] Variable renaming and code reuse. [mokaddem] +- [clusterRelations] Added type hinting. [mokaddem] +- [galaxyCluster:fetchIfAuthorized] Renamed function checkAuthorization + into fetchIfAuthorized. [mokaddem] +- Added comments. [mokaddem] +- Refacto bunch of galaxy clusters files. [mokaddem] +- Refacto some galaxy cluster controller files. [mokaddem] +- [galaxyCluster:saveCluster] Make sure collection_uuid is set before + saving. [mokaddem] +- [galaxyCluster:add/edit] Automatically prepend GalaxyCluster if + missing. [mokaddem] +- [galaxyClusters:index] Allow site_admin to publish from the cluster + index. [mokaddem] +- [galaxyClusters:index] Allow site_admin to perfom more actions. + [mokaddem] +- [server:pull] Pluralized `pull_relevant_cluster` as we may pull more + than one. [mokaddem] +- [galaxyCluster:publish_router] Accept cluster data or cluster id. + [mokaddem] +- [galaxyClusters:view_relations] Rebuild tree right after quick form + submit. [mokaddem] +- [galaxyCluster:view_relations] Added support of pickers in quick add + form. [mokaddem] +- [clusterRelations:add] Added picker for cluster source. [mokaddem] +- [galaxyCluster:add] Usage of new genericForm's picker for + clusterElement UI. [mokaddem] +- [genericForm:picker] Use a default text for the picker label if not + provided. [mokaddem] +- [formHelper] Added support of picker widget. [mokaddem] +- [clusterRelations:add] Added target cluster and tags picker. + [mokaddem] +- [event:publish] Publishing also pushes attached custom galaxy + clusters. [mokaddem] +- [server:push_galaxy_cluster] Working version of cluster push all + technique. [mokaddem] +- [server:pull_cluster] Added support of `numeric` pull technique. + [mokaddem] +- [galaxyCluster:pull] Pull clusters before events and added support of + published state. [mokaddem] +- [galaxyClusters:updateCluster] Improved parsing of new element to be + added from parent. [mokaddem] +- [galaxyCluster] Usage of model alias when fetching a cluster. + [mokaddem] +- [galaxyCluster] Centralized permission checks and code refactoring. + [mokaddem] +- [galaxyCluster] Replaced `galaxyCluster->find` by its ACL-aware + counterpart where applicable - WiP. [mokaddem] +- [clusterRelation] Unpublish source cluster when altering a relation. + [mokaddem] +- [servers:getVersion] Return `perm_galaxy_editor` status. [mokaddem] +- [clusterRelation:captureRelation] More lenient capture of orgc. + Fallback to orgc=org if user is not a sync user. [mokaddem] +- [galaxyCluster:captureCluster] More lenient capture of orgc. Fallback + to orgc=org if user is not a sync user. [mokaddem] +- [galaxyCluster:push] Only push custom clusters that are contained in + the event getting pushed. [mokaddem] +- [GalaxyCluster] Fetcher function arrange the data before returing its + results. [mokaddem] +- [galaxyCluster:add] Force orgc to be the user adding the cluster. + [mokaddem] +- [GalaxyClusters:edit] Improved error message format. [mokaddem] +- [GalaxyClusters:add] Improved error message format. [mokaddem] +- [galaxyCluster:add] Allow adding cluster with galaxy uuid. [mokaddem] +- [ACLComponent] Added entry galaxy_clusters/restSearch. [mokaddem] +- [server:pull] Improved pull process for galaxyClusters. [mokaddem] +- [galaxyCluster] Usage of alias when building ACL conditions. + [mokaddem] +- [clusterRelations:add] Savings tags is more flexible and reliable. + [mokaddem] +- [acl] Updated endpoints and sidebar permissions. [mokaddem] +- [galaxyCluster:view] Arrange data before exporting. [mokaddem] +- [galaxyCluster:add] Improved error reporting and importing now uses + `add` endpoint. [mokaddem] +- [galaxyCluster:crud] Improved how clusters and their linked models are + saved. [mokaddem] +- [galaxies:delete] Allow deletion by uuid. [mokaddem] +- [galaxyCluster:restSearch] Added support of additional search params. + [mokaddem] +- [galaxyCluster:capture] Improved cluster catpure. [mokaddem] + + - Allow to capture relationships pointing to unknown clusters + - Improved display of relationships +- [galaxyCluster:export] Unset useless fields before export. [mokaddem] +- [galaxyClusers:relations_graph] Display notice if no relation. + [mokaddem] +- [galaxyCluster:relations_graph] Added filtering capability and fixed + redraw issue. [mokaddem] +- [clusterRelations:view_relations] Select default distribution. + [mokaddem] +- [clusterRelations:index] Use correct alias. [mokaddem] +- [clusterElements:updateElements] Possibility to delete or not old + data. [mokaddem] +- [generic_index:relation_counts] Changed icons. [mokaddem] +- [clusterRelations:relations_graph] Slight UI improvements. [mokaddem] +- [clusterRelations:relations_graph] Display tags on the links. + [mokaddem] +- [galaxyClusters:relations_graph] Support of tag numerical values. + [mokaddem] +- [clusterRelations:view_relations] Display all relation tags. + [mokaddem] +- [clusterRelations:fetcher] Performs massaging on targetting relations. + [mokaddem] +- [galaxyCluster:restSearch] Improved iterated_fetch process. [mokaddem] +- [galaxyCluster:view_relations] Added #relations and added relation + tag. [mokaddem] +- [clusterRelations:add] Refactored how relations are saved to better + support tags and force override. [mokaddem] +- [clusterRelations:index] Support of tags. [mokaddem] +- [clusterRelations:CRUD] Added support of tags. [mokaddem] +- [clusterRelations:index] Improved UI and new `cluster_link` generic + index field. [mokaddem] +- [appModel:update-55] Added indexes and removed incorrect sql commands. + [mokaddem] +- [galaxyClusters:pull] Added pull capabilities to fetch remote + clusters. [mokaddem] +- [galaxyCluster:push] Correctly alter data before pushing and added + nets to avoid pushing if not applicable. [mokaddem] +- [galaxyCluster:getElligibleClustersToPush] Renamed function for better + clarity. [mokaddem] +- [server:push] Drafty version of galaxyCluster push. [mokaddem] +- [galaxyCluster] Added drafty version of restSearch. [mokaddem] +- [clusterRelations:edit] Make edit works again and improved error + reporting. [mokaddem] +- [galaxyCluster] Usage of both ID and UUID for relation with drafty + working version of import/export. [mokaddem] +- [galaxyClusters] Improved logging and error reporting. [mokaddem] +- [galaxyCluster] First version of capture functions. [mokaddem] +- [galaxy:export] Added configurable galaxy exporter. [mokaddem] +- [event:view] Added support of relation_tree for galaxyQuickView. + [mokaddem] +- [clusterRelations] Moved relation_tree into its own `tool` and added + modal support for galaxyQuickView. [mokaddem] +- [cluster:view_relations] Decoupled relation_tree from the form. + [mokaddem] +- [clusters:index] Reworked how the forks are displayed. [mokaddem] +- [clusters:update_cluster] Changed title for improved clarity. + [mokaddem] +- [clusterRelations:networkGenerator] Moved function in `Lib/Tools` + [mokaddem] +- [clusterRelations:relations_graph] Added distribution and Org info. + [mokaddem] +- [galaxyClusters:relations_graph] Keep link labels always readable. + [mokaddem] +- [events:relations_graph] Added Referencing Clusters. [mokaddem] +- [clusters:view] Added Cluster relation index table. [mokaddem] +- [clusterRelations:networkGraphs] Improved UI by highlighting root + nodes. [mokaddem] +- [cluster:relations_graph] Added labels to links. [mokaddem] +- [clusterRelations:index] Support of tag_name search. [mokaddem] +- [galaxy:relations_graph] Added links in tooltip. [mokaddem] +- [galaxy:relations_graph] Support of node and link selection. + [mokaddem] +- [galaxy:relations_graph] Added tooltip support. [mokaddem] +- [clusterRelations:view_relations] Improved layout support tags in both + side. [mokaddem] +- [clusterRelations:view_relations] Added arrows and improved UI. + [mokaddem] +- [clusterRelations:view_relations] Working draft version for 2-sided + tree. [mokaddem] +- [clusterRelations:view_relations] Attached referencing relations. + [mokaddem] +- [clusterRelations:view_relations] Started implementation of double + sided tree. [mokaddem] +- [clusterRelations:view_relations] Quick submit and few fixes. + [mokaddem] +- [clusterRelations] Very basic CRUD. [mokaddem] +- [clusterRelations] Model linking and basic index. [mokaddem] +- [galaxyClusters:viewRelations] Improved UI. [mokaddem] +- [clusterRelations] Improved UI of relation_graph and relation_viewer. + [mokaddem] +- [galaxy] Renamed `reference` into `relation` [mokaddem] +- [galaxyClusters:updateCluster] Working version and improved UI and + text. [mokaddem] +- [galaxyClusters:updateCluster] Slightly improved UI. [mokaddem] +- [galaxy:sidebar] Moved item for more consistency. [mokaddem] +- [galaxyClusters:fork_tree] Replaced rectangle by label for version. + [mokaddem] +- [galaxyClusters:view] Added warning if new parent version available. + [mokaddem] +- [galaxuCluster:add] Added `extends_version` [mokaddem] +- [galaxyClusters:view] Added forked version number. [mokaddem] +- [galaxy:fork_tree] Version's rectangle with is now dynamically + computed. [mokaddem] +- [galaxy:fork_tree] Added version node - WiP. [mokaddem] +- [galaxy:fork_tree] Added more information in the tooltip. [mokaddem] +- [galaxyClusters] Added column `extends_version` [mokaddem] +- [galaxy:fork_tree] Adapth root node size. [mokaddem] +- [galaxy:import] Preliminary work on export/import galaxy clusters. + [mokaddem] +- [galaxyCluster:index] Added titles to action buttons. [mokaddem] +- [galaxyCluster:view] Added org/orgc in meta. [mokaddem] +- [galaxy:fork_tree] Added orgc picture in nodes. [mokaddem] +- [galaxy:fork_tree] Added galaxyElement in the tooltip. [mokaddem] +- [galaxy:index] Possibility to toggle fork view. [mokaddem] +- [galaxy:fork_tree] Moved generation in the model. [mokaddem] +- [galaxy:fork_tree] Doubleclick redirects to the cliked element. + [mokaddem] +- [galaxy:fork_tree] Added fork tree visualisation - WiP. [mokaddem] +- [genericForm:extend] Adde `extended_generic` that support both + `extended_by` and `extended_from` [mokaddem] +- [galaxyCluster:sidebar] Reorganised the sidebar a bit. [mokaddem] +- [galaxyCluster:views] Added `extended_by` and `extended_from` + information. [mokaddem] +- [galaxyCluster:edit] Created model and controller functions. + [mokaddem] +- [galaxyClusters:add] Created views, controller and models functions. + [mokaddem] +- [galaxyCluster] Restored working behavior of `index` and `view` views. + [mokaddem] +- [genericElement:indexTable] Removed auto casting to boolean as the + bool element exists. [mokaddem] +- [galaxyCluster:fetchClusters] Added function. [mokaddem] + +Fix +~~~ +- [security] Make cluster's elements adhere to ACL. [mokaddem] +- Missing dep in actions. [Raphaël Vinot] +- [installer] Added missing checkout. [Steve Clement] +- [galaxy update] tag capture fixed. [iglocska] + + - set random colour and some other default values +- [galaxy update] force flag should be cast to boolean. [iglocska] +- [eventReport:reportFromEvent] Correctly apply filter conditions Fix + #6631. [mokaddem] +- [tags] Pass user object to massaging function. [mokaddem] +- [event:index] Pass missing parameter. [mokaddem] +- [installer] if not installed as a user other then 'misp' we used to + fail, now fixed. [Steve Clement] +- [internal] Do not try to fetch empty job. [Jakub Onderka] +- [tags] invalid function call for the tag massaging after adding a tag. + [iglocska] +- [tags] Pass user object to massaging function. [mokaddem] +- [appController] Prevent notice for `perm_galaxy_editor` if update is + still running. [mokaddem] +- [logs] Add missing AuthKey model to log search. [Jakub Onderka] +- [authkey] There is no AuthKey.timestamp column. [Jakub Onderka] +- [UI] There is nothing like AuthKey.disabled. [Jakub Onderka] +- [UI] Auto prevent default for index table actions. [Jakub Onderka] +- [UI] Add label to delete auth key icon. [Jakub Onderka] +- [UI] Remove unused inbox controller and menu link. [Jakub Onderka] +- [server:sqlRecoveryQuery] Added support of unsigned int Fix #6618. + [mokaddem] +- [galaxy:update] Correctly delete clusters when performing a force + update. [mokaddem] +- [security] XSS in the template element index view - As reported by + Rubin Azad. [mokaddem] +- [object] Send all required arguments. [mokaddem] +- [authkey] default value incorrect. [iglocska] +- [galaxy:update] Make sure the fake user has the perm_sync right. + [mokaddem] +- [UI] Correct path to user profile from authkey view. [Jakub Onderka] +- [security] Proper check who can view new authkeys. [Jakub Onderka] +- [test] Do not pull PyMISP. [Jakub Onderka] +- [internal] MISP update without branch. [Jakub Onderka] +- [test] Run updates. [Jakub Onderka] +- [attribute:fetch_attributes] Respect group_by request. [mokaddem] +- [mispObject:save_object] Returns error in correct format. Fix #6598. + [mokaddem] +- [acl] Added report_from_event entry in ACL. [mokaddem] +- Fix spelling of sightings_anonymise_as description. [Mat] +- Perms in travis, var in gh action. [Raphaël Vinot] +- Just make config writable by everyone, again. [Raphaël Vinot] +- Just make config writable by everyone. [Raphaël Vinot] +- [internal] Diagnostic data download. [Jakub Onderka] +- [internal] Server::update method. [Jakub Onderka] +- [internal] Initialize ZMQ just when necessary after setting change. + [Jakub Onderka] +- [event index] search via attribute key allows for empty input now. + [iglocska] +- [internal] Destroy session just when session is started. [Jakub + Onderka] +- [index search] allow for list of values to be passed via the attribute + key. [iglocska] +- [tag:search] Correctly pass user data. [mokaddem] +- [UI] Put back requesting API access to user page. [Jakub Onderka] +- [security] Properly validate new auth key. [Jakub Onderka] +- [UI] Cerebrate -> MISP. [Jakub Onderka] +- [MYSQL.sql] added first/last seen. [iglocska] +- [MYSQL.sql] removed duplicate entry. [iglocska] +- [test] Update db_schema.json for auth_keys table. [Jakub Onderka] +- [test] Update database before generating new user. [Jakub Onderka] +- [MYSQL.sql] updated. [iglocska] + + - incorporated all changes from 40 -> 61 + - should solve the userinit issues +- [authkey] convert existing keys. [iglocska] + + - added functionality to convert old style API keys to the setting description +- [UI] various smaller fixes. [iglocska] +- [authkey] various improvements. [iglocska] + + - correct lookup of users by API key when no expiration is set + - added authkey reset functions +- [rest client] implenented changes for advanced authkeys. [iglocska] + + - strip auth headers in the history + - but not in the actual request +- [various fixes] to the authkeys controller. [iglocska] + + - invalid admin lookup fixed + - restriction to individual users added when using a user view to access the authkey index +- [copy pasta] menues shown twice on user view fixed. [iglocska] +- [galaxyCluster] Improved compatibility detection. [mokaddem] +- [galaxyCluster] Bump timestamp after soft-deletion and restoration. + [mokaddem] +- [RestClient] Catch exceptions and show error message to user. [Jakub + Onderka] +- [galaxyCluster] Apply deleteAll on correct model. [mokaddem] +- [galaxyClusters:view_relations] No galaxy matrix in the picker. + [mokaddem] +- [galaxyCluster] Allow forks with same name to appear in the picker. + [mokaddem] +- [galaxyClusterController:edit] Default empty list to empty string. + [mokaddem] +- [galaxies:export] typo. [mokaddem] +- [galaxyCluster] Fixed publishing cluster permissions. [mokaddem] +- [galaxyCluster:edit] Edit do not require distribution field. + [mokaddem] +- [galaxies] Correctly highlight galaxy in index scope. [mokaddem] +- [galaxyClusters:index] Apply find on correct model for REST requests. + [mokaddem] +- [galaxyClusterRelations:index] Added baseurl. [mokaddem] +- [servers:restClient] Keep HTTP body on template selection if it + changed. [mokaddem] + + Making someone happy: + oooooooooooooooo+++ssyyyysso++ooooooooooosssyyysoo + oooooooooooooo+shmMNNNNNNNmmmdys+ooooooooyyyyysyhs + oooooooooooo+yNMNMNNNNNNNNNNNNdhds/ooooooosooooooo + oooooooooo+omMMMMMNNNNNNNNNNNNNmhdy/oooooooooooooo + ooooooooo++NMMMMNMNNNNNNNNNNmmmmdhm/oooooooooooooo + ooooooooo+yMMMMMMMMMNNNNNNNmmdmdmhN/oooooooooooooo + ooooooooo+oNMMNNmNMMMMMMNNNmddmdmhN/oooooooooooooo + oooooooooooodddhmys+.yyyhNNmdmNdNhh/oooooooooooooo + oooooooooooss/y+syso+s---+smdNhomdy+oooooooooooooo + ooooooooooooos:+oo+/-.....:hoos+Nmo+oooooooooooooo + oooooooooooo+sysso/-.......-.ohmNd/ooooooooooooooo + ooooooooooooo+yooo:-........-hNmh/+ooooooooooooooo + oooooooooooooo/ho+-.......-:+dhs//oooooooooooooooo + ooooooooooooooo+ys/::::/o++ooh:.:/+o+/+ooooooooooo + oooooooooooooooo+ooyhydNyoshy+.`````:++o++oooooooo + ooooooooooooooo+osssossyyhyo+-`````/:.``:y/+oooooo + ooooooooooooo+oyooosssssso/-````../:-````+s/oooooo + oooooooooooo++hosssssso+-```````::/:+hhyyyd:oooooo + oooooooooooo/hossssso+:````````./oo+ymsdyym:oooooo + ooooooooooo/ssoyysso/.```````.:+ho+smNmmmmN/+ooooo + ooooooooooo/moshdyyso/`````:osydsoohodddhym/oooooo + oooooooooo+yyossdhsooo-``.-ossshosd/:-..-sd/oooooo + oooooooooo/msshdd++/:--//+++oo+sss++:.```oy+oooooo + oooooooooo/mosssshhs+oo+/::-..``-/++--```m++oooooo + oooooooooo/d++ooossdmhs++oooo++/:--:-.``:d/ooooooo +- [internal] Do not fetch unnecessary correlations for distribution + graph. [Jakub Onderka] +- [object:deltaMerge] Stopped updating object's attributes when updating + the FS/LS. [mokaddem] + + - Make sure to compare the correct date value of FS/LS and not their representation +- [eventReports] Handle exception for EventReportsController::index. + [Jakub Onderka] +- [regression] invalid server loaded for connection test. [iglocska] +- [galaxyClusters] Fixing badly merged merge-conflict. [mokaddem] +- [internal] Properly set login times for custom auth. [Jakub Onderka] +- [UI] Join with ", " array meta values for event reports. [Jakub + Onderka] +- [UI] Prepend URL with baseurl. [Jakub Onderka] +- [UI] Disable debounce slowdown for first event report render. [Jakub + Onderka] +- [UI] Show 'Add Event Report' just when user can modify event. [Jakub + Onderka] +- [internal] Do not start session for shell commands. [Jakub Onderka] +- [internal] Do not load all attributes and sightings when editing + event. [Jakub Onderka] +- [server:restclient] Removed force url for codemirror hints. [mokaddem] +- [object:edit] Changes on fs/ls handling for object's attributes. + [mokaddem] + + - Allow object's attributes to have fs/ls different from their object. + - Object's attribute's timestamp is no longer refreshed when editing an object unless the attribute changed + - Object's attribute's inherit their object fs/ls if unset +- [attribute] `only_full_group_by` fixed for `__getCDIRList`. Fix #6218. + [mokaddem] +- [appmodel] Make sure parameter is a string before accessing string + index. Fix #6544. [mokaddem] +- [logs:admin_index] Removed bad usage of PHP's compact function Fix + #6543. [mokaddem] +- [tags:search] Apply correct conditions on corresponding models. Fix + #6475. [mokaddem] +- [stix2 import] Fixed parsing of objects mapped into galaxies for + external STIX. [chrisr3d] + + - Mapping dictionary was not loaded correctly + while calling the ExternalStixParser class, and + it is now fixed + - For objects from external STIX content that + should be mapped as galaxies (such as malware, + threat actor, and so on), we do not only test + the perfect match with one of the galaxy names + in the mapping dictionary, we also test now if + the galaxy name is contained in any of the + known galaxy names of the dictionary +- [new tag index] added, left off in previous commit. [iglocska] +- [servers:rest] Querybuilder performance improved when loading a new + endpoint. [mokaddem] +- [internal] `Undefined index: value` warning. [Jakub Onderka] +- [galaxyClusters] Removed print statement. [mokaddem] +- [galaxyCluster] Only fetch targeting relations if full requested. + [mokaddem] +- [galaxyClusterRelation] id condition not ambiguous. [mokaddem] +- [galaxyClusterRelation] Make sure contain is an array. [mokaddem] +- [galaxyClusterRelation] Make sure to include sourceCluster for the ACL + condition. [mokaddem] +- [galaxyClusterRelation] Make sure owner of source cluser can see + org_only relations. [mokaddem] +- [galaxyCluster] Hide edit cluster for notallowed users. [mokaddem] +- [galaxyCluster] Recursive conditions on grandparent model. [mokaddem] +- [galaxyClusterRelations] Hide delete button for non-elligible users. + [mokaddem] +- [galaxyClusterRelation] Hide linked clusters where applicable. + [mokaddem] + + - For source cluster, hide the relation + - For target cluster, show the relation but hide target data +- [galaxyCluster] Allow hard-deletion of default clusters. [mokaddem] +- [galaxyClusterBlocklist] Correct usage of the new blocklist component. + [mokaddem] +- [event] Failed merge conflict. [mokaddem] +- [clusterRelations:edit] Make edition of relation possible Make sure to + assign the source cluster id to the relation. [mokaddem] +- [clusterRelations:index] Correctly unset target cluster if unkown and + uses correct index element. [mokaddem] +- [galaxies:export] Return application/json MIME type for all exports. + [mokaddem] +- [misp.js] Addressed lgtm warnings. [mokaddem] +- [galaxyCluster] Make sure the value is not empty while saving. + [mokaddem] +- [server:pull] Make sure to update the job progress only if we are + running in a background job. [mokaddem] +- [server:pull] Makes pull works with jobs. [mokaddem] +- [galaxyCluster:updateRelationsForSync] Use correct model to get + announceBaseUrl. [mokaddem] +- [galaxyCluster:captureCluster] Block any attempt to modify a not + locked clusters if server is not internal. [mokaddem] +- [galaxyClusterRelation:editRelation] Removed typo. [mokaddem] + + Cluster returned by fetchIfAuthorized is not inside a list +- [galaxyCluster:saveRelation] Set `default` value if unset and allow + saving unknown clusters if force flag set. [mokaddem] +- [galaxyCluster:fetchIfAuthorized] Adhere to $throwErrors if the ID is + invalid. [mokaddem] +- [galaxyCluster:publish] Cluster parameter can be of any type. + [mokaddem] +- [galaxyCluster:publishRouter] Cluster parameter can be of any type. + [mokaddem] +- [appModel:db_changes] Added new entry. [mokaddem] +- [galaxyCluster:fetchGalaxyCluster] Make sure to fetch a fresh version + of the sharinggroup with all its associated data. [mokaddem] +- [GalaxyCluster:fetchGalaxyCluster] Correctly attach all sharinggroup + information. [mokaddem] +- [galaxyCluster] Make sure we correctly update cluster relations and + few QoL fixes. [mokaddem] +- [clusterRelations:add] Correctly report validation errors. [mokaddem] +- [install:MySQL] Create `perm_galaxy` in roles table before updating + rows. [mokaddem] +- [clusterRelations:add/edit] Avoid error variable override. [mokaddem] +- [clusterRelation:delete] Take first result if id matches. [mokaddem] +- [clusterRelation] Use correct linked model alias. [mokaddem] +- [galaxyCluster] Typo when accessing variables. [mokaddem] +- [ACLComponent] Put `pushClusters` into the correct section. Also + removed useless condition. [mokaddem] +- [servers:push] Do not throw exception while pushing via rest query. + [mokaddem] +- [galaxy:import] Set org and orgc to default MISP org. [mokaddem] +- [clusterRelations:view_relation_tree] Avoid id collision for cross- + referencing clusters. [mokaddem] +- [galaxy:import] Correctly set distribution when importing from + repository. [mokaddem] +- [clusterRelations:edit] Endpoint access data with/without model key. + [mokaddem] +- [clusterRelation] Added entry in ACLComponent and improved rest error + message. [mokaddem] +- [clusterRelations] Corrected conditions allowing the creation/update + of relations. Plus, get rid of not-used relation's value. [mokaddem] +- [clusterRelation:add] Use the correct key to access cluster info. + [mokaddem] +- [clusterRelations:add] Removed useless translation. [mokaddem] +- [clusterRelation:restSearch] Allow org to see their own relations if + they are distribution=org_only. [mokaddem] +- [galaxyCluster] Typo in linked model. [mokaddem] +- [galaxyCluster:fetchClusters] Added missing conditions for + clusterRelations. [mokaddem] +- [galaxyCluster:pull] Correctly capture the Orgc. [mokaddem] +- [galaxyClusterRelation:getRelations] Could not fetch relations with no + full group by enabled. [mokaddem] +- [galaxyCluster:captureCluster] Make sure to capture the galaxy if + unkown. [mokaddem] +- [clusterRelation:captureRelations] Default referenced galaxy id to 0 + if it's unkown. [mokaddem] +- [galaxyCluster:view_relation_tree] Tree links takes into account the + avg numerical_value. [mokaddem] +- [galaxies:massageTags] Pass user to the model. [mokaddem] +- [clusterRelations:syncUUIDsAndIDs] Make sure to default referenced + cluster id to 0 if unknown. [mokaddem] +- [galaxy:import] Use correct data path to retrieve galaxy id. + [mokaddem] +- [galaxyCluster:edit] Fixed key name issues preventing clusters to be + edited similar to the `add` endpoint. [mokaddem] +- [galaxyCluster:relations_graph] Fixed link id not used consistently. + [mokaddem] +- [clusterRelations:catpure] More flexible tag capture. [mokaddem] +- [galaxy:import] Set the locked flag for the imported galaxyCluster. + [mokaddem] +- [galaxyCluster] Make sure to sync id/uuid for the target relation. + [mokaddem] +- [galaxyCluster:view_relation_tree] Fixed division by 0. [mokaddem] +- [galaxyClusters:relations_graph] Draw relation text only once + + Physics tweaking. [mokaddem] +- [galaxyClusers:relations_graph] Draw nodes after links. [mokaddem] +- [galaxyCluster:CRUD] Fixed fields not being saved correctly and + improved API feedback. [mokaddem] +- [clusterRelations:relation_tree] looping with function callback change + the value of `this` [mokaddem] +- [server:pushGalaxyCluster] Correctly select UUIDs to be pushed. + [mokaddem] +- [clusterRelations:view_relations] Avoid duplication of targetting + relations. [mokaddem] +- [clusterRelations:view_relations] Correctly sync ID and UUID when + adding a relation and repaired view. [mokaddem] +- [clusterRelations:relations_graph] Support of fallback `MISP` + Organisation and improved tooltip layout. [mokaddem] +- [galaxy:quickViewMini] Prevent multiple `mouseover` listeners. + [mokaddem] +- [cluster:add_relation] Correctly use the freetext relation if picked. + [mokaddem] +- [clusters:edit] ClusterElementUI do not duplicate rows each time it's + displayed. [mokaddem] +- [event:view] Prevent global variable overide. [mokaddem] +- [ClusterRelationsGraphTool] Inject Orgs and SharingGroup info for + referencing nodes. [mokaddem] +- [events:view] Fixed cluster_relations filename and distribution info. + [mokaddem] +- [clusterRelations:fork_tree] Prevent division by 0. [mokaddem] +- [galaxy] Few leftovers to be renamed. [mokaddem] +- [galaxy:fork_tree] Better handling of versions. [mokaddem] +- [galaxyCluster:view] Catch if cluster has no `extended_from` + [mokaddem] +- [galaxy:editCluster] Correctly update galaxyElements. [mokaddem] +- [galaxy:fork_tree] Correctly print default value. [mokaddem] +- [galaxu:index] Corrected cluster base urls locations. [mokaddem] +- [genericIndexTable:extended_generic] Do not duplicate field if both + `from` and `by` are used. [mokaddem] +- [galaxyCluster:attachToEventIndex] Usage of the correct function. + [mokaddem] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6638 from korrosivesec/feature/jarm. [Alexandre + Dulaunoy] + + new: [datamodels] added jarm-fingerprint type +- Merge pull request #6639 from SteveClement/guides. [Steve Clement] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6636 from MISP/gh_actions_var. [Raphaël Vinot] + + chg: Improve actions +- Merge pull request #6632 from StefanKelm/2.4. [Alexandre Dulaunoy] + + Update Server.php +- Update Server.php. [StefanKelm] + + Tiny re-wording +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6630 from SteveClement/guides. [Steve Clement] +- Merge pull request #6628 from JakubOnderka/update-json-speedup. [Jakub + Onderka] + + chg: [internal] Faster updating JSON structures +- Merge pull request #6629 from SteveClement/guides. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge branch 'guides' of github.com:SteveClement/MISP into guides. + [Steve Clement] +- Merge pull request #6572 from JakubOnderka/syslog-stderr-disable. + [Jakub Onderka] + + Syslog stderr disable +- Merge pull request #6625 from JakubOnderka/setting-change-exception. + [Jakub Onderka] + + chg: [internal] Throw exception if setting name doesn't exists +- Merge pull request #6626 from JakubOnderka/no-empty-job. [Jakub + Onderka] + + fix: [internal] Do not try to fetch empty job +- Merge remote-tracking branch 'origin/2.4' into JakubOnderka-galaxy- + cluster-fetch. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6623 from JakubOnderka/log-search-models. [Jakub + Onderka] + + fix: [logs] Add missing AuthKey model to log search +- Merge pull request #6586 from JakubOnderka/autkey-fixes. [Jakub + Onderka] + + Authkey UI fixes +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6559 from JakubOnderka/fist-last-seen-sort. [Jakub + Onderka] + + new: [UI] Allow to sort attributes or objects by first and last seen +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6617 from JakubOnderka/freetext-feed-saving. + [Jakub Onderka] + + chg: [feed] Optimise freetext feed caching +- Merge pull request #6609 from JakubOnderka/remove-inbox-controller. + [Jakub Onderka] + + fix: [UI] Remove unused inbox controller and menu link +- Merge pull request #6621 from JakubOnderka/extension-version. [Jakub + Onderka] + + new: [diagnostic] Check extensions version +- Merge pull request #6120 from mokaddem/galaxy-cluster2.0. [Sami + Mokaddem] + + [feature] Cluster relations and synchronization - aka Galaxy 2.0 +- Merge branch '2.4' into galaxy-cluster2.0. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge pull request #6496 from JakubOnderka/experimental-stream- + convert. [Jakub Onderka] +- Merge pull request #6589 from JakubOnderka/group-search-current-value. + [Jakub Onderka] + + chg: [UI] For search field, by default put current search term +- Merge pull request #6587 from JakubOnderka/authkey-view. [Jakub + Onderka] + + Authkey view permission fix +- Merge pull request #6604 from JakubOnderka/github-test-changes. [Jakub + Onderka] + + GitHub test changes +- Merge pull request #6605 from JakubOnderka/php-extension-diagnostic. + [Jakub Onderka] + + chg: [diagnostic] Smarter PHP extension diagnostics +- Merge branch 'feature-report-from-event' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-report-from- + event. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-report-from- + event. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-report-from- + event. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-report-from- + event. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge pull request #6580 from Maddosaurus/fix-plugin-setting-spelling. + [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge pull request #6600 from MISP/github_action_2. [Raphaël Vinot] + + chg: try to fix weirdness in PyMISP git history +- Merge pull request #6601 from JakubOnderka/fix-diagnostic-download. + [Jakub Onderka] + + fix: [internal] Diagnostic data download +- Merge pull request #6599 from JakubOnderka/misp-update-fix. [Jakub + Onderka] + + fix: [internal] Server::update method +- Merge pull request #6597 from JakubOnderka/zmq-setting-change-fix. + [Jakub Onderka] + + fix: [internal] Initialize ZMQ just when necessary after setting change +- Merge pull request #6596 from JakubOnderka/bump-pymisp. [Raphaël + Vinot] + + chg: Bump PyMISP +- Merge pull request #6588 from JakubOnderka/gpg-version-diagnostics. + [Jakub Onderka] + + new: [diagnostic] Show installed GnuPG version +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch 'session_destruction' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge pull request #6561 from JakubOnderka/rest-attribute-include- + context. [Jakub Onderka] + + chg: [rest] For attribute REST search with includeContext, fetch events just once +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6532 from JakubOnderka/user_edit. [Jakub Onderka] + + User edit permissions +- Merge branch 'authkey_fix' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6584 from JakubOnderka/authkeys-test-fix. [Jakub + Onderka] + + fix: [test] Update database before generating new user +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge branch 'CRUD' into 2.4. [iglocska] +- Merge branch '2.4' into CRUD. [iglocska] +- Merge branch '2.4' into CRUD. [iglocska] +- Merge branch '2.4' into CRUD. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge pull request #6560 from JakubOnderka/rest-client-handle- + exceptions. [Jakub Onderka] + + fix: [RestClient] Catch exceptions and show error message to user +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6566 from JakubOnderka/distribution-disable- + correlation. [Jakub Onderka] + + fix: [internal] Do not fetch unnecessary correlations for distributio… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6564 from JakubOnderka/fix-can-modify-report. + [Jakub Onderka] + + fix: [eventReports] Handle exception for EventReportsController::index +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch 'jakub-event-ui-vol5' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into jakub-event-ui-vol5. + [mokaddem] +- Merge pull request #6529 from JakubOnderka/experimenteal-faster-rest- + fetch. [Jakub Onderka] + + chg: [rest] Faster attributes restSearch +- Merge pull request #6541 from JakubOnderka/head-check-attribute- + object. [Jakub Onderka] + + new: [API] Fast check object or attribute existence by HEAD method +- Merge pull request #6519 from JakubOnderka/update-login-times. [Jakub + Onderka] + + fix: [internal] Properly set login time for custom auth +- Merge pull request #6533 from JakubOnderka/shell-no-session. [Jakub + Onderka] + + fix: [internal] Do not start session for shell commands +- Merge pull request #6538 from JakubOnderka/event-edit-optimisation. + [Jakub Onderka] + + fix: [internal] Do not load all attributes when editing event +- Merge pull request #6548 from JakubOnderka/related-event-template. + [Jakub Onderka] + + chg: [UI] Make related event little bit nicer +- Merge branch 'feature-rest-client-codemirror' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-rest-client- + codemirror. [mokaddem] +- Merge pull request #6542 from JakubOnderka/speedup-sightings-saving. + [Jakub Onderka] + + chg: [internal] Speedup sightings saving +- Merge branch '2.4' of github.com:MISP/MISP into feature-rest-client- + codemirror. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6510 from JakubOnderka/event-edit-metadata. [Jakub + Onderka] + + new: [rest] Allow to return just metadata after creating or editing event +- Merge pull request #6490 from JakubOnderka/json-converter-optim. + [Jakub Onderka] + + chg: [internal] Slightly optimise JSONConverterTool +- Merge pull request #6528 from JakubOnderka/event-view-head. [Jakub + Onderka] + + new: [API] Allow event existence check by HEAD method +- Merge pull request #6521 from JakubOnderka/cached-feed-url-match. + [Jakub Onderka] + + chg: [feed] Check also URL without protocol +- Merge pull request #6514 from JakubOnderka/fix-indefined-index. [Jakub + Onderka] + + fix: [internal] `Undefined index: value` warning +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch 'fix-sg-creation' into galaxy-cluster2.0. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into galaxy-cluster2.0. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into galaxy-cluster2.0. + [mokaddem] + + +v2.4.134 (2020-11-02) +--------------------- + +New +~~~ +- [tag index] simple/advanced view. [iglocska] + + - simple view excludes eventtags / attributetags / sightings + - helps with heavier instances + + - refactor of the index to the new generators + - new elements for the generators added +- [UI] Add link to show related feeds attributes. [Jakub Onderka] +- [UI] Allow to set attachment scan settings from user interface. [Jakub + Onderka] +- [widgets] button for link (#6489) [Loïc Fortemps] +- [statistics shell] year over year org growth added. [iglocska] +- [eventReports] Event auto-tagging from report. [mokaddem] +- [UI] Attachment scan diagnostic. [Jakub Onderka] +- [av] Allow to scan just by file hash. [Jakub Onderka] +- [av] Use misp-module for AV scanning. [Jakub Onderka] +- [av] Malware protection for uploaded files. [Jakub Onderka] +- [UI] Allow to disable hover enrichment. [Jakub Onderka] +- [sync] Show client certificate info in connection test. [Jakub + Onderka] +- [eventReports] Creation of reports from URL using MISP-modules. + [mokaddem] +- [eventReport] Added context replacements and suggestions. [mokaddem] +- [eventReports:markdownEditor] Text replacement with existing + attributes. [mokaddem] +- [eventReports] Attributes suggestion replacement + UI - Draft. + [mokaddem] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [misp-taxonomies] updated. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] Bump version. [Raphaël Vinot] +- Bump PyMISP for testing. [Raphaël Vinot] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [markdownEditor] Add cancel button for the editor. Fix #6506. + [mokaddem] +- Bumped queryversion. [mokaddem] +- [cti-python-stix2] Bumped latest version. [chrisr3d] +- [eventsReport:markdownEditor] Increased base number of hints. + [mokaddem] +- [eventReport:markdownEditor] Adapt hint number based on the length of + the provided input. [mokaddem] +- [eventReports] Removed confusing edit buton in event view. [mokaddem] +- [statistics shell] yearly growth now takes a local only flag as + parameter. [iglocska] +- [UI] Cleanup code of default layout. [Jakub Onderka] +- [module] Allow to specify module timeout. [Jakub Onderka] +- [internal] Allow to fetch Mitre Attack matrix also by name. [Jakub + Onderka] +- [UI] Attach warnings after attribute quick edit. [Jakub Onderka] +- [internal] Move warnings popover generation to value_field template. + [Jakub Onderka] +- [statistics shell] added org engagement function to get insights on + first event creation. [iglocska] +- [eventReport] Improved html_to_markdown module handling. [mokaddem] +- [eventReport] Extracted function. [mokaddem] +- [eventReport] Renamed functions. [mokaddem] +- [eventReports:markdownEditor] Added loading screen when extracting + entities. [mokaddem] +- [misp-galaxy] updated. [Alexandre Dulaunoy] +- [logs] search no longer uses csrf tokens for the form. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to include ATT&CK sub-techniques. [Alexandre + Dulaunoy] +- [module] Better error handling. [Jakub Onderka] +- [module] Move serialization into module class. [Jakub Onderka] +- [UI] Update Font Awesome to 5.15.1. [Jakub Onderka] +- [module] Allow module settings to be dict with setting description. + [Jakub Onderka] +- [module] Serialize post data at one place. [Jakub Onderka] +- [module] Remove unused variable from Module::getModules method. [Jakub + Onderka] +- [UI] Change quick edit icons also for objects and setting edit. [Jakub + Onderka] +- [UI] Use 'Event' instead of 'Info' in correlation popover. [Jakub + Onderka] +- [UI] Add icon for undefined threat level. [Jakub Onderka] +- [UI] Nicer required asterisk. [Jakub Onderka] +- [UI] For revise object, do not validate unique UUID. [Jakub Onderka] +- [internal] Do not load notifications for ajax requests. [Jakub + Onderka] +- [internal] Add suggested PHP extensions to composer.json. [Jakub + Onderka] +- [internal] Update composer.phar to 1.10.15. [Jakub Onderka] +- [travis] Do list all directories after failed test. [Jakub Onderka] +- [internal] Save same time and memory in RestResponseComponent. [Jakub + Onderka] +- [UI] Use standard way how to show attribute values for resolved + results. [Jakub Onderka] +- [UI] Fixes for user profile admin view. [Jakub Onderka] +- [eventReports:markdownEditor] Improved parsing and provide feedbacks + if elements cannot be rendered. [mokaddem] +- [eventReport:markdownEditor] Improved parsing of context (reduced + false positive) + find rendered element in doc. [mokaddem] +- [eventReport:markdownEditor] Interface improvements. [mokaddem] +- [eventReport] Draft support of context auto replacement. [mokaddem] +- [eventReport:markdownEditor] Prevent double extraction for tags. + [mokaddem] +- [eventReport] Simplified replacement mechanism. [mokaddem] +- [eventReports:markdownEditor] Cleanup and function renaming. + [mokaddem] +- [eventReport] Support of replacement regex & automatic replacement - + DRAFT. [mokaddem] +- [eventReports:markdownEditor] Reorganise function position. [mokaddem] +- [eventReports:markdownEditor] Popover to show replacement attribute. + [mokaddem] +- [evnetReport:markdownEditor] UI improvements on suggestion tables. + [mokaddem] +- [eventReports:markdownEditor] Suggestion UI improvements. [mokaddem] +- [eventReport:markdownEditor] Do no propose extractions for existing + replacements. [mokaddem] + +Fix +~~~ +- [stix import] Avoiding issue with test_mechanisms with no rule value. + [chrisr3d] +- [internal] Remove warning when modules are not reachable. [Jakub + Onderka] +- [security] SSRF fixed in the rest client. [iglocska] + + - by using the full path parameter in the rest client, users could issue queries to any server + - this becomes especially problematic when the MISP server is able to query other internal servers, + as external users could trigger those + + - new server setting added that allows enabling the full path option, this is now disabled by default + - new server setting added to add an override baseurl for the rest client, removing the need for the full + path option in the first place (for example for the training VM with its port forwarding) + + - Thanks to Heitor Gouvêa for reporting this vulnerability +- [eventReport] Function call not adapted after module rework merge. + [mokaddem] +- [ACL] Add missing controllers from EventReports. [Jakub Onderka] +- [internal] Warning when viewing feed info. [Jakub Onderka] +- [UI] Show error message if genericPopup ajax request fails. [Jakub + Onderka] +- [eventReport:markdownEditor] Show full attribute value in print mode. + Fix #6507. [mokaddem] +- [UI] More space in sighting graph for a lot of sightings numbers. + [Jakub Onderka] +- [UI] Add missing line break. [Jakub Onderka] +- [UI] Remove forgotten removed variable. [Jakub Onderka] +- [UI] Show correct message when saving object after quick edit. [Jakub + Onderka] +- [UI] Show error if multiSelectAction fails. [Jakub Onderka] +- [eventReport] Correctly tag event if requested + undefined variable. + [mokaddem] +- #6354. [Nick] + + fix: #6354 + + Need escape for quote in regex +- [av] Send to module also attribute UUID and value. [Jakub Onderka] +- [modules] Better error handling for connection problems. [Jakub + Onderka] +- [module] Throw exception if response JSON is invalid. [Jakub Onderka] +- [UI] Remove unnecessary empty div from seen_field. [Jakub Onderka] +- [UI] Do not allow to add tags when showing event to merge. [Jakub + Onderka] +- [UI] Fix strikethrough text decoration for deleted reference. [Jakub + Onderka] +- [UI] Remove unnecessary form element from correlated events. [Jakub + Onderka] +- [internal] Remove compressing by ZIP PHP extensions. [Jakub Onderka] +- [internal] Avoid warnings in global_menu. [Jakub Onderka] +- [resource-widget] Use redisInfo method for getting info. [Jakub + Onderka] +- [tools] Variable names typo. [chrisr3d] +- [internal] Check Crypt_GPG version. [Jakub Onderka] +- [UI] Put back missing homepage star. [Jakub Onderka] +- [internal] Unused variable in Event::__generateCachedTagFilters. + [Jakub Onderka] +- [internal] Remove unused file. [Jakub Onderka] +- [internal] Remove unused AppModel::checkVersionRequirements method. + [Jakub Onderka] +- [travis] Retry poetry packages installation. [Jakub Onderka] +- [eventReports:markdownEditor] Better parsing of free text value. + [mokaddem] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #6535 from JakubOnderka/module-warning-fix. [Jakub + Onderka] + + fix: [internal] Remove warning when modules are not reachable +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6527 from JakubOnderka/event-reports-acl-missing. + [Jakub Onderka] + + fix: [ACL] Add missing controllers from EventReports +- Merge pull request #6518 from JakubOnderka/ui-related-feeds. [Andras + Iklody] + + chg: [UI] Remove Source Format from related feed popover +- [UI] Remove Source Format from related feed popover. [Jakub Onderka] +- Merge pull request #6524 from trolldbois/2.4. [Andras Iklody] +- Merge pull request #1 from trolldbois/trolldbois-fix-email- + sendExternal. [Loïc Jaquemet] + + Remove 'text' from required params from sendExternal +- Remove 'text' from required params from sendExternal. [Loïc Jaquemet] + + Bug fix, there is no such fields named 'text' in params. It's probably a typo from reading line 309 too fast +- Merge pull request #6520 from JakubOnderka/feed-view-fix-warning. + [Jakub Onderka] + + fix: [internal] Warning when viewing feed info +- Merge branch 'feature-report-extract-data' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into feature-report-extract- + data. [mokaddem] +- Merge pull request #6516 from JakubOnderka/generic-popup-fail. [Jakub + Onderka] + + fix: [UI] Show error message if genericPopup ajax request fails +- Merge pull request #6498 from JakubOnderka/attachment-scan-settings. + [Jakub Onderka] + + new: [UI] Allow to set attachment scan settings from user interface +- Merge pull request #6499 from pettai/more-bro-auto-docs. [Andras + Iklody] + + Update bro automation docs +- Update bro automation docs. [pettai] + + More of remove allowNonIDS from bro per https://github.com/MISP/MISP/pull/1726 +- Merge pull request #6451 from Wachizungu/add-extra-shibbauth- + documentation. [Alexandre Dulaunoy] + + Extending documentation of ShibbAuth plugin +- Extending documentation of ShibbAuth plugin. [Jeroen Pinoy] +- Merge branch '2.4' of github.com:MISP/MISP into feature-report- + extract-data. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6495 from JakubOnderka/fixes. [Jakub Onderka] + + UI Fixes +- Merge pull request #6492 from pettai/bro-automation-docs. [Alexandre + Dulaunoy] + + Fix Bro IDS export docs +- Fix Bro IDS export docs. [pettai] + + As per https://github.com/MISP/MISP/pull/1726 the "allowNonIDS" option was explicitly removed from Bro IDS export, update the docs accordingly + (some hairpulling was done prior to this finding...) +- Merge pull request #6485 from JakubOnderka/module-timeout. [Jakub + Onderka] + + chg: [module] Allow to specify module timeout +- Merge pull request #6494 from JakubOnderka/event-ui-fixes-vol6. [Jakub + Onderka] + + Event UI fixes vol6 +- Merge branch '2.4' of github.com:MISP/MISP into feature-report- + extract-data. [mokaddem] +- Merge pull request #6488 from JakubOnderka/attachment-scan-diagnostic. + [Jakub Onderka] + + new: [UI] Attachment scan diagnostic +- Merge pull request #6484 from crowface28/2.4. [Andras Iklody] + + fix: #6354 +- Merge pull request #6411 from JakubOnderka/malware-scan. [Jakub + Onderka] + + Attachment malware protection +- Merge pull request #6483 from JakubOnderka/module-settings. [Jakub + Onderka] + + Module settings +- Merge pull request #6479 from JakubOnderka/event-ui-vol5-small. [Jakub + Onderka] + + Event ui vol5 small +- Merge pull request #6478 from JakubOnderka/remove-zip-ext-compression. + [Jakub Onderka] + + fix: [internal] Remove compressing by ZIP PHP extensions +- Merge pull request #6471 from + JakubOnderka/enrichment_hover_popover_only. [Jakub Onderka] + + new: [UI] Allow to disable hover enrichment +- Merge pull request #6474 from JakubOnderka/avoid-warnings. [Jakub + Onderka] + + fix: [internal] Avoid warnings in global_menu +- Merge pull request #6473 from JakubOnderka/misp-resource-widget. + [Jakub Onderka] + + fix: [resource-widget] Use redisInfo method for getting info +- Merge pull request #6465 from JakubOnderka/ajax-no-notification- + [Jakub Onderka] + + chg: [internal] Do not load notification count and homepage for AJAX requests +- Merge pull request #6450 from JakubOnderka/client-certificate-info. + [Jakub Onderka] + + new: [sync] Show client certificate info in connection test +- Merge pull request #6468 from JakubOnderka/bad-commit-fix. [Jakub + Onderka] + + Revert "fix: [internal] Remove unused AppModel::checkVersionRequireme… +- Revert "fix: [internal] Remove unused + AppModel::checkVersionRequirements method" [Jakub Onderka] + + This reverts commit ac6761d7 +- Merge pull request #6460 from MISP/chrisr3d_features. [Alexandre + Dulaunoy] + + Small STIX ingestion script +- Merge branch 'chrisr3d_features' of https://github.com/MISP/MISP into + chrisr3d_features. [chrisr3d] +- Update README.md. [Christian Studer] + + Page layout issue fixed +- Merge branch '2.4' of https://github.com/MISP/MISP into + chrisr3d_features. [chrisr3d] +- Add: [tools] More documentation for the stix ingestion script. + [chrisr3d] +- Add: [tools] Small script to ingest STIX files using the restAPI. + [chrisr3d] + + - Automation of the ingestion for multiple file + simply by passing all the filenames + - Using PyMISP to connect to MISP and query the + /events/upload_stix end point +- Merge pull request #6463 from JakubOnderka/crypt-gpg-version-check. + [Jakub Onderka] + + fix: [internal] Check Crypt_GPG version +- Merge pull request #6466 from JakubOnderka/homepage-star. [Jakub + Onderka] + + fix: [UI] Put back missing homepage star +- Merge pull request #6459 from JakubOnderka/composer-update. [Jakub + Onderka] + + chg: [internal] Update composer.phar to 1.10.15 +- Merge pull request #6458 from JakubOnderka/remove-unused. [Jakub + Onderka] + + Remove unused code +- Fix [internal] Removed unused EventsController::viewEventGraph method. + [Jakub Onderka] +- Fix [internal] Removed unused Server::__handlePulledProposals method. + [Jakub Onderka] +- Fix [internal] Removed unused EventsController::__fetchEvent method. + [Jakub Onderka] +- Merge pull request #6454 from JakubOnderka/travis-fixes-vol3. [Jakub + Onderka] + + test: Retry poetry install +- Merge pull request #6457 from JakubOnderka/rest-response-optim. [Jakub + Onderka] + + chg: [internal] Save some time and memory in RestResponseComponent +- Merge pull request #6455 from JakubOnderka/resolved-misp-format-value. + [Jakub Onderka] + + chg: [UI] Use standard way how to show attribute values for resolved … +- Merge pull request #6456 from JakubOnderka/admin-user-view-fixes. + [Jakub Onderka] + + chg: [UI] Fixes for user profile admin view + + +v2.4.133 (2020-10-16) +--------------------- + +New +~~~ +- [UI] Use flag icons from Twemoji. [Jakub Onderka] +- [UI] Show organisation nationality flag. [Jakub Onderka] +- [attribute type] cpe Common Platform Enumeration attribute type added. + [Alexandre Dulaunoy] +- [attribute] telfhash attribute type added - fix #6435. [Alexandre + Dulaunoy] +- [GPG] Validate fetched GPG key. [Jakub Onderka] +- [UI] Add icons for threat levels. [Jakub Onderka] +- [internal] Allow to set warning checking for all attributes, not just + IDS. [Jakub Onderka] +- [warninglist] Allow to check if IP in CIDR is part of another CIDR. + [Jakub Onderka] +- [warninglist] Cache warninglist results. [Jakub Onderka] +- [build] Validate also feed metadata rules and settings JSON contents. + [Jakub Onderka] +- [attribute-type] filename-pattern to describe a filename base on a + pattern. [Alexandre Dulaunoy] + + Fix #403 + + There is no specific validation on the field. This allows us to have a clear + separation between filename and filename-pattern as many users were + using filename for regexp. This also helps the creation of object + template which requires a filename pattern. +- [evenReport] Support of extended event. [mokaddem] +- [eventReport:markdownEditor] Toggleable rendering of MISP Elements. + [mokaddem] +- [eventReport:markdownEditor] Support to reference object attribute. + [mokaddem] +- [markdownEditor] Added support of fullscreen mode. [mokaddem] +- [eventReport:markdownEditor] Added hints for tags. [mokaddem] +- [eventReport] Added support of tags. [mokaddem] +- [user agent] string changed for MISP -> MISP synchronisation. + [iglocska] +- [UI] Truncate long values. [Jakub Onderka] +- [UI] Go directly to object reference when referenced object is on the + same page. [Jakub Onderka] +- [workers] add kill all / force kill all buttons to the worker + management, fixes #6329. [iglocska] +- [recovery] script added mock method among other changes. [iglocska] + + - also added proposals + - add/accept/discard should be fully supported now +- [recovery] added event deletion recovery tool. [iglocska] +- [internal] added helper function to get tag id based on cluster id. + [iglocska] +- [markdownEditor] Possibility to toggle rules on-the-fly. [mokaddem] +- [markdownViewer] Added light support of picture attachment parsing. + [mokaddem] +- [markdownViewer] Support of hints in editor. [mokaddem] +- [markdownViewer] Added rule and renderer for special MISP elements. + [mokaddem] + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Remove famfamfam icon flags. [Jakub Onderka] +- [UI] Use IconHelper for flag icons. [Jakub Onderka] +- [internal] Allow to have empty nationality. [Jakub Onderka] +- [UI] Update country names. [Jakub Onderka] +- [internal] Normalize AS type to asplain notation. [Jakub Onderka] +- [internal] Speedup sending module results. [Jakub Onderka] +- [internal] Sighting saving optimisation. [Jakub Onderka] +- [PyMISP] updated. [Alexandre Dulaunoy] +- [attribute] cpe was already present but not specified in any + categories. [Alexandre Dulaunoy] +- [UI] Use nicer icon for Restore attribute button. [Jakub Onderka] +- [eventReport] Put back attribute galaxies. [Jakub Onderka] +- [eventReport] proxyMSIPElements are loaded dynamically. [Jakub + Onderka] +- [eventReport] Do not fetch event reports when it is not necessary. + [Jakub Onderka] +- [eventReport] Do not fetch attribute tags again, they are included in + object. [Jakub Onderka] +- [eventReport] Do not fetch unnecessary event and attribute galaxies. + [Jakub Onderka] +- [eventReport] Do not create separate array, merge is expensive. [Jakub + Onderka] +- [eventReport] Do not attach sharing groups. [Jakub Onderka] +- [eventReport] Fetch object templates just when event contains objects. + [Jakub Onderka] +- [eventReport] Fetch parental event just when it is necessary. [Jakub + Onderka] +- [eventReport] Do not fetch sightings for events. [Jakub Onderka] +- [UI] Use existing implementation for popover also for cortex. [Jakub + Onderka] +- [UI] Put back all attribute types when selecting empty category. + [Jakub Onderka] +- [internal] Faster loading od Distribution graph. [Jakub Onderka] +- [UI] Show hostname|port attribute value on one line. [Jakub Onderka] +- [validation] Provide better invalid messages for ip-dst|port, ip- + src|port and hostname|port. [Jakub Onderka] +- [validation] Simplify composite validation. [Jakub Onderka] +- [copyright] AUTHORS updated. [Alexandre Dulaunoy] +- [copyright] date fixed and top 6 contributors added as copyright + holder. [Alexandre Dulaunoy] +- [PyMISP] latest version. [Alexandre Dulaunoy] +- [PyMISP] bump version (new telfhash type added) [Alexandre Dulaunoy] +- [cookie] Set session cookie SameSite to Lax to avoid browser warnings. + [Jakub Onderka] +- [UI] Optimise loading contributors orgs. [Jakub Onderka] +- [UI] Nicer icon for quick edit buttons. [Jakub Onderka] +- [UI] Use quick select for objects UUID. [Jakub Onderka] +- [UI] Enrichment for proposals doesn't exists. [Jakub Onderka] +- [UI] Use nicer icon for accept proposal. [Jakub Onderka] +- [UI] Put space between object action icons. [Jakub Onderka] +- [internal] Provide better exception messages for signing and + encrypting. [Jakub Onderka] +- [validation] Provide more precise and faster attribute validation. + [Jakub Onderka] +- [internal] URL is already defang in ComplexTypeTool. [Jakub Onderka] +- [UI] Validate object when revising. [Jakub Onderka] +- [misp-warning] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Do not fetch event reports for view. [Jakub Onderka] +- [internal] Merge EventReports for extended view. [Jakub Onderka] +- [internal] Optimise event fetching. [Jakub Onderka] +- [internal] Cleanup and simplify ShadowAttribute model code. [Jakub + Onderka] +- [freetext] Send textarea on CMD+ENTER or CTRL+ENTER. [Jakub Onderka] +- [freetext] Nicer remove icon. [Jakub Onderka] +- [UI] Focus freetext textarea after opening popover. [Jakub Onderka] +- [freetext] Process just big number of attributes in background. [Jakub + Onderka] +- [UI] Better description for password popover. [Jakub Onderka] +- [UI] Automatically select privacy target when is marked as quick + select. [Jakub Onderka] +- [UI] Allow quickSelect organisation UUID. [Jakub Onderka] +- [UI] Fix some bugs in user view. [Jakub Onderka] +- [internal] Simplified AttributesController::hoverEnrichment method. + [Jakub Onderka] +- [internal] More checks in Module model. [Jakub Onderka] +- [UI] Show nice pgp form font. [Jakub Onderka] +- [UI] Make external links more secure. [Jakub Onderka] +- [UI] Show error message for hover enrichment when something wrong + happen. [Jakub Onderka] +- [UI] Put title for hover enrichment icon. [Jakub Onderka] +- [internal] Move hover enrichment script to misp.js. [Jakub Onderka] +- [UI] Better log when for empty results for enrichment. [Jakub Onderka] +- [UI] Make link clickable in enrichment. [Jakub Onderka] +- [UI] Show loading icon when enrichment. [Jakub Onderka] +- [UI] Limit enrichment popover size. [Jakub Onderka] +- [internal] Use async version when fetching enrichment popover. [Jakub + Onderka] +- [UI] Change design of attribute hover. [Jakub Onderka] +- [internal] Better error messages for unzipping feed file. [Jakub + Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Break words when showing long value in popup. [Jakub Onderka] +- [UI] Use "raw" view for long URLs. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Rename Email to Creator user in event index. [Jakub Onderka] +- [UI] Keep term when searching for attribute. [Jakub Onderka] +- [UI] Uppercase ID for event list. [Jakub Onderka] +- [internal] Do not show attribute warning when searching attributes. + [Jakub Onderka] +- [UI] Support quick select for UUID. [Jakub Onderka] +- [UI] Move privacy toggle code to misp.js. [Jakub Onderka] +- [UI] Focus proposal when going from proposals index. [Jakub Onderka] +- [UI] Use hires icons for event page. [Jakub Onderka] +- [UI] HTML code cleanup. [Jakub Onderka] +- [internal] Validate sighting UUID. [Jakub Onderka] +- [internal] Remove unused code. [Jakub Onderka] +- [internal] Optimise sightings fetching. [Jakub Onderka] +- [internal] Much faster attribute search. [Jakub Onderka] +- [appmodel] Set default value for warninglist_entry_count. [mokaddem] +- [internal] Clean up EventsController::view code. [Jakub Onderka] +- [internal] Remove not necessary GalaxyCluster initialization. [Jakub + Onderka] +- [internal] Initialize Sighting class just when necessary. [Jakub + Onderka] +- [optimisation] Load MISP version and commit just once. [Jakub Onderka] +- [internal] Optimise fetching sightings for object. [Jakub Onderka] +- [internal] Use ACL also for side menu. [Jakub Onderka] +- [internal] Move more global menu rules to ACLComponent. [Jakub + Onderka] +- [internal] Use ACLComponent for menu item permission. [Jakub Onderka] +- [warninglist] Use faster method for fetching data from Redis. [Jakub + Onderka] +- [warninglist] Hash key in binary and store just for one hour. [Jakub + Onderka] +- [internal] Fix for exact string match. [Jakub Onderka] +- [internal] Normalize CIDR and hostname warninglists. [Jakub Onderka] +- [internal] Simplified Warninglist::__checkValue. [Jakub Onderka] +- [internal] Change method name to show that it just filter one attr. + [Jakub Onderka] +- [internal] Save memory when storing warninglist to cache. [Jakub + Onderka] +- [internal] Start IPv4 checking from zero. [Jakub Onderka] +- [internal] Warninglist code cleanup. [Jakub Onderka] +- [internal] Fix event warnings without redis cache. [Jakub Onderka] +- [internal] Move getting missing tlds list to model. [Jakub Onderka] +- [internal] Refactoring warninglist loading and saving. [Jakub Onderka] +- [internal] Simplified Event::__prepare... methods. [Jakub Onderka] +- [internal] Attach warnings to proposals. [Jakub Onderka] +- [internal] Rename Warninglist::simpleCheckForWarning to + checkForWarning. [Jakub Onderka] +- [complextype] Support for uppercase hashes. [Jakub Onderka] +- [complextype] Speedup hash parsing from CSVs and freetexts. [Jakub + Onderka] +- [community] add the pisax.org logo. [Alexandre Dulaunoy] +- [community] new pisax.org community added. [Alexandre Dulaunoy] +- [cleanup] removed duplicate empty queue declaration. [Andras Iklody] +- [appModel] Removed prio worker from the list of available workers to + perform an update. [mokaddem] +- [PyMISP] bump to latest version. [Alexandre Dulaunoy] +- [Shell] Add MISP.osuser for updates. Fix #6368. [Richard van den Berg] +- [markdownEditor] Adapt popover container if inside modal. [mokaddem] +- [eventReports:markdownEditor] UI indication when hinting object's + Attribute. [mokaddem] +- [eventReport:markdownEditor] Improved invalid element UI. [mokaddem] +- [mardownEditor] Added loading backdrop container. [mokaddem] +- [eventReport:markdownEditor] Fetch MISP elements with a different + request. [mokaddem] +- [eventReport:markdownEditor] Changed popover's container. [mokaddem] +- [eventReport:markdownEditor] Improved layout for invalid MISP + Elements. [mokaddem] +- [eventReports:helpModal] Fixed some typos. [mokaddem] +- [events] Simplified attribute_count condition for `minimal` filter + parameter. [mokaddem] +- [event:updateEventReportBeforeSync] Make sure remote instance supports + event report. [mokaddem] +- [eventReport] Added entry in restResponseComponent. [mokaddem] +- [eventReport:markdownEditor] Propose hints based on substring instead + of start of the value. [mokaddem] +- [eventReport:markdownEditor] Improved rendered object layout. + [mokaddem] +- [eventReport:markdownEditor] Improved rendered attribute layout. + [mokaddem] +- [eventReport:markdownEditor] Allow fetching tag data even if it isn't + created on the instance. [mokaddem] +- [eventReport:markdownEditor] Improved hint UI. [mokaddem] +- [eventReport:markdownEditor] Improved cluster representation. + [mokaddem] +- [eventReport:markdownEditor] Increased the debounce delay when + fetching tags. [mokaddem] +- [eventReport] Added entry for referencing tags in markdownEditor's + help modal. [mokaddem] +- [internal] Simplified menu code. [Jakub Onderka] +- [eventReport] Removed support of eventGraph. [mokaddem] + + - eventGraph can still be used as with attribute picture attachment +- [eventReport] Replace ID by UUID when referencing MISP Elements. + [mokaddem] +- [missing attachment log] added affected orgs. [iglocska] +- [warning lists] updated to the latest version. [Alexandre Dulaunoy] +- [missing attachments] debug tool now logs event / attribute IDs. + [iglocska] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [correlations] Really limit number of correlations, not number of + attributes. [Jakub Onderka] +- [internal] Initialize Job class just once. [Jakub Onderka] +- [internal] Delete Redis key in pipeline. [Jakub Onderka] +- [feed] Faster feed list fetching. [Jakub Onderka] +- [correlations] Fetch just server of feed that has data in Redis. + [Jakub Onderka] +- [correlations] Allow to get more info about feed correlations also for + host org users. [Jakub Onderka] +- [correlations] Refactor feed cached correlations. [Jakub Onderka] +- Bumped queryversion. [mokaddem] +- [UI] Nicer warning box with link to show just warnings. [Jakub + Onderka] +- [internal] Initialize Log model just once. [Jakub Onderka] +- [internal] Move addMISPExportFile from controller to model. [Jakub + Onderka] +- [internal] Move hex value convertor to misp.js. [Jakub Onderka] +- [test] Lint all PHP and template files. [Jakub Onderka] +- [UI] Show event creator for users within event org. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [eventReports:markdownEditor] Suggests available scope to references + MISP Elements. [mokaddem] +- [eventReports] Updated markdownEditor help modal. [mokaddem] +- [eventReport] Added support of all galaxy matrixes. [mokaddem] +- [eventReports] Event reports in modal use the generic views. + [mokaddem] +- [eventReport] Added rearrange function. [mokaddem] +- [events:index] Minimal searches returns events having event reports + and no attributes. [mokaddem] +- [appmodel] Make sure to trigger the event report db update. [mokaddem] +- [UI] Show full title for role permission. [Jakub Onderka] +- [mail] Another code cleanup for alert and contact mails template. + [Jakub Onderka] +- [mail] Use same format for contact email as for alert. [Jakub Onderka] +- [mail] Add unsubscribe info also for non encrypted mails. [Jakub + Onderka] +- [mail] Simplified mail generation. [Jakub Onderka] +- [mail] Cleanup mail sending code for event alerts. [Jakub Onderka] +- [mail] TLP in subject should be uppercase. [Jakub Onderka] +- [internal] Simplify objects conditions. [Jakub Onderka] +- [internal] Use cached sharing groups IDs when fetching objects. [Jakub + Onderka] +- [internal] Invalid message for UUID contains that UUID must be RFC + 4122 compliant. [Jakub Onderka] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [users] Refined login form selector. [mokaddem] +- [log] Convert shadowAtribute's fs/ls into understood format. + [mokaddem] +- [log] Convert object's fs/ls into understood format. [mokaddem] +- [events:recover_event] Adapt flash message if mock query requested. + [mokaddem] +- [aclcomponent] Added recovery features in ACLComponent. [mokaddem] +- [event] Forced usage of worker for event recovery. [mokaddem] +- [events] Usage of `fix_login` in restoreDeletedEvents. [mokaddem] +- [warning-lists] regenerated. [Alexandre Dulaunoy] +- [eventreport] Make sure the format is correct when capturing. + [mokaddem] +- [eventReport] Includes event data when fetching event report from non- + admin users. [mokaddem] +- [eventReports] Improved returned data from controller. [mokaddem] +- [restResponseComponent] Allow saveFailResponse and saveSuccessResponse + to return data. [mokaddem] +- [markdownEditor] Split eventReport related code to their own files. + [mokaddem] +- [markdownEditor] Move markdown editor to a generic file name. + [mokaddem] +- [eventReport] Added comments. [mokaddem] +- [eventReports] Prevent fields override. [mokaddem] +- [eventReport] Moved event unpublishing to model. [mokaddem] +- [eventReport] Started refactoring model - WiP. [mokaddem] +- [eventReports] Refactored indexes. [mokaddem] +- [eventReports] Major refactoring - WiP. [mokaddem] +- [eventReport] Improved authorization error reporting. [mokaddem] +- [eventReports] Added event unpublishing. [mokaddem] +- [eventReports] Few UI improvements. [mokaddem] +- [server] Allow to sync events if they only have event report. + [mokaddem] +- [server] Added distribution downgrade for event report sync. + [mokaddem] +- [eventReport] Generic improvements and light integration with + fetchEvent and sync support. [mokaddem] +- [eventReports:edit] Improved title. [mokaddem] +- [eventReports] Improved default index and prevent edition if deleted. + [mokaddem] +- [eventReport] Allow adding event report from the index. [mokaddem] +- [eventReport] Improved deletion/restoration via the API. [mokaddem] +- [eventReport:edit] Allow to edit individual fields and better error + reporting. [mokaddem] +- [eventReport] Improved sidemenu integration. [mokaddem] +- [eventReports] Added redirects. [mokaddem] +- [markdownEditor] Moved MISP Element rule menu to correct file. + [mokaddem] +- [markdownEditor] Prevent scrolling top when clicking on menu links. + [mokaddem] +- [markdownEditor] Line number for scroll sync should be in default js + file. [mokaddem] +- [eventreport] Set correct context when POSTing report creation. + [mokaddem] +- [event:view] Automatically open event report table. [mokaddem] +- [eventreports] Reload event report table after report creation. + [mokaddem] +- [eventReports] Deleted unused file. [mokaddem] +- [eventReport] Improved UI and added support of soft/hard deletion. + [mokaddem] +- [eventReport] Started rework on CRUD operations - WiP. [mokaddem] +- [markdownEditor] Increased debounced render timer. [mokaddem] +- [markdownEditor] highlight unsaved changes. [mokaddem] +- [markdownEditor] Support of lastmodified and UI improvements when + saving. [mokaddem] +- [markdownEditor] Fixes z-index if viewport too small. [mokaddem] +- [markdownEditor] Added support of trailing characters such as `.` + after MISP element reference. [mokaddem] +- [markdownEditor] Renamed markdownViewer into markdownEditor and split + web deps from view file. [mokaddem] +- [markdownViewer] Added cache for attackmatrix and eventgraph. + [mokaddem] +- [markdownViewer] Improved perfs and light support of permissions. + [mokaddem] +- [eventReport] Centralized elements proxy for markdownViewer. + [mokaddem] +- [markdownViewer] Displayed objects show the attribute with highest ui- + priority. [mokaddem] +- [markdownViewer] Improved popover placement. [mokaddem] +- [markdownViewer] Added help for plugins. [mokaddem] +- [markdownViewer] Improved object rendering. [mokaddem] +- [markdownViewer] Improved attribute rendering. [mokaddem] +- [markdownViewer] Simplified help. [mokaddem] +- [markdownViewer] Add support of colors in attack matrix when + printing. [mokaddem] +- [markdownViewer] Improved help. [mokaddem] +- [markdownViewer] Added more help. [mokaddem] +- [markdownViewer] Added support of attack matrix. [mokaddem] +- [markdownViewer] Added toggles in editor bottom bar. [mokaddem] +- [markdownViewer] Added notice if couldn't fetch event graph. + [mokaddem] +- [markdownViewer] Improved support of eventgraph. [mokaddem] +- [markdownViewer] Added drafty support of event graph. [mokaddem] +- [markdownViewer] Added block picture in viewer and text in help. + [mokaddem] +- [markdownViewer] Added dismiss button for popover. [mokaddem] +- [markdownViewer] Popover support of MISP Elements. [mokaddem] +- [markdownViewer] Checkbox for autocomplete while typing. [mokaddem] +- [markdownViewer] Added more shortcuts. [mokaddem] +- [markdownViewer] Slightly improved help modal. [mokaddem] +- [markdownViewer] Added help modal. [mokaddem] +- [markdownViewer] Ask confirmation before saving. [mokaddem] +- [markdownViewer] Added download button for pdf and md (both types) + [mokaddem] +- [eventReports:view] Added link to event. [mokaddem] +- [markdownViewr] Autocomplete triggers automatically when typing. + [mokaddem] +- [markdownViewer] Improve hint suggestions for MISP Elements. + [mokaddem] +- [markdownViewer] Improved top bar UI and added editor helpers. + [mokaddem] +- [eventReport] Improved integration with event index. [mokaddem] +- [markdownViewer] Added custom rendering for MISP elements. [mokaddem] +- [markdownViewer] Improved scroll map in modal. [mokaddem] +- [markdownViewer] Improved layout and added draft of sync-scroll. + [mokaddem] +- [markdownViewer] Improved split layout. [mokaddem] +- [infoModal] Added support of xl modal body. [mokaddem] +- [markdownViewer] Improved layout with resizer. [mokaddem] +- [markdownViewer] Improved layout and added codemirror addons. + [mokaddem] +- [markdownEditor] Added codemirror dependency. [mokaddem] +- [markdownViewer] Added syntax highlighing. [mokaddem] +- [markdownView] Improved layout. [mokaddem] +- [eventReport] Improved models and markdown editor. [mokaddem] +- [eventReport] Added markdown-it dependency and started integration - + WiP. [mokaddem] +- [eventReport] Continuation of implementation - WiP. [mokaddem] + +Fix +~~~ +- [server] caching notice fixed. [iglocska] +- [UI] Do not show quick edit for deleted attributes and when user don't + have permission. [Jakub Onderka] +- [UI] Show error for user if activateField request fail. [Jakub + Onderka] +- [eventReport] Include just tags that belongs to requested event or its + parent, not to other child. [Jakub Onderka] +- [eventReport] Properly validate UUID. [Jakub Onderka] +- [eventReport] Optimize loading by UUID. [Jakub Onderka] +- [eventReport] Template loading condition. [Jakub Onderka] +- [UI] Remove checkbox from objects. [Jakub Onderka] +- [UI] Correctly remove checked attributes after page reload. [Jakub + Onderka] +- [internal] Missing variable. [Jakub Onderka] +- [internal] Remove unnecessary class initialization. [Jakub Onderka] +- [UI] Remove space after referecence link. [Jakub Onderka] +- [UI] Reset popover box after closing. [Jakub Onderka] +- [UI] Remove underline from icons. [Jakub Onderka] +- [validation] Correct validation for iban, bic, btc, dash and xmr + attributes. [Jakub Onderka] +- [validation] Normalize mac-address and mac-eui-64 to lowercase. [Jakub + Onderka] +- [validation] Do not accept floats where should be just integers. + [Jakub Onderka] +- [correlations] Disable correlation for port part in hostname|port + type. [Jakub Onderka] +- [stix1 framing] Added Custom objects namespace. [chrisr3d] +- [UI] Set title for atomic/extended switch. [Jakub Onderka] +- [UI] Put current language to HTML element. [Jakub Onderka] +- [UI] Element ID must be unique. [Jakub Onderka] +- [UI] Try to fix broken form quick edit submit with CTRL+ENTER. [Jakub + Onderka] +- [UI] Provide description for pivot remove button. [Jakub Onderka] +- [UI] Provide description for search button. [Jakub Onderka] +- [UI] Remove unused parts from row_proposal template. [Jakub Onderka] +- [UI] Remove objectType is zero checks. [Jakub Onderka] +- [UI] Normalize quck add attribute for object with other forms. [Jakub + Onderka] +- [UI] Change new object attribute information margin. [Jakub Onderka] +- [UI] objectAddFieldTr should not cover checkbox. [Jakub Onderka] +- [UI] Proposal to delete should be considered as proposal. [Jakub + Onderka] +- [UI] Make proposal links visible. [Jakub Onderka] +- [UI] Nicer proposal HTML code. [Jakub Onderka] +- [UI] Base url for OrgImgHelper. [Jakub Onderka] +- [UI] Show warning if notification when creating new user could not be + send. [Jakub Onderka] +- [UI] Provide proper description for S/MIME cert. [Jakub Onderka] +- [internal] Properly convert `hostname|port` when delimiter is `:` + [Jakub Onderka] +- [validation] Convert vulnerability attribute to uppercase. [Jakub + Onderka] +- [validation] Float validation. [Jakub Onderka] +- [mail] S/MIME certificate validation, fixes #6424. [Jakub Onderka] +- [freetext] Do not load event page twice when saving freetext. [Jakub + Onderka] +- [UI] Add space after icon. [Jakub Onderka] +- [UI] Non breakable space between hidden value and icon. [Jakub + Onderka] +- [UI] Remove not used organisation landing page. [Jakub Onderka] +- [internal] Remove unused $page variable. [Jakub Onderka] +- [UI] Do not hide some errors. [Jakub Onderka] +- [internal] Check if module has defined userConfig. [Jakub Onderka] +- [db_schema] Bumped schema with the changes. [mokaddem] +- [eventReports] Renamed function to make it more explicit and avoid + function name override. [mokaddem] +- [ACLComponent] Added missing entry and removed invalid warnings. + [mokaddem] +- [UI] Hover enrichment popover overflowing. [Jakub Onderka] +- [UI] Remove margin from long value pre. [Jakub Onderka] +- [internal] Array to string conversion when constructing request. + [Jakub Onderka] +- [freetext] Convert CVE string to uppercase to follow attribute + validation. [Jakub Onderka] +- [UI] Bigger margin for extend this event button. [Jakub Onderka] +- [UI] Clear input value when clicking cancel for attribute search. + [Jakub Onderka] +- [UI] #attributesFilterField doesn't exists anymore. [Jakub Onderka] +- [UI] Show loading also for down attribute paginator. [Jakub Onderka] +- [UI] Remove unnecessary br from eventattribute template. [Jakub + Onderka] +- [UI] Remove unused page argument for sighting form. [Jakub Onderka] +- [UI] Fix IDS toggle permission in attribute view. [Jakub Onderka] +- [UI] Return back sighting popover. [Jakub Onderka] +- [UI] Remove duplicate request for quick filter. [Jakub Onderka] +- [UI] Disable To IDS checkbox if user don't have persmission to modify + event. [Jakub Onderka] +- [internal] Removed unused template. [Jakub Onderka] +- [UI] Use pointer cusros for template choice button. [Jakub Onderka] +- [decayingModelSimulation] Correctly extract part of atomic tags. + [mokaddem] +- [tags:attachTagToObject] Respect case when searching tags. [mokaddem] +- [tags:attachTagsToObject] Respect case when attaching tags. Fix #6380. + [mokaddem] +- [UI] Showing active menu item when viewing noticelist. [Jakub Onderka] +- [UI] Showing item in side menu for org admin. [Jakub Onderka] +- [UI] Check more menu ACLs. [Jakub Onderka] +- [UI] Do not show empty global menu item. [Jakub Onderka] +- [UI] User guide link. [Jakub Onderka] +- [warnings] enforceWarninglist works again. [Jakub Onderka] +- [warnings] Cache deletion. [Jakub Onderka] +- [warninglists] Include warning for merged events. [Jakub Onderka] +- [warnings] Attach warnings to feed and server event preview. [Jakub + Onderka] +- [internal] IPv6 CIDR warninglist. [Jakub Onderka] +- [server:workerDiagostics] Default queue status to false. [mokaddem] +- [tag filters] fixed ridiculously long lists for tag filters. + [iglocska] +- [CLI] missing ; [iglocska] +- [server] Do not limit TLD to 5 characters. Fix #6342. [Richard van den + Berg] +- [internal] Variable should be defined all the time. [Jakub Onderka] +- [proposal] No return when org is not defined. [Jakub Onderka] +- [eventReports:markdownEditor] Force close the popover if parent + element not found. [mokaddem] +- [eventReport] Do not try to fetch report after successful hard + deletion. [mokaddem] +- [markdownEditor] Reset width in editor's split mode when swiching to + fullscreen. [mokaddem] +- [eventReport:markdownEditor] render markdown once MISP elements have + been fetched. [mokaddem] +- [eventReport] Improved variable name and do not crash if event is not + extending another one. [mokaddem] +- [eventReports] Typo in variable name. [mokaddem] +- [markdownEditor] Layout glitch with resizeable helper and fullscreen. + [mokaddem] +- [misp] Allow re-showing hidden popover after creation. [mokaddem] +- [eventReports:index] Fixed quicksearches. [mokaddem] +- [eventReport:markdowEditor] Make add galaxy-matrix shortcut works. + [mokaddem] +- [server:push] Correctly return message when using API. [mokaddem] +- [event:push] Setup requests headers before sending request. [mokaddem] +- [server:push] Allow pushing events only having event reports. + [mokaddem] +- [event:updateEventReportBeforeSync] Init httpSocket. [mokaddem] +- [tags:search] Make sure the predicate exists in the taxonomy. + [mokaddem] +- [eventReport:markdownEditor] Improved colors of attributes and objects + in printing view. [mokaddem] +- [eventReport:markdownEditor] Parse all tags in a line instead of the + last one. [mokaddem] +- [eventReport:markdownEditor] Avoid override of legitimate tags if they + don't have data linked to them. [mokaddem] +- [eventReport:markdownEditor] Prevent error while opening popover for + unknown tags. [mokaddem] +- [doc] Document "cake Server pullAll" [Richard van den Berg] +- [attachment checker] invalid lookup. [iglocska] +- [missing attachment log] fixed issue with orgs not being logged. + [iglocska] +- [attachment checks] output of logging cleaned up. [iglocska] +- [events] Added loading indicator when paginating on event's attribute + table. [mokaddem] +- [hacky] readded org field to shadow attributes - just blank it out for + old instances where the update failed to remove it a few years ago. + [iglocska] +- [sync] better logging of error messages and handle the user ID not + being set by background processes. [iglocska] +- [correlations] Properly delete feeds caches. [Jakub Onderka] +- [internal] Remove duplicates from cancelPopoverForm. [Jakub Onderka] +- [UI] Popup size. [Jakub Onderka] +- [decaying] 2-tag base_score ratio. Fix #6352. [mokaddem] +- [attribute] Typo in regex. Fix #6354. [mokaddem] +- [UI] Make attribute/object focus work again. [Jakub Onderka] +- [internal] Remove dead code from template. [Jakub Onderka] +- [internal] Undefined variable base_url for idTranslator. [Jakub + Onderka] +- [UI] Show error for user if file for import is invalid. [Jakub + Onderka] +- [UI] Hex and binary convertor. [Jakub Onderka] +- [UI] Show properly formatted attribute value after quick edit. [Jakub + Onderka] +- [UI] Show proper menu when using even import module. [Jakub Onderka] +- [internal] Prepare for PHP8. [Jakub Onderka] +- [internal] Fix tests for missing ACL. [Jakub Onderka] +- [UI] Custom password reset link is absolute. [Jakub Onderka] +- [internal] Typo in perm name. [Jakub Onderka] +- [internal] Do not fetch more info than necessary. [Jakub Onderka] +- [eventReports] Use correct data path to access org_c. [mokaddem] +- [eventReport] Deleted report can be restored by non-admin users. + [mokaddem] +- [ACL] Permissions when sending contact and alert emails. [Jakub + Onderka] +- [internal] Conditions when object distribution is set to org only. + [Jakub Onderka] +- [internal] Fetching objects with attachments. [Jakub Onderka] +- [internal] Remove duplicate check for published event when fetch + objects. [Jakub Onderka] +- [internal] Remove duplicate conditions for object restSearch. [Jakub + Onderka] +- [internal] Code style. [Jakub Onderka] +- [internal] Invalid conditions for sharing group when fetching objects. + [Jakub Onderka] +- [internal] Bad merge. [Jakub Onderka] +- [server] Downgrade distribution of objects when pulling. [mokaddem] +- [recovery] various fixes. [iglocska] + + - to_ids fixed + - background processing made optional + - first/last seen format conversion altering the data's format for the recovery script fixed + - added capture of object first/last seen to the recovery script +- [log:event_recovery] Delete blocklist entry for recovered event. + [mokaddem] +- [objectReference] Do no reset timestamp to current time if already + provided. [mokaddem] +- [log] Convert attribute's fs/ls into understood format. [mokaddem] +- [events:recover_event] Fixed URL. [mokaddem] +- [merge issue] resolved. [iglocska] +- [attributes] Restored action on tags in mass edit. [mokaddem] +- Added missing test mechanisms mapping mapping. [chrisr3d] +- [validation] make publish_timestamp on the event object more resilient + to malformed empty values. [iglocska] +- [eventReport] Do not ignore `false` fields when editing. [mokaddem] +- [event] Delete event report when deleting event. [mokaddem] +- [eventReport] changed beforeFilter signature to avoid notice. + [mokaddem] +- [eventReports] Add view variables before rendering. [mokaddem] +- [event] Use correct function name. [mokaddem] +- [markdownEditor] Make viewer works inside modal. [mokaddem] +- [markdownEditor] Post split bugs. [mokaddem] +- [markdownViewer] Fixed missing event_id. [mokaddem] +- [markdownViewer] Regenerate scroll map after resize + layout + improvement. [mokaddem] +- [datetime] Failed merge. [mokaddem] +- [attribute tag culling] fixed. [iglocska] + + - no longer hides tags that should be included in the export + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch 'tagfix' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into HEAD. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6414 from JakubOnderka/user-view-ui. [Jakub + Onderka] + + Flag icons and country list +- Merge branch '2.4' into event-report-optimisations. [mokaddem] +- Merge pull request #6447 from JakubOnderka/as-normalization. + [Alexandre Dulaunoy] + + chg: [internal] Normalize AS type to asplain notation +- Merge pull request #6446 from JakubOnderka/module-import-speedup. + [Jakub Onderka] + + chg: [internal] Speedup sending module results +- Merge pull request #6289 from JakubOnderka/save-sighting-optim. [Jakub + Onderka] + + chg: [internal] Sighting saving optimisation +- Merge pull request #6442 from JakubOnderka/event-ui-vol4. [Jakub + Onderka] + + Event UI fixes vol4 +- Merge pull request #6416 from JakubOnderka/event-view-fix. [Alexandre + Dulaunoy] + + Remove object checkbox +- Merge pull request #6440 from JakubOnderka/event-ui-vol3. [Jakub + Onderka] + + Event ui vol3 +- Merge pull request #6439 from nighttardis/2.4. [Jakub Onderka] + + Syntax fix for session.cookie_samesite +- Merge pull request #1 from nighttardis/nighttardis-core-php-syntax. + [nighttardis] + + Update core.default.php +- Update core.default.php. [nighttardis] + + Fixing PHP syntax error that appears on PHP 7.4 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6436 from JakubOnderka/attribute-validation. + [Jakub Onderka] + + Attribute validation +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6429 from cudeso/2.4. [Alexandre Dulaunoy] + + Send a message to ZMQ when an event from a connected server is added or edited +- Send message to ZMQ when there is event add/edit coming from a + connected server. [Koen Van Impe] +- Merge remote-tracking branch 'MISP/2.4' into 2.4. [Koen Van Impe] +- Merge pull request #6438 from JakubOnderka/hostname-port-correlation. + [Jakub Onderka] + + fix: [correlations] Disable correlation for port part in hostname|port +- Merge pull request #6400 from JakubOnderka/cookie-samesite-lax. [Jakub + Onderka] + + chg: [cookie] Set session cookie SameSite to Lax to avoid browser warnings +- Merge pull request #6423 from JakubOnderka/view-event-small-ui- + changes. [Jakub Onderka] + + View event small ui changes +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6432 from JakubOnderka/smime. [Jakub Onderka] + + Smime +- Merge pull request #6418 from JakubOnderka/revise-object-validation. + [Jakub Onderka] + + Revise object validation +- Merge pull request #6425 from JakubOnderka/fix-smime-certificate- + validation. [Jakub Onderka] + + fix: [mail] S/MIME certificate validation +- Merge pull request #6417 from JakubOnderka/fetch-event-optimisation. + [Jakub Onderka] + + Fetch event optimisation +- Merge pull request #6422 from JakubOnderka/shadow-attribute-code- + cleanup. [Jakub Onderka] + + chg: [internal] Cleanup and simplify ShadowAttribute model code +- Merge pull request #6421 from JakubOnderka/freetext-background. [Jakub + Onderka] + + Freetext background processing +- Merge pull request #6420 from JakubOnderka/user-organisation-ui- + changes. [Jakub Onderka] + + User and organisation pages UI changes +- Merge pull request #6419 from JakubOnderka/event-template-cleanup. + [Jakub Onderka] + + fix: [internal] Remove unused $page variable +- Merge pull request #6395 from JakubOnderka/module-fixes. [Jakub + Onderka] + + Module fixes +- Merge pull request #6300 from JakubOnderka/validate-gpg-key. [Jakub + Onderka] + + Validate gpg key +- Merge pull request #6413 from JakubOnderka/external-links-secure. + [Jakub Onderka] + + chg: [UI] Make external links more secure +- Merge pull request #6412 from mokaddem/feature-event-report. + [Alexandre Dulaunoy] + + [feature] Event Report +- Merge remote-tracking branch 'origin/2.4' into feature-event-report. + [mokaddem] +- Merge pull request #6405 from JakubOnderka/hover-ui. [Jakub Onderka] + + Change hover enrichment user interface +- Merge pull request #6397 from JakubOnderka/zip-error-messages. [Jakub + Onderka] + + chg: [internal] Better error messages for unzipping feed file +- Merge pull request #6398 from JakubOnderka/ui-long-values-vol2. [Jakub + Onderka] + + fix: [UI] Remove margin from long value pre +- Merge pull request #6393 from JakubOnderka/ui-long-values. [Jakub + Onderka] + + Ui long values +- Merge pull request #6394 from JakubOnderka/fix-array-to-string- + conversion. [Jakub Onderka] + + fix: [internal] Array to string conversion when constructing request +- Merge pull request #6396 from JakubOnderka/freetext-cve-import. [Jakub + Onderka] + + fix: [freetext] Convert CVE string to uppercase +- Merge pull request #6381 from JakubOnderka/ui-small-fixes-vol2. [Jakub + Onderka] + + UI small fixes +- Merge pull request #6385 from JakubOnderka/sighting-fetch-optim. + [Jakub Onderka] + + Sighting fetch optim +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6388 from JakubOnderka/attribute-search-optim. + [Jakub Onderka] + + chg: [internal] Much faster attribute search +- Merge pull request #6384 from JakubOnderka/event-load-optim. [Jakub + Onderka] + + Event load optim +- Merge pull request #6348 from JakubOnderka/version-fetch-optim. [Jakub + Onderka] + + chg: [optimisation] Load MISP version and commit just once +- Merge pull request #6382 from JakubOnderka/fetch-sightings-faster. + [Jakub Onderka] + + chg: [internal] Optimise fetching sightings for object +- Merge pull request #6359 from JakubOnderka/acl-menu-item. [Jakub + Onderka] + + Acl menu item +- Merge pull request #6335 from JakubOnderka/warninglist-cache. [Jakub + Onderka] + + Warninglist Redis cache +- Merge pull request #6378 from JakubOnderka/feed-metadata-validation. + [Jakub Onderka] + + new: [build] Validate also feed metadata rules and settings JSON contents +- Merge branch 'fetcher_debug' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into fetcher_debug. + [iglocska] +- Merge pull request #6377 from JakubOnderka/freetext-hash-parsing. + [Jakub Onderka] + + chg: [complextype] Speedup hash parsing from CSVs and freetexts +- Merge pull request #6370 from MISP/fix-update-no-prio. [Andras Iklody] + + Fix update no prio +- Update Server.php. [Andras Iklody] +- Merge pull request #6373 from RichieB2B/issue-6368. [Andras Iklody] + + Allow OS user to be set for upgrades +- Merge pull request #6375 from RichieB2B/issue-6342. [Andras Iklody] + + Do not limit TLD to 5 characters +- Merge pull request #6374 from JakubOnderka/test-fix. [Jakub Onderka] + + Test fix +- Merge branch '2.4' of github.com:MISP/MISP into feature-event-report. + [mokaddem] +- Merge pull request #6360 from JakubOnderka/menu-simplified. [Jakub + Onderka] + + chg: [internal] Simplified menu code +- Merge pull request #6372 from RichieB2B/ncsc-nl/pullAll. [Andras + Iklody] + + Document "cake Server pullAll" +- Merge pull request #6362 from imidoriya/2.4. [Andras Iklody] + + Fix date filter on to / from #6239 +- Filter Event Date - convert timestamp to datetime. [deku] + + PyMisp sends the to / from as a timestamp. MISP needs to convert a timestamp when comparing. +- Merge branch '2.4' of github.com:MISP/MISP into feature-event-report. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Revert "fix: [tag] Show correct count of tag attributes and events" + [iglocska] + + This reverts commit e644f4ea4c01e1f8018133d2a82aa3c321fff98d. +- Revert "chg: [internal] Optimise fetching sightings for object" + [iglocska] + + This reverts commit e442a394cd4ee7e3797151d8146992d4b1a2bee6. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6357 from JakubOnderka/feed-correlation-refactor. + [Jakub Onderka] + + chg: [correlations] Refactor feed cached correlations +- Merge pull request #6346 from JakubOnderka/truncate-long-values. + [Jakub Onderka] + + Truncate long values +- Merge pull request #6345 from JakubOnderka/pivot-directly. [Jakub + Onderka] + + new: [UI] Go directly to object reference when referenced object is on the same page +- Merge pull request #6350 from rmkml/2.4. [Andras Iklody] + + fix #6336 vhash +- Fix #6336 vhash. [rmkml] +- Merge pull request #6351 from JakubOnderka/template-dead-code. [Jakub + Onderka] + + Template dead code +- Merge pull request #6333 from JakubOnderka/id-translator-fix. [Jakub + Onderka] + + fix: [internal] Undefined variable base_url for idTranslator +- Merge pull request #6349 from JakubOnderka/warninglist-box. [Jakub + Onderka] + + chg: [UI] Nicer warning box with link to show just warnings +- Merge pull request #6344 from JakubOnderka/misp-file-import. [Jakub + Onderka] + + Misp file import error message +- Merge pull request #6347 from JakubOnderka/hex-binary-convertor. + [Jakub Onderka] + + Hex binary convertor +- Merge pull request #6343 from JakubOnderka/after-attribute-edit. + [Jakub Onderka] + + fix: [UI] Show properly formatted attribute value after quick edit +- Merge pull request #6340 from JakubOnderka/import-ui. [Jakub Onderka] + + fix: [UI] Show proper menu when using even import module +- Merge pull request #6339 from JakubOnderka/lint. [Jakub Onderka] + + chg: [test] Lint all PHP and template files +- Merge pull request #6338 from JakubOnderka/password-reset-absolute. + [Jakub Onderka] + + fix: [UI] Custom password reset link is absolute +- Merge pull request #6334 from JakubOnderka/role-typo-fix. [Jakub + Onderka] + + fix: [internal] Typo in perm name +- Merge pull request #6330 from JakubOnderka/event-creator. [Jakub + Onderka] + + chg: [UI] Show event creator for users from event org +- Merge pull request #6331 from RichieB2B/ncsc-nl/spaces. [Andras + Iklody] + + Remove extraneous spaces from E-mail subject +- Remove extraneous spaces from E-mail subject. [Richard van den Berg] +- Merge remote-tracking branch 'origin/2.4' into feature-event-report. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6328 from JakubOnderka/role-ui-full-label. [Jakub + Onderka] + + chg: [UI] Show full title for role permission +- Merge pull request #6090 from JakubOnderka/tlp-uppercase. [Jakub + Onderka] + + chg: [mail] Refactor email generating +- Merge pull request #6327 from JakubOnderka/fix-object-conditons-vol2. + [Jakub Onderka] + + fix: [internal] Conditions when object distribution is set to org only +- Merge pull request #6326 from JakubOnderka/fix-object-conditions. + [Jakub Onderka] + + Fix object conditions +- Merge branch 'event_recovery' into 2.4. [iglocska] +- Merge branch '2.4' into event_recovery. [iglocska] +- Merge pull request #6325 from rmkml/2.4. [Alexandre Dulaunoy] + + fix #6266 vhash & +- Fix #6266 vhash & [rmkml] +- Merge pull request #6322 from JakubOnderka/invalid-uuid-message. + [Jakub Onderka] + + chg: [internal] Invalid message for UUID contains that UUID must be RFC 4122 +- Merge pull request #6315 from eschultze/2.4. [Alexandre Dulaunoy] + + Fix id 117 column number +- Fix id 117 column number. [eschultze] +- Merge branch 'event_recovery' of github.com:MISP/MISP into + event_recovery. [iglocska] +- Merge branch 'event_recovery' of github.com:MISP/MISP into + event_recovery. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into event_recovery. + [iglocska] +- Merge branch '2.4' into event_recovery. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' into event_recovery. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into feature-event-report. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-event-report. + [mokaddem] + + +v2.4.132 (2020-09-15) +--------------------- + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [queryversion] Bumped. [mokaddem] +- [bootstrap-datepicker] Updated to version 1.9.0. [mokaddem] +- [appmodel] New entry to create an upper bound for the unwanted action + through login. [mokaddem] + + This will be used by recovery scripts +- [sightings] anonymise pushed sightings using new + Sightings_anonymise_as setting. [Richard van den Berg] +- [events] Make sure the fetched form is hidden. [mokaddem] +- [events] Index table delete buttons switch to fetch then post. + [mokaddem] +- [internal] Better error handling when pushing event to remote server. + [Jakub Onderka] +- [internal] Ensure that UUID is always lowecase and real UUID. [Jakub + Onderka] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [users] Avoid POSTing forms not linked to the login page resulting in + unwanted actions. [mokaddem] + + - As reported by Michael Kerscher +- [tag filters] fixed a bug introduced with the previous filter fix, + resulting in multiple OR tags being ignored as a valid filter. + [iglocska] +- [Server] only push events/sightings when selected. [Richard van den + Berg] +- [cleanup] [iglocska] +- [cleanup] [iglocska] +- [string concat] fix. [iglocska] +- [cleanup] debug. [iglocska] +- [internal] Correctly handle positive tag filters for non site admins. + [iglocska] + + - tag filters were ignored incorrectly when it was a positive lookup +- [internal] Nonsense index names. [Jakub Onderka] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Bumped db_schema. [Sami Mokaddem] +- Merge branch 'fix-login' into 2.4. [mokaddem] +- Merge pull request #6310 from RichieB2B/ncsc-nl/selective-push. + [Andras Iklody] + + Only push events/sightings when selected for server +- Merge pull request #6308 from RichieB2B/ncsc-nl/anonymise-as. [Andras + Iklody] + + Anonymise pushed sightings +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6286 from JakubOnderka/push-error-handling. [Jakub + Onderka] + + chg: [internal] Better error handling when pushing event to remote se… +- Merge pull request #6272 from JakubOnderka/uuid-validation. [Jakub + Onderka] + + +v2.4.131 (2020-09-08) +--------------------- + +New +~~~ +- [types] pgp-public-key/pgp-private-key added. [iglocska] +- [internal] filter "type" added for the internal fetcher. [iglocska] + + - appends email as a type if email-src/email-dst are found +- [types] email added as a new type, affects #6281. [iglocska] +- [diagnostic] Check if database index is unique. [Jakub Onderka] +- [API] added count returnformat for the REST api, fixes #6233. + [iglocska] + + - simply counts the number of attributes/events found (on each respective scope) +- [ACL] event blacklisting fully opened up to host org users. [iglocska] + + - also added a new special permission for the ACL system host_org_user - which will evaluate whether the user is in the org configured in the MISP.host_org_id directive + +Changes +~~~~~~~ +- Bumped MISP objects latest version. [chrisr3d] +- [version] bump. [iglocska] +- [PyMISP] Bump version. [Raphaël Vinot] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [blocklist] Add comment for automatic event blocklist. [Jakub Onderka] +- [internal] Faster tag fetching for events. [Jakub Onderka] +- [internal] Little optimise Event::getRelatedAttributes. [Jakub + Onderka] +- [internal] Optimise Event::getRelatedEvents for non correlated events. + [Jakub Onderka] +- [internal] Optimise Event::__attachReferences method. [Jakub Onderka] +- [PyMISP] bump. [Alexandre Dulaunoy] +- [attributes] to_ids for new email type. [Alexandre Dulaunoy] +- [PyMISP] bump (due to describetypes) [Alexandre Dulaunoy] +- [attribute] pgp is not php ;-) [Alexandre Dulaunoy] +- [event] Deduplicate related events for extended view. [Jakub Onderka] +- [event] Deduplicate tags for extended view. [Jakub Onderka] +- [type] email-src/email-dst descriptions redefined. Also added email to + the person category. [iglocska] +- [OpenIOC] email type added to the export tool. [iglocska] +- [complex parser] added email as an option for parsed email addresses. + [iglocska] +- [openioc] added email type. [iglocska] +- [nids] added email type. [iglocska] +- [bro] added email type. [iglocska] +- Bumped queryversion. [Sami Mokaddem] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [db_schema] Updated schema to reflect the change with allowlist and + blocklist. [mokaddem] +- [misp.js] Correctly check if the variable exists before comparing. + [mokaddem] +- [misp.js] Make sure the selector path is a valid selection string. + [mokaddem] +- [jquery] Bumped jQuery to version 3.5.1. [mokaddem] +- [internal] Deduplicate code for event conditions. [Jakub Onderka] +- [internal] Much faster quick filter. [Jakub Onderka] +- [internal] Initialize Feed class just once. [Jakub Onderka] +- [internal] Unsetting SharingGroup is not necessary. [Jakub Onderka] +- [internal] Remove unused Event::getAccessibleEventIds. [Jakub Onderka] +- [internal] Remove duplicate event_creator_email fetching. [Jakub + Onderka] +- [internal] Simplified putting attributes to objects. [Jakub Onderka] +- [internal] Use faster fetcher for viewing sightings. [Jakub Onderka] +- [JS libraries] Updated to latest version. [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [internal] Using Allowedlist instead of Whitelist. [Golbark] +- [internal] Using blocklist instead of blacklist. [Golbark] +- [internal] Removed unused variables. [Jakub Onderka] +- [internal] Event::__escapeCSVField is not used. [Jakub Onderka] +- [internal] Event::generateRandomFileName just redefines AppModel + method. [Jakub Onderka] +- [internal] Validation issues are already checked by fetcher. [Jakub + Onderka] +- [internal] Warninglist::filterWarninglistAttributes takes just two + arguments. [Jakub Onderka] +- [event] Deduplicate attribute related tags. [Jakub Onderka] +- [db_schema_diagnostic] Do not display remediation queries if an update + is in progress. [mokaddem] +- Install poetry in home directory. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [stix import] Importing test mechanisms from indicators as yara rules. + [chrisr3d] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Made the globalVariables more flexible when you need to + override them. [Steve Clement] +- [internal] Optimise fetching sightings for object. [Jakub Onderka] +- [internal] Less SQL queries for event index page. [Jakub Onderka] +- [internal] Distribution is checked by SQL. [Jakub Onderka] +- [internal] Remove not necessary code. [Jakub Onderka] +- [internal] Remove unused code. [Jakub Onderka] +- [PyMISP] bump PyMISP. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [API] GET requests on restsearch with no parameters are no longer + allowed. [iglocska] + + - warn the user of the use of GET queries with posted JSON bodies +- [UI] Nicer selector for attribute search. [Jakub Onderka] +- [correlation] Fetch just necessary fields. [Jakub Onderka] +- [cleanup] removed duplicate check in beforefilter() of the + eventblacklists controller. [iglocska] + +Fix +~~~ +- [widgets] Adding images by default on the repository (#6298) [Loïc + Fortemps] +- [validation] relaxed first/last/middle name validation. [iglocska] +- [objects] edit fails due to invalid URLs used fixed. [iglocska] +- [internal] fix to various CLI commands breaking on the IP field in the + log table not having a default value, fixes #6263. [iglocska] +- [internal] Fetch related events for merged events just when necessary. + [Jakub Onderka] +- [db_schema] Missing index for feeds.orgc_id. [Jakub Onderka] +- [UI] Blocklist mass delete. [Jakub Onderka] +- [UI] Event blocklist. [Jakub Onderka] +- Support IE with no template literal support. [Tom King] +- [internal] Respect ACL for event attribute search. [Jakub Onderka] +- [stix2 import] Quick fix on external indicator parsing. [chrisr3d] + + - Specifying the indicator version while testing + if the object is an indicator to avoid issues + - Also added a small warning message for debugging + purposes when we face issues to parse the + pattern types +- [stix2 import] Making sure we do not lose the event uuid. [chrisr3d] +- [stix2 import] Removed useless test in relationships parsing. + [chrisr3d] +- [stix2 import] Fixed external patterns parsing. [chrisr3d] + + - Avoiding brackets to be imported with the type + and value within attributes + - Going with 55095910c +- [API] blocklist behaviour index via the API returns empty list. + [iglocska] + + - fixed +- [stix2 import] Fixed external pattern types parsing. [chrisr3d] + + - Avoiding issues with patterns containing parts + within brackets and separated by OR statements + giving results like "[file" instead of "file" +- [cluster:index] Prevent highlighting non existing JSON. [mokaddem] +- [popovers] Prevent closing inexisting popovers. [mokaddem] +- [userSettings:set_home_page] Added missing view file. Fix #6245. + [mokaddem] +- [serverShell:cacheFeeds] Correct usage of __n function. Fix #6238. + [mokaddem] +- [appmodel] Create indexes after the column has been added. [mokaddem] +- [stix import] Handling potential key errors with test mechanism types. + [chrisr3d] +- [otp] Allow to send encrypted OTP by mail. [Jakub Onderka] +- [stix import] Preventing external observables & ttps parsing to fail. + [chrisr3d] + + - Testing if observables have properties before + trying to parse observable properties + - Catching exceptions when ttps cannot be parsed + - Should fix #6250 +- [internal] loading a missing proposal attachment leads to an + exception. [iglocska] + + - should be silently logged and notice error sent +- [enrich event] Typo. [chrisr3d] +- [enrich event] Avoid freetext results to end up lost in the + interstellar space of orphaned attributes with no event_id. [chrisr3d] +- [tag] Show correct count of tag attributes and events. [Jakub Onderka] +- [UI] Event attribute filters works again. [Jakub Onderka] +- [JS] Issue #6226 when adding object reference. [Jakub Onderka] +- [JS] broken URLs due to the baseurl refactor. [iglocska] + + - no need to prepend URLs taken from the forms themselves directly. +- [internal] Remove unused compositeTypes variable. [Jakub Onderka] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #6297 from JakubOnderka/fix-merging-events. [Jakub + Onderka] + + fix: [internal] Fetch related events for merged events just when necessary +- Merge pull request #6296 from JakubOnderka/2.4. [Jakub Onderka] + + fix: [db_schema] Missing index for feeds.orgc_id +- Merge pull request #6293 from JakubOnderka/event-blocklist-view-fix. + [Jakub Onderka] + + Event blocklist view fix +- Merge pull request #6208 from JakubOnderka/faster_attach_tags. [Jakub + Onderka] +- Merge pull request #6288 from JakubOnderka/reference-optimisation. + [Jakub Onderka] + + chg: [internal] Optimise Event::__attachReferences method +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6179 from denny-lclin/fix/variable-name-typo. + [Christian Studer] + + [stix1 export] fix some variables' typo +- [stix1 export] fix some variables' typo. [Denny Lin] +- Merge pull request #6259 from + JakubOnderka/extended_view_deduplication. [Jakub Onderka] + + Extended view deduplication +- Merge branch 'email_type' into 2.4. [iglocska] +- Merge branch 'js-libs-update' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into js-libs-update. + [mokaddem] +- Merge pull request #6282 from tomking2/bug/IE-support. [Andras Iklody] + + fix: Support IE with no template literal support +- Merge pull request #6254 from JakubOnderka/unique_index_diagnostic. + [Jakub Onderka] + + new: [diagnostic] Check if database index is unique +- Merge pull request #6274 from + JakubOnderka/acl_filter_attribute_values. [Jakub Onderka] + + fix: [internal] Respect ACL for event attribute search +- Merge branch '2.4' of github.com:MISP/MISP into js-libs-update. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into js-libs-update. + [mokaddem] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6219 from JakubOnderka/event-small-optim. [Jakub + Onderka] + + Event small optim +- Merge pull request #6271 from JakubOnderka/faster_quick_filter. [Jakub + Onderka] + + chg: [internal] Much faster quick filter +- Merge pull request #6265 from JakubOnderka/not-necessary-code-vol2. + [Jakub Onderka] + + Remove not necessary code vol2 +- Fixup! chg: [internal] Simplified putting attributes to objects. + [Jakub Onderka] +- Merge pull request #6268 from JakubOnderka/sightings-faster-fetcher. + [Jakub Onderka] + + chg: [internal] Use faster fetcher for viewing sightings +- Merge pull request #6267 from Golbark/rename_bl. [Andras Iklody] + + Rename blacklist and whitelist to alternatives +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6264 from JakubOnderka/not-necessary-code. [Jakub + Onderka] + + Remove not necessary code +- Merge branch 'fix-6249' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-6249. [mokaddem] +- Merge pull request #6262 from JakubOnderka/deduplicate_related_tags. + [Jakub Onderka] + + chg: [event] Deduplicate attribute related tags +- Merge pull request #6258 from MISP/travis_poetry. [Raphaël Vinot] + + chg: Install poetry in home directory +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6214 from JakubOnderka/otp-encryption. [Jakub + Onderka] + + fix: [otp] Allow to send encrypted OTP by mail +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6241 from SteveClement/tools. [Steve Clement] + + chg: [installer] Made the globalVariables more flexible +- Merge pull request #6203 from JakubOnderka/tag-count. [Andras Iklody] + + Show proper number of attributes and events for tags +- Event ID translation feature (#6212) [Loïc Fortemps] + + * new: [sync] Event ID translation between sync servers +- Merge pull request #6237 from jtdroste/expanded-ip-logging. [Andras + Iklody] + + new: Add the ability to customize the IP header field when logging +- Add the ability to customize the IP header field when logging. [James + Droste] +- Merge pull request #6234 from JakubOnderka/event-filters-fix. [Jakub + Onderka] + + fix: [UI] Event attribute filters works again +- Merge pull request #6230 from JakubOnderka/event-small-optim-simple. + [Jakub Onderka] + + Small optimisation for event index page +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6228 from JakubOnderka/fix-6226. [Jakub Onderka] + + fix: [JS] Issue #6226 when adding object reference +- Merge pull request #6225 from rmkml/2.4. [Alexandre Dulaunoy] + + add SHA3 Hash on Attribut.php +- Add SHA3 Hash on Attribut.php. [rmkml] +- Feature/achievements widget (#6129) [Christophe Vandeplas, Loïc + Fortemps, Steve Clement] + + * Additionnal protection against XSS, the response type defaults to html while it should be JSON. + * new: widget: Achievements widget + * Update AchievementsWidget.php + * Update AchievementsWidget.php + * Visual adjustments, new badges + * i18n + * indentation to MISP convention + * AchievementsWidget minor textual improvements + * Optimized query and fix issue with i18n +- Merge pull request #6221 from cudeso/2.4. [Alexandre Dulaunoy] + + MISP-SNMP Monitor script +- Add SNMP configuration snippet. [Koen Van Impe] +- MISP-SNMP Monitor script. [Koen Van Impe] + + Script to return statistics which can be picked up via SNMP. + Post for monitoring with Cacti (inspired by OpenNSM) will follow + shortly. +- Merge remote-tracking branch 'MISP/2.4' into 2.4. [Koen Van Impe] +- Merge pull request #6200 from JakubOnderka/us-attr-search. [Jakub + Onderka] + + chg: [UI] Nicer selector for attribute search +- Merge pull request #6222 from JakubOnderka/correlation-fetch-optim. + [Jakub Onderka] + + chg: [correlation] Fetch just necessary fields +- Merge pull request #6220 from obert01/fix-accessibility. [Andras + Iklody] + + A few accessibility fixes for users of screen readers +- A few accessibility fixes for users of screen readers: - Added aria + label and role for the representation of booleans in generic index + tables, - Fixed Aria label for actions in generic index tables, - Set + titles for actions in the admin user index table, - Added a few + missing aria labels in the global menu. [Olivier BERT] + + +v2.4.130 (2020-08-20) +--------------------- + +New +~~~ +- [internal] cache tags instead of loading them over and over via the + event fetcher, fixes #6201. [iglocska] + + - should speed things up for exports of datasets that have a lot of recurring tags + - moved the caching of some internals to the appmodel level to make it more generic +- [internal] Support autocrypt when sending e-mails. [Jakub Onderka] +- [internal] 'GnuPG.obscure_subject' option to not send unencrypted + subject. [Jakub Onderka] +- [internal] Log if e-mail was send encrypted or not. [Jakub Onderka] +- [administration] lightweight slow query log analysis added. [iglocska] + + usage: /var/www/MISP/app/Console/cake Statistics analyse_slow_logs [path_to_slow_log] +- [widgets] Additional widgets for sharing statistics and layouts. + [Golbark] +- Allow tag deletion for an event on update. [Tom King] +- Allow for attribute tag deletion via Event or Attribute edit. Clean + and return the attribute tags on response from editing an attribute, + update code to remove legacy. [Tom King] +- [UI] Show event preview when merging. [Jakub Onderka] +- [attribute] Add support for IDN domains. [Jakub Onderka] +- [opt] Added non interactive place holder. [Steve Clement] +- New: [freetext] Convert `[at]` to `@` and `hxtp` and `htxp` to `http` + [Jakub Onderka] + + Fixes #4908 and #4805 + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] Bump tag. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [correlation] Use less memory when generating correlation. [Jakub + Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Break loop when match is found. [Jakub Onderka] +- [UI] Nicer tag removal confirmation. [Jakub Onderka] +- [internal] Reuse AttachmentTool instance. [Jakub Onderka] +- [internal] Generate event date even if attachments doesn't exists. + [Jakub Onderka] +- [internal] Move attachment handling to one place. [Jakub Onderka] +- [mail] Initialize GPG just once. [Jakub Onderka] +- [mail] Simplified Message-ID generation. [Jakub Onderka] +- [internal] Move GPG initialization to GpgTool. [Jakub Onderka] +- [test] Set correct setting for GPG. [Jakub Onderka] +- [internal] Protect also Reply-To header. [Jakub Onderka] +- [internal] Protect also Date header. [Jakub Onderka] +- [internal] Refactor S/MIME certificate validation. [Jakub Onderka] +- [internal] Rework email sending. [Jakub Onderka] +- [test] Show all logs from /app/tmp/logs/ folder. [Jakub Onderka] +- [test] Do not show progress for composer. [Jakub Onderka] +- [test] Show generated gpg keys. [Jakub Onderka] +- [test] Remove dist-upgrade to speed up build. [Jakub Onderka] +- [test] Run apt-get install just once to speed up build. [Jakub + Onderka] +- [doc] Added php-zip. [Steve Clement] +- [internal] Update correlations in one query. [Jakub Onderka] + + Before, for every event saving action, four queries for updating correlations were generated +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [CLI] Allow to fetch remove event by UUID. [Jakub Onderka] +- [internal] Refactor Server::getEventIdsFromServer. [Jakub Onderka] +- [internal] stub for a simple caching mechanism for recurring queries. + [iglocska] +- [users:login] No longer fetch login form multiple times. - Reverted + monkey patch - Removed the onclick listener responsible to calling the + function twice. [mokaddem] +- [posts] Allow to add comment to any user that can see event. [Jakub + Onderka] +- [UI] Do not exclude local tags when viewing event. [Jakub Onderka] +- [UI] Allow to add local galaxy for non host org user. [Jakub Onderka] +- [proposals:index] Migrated index to the factory index. [mokaddem] +- [api] fixed restresponse for blacklists. [iglocska] +- [feed] Better exception messages for invalid JSON. [Jakub Onderka] +- Bump PyMISP. [Raphaël Vinot] +- [users:login] Removed duplicated submit button. [mokaddem] +- Bumped queryversion. [mokaddem] +- [tags:attachTagToObject] Support array of tags. Fix #5534. [mokaddem] +- [misp.js] Applied codefactor comments. [mokaddem] +- [objects:edit] Typo in comments. [mokaddem] +- [objects:edit] Replaced usage of cookie with session. [mokaddem] +- [objects:edit] Merge data is passed via cookies instead of the URI. + [mokaddem] +- [attributes:massEditForm] Pass attributes ids to be edited via POST. + [mokaddem] + + Fix #5500 +- [internal] Initialize UserSetting just when needed. [Jakub Onderka] +- [users:acceptRegistration] Displays an error message if saved failed + Fix #6134. [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP, fix test. [Raphaël Vinot] +- [event:freetextImport] Usage of primaryOnlyCorrelatingTypes and limit + the number of correlations displayed. [mokaddem] +- [internal] Faster loading sighting. [Jakub Onderka] +- [internal] Small controller cleanup. [Jakub Onderka] +- [warning-lists] major update. [Alexandre Dulaunoy] +- [correlations] Faster loading related attributes. [Jakub Onderka] +- [UI] Side menu optimisations and cleanup. [Jakub Onderka] +- [feed] Use less memory when parsing CSV feeds. [Jakub Onderka] +- [internal] Better error handling for JSON decoding. [Jakub Onderka] +- [UI] Add proposal form refactor. [Jakub Onderka] +- Bump PyMISP. [Raphaël Vinot] +- [attributeTag:handleAttributeTags] Removed useless conditions. + [mokaddem] +- [AttributeTags:handleAttributeTags] More generic way to handle capture + and association. [mokaddem] +- [attribute] Added tag handling when saving attributes and objects. + [mokaddem] +- [tag] Support of untagging in Object's Attribute and other fixes. + [mokaddem] + + - deleted: 0 is correctly handled + - stopped usage of `editAttribute` from Attribute Controller +- [attribute:editAttribute] Uage of `editableFields` instead of + hardcoded array. [mokaddem] +- [object] Avoid notices if some object attributes fields are not set. + [mokaddem] +- [object:edit] Allow deleting objects by passing `deleted` flag. + [mokaddem] + + Fix #6024 +- [stix2 export] Avoiding testing the same field twice. [chrisr3d] + + - Following #6132 recently merged, which avoids + potential KeyError exceptions, thanks to + @denny-lclin +- [internal] Faster generating correlations when enabling for event by + toggle. [Jakub Onderka] +- [UI] Wait 100 ms before showing event info. [Jakub Onderka] +- [UI] Add link to event in event info. [Jakub Onderka] +- [internal] Better job progress and status logging. [Jakub Onderka] +- [requirements] Aligning requirements file with Pipfile regarding stix + library requirements. [chrisr3d] +- Bumped latest misp-opendata updates. [chrisr3d] +- [events:index] Renamed `org` into `creator org`. Fix #6012. [mokaddem] +- [opendata export] Support of the search functionality + fixed url + parameter used in the delete feature. [chrisr3d] +- [internal] Faster checking if warninglist already exists for event. + [Jakub Onderka] +- [internal] Initialize FinancialTool just when necessary. [Jakub + Onderka] +- [misp-opendata] Bumped latest version. [chrisr3d] +- [freetext] Various code fixes and optimisations. [Jakub Onderka] +- [internal] More tests for ComplexTypeTool::checkFreeText. [Jakub + Onderka] +- [internal] Simplified ComplexTypeTool::checkFreeText. [Jakub Onderka] +- [opendata export] Parsing portal url parameter + slight parameters + parsing changes. [chrisr3d] + + - As the possibility of specifying the url of the + Open data portal to use instead of the default + one, we support here this parameter and adapt + the way we build the command that will launch + the python script + - Slight changes to replace some isset tests by + empty tests to make sure the concerned fields + are not only set, but also contain a value +- [diagnostic] Updated required stix2 library version. [chrisr3d] + +Fix +~~~ +- [internal] Syntax error in bootstrap.default.php. [Jakub Onderka] +- [invalid element reference] element filepath was incorrectly treated + as a url. [iglocska] +- [UI] Show correct options in menu. [Jakub Onderka] +- [internal] Notice when adding tag to collection. [Jakub Onderka] +- [security] Check tag restriction for collection tags. [Jakub Onderka] +- [security] Check tag restriction for attribute tags. [Jakub Onderka] +- [security] Check tag restriction for event tags. [Jakub Onderka] +- [attachment] Do not fetch attachment when accepting deletion proposal. + [Jakub Onderka] +- [UI] Showing image thumbnail. [Jakub Onderka] +- [test] Use two spaces to pass the test. [Jakub Onderka] +- [internal] Throw exception if invalid event for contact method is + provided. [Jakub Onderka] +- [test] Set GnuPG.email variable. [Jakub Onderka] +- [internal] Fix undefined index notices. [Jakub Onderka] +- [test] GPG homedir permission. [Jakub Onderka] +- [internal] SendEmail exceptions message and logging. [Jakub Onderka] +- [internal] Do not leak IP address in Message-ID. [Jakub Onderka] +- [internal] Throw exception when invalid event id provided for contact + email. [Jakub Onderka] +- [intrernal] Undefined index: Organisation notice. [Jakub Onderka] +- [cli] Show error when invalid user ID provided. [Jakub Onderka] +- [test] Install missing python3-redis package. [Jakub Onderka] +- [test] Show error and debug logs also after success test. [Jakub + Onderka] +- [test] Start workers under www-data group. [Jakub Onderka] +- [doc] Amended CentOS8 install doc. Removed ssdeep, not working + anymore. [Steve Clement] +- [events:queryEnrichment] Recovers tag colour. [mokaddem] + + - Fix #6186 +- [security] Check if user can access sharing group when uploading + attachment. [Jakub Onderka] +- [UI] Bad merge for mass edit form. [Jakub Onderka] +- [proposals] Downloading proposal attachment. [Jakub Onderka] +- [ACL] Allow proposal author to discard it. [Jakub Onderka] +- [security] Respect ACL for freetext import. [Jakub Onderka] +- [security] Throw exception if invalid data provided. [Jakub Onderka] +- [ACL] Use common methods for ACL when editing object reference. [Jakub + Onderka] +- [ACL] Unpublished private for object do not apply for site admin. + [Jakub Onderka] +- [security] Sharing groups for objects respect permissions. [Jakub + Onderka] +- [tags] Show just tags that user can really use. [Jakub Onderka] +- [security] Respect ACL for proposals. [Jakub Onderka] +- [proposals] Respect unpublished private event when loading proposals. + [Jakub Onderka] +- [internal] Check `allow_disabling_correlation` before correlation + toggle. [Jakub Onderka] +- [security] ACL check when loading ajax tags. [Jakub Onderka] +- [security] ACL check when adding or removing tags. [Jakub Onderka] +- [security] ACL check when editing multiple event attributes. [Jakub + Onderka] +- [security] Respect ACL when event edit. [Jakub Onderka] +- [stix import] Better TTPs parsing for external STIX. [chrisr3d] +- [stix import] Fixed parameter determining if a ttp should be handled + as attribute/object or as galaxy. [chrisr3d] +- [stix export] Adding Vulnerability objects created out of attributes + to the list of leveraged ttps. [chrisr3d] +- [stix import] Same change for external indicator as we just did for + external observables. [chrisr3d] + + - We also changed the code comments to make them clearer +- [stix import] Handling the case of multiple attributes returned from + the parsing. [chrisr3d] + + - If we get a list of actual attributes, we then + handle the MISP object case, otherwise it means + it is simply a list of attribute values, and we + add as many attributes as there are values +- [stix import] Splitted threat actors import parsing. [chrisr3d] + + - We now have specific a threat actors parsing for + external STIX data, since the structure of the + threat actor objects may not always be the same + - Parsing threat actors from STIX documents + produced with MISP remains the same +- [stix import] Using generic Exception instead of specific ones to + handle the results of the attribute parsing. [chrisr3d] + + - A lot of different exception types may be raised + while parsing external stix data +- [zmg] failing to publish to the ZMQ channel when MISP.org is invalid + fixed, fixes #6174. [iglocska] + + - use the host org ID + - if it's not set (should never happen), just take the lowest ID org +- [login] endless blackholeannoyance fixed via monkey-patch. [iglocska] +- [API] org blacklist copy pasta preventing additions of entries fixed. + [iglocska] +- [api] minor fix to the blacklist responses. [iglocska] +- [API] blacklisting - don't throw 500 when no valid input is presented + on the add interface. [iglocska] +- [feed] Make HttpSocket instance optional for local feeds. [Jakub + Onderka] +- [ACLComponent] Updated permissions. [mokaddem] +- [attributes] Do not override unlockedActions anymore. [mokaddem] +- [attributes:massEditForm] Invalid conditions fixed and performances + improvements. [mokaddem] +- [attributes:massEditForm] Check if event exists. [mokaddem] +- [users:login] Blackhole on login screen. [mokaddem] + + Fetch, fill and submit a fresh form on login avoiding blackholes due to + expired form token +- [blacklists] fixed add event blacklist via API calls. [iglocska] +- [internal] older PHP still not happy with the return from a generator. + [iglocska] +- [db_schema] Added feeds.orgc_id in the index. [mokaddem] + + Fix #5838 +- [internal] make ancient PHP versions happy. [iglocska] +- [users:edit] Reset AUTHKey via interface. [mokaddem] + + Fix #6082 +- [unicode] Temporarily escape 4 byte characters until we move the + attribute value fields to mb4, fixes #5123. [iglocska] + + - fixes sync/feed issues related to 4 byte unicode characters +- [administration] added missing column. [iglocska] +- [administration] fixed var name. [iglocska] +- [object:edit] Updating an object to a new template acutally save the + template version Fix #6083. [mokaddem] +- [pull] Check if url_params in pull filter is empty string. [Jakub + Onderka] +- [UI] clearer sync error message for no sync privileges. [iglocska] +- [internal] Throw NotFoundException for non exists UUID. [Jakub + Onderka] +- [UI] Missing echo for decay score table header. [Jakub Onderka] +- [internal] Feed controller cleanup. [Jakub Onderka] +- [UI] Remove PHP warnings from side_menu_link.ctp. [Jakub Onderka] +- [stix export] Fixed child-pid attributes export that used to make the + process object export fail. [chrisr3d] +- [attribute:editableFields] Typo in variable name. [mokaddem] +- [attributes:edit] Correct error previsouly merged when importing code. + [mokaddem] +- [stix import] Fixed the remaining failing object references. + [chrisr3d] +- [stix import] Fixed references between file, pe & pe-section obects + + moved mapping dict to the mapping script. [chrisr3d] +- [object:edit] Correctly set the SG of the added new attributes Fix + #6025. [mokaddem] +- [objects:edit] Returns the latest state of the object if it were + deleted. [mokaddem] +- [attribute] Allow editing attributes. [mokaddem] + + Added raw values fields in the `editableFields` +- [sync] drop the republishing of events when the modification is merely + a timestamp bump. [iglocska] + + - due to an already fixed issue still lingering, invalid event edits keep getting synchronised between instances + - these events still generate publish alerts erroneously + + - this fix compares the previous state of the event to the modification, if there are no material changes (attributes, objects, object relations, event tags added/updated) then the publishing is dropped. +- [stix import] Fixed port in ip-port objects import to lose src and dst + context. [chrisr3d] +- [stix export] Fixed the slight difference between parsing x509 + fingerprint attributes and x509 objects. [chrisr3d] +- [stix export] Fixed x509 fingerprint attributes export & moved mapping + dictionaries to the mapping script. [chrisr3d] + + - Only the x509-fingerprint-sha1 attribute was + exported, and as a standard sha1 attribute, + which was a loss of context, now the x509 + fingerprint attributes (md5, sha1 & sha256) are + exported as expected within a x509 observable + - Also moved the mapping dictionaries with the + appropriate indent to the mapping script, where + they should belong +- [stix export] Fixed pep8 & changed indentation for better readability. + [chrisr3d] +- [attribute:edit] Prevent the edition of system reserved fields. + [mokaddem] +- [feed:importFreeText] Make sure to update the timestamp when soft- + deleting after delta-merge. [mokaddem] + + Fix #6013 +- [events:index] Do not show events if org doesn't belong to the SG. + [mokaddem] + + Event belonging to an organisation which is not + included in the sharing group assigned to the event will not see the + event on the index anymore. + Fix #6033 + Fix #6107 +- [feed] Accept more text content. Fix #5969. [mokaddem] +- [stix import] Importing single vulnerability attributes as + vulnerability and not as text. [chrisr3d] +- [sync] internal sync now correctly syncs local tags. [iglocska] + + - also fixes a notice about a missing tag in the sync +- [galaxyClusters:view] Fixed full_group_by issue when viewing the + galaxy matrix. [mokaddem] +- [UI] Show proper menu when editing event info. [Jakub Onderka] +- [attributes:massEdit] proposal option not by default. [Christophe + Vandeplas] + + this way we do not change the default behavior which was changed in commit 9b33476eedd184bc46665aaae57533ddcf35e5f7 +- [proposals] Delete proposals for object attributes. [Jakub Onderka] +- Minor typo. [Christophe Vandeplas] +- [installer] Installer was broken, now fixed. [Steve Clement] +- [bug] Check for non-existen directory fails if exists. [Steve Clement] +- [internal] Remove unused Event::setSimpleConditions method. [Jakub + Onderka] +- [internal] Remove unused CidrComponent and CIDRTool classes. [Jakub + Onderka] +- [correlations] Purge ssdeep table after attribute delete. [Jakub + Onderka] +- [audit] Show all attribute changes in event history. [Jakub Onderka] +- [internal] Do not check event existence twice. [Jakub Onderka] +- [internal] Reduce number of regexp in refang table. [Jakub Onderka] +- [freetext] Handle IPv6 and punycode domains when import. [Jakub + Onderka] +- [security] xss fix missing part of solution. [iglocska] + + - the previous fix to the xss in the homepage setter was lacking the controller changes due to a partial commit (#bf4610c947c7dc372c4078f363d2dff6ae0703a8) + + - as originally discovered by Mislav Božičević + - persistence of the vulnerability after the lacking fix reported by DIEGO JURADO PALLARES from Ciberinteligencia +- [opendata export] Adding auth param in the python command only if not + empty. [chrisr3d] + +Other +~~~~~ +- Merge pull request #6204 from JakubOnderka/2.4. [Jakub Onderka] + + fix: [internal] Syntax error in bootstrap.default.php +- Merge branch 'baseurl' into 2.4. [iglocska] +- Syntax check and fix. [Vito Piserchia] +- Recover from upstream version missing bits. [Vito Piserchia] +- Recover from upstream version missing bits. [Vito Piserchia] +- Merge remote-tracking branch 'upstream/2.4' into baseurl-patch. [Vito + Piserchia] +- Rebase continue. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- Fix genericPopup. [johndoe] +- Use this here. [johndoe] +- Use this here. [johndoe] +- Rebase continue. [Vito Piserchia] +- Fix rebase. [johndoe] +- Fix rebase. [johndoe] +- Fix rebase. [johndoe] +- Fix rebase. [johndoe] +- Fix rebase. [johndoe] +- Fixed Codacy warnings. [Léarch] +- Corrected redirections. [Léarch] + + See the following for an explanation: + https://stackoverflow.com/questions/6836990/how-to-get-complete-current-url-for-cakephp#comment11184149_6875310 +- Rebase continue. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- Fix rebase. [johndoe] +- Rebase continue. [Vito Piserchia] +- Added missed variable declaration. [Vito Piserchia] +- Improve code quality. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- Fix genericPopup. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- Fix baseurl use to view organizations. [Léarch] +- Fixed Codacy warnings. [Léarch] +- Corrected redirections. [Léarch] + + See the following for an explanation: + https://stackoverflow.com/questions/6836990/how-to-get-complete-current-url-for-cakephp#comment11184149_6875310 +- Rebase continue. [Vito Piserchia] +- Rebase continue. [Vito Piserchia] +- More merge fixes. [Vito Piserchia] +- Resolve merge. [Vito Piserchia] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6176 from JakubOnderka/fix-menu. [Jakub Onderka] + + fix: [UI] Show correct options in menu +- Merge pull request #6202 from rmkml/2.4. [Andras Iklody] + + add vhash (VirusTotal Hash) on Attribut.php +- Add vhash (VirusTotal Hash) on Attribut.php. [rmkml] +- Merge pull request #6199 from JakubOnderka/generate-correlation- + memory. [Jakub Onderka] + + chg: [correlation] Use less memory when generating correlation +- Merge pull request #6196 from JakubOnderka/event-tags. [Jakub Onderka] + + Event tag adding and removing +- Fixup! chg: [UI] Nicer tag removal confirmation. [Jakub Onderka] +- Merge pull request #5865 from JakubOnderka/attachment_tool. [Jakub + Onderka] + + chg: [internal] Move attachment handling to one place +- Merge pull request #5240 from JakubOnderka/patch-43. [Jakub Onderka] + + chg: [internal] Refactor e-mail sending +- Merge pull request #6192 from JakubOnderka/notices-fix. [Jakub + Onderka] + + Notices fixes +- Merge pull request #6191 from JakubOnderka/travis-fixes-vol2. [Jakub + Onderka] + + Travis fixes vol2 +- Merge pull request #6190 from JakubOnderka/travis-fixes. [Jakub + Onderka] + + Travis fixes +- Merge pull request #6187 from SteveClement/guides. [Steve Clement] +- Merge pull request #5948 from JakubOnderka/update-correlations. [Jakub + Onderka] + + chg: [internal] Update correlations in one query +- Merge pull request #6001 from JakubOnderka/get-events-refactoring. + [Jakub Onderka] + + chg: [internal] Refactor Server::getEventIdsFromServer +- Merge pull request #6181 from JakubOnderka/checek-sg-perm. [Jakub + Onderka] + + fix: [security] Check if user can access sharing group when uploading… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6178 from JakubOnderka/fix-mass-edit. [Jakub + Onderka] + + Fix mass edit +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #6175 from JakubOnderka/shadow-fix. [Jakub Onderka] + + Shadow fix +- Merge pull request #6172 from JakubOnderka/freetext-import-acl2. + [Jakub Onderka] + + fix: [security] Respect ACL for freetext import +- Merge pull request #6136 from JakubOnderka/acl-can-modify-chekcs. + [Jakub Onderka] + + fix: [security] Respect ACL when event edit +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6156 from JakubOnderka/feed-httpsocket-optional. + [Jakub Onderka] + + fix: [feed] Make HttpSocket instance optional for local feeds +- Merge pull request #6052 from stricaud/2.4. [Andras Iklody] + + Using json parser to parse json configuration output from cake +- Using json parser to parse json configuration output from cake. + [Sebastien Tricaud] +- Merge branch 'fix-no-more-login-blackhole' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-no-more-login- + blackhole. [mokaddem] +- Merge branch 'fix-mass-edit-form-with-post' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-mass-edit-form- + with-post. [mokaddem] +- Merge branch 'feature-5534' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-5534. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-5534. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-mass-edit-form- + with-post. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-mass-edit-form- + with-post. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #6154 from JakubOnderka/tags-fix. [Sami Mokaddem] + + chg: [internal] Initialize UserSetting just when needed +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'fix-align-object-with-latest-template' into 2.4. + [mokaddem] +- Merge pull request #6150 from JakubOnderka/2.4. [Jakub Onderka] + + fix: [pull] Check if url_params in pull filter is empty string +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'fix-freetext-correlation-improvements' into 2.4. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-freetext- + correlation-improvements. [mokaddem] +- Merge pull request #6148 from JakubOnderka/controller-cleanup. [Jakub + Onderka] + + chg: [internal] Small controller cleanup +- Merge pull request #6146 from JakubOnderka/toolbox-non-exists-uuid. + [Jakub Onderka] + + fix: [internal] Throw NotFoundException for non exists UUID +- Merge pull request #6144 from JakubOnderka/feeds-controller-cleanup. + [Jakub Onderka] + + fix: [internal] Feed controller cleanup +- Merge branch 'fix-update-tags-on-attribute-edit' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into fix-update-tags-on- + attribute-edit. [mokaddem] +- Merge pull request #5954 from JakubOnderka/get-related-attributes- + faster. [Jakub Onderka] + + chg: [correlations] Faster loading related attributes +- Merge pull request #6126 from JakubOnderka/side-menu-optim. [Jakub + Onderka] + + chg: [UI] Side menu optimisations and cleanup +- Merge pull request #6115 from JakubOnderka/freetext-fixes-vol2. [Jakub + Onderka] + + chg: [feed] Use less memory when parsing CSV feeds +- Merge pull request #6031 from JakubOnderka/json_error_handling. [Jakub + Onderka] + + chg: [internal] Better error handling for JSON decoding +- Merge pull request #6141 from JakubOnderka/proposal-form-refactor. + [Jakub Onderka] + + chg: [UI] Add proposal form refactor +- Add: [stix import] Support the import of port, command-line & image + attributes in process objects. [chrisr3d] +- Add: [stix export] Process objects export now supports port + attributes. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6142 from Golbark/feature/sharing_widgets. [Andras + Iklody] + + new: [widgets] Additional widgets for sharing statistics and layouts +- Add: [stix export] Process object export has been improved to support + image & command-line attributes. [chrisr3d] +- Merge branch 'feature/tags-deletion' into fix-update-tags-on- + attribute-edit. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into feature/tags-deletion. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr- + feature/tags_deletion. [mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into + feature/tags_deletion. [Tom King] +- Merge branch '2.4' into feature/tags_deletion. [Tom King] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch 'true-2.4' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6132 from denny-lclin/fix/key-error-in- + stix2-misp2stix2. [Christian Studer] + + fix: check Misp time fields exist before using them +- Check time fields exist before using them. [Denny Lin] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6131 from JakubOnderka/toggle-correlation-speedup. + [Jakub Onderka] + + chg: [internal] Faster generating correlations when enabling +- Merge pull request #6135 from JakubOnderka/merge_show_event_preview. + [Jakub Onderka] + + new: [UI] Show event preview when merging +- Merge pull request #6065 from JakubOnderka/job-progress. [Jakub + Onderka] + + chg: [internal] Better job progress and status logging +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6099 from JakubOnderka/idn-support. [Jakub + Onderka] + + new: [attribute] Add support for IDN domains +- Merge pull request #6112 from JakubOnderka/attr-fetch-optim. [Jakub + Onderka] + + Attr fetch optim +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6119 from MISP/JakubOnderka-patch-1. [Jakub + Onderka] + + fix: [UI] Show proper menu when editing event info +- Additionnal protection against XSS, the response type defaults to html + while it should be JSON. (#6118) [Loïc Fortemps] +- Merge pull request #6117 from JakubOnderka/delete-object-proposal. + [Jakub Onderka] + + fix: [proposals] Delete proposals for object attributes +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6116 from SteveClement/guides. [Steve Clement] +- Merge branch 'guides' of github.com:SteveClement/MISP into guides. + [Steve Clement] +- Merge pull request #6114 from JakubOnderka/remove-cidr. [Jakub + Onderka] + + fix: [internal] Remove unused CidrComponent and CIDRTool classes +- Merge pull request #5929 from JakubOnderka/fuzzy-purge. [Jakub + Onderka] + + fix: [correlations] Purge ssdeep table after attribute delete +- Merge pull request #6113 from JakubOnderka/freetext-fixes-vol2. [Jakub + Onderka] + + chg: [freetext] Various code fixes and optimisations +- Merge pull request #6085 from JakubOnderka/event_log_fix. [Jakub + Onderka] + + fix: [audit] Show all attribute changes in event history +- Merge pull request #6091 from JakubOnderka/existence-checking. [Jakub + Onderka] + + fix: [internal] Do not check event existence twice +- Merge pull request #6097 from JakubOnderka/freetext-fixes. [Jakub + Onderka] + + fix: [freetext] Handle IPv6 and punycode domains when import + + +v2.4.129 (2020-07-13) +--------------------- + +New +~~~ +- [diag] Check if ZIP extension is installed. [Jakub Onderka] +- [merge] functionality reworked. [iglocska] + + - handle objects, tags, etc via @chrisr3d's module result parsing + - handle sharing groups correctly - as reported by Jakub Onderka + - using standardised fetchers internally + - API enabled (which will directly merge all contents of the source event into the target event) +- [event block rule system] added. [iglocska] + + - add simple tag filters to block events from being added. + - it will not stop a manual creation of an event with subsequent adding of the tag in a later stage + - it will however block synced events +- [statistics] shell added for the git codebase's contributor counters. + [iglocska] + + - to be extended with other similar tasks + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [stix2 library] Bumped latest version. [chrisr3d] +- [UI] Add attribute fixes. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [correlations] Faster checking if CIDR is IPv4 or IPv6 version. [Jakub + Onderka] +- [correlations] Just check if redis key exists. [Jakub Onderka] +- [feed] Faster freetext feed caching. [Jakub Onderka] +- [UI] Sort tags by name for server rules. [Jakub Onderka] +- [internal] Use tmp file fro Feed::getCache. [Jakub Onderka] +- [internal] Attribute REST search optimisations and error handling. + [Jakub Onderka] +- [internal] Simplify and optimise eventUI method. [Jakub Onderka] +- [warning-list] updated to the latest version. [Alexandre Dulaunoy] +- [ACL] Allow to access to fetchOrgsForSG and fetchServersForSG just + with perm_sharing_group. [Jakub Onderka] +- [users:resgister] Use the trimmed data instead. [mokaddem] +- [stix2] Bumped latest python stix2 library. [chrisr3d] +- [sightings] Check if sighting already exists before getting attribute + info. [Jakub Onderka] +- [sightings] Save one SQL query when saving sighting if event UUID is + given. [Jakub Onderka] +- [internal] Move getting sightings range to one place. [Jakub Onderka] +- [internal] Faster loading sightings if the same attribute is + requested. [Jakub Onderka] +- [statistics shell] added total commit count. [iglocska] + +Fix +~~~ +- [installer] Update to latest. [Steve Clement] +- [StixExport] suppress unlink warnings. [Richard van den Berg] +- [stix export] log stack trace on error, support 'AMBER NATO ALLIANCE' + TLP tags. [Richard van den Berg] +- [misp_retention] Support objects, use lists for build_complex_query() + [Richard van den Berg] +- [attributes] Possible duplicate attributes. [Jakub Onderka] +- [internal] Missing field for server model when editing event. [Jakub + Onderka] +- [stix2 import] Fixed some object reference issues. [chrisr3d] + + - With the newest PyMISP version, the object + references creation had to get some slight + changes: + - We add the referenced object in the event + before the add the reference between the 2 + objects, when it is possible + - ** has been removed while calling add_object + since we are adding already verified MISP + objects, and using ** was actually the reason + why the references were not present in the + objects when they had been created before the + referenced object were added to the event +- [stix2 import] Fixed Observable object type checking, following the + recent changes on the stix2 python library. [chrisr3d] +- [stix upload] Removed 'isset' already tested with 'empty' at the same + place. [chrisr3d] +- [stix2 import] Avoid duplication of original-imported-file objects + during the import process. [chrisr3d] + + - Duplication can happen when the result of the + import process is an event that already exists +- [security] setting a favourite homepage was not CSRF protected. + [iglocska] + + - a user could be lured into setting a MISP home-page outside of the MISP baseurl + - switched the endpoint to be CSRF protection enabled + + - as discovered by Mislav Božičević +- [opendata export] Fixed resource deletion query creation to avoid + silent syntax errors. [chrisr3d] +- [stix] Store synonymsToTagNames.json file in tmp folder. [Jakub + Onderka] +- [mail] Contacting only event creator. [Jakub Onderka] + + Fix sending e-mails in Contact Reporter for when 'Submit only to the person that created the event' is checked +- [mail] Contact reporter body. [Jakub Onderka] + + Do not send that GPG or Public key are sent as attachment, when user don't have them +- [proposals] re-edded the edit view for propsoals. [iglocska] +- [security] Remove ShadowAttributesController::{getProposalsByUuid,getP + roposalsByUuidList} [Jakub Onderka] + + These methods are not used, but they let sync users to access proposals for any event. +- [security] Remove + ShadowAttributesController::{fetchEditForm,editField} [Jakub Onderka] + + These methods are not used, but they allow to access attribute data without proper ACL checks. +- [MispObject] Do not unpublish synced events, fixes #4838. [Richard van + den Berg] +- [UI] Attribute category select. [Jakub Onderka] +- [internal] Do not try to access bool as array. [Jakub Onderka] +- [stix2 import] Better markings parsing for both created with MISP and + external STIX. [chrisr3d] +- [stix2 export] Fixed Markings export following the recent changes on + ListProperty. [chrisr3d] +- [sharingGroup:captureSharingGroup] Fix failing capture in case of + roaming mode. [mokaddem] + + - The server list check was incorrect + - When capturing, roaming mode was always defaulted to false + - The logs could not be written due to non-initialized class +- [acl] Added event block rule. [iglocska] +- [security] Check event ACL before allowing user to send event contact + form. [Jakub Onderka] +- [stix2 export] Fixed first_seen/last_seen field parsing. [chrisr3d] +- [returnAttributes] remap small cleanup. [iglocska] + + - no need to set xml as returnformat, it's the default based on the injected params +- [security] deprecated function with lacking ACL removed. [iglocska] + + - replaced deprecated, sharing group unaware, broken function with one that follows the documentation of the deprecated endpoint + - keeping it alive until we purge the deprecated ones in the move to MISP 3/next whatever + + - Thanks to Jakub Onderka for reporting it! +- [security] Insufficient ACL checks in the attachment downloader fixed + - Thanks to Jakub Onderka for reporting it. [mokaddem] +- [tag:checkForOverride] Catch if tag didn't have a numerical value + before the override. [mokaddem] +- [user:registration] Report field validations to the user. Fix #6072 + and #6073. [mokaddem] +- [stix2] Fixed conversion of object relations containing dots into + custom object values. [chrisr3d] + + - Also includes changes to support the import of + custom objects into MISP objects containing + object relations with dots, to avoid issues or + changes on the mapping +- [stix2] Fixed issue with custom object created from MISP object with + underscore in the name. [chrisr3d] + + - Includes fix to export the objects into custom + objects, and to import custom objects into MISP + objects back + - Should fix #6046 +- [UI] Fetching from not enabled feed should be error. [Jakub Onderka] +- [feed] Incorrect call in Feed::__saveEvent. [Jakub Onderka] +- [internal] Do not create empty link for anonymized org sighting. + [Jakub Onderka] +- [UI] Expanding attribute correlations on other pages. [Jakub Onderka] +- [stix2 export] Fixed datetime issue with the 'created' field of some + stix objects. [chrisr3d] + + - Following some changes on the python stix2 + library, that caused an issue with the previous + way we created the 'created' field +- [mail] Fix body of passwordReset/newUser emails. [Václav Bartoš] + + When MISP sends an email with new credentials, the body is generated from one of the configured templates - passwordResetText or newUserText. However, these two templates were swapped - the newUserText was used for password reset, while passwordResetText was used when new account is created. + + This commit fixes it. +- [internal] HTML code fix. [Jakub Onderka] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6110 from RichieB2B/ncsc-nl/unlink. [Andras + Iklody] + + fix: [StixExport] suppress unlink warnings +- Merge pull request #6109 from RichieB2B/nscc-nl/stixfix. [Andras + Iklody] + + fix: [stix export] log stack trace on error, support 'AMBER NATO ALLI… +- Merge pull request #6108 from RichieB2B/ncsc-nl/fix-retention. [Andras + Iklody] + + fix: [misp_retention] Support objects, use lists for build_complex_qu… +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6067 from JakubOnderka/fix-composite-type- + uniquenes. [Andras Iklody] + + fix: [attributes] Possible duplicate attributes +- Merge pull request #6069 from JakubOnderka/patch-119. [Andras Iklody] + + fix: [internal] Missing field for server model when editing event +- Merge pull request #6089 from JakubOnderka/add-attribute-ui-fixes. + [Andras Iklody] + + chg: [UI] Add attribute fixes +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #6071 from JakubOnderka/patch-120. [Andras Iklody] + + fix: [stix] Store synonymsToTagNames.json file in tmp folder +- Merge pull request #6070 from JakubOnderka/cidr-correlation-optim. + [Andras Iklody] + + Cidr correlation optim +- Merge pull request #6036 from JakubOnderka/cache-freetext-feed-optim. + [Andras Iklody] + + chg: [feed] Faster freetext feed caching +- Merge pull request #6044 from JakubOnderka/sort-tags-by-name. [Andras + Iklody] + + chg: [UI] Sort tags by name for server rules +- Merge pull request #6035 from JakubOnderka/rest-search-optim. [Andras + Iklody] + + chg: [internal] Attribute REST search optimisations and error handling +- Merge pull request #5963 from JakubOnderka/patch-108. [Andras Iklody] + + fix: [mail] Contact reporter body +- Merge pull request #6092 from JakubOnderka/event-ui. [Andras Iklody] + + chg: [internal] Simplify and optimise eventUI method +- Merge pull request #6087 from JakubOnderka/zip-ext. [Andras Iklody] + + new: [diag] Check if ZIP extension is installed +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'fix-sg-creation' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into fix-sg-creation. + [mokaddem] +- Merge pull request #6095 from JakubOnderka/shadow-attribute-unused- + vol2. [Andras Iklody] + + fix: [security] Remove ShadowAttributesController::{getProposalsByUuid,getProposalsByUuidList} +- Merge pull request #6093 from JakubOnderka/shadow-attribute-unused. + [Andras Iklody] + + fix: [security] Remove ShadowAttributesController::{fetchEditForm,editField} +- Merge pull request #6094 from RichieB2B/ncsc-nl/stop-loop. [Andras + Iklody] + + fix: [MispObject] Do not unpublish synced events, fixes #4838 +- Merge pull request #6088 from JakubOnderka/patch-121. [Andras Iklody] + + fix: [UI] Attribute category select +- Merge pull request #6075 from JakubOnderka/bool-is-not-array. [Andras + Iklody] + + fix: [internal] Do not try to access bool as array +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6078 from JakubOnderka/fix-acl. [Andras Iklody] + + chg: [ACL] Allow to access to fetchOrgsForSG and fetchServersForSG... +- Merge pull request #6079 from legoguy1000/update_AuthkeyShell. [Andras + Iklody] + + Allow you to mannually set the API key for automation purposes +- Allow you to mannually set the API key for automation purposes. [Alex + Resnick] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6077 from JakubOnderka/contact-acl. [Andras + Iklody] + + fix: [security] Check event ACL before allowing user to send event contact form +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #6063 from JakubOnderka/patch-118. [Andras Iklody] + + fix: [UI] Fetching from not enabled feed should be error +- Merge pull request #6062 from JakubOnderka/feed-incorect-call. [Andras + Iklody] + + fix: [feed] Incorrect call in Feed::__saveEvent +- Merge pull request #6064 from obert01/fix-diag-accessibility. [Andras + Iklody] +- Added proper ARIA properties for the "fix" button in the DB index and + DB schema diagnostic tables. [Olivier BERT] +- Merge pull request #6061 from JakubOnderka/list-sightings-ui. [Andras + Iklody] + + fix: [internal] Do not create empty link for anonymized org sighting +- Merge pull request #6060 from JakubOnderka/correlation-expand-fi. + [Andras Iklody] + + fix: [UI] Expanding attribute correlations on other pages +- Ch: Bump warninglists. [Raphaël Vinot] +- Ch: Bump misp-objects. [Raphaël Vinot] +- Merge pull request #5985 from vaclavbartos/2.4. [Andras Iklody] + + fix: [mail] Fix body of passwordReset/newUser emails +- Merge pull request #6026 from JakubOnderka/save-sightings- + optimisation. [Andras Iklody] + + Save sightings optimisation +- Merge pull request #6043 from StefanKelm/2.4. [Andras Iklody] + + Update side_menu.ctp +- Update side_menu.ctp. [StefanKelm] + + Adjusts menu to be in line with "Global Actions" +- Merge pull request #6045 from JakubOnderka/sightings-loading-optim. + [Andras Iklody] + + chg: [internal] Faster loading sightings if the same attribute is req… +- Merge pull request #6049 from JakubOnderka/patch-116. [Andras Iklody] + + fix: [internal] HTML code fix + + +v2.4.128 (2020-06-22) +--------------------- + +New +~~~ +- [correlations] Enable CIDR correlations for ip-src|port and ip- + dst|port types. [Jakub Onderka] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] Bump. [Raphaël Vinot] +- [stix2 import] Parsing external pattern made with 'OR' separators the + same way we do for pattern with 'AND' [chrisr3d] + + - Also slight update of some mapping dictionaries + to go with the changes introduced with this + commit on the main script +- [stix2 tests] Bumped the latest MISP & STIX2 test files. [chrisr3d] +- [correlations] Faster IPv4 CIDR correlation. [Jakub Onderka] +- [correlations] Faster IPv6 correlation. [Jakub Onderka] +- [correlations] Big speedup when correlating CIDR. [Jakub Onderka] +- [widget] remove unused var, make test pass. [Jean-Louis Huynen] +- [stix2 import] Moved all the mapping dictionaries to the mapping + script. [chrisr3d] +- [stix2 import] Temporary rework stix2 to misp script should now be + ready to replace the original stix2 to misp script. [chrisr3d] +- Bump PyMISP. [Raphaël Vinot] +- [stix2 import] Better parsing for patterns we always import as single + attributes. [chrisr3d] +- [stix2 import] Generic way of dealing with payloads in external file & + artifact patterns. [chrisr3d] + + - After struggling a lot with the different use + cases, we ended up with the following process: + - checking if any file:content_ref is there + and grouping the content refs features + together if possible + - After all the content refs have been parsed, + we check if there still is some payloads +- [stix2 export] Moved the Attributes parsing functions into the main + script. [chrisr3d] + + - Also checked the mapping to find potential bugs, + and fixed/updated some fields (in observed-data + and indicators) +- [stix2 import] Observable single attributes parsing functions are now + in the main script. [chrisr3d] + + - Also update of the mapping dictionary with the + latest updated functions moved from the mapping + script to the main script +- [stixtest] JQing MISP event result from a STIX import for more visual + ease. [chrisr3d] +- [stix1 import] Better parsing of ttps, threat actors & courses of + action. [chrisr3d] +- [stixtest] Updated the STIX1 test files following the changes on the + test MISP events. [chrisr3d] +- [stixtest] Updated stix2 test files with the most recent changes on + the related MISP events, and on the export script. [chrisr3d] +- [stixtest] Test MISP events up-to-date. [chrisr3d] +- [stix2 export] Exporting Course of Action object attributes as custom + properties if not supported. [chrisr3d] +- [stix2] Bumped latest stix2 python library. [chrisr3d] +- [stixtest] Updated the stix1 test files. [chrisr3d] +- [stix1 export] Exporting Galaxies per TTP, Threat Actor or COA. + [chrisr3d] + + - Exporting each galaxy as one TTP, Threat Actor, + or Course of Action instead of exporting each + Galaxy Cluster individually + - All clusters of a same galaxy are exported in + the same TTP, Threat Actor or Course of Action +- [stix2 import] Mapping galaxy cluster names with their corresponding + tag names. [chrisr3d] + + - We map existing cluster names with the json file + of synonyms mapped with tag names generated by + MISP and introduced in the latest commit + - If there is not association, we just add a tag + looking like a galaxy tag name. The difference + is this tag will not be recognized as a proper + galaxy tag name and will stay as a tag +- [stix import] Passing a mapping of cluster name with tag names as + parameter of the import scripts. [chrisr3d] + + - We map GalaxyCluster names and synonyms with the + associated tag names + - This mapping will be used in the python stix 1&2 + import scripts so they can return the correct + tag names about galaxies + +Fix +~~~ +- [stix2 import] Quick issues fixing. [chrisr3d] + + - Fixed issue that could happen sometimes during + an external pattern parsing when we split the + identifier of the pattern from the value. + We now make sure the identifier is stripped, so + we avoid issues with the mapping dictionaries + that could not recognize it + - Also displaying a warning message when we have + no attributes resulting from the parsing of an + external pattern or observable object +- [stix2 import] Small update on the mapping to work with some external + patterns seen recently. [chrisr3d] +- [stix2 import] Fixed some external observable objects import. + [chrisr3d] +- [stix2 import] Fixed no longer existing variable in the mapping + script. [chrisr3d] +- [stix2 import] Added the function to parse external email-address + observable objects, that was missing. [chrisr3d] +- [UI] Typo. [Jakub Onderka] +- [stix2 import] Better way of parsing some attributes and objects. + [chrisr3d] + + - For single attributes that could be part of an + object and would lose some context if imported + as single attribute without their object + relation (mostly attributes of type 'text'), + we decide to import them as object anyway to + avoid the increase of context-less attributes + - Also cleaner way to parse observable objects and + patterns that will alwyas give single attributes +- [stix2 export] Typo in variable name. [chrisr3d] +- [stix2 export] Reverted the email object attribute 'from' export as + observable object. [chrisr3d] + + - From-ref is always a single value, we cannot use + a list of references +- [stix2 export] Fixed email object attributes export into pattern. + [chrisr3d] +- [stix2 export] Avoiding issues with attributes with no Galaxy field. + [chrisr3d] +- [stix2 export] Fixed x509 object export. [chrisr3d] + + - x509 fingerprint hashes parsing was pointing to + a part of a mapping dict which does not exist +- [stix2 import] Fixed external pattern parsing for pe section + attributes. [chrisr3d] + + - As an example, instead of storing the full + pattern identifiers, like: + "file:extensions.'windows-pebinary-ext'.section.name" + we only store what is usefull (name) for the + parsing part where we check the mapping dict + to find the corresponding attribute type and + object_relation +- [stix2 import] Importing external vulnerabilities as single attribute + or object depending on the case. [chrisr3d] + + - In other words, we made available the import of + vulnerabilities as single attributes when only + a name is present in the STIX object + - Was only importing vulnerability objects before, + which does not change if there is more than only + the name within the STIX vulnerability object +- [stix2 import] Removed unused variable that was used for debug + purposes. [chrisr3d] +- [stix2 import] Cleaner autonomous system observable import. [chrisr3d] + + (for STIX documents generated with MISP) +- [stix2 import] Parsing timeline features on single attributes. + [chrisr3d] + + - As it is parsed for imported objects + - It adds timestamp, first_seen & last_seen values + on single attributes accordingly +- [stix2 import] Fixed email reply-to single attribute import. + [chrisr3d] +- [stix2 import] Fixed payload_bin import into single MISP attribute. + [chrisr3d] +- [stix2 export] Fixed email-reply-to export in observable object. + [chrisr3d] +- [stix2 export] Removed unused import. [chrisr3d] +- [stix2 import] Importing PyMISP from the submoduled library. + [chrisr3d] + + - As it is in the currently used stix2 import + script which is going to be replaced by this one + - Avoids issues when the python library is not + installed with pip +- [stix2 import] More generic network-traffic references parsing. + [chrisr3d] + + - Also fixing some edge cases of reference parsing + with the wrong mapping + (network_traffic_references_mapping no longer exists) +- [stix2 import] Fixed single attributes import following changes on the + export part. [chrisr3d] +- [stix2 export] Making sure we have the required name field set while + exporting regkey values from a MISP regkey object to a STIX observed + data. [chrisr3d] +- [stix2 export] Fixed regkey|value expor. [chrisr3d] + + - Revert to the initial mapping that has been + changed to the wrong field: the value should be + mapped to the data field and instead of name +- [stix2 export] Removed unused mapping dictionary fields. [chrisr3d] +- [stix2 export] Removed object attributes added in file patterns for + test purposes. [chrisr3d] +- [stix2 export] Removed object attributes added for test purposes. + [chrisr3d] +- [stix2 import] Writing import results as expected in the result file. + [chrisr3d] +- [stix2 import] Fixed relationships parsing. [chrisr3d] + + - Using iterators is good for a single iteration, + but not for more, including an if test + - Using tuples instead is better and avoids then + losing our relationships +- [stix1 import] Better parsing of malware instances within ttps. + [chrisr3d] + + - In some cases when malware instances within ttps + do not have a title but one or more name(s), we + need to use them instead of the title +- [stix1 import] Fixed malware instance parsing. [chrisr3d] +- [stix2 import] Typo. [chrisr3d] +- [stix2 test] Typo. [chrisr3d] +- [stix2 import] Handling external STIX file pattern properly. + [chrisr3d] + + - If there is no extension (case which has been + fixed in the few last commit), we need to check + if we have to create a MISP attribute or object + - We then check if we exctracted one attribute + from the pattern or more, and create respectively + a MISP attribute or object +- [stix2 import] Fixed monkey issues... [chrisr3d] +- [stix2 import] Using the expected parameters to handle the file, pe & + sections objects. [chrisr3d] +- [stix1 import] Some quick fixes on MISP objects parsing. [chrisr3d] + + - Better handling on MISP object name parsing + - Importing properly MISP object uuid for course + of action objects +- [stix2 import] Importing event uuid from report. [chrisr3d] + + - The event uuid is set when there is one report +- [stix2 import] Fixed timestamp parsing following the latest changes on + STIX2 export. [chrisr3d] +- [stix2 import] Fixed timestamp parsing. [chrisr3d] + + - Fixed timestamp parsing of custom objects +- [stix2 import] Fixed attack-pattern & course-of-action object + attributes parsing. [chrisr3d] + + - Avoids setting the ids flag to false when object + attributes do not come from an observable object +- [stix2 import] Fixed attack-pattern external_references parsing. + [chrisr3d] +- [stix2 export] Fixed attack-pattern object export. [chrisr3d] + + - Fixed the id attribute export + - Supporting expport of the newest 'references' + attribute added to the object template +- [stix2 import] Fixed file objects import. [chrisr3d] + + - As it has been updated for file objects export, + we now better support potential multiple fields + like filename, path and fullpath + - Also handling properly the special case of a + file object with an extension field +- [stix2 export] Fixed special case of file with a path property and a + PE extension. [chrisr3d] + + - If a file object had a path property and a PE + extension, the extension could be added to the + wrong part of the observable object + - We make sure here the extension is attached to + the observable object related to the file, and + not to the directory referenced by the file as + its path +- [stix2 export] Fixed files objects export (patterns & observable + object) [chrisr3d] + + - Better handling of the data field for attributes + like malware-sample and attachment + - Support of path & fullpath attributes export + - Better handling of potential multiple attributes + like filename, path and fullpath +- [stix2 export] Fixed artifact name export in pattern as custom + property. [chrisr3d] +- [stix2 export] Fixed x509-fingerprint-sha1 single attribute export. + [chrisr3d] +- [stix2 export] Fixed regkey|data attribute export. [chrisr3d] +- [stix2 import] Fixed regkey values observable objects parsing. + [chrisr3d] +- [stix2 import] Fixed & cleaned network traffic objects. [chrisr3d] +- [stix2 export] Fixed reference typo in network traffic pattern. + [chrisr3d] +- [stix2 import] Passing mapping variable name instead of the + dictionary. [chrisr3d] + + - For all the generic parsing functions, we pass + the mapping variable name and get the attribute + afterwards instead of passing the dictionary +- [stix2 import] Fixed some observable and pattern parsing issues. + [chrisr3d] + + - Quick custom property in pattern parsing fixed + - Fixed file and network socket observable objects + parsing +- [stix2 export] Fixed SocketExt properties exceptions catching. + [chrisr3d] + + - address_family is a required property, thus we + need to handle it separately + - protocol_family is optional and thus easier to + handle +- [stix2 import] Some patterns import fixed. [chrisr3d] + + - AS attribute in asn object is now imported with + the 'AS' prefix + - Importing properly attachment attributes in file + objects + - pe mapping enhanced +- [stix2 export] Fixed file & vulnerability patterns export. [chrisr3d] +- [stix2 import] Fixed malware sample import in file objects. [chrisr3d] +- [stix2 export] Fixed custom properties for vulnerability and attack + pattern objects. [chrisr3d] + + - Dashes ('-') in object relations should be + replaced by underscores as custom properties + only accept underscores +- [stix2 export] Better file objects export and joining patterns from + list instead of concatenating strings. [chrisr3d] +- [stix2 import] Better import for some objects. [chrisr3d] + + - Support of custom properties that are lists + - Support of protocol attribute in network socket + object + - Support of group attribute in user account + object +- [stix2 export] Better export for object attributes of vulnerability + and attack pattern objects. [chrisr3d] + + - Need to use custom properties in some cases +- [stix2 import] Importing pe attributes from patterns within the pe + object and not in the file object. [chrisr3d] +- [stix2 import] Fixed file pattern import. [chrisr3d] +- [stix2 import] Better network connection patterns parsing. [chrisr3d] +- [stix2 export] Fixed export of port attribute in network traffic + patterns. [chrisr3d] +- [stix2 export] Fixed network traffic references in patterns. + [chrisr3d] +- [stix2 import] Fixed network socket pattern values parsing. [chrisr3d] + + - We do not want to import the single quotes that + are all around the pattern values +- [stix2 export] Exporting TLP tags as marking definition. [chrisr3d] + + - Marking definition in the case of TLP was + missing and only the reference to the marking + definition was exported, but not the actual + marking definition object +- [stix2 import] Fixed MISP Object creation. [chrisr3d] + + - MISP Object creation function used for attack + pattern & course of action objects, so they get + the correct uuid + - MISP Object creation trying to parse the first + seen & last seen values without raising issues + when the object parsed does not have any +- [stix2 export] Fixed file content ref for malware sample exports. + [chrisr3d] +- [stix2 export] Fixed email attachment export. [chrisr3d] +- [stix2 export] Exporitng process attributes in patterns as intended. + [chrisr3d] + + - Handling the child ref(s), parent ref, and image + name values in process patterns +- [stix1 import] Parsing COA_Taken objects as MISP object. [chrisr3d] +- [stix1 export] Exporting category and value in STIX objects title and + not the attribute/object id. [chrisr3d] +- [stix1 export] No longer exporting object IDs. [chrisr3d] + + - ThreatActors and TTPs titles only use categories + and values of the attribute/object to define the + title, and not the attribute/object id anymore +- [stix1 export] Various fixes. [chrisr3d] + + - Got rid of some variables and calling some + functions directly to parse data withtout + storing it + - TTPs, Courses of action and Threat Actors are + now referenced in related objects only when they + come from attributes/objects in MISP and not + when they come from galaxies +- [stix1 export] Tiny fixes. [chrisr3d] + + - Making sure adding an indicator type fails + because of the mapping between attribute types + and indicator types does not support a specific + type, and not because of the indicator not + accepting the type we want it to have + - Making sure CAPEC IDs are always starting with + 'CAPEC' in the AttackPattern objects we create +- [stix1 export] Fixed email attachment related objects uuid. [chrisr3d] + + - Email message related objects representing the + email attachments now have the correct uuid of + the attachment attribute + - Before, a random uuid was used, due to the file + object losing its parent properties while being + switched from a File object type to a related + object type +- [stix1 export] Referencing COAs as RelatedCOAs. [chrisr3d] +- [stix1 export] Removed function no longer used. [chrisr3d] +- [stix1 export] Export only cluster values as name or title. [chrisr3d] + + - No longer exporting the Galaxy name within the + name or title, since we have this information + somewhere else and the name or title should + only be the Galaxy cluster name value +- [stix import] Some strings are defined in a cleaner way. [chrisr3d] +- [stix2 import] Skipping adding Galaxy info in the Galaxy field and + only importing it as tag. [chrisr3d] +- [ACL] unpublished_private global setting tightened to include + correlations. [iglocska] + + - Thanks to Jakub Onderka for reporting and providing a fix to this! +- [security] missing ACL lookup on attribute correlations. [iglocska] + + - attribute correlation ACL checks are skipped when querying the attribute restsearch API revealing metadata about a correlating but unreachable attribute. + + - Thanks to Jakub Onderka for his tireless work and for reporting this! + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'rework_stix' into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge pull request #6028 from JakubOnderka/patch-115. [Andras Iklody] + + fix: [UI] Typo +- Merge pull request #6022 from MISP/rework_stix. [Andras Iklody] + + STIX parsing updates +- Cleanup: [stix] Cleaned up the recently changed scripts. [chrisr3d] + + Including: + - Removed some unused imports and variable + - Renamed some variable which could have been + built-in methods redefinition + - Typos +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge pull request #5916 from JakubOnderka/patch-100. [Andras Iklody] + + chg: [correlations] Big speedup when correlating CIDR +- Merge pull request #6019 from D4-project/2.4. [Andras Iklody] + + add [widget] Authentication failure widget +- Add [widget] Authentication failure widget. [Jean-Louis Huynen] +- Wip: [stix2 import] More complete external patterns mapping. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Importing external domain, ip & network traffic + patterns. [chrisr3d] +- Wip: [stix2 import] Importing external network traffic patterns. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Importing external email patterns. [chrisr3d] + + - Parsing function to split attachments fields + from all the other fields already implemented, + we just added the attachment parsing and the + attributes handling at the end + - Also slight fixes on the from, to and cc refs + following the last fix on the export side +- Wip: [stix2 import] Handling import case for indicators of which we + already parsed the pattern. [chrisr3d] +- Wip: [stix2 import] Importing external process indicators. [chrisr3d] +- Wip: [stix2 import] Importing external url indicator based on the + pattern mapping already implemented. [chrisr3d] + + - tl;dr: We just took the parsed attributes and + callled the appropriate function to handle the + import case (attribute or object) +- Wip: [stix2 import] Importing external user-account indicators. + [chrisr3d] + + - Also fixed some user-account and credential + mapping dictionaries +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Fix"[stix2 import] Fixed process observable objects parsing for STIX + documents generated with MISP. [chrisr3d] + + - Little typo and copy-paste issue +- Wip: [stix2 import] Parsing external process observable objects. + [chrisr3d] + + - Also changed parsing of process observable + objects from STIX documents generated with MISP + to apply the same logic to both use cases +- Wip: [stix2 import] Parsing external user_account observable objects. + [chrisr3d] + + - Mapping into credential or user-account MISP + objects depending on the case +- Wip: [stix2 import] Finally parsing properly external network traffic + observable objects with their references and potential extensions. + [chrisr3d] + + - After struggling a lot on it, we ended up + parsing external network traffic observable + objects independently depending on the actual + references they have or not + - Chosing this approach instead of the common + parsing function handling the different use + cases, we can parse each observable object + depending on the case, and use common function + then when we are sure we determined the actual + situation + - We no longer start from a common function trying + to determine the case using lots of tests, we + already know which case it is and go to the + common point afterwards +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Network traffic references parsing function for + further reuse. [chrisr3d] +- Wip: [stix2 import] Importing external autonomous system observable + objects. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Importing external x509 observable objects. + [chrisr3d] +- Wip: [stix2 import] Importing mac-address external observable objects. + [chrisr3d] + + - Also changed the recently changed mutex import + to reuse a function to parse all observable + objects of an observed-data object at once to + import single attributes +- Wip: [stix2 import] Importing external mutex observable objects. + [chrisr3d] + + - Also change on a function name for more clarity + and to differenciate more easily functions for + observable objects and patterns +- Wip: [stix2 import] Importing external registry-key observable + objects. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Updated external observable mapping: files with + artifact & directory references. [chrisr3d] + + - The parsing logic is already there since files + with artifact references and files with directory + references are supported. We just updated here + the mapping dictionary +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Importing external url observable objects. + [chrisr3d] +- Wip: [stix2 import] Added warning message if not all the observable + objects are referenced by an email-message object. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Import of external email message & address + observable objects. [chrisr3d] + + - Reuse of some parsing functions for external and + MISP generated STIX files + - Added an email references mapping dict to help + parsing email addresses, body & content refs + references by email message objects + - Fixed another indentation issue +- Wip: [stix2 import] Import of domain and ip observable objects. + [chrisr3d] + + - Also quick indentation fix +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Import of network-traffic and ip external + observable objects. [chrisr3d] + + - Ongoing rework for external observable objects + and patterns in progress +- Wip: [stix2 import] Import of external file observable objects. + [chrisr3d] + + - Support of PE extension to create PE object(s) + with the corresponding section(s) alongside the + file object import + - As always with pe and sections, the appropriate + references are added too +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Starting parsing external observable objects. + [chrisr3d] + + - Started with file observables + - Making 'filter_main_object' function available + for both subclasses to split the observable + object type we want and all the references +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Struggling with the files and payloads import. + [chrisr3d] +- Wip: [stix2 import] Removed unused mapping dict + moved constant to + the mapping script. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 export] Moved dictionaries in the mapping file & using the + complete import path instead of import * from the mapping file. + [chrisr3d] + + - We control and know which mapping dictionary we + call and that they come from the mapping script + - Started moving all the mapping dictionaries in + the mapping file + - Attributes parsing function will be moved into + the main script +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Moving small parsing functions to the main script. + [chrisr3d] + + - Also passing the function names only instead of + storing functions themselves in the dictionary +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Parsing single external IP v4 or v6 address. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Parsing external relationships, galaxies, tags & + reports. [chrisr3d] + + (+ Quick fix on internal tags handling) +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Add: [stix2test] New argument to evaluate events using filenames only + and avoid to query MISP. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Handling File objects with PE extension & + sections. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Separating file extensions to be parsed later. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Better attack-pattern external references parsing + + parsing external galaxies. [chrisr3d] +- Wip: [stix2 import] Parsing attack-pattern, course-of-action and + vulnerability objects from external stix files. [chrisr3d] +- Wip: [stix2 import] Making difference between external and from MISP + for some STIX object types. [chrisr3d] + + - Including Attack Pattern, Course of Action and + Vulnerability + - Also better file pattern parsing +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Better parsing for more external patterns. + [chrisr3d] +- Wip: [stix2 import] Some more external pattern mapped. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Starting parsing external patterns. [chrisr3d] +- Wip: [stix2 import] Some quick clean-up. [chrisr3d] + + - Preparing for the future 2.1 import + - Removing mapping variables no longer used +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Importing reports external references as links. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Proper parsing of galaxies, and tags. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into rework_stix. + [chrisr3d] +- Wip: [stix2 import] Loading relationships in a dictionary. [chrisr3d] + + - Thus we can parse them afterwards depending on + the type of objects they put into relationship +- Wip: [stix2 import] Properly loading galaxies as tags. [chrisr3d] +- Wip: [stix2 import] Import of CourseOfAction, AttackPattern and + Vulnerability as objects reworked. [chrisr3d] +- Wip: [stix2 export] Defining relationships between observed-data and + galaxy objects. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Wip: [stix2 import] Updated mapping library + removed + disable_correlation flags. [chrisr3d] + + - Since we use the object templates directly for + the objects creation, we do not need to have + the flag here. +- Wip: [stix2 import] Observable import rework completed. [chrisr3d] +- Wip: [stix2 import] Process observables import reworked. [chrisr3d] +- Wip: [stix2 import] More observable objects reworked. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Wip: [stix2 import] User Account objects import reworked. [chrisr3d] +- Wip: [stix2 import] ASN observable import reworked + functions + ordered. [chrisr3d] +- Wip: [stix2 import] Credential observable import + standard observable + parsing function reworked. [chrisr3d] +- Wip: [stix2 import] Network socket import reworked. [chrisr3d] +- Wip: [stix2 import] Import of network connection objects from + observable. [chrisr3d] +- Wip: [stix2 import] Started reworking observable objects import. + [chrisr3d] +- Wip: [stix2 import] All known MISP objects mapped with STIX patterning + are now reworked. [chrisr3d] +- Wip: [stix2 import] Email pattern import. [chrisr3d] +- Wip: [stix2 import] File patterns import reworked. [chrisr3d] +- Wip: [stix2 import] Cleaner pattern import into objects. [chrisr3d] +- Add: [stix2 export] Exporting process image attribute in observable + objects. [chrisr3d] +- Wip: [stix2 import] Reworking stix2 import. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix1 export] Added malpedia in the list of mapped galaxies. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] + + +v2.4.127 (2020-06-16) +--------------------- + +New +~~~ +- [cli] Command for pulling from all remote servers. [Jakub Onderka] +- [Tag] Allow Tag's numerical_values to be overriden by userSettings. + [mokaddem] +- [userSettings] New setting `default_restsearch_parameters` [mokaddem] + + It allows users to supply restSearch parameters that will be injected + (and possibly overridden) into the restSearch filters. +- [type] git-commit-id. [Raphaël Vinot] +- [UI] Add event ID to page table. [Jakub Onderka] + + With more tabs, navigation between tabs with different events can be pain, when all of them has the same title. + +Changes +~~~~~~~ +- [PyMISP] Bump. [Raphaël Vinot] +- [version] bump. [iglocska] +- [internal] Log exception if exception is thrown during event + downloading. [Jakub Onderka] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [submodules] Use repository default branch (main) [Raphaël Vinot] +- [PyMISP] Rename branch master -> main. [Raphaël Vinot] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [internal] Bump CakePHP to 2.10.22. [Jakub Onderka] +- [internal] Drop + correlations.{org_id,sharing_group_id,a_sharing_group_id} indexes. + [Jakub Onderka] +- [internal] Drop correlations.value index. [Jakub Onderka] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Log exception when querying modules. [Jakub Onderka] +- [decayingModel:listTaxoWithNumericalValue] Cleaner usage of uppercased + tag. [mokaddem] +- [taxonomy] Fixed typo. [mokaddem] +- [UI] Make Enrichment Results little bit nicer. [Jakub Onderka] +- [events:distributionGraph] Added close button in popover. Fix #5978. + [mokaddem] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [tags:checkForOverride] Do not duplicate user id variable. [mokaddem] +- [tools] re-add fixed module. [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [decaying] `last_seen` takes precedence over `timestamp` [mokaddem] + + If `last_seen` is set, it will take precedence over the timestamp if no + sightings have been recorded. + By doing so, we prevent the score to be refreshed if the attribute is + slightly modified (a tag is added/removed) +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [usernamehelper] cheese. [iglocska] +- [PyMISP] Dump. [Raphaël Vinot] +- [correlation] When generating correlation, just fetch attributes that + can correlate. [Jakub Onderka] +- [correlations] Refactored correlation saving. [Jakub Onderka] + + * Always show other correlating value (useful for CIDR correlations) + * Make correlation saving faster (move more work to database, do not fetch not necessary fields) + * Fix some small bugs +- [doc] Updates to OpenBSD Install (which fails ATM) [Steve Clement] +- [doc] Variable updates. [Steve Clement] +- [doc] Reshuffled docs. [Steve Clement] +- [doc] Update to OpenBSD 6.7. [Steve Clement] +- [cakephp] bump. [iglocska] + + - updates cakephp to include the UUID generation fix by @RichieB2B to solve the deficiency discovered by @JakubOnderka. You guys rock. +- [internal] Faster removing galaxy cluster tags from attributes. [Jakub + Onderka] +- [UI] Nicer icon for form info. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Updated to latest Installer. [Steve Clement] +- [var] Wrapped vars {} - Made loops around git clones (for ctrl-c + resumeability) [Steve Clement] +- [galaxy] bump. [iglocska] +- [feed] Provide more info when caching feeds about failures. [Jakub + Onderka] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [UI] Double Discussion header when sending comment. [Jakub Onderka] +- [internal] object level restsearch issues resolved when querying via + filters on the attribute scope, fixes #6016. [iglocska] + + - use subqueries instead of trying to query on the current scope + - associated find queries don't work on habtm relationships +- [pull] Correct progress for pull job. [Jakub Onderka] +- [internal] Removing attributes from empty event. [Jakub Onderka] +- [feeds:saveFreetext] Soft-delete Attributes when performing a delta- + merge. [mokaddem] +- [EventShell:enrichment] Improved reporting of error messages. + [mokaddem] +- [users:change_pw] Return error message when trying to use the same + password. Fix #5961. [mokaddem] +- [galaxy] Fetch all events for galaxy cluster. [Jakub Onderka] +- [UI] Show feed caching just for site admins. [Jakub Onderka] + + Without this patch, when user is not site admin, for all feeds is showed 'Not cached', that is not true. And it also generates a lot of warnings to debug log. +- [www] webserver user is www on OpenBSD. [Steve Clement] +- [attribute:fetchAttribute] Prevent notices if tags not set while + computing decay. [mokaddem] +- [internal] Remove unused method. [Jakub Onderka] +- [UI] Module diagnostic colors. [Jakub Onderka] +- [attribute] Do not allow for IPv4 CIDR masklen bigger than 32. [Jakub + Onderka] +- [internal] Notices in PHP 7.4 for login page. [Jakub Onderka] +- [UI] Bootstrap 2 doesn't support auto position for popover. [Jakub + Onderka] +- [internal] Fix notice in PHP7.4 when loading events attrs by ajax. + [Jakub Onderka] +- [internal] Branch setting don't have level value. [Jakub Onderka] +- [internal] Remove duplicate code that cause error in PHP 7.4. [Jakub + Onderka] +- [internal] Check if user is logged before checking if he is site + admin. [Jakub Onderka] +- [internal] Set notifications count and loggedInUserName just for + logged users. [Jakub Onderka] +- [documentation] Typo with the CLI function name. Fix #5931. [Sami + Mokaddem] +- [UI] Do not show Good-Bye when using custom logout. [Jakub Onderka] + + Becuse without this patch, Good-Bye is show when user successfully log in. +- [UI] Galaxy cluster links should be clickable. [Jakub Onderka] +- [whitelist] Correclty refresh the cached values. Fix #3772. [mokaddem] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #5992 from JakubOnderka/download-event-log- + exception. [Andras Iklody] + + chg: [internal] Log exception if exception is thrown during event dow… +- Merge pull request #6017 from JakubOnderka/patch-114. [Andras Iklody] + + fix: [UI] Double Discussion header when sending comment +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #6015 from GlennHD/patch-2. [Andras Iklody] + + Removed hosts-file.net feeds from default feeds +- Removing hosts-files.net files. [GlennHD] + + Malwarebytes has discontinued the feed: https://forums.malwarebytes.com/topic/258056-hosts-filenet-domain-lists-are-broken-what-happened/ +- Merge pull request #5993 from JakubOnderka/pull-progress. [Andras + Iklody] + + fix: [pull] Correct progress for pull job +- Merge pull request #6007 from imidoriya/2.4. [Andras Iklody] + + Fix issue #6006 - sgsids is never set +- Fix issue #6006 - sgsids never set. [deku] + + This value is never set. I expect it should be $sgids from the incoming function variable. +- Merge pull request #5990 from cudeso/2.4. [Alexandre Dulaunoy] + + Dashboard widgets +- Avoid us of extra variable treshold. [Koen Van Impe] +- Dashboard widgets. [Koen Van Impe] + + - Widget to display system resources (df, cpu, mem) + - Widget to display the latest sightings + - Widget to display the false positive sightings above certain treshold +- Merge pull request #6003 from GlennHD/patch-1. [Alexandre Dulaunoy] + + Fixed typo +- Fixed typo. [GlennHD] + + Fixed typo +- Merge pull request #5999 from JakubOnderka/pull-all. [Andras Iklody] + + new: [cli] Command for pulling from all remote servers +- Merge pull request #5996 from JakubOnderka/bump-cake. [Andras Iklody] + + chg: [internal] Bump CakePHP to 2.10.22 +- Merge pull request #5991 from JakubOnderka/drop-big-index. [Andras + Iklody] + + chg: [internal] Drop correlations indexes +- Merge branch 'decaying-v2' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying-v2. + [mokaddem] +- Merge pull request #5988 from JakubOnderka/patch-113. [Andras Iklody] + + fix: [internal] Removing attributes from empty event +- Merge pull request #5984 from JakubOnderka/patch-112. [Alexandre + Dulaunoy] + + chg: [internal] Log exception when querying modules +- Merge branch '2.4' of github.com:MISP/MISP into decaying-v2. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5972 from JakubOnderka/patch-111. [Andras Iklody] + + chg: [UI] Make Enrichment Results little bit nicer +- Merge pull request #5973 from MISP/fix-soft-delete-feed-delta-merge. + [Andras Iklody] + + Soft-delete Attributes when performing a feed delta-merge +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Add: [stix2] Supporting import & export of file encoding attributes in + file objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into decaying-v2. + [mokaddem] +- Merge pull request #5964 from JakubOnderka/patch-109. [Andras Iklody] + + fix: [galaxy] Fetch all events for galaxy cluster +- Merge pull request #5965 from JakubOnderka/patch-110. [Andras Iklody] + + fix: [UI] Show feed caching just for site admins +- Merge pull request #5958 from eschultze/eschultze-phishstats. + [Alexandre Dulaunoy] + + [feed] Add phishstats.info +- Add phishstats.info. [eschultze] +- Merge pull request #5959 from SteveClement/tools. [Steve Clement] +- Merge pull request #5952 from JakubOnderka/patch-107. [Andras Iklody] + + fix: [internal] Remove unused method +- Merge pull request #5955 from JakubOnderka/confusing-module- + diagnostic. [Andras Iklody] + + fix: [UI] Module diagnostic colors +- Merge pull request #5941 from MISP/git-commit-id. [Raphaël Vinot] + + new: [type] git-commit-id +- Merge pull request #5942 from JakubOnderka/correlation-saving. [Andras + Iklody] + + Correlation saving +- Merge pull request #5906 from JakubOnderka/fix-ipv4-cidr-validation. + [Andras Iklody] + + fix: [attribute] Do not allow for IPv4 CIDR masklen bigger than 32 +- Merge pull request #5938 from SteveClement/guides. [Steve Clement] +- Merge pull request #5937 from SteveClement/guides. [Steve Clement] +- Merge pull request #5936 from JakubOnderka/php74-errors. [Andras + Iklody] + + fix: [internal] Notices in PHP 7.4 for login page +- Merge pull request #5935 from JakubOnderka/patch-106. [Andras Iklody] + + fix: [UI] Bootstrap 2 doesn't support auto position for popover +- Merge pull request #5924 from JakubOnderka/php74-errors. [Andras + Iklody] + + Fix notices in PHP 7.4 +- Merge pull request #5934 from JakubOnderka/remove-galaxy-tags. [Andras + Iklody] + + chg: [internal] Faster removing galaxy cluster tags from attributes +- Merge pull request #5933 from JakubOnderka/patch-105. [Andras Iklody] + + chg: [UI] Nicer icon for form info +- Merge pull request #5930 from SteveClement/guides. [Steve Clement] +- Merge pull request #5928 from JakubOnderka/patch-104. [Andras Iklody] + + fix: [UI] Do not show Good-Bye when using custom logout +- Merge pull request #5925 from JakubOnderka/patch-102. [Alexandre + Dulaunoy] + + fix: [UI] Galaxy cluster links should be clickable +- Merge pull request #5926 from JakubOnderka/patch-103. [Andras Iklody] + + new: [UI] Add event ID to page table +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'pr-5256' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5256. [mokaddem] + + +v2.4.126 (2020-05-18) +--------------------- + +New +~~~ +- [internal] Do not log auhtkeys. [Jakub Onderka] +- [tool] Generates communities webpage. [Christophe Vandeplas] +- [pubsub] Show info about processed messages. [Jakub Onderka] +- [UI] Make clear that the textarea under event is discussion. [Jakub + Onderka] +- [sync] (for now) undocumented force pull added. [iglocska] + + - can only be triggered via the CLI for now + - usage: /var/www/MISP/app/Console/cake Server pull [user_id] [server_id] [technique] [force] + - the force flag has to be passed as 'force' to avoid accidentally triggering it + + - What it does: + - pulls ignoring the timetamp differences + - this means that even older states of events, attributes, objects are ingested + - useful for when wanting to reset an event / all events to align with an upstream server + - Caveats: + - attributes added on the low side are maintained + - tags added on the low side are maintained + - keep in mind this WILL override attributes that are soft deleted +- [restsearch] object restsearch now has the metadata flag. [iglocska] + + - when set, no attributes are returned +- [API] added threat_level_id as a restSearch filter. [iglocska] +- [statistics] added contributing org count. [iglocska] + +Changes +~~~~~~~ +- Bump PyMISP. [Raphaël Vinot] +- [version] bump. [iglocska] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [ui] Simplified code for OrgImgHelper. [Jakub Onderka] +- [installer] Version bump. [Steve Clement] +- [installer] Version bump. [Steve Clement] +- [installer] Update after Kali Linux fix. [Steve Clement] +- [kali] More fixes, perhaps installing cake is useful?! 200QI. [Steve + Clement] +- [kali] More kali fixes and do not udpate apt all the time. [Steve + Clement] +- [kali] Added more kali tweaks, remove 2019.x compat. [Steve Clement] +- [kali] Some more tweaks and a check if enough space available. [Steve + Clement] +- [installer] Version bump. [Steve Clement] +- [bash] various bash specific enhances + (https://stackoverflow.com/questions/3427872/whats-the-difference- + between-and-in-bash) [Steve Clement] +- [PyMISP] Bump. [Raphaël Vinot] +- [opendata] Bumped latest misp-opendata submodule version. [chrisr3d] +- [PyMISP] Bump. [Raphaël Vinot] +- [server:dbSchema] Added support of mysql's `extra` column. Fix #5860. + [mokaddem] +- [pubsub] Refactored PubSub tool. [Jakub Onderka] +- [feed] Use https when fetching DGAs feed. [Jakub Onderka] +- [feed] Modify value when checking if value exists in current event. + [Jakub Onderka] +- [internal] Do not call Configure method for every attribute. [Jakub + Onderka] +- [correlations] Faster inserting data to Redis. [Jakub Onderka] +- [correlations] Use faster algorithm for IPv6 correlations. [Jakub + Onderka] +- [installer] Installer bump. [Steve Clement] +- [doc] Various install guide updates. [Steve Clement] +- [internal] Faster saving attributes. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [test] Set required GnuPG setting. [Jakub Onderka] +- [test] Use debug transport for sending emails. [Jakub Onderka] +- [restSearch] Option to skip fetching attributes/events when only the + metadata is wanted. [chrisr3d] + + - As for the opendata export we do not need to get + the attributes or event, and are only interested + in using the metadata, a parameter to skip + fetching the actual data collection has been + added, and we avoid iterating through the entire + data collection. +- [opendata] Bumped latest misp-opendata updates. [chrisr3d] +- [opendata export] Checking opendata setup and raising exception in + case of error. [chrisr3d] +- [opendata] Bumped the latest updates on the opendata python script. + [chrisr3d] +- [user:finaliseAndSendEmail] Aggresively catch errors and log them + while sending email. [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- [roles] allow the creation site admin enabled roles without auth + access. [iglocska] +- [i18n] Updated: zh-s. [Applenice] +- [i18n] Updated: zh-s. [Applenice] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Bump version. [Steve Clement] +- [doc] Make misp-modules work again. [Steve Clement] +- [installer] Version Bump. [Steve Clement] + +Fix +~~~ +- [security] xss in the resolved attributes view. [iglocska] + + - thanks to Jakub Onderka for reporting it +- [UI] Always use capital UUID. [Jakub Onderka] +- [feed] Follow redirect when fetching manifest. [Jakub Onderka] +- Allow_disabling_correlation not taken into account. [Golbark] +- [ui] Always show full logo for related events box. [Jakub Onderka] +- [correlations] Ssdeep check all chunks. [Jakub Onderka] +- [bug] '' != "" especially when trying to eval vars. [Steve Clement] +- [kali] Some issues with function aliasing. [Steve Clement] +- [bash] Alias functions need a function and not a string... [Steve + Clement] +- [kali] More fixes to make sure composer install correctly. [Steve + Clement] +- [kali] More kali fixes. [Steve Clement] +- [installler] Little bug, code would never detect a VM... [Steve + Clement] +- [kali] When it's ugly, it looks like this. [Steve Clement] +- [doc] mkdocs needs to be kept below a certain version. [Steve Clement] +- [kali] Kali installer fixes. [Steve Clement] +- [kali] Kali is now 2020.x need to fix. [Steve Clement] +- [opendata export] Using external_baseurl if set, before baseurl. + [chrisr3d] + + - If external_baseurl is not set, baseurl is used +- [opendata export] Internalization of the error messages. [chrisr3d] +- [opendata export] Less confusing variable name for the parameter to + only skip exporting the data and keep only the header. [chrisr3d] +- [stix2 export] Fixed CustomObject creation for MISP objects. + [chrisr3d] +- [stix2 export] Fixed custom objects export from misp objects. + [chrisr3d] +- [stix1 import] Fixed ttps list attribute name for STIX document + created with MISP. [chrisr3d] +- [feed:edit] Do not override feed settings if not provided via the API. + Fix #5896. [mokaddem] +- [indexTable:quickFulltextSearch] Encode additional characters enabling + more search possibilities. Fix #5890. [mokaddem] +- [sightingdbs:model] Added default value for `timestamp`. Fix #5887. + [mokaddem] +- [attribute:simpleAddMalwareSample] Typo in loading `Object` class. Fix + #5864. [mokaddem] + + - Was not spotted before because the fixed line was if fact doing + nothing as the class's key was already used +- [correlations] Do not check all attributes when cache is empty. [Jakub + Onderka] +- [correlations] Correlate ShadowAttribute just if exists. [Jakub + Onderka] +- [correlations] Do not correlate CIDR with CIDR. [Jakub Onderka] +- [attribute] modifyBeforeValidation fix for `domain|ip` type. [Jakub + Onderka] +- [correlations] Return just unique values for CIDR list. [Jakub + Onderka] +- [correlations] IPv6 CIDR correlations works. [Jakub Onderka] +- [correlations] Removed unnecessary Redis call. [Jakub Onderka] +- [correlations] Remove references to not exists type 'domain-ip' [Jakub + Onderka] +- [diagnostic] Updated required version for the stix python library. + [chrisr3d] +- [stix1 import] Fixed uuids parsing. [chrisr3d] + + - Using the built-in uuid parsing method to avoid + potential issues when some uuids are provided + without dashes, instead of getting is as a + string, which fails when there is no dash +- [stix1 import] Fixed ttps list attribute name. [chrisr3d] +- [feed] Job progressbar fix. [Jakub Onderka] +- [feed] Optimise saving freetext feeds with a lot of attributes. [Jakub + Onderka] +- [gitmodules] Using https instead of ssh to avoid permission denied + error. [chrisr3d] +- [opendata export] No longer using the returnFormat field as the + dataset resource format. [chrisr3d] + + - The resource format can be defined with a + 'format' field within the resource field in the + setup filter +- [attributes:edit] Do not required the distribution anymore. [mokaddem] +- [attributes:add] Do not required the distribution anymore. [mokaddem] +- [registration] log entry action shortened to not cause issues. + [iglocska] +- Fixes STIX2 export bugs when trying to use TLP Tags other than + TLP_WHITE, resolve attempted dual registration of custom STIX objects. + [Tom King] +- [JS] left off admin enforced check for the role permission. [iglocska] + + - to allow auth to be unchecked for site admins +- [object restsearch] fixed, no more trailing commas. [iglocska] +- [registration] acceptRegistration now accepts non User wrapped input. + [iglocska] +- [users] accepting registration requests can throw a badly mapped + exception. [iglocska] + + - changed to 400 +- [object restsearch] fixed. [iglocska] + + Endless loop fixed +- [ACL] added objects/restSearch. [iglocska] +- [UI] Always use UUID with capital letter. [Jakub Onderka] +- [registrations] multi-delete fixed. [iglocska] +- [API] metadata filter description changed. [iglocska] +- [github] Release type no needed :) [Jakub Onderka] +- [json converter] fixed an issue if an expected key was not found. + [iglocska] + + - was only accessible due to another bug, but it's more graceful either way +- [export] JSON export used the wrong handler for /objects/restSearch. + [iglocska] +- [stix export] Bump minimum CybOX version to 2.1.0.21. [Richard van den + Berg] +- [stix2 export] Fixed stix2 imports. [chrisr3d] + + - All the required features are imported and we no + longer import them with * +- [installer] Embarassing typo no1, 7.3!=7.4. [Steve Clement] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch 'pr-5917' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5917. [mokaddem] +- Merge branch 'pr-5902' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5902. [mokaddem] +- Merge branch 'pr-5907' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5907. [mokaddem] +- Merge branch 'pr-5911' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5911. [mokaddem] +- Merge branch 'pr-5862' into 2.4. [mokaddem] +- Merge branch '2.4' into pr-5862. [mokaddem] +- Merge branch 'pr-5856' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5856. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5856. [mokaddem] +- Clean up errors when trying to update warning lists. [Jason Kendall] +- Merge remote-tracking branch 'MISP/2.4' into 2.4. [Christophe + Vandeplas] +- Merge pull request #5915 from SteveClement/guides. [Steve Clement] +- Merge pull request #5914 from SteveClement/guides. [Steve Clement] +- Merge pull request #5913 from SteveClement/guides. [Steve Clement] +- Merge branch 'guides' of github.com:SteveClement/MISP into guides. + [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge pull request #5912 from SteveClement/guides. [Steve Clement] +- Merge pull request #5891 from MISP/opendata. [Christian Studer] + + Opendata export via restSearch +- Merge branch '2.4' of https://github.com/MISP/MISP into opendata. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into opendata. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5876 from JakubOnderka/pubsub. [Andras Iklody] + + chg: [pubsub] Refactored PubSub tool +- Merge pull request #5863 from JakubOnderka/discussion-header. [Andras + Iklody] + + new: [UI] Make clear that the textarea under event is discussion +- Merge pull request #5895 from JakubOnderka/patch-98. [Andras Iklody] + + chg: [feed] Use https when fetching DGAs feed +- Merge pull request #5897 from + JakubOnderka/fixed_event_freetext_feed_speedup. [Andras Iklody] + + chg: [feed] Modify value when checking if value exists in current event +- Merge pull request #5904 from stricaud/2.4. [Andras Iklody] + + Few improvements to misp-config +- Few improvements: put the help print in a function. Make sure all the + things we update are commented and do not push commented + configuration. [Sebastien Tricaud] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5903 from JakubOnderka/correlation-speedup. + [Andras Iklody] + + Correlation speedup +- Merge pull request #5889 from JakubOnderka/attribute_correlation. + [Andras Iklody] + + IPv6 CIDR correlations +- Merge pull request #5870 from SteveClement/guides. [Steve Clement] +- Merge pull request #5892 from + JakubOnderka/fixed_event_freetext_feed_speedup. [Andras Iklody] + + Fixed event freetext feed speedup +- Merge branch '2.4' of https://github.com/MISP/MISP into opendata. + [chrisr3d] +- Merge pull request #5882 from JakubOnderka/build-fix. [Alexandre + Dulaunoy] + + Build fix +- Merge branch '2.4' of https://github.com/MISP/MISP into opendata. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Add: [opendata export] Support of the deleting abilities. [chrisr3d] + + - Deleting a dataset or its resource(s) is now + available from the restSearch side as it already + is with the python script +- Merge branch '2.4' of github.com:MISP/MISP into opendata. [chrisr3d] +- Merge pull request #5871 from tomking2/bug/stix2_bugs. [Christian + Studer] + + fix: Fixes STIX2 export bugs when trying to use TLP Tags other than T… +- Add: [restSearch] OpenData export module. [chrisr3d] +- Add: [restSearch] Added opendata to the valid formats. [chrisr3d] +- Add: [opendata] Submoduling misp-opendata. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5861 from JakubOnderka/capital-uuid. [Alexandre + Dulaunoy] + + fix: [UI] Always use UUID with capital letters +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5866 from JakubOnderka/patch-97. [Steve Clement] + + fix: [github] Release type no needed :) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5859 from stricaud/mispconfig. [Steve Clement] + + Adding misp-config, a Perl tool to configure MISP. +- Adding misp-config, the Perl tool which configures MISP. It dumps the + actual configuration to a prefixed tree, which defaults to + /etc/misp/misp.conf.d/ and it sets all the configuration options + existing from those files. [Sebastien Tricaud] +- Merge pull request #5853 from Applenice/2.4. [Steve Clement] + + chg: [i18n] Updated: zh-s +- Merge pull request #5858 from stricaud/debian. [Steve Clement] + + Adding the apache modules enablement in preinst +- Adding the apache modules enablement in preinst. [Sebastien Tricaud] +- Merge pull request #5857 from RichieB2B/ncsc-nl/cybox-version. + [Christian Studer] + + fix: [stix export] Bump minimum CybOX version to 2.1.0.21 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5850 from stricaud/debian_2_4_125. [Andras Iklody] + + Updates on debian package for 2.4.125 +- Merge branch '2.4' into debian_2_4_125. [stricaud] +- Merge pull request #5846 from SteveClement/guides. [Steve Clement] + + chg: [doc] Make misp-modules work again +- Some changes which improve how Mysql user can be accessed by default, + remove the enablement of apache modules in postinst (moved them to + preinst). [Sebastien Tricaud] +- Added new version bump in changelog. [Sebastien Tricaud] +- Adding installation of cakeresque config. [Sebastien Tricaud] +- Adding the preinst where required apache modules are enabled. + [Sebastien Tricaud] +- If the submodules have not been initialized and updated, the debian + package will build. However the installation will not be a success. + [Sebastien Tricaud] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5843 from SteveClement/tools. [Steve Clement] + + fix: [installer] Embarassing typo no1, 7.3!=7.4 +- Merge remote-tracking branch 'upstream/2.4' into tools. [Steve + Clement] + + +v2.4.125 (2020-04-30) +--------------------- + +New +~~~ +- [feed] Support for compressed feeds. [Jakub Onderka] +- Implementation of email-based OTP. [Golbark] +- [security] added policy for github. [iglocska] +- [doc] Initial copy for Ubuntu 20.04. [Steve Clement] +- [installer] updated template to prepare grounds for 20.04 (php7.4) + [Steve Clement] +- [misp-wipe] Add option to enable notice and warninglists. [Richard van + den Berg] +- [internal] cache the sharing group access lookups. [iglocska] + + - should reduce the number of queries drastically for events heavy on object/attribute level sharing groups +- [privacy] filter added for the authkeys in the admin section to make + giving trainings easier. [iglocska] +- [feeds] index refactor and new features. [iglocska] + + - added the ability to select an orgc ID for CSV/freetext feeds + - all events created from this feed will carry the selected orgc_id + + - Refactored the index fully + - using the factories + - better warnings against the dangerous new feed each pull setting + - event index search added + - several settings cleaned up / made more clear + + - auto reload of default feed configuration disabled, fixes #2542, fixes #5789 + - added a button / endpoint to handle that instead to allow for the deleted default feeds to stay deleted +- [IndexTable] improvements all around. [iglocska] + + - several new field types added (target event, caching) + - several updated with new features and functionalities + - tied into the new data path collector among other changes +- [UI Helper] DataPathCollector helper added. [iglocska] + + - helps the index factory fields retrieve data from the currently processed object based on a set of paths +- [tool] MISP to Slack messaging using ZMQ. [Christophe Vandeplas] +- [tool] MISP to Slack messaging using ZMQ. [Christophe Vandeplas] +- [database] New MySQL data source added for debugging. [iglocska] + + - MySQLObserver datasource added - prepends all queries with the requested controller/action and user ID for better debugging +- [dashboard] COVID active cases backported from widget collections. + [iglocska] +- [community] added the COVID-19 MISP community to the list. [iglocska] +- [communities] self-registration links now exposed in the communities + index. [iglocska] +- [registration] fall back to the e-mail domain if no org info is + provided. [iglocska] + + - also, make the org info optional +- [inbox] stub controller. [iglocska] +- [inbox] system added. [iglocska] + + - user self-registration is the first use-case + - if the feature is enabled, users can unauthenticated send a registration request to MISP + - request includes information on desired org and some privileges (sync / org admin / publisher) + - requests land in the inbox, admins can inspect the registration requests + - they can accept/discard them individually or en masse + - users will be notified of their credentials automatically + - quick user creation if the user asks for an org that doesn't exist yet + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [pymisp] bump. [iglocska] +- [new] Added QEMU support. [Steve Clement] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Version bump. [Steve Clement] +- [db_schema] bumped. [iglocska] +- [installer] Update installer to latest. [Steve Clement] +- [installer] Initial 20.04 support. [Steve Clement] +- [otp] monor changes. [iglocska] + + - i18n + - function naming convention +- [internal] Cache result of AppController::_isRest method. [Jakub + Onderka] +- [advanced extraction] is now the default. [iglocska] +- [small changes] improve double loading of models. [iglocska] + + - some minor changes to improve performance slightly + - some i18n additions (weren't present before the PR either) +- [Log:beforeSave] Fallback to `SYSTEM` Org if field empty. [mokaddem] +- [internal] Removed unused function. [Jakub Onderka] + + This function has typo in name `beforeValid*e*te`, so its never called. And because everything works, I think it is safe to remove it. +- [internal] Speed up of loading event page. [Jakub Onderka] +- [events:view] Support of `extended` for posted data. [mokaddem] +- [installer] Updated installer to latest version. [Steve Clement] +- [doc] Small CLI hint. [Steve Clement] +- [doc] Minor updates. [Steve Clement] +- [PyMISP] Bump. [Raphaël Vinot] +- [doc] Added preliminary 20.04 files. [Steve Clement] +- [decaying:restSearch] Always includes computed base_score in the + response. [mokaddem] +- [i18n] More fr-updates. [Steve Clement] +- [i18n] Updated: de, dk, fr, it, jp, no, ru, zh-s. [Steve Clement] +- [i18n] Full jpn translation as of 2 months ago. [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [users:registrations] Catch if no org_id was provided. [mokaddem] +- [internal] Log also previous exception. [Jakub Onderka] +- [UI] Disable Advanced extraction button if it is not installed. [Jakub + Onderka] +- [internal] Refactored AttributesController:add_attachment. [Jakub + Onderka] +- [internal] Refactoring malware handling. [Jakub Onderka] +- [sharingGroup:capture] Prevent capture of SG in some specific cases - + Need more testing. [mokaddem] + + Should fix #5784 +- [event:timeline] Prevent item selection while in the sighting context. + [mokaddem] +- [event:timeline] Added Sightings visualisation. [mokaddem] +- [user:registration] Added audit log. [mokaddem] +- [user:acceptRegistration] Added fail message. [mokaddem] +- [user:acceptRegistration] Default to instance's default role if + role_id not passed. [mokaddem] +- [user:regitration] Accept/Discard registration accept UUID as + parameter. [mokaddem] +- Bumped db_schema.json. [mokaddem] +- [ACL] updated. [iglocska] +- [ACL] added the feed data reload. [iglocska] +- [misp-objects] bump. [iglocska] +- [objects] bump. [iglocska] +- [stix2] Bumped latest STIX2 python library version. [chrisr3d] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [widgets:multiline] Allow to ctrl+click on labels to hide the others. + [mokaddem] +- [logs:search] Added support of JSON return format. [mokaddem] +- [event:restSearch] Added `includeEventCorrelations` parameter. + [mokaddem] +- [taxonomies] updated. [iglocska] +- [events:exports] Migrated majority of export type to use restSearch. + [mokaddem] +- [index field] org field updated to allow for org information not local + to the current instance (no ID set) [iglocska] +- [registrations] show the time of request's creations. [iglocska] +- [db_schema] Bumped schema. [mokaddem] +- [registration:index] Added titles to buttons. [mokaddem] +- [warninglists] bump. [iglocska] +- [cakephp] version bump to get TLS 1.3 support, fixes #5764. [iglocska] + + - #yolo +- [taxonomies] revert. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [widgets:trendingTags] Added threshold parameter to let user decide + the # to show. [mokaddem] +- [dashboard] Added COVID widgets to the default installation from + widget-collections. [iglocska] + + - should be interesting enough for all at this point. We might remove it again once COVID-19 is finally gone from our lives +- [stix2 libray] Bumped latest python library version. [chrisr3d] +- [stix2 export] Setting datetime fields. [chrisr3d] + + - Instead of letting the created and modified + fields set by default, we set them with the + timestamp value (or date in case of an event) + - The first_seen & last_seen values (or equivalent + like valid_from, valid_until, depending on the + STIX object type) are set to the first_seen / + last_seen if possible, otherwise timestamp +- [warninglists] bump. [iglocska] +- [cleanup] removed bad idea that got barfed into the codebase. + [iglocska] +- [syslog] added title of log entry. [iglocska] +- [warninglists] updated. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [server:dbSchemaDiagnostic] Support of display width and updated + `db_schema.json` [mokaddem] +- [settings] disabling background jobs now counts as a misconfiguration. + [iglocska] +- [publish alert] linebreak issue fixed, added notification about why + the user receives the e-mail. [iglocska] + +Fix +~~~ +- [internal] Just site admin can force when saving freetext. [Jakub + Onderka] +- [installer] Bug where the wrong php deps would get installed. [Steve + Clement] +- [installer] Fix a bug where the installer fails if apt update has + never been run. [Steve Clement] +- [user settings] corrected field name. [iglocska] +- [internal] Edge case where due to an old invalid update script an + instance could end up with the wrong key in user settings. [iglocska] + + - this should resolve the issue for affected users + - no change for everyone else +- [otp] pre-auth action list only expanded if otp is enabled. [iglocska] +- [otp] enabling it requires e-mailing to be enabled. [iglocska] +- [ACL] a private function was missing the __ causing the ACL checker to + return it as an unmapped accessible function. [iglocska] +- [internal] syslog shouldn't end with new line. [Jakub Onderka] + + Because then two lines are logged +- [internal] Remove unused code. [Jakub Onderka] +- Remove unused variable. [Jakub Onderka] +- [event] fixes missing correlations with combined types (#5832) + [Christophe Vandeplas] + + * fix: [event] fixes missing correlations with combined types + + also some other missing variable bug +- [internal] Deleting multiple Redis keys. [Jakub Onderka] +- [UI] Proper object table header when includeRelatedTags. [Jakub + Onderka] +- [doc] MISP expects lief 0.10.1. [Steve Clement] +- [cake] more new defaults as per + https://github.com/MISP/MISP/issues/5803. [Steve Clement] +- [templates:add] Adding tag do not submit the form anymore. Fix #5826. + [mokaddem] +- [Console:Server] Added `configLoad` task. Fix #5793. [mokaddem] +- [galaxyCluster:index] Restored search functionality. [mokaddem] +- [feed:add] Do not override `new_event_at_each_pull` value. Fix #5815. + [mokaddem] +- [attribute:restSearch] Make sure to always pass all tags to Decaying's + computation function. [mokaddem] +- [internal] HTML code in view_event_distribution_graph. [Jakub Onderka] +- Correct flash message when sending e-mail. [Jakub Onderka] +- [misp-wipe] bring wiping up to date with MYSQL.sql. [Richard van den + Berg] +- [pagination] Fixed bottom pagination links on the bottom. [iglocska] +- [registrations] Users can now register using the API without a valid + key, affects #5783. [iglocska] +- [attribute:edit] Prevent save for invalid sharing_groups ids. + [mokaddem] +- [attribute:add] Prevent save for invalid sharing_groups ids. + [mokaddem] +- [event:view] Restored disabled_correlation toggle. [mokaddem] +- [correlations] Update correlations on Attribute or Event + `distribution` change. [mokaddem] +- [event:fetchEvent] Block viewing Objects/Attributes if the user does + not belong to the sharing_group. [mokaddem] + + Even if these elements belong to the user. Similar explanation than for 7cd2175 +- [event:fetchEvent] Block viewing the event if user does not belong to + the sharing_group. [mokaddem] + + Even if the event belongs to the user. This scenario can happen if a + remote sync is badly configured where the remote sync user have + site_admin right, thus allowing the user to see the event even though + he is not part of the SG +- [user:registration] Default undefined message to empty string. + [mokaddem] +- [internal] Remove already removed git modules. [Jakub Onderka] +- [stix2 export] Fixed STIX JSON Encoder import. [chrisr3d] + + - With the latest update it is no longer part of + stix2.base but stix2.v20.base by default, so we + need to import it from stix2.base manually +- [feed index] Converted to static tags to skip erroneous add tag + buttons. [iglocska] +- [ajaxTags] resolved not set searchURL string. [iglocska] +- [observer datasource] fixed for the QueryTool. [iglocska] +- [internal] Added a setting to skip positive attribute level filters on + the event scope. [iglocska] + + - when running a large MISP community, it is bound to happen that your instance will be used as the back-end for internal tooling + - often these tools are configured to fetch aggressively, often with heavy consequences on the server load + - some filter that serves mostly edge-case lookups can mistakenly lead to heavy server load for no good reason + + We have identified attribute level positive filters on the event scope to be such a filter and made them optionally toggle-able + via the MISP.attribute_fitlers_block_only flag. Turning the setting on will remove all event level filters such as "type" from + being viable filter candidates unless used to block the inclusion of attribute types. Some examples: + + "type": {"OR": ["ip-dst", "ip-src", "hostname", "domain"]} would normally return ANY event that has at least one of the listed + attribute types. This is the behaviour that can now be disabled. + + "type": {"NOT": ["iban", "cc-number"]} would normally remove any attributes with the given types from the list of returned + events. This functionality is NOT affected by the toggle. +- [stix1 import] Fixed object name handling causing errors in some + cases. [chrisr3d] + + - With a wrong object name, the correct function + was not reached, reaching some unexpected errors +- [API] event index queries refactored. [iglocska] + + - fixed ID lookups to be more graceful (IN() instead of OR-d statements) + - removed default sorting which is the default anyway but introduces a massive overhead +- [database] made MySQLObserver php < 7.2 compliant. [iglocska] +- [database] bruteforce check relaxed for datasource. [iglocska] +- [database] added missing file. [iglocska] +- [restresponse] invalid keyword for controllers blocked SQL data to be + appended on demand. [iglocska] +- [tool] slackbot cosmetic change. [Christophe Vandeplas] +- [genericTable:rowDblclick] Made row selector more lax. [mokaddem] +- [decaying:base] MAke sure to return a tag event if it's not part of a + taxonomy. [mokaddem] +- [stix1 export] Exporting all tags as Marking. [chrisr3d] + + - Not only for TLP tags + - Not TLP tags are SimpleMarking and no longer + journal entry as they were before +- [server:DBSchemaDiagnostic] Quote index column's name and added + missing keyword. [mokaddem] +- [events:export-csv] Default to_ids to be 1. [mokaddem] +- [stix1 import] Avoiding Php notice because of the end function. + [chrisr3d] + + - Same as 8f90f79 +- [stix1 import] Updated the email message mapping to support the + message-id attribute import. [chrisr3d] +- [UI] Added missing delete button for organisations, fixes #5773. + [iglocska] +- [self-registration] added missing field. [iglocska] +- [user:email] Replaced query parameters by cake's named parameters. + Hopefully fix #5745. [mokaddem] +- [user registration] reverted bug introduced in previous commit + restricting the org choice to the suggested org if there was a match. + [iglocska] +- [console:admin] getSetting can be used to retrieve all settings. + [mokaddem] +- [user registration] minor bug fixes. [iglocska] +- [user registration] automatically convert selected orgs to local as + described in the tool. [iglocska] +- [trialing commas] removed. [iglocska] +- [stix2 export] Avoiding the "end" function to return a notice. + [chrisr3d] + + - It looks like depending on the Php version, the + end function does not like to have the reference + of an array. By delaying its call, we pass the + actual array and the notice no longer appears +- [stix2 export] Fixed datetime fields format in custom objects. + [chrisr3d] +- [widgets:trendingTags] Removes unused vars. fix #5761. [mokaddem] +- [API] fixes to set_filter_uuid. [iglocska] +- [search] Fixed the UUID / ID searches on the attribute scope, fixes + #5636. [iglocska] +- [UI] API reset link fixed on the automation page, fixes #5749. + [iglocska] + +Other +~~~~~ +- Merge pull request #5207 from JakubOnderka/patch-33. [Steve Clement] + + fix: [internal] Just site admin can force when saving freetext +- Merge pull request #5842 from SteveClement/tools. [Steve Clement] + + chg: [new] Added QEMU support +- Merge branch 'eventTimeline-sightings' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into eventTimeline- + sightings. [mokaddem] +- Merge branch '5802' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 5802. [iglocska] +- Merge pull request #5841 from SteveClement/guides. [Steve Clement] + + fix: [installer] Bug where the wrong php deps would get installed +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Revert "Merge branch '5835' into 2.4" [iglocska] + + This reverts commit 48132af1796b13e888ecdc77fa0e25787d517242, reversing + changes made to 9a22aa1f3c1295ab4715e7043e09fa3797b592cb. +- Merge branch '5834' into 2.4. [iglocska] +- Merge branch '5835' into 2.4. [iglocska] +- Merge branch 'stix2-info-patch' of https://github.com/pan-unit42/MISP + into stix2-info-patch. [kscheetz] +- Merge branch '2.4' into stix2-info-patch. [kscheetz] +- Fixes missing self argument bug. [kscheetz] +- Moved info assignment to method. [kscheetz] +- Simplification for code complexity reqs. [kscheetz] +- Merge branch '2.4' into stix2-info-patch. [kscheetz] +- Preserve report order. [kscheetz] +- Stix2 importer naming change. [kscheetz] +- Fixes missing self argument bug. [kscheetz] +- Moved info assignment to method. [kscheetz] +- Simplification for code complexity reqs. [kscheetz] +- Preserve report order. [kscheetz] +- Stix2 importer naming change. [kscheetz] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5840 from SteveClement/tools. [Steve Clement] + + chg: [installer] Initial 20.04 support +- Merge branch '5726' into 2.4. [iglocska] +- Hook into native authentication flow instead of beforefilter which + prevents any after-auth bypass and rely on framework session + management. [Golbark] +- Merge branch '2.4' into email-otp-implementation. [Golbark] + + Conflicts: + app/Model/Server.php +- Add consistent i18n support for all strings. [Golbark] +- Rely on session_id instead of user_id and address minor comments. + [Golbark] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5561 from JakubOnderka/is_rest_cache. [Andras + Iklody] + + chg: [internal] Cache result of AppController::_isRest method +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5816 from Applenice/2.4. [Andras Iklody] + + Modify the default parsing settings of Phishtank feed +- Modify the default parsing settings of Phishtank feed. [Applenice] +- Merge branch '5272' into 2.4. [iglocska] +- Merge branch '2.4' into 5272. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'pr-5827' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into pr-5827. [mokaddem] +- Merge branch 'pr5709' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into pr5709. [mokaddem] +- Merge branch 'JakubOnderka-event_loading_speedup' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into JakubOnderka- + event_loading_speedup. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Update SECURITY.md. [Andras Iklody] +- Merge pull request #5833 from MISP/Rafiot-patch-5. [Andras Iklody] + + Update SECURITY.md +- Update SECURITY.md. [Raphaël Vinot] +- Merge branch 'JakubOnderka-patch-96' into 2.4. [mokaddem] +- Merge branch '2.4' into JakubOnderka-patch-96. [mokaddem] +- Fixes failed insert on existing records. [kscheetz] +- Fixes missing MySQL ignore table statements. [kscheetz] +- Merge branch '5819' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch 'JakubOnderka-redis-delete-multiple' into 2.4. [mokaddem] +- Merge branch '2.4' into JakubOnderka-redis-delete-multiple. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5606 from JakubOnderka/patch-82. [Sami Mokaddem] + + fix: [UI] Proper object table header when includeRelatedTags +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5824 from SteveClement/guides. [Steve Clement] + + fix: [py] Updated lief to a recent known working version +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5821 from Cooper-Dale/patch-1. [Andras Iklody] + + bugfix in Suricata export template +- Bugfix in Suricata export template. [Cooper Dale] + + PR for reported bug https://github.com/MISP/MISP/issues/5766 based on suggestion @stacsirt, tested on my instance and it is working great +- Merge pull request #5823 from SteveClement/guides. [Steve Clement] + + chg: [doc] Added preliminary 20.04 files +- Merge pull request #5822 from SteveClement/tools. [Steve Clement] + + new: [installer] updated template to prepare grounds for 20.04 (php7.4) +- Merge pull request #5574 from JakubOnderka/patch-80. [Andras Iklody] + + fix: [internal] HTML code in view_event_distribution_graph +- Merge pull request #5818 from JakubOnderka/patch-93. [Andras Iklody] + + fix: Correct flash message when sending e-mail +- Merge pull request #5158 from Kortho/patch-1. [Steve Clement] + + added libcxx-devel to yum install list +- Added libcxx-devel to yum install list. [Kortho] + + Needed to compile LIEF +- Merge pull request #5811 from RichieB2B/ncsc-nl/fillwipe. [Steve + Clement] + + Enable notice- and warninglists after misp-wipe +- Update misp-wipe.conf.sample. [Steve Clement] + + prefer false atm +- Merge pull request #5776 from srikwit/patch-1. [Steve Clement] + + Removing mentioned stable support for Debian 9 +- Removing mentioned stable support for Debian 9. [srikwit] + + As there is no file `INSTALL.debian9.txt` and we only have a file with the name `xINSTALL.debian9.txt`. The Debian 9 support seems to be experimental. +- Merge pull request #5763 from RichieB2B/ncsc-nl/fix-gpg. [Steve + Clement] + + Set SELinux context for crypt-gpg-pinentry +- Set SELinux contect for crypt-gpg-pinentry, fixes #4796. [Richard van + den Berg] +- Merge pull request #5651 from Kortho/patch-5. [Steve Clement] + + username for service set from environment variable +- Username for service set from environment variable. [Kortho] + + Username is now fetched from environment variable instead of being hard coded +- Merge pull request #5644 from Kortho/patch-4. [Steve Clement] + + moved and added install to python-cybox +- Moved and added install to python-cybox. [Kortho] + + python-cybox missed the installation, moved the cd, and added the install +- Merge pull request #5812 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Updated: de, dk, fr, it, jp, no, ru, zh-s +- Merge branch 'i18n' of github.com:MISP/MISP into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge remote-tracking branch 'origin/2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5255 from JakubOnderka/patch-46. [Andras Iklody] + + fix: [internal] Remove already removed git modules +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'feed_index' into 2.4. [iglocska] +- Add: [stixtest] Scripts to get a visual evaluation of the STIX2 export + & import. [chrisr3d] + + - We get the initial MISP event, we export it in + STIX2 format, and use the import script on this + file to compare the initial MISP event with the + one created with the STIX2 import + - Since the export to STIX2 and import from STIX2 + are lossy, we do not expect the results to be + perfect, but the enumeration of the differences + confirm what we already know as lost in the + full process, so we can see what is not going as + expected + - The API key could be gathered from MISP, but + these small testing scripts were first intended + to be standalone, and are only for testing + purposes +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge remote-tracking branch 'MISP/2.4' into 2.4. [Christophe + Vandeplas] +- Add: [stix1 framing] Added the Simple marking in the STIX namespaces. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5767 from MISP/fix-csv-toids. [Andras Iklody] + + fix: [events:export-csv] Default to_ids to be 1 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5672 from patriziotufarolo/2.4. [Andras Iklody] + + Fixes STIX2 export failing with "ANTLR runtime and generated code versions disagree: 4.8!=4.7.1" +- Ensure we only have the last line from the shell command when + exporting STIX2. [Patrizio Tufarolo] + + Same as e3b1e8c74a0b40cdb54be938bcea4d9b28a7f0b9 but for exporting STIX2 +- Merge pull request #1 from MISP/2.4. [Patrizio Tufarolo] + + Align fork +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5727 from stricaud/debian. [Alexandre Dulaunoy] +- Various improvements: * Do not push a string for VERSION.json but use + the file in the repository * If database already exist, move on. + [Sebastien Tricaud] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5746 from 4ekin/pg_branch. [Andras Iklody] + + Fixed bugs with PostgreSQL in bruteforce and feed models +- Fixed bugs with PostgreSQL in bruteforce and feed models. [Bechkalo + Evgeny] + + +v2.4.124 (2020-03-30) +--------------------- + +New +~~~ +- [attributes:massEdit] Possibility to create proposals instead of edit. + [mokaddem] +- Add support for RHEL in the install script. [Golbark] +- [audit] Added user monitoring. [iglocska] + + - site admins can set the monitoring flag on a user if the feature is enabled on the instance + - monitored users will have all requests logged along with POST bodies + + - keep in mind this functionality is quite heavy and intrusive - so use it with care. The idea is that this allows us to track potentially malicious users during an investigation +- [UI] indexTable new fields / some refactoring. [iglocska] +- [helper:scopedCSS] Moved implementation in a helper. [mokaddem] +- Country galaxy generator. [iglocska] +- [dashboard] multi line chart UI added. [iglocska] + +Changes +~~~~~~~ +- [server:dbSchemaDiagnostic] UI Improvement to hide tables containing + only non-critical entries. [mokaddem] +- [security] Added setting to restrict the encoding of local feeds. + [iglocska] + + - By adding local feeds, a malicious administrator could point MISP to ingest configuration files that the apache user has access to + - This includes some more sensitive files (database.php / config.php / .gnupg data) + - Whilst this is currently not leading to an exploitable vulnerability as the current implementation wouldn't trigger on the values, + having a setting to disable this will become much more interesting once we have a system in place for custom feed parsers + - The setting can only be enabled/disabled via the CLI + + - As reported by Matthias Weckbecker +- Bump PyMISP. [Raphaël Vinot] +- [version] bump. [iglocska] +- [publish alert] default added to user creation via the API. [iglocska] +- Bumped queryversion. [mokaddem] +- [attribute:edit] Added support of chosen - fix #5736. [mokaddem] +- [widgets:mutliline] Usage of bootstrap's tooltip and fixed another + loading race-condition. [mokaddem] +- [alert] emails now have instructions on how to disable them. + [iglocska] +- [widgets:multiline] Added possibility to pick datapoint and see the + deltas. [mokaddem] +- [warninglist] bump. [iglocska] +- [warninglist] bump. [iglocska] +- [genericElement:indexTable-links] Allow to craft an URL with custom + data_path. [mokaddem] +- [genericElement:IndexTable] Allow to pass pagination options to + paginator element. [mokaddem] +- [widgets:multilines] Improved tooltip placement strategy. [mokaddem] +- [taxonomies] bumped. [iglocska] +- [widgets:multiline] Improved label wrapping. [mokaddem] +- [widgets:multiline] Integrated CSS and new config `hideAxis` + [mokaddem] +- [widgets:worlmap] Resize map on widget container resize. [mokaddem] +- [widgets:ui] Added possibility to listen to widget-resize events. + [mokaddem] +- [widgets:multiline] Support of linear x-axis. [mokaddem] +- [widgets:multiline] Pass widget_config to the view. [mokaddem] +- [widgets:multiline] Flip tooltip position if necessary. [mokaddem] +- [widgets:multiline] Adapt left margin for big numbers. [mokaddem] +- [widgets:multiline] Added more Options, datapoints and total serie. + [mokaddem] +- [widgets:multiline] Layout, UI and interactivity improvements - WiP. + [mokaddem] +- [galaxy:view] Commented `altered galaxy` for now. [mokaddem] +- [galaxyCluster:index] Migrated to use the genericElement factory + + added sparkline and icon genericIndex fields. [mokaddem] +- [galaxyCluster:view] Migrated to use the genericElement factory. + [mokaddem] +- [galaxy:index] Cleaned up artifacts from galaxy2.0. [mokaddem] +- [galaxy:view] Migrated to use the genericElement factory. [mokaddem] +- [galaxy:index] Migrated to use the genericElement factory. [mokaddem] +- [views:genericElements] Multiple addition and improvements for generic + IndexTable, TopBar and Form. [mokaddem] +- [feeds metadata] fix incorrect timestamp field. [Alexandre Dulaunoy] +- [style] Added spaces in JSON used for the automation examples. + [iglocska] +- [community] CogSec Collab disinformation sharing community :D. [VVX7] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [galaxy] bump. [iglocska] +- [helper:ScopedCSS] Usage of PHP_EOL. [mokaddem] +- [scopedCSS] Added more doc and allow having scoped and not scoped mix. + [mokaddem] +- [scopedCSS] Simplified usage and added documentation. [mokaddem] +- [widgets:multiline] Switched to scoped css usage. [mokaddem] +- [widgets] Added support of scoped CSS. [mokaddem] +- [travis] cat exec errors file. [Raphaël Vinot] + +Fix +~~~ +- [sync] Added function to handle older MISP instances despite the new + way of passing org filter options. [iglocska] +- [event:view] Show correct number of related events to be shown - Fix + #5732. [mokaddem] +- [objecs:reviseObject] Pass forgotten template data - Fix #5733. + [mokaddem] +- [event index] org filter correctly accepts array in addition to pipe + delimited values. [iglocska] + + - fixes pull org filters +- [emailing] Added setting for default publish alert behaviour when + creating new users. [iglocska] +- [installer] Updated installer checksums. [Steve Clement] +- [attribute:edit] Create chosen picker when modal is shown. [mokaddem] +- [eventGraph:picture] Take correct Attribute picture's name. [mokaddem] +- [widget:mutlieline] Take into account scrollY position. [mokaddem] +- [widgets:multiline] Racecondition executing `init` and fetching d3.js + twice. [mokaddem] +- [pull] pull filters fixed. [iglocska] +- [widgets:multiline] Ensure that d3.js is loaded only once. [mokaddem] +- [widgets:SimpleList] Fit minimum vertical space. [mokaddem] +- [widgets:multiline] Correctly parse boolean text for `showAxis` + [mokaddem] +- [galaxy:view] View altered galaxies/clusters buttton correctly + redirect. [mokaddem] +- [php] compatibility with older versions. [iglocska] +- [servers:pull_rules] Allows sync parameter rules to be above 40 chars. + [Sami Mokaddem] +- [message] user creation shouldn't include the "User notified of new + credentials" part of the notification mesage if emailing is disabled. + [iglocska] +- [install] Updated installer and checksums. [Steve Clement] +- [INSTALL] Properly run tests. [Raphaël Vinot] +- [suricata] fixed an invalid validation of https hostnames that blocked + the attributes from being included in the exports. [iglocska] +- [dashboard] css conflict resolved. [iglocska] + + - in a really hacky way for now +- [side menu] Fixed Dashboard link from the side menu in the statistic + view. [chrisr3d] +- [thread:view] Threads are no longer rendered for not related Event on + rare occasion. [mokaddem] +- [user:login] Added support of `RFC822` for older PHP version. + [mokaddem] +- [stix export] Fixed cybox object import. [chrisr3d] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5643 from Kortho/patch-3. [Steve Clement] + + fixed python venv creation command +- Fixed python venv creation command. [Kortho] + + The command for creating virtual environment in RHEL was wrong, fixed it :) +- Merge pull request #5706 from RichieB2B/ncsc-nl/venv-ssdeep. [Steve + Clement] + + Fix venv and ssdeep for RHEL 7 +- Update INSTALL.rhel7.md. [Steve Clement] +- Install ssdeep PHP module on RHEL 7. [Richard van den Berg] +- Fix virtualenv creation on RHEL 7. [Richard van den Berg] +- Merge pull request #5705 from Golbark/redhat-install-script-support. + [Steve Clement] + + new: usr: add support for RHEL in the install script +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5721 from stricaud/debian2. [Andras Iklody] + + Debian improvements +- Add installation files: workers and VERSION.json. [Sebastien Tricaud] +- Adding missing packages. [Sebastien Tricaud] +- Adding compat file. [Sebastien Tricaud] +- Bump version in changelog. [Sebastien Tricaud] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'feature-widget-multipleline' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-widget- + multipleline. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into view-migration-galaxy. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'GlennHD-2.4' into 2.4. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/GlennHD/MISP into + GlennHD-2.4. [Alexandre Dulaunoy] +- Fixed indentation of DigitalSide & Metasploit CVEs. [GlennHD] + + Fixed indentation of DigitalSide & Metasploit CVEs to align with others. +- Added Malware Bazaar. [GlennHD] + + Added abuse.ch Malware Bazaar +- Merge pull request #5717 from VVX7/2.4. [Andras Iklody] + + chg: [community] CogSec Collab disinformation sharing community :D +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5707 from MISP/feature-widgets-scoped-css. [Andras + Iklody] + + Scoped css for widget +- Merge branch '2.4' of github.com:MISP/MISP into feature-widgets- + scoped-css. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5697 from MISP/chrisr3d_patch. [Andras Iklody] + + Fix link to the dashboard from the statistics page +- Merge remote-tracking branch 'origin/2.4' into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.123 (2020-03-10) +--------------------- + +New +~~~ +- [dashboard] added template delete functionality. [iglocska] +- [dashboard] persistence package. [iglocska] + + - export dashboard state + - import dashboard state + - save dashboard state + - make it available to others on the instance on demand + - admins can set a default password for users that don't have anything configured yet + - load another template based on what the community has shared + - added Whoami widget which was an outcome of the ESDC training + - various improvements, new fields for genericElements, etc +- [workers] restart all dead workers. [iglocska] +- [widgets] Whoami widget added. [iglocska] +- [dashboard] various fixes / improvements. [iglocska] + + - simple list now accepts arrays for values + - fixed margin issues + - fixed empty sync test issues +- [dashboard] added a way to auto reload widgets. [iglocska] + + - has to be defined in the code of the widget +- [widget] World map widget added. [iglocska] +- [dashboard] Resource widget added. [iglocska] +- [favourite] glow orange when on the page that is already bookmarked. + [iglocska] + + - thanks to @mokaddem (graphman) for the idea +- [dashboard] Added cachelifetimg setting as opposed to hard-coded + value. [iglocska] +- [dashboard] Added server resource module and some fixes. [iglocska] +- [Dashboard] added hook to check for permissions on module load. + [iglocska] + + - allows for modules to have role / host org restrictions +- [Dashboard] system. [iglocska] + + - Dashboard + - modular similar to restSearch + - build your own widgets + - use a set of visualisation options (more coming!) + - full access to internal functions for queries + - auto discover core and 3rd party widgets + - rearrange / configure widgets for each user individually + - rearrange / resize widgets + - settings can be configured by a site-admin on behalf of others + - modules have a self-explain mode to guide users + - caching mechanism for the modules / org + + - set homepage / user + - various other fixes +- [API] object level restSearch added. [iglocska] + + still WiP + +Changes +~~~~~~~ +- [stix2] Bumped latest stix2 python library version. [chrisr3d] +- Bump PyMISP. [Raphaël Vinot] +- [version] bump. [iglocska] +- [cleanup] removed alert. [iglocska] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonimies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [dashboard] world map scale parameterised. [iglocska] +- [widget:worldmap] Reusage of declated variable. [mokaddem] +- [widget:worldmap] Various JS and UI Improvements. [mokaddem] + + - Variables and function have their own scope, not overridin each other + - Scale color ranges from blue to red + - Tooltip picks the correct data instead of the latest declared one + - PHP no longuer printed in JS, avoiding the need of `eval` command + - Widget redraw itself after a page resize +- [login] Display last time the user logged in. [mokaddem] +- [response header] Added `X-XSS-Protection` header. [mokaddem] + + - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB) +- [server:rest] Query builder gets loaded with body after the POST. + [mokaddem] + + fix #5680 +- Removed unwanted indentation. [mokaddem] +- [dashboard] show owner email of template to site owners and the owner + themselves. [iglocska] +- [dashboard] cleanup. [iglocska] + + prevent @mokaddem's and @rommelfs's eyes from bleeding +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [dashboard] Allow for the use of subdirectories in + /app/Lib/Dashboard/Custom to be able to git clone repos. [iglocska] +- [querystring] bumped. [iglocska] +- [dashboard] views for widgets updated. [iglocska] +- [clenaup] removed old dashboard. [iglocska] +- [dashboard] Custom dir added. [iglocska] +- [wip] test. [iglocska] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Make contact reporter gender neutral. [Raphaël Vinot] +- [i18n] Updated: Simplified Chinese, German, Italian, Spanish, Russian. + [Steve Clement] +- [i18n] Updated pot files. [Steve Clement] + +Fix +~~~ +- [travis] ANTLR 4.8 works again. [Raphaël Vinot] +- [ACL] added deleteTemplate. [iglocska] +- [dashboards:edit] Prevent overriding the edited template with data + stored in user-settings. [mokaddem] +- [dashboard:saveTemplate] Prevent array re-indexing causing issue with + HTML select's option value. [mokaddem] +- [dashboard] grid scope fix. [iglocska] +- [sfv] Checksums wrong. [Steve Clement] +- [dashboard] several small fixes. [iglocska] + + - fixed issue of first few updates failing right after adding a self updating widget + - don't try to reload a removed widget + - fixed the internal random parametrised widget refresh to something more sane +- [user:resetAuthkey] Allows the function to be called. [mokaddem] +- [flashErrorMessage] Sanitized error message printed by session that + should never contains user-made text. [mokaddem] + + - Better safe than sorry +- [user:edit] Prevent password change with the current password. + [mokaddem] + + - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB) +- [user:edit] Correctly re-insert form data wipping password + information. [mokaddem] +- [security] Fixed presistent xss in the sighting popover tool. + [mokaddem] + + - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB) +- [user:resetauthkey] Method can only be accessed via POST request. + [mokaddem] + + - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB) +- [security] Fix reflected xss via unsanitized URL parameters. + [mokaddem] + + - As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB) +- [settings] `require_password_confirmation` set to true by default. + [mokaddem] +- [attribute:validation] Better validation of IPv6-[dst/src] and + improved display. [mokaddem] + + fix #5682 +- [logs] pagination settings are lost when flipping pages after a + search. [iglocska] +- [widgets] worldmap fixed. [iglocska] +- [dashboards] fixed invalid recall of dashboard template. [iglocska] +- [ACL] added new function to ACL. [iglocska] +- [js] fixed invalid defaults passed from php. [iglocska] +- [cleanup] removed disabling the caching of dashboard widgets for debug + purposes. [iglocska] +- [dashboard] Some widget visualisation fixes. [iglocska] +- [cleanup] [iglocska] +- [synctool] tests improved. [iglocska] +- [CLI] change authkey description fixed. [iglocska] +- [homepage] redirects fixed. [iglocska] +- [user settings] fixed unlocking of API routes. [iglocska] +- [dashboard] fixed an issue when adding a widget with an empty config. + [iglocska] +- [API] Json converter fixed. [iglocska] +- [dashboard] fixed multiple adds failing. [iglocska] +- [dashboard] Fixed adding widgets losing their config settings. + [iglocska] +- [dashboard] custom routing fixed. [iglocska] +- [i18n] Various edits and small __('') addeage. [Steve Clement] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Bumped db_version. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #5687 from MISP/feature-widget-improvement. [Andras + Iklody] + + chg: [widget:worldmap] Various JS and UI Improvements +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'feature/dashboard' into 2.4. [iglocska] +- Merge branch '2.4' into feature/dashboard. [iglocska] +- Merge pull request #5670 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Updated: Simplified Chinese, German, Italian, Spanish, Russian +- Merge pull request #5669 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Updated pot files +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge pull request #5668 from SteveClement/i18n. [Steve Clement] + + fix: [i18n] Various edits and small __('') addeage. + + +v2.4.122 (2020-02-26) +--------------------- + +New +~~~ +- [logging] Log user IPs on login. [iglocska] + + - feature is optional and needs to be enabled in the server settings + - on successful login logs the associated user ID for a given IP (30 day retention) + - also logs the IP for the associated user ID (indefinite retention) + - added two command line tools to query + - Get IPs For User ID: MISP/app/Console/cake Admin UserIP [user_id] + - Get User ID For User IP: MISP/app/Console/cake Admin IPUser [ip] +- [communities] Added Danish community and some fixes to the community + system. [iglocska] + +Changes +~~~~~~~ +- [pymisp] bump. [iglocska] +- Use poetry in travis. [Raphaël Vinot] +- [version] bump. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- [database] Added db entry to re-correlate Attributes. [mokaddem] +- [submodule] updates. [iglocska] +- [UI] show customauth header. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Removed unused function. [Jakub Onderka] +- [internal] Little bit faster ssdeep saving. [Jakub Onderka] +- [mispzmq] Do not create array every 0.1 sec. [Jakub Onderka] + + Should lead to little bit lower CPU usage +- [internal] Update composer.phar to version 1.9.0. [Jakub Onderka] +- [objects] updated to the latest version. [Alexandre Dulaunoy] +- [version] bump. [jcarter] + +Fix +~~~ +- Run python tests from python. [Raphaël Vinot] +- [CLI] allow for calling the update via the CLI without passing a + process ID. [iglocska] +- Properly install PyMISP with poetry. [Raphaël Vinot] +- Missing dependency for poetry. [Raphaël Vinot] +- [correlations] fix to an issue where attribute edits could purge + correlations. [iglocska] + + - bug introduced by a merge gone wrong + - attribute edits that modify fields that do not affect the correlations (such as to_ids, comment, etc) would cause correlations to be purged +- [sync] allow for both the minimal and searchminimal keywords to be + used on the event index. [iglocska] + + - until now due to a bug only searchminimal was used + - sync negotiation uses minimal as the key + - this should greatly speed up the negotiation phase +- [decaying:tool] Support strict sql mode while fetching available + Object type. [mokaddem] +- [decaying] Attributes not having a DM associated will be defaulted as + `not decayed` [mokaddem] +- [eventGraph] Request picture for valid attachement only. [mokaddem] +- [server:edit] Prevent undefined variable. [mokaddem] +- [custom auth] correctly use HTTP_ as the default header namespace. + [iglocska] +- [installer] Some typos. [Steve Clement] +- Force schema columns lowercase to match expected. [Jason Kendall] +- [enveloping] Fixed typo and added actual event ID to the message + saved. [iglocska] + + gremmar meestakes are anoying. +- [dash] Dashboard not working at the moment. [Steve Clement] +- [server:edit] Always echo internal instance notice. [mokaddem] +- [UI] Correct title for '+' button. [Jakub Onderka] +- [pubsub] Do not fetch setting for every push. [Jakub Onderka] +- [UI] UUID term should be uppercase. [Jakub Onderka] +- [internal] Remove unused function. [Jakub Onderka] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Bumped db_version. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'feature-recorrelate' into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- :magic: [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5659 from SteveClement/misp-dash. [Steve Clement] + + fix: [dash] Dashboard not working at the moment +- Merge branch '2.4' into misp-dash. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5654 from coolacid/issue-5653. [Andras Iklody] + + fix: Force schema columns lowercase to match expected +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #5647 from coolacid/issue-5598. [Andras Iklody] + + Allow forcing tag creation for galaxies +- Allow forcing tag creation for galaxies. [Jason Kendall] +- Merge pull request #5639 from JakubOnderka/patch-92. [Andras Iklody] + + fix: [UI] Correct title for '+' button +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5612 from coolacid/issue-5611. [Andras Iklody] + + Ensure we only have the last line from the shell command +- Ensure we only have the last line from the shell command. [Jason + Kendall] +- Merge pull request #5633 from JakubOnderka/patch-91. [Andras Iklody] + + chg: [internal] Removed unused function +- Merge pull request #5628 from JakubOnderka/patch-87. [Andras Iklody] + + chg: [internal] Little bit faster ssdeep saving +- Merge pull request #5631 from JakubOnderka/patch-90. [Andras Iklody] + + fix: [pubsub] Do not fetch setting for every push +- Merge pull request #5630 from JakubOnderka/patch-89. [Andras Iklody] + + chg: [mispzmq] Do not create array every 0.1 sec +- Merge pull request #5629 from JakubOnderka/patch-88. [Andras Iklody] + + fix: [UI] UUID term should be uppercase +- Merge pull request #5623 from stricaud/2.4. [Andras Iklody] + + version 2.4.221 + ask about baseurl during package installation +- * Adding baseurl as a question when finalizing the package + installation. * bump to version 2.4.221. [Sebastien Tricaud] +- Merge pull request #5625 from JakubOnderka/patch-86. [Andras Iklody] + + fix: [internal] Remove unused function +- Merge pull request #5149 from JakubOnderka/update-composer. [Andras + Iklody] + + chg: [internal] Update composer.phar to version 1.9.0 +- Merge pull request #5616 from jay-carter/patch-1. [Andras Iklody] + + chg: [version] bump +- Merge pull request #5617 from stricaud/debian. [Andras Iklody] + + Adding instructions to build a Debian Package +- Remove useless test. [Sebastien Tricaud] +- Adding instructions to build a Debian Package. [Sebastien Tricaud] + + It does not build a Debian package that can be pushed to the distribution yet, but it provides + an easy way to have a Debian package for MISP for minimal configuration efforts. + + It is installed in /usr/share/misp and there are too many things happening in that directory, + such as logs, instead of being in /var/log/misp/. + + However it can be useful to a lot of people, and I will gradually improve it over time. + + -- STR + + +v2.4.121 (2020-02-10) +--------------------- + +New +~~~ +- [config load task] Added a task that will reload the settings on any + console shell execution, fixes #5498. [iglocska] + + - helps with background workers being forced to fetch new settings whenever they start a new job +- [objects] pass the /breakOnDuplicate:1 flag to the /objects/add + endpoint to deduplicate. [iglocska] + + - returns an error if the object already exists + - objects of the same template_uuid are compared + - non deleted attributes only + - type + category + value + object_relation tuple is compared +- [API] Enveloping improvements. [iglocska] + + - user controlled envelope settings to control memory estimation for attribute/event sizes + - logging of potentially too large events for the current memory envelope + - tuning of the default values + - added a divider for the event:attribute conversion to account for objects / event level contextualisation / correlations +- [UI] Show thumbnails at List Attributes view. [Jakub Onderka] +- [internal] Attribute::isImage method. [Jakub Onderka] +- [sync] Add additional pull filters to the sync, fixes #5510. + [iglocska] + + - uses the same format as the index filters + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [internal] mispzmqtest.py. [Jakub Onderka] + + - Also check if Redis Python library is installed + - Do not print "OK" if libraries doesn't exists + - Return error code 1 if library doesn't exists +- [cleanup] Taking out the trash. [iglocska] + + - old unused functions removed +- [pgpPopover] Transformed text into i18n. [mokaddem] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- [dbSchema] Removed log table from the whitelisted tables. [mokaddem] +- [diagnostic:dbSchema] Added SQL queries to fix issues. [mokaddem] +- [UI] Check if ssdeep PHP extension is installed. [Jakub Onderka] +- Bump expected PyMISP version. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [user] GPG key fetching by server. [Jakub Onderka] +- [attribute:add] Actually show invalid datetime format message in the + UI. [mokaddem] +- [attribute:add] Rephrased missing timezone message. [mokaddem] +- [attribute:type] Datetime value is forced to be a valid ISO format. + [mokaddem] + + - It is converted into UTC in the server + - /attribute/add Form includes javascript validation part +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Do not use the merge functionality. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- [Feed] Change all non MISP feed format feeds to fixed events. [Raphaël + Vinot] +- [PyMISP] Bump, fix tz issues. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- Changed error messages into translatable strings. [mokaddem] +- [internal] Much better error handling for feed preview. [Jakub + Onderka] +- [UI] Resizing images. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [dbschema] Pretty print db_schema and removed Object.comment and + ShadowAttr.comment from the index list. [mokaddem] +- Selectively choose what you want to import. [Pierre-Jean Grenier] +- [internal] Much faster GalaxyCluster::attachClustersToEventIndex. + [Jakub Onderka] +- [console:server] Stop execution if user does not exists. [mokaddem] + +Fix +~~~ +- [security] Correctly sanitize search string in Galaxy view. [mokaddem] + + - As reported by Dawid Czarnecki +- [object] object deduplication fixed. [iglocska] +- [UI] Disable autocomplete for authkey. [Jakub Onderka] + + To prevent saving it into browser cache +- [internal] Remove unused line. [Jakub Onderka] +- [indexes] Added SQL index for tag numerical_value. [mokaddem] +- [security] Further fixes to the bruteforce handling. [iglocska] + + - resolved a potential failure of the subsystem when the MySQL and the webserver time settings are diverged + - as reported by Dawid Czarnecki + - several tightenings of the checks to avoid potential foul play +- [security] discussion thread ACL issues fixed. [iglocska] + + - as reported by Dawid Czarnecki +- [security] brutefoce protection rules tightened. [iglocska] + + - as reported by Dawid Czarnecki +- [API] make param tag alias of tags for /events/restSearch. [Jeroen + Pinoy] +- [kali] Fixed kali install script (#5586) [Steve Clement] + + fix: [kali] Fixed kali install script +- [tools] Removed Viper until working again, fixed #5582. [Steve + Clement] +- [sum] Fixed checksums. [Steve Clement] +- [kali] Fixed kali install script. [Steve Clement] +- [sync] Pull filters ignored if no custom url params added, fixes + #5594. [iglocska] +- [export] fixed the export page breaking for text exports, fixes #5563. + [iglocska] +- [UI] Icons in network distribution graph. [Jakub Onderka] +- [internal] cleanup of unused line. [iglocska] +- [API] several fixes to the Bro API. [iglocska] + + - always use flatten:1 to also include object attributes + - fix the generated full export to only include the header once +- [internal] fetcher logic fail fixed. [iglocska] +- A few feeds should use fixed events by default. [Raphaël Vinot] + + Related to https://github.com/MISP/MISP/issues/5544 +- [API] taxonomies controller index call fixed for API calls. [iglocska] + + - no longer limiting at 60 elements +- [log] Proper format log message for reset auth key. [Jakub Onderka] + + In future, it will be also possible to filter auth keys in logs. +- [objects:edit] Added *_seen validation and error reporting. [mokaddem] +- [CLI] Die if setting name is not correct. [Jakub Onderka] +- [server:edit] Correctly escape `%` re-enabling server setting editing. + [mokaddem] +- Proper logout when `CustomAuth_custom_logout` is set. [Jakub Onderka] +- `DefaultRoleId` is not implemented for ApacheShibbAuth. [Jakub + Onderka] +- [UI] Remove double escaping. [Jakub Onderka] +- [ui:galaxy] Correctly display galaxy info. [mokaddem] +- [attribute:search] Unset filtering rules on *_seen if unset. + [mokaddem] +- [internal] AttributesController::viewPicture can be used just for + fetching images. [Jakub Onderka] +- [UI] small username helper changes. [iglocska] +- [internal] slight tuning to the attribute restsearch memory envelop + size. [iglocska] +- [UI] Add space after ':' in error text. [Jakub Onderka] +- [serverShell] Stopped usage of reserver keyword. [Sami Mokaddem] + + Renamed function name to let PHP 5.x parse the shell script correctly +- [diagnostic:dbSchema] Updated schema with the Attribute.comment + indexing change nad pretty-printed it. [mokaddem] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5615 from JakubOnderka/patch-85. [Andras Iklody] + + chg: [internal] mispzmqtest.py +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into enforce-iso-datetime. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into pr-5210. [mokaddem] +- Merge pull request #5614 from JakubOnderka/patch-84. [Andras Iklody] + + fix: [UI] Disable autocomplete for authkey +- Merge pull request #5607 from JakubOnderka/patch-83. [Andras Iklody] + + fix: [internal] Remove unused lines +- Merge branch '2.4' of github.com:MISP/MISP into pr-5210. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #5601 from JakubOnderka/ssdeep_ext. [Andras Iklody] + + chg: [UI] Check if ssdeep PHP extension is installed +- Fixup! chg: [user] GPG key fetching by server. [Jakub Onderka] +- Merge remote-tracking branch 'origin/2.4' into enforce-iso-datetime. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5585 from Wachizungu/fix-tag-alias-events- + restsearch. [Andras Iklody] + + fix: [API] make param 'tag' alias of 'tags' for /events/restSearch +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #5579 from StefanKelm/2.4. [Andras Iklody] + + tiny typo +- Update update_progress.ctp. [StefanKelm] + + tiny typo +- Update db_schema_diagnostic.ctp. [StefanKelm] + + tiny typo +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5573 from JakubOnderka/patch-79. [Andras Iklody] + + fix: [UI] Icons in network distribution graph +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5569 from MISP/Rafiot-patch-4. [Andras Iklody] + + chg: Do not use the merge functionality. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5562 from raw-data/2.4. [Alexandre Dulaunoy] + + [add] malsilo.domain feed +- [add] malsilo.domain feed. [raw-data] +- Merge pull request #5559 from JakubOnderka/patch-77. [Andras Iklody] + + fix: [log] Proper format log message for reset auth key +- Merge branch 'pr-5295' into 2.4. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into pr-5295. [mokaddem] +- Merge pull request #5555 from JakubOnderka/patch-76. [Andras Iklody] + + fix: [CLI] Die if setting name is not correct +- Merge pull request #5541 from JakubOnderka/proper_logout. [Andras + Iklody] + + fix: Proper logout when `CustomAuth_custom_logout` is set +- Merge pull request #5553 from ZeroDot1/patch-1. [Andras Iklody] + + Fix the CoinBlockerLists +- Fix the CoinBlockerLists. [ZeroDot1] + + Delete the MiningServerIPList.txt feed because the feed is no longer available. + + All current downloads can be found via the CoinBlockerLists homepage. + https://zerodot1.gitlab.io/CoinBlockerListsWeb/downloads.html + + Thanks to everyone for using the CoinBlockerLists, I appreciate it very much. + + ' + { + "Feed": { + "id": "68", + "name": "This list contains all IPs - A additional list for administrators to prevent mining in networks", + "provider": "CoinBlockerLists", + "url": "https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/MiningServerIPList.txt?inline=false", + "rules": "", + "enabled": true, + "distribution": "3", + "sharing_group_id": "0", + "tag_id": "0", + "default": false, + "source_format": "freetext", + "fixed_event": false, + "delta_merge": false, + "event_id": "0", + "publish": false, + "override_ids": false, + "settings": "{\"csv\":{\"value\":\"\",\"delimiter\":\",\"},\"common\":{\"excluderegex\":\"\"}}", + "input_source": "network", + "delete_local_file": false, + "lookup_visible": true, + "headers": "" + } + }, + ' +- Merge pull request #5548 from JakubOnderka/patch-75. [Andras Iklody] + + fix: `DefaultRoleId` is not implemented for ApacheShibbAuth +- Merge branch '2.4' of github.com:MISP/MISP into pr-view_picutre. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5542 from JakubOnderka/patch-74. [Sami Mokaddem] + + fix: [UI] Remove double escaping +- Merge branch '2.4' of github.com:MISP/MISP into pr-patch-67. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into pr-selective_import_v2. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5530 from legoguy1000/2.4. [Andras Iklody] + + Add SAML (Shibboleth) login button +- Add SAML (Shibboleth) login button. [Alex Resnick] + + With Shibboleth and SAML you have 2 options, for SAML login and don't allow local login or allow both. The example in the documentation forces (requires) SAML authentication and thus doesn't allow you to use local credentials if needed. This adds a button below the login form to redirect to the Shibboleth login page if using passive Shibboleth auth. To use passive auth set "ShibRequestSetting requireSession 0/false" instead of "ShibRequestSetting requireSession 1/true" +- Merge pull request #5527 from JakubOnderka/patch-72. [Andras Iklody] + + fix: [UI] Add space after ':' in error text + + +v2.4.120 (2020-01-21) +--------------------- + +New +~~~ +- [shadowAttribute] first_seen and last_seen on shadowAttributes. + [mokaddem] +- [timeline/*-seen] Initial import of the timeline code from the + zoidberg branch. [mokaddem] +- [attribute type] kusto-query attribute type. [Alexandre Dulaunoy] + + Kusto query is the query language for the Kusto services in Azure used + to search large dataset. It's used in Windows Defender ATP Hunting-Queries + and also Azure Sentinel (Cloud-native SIEM). + + To fix #5475 +- [generic index] added lambda function based requirements for actions. + [iglocska] +- [diagnostic:DBIndexes] Added complete diagnostic for database indexes. + [mokaddem] +- [diagnostic:DBIndex] Show table columns having indexes. [mokaddem] +- [UI] first implementation of the modal forms. [iglocska] + +Changes +~~~~~~~ +- [PyMISP] update to the latest version. [Alexandre Dulaunoy] +- [attributes] new attribute type 'chrome-extension-id' [Alexandre + Dulaunoy] + + This attribute is used by Chrome to uniquely identify extension. +- [timeline:display_threshold] Increased display threshold. [mokaddem] +- [worker:diagnostic] typo. [mokaddem] +- Cleanup python install on travis. [Raphaël Vinot] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [queryVersion] Bumped version. [mokaddem] +- [pymisp] bump. [iglocska] +- [UI:formSeenInput] Re-vamped the UI to be more usuable. [mokaddem] +- [stix2] Bumped the latest stix2 python library version. [chrisr3d] +- [versions] requirements for languages changed. [iglocska] +- [VERSION] bump. [iglocska] +- [PyMISP] bump. [iglocska] +- [Attribute:seen] Moved conversion iso<->utc of fs/ls in dedicated + functions. [mokaddem] +- [eventTimeline] Cleaner array append. [mokaddem] +- [popoverPopup] Display errors whenever available. [mokaddem] +- [timeline] Synchronize *-seen at Object and ObjectAttribute level, few + fixes and Improved UI. [mokaddem] +- [appModel] Fixed merge conflict. [mokaddem] +- [object:quickAddAttribute] Improved feedback when creation fails. + [mokaddem] +- [timeline:ui] Replaced typeahead by chosen. [mokaddem] +- [timeline] Improved loading icon UI. [mokaddem] +- [object:quickAddAttribute:ui] Adjusted qcuik add buton placement. + [mokaddem] +- [object:edit] Reverted useless code. [mokaddem] +- [attribute:edit] reverted useless line of code. [mokaddem] +- [mysql] Reverted all changes in `MYSQL.sql` as the update is done when + logging in for the first time. [mokaddem] +- [shadow_attributes:edit] Support of first_seen and last_seen. + [mokaddem] +- [attribute:restSearch] Search support for first_seen and last_seen. + [mokaddem] +- [object:edit] Support of fs/ls sync on object for `edit` and + `addQuickField` [mokaddem] +- [object] Set fs/ls on all attributes when an object got its fs/ls + sets. [mokaddem] +- [attribute:restSearch] Added filtering conditions for first_seen and + last_seen. [mokaddem] +- [restResponse] Updated doc about first_seen and last_seen. [mokaddem] +- [event:view] Added first_seen/last_seen column (event, server and + feed) [mokaddem] +- [diagnostic] Style tweaking to be consistent with the UI. [mokaddem] +- [index] Index Attribute.comment. [mokaddem] +- Bumped queryversion. [mokaddem] +- [internationalisation] Support of multi-lang for the administrator + update notice message. [mokaddem] +- [update:seen] Switch back to the usage of worker for the update. + [mokaddem] +- [update] DO not execute pre-update test for the timeline update + anymore (pre-update feature not fully supported yet) [mokaddem] +- [timeline] Removed missleading text in tooltip. [mokaddem] +- [update] Usage of `indexArray` instead of raw sql. [mokaddem] +- [object:delta] No deletion of ObjectAttribute when sync. with Object's + FS/LS. [mokaddem] +- [timeline] Improved controller name parsing (used in form) - WiP. + [mokaddem] +- [object:quickAttributeAdd] Replace popover selection by the generic + picker. [mokaddem] +- [app] Improved and integrated *-seen database update. [mokaddem] +- Use default bionic release. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [attributeTag] Stop pruning outdated attribute tag when syncing. Will + be re-enabled in the future. [mokaddem] +- Bump PyMISP, fix dummy event creator. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [install] Updated the way the SHASUM of composer-setup.php… (#5494) + [Steve Clement] + + chg: [install] Updated the way the SHASUM of composer-setup.php is handled +- [install] Updated the way the SHASUM of composer-setup.php is handled + as per: https://getcomposer.org/doc/faqs/how-to-install-composer- + programmatically.md. [Steve Clement] +- [install] Updated installer (#5493) [Steve Clement] + + chg: [install] Updated installer +- [install] Updated installer. [Steve Clement] +- [composer] Updated composer checksum. [Steve Clement] +- [decaying-model] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version which includes kusto-query + attribute type. [Alexandre Dulaunoy] + + new: [attribute type] kusto-query attribute type + + Kusto query is the query language for the Kusto services in Azure used + to search large dataset. It's used in Windows Defender ATP Hunting-Queries + and also Azure Sentinel (Cloud-native SIEM). +- [view:genericIndex] Auto extract datapaths and pass them to evaluation + function. [mokaddem] +- [screenshots] updates with new functionalities. [Alexandre Dulaunoy] +- [diagnostic:DBIndexes] Hide notice message if index diagnostic not + shown. [mokaddem] +- [diagnostic:DBIndexes] Cleanup, bug fix and updated db_schema. + [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP, again. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [dianostic:DBSchema] Consider quoted default_value as non-critical. + [mokaddem] +- [diagnostic:DBSchema] Hide non-critical issues by default. [mokaddem] +- [diagnostic:DBSchemaDiagnostic] Added datasource. [mokaddem] +- [internal] Faster loading list of attributes. [Jakub Onderka] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- New feature to selectively choose to import objects (or not) [Pierre- + Jean Grenier] +- Bump PyMISP. [Raphaël Vinot] +- [Console:admin] Allow `travis` user to bring the database up to date. + [Sami Mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Update object templates on travis. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version (including new galaxy such + as dark patterns and surveillance vendors) [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version (including the ML-abuse + one) [Alexandre Dulaunoy] +- [internal] Simplify UserController::admin_edit. [Jakub Onderka] +- [internal] Simplify User::extralog method. [Jakub Onderka] +- [UI] clown solutions. [iglocska] +- [UI] refactor of the genericForm/submitbutton to support ajax. + [iglocska] +- [add attribute view] Controller changes for adding attribute. + [chrisr3d] +- [types] new eppn attribute type added - EduPersonPricincipalName. + [Alexandre Dulaunoy] + + Fix #5448 +- Bumped queryversion. [mokaddem] + +Fix +~~~ +- [install] Update .sfv. [Steve Clement] +- [stix2] Fix stix2 for the Docs and Installer (#5526) [Steve Clement] + + fix: [stix2] Fix stix2 for the Docs and Installer +- [tools] re-generated INSTALL.sh fixed small issue in ubu. [Steve + Clement] +- [stix] small fix to get around a current cti-python-stix2 glitch (to + be undone) [Steve Clement] +- [form_seen] Filling *_seen field with no value remove the *_seen time. + [mokaddem] +- [worker:diagnostic] Prevent failing if no worker are running. + [mokaddem] +- [workers:diagnostic] Consider a queue to be healthy if one worker is + running. [mokaddem] +- [adminSetting] Avoid trying to create new entries if previous save + failed. [mokaddem] +- [update] fixed an issue blocking the updates from executing. + [iglocska] + + - invalid check for the admin role - too early to check for _isSiteAdmin() at that point +- [stix 1&2 export] Checking is an error message is returned. [chrisr3d] +- [internal] upgrade issues fixed. [iglocska] +- [updateProgress] Display errors in between updates Return empty + progress when the current progress can't be fetched. [mokaddem] +- [upgrade] removed test change. [iglocska] +- [upgrade] Added a safety net for launching superfluous updates. + [iglocska] +- [update] typo fixed. [iglocska] +- [settings] purge previous setting, push new one. [iglocska] +- [UI] small fixes. [iglocska] +- [model:comment] Do not index the `comment` field anymore for + shadowAttribute and Objects. [mokaddem] +- [Attribute:comment] Do not index the `comment` field anymore. + [mokaddem] +- [db_schema] Bumped db schema to support *-seen and indexes. [mokaddem] +- [Object:DeltaMerge] Gracefully catch if *_seen field is not present in + the pushed Object. [mokaddem] +- [update:index] Correctly log index addition errors. [mokaddem] +- [Object:quickAddAttribute] Correctly closes the popover after + submission. [mokaddem] +- [update] Function name conflict introduced by the merge + UI + Improvements. [mokaddem] +- [database] bumped db update number for fs/ls update. [mokaddem] +- [object:save] Inversed condition. copy/pasta fail... [mokaddem] +- [object:save] fail-safe if Object doesn't have fs/ls set. [mokaddem] +- [object:add] Catch exception if fs/ls doesn't exists. [mokaddem] +- [event:view] Icons color set to white when applicable. [mokaddem] +- [sql] updated MySQL.sql and modified comment column type. [mokaddem] +- [update] liveOff recognition and logs when updates are locked. + [mokaddem] +- [timeline] Prevent collision for Object and Attribute having the same + ID. [mokaddem] +- [object:setMetraFromAttribte] Pass Object reference instead of value. + [mokaddem] +- [timeline] Removed illusion of editing timeline objects if you are not + the owner. [mokaddem] +- [timeline] Prevent `Column not found` error if user has the `user` + role. [mokaddem] +- [restResponse] Added support of *-seen fields. [mokaddem] +- [time_precision_tool] Support of IE. Usage of prototypes instead of a + class. [mokaddem] +- [attribute:view] Correctly pick the matching form. [mokaddem] +- [attribute:*-seen] Force seconds to be integers and allows editForm + for *-seen fields. [mokaddem] +- [timeline] correctly adapt time scale when expanding items. [mokaddem] +- [event:timeline] Error when trying to restore non-existing backup + entries. [mokaddem] +- [object:quickEdit] fix input selector. [mokaddem] +- [object:quickEdit] Fixed response to be of JSON type and improved + layout. [mokaddem] +- [object:quickAttributeAdd] Fixed response to be of JSON type and + improved layout. [mokaddem] +- [Object:editObject] Removed Event unpublishing that induced a + divergence of Event.timestamp. Chances are that it was causing ghost + loggins and useless sync loops. [mokaddem] +- [attribute:quickEdit] Escalate the timestamp refresh to the Object. + [mokaddem] +- [Attribute:editTag] Correctly escalate the timestamp refresh to the + Object. [mokaddem] +- [Objects] editing refactored. [iglocska] + + - code made more readable + - resolved an issue where objects could not be edited via the API without having the correct template +- [Discussion] threads cannot link to other events, fixes #5506. + [iglocska] +- Incorrect directionality for oldest_timestamp comparisons. [Tom King] +- Make feeds a searchable scope in the logs, fixes #5501. [Andras + Iklody] +- [PyMISP] Dummy creator. [Raphaël Vinot] +- Remove python 2 test suite. [Raphaël Vinot] +- [compat] The env variable SUDO_USER is a reserved variable (#5492) + [Steve Clement] + + fix: [compat] The env variable SUDO_USER is a reserved variable +- [compat] The env variable SUDO_USER is a reserved variable. [Steve + Clement] +- [module results handler] Setting attribute category/ies accordingly. + [chrisr3d] + + - Depending on whether there is one or more type(s) + and the category is not already set +- [module results view] No need to add "selected" [chrisr3d] +- [modules] Making sure the module format is set. [chrisr3d] + + - Making sure the module format is not empty is + better than only making sure the variable is set +- [module results handler] Fixed wrong call. [chrisr3d] + + - $this->Attribute directly instead of + $this->Event->Attribute +- [view:genericIndex] Fallback if `options` is not defined. [mokaddem] +- [STIX] import fixed. [iglocska] + + ________________ ___/-\___ ___/-\___ ___/-\___ + / / || |---------| |---------| |---------| + / / || | | | | | | | | | | + / / __|| | STIX | | | | | | | | | | | + / / \\ I || | | | | | | | | | | | | + (-------------------|| | | | | | | | | | | | | | | | + || == || |_______| |_______| |_______| + || TAXII | ============================================= + || ____ | ____ | + ( | o / ____ \ / ____ \ |) + || / / . . \ \ / / . . \ \ | + [ |_____| | . . | |____________________________| | . . | |__] + | . . | | . . | + \_____/ -cfbd- \_____/ +- [diagnostic:DBIndexes] Typo keyname. [mokaddem] +- [internal] fixed newly introduced error with full_group_by directive + when adding galaxies to tag collections. [iglocska] +- [internal] avoid loading outdated versions of galaxies. [iglocska] +- [diagnostic:DBSchema] Select tables schema with UPPER case. [mokaddem] +- [diagnostic:DBSchema] Force column `table_name` to be lower case. + [mokaddem] +- [diagnostic:DBSchema] Improved UI with label. [mokaddem] +- [UI] adding attack-like galaxy clusters to tag collections was slow. + [iglocska] + + - was generating a heatmap out of all event metadata each time for no good reason +- Don't show an empty error when there is no error. [Pierre-Jean + Grenier] +- UpdateObjectTemplates with user ID 1. [Raphaël Vinot] +- [CLI] updateObjectTemplates handles fetching the user correctly now. + [iglocska] +- [stix import] Storing methods names in the mapping dictionary so we do + not store the methods themselves. [chrisr3d] +- [stix export] Storing methods names in the mapping dictionary so we do + not store the methods themselves. [chrisr3d] +- [stix2 export] Storing methods names in the mapping dictionary so we + do not store the methods themselves. [chrisr3d] +- [stix2 import] Storing methods names and calling them with getattr + instead of storing the methods themselves. [chrisr3d] +- [stix2 import] Fixed import of observables with no marking attached. + [chrisr3d] +- [tags] Fixed the taxonomy view incorrectly fetching mistyped tags over + the actual taxonomy tags. [iglocska] +- [stix2 import] Avoid issues with relationships list when there is no + relationship object in the stix file we want to import. [chrisr3d] +- [cleanup] removed wtf inducing debug message. [iglocska] +- [taxonomies] Fixed invalid tags being shown on the taxonomy index if + mistyped versions exist. [iglocska] +- [event add view] Avoided setting the action variable. [chrisr3d] + + - That is available from the view side within $this->request->params +- (#5277) remove out of scope var causing weird behavior when adding an + invalid attribute. [Will] +- [decaying:simulation] Allow ObjectAttributes to be simulated. + [mokaddem] +- [API] include the local flag in tags when using restSearch. [iglocska] +- [add event view] Reuse of variable. [chrisr3d] +- [CLI] invalid variable used for server caching log entry. [iglocska] +- [internal] attribute restsearch - handle empty lines returned from the + module better. [iglocska] + + - no more empty lines hopefully in some exports +- Removed useless spaces. [mokaddem] +- [decaying:basescoreComputation] Correctly support 2-tag and 3-tag. + [mokaddem] +- [decaying:simulation] base_score popover override shows the correct + one. Instead of always the first one. [mokaddem] +- [eventGraph] Typing do not trigger eventGraph action anymore. Fix + #5442. [mokaddem] +- [eventGraph:addReference] Adding reference to unreferenced nodes do + not link to the root unreferenced nodes anymore. [mokaddem] +- [event:view] Correctly display `Edit Event` when Editing instead of + `Add Event` [mokaddem] +- [feed:previewEvent] Added `Fetch Event` button on the sidemenu. + [mokaddem] +- [event:add] Restored extended event preview. [mokaddem] +- [event:publishRouter] Fixed parenthesis issue. [mokaddem] +- [event:view] Pivot form related event fixed. [mokaddem] +- Remove unusued config option. [Jakub Onderka] +- [internal] hard delete of attributes after a soft delete fixed. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add reference to stix2-patterns issue. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5525 from Rafiot/rework_python_install. [Raphaël + Vinot] + + chg: cleanup python install on travis +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge remote-tracking branch 'origin/zoidberg-final' into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'zoidberg-final' into 2.4. [iglocska] +- Merge branch 'zoidberg_final' into zoidberg-final. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-final Not a + simple merge. Needed to fix forms and simplified how form_seen_input + works. [mokaddem] +- Merge branch 'zoidberg-timeline' into zoidberg-final. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' into zoidberg-timeline. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into zoidberg-timeline. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5515 from Applenice/2.4. [Andras Iklody] + + remove invalid default feed +- Remove invalid default feed. [Applenice] +- Merge branch 'fix-sync-objectattributetags' into 2.4. [mokaddem] +- Merge pull request #5504 from tomking2/bug/first_recorded_change. + [Andras Iklody] + + fix: Incorrect directionality for oldest_timestamp comparisons +- Merge pull request #5490 from RichieB2B/ncsc-nl/schema-status. [Andras + Iklody] + + Mark NULL vs "" as not critical +- Mark NULL vs "" as not critical. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5488 from RichieB2B/ncsc-nl/stix-json. [Alexandre + Dulaunoy] + + Return STIX in JSON format when Accept header asks for it +- Return STIX in JSON format when Accept header asks for it. [Richard + van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'sqlIndexDiagnostic' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5473 from airbus-cert/Fix_PHP_composer_hash. + [Andras Iklody] + + Wrong hash composer-setup.php +- Fix composer-setup.php hash. [Amaury Leroy] +- Fix composer-setup.php hash. [Amaury Leroy] +- Fix composer-setup.php hash. [Amaury Leroy] +- Fix composer-setup.php hash. [Amaury Leroy] +- Fix composer-setup.php hash. [Amaury Leroy] +- Fix composer-setup.php hash. [Amaury Leroy] +- Fix composer-setup.php hash. [Amaury Leroy] +- Merge pull request #1 from MISP/2.4. [devnull-] + + Update fork +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #5459 from mokaddem/schemaDiagnosticImprovement. + [Andras Iklody] + + Schema diagnostic improvement +- Merge pull request #5341 from JakubOnderka/patch-68. [Andras Iklody] + + chg: [internal] Faster loading list of attributes +- Merge pull request #5463 from + zaphodef/feature/selective_import_objects. [Andras Iklody] + + chg: new feature to selectively choose to import objects (or not) +- Merge pull request #5464 from zaphodef/fix/empty_error_panel. [Andras + Iklody] + + fix: Don't show an empty error when there is no error +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch 'add_attribute' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into add_attribute. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5208 from JakubOnderka/patch-34. [Andras Iklody] + + Simplify user profile logging +- Merge branch 'move_forms' into 2.4. [chrisr3d] +- Merge branch 'add_attribute_fix' into add_attribute. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into add_attribute. + [chrisr3d] +- Add: [add attribute view] Starting moving add attribute view to + generic form. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [genericForm} Added 'empty' in simple fields white list. + [chrisr3d] + + - Allows to have default values in inputs with + options, as opposed to inputs with no options + where 'placeholder' works. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5445 from RichieB2B/ncsc-nl/fixSaveRole. [Andras + Iklody] + + Set rate_limit_count to 0 when not defined +- Set rate_limit_count to 0 when not defined. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5443 from RichieB2B/ncsc-nl/sightingDistribution. + [Andras Iklody] + + Push sightings regardsless of distribution level +- Push sightings regardsless of distribution level. [Richard van den + Berg] +- Merge pull request #5375 from JakubOnderka/patch-71. [Andras Iklody] + + fix: Remove unusued config option +- Add: [stix import] Importing LinkObjects as link attribute. [chrisr3d] + + +v2.4.119 (2019-12-02) +--------------------- + +New +~~~ +- [server:fixDBSchema] Preliminary work to fix database schema. + [mokaddem] +- [refactor] Massive internal refactor and cleanup of deprecated APIs. + [iglocska] + + - new centralised restSearch function in AppController as entry point via all controllers + - new component handling restSearch related support functions, such as parameter mapping + - hollowed out all deprecated export functions on the event/attribute controller + - replaced with a new functionality that remaps them to restSearch + - all functionality should be maintained with all additional advantages introduced with restsearch + - additional cleanup (some unused functions removed) +- [internal] Log exact error for GPG diag in error log. [Jakub Onderka] +- [statistics] Added organisation activity over time. [mokaddem] +- [API] refactored deprecated APIs to use the legacy system. [iglocska] +- [legacy] handler added for Legacy APIs. [iglocska] + + - allows for a remap of the parameters and subsequent calls to modern functions +- [sync] Added sighting sync publish button to the event view. + [iglocska] +- [doc] Support request template (#5420) [Steve Clement] + + new: [doc] Support request template +- [doc] Support request template. [Steve Clement] +- [deprecation] Added a new library to handle deprecations. [iglocska] + + - send X-Deprecation-Warning via the API + - set new Warning flash messages via the UI + - counting the use of these functionalities / API endpoint and / user + - added a diagnsitic tool to view the outcome of the collection + - sharing of these collections with the MISP-Project will be optionally available in the future + + - two modes of operation: + - hard deprecation (functions certainly to be removed, reported to the users via API/UI) + - soft deprecation (gauging interest for the continued use of these functions) +- [sql diagnostics] Started work on a system to automatically generate + scripts to fix issues. [iglocska] + + - currently somewhat limited + - requires additional input to generate correct queries, needs an update for the default schemas + - generated, but not exposed for now +- [sync] view remote user tool added to the server index. [iglocska] + + - should help with debugging what user is being used +- [API] Added attribute_timestamp flag to attributes/restSearch. + [iglocska] + + Explanation of the 4 timestamp filters: + timestamp: Filters on attribute AND event timestamp + event_timestamp: Filters on event timestamp + attribute_timestamp: Filters on attribute timestamp + publish_timestamp: Filters on event.publish_timestamp +- [UI] formInfo element added to the form generator. [iglocska] +- [API] SQL dump now includes two modes. [iglocska] + + - sql_dump:1 - append the SQL dump to the response + - sql_dump:2 - only return the SQL dump in the response +- [API] Cleaner API debugging via the API. [iglocska] + + - passing sql:1 as a url parameter will try to add the sql_dump key to the response if SQL debugging is enabled + - allows for the easier debugging of for example search queries + +Changes +~~~~~~~ +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [VERSION] bump. [iglocska] +- [deprecation] Show data in an easier to understand format. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- [i18n] Updated norwegian translation (#5438) [Steve Clement] + + chg: [i18n] Updated norwegian translation +- [i18n] Updated norwegian translation. [Steve Clement] +- Bump PyMISP, fix lief. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [db_schema] updated. [iglocska] +- [diagnostic:DBSchema] Added warning for `missing_table` errors. + [mokaddem] +- [dianostic:fixDBSchema] Added warning message. [mokaddem] +- [diagnostic:fixDBSchema] Support of missing table + support of non- + critical warnings. [mokaddem] +- [diagnostic:fixDBSchema] Updated ACLComponent and added clean cache. + [mokaddem] +- [diagnostic:db_schema] Added support of default_value and quick fix. + [mokaddem] +- [galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [objects] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [feed] Use precomputed hashes to speedup attaching correlation. [Jakub + Onderka] +- [statistics] Added Attribute count. [mokaddem] +- [CSRF] disable CSRF if you absolutely feel like setting yourself up + for failure. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- [API] users/edit refactor. [iglocska] + + - load only what is needed + - handle API requests in a cleaner way +- [REST] Updated to ExpandedPyMISP. [Steve Clement] +- [cleanup] debug() removed. [iglocska] +- [installer] Installer checksum updates. [Steve Clement] +- [doc] Updated viper-framework (-web is broken) and updated… (#5425) + [Steve Clement] + + chg: [doc] Updated viper-framework (-web is broken) and updated Debian 10 (minor) +- [doc] Minor note on composer update. [Steve Clement] +- [doc] Tried to fix viper. Is semi-fixed viper-web broken. [Steve + Clement] +- [doc] Better wording. [Steve Clement] +- [doc] Added 2 templates with automatic labelling. [Steve Clement] +- [internal] switch intval to (int) [iglocska] +- [internal] Renamed log action name for db worker issues to be <= 20 + characters in length. [iglocska] + + - it was a restriction based on the db schema of the log table from before +- [API] described how to add attachments to /attributes/add and + /attributes/edit. [iglocska] +- [diagnostic:dbSchema] Whitelist columns to ignore and highlight + critical differences. [mokaddem] +- [dbDiagnostic] Removed datefield precision as it's only available on + MySQL 5.6+ [mokaddem] +- [dbDiagnostic] Diagnostic result is stored in a keyed array instead of + indexed array. [mokaddem] +- [UI] Small refactor of the event add/edit views. [iglocska] + + - added new flag to form elements for the generator: stayInLine:1 - skip linebreak after field + - removed edit view + - modified add view to work as both add/edit +- [UI] Using generic form in the edit event view. [chrisr3d] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Using generic form in the add event view. [chrisr3d] +- [internal] Hooked the sql_dump flag into the normal flow. [iglocska] +- [feed] # ZeuS Tracker has been discontinued on Jul 8th, 20… (#5377) + [Steve Clement] + + chg: [feed] # ZeuS Tracker has been discontinued on Jul 8th, 2019 +- [feed] # ZeuS Tracker has been discontinued on Jul 8th, 2019. [Steve + Clement] +- [installer] Updated installer to latest and amended a zmq… (#5390) + [Steve Clement] + + chg: [installer] Updated installer to latest and amended a zmq issue +- [installer] Updated installer to latest and amended a zmq issue. + [Steve Clement] +- [internal] Sharing group loader was grabbing organisations one by one, + refactored. [iglocska] + + - simply fetch all org objects for the ACL checks in one shot instead of doing it on demand + - has no real performance impact even on large sharing instances + - reduces the number of queries greatly making debugging easier + +Fix +~~~ +- [diagnostic:DBSchema] Aligned schema to a clean non-tampered instance. + [mokaddem] +- [internal] When capturing an object, avoid throwig notice errors if no + attributes are set, fixes #5439. [iglocska] +- [internal] fixed the hacky removal of passwords on returned user + objects for /users/edit. [iglocska] + + - this commit gets 1* +- Deleted useless comments. [mokaddem] +- [diagnostic:DBSchema] Removed query execution and soften the warning + message. [mokaddem] +- [diagnostic:fixDBSchema] Typo. [mokaddem] +- [API] fix to a double negation fail in the tagging. [iglocska] +- [API] Better error reporting for attaching tags to events/attributes. + [iglocska] +- [API] /users/edit modifications. [iglocska] + + - remove sanitised password when directly posting back a user object + - more graceful error handling if something goes critically wrong +- [user API] users/edit now avoids having to set confirm_password when + setting a password via the API. [iglocska] +- [internal] taxonomy exclusive flag now handles the key not existing in + the JSON format. [iglocska] +- [internal] sighting restSearch. [iglocska] + + - some small fixes +- [ACL] added restsearch on the appcontroller. [iglocska] +- [stix2 export] Fixed pattern mapping for stix2 pattern objects. + [chrisr3d] +- [internal] potential fix to uninitialised AdminSetting model errors + when calling changeSetting() in the upgrade process. [iglocska] +- [API] Don't strip empty usersettings from users/view. [iglocska] +- [API] users/edit fixed. [iglocska] +- [internal] fixed weird user massage code. [iglocska] + + - I have no idea what I was thinking there... +- [internal] Remove unused function. [Jakub Onderka] +- [internal] Remove unused ShadowAttributesController method. [Jakub + Onderka] +- [internal] potential fix to the sighting_timestamp missing issue when + syncing with older instances. [iglocska] +- [UI] includeSightingdb flag not set correctly in the event attribute + index. [iglocska] +- [tag] do not show actions column for non-admins. [Christophe + Vandeplas] +- [security] tightened checks for restricting users from tagging data + they shouldn't be allowed to tag. [iglocska] + + As reported by Christophe Vandeplas +- [REST] Python has no 'Null' type, it is called 'None' [Steve Clement] +- [ACL] added /events/publishSightings. [iglocska] +- [sync] Set org_id to 0 on proposal push if the sighting is anonymised. + [iglocska] + + - correctly prevents the remote side from misattributing the sighting to the sync user's org +- [sync] Some minor changes to the sighting push. [iglocska] + + - correctly handle anonymisation + - only push sightings, not rest of the event (decide on sender side) + - handle receiving sanitised sightings +- [UI] duplicate entries in the attribute correlation column on the + event view, fixes #5421. [iglocska] +- [doc] composer update missing. [Steve Clement] +- [ACL] added missing function. [Andras Iklody] +- [user view] server issues fixed. [iglocska] +- [API] bro deprecation message was premature. [iglocska] + + - needs to be added to restsearch first +- [deprecation] Added missing component. [iglocska] +- [attribute:massEdit] Allow removal of non exportable tags. Fix #5408. + [mokaddem] +- [stix2 export] Adding attribute type or object name in the custom + object id. [chrisr3d] + + - Should fix #5410 +- [API] fixed notice errors for compact() in PHP 7.3+ [iglocska] +- [stix2 export] Exporting stix2-pattern objects as pattern. [chrisr3d] + + ... Instead of failing and being exported as custom object +- [indextable] Fixed the link field. [iglocska] +- [stix2 import] Avoids importing an object_relation value for single + attributes. [chrisr3d] +- [stix2 import] Importing stix2-pattern object only if the pattern + parsing failed. [chrisr3d] + + - Also adding the uuid of the stix2-pattern object + - It avoids patterns to be exported twice if we + export the misp event created from the import + afterwards +- [internal] site admins should not have to be host org users to see + server correlations. [iglocska] +- [API] adding objects now has better validation errors. [iglocska] + + - instead of silently dropping attributes in certain cases +- [tagging] Events will be unpublished when a local tag is removed + #5363. [iglocska] +- [attribute:massTagging] Check for POST data in `post` code path. Fix + #5359. [mokaddem] +- [temporary] Dirty fix for the diagnostic page failing on MySQL < 5.6. + [iglocska] +- [UI] Removed console.log call for debugging purposes. [chrisr3d] +- [UI] With the correct field name, it works better ;-) [chrisr3d] + + - threat_level_id is the name of the field, and + now the hover description works :D +- [UI] Passing the distribution, threat level & analysis description for + the edit event view. [chrisr3d] +- Just an indent fix for the eyes. [chrisr3d] +- [internal] Removed duplicate loading of configuration. [iglocska] + + - lazy-loading the event model after an on-the-fly config change would purge the change otherwise + - config already loaded in bootstrap anyway +- [UI] Cosmetic changes on the add event form. [chrisr3d] +- [internal] better error messages for attaching a tag failing. + [iglocska] +- [UI] Fixed sharing group & threat level field names in add event view. + [chrisr3d] +- [internal] Attribute/Event connectors for attribute_timestamp added. + [iglocska] +- [UI] formInfo fixed. [iglocska] +- [internal] Load MISP version just once in AppController. [Jakub + Onderka] +- [internal] tag attacher could run into a situation where an invalid + tag's creation failure is not caught. [iglocska] + + - returns puzzling error messages + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'db_fix' into 2.4. [iglocska] +- Merge branch 'db_fix' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into feature-fix-db- + inconsistencies. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5435 from RichieB2B/ncsc-nl/fix-sightings-push. + [Andras Iklody] + + Select right servers for pushing sightings +- Select right servers for pushing sightings. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5430 from RichieB2B/ncsc-nl/perm-sighting. [Andras + Iklody] + + Allow pushing of sightings only for perm_sighting +- Allow pushing of sightings only for perm_sighting. [Richard van den + Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5280 from vpiserchia/fix-feed-cli. [Andras Iklody] + + Server shell: use the right array key +- Server shell: use the right array key. [Vito Piserchia] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5248 from JakubOnderka/patch-44. [Andras Iklody] + + new: [internal] Log exact error for GPG diag in error log +- Merge pull request #5273 from JakubOnderka/patch-54. [Andras Iklody] + + fix: [internal] Remove unused function +- Merge pull request #5317 from JakubOnderka/patch-65. [Andras Iklody] + + fix: [internal] Remove unused ShadowAttributesController method +- Merge pull request #5342 from JakubOnderka/patch-69. [Andras Iklody] + + chg: [feed] Use precomputed hashes to speedup attaching correlation +- Merge pull request #5404 from MISP/feature-OrgsStats. [Andras Iklody] + + Added more Organisation statistics +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5400 from SteveClement/REST_Client_python. [Andras + Iklody] + + fix: [REST] Python has no 'Null' type, it is called 'None' +- Merge branch '2.4' into REST_Client_python. [Steve Clement] +- Merge branch 'push_sightings_final' into 2.4. [iglocska] +- Sync sightings on push, pull and push on add. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5417 from StefanKelm/2.4. [Andras Iklody] + + Update AdminShell.php +- Update AdminShell.php. [StefanKelm] + + Adding "wwwrun" as a user since it is common under SUSE Linux +- Merge pull request #5416 from SteveClement/ISSUE_TEMPLATE. [Alexandre + Dulaunoy] + + chg: [doc] Added 2 templates with automatic labelling +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Revert "Revert "Merge pull request #5304 from JakubOnderka/version- + loading"" [iglocska] + + This reverts commit 623bb20cb09a79da83d31eed8ae0993bca07db13. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Revert "Merge pull request #5304 from JakubOnderka/version-loading" + [Raphaël Vinot] + + This reverts commit 71fb7fcbd7d4e63480e6a63c3de5e8beb019ccbe, reversing + changes made to 11ee95aeb3d18806ea4753707a0b2c45745cf475. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5304 from JakubOnderka/version-loading. [Andras + Iklody] + + fix: [internal] Load MISP version just once in AppController +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] + + +v2.4.118 (2019-11-08) +--------------------- + +New +~~~ +- [attribute:restSearch] Support of Orgc and GalaxyElement meta + searches. [mokaddem] +- [event:restSearch] Support of Orgc meta searches. [mokaddem] +- [event:restSearch] Initial work for GalaxyElement searches. [mokaddem] +- [SightingDB] Added integration with SightingDB. [iglocska] + + - Added configuration tool + - Added lookups from the event view + - Added includeSightingdb flag for the restSearch searches + - Added SightingDB search tool + - Added SightingDB connection test tool +- [UI] Added the index filter component. [iglocska] +- [UI] Added new/improved index and form builder generators - Added form + Builder generator - Added new fields to the index table generator - + updated some existing fields for the index table generator. [iglocska] +- [tags] Preminilary support of exclusive tags based on taxonomy data. + [mokaddem] +- [cli] server connectivity test. [Jan Skalny] +- [servers:DBDiagnostic] Improved indexTable and added new DB schema + diagnostic (WiP) [mokaddem] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [diagnostic] Exposed dbSchemaDiagnostic to the API. [mokaddem] +- [restSearch] Improved meta-search code - Correctly returns nothing if + search on metas does not return anything - Renamed `orgc.sector` into + `org.sector` while still being `orgc` behind the hood - Removed + duplicated code. [mokaddem] +- [db_schema] Updated to the latest version. [mokaddem] +- [queryversion] Bumped queryversion. [mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [sightingdb] Added support for bulk lookups and namespacing. + [iglocska] + + - aligned with the latest version of the sightingdb (support for the /rb endpoint) + - added namespacing as an option / sightingdb connection, defaults to "all" if left empty +- [misp-taxonomies] updated to the latest version (exclusivity review) + [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [event:view] Exclusive notice UI improvements. [mokaddem] +- [attribute:addTag] Added support of `exclusive` at Attribute level. + [mokaddem] +- [tag:exclusive] Added support of local while checking for exclusivity. + [mokaddem] +- [event:view] Added notice and improved inconsistency text message. + [mokaddem] +- [PyMISP] bump PyMISP to the latest version. [Alexandre Dulaunoy] +- [default] old default 'TLP Amber' is now 'tlp:amber' to be consistent + and use MISP taxonomy naming. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version of ATT&CK October 2019. + [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [doc] Various updates for RHEL8/CentOS8/Debian10.1. [Steve Clement] +- [stix2 import] Loading the input file once everything is initialysed. + [chrisr3d] + + - We no longer pass the loaded stix data as parameter + to the parser but we load it once the required + variables are initialysed + - Instead of passing a potentially big dictionary + and parsing it into different variables after the + initiation of the parser class, we directly set + the different data structures while parsing + the loaded file +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Enable mailing in travis. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Updated installer to support latest Kali Linux chg: [doc] + Amended Centos7 mirror foo. [Steve Clement] +- [stix2 library] Bumped latest version. [chrisr3d] +- [doc] ssdeep can be installed via pkg_add. [Marcelo H. P. C. Chaves] +- Usage of camelCase instead of snake_case. [mokaddem] +- [update] Added special log action for workers performing the DB + update. [mokaddem] +- [update] Remove lock notice when updates finishes. [mokaddem] +- [update] Actually reset `UpdateFailNumber` when manually unlocking. + [mokaddem] +- [update] Improved feedback for update lock type in the UI. [mokaddem] +- [updateProgress] Improved UI. [mokaddem] +- [ACL] Added missing route to ACLComponent. [mokaddem] +- [taskScheduler] Correctly link checkbox and removed useless variable + declaration. [mokaddem] +- [travis&install] Updated to use `runUpdates` instead of + `updateDatabase` [mokaddem] +- [update] Added postgresql allowed DB update errors. [mokaddem] +- [updateProgress] Default to success when no pre-update-test. + [mokaddem] +- [updateProgress] No strict validation for db_number (allow also allow + string) [mokaddem] +- [updateProgress] Do no show negative remaining update anymore in the + UI. [mokaddem] +- [update] Parametrized ignore_disabled in ondemand_action and support + of string update in update_progress. [mokaddem] +- [updateProgress] fixed infinit restart loop and added support of + autoThrottle in taskScheduler. [mokaddem] +- [taskScheduler] Improved listener registration. [mokaddem] +- [update] Added endpoint to release lock and integration with UI. + [mokaddem] +- [update] Do not release the lock if update fails more than 3 times. + [mokaddem] +- [updates] Disabled time-remaining animation and fixed typos. + [mokaddem] +- [updateProgress] Added 2-way binding task status with switch button. + [mokaddem] +- [updateProgress] Cancel animation if switch turned off. [mokaddem] +- [updateProgress] Added number of remaining db updates. [mokaddem] +- [updateProgress] Usage of GPU for animation, deleted sleeps and + improved task. [mokaddem] +- [updateProgress:ui] Prevent text selection for switch label. + [mokaddem] +- [updateProgress] Added threshold preventing animations. [mokaddem] +- [updateProgress] Redraw the switch if it gets overriden. [mokaddem] +- [updateProgress] Pooling task now use the taskScheduler. [mokaddem] +- [updateProgress] Started taking into account stack of updates - WiP. + [mokaddem] +- [diagnostic] Exposed mysql and redis diagnostic on the API. [mokaddem] +- [dbSchemaDiagnostic] UI improvements. [mokaddem] +- [dbSchemaDiagnostic] Added `db_schema.json` and `dumpDBSchema.sh` + [mokaddem] +- [update] Usage of sprintf instead of string concatenation. [mokaddem] +- [dbSchemaDiagnostic] Added big warning if dabase is in inconsistent + state. [mokaddem] +- [dbSchemaDiagnostic] show remaining time before update unlock and + columns that should not be there. [mokaddem] +- [update] Added new worker type `update` to perform updates. [mokaddem] +- [update] Correctly terminate parallels workers doing updates - WiP. + [mokaddem] +- [update] Moved locking system from `updateDatase` to `runUpdates` - + WiP. [mokaddem] + + So that `updateMISP` is also locked and workers benefits of more context +- [update] Keep track of update number in job - WiP. [mokaddem] +- [dbSchemaDiagnostic] Improved wording. [mokaddem] +- [dbSchemaDiagnostic] Improved code quality. [mokaddem] +- [dbSchemaDiagnostic] Adapt label color. [mokaddem] +- [dbSchemaDiagnostic] Catches errors and display them in the UI. + [mokaddem] +- [dbSchemaDiagnostic] Added support of db_version. [mokaddem] +- [dbSchemaDiagnostic] Improved parsing and UI - WiP. [mokaddem] +- [dbSchemaDiagnostic] changing diagnostic - WiP. [mokaddem] +- [update] Update function name are more explicit. [mokaddem] +- [update] `updateDatabase` returns the result of the update (duplicated + column are nbot counted as an error) [mokaddem] + +Fix +~~~ +- [attributes:restSearch] Fixed typo. [mokaddem] +- [UI] Automatic logout. [Jakub Onderka] +- [UI] Server diagnostics download link. [Jakub Onderka] +- [releaseUpdateLock] Fixed error message to reflect the reality. + [mokaddem] +- [proxy] Skip_proxy was broken up until now, fixes #5324. [iglocska] + + - was simply ignored, added the hook for it for the sync tool +- [Tagging] Fixed the user/org restrictions not being adhered to when + tagging. [iglocska] +- [Tag:exclusive] Code clean up. [mokaddem] +- MIssing quotes in test cases setup. [Raphaël Vinot] + + Fix https://github.com/MISP/PyMISP/issues/484 +- [UI] Proposal attachment downloading. [Jakub Onderka] +- [stix2 import] Importing directory patterns from external stix. + [chrisr3d] +- Bumped latest stix2 python version + Updated expected version in the + diagnostic. [chrisr3d] +- [internal] Remove dead code from AttributesController. [Jakub Onderka] +- [UI] Show image attachment for previewing event. [Jakub Onderka] +- [stix2 import] Fixed registry-key pattern mapping. [chrisr3d] +- Do not test users settings on travis. [Raphaël Vinot] +- Revert PyMISP bump. [Raphaël Vinot] +- Buggy bump of PyMISP. [Raphaël Vinot] +- [stix diagnostic] Updated the latest stix2 version. [chrisr3d] +- [user] Include user settings in /users/view. [iglocska] +- [internal] Load Regexp just when they are requested. [Jakub Onderka] +- [stix export] Making stix json download return json instead of xml. + [chrisr3d] +- [UI] Remove double id attribute. [Jakub Onderka] +- [UI] Remove unused code from Communities view template. [Jakub + Onderka] +- [UI] Removed unused JS from galaxy view. [Jakub Onderka] +- [UI] Input is not pair element. [Jakub Onderka] +- [stix2 import] Better pattern parsing for values containing an '=' + [chrisr3d] +- [stix2 import] Avoid errors with report object refs not actually + present in the bundle. [chrisr3d] +- [stix2 import] Removed unused variable in dictionary loop. [chrisr3d] +- [live:notice UI] Fixed baseurl variable. [mokaddem] +- [live:notice UI] Fixed baseurl variable. [mokaddem] +- [updateProgress] Fixed return message to better handle translation. + [mokaddem] +- [update] Apply restriction of only 1 running process for only the + `update` workers. [mokaddem] +- [update] Fixed bad merge and added more comments. [mokaddem] +- [update] Correctly sets liveOff and do not consider MySQL index + addition as an error anymore. [mokaddem] +- [update] Init class before using it.. [mokaddem] +- [update] do not longer start update job if no update available. + [mokaddem] +- [update] Switched to default usage of worker for the update. + [mokaddem] +- [update] Started changing worker place in the update process. + [mokaddem] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5311 from JakubOnderka/patch-63. [Andras Iklody] + + fix: [UI] Automatic logout +- Merge pull request #5259 from JakubOnderka/patch-47. [Alexandre + Dulaunoy] + + fix: [UI] Server diagnostics download link +- Merge pull request #5381 from MISP/feature-meta-search. [Sami + Mokaddem] + + Feature meta search +- Merge branch '2.4' of github.com:MISP/MISP into feature-meta-search. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into feature-meta-search. + [mokaddem] +- Merge pull request #5002 from MISP/revisedUpdateProcess. [Sami + Mokaddem] + + Revised update process +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge branch 'sightingdb' into 2.4. [iglocska] +- Merge branch '2.4' into sightingdb. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge pull request #5378 from MISP/feature-exclusive-taxonomy. [Sami + Mokaddem] + + Feature exclusive taxonomy +- Merge branch '2.4' of github.com:MISP/MISP into feature-exclusive- + taxonomy. [mokaddem] +- Merge pull request #5352 from MISP/Rafiot-patch-3. [Alexandre + Dulaunoy] + + fix: MIssing quotes in test cases setup +- Merge pull request #5318 from JakubOnderka/patch-66. [Andras Iklody] + + fix: [UI] Proposal attachment downloading +- Merge pull request #5373 from cudeso/2.4. [Andras Iklody] + + Force botvrij.eu feed to use HTTPS +- Force botvrij.eu feed to use HTTPS. [Koen Van Impe] +- Update eventattributetoolbar.ctp. [Andras Iklody] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge pull request #5348 from JanSkalny/2.4. [Andras Iklody] + + new: [cli] server connectivity test +- Merge pull request #5366 from RichieB2B/ncsc-nl/logrotate. [Alexandre + Dulaunoy] + + Allow python scripts to write to exec-errors.log +- Allow python scripts to write to exec-errors.log. [Richard van den + Berg] +- Merge pull request #5353 from SteveClement/guides. [Andras Iklody] + + chg: [doc] Various updates for RHEL8/CentOS8/Debian10.1 +- Merge pull request #5351 from RuneBergh/2.4. [Alexandre Dulaunoy] + + Adding commenting for key to use with ldap +- Adding commenting for key to use with ldap. [RuneBergh] + + Commenting in the PHP_AUTH_USER key which is set by basic auth if using ldap or AD authentication. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5344 from davidonzo/2.4. [Andras Iklody] + + Minor visual bug in event view +- Minor visual bug in event view. [Davide Baglieri] + + Creating a new event with no attributes the "First recorded change" value displayed is "1970-01-01 01:00:00". + + ![MISP_Event](https://raw.githubusercontent.com/davidonzo/host/master/misp_loves_70s_me_too.png) + + This is quite normal looking at the php code in "app/Controller/EventsController.php" from line 1277 to 1289 + ``` + $oldest_timestamp = false; + if (!empty($event['Object'])) { + foreach ($event['Object'] as $k => $object) { + if (!empty($object['Attribute'])) { + foreach ($object['Attribute'] as $attribute) { + if ($oldest_timestamp == false || $oldest_timestamp < $attribute['timestamp']) { + $oldest_timestamp = $attribute['timestamp']; + } + } + $attributeCount += count($object['Attribute']); + } + } + } + ``` + Since no attributes/objects are added to the event $oldest_timestamp will always be false. + It's just a little visual bug. So my pragmatic solution was change line 200 in "app/view/Events/view.ctp from + + ```'value' => date('Y-m-d H:i:s', $oldest_timestamp)``` + + to + + ```'value' => (!$oldest_timestamp) ? '' : date('Y-m-d H:i:s', $oldest_timestamp)``` +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5343 from JakubOnderka/patch-70. [Andras Iklody] + + fix: [internal] Remove dead code from AttributesController +- Merge pull request #5306 from JakubOnderka/patch-60. [Andras Iklody] + + fix: [UI] Show image attachment for previewing event +- Add: [stix2 import] Updated the external pattern mapping with + directory & email address objects. [chrisr3d] +- Merge pull request #5320 from eCrimeLabs/2.4. [Alexandre Dulaunoy] + + Added CVE Feed from Metasploit +- Added CVE Feed from Metasploit. [eCrimeLabs] + + The feed contains CVE numbers of vulnerabilities in Metasploit. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5313 from JakubOnderka/patch-64. [Andras Iklody] + + fix: [internal] Load Regexp just when they are requested +- Add: [restSearch] Support of stix1 json export. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5312 from RichieB2B/ncsc-nl/retention-update. + [Andras Iklody] + + Update misp_retention.py to new api, use local tags +- Update misp_retention.py to new api, use local tags. [Richard van den + Berg] +- Merge pull request #5310 from JakubOnderka/patch-62. [Andras Iklody] + + fix: [UI] Remove double id attribute +- Merge pull request #5307 from JakubOnderka/patch-61. [Andras Iklody] + + fix: [UI] Remove unused code from Communities view template +- Merge pull request #5308 from JakubOnderka/galaxy-unused-code. [Andras + Iklody] + + fix: [UI] Removed unused JS from galaxy view +- Merge pull request #5309 from JakubOnderka/not-pair-input. [Andras + Iklody] + + fix: [UI] Input is not pair element +- Merge pull request #5303 from SteveClement/guides. [Steve Clement] + + chg: [installer] Updated installer to support latest Kali Linux +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #5296 from RichieB2B/ncsc-nl/fix-docs. [Alexandre + Dulaunoy] + + Fix RHEL 7 / CentOS 7 docs +- Fix logrotate module for RHEL 7/CentOS 7. [Richard van den Berg] +- Use PATH_TO_MISP consistently. [Richard van den Berg] +- Make chcon's more generic. [Richard van den Berg] +- Use $WWW_USER everywhere. [Richard van den Berg] +- Keep ini files out of php-fpm.d. [Richard van den Berg] +- Use python3 from base repo. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5293 from mhpchaves/patch-1. [Alexandre Dulaunoy] + + chg: [doc] ssdeep can be installed via pkg_add +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge branch 'revisedUpdateProcess' of github.com:MISP/MISP into + revisedUpdateProcess. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into revisedUpdateProcess. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge branch '2.4' into revisedUpdateProcess. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. + [mokaddem] +- Merge branch 'workerForDBUpdate' into revisedUpdateProcess. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into workerForDBUpdate. + [mokaddem] + + +v2.4.117 (2019-10-10) +--------------------- + +New +~~~ +- [user settings] Added restrictions for certain settings. [iglocska] + + - based on role permissions + - enforce the checks on set/delete + - add it to the UI elements + - /users/view /admin/users/view now include the user settings in a simplified format +- [API] Added rate limiting option to the API. [iglocska] + + - / role setting + - can be enabled/disabled and if enabled a limit can be set + - limit counter / 15 minutes starting from the first query + - x-headers inform the user about their limit/remaining queries/reset in seconds +- [internal] New AppModel::logException method. [Jakub Onderka] +- [ca_path] added setting in setting manager. [iglocska] +- [internal] Allow to use custom CA. [Jakub Onderka] +- [user settings] Finalised first revision. [iglocska] + + More to come in the future +- [index table] added json field. [iglocska] +- [User settings] Added user settings system. [iglocska] + + - set settings / user + - settings can be set by user themselves or their org admin / site admin + - added first setting: publish_alert_filter + - accepts boolean branched filter options + - supports deep logical trees + - OR/NOT/AND + - currently supports filtering on tags and the creator organisation +- [internal] Redis diagnostic. [Jakub Onderka] +- [UI] Added JSON as valid index table field. [iglocska] +- [API] Netfilter added as new export format. [iglocska] + +Changes +~~~~~~~ +- Bump recommended PYMISP version. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- [sync] Code cleanup. [Jakub Onderka] +- [internal] Remove unused code from AttributesController::index. [Jakub + Onderka] +- Version bump. [iglocska] +- Bumped queryversion. [mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [eventGraph] Renamed `rotation key` to `pivot key` and do not collaspe + when adding/removing edges. Fix #3683. [mokaddem] +- [event:view] Displays sighting popover if button has been hovered for + a specifig time. Fix #5211. [mokaddem] +- [PyMISP] Bump. [Raphaël Vinot] +- [UI] updated the generic element index fields. [iglocska] + + - json should accept single values without embedding them in a list + - generic field should automatically cast a list to a comma separated string +- [internal] Refactored Events\value_field view. [Jakub Onderka] +- [internal] Removed unused value_field template from Feeds and Servers + view. [Jakub Onderka] +- [user:me] Added `Role` object in the return value for the rest + context. [mokaddem] +- [UI] Collapse S/MIME or GPG key. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [tool] gen_misp_types_categories uses jq. [Christophe Vandeplas] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [feed] Use new AppModel::logException method. [Jakub Onderka] +- [feed] Compute md5 value just once. [Jakub Onderka] +- [i18n] Updated translations. [Steve Clement] +- [cakephp] updated to latest 2.x commit. [iglocska] +- [mysql.sql] updated. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Use checkMISPVersion rather than duplicate impl. [Jakub + Onderka] +- [decaying-model] Track latest version of misp-decaying-models. + [mokaddem] +- [internal] Do not log passwords. [Jakub Onderka] +- [stix test] Updated test files with the recent changes on stix 1/2 + import/export. [chrisr3d] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [feeds] ensuring that format is following feed format standard. + [Alexandre Dulaunoy] +- [feeds] all IPsum feeds added including the different levels. + [Alexandre Dulaunoy] + + Thanks to @stamparm for the idea during the Cyber Exchange program +- [AppController] move debugMode setup code to a function so it can be + reused. [Andreas Rammhold] + + There were already two places in AppComponent that implemented the same + functionality. It makes sense to move this to a common function so it + can also be used from Controllers that do not inherit the full + beforeFilter functionality. + + Since `__preAuthException` is private and only called from the + beforeFilter method after the variable has been setup we can remove + the explicit init from there. +- [AppController] move the database connection setup to a dedicated + function on the AppComponent. [Andreas Rammhold] + + This removes a bit of clutter from the already large beforeFilter + method and allows other views to resuse the logic without having to + duplicate it. +- [AppController] move the `baseurl` configuration into a helper method. + [Andreas Rammhold] + + This makes the beforeFilter function a bit smaller while keeping all the + functionality. It will also help with reusing the setup logic in views + that can not execute all of AppComponent::beforeFilter, like the + LinOTPAuth plugin. +- [AppController] move loading and initialisation of Auth plugins to + reuseable method. [Andreas Rammhold] + + For some authentication workflows it might be desireable to execute the + exact same code without having to call the entire beforeFilter method + from the base class. That way you do not have to work around all the + edge cases without having to reinvent the same code in multiple + locations. +- [AppController] move login redirects to dedicated functions. [Andreas + Rammhold] + + This makes it easier to modify the login redirect behaviour in a unified + way. For now this just uses the default Auth loginAction while setting + the `admin` attribute to `false`. Thus application behaviour should be + unchanged. +- [PyMISP] latest version. [Alexandre Dulaunoy] +- [stix2 export] Better vulnerability object parsing. [chrisr3d] + +Fix +~~~ +- [PyMISP] Travis tests. [Raphaël Vinot] +- [internal] missing org object for users/view. [iglocska] +- [internal] Remove closing PHP tag. [Jakub Onderka] +- [UI] Showing whitespaces for 'text' field. [Jakub Onderka] +- Check if variables are defined. [Pierre-Jean Grenier] +- [iternal] Remove unused method EventShell::__recursiveEcho. [Jakub + Onderka] +- [eventGraph] Fixed UI issue with duplicated ID (attributes and + objects) Fix #5181. [mokaddem] +- [API] rate limit should only run on the API. [iglocska] +- [missing] component added. [iglocska] +- [UI] Show advanced and SG input when page is reload. [Jakub Onderka] +- [AttributesController] Fix issues related to undefined variables. + [Pierre-Jean Grenier] +- [hover enrichment] Fixed variable name that caused issues with hover + enrichment for more than 1 module called on 1 single attribute. + [chrisr3d] +- [stix export] Typo. [chrisr3d] +- [internal] Set attribute restsearch page to 1 if limit is set without + setting the page number. [iglocska] +- [UI] Linebreak between global/public tag add buttons on the attribute + list fixed. [iglocska] + + - was driving me nuts +- [UI] Removed unused JS variable. [Jakub Onderka] +- [API] massive performance boost for large events with many + correlations. [iglocska] + + - the logic of the JSON converter was heavy and unnecesary +- [UI] Do not show Advanced extraction when not possible. [Jakub + Onderka] +- [sightings] Fix undefined variable with REST search. [Pierre-Jean + Grenier] +- [internal] massive performance boost when loading events with a lot of + objects. [iglocska] +- [internal] user_count variable is already number. [Jakub Onderka] +- [internal] Correct error handling for invalid taxonomies. [Jakub + Onderka] +- Undefined variable when no feed was enable. [Pierre-Jean Grenier] +- [feed] fix REST problems. [Pierre-Jean Grenier] +- [feed] array from NULL is not NULL. [Pierre-Jean Grenier] +- [UI] Error handling for submitPopoverForm function. [Jakub Onderka] +- [performance] Small speed boost to the publishing process. [iglocska] + + - don't fetch the event's first degree relations when preparing to publish it +- [performance] notifications lookup on each UI page load was slow. + [iglocska] + + - introduced a major bottleneck on large instances + - massively reduced the load times for pages that warranted none +- [performance] notifications lookup on each UI page load was slow. + [iglocska] + + - introduced a major bottleneck on large instances + - massively reduced the load times for pages that warranted none +- [mysql.sql] typo resolved. [iglocska] +- [user_settings] added timestamp field. [iglocska] +- [internal] removed debug calls. [iglocska] +- [debug] Removed internal breakpoint that was left in. [iglocska] +- [correlation] Skip correlation on tasks that modify an attribute in a + way that wouldn't warrant a recorrelation, fixes #5204. [iglocska] + + - Only recorrelate attribute if: + - attribute is new + - attribute already exists and value, disable_correlation, type is updated +- [API] proposals overriding attributes wasn't always working as + expected, fixes #4032. [iglocska] + + - until now it was bound to the to_ids setting (badly) which caused nothing but headache + - moved the new configuration to instead use the non-permissive nature of the given export formats + + - non-permissive export: if the proposal block is enabled, override attributes + - permissive export types: ignore the proposals + + The reasoning is simple: we use the permissive export types for types that can express additional structures such as proposals, IDS flags, publish flags etc (meaning the MISP JSON/XML formats for example) +- [user setting] Left off missing changes to the controller. [iglocska] +- [logging] paranoid log entry not logging request body via the API. + [iglocska] +- [UI] Double side menu fixed. [iglocska] +- [internal] Proposals block attributes setting broken when to_ids is an + array. [iglocska] +- [stix 1/2 export] Catching potential exceptions and returning it as + result in restSearch. [chrisr3d] +- [UI] GnuPG diagnostic message. [Jakub Onderka] +- [UI] Notices margin. [Jakub Onderka] +- [UI] MISP logo is in center at login page. [Jakub Onderka] +- [shell] Update updateWarningLists from CLI. [Jakub Onderka] +- [UI] Remove duplicate condition in footer.ctp. [Jakub Onderka] +- [stix 1/2 import] Making the publish checkbox work as expected. + [chrisr3d] + + - Publishing as exxpected when the option is + checked AND the user has the right to publish +- [stix 1/2 import] Avoid adding the original stix file in the event if + the option is not checked. [chrisr3d] +- [stix 1/2 import] Adding misp event json data within the 'Event' field + if it is not already in. [chrisr3d] +- [internal] paranoid log body didn't contain full body for API calls. + [iglocska] +- [stix 1/2 restSearch] Deleting temporary files in case of an error in + the python side. [chrisr3d] +- [stix2 export] Catching errors that could happen with custom tags. + [chrisr3d] +- [stix import] Avoiding error with no hashes in pe objects. [chrisr3d] +- [stix test] Updated STIX1 test files with the most recent fixes on the + export script. [chrisr3d] +- [stix export] Fixed dictionary key used to check pe sections to parse. + [chrisr3d] +- [stix test] Fixed stix2 test file generated with changes on the script + and the misp event test file. [chrisr3d] +- [stix test] Fixed relationship type between a file and a pe object. + [chrisr3d] +- [stix2 export] Make Relationship objects happy with relationship + types. [chrisr3d] +- [internal] Clear also cake core and model caches. [Jakub Onderka] +- [UI] Loading of local tags fixed via the UI, fixes #5197. [iglocska] + + - over-zealous ACL removed local tags for non sync users + - UI only functionality, no need for the restriction at al +- [rest client] Fix overflow in the JSON parsed rest response view. + [iglocska] +- [rest client] Add delete as a valid http method. [iglocska] +- [API] Added DELETE http method to the rest client and fixed the JSON + response of the API info. [iglocska] +- [API] remove weird line breaks from the API descriptions. [iglocska] +- [diagnostic] Fixed stix python libraries requirements. [chrisr3d] +- [index view] Fixed index table in the case where row_element is not + set. [chrisr3d] +- [ui] pass static_tags_only to the feed view. [iglocska] +- [sfv] Fix checksums. [Steve Clement] +- [community access requests] fixed serveral issues, fixes #5194. + [iglocska] + + - added missing view to preview the request + - don't throw errors when possible, instead show what should have been sent +- [UI] If a server add with a newly created external organisation fails, + set the external organisation as the currently selected option after + the validation fail redirect, fixes #5182. [iglocska] +- [tools] Updated installer SUMS (#5177) [Steve Clement] + + fix: [tools] Updated installer SUMS +- [tools] Updated installer SUMS. [Steve Clement] +- [sync] Single event fetch via the side menu would trigger a full pull. + [iglocska] +- [UI] Annoying race condition fixed causing redirects to the login, + fixes #5172. [iglocska] +- [diagnostic] Updated expected stix2 library version. [chrisr3d] +- [import modules] Avoiding issues with empty module parameter. + [chrisr3d] +- [stix2 import] Fixed Galaxy description parsing. [chrisr3d] +- [stix2 import] Fixed vulnerability object import. [chrisr3d] + + - Better vulnerability object attributes parsing + - Including mapping dict for direct call of the + parsing function depending on the STIX object + type (indicator, observable or vulnerability) + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5263 from JakubOnderka/patch-51. [Andras Iklody] + + chg: [sync] Code cleanup +- Merge pull request #5290 from JakubOnderka/patch-59. [Andras Iklody] + + chg: [internal] Remove unused code from AttributesController::index +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #5288 from JakubOnderka/closing-php-tag-remove. + [Andras Iklody] + + fix: [internal] Remove closing PHP tags +- Merge pull request #5287 from JakubOnderka/patch-56. [Andras Iklody] + + fix: [UI] Showing whitespaces for 'text' field +- Merge pull request #5291 from MISP/fixEventGraphCollapse. [Sami + Mokaddem] + + Fixes some eventGraph bugs +- Merge branch '2.4' of github.com:MISP/MISP into fixEventGraphCollapse. + [mokaddem] +- Merge pull request #5284 from RichieB2B/ncsc-nl/no-index. [Andras + Iklody] + + Check if Organisation index exists +- Check if Organisation index exists, fixes #4809. [Richard van den + Berg] +- Merge pull request #5285 from zaphodef/fix/undefined_variables. + [Andras Iklody] + + fix: check if variables are defined +- Merge pull request #5275 from JakubOnderka/patch-55. [Andras Iklody] + + fix: [iternal] Remove unused method EventShell::__recursiveEcho +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5278 from JakubOnderka/value-field. [Andras + Iklody] + + Value field template +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5271 from JakubOnderka/patch-53. [Andras Iklody] + + fix: [UI] Show advanced and SG input when page is reload +- Merge pull request #5269 from zaphodef/fix/attributes_undef_var. + [Andras Iklody] + + fix: [AttributesController] Fix issues related to undefined variables +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5267 from garanews/2.4. [Andras Iklody] + + Fix some typo +- Fix some typo. [garanews] + + Fix some typo +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5261 from JakubOnderka/patch-49. [Andras Iklody] + + fix: [UI] Removed unused JS variable +- Merge pull request #5254 from JakubOnderka/gpg_key_view. [Andras + Iklody] + + chg: [UI] Collapse S/MIME or GPG key +- Merge pull request #5262 from JakubOnderka/patch-50. [Andras Iklody] + + fix: [UI] Do not show Advanced extraction when not possible +- Merge pull request #5266 from + zaphodef/fix/undefined_variable_sightings. [Andras Iklody] + + fix: [sightings] Fix undefined variable with REST search +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5260 from JakubOnderka/patch-48. [Andras Iklody] + + fix: [internal] user_count variable is already number +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5253 from zaphodef/fix/import_empty_feed. [Andras + Iklody] + + fix Feed API +- Merge branch '2.4' into fix/import_empty_feed. [Andras Iklody] +- Merge pull request #5252 from JakubOnderka/patch-45. [Andras Iklody] + + fix: [internal] Correct error handling for invalid taxonomies +- Merge pull request #5251 from zaphodef/fix/message_fetch_no_feed. + [Andras Iklody] + + fix: undefined variable when no feed was enable +- Merge pull request #5247 from ancailliau/fixes_5244. [Andras Iklody] + + Fixes #5244. +- Fixes #5244. [Antoine Cailliau] + + AttributeController->addTag was searching for attribute id + without flattening. +- Add: [attributes] new dash cryptocurrency address attribute type. + [Alexandre Dulaunoy] +- Merge pull request #5245 from ancailliau/fixes-5242. [Andras Iklody] + + Fixes #5242 +- Fixes #5242. [Antoine Cailliau] +- Merge pull request #5205 from JakubOnderka/patch-31. [Andras Iklody] + + fix: [UI] Error handling for submitPopoverForm function +- Merge pull request #5217 from JakubOnderka/patch-36. [Andras Iklody] + + new: [internal] New AppModel::logException method +- Merge pull request #5226 from JakubOnderka/patch-39. [Alexandre + Dulaunoy] + + chg: [feed] Compute md5 value just once +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5239 from SteveClement/i18n. [Andras Iklody] + + chg: [i18n] Updated translations +- Merge branch 'cacert' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'dev_session' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5198 from JakubOnderka/redis-info. [Andras Iklody] + + new: [internal] Redis diagnostic +- Merge pull request #5202 from JakubOnderka/patch-30. [Andras Iklody] + + fix: [UI] GnuPG diagnostic message +- Merge pull request #5222 from JakubOnderka/patch-37. [Andras Iklody] + + fix: [UI] Notices margin +- Merge pull request #5225 from JakubOnderka/patch-38. [Andras Iklody] + + fix: [UI] MISP logo is in center at login page +- Merge pull request #5230 from JakubOnderka/patch-41. [Andras Iklody] + + fix: [shell] Update updateWarningLists from CLI +- Merge pull request #5231 from StefanKelm/2.4. [Andras Iklody] + + Update global_menu.ctp +- Update global_menu.ctp. [StefanKelm] + + Align menu with other entries +- Merge pull request #5233 from JakubOnderka/patch-42. [Andras Iklody] + + fix: [UI] Remove duplicate condition in footer.ctp +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5215 from ancailliau/add_localtag_api. [Andras + Iklody] + + Add support to add local tags to an event using the API. +- Add support to add local tags to an event using the API. [Antoine + Cailliau] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5216 from JakubOnderka/patch-35. [Andras Iklody] + + chg: [internal] Use checkMISPVersion rather than duplicate impl +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Relaxed defanging rules, fixes #5203. [Andras Iklody] + + Removed multiple dot implosion for links/urls +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5201 from JakubOnderka/disable-password-logging. + [Andras Iklody] + + chg: [internal] Do not log passwords + + - affects passwords from server settings, user passwords already sanitised +- Merge pull request #5200 from davidonzo/2.4. [Alexandre Dulaunoy] + + Added DigitalSide OSINT Feed +- Added DigitalSide OSINT Feed. [Davide Baglieri] + + Added DigitalSide OSINT Feed to the list of available OSINT sources. + Here is the home page of the project: https://osint.digitalside.it/ + + As reported in the project home page the MISP feed cointains a set of Open Source Cyber Threat Intellegence information, monstly based on malware analysis and compromised URLs, IPs and domains. The purpose is to develop new wayes to hunt, analyze, collect and share relevants sets of IoCs to be used by SOC/CSIRT/CERT with minimun effort. + + Hope this help the community. + Hope the community will help me to share relevant infos as well. + + Regards +- Merge pull request #5169 from JakubOnderka/clean-caches. [Andras + Iklody] + + fix: [internal] Clear also cake core and model caches +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5187 from challs/refactor-appController. [Andras + Iklody] + + Refactor app controller +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] + + +v2.4.116 (2019-09-16) +--------------------- + +New +~~~ +- [sync] Added sync priority system to prioritise the order of instances + to push to. [iglocska] +- [CLI] Added cleanup tool to purge all events related to a feed. + [iglocska] + + - Simply run /var/www/MISP/app/Console/cake Admin purgeFeedEvents [user_id] [feed_id] + - works for CSV/Freetext feeds +- [stix2 export] Parsing relationships between objects. [chrisr3d] + + - Which includes of course relationships between + objects and objects, and the ones between + objects and attributes +- [API] verbose output for /servers/update. [iglocska] +- [event:view] Added support of decay score. [mokaddem] +- [decaying:rest] Filtering out of decayed attributes. [mokaddem] +- [decaying] Partial API support - WiP. [mokaddem] +- [restResponse] Added entries in Attribute/RestSearch for decaying + model support. [mokaddem] +- [decaying] Added models import and export feature. [mokaddem] +- [restSearch] restSearch module for ATT&CK Sightings. [chrisr3d] + + - Returning ATTA&CK Sightings in json format for + events and attributes with mitre-attack-pattern + galaxies attached + - For further details on the ATT&CK Sightings, + please visit https://attack.mitre.org/resources/sightings/ + - Also thanks to @johnwunder for the clarification + on the output format +- [auth key fail logging throttle] Throttle the auth key failed log + entries to 1 / hour / key. [iglocska] + +Changes +~~~~~~~ +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest one. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- [version] bump. [iglocska] +- [feed] Break loop when match is found. [Jakub Onderka] +- [PyMISP] Bump. [Raphaël Vinot] +- [API] /events/view now accepts the deleted parameter via posted + parameters too. [iglocska] +- [decaying:simulation] Disabled sorting on score (will be implemented + in the next `decaying` version) [mokaddem] +- [decaying] Changed `name` column type from `text` to `varchar(255)` + [mokaddem] +- [decaying] Added log entry if formula cannot be loaded. [mokaddem] +- [internal] Simplify installation with composer. [Jakub Onderka] +- [decaying:(en|dis)able] Converted empty form with built-in cakephp + `postLink` [mokaddem] +- [decaying] Improve UI when multiple eventTags get overriden by + attributeTag. [mokaddem] +- [decaying:simulation] Swapped round to floor when rounding sightings + timestamp. [mokaddem] +- [decaying:model] Seventh batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [decaying:model] Sixth batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [decaying:model] Fith batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [decaying:model] Fourth batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [decaying:model] Third batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [decaying:model] Second batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [decaying:model] First batch of fix from the PR review - WiP (not + tested) [mokaddem] +- [database] Added indexes to decaying models and related tables. + [mokaddem] +- [event] applying few PSR2 rules. [mokaddem] +- [decaying:simulation] restSearch comments added to be fixed in next + decaying version. [mokaddem] +- [decaying] First batch of fix from the PR review - WiP (not tested) + [mokaddem] +- Added CR/LF. [mokaddem] +- [sql] align initial perm with sightings. [mokaddem] +- [app] bumped queryversion. [mokaddem] +- [decaying:update] Added a warning in case the folder is empty. + [mokaddem] +- [server:submodule_version] Whitelisted `misp-decaying-models` for the + UI. [mokaddem] +- [gitmodule] Added git-submodule `misp-decaying-models` [mokaddem] +- [decaying:import] When importing a model, mapping is imported as + custom mapping. [mokaddem] +- [decaying] Round all sightings at once. [mokaddem] +- [decaying:simulation] Support of `score` on-the-fly threshold + override. [mokaddem] +- [decaying] Added alias `score` to override on-the-fly the treshold of + a model. [mokaddem] +- [decaying] `includeFullModel` parameter support in the UI. [mokaddem] +- [attribute:restSearch] New paramter `includeFullModel` to attach full + model information. [mokaddem] +- [decaying] Added `default` column in decayingModels table, code path + for `rest` and improved ACL. [mokaddem] +- [decaying:add] Added help for parameters. [mokaddem] +- Bumped query version. [mokaddem] +- [decaying] Added default models to selection when fetching associated + models. [mokaddem] +- [decaying:simulation] UI Tweakings for screen resize. [mokaddem] +- [decaying] Improved embedded JSONs saving. [mokaddem] +- [decaying] Pre-process element to be added just to be sure. [mokaddem] +- [decaying:base_score_config] Simulation at predicate level in the user + interface. [mokaddem] +- [decaying:base_score_config] Improved UI responsiveness. [mokaddem] +- [decaying:base_score_config] Consider predicate weight UI only - WiP. + [mokaddem] +- [decaying:base_score_config] Added reason of taxonomy exclusion. + [mokaddem] +- [roles] Initially sets perm_decaying permission to mirror sighting + permission. [mokaddem] +- [decaying] Improved response when adding a model. [mokaddem] +- [decaying] Deleted unused lines creating mapping for default models. + [mokaddem] +- [decaying:simulation] Basescore computation steps UI improvements. + [mokaddem] +- [decaying:effectiveRatio] Tags not having numerical_value doesn't + impact effective taxonomy ration anymore. [mokaddem] +- [decaying:JS] refacto - declare local variable. [mokaddem] +- [decaying:tool] Stringify objects in table. [mokaddem] +- [decaying] Few views tweakings. [mokaddem] +- [decaying] More sanitization and indentation is important.. [mokaddem] +- [decaying] Better Inheritance and comments. [mokaddem] +- [decaying] Added formula description in multiple location. [mokaddem] +- [decayingMapping] Refacto - Comments and code optimization. [mokaddem] +- [decaying] Refacto - Few renames and comments. [mokaddem] +- [decaying] refact - Accept PUT and added comment for attribute + removal in restSearch. [mokaddem] +- [decaying] Code refactoring, commenting and slight optimization. + [mokaddem] +- [decaying:basescore_config] Tooltip does not modify talbe layout + anymore. [mokaddem] +- [decaying:tool] Handle is placed closer to t=0. [mokaddem] +- [decaying] Renamed `tau` and `delta` into `lifetime` and `decay_speed` + [mokaddem] +- [roles] Added `perm_decaying` role. [mokaddem] +- [decaying] Improved sidemenu for decaying. [mokaddem] +- [decaying:simulation] Added sidemenu. [mokaddem] +- [decaying:tool] Highlight models edition compared to creation. + [mokaddem] +- [decaying] Improved ACL integration for the UI. [mokaddem] +- [decaying] Added `DESCRIPTION` variable for each `.php` formula files. + [mokaddem] +- [decaying:tool] Added table filtering buttons. [mokaddem] +- [decaying:index] Added quick filter buttons. [mokaddem] +- [decaying] Improved coverage of model overrides to the API. [mokaddem] +- [decaying] Slightly improved `Model/DecayingModel` with shortcuts code + quality and options. [mokaddem] +- [decaying] Usage of cakePHP folder API. [mokaddem] +- [decaying:add] `all_orgs`` checked by default. [mokaddem] +- [decaying:index] Improved UI. [mokaddem] +- [decaying] More consistency about `parameters.settings` when empty. + [mokaddem] +- [decaying] `isDefault` for every models and added more JS robustness. + [mokaddem] +- [decaying:edit] Notice if editing a default model. [mokaddem] +- [decaying] `FetchAllowedModels` now supports `all_orgs` [mokaddem] +- [decaying] Renamed function and started true implemention of ACL for + models. [mokaddem] +- [decaying] Added restricted edition and `all_orgs`` flag - WiP. + [mokaddem] +- [globalmenu] Added link to `/decayingModel/index` [mokaddem] +- [decaying:view] Added logo to distinguish between custom and default + models. [mokaddem] +- [decaying:index] Added logo to distinguish between custom and default + models. [mokaddem] +- [decaying] Added some FIXME and changed FontAwesome classes. + [mokaddem] +- [decaying] Allow for model parameteres override. [mokaddem] +- [decaying] Usage of classname instead of const, support of `retention` + taxonomy and small fix. [mokaddem] +- [decaying] Added list of available formulas and model settings - WiP. + [mokaddem] +- [decaying] Changed default formula name to polynomial. [mokaddem] +- [sidemenu:decayingModel] Added dividers. [mokaddem] +- [event:view] Link to simulation page. [mokaddem] +- [decaying:rest] Renamed `decayed` into `excludeDecayed` for better + usability. [mokaddem] +- [decaying] Added axis labels. [mokaddem] +- [decaying] Added formula field in the index. [mokaddem] +- [decaying] Split score computation part into classes for more + flexibility. [mokaddem] +- [decaying] Full support of enable/disable model. [mokaddem] +- [decaying:index] Added support of enable/disable on the index. + [mokaddem] +- [decaying:tool] Added support of enabled model in the UI. [mokaddem] +- [decaying:tool] Small UI tweek. [mokaddem] +- [decaying:basescore] Moved JS in its own file. [mokaddem] +- [decaying] Usage of the assetLoader. [mokaddem] +- [decaying] UI/UX improvements. [mokaddem] +- [decaying] Slight refactoroing for styling. [mokaddem] +- [decaying] static file renaming and moved to its own style file. + [mokaddem] +- [decaying:simulation] Added responsiveness to SVG. [mokaddem] +- [decaying:simulation] Improved feedback on how default_base_score is + set. [mokaddem] +- [decaying:simulation] No more modal support for simulation tool. + [mokaddem] +- [decaying:tool] Dynamic redraw of the model table to support dynamic + update. [mokaddem] +- [decaying:simulation] Hints for tag override and change to larger + popover. [mokaddem] +- [decaying:simulation] Added current time and score and improved UI. + [mokaddem] +- [decaying:model] Added support of default base_score. [mokaddem] +- [decaying:simulation] Alert user if base_score has not been configured + yet. [mokaddem] +- [decaying:simulation] Base score computation steps and improved UI. + [mokaddem] +- [decaying:simulation] Added support of base_score computation, various + UI improvements and different method to compute scores. [mokaddem] +- [attribute:search] Added support of `contain` in + fetchAttributeSimple() [mokaddem] +- [decaying:simulation] Improved tooltip generation. [mokaddem] +- [decaying:simulation] Removed commented out lines. [mokaddem] +- [decaying:simulation] Improved UI. [mokaddem] +- [decaying:simulation] Support of both modal and fullscreen simulation. + [mokaddem] +- [decaying:simulation] Support of sightings in the decaying simulation. + [mokaddem] +- [decaying:simulation] Draft 2 of simulation chart line - WiP. + [mokaddem] +- [decaying:simulation] Draft of simulation chart line - WiP. [mokaddem] +- [decaying:simulation] Support of row clicking. [mokaddem] +- [decaying:simulation] Attribute searches. [mokaddem] +- [decaying:simulation] Started simulation view - WiP. [mokaddem] +- [decaying:tool] Object categories are treated as an array. [mokaddem] +- [decaying] Improved UI and limit number of digit in parameters. + [mokaddem] +- [decaying:tool] Full support of base_score configuration. [mokaddem] +- [decayingModel:controller] Updated edit endpoint to match the correct + view. [mokaddem] +- [decayingModel:add] Edit view based on Add view. [mokaddem] +- [decaying:base_score] base_score computation for custom tags and + Improved UI. [mokaddem] +- [decaying:base_score] Custom tagging in base score examples. + [mokaddem] +- [decaying:tool] Show available tags in the taxonomy. [mokaddem] +- [decaying:tool] Added example table with automatic tags picking and + pass config to the model - WiP. [mokaddem] +- [decaying:tool] Started implementation of tag support and examples in + the `adjust base_score` [mokaddem] +- [decaying:tool] Filter taxonomies not having numerical score. + [mokaddem] +- [decaying] UI tweaking on the galaxy tree map. [mokaddem] +- [css] Increase z-index of popover. [mokaddem] +- [decaying] Improved UI - WiP. [mokaddem] +- [decaying] slight UI Improvement - WiP. [mokaddem] +- [decaying] Improved UI - WiP. [mokaddem] +- [decaying] Started support of taxonomies (base_score) - WiP. + [mokaddem] +- [decaying] Started taxonomies integretion - WiP. [mokaddem] +- [decayingTool] Added missing class. [mokaddem] +- [decayingTool] Added number of type assigned to a model. [mokaddem] +- [decayingTool] Added selection history and selection restoration. + [mokaddem] +- [decayingTool] Improved UI - WiP. [mokaddem] +- [decaying] fixed bug (array_values) and improved layout - WiP. + [mokaddem] +- [decaying] Improved getAssociatedModels - WiP. [mokaddem] +- [decaying] Clean-up - WiP. [mokaddem] +- [Decaying] Improved mapping reset and started integration with the + interface. [mokaddem] +- [decayingTool] Improved related type retreival and improved UI - WiP. + [mokaddem] +- [DecayingTool] Added more fields. [mokaddem] +- [decayingModel] Added update mechanism from local files and started + `decaying_model_mappings` [mokaddem] +- [decayingTool] Added grid in the chart. [mokaddem] +- [decayingTool] Added filtering/search on the Attribute type table. + [mokaddem] +- [decayingTool] Switched to JQuery plugin instead of raw JS. [mokaddem] +- [decayingTool] Improved bounding rect - WiP. [mokaddem] +- [decayingTool] removed comments. [mokaddem] +- [decayingTool] UI improvement - WiP. [mokaddem] +- [decayingTool] Majority has been moved to d3. Still WiP. [mokaddem] +- [devayingTool] UI improvement - WiP. [mokaddem] +- [DecayingTool] Playing around with d3 - WiP. [mokaddem] +- [decayingTool] Moving from chart.js to d3.js. [mokaddem] +- [DecayingTool] Added list of available Object Attribute. [mokaddem] +- [decaying] Improved selection performance. [mokaddem] +- [decayingTool] Added more description and started support of Object + and non-ToIDS Attributes. [mokaddem] +- [decayingTool] Moved JS in its own file + added table checkbox. + [mokaddem] +- [decayingModel] Improved UI (selectable behavior) - WiP. [mokaddem] +- [decayingModel] Added Col org and splitted json into input fields. + [mokaddem] +- [decaying] Model and UI improvement - WiP. [mokaddem] +- [decayingTool] Added model and controller. [mokaddem] +- [decayingTool] More info on Attribute types and model loading - WiP. + [mokaddem] +- [decayingTool] More info and help text. [mokaddem] +- [deacyingTool] Improved UI - WiP. [mokaddem] +- [decayingTool] Added var. [mokaddem] +- [decaying] UI skeleton - WiP. [mokaddem] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Set composer vendor dir right in composer.json. [Jakub Onderka] +- Put require PHP version and extension into composer.json. [Jakub + Onderka] +- [users] Remove unused method UsersController::arrayCopy. [Jakub + Onderka] +- Remove not used Net_GeoIP submodule. [Jakub Onderka] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [sync] Further improvements to the connection test logging. [iglocska] +- [sync] Connection test POST test logs the full response, not just the + expected part. [iglocska] + +Fix +~~~ +- [stix2] Fixed custom objects parsing when an attribute is multiple. + [chrisr3d] + + - Avoids loss of attributes that are multiple, + during the export, by returning them in a list + - Supporting import of of custom values that are + in a list, as single multiple attributes +- [internal] Added a code branch to check if saddarray is available - if + yes, use it. [iglocska] + + - for the warninglist model's cacheWarninglistEntries function +- [UI] Allow to skip pagination in IndexTable. [Jakub Onderka] +- [internal] warninglist missing Redis::sAddArray() fixed. [Andras + Iklody] +- [prio] changePriority function responses fixed. [iglocska] +- [API] hard delete passable via different methods to /attributes/delete + than just ordered URL parameters. [iglocska] +- [internal] Fix post check for attribute delete function via the API. + [iglocska] +- [server prio] Don't block the reordering even when the requested move + is invalid. [iglocska] + + - helps with fixing misaligned server lists +- [server prio] reprioritise should be more lenient if there's a messed + up priority order as the starting point. [iglocska] + + - should still return false for the rearranging, but should re-set the priority list based on the current positions +- [UI] Attribute search sort by date fixed. [iglocska] +- [ACL] priority change for servers tied into the ACL. [iglocska] +- [server prio] Automatically put new servers to lowest prio instead of + highest. [iglocska] +- [UI] Fix typo in community view. [Jakub Onderka] +- [decaying:base_score] Create temporary false tags when they are + defined in their taxonomy but not created yet. [mokaddem] +- [decaying:base_score] Single taxonomy appear in the correct namespace. + [mokaddem] +- [decaying:base_score] Round base_score config up to 4 digits. + [mokaddem] +- [decaying] `.json` view in `decaying/view` [mokaddem] +- [decaying:import] Force somes fields to be present while importing a + decaying model. [mokaddem] +- [UI] removed obsolete logo preview tool from org add/edit. [iglocska] +- [stix2 export] Avoids passing variable already contained in another + variable passed at the same time. [chrisr3d] +- [stix2 export] Removed some useless processing. [chrisr3d] +- [decaying] fixed `const` error. [mokaddem] +- [decaying] Correctly add database indexes. [mokaddem] +- [regression] removed readded invalid acl entry. [Andras Iklody] +- [ACL] removed two unused functions. [iglocska] +- [API] Empty strings should be embedded in an array for the JSON + output. [iglocska] +- [decaying:simulation] Make sure every sightings have a rounded + timestamp. [mokaddem] +- [decaying] typo 4. [mokaddem] +- [decaying] typo 3. [mokaddem] +- [event] typo 2. [mokaddem] +- [event] typo. [mokaddem] +- [decaying:tool] Replaced `title` function into `text` [mokaddem] +- [decaying:import] imported models from directory are correctly saved + as default. [mokaddem] +- [decaying:import] Correctly remove id, uuid and preserve the import + data. [mokaddem] +- [event:view] Toggle boolean buttons. [mokaddem] +- [acl:decaying] Fixed ACL permissions. [mokaddem] +- [decaying:add] Name should be input rather than textarea. [mokaddem] +- [decaying:add] Formula field should be a select. [mokaddem] +- [event:fetch] DO not duplicate scores for object's attributes anymore. + [mokaddem] +- [decaying:tool] Enabled icon is correctly displayed in the model + table. [mokaddem] +- [appModel] SQL query syntax fixed. [mokaddem] +- [decaying] UI - Interface errors and sanitization. [mokaddem] +- [decaying:base_score_config] basescore computation steps works again - + WiP. [mokaddem] +- [appmodel] Added db_change number for the decaying update. [mokaddem] +- [Sightings] Plugin.Sightings_policy=Event Owner now shows sightings + that belong to the creating org. [mokaddem] +- [decaying] Include EventTags for score computation in `event/view` + [mokaddem] +- [Tags] Correctly records `numerical_value` when enabling a taxonomy + for the first time. [mokaddem] +- [decaying:tool] Correctly update the state of the enable/disable + button after editing. [mokaddem] +- [decaying:tool] Prevent Object types overriding attribute types. + [mokaddem] +- [decayingMapping:tool] Returns all allowed mapping if type list is + empty. [mokaddem] +- [decaying:tool] Set `isEditable` parameter after editing a model. + [mokaddem] +- [decaying] Set default value and pre-checks. [mokaddem] +- [decaying:basescore_config] Fixed CSS for large tags. [mokaddem] +- [decaying:tool] UI - Basescore does not override table anymore. + [mokaddem] +- [decaying:simulation] Sorting result is displayed properly. [mokaddem] +- [decaying:simulation] Support of object_attribute in the simulation + graph. [mokaddem] +- [decaying:tool] Attribute type table searching regression fixed. + [mokaddem] +- [decaying] Adjust score if the attribute was modified after the last + sighting. [mokaddem] +- [decaying] Fixes on UI, Basescore overflow and unauthorized edition. + [mokaddem] +- [decaying:acl] Various ACL fixes. [mokaddem] +- [decaying:.json] Restored working behavior of `.json` views. + [mokaddem] +- [decaying:tool] Correctly record type mapping if assigned during model + creation. [mokaddem] +- [decaying] Do not access existing keys anymore. [mokaddem] +- [decaying:tool] Correctly save formula changes. [mokaddem] +- [decaying] attribute_types count fix. [mokaddem] +- [decaying:tool] Quick fix for mapping attribute type to models. + [mokaddem] +- [decayingModel] Correctly skip tags if taxonomomy has not been + configured. [mokaddem] +- [Taxnomy:updateTag] Do not throw an error if taxonomy does not contain + a numerical value. [mokaddem] +- [taxonomy:update] numerical_value gets updated correctly. [mokaddem] +- [taxonomy] Keep taxonomy predicates. [mokaddem] +- [decayingTool] Selection for checkboxes are correctly handled. + [mokaddem] +- [decaying] Allow translation on errors. [mokaddem] +- [decayingTool] Prevent drawing illegal parameters. [mokaddem] +- [customauth] default setting for use_header_namespace should adhere to + what is displayed (true) [iglocska] + + - as requested by the MELiCERTES consortium for CSP +- [feed] When fetching feeds, accept also text/plain in HTTP. [Jakub + Onderka] +- Require exact monolog version 1.24. [Jakub Onderka] +- [internal] blackhole function default fixed. [iglocska] +- [audit] Correct title in audit log when admin edit user. [Jakub + Onderka] +- [ACL] Added resetremoteauthkey to the ACL system. [iglocska] +- [sync] Post test fixed for sync users. [iglocska] +- [stix import] Fixed ttps malware from external stix files parsing. + [chrisr3d] +- [stix import] Additional test if leveraged ttps are not None to avoid + issues. [chrisr3d] +- [stix export] Typo on course of action galaxy type. [chrisr3d] +- [stix export] Making the validator happy with capec ids. [chrisr3d] +- [stix export] Avoiding custom vocabularies for an easier parsing of + the result file. [chrisr3d] +- [stix export] Specifying tool name for mitre-tool galaxies. [chrisr3d] +- [stix export] Exporting tool type. [chrisr3d] + + - Type is what we call galaxy name, for instance + Tool, Enterprise Attack - Tool, etc. +- [stix export] Exporting malware type. [chrisr3d] + + - Type is what we call galaxy name, for instance + Stealer, Malware, Ransomware, etc. +- [stix import] Separation between vulnerability objects & attributes. + [chrisr3d] +- [stix import] Keeping attack pattern, vulnerability & weakness objects + uuid. [chrisr3d] +- [stix import] Listing ttps uuids instead of the full ttp ids. + [chrisr3d] + + - Easier to compare directly uuids in related ttps +- [stix import] Fixed some typos. [chrisr3d] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #5097 from JakubOnderka/patch-18. [Andras Iklody] + + chg: [feed] Break loop when match is found +- Merge pull request #5163 from JakubOnderka/patch-28. [Andras Iklody] + + fix: [UI] Allow to skip pagination in IndexTable +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5098 from JakubOnderka/patch-19. [Alexandre + Dulaunoy] + + fix: [UI] Fix typo in community view +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge pull request #5032 from mokaddem/decaying. [Andras Iklody] + + Decaying Models +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge pull request #5148 from JakubOnderka/composer-simplify. [Andras + Iklody] + + chg: [internal] Simplify installation with composer +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5106 from JakubOnderka/composer-requirements. + [Andras Iklody] + + chg: Put require PHP version and extension into composer.json +- Merge branch '2.4' into composer-requirements. [Jakub Onderka] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5132 from JakubOnderka/patch-27. [Andras Iklody] + + fix: [feed] When fetching feeds, accept also text/plain in HTTP +- Merge pull request #5121 from JakubOnderka/remove-netgeoip. [Andras + Iklody] + + chg: Remove not used Net_GeoIP submodule +- Merge branch '2.4' into remove-netgeoip. [Andras Iklody] +- Merge pull request #5125 from JakubOnderka/patch-25. [Andras Iklody] + + fix: Require exact monolog version 1.24 +- Merge pull request #5129 from JakubOnderka/array-copy-remove. [Andras + Iklody] + + chg: [users] Remove unused method UsersController::arrayCopy +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5128 from JakubOnderka/patch-26. [Andras Iklody] + + fix: [audit] Correct title in audit log when admin edit user +- Add: [stix import] Importing Galaxies supported during stix export. + [chrisr3d] +- Add: [stix export] Exporting Branded Vulnerability galaxies. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix import] Importing attack pattern galaxies. [chrisr3d] +- Wip: [stix import] Functions to import attack pattern, vulnerability & + weakness objects. [chrisr3d] + + - Functions to parse galaxies to come soon +- Add: [stix import] Getting IDs of threat actors, courses of action and + ttps related to the incident. [chrisr3d] + + - Will be usefull to separate threat actors, courses + of action and ttps that are related to incidents + and will be imported as galaxies, form the ones + not related that will be imported as attributes + or objects + + +v2.4.115 (2019-09-09) +--------------------- + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- Install crypt_gpg by composer. [Jakub Onderka] +- Allow to load Crypt_GPG from composer. [Jakub Onderka] +- [user] Remove unused private method. [Jakub Onderka] +- [user] Use machine readable format for fetching PGP keys. [Jakub + Onderka] +- [feed] Error handling for saveFreetextFeedData. [Jakub Onderka] +- [feed] Handle exceptions for ServerShell::enqueueFeedCache. [Jakub + Onderka] +- [feed] Throw exception if feed filter rules is not valid JSON. [Jakub + Onderka] +- [feed] Better error handling for cacheFeedInitiator method. [Jakub + Onderka] +- [feed] More accurate progress logging for downloadFromFeed. [Jakub + Onderka] +- [feed] Better exception logging. [Jakub Onderka] +- [feed] New method Feed::jobProgress. [Jakub Onderka] +- [feed] New private method Feed::isFeedLocal. [Jakub Onderka] +- [feed] Use Feed::feedGetUri in Feed::getFreetextFeed. [Jakub Onderka] +- [feed] Feed::getNewEventUuids always return array with 'add' and + 'edit' fields. [Jakub Onderka] +- [feed] Proper error handling for fetching feed cache. [Jakub Onderka] +- [feed] New method Feed::feedGetUri to deduplicate code. [Jakub + Onderka] +- [feed] Proper error handling for fetching feed events. [Jakub Onderka] +- [feed] Deduplicate preparing filter rules. [Jakub Onderka] +- [feed] Proper error handling for fetching freetext feed. [Jakub + Onderka] +- [feed] Follow redirects by internal HttpSocket functionality. [Jakub + Onderka] +- [feed] Proper error handling for fetching feed manifest. [Jakub + Onderka] +- [stix2] Bumped latest STIX2 python library changes. [chrisr3d] + +Fix +~~~ +- [UI] Removed duplicate button title in userIndexTable.ctp. [Jakub + Onderka] +- Throw exception when GnuGP homedir is not set. [Jakub Onderka] +- [UI] GPG keys are fetched from CIRCL keyserver. [Jakub Onderka] +- [UI] Fetching GPG keys. [Jakub Onderka] + + This error was introduced in 600e54051694ca4d479a9e2c82db45fe19a46a6c +- [stix2 import] Fixed hash patterns import for external STIX files. + [chrisr3d] +- [security] Fix to a vulnerability related to the server index. + [iglocska] + + - along with various support tools + - more information coming soon +- [internal] orgs restricted to a domain displayed incorrectly. + [iglocska] + + - afterfind messes up the keys by reusing the same var for an inner loop +- [feed] Fetching event manifest. [Jakub Onderka] +- [sync] Fixed major performance blocker. [iglocska] + + - fix based on the insights of @RichieB2B, the hero we need, not the one we deserve + - added orgc_uuid to the minimal event index + - added handlers for it on the pull side + - when pulling from old instances the new functionality is skipped, resulting in the behaviour we had pre-patch + - both sides of the sync are encouraged to update, especially if the slow pulls are causing issues +- [feed] Use own solution how to redirect when fetching feeds. [Jakub + Onderka] +- [feed] shell_exec don't throw Exception. [Jakub Onderka] +- [UI] Remove rest of unused code. [Jakub Onderka] + + Inner code was removed in 3f03ceb22974352648e5163ee4b19eb94bc21106 +- [server] on-demand action does not redirect to the updateProgress page + anywmore. [mokaddem] +- [stix2 import] Dealing with the case of named pipe attribute being + imported from custom object. [chrisr3d] +- [stix2 export] Avoid fails with named pipe export as custom object. + [chrisr3d] +- [export] Add a proper filename to the event restsearch API's output to + make downloading events a bit more convenient, fixes #4905. [iglocska] +- [authentication] prepend the baseurl to the login/logout redirects - + fixes #3871. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5119 from JakubOnderka/patch-24. [Sami Mokaddem] + + fix: [UI] Removed duplicate button title in userIndexTable.ctp +- Merge pull request #5120 from JakubOnderka/gpg-composer. [Andras + Iklody] + + Install Crypt_GPG by composer +- Merge pull request #5103 from JakubOnderka/circl-key-server- + description. [Alexandre Dulaunoy] + + fix: [UI] GPG keys are fetched from CIRCL keyserver +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5117 from JakubOnderka/patch-23. [Andras Iklody] + + fix: [UI] Fetching GPG keys +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5116 from JakubOnderka/patch-22. [Andras Iklody] + + chg: [user] Remove unused private method +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5115 from RichieB2B/ncsc-nl/speedup-pull. [Andras + Iklody] + + Speedup pull +- Log reason for event download failure. [Richard van den Berg] +- Log all errors from server pull. [Richard van den Berg] +- Loose a find when adding existing event. [Richard van den Berg] +- Merge pull request #5112 from JakubOnderka/fix-feed-get-manifest. + [Andras Iklody] + + fix: [feed] Fetching event manifest +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #5101 from JakubOnderka/patch-20. [Andras Iklody] + + chg: [user] Use machine readable format for fetching PGP keys +- Merge pull request #5052 from JakubOnderka/error-handling. [Andras + Iklody] + + Better error handling for fetching feeds +- Merge pull request #5102 from JakubOnderka/patch-21. [Andras Iklody] + + fix: [UI] Remove rest of unused code +- Add: [stix import] Importing pipe objects as named pipe attribute. + [chrisr3d] +- Add: [stix export] Exporting named pipe attributes. [chrisr3d] +- Merge pull request #5084 from RichieB2B/patch-6. [Andras Iklody] + + Fix Declaration of RestResponseComponent warning +- Fix Declaration of RestResponseComponent warning. [Richie B2B] + + +v2.4.114 (2019-08-30) +--------------------- + +New +~~~ +- [API] Added event delegations to the list of API enabled functions. + [iglocska] + + - last minute feature creep +- [requestAccess] Made the requestAccess endpoint more API friendly and + some UI improvements. [iglocska] + + - better handling of empty parameters + - added the mock functionality to both API and UI, this will generate the e-mail to be sent and return it with no actual sending happening + - defaulting to mock if emailing is disabled + - fixed some minor bugs +- [communities] Added version and did some cleanup on the e-mail sent in + a request. [iglocska] +- [communities] Descriptions added to the request form along with the + anonymise checkbox. [iglocska] +- [communities] Include information about the server used to issue the + request. [iglocska] +- [community] Added the first revision of the community metadata. + [iglocska] +- [communities] Added support for requesting access for known + communities. [iglocska] + + - site admins can list the misp-project maintained community list + - request access to any of the communities +- [Internal] Index generator refactor. [iglocska] + + - loads of new features added + - bunch of helpers updated + - mainly a back/forward port from the frozen feed-rework branch with some custom changes +- [delegations] Added delegation index, fixes #5023. [iglocska] + + /event_delegations/index + + accepts context as a parameter with the following possible values: + - pending: all delegations awaiting my organisation's review (default) + - issued: all delegations issued by my organisation + + parameters can be passed via key:value parameters or via json objects +- [diagnostics] Added SQL table size tool. [iglocska] + + - along with various other small fixes + - increased recommended memory size additionally + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [PyMISP] Bump for release, take 2. [Raphaël Vinot] +- [PyMISP] Bump for release. [Raphaël Vinot] +- Enable debug. [Raphaël Vinot] +- [PyMISP] Bump for Communities. [Raphaël Vinot] +- [misp-objects] relationships updated. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [feed] Name variables after explore in Feed::attachFeedCorrelations. + [Jakub Onderka] +- [feed] Compute Redis cache key prefix just once. [Jakub Onderka] +- [feed] Fetch sources just when there is correlation. [Jakub Onderka] +- [feed] Compute composite types just once. [Jakub Onderka] +- [communities] Change keys (name, uuid, type) [Raphaël Vinot] +- [field rename] Renamed all community fields with redundancy to + something more simple (community_uuid -> uuid, etc) [iglocska] +- [PyMISP] Bump for communities. [Raphaël Vinot] +- [restresponse] Added tooltips to the translatable strings, added + communities/requestAccess. [iglocska] +- [API] communities/requestAccess made more API friendly. [iglocska] + + - defaults set automatically if not set + - tied into self-describe API on GET + - fixed the attached PGP key to be the one supplied if it deviates from the user's key +- [cleanup] empty lines removed. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- No need to encapsulate data in API request. [Pierre-Jean Grenier] +- [PyMISP] Bump tests for Travis. [Raphaël Vinot] +- [ACL] Added new community functions to the ACL component. [iglocska] +- [travis] PyMISP bump. [Raphaël Vinot] +- [PyMISP] Bump tests for Travis. [Raphaël Vinot] +- [Tests] Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Delegate to org by UUID. [Pierre-Jean Grenier] +- [doc] MISP works on the latest 18.04.3 ISO, just sayin' (#5051) [Steve + Clement] + + chg: [doc] MISP works on the latest 18.04.3 ISO, just sayin' +- [doc] MISP works on the latest 18.04.3 ISO, just sayin' [Steve + Clement] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [tools] Updated installer to consider the memory_limit change. [Steve + Clement] +- [doc] Updated: memory_limit=512M -> memory_limit=2048M (#5038) [Steve + Clement] + + chg: [doc] Updated: memory_limit=512M -> memory_limit=2048M +- [doc] Updated: memory_limit=512M -> memory_limit=2048M. [Steve + Clement] +- [doc] Updated composer hash (#5037) [Steve Clement] + + chg: [doc] Updated composer hash +- [doc] Updated composer hash. [Steve Clement] +- [updateProgress] Added sidebar (and sidebar link) [mokaddem] +- Show descriptions in import modules. [Pierre-Jean Grenier] +- /events/contact/{event_id} can now be properly called from API. + [Pierre-Jean Grenier] +- [warning-list] Use different algorithm for IPv4 CIDR comparsion. + [Jakub Onderka] +- [warning-list] Filter CIDR warning list before eval. [Jakub Onderka] +- Setting the 'Tag' key when editing a tag through API is not mandatory + (consistency) [Pierre-Jean Grenier] +- [PyMISP] Bump, changes with sightings. [Raphaël Vinot] +- [warninglist] Do not check twice if key in cache exists. [Jakub + Onderka] +- [cache] Do not check if class exists when cache is already connected. + [Jakub Onderka] +- Return the sighting when adding one through REST API. [Pierre-Jean + Grenier] +- [UI] Some more username helper changes. [iglocska] +- [UI] Small change to the user name helper. [iglocska] +- [PyMISP] Bump tests for Travis. [Raphaël Vinot] +- Do not log ForbiddenException by default. [Jakub Onderka] + + This exception is thrown when not logged access `users/checkIfLoggedIn.json` + +Fix +~~~ +- [API] Messages fixed for event delegations. [iglocska] +- [API] event delegation inverted invalid IF branch. [iglocska] +- [internal] return true from the external email sender if no mocking is + happening instead of the full email. [iglocska] +- [API] Set gpgkey to '' instead of array() if user has no pgp key set. + [iglocska] +- [feed] Remove unused variables. [Jakub Onderka] +- [ui] Missing space and dot at export page. [Jakub Onderka] +- [invalid link] fixed. [iglocska] +- [API] Added gpgkey as a valid parameter for requestAccess in the API + description. [iglocska] +- [UI] Fixed the annoying link underlines under action buttons. + [iglocska] +- More issues with PostgreSQL. [Bechkalo Evgeny] + + - fixed error during update Job date_modified field (SQLSTATE[22008]: + Datetime field overflow: 7 ERROR: date/time field value out of range) + - fixed error during fetching events while updating from feeds ( + SQLSTATE[42P01]: Undefined table: 7 ERROR: missing FROM-clause entry for + table events) + - fixed Feed edit view with wrong boolean forms (combobox instead + checkbox) +- [invalid url] fixed. [iglocska] +- [communtiies] Added correct responses to the community request + interface. [iglocska] +- [menu] Added community index to the top menu. [iglocska] +- SQL-error during obtaining dbSpaceUsage. [Bechkalo Evgeny] + + Fixed SQL-error in PostgreSQL for viewing Diagnostics Page + Added check for datasource, added PostgreSQL handling (without + reclaimable memory). +- Contact reporter via API. [Pierre-Jean Grenier] +- [ui] Show proper error message for ForbiddenException again. [Jakub + Onderka] +- [appController] Fixed updateProgress redirection link. Fix #5068. + [mokaddem] +- [cleanup] removed unused functions. [iglocska] +- [API] Fixed output of the attribute histogram. [iglocska] + + - no more STIX-ish barf inducing numeric string keys for dictionaries +- Fix 'contain' param in app/Model/Attribute.php:fetchAttributes() + [Pierre-Jean Grenier] + + When we specified eg. 'contain': array('Event'), the merge done by the function was incorrect, and only kept more restrictive stuff, + while we wanted to get all the keys related to the Event. +- Default to 0 when no distribution is specified. [Pierre-Jean Grenier] + + The current behavior conducted to set distribution to -1 in the returned json, and raise an 'Undefined index' notice +- [ACL] allow users to see delegations. [iglocska] +- [contact reporter] Rules somewhat relaxed. [iglocska] +- [UI] Correct class name in View/Elements/Feeds/View/row_attribute.ctp. + [Jakub Onderka] +- [feed] Preview feed event don't have id. [Jakub Onderka] +- [feed] Prevent MITM for feeds that support HTTPS. [Jakub Onderka] +- [ui] Link to REST client at Automation page. [Jakub Onderka] +- [UI] Info message should not be error. [Jakub Onderka] +- [contact reporter] Various fixes, fixes #5040. [iglocska] + + - don't offer contacting a reporter of an event that doesn't have users on the platform + - fixes to various bugs that broke this feature in the first place + - Massive potential performance blocker removed from contacting individual reporters +- [UI] Multi select on the event index fixed, fixes #5047. [iglocska] +- [UI] Multi select and deletion of events fixed, #5046. [iglocska] +- [Tags] Correctly records `numerical_value` when enabling a taxonomy + for the first time. [mokaddem] +- [ui] Show proper error message for ForbiddenException. [Jakub Onderka] +- [object:merge] Fix #5041, Duplicated value gets unique UUID and + relaxed javascript equality check. [mokaddem] +- [updateProgress] Usage of correct FontAwesome class. [mokaddem] +- [sightings] Remove unused method. [Jakub Onderka] +- [organisations] Trim the domain restrictions both on load and on save, + fixes #5034. [iglocska] +- [admin] Invalid domain restriction check for site admins, fixes #5035. + [iglocska] +- Fix messages when we try to delete an attribute. [Pierre-Jean Grenier] +- [API] Made delegateEvent API friendly, fixes #5026. [iglocska] +- [API] delegate events by UUID, fixes #5024. [iglocska] +- Replace not exists MethodNotFoundException with NotFoundException. + [Jakub Onderka] +- [tests] Some changes were not commited. [Raphaël Vinot] +- [UI] Fixed tag buttons not being in-line on the event view's attribute + list. [iglocska] +- [warninglist] Entries cache is properly deleted. [Jakub Onderka] +- Import modules using 'misp_standard' format can be called via REST + API. [Pierre-Jean Grenier] +- [ACL] Fixed read only users not being able to list the sightings, + fixes #5022. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5017 from JakubOnderka/feed-optimisations. [Andras + Iklody] + + Feed correlations optimisations +- Merge pull request #5044 from JakubOnderka/patch-9. [Andras Iklody] + + fix: [ui] Missing space and dot at export page +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5083 from 4ekin/fix-postgresql-issues. [Andras + Iklody] + + fix: more issues with PostgreSQL +- Merge pull request #5081 from StefanKelm/2.4. [Andras Iklody] + + Update index.ctp +- Update index.ctp. [StefanKelm] + + Tiny typos +- Merge branch 'feature/communities' into 2.4. [iglocska] +- Merge branch '2.4' into feature/communities. [iglocska] +- Merge pull request #5072 from 4ekin/fix-postgresql-issues. [Andras + Iklody] + + fix: SQL-error during obtaining dbSpaceUsage +- Merge pull request #5079 from zaphodef/fix/contact_event_api. [Andras + Iklody] + + fix: contact reporter via API +- Merge pull request #5073 from JakubOnderka/patch-16. [Andras Iklody] + + fix: [ui] Show proper error message for ForbiddenException again +- Merge pull request #5066 from zaphodef/feature/encapsulation_api. + [Andras Iklody] + + chg: No need to encapsulate data in API request +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #5063 from zaphodef/fix/contain_fetchAttributes. + [Andras Iklody] + + fix: Fix 'contain' param in app/Model/Attribute.php:fetchAttributes() +- Merge pull request #5062 from zaphodef/fix/undefined_distribution. + [Andras Iklody] + + fix: Default to 0 when no distribution is specified +- Chd: [travis] Check date. [Raphaël Vinot] +- Merge pull request #5061 from + zaphodef/feature/delegate_to_org_by_uuid. [Andras Iklody] + + chg: Delegate to org by UUID +- Merge pull request #5059 from tk-hendrik/2.4_small_cssfix. [Andras + Iklody] + + attributeTagContainer wrapping +- AttributeTagContainer wrapping. [Hendrik] + + This change ensures that the attribute table won't explode in width if + one uses more tags on an attribute. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5054 from JakubOnderka/patch-15. [Andras Iklody] + + fix: [UI] Correct class name in View/Elements/Feeds/View/row_attribute.ctp +- Merge pull request #5053 from JakubOnderka/patch-14. [Andras Iklody] + + fix: [feed] Preview feed event don't have id +- Merge pull request #5050 from JakubOnderka/patch-13. [Alexandre + Dulaunoy] + + fix: [feed] Prevent MITM for feeds that support HTTPS +- Merge pull request #5048 from JakubOnderka/patch-11. [Alexandre + Dulaunoy] + + fix: [ui] Link to REST client at Automation page +- Merge pull request #5049 from JakubOnderka/patch-12. [Alexandre + Dulaunoy] + + fix: [UI] Info message should not be error +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5043 from JakubOnderka/patch-8. [Andras Iklody] + + fix: [ui] Show proper error message for ForbiddenException +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #5042 from StefanKelm/2.4. [Andras Iklody] + + Tiny typos +- Update default.pot. [StefanKelm] + + tiny typo +- Update add.ctp. [StefanKelm] + + tiny typo +- Merge pull request #5039 from SteveClement/tools. [Steve Clement] + + chg: [tools] Updated installer to consider the memory_limit change +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5005 from JakubOnderka/remove-toplist. [Andras + Iklody] + + fix: [sightings] Remove unused method +- Merge pull request #5033 from + zaphodef/feature/import_module_description. [Andras Iklody] + + chg: Show descriptions in import modules +- Wrap description in a h() [Pierre-Jean Grenier] +- Merge pull request #5036 from zaphodef/feature/events_contact_api. + [Andras Iklody] + + chg: /events/contact/{event_id} can now be properly called from API +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5014 from JakubOnderka/filter-cidr. [Andras + Iklody] + + Much faster IPv4 warninglists +- Merge pull request #5031 from zaphodef/feature/tag_edit_json. [Andras + Iklody] + + chg: Setting the 'Tag' key when editing a tag through API is not mand… +- Merge pull request #5030 from + zaphodef/feature/delete_attribute_messages. [Andras Iklody] + + duh, fix a typo +- Duh, fix a typo. [Pierre-Jean Grenier] +- Merge pull request #5029 from + zaphodef/feature/delete_attribute_messages. [Andras Iklody] + + fix: Fix messages when we try to delete an attribute +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5006 from JakubOnderka/not-found-exception. + [Andras Iklody] + + fix: Replace not exists MethodNotFoundException with NotFoundException +- Merge pull request #5015 from JakubOnderka/redis-optimisations. + [Andras Iklody] + + Redis optimisations +- Merge pull request #5021 from + zaphodef/feature/return_sighting_add_rest. [Andras Iklody] + + chg: Return the sighting when adding one through REST API +- Merge pull request #5020 from zaphodef/rest_import_module. [Andras + Iklody] + + fix: Import modules using 'misp_standard' format can be called via RE… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5010 from JakubOnderka/patch-7. [Andras Iklody] + + chg: Do not log ForbiddenException by default + + +v2.4.113 (2019-08-16) +--------------------- + +New +~~~ +- [API] get a single server setting via + /servers/getSetting/[setting_name], fixes #4964. [iglocska] +- [API] Allow posting freetext data for ingestion via the event uuid + instead of ID, fixes #4995. [iglocska] +- [internal / API] new component added to handle repeatable code across + all controllers (toolbox controller) [iglocska] + + - added UUID -> ID lookup function and integrated it across several functions + - fixes #4990 + - fixes #4999 + - fixes #4993 + - fixes #4991 + - fixes #4989 + - fixes #4987 +- [session handling] Session handling fixes. [iglocska] + + - changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions + - timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid +- [sync] Added a protection from receiving empty published events from + other instances. [iglocska] + + - a temporary solution to some older, bugged instances emitting them +- [debug] Added an on-demand sync debug to assist some debug sessions. + [iglocska] + + - very primitives, simply concatenates events to be pushed into a file +- Reminder to run gen_misp_types_categories when model changes. + [Christophe Vandeplas] +- [API] Attribute add rework - WIP. [iglocska] + + - handle attribute creation in a unified manner via captureAttributes +- [internal] Default field list added for attributes. [iglocska] + + - let's try to standardised on things we output instead of doing it manually. It's a first step + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [PyMISP] Bump version. [Raphaël Vinot] +- [Travis] Use default python3 version on the image (3.6+), fix perms + on. [Raphaël Vinot] +- [Travis] Set strict mode on MariaDB. [Raphaël Vinot] +- [Travis] Initial fix. [Raphaël Vinot] +- Show sharing groups' uuids. [Pierre-Jean Grenier] +- Delete an object by its uuid, similar syntax to attribute's deletion. + [Pierre-Jean Grenier] +- [stix test] Updated STIX1 test files with the updated MISP event files + export results. [chrisr3d] +- [stix test] Updated MISP event test files with the latest objects + supported. [chrisr3d] +- [logging] Truncate description lengths that would be longer than what + the DB can store with the default setup. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [stix export] Change on leveraged ttp at incident level. [chrisr3d] + + - No longer referencing ttps created out of MISP + objects as leveraged ttps at incident level + - Making sure all ttps, course of actions, threat + actors and so on created from MISP galaxies are + referenced at incident level +- [stix export] Handling vulnerability attributes the same way as + objects. [chrisr3d] + + - Fixing at the same time some references (with + vulnerability objects related to vulnerability + attributes) that were lost +- Modules can now pre-check a checkbox from userConfig. [Pierre-Jean + Grenier] +- [warning-list] Filter CIDR warning list before eval. [Jakub Onderka] +- [stix export] Keeping references between ttps. [chrisr3d] + + - Keeping references between ttps coming from MISP + objects that have references between each others +- [indentation] small fix. [iglocska] +- [PyMISP] Bump repo. [Raphaël Vinot] +- [CLI] server shell -> push now allows passing the event ID to push. + [iglocska] + + - also, changed tabs to spaces +- Bump pymisp. [Raphaël Vinot] +- [pymisp] enable more tests. [Raphaël Vinot] +- [internal] Potential fix for a race condition generating orphaned + attributes, fixes #4886. [iglocska] + + - This fix will avoid issues where the delay is introduced by the deferred start of the execution via the background workers + - deleting an event whilst data is being actively added will still not be interrupted +- [stix2 export] Exporting labels with the Attack Pattern object. + [chrisr3d] +- Bump PyMISP. [Raphaël Vinot] +- [types] email-subject added as a valid type for network activity. + [iglocska] + + - used to describe outgoing e-mail subjects for exfiltration. Perhaps consider adding a new category for exfiltration altogether. +- Bump Pymisp again. [Raphaël Vinot] +- [API] servers/serverSettingsEdit now accepts the force parameter in a + posted JSON object. [iglocska] + +Fix +~~~ +- [PyMISP] Bump, missing change. [Raphaël Vinot] +- [internal] Feed lookup by UUID removed as feeds don't actually have + UUIDs, fixes #4998. [iglocska] +- [ToolboxComponent] fixed model name lookup by moving to Model->alias + over Model->name, fixes #5003. [iglocska] +- [internal] Breaking bug with the feed edit fixed. [iglocska] +- [API] invalid object reference fixed in objects/view, fixes #5003. + [iglocska] + + - the Copy Pasta God(tm) strikes again +- [API] get organisation by uuid for sightings/listSightings, fixes + #4992. [iglocska] +- [API] Misp object delete's uuid lookup fixed. [iglocska] +- [API] removed testing exception. [iglocska] +- [API] Swapped error messages' content from "don't" to "do not" to + avoid weird sanitisation artifacts coming from the exception handler. + [iglocska] +- [API] error message. [iglocska] +- [API] Attribute edit fixed. [iglocska] +- Fix error messages. [Pierre-Jean Grenier] +- [API] /galaxies/view by uuid added, fixes #4993. [iglocska] +- [API] sightings restSearch now accepts uuids as org_id, fixes #4992. + [iglocska] +- [API] Delete sightings by UUID, fixes #4987. [iglocska] +- [API] /objects/view should accept UUID as a parameter instead of just + ID, fixes #4991. [iglocska] +- [API] Delete organisations by UUID, fixes #4989. [iglocska] +- [API] Access event proposals by uuid via + shadow_attributes/index/[uuid], fixes #4988. [iglocska] +- [API] Adding an event without the info field set should never work, + fixes #4984. [iglocska] +- [sharing groups] Fix the behaviour of roaming mode sharing groups, + fixes #4983. [iglocska] + + - creating sharing groups without roaming mode and without any sharing group servers should automatically add the own server + - adapt the new roaming mode behaviour from a few months ago on push: No explicit roaming mode set means no push, even if no servers are added +- [Sharing groups] Various fixes to align the reported local instance + URL as the external_baseurl if set, as opposed to always using the + baseurl, fixes #4982. [iglocska] +- [stix export] Dealing with course of action and threat actor objects + the same way as for ttps. [chrisr3d] +- [sync] Sync object builder tool fixed. [iglocska] + + - was picking the wrong org as the owner of the remote side +- [warning-list] Split value just if type is malware-sample or contains + `|` char. [Jakub Onderka] +- [stix export] No longer referencing all ttps from galaxies for each + indicator. [chrisr3d] + + - Will save it later for galaxies at attribute level +- [stix export] Dealing with threat actors from attributes. [chrisr3d] + + - Using the recently added functions +- [API] /events/delete now accepts UUID as parameter. [iglocska] +- [stix export] Reusing uuid variable already defined. [chrisr3d] +- [sessions] Several minor fixes to the session handling. [iglocska] + + - cookieTimeout setting fixed + - moved the session massaging into a separate function + - added some translation calls for some of the setting errors involved +- [sync] Fixed an invalid massaging of object attributes before a sync. + [iglocska] + + - on a push, object attributes were not correctly filtered out based on distribution settings +- [enrichment] Handling correctly comments at objects level. [chrisr3d] + + - Objects level comments were displayed but not + handled at the end, they are now displayed, + users can modify them as comments at attributes + level, and they are handled then with the saved + results +- [stix export] STIX objects id standardization. [chrisr3d] +- [internal] Double lookup during the pull resolved. [iglocska] +- [tools] Fixes gen types categories script. [Christophe Vandeplas] +- [stix export] Replaced try statements with if conditions for more + readability. [chrisr3d] + + - It is better we are aware something fails + unexpectedly instead of being caught by a try + catch statement +- [stix export] Dictionary name typo. [chrisr3d] +- [stix export] Better tags handling. [chrisr3d] + + - Avoid passing event level tags everywhere + - Using class variable for the tlp markings +- [stix export] Avoiding creation of some objects before we are sure + they will be used. [chrisr3d] +- [API] /servers/restartWorkers response fixed for API users, fixes + #4966. [iglocska] +- [API] Further fixes to /attributes/add. [iglocska] +- [API] Fixes to the new attribute add. [iglocska] +- [API] fixed an incorrect fix to the object references add function + from earlier today, fixes #4866. [iglocska] +- [API] Posting on taxonomies/update returns an exception if taxonomies + have no numerical_value set, fixes #4899. [iglocska] +- [API] the returned data when adding object references doesn't include + the object_uuid, fixes #4866. [iglocska] +- [UI] Empty objects threw a notice on the event view. [iglocska] +- [API] Consistency in returned attribute fields when modifying it. + [iglocska] +- [UI] tag index invalid tag name copy fixed. [iglocska] +- [API] Object edit clusterfudge fixed. [iglocska] +- [objects] Fix various issues with objects/edit. [iglocska] + + - value1 and value2 should not be included in the repsonse, fixes #4944 + - fixed input being misunderstood in certain situations +- [UI] Handle settings being removed from config.php more gracefully in + the UI. [iglocska] +- [UI] Row description in View Warninglists. [Jakub Onderka] +- [PyMISP] Test cases are working again. [Raphaël Vinot] +- [UI] Event index tag display default setting fixed. [iglocska] + + - Resolving the fix that really wasn't... +- [internal] testBoolFalse logic error fixed. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Revert "chg: [warning-list] Filter CIDR warning list before eval" + [iglocska] + + This reverts commit 20632d5e1027d2a6dfc66639ac384e5761988e18. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #5001 from zaphodef/feature/uuid_sharing_group. + [Andras Iklody] + + chg: Show sharing groups' uuids +- Revert "Revert "fix: Fix error messages"" [iglocska] + + This reverts commit a12ea04a4caab6be2593d13ead56187b775e336d. +- Revert "fix: Fix error messages" [iglocska] + + This reverts commit d501c56e5fec7f69aa0a17a3bb0c8a0cf97b4e69. +- Merge pull request #5000 from zaphodef/bad_permissions. [Andras + Iklody] + + fix: Fix error messages +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4986 from zaphodef/delete_object_by_uuid. [Andras + Iklody] + + chg: delete an object by its uuid, similar syntax to attribute's dele… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4980 from JakubOnderka/patch-6. [Alexandre + Dulaunoy] + + [fix] Remove double `:` +- [fix] Remove double `:` [Jakub Onderka] +- Merge pull request #4981 from StefanKelm/2.4. [Alexandre Dulaunoy] + + Replace http with https +- Replace http with https. [StefanKelm] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix export] Updated STIX header with the course of action + header. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix export] Exporting course-of-action objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4971 from JakubOnderka/patch-5. [Andras Iklody] + + fix: [warning-list] Split value just if type is malware-sample or contains `|` char +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix export] Mapping some galaxies to STIX objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4972 from zaphodef/import_module. [Andras Iklody] + + chg: modules can now pre-check a checkbox from userConfig +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #4965 from JakubOnderka/patch-4. [Andras Iklody] + + chg: [warning-list] Filter CIDR warning list before eval +- Merge pull request #4969 from obert01/fix-matrix-accessibility. + [Andras Iklody] + + Improved the accessibility of the galaxy matrix view. +- Improved the accessibility of the galaxy matrix view for screen + readers. The table elements are now focusable, and only a short text + is brailled/spoken by default. [Olivier BERT] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix export] Exporting attack-pattern, vulnerability & weakness + objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch 'feature/attribute_add_rework' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Add: [stix2 export] Exporting Attack Pattern objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4955 from JakubOnderka/patch-3. [Andras Iklody] + + fix: [UI] Row description in View Warninglists + + +v2.4.112 (2019-08-02) +--------------------- + +New +~~~ +- [sync] Event index cleaned up, total count of listd events added as X + -Result-Count header. [iglocska] +- [sync] Previewing a remote instance now passes pagination rules in the + request instead of fetching the full data-set and paginating in + memory. [iglocska] + + - fixes issues with empty preview pages + - massive performance boost + - requires the remote side to be the same version or newer +- [API] new parameters added to attributes/restSearch to include + additional context, fixes #4935, fixes #4940, affects MISP/PyMISP#415. + [iglocska] + + - includeSightings: include sightings for all attributes returned + - includeCorrelations: include the correlations to other attributes (includes a light-weight event object with each attribute) +- [CLI] Added cleanCaches command. [iglocska] +- [API] Disable background processing on-demand via URL parameters. + [iglocska] +- [setting] Disable DB logging completely, fixes #4921. [iglocska] + + - Not recommended, but for certain use-cases it might be desirable +- [API] Some more context for includeContext, fixes #4935. [iglocska] +- [API] includeContext now includes the additional event fields in the + attributes/restSearch results (in JSON format) [iglocska] +- [API] Allow adding tags via /attributes/add directly. [iglocska] +- [alerting] Block the alerting of events based on the date field as an + alternative to the timestamp, fixes #4937. [iglocska] + +Changes +~~~~~~~ +- [pymisp] bumped. [iglocska] +- [version] bump. [iglocska] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Use faster algorithm for Warninglist::__ipv6InCidr. [Jakub Onderka] +- [pymisp] Bump. [Raphaël Vinot] +- More efficient Warninglist::__evalCIDR. [Jakub Onderka] +- [View] Setting default link value for vulnerability & weakness. + [chrisr3d] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version + ATT&CK July edition. + [Alexandre Dulaunoy] +- [UI] Added the new user name helper. [iglocska] +- [UI] Add a quick button for the event attribute toolbar for the + showing of related tags. [iglocska] + + - therapeutic patch for @neok0 +- [pymisp] Bump. [Raphaël Vinot] +- [stix test] Updated the STIX2 test files. [chrisr3d] + + - Including the newest supported objects added in + the mapping, and the latest fixes for some + objects previously mapped as custom object and + now properly supported +- [stix test] Updated the test MISP events. [chrisr3d] + + - Added some of the new objects added recently and + supported in the mapping +- Server pull/push endpoints allow the passing of the parameters as a + POSTed JSON in addition to URL parameters, partially fixes #4889. + [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [restClient] Do not override query body if url hasn't changed. + [mokaddem] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [Submodules] Bump Taxonomies and objects. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- [PyMISP] Bump. [Raphaël Vinot] +- [travis] Cleanup pymisp install. [Raphaël Vinot] +- [pymisp] Bump it. [Raphaël Vinot] +- [travis] Start workers. [Raphaël Vinot] +- [travis] Delete the event created by curl test. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [feed-metadata] Panels Tracker feed added. [Alexandre Dulaunoy] +- [PyMISP] Bump to full deprecation warnings. [Raphaël Vinot] +- [genericPicker] Adapt fontAwesome namespace based on the icon. + [mokaddem] +- [galaxy:view] Added missing titles and translation. [mokaddem] +- Bumped queryversion. [mokaddem] +- [eventGraph:search] Usage of chosen instead of bootstrap with non- + stripped label. [mokaddem] + +Fix +~~~ +- [pymisp / querystring] versions bumped. [iglocska] +- [enrichment] Getting objects description from the view. [chrisr3d] +- [enrichment view] Passing description & template information about + objects. [chrisr3d] +- [UI] enable buttons to add local galaxy clusters for host org users, + fixes #4925. [iglocska] +- [local tags] Host org non admin users should be able to tag data owned + by others, partially fixes #4925. [iglocska] +- [API] csv export incorrect handling of include context parameter if it + was pushed and set to 0. [iglocska] +- [GalaxyCluster] relaxed the matching of cluster names to tags, fixes + #4154. [iglocska] +- [enrichment] Encrypting attribute data if encrypt field is set. + [chrisr3d] +- [webroot] Catching encrypt fields from the enrichment view. [chrisr3d] +- [enrichment view] Keeping encrypt field in attributes. [chrisr3d] +- [CSV] headerless flag fixed, fixes #2761. [iglocska] +- [UI] Fix to the related tags not being shown in the UI due to a local + tag related exception. [iglocska] +- [API] Exception on /sharingGroups/removeOrg fixed, fixes #4884. + [iglocska] +- [stix import] Fixed observable id fetching. [chrisr3d] + + - Avoid issues with observable composition ids +- [API] /attriutes/index fixed for non admin users. [iglocska] +- [sync] Fixed local tag sync filter events not being synced on a push + as expected. [iglocska] +- [stix export] Fixed some code + using mapping dictionaries. [chrisr3d] + + - Using another file for mapping dictionaries, as + we already do for all the other stix scripts +- [stix export] Reordered import list for more clarity. [chrisr3d] + + - Helps finding all the imports since their are in + alphabetical order, avoiding any miss of STIX or + Cybox object while adding/updating some +- [API] Freetext import now correctly handles the response of non- + background processed tasks. [iglocska] +- [rest client] Potential fix to the skip ssl validation flag not + working on wrong CN name. [iglocska] +- [rest client] Potential fix to the SSL validation skip not working. + [iglocska] +- [UI] tag style on the index now correctly adheres to the default if + not set. [iglocska] +- [UI] tags in minimal view can throw notice errors on the event index. + [iglocska] +- [UI] Notice errors when the local tag on a viewed tag is not set, + partially fixes #4938. [iglocska] +- Error during creating and deleting Attributes on PostgreSQL. [Bechkalo + Evgeny] +- MariaDB error for quoting tablename. [Bechkalo Evgeny] +- Some PostgreSQL issues. [Bechkalo Evgeny] + + Closes: #3066, #3067 + Fixes issues: + - wrong boolean and smallint conversion; + - postgresql table and field naming (field 1_event_id is wrong name for + field for example); + - postgresql grouping (you cannot select columns without grouping them); + - wrong checkbox rendering without keyword. +- [UI] notice errors thrown by tags in the event view. [iglocska] +- [proposals] POST on shadow_attributes/edit/{attribute_id} + inconsistent, fixes #4857. [iglocska] +- [API] taxonomy/addTag now correctly responds if queried via the API + instead of redirecting, fixes #4865. [iglocska] +- [API] sightings/listSightings should also support JSON parameters, + fixes #4875. [iglocska] +- [API] Organisation edit now also accepts UUID instead of ID via the + URL param, fixes #4896. [iglocska] +- [API] Fixed an edge case when the attribute historgram throws a notice + error. [iglocska] + + - no idea how to reproduce it, the organisation referenced in an event orgc_id not existing is a pre-condition + + - fixes #4880 +- [API] Adding attributes via the freetext importer using the API + resulted in several issues. [iglocska] + + - adhereToWarninglists was not correctly adhered to + - the response didn't reflect what was saved, only what was pushed to be saved (excluding removals by warnintlists, several attributes added by adding more than one valid type, etc) + + fixes #4881 +- [sharing groups] Add sharing group returns a list instead of a sharing + group object, fixes #4882. [iglocska] +- [API] Exception on POST sharingGroups/addOrg, fixes #4884. [iglocska] +- [settings] Fixed the text for the block_old_event_alert_age setting, + fixes #4909. [iglocska] +- [proposals] shadow_attributes/index default behavior modified to show + all proposals by default, fixes #4936. [iglocska] +- [proposals] Fixed automatic setting of the category when adding + proposals, fixes #4868. [iglocska] +- [API] Empty 'restricted to domains' returns string instead of array, + fixes #4928. [iglocska] +- [UI] Rest client form validation disabled. [iglocska] + + - it was trying to validate using the Server model validation rules, which is obviously incorrect +- [UI] Tags were not shortened correctly on the event index since the + refactor, fixes #4932. [iglocska] +- [servers] Adding a server now requires the name to be set, partially + fixes #4889. [iglocska] +- [API] Server deletion now responds correctly via the API. [iglocska] +- [security] Fix to stored XSS. [mokaddem] + + - as reported by David Heise +- Removed unnecessary uuid rewriting in objects. [chrisr3d] + + - uuid is defined when the object is created +- Fixed direction of the relationship between files, PEs and their + sections. [chrisr3d] + + - The file object includes a PE, and the PE + includes sections, not the other way round + - Backward compatibility with the events created + with 'included-in' at the relationship_type + between those objects +- Views invalid marker content fixed (#4820) [Steve Clement] + + fix: Views invalid marker content fixed +- Views invalid marker content fixed. [4ekin] + + Views fixed to avoid errors during POT file generating: + + Invalid marker content in + /var/www/MISP/app/View/Elements/Events/View/related_event.ctp:23 + * __( + sprintf('This related event contains %s unique + correlation(s)',h($relatedEventCorrelationCount[$related['id']]))) + + Invalid marker content in + /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:102 + * __( + Inflector::humanize($field)) + + Invalid marker content in + /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:108 + * __( + Inflector::humanize($field)) + + Invalid marker content in + /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:126 + * __( + Inflector::humanize($field)) + + Invalid marker content in + /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:132 + * __( + Inflector::humanize($field)) +- Load Galaxy mappings for misp2stix2 seperately from Objects. [Tom + King] +- [travis] STIX modules. [Raphaël Vinot] +- [travis] resque stuff. [Raphaël Vinot] +- [travis] Fix composer things. [Raphaël Vinot] +- [Travis] Update the installation. [Raphaël Vinot] +- [travis] Installation (redis & co) [Raphaël Vinot] +- [event:view] Ensure sync users do not get local tags through ajax. + [mokaddem] +- [tag_collection:index] Download configuration button is back. + [mokaddem] +- [massageTag] Fallback on global tag if local parameter not set. + [mokaddem] + + (Tag collections tags do not contain a local parameter) +- [tag_collection:index] Admin no longer have access to local tag if + they are disabled. [mokaddem] +- [tag_collection:index] Correctly assign `isAclTagger` [mokaddem] +- [tagCollection:view] Do not show `add LOCAL galaxy` button anymore. + [mokaddem] +- [tag:local] Allow users (with correct authorization) to detach tags. + [mokaddem] +- Typo when the validation fails on an object. [Raphaël Vinot] + + Fix #4903 +- [Taxnomy:updateTag] Do not throw an error if taxonomy does not contain + a numerical value. [mokaddem] +- [taxonomy:update] numerical_value gets updated correctly. [mokaddem] +- [travis] Remove legacy tests. [Raphaël Vinot] +- [kali] Kali was not in the support map (#4887) [Steve Clement] + + fix: [kali] Kali was not in the support map +- [kali] Kali was not in the support map. [Steve Clement] +- [galaxy:view] Adapt fontAwesome namespace based on the icon. + [mokaddem] +- [CLI] Response after a CLI pull threw notice error. [Andras Iklody] + + Proposal pull now returns int instead of a list of proposals, meaning that count($data) was trying to count an int. +- [debug] Remove debug call. [Raphaël Vinot] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4951 from JakubOnderka/patch-2. [Andras Iklody] + + chg: Use faster algorithm for Warninglist::__ipv6InCidr +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4949 from JakubOnderka/patch-1. [Andras Iklody] + + chg: More efficient Warninglist::__evalCIDR +- Merge pull request #4947 from chrisr3d/2.4. [Andras Iklody] + + New attribute type 'weakness' +- Add: [View] Added link to the defined CWE url for weakness attributes. + [chrisr3d] +- Add: [Config] Added CWE url for the new attribute type. [chrisr3d] +- Add: [Model] New attribute type weakness. [chrisr3d] + + - Describing links linking to the provided CWE lookup +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix import] Importing user account object. [chrisr3d] + + - Suppoting UnixUserAccount, UserAccount and + WindowsUserAccount objects +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix framing] Added the latest supported objects to the STIX + header namespaces. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix export] Exporting user-account objects. [chrisr3d] +- Revert "fix: [rest client] Potential fix to the SSL validation skip + not working" [iglocska] + + This reverts commit 293871cee85522a9bb83fa91ea1ca1017924230b. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4939 from 8ear/patch-3. [Andras Iklody] + + Update MYSQL.sql +- Update MYSQL.sql. [Max H] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4927 from 4ekin/fix-postgresql-issues. [Andras + Iklody] + + fix: some PostgreSQL issues +- Slightly modified logroate config which rotates all logs in MIS… + (#4924) [Steve Clement] + + slightly modified logroate config which rotates all logs in MISP/app/… +- Update misp.logrotate. [Steve Clement] +- Update misp.logrotate. [Steve Clement] +- Slightly modified logroate config which rotates all logs in + MISP/app/tmp/logs when they reach a 50MB limit, with maximum log size + set to 500M. rotation is checked every hour. [michael] +- Merge branch 'tomking2-bug/misp2stix2_galaxies' into 2.4. [chrisr3d] +- Merge branch 'bug/misp2stix2_galaxies' of + git://github.com/tomking2/MISP into tomking2-bug/misp2stix2_galaxies. + [chrisr3d] +- Merge pull request #4919 from MISP/travis_foo. [Raphaël Vinot] + + Fix travis. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4915 from MISP/localtag-fixes. [Sami Mokaddem] + + Various fixes +- Merge pull request #4904 from MISP/fix_4903. [Andras Iklody] + + fix: Typo when the validation fails on an object +- Merge pull request #4893 from RichieB2B/ncsc-nl/fix-nidsexport. + [Andras Iklody] + + Fix errors on NIDS export when whitelist is empty +- Fix errors on NIDS export when whitelist is empty. [Richard van den + Berg] +- Merge pull request #4894 from RichieB2B/ncsc-nl/fix-canpush-error. + [Andras Iklody] + + Make error clearer when canPush bit is missing +- Make error clearer when canpush bit is missing. [Richard van den Berg] +- Merge pull request #4878 from RichieB2B/ncsc-nl/fix-destroy. [Andras + Iklody] + + Fix session_destroy errors +- Destroy the CakeSession, not the php one. Fixes #4808. [Richard van + den Berg] +- Merge pull request #4877 from tom564/patch-2. [Alexandre Dulaunoy] + + Allow SSL verification to be disabled with config +- Allow SSL verification to be disabled with config. [tom564] + + Allow SSL verification to be disabled with config. If I understand this right this will need to be scheduled with a cronjob if the expiration framework is wanted? + + +v2.4.111 (2019-07-14) +--------------------- + +New +~~~ +- [attribute-type] community-id added. [Alexandre Dulaunoy] + + Community-id is a new attribute type to describe a flow hashing algorithm allowing + the consumers of output from multiple traffic monitors to link each system's + flow records more easily. +- [API] Proposal sync rework done. [iglocska] +- [proposal sync rework] WIP. [iglocska] +- [doc] "Hidden" NetBSD install (core works) (#4847) [Steve Clement] + + new: [doc] "Hidden" NetBSD install (core works) +- [doc] Hidden NetBSD install (core works) [Steve Clement] + +Changes +~~~~~~~ +- [version] bump version 2.4.111. [Alexandre Dulaunoy] +- [version] align PyMISP version with core. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [error code] Attribute delete now responds with 403 if user is not + allowed to delete, instead of 405. [iglocska] +- [installer] Updated installer. [Steve Clement] +- [style] This is better. [Steve Clement] +- [installer] Updated to latest. [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc] Minor updates. Only core works for now. [Steve Clement] +- [doc] Various NetBSD updates, global vars makes sure PATH_TO_MISP is + correct. [Steve Clement] +- [genericPicker] Prevent submission if no item has been picked. + [mokaddem] + +Fix +~~~ +- [internal] Explicit conditions to avoid ambiguous lookups. [iglocska] +- [UI] Fixed galaxy add buttons on event index. [iglocska] +- [bug] RestClient notice error fixed. [iglocska] +- [objects] delete now accepts delete HTTP method. [iglocska] +- [install] Do not modify testlive_comprehensive.py (#4864) [Steve + Clement] + + fix: [install] Do not modify testlive_comprehensive.py +- [install] Do not modify testlive_comprehensive.py. [Raphaël Vinot] +- [hover enrichement] Fixed index in attribute. [chrisr3d] + + - Depending on the format of attribute passed to + the function +- [utils] Added missing util "sponge" via moreutils (#4861) [Steve + Clement] + + fix: [utils] Added missing util "sponge" via moreutils +- [utils] Added missing util "sponge" via moreutils. [Steve Clement] +- [proposal] sync fix stage 1. [iglocska] + + - added new capture function + - reworked the proposal index +- [sync] Proposal pull restricted to 14 days. [iglocska] + + - no need to pull ancient proposals each time +- [api fix] Deletes broken due to invalid boolean. [iglocska] + + - /facepalm +- [API] delete http requests properly accepted by some /delete + endpoints. [iglocska] +- [galaxy:add] Prevent bug when submitting empty galaxy. [mokaddem] +- [sync] Fixed a bug breaking the sync. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'hotfix/sync_rework' into 2.4. [iglocska] +- Merge branch '2.4' into hotfix/sync_rework. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix2 import] Importing external User Account objects. + [chrisr3d] + + - Reusing parsing functions +- Add: [stix2 import] Importing User Account objects. [chrisr3d] + + - From STIX documents generated with MISP + - External STIX documents support of User Account + object to come very soon + + +v2.4.110 (2019-07-08) +--------------------- + +New +~~~ +- [tags] Local tags feature added. [iglocska] + + - Create tags locally if you are a host org user that allows in-place tagging for sync / export filtering + - Events are NOT modified using these tags + - Local tags always get stripped before syncing + - Local tags allow host org users to violate the ownership model of MISP + - galaxies, attack matries also included + + - some sync fixes +- [correlation graph] Toggle physics on/off. [iglocska] + + .,/#&&@@@@@@@@&%(*. + #@@@@%*..,..,.,,.,,.,.,.,,,,..,*#@@@@( + .&@@%,,.,,.,,,*#%&&&%#(/**,,**/(%&&&%(/,.......(@@@, + %@@(,,,,,,(&&%*.......... ...*,*..,.........../&,....,%@@, + &@&,,,,,*&&(.... .*....*..//.../../(...*.*(...%..........#&(....*@@/ + ,@@,,,.,#......#..#*..(#..(*./,..,...*(...*.,.*..........#/#.....%&,..,/@@. + /@%,,,,(&(.....#/,...#../.(#...,/.,,../,..*(...*...%,.........,*...#./....#&,.,,@@. + .@&,.,,%&....,,....(*,.../.(,..(...,..,..*#..,,..,..,...*,....../#...,..(//.....,&/..,&@. + %@,,,,#&...,,/./**....(,,..(,.//..,*..............................,.....././(.,..*...,&/,,,@& + @%,,.(&,../(*..(#../#....(*. /....................................../,..*.*..//,,..,/.....,&...%@ + .@(..,&&,......%,,/..../(..(................................................/(..(.,.*.....**....%#,,*@, + @(,,*&%*.........*((....*#.......................................................(*.,,.......*,#...*&..,@* + @#,,/&%,.(*..........#,/.............................................................../...*..*(.......*&.,*@, + #@,.,&&*.#&/(.,...............................................................................,...(...,.,,.*%..*@ + @*,,%@/......#*(................................................................................./. (./.#.....#%..%@ + &@,,/..........#,../................................................................................,.#.........&*,,@* + @/,,&@,............/(..................................................................................#............*&../@ + @*,/&&.................................................................................................................&,..@ + (@,,(&(...................................................................................................................%%..@( + (&,,#&*.....................................................................................................................,%../% + #@,,%&........................................................*/,...../(*......................................................&..*@ + /&,,%&...................................................., **..................................................&..,@ + *@,,%&.................................................., . . .. . . *,................................................&..*@ + @*,#%,................................................* .. (................................................&.,*% + @/,*#*...............................................*%/,,,***,...,,. ..............,&..............................................,&..&( + %&,,%@...............................................%**,..,,,,,,,......,. ........ ,,%#............................................./(,.@ + @*,(%................................................*,..*(*.*,,...*,/..*,.. ... .,.*... ...............................................&*..@ + &(,,#,...............................(/**,,,.,,(.*/,%&&%#*/#(....,* .,...... */. ..,/**/(##% *,,.,,.( . .(..............................&..## + @*,%#................................*.... .(/..... %,,.,,*.,**.,,,,,,*((*,..... .(. . . .. ,.,,,..,. .....,..............................#(..@ + ,,/,................................*. ...........#,*.,/*.,,,,,,,,,,,...,*....... .(. . * %...............................&..*# + @/,##.................#*..,*,,,,..(/,,,*.,***/,,,,/*/*.,,,,,,,,,,,//***,,,**...... .. ./.%.,*.(*,,,..,.,/,..,***/*#...*%(...............%(..@ + .@*.#*..........,,,,,*,%....,/,**/...,//(/...*/((,.,/&%((/***/*//**///////********,,,,......./%(.......... . .,,,,.....#*.. ...,.........%..%/ + #(*//..........%,.,,,,.%........... . ...............*/****,*,,,,**,,,,,,,,,,,,,..,,.........(,,,,,*,,,*,,,......... ....( ...../.........&.,.@ + @/,(/........%%,.,,*,(%/*/*...,.,,*,..............,,.,/%%%###%%##%####(#%####%%(/((###(//(%((.................., . ....,%%((((//(&.......#/..@ + @/,((..........%......#*...........,..............,.../,//****/***/**,,*/,,/(*,*,,........**.(.,.................*...........& .*.........,%..@ + @/,#/..........(,,.,,,(*.........../..............,.../,/*/((((//*//*,*#***,./,/,,,........*./...................*...........%....../..........%..%. + @/,#*..........#......*/...........*..................*.**/,.,*(//**/,..,..,...*,,,..,*,...*.(...................*...........% .../..........&..(, + .@(*#,..........%......//...........,.,......,,*,**....*./**(,##,(//*/,/%&&&%%&//,,,..,//,.,*.(...../,,,,.........*.,.,.,.....& .. ../..........&../, + @(*#,..........#...(,,&/.....,%##(,*.......,,/*,(.,..,*./*/(*/**(/*,/,///***,.*/,,,..,../.,*./.....*/..(........./,*,*#......&,../..*..........&..(, + @(*#/..........#..*...%/...,.*,..#,,.......,,,..#,,.,,*./*/(*//*(//,(**//,,,,.*/,.,.,*../../,/...../(..(.........(.,..(.,....#. ..*.,,.........%..% + @/*/*..........#..,...%*...,.*,..#.,.......,*,..(.,,..*,**(#*((/(//,/********,*/*,,,.*..*.,/,(.,...*(..(.........(.,..(......#... *.*,.........%..@ + &//*,..........%..*...&,...../...(,,......,,*...(.,,,,,.///(*/////(*(,/*/***,,*/*.,.,*..*.,*./.,...*(../.........#,,..(......#. /./..........#..@ + *%/,#..........%..,...%,...........,.......,*...#.,,,./.**((*//*(//*(,/*/**,*,//*,,..,..*.,/,(...,.*#../,........#. .,......./. /.*.........**..@ + @/,(,.........%.. %....,..,....,,......,*...(,,,,/.,/,./*/(,(((/%#*,(///*//((,...*..*.,*,,#.,,,// ,.........#...........#. . ,.........&..%/ + @(/,/....,.........,*..,.........,,.....,.,.,,*,,,*//***,,,,,,**,***,****//(((##%%#######(#(#(..,.***,,,........#............./... ..,*...%..@ + ,@/,#,...,..,.,**,,,..,,,.,,.....,.,.,...,,/***/,,//(/////////**///(////**,,,,,,**,,,,......./.*,,**,,,,........#.............*,,,*,,,..**..#*.,% + @/**/...............................,,,,,,,,,,,*&&%%%###%%%%%%%%%&&&&&&%%##((/////***,*,,,,*/#%(&%###%%%%%&&&&&&%########((//**,...........%..@ + @/,/...........,%...............................**,,,,,,,*******//((###%%%&&&&@@@@@@@@@@@@@@%...............................,,,,,,,*/*.**.*& + /,#.....,*.,%&&%...........,.,..,*.....*,&/......*.*,/....&(#%......,.....*. ,.....,,,............../*........ .............../,..#*,..%..@ + @/*,/..,*@*...../(...........%*(,*%....,/#../#....*%( /.....(*.....,*,....(,......../.,......(,......#(.....#...#...........,.....//...&..%, + @/,**.*(....(,%./%.........*%,#.,&.....,(..&.....*%.##.....((.....,/.....*/........(........(,......#(....../../........../.......((.**.*& + (@/,(*..%#....,.,&........................................................................................................#*....../.,%..@ + #%/,(,..**/,..*%..*....................................................................................................,..#,.**(#..#..@ + @%/*#*.,....%*.#*%,,...................................................................................................%.........%.,@ + /,(/...,%.%./.*@*,................../&//...................................................,#*................../#*....&*./..%.,@ + &&/,(%..,./.(&....,/,..............,#(/,/. ,..............................................(*,,.,,...............,*..&..*../.,#.,@ + /&/,*%..,%,....*.(&*%............##.,...*&., ,....................................../.#...,,.../................%,..../&,.*,.,@ + ,@/**%*......,&(...&.#................*&..,(,./(,*.............................*..%./*.....#*,............*......,%.*,..&.,/% + @(/*#&..*/@.......%#(%............,/&...,(*#..(#./#.................,*.,.%,, .( ....,*.................,#...,.....(..#,.@* + #&/**&%......,,(&/..*.,................,%..../%(,..........///,#(.,*.....(.#,.,....#(...............%.*..%.....(..%,,,@ + @(/*(&*...*&.((...../%/..................,/(.............*......./##,...(,..#*.....................,#.,..%.*..,/,,@* + #@//*#@..##%..../.%...%....................,............(/.../..(*..,../...................#/.....#..%...,..%..*@ + @&(**%@,.,/.,.(*...//...................................%&(................................& &,..*..%,..%,,.@ + @&(*/#&(..((..,.#/....../.*.*.......................................................%.,...%*..%/....%...@. + @&(//(&@...%#/.......#/%..*.( /,..........................................*,,...../*%*,...#..../(.,.@. + &@(///%&/...........,/#.....*/##(.....................................,*,........(.%%#,/...%,.,*@ + /@#((/(%&*.....*/..((%...*/#...,*((#&. ,,*///*..............(*.../*.,.*,......&......%#.,,@% + &@((//#%&*...#(**#.../,/...*#*/../,,.*.*...(*,,..((....../,.....,,./........(...%/,,,#@ + @@(((((%%&,....../,/...,.**/..*,*..,,,(/..,,.,.,......(,.....(,..(, ...../%*.,,(@* + #@%////#%%&*....#.,(.,#*,..*,...*,./*.....#(........(,....(.......(%/,,,,&@. + .&@#////(#%%&(.....*&&*/*(...*,,..*./,...(...............,/%/,,,,,%@# + #@@/*////(#%%&&/.........,*(#*..(,/*.........,*#%//,,*,,*@@( + /@@@(/(////((((###%&&&&%%%%%%%%&%%##(/*******/&@@( + ,%@@@@%#((//////******/////(/#%@@@@%, + .,***/***,. +- [UI] Filter the object template index using the quick search. + [iglocska] +- [API] On-demand inclusion of attribute relations via the event view + endpoint. [iglocska] + + - new URL param, includeGranularCorrelations:1 added + + |\ /| + ___| \,,/_/ + ---__/ \/ \ + __--/ (D) \ + _ -/ (_ \ + // / \_ / ==\ + __-------_____--___--/ / \_ O o) + / / \==/ + / / + || ) \_/\ + || / _ / | + | | /--______ ___\ /\ : + | / __- - _/ ------ | | \ \ + | - - / | | \ ) + | | - | | ) | | + | | | | | | | | + | | < | | | |_/ + < | /__\ < \ + /__\ /___\ +- [stix import] Parsing observable compositions from external STIX + files. [chrisr3d] +- [security] Made certain settings modifiable via the CLI only. + [iglocska] + + - some settings are too risky to be exposed, even to site admins, so made them CLI accessible only +- [server settings] Added option to disable the write collision safe + rotating config.php handler. [iglocska] + +Changes +~~~~~~~ +- [docs] Added excludeLocalTags to events/restSearch. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [version] bumped. [iglocska] +- [travis] Print permissions on error with travis. [Raphaël Vinot] +- [doc] Minor update, added known-issues section. [Steve Clement] +- [doc] Updated Debian testing install docs (#4840) [Steve Clement] + + chg: [doc] Updated Debian testing install docs +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc] Update to Debian 10 install guide, everything works as expected. + chg: [doc] OpenBSD is broken for misp-modules (OpenCV etc) [Steve + Clement] +- [doc] Updated Debian testing install docs. [Steve Clement] +- [travis] Fix perms (?) [Raphaël Vinot] +- [travis] Try to fix upload_sample. [Raphaël Vinot] +- [PyMISP] Bump version. [Raphaël Vinot] +- [PyMISP] Bump version. [Raphaël Vinot] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [travis] more gpg experiments. [Alexandre Dulaunoy] +- [travis] It's not my week with GnuPG and OpenPGP. [Alexandre Dulaunoy] +- [i18n] Uploaded version from crowdin. Updated default.pot (#4835) + [Steve Clement] + + chg: [i18n] Uploaded version from crowdin. Updated default.pot +- [i18n] Uploaded version from crowdin. Updated default.pot. [Steve + Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [enrichment] Reusing the new function fetchInitialObject. [chrisr3d] + + - New function that is exactly the copy paste of + what is removed in this commit and replaced by + the function call +- [enrichment] New modules available from event enrichment. [chrisr3d] +- [installer] Added fork checker. [Steve Clement] +- [installer] One step closer to "sane" aka. generic os-detection. + [Steve Clement] +- [doc] Leveled RHEL7/RHEL8 Install procedure (WiP) (#4824) [Steve + Clement] + + chg: [doc] Leveled RHEL7/RHEL8 Install procedure (WiP) +- [installer] Updated Installer. [Steve Clement] +- [doc] Updated Debian Install. [Steve Clement] +- [doc] More CentOS/RHEL updates towards some sort of installer. [Steve + Clement] +- [doc] Leveled RHEL7/RHEL8 Install procedure (WiP) [Steve Clement] +- [i18n] Updated Russian Translation to >30% (#4821) [Steve Clement] + + chg: [i18n] Updated Russian Translation to >30% +- [i18n] Updated Russian Translation to >30% [Steve Clement] +- Bumped query version. [chrisr3d] +- [enrichment] Import modules now support new modules format. [chrisr3d] + + - Import module results are sent to the new view + (same as for expansion modules) whenever they + support objects import + - Function handling the results right after they + are returned from the module has also been moved + to Model/Event and is used for both expansion & + import modules +- [enrichment] Making attributes category & type changeable. [chrisr3d] + + - To keep possibility to select the attribute type + or category, as it is in freetext import + - Category and Type values that can be selected by + users should be specified in the results, using + an array. Otherwise, they are set and cannot be + changed in the view (as it is the case for the + other fields like value and uuid) + - This feature is only applicable on attributes + level, and not on object attributes level +- [enrichment] Passing the initial object to the form. [chrisr3d] + + - If the attribute we query the module on is an + object attribute, we want to have this object + information se we do not add or overwrite + attributes already here +- [ObjectReference] Referenced id, uuid & type set now from a function + that could be reused. [chrisr3d] +- [enrichment] Defined function to appy inflector on strings. [chrisr3d] + + So we can use it each time we want to display the + freetext import / module results status message +- [stix2] Bumped latest version. [chrisr3d] + + - Fixing issues with 'parse' called on bundles + containing custom objects +- [installer] If unattended do not switch user. (#4812) [Steve Clement] + + chg: [installer] If unattended do not switch user. +- [installer] If unattended do not switch user. [Steve Clement] +- Remove php 7.0 from travis. [Raphaël Vinot] +- Try to solve the entropy problem on travis. [Raphaël Vinot] +- [doc] More tweaks to the CentOS howto. [Steve Clement] +- [installer] Updated installer. [Steve Clement] +- [doc] Fixed some issues with dashboard. [Steve Clement] +- [doc] Added more steps to make it work on RHEL/CentOS. [Steve Clement] +- [event:view] More UI tweaking on related-* [mokaddem] +- [event:view] UI tweaking on related-* [mokaddem] +- [event:view] Make `Related *` scrollable. [mokaddem] +- [relatedEvent:view] Display the number of unique correlation. + [mokaddem] +- [view:relatedEvents] Improved UI. [mokaddem] +- [relatedEvent:view] Started integration into event:view - WiP. + [mokaddem] +- [previewEvent] Improved UI of related events - WiP. [mokaddem] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [stix2] Bumped latest version. [chrisr3d] +- [installer] Update installer to Fix Auto-VMs. [Steve Clement] +- [installer] Updated installer. [Steve Clement] +- [doc] Added plyara to kali installer, amended RHEL misp-modules + (#4787) [Steve Clement] + + chg: [doc] Added plyara to kali installer, amended RHEL misp-modules +- [doc] Added plyara to kali installer, amended RHEL misp-modules. + [Steve Clement] +- [tools] ask_o () wants -e (for colorz) (#4764) [Steve Clement] + + chg: [tools] ask_o () wants -e (for colorz) +- [tools] ask_o () wants -e (for colorz) [Steve Clement] +- [installer] This tweak allows us to reset ssh-keys/ssl- + certs/other_things_that_want_to_be_uniqe on firstBoot. (#4751) [Steve + Clement] + + chg: [installer] This tweak allows us to reset ssh-keys/ssl-certs/other_things_that_want_to_be_uniqe on firstBoot. +- [installer] Regen Installer. [Steve Clement] +- [installer] This tweak allows us to reset ssh-keys/ssl- + certs/other_things_that_want_to_be_uniqe on firstBoot. [Steve Clement] +- [doc] Added more bits to GPG key. (#4749) [Steve Clement] + + chg: [doc] Added more bits to GPG key. +- [doc] Added more bits to GPG key. [Steve Clement] +- [tools] Added MISPvars from the installer. Added PATH_TO_MISP as a + standard. (#4748) [Steve Clement] + + chg: [tools] Added MISPvars from the installer. Added PATH_TO_MISP as a standard. +- [tools] Added MISPvars from the installer. Added PATH_TO_MISP as a + standard. [Steve Clement] +- [installer] Added ask_o () for input validation, fixed tr to be more + uniform. Updated installer checksums. (#4747) [Steve Clement] + + chg: [installer] Added ask_o () for input validation, fixed tr to be more uniform. Updated installer checksums. +- [installer] Added ask_o () for input validation, fixed tr to be more + uniform. Updated installer checksums. [Steve Clement] +- [reusability] Further modifications - have an on-demand static mode + for ajaxTags. [iglocska] +- [reusability] modified ajaxTags to massage the data a bit for code- + reuse. [iglocska] + +Fix +~~~ +- [stix2 export] Fixed user account pattern creation. [chrisr3d] +- [stix2 export] Fixed user account observable extension. [chrisr3d] +- [galaxies] several minor issues fixed in the UI. [iglocska] +- [CLI] admin->setDatabaseVersion fixed. [iglocska] +- [discussions] Fix to a potential black-hole inducing issue. [iglocska] + + - this totally won't do anything +- [tmpdir] fixed invalid file path. [iglocska] +- [UI] Fixed erroneous tag add buttons from the index. [iglocska] +- [internal] upload sample had a hard coded tmp path that would fail to + the php fallback if MISP is not installed in /var/www/MISP. [iglocska] +- [stix2 import] Quick variable simplification. [chrisr3d] +- [stix2 import] Reusing functions to simplify the code & avoid + duplicates. [chrisr3d] +- [stix2 import] Fixed network socket values from pattern. [chrisr3d] +- [stix import] Fixed backward compatibility of an exception. [chrisr3d] +- [eventGraph] Correctly pick the first-matching requiredOneOff to + generate the object's label. [mokaddem] +- [enrichment] Avoiding issues with failing references. [chrisr3d] + + - In our case of handling module results, we don't + especially want the results parsing to stop + because of a missing/failing reference, we just + want to skip it +- [events] Create massive dummy events. [mokaddem] +- [enrichment] Fixed meta-category fetching. [chrisr3d] + + - Due to the javascript part, we need to set a + 'meta_category' field, which we then translate + to the expected 'meta-category' field, but which + is not required when enrichment is called from + the event level +- [installer] Variable regression (#4829) [Steve Clement] + + fix: [installer] Variable regression +- [installer] Variable regression. [Steve Clement] +- [doc] Fixed systemd unit (#4827) [Steve Clement] + + fix: [doc] Fixed systemd unit +- [doc] Fixed systemd unit. [Steve Clement] +- [installer] Update to correct checksums. [Steve Clement] +- [installer] Installer had some bugs for os-detection. [Steve Clement] +- [doc] Added missing misp-modules centos (#4825) [Steve Clement] + + fix: [doc] Added missing misp-modules centos +- [doc] Added missing misp-modules centos. [Steve Clement] +- [modules] Added full attribute to full event enrichment's module + query. [iglocska] +- [stix2 import] Fixed socket extension parsing + reusing code. + [chrisr3d] + + - Reusing the function defined to avoid duplicates + for network socket objects generated via the + MISP to STIX2 export +- [stix2 import] Replacing unnecessary defaultdict by dict. [chrisr3d] +- [stix2 import] Reusing function & avoiding duplicates. [chrisr3d] +- [stix2 export] Making stix2-validator happy with email additional + header fields. [chrisr3d] +- [stix2 export] Making stix2-validator happpy with registry key + patterns. [chrisr3d] +- [internal] processing freetext data without background workers fixed. + [iglocska] +- [enrichment view] Testing if event metadata elements exist before + displaying them. [chrisr3d] +- [enrichment] Applying regular expressions to values before displaying + them. [chrisr3d] + + - So when the DB is queried to find if object + attributes with those values already exist, + we do not miss some stored values +- [enrichment] Strengthened query conditions to find existing object + attributes. [chrisr3d] +- [enrichment view] Displaying Tags only if not empty (error otherwise) + [chrisr3d] +- [enrichment] Added missing variable. [chrisr3d] +- Returning tags & galaxies from module results. [chrisr3d] +- [enrichment view] Fixed attributes display wwwwwwwwwww. [chrisr3d] + + - Making attribute value display accept to be on + multilines to let more space for uuids to be on + 1 line + - This makes the global display lighter with long + attribute values, because they were displayed on + only 1 line, making uuids displayed on 3 or 4 + lines, making the complete view height way bigger + than expected +- [enrichment view] Displaying forgotten header when there is no object + in module results. [chrisr3d] +- [enrichment] Setting importComment value before going to the view. + [chrisr3d] + + - Saving a variable & will avoid issues when reusing + the view for import modules +- [enrichment] Json format of validation errors. [chrisr3d] +- [enrichment view] Fixed mispositioned closing tags. [chrisr3d] +- [enrichment] Fixed tags classes names following the latest changes on + the module results view. [chrisr3d] +- [enrichment view] Using some MISP event view parts. [chrisr3d] + + - Using the same design as objects and attributes as in + the MISP event view +- [enrichment] Fixed change on types & categories. [chrisr3d] + + ... that should be applied on attributes level and + not on object attributes level +- [enrichment] Removing traces of some variables related to the freetext + import. [chrisr3d] +- [enrichment] Removed possibility to display freetext result in the new + module results view. [chrisr3d] +- [hover enrichment] Displaying information of empty results when + needed. [chrisr3d] +- [enrichment] Displaying reference saving errors in the job status. + [chrisr3d] + + - Finaly using the dedicated list to display + validation errors for references +- [enrichment] Better references handling. [chrisr3d] + + - References are all handled at the end, after the + attributes and objects are all saved (or skipped + when needed). + - Since we no longer have any data in '$failed', + we simply skip every reference related to uuids + present in this list. + - '$recovered_uuids' is the list used to handle + uuids of resolved attributes/objects already + in the event. + - We also skip references already present in the + event (i.e same source, same target and same + relationship type). +- [enrichment] Better resolved objects handling. [chrisr3d] + + - We handle the initial object independently from + all the other objects. + - We make sure Object attributes are not already + in the event (i.e the object is not already in + the event) before saving it + - Some other cases handled a better way to make + sure we skip saving object attributes or + references when they should not be, or to skip + what should be skipped. +- [enrichment] Redefinition of the '$failed' array. [chrisr3d] + + - Used as list and not as dict + - Used to keep a list of failing attribute & objects + - Attributes already present in the event are no + longer saved in this list, and their uuid is saved + in the '$recovered_uuids' list which is used to + redirect the resolved attribute / object uuid to + the same already present attribute / object +- [enrichment] Fixed inflector typo. [chrisr3d] +- [enrichment] Simplified tests if not empty. [chrisr3d] + + - In those specific cases, we can simply skip + testing if something is set or equals 0, '' or + false, since it is all implied in 'empty' +- [enrichment view] Quick change, using variable. [chrisr3d] + + ... Instead of going twice through the dictionary + keys to fetch the same value +- [enrichment] Displaying error value in the job status instead of the + json format. [chrisr3d] +- Removed test variables. [chrisr3d] + + - Also pardon my French +- [enrichment] Typo on Object references field relationship_type. + [chrisr3d] +- [enrichment] Fixed missing object_relation field. [chrisr3d] + + ... for object attributes fetched from module + results form +- [enrichment view] Quick display fix. [chrisr3d] + + - Making sure the submit button is always at the + bottom of the page + - Fixed missing closing tags +- [freetext import] Deleted not used variable. [chrisr3d] +- [cleanup] Fixed indentations. [chrisr3d] +- [enrichment] Fixed handleModuleResults input variable name. [chrisr3d] +- [enrichment] Fixed missing merge conflict. [chrisr3d] +- [enrichment] Set sharing group id to 0 when distribution is not + 'Sharing Group' [chrisr3d] + + - Also setting some return data & fields +- [enrichment view] Added missing form fields + button typo. [chrisr3d] + + - Those form inputs are the ones that are used in + the javascript part to submit results +- [enrichment view] Fixed Object sharing group field location. + [chrisr3d] +- [enrichment view] Trying to avoid submit button to be somewhere not + intended. [chrisr3d] +- [enrichment] Avoiding errors on distribution and sharing group data. + [chrisr3d] + + - Making sure we do have a value for distribution + and sharing group + - Avoid translating distribution levels into their + human meaning because the output process capturing + data from the form will anyway use the numeric + values. Readable values are btw displayed in the + form for users confort + - Also sanitized data displayed +- [enrichment] Testing if an object has attributes before looping over + them. [chrisr3d] +- [stix2 export] Making stix2-validator happy about mac addresses. + [chrisr3d] +- [stix2 export] Fixed TLP marking definition objects creation. + [chrisr3d] +- [stix2 export] Fixed registry-key keys and values parsing for + patterns. [chrisr3d] + + - There was an issue with back slashes that made + sometime indicators creation fail + - Also switched from concatenation to join +- Libonig2 -> libonig4 (ubuntu bionic) [Raphaël Vinot] +- [stix2 export] Making reusable subfunctions. [chrisr3d] + + - Useful for the next functions to come using the + same pieces of code +- [stix2 export] Defining pattern with join intead of concatenation. + [chrisr3d] + + - Started splitting functions with sub-functions + for a reuse +- [stix2 export] Improved network socket object creation. [chrisr3d] +- [stix2 export] Fixed credential objects mapping to avoid missing + required stix fields. [chrisr3d] +- [stix import] Fixed stix_edh library import error catching. [chrisr3d] +- [row_attribute] feed correlation popover not being displayed for feed + type other than MISP format. [mokaddem] +- [relatedEvent:view] catch if number of correlation cannot be found. + [mokaddem] +- [event:addTag] User can add multiple tag collection at once. + [mokaddem] +- [stix2 import] Fixed wrong function used. [chrisr3d] +- [installer] Currently misp-packer fails on waiting for user inpu… + (#4788) [Steve Clement] + + fix: [installer] Currently misp-packer fails on waiting for user inpu… +- [installer] Currently misp-packer fails on waiting for user input + during upgrade. [Steve Clement] +- [data-massaging] Removed massaging for float type attributes. + [iglocska] + + - it not only stripped anything but floats as expected, but additionally also rounded the value +- [js] fixes #4678 and javascript errors. [Christophe Vandeplas] +- [API] Simple worker management added. [iglocska] + + - /servers/startWorker/[queue] + - /servers/stopWorker/[pid] + - /servers/getWorkers +- [object:proposeValidTemplate] Support only_full_group_by sql mode. Fix + #4746. [mokaddem] +- [UI] Enrichment hover should also work after sorting / changing the + event attribute context, etc. [iglocska] +- [stix import] Fixed address objects parsing. [chrisr3d] +- [shell] ask_o () needed some quotes, regenerated installer. (#4750) + [Steve Clement] + + fix: [shell] ask_o () needed some quotes, regenerated installer. +- [shell] ask_o () needed some quotes, regenerated installer. [Steve + Clement] +- [stix import] Better handling of missing python libraries. [chrisr3d] +- [security] Fixed an RCE vulnerability with user controled entries + being fed to file_exists. [iglocska] + + - phar protocol paths for php file instructions can lead to RCE via meta-data deserialization + - mitigated by the functionalities enabling this being only accessible to site admins + + - Reported by Dawid Czarnecki +- [ajaxTypes] copy pasta fixed. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4841 from SteveClement/guides. [Steve Clement] + + chg: [doc] Minor update, added known-issues section +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' into guides. [Steve Clement] +- Add: [stix2 export] Exporting user-account objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix2 import] Importing credential objects. [chrisr3d] +- Add: [stix2 import] Parsing network traffic in the case of network + connection object. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Added norwegian translation (#4832) [Steve Clement] + + Added norwegian translation +- Added norwegian. [Kortho] + + Added norwegian translation +- Merge pull request #4807 from RichieB2B/ncsc-nl/IOCImport. [Andras + Iklody] + + Support empty attribute type in IOC import +- Support empty attribute type in IOC import. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4826 from SteveClement/tools. [Steve Clement] + + chg: [installer] One step closer to "sane" aka. generic os-detection +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #4822 from Kortho/patch-1. [Andras Iklody] + + fixed mixed dbuser - dbname +- Fixed mixed dbuser - dbname. [Kortho] + + changed so the script uses the correct var +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'module_rework2' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Add: [enrichment] Fetching data fields from the view. [chrisr3d] +- Add: [enrichment view] Added data fields + cancel button to the form. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Add: [enrichment] Displaying + returning tags at attributes level from + the module results. [chrisr3d] + + - If one of our UI master could review this and find + a better way of displaying the tags at attribute + level in the module results view, it would be + very cool :D +- Add: [enrichment] Attaching event level tags returned by the module + results. [chrisr3d] +- Add: [enrichment view] Displaying event level tags. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Add: [enrichment view] Displaying events metadata & number of returned + attributes. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Wip: [enrichment] Handling the potential uuids differences. [chrisr3d] + + - We want to be sure the references we add to an + event are pointing to the right target, so + when an attribute/object is already in the event + and is a reference target, we want to point to + this already existing attribute/object, and not + to the one we get from the module results, which + will afterall be skipped. + - Also to to that, attributes already in the event + are simply not saved, but we need to find in the + event if an event already exists or not, using + its attributes + - More care to the references themselves to come +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Wip: [enrichment] Avoiding duplicate object attributes. [chrisr3d] + + - It concerns obviously the case where we query a + module using an attribute within an object as input + - More to come about the ObjectReference field that + should not be overwritten/duplicated either +- Wip: [enrichment] Passing initial object references as well. + [chrisr3d] + + - Also testing if the initial object found is not empty +- Wip: [enrichment] Passing the initial object within the request data. + [chrisr3d] + + - Makes its parsing easier afterwards +- Add: [hover enrichment] Displaying resolved objects & attributes from + new modules results. [chrisr3d] + + - Also quick indentation fix +- Wip: [hover enrichment] Passing new modules results to the hover + enrichment view. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Wip: [enrichment] Support of object references. [chrisr3d] + + - Handling the references between objects and + attributes or objects that are displayed in the + form and saving them. + - Avoiding issue when an attribute or object can + not be saved and is referenced: trying to find + in the event if it is an attribute, returning + a warning message if it is an object or if + nothing corresponding to the failing referenced + object or attribute is found. +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Wip: [enrichment] Returning a status message after the module results + handling is done. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Wip: [enrichment] Saving attributes & objects from module results. + [chrisr3d] + + - Need to handle specific cases, relationships, + and to update the progress status information +- Add: [enrichment] Added possibility to get object template version & + uuid. [chrisr3d] +- Wip: [enrichment] Capturing objects & attributes. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into + rework_modules. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix2 export] Added network connection to the mapped objects. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4802 from SteveClement/guides. [Steve Clement] + + chg: [doc] More tweaks to the CentOS howto +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4798 from SteveClement/guides. [Steve Clement] + + chg: [doc] Various updates to RHEL/Ubuntu +- Add: [stix2 export] Mapping credential MISP objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4570 from mokaddem/relatedEventUI. [Andras Iklody] + + Related event ui +- Merge branch '2.4' of github.com:MISP/MISP into relatedEventUI. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into relatedEventUI. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into relatedEventUI. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4769 from cvandeplas/2.4. [Andras Iklody] + + fix: [js] fixes #4678 and javascript errors +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4674 from juju4/devel-globalstrict. [Andras + Iklody] + + strict typing - snuffleupagus tests +- Strict typing - snuffleupagus tests. [juju4] +- Merge pull request #4741 from StefanKelm/2.4. [Andras Iklody] + + Update EventBlacklistsController.php +- Update edit.ctp. [StefanKelm] + + Clarification that "Fetch GnuPG key" actually connects to the MIT key server +- Update EventBlacklistsController.php. [StefanKelm] + + (minor) aligns the text with app/Controller/Component/BlackListComponent.php +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.109 (2019-06-13) +--------------------- + +New +~~~ +- [eventblacklist] Added search filters. [iglocska] + + - We really need a DISP - development information sharing platform +- [eventBlacklist] Added support of bulk deletion of entries. Fix. + [mokaddem] +- [statistics:galaxyMatrix] Added filtering capabilities. [mokaddem] +- [object:fromAttribute] Started dev on merging selected attributes into + an object - WiP. [mokaddem] +- [API] added new restSearch filter - date. [iglocska] + + - deprecated to and from + - date works similarly to timestamp, accepted syntax options: + - time ranges in the shorthand format (7d or 24h, etc) + - timestamps + - fallback parsing for other formats (2019-01-01, "fortnight ago", etc) + - date ranges using lists [14d, 7d] +- [cleanup] Added admin tool to remove all published empty events. + [iglocska] + + - part of the solution to the empty event sync issue introduced in 2.4.107 + - skips the event blacklisting +- [sync] Block pulled events from being saved if they contain no + attributes/objects. [iglocska] +- [emailing] Server admins can get a threshold for per org e-mail + alerts, fixes #4714. [iglocska] + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Updated Installer and chksums to latest (#4740) [Steve + Clement] + + chg: [installer] Updated Installer and chksums to latest +- [installer] Updated Installer and chksums to latest. [Steve Clement] +- [doc] Added ZMQ to the procedure. [Steve Clement] +- Bumped queryversion. [mokaddem] +- [querystring] bump. [iglocska] +- Bumped queryversion. [mokaddem] +- [galaxyMatrix] Added check if event not found. [mokaddem] +- [galaxyMatrix] Improved `getTagScores` to allow with and without ACL + tag score fetching. [mokaddem] +- [textColourHelper] Little tweaking to prefer black text. [mokaddem] +- [attributeTag:getTagScore] Largely improved code. [mokaddem] +- [restSearch:attack] Only expose attack return format to the `event` + scope. [mokaddem] +- [galaxyMatrix:stats] Only take into account occurences of galaxy once + per event. [mokaddem] +- [galaxyMatrix] Fix typos. [mokaddem] +- [galaxyMatrix] Transformed query into cakephp model query. [mokaddem] +- Bumped queryversion. [mokaddem] +- [export:attack] Performance improvements. [mokaddem] +- [galaxyMatrix] Slight UI improvement on number of items. [mokaddem] +- [galaxyMatrix:popup] Layout improvement. Make it scrollable! + [mokaddem] +- [galaxyMatrix] Added sorting by score. Fix #4608. [mokaddem] +- [galaxyMatrix] number of entry per column. Fix #4601. [mokaddem] +- [object:fromAttributes] Deleted comments and hardcoded table name. + [mokaddem] +- [attribute:delete] Simplified search options. [mokaddem] +- [object:fromAttributes] Enforce minimum popover size. [mokaddem] +- [object:fromAttributes] Method only accesible via AJAX and regular + users can use the feature. [mokaddem] +- [object:fromAttributes] Added support of hard delete if event not + published yet. [mokaddem] +- [object:fromAttributes] Changed warning message during the merge + review. [mokaddem] +- [object:fromAttributes] Improved styling of reference table. + [mokaddem] +- [object:fromAttributes] Added a bit more styling on the reference + table. [mokaddem] +- [object:fromAttributes] Show object references that will be dropped. + [mokaddem] +- [object:fromAttributes] Slightly improved layout. [mokaddem] +- [ACL] Updated routing. [mokaddem] +- [object:fromAttributes] Added object_relation description. [mokaddem] +- [object:fromAttributes] Returns correct value if attribute list is + empty. [mokaddem] +- [object:fromAttributes] Created Object from Attribute now works. + [mokaddem] +- [object:fromAttributes] Shows selected types and started implementaion + of the actual object creation - WiP. [mokaddem] +- [object:fromAttributes] Added support of form submission - WiP. + [mokaddem] +- [object:fromAttributes] Better Attribute filtering - WiP. [mokaddem] +- [object:fromAttributes] Greatly improved UI - WiP. [mokaddem] +- [object:fromAttribute] Continue of web and controller implementation - + WiP. [mokaddem] +- Bumped queryversion. [mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [installer] added missing python zmq lib. [Christophe Vandeplas] +- [installer] Commit: https://github.com/MISP/MISP/commit/1716ca7da9d671 + a5e103069d4b74c867a17b1020 regressed the installer to an earlier + version. [Steve Clement] +- [UI] weird blue button fixed. [iglocska] +- [galaxyMatrix] Handle case if deprecated galaxy does not exists. + [mokaddem] +- [galaxyMatrix] Catch error if no element in column. [mokaddem] +- [event:galaxyMatrix] Apply ACL on the galaxy matrix scores (event + view) [mokaddem] +- [galaxyMatrix:export] Removed multiple bugs providing inconsistent + result. [mokaddem] +- [Attribute:restSearch] Prevent failing if file empty. [mokaddem] +- [galaxyMatrix] fixed layout for other views. [mokaddem] +- [attributes] Correctly pass the user object and renamed delete + function. [mokaddem] +- Few typos. [mokaddem] +- [object:fromAttributes] SYNC support for older instances (duplicate + attributes and their contexts) [mokaddem] +- [sync] Correctly capture the attributes from a groupment into an + object during the sync. [mokaddem] +- [attribute:editAttribute] synchronisation support when attributes got + merged into an object. [mokaddem] +- [object:fromAttributes] Catch if `requiredType` is empty. [mokaddem] +- [object:fromAttributes] Correctly skip non valid attributes. + [mokaddem] +- [galaxy:add] Fix #4733 (adding galaxies on attribute) [mokaddem] +- [security] Org admins could reset credentials for site admins. + [iglocska] + + - org admins have the inherent ability to reset passwords for all of their org's users + - this however could be abused if for some reason the host org of an instance would create org admins + - the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them + - the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins + - only org admins of the same organisation as the site admin could abuse this + + - as reported by Raymond Schippers +- [sync] Push all bug with empty events fixed. [iglocska] +- [permissions] Fixed the default sync/user/publisher permissions to + include perm_tagger and perm_tag_editor(sync only) [iglocska] +- [CSRF] END THIS NIGHTMARE. [iglocska] +- [CSRF] Potential fix for the CSRF issues via tag/galaxy additions. + [iglocska] +- [session] Fix to automatic session destruction in previous attempt to + fix the overflow of API sessions. [iglocska] +- [API] Destroy the session at the end of the execution. [iglocska] +- [sync] Temporary fix for empty events showing up in syncs when pulling + from a new instance via an outdated one. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #4734 from cvandeplas/2.4. [Steve Clement] + + fix: [installer] added missing python zmq lib +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'eventblacklist' into 2.4. [iglocska] +- Merge pull request #4635 from mokaddem/galaxyMatrixImprovements. + [Andras Iklody] + + Galaxy matrix improvements +- Merge branch '2.4' of github.com:MISP/MISP into + galaxyMatrixImprovements. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + galaxyMatrixImprovements. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + galaxyMatrixImprovements. [mokaddem] +- Merge pull request #4672 from mokaddem/mergeAttributeIntoObjects. + [Andras Iklody] + + Merge attributes into objects +- Merge branch '2.4' of github.com:MISP/MISP into + mergeAttributeIntoObjects. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + mergeAttributeIntoObjects. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + mergeAttributeIntoObjects. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + mergeAttributeIntoObjects. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + mergeAttributeIntoObjects. [mokaddem] +- Merge pull request #4722 from certbe-trey/2.4. [Andras Iklody] + + enable misp-wipe where MySQL datastore isn't on localhost +- Enable misp-wipewhere MySQL datastore isn't on localhost. [Trey + Darley] + + The misp-wipe script grabs the MYSQL host parameter from database.conf but it wasn't included in the call to mysqldump. +- Merge pull request #1 from MISP/2.4. [Trey Darley] + + merge with upstream +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix import] Supporting additional marking & namespace. + [chrisr3d] + + +v2.4.108 (2019-06-04) +--------------------- + +New +~~~ +- [Sync] Add a tool to create MISP sync configuration JSONs and to + ingest them, fixes #4696. [iglocska] + + - sync user can log into remote instance, extract config JSON + - paste it into own instance as site admin to add MISP sync connection +- [API] AND for tag filters in restSeach added. [iglocska] +- [API] Added object_relation as a filter for both the event/attribute + restSearch functions. [iglocska] +- [paranoid logging] Added POST/PUT body logging on demand. [iglocska] +- [logging] Added paranoid logging mode. [iglocska] + + - will log ANY query's (UI/API): + - http method + - requested URL + + - optionally disable DB logging for paranoid log entries +- [logging] Added verbose logging to the server sync test throwing an + unexpected error. [iglocska] + +Changes +~~~~~~~ +- [doc] CentOS 7 updates (#4718) [Steve Clement] + + chg: [doc] CentOS 7 updates +- [doc] CentOS 7 updates chg: [doc] Cake command failing. [Steve + Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [version] bump. [iglocska] +- [installer] Updated the installer to the latest version. [Steve + Clement] +- [doc] RHEL8 updates. [Steve Clement] +- [tools] unused import module removed. [Alexandre Dulaunoy] +- [feeds] Benkow.cc RAT feed added. [Alexandre Dulaunoy] +- [default feeds] additional properties is allowed. [Alexandre Dulaunoy] +- [doc] Updated SQL (#4670) [Steve Clement] + + chg: [doc] Updated SQL +- [doc] Updated SQL chg: [installer] Updated installer. [Steve Clement] +- [restResponse] Added documentation for adding tags on Objects. + [mokaddem] +- [diagnostic:view] Improved visibility of the `updateAllJson` update + button. [mokaddem] +- [event:view] Correctly display title to large by truncating + (+ellipsis) [mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [feeds] malshare.com - current all added. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- Bumped queryversion. [mokaddem] +- Bumped queryversion. [mokaddem] +- [font-awesome] Bumped version to 5.8.2 and updated glyphs. [mokaddem] +- [doc] adde --no-cache to wget to make sure we always have the la… + (#4648) [Steve Clement] + + chg: [doc] adde --no-cache to wget to make sure we always have the la… +- [doc] adde --no-cache to wget to make sure we always have the latest + checksums. [Steve Clement] + + chg: [installer] Updated installer +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Checksum update. [Steve Clement] +- Bumped queryVersion. [mokaddem] +- [doc] Updated Changelog (#4642) [Steve Clement] + + chg: [doc] Updated Changelog +- [doc] Updated Changelog. [Steve Clement] +- [object:add] Disable the first select's option when adding a new row. + [mokaddem] +- [object:add] Added empty option support in select inputs when creating + an object. [mokaddem] +- [installer] If shasum is not found, install it (#4634) [Steve Clement] + + chg: [installer] If shasum is not found, install it +- [installer] Update installer to latest. [Steve Clement] +- [installer] Added todo. [Steve Clement] +- [installer] If shasum is not found, install it. [Steve Clement] +- [installer] Update to latest version (#4633) [Steve Clement] + + chg: [installer] Update to latest version +- [installer] Update to latest version chg: [installer] Set a dynamic + GnuPG passphrase. [Steve Clement] +- [installer] Update installer (#4631) [Steve Clement] + + chg: [installer] Update installer +- [installer] Update installer. [Steve Clement] +- [installer] Installer now checks his own checksum (#4630) [Steve + Clement] + + chg: [installer] Installer now checks his own checksum +- [installer] Installer now checks his own checksum. [Steve Clement] +- [yara export] fix the correct Python version is used. [Alexandre + Dulaunoy] + +Fix +~~~ +- [UI] Event lock concatinating quoted empty strings. [iglocska] +- [UI] Double sanitisation of org view fixed, fixes #4704. [iglocska] +- [sync] Further fixes to the deleted flag changes breakig things. + [iglocska] +- [authkey] Fixed The authkey variable (Viper should work again) (#4694) + [Steve Clement] + + fix: [authkey] Fixed The authkey variable (Viper should work again) +- [authkey] Fixed The authkey variable (Viper should work again next + run) fix: [doc] Upated RHEL formatting and added $RUN_MYSQL (scl + enable foo) variable. [Steve Clement] +- [sync] Critical bug fixed that blocked attributes from being included + in a push. [iglocska] + + - due to the change to the deleted flag that was not reflected in the way we prepare events for the synchronisation +- [sync] Fixed an issue that dropped the remote org. [iglocska] +- [UI] Add the create server sync description menu to the server list. + [iglocska] +- [sync] whitelist fields that can be added via the JSON config. + [iglocska] +- [UI] Invalid redirect fixed. [iglocska] +- [organisation:view] Fixed spinner when viewing events from an org. + [mokaddem] +- [API] Weird responses from JSON objects fixed when data returned is + empty. [iglocska] +- [API] Wrong JSON output when /events/index returns empty result, + fixes #4690. [iglocska] +- [UI] Org index filter fixed. [iglocska] +- [stix2 import] Fixed external domain & x509 patterns import. + [chrisr3d] +- [freetext import] Fixed shadow attribute import. [chrisr3d] +- [feed] Feodo tracker blocklist URL replaced. [Sascha Rommelfangen] +- [submodule version check] fixed. [iglocska] +- [event:view] Correctly support the new `deleted` parameter behavior. + [mokaddem] +- Fix: [restSearche] Correctly interpret the `deleted` parameter on + `event` and `attribute` scope. -- Pair programming with @iglocksa. + [mokaddem] +- [UI] Fixed checklocks polluting the top bar. [iglocska] +- [upgrade process] For the recovery script, also take "failed" upgrades + into account. [iglocska] + + - not all update script errors are actual failures, some insertions of table rows that already exist to resolve potential previous update issues would otherwise not be flagged +- On-Demand Action missed side menu fixed. [4ekin] +- [API] Allow more flexibility on the return content types. [iglocska] + + - also set RPZ as txt +- [enrichment:popover] Correctly fadeout when clicking on the close + button. [mokaddem] +- [eventGraph] Patch to support new font-awesome 5.8. [mokaddem] +- [STIX] STIX upload fixed for API use. [iglocska] +- [installer] Piping large shell scripts to bash needs more testin… + (#4644) [Steve Clement] + + fix: [installer] Piping large shell scripts to bash needs more testin… +- [galaxy:add] Consider both model names when doing a mass cluster + addition. [mokaddem] +- [installer] Piping large shell scripts to bash needs more testing and + should not be used, for a very long time. [Steve Clement] +- [installer] Checksum checker had a bug (#4632) [Steve Clement] + + fix: [installer] Checksum checker had a bug +- [installer] Checksum checker had a bug. [Steve Clement] +- [stix import] Fixed email attachments parsing. [chrisr3d] + + - Being less restrictive and supporting email + attachments that are referencing objects not + under the related object fields of the email, + but referencing another object at the same level + as the email, within the STIX incident + - Also parsing potential references even when the + STIX file is coming from MISP export +- [stix import] Supporting multi attachment attributes for the email + object. [chrisr3d] + + - As specified in the object template +- [Logs] Event history missing proposal entries and deletions. + [iglocska] + +Other +~~~~~ +- Merge pull request #4671 from Kortho/patch-1. [Steve Clement] + + fixed sql-statement for creating user RHEL +- Fixed sql-statement for creating user. [Kortho] + + fixed error with creating db-user from $DBNAME to $DBUSER_MISP +- Merge pull request #4716 from certbe-trey/patch-1. [Andras Iklody] + + enable misp-backup where MySQL datastore isn't on localhost +- Enable misp-backup where MySQL datastore isn't on localhost. [Trey + Darley] + + The misp-backup script grabs the MYSQL host parameter from database.conf but it wasn't included in the call to mysqldump. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4706 from deralexxx/patch-8. [Alexandre Dulaunoy] + + This assignment assigns a variable to itself. +- This assignment assigns a variable to itself. [Alexander J] + + Think that line is not needed. +- Merge pull request #4707 from deralexxx/patch-9. [Alexandre Dulaunoy] + + Import of 'b64encode' is not used. +- Import of 'b64encode' is not used. [Alexander J] + + Remove the import +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4683 from MISP/chrisr3d_patch. [Christian Studer] + + fix: [freetext import] Fixed shadow attribute import +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4639 from wasserman/patch-1. [Andras Iklody] + + GRANTs updated to DBUSER_MISP instead of DBNAME. +- GRANTs updated to DBUSER_MISP instead of DBNAME. [wasserman] + + Two spots were GRANTing to the DBNAME instead of the DBUSER_MISP. It still works if the user and DBNAME are the same. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4638 from 4ekin/fix-ui-ondemand-action. [Sami + Mokaddem] + + fix: On-Demand Action missed side menu fixed +- Merge pull request #4647 from RichieB2B/ncsc-nl/snort. [Alexandre + Dulaunoy] + + Match EDNS packets with snort rules +- Match EDNS packets with snort rules. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4661 from RichieB2B/ncsc-nl/retention. [Alexandre + Dulaunoy] + + Add script for expiring IP based IOC's +- Add script for expiring IP based IOC's. [Jop van der Lelie] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #4649 from cudeso/2.4. [Steve Clement] + + misp-wipe ; delete all non-default orgs & users +- Misp-wipe ; delete all non-default orgs & users. [Koen Van Impe] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #4629 from RichieB2B/ncsc-nl/wipe-exports. [Andras + Iklody] + + Clean cached-exports +- Wipe all tmp files, not just the logs. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] + + +v2.4.107 (2019-05-13) +--------------------- + +New +~~~ +- [installer] Added rhash and an sfv file for the installer chg: + [installer] Updated installer to latest. [Steve Clement] +- [ATT&CK] Added new export system for restsearch for ATT&CK. [iglocska] + + - Return the ATT&CK matrix data as HTML via the API + - Directly viewable via the REST client + + - Greetings from the ATT&CK workshop @ Eurocontrol +- [API] Added includeWarninglistHits to the attribute search API. + [iglocska] +- [API] Added includeWarninglistHits as a possible filter for the event + level restsearch. [iglocska] +- [installer] First scaffolding of an OS detector. [Steve Clement] +- [update] Injected update-related files/changes from zoidberg. + [mokaddem] +- [yara] Added diagnostics. [iglocska] +- [object:add] UI to propose to merge into similar objects - WiP. + [mokaddem] + +Changes +~~~~~~~ +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] + + fix: MITRE ATT&CK kill-chain missing +- [version] bump. [iglocska] +- [installer] Updated installer to latest (#4624) [Steve Clement] + + chg: [installer] Updated installer to latest +- [installer] Updated installer to latest. [Steve Clement] +- [conf] Added http to https redirection. [Steve Clement] +- [installer] Added systemd unit file for workers (#4623) [Steve + Clement] + + chg: [installer] Added systemd unit file for workers +- [installer] Added systemd unit file for workers. [Steve Clement] +- [doc] Added kafka ass a function. [Steve Clement] +- [installer] Update installer to latest. [Steve Clement] +- [doc] Various documentation updates (#4621) [Steve Clement] + + chg: [doc] Various documentation updates +- [doc] Better handling of sudoers. [Steve Clement] +- [doc] Added 2 more hardening sources. [Steve Clement] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Updated to latest installer (#4617) [Steve Clement] + + chg: [installer] Updated to latest installer +- [installer] Updated to latest installer. [Steve Clement] +- [doc] Updated RHEL8 to not be BETA chg: [vars] WWW_USER is now + autodedected. [Steve Clement] +- [installer] Updated Installer (#4611) [Steve Clement] + + chg: [installer] Updated Installer +- [installer] Updated Installer. [Steve Clement] +- [doc] Finally got rid of the RHELL/CentOS specific Cake commands + (_yay_) [Steve Clement] +- [tools] Enabled more modules by default and tweaked some settings. + [Steve Clement] +- [doc] Kafka export is now included in the list of features. [Alexandre + Dulaunoy] +- [galaxy/taxonomy/warninglists] updated to the latest version. + [Alexandre Dulaunoy] +- [installer] If we detect packer, we behave accordingly. (#4602) [Steve + Clement] + + chg: [installer] If we detect packer, we behave accordingly. +- [installer] updated installer. [Steve Clement] +- [installer] If we detect packer, we behave accordingly. chg: + [installer] Updated installer. [Steve Clement] +- [installer] Updated installer to latest changes. (#4593) [Steve + Clement] + + chg: [installer] Updated installer to latest changes. +- [installer] Updated installer to latest changes. [Steve Clement] +- [doc] Update RHEL/CentOS install guides. [Steve Clement] +- [doc] Moved tsurugi away from /INSTALL. [Steve Clement] +- [doc] Moved tsurugi install out of the way, to be implemented way + later into installer. [Steve Clement] +- [adminShell] Added recovery function to replay updates. [mokaddem] + + It fetches the last successful DB update number in the log, then + re-apply all of them up to the latest available. +- [AdminShell] Some comments on current state of bugs. [Steve Clement] +- [AdminShell] Let's at least tell what ID was not found. [Steve + Clement] +- Bump PyMISP. [Raphaël Vinot] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy/misp-objects] updated to the latest version. [Alexandre + Dulaunoy] +- [AdminShell] Let the user know as which user he exectued the script. + [Steve Clement] +- [doc] MISP works on OpenBSD 6.5, partially (#4577) [Steve Clement] + + chg: [doc] MISP works on OpenBSD 6.5, partially +- [doc] MISP works on OpenBSD 6.5, partially chg: [doc] Removed link to + Debian PostgreSQL. [Steve Clement] +- [event:view] Added button to quickly extend an event. Fix #4481. + [mokaddem] +- [eventgraph] Force constant color for the eventgraph's nodes. Fix + #4536. [mokaddem] +- [installer] Updated installer. [Steve Clement] +- [doc] Updated to Debian 9.9 via python source install (#4571) [Steve + Clement] + + chg: [doc] Updated to Debian 9.9 via python source install +- [doc] Some changes to misp-modules install. [Steve Clement] +- [doc] Updated to Debian 9.9 via python source install. [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [default-feeds] abuse.ch SSL IP fixed. [Alexandre Dulaunoy] +- [distributionNetwork] Filter out organisations not being marked as + local. Fix #4568. [mokaddem] +- [event:view] Collapse related event in preview[Feed/Event]. Fix #4561. + [mokaddem] +- [cluster:matrix] Slightly imporved memory performance. [mokaddem] +- [diagnostic] Improved worker's message when updating the submodules. + [mokaddem] +- [diagnostic] Changed update button with more relevant icons. + [mokaddem] +- [diagnostic] Added message if `.git` can't be read by MISP. [mokaddem] +- [object:add] Changed back button text into `Back` [mokaddem] +- [update] Avoid executing pre-update test multiple times. [mokaddem] +- [updates] Implented changes requested by the PR's review #4534. + [mokaddem] +- [updateProgress] bit of cleanup. [mokaddem] +- [updateProgress] Moved CSS in its own file and usage of the + assetLoader. [mokaddem] +- [onDemandAction] Redirect on updateProgress page is no longueur de + default behavior. [mokaddem] +- [update] repaired badly merged file. [mokaddem] +- [AdminShell] Adde PHP_EOLs where it made sense. (QoL enhancement) + [Steve Clement] +- [AdminShell] return the name of the setting change and what we changed + it to. [Steve Clement] +- [doc] Added plyara (#4554) [Steve Clement] + + chg: [doc] Added plyara +- [doc] Added plyara. [Steve Clement] +- [INSTALL] Updated installer. (#4553) [Steve Clement] + + chg: [INSTALL] Updated installer. +- [INSTALL] Updated installer. [Steve Clement] +- [doc] rhel8/fedora30/debian Install guide updates (#4552) [Steve + Clement] + + chg: [doc] rhel8/fedora30/debian Install guide updates +- [doc] Added updates to rhel8, which partially works with Fedora Server + 30. [Steve Clement] +- [doc] Debian stable install doc still not working, until Python3.6 + will be default. Debian 10 will fix that. [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version of ATT&CK. [Alexandre + Dulaunoy] +- [event:row_attribute] Added `title` to the checkboxes. [mokaddem] + + This reveal to be useful if the table header is not visible. +- [object:revise] Improved text and added a back button. [mokaddem] +- [addTag] Force no caching on the submitTag request. [mokaddem] +- [object:revise] Changed text of back button. [mokaddem] +- [object:revise] Improved help text. [mokaddem] +- [object:add] Improved help text. [mokaddem] +- [object:similiar] Added back button, improved highlight and text. + [mokaddem] +- [object_revise] Deleted useless comment. Also, fix #3897. [mokaddem] +- [object:reivse] Improved layout. [mokaddem] +- [object:revise] Increase threshold of + similar_objects_display_threshold and fixed count. [mokaddem] +- [object:edit] Moved listener binding into doc.ready. [mokaddem] +- [object:element] Transformed `object_similarities` view into a + parametrized view. [mokaddem] + + Greatly improved flexibility of the of the view by only displaying + available component +- [object:revise] Moved object difference view into `Elements` + [mokaddem] +- [object] Refacto renamed variables and added comments. [mokaddem] +- [object:edit] Added possibility to inject invalid type + UI + improvements - WiP. [mokaddem] +- [object:revise] Little perf improvement. [mokaddem] +- [object:edit] Clean up. [mokaddem] +- [object:edit] Avoid duplicating same multiple entries and usage of + threshold instead of harcdoded value. [mokaddem] +- [object:edit] Added similarity amount between objects. [mokaddem] +- [object:edit] Improved UI and diff recognition - WiP. [mokaddem] +- [object:edit] Continuation integration with template update and object + merge - WiP. [mokaddem] +- [object:edit] Started integration to allow updating object templates - + WiP. [mokaddem] +- [object:add] Improved UI for similar objects - WiP. [mokaddem] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc/misp-modules generic] update the dependency list. [Alexandre + Dulaunoy] +- [modules] module choice screen updated. [iglocska] + + - nicer looks + - sorting +- [doc] Updates to Debian install document (#4531) [Steve Clement] + + chg: [doc] Updates to Debian install document +- [doc] Updated misp-modules install howto chg: [doc] /usr/local/src + permission fix. [Steve Clement] +- [doc] Updates to Debian install document. [Steve Clement] + +Fix +~~~ +- [genericPicker] allow tagging when the ATT&CK Matrix has been opened. + [mokaddem] +- [object:revise] Removed useless ACL conditions; was failing for users + not being admin. [mokaddem] +- [installer] Identify VMware machinery. [Steve Clement] +- [doc] CentOS specific cake commands do not exist anymore. [Steve + Clement] +- [sql] SQL Syntax error fix. [Steve Clement] +- [age based publish blocking] Fixed and using the timestamp. [iglocska] +- [docs] Added attackGalaxy as a valid option for the restsearch APIs. + [iglocska] +- [bug] getPythonVersion undefined, pull in where it is defined. (#4615) + [Steve Clement] + + fix: [bug] getPythonVersion undefined, pull in where it is defined. +- [bug] getPythonVersion undefined, pull in where it is defined. [Steve + Clement] +- [API] Some fixes for the restsearch -> attack export. [iglocska] +- [installer] Installer Checksums out-of-sync. [Steve Clement] +- [doc] Let the user know he wants to be the "webserver" user (#4603) + [Steve Clement] + + fix: [doc] Let the user know he wants to be the "webserver" user +- [doc] Let the user know he wants to be the "webserver" user. [Steve + Clement] +- [dashboard] netstat is needed for dashboard (#4598) [Steve Clement] + + fix: [dashboard] netstat is needed for dashboard +- [dashboard] netstat is needed for dashboard. [Steve Clement] +- PyMISP install was failing on Travis. [Raphaël Vinot] +- [AdminShell] Yet another tyope :( (#4590) [Steve Clement] + + fix: [AdminShell] Yet another tyope :( +- [AdminShell] Yet another tyope :( [Steve Clement] +- [AdminShell] Fixed typo (#4589) [Steve Clement] + + fix: [AdminShell] Fixed typo +- [AdminShell] Fixed typo. [Steve Clement] +- [AdminShell] Added apache user. [Steve Clement] +- [AdminShell] Misplaced the debug message. [Steve Clement] +- [stix export] Fixed email attachment export. [chrisr3d] + + - Fixed condition trying to reach the case where + we have an attachment attribute in the object, + which was never true because of a wrong key + testing + - Fixed the email attachment related file object + creation initiation +- [galaxy clusters] Choosing them via the UI was dog slow. [iglocska] + + - now it's just plain slow +- [update] Disabled background processing until it's fixed. [iglocska] +- [AdminShell] very dirt fix to get updateObjectTemplates working + (#4585) [Steve Clement] + + fix: [AdminShell] very dirt fix to get updateObjectTemplates working +- [AdminShell] very dirt fix to get updateObjectTemplates working from + the CLI. [Steve Clement] +- [UI] Notice errors fixed in the discussion threads. [iglocska] +- [bug] Fixed a bug in the update process that caused updates to fail + due to an invalid value assigned as default for org_id. [iglocska] +- [security] Fix persistent xss due to invalid sanitisation of image + names in titles. [iglocska] + + - triggered by expanding a screenshot + + - as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com) +- [security] Fix persistent xss via link type attributes containing + javascript:// links. [iglocska] + + - low impact as it requires user interaction to trigger + + - as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com) +- [security] Fix persistent xss via discussion links via javascript:// + links. [iglocska] + + - low impact as it requires user interaction to trigger + + - as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com) +- [AdminShell] CentOS/RHEL use 'apache' by default (#4580) [Steve + Clement] + + fix: [AdminShell] CentOS/RHEL use 'apache' by default +- [AdminShell] CentOS/RHEL use 'apache' by default. [Steve Clement] +- [doc] Remove CentOS 7 from xINSTALL list. (#4579) [Steve Clement] + + fix: [doc] Remove CentOS 7 from xINSTALL list. +- [doc] Remove CentOS 7 from xINSTALL list. [Steve Clement] +- [export] Yara Export variable typo fix. Use getPythonVersion. (#4578) + [Steve Clement] + + fix: [export] Yara Export variable typo fix. Use getPythonVersion. +- [export] Yara Export variable typo fix. Use getPythonVersion. [Steve + Clement] +- [object:revise] Force field to be `value1`, preventing bug in some + cases. [mokaddem] +- [cluster:galaxyMatrix] Increased coverage of attack matrix. [mokaddem] + + Now consider the following new links for the pivot tag: + Attributes -> Events + Events -> Attributes +- [installer] Fixed installer misp-modules permissions. (#4558) [Steve + Clement] + + fix: [installer] Fixed installer misp-modules permissions. +- [doc] misp-modules failed to install because of a Permission issue. + (#4557) [Steve Clement] + + fix: [doc] misp-modules failed to install because of a Permission issue. +- [install] Fixed the endless loop in viper db update (#4555) [Steve + Clement] + + fix: [install] Fixed the endless loop in viper db update +- [i18n] Added yara/yara-export. [Steve Clement] +- Fixed i18n strings in Event controller, model and view. [4ekin] +- Typos in controllers. [4ekin] +- [installer] Fixed installer misp-modules permissions. [Steve Clement] +- [doc] misp-modules failed to install because of a Permission issue. + [Steve Clement] +- [install] Fixed the endless loop in viper db update. [Steve Clement] +- [required taxonomies] not firing via regular publishing only via + publish (no email), fixes #4546. [iglocska] +- [UI] Sightings could not be added by read only users, even if they had + sighting rights. [iglocska] +- [updateSubmodule] Simplified calculation of time difference. + [mokaddem] +- [object:edit] Removed faulty line. [mokaddem] +- [object:revise] Reverted correct `endif` position - WiP. [mokaddem] +- [diagnostic:submodules] [Sami Mokaddem] + + Time difference is correctly calculated. Should solve #4538 +- [enrichment] typo causing enrichments to redirect to the event view + fixed. [iglocska] +- [UI] removed tags embedded in translated text. [iglocska] +- [freetext] Also trim out no-break spaces. [iglocska] + + ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ + ░░░░░░░░███████████████░░░░░░░░░░ + ░░░░░░███████████████████░░░░░░░░ + ░░░░░███░░░░░░░░░░░░░░████░░░░░░░ + ░░░░██░░░░░░░░░░░░░░░░░░░███░░░░░ + ░░░██░░░░░░░░░░░░░░░░░░░░░███░░░░ + ░░██░░███████░░░░░░██████░░██░░░░ + ░██░░██─────██░░░░██────██░░██░░░ + ░██░░█▄▄▄▄▄▄▄██░░░█▄▄▄▄▄▄██░░██░░ + ░██░░████─────█░░░████────█░░░██░ + ░██░░█────────█░░░█───────█░░░██░ + ██░░░██──────██░░░██─────██░░░░██ + ██░░░░████████░░░░░███████░░░░░██ + █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ + █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ + █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ + █░░░░░███████████████░░░░░░░░░░░█ + █░░░████░░░░░░░░░░░░░░░░░░░░░░░░█ + █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ + █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ + ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ + ░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░█░ + ░░███░░░░░░░░░░░░░░░░░░░░░░░░░██░ + ░░░░██░░░░░░░░░░░░░░░░░░░░░░░██░░ + +Other +~~~~~ +- Merge pull request #4622 from SteveClement/guides. [Steve Clement] + + fix: [sql] SQL Syntax error fix +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4616 from SteveClement/guides. [Steve Clement] + + chg: [doc] Updated RHEL8 to not be BETA +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4607 from pettai/new-rpz-action-fix. [Andras + Iklody] + + rpz: fix missing rpz policy actions +- Rpz: add missing rpz policy actions. [frpet] +- Merge pull request #4600 from pettai/local-data. [Andras Iklody] + + rpz: Local-Data +- Fix description. [frpet] + + make the description clearer +- Rpz: action policy rename (to Local-Data) [frpet] + + Rename action policy "walled-garden" to "Local-Data" as per the IETF draft (and other documentation for RPZ) +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #4595 from pettai/action-policy-update. [Andras + Iklody] + + rpz: make NXDOMAIN default +- Rpz: make NXDOMAIN default. [frpet] + + Update default action policy from DROP --> NXDOMAIN +- Merge pull request #4592 from SteveClement/guides. [Steve Clement] + + chg: [doc] Update RHEL/CentOS install guides +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4588 from SteveClement/tools. [Steve Clement] + + fix: [AdminShell] Added apache user +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #4587 from pettai/lint-RPZexport. [Andras Iklody] + + Lint RPZexport +- Update Serial description. [frpet] + + Hint about $time, which also is a valid setting +- Fix the testForRPZ... functions. [frpet] + + Make the testForRPZ... functions happy too. +- Merge pull request #4581 from pettai/RPZ-policy-action. [Andras + Iklody] + + RPZ - Add additional policy actions +- Add additional policy actions. [frpet] + + Add the last policy actions from the RPZ draft. + * rpz-passthru allows for testing without applying changes on the returned answer. + * TCP-only forces the client over to use TCP. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #4556 from SteveClement/tools. [Steve Clement] + + chg: [AdminShell] return the name of the setting change and what we changed it to +- Zoidberg's son: Update system (#4534) [Steve Clement] + + Zoidberg's son: Update system +- Fix typos and i18n in Event controller, model and views (#4541) [Steve + Clement] + + Fix typos and i18n in Event controller, model and views +- Merge branch '2.4' into fix-i18n. [Steve Clement] +- Merge branch 'guides' into tools. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch 'yara2' into 2.4. [iglocska] +- Cleaning up imports. [edhoedt] +- Yara export. [edhoedt] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4545 from MISP/mergeSimilarObject. [Alexandre + Dulaunoy] + + Several improvement on objects manipulation +- Merge branch '2.4' of github.com:MISP/MISP into mergeSimilarObject. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] + + +v2.4.106 (2019-04-25) +--------------------- + +New +~~~ +- [tools] Added local forward in case we run under a VM. [Steve Clement] +- [tools] Added (official) checksums for the Installer. [Steve Clement] +- [row_attribute] Added `title` containing the `event.info` data for the + attribute. [mokaddem] +- [tools] A developer tool to test Pull Requests. [Steve Clement] +- [thumbnail] Thumbnail are now saved on the disk, greatly improving + performance when viewing an event. [mokaddem] +- [API] Update JSON exposed to the API. [iglocska] +- [CLI] Update all JSON structures in one shot. [iglocska] +- [refanging] Attributes automatically refanged in beforeValidate, fixes + #4442. [iglocska] +- [CLI] Worker management added. [iglocska] + + - Added a more exhaustive worker management CLI script package + - list workers + - start a worker + - restart a worker + - kill a worker +- [CLI] reset / set a user's API key via the CLI. [iglocska] +- [CLI] Change password with the --override_password_change (or -o) flag + to avoid forcing a password reset. [iglocska] +- [diagnostic:submodule] Added output message after update - WiP. + [mokaddem] +- [CLI] Set default role via the CLI. [iglocska] +- WIP LinOTP authentication. [Andreas Rammhold] +- [UI] refactor of the asset loading. [iglocska] +- [tags] refactor of the tag picker. [iglocska] + + - massive performance boost + - re-introduction of the custom tags +- [CLI] Added restartworkers and update MISP. [iglocska] +- [feeds] Feed/Server cache search added. [iglocska] + + - /feeds/searchCaches added +- [UI] First version of the generic index list system. [iglocska] +- [Attribute] Added possibility to view and resize images. Added php-gd + dependency! [mokaddem] +- [eventindex] clicking on sightings count redirect to the event with + `sighting only` filter activated. [mokaddem] +- [eventFiltering] Added support of sighting filtering. [mokaddem] + +Changes +~~~~~~~ +- [VERSION] bump. [iglocska] +- [doc] Updated RHEL8(BETA) doc, core works, misp-modules do not, LIEF + does not. (#4529) [Steve Clement] + + chg: [doc] Updated RHEL8(BETA) doc, core works, misp-modules do not, LIEF does not. +- [doc] Updated RHEL8(BETA) doc, core works, misp-modules do not, LIEF + does not. chg: [doc] Some notes for rhel7. [Steve Clement] +- [doc] Added more changes to the RHEL/CentOS install doc. [Steve + Clement] +- Bump PyMISP. [Raphaël Vinot] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [galaxy/taxonomies/warninglists] updated to the latest version. + [Alexandre Dulaunoy] +- [eventTag] Improved perfs of extraction. [mokaddem] +- [event:EventFilteringTool] Forced maximum height. [mokaddem] +- [event:EventFilteringTool] Added comments and deleted useless + `htmlspecialchars` [mokaddem] +- [event:eventFilteringTool] Improved UI and changted sanitization to + allow tag/galaxy pre-filling. [mokaddem] +- [event:view] Increase tag colleciton efficiency. [mokaddem] +- [event:EventFilteringTool] Display active filtering rules + (tags/galaxies) even if not available. [mokaddem] + + Due to a recent performance fix, only tags and galaxies of the event are + shown, the rule is still displayed event if not matching attributes are + found +- [event:view] Major performance improvement for large event. [mokaddem] + + Due to the introduction of the event filtering widget, attributes were + fetched 2 additional times. +- [doc] CentOS/RHEL udpates. Merge towards unity. (#4527) [Steve + Clement] + + chg: [doc] CentOS/RHEL udpates. Merge towards unity. +- [doc] CentOS/RHEL udpates. Merge towards unity. [Steve Clement] +- [performance] Reworked the pre-fetching of event IDs for the + events/restSearch endpoint. [iglocska] + + - no need to count all existing hits in a non paginated situation. Simply use the result count +- [misp-warninglists] updated with the latest version. [Alexandre + Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [i18n] Updated language files new: [i18n] Added: Portuguese and + Arabic. [Steve Clement] +- [i18n] Updated default.pot fix: [i18n] Fixed parser error. [Steve + Clement] +- More russian translation. [4ekin] +- [doc] Added note about 19.04. [Steve Clement] +- [tools] Updated installer. [Steve Clement] +- [doc] More variable updates. [Steve Clement] +- [tools] Updated installer. [Steve Clement] +- [doc] support function variable updates. [Steve Clement] +- [doc] More variable updates. [Steve Clement] +- [tools] Some variable changes. [Steve Clement] +- [tools] Updated installer. [Steve Clement] +- [tools] 19.04 test. [Steve Clement] +- [tools] Updated installer. [Steve Clement] +- [tools] Updated installer. [Steve Clement] +- [tools] If staff does not exist do not run commands with that group. + [Steve Clement] +- [tools] Updated installer after doc update. [Steve Clement] +- [doc] minor note. [Steve Clement] +- [doc] Testing manual/installer fixing some minor variables. [Steve + Clement] +- [doc] Added -1 to rhel/centos and a future note. [Steve Clement] +- [tools] Changes to reflect the rename of the installer and generated + latest installer. [Steve Clement] +- [tools] Renamed installer to be more Generic. [Steve Clement] +- [doc] Reflected INSTALL.sh rename. [Steve Clement] +- [doc] Brought CentOS6 more in-line with CentOS7 (still needs more + testing). Minor changes in CentOS7. [Steve Clement] +- [doc] Redirect debug error output. [Steve Clement] +- [UI] Show event info on attribute search results page (via hover), + fixes #4490. [iglocska] +- [tools] Renamed the script, added a few more tweaks. [Steve Clement] +- [doc] RHEL Install doc updates. [Steve Clement] +- [doc] CentOS lief how-to added fix: [doc] Fixed the MISP Dashboard + Cake commands (if you run as root, config.php permissions will be + b0rked) [Steve Clement] +- [doc] More syntactic sugar (in light of an impending installer script) + [Steve Clement] +- [doc] Updated CentOS 7.x Install guide chg: [doc] Now installs most + things correctly under a standard CentOS minimal install. [Steve + Clement] +- [queryversion] bumped queryversion. [mokaddem] +- [popovers] Added dedicated popover container for expansions and + sightings (instead of a shared one with the screenshots) [mokaddem] +- [misp-objects] object templates updated + relationships. [Alexandre + Dulaunoy] +- [download as] updated - now works on non published events in all cases + and uses restsearch whenever possible. Fixes #4468. [iglocska] +- [UI] server settings double clicking on setting name brings up the + value text box. [iglocska] +- [viewPicture] Added comments. [mokaddem] +- [eventGraph] Added support of picture. Fix #4433. [mokaddem] +- [eventGraph] initial work before implementing thumbnails support. + [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [generic_picker] select_threshold is now parametrized. [mokaddem] +- [diagnostic:submodules] added `updateJSON` in the web interface. + [mokaddem] +- [CLI] line-break added at the end of execution. [iglocska] +- [diagnostic:submodule] Better control of the glue merging command + outputs. [mokaddem] +- [diagnostic:submodules] Added support and feedbacks if workers not + available. [mokaddem] +- [diagnostic:submodule] continued sync DB after pull done - WiP. + [mokaddem] +- [diagnostic:submodule] Started integration of update DB after pull + with workers. [mokaddem] +- [docs] Added update JSON CLI command description. [iglocska] +- [misp.js] Moved all listeners inside $.ready() [mokaddem] +- [user] Usage of the assetLoader instead of echo. [mokaddem] +- [diag] Added grep -v ^- to make sure we always only get the submodules + that are available. [Steve Clement] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [diag] Considered the case if submodules are not checked out and added + a local check for the submodule hash. [Steve Clement] +- [documentation] Added setDefaultRole CLI command to the list of + described CLI tasks on the automation page. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [diagnostic:submodule] General improvements (see below) [mokaddem] + + - Allow update button reuse (avoiding blackhole) + - Improved feedback when errors + - Check if submodules are readable +- [doc] Debian testing is working. [Steve Clement] +- [doc] Tried to update the debian install guide. [Steve Clement] +- [diagnostic] Renamed variable names. [mokaddem] +- [disagnostic] Handling submodule younger case. [mokaddem] +- [diagnostic] Improved submodules version and added individual update. + [mokaddem] +- [diagnostic] Beter parsing of submodule output. [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- [cti-python-stix2] Bumped latest version. [chrisr3d] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [restClient:querybuilder] bit of cleanup. [mokaddem] +- [restClient:querybuilder] Prefil the QB when picking a saved query - + WiP. [mokaddem] +- [INSTALL] Do not touch the auto-generated installation file anymore. + [mokaddem] +- [viewPicture] Echo base64decoded data with GIF image type as php-gd + does not support animated gif. [mokaddem] +- [Attribute] Implemented Iglocska review - Do not pass image data to + the view anymore - Improved conditions - Added light support of gif. + [mokaddem] +- [INSTALL] Added GD dependency. [mokaddem] +- [diagnostic] Added GD in PHP extension. [mokaddem] +- [viewPicture] Adaptative behavior if php-gd not loaded. [mokaddem] +- [Attribute] Added loading icon when downloading pictures. [mokaddem] +- Cleanup 2. [mokaddem] +- Clean-up. [mokaddem] +- [Attribute] Image thumbnail and view image. [mokaddem] +- [diag] Added a more dynamic way for submodule version status. [Steve + Clement] +- [matrixPopup] UI improvement to better support small screens. + [mokaddem] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- Removed duplicate. [mokaddem] +- [i18n] Fix filename typo. [Steve Clement] + +Fix +~~~ +- [doc] Fixed symlink for kali. [Steve Clement] +- [object:edit] attachment field when empty. [mokaddem] +- [Sightings] ACL fixed. [iglocska] +- [event:querybuilder] Force QB wrapper to fit the rules. [mokaddem] +- [event:EventFilteringTool] Using ``toggleBoolFilter`` button does not + reset the rules. Fix #4418. [mokaddem] +- [JS] Correctly handle event locks. [iglocska] +- [sightings] Users with sighting permissions should be able to add + sightings even if they don't have event write access. [iglocska] +- [cleanup] Fixed indentation. [chrisr3d] +- [UI] Event lock warnings missing due to missing ctp file. [iglocska] +- [performance] Manually inject index hints for the value lookup. + [iglocska] + + - Disgusting fix for old versions of MySQL + - I need a shower after this +- [API] Invalid negative lookup fixed. [iglocska] +- [debug] Removed breakpoint. [iglocska] +- [tools] Correct iptables command. [Steve Clement] +- [tools] fix iptables typo. [Steve Clement] +- Fixed wrong link to feed event from event attribute hit. [4ekin] +- I18n fixed in some views. [4ekin] +- [tools] Somehow there are issues with groups and sudo :( [Steve + Clement] +- [doc] Fixed broken RHEL8 BETA link. [Steve Clement] +- [stats:galaxyMatrix] No longer trim the end of the cluster name. + [mokaddem] +- [UI] Minor font-awesome switch related issues fixed. [iglocska] +- [UI] Modifying push/pull rules fails via the server edit. [iglocska] +- [export] Fixed broken bro export, fixes #4050. [iglocska] +- [stix2 export] Fixed labels duplication while exporting multiple + events from MISP. [chrisr3d] +- [stix restSearch] Fixed output json format in case of empty results. + [chrisr3d] +- [stix restSearch[ Quick file extension clarification. [chrisr3d] + + - Depending on the format (.stix or .stix2) + - Impacting temporary files, it is thus for + debugging purpose in case of error +- [restClient] nationality is not a integer anymore. [mokaddem] +- [statistics] Don't show types with no values. [iglocska] +- [taxonomies] non initialised variable throwing notices fixed. + [iglocska] +- [CLI] Worker start script reverted. [iglocska] + + - new script moved to start_dynamic.sh + - stuck workers could not be restarted +- [UI] Jobs index removed old style tabs. [iglocska] +- Fix: [ACL] HELLO @RichieB2B! fixed invalid capitalisation in the + queryACL. [iglocska] +- [updates] I can't boolean. [iglocska] +- [merge] issue. [iglocska] +- [refanging] Removed invalid pattern. [iglocska] +- [bug] Typo causing "\" to be stripped from attributes where it + shouldn't be stripped. [iglocska] +- [advanced extraction] Fixed invalid double encryption of the malware + samples. [iglocska] +- [User] Fixed missing files for distribution_network (events index) + [mokaddem] +- [bug] Fixed broken multi-attribute tagger. [iglocska] +- [acl] added route. [mokaddem] +- [diagnostic] Fixed required stix2 version to the latest one. + [chrisr3d] +- [acl] added missing entry. [Andras Iklody] + + This message was sent from my Blackberry. +- [feeds] Stop the reset of the attribute count after a feed pull is + completed, fixes #4414. [iglocska] +- [distributionGraph] Fix fa icon. [mokaddem] +- [UI] First recorded change fixed to not be copy pasta of the last + change's timestamp. [iglocska] +- [API] role_id is not required when POSTing users if a default role is + set on the instance. [iglocska] +- Missing test files in PyMISP. [Raphaël Vinot] +- [UI] Reverted some breaking changes. [iglocska] +- [API] Correctly embed attributes and the event metadata in the object + via /objects/view/[ID] [iglocska] +- [API] /objects/view should return dictionary not list. [iglocska] +- [JS] fixed a JS breaking bug. [iglocska] +- Allow x-frames in apache configs. [iwitz] +- [UI] Changed the querystring loading for css/js. [iglocska] +- TODO i18n strings in Attribute Model and updated default.pot. [4ekin] +- Fixed i18n strings in Views. [4ekin] +- Fixed i18n strings in Controllers. [4ekin] +- [enrichment view] Fixed distribution display at attribute level. + [chrisr3d] +- [UI] Performance boost for the tag selector. [iglocska] +- [UI] Check if user is logged in switched to on-demand JSON version. + [iglocska] +- [Training] Further fixes. [iglocska] +- [Training] typos fixed. [iglocska] +- [Training] Fixed user password reset remotely. [iglocska] +- [Training] Minor fixes. [iglocska] +- [Training] org name vs id mixup fixed. [iglocska] +- [Training] Further tuning. [iglocska] +- [Training] Further error handling. [iglocska] +- [Training] added more debugging. [iglocska] +- [Training] host org fixed. [iglocska] +- [Training] Org ID for sync users fixed. [iglocska] +- [Training] small fixes. [iglocska] +- [Training] Fix to the setup script. [iglocska] +- [feed] Added missing feed search view. [iglocska] +- Missing libonig on travis with PHP nightly. [Raphaël Vinot] +- [API] Feed index shouldn't adhere to pagination defaults of the UI, + fixes MISP/misp-book#149. [iglocska] +- [UI] Colours for feed index buttons fixed. [iglocska] +- [ACL] Added ACL for the new cache searches. [iglocska] +- [UI] Missing sync / feed pull/push buttons re-added. [iglocska] +- [restClient:querybuilder] Fixed a bug where multiple rules where not + added correctly and show API info box. [mokaddem] +- [RestClient:queryBuilder] Distribution level in the query builder. Fix + #4280. [mokaddem] +- [Accessibility] Added titles to the role index icons, affects #4258. + [iglocska] +- [thumbnail] picture preview was not showing up all the time. + [mokaddem] +- [picturePreview] Don't show the fullscreen button if php-gd is not + installed. [mokaddem] +- [ACL] Whitelisted `viewPicture` [mokaddem] +- [viewField] Reversed condition (initially set for testing) [mokaddem] +- [enrichment view] Making sure the document is ready before calling any + javascript. [chrisr3d] +- [enrichment] Set potentially missing category, ids & distribution + values before going to the view. [chrisr3d] + + - Set the default values in the controller's side instead of the view's side +- [enrichment view] Fixed typo. [chrisr3d] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4484 from obert01/fix-tag-search. [Andras Iklody] + + Fixed case sensitivity in the tag search API (/tags/search). +- Fixed case sensitivity in the tag search API (/tags/search). [Olivier + BERT] + + There was still a problem for matching the search on a cluster name. I have also slightly simplified the construction of the SQL request for better code readability. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4492 from mokaddem/eventViewPerfImprov. [Andras + Iklody] + + [event:view] Major performance improvement for large event +- Merge branch '2.4' of github.com:MISP/MISP into eventViewPerfImprov. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into eventViewPerfImprov. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #4517 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Updated language files +- Merge pull request #4512 from 4ekin/russian_translation. [Steve + Clement] + + chg: More russian translation +- Merge pull request #4516 from SteveClement/INSTALL_19.04. [Steve + Clement] + + chg: [tools] Tested and adapted the installer to work with latest Ubuntu Server 19.04 +- Merge pull request #4515 from SteveClement/tools. [Steve Clement] + + chg: [tools] Updated installer +- Merge pull request #4514 from SteveClement/tools. [Steve Clement] + + fix: [tools] Correct iptables command +- Merge pull request #4513 from 4ekin/fix-i18n. [Andras Iklody] + + Fix i18n and wrong link to feed event +- Merge pull request #4511 from SteveClement/tools. [Steve Clement] + + new: [tools] Added local forward in case we run under a VM. +- Merge pull request #4509 from SteveClement/guides. [Steve Clement] + + fix: [doc] Fixed broken RHEL8 BETA link. +- Merge pull request #4503 from SteveClement/tools. [Steve Clement] + + chg: [tools] Updated installer after doc update +- Merge pull request #4502 from SteveClement/guides. [Steve Clement] + + chg: [doc] Testing manual/installer fixing some minor variables +- Merge pull request #4501 from SteveClement/tools. [Steve Clement] + + new: [tools] Added (official) checksums for the Installer. +- Merge pull request #4498 from SteveClement/tools. [Steve Clement] + + chg: [tools] Renamed installer to be more Generic +- Merge pull request #4500 from SteveClement/guides. [Steve Clement] + + chg: [doc] Reflected INSTALL.sh rename +- Merge pull request #4499 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Polish Translation typo fixed +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge pull request #4493 from obert01/fix-accessibility. [Steve + Clement] + + New bunch of accessibility fixes. +- New bunch of accessibility fixes. [Olivier BERT] + + This affects EventBlacklists, Feeds, GalaxyClusters, News (index), OrgBlacklists (index), Organisations (index), SharingGroups (index), Taxonomies (view), Event Discussions, Event attribute table, Event proposal table. +- Merge pull request #4496 from SteveClement/guides. [Steve Clement] + + chg: [doc] Brought CentOS6 more in-line with CentOS7 +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4488 from SteveClement/tools. [Steve Clement] + + new: [tools] A developer tool to test Pull Requests +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #4478 from RichieB2B/ncsc-nl/centos6. [Steve + Clement] + + Make xINSTALL.centos6.md work again +- Make xINSTALL.centos6.md work again. [Richard van den Berg] +- Merge pull request #4487 from SteveClement/guides. [Steve Clement] + + chg: [doc] RHEL Install doc updates +- Merge pull request #4486 from SteveClement/guides. [Steve Clement] + + chg: [doc] CentOS lief how-to added +- Merge pull request #4480 from SteveClement/guides. [Steve Clement] + + chg: [doc] Updated CentOS 7.x Install guide +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4470 from pettai/ShibbAuth. [Andras Iklody] + + Update README.md +- Update README.md. [frpet] + + Makes API Authorization work +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4441 from mokaddem/eventGraph_thumbnail. [Andras + Iklody] + + EventGraph thumbnails +- Merge pull request #4451 from obert01/fix-delete-user. [Andras Iklody] + + Fix for broken "delete user" link in side menu. +- Fix for broken "delete user" link in side menu. [Olivier BERT] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'feature/attribute_references' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into + feature/attribute_references. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4435 from MISP/submoduleUpdatev4. [Steve Clement] + + Diagnostic - Submodule update v4 +- Merge branch '2.4' into submoduleUpdatev4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4438 from liedekef/patch-1. [Alexandre Dulaunoy] + + Install doc fixes +- LD_LIBRARY_PATH setting needed for rh-git218. [Franky Van Liedekerke] +- Update INSTALL.rhel7.md. [Franky Van Liedekerke] +- Redhat install doc updates. [Franky Van Liedekerke] + + Selinux simplications (otherwise web-based update won't work anyway) + haveged is optional + Crypt_GPG was being installed 2 times +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4434 from SteveClement/tools. [Steve Clement] + + chg: [diag] Considered the case if submodules are not checked out +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4427 from mokaddem/submoduleUpdatev3. [Steve + Clement] + + Submodule updateV3 +- Update Server.php. [Steve Clement] + + Small typo +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4430 from SteveClement/guides. [Steve Clement] + + chg: [doc] Updated debian guides +- Merge pull request #4399 from GOVCERT-LU/chg_add_pipenv. [Raphaël + Vinot] + + Install python dependencies via Pipfile instead of manually cloning / installing them +- Added "fileobjects" to PyMISP; updated PyMISP and stix2 refs. [Georges + Toth] +- Add Pipfile and Pipfile.lock. [Georges Toth] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Wip: [enrichment] Removed debug calls. [chrisr3d] + + - Before having new modules fully operational, let + us at least not keep only 2 debugs within an + exposed function +- Merge pull request #4425 from mokaddem/improvedSubmoduleDiagnostic. + [Andras Iklody] + + Improved submodule diagnostic +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4419 from RichieB2B/ncsc-nl/sql-cleanup. [Andras + Iklody] + + Be consistent in quoting table names +- Be consistent in quoting table names. [Richard van den Berg] +- Merge pull request #4421 from andir/2.4-linotp. [Andras Iklody] + + new: WIP LinOTP authentication +- Merge pull request #4420 from RichieB2B/ncsc-nl/misp-wipe-update. + [Andras Iklody] + + Update misp-wipe +- Wipe new SQL tables in misp-wipe. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch 'feature/assetloader' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4416 from tom564/patch-1. [Steve Clement] + + Fix blank $PATH_TO_MISP +- Fix blank $PATH_TO_MISP. [tom564] + + Move PATH_TO_MISP=${PATH_TO_MISP:-$(locate MISP/app/webroot/index.php|sed 's/\/app\/webroot\/index\.php//')} outside of if statement checking if manual input is required otherwise is only executed if locate is unable to determine path. +- Merge pull request #4413 from iwitz/2.4. [Steve Clement] + + fix: allow x-frames in apache configs +- Merge pull request #4410 from 4ekin/fix-i18n. [Steve Clement] + + Fix i18n in controllers, views, Attribute model +- Update WarninglistsController.php. [Steve Clement] + + Added more __() +- Update WarninglistsController.php. [Steve Clement] + + typo +- Wip: [enrichment] Added javascript function to fetch all elements from + the view. [chrisr3d] +- Wip: [enrichment view] Displaying multiple additional fields. + [chrisr3d] + + - Object ID of the object containing the attribute + which was used to query the module is displayed, + if it is this attribute is part of an object + - Displaying Object meta-category and uuid as well + - Multiple displaying arragements + - Redefinition of some classes to help finding + every element of the form +- Add: [enrichment] Added MISP Objects distribution in the view. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4390 from couchuser12345/couchuser12345-patch-1. + [Steve Clement] + + Add updateUser to default config +- Add updateUser to default config. [couchuser12345] +- Merge pull request #4408 from iwitz/patch-6. [Steve Clement] + + add: RHEL7 php-gd installation +- Add: php-gd installation. [iwitz] +- Merge pull request #4411 from obert01/fix-iconlinks-accessibility. + [Andras Iklody] +- Accessibility: added roles and aria labels for many icons and icon + links (server list, tags, users, roles, attributes, ...) [Olivier + BERT] + + There is still much work to be done. But we are on the road. + + Ideally, and in order to avoid code dupplicates, we should have some utility functions to generate a proper and accessible yes/no icon, an accessible icon link, etc. This would prevent the code from being filled with "aria-label" tags, since the "title" and "aria-label" properties are nearly always the same. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [freetext import] Added disable_correlation checkbox. [chrisr3d] + + - We can now disable correlation on attributes from + the resolved attributes view +- Wip: [enrichment view] Reordered different elements and classes. + [chrisr3d] + + - Making the next step iterations easier +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Wip: [enrichment view] Displaying Object References information. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge pull request #4387 from mokaddem/prefillQB. [Andras Iklody] + + Prefill the restclient querybuilder when picking a saved query +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'thumbnail' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into thumbnail. [mokaddem] +- Merge pull request #4392 from SteveClement/tools. [Andras Iklody] + + chg: [diag] Added a more dynamic way for submodule version status. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [chrisr3d] +- Merge pull request #4252 from mokaddem/sightingFiltering. [Steve + Clement] + + Sighting filtering +- Merge branch '2.4' of github.com:MISP/MISP into sightingFiltering. + [mokaddem] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] + + +v2.4.105 (2019-03-28) +--------------------- + +New +~~~ +- [diagnostic] Fetch submodules git status. [mokaddem] +- [export] Replaced the old non-cached export page. [iglocska] + + - uses restsearch + - similar UI to the cached exports +- [UI] FA5 update finalised. [iglocska] + + - includes helpers to untangle the branded icon mess +- [UI] disable threat level from the UI based on a server setting, fixes + #4359. [iglocska] + + - bye shitty deprecated field +- [UI] Move to FA 5. [iglocska] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [diagnostic] Added reload button for submodules git status. [mokaddem] +- [diagnostic] Changed submodule header table text. [mokaddem] +- [submodules] added skeleton for submodules git status - WiP. + [mokaddem] +- Additional Russian translation. [4ekin] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [UI] explain the authkey's source in the new server view, fixes #4368. + [iglocska] +- Bump PyMISP (test case bug) [Raphaël Vinot] +- Add details when the ACLs are broken. [Raphaël Vinot] +- Bump warninglists. [Raphaël Vinot] +- Bump pymisp (improve test cases) [Raphaël Vinot] +- Bump pymisp (more details in test cases) [Raphaël Vinot] +- Bump PyMISP - tests for #4355. [Raphaël Vinot] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [security] Fix to a reflected XSS in the default layout template. + [iglocska] + + - as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity +- [stix import] Fixed issues with additional namespaces. [chrisr3d] + + - Using a list where any additional namespace can + be added + - Catching any missing additional namespace with + the return code '4' raised in case of namespace + not found error +- I18n fixed in Views and updated default.pot. [4ekin] + + Updated default.pot file according Views and Controllers changes + Updated Views with i18n issues +- [enrichment view] Avoid displaying empty fields. [chrisr3d] +- Fixed i18n string representation and android logo. [4ekin] + + Fixed i18n string representation in views: + * Diagnostics + * Files + * Tabs + Fixed android icon dissapear in workers tab. +- Fixed i18n string representation in Server Controller and Model. + [4ekin] +- [stix export] Fixed tlp markings that were obscurly set to a wrong + value in some cases. [chrisr3d] + + - Setting incident handling object correctly + - Avoid using distribution levels to set tlp color +- [sync] Adding a new server caused the pull/push rules to be + incorrectly set to an empty string over '[]' causing sync issues, + fixes #4369. [iglocska] + + - this fix resolves the issue - new servers added should be fine + - it also retroactively fixes broken server connections +- [enrichment view] Fixed typo. [chrisr3d] +- [enrichment] Fixed results handling function name typo. [chrisr3d] +- [ACL Component] Added new function (for new modules format) in the + list. [chrisr3d] +- [bug] Fixed a bug that caused attributes not to save via the UI. + [iglocska] +- [UI] Inconsistend pluralisation fixed, fixes #4360. [iglocska] +- [UI] Remvoed broken edit org button for admins, fixes #4358. + [iglocska] +- Fixed i18n string representation in Views. [4ekin] + + Fix for a plenty of Views with incorrect localizations (only English + text shown) +- Fixed i18n string representation in Controllers. [4ekin] + + Fixed i18n string representation (flash and exception messages) in + controllers: + * OrganisationController + * RolesController + * TaxonomiesController +- [API] fixed adding malware-samples unencrypted with the encrypt key + set, fixes #4355. [iglocska] + +Other +~~~~~ +- Merge pull request #4337 from mokaddem/submoduleDiagnostic. [Steve + Clement] + + Submodule diagnostic +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4381 from 4ekin/fix-i18n. [Steve Clement] + + Fix i18n in Views and updated default.pot +- Merge pull request #4350 from 4ekin/russian_translation. [Steve + Clement] + + chg: additional Russian translation +- Merge pull request #4373 from 4ekin/fix-i18n. [Andras Iklody] + + Fix i18n and Android icon in workers +- Merge pull request #4370 from obert01/fix-matrix-submit-btn- + accessibility. [Andras Iklody] + + Make the submit button focusable (tabindex) in the matrix view. +- Make the submit button focusable (tabindex) in the matrix view. This + is necessary for use with screen readers. [Olivier BERT] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Wip: [enrichment view] Displaying sharing group distribution if + needed. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Wip: [enrichment view] Test returning data from the new form. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Wip: [enrichment view] Made IDS, comment and distribution changeable. + [chrisr3d] + + - Applied on each attribute and object attribute + returned as part of the module results +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4351 from 4ekin/fix-i18n. [Andras Iklody] + + Fix i18n in Controllers and Views + + +v2.4.104 (2019-03-21) +--------------------- + +New +~~~ +- [cluster] Display heatmap on the Att&ck Matrix for all tagged data. + fix #4344. [mokaddem] +- [tagging] Stop pre-populating forms for tagging / attaching of + galaxies. [iglocska] + + - avoids any potential CSRF issues, the form is fetched just in time for the submission +- [galaxyMatrix] Added possibility to pick a galaxy to view it's + statistic. [mokaddem] +- [Required taxonomies] [iglocska] + + - Flip taxonomies into required mode to ensure that events cannot be published without at least one tag from each required taxonomy to be set +- [REST client] Added history/bookmarks. [iglocska] +- [DistributionGraph] Added pie chart on sharing group. fix #4101. + [mokaddem] +- [galaxies] Allow deleting full galaxies. [iglocska] +- [exercises] Added a new setup script for configuring exercise + infrastructures rapidly. [iglocska] + + - assumes a hub MISP and a set of training MISPs for different participating teams + - This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them + - each instance has to have the same API key for the site admin (the idea is to clone training VMs) + + - configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances + - Just copy /var/www/MISP/app/Console/Command/training.default.json to /var/www/MISP/app/Console/Command/training.json and configure it to get started +- [Feeds] New overlap tool finished. [iglocska] + + - compare a feed against a combination of feeds/servers to find if you can cover the contents with a combination of other cached feeds +- [Feeds] Implementation of the feed coverage tool (WIP) [iglocska] +- [API] Add pagination related parameters to event index, fixes #4270. + [iglocska] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [statisticsMatrix] Improved redirection URL. [mokaddem] +- [db script] version bump. [iglocska] +- Updated comments. [mokaddem] +- [distributionNetwork] Prevent interactive picking in event index. + [mokaddem] +- [distributionNetwork] Improved consistency in event index and improved + UX - WiP. [mokaddem] +- [distributionNetwork] Added missing JS. [mokaddem] +- [distributionNetwork] Integration with event index - WiP. [mokaddem] +- [distributionGraph] Added bar chart and deferred distribution data + fetching process. [mokaddem] +- [distributionGraphNetwork] Improved sharing accuracy. [mokaddem] +- [distributionGraphNetwork] Adjusted gravitationalConstant and mass. + [mokaddem] +- [distributionGraph] Improved UI and added close button. [mokaddem] +- [distributionGraph] Added description on blocked distribution edge. + [mokaddem] +- [distributionGraph] Added possibility to focus on an organisation. + [mokaddem] +- [distributionGraph] Show `event is empty` if the event is empty. + [mokaddem] +- [distributionGraph] Added interactive plotting feature. [mokaddem] +- [distributionGraph] Pin node after drag. [mokaddem] +- [distributionGraph] Added support of sharing group - WiP. [mokaddem] +- [distributionGraph] Continuation of integration, basic distribution is + supported - WiP. [mokaddem] +- [distributionGraph] Started advanced distribution view. [mokaddem] +- [distributionGraph] Replaced all tabs by spaces. [mokaddem] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [Training] Further cleanup and interactive mode. [iglocska] + + - splitting of some nastier unreadable functions + - added interactive mode +- [REST] Disable all SSL validation if requested by the user. [iglocska] +- [REST] Disable all SSL validation if requested by the user. [iglocska] +- [Training script] Improvements. [iglocska] + + - Create reverse sync accounts/link on demand + - Create admin users for the player teams on demand + - Some minor fixes +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [cakephp version] bump. [iglocska] +- [training] Some additional changes. [iglocska] +- [training script] Added server indication. [iglocska] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [i18n] Various updates to translations, most notably French is at 100% + again. new: [i18n] Added initial Swedish and Polish translations chg: + [i18n] Updated default.pot. [Steve Clement] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [feeds] removed broken MISP feed. [Alexandre Dulaunoy] +- [feeds] inThreat feed removed as it's no longer available. [iglocska] +- [tasks] anchor typo fixed. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version (LS19 exercise) [Alexandre + Dulaunoy] +- [tools] misp-restore updates. Still WIP. Not working ATM. [Steve + Clement] +- [tools] Various changes to the misp-backup script to make it more + stable. Still WIP. [Steve Clement] +- [workers] Worker start script has initial support to only restart the + workers that are not running. [Steve Clement] + +Fix +~~~ +- [tools] Fixed empty variable check function. [Steve Clement] +- [stix2 export] Fixed comma typo. [chrisr3d] +- [stix2 export] Support of previous versions of python that are more + restrictive with arguments syntax. [chrisr3d] +- [exports] Fixed copy pasta fail breaking the cached exports. + [iglocska] +- [enrichment] Set distributions & sgs for all the possible views. + [chrisr3d] +- [enrichment] Fixed variable name typo. [chrisr3d] +- [freetext] Stop parsing dates as phone numbers. [iglocska] +- [bro] typo fixed that caused an exception, fixes #4343. [iglocska] +- Added missing view. [mokaddem] +- [taxonomies] Counts fixed. [iglocska] +- [ACL] fixed. [iglocska] +- [Galaxy:update] Cast GalaxyElement into a String Ensuring the correct + type before the insertion. [mokaddem] +- [ACL] Fixed ACL. [iglocska] +- [rest client] Made the links more obvious. [iglocska] +- [enrichment] Fixed $event variable handling + monkey typo. [chrisr3d] +- [diagnostics] search field removed from worker tab. [iglocska] +- [Training] Some clarifications. [iglocska] +- [Training] Function extraction fail. [iglocska] + + - Shame. Shame. Shame. +- [Training] Invalid user input capture fixed. [iglocska] +- [distributionNetwork] Added a threshold on the number of organisation + that can be displayed a time. Will need some more love later on. + [mokaddem] +- [ACL] Whitelisted `genDistributionGraph` [mokaddem] +- [disitributionNetwork] Empty cached org on redraw. [mokaddem] +- [distributionGraph] Transform associative array into regular array. + [mokaddem] +- [distributionGraph-network] fixed sharing group singleton. [mokaddem] +- [distributionGraph:network] Only use sharing group part of the event. + [mokaddem] +- [distributionGraph] Org's name with spaces can be focused. [mokaddem] +- [training] Added created sync users to the reporting. [iglocska] +- [enrichment] Added missing data field in attribute in case of + attachement type attribute. [chrisr3d] +- [eventFiltering] quickfilter on value does not filter on wrong + category anymore. [mokaddem] +- [Training] Interesting link. [iglocska] + + - Someone just told us about fmylife.com - if this day continues like this I might have to post there about the development +- [training] Inverse conditional fixed. [iglocska] +- [Training] Duplicate user add handling. [iglocska] +- [Training] Handle sync connections failing to be saved better. + [iglocska] +- [training] Small fix. [iglocska] +- [training] fixes to the org creation. [iglocska] +- News View add, index and Controller (flash messages i18n bug. [4ekin] +- Admin User index, view, edit i18n bug fix: User view i18n bug. [4ekin] +- Attributes index wrong ditribution field fix: Logs search bug i18n + fix: Organisations index bug i18n. [4ekin] +- Merge issue chg: Russian translation. [4ekin] +- [Training] Cause I'm a lumberjack and I'm ok. [iglocska] +- [Training] AAARGH. [iglocska] +- [training] Further work on the script. [iglocska] +- [training] Allow for self signed certs. [iglocska] +- [training] Siplified key management. [iglocska] +- [Training] Further fixes. [iglocska] +- [training script] Added some resilience to prior partial executions. + [iglocska] +- [training] Fixes based on failed executions. [iglocska] +- [training script] Case sensitivty fixed. [iglocska] +- [training script] verbose mode added. [iglocska] +- [training script] Minor fixes. [iglocska] +- [training] training setup script now correctly handles settings. + [iglocska] +- [UI] Removed input field from form where it's not applicable. + [iglocska] +- [API] resetting the authkey didn't respond with the new key before, + making automation difficult. [iglocska] +- [object references] Fixed an issue with the reference type not being + loaded correctly. [iglocska] +- ['rest client'] Python script generator fixed. [iglocska] +- [export] cached exports for bro were broken. [iglocska] + + - bro still hasn't been migrated to restsearch + - the exception for this in the caching algorithm called the wrong function +- [tools] misp-restore works a little better... still WiP. [Steve + Clement] +- [i18n] Stray file removed. [Steve Clement] +- [UI] Missing org logos added to statistics -> organisations page, + fixes #4271. [iglocska] +- More filter element i18n bug. [4ekin] +- Events index filter button i18n bug. [4ekin] + +Other +~~~~~ +- Merge pull request #4349 from SteveClement/tools. [Steve Clement] + + fix: [tools] Fixed empty variable check function +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4346 from mokaddem/matrixOnGalaxyLevel. [Andras + Iklody] + + new: [cluster] Display heatmap on the Att&ck Matrix for all tagged data. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Wip: [enrichment view] First version of the view for objects & + attributes returned from misp modules. [chrisr3d] + + - Visualization atm + - Submit button + related actions to come soon + - Possible changes on visual aspects to come too +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4308 from mokaddem/galaxyMatrixStat. [Andras + Iklody] + + Galaxy matrix statistics available for eligible galaxy +- Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixStat. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4342 from liviuvalsan/bug_fix_bro_export. [Andras + Iklody] + + Fixing bug when exporting to Bro MISP attributes from events that contain a percentage sign inside the event info +- Fixing bug when exporting to Bro MISP attributes from events that + contain a percentage sign inside the event info. [Liviu Valsan] +- Merge branch 'kafka' into 2.4. [iglocska] +- Publish events to Kafka. [Nikos Filippakis] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4341 from + liviuvalsan/attribute_performance_improvements. [Andras Iklody] + + Addressing performance issues for fetching attributes when blocking attributes via proposals +- Addressing performance issues for fetching attributes when blocking + attributes via proposals. [Liviu Valsan] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [enrichment view] Added side menu indications. [chrisr3d] + + - Same as for Freetext results. + - Replacing freetext results when no simplified + format is returned as module result + - Actual results view coming soon +- Wip: [enrichment] Handling module results and passing it to the view. + [chrisr3d] + + - Work in progress on the view right now +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4313 from pettai/RPZexport. [Andras Iklody] + + Add $time for Plugin.RPZ_serial +- Add $time for serial. [frpet] + + Add $time for generating unixtime as serial +- Merge branch 'extendedDistributionGraph' into 2.4. [mokaddem] +- Merge pull request #4309 from mokaddem/extendedDistributionGraph. + [Alexandre Dulaunoy] + + Improvement on distribution visualization +- Merge branch '2.4' of github.com:MISP/MISP into + extendedDistributionGraph. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + extendedDistributionGraph. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + extendedDistributionGraph. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into + extendedDistributionGraph. [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into + extendedDistributionGraph. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Wip: [enrichment] Capturing attributes & objects returned by modules. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4293 from 4ekin/russian_translation. [Steve + Clement] + + fix: Merge issue +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4299 from nikofil/zmq_flag_fix. [Andras Iklody] + + Fix checking of incorrect flags when publishing to ZMQ +- Fix checking of incorrect flags when publishing to ZMQ. [Nikos + Filippakis] + + * Check Plugin.ZeroMQ_event_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in Event.php + * Check Plugin.ZeroMQ_audit_notifications_enable instead of Plugin.ZeroMQ_user_notifications_enable in Log.php + * Check Plugin.ZeroMQ_object_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in MispObject.php +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Wip: [hover enrichment] Started changing hover enrichment as well. + [chrisr3d] + + - As for enrichment modules, it does not change + the support of the current modules, and should + not interfere with them either +- Wip: [enrichment] Started changing enrichment modules. [chrisr3d] + + - Passing full attributes to the new modules + - No changes for the currently used modules + - Using a parameter to specify which format to use + - Current format used if no parameter is set + /!\ WIP, more to be updated soon /!\ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4285 from SteveClement/tools. [Steve Clement] + + chg: [tools] More work on misp-restore, still WiP but a little more functional +- Merge branch '2.4' into tools. [Steve Clement] +- Merge pull request #4276 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Various updates to translations, most notably French is at 100% again. +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4275 from RichieB2B/ncsc-nl/workers-stop. [Andras + Iklody] + + Add workers stop script +- Add workers stop script. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4266 from RichieB2B/ncsc-nl/fix-sys-path. [Andras + Iklody] + + Add correct PyMISP_dir to sys.path +- Add correct PyMISP_dir to sys.path. [Richard van den Berg] +- Merge pull request #4265 from obert01/fix-index-accessibility. [Andras + Iklody] + + Event index: Aria label properties on view/edit/publish/delete links … +- Event index: Aria label properties on view/edit/publish/delete links + for better consistancy accross screen readers and accessibility + standards compliance. [Olivier BERT] +- Merge pull request #4262 from 4ekin/fix-wrong-i18n. [Andras Iklody] + + fix: Events index filter button i18n bug +- Merge pull request #4263 from SteveClement/tools. [Steve Clement] + + chg: [Tools] misp-backup/-restore improvements, quality of life improvements of worker start.sh + + +v2.4.103 (2019-03-04) +--------------------- + +New +~~~ +- Added ldapEmailField example and exaplanation. [iwitz] +- Add ldapEmailField config option. [iwitz] + + The ldapEmailField option can be used to specify different fields in which email addresses of Kerberos-authenticated users can be found. If this option is not used, it defaults to the 'mail' field, which makes it compatible with old configurations. +- [API] exposed change_pw function to the API, fixes #4256. [iglocska] +- [installer] Added tests. [Steve Clement] +- [cli] Added getWorkers to cake Admin Shell. It returns a JSON with the + status of the current workers. [Steve Clement] +- Add tests after install. [Raphaël Vinot] +- [eventview] Shows number of object in the event. [mokaddem] +- [UI] Rework of the attribute index toolbar on the event view. + [iglocska] +- [UI] Added quickfilter for the server settings. [iglocska] + + - no more **** around trying to find the right settings! +- [UI] Further work on the server settings UI. [iglocska] + + - overview reworked + - some minor adjustements +- [UI] Reworked the sharing group add/edit tool. [iglocska] +- [UI] rework of the server settings. [iglocska] +- [UI] Updated the server preview index to follow the new tab UI + standards. [iglocska] +- [UI] Refactored the feed preview index UI to the new tab system. + [iglocska] +- [Feed preview UI] Added quick filter to the MISP feed preview. + [iglocska] +- [UI] Added javascript to support the index filtering. [iglocska] +- [UI] Tied the index filter system into all indeces. [iglocska] + + - WIP: Event view +- [UI] Added new system to template index filters. [iglocska] +- [setting] Use the new setting to set the urls to the current instance + on sharing groups when pushing the info via the API. [iglocska] +- [setting] Added new setting to set external baseurl. [iglocska] + + - idea is to decouple the baseurl (used to prepend links) from the announce baseurl (for sharing groups / emailing) +- [Rest client] Download results as file. [iglocska] +- [API] restsearch returns more information about the export system used + via headers. [iglocska] +- [eventFiltering] Added support of toIDS. [mokaddem] +- [eventFiltering] Added support of server and feed hits filtering. + [mokaddem] +- [eventView] Attribute filtering tool - WIP. [mokaddem] +- Add pre-pagination result count to headers. [Hannah Ward] + + Fixes #4161 +- [galaxies] Added support of `kill_chain_order` in galaxies. [mokaddem] +- [matrix] Replaced the Att&ck matrix by a generic matrix viewer, + allowing custom matrix to be displayed. Also added the external id to + the chosen input. [mokaddem] +- Add CORS settings for external integration. [Hannah Ward] +- [UI] Moved the global menu to the new system. [iglocska] +- [UI] Added templates for the new global menu system. [iglocska] +- [installer] Added progress bar and spinner. [Steve Clement] +- [installer] Added function to build the installer. [Steve Clement] +- [installer] Generic support functions. [Steve Clement] +- [installer] Initial scaffolding and notice about upcoming installer + scripts. [Steve Clement] +- [UI] Finished refactor of the side menu. [iglocska] +- [UI] side menu post link element added. [iglocska] +- [CLI] verbose mode added to runUpdates. [iglocska] +- [Tag API] New tag search api to search for tags. [iglocska] + + - simply pass the value you want to search for. Use % for wildcards + - case insensitive + - taxonomy and galaxy metadata returned with tag +- [CLI] execute all db updates to bring MISP up to date with any + changes. [iglocska] + + - mimics logging in via the UI +- [UI] Further refactoring to use the modern meta table UI. [iglocska] +- [UI] metaview refactor. [iglocska] + + - event view uses the new parametrised system + - massive reduction of weird custom UI stuff to prepare MISP for a move to bootstrap 4 + - should fix the dodgy UI issues that @rommelfs was experiencing on his Playmobil laptop +- [API] Log search API now allows for last style time ranges using the + created field. [iglocska] +- [UI] Added change tracking sparkline to the event view. [iglocska] +- [tools] Experimental tool to upgrade MISP via GitHub. [Steve Clement] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- Remove debug. [mokaddem] +- Reduce complexity of authenticate function. [iwitz] + + * create function getEmailAddress to reduce the complexity of the authenticate function + * fix indentation of comments in the authenticate function +- [installer] Shortened usr-local-src checker. Added better curl install + example. [Steve Clement] +- Bump PyMISP to 2.4.103. [Raphaël Vinot] +- [ReST interface] fix typo in label. [Alexandre Dulaunoy] +- [galaxy_matrix] Added submit button again to please.. they will + recognize themselves. [mokaddem] +- [installer] Level installer. [Steve Clement] +- [doc] One more line to make SSL a little more secure. [Steve Clement] +- [doc] Some formatting for the apache conf files and some incentives to + be more secure by default. [Steve Clement] +- [doc] Added small apache hardening tip chg: [installer] regenerated + installer. [Steve Clement] +- [installer] Do not try and initialize mysql if the user table exists + new: [installer] Nuke an instance. [Steve Clement] +- [installer] Make php versions more flexible if not 7.2. [Steve + Clement] +- [recommended versions] Added note on deprecating PHP 7.1 and Python + 2.7. [iglocska] +- Bump PyMISP, new object templates, fix failing tests. [Raphaël Vinot] +- Bump PyMISP, again. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [UI] Event index icons switched to FA in preparation of the BS4 move. + [iglocska] +- [objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Updated script to use systemd for workers and modules. + [Steve Clement] +- [doc] Bumped Kali version, updated misp-modules startup way, CentOS + typo fix. [Steve Clement] +- [tools] misp-workers.service need to be able to be installed on a + stick MISP install (Ubuntu) other flavours want to be marked as such. + (and in a seperate directory, ideally, etc/systemd/system) chg: + [tools] Backup script todo added chg: [tools] worker start script todo + and fix me added. [Steve Clement] +- [attribute row] to_ids flag edition is done with a checkbox + prompt. + [mokaddem] + + Previously, was a select. +- [quickEdit UI] Does not resize a column anymore. [mokaddem] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [eventMatrix] Added description of the cluster title and set default + score to 0. [mokaddem] +- [UI] Highlight scope toggle if scope is selected. [iglocska] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- Added a dot and sanitization of the id. [mokaddem] +- [eventIndex] When clicking on the correlation count in the event + index, filter the viewed event with `correlation only` [mokaddem] +- [UI] added icon for background workers. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [querystring] bumped. [iglocska] +- [cleanup] Junk removed. [iglocska] +- [UI] nav tabs ontop of lists should be able to display custom titles + on hover. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [internal] Allow the quickfilters to work on URLs that include more + than just the baseurl+controller+action. [iglocska] +- [CS] indentation. [iglocska] +- [doc] Move Debian9 stable install instructions to xPerimental status + as only Python 3.5 is supported by default but PyMISP needs 3.6 (There + are no easy clean ways to install >3.5) chg: [installer] various + changes and cleanups in the installer. [Steve Clement] +- [installer] Parsed installer update. [Steve Clement] +- [doc] Minor OpenBSD 6.4 tweaks (works again now ;) [Steve Clement] +- [installer] Make installer more verbose again, some output is actually + needed. [Steve Clement] +- Update hover UI. [wagena] + + - add some logic to choose better hover placement + - make hover hide on outside click, to allow using the scrollbar to view + full hover + - add an icon in the hover tooltip to turn it into a popup + - move popup close button to better position + - group attributes for each module in hover UI + - prevent duplicate enrichment api queries once the first one is done +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [cleanup] removed unused template. [iglocska] +- [eventFiltering] Added support of feed and server while filtering + objects. [mokaddem] +- [eventFiltering] IU/UX Improvements. [mokaddem] +- [tags] Improved perfs on tag retrieval (all tags belonging to an + event) [mokaddem] +- [eventFiltering] Started integration of tag filtering - WiP. + [mokaddem] +- [eventFiltering] Prevent multiple `searchFor` entries. [mokaddem] +- [eventfiltering] Added more sanitization. [mokaddem] +- [eventFiltering] Prepend base url. [mokaddem] +- [eventFiltering] display the number of active rules. [mokaddem] +- [eventFiltering] Improved detection of advanced filtering. [mokaddem] +- [eventFiltering] Simplified filtering conditions and fixed `deletion` + proposal layout. [mokaddem] +- [eventFiltering] First version on the event filter tool. [mokaddem] +- [eventFiltering] WIP - UI displays all elements. [mokaddem] +- [eventFiltering] WIP - Simplified filtering conditions. [mokaddem] +- [eventFiltering] WIP - fixed filtering bugs and improved warning + filtering. [mokaddem] +- [eventFiltering] WIP -Improved filtering and UI. [mokaddem] +- [eventFiltering] WIP - Integrating new filtering behavior into Model. + [mokaddem] +- [eventFiltering] Bumped flag skip_empty. [mokaddem] +- [eventFiltering] Moved searchFor to the top. [mokaddem] +- [eventFiltering] Improved UI - WIP. [mokaddem] +- [eventFiltering] Improved UI and added filter link. [mokaddem] +- [eventFiltering] Improved filtering tool - WIP. [mokaddem] +- [eventFiltering] renamed file. [mokaddem] +- [eventView] moved attribute filtering tool in its own file. [mokaddem] +- Simplified condition 2. [mokaddem] +- Simplified condition. [mokaddem] +- [galaxy_matrix] TEMPORARY - Merge scores of both deprecated and mitre- + attack galaxy namespace for the matrix view. [mokaddem] + + This commit aims to still have correct scores in the galaxy_matrix until the fixMitreTags functions is not live and running +- [generic_picker] added an icon to show that a galaxy will trigger the + matrix galaxy picker. [mokaddem] +- [galaxy] json_encode kill_chain_order in beforeValidate. [mokaddem] +- [galaxy_matrix] renamed view_matrix into view_galaxy_matrix. + [mokaddem] +- [galaxy_matrix] cleanup in variable names to be more generic. + [mokaddem] +- Removed test code. [mokaddem] +- Deleted (now useless) attack matrix view. [mokaddem] +- [galaxies] Updated view to support `kill_chain_order` [mokaddem] +- [attackMatrix] Improved layout + fixed bug (carret on scale do not go + out of bound anymore) [mokaddem] +- [attackMatrix] UI: improved color scale - WiP. [mokaddem] +- [attackMatrix] Updated the matrix to match the changes in the mitre + galaxies and improved layout - WiP. [mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Security warning at step 5. [iwitz] +- [installer] Added missing final Install script. [Steve Clement] +- [kali] Final kali tests done. [Steve Clement] +- [kali] Last tweaks to make sure all deps are present. [Steve Clement] +- [installer] Added checkLocale. [Steve Clement] +- [kali] undo evil hack, sleep a while, maybe the disable sleep + interferes with the execution of the script. [Steve Clement] +- [kali] Make sure redis-server is installed early. [Steve Clement] +- [installer] More fixes to the installer, mostly kali. [Steve Clement] +- [m2m] Added libcaca for faup. [Steve Clement] +- [installer] Considered Web Installer option new: [installer] Added + ssdeep. [Steve Clement] +- [installer] mail2misp typo. [Steve Clement] +- [installer] Nicer end. [Steve Clement] +- [installer] First working version. [Steve Clement] +- [installer] Make sure the template engine is called correctly chg: + [installer] If we su to MISP_USER, make sure we are not already. + [Steve Clement] +- [installer] Minor tweak. [Steve Clement] +- [installer] Pre-Install place holder. [Steve Clement] +- [installer] Added more documentation chg: [kali] Fixed /usr/local/src + perm issue. [Steve Clement] +- [installer] -A considered. [Steve Clement] +- [installer] Moved some dependencies around. [Steve Clement] +- [installer] First version of potentially working installer. [Steve + Clement] +- [kali] More fixes. [Steve Clement] +- [kali] added venv. [Steve Clement] +- [kali] A new kali install locks APT, added progressive sleep. [Steve + Clement] +- [kali] Installer wants to wait until apt is released chg: [installer] + Update from template. [Steve Clement] +- [installer] Ran template, commiting changes. [Steve Clement] +- [installer] Minor tweaks. [Steve Clement] +- [installer] Added autognerated script and template. [Steve Clement] +- [installer] Symlink to template. [Steve Clement] +- [doc] More fixes to installer builder. [Steve Clement] +- [doc] Temporary installer workaround. [Steve Clement] +- [doc] Search and replace vars. [Steve Clement] +- [doc] Added more details on how to stitch the file together. [Steve + Clement] +- [doc] Added missing file. [Steve Clement] +- [doc] Move some code out of the doc and into a file chg: [installer] + Moved all the scripts into respective snippet tags. [Steve Clement] +- [doc] More shuffling around to make it more logical chg: [installer] + More cake tweaks, misp-modules grouping. [Steve Clement] +- [installer] Various tweaks and functionizing stuff. [Steve Clement] +- [installer] Main install script wants to pull in all function + depenecies. Please avoid to source shell scripts somewhere else, it + breaks overview. [Steve Clement] +- [installer] Misp global vars. [Steve Clement] +- [installer] Seperated dependencies for php 7.3 and 7.2. [Steve + Clement] +- [installer] Added some known Debian based falvours. [Steve Clement] +- Remove unnecessary settings. [iwitz] +- Set apache as files owner. [iwitz] + + this is to be able to update through the web interface +- Update software versions. [iwitz] +- [refactor] Side menu generic templates moved. [iglocska] +- [UI] Some modifications to the side menu link element. [iglocska] +- Test url for proxy. [iwitz] + + this way the check works even if only github is whitelisted by the web proxy +- [doc] license for the logos added. [Alexandre Dulaunoy] +- Add stix2 installation. [iwitz] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [Tag search API] now also accepts synonyms as input. [iglocska] +- [documentation] Added new CLI function to automation page. [iglocska] +- Improved setup bug workaround. [iwitz] +- Update php version warning. [iwitz] +- No more assumption that only 1 shell is used. [iwitz] + + scl enable was used in step 3 to make php, mysql and redis available in a new shell and during the rest of the installation process it was assumed that the same shell was used. The steps are a bit less interdependent now. +- Add index to all commands. [iwitz] + + this is useful when only some steps apply to a particular environment +- Tell people to *not* use this document. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [internal] Moved time resolution to appmodel. [iglocska] +- [objects] misp object templates updated to the latest version. + [Alexandre Dulaunoy] +- [PyMISP] Bump version. [Raphaël Vinot] +- [generic_picker] Prevents multiple useless redrawing. [mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [tools] Made it a little more universal. [Steve Clement] + +Fix +~~~ +- [API] hacky fix to capitalisation issues between the old /events/index + camelcased parameters and the newer lowercased one, fixes #3855. + [iglocska] +- [grammar] Pluralisation fixed for the freetext import results, fixes + #4021. [iglocska] + + - Sunday last minute commit aced +- [installer] Tests should now run correctly chg: [m2m] Added more + functions to faup. [Steve Clement] +- [API] Allow adding objects without having the correct template via the + API fixed. [iglocska] +- [installer] Installer will never execute due to misplaced ; [Steve + Clement] +- [installer] Minor install fix. [Steve Clement] +- [installer] Various fixes of missing dependencies. [Steve Clement] +- [vulnerability] Fixes a vulnerability where a user can view sightings + that they should not be eligible for. [iglocska] + + - requires access to the event that has received the sighting + - affects instances with restrictive sighting settings (event only / sighting reported only) + + - as reported by Tyler McLellan of CanCyber.org +- RunTests method was totally broken. [Raphaël Vinot] +- [UI] Contributors - file left off. [iglocska] +- [UI] Contributor list fixed. [iglocska] +- [feed] Feed pulls don't update the timestamp of the event. [iglocska] + + - affects freetext feeds + - this blocks the further propagation of the modifications +- [ACL] added toggleToIDS. [iglocska] +- [generic_picker] fix #4219 (Adding ObjectReference) [mokaddem] +- [docs] added object template update CLI command to the automation + page. [iglocska] +- [API] Attribute edit error response fixes, #4221. [iglocska] +- [UI] show object UUID via the UI. [iglocska] +- [performance] Massive performance bug resolved for taxonomy tag + selector. [iglocska] +- [UI] Fixed exclamation point for critical alerts in server settings. + [chrisr3d] +- Typo parameter. [mokaddem] +- [UI] Fixed issues with the eventattribute tabs, fixes #4211. + [iglocska] +- [UI] Worker tab missing in diagnostic tool. [iglocska] +- [UI] Invalid requirements passed to scaffolding system in regards to + the show attribute context button. [iglocska] +- [UI] Another switch to FA. [iglocska] +- [UI] Switched to FA for the warning icons on the attribute values. + [iglocska] +- [correlation UI] Fixed an issue where the cache contained correlations + to a feed/server that is no longer in the DB. [iglocska] +- [enrichment] UI errors fixed when no modules are enabled. [iglocska] + + - also fixed the weird indentation +- [UI] Don't show the filter bar in the server settings where it + wouldn't do any good. [iglocska] +- [UI] Fix add object menu item. [iglocska] + + - make the scaffolding system aware of the possibility that "this" might get passed along to javascript +- [UI] Side menu missing the update warninglists button. [iglocska] +- [UI] Alignment issue resolved on the user view. [iglocska] +- [UI] Fixed a bug in the UI that caused the event filtering to break. + [iglocska] +- [UI] Pass the server ID to the view for the menu's consistency. + [iglocska] +- [DB] removed not null constraint of the kill chain order field, fixing + 4198. [iglocska] +- Object could not be added with no full group by enabled, fixes #4195. + [iglocska] +- [installer] unary operator... chg: [installer] dirty notes in pre- + flight check function. [Steve Clement] +- [installer] small fix to check if dmidecode is present. [Steve + Clement] +- Fixed list regex menu option, fixes #4197. [iglocska] +- [UI] New thread button fixed. [iglocska] +- [UI] Terms and conditions & removed from button. [iglocska] +- [UI] Add sharing group button removed if no permissions present. + [iglocska] +- [UI] trash icon was black on black on event multi delete. [iglocska] +- [stix2 import] Fixed marking parsing to avoid trying to add None. + [chrisr3d] +- [UI] side menu truncated settings in the global actions scope. + [iglocska] +- [SMIME] Formating issues resolved. [iglocska] +- [API] Invalid URL parameter suggested in rest client templates for the + attribute edit endpoint, fixes #4159. [iglocska] +- [UI] Logout fixed. [iglocska] +- [eventview] too many arguments. [mokaddem] +- [massEdit] UI bug in the synonyms. [mokaddem] +- [distributionGraph] restaured filtering capabilities. [mokaddem] + + Broken since the new event filtering tool +- [eventFiltering] Removed debug commands. [mokaddem] +- Do not increment count after DB query. [Hannah Ward] +- Expose x-result-count to CORS. [Hannah Ward] +- [matrix_score] get values regardless of the galaxy. [mokaddem] +- [UI] UI monkey cannot z-index. [iglocska] +- Re-add CORS headers on REST Response. [Hannah Ward] +- [galaxy] prevent drawing view when galaxy_cluster does not exist. + [mokaddem] +- [merge] added forgotten file... [mokaddem] +- [doc] gitchangelo from pip now works un Python 3.7 as expected chg: + [doc] Tried to have a more or less clean new Changelog in docs. [Steve + Clement] +- [installer] Variable typo for Base URL chg: [installer] Renamed + installCoredDeps. [Steve Clement] +- [installer] Various changes to where we output messages. [Steve + Clement] +- [installer] More kali fixes and some ubuntu tweaks. [Steve Clement] +- [installer] Kali was missing maec. [Steve Clement] +- [installer] Kali still had bugs. Most fixed. [Steve Clement] +- [installer] Various fixes for depency installs. [Steve Clement] +- [installer] Options setting now works. [Steve Clement] +- [kali] Various kali fixes to make it install in unattended mode fix: + [installer] Various fixes to the installer. [Steve Clement] +- [kali] On kali, some times apt is locked, we need to consider that. + [Steve Clement] +- [installer] Viper is stuborn. [Steve Clement] +- [installer] Updated main installer fix: [doc] Viper can be installed + with Python3.7. [Steve Clement] +- [installer] fix typo. [Steve Clement] +- [installer] -ne (== NOT EQUAL != NOT EXIST Grr...) [Steve Clement] +- [installer] Added apt update for Kali, fixed some ifs' [Steve Clement] +- [installer] fix typo. [Steve Clement] +- [UI] post links broken in the side menu. [iglocska] +- [UI] removed org would throw notice errors if they are still contained + in a sharing group. [iglocska] + + - a situation that should not occur without tampering that is normal on a dev instance anyway, but just in case +- [UI] Fixed extended by field. [iglocska] +- Rhel7 diagnostics page detection. [iwitz] +- Working directory in update function. [iwitz] + + fixes a path problem mentioned in issue #3528 +- [UI] Fixed menu linking for change_pw action. [iglocska] +- [CS] tab fixes. [iglocska] +- [CS] indentation fix. [iglocska] +- [UI] Potential fix for the weird popover behaviour. [iglocska] +- [UI] restored user menu when viewing a user's profile as admin. + [iglocska] +- Typo in tag ID query. [Hannah Ward] +- [Feeds API] blackholes due to invalid csrf check relaxation call. + [iglocska] +- Bugfix of event info not shown when MISP.showorgalternate is on. + [Christophe Vandeplas] +- [UI] Trailing \ removed from org names on the event index. [iglocska] +- [API] Galaxies still present as Tag in JSON export fixes #4133. + [Christophe Vandeplas] +- [style] consistent space indentation. [Christophe Vandeplas] +- [ACL] tags/search added to the ACL. [iglocska] +- Do not use obsolete rc.local init file. [iwitz] +- [stix import] Fixed detection of observable_composition objects. + [chrisr3d] + + - Was sometimes passing the text even if no observable + composition object was actually defined, because an + observable object can have the observable_composition + attribute even when it has no actual value +- [stix 1&2 import] Using local version of PyMISP & MISP Objects. + [chrisr3d] + + - So the PyMISP part will not depend on the version + installed with pip anymore + - Need also to specify the MISP Objects path because + it is not available from PyMISP subdirectories +- Lief installation. [iwitz] + + * unnecessary steps removed + * irrelevant comment removed + * instructions updated to compile lief for python 3.6 instead of 2.7 + * install lief in the folder where the other dependencies are so that it is detected by the diagnostics page +- Grammar. [iwitz] +- [API] Events add/edit return correct error code on failure. [iglocska] +- [stix export] Support of deprecated python versions. [chrisr3d] +- [UI] org view with domain restrictions had a layout breaking long key. + [iglocska] +- [restsearch] download as a first parameter should default to json. + [iglocska] +- [UI] event view UUIDs capitalised. [iglocska] +- [UI] title of org images fixed. [iglocska] +- [ui] Safari.... [iglocska] +- [UI] lol. [iglocska] +- [UI] UI experts at work. [iglocska] +- [UI] small fix. [iglocska] +- [ui] small fix. [iglocska] +- [ui] small fix. [iglocska] +- Disable stix test with PyMISP on travis. [Raphaël Vinot] +- [generic_picker] fix #4083. When picking, force exact match (instead + of `contains`) [mokaddem] +- [ui] small ui fix. [iglocska] +- [stix2 export] Fixed attribute counting on restSearch. [chrisr3d] +- [php min version] Bumped to 7. [iglocska] + + - not enforced yet + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3827 from MISP/fix3819. [Steve Clement] + + Allow getting object attribute via rest query. fix #3819 +- Allow getting object attribute via rest query. fix #3819. [mokaddem] +- Merge pull request #3589 from iwitz/add-email-field-option-for- + kerberos-authentication. [Steve Clement] + + Add email field option for kerberos authentication +- Merge branch '2.4' into add-email-field-option-for-kerberos- + authentication. [Steve Clement] +- Merge pull request #3658 from ancailliau/issue-3639. [Steve Clement] + + Fixes issue #3639 +- Fixes issue #3639. [Antoine Cailliau] +- Merge pull request #4259 from SteveClement/guides. [Steve Clement] + + chg: [installer] Various updates including PyMISP tests +- Merge pull request #4243 from raw-data/2.4. [Alexandre Dulaunoy] + + [add] MalSilo feeds tracking commodity malware +- [add] MalSilo feeds tracking commodity malware. [raw-data] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4250 from SteveClement/tools. [Steve Clement] + + new: [cli] Added getWorkers to cake Admin Shell. It returns a JSON with the status of the current workers. +- Merge remote-tracking branch 'upstream/2.4' into tools. [Steve + Clement] +- Merge pull request #4249 from SteveClement/guides. [Steve Clement] + + chg: [installer] Added tests +- Merge pull request #4248 from SteveClement/guides. [Steve Clement] + + chg: [installer] Various updates to the installer. Also tested towards latest Ubuntu 18.04.2 +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4237 from Rafiot/install_tests. [Andras Iklody] + + new: Add tests after install +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4230 from SteveClement/guides. [Steve Clement] + + new: [installer] Update installer to make use of systemd service units +- Merge pull request #4229 from SteveClement/tools. [Steve Clement] + + chg: [tools] Various updates to CLI tools +- Merge branch '2.4' into tools. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4203 from eCrimeLabs/2.4. [Andras Iklody] + + Update defaults.json (Phishtank - Exclude through regex) +- Updated defaults.json. [eCrimeLabs] + + Bugfixed Phishtank +- Update defaults.json. [eCrimeLabs] + + Updated Phishtank feed with regex to exclude Phishtank url's + \/^http:\\\/\\\/www.phishtank.com\/i +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4202 from obert01/fix-tag-search. [Andras Iklody] + + Fixed search for cluster value in /tags/search +- /tags/search was only looking for cluster synonyms, but not in cluster + values. [Olivier BERT] +- Merge pull request #4201 from bartblaze/2.4. [Alexandre Dulaunoy] + + Update README.md +- Update README.md. [Bart] + + * Several small fixes + * Add Zeek (new Bro name) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4194 from gallypette/hotfixGlobalMenuSeparator. + [Andras Iklody] + + Fix #4193 GlobalMenuSeparator not checking Roles +- Fix #4193 GlobalMenuSeparator not checking Roles. [Jean-Louis Huynen] +- Merge pull request #4187 from RichieB2B/patch-5. [Alexandre Dulaunoy] + + Fix errors in TagCollections import +- Fix errors in TagCollections import. [Richie B2B] +- Merge pull request #4185 from SteveClement/guides. [Steve Clement] + + chg: [doc] Move Debian9-stable install instructions to xPerimental +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4183 from DomainTools/update-hover-ui. [Alexandre + Dulaunoy] + + chg: Update hover UI +- Fix Useless assignment to local variable. [wagena] +- Fix missing variable declaration. [wagena] +- Merge branch '2.4' into update-hover-ui. [wagena] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4169 from RichieB2B/patch-4. [Alexandre Dulaunoy] + + Fix broken "List Tags" link +- Fix broken "List Tags" link. [Richie B2B] +- Merge pull request #4076 from mokaddem/eventFiltering. [Alexandre + Dulaunoy] + + Event filtering tool +- Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. + [mokaddem] +- Merge remote-tracking branch 'origin/2.4' into eventFiltering. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. + [mokaddem] +- Merge branch '2.4' into eventFiltering. [mokaddem] +- Merge pull request #4165 from MISP/bugfix/x-result-count. [Andras + Iklody] + + [fix] Correct X-Result-Count +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4164 from MISP/tempoparyFixMatrixStat. [Alexandre + Dulaunoy] + + Tempopary fix galaxy_matrix heatmap (mitre-attack) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4158 from MISP/bugfix/disappearing-cors-headers. + [Andras Iklody] + + fix: re-add CORS headers on REST Response +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4156 from mokaddem/udpatedMatrix. [Alexandre + Dulaunoy] + + Improved Att&ck Matrix +- Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4157 from MISP/feature/cors-options-request. + [Andras Iklody] + + new: Add CORS settings for external integration +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4155 from iwitz/patch-5. [Andras Iklody] + + RHEL7 installation security warning at step 5 +- Merge pull request #4152 from SteveClement/guides. [Steve Clement] + + new: [installer] MISP has now an Install Script for Ubuntu 18.04 - 18.10 and Kali +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #4146 from hackunagi/2.4. [Alexandre Dulaunoy] + + Fix on folder with misp.local.key +- Merge pull request #2 from hackunagi/hackunagi-patch-1. [Carlos + Borges] + + Fixing folder with misp.local.key +- Fixing folder with misp.local.key. [Carlos Borges] + + ### Work environment + + | Questions | Answers + |---------------------------|-------------------- + | Type of issue | Documentation Update + | OS version (server) | CentOS + | OS version (client) | Ubuntu, ... + | PHP version | 7.1 + | MISP version / git hash | 2.4 + | Browser | If applicable + + ### Expected behavior + Follow procedures to install, with no errors. + + ### Actual behavior + Error to create ssl keys, while following procedures. + The steps to create openssl private keys on line 335 point to file in /etc/pki/tls/certs/misp.local.key, while later in line 338 it looks for file in /etc/pki/tls/certs/misp.local.key. + + + ### Steps to reproduce the behavior + + + ### Logs, screenshots, configuration dump, ... +- Merge pull request #1 from MISP/2.4. [Carlos Borges] + + Merge to original MISP repository +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4136 from iwitz/fix-rhel7-diagnostics-page. + [Andras Iklody] + + Fix rhel7 diagnostics page +- Merge pull request #4147 from iwitz/patch-3. [Andras Iklody] + + fix: working directory in update function +- Merge pull request #4149 from iwitz/patch-4. [Andras Iklody] + + Update software versions in RHEL7 installation procedure +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4139 from iwitz/patch-1. [Andras Iklody] + + Change test URL for proxy +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4138 from obert01/warning-icon-fix. [Andras + Iklody] +- Accessibility: added aria properties for the warning list icon, which + was not visible for screen readers. [Olivier BERT] +- Merge pull request #4140 from iwitz/patch-2. [Andras Iklody] + + Add STIX2 installation to RHEL7 installation procedure +- Merge pull request #4137 from MISP/bugfix/tag-rest-edit-incorrect-id. + [Andras Iklody] + + fix: Typo in tag ID query +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4128 from iwitz/add-systemd-unit-rhel7. [Steve + Clement] + + chg: [RHEL7] Add systemd unit file in installation procedure +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [diagnostic] Added check for STIX2 python library. [chrisr3d] +- Merge pull request #4123 from czechnology/2.4. [Andras Iklody] + + Add LDAP network timeout +- Add LDAP network timeout. [Martin Kulhavy] +- Merge pull request #4121 from iwitz/remove-centos-install-step. [Steve + Clement] + + Remove CentOS step in RHEL7 installation procedure +- Remove centos step. [iwitz] + + The instruction to enable the SCL repos is already provided in step 1.4, + and the package centos-release-scl does not exist on RHEL7. The fact + that step 1.4 may not work on a trial subscription is not relevant + because assumptions 0.1 and 0.2 specifically state that a support + agreement is required to be able to complete the installation. +- Merge pull request #4118 from iwitz/fix-rhel7-lief-installation. + [Steve Clement] + + Fix RHEL7 lief installation instructions +- Merge pull request #4125 from iwitz/fix-scl-shell. [Andras Iklody] + + RHEL7 installation fix implicitly SCL-enabled commands +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4117 from kara-1234/patch-2. [Andras Iklody] + + Allow HTTPD to send Emails +- Allow HTTPD to send Emails. [kara-1234] + + Update to allow httpd to send emails. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- [stix2] Bumped stix2 python library latest updates. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Revert "fix: [UI] small fix" [iglocska] + + This reverts commit 1c8d725f8ddaeaab7384faf104c83db2fa7741be. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.102 (2019-02-01) +--------------------- + +New +~~~ +- [kali] Added debug function and breakpoints. [Steve Clement] +- [doc] Initial MISP with Letsencrypt doc. [Steve Clement] +- [installer] Initial bash installer functions. [Steve Clement] +- [doc] moved kali script to generic debian installer script. [Steve + Clement] +- [CLI] Server settings refactored, fixes #4074. [iglocska] + + - moved most of the codebase to the model + - streamlining of the setting change + - hooked the callback system into the CLI version of the setter +- [sighting] Searching for attributes allows to add sightings on the + attribute id or value. [mokaddem] +- [objectReference] Usage of the generic_picker for improved UX. + [mokaddem] +- [dependencies] Added CryptGPG and a dependency thereof to the INSTALL + dir. [iglocska] + + - workaround for the pear.php.net pwnage +- [Tag collections] Export/import tag collections added. [iglocska] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Added more comments and implemented base parameter logic. + [Steve Clement] +- [datamodel] me being stupid. [Alexandre Dulaunoy] +- [datamodel] anonymised updated. [Alexandre Dulaunoy] +- [datamodel] second step validation for anonymised attribute type. + [Alexandre Dulaunoy] +- [datamodel] anonymised is any category. [Alexandre Dulaunoy] +- [doc] Copyright dates updated. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [kali] Major rewrite of install script. [Steve Clement] +- [doc] Added CentOS vs. RHEL note. [Steve Clement] +- [doc] script name change. [Steve Clement] +- [doc] pear needs root permissions as it is installed to /usr/lib. + [Steve Clement] +- [doc] Partially fixed Centos 7 install procedure. Now uses https by + default. [Steve Clement] +- [doc] Remove update-alternatives, dumb idea to change default Python, + for now. [Steve Clement] +- [doc] Added initial misp-modules cake sugar. [Steve Clement] +- [doc] Added symlink to generic debian installer for bward compat. + [Steve Clement] +- [restsearch] Improvements to the restSearch APIs to function better + with URL parameters. [iglocska] + + - fixed returnFormat for events/restSearch + - added page and limit to the list of parameters +- [sightings] Hover sighting UI improvement. [iglocska] +- [feed correlations] Don't attach feed correlations to attributes that + have correlations disabled. [iglocska] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [type] zeek attribute added (Zeek is the new name of Bro) [Alexandre + Dulaunoy] + + Both attribute types, zeek and bro will coexist as exchange of NIDS + rules under the old names is common in various MISP sharing communities. +- [sighting] Added generic hovering support for `openPopover` + added + support of this feature for sightings. [mokaddem] +- [org view] show creation/modification times. [iglocska] +- [rest] Bumped `sighting/add{values}`` documentation. [mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- [generic_picker] Improved the way option templates/data are passed to + the view (now done by JS only) [mokaddem] +- [generic_picker] Improved memory usage + use of sprintf. [mokaddem] +- [galaxy clusters] selectCluster function opened up to the API for + reasons. [iglocska] +- [doc] add standard MISP logo in SVG format. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [documentation] Added the description of URL parameters to the + automation page. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Pump PyMISP, use pipenv in travis. [Raphaël Vinot] +- [eventIndex] replaced tag HTML node from to [mokaddem] + + So that it indicates that cliking on the tag triggers an action (search + in this case), but also to be consistent UI-wise + + Part of the project: ~ Making Deborah happy! ~ +- [generic_picker] Prevent decoding if additionalData is not set. + [mokaddem] +- Deleted useless commented line. [mokaddem] +- [generic_picker] fixed icon path and added more resilience in case of + resizing. [mokaddem] +- [layouts] Removed doT.js dependency (not needed anymore) [mokaddem] +- [generic_picker] Improved UI. [mokaddem] +- [ObjectReference] this was bugging me.. [mokaddem] +- [generic_picker] Improved UI. [mokaddem] +- [generic_picker] improved layout. [mokaddem] +- [generic_picker] added support of infoExtra for pills. [mokaddem] +- [generic_picker] moved sanitization to views. [mokaddem] +- [generic_picker] all view using the generic_picker now use the + generic_picker view elements - WIP. [mokaddem] +- [generic_picker] use php generic_picker elements for constructing the + template server side. - WIP. [mokaddem] + + Previously, it was done client side +- [doc] Fix kali script, php7.2 was used by apache. Add reference to + mkdocs depency. [Steve Clement] +- [doc] Added gengeric update section update Debian testing for new + stix2. [Steve Clement] +- [i18n] Updated: Czech 4%, Danish 53%, German 21%, French 95%, Italian + 39%, Japanese 95%, Korean 3%, Brazilian Portuguese 6%, Spanish 3% new: + [i18n] Hungarian, Russian, Ukrainian, Simplified Chinese. [Steve + Clement] +- [composer] composer.json updated. [iglocska] +- [query] Query string bump. [iglocska] + +Fix +~~~ +- [restsearch] CSV special parameters added to the URL parameters. + [iglocska] +- [stix 1&2 export] Switched attachment parameter to make it work. + [chrisr3d] + + - When using the url to query restSearch, withAttachements + is the correct parameter to use instead of includeAttachements + which works btw well with the rest Client anyway +- [eventGraph] Adding relation via the graph correctly pick the correct + element in the confirm modal. [mokaddem] +- [proposal] Repaired deletion proposal (db save) [mokaddem] +- [proposal] Repaired deletion proposal. [mokaddem] +- [stix 1&2 export] Using the restSearch API instead of the old download + one. [chrisr3d] +- [kali] updated composer chksum. [Steve Clement] +- [installer] Fixed a bug when run on kali. [Steve Clement] +- [stix export] Monkey typo. [chrisr3d] +- [stix export] Fixed malware samples (within file objects) parsing. + [chrisr3d] + + - Depending if there is the attachment or not +- [deprecated stix export] fixed, parameters weren't correctly taken + into account. [iglocska] + + - affects /events/stix +- [API] Use restresponse to view an added event via /events/add. + [iglocska] +- [Tagging] MITRE galaxies fixing function. [Christophe Vandeplas] + + This function still needs to be called from an upgrade script. +- [redirect on login] Fixed an issue where ajax queries would store + their URL in the redirect URL field. [iglocska] +- Check also event.org_id when validating event ownership in order to + fetch attributes. [Patrizio Tufarolo] + + Fixes #1918 +- [Tagging] Tagging an element with multiple tag collection works as + expected. [mokaddem] + + Previously, it would only add the latest tag collection +- [sighting] Bug adding sightings on every attributes. [mokaddem] + + When trying to add a sighting to a value via the REST API, + if a value was given to the key `values` instead of an array, + the Model function `addSighting` would *crash* and skip the condition on + the value, consequently adding a sighting on every attributes. +- [UI] Popover gets closed correctly if button clicked twice. reuse + generated popover id instead of one-side generation. [mokaddem] +- [tagging] attachTagToObject wasn't updating the timestamp of the + target object. [iglocska] +- [description] setSetting CLI command description fixed. [iglocska] +- [api] attirbutes/restSearch forced json format by mistake, fixes + #4064. [iglocska] +- [redirect] Correctly redirect to the requested URL after a login, + fixes #4005, fixes #1301. [iglocska] +- [events ui] fix to the event view pagination reseting sorting, fixes + #4058. [iglocska] +- [sightings] Re-added advanced sightings to the search results. + [iglocska] +- [Model] Fixed includeAttachments parameters for stix 1&2 export. + [chrisr3d] +- [internal] Fetching galaxies broken into atomic queries to avoid + massive parameter lists. [iglocska] +- [automation] Clarification of the different timestamp parameters. + [iglocska] + + - we missed describing the input formats +- [API] removed invalid parameter lookup. [iglocska] +- [API] Fixed the handling of AND-ed and OR-ed URL parameters. + [iglocska] +- [Model] Added disable_correlation flag to the attributes of the + original imported file object. [chrisr3d] +- [stix import] Updated one condition test to avoid failing with Custom + Objects. [chrisr3d] +- [stix import] Removed unexpected print. [chrisr3d] +- [stix import] Quick variable cleanup. [chrisr3d] +- [stix import] Importing data frfom malware-sample single attributes. + [chrisr3d] +- [stix import] Importing malware-sample attributes and their data + fields within File objects. [chrisr3d] +- [stix import] Fixed syntax typo issue. [chrisr3d] +- [stix export] Exporting malware-sample value within the corresponding + observable. [chrisr3d] + + - In case the malware-sample values are not the + same as the filename & md5 ones in the object +- [attribute] Prevent undefined index on tag filtering. [mokaddem] + + As tags are popped from the attribute scope first, they will not be + available in the event scope. +- [restsearch] Added returnformat to URL parameters. [iglocska] + + - attributes/restSearch was additionally missing the published filter +- [interna] deprecated text() function's tag filter fixed. [iglocska] +- [filters] Negative tag filters ignored event tags on the attriute + search. [iglocska] + + - as reported by @hel10wor1d +- [copy-pasta] Oops. [iglocska] +- [stix] Missing data fields added to object malware samples. [iglocska] +- [stix export] Syntax quick fix. [chrisr3d] +- [ObjectReference] Making everyone happier. [mokaddem] +- Mass edit and AttackMatrix work again on objectAttributes. [mokaddem] +- [stix export] Avoid loss of filename and md5 values in File object. + [chrisr3d] + + - We take them from malware-sample value if they do not exist +- [stix export] Faster & Shorter attributes dictionary creation + function. [chrisr3d] +- [stix export] Removed not used additional param of the artifact object + creation function. [chrisr3d] +- [stix export] Exporting data from malware-sample attributes in file + objects. [chrisr3d] + + - Observable composition for the file object + - Data in malware-sample attribute is exported as Artifact Object + - The rest of the file rermains unchanged and exported as File +- [performance] query tweak to fool old crappy versions of mysql. + [iglocska] +- [sighting] prevent ID collision in the UI. Sighting canvas is now + correctly positioned regardless of the id. [mokaddem] +- [doc] The kali script should work again now. [Steve Clement] +- [stix import] Passing observable title to avoid None value on + attachment attributes imported. [chrisr3d] +- [stix import] Fixed id fetching. [chrisr3d] +- [server correlation] Fixed broken correlation link on the event level. + [iglocska] +- [UI] annoying empty event warning removed when filtering event + attributes. [iglocska] +- [attribute warnings] financial warnings not showing up in the warnings + tab. [iglocska] +- [gitmodules] updated. [iglocska] +- [stix2] added attachment inclusion to the download from stix2 UI + element. [iglocska] +- [freetext import] Handle cases where a value can be both a hash and a + btc address better. [iglocska] +- [performance] Potential performance fix for older MySQL versions using + the wrong index as key during fetchAttributes() [iglocska] + + - observer a server prioritising the deleted flag index when filtering attributes, leading to a massive performance loss + - hacky solution to make deleted and object_id (during flattening) indeces unusable +- [stix2 export] Fixed event labels fecthing. [chrisr3d] +- [stix2 import] Importing TLP Marking definition objects only. + [chrisr3d] + + - Following the changes on export script +- [stix2 export] Faster tags handling function. [chrisr3d] + + - Compressed the function, removing some useless + lines / variables +- [stix2 export] Exporting only TLP tags as MarkingDefinition. + [chrisr3d] + + - The other tags are (as before a recent change) + exported as labels + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4075 from obert01/cluster-detach-accessibility. + [Andras Iklody] +- Accessibility: Added ARIA properties on the "detach" button for + clusters. [Olivier BERT] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4073 from SteveClement/guides. [Steve Clement] + + chg: [installer] Added more comments and implemented base parameter logic +- Add: [datamodel] anonymise type added. [Alexandre Dulaunoy] + + Anonymised value - described with the anonymisation object via a relationship + + Anonymisation object definition: https://www.misp-project.org/objects.html#_anonymisation +- Merge pull request #4071 from SteveClement/guides. [Steve Clement] + + chg: [kali] Major update to Kali Install script +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Revert "fix: [API] Use restresponse to view an added event via + /events/add" [iglocska] + + This reverts commit 66037a36c55c66d4d2fe41f71619bc79e27dfdc5. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3995 from patriziotufarolo/2.4. [Andras Iklody] + + fix: check also event.org_id when validating event ownership in order to fetch attributes. Fixes #1918 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4053 from Rafiot/pipenv. [Raphaël Vinot] + + chg: Pump PyMISP, use pipenv in travis +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4049 from obert01/logs-accessibility-fix. [Andras + Iklody] + + Accessibility fix in the Logs view +- Accessibility: Fixed the aria-label properties of the filter buttons + in the Logs view. [Olivier BERT] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4041 from mokaddem/UIObjectReferences. [Sami + Mokaddem] + + Improved generic_picker and object references +- Merge branch '2.4' into UIObjectReferences. [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4046 from SteveClement/guides. [Steve Clement] + + fix: [doc] Kali installer now working again +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #4037 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Updated and added Localizations +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix framing] Added Artifact Object in the list. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Update INSTALL.ubuntu1804.md. [Andras Iklody] +- Update INSTALL.debian9.md. [Andras Iklody] +- Update INSTALL.rhel7.md. [Andras Iklody] +- Added crypt_gpg alternate installer. [Andras Iklody] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #4033 from andreybolonin/patch-1. [Alexandre + Dulaunoy] + + add php 7.3 to travis +- Add php 7.3 to travis. [Andrey Bolonin] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.101 (2019-01-20) +--------------------- + +New +~~~ +- [feeds] Opened up feed inspection to host org users and added servers + to overlap matrix. [iglocska] +- [remote caching] First release version of the remote caching. + [iglocska] +- [server caching] Initial version WIP. [iglocska] +- [UI] PopoverConfirm now support shortcut (/+ to + submit and to Cancel) [mokaddem] +- [attackMatrix] Added support of chosen in the ATT&CK Matrix. + [mokaddem] +- [addObject] adding objects is done via the generic_picker. [mokaddem] +- [galaxy] Added bulk galaxy tagging. [mokaddem] +- [UI] generic_picker - WIP. [mokaddem] +- [cache export] Added the includeEventUuid flag to the output. + [iglocska] +- [publishing] Unpublish function added. [iglocska] + + - users were jumping through hoops to unpublish an event +- [UI] disable attribute correlation during creation / modification. + [iglocska] +- [config backup] Added logging and a second protective measure. + [iglocska] + + - if the current config.php is hosed, don't start the backup process and overwrite the backup +- [galaxies] adding galaxies no longer needs a full refresh of the page. + [iglocska] + + - use the new ajax function to get the galaxy information returned +- [galaxies] added new function to show galaxies in ajax queries. + [iglocska] +- [tag collections] Add default tag collection per instance. [iglocska] +- [tag collections] First feature complete minimal version of the tag + collection system. [iglocska] +- [tag collections] Added missing views. [iglocska] +- [tag collections] Renamed tagCollectionElement to tagCollectionTag. + [iglocska] +- [tag collections] WIP. [iglocska] +- [WIP] tag collections WIP. [iglocska] +- [tag_collections] Added db upgrade. [iglocska] +- [Tag collections] Added boilerplate models. [iglocska] + +Changes +~~~~~~~ +- [remote cache] Further progress on caching remote instances. + [iglocska] +- [tagging] Added more ordering while displaying results. [mokaddem] +- [Object] Added pre-choice of object meta-category. [mokaddem] +- [refactor] Slight refactor for getAttributesTags() [iglocska] +- [cleanup] Removal of duplicate code. [iglocska] +- [generic_popover] Pressing destroy the popover. [mokaddem] +- Fixed LGTM JavaScript analysis alerts. [mokaddem] +- [refacto] removed useless code and views. [mokaddem] +- [css] indent. [mokaddem] +- [eventView] Replaced link by span. [mokaddem] + + So that the focus is not done when clicking on it +- [attackMatrix] removed useless view. [mokaddem] +- [UI] WIP - generic_picker improved title management of popover. + [mokaddem] +- [UI] WIP - generic_picker remove popover on tag deletion. [mokaddem] +- [UI] WIP - generic_picker popover is attached to body. [mokaddem] + + Needed to add reference to the original node that toggle the popover +- [UI] WIP - generic_picker slightly improved tag template. [mokaddem] +- [UI] WIP - generic_picker replaced galaxy deletion alert by confirm + popover. [mokaddem] +- [UI] WIP - generic_picker deleting tags uses popover. [mokaddem] +- [UI] WIP - generic_picker add warning message if number of option is + to large. [mokaddem] +- [UI] WIP - generic_picker filter galaxies by synonyms. [mokaddem] +- [UI] WIP - generic_picker display expanded taxonomy info. [mokaddem] +- [UI] WIP - generic_picker added tag styling and additional data in + option. [mokaddem] +- [UI] WIP - generic_picker automatically switch to submit pills if + applicable. [mokaddem] +- [UI] WIP - generic_picker added custom chosen event to support + redrawing after searches. [mokaddem] +- [UI] WIP - generic_picker prevnet drawing empty option. [mokaddem] +- [UI] WIP - generic_picker improved template (show more fields) + [mokaddem] +- [UI] WIP - generic_picker added templating system for select options. + [mokaddem] +- [tagging] WIP - bulk galaxy tagging on attribute and event. [mokaddem] +- [tagging] WIP - bulk tagging via generic picker on event and complete + support for TagCollection. [mokaddem] +- [tagging] WIP - bulk tagging via generic picker on tag level. + [mokaddem] +- [taxonomy choice] replace old popup view by the generic pre-picker. + [mokaddem] +- [doc] Updated date of testing. [Steve Clement] +- [doc] Updated Ubuntu 18.04 install and all generic generic + dependencies. [Steve Clement] +- [Taxonomy] disable (hide) tags when disabling parent taxonomy. + [mokaddem] +- [galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [internal] timestamp resolution for time ranges should reorder the + conditions. [iglocska] + + - always take from (smaller timestamp) to (larger timestamp), no matter the order which they were entered in +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Added publish timestamp to the event view. [iglocska] +- [stix] Bumped latest version of cti-python-stix2. [chrisr3d] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [datamodels] fix hassh and hasshserver typo. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version (hassh-md5 and hasshserver-md5) + added. [Alexandre Dulaunoy] +- [datamodels] new types hassh-md5 and hasshserver-md5 added. [Alexandre + Dulaunoy] + + "HASSH" is a network fingerprinting standard which can be used + to identify specific Client and Server SSH implementations. + The fingerprints can be easily stored, searched and shared + in the form of an MD5 fingerprint. + + Fix #4007 +- [feeds] mirai.security.gives feed added. Fix #4009. [Alexandre + Dulaunoy] +- [MISP objects] Bumped latest version. [chrisr3d] +- [stix2 import] Importing Marking Definition objects from STIX files + generated with MISP. [chrisr3d] + + - Import of Marking Definition objects as tags + - Import at attribute and event level + - Import of Marking Definition objects from external STIX files at event + level only +- [doc] Updated documentation about stix2 python library installation. + [chrisr3d] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [stix2] Bumped latest cti-python-stix2 version. [chrisr3d] +- [stix2 export] Exporting tags as Marking Definition. [chrisr3d] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [cleanup] removed some more leftover junk. [iglocska] +- [cleanup] Removed obsolete CLI tasks. [iglocska] +- [automation] described feed previews via the API template system. + [iglocska] +- [session] Added warning about setting the timeout to 0. [iglocska] +- [documentation] Added JSON structure update commands to CLI + documentation. [iglocska] +- [refactor] Refactoed attachCluster to be more model agnostic. + [iglocska] +- [tag collection tag] Renamed Model references in the codebase. + [iglocska] +- [generic index] Fixed scoping issue with rows. [iglocska] + +Fix +~~~ +- [caching] Some minor fixes. [iglocska] +- [ACL] ACL updated. [iglocska] +- [AttackMatrix] Stopped comparing string with integer. [mokaddem] +- [generic_picker] avoid having option's name as an array key. + [mokaddem] +- [generic_picker] hide div if `empty` is selected. [mokaddem] +- [tags] picking all tags removed galaxies in the picker. [mokaddem] +- [tag collections] Adding tags to tag collections fixed. [iglocska] +- [ACL] small ACL fix. [iglocska] +- [Tag collections] Fix case of several tag IDs being passed. [iglocska] +- [ACL] Restrict tag collection modification to tag editors. [iglocska] +- Added some more escaping. [mokaddem] +- [UI] prevent failing if generic_picker is not in a popover. [mokaddem] +- [JS] switch to local variable. [mokaddem] +- [App] Bump queryVersion. [mokaddem] +- [attackMatrix] do not throw an error for an edge case where the user + did not have full permission. [mokaddem] +- [tagCollection] typo in variable name preventing addition of tag for + non-admin users. [mokaddem] +- [massageTag] variable name collision causing tags to disappear. + [mokaddem] +- [tagCollection] galaxies can be removed from tag collections. + [mokaddem] +- [MassEdit] Prevent undefined clusters/tags if unset + enforce + attribute perms. [mokaddem] +- [UI] generic_picker prevented nested redrawing. [mokaddem] +- [Unpublish] variable not set when not in event context (i.e. + revise_object) [mokaddem] +- [internal] EventID filter now accepts uuid and ID correctly. + [iglocska] +- [UI] notice error fixed for tag filters in attributes/search. + [iglocska] +- [internal] Fixed uuid/id lookups not working on the attribute level. + [iglocska] +- [UI] mismatched button class usage for discussions. [iglocska] + + - this was driving me nuts. +- [doc] Updated Kali scripts. [Steve Clement] +- [stix2 import] Fixed copy paste monkey 'self' missing error. + [chrisr3d] +- Avoid ignoring stix2 scripts. [chrisr3d] +- [stix2 import] Fixed default event & attribute distribution values. + [chrisr3d] +- [stix import] Fixed default event & attribute distribution values. + [chrisr3d] +- [attribute search] Restore pivoting from attribute tag to the + attribute search results. [iglocska] + + - contrary to the pre-API-refactor versions, inherited event tags are also taken into account +- [attribute search] Trigger the result screen instead of the search + form if the tags parameter is provided via the URL in a GET request. + [iglocska] +- [API] correctly handle custom delimiters in the filter builder. + [iglocska] +- [stix2 import] Fixed imported galaxyCluster uuids. [chrisr3d] + + - Which are actually collection_uuids +- [stix2 export] Fixed GalaxyCluster uuid fetching. [chrisr3d] + + - Which is actually collection_uuid +- [stix2 import] Using a STIX2 object attribute instead of its + dictionary format. [chrisr3d] +- [stix2 export] Fixed MISP tags parsing. [chrisr3d] + + - To support composite predicates + - Also changed variable names to match with + the actual tag part names +- [stix2 export] Fixed wrong variable name. [chrisr3d] +- [stix2 export] Parsing relationships at the end of the event. + [chrisr3d] + + - Minor change only impacting the order of the STIX Objects + - But cleaner code (relationship parsing code in a function) +- [event] attributes quick tagging. [mokaddem] + + scope used to be singular (attribute instead of attributes), it is know set accordingly +- Fixes javascript issue #3952. [Christophe Vandeplas] +- [eventView] restored bulk tagging feature. [mokaddem] + + Since the introduction of the tag collection, bulk tagging of items in + the event view stopped working (Behavior of tag's view changed to use scoping instead + of calculated variables in the tag's Controller) +- [stix2 export] Cleaned up the link attributes parsing. [chrisr3d] + + - Removed useless class attribute + - Cleaned up the parsing code itself +- [stix2 import] Avoid error on fetching relationship by uuid. + [chrisr3d] + + - Fixes an issue that did not put (for instance) + Galaxies on attribute level within the attribute + because of the uuid fetching error +- [stix2 import] Better parsing of external single attributes. + [chrisr3d] + + - To parse relationships concerned by the attribute, + at the same time, if needed +- [timeout setting] Fixed invalid cooke timeout name. [iglocska] +- [tag collections] Fixed hook to reload galaxies. [iglocska] +- [ACL] Added ajax function to ACL. [iglocska] +- Bumped cti-python-stix2 latest version. [chrisr3d] +- [api] editing organisation attributes, other than name. [Jan Skalny] +- [galaxies] Some minor fixes with the ajaxification. [iglocska] +- [galaxies] added new view that wasn't finished for the previous commit + (stil WIP) [iglocska] +- [over-sanitisation] cleared up over-sanitised message in the events + controller. [iglocska] +- [ACL] Added missing function. [iglocska] +- [tag collections] Fixed several bugs linking to the wrong tag + collection when attaching them to an event/attribute. [iglocska] +- [tag collections] Fixed an issue where if a collection was added that + already had all tags attached from before, the process would get stuck + with no feedback to the user. [iglocska] +- [taxonomies] Tag list empty fixed. [iglocska] +- [data model] added the fix to the org_id field in the tag table to the + mysql.sql file. [iglocska] +- [data model] fixed a bug that caused org_id fields to be tinyint(1) + for org_ids on tags. [iglocska] +- [tag collections] fixed galaxies not showing up. [iglocska] +- [added missing controller] tag collections controller. [iglocska] +- [model linking] Made tag collection tag dependent of tag. [iglocska] +- [db update] Fixed update script for tag collection tags. [iglocska] +- [cleanup] removed tagCollectionElement. [iglocska] +- [js] Various fixes with adding/removing tags. [iglocska] + +Other +~~~~~ +- Merge branch 'features/server_caching' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge branch 'UISelector' into 2.4. [mokaddem] +- Merge branch '2.4' into UISelector. [mokaddem] +- Fix/new: [attackMatrix] Attack Matrix works again + added support in + tag collection. [mokaddem] +- New/fix: [MassEdit] Allow addition/deletion of tags and clusters on + selected attributes + Lots of usage bug fixes. [mokaddem] +- [UI] generic_picker merged the pre_picker into the picker - WIP. + [mokaddem] +- Merge pull request #4028 from SteveClement/guides. [Steve Clement] + + Guides +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #4020 from chkp-aliaksandrt/fix-issue-3977-tagged- + attributes-search. [Andras Iklody] + + Fix of tagged attributes search +- Fix of tagged attributes search, displaying tag name instead of + numeric Tag ID Closes #3977. [chkp-aliaksandrt] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #4018 from SteveClement/guides. [Steve Clement] + + fix: [doc] Updated Kali scripts. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix2 import] Importing Marking Definition objects from external + STIX files at attribute level. [chrisr3d] +- Add: Added stix2 scripts subdirectory to gitignore. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] +- Merge pull request #3989 from cvandeplas/2.4. [Andras Iklody] + + fix: Fixes javascript issue #3952 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'tag_collections' into 2.4. [iglocska] +- Merge branch '2.4' into tag_collections. [iglocska] +- Add: [stix2 import] Added a pattern type in the mapping. [chrisr3d] +- Merge pull request #3980 from JanSkalny/2.4. [Andras Iklody] + + fix: [api] editing organisation attributes, other than name +- Merge branch '2.4' into tag_collections. [iglocska] + + +v2.4.100 (2018-12-31) +--------------------- + +New +~~~ +- [restClient] Added support of URL param in the querybuilder widget. + [mokaddem] +- [restClient] Transform query to json, more descriptions and layout + changes. [mokaddem] + + - Added a lightweight query parser to construct the JSON body from the query builder + - Added more help text on API fields + - Added help hoover on API fields (when applicable) + - Added `optgroup` in template select + - Slight CSS modification on the overall page + - Changed behavior of template fetching (template existance is checked locally, do not wait before pulling the API info HTML) +- [rest client] added first draft of querybuilder widget. [mokaddem] +- [attributes] Add cdhash attribute, 40+ digit hash, default Payload + delivery, ids=1 (#3965) [Daniel Roethlisberger] +- [eventview] value quickedit are triggered by clicking a button And no + longer using double-click. [Sami Mokaddem] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [objects] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [restClient] small css change. [Sami Mokaddem] +- [restClient] Still show help for nested parameters instead of + crashing. [Sami Mokaddem] +- [restResponse] removed space in parameters. [Sami Mokaddem] +- Deleted comments. [Sami Mokaddem] +- [restClient] Do not show empty rule if builder shown after template + picking. Reset the query builder rules if templates is not picked + before showing the builder. [Sami Mokaddem] +- Re-indented view file. [Sami Mokaddem] +- [restClient] prevent usage of query builder if template not picked. + [Sami Mokaddem] +- [restClient] added `show query builder` button. [Sami Mokaddem] +- [restClient] re-indented the whole file. [Sami Mokaddem] +- [restclient] moved all javascript into its own file. [Sami Mokaddem] +- [querybuilder] added new js dependencies (chosen, query-builder, doT, + extendext and moment) [root] +- [querybuilder] injected tags are now injected by name instead of ID + (allowing sql LIKE) [Sami Mokaddem] +- [Model] swapped openioc and json so that json is selected by default. + [mokaddem] +- [rest client] re-ordered fields by alphabetical order. [mokaddem] +- [rest client] added some overwrite functions. [mokaddem] +- Bump PyMISP, again. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [Objects] Sorts object references types in add reference form (#3969) + [Christophe Vandeplas] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [eventView] added quickEdit button for Category, Type and IDS fields + + Changed IDS representation (from YES/NO to checkbox) [Sami Mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [UI] Clarify the definition of "hide_tag" to an unselectable tag. + [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version (major update in Malpedia) + [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [eventView] applied quick-edit button for comment field. [Sami + Mokaddem] +- [quickEditHover] change variable scope to local. [Sami Mokaddem] +- [eventGraph] added fail save if requiredOneOff is not set. [Sami + Mokaddem] +- [WIP] added function meant to resolve id vs uuid issues for the UI + attribute search. [iglocska] + + - still needs some love +- Bumped lastest cti-python-stix2 changes from our fork. [chrisr3d] +- [stix] Changed cti-python-stix2 submodule to our fork. [chrisr3d] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP recommended version. [Raphaël Vinot] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] + +Fix +~~~ +- [cleanup] Fixed a few issues. [iglocska] + + - unnecesary access to controller from component fixed (load component instead) + - confusion between private and public variables resolved + - some minor fixes for rules +- [restClient] form submission is working again. was blackholed due to + form tampering. [Sami Mokaddem] +- [ui] prevent glitchy popover by increasing item size. [Sami Mokaddem] +- [object references] Editing an event failed to save new object + references. [iglocska] +- [expansion] Hover broken after pagination fixed. [iglocska] +- [stix2 export] Fixed number_of_sections field in STIX PE extenstion. + [chrisr3d] + + - Avoiding issues when the section referenced in the + MISP pe object is actually not in the event +- [stix2 export] Added required field pe_type in STIX PE extension. + [chrisr3d] +- [stix2 export] Fixed GalaxyCluster UUID fetching. [chrisr3d] + + - Supporting the latest changes on UUID field name + for Galaxy clusters + - Still supporting the previous UUID field name in + the case of a terminal execution, with a former + version of Galaxy clusters +- [stix2 export] Some fixes on 'Attribute' ObjectReference key + missing + self argument. [chrisr3d] +- [stix2 export] Removed not used function. [chrisr3d] +- [stix2 export] Added interoperability parameter to all created STIX + objects. [chrisr3d] + + - In order to avoid crashes on MISP data generated via the STIX import +- [stix2 export] Fixed GalaxyCluster uuids key fetching. [chrisr3d] +- [tools] Fixes missing sort in the PyMISP describeTypes generation + (#3966) [Christophe Vandeplas] +- [publishing] Fixed several bugs in the background job responsible for + publishing events. [iglocska] +- [stix2 export] Fixed field name Attribute for ObjectReference + checking. [chrisr3d] +- [stix 1&2 export] Checking if a referenced pe-section is indeed in the + event before trying to parse it. [chrisr3d] +- [correlations] Invalid orgc loaded in the attribute level + correlations, fixes #3948. [iglocska] +- Make IE11 compliant by adding startsWith polyfill. [Tom King] +- Make IE11 compliant by removing default param value from ES2015. [Tom + King] +- Make IE11 compliant by removing default param value from ES2015. [Tom + King] +- [CLI] usage output fixed for the server shell tasks. [iglocska] +- [sync] Fixed an incorrectly formatted event index output when + minimal:1 is passed, breaking the sync pull. [iglocska] + + - ffs +- [server preview] fixed sharing groups linking to the equivalent ID + sharing group on the local instance. [iglocska] +- [api] Fixed event index to include sharing group metadata. [iglocska] +- [Restresponse] fixed XML converter. [iglocska] +- [compatibility] reverted IE11 breaking change in misp.js, fixes #3939. + [iglocska] +- [feeds] Fixed an issue that caused a misp format feed fetch to fail + intermittently. [iglocska] +- [upload_analysis_file] Prevent object creation on non-existing events. + [Sami Mokaddem] +- [eventGraph] Object's label gets set correctly Add both requiredOneOf + and required (forgotten one) fields in the Object's label. [Sami + Mokaddem] +- [sync] Issue with events not updating on a pull. [iglocska] + + - overzealous protection removed + - Conditions blocking an event edit via a pull now rely on the locking mechanism, relaxed via an internal sync link +- [UI] hover size fixed and scroll bar added. [iglocska] + + - part of the keep @rommelfs happy project +- [stix import] Fixed parsing of Custom objects. [chrisr3d] +- [stix 1&2 import] Fixed version attribute of the original filename. + [chrisr3d] +- [doc] Updated install guide to include the latest changes on STIX2 + python library. [chrisr3d] +- [stix2 import] Allowing import of STIX 2.0 documents that have non v4 + UUIDs. [chrisr3d] + + - Some further operations may be done on those UUIDs later + - Atm, we (at least) avoid loading errors from the stix2 python library +- [API] Attribute tags could be added by 3rd parties via the API. + [iglocska] + + - fixed +- [objecttemplates] fixes issue #3921. [Christophe Vandeplas] +- [API] tags/attachTagToObject wasn't unpublishing events correctly. + [iglocska] +- [attachement] prevent creation of empty event. [Sami Mokaddem] +- [restSearch] Using the correct python version to call STIX scripts. + [chrisr3d] + + - Using the correct python defined in virtual env, + if available, and the default global python3 + otherwise + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3974 from eCrimeLabs/2.4. [Alexandre Dulaunoy] + + Update Attribute.php +- Update Attribute.php. [eCrimeLabs] + + Added ja3-fingerprint-md5 as a deticated data type. Also updating the object for ja3 +- Merge branch 'qb' into 2.4. [iglocska] +- Fix+new [restClient] fixed merge glitch and added support of + `includeProposals` [Sami Mokaddem] +- Merge remote-tracking branch 'origin/2.4' into querybuilder. [Sami + Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3909 from ruiwen/fix_postgres. [Andras Iklody] + + fix: dev: Update POSTGRES-*.sql files +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3956 from dawid-czarnecki/fix/disable_correlation. + [Andras Iklody] + + Fix disabling correlations for single attributes +- Fix disabling correlations for single attributes. [Dawid Czarnecki] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3954 from kfinny/fix-enrich-event-job-not-marked- + as-completed. [Andras Iklody] + + Fixes #3907, enrich event job not marked as completed. +- Fixes #3907, enrich event job not marked as completed. [Kevin] + + The enrichment background process did not do anything to update the job + after completing its task. I used the same logic as the adjcacent + 'publish' function to record progress, update the message and create a + log entry. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3942 from tomking2/2.4. [Andras Iklody] + + fix: Make IE11 compliant by adding startsWith polyfill +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3941 from tomking2/2.4. [Andras Iklody] + + fix: Make IE11 compliant by removing default param value from ES2015 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3940 from mokaddem/issue#3937-quickEdit. [Andras + Iklody] + + new: [eventview] quick edits are triggered by clicking a button +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3932 from davidonzo/2.4. [Alexandre Dulaunoy] + + Mod headers to be enabled +- Mod headers to be enabled. [Davide Baglieri] + + Apache configuration needs to load the headers module. + Added the line #103 +- Merge pull request #3927 from cvandeplas/2.4. [Andras Iklody] + + fix: [objecttemplates] fixes issue #3921 +- Merge pull request #3924 from keram79/patch-1. [Andras Iklody] + + Fix error handling in Server.php +- Fix error handling in Server.php. [keram79] + + according to http://php.net/manual/de/exception.getmessage.php , the parenthesis are required +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.99 (2018-12-06) +-------------------- + +New +~~~ +- [usability] Object templates view also accepts uuid as input vector. + [iglocska] +- [UI] Added warning for users not to edit events as site admins. + [iglocska] +- [CLI] Documentation updated. [iglocska] +- [Rest] Added system for GET requests in the templating system. + [iglocska] +- [ReST] Added statistics. [iglocska] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP recommended version. [Raphaël Vinot] +- [doc] Updated CentOS 7 Install instructions to use SSL. [Steve + Clement] +- [doc] Some format updates to config files new: [doc] CentOS SSL apache + config fix: [doc] Fixed symlink to Ubuntu webmin instructions. [Steve + Clement] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] + +Fix +~~~ +- [stix import] Fixed missing event fields import. [chrisr3d] + + - Such as event info, event date and so on +- [STIX2] fixed stix2 to use the internal original file capture. + [iglocska] +- [internal] Fixed the original file capture tool. [iglocska] +- [UI] Fixed event edit warning. [iglocska] +- [stix import] Fixed indicators parsing. [chrisr3d] + + - For stix1 generated with MISP +- [stix import] Made sure the header description value fetching test is + working is all cases. [chrisr3d] +- [internal] Handle the upload of original versions of ingested files + via a helper function instead of leaving it to external tools. + [iglocska] +- [model] Network activity category: add x509-fingerprint-md5 and x509 + -fingerprint-sha256. [co59] +- [stix import] Fixed header description value fetching. [chrisr3d] + + - Again yes, but with the correct test now +- [UI] Fixed crappy old style flash mesage on events/add that has been + an eye sore for ages. [iglocska] +- [stix2 import] Fixed pattern parsing for a specific case. [chrisr3d] +- [CLI] Added bruteforce protection cleaning. [iglocska] +- [API] previous commit fixed. [iglocska] +- [internal] When editing an object to add new attributes, correctly set + the default distribution if nothing is set. [iglocska] +- [API] object edit fixed to return the object in the correct format. + [iglocska] +- [API] when adding an object, the response should have the correct + format. [iglocska] +- [internal] if no attribute distribution is found in the event edits, + set the default instead of defaulting to 0. [iglocska] +- [i18n] Added __() where needed. fix: [doc] Typo in field. [Steve + Clement] +- [freetext] fix notice on freetext import. [Sascha Rommelfangen] +- [stix2 import] Function name typo. [chrisr3d] +- [stix2 import] Handling cases where we have no galaxy. [chrisr3d] +- Fixed elements returned by the url object parsing function. [chrisr3d] + + - Was raising an unexpected exception in a special + case, which was skipping the entire object, + because of a missing element to return +- [merge conflict] resolved, [iglocska] + + - as notified by @a1ext + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3912 from Sh3idan/fix-incoherence-types-and- + categories. [Andras Iklody] + + fix: [model-data] Network activity category: add x509-...-md5 and x509-...-sha256 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3914 from SteveClement/guides. [Steve Clement] + + chg: [doc] Some format updates to config files +- Merge pull request #3770 from devnull-/issues_1643_rebase_2.4. [Andras + Iklody] + + Issues 1643 -- Fix publish_without_email when an event is modified -- rebase +- Merge pull request #8 from MISP/2.4. [devnull-] + + Update issue 1643 rebase 2.4 +- Rebase issue 1643. [Amaury Leroy] +- Merge pull request #5 from MISP/2.4. [devnull-] + + Update +- Merge pull request #4 from MISP/2.4. [devnull-] + + Update +- Merge pull request #3 from MISP/2.4. [devnull-] + + Update +- Merge pull request #3910 from SteveClement/2.4. [Steve Clement] + + fix: [i18n] Added __() where needed. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3905 from WaryWolf/fix-xml-export. [Andras Iklody] + + fix typo in event export to XML code +- Fix typo in called method name. [Anthony Vaccaro] +- Add: [stix2 import] Parsing external standalone ip address + observables. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix2 import] Importing external standalone ip address patterns. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.98 (2018-11-26) +-------------------- + +New +~~~ +- [server settings] Added automatic backup system for the server + settings. [iglocska] +- [UI] Explain what caching vs fetching feeds means. [iglocska] + + via hover column header +- [API] Various enhancements and fixes to the APIs. [iglocska] + + - Added result count to restsearch API via the x-result-count header + - Added the includeProposals parameter to the attribute level restsearch + - Readability of events controller improved + - Fixed a bug blocking malware samples from being added using /events/add when the encrypt=1 flag was set for raw sample inclusion +- [users/mails] Added possibility to send a mail to all users of the + same organisation. [mokaddem] +- [users/mails] add confirmation popup before sending mails. [mokaddem] +- [freetext] Added BTC recognition, fixes #3864. [iglocska] +- Various fixes to the reporting of validation errors for saving + attributes. [iglocska] + + - view the failed/succeeded saves in batch imports, fixes #3866 + - fixed a bug that inserted junk into the flash messages, fixes #3863 + - fixed a bug that removed all but the last entry in a failed batch import #3865 +- [search] Rework of the UI attribute search complete. [iglocska] +- [attribute search] Rework of the UI version of the search to unify the + functionalities with the event view. [iglocska] +- [stix2 import] Starting importing external pattern. [chrisr3d] + + - Starting with File objects + - Also modified functions to make them reusable +- [enrichment] separate caches for hover and persistent hover results. + [iglocska] +- [enrichment] clickable popup changes. [iglocska] + + - new persistent flag passed to misp modules to differentiate it from hovering + - various UI changes +- [feeds] Changed default feed target to fixed event. [iglocska] + + - major cause of death by overcorrelating +- [doc] Added symlink to generic folder and added note what generic + means/is. [Steve Clement] +- [doc] Added Tsurugi Linux install script. [Steve Clement] +- [search/sighting] Possiblity to quickly add sightings on ID or VALUE + when searching. [mokaddem] +- [search] Added possibility to directly sight an attribute after a + search. [mokaddem] +- [stix import] Marking parsing at attribute level. [chrisr3d] + + - Made marking parsing function reusable for + event & attribute levels +- [statistics] Added local org and user/org counts. [iglocska] + +Changes +~~~~~~~ +- [bro] Preparation for the move to restsearch. [iglocska] + + - also fixed some edge-case issues +- [version] bump. [iglocska] +- [warninglists] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP, because I like it... [Raphaël Vinot] +- Bump PyMISP, again. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [doc] More hardening ressources. [Steve Clement] +- [doc] Added hardening section. [Steve Clement] +- [documentation] Documented the freetext import API on the automation + page. [iglocska] +- [doc] Moved Ubuntu Webmin to experimental, as it is difficult to + maintain without working production webmin install. [Steve Clement] +- [doc] Some updates to the Webmin install doc. [Steve Clement] +- [doc] Kali 2018.4 tested. Added note that we need fresh-install. + [Steve Clement] +- Bump PyMISP. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [diag] Added warning message if getCurrentBranch() in Model/Server.php + returns empty. [Steve Clement] +- [contact email] Aligned button colours with the rest of the UI. + [iglocska] +- [users/emails] Better comments. [mokaddem] +- [users/email] Changed behavior of sending mail to avoid code + duplication. [mokaddem] + + If an additional parameter is passed to the url, it will only shows the result of submitting the form without the submission +- [eventview] changed default attribute sorting to timestamp->desc. + [mokaddem] +- [doc] Centos 7 update to make misp-modules work. Some notes on + SELinux. [Steve Clement] +- [doc] FreeBSD base MISP now works well enough. [Steve Clement] +- [doc] Some more FreeBSD updates. [Steve Clement] +- [doc] Due to some mimimi, FreeBSD is now "back" in the Archives. + (Works on FreeBSD 12.0BETA4) [Steve Clement] +- [documentation] Link to the rest client from the automation page. + [iglocska] +- [seach] WIP, more work on the attribute search's JS components. + [iglocska] +- [search] Further progress on the attribute search UI. [iglocska] +- [taxonomies] added the exercise taxonomy from CSIRT network + discussions. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [stix2 import] Parsing relationships & importing galaxies in the + appropriate level. [chrisr3d] + + - Importing Galaxies in attribute level when + expected by relationships, and possible + - Importing Galaxies as before in event level + otherwise +- [misp-taxonomies] updated with the new and latest changes. [Alexandre + Dulaunoy] +- [enrichment] Linebreak handling for enrichment hovers. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [doc] Fixed folder typo. [Steve Clement] +- [doc] Added Tsurugi Linux to Index and changed some minor issue. + [Steve Clement] +- [doc] Tsurugi nearly done. [Steve Clement] +- [doc] Initial Install working. Todo: Virtualenv everything. [Steve + Clement] +- [doc] Tsurugi is eXperimental. [Steve Clement] +- [doc] functionalities updated to include the new ones. [Alexandre + Dulaunoy] +- [doc] Small typo. [Steve Clement] +- [doc] Fixed yara in all guides. [Steve Clement] +- [doc] Experimental Debian install now works with PHP 7.3RC4 chg: [doc] + Some changes to variable use. [Steve Clement] +- [doc] Added lief python 3.7 egg issue. [Steve Clement] +- [doc] changing original MISP pipenv. [Alexandre Dulaunoy] +- [doc] fix how to get path for Cake PHP. [Alexandre Dulaunoy] +- [doc] default path for virtualenv fixed (matching the original one + previously setup in the documentation) [Alexandre Dulaunoy] +- [doc] default path for virtualenv fixed (matching the original one + previously setup in the documentation) [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [doc] ${PATH_TO_MISP} everywhere. Added more granular php etc + variable. [Steve Clement] +- [doc] Added more notices on misp-dashboard on Ubuntu 16.04. [Steve + Clement] +- [doc] the venv directory needs usr_t profile. [Steve Clement] +- [doc] Update Centos 6.x and 7.x chg: [doc] re-Added Ubuntu 16.04-LTS + as an archived/old INSTALL Guide (tested working) chg: [doc] Adapted + some variables in generic scripts. [Steve Clement] +- [doc] updated Changelog.md to be more markdown friendly chg: [tools] + Changed the way gen_misp_install_docs.sh parseses the changelog new: + [tools] Added simple tool for git log sanitizing. [Steve Clement] +- [view/search] close opened popover when clicking the document. + [mokaddem] +- Bump Pymisp, misp-galaxy misp-objects taxonomies. [Raphaël Vinot] +- [statistics] Show % of users with pgp keys. [iglocska] +- [taxonomies] bumped. [iglocska] +- [taxonomies] updated. [iglocska] +- [sighting restSearch] API documentation fixed (/get is now + /restSearch) [Alexandre Dulaunoy] + +Fix +~~~ +- [ACL] ACL updated. [iglocska] +- Fixed header description value fetching. [chrisr3d] +- [sync] Fixed a blocking bug preventing a full push from working with + sharing group events. [iglocska] +- [mactime] Some minor fixes. [iglocska] +- [CS] CS brought up to date. [iglocska] +- Error in mactime object. [aksha] +- [CS] coding standards script re-run. [iglocska] +- [mispObject] fixed disable_correlation saving & display issue. [Sami + Mokaddem] + + Before this fix, MISP was not saving any modification related to disable_correlation. + Moreover, the value of disable_correlation was always set to the one specified in the object's template + regardless of its actual value. +- Fixes variable initialization inconsistency in Server push. + [Christophe Vandeplas] + + Fixes issues like: Warning (2): count(): Parameter must be an array or an object that implements Countable in [/var/www/MISP/app/Model/Server.php, line 2353] +- [UI] clarification of the istance owner organisation field on the + servers/add view. [iglocska] +- [CSV] Fixed some defaults for the CSV export. [iglocska] +- [API] Fix non exportable tags being included in the attribute level + restsearch. [iglocska] +- [API templates] Clarification about the serversettings API. [iglocska] +- Test for old school CSV download. [Raphaël Vinot] +- [install] Added pip3 installation before the venv installation. + [Andras Iklody] +- [instructions] Added missing virtualenv dependency. [Andras Iklody] +- [tools] misp-restore.sh incorrectly validating 'BackupFile' from the + command line. [Chris Ford] +- [API] CSV ignore flag restored to old behaviour. [iglocska] + + - if not set, only return published events / to_ids flagged events by default + - setting ignore:0 will result in the default behaviour + - setting ignore:1 will result in unpublished events and non to_ids attributes being filtered out + - fixed a bug that broke the CSV api if ignore:0 was passed +- [sync] Fixed an issue preventing sharing group distributed data from + being pushed. [iglocska] +- [objects] Fixes issue #3874. [iglocska] + + - shouldn't be allowed in the first place +- [admin/email] replaced hardcoded url into baseurl. [mokaddem] +- [users/emails] submission fix + cleaned code + comments. [mokaddem] +- [stix import] Fixed uuid fetching. [chrisr3d] +- [missing files] added missing templates. [iglocska] +- [attribute search] Fixed invalid JS calls introduced as part of the + rework (WiP) [iglocska] +- [api] Invalid handling of empty parameters in the built in parameter + builder. [iglocska] +- [tags] showAttributeTag function now correctly culls galaxy tags. + [iglocska] +- [stix import] Fixed Tags import. [chrisr3d] +- [stix export] Fixed dictionary update which requires lists and not + tuples. [chrisr3d] +- [CLI] Fixed the CLI feed fetcher. [iglocska] + + - use "all" to fetch all feeds +- [sharing groups] Fixed several sharing group issues preventing proper + editing of events with SGs. [iglocska] + + - include the uuid and modified time in the sharing group + - fix the incorrectly embedded organisation object +- [API] better handling of trying to edit an attribute without + permissions to do so. [iglocska] +- [stix2 import] Fixed relationship target uuid. [chrisr3d] +- [cleanup] Updated function names to differentiate observable parsing + from the next updates on pattern parsing. [chrisr3d] +- [API] throw a proper error when trying to edit an event without access + to doing so. [iglocska] +- [enrichment] linebreak woes. [iglocska] +- [enrichment] Adding proper linebreaks, cut 2. [iglocska] +- [cleanup] removed junk. [iglocska] +- [cleanup] Cleaned up STIX 1&2 export scripts. [chrisr3d] +- [stix2 import] Taking Relationship objects target_ref as uuid. + [chrisr3d] + + - Better than using the Relationship id that is not + going to be represented in MISP + - We directly have the uuid of the object that will + receive an Object Reference +- Fixes attribute popup UI issues with expansion. [Christophe Vandeplas] +- [stix2 import] Excluding patterns with any of some linking words. + [chrisr3d] + + - Since those patterns contain linking words we do + not know how to map, we do not even try to parse + them and only stix2-patterns will be created + from them +- [stix 1&2 export] Making initiation lists immutable. [chrisr3d] + + - Lists only used for mapping should be immutable + since they are not modified. Thus declaring as + tuples is more appropriate +- [doc] Typo in index for Tsurugi Linux. [Steve Clement] +- [stix2 import] Better selection of objects to parse in object_refs. + [chrisr3d] + + - It is not nececssary to call parsing functions on + reports in object_refs because they are already + parsed through the loop iterating through reports +- [stix2 import] Using Report attributes instead of dictionary keys. + [chrisr3d] + + - Also improved the loop iterating through reports +- [stix2 import] Try-catching Report objects creator reference. + [chrisr3d] +- #3774 [restResponse] added missing `includeEventTags` entry. + [mokaddem] +- [doc] Added note about WSGI issues on Ubuntu 16.04 chg: [doc] + Changelog.md updated to latest. [Steve Clement] +- [doc] Included git repo of gitchangelog due to Python 3.7 bug fix not + yet in release: https://github.com/vaab/gitchangelog/issues/107. + [Steve Clement] +- Travis build. [Raphaël Vinot] +- [acl] bumped ACLComponent. [mokaddem] +- [stix export] Fixed function header missing self attribute. [chrisr3d] +- [stix import] Using standard error instead of standard output for + missing types in mappings. [chrisr3d] +- [stix import] Related objects parsing. [chrisr3d] + + - Not only for observables as before, but also for + observable objects in indicators +- [stix import] Using subclasses + Support of STIX coming from multiple + MISP events. [chrisr3d] + + - Using subclasses here allowed us to simplify some + variables declarations and to reuse some functions + - STIX coming from multiple MISP events refers to + STIX files created via the MISP to STIX export + that can include multiple MISP events + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'mactime_merge' into 2.4. [iglocska] +- Merge branch 'new_mactime_feature' into mactime_merge. [iglocska] +- Update EventsController.php. [Aks6193] +- Update: mactime file added as attachment for timeline analysis. + [aksha] +- Fixed: attribute issue. [aksha] +- Add: object structure. [aksha] +- Add: Misp object for mactime analysis. [aksha] +- Modify: Changed data representation tables. [aksha] +- Added Clear option for individual rows. [aksha] +- Table representation of data. [aksha] +- Added file content sanitization and line by line selection of text. + [aksha] +- Added Jquery UI and expansion pannels to the file analysis interface. + [aksha] +- Merge: First mactime commit. [aksha] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix2 import] Added new combinaison of external pattern types. + [chrisr3d] +- Merge pull request #3895 from plbolduc/bugfix/objectreference. [Andras + Iklody] + + fixed an issue where the referenced_type was not an integer. +- Fixed an issue where the referenced_type was not an integer. [pbolduc] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Sami + Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #3892 from cvandeplas/2.4. [Andras Iklody] + + fix: fixes variable initialization inconsistency in Server push +- Merge pull request #3891 from SteveClement/guides. [Steve Clement] + + new: [doc] Added hardening section +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3879 from 8ear/patch-2. [Steve Clement] + + Update INSTALL.debian9.md +- Update INSTALL.debian9.md. [Steve Clement] +- Update INSTALL.debian9.md. [Max H] + + Add new MISP-MODULE apt dependencies +- Merge pull request #3890 from SteveClement/guides. [Steve Clement] + + chg: [doc] Some updates to Kali/Ubuntu w\ webmin and small typo fix. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3880 from crford/fix-misp-restore. [Andras Iklody] + + fix: [tools] misp-restore.sh incorrectly validating 'BackupFile' from… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] +- Merge branch 'contact' into 2.4. [iglocska] +- Merge branch '2.4' into contact. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3826 from MISP/sortingOnTimestamp. [Steve Clement] + + chg: [eventview] changed default attribute sorting to timestamp->desc +- Merge pull request #3868 from SteveClement/guides. [Steve Clement] + + chg: [doc] Updated FreeBSD and CentOS 7 install guides +- Merge branch 'rest_link' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3856 from moshekaplan/patch-1. [Andras Iklody] + + Fix minor typo in recommended.actions.md +- Update recommended.actions.md. [Moshe Kaplan] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix2 import] Parsing external process patterns. [chrisr3d] + + - Also small update on process mapping since a + recent update on Process MISP Object includes + more attribute fields +- Add: [stix2 import] Parsing external network-traffic patterns. + [chrisr3d] + + - Code duplication is also avoided in attributes + creation, since the only change is the mapping + dictionary we can use the same function with + only that parameter changing instead of having + the same function multiple times +- Add: [stix2 import] Parsing external regkey patterns. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3852 from RichieB2B/ncsc-nl/fix-stix-cidr. + [Christian Studer] + + Keep CIDR subnet size in STIX export +- Keep CIDR subnet size in stix export. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #3849 from axpatito/small_compare_fix. [Andras + Iklody] + + [BUGFIX] Small compare fix +- Fixed double check if clause. [Axpatito] +- Fix compare issue. [Axpatito] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3844 from SteveClement/guides. [Steve Clement] + + fix: [doc] Typo in index for Tsurugi Linux. +- Merge pull request #3843 from SteveClement/guides. [Steve Clement] + + new: [doc] Added Tsurugi Linux install script +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3821 from StefanKelm/2.4. [Andras Iklody] + + super tiny typos +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Merge pull request #3828 from SteveClement/guides. [Steve Clement] + + chg: [doc] ${PATH_TO_MISP} everywhere. Added more granular php etc var +- Merge pull request #3816 from devnull-/patch-1. [Alexandre Dulaunoy] + + Wrong version of php7 opcache in docs/INSTALL.debian9.md +- Wrong version of php7.0-opcache. [devnull-] + + Change php7.2-opcache to php7.0-opcache (https://packages.debian.org/search?keywords=opcache&searchon=names&suite=stable§ion=all) +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [mokaddem] +- Merge pull request #3825 from SteveClement/guides. [Steve Clement] + + chg: [doc] Added more notices on misp-dashboard on Ubuntu 16.04 +- Merge pull request #3824 from SteveClement/guides. [Steve Clement] + + fix: [doc] Added note about WSGI issues on Ubuntu 16.04 +- Merge pull request #3823 from SteveClement/guides. [Steve Clement] + + chg: [doc] Updates to guides: Ubuntu 16.04 - CentOS 6/7 - RedHat EL and updated mkdocs creation script +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [mokaddem] +- Merge pull request #3822 from Rafiot/travis. [Raphaël Vinot] + + fix: Travis build. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix import] Import of marking values as event tag, including + AIS Marking. [chrisr3d] + + - Mapping of markings + - More to come with the same operation for individual objects + + +v2.4.97 (2018-10-29) +-------------------- + +New +~~~ +- [sighting/api] xml output format + improved error feedback. [Sami + Mokaddem] +- [sighting/api] trying to follow the new API architecture. JSON export + is broken but CSV is working. WIP... [Sami Mokaddem] +- [Sightings/API] Added possiblity to get sightings based on a + timerange/source/... [Sami Mokaddem] +- [docs] Added new sub-sections in seperate files that are shared + between install guides. new: [docs] ethX.md to bring back eth0 new: + [docs] mail to misp install debian flavored guide new: [docs] ssdeep + install debian flavored guide new: [docs] viper install debian + flavored guide new: [docs] sudo/etckeeper install debian flavored + guide new: [docs] misp dashboard install debian flavored guide. [Steve + Clement] +- [docs] Added 3 generic documentation files, one where the MISP install + is completed, A specific centos/etc... one because, well, CentOS.. and + the generic recommended actions section that kept repeating in all + guides. chg: [docs] Implemented the above 3 files in all the guides. + Plus some format changes. [Steve Clement] +- [docs] Added generic notice about community contributed doc + maintenance. [Steve Clement] +- [galaxy] Several changes. [iglocska] + + - moved the current uuid field on cluster level to a new "collection_uuid" field to better represent the actual purpose + - added new uuid field that actually captures the cluster's uuid + - upgrade script is multi-execution safe + - added /galaxy_clusters/view to the API + - /galaxy_clusters/view can now be queried via the uuid instead of just the ID +- [docs] Added globalVariables files to be included by all Install + Guides chg: [tools] Updated dependencies on docs creator chg: [docs] + Some minor changes to Ubuntu Install guide and added + VariableglobalVariables chg: [docs] Updated mkdocs.yml with new + dependencies. [Steve Clement] +- [docs] Added eXperimental RHEL7.6 (BETA) Install Doc. [Steve Clement] +- [tools] Added tool to create MISP INSTALL Docs and push to gh-page, + plus it fetche latest Changelog.txt. [Steve Clement] +- [docs] Added intial mkdocs directory. [Steve Clement] +- [API] Added CSV as return format for event index. [iglocska] +- [API description] Describe how to run diagnostics on MISP via the API. + [iglocska] +- [upgrade] Preparing the data for recovery after the object reference + sync fix. [iglocska] + + - update the timestamps of all events / objcts that are affected and are locked = 0 +- [API] Added a way to use the API to throw values at the warninglist + for quick evaluations of the values. [iglocska] +- [logging] Log why an event could not be pulled. [iglocska] +- [API documentation] Added some missing API templates. [iglocska] +- [API] Added the log index/search to the API. [iglocska] + + - described in the templates / rest client page +- [related tags] View the related tags of attributes on the event view + (via a toggle) [iglocska] + + ,,.,,+zznzzzzzzzzzzzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMxMxMMWMMMWMMz*ii****iiiiiiiii**iiii,.... + ,,.,,#zzzzzzzzzzzzzzzzzzzzzzzznxMMMMMWMMMMMMMMMMMMMMMMMMxMxMMMWWWWWWWWx+*iii*iiiiiiiii*iiiii,,,.. + ,,,,,#zzzzzzzzzzzzzzzzzzzzzzznMWWMMMMMMMMMMMMMMMMMMMMMMMWWMxnnzxxMWWWWMn*iiiiiiiiiiiiiiiiiii..,.. + ,,,,,#znzzzzzzzzzzzzzzzzzzzznMMMMMMWWWWMMMMMMMMMMMMMMMMWWWMMMxnxxxxMMMMW#*iiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzzzzznMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMWxMMMMMMxxxxnxxz*iiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWMWWWWMWMMMxxxni*iiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzzzznMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWWMMWWMWMMWWWMMMni*iiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzzzzxWMMMMMMMMMMMMMMMMMMMMMMMMMMMWMMMWMMMMMMWMWWMMMMMz*iiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznzzznMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMMMMWWWWMMMMMMMMMWn*iiiiiiiiiiii*i,.,., + ,,.,,#zzzzzzzzzzzzzzznzzzxMMMMMMMMMMMWMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWWWMMMMMWWM+*iiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzznzzznzznMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWMWWWWWWWWWWWWWMMWWn*iiiiiiiiii*i,.,., + ,,.,,#zzzzzzzzzzznzzzznzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWMMMMWWWWMMWWWWWMMMM**iiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzznMMMMMMMMMMMMMWMMMMMWMMMMMMMMMMMMMMWWWWWMMMMMMMMWWWWWMWM#iiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMWWWWWWWWWWMMMMMMMWWWWMzi*iiiiiiii*i,.,., + ,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMMMMMWMnzxMMMMMMMMMMMMMWWWWWWWWWWWWMMMMMMMWWWWni*iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzWMMMMMMMMMMMMMMMnnzznxMWMMMMMMMMMMWWWWWWWWWWWWWWWWWMMWWMn**iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMWMMMMzz#+#znxMWMMMMMMMMMMMMMWWWWWWWWWWWWWMWWMn**iiiiiiii*i,.,,, + ,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMMMMMxz#*i**+zznMMMMMMMMMMMMMMMWWWWWWWMWWWWWWWx**iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzxMMMMMMMMMMWWMMn#*iii*i*+znxMWMMMMMMMMMMMMWWWWWMMMMMMMMMM+*iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzznMWMMMMMMMMMMMMn#*iiii*i*i+#znMMWWMMMMMWMWMMWWWMMMMMMMMWWx+iiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzMMMMMMMMMMMMMx#i*iii**iiii*#znxMWMMMMMMMMMMMWWMMMMWWWWWWniiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznzMMMMMMMMMMMMxn+ii**i**iiii*i*zznMMMMMMMMMMMMMMMMMxMWWWMMx*iiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznnMMMMMMMMMMMMxz*ii*iiiiiiiii:;*+znMWMMMMMMMMMMMMMMMMMWWWMx**iiiiiiii*i,.,,. + ,,.,,#zzzzzzzzzzzzzzzznMMMMMMMMMMMMMn+ii*iiiii**;;:.:i*zznxMMMMMMMMMMMMMMWWWWWWni*ii**iiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzxMMMMMMMMMMMMMn*ii*iii*i;:,.,..,.,;+znxxMMMMMMMMMMMMMMWWWziiii**iiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznxMMMMMMMMMMMMxzi*ii*ii*;,,,,,,,,,,,,:i*i#znnnxMWWMMMMMMMWn*iii*iiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznxMMMMMMMMMMMMz*i*i*i*;:,.,,,,,,,,,,,,.,,,;i*#zznxMMMMMMWWM+iiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznMMMWMMMMMMMMx#iii*i*i:.,.,,,.,.,,,,,,,,,,,,,,;i#znxMMMMMWM+iiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznMMMWMMMMMMMMx#iiiiii:.,,.,,.......,,,,..,,,,,,,,iznxMMMMWM*iiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznMMMMMMMMMMMMx#ii*ii:.,,,,,,..........,.....,,,,,,:*#MMMMWxi*iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzMMMMMMMMMMMMn+i*i;:,.,,,......,.............,....,,;xMMMWniiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzznzzMMMMMMMMMWMn+iiii;,,,,,,.,..........,....,.,...,,,,.zMMMMxiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzznznMMMMMMMMMMnz*iiii:,,,,,,,,,,,,................,,,...zMMMMzi*iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzznznMMMMMMMMMxzz**ii;..,,,.,,,,,,.................,,,...nMMMM#**iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzznzzMMMMMMMWxzzz+iii:.,,,,.,,,,,....,............,,,,..,nMMWx*iiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzznznMMMMMMMWnzzzn+i*,...,,..,,,.,..,.,...,........,,,.,;MWMM+iiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznMMMMMMMWnzzzzzzii*++++z+;,,,.,,,,,,,,,...,.....,...;MWMxii**iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznMMMMMMMWnzzznzzzzznnnzzzn#i,,,.,...................,MWM#iii*iiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzxMMMMMMMMzz+#znzznznMWWMMWMx#i:,,,,,,,,,,,,,,.,,..,,:MMx*iiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzxMMMMMMMxzz**#znMMnnxxxxxMWWWMnz;,,,,,.,.,,,,,,,,,,,,MMziiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzMMMMxMMMnzz*ii#nWWWWMWWnMMMWWWWWn*,,;i;i;**+#zzz+i,,,Mx*iiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzMMMMMMMxzzzi*;,+xWWMnxMnx+xMWWMWWn,.,znMMMxxMMMMxni:*Mziiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzznxnxMMMMxznziii.,:+nxiinn*.iMMMWMM+,,.*WWWWWWM#:,:#z##M*iiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzznzznxzMWMMMxznziii,..,+#n:,:,,,izzMM#;,,,+WWWWWzxn+i,:zzzMi**iiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzznzznnzxMMMMxzz#ii;,,,,:**++i::,:::zx;,,,,#MM#zxxMznWx#+izxiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzxnzMWMMMnzzz*i:.,,,,,,,i;i;,,.,*n,,,,,+#+::#n*,#xni,,zniiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzxnzMMMMWnzzz**;..,,,.,..,;,,,,,;n,.,,:*;,:::,,,:*,.,,n#i*iiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzznxzMWMMMnzzz**i,..,,.,,,,,,,,,,+#,...,i,.,;**++*:.,,:x***iiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzznzznnxWWMxnzzzz+*i,,,,,.,,,,,,,,,:z;,,..,:..,,,,::.,..,;xi*iiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzznxxxzzzzzz+ii,...,.,,,,,,.,,+zi.,,.,,.,,.,,..,,,,,++iiiiiiiiiiiiiiii*i,.,,. + ,,.,,#zzzzzzzzzzzzzzzzzznMzzzznz#ii:.,.,..,,,,,,,izn:,..,.,,..,...,,.,,,#*iiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzznxzzzzzz#ii;.,.,..,,,,.,:zzz,,..,,,,.,...,,,,,,:+*iiiiiiiiiiiiiiii*i,.,,. + ,,.,,#zzzzzzzzzzzzzzzznzxxzzzznzz*i;..,,,.,,,,..;zz*..,.,,,,........,.,**iiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzznzxMnzzznzz*ii,.,,,,,,,,,,ii:,,,,,,,,,,,,,,.,,.,;+*iiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzzxMzzzzzzz**i,,.,..,,,,,;*:*,,,.,,...,,,,,,.,,,**iiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzzzzzMMnnzzzzz*ii:.,,,,,,..,#nnn#+,,,,,..,,....,.,i+i*iiiiiiiiiiiiiiiii*i,.,,. + ,,.,,#zzzzzzzzzzzznzznnzMMnxzzzzz**i;.,,,,.,,.,zxWWWxi,,,:*,,,..,.,,,#**iiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzzznM+WMxxzzzzz***;..,,,,,,..;xWWWWn+**#;,,,,.,,,.i#*iiiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzznW#zWMxnnzzzz*iii,.,,,,,,,,,+nWMWWWMx+,,,,,.,,,,++i*iiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzznMM,zWMMnnzzz#*ii*;.,,,,,,::iznxMMWWWWn#;,,.,,,,*#**iiiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzzzzMWz,zMMMxxznn#*ii*i::;i++#zznxWxxxWWWxxxzi,.,,,,#+iiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzznMWW#,#MMMMMnznz*ii**izzzzzzxMMWWnxM@WMMMMzzi,.,,+*+iiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzznMWWW#,*xMMMMnznz*iiii+MnnnnnxMWWWxxMxMxMxxxnz*,,,*+*iiii**iiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzzzMWWWW#;;zMMMMMnnz#*i*#MWxxxxxMWMxMMxMxMWWWWxMzn;.i:#*iiii**iiiiiiiiiiiiiii*i,.,.. + ,,,,,#zzzzzznnzxWWWWW#:;+MMMMMxzzz#*zzxWMWMWxMWWMMWWMMWWWWMxxMn:,*:#iiiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,#zzzzzzzzxWWWWWWz::inMMMMMxznzzzzznxMMMxxxMMxxxzxMWWWMMWWx:ii+*iiiiiiiiiiiiiiiiiiiiii*i,.,.. + ....,#zzzzzzznWWWWWWWz;,;+MMMMMMxzzzzzzzzznz#**i;::,,:;#nxxWMM+;*;+*iiiiiiiiiiiiiiiiiiiiii*i,.,.. + ...,,#zzzzzznMWWWWWWWni,,*nWMMMMMxnzzzzzzzz#i*i,,,,:,,,,:+#z##i#+#*iiiiiiiiiiiiiiiiiiiiiii*i,.,.. + ...,,#zzznnnxWWWWWWWWx*,.i+MMMMMMMMxxnzz#+****i,i**#z+;,:*iiii*zz+*iiiiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,,,,#nzzzxMMWWWWWWWWW*;.:*#WMMMMMMMMxz+**iiiii;*++####:;i****zz#*iiiiiiiiiiiiiiiiiiiiiiii*i,.,,. + ,,,,,#zznMWxWWWWWWWWWWz;,.;*nWMMMMMMMMnz#ii:.....,,,,,,,,ii*+zzz*ii**iiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,,,,#nxWWMxWWWWWWWWWWW;:,,*+xMMMMMMMMMxnz*:.,,,,,..,,,,,,i#nnx+i*i*iiiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,,,,zWWWWMxWWWWWWWWWWW*;,.,*+MMMMMMWMMWMx#*:,,,,....,,,,:#nMM#+*ii*iiiiiiiiiiiiiiiiiiiiii*i,.,.. + ,,,,,xWWWWxWWWWWWWWWWWWx::,,:;+MMMMMMWMWMMnz+:....,,.,,,,+MWMM*#z+*iiiiiiii**iiiiiiiiiiiii*i,.,.. + ,,,,,xWWWMxWWWWWWWWWWWWW+:,,,;:+MMMMMMMMMMMxnz*;,,:,,,i+#xM++W#+nz#iii*iiiiiiiiiiiiiiiiiii*i,.,.. + ,,,,,xWWWMMWWWWWWWWWWWWWx,,..,;,*xWMMMMMMMWMWxnn####+##nxx#,+Wx*nznz:i**iiiiiiiiiiiiiiiiii*i,.,.. + ,,.,,xWWWxMWWWWWWWWWWWWWWi.,,,,:,*#MMMMMMMMMMWMMxxxxxxxMnn,.zWM#;zzMn;*i*iiiiiiiiiiiiiiiii*i,.,.. + ,..,,xWWWxWWWWWWWWWWWWWWWx,,,,,,:,;+MMWMMMMWWWWWWWMMMMMxn:..nWWni+nzMn#niii**iiiiiiiiiiiii*i,.,.. + ,..,,xWWMxWWWWWWWWWWWWWWWWi,,,,.,:,,;xWMMMMMMMMMMMMMMxnni...xMWxz;znnMxxM#;i*i**iiiiiiiiii*i,.,.. + ,..,,xWWMMWWWWWWWWWWWWWWWWz.,,...::,,;zWMMMMMMMMMMMMnzzi,,,,MMMMx*innxMxxWx+iiii**iiiiiiii*i,.,.. + ,..,,xWWMMWWWWWWWWWWWWWWWWM:,,...,:,,,,+xWMMMMMMMMxnnzi,.,,,MMMMMzinxMxMxxMMM#;i**iiiiiiii*i,.,.. + ,..,,xWWxWWWWWWWWWWWWWWWWWW*.,.,.,,:,,.,i+xWWMMMMxnnni,,,,,.WMMMMMz#nMMxMMMMMWxi;i*iiii*ii*i,,,.. + ,..,,xWWxWWWWWWWWWWWWWWWWWWz.,,,,.,,:,,,,::#@WMMxnnn;..,,.,:WMWMMMMznxWxxWMMMMMM#;iiiiiiii*i,,,.. + ,..,.nWMMWWWWWWWWWWWWWWWWWWM,.,,,...,,..,.,.iMWMxnz:.,.,,.,;WMWMMMMnzxMMxMMMMMMWMxi;i*iii*ii..,.. + ,..,,nWWMMWWWWWWWWWWWWWWWWWWi,,,....,.,,.,,,,:nxxz:,.,,,...iWMWMMMWMznMMMxMMMMMMMMMzi;i**iii..,., + ,..,,xWWWMMWWWWWWWWWWWWWWWWW#:.....,....,.,,..:#+,..,,,....:WWMMMMMMxnnMMMxWMMMMMMMWM#;;*i*i,.,.. + ,..,,xWWWWWMMWWWWWWWWWWWWWWWxi:..,.......,,,,..;;,...,,...,,@WMMMMMMMxzxMMxxMMWMMMMMMWx+;iii,,,.. + ,..,,xWWWWWWMMMWWWWWWWWWWWWWM*i,,,,......,,,,,;MWx+,..,,,..,@WMMMMMMMMnzxxnMMMMMMMMMMMWWx+ii,,,,. + ,..,,xWWWWWWWMxWWWWWWWWWWWWWW+*;,,,,.....,,.,,xWWW@n:.,,,,.,WWMMMMMMMMMnnnMMMMMMMMMMMMWMWMxz,,,.. + ,..,,xWWWWWWWWMxWWWWWWWWWWWWWzi*;,,,,.....,,,nWMMMWWM:.,,,..MWMMMWMMMMMMnMMMMMMMMMMMMMMMMMMx,.,., + ,..,,xWWWWWWWWMxWWWWWWWWWWWWWMiii;,,.,,...,.zWWWWWWWWn,.....zWMMMMMMMMMMMxMMMMMMMMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWMWWWWWWWWWWWWWWWiii*;,,,,,,.,z@WWWWWWWWW*,..,,zWMMMMMMMMMMMMnMMMMMMMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWMWWWWWWWWWWWWWWW@+,;ii:,,.,,,zWWWWWWWWWWWM:.,,,#WMMMMMMMMMMMMxnMMWMMMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWz,.;i*:...,ixWWWWWWWWWMMW+,,,.+WMMMMMMMMMMMMMxxMWWMMMMMMMMMMMx,,,.. + ,..,.xWWWWWWWWWWWWWWWWWWWWWWWWM,,,iii,,,;i+WWWWWWWWW#+xx;,,.+WWMMMMMMMMMMMWMxxMMMMMMMMMMMMMx,,,,, + ,..,.xWWWMWWWWWWWWWWWWWWWWWWWWW;.,:iii,:ii*xWWWWWWWW+i*Mz,.,*WWMMMMMMMMMMMMWMxnMMMMMMMMMMMMx,,,.. + ,..,.xWWWMWWWWWWWWWWWWWWWWWWWWWz.,.;i*iiiiinWWWWWWWW*i*+z*.,iWWMMMMMMMMMMMMMMMxxMMMMMMMMMMMx,,,.. + ,..,.xWWWMMWWWWWWWWWWWWWWWWWWWWx,,,.i***;:i#WWWWWWWMi*ii*zi,;WWMMMMMMMMMMMMMMMMxMMMMMMMMMMMx,,,,. + ,..,,xWWWWMMWWWWWWWWWWWWWWWWWWWW;,,.:*ii,,i+WWWWWWWM::iiiizi:WWMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWW+,,,.,i,,,;*WWWWWWWx:.:iii*z*MWMMMMMMMMMMMMMMMMMWMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWn,,,,...,,:*MWWWWWWn:..;ii**xWWMMMMMMMMMMMMMMMMWWMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWW:.,.,,,.,,iMWWWWWWz,.,,i*i*nWWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWW@*..,,,..,,ixWWWWWWz..,.,i*inWWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,,. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWWn,.,,,,,,,;n@WWWWWn..,,,:*izWWMMMMMMMMMMMMMMWWWWMMMMMMMMMMx,,,.. + ,..,,xWWWWWWWWWWWWWWWWWWWWWWWWWWWM:.,,,....:xWWWWWWM,,,,,.:izMWMMMMMMMMMMMMMMMWWMMMMMMMMMMMx,,,.. + ,..,,nMWWWWWWWWWWWWWWWWWWWWWMWWWWM#*********MWWWWWWW+*******nMWMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,.. + ,..,,nMWWMMMMMMMMMMMMMMMMWWMMMMMWMMMWWMMMWWMMMMMMMMMMMMWWMWWMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMx,,,.. + +Changes +~~~~~~~ +- [sighting/api] improved comments. [Sami Mokaddem] +- [RestResponse] bump. [Sami Mokaddem] +- Typo. [Sami Mokaddem] +- [version] bump. [iglocska] +- [config] Added permission check for .git directory. [Steve Clement] +- [docs] Added note on RHEL unmaintainability at this point of time, by + the core team. [Steve Clement] +- [tools] Updated gitchangelog.rc for latest version of toll, added to + doc generator. [Steve Clement] +- Bump misp-galaxy & taxonomies. [Raphaël Vinot] +- [docs] Added generic sections to debian guides. [Steve Clement] +- [docs] Added a generic directory where all the platform independent + files should reside. chg: [docs] Added MISP Defaults via the cake + command to seperate file. [Steve Clement] +- [misp-objects] forensic objects added. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version (including many new + objects) [Alexandre Dulaunoy] +- [docs] More formatting updates and evened both versions out. [Steve + Clement] +- [docs] Compared with bootstrap.sh and added missing dependencies and + tools. [Steve Clement] +- [docs] Added note on when Kali was last tested working. Added RHEL 7.6 + BETA to index. [Steve Clement] +- [docs] Leveled both install docs, updated debian testing and verified + working. [Steve Clement] +- [docs] Minor regression, fixed. [Steve Clement] +- [docs] Leveled both guides, 9.5 moved a little closer to testing. + [Steve Clement] +- [docs] Symlink to rhel7 guide chg: [docs] Made the index a little less + messy chg: [docs] A minor (but not automated) change to Changelog. + [Steve Clement] +- [tools] Changed testForBinExec as the x-sharedlib type is not only on + OpenBSD, Debian has the same type when check if executable. chg: + [tools] Added typeinfo to the return so you see in the UI what type it + thinks it is. (In case you forced the parameter on the CLI) [Steve + Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [docs] More general info about xINSTALL in index. Minor formatting + touch-up in license. Added missing sections to mkdocs.yml and adapted + it to reflect official MISP repo. [Steve Clement] +- [docs] Adapted rhel7/Ubuntu18.04/Centos7/UPDATE_Notes to be mkdocs + compliant. [Steve Clement] +- [tools] Added sed to gen_misp_install_docs.sh to replace some + formatting tildes which mkdocs does not really understand chg: [docs] + Minor touch-up to Changelog.md to correct for formatting issues. chg: + [config] Added correct paths to .gitignore for mkdocs. [Steve Clement] +- [docs] Adapted Debian 9/testing install to mkdocs new: [docs] Added + old version of Debian + postgresql guide, needs updating. [Steve + Clement] +- [docs] Added symlinks to new .md to preserve old style for a while. + chg: [docs] More details in README.md. [Steve Clement] +- [docs] Added some symlinks to migrated files. [Steve Clement] +- [docs] Remove some migrated INSTALL guides, move FreeBSD to old, will + not be supported in the future. [Steve Clement] +- [docs] Typo in UPGRADE.md. [Steve Clement] +- [docs] Added an old upgrade doc, 2.3 -> 2.4, more as an example then + anytyhing else. chg: [docs] Added UPGRADE.md notice for future upgrade + steps. [Steve Clement] +- [docs] Minor formating chage. [Steve Clement] +- [docs] Removed old Debian stable install guide. [Steve Clement] +- [docs] Updated Debian install guide. [Steve Clement] +- [docs] Version bump of OpenBSD to 6.4. [Steve Clement] +- [docs] Added misp-dashboard instruction, but not really working yet. + [Steve Clement] +- [docs] Another small unattentive typo. [Steve Clement] +- [docs] Small misp-modules virtualenv typo. [Steve Clement] +- [docs] Removed old OpenBSD Docs. [Steve Clement] +- [docs] More or less finalized the Apache2 install. 95% working. [Steve + Clement] +- [docs] Disable native httpd for now added Apache2 conf. [Steve + Clement] +- [docs] Better formatting, more information on the current state of + MISP on OpenBSD. [Steve Clement] +- [docs] Reformated some of the .txt based doc. [Steve Clement] +- [config] Added mkdocs site directory to be ignored. [Steve Clement] +- [tools] Added x-sharedlib clause in testForBinExec if on OpenBSD. + [Steve Clement] +- [warninglist] warninglists updated, fixes #3775. [iglocska] +- [Galaxy] Updated MISP galaxies. [iglocska] +- Chg: [tools] removed: #@IgnoreInspection BashAddShebang -- Added a + better globbing opt: ./* [Steve Clement] +- [tools] Updated misp-backup and misp-wipe to be a bit more late 2018 + compliant. [Steve Clement] +- [tools] Added misp-wipe/misp-backup config file to .gitignore. [Steve + Clement] +- [python] Added and amended varios places where python is called. + [Steve Clement] +- [fix] Some fixed to the python virtualenv tweaks. [Steve Clement] +- [python] Added initial python virtualenv support, STIX Tests only. + [www-data] +- [i18n] extracted latest strings to default.pot and cake_dev.pot. + [Steve Clement] +- [i18n] New strings in Spanish translation. [Steve Clement] +- [i18n] Updated to latest jpn translation, minor changes. [Steve + Clement] +- [i18n] Added 100% French translation. Thanks to all involved so far. + wq. [Steve Clement] +- Bump PyMISP & recommended version. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [API] minor fixes to the sightings api. [iglocska] + + - fixed duplicate sighting tags in XML output + - added attribute value to the sighting +- [sighting/api] added missing sighting source parameter. [Sami + Mokaddem] +- [ACL] bumped queryACL. [Sami Mokaddem] +- [sightings/api] now support json output format. [Sami Mokaddem] +- [bug] Fixed bug with stacking login screens ontop of an event view. + [iglocska] +- Aws would error if asked to del non-existing. [Hannah Ward] +- [stix import] Avoided import of empty header description. [chrisr3d] +- [galaxy] added collection uuid capture. [iglocska] +- [view] Added uuids to galaxy cluster view. [iglocska] +- [stix export] Avoided putting Incident object as attribute everywhere. + [chrisr3d] + + - Incident is now a class attribute + - It also let us make the function parsing some + not really common attribute types lighter by + putting a conditionnal statement in another + function +- [stix export] Made 'header_comment' a list so we don't overwrite the + value. [chrisr3d] + + - There should only be one attribute matching the + condition per event, but it is juste to be sure +- [thumbnail] Thumbnail visualisation broken on proposals, fixes #3793. + [iglocska] +- [server] Allow certificates to be uploaded with other extensions + besides .pem, fixes #3797. [iglocska] +- [stix import] Importing uuids for objects from external sources. + [chrisr3d] +- [stix import] Importing uuids for STIX files generated via MISP. + [chrisr3d] +- [stix import] Improved uuid fetching. [chrisr3d] +- [stix import] Better event & attribute distribution parsing. + [chrisr3d] +- [stix import] Supporting DHS stix files with ais marking. [chrisr3d] +- [stix import] Fixed import of File Objects as single attribute. + [chrisr3d] +- [stix framing] Fixed Related Package(s) xml field typo. [chrisr3d] +- [stix export] Fixed xml package string replacement. [chrisr3d] +- [stix2 import] Avoiding errors when the imported file name is not + specified. [chrisr3d] +- [routes] Added route for .csv parsing. [iglocska] +- #3769 Att&ck matrix now render multiple kill_chain by column. [Sami + Mokaddem] +- Check if the format is xml or application/xml on __sendResponse. [Tom + King] +- [cleanup] Removed debug from the bug fixing session. [iglocska] +- [internal] Sharing group capturing fixed, fixes #3573. [iglocska] + + - As reported by @eCrimeLabs +- [internal] Unneeded model initialisation for + getDefaultAttachments_dir() [iglocska] +- [stix2 import] Fixed GalaxyCluster description. [chrisr3d] + + - Since description is optionnal in some STIX 2.0 + objects, we test if the field is there before + trying to use its value +- [stix2 import] Fixed MISP event info field when importing STIX2 + without report object. [chrisr3d] +- [stix2 import] Fixed json dict monkey syntax error. [chrisr3d] +- [internal] getPythonVersion woes. [iglocska] +- [internal] Fix of wonky model function calls across the application + for getting default attachment directories. [iglocska] +- [Galaxy] Various fixes to blocking issues with the galaxy update + system, fixes #3773. [iglocska] +- [API] Handle multiple event IDs being queries or not using the event + ID filter when generating the CSV output file names. [iglocska] +- [internal] Fixes to invalid model function calls. [iglocska] +- [tools] small typo in she-bang line. [Steve Clement] +- [stix2 import] Made NetworkTraffic objects import include all the + possible cases. [chrisr3d] + + - We were potentially missing some DomainName + or IP Address objects data, when it is not + a reference of the NetworkTraffic object. + - Now we look if we still have some of these + objects that did not have been parsed, and + in that case, parse them. +- [stix2 import] Quick change on event loading. [chrisr3d] + + - Specifying the encoding within the file opening + - Allows to get rid of 1 'encode()' call +- [stix2 import] Better parsing for objects that can be imported as + either ip-port or network-socket. [chrisr3d] +- [stix2 import] Supporting STIX 2 files with no report object. + [chrisr3d] +- [stix2 import] Moved the remaining parsing functions from the mapping + script to the main script. [chrisr3d] + + - Fixing at the same time some AttributeName errors +- [stix2 export] Fixed enumeration errors handling. [chrisr3d] + + - More specific exception types + - Removed useless try/catch statement +- [stix2 export] Fixed attributes data parsing. [chrisr3d] + + - With json format, base64 & encode/decode + operations are no longer needed since the base64 + string is already displayed in data +- [stix2 import] Fixed process import. [chrisr3d] + + Fixing import for cases like: + - single process without parent or child + - where processes are not referenced as expected +- [stix2 import] Fixed monkey coder issue. [chrisr3d] +- [stix2 import] Added missing uuid fields to attributes and objects + imported. [chrisr3d] +- [stix2 import] Quick clean-up. [chrisr3d] + + - Using MISPObject class & attributes instead of + adding a MISP object dealing with a dictionary + - Using STIX objects attributes instead of + ditionary keys + - Removed useless 'continue' statement +- [stix2 import] Parsing file objects in a more generic way between + classes. [chrisr3d] +- [stix2 import] Moved file object parsing function into the subclass. + [chrisr3d] + + - Because it is only called by functions of this subclass +- [stix2 import] Removed useless function. [chrisr3d] +- [search] Multiple lines didn't correctly get parsed as separate values + in the attribute search. [iglocska] +- [workers] manage workers by default defaulted to false (should be + true) [iglocska] +- [API] Further fixes to the query builder. [iglocska] +- Travis import/export. [Raphaël Vinot] +- [API] Further fixes to the tag handling. [iglocska] +- [API] Handle filters with no valid tags set as filter patterns + correctly. [iglocska] + +Other +~~~~~ +- Merge branch 'sighting_api' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'weekend_fixes' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into HEAD. [iglocska] +- Merge pull request #3808 from FloatingGhost/2.4. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3804 from 8ear/patch-1. [Alexandre Dulaunoy] + + Update CONFIG.SMIME.md +- Update CONFIG.SMIME.md. [Max H] + + Include code blocks. +- Merge pull request #3802 from SteveClement/guides. [Steve Clement] + + chg: [tools] RHEL7 update status and added gitchangelog to document creation toolchain. +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3803 from garanews/2.4. [Andras Iklody] + + fix accommodate misspelling +- Fix accommodate misspelling. [garanews] + + accommodate vs accomodate +- Merge pull request #3799 from garanews/patch-1. [Alexandre Dulaunoy] + + fix separate misspelling +- Fix separate misspelling. [garanews] + + separate vs seperate +- Merge pull request #3800 from garanews/patch-2. [Alexandre Dulaunoy] + + fix referred misspelling +- Fix referred misspelling. [garanews] + + referred vs refered +- Merge pull request #3798 from SteveClement/guides. [Steve Clement] + + chg: [docs] Major INSTALL Guide update +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix export] Exporting STIX header description from the + corresponding comment attribute. [chrisr3d] +- Add: [stix import] Importing STIX header description as comment + attribute. [chrisr3d] +- Merge pull request #3726 from pettai/shibb. [Steve Clement] + + add date_created for provisioned users +- Add date_created for provisioned users. [Fredrik Pettai] + + add date_created then new users are provisioned via shibbauth +- Merge pull request #3794 from SteveClement/guides. [Steve Clement] + + chg: [docs] The debian install docs are now fully functional and quite a few format changes to some of the install guides. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3784 from SteveClement/guides. [Steve Clement] + + new: [docs] Move INSTALL guides formatting to mkdocs +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3771 from P4rs3R/patch-3. [Alexandre Dulaunoy] + + Update INSTALL.rhel7.txt +- Update INSTALL.rhel7.txt. [A. Cristallo] + + Added instruction (at line 109) and updated line 8, minor change. + Tested on RHEL 7.5 and CentOS 7.5 +- Merge pull request #3779 from MISP/att&ckMatrixFix. [Alexandre + Dulaunoy] + + fix: #3769 Att&ck matrix now render multiple kill_chain by column. +- Merge pull request #3778 from tomking2/2.4. [Andras Iklody] + + Fixes Issue #3633 - Returned XML has application/json Content-Type header +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3768 from devnull-/#3748_download_files. [Andras + Iklody] + + Fix CSV filename #3740 +- Define filename (instead of download.csv) [Amaury Leroy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix2 import] Added an entry to the simple pattern mapping + dictionary. [chrisr3d] +- Merge pull request #3765 from IFX-CDC/2.4. [Andras Iklody] + + add: workers diagnostics to the server settings +- Fixed workers tab. [netjinho] +- Added workers diagnostics to the server settings. [netjinho] +- Merge pull request #3766 from SteveClement/misp-wipe. [Andras Iklody] + + Misp wipe and backup +- Merge pull request #3762 from SteveClement/py-virtualenv. [Andras + Iklody] + + chg: [tools] Added the option to have Python Virtualenv support +- Merge branch '2.4' into py-virtualenv. [www-data] +- Merge branch '2.4' into py-virtualenv. [Steve Clement] +- Merge branch '2.4' into py-virtualenv. [Steve Clement] +- Merge branch '2.4' into py-virtualenv. [Steve Clement] +- Merge branch '2.4' into py-virtualenv. [Steve Clement] +- Merge branch '2.4' into py-virtualenv. [Steve Clement] +- Merge branch '2.4' into py-virtualenv. [www-data] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3760 from cudeso/2.4. [Alexandre Dulaunoy] + + Ubuntu 18 documentation (sudo logrotate, universe repo) +- Ubuntu 18 documentation (sudo logrotate, universe repo) [Koen Van + Impe] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3757 from rmarsollier/patch-1. [Andras Iklody] + + adding python-maec to the debian9 install +- Adding python-maec to the debian9 install. [RbN] + + adding python-maec to the debian9 install +- Merge pull request #3758 from MISP/chrisr3d_patch. [Christian Studer] + + Chrisr3d patch +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Wip: [stix2 import] Parsing external Network Socket objects when + references are hostnames. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Add: [stix2 import] Added 1 easily parsable pattern type for external + STIX parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Wip: [stix2 import] Parsing external observable IPAddr - + NetworkTraffic - Domain composition objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Wip: [stix2 import] Parsing external process objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Wip: [stix2 import] Parsing external AS objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Wip: [stix2 import] Parsing external x509 objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Wip: [stix2 import] Parsing external mutex objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ +- Wip: [stix2 import] Parsing external mac-address objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ +- Wip: [stix2 import] Parsing external url objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Wip: [stix2 import] Parsing external regkey objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Wip: [stix2 import] Parsing external email objects. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing functions working for both subclasses +- Wip: [stix2 import] Parsing domain & domain-ip attributes/objects. + [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Also reusing code that works for both subclasses +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Wip: [stix2 import] Included pe & pe-section parsing for file objects. + [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ + - Including uuid fields + - Including refactor on some class attributes to + avoid errors and duplications +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Wip: [stix2 import] Starting parsing network-traffic objects from + external files. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, + this script may be broken in some cases atm /!\ +- Wip: [stix2 import] Starting parsing observables from external STIX2 + files + moving functions to the main script. [chrisr3d] + + - /!\ WiP, it is preferable to wait for the branch to be merged, script broken atm /!\ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3751 from ancailliau/fixes-error-message- + control_workers. [Andras Iklody] + + Fixes a typo in an error message (control_workers -> manage_workers) +- Fixes a typo in an error message (control_workers -> manage_workers) + [Antoine Cailliau] +- Merge pull request #3750 from Rafiot/csv_travis. [Raphaël Vinot] + + fix: travis import/export + + +v2.4.96 (2018-10-09) +-------------------- + +New +~~~ +- [ReST client] generate python output too. [iglocska] + + - also, nicer toggle! +- [API] Added cache export to export list. [iglocska] +- [ReST Client] added curl output to make everyone's lives a bit easier. + [iglocska] +- [API] Added returnFormat descriptions in a programmatic way to the API + info. [iglocska] +- [API] Added a new export that simply hashes all values with a + requested hash format. [iglocska] +- [API] rework of the searchall/quickFilter parameters. [iglocska] + + Now it correctly works as intended on both attribute and event contexts +- [API] documentation added for the new APIs. [iglocska] +- [export] Further changes required for the reworked export added. + [iglocska] +- [exports] New export system using restsearch. [iglocska] +- [search] download functionalities added to the search. [iglocska] +- [search] view changes added for the search. [iglocska] +- [search] Search refactored completely to use restsearch. Still needs + some minor changes. [iglocska] +- [internal] restsearch's bulk code moved to the model for attributes. + [iglocska] +- [api] CSV export using thin overlay over restsearch. [iglocska] +- [API] attributes/restSearch has received CSV as a new export format. + [iglocska] + + - added hook to modify parameters based on the export's internal settings +- [API] restsearch's internals moved to event model and reworked. + [iglocska] + + - better chunking and parameter handling +- [API] events/restSearch reworked, added CSV export. [iglocska] +- [API] CSV export tool completely reworked. [iglocska] +- [API] Improvements to the fetcher. [iglocska] + + - cache several objects that were loaded over and over before on bulk exports + - includeGranularCorrelations internal flag added to include/exclude correlations from the export for certain types + - some cleanup +- [internal] Added caching to the sharing group organisations. + [iglocska] +- [internal] Organisation internal caching added. [iglocska] +- [internal] GalaxyCluster internal caching added. [iglocska] +- [API] added sendFile function to rest response component. [iglocska] +- [API] events/restsearch rework - chunked export for performance gains. + [iglocska] +- [API] enable/disable warninglists by name substrings instead of IDs, + fixes #3706. [iglocska] + + - {"name": ["alexa", "iana"], "enabled": 1} +- [freetext] Freetext ingestion is now delegated to the background + processing. [iglocska] + + - no setup needed + - data to be ingested dropped to file, background worker ingests and processes the file +- [freetext import] Added detection for AS. [iglocska] +- [Complex type tool] Detection of [1] style refanging. [iglocska] +- [API] Rework of the restSearch APIs. [iglocska] + + - peformance tuning + - removed some redundant looping + - internal memory profiling for attributes/restSearch + - saving the intermediary results to file instead of keeping it all in memory to reduce the memory footprint + - added the searchall parameter + - fixed the ignore parameter + - added the event_timestamp parameter + - added manual pagination to the attribute level restsearch (limit, page) +- [API] Added API description for the warninglist toggleEnable API. + [iglocska] +- [API] Toggle the warninglists on/off in a convenient API. [iglocska] + + - via /warninglists/toggleEnable +- [blacklisting] pass parameters via named parameters to filter the + index. [iglocska] + + - /eventBlacklists/index/event_uuid:[my_event_uuid] +- [API] Correctly handle objects in flat exports and exposed text export + to event level search. [iglocska] +- [Galaxy] Delete individual clusters. [iglocska] + + - added an API and UI option to delete individual clusters +- [variable tags] Added the ability to load and display variable tags. + [iglocska] + + - as requested by Siemens +- [API] Added the includeEventTags parameter to the + /attributes/restSearch API. [iglocska] + + - appends all event level tags to each attribute +- [stix import] Adding object describing the original STIX 1.X / 2.X + used for import. [chrisr3d] + + - Depending if the variable passed to those scripts + are not None, then it is the name of the original + file used to import data +- [API] Added possibility to include the original file while importing + STIX data. [chrisr3d] +- [API] Tied the RPZ export into the restsearch APIs. [iglocska] + + - also, made the export modules aware of the exhaustive parameter list +- [API] Updated the RPZ export to follow the new API patterns. + [iglocska] + +Changes +~~~~~~~ +- [CSV] Added timestamp in CSV output with include context on the event + level. [iglocska] +- [version] version bump. [iglocska] +- [automation page] cleanup. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [notice-list] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated to the latest version. [Alexandre Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Bumped js version. [Sami Mokaddem] +- Bump PyMISP. [Raphaël Vinot] +- [export] Export view correctly fetches the state on whether an export + includes attachments. [iglocska] +- [API] made the CSV export type less restrictive by default (to_ids / + published ignored by default) [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- [API] new restresponse library addition fixed (send file) [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- [sharing-group] fix typo "Added Organisations" -> "Added Instance" + [Alexandre Dulaunoy] +- [misp-objects] add the relationship annotates. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- [stix1 framing] Removed previous stix framing script. [chrisr3d] +- [stix 1&2 export] Using header, footer and separator from the newest + framing script. [chrisr3d] +- [stix2 export] Using the RestResponse view call instead of having view + files. [chrisr3d] +- [stix2 export] Avoid Orgc Identity object duplication. [chrisr3d] + + - Orgc uuid returned each time a new one is seen + in an event + - All the uuids as parameter of the python script + - Identity object added only if the current uuid + is not in the parameters + - References to the corresponding identity are + (obviously) maintained for the final stix 2.0 + file +- [stix2 export] Multiple events export prepared in Controller & Model + side. [chrisr3d] + + - Changes on automation side coming soon +- [debugkit] Added the commented out loading of debugkit for + convenience. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [default-feeds] CoinBlockerLists updated - fix #3682. [Alexandre + Dulaunoy] +- [misp-object] updates to the latest version. [Alexandre Dulaunoy] +- [doc] Moved INSTALL files around to reflect a more acurate support + landscape. chg: [doc] Update README.md to explain some of the + folders/files. [Steve Clement] +- [doc] Added zmq, redis, maec python module installations. [Steve + Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [stix2 import] 2 main parsing cases split in 2 classes. [chrisr3d] + + --> 2 cases: + - STIX generated via MISP + - external STIX +- [Cortex] Don't set the content type header for cortex. [iglocska] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc] Added README to install directory. [Steve Clement] +- [doc] Centos 7 Install doc updates, more automation and some auto + defaults. [Steve Clement] +- [doc] Updated and tested basic MISP functionality under CentOS 7.5. + [Steve Clement] +- [i18n] Update to languages: Danish (54%) German (17%) Japanese (100%) + French (67%) Spanish (3%) [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- Bump recommended pyMispVersion. [Raphaël Vinot] + +Fix +~~~ +- [sanitisation] Sanitise curl query. [iglocska] +- [stix2 import] Fixed to_ids flag in imported objects. [chrisr3d] +- [API] Fixed broken check for overriding IDS flags via proposals, fixes + #3748. [iglocska] +- [stix2 export] Fixed process objects export. [chrisr3d] +- [stix2 export] Fixed function call typo. [chrisr3d] +- [Auth] Correctly handle users accounts getting deleted whilst the + users are logged in. [iglocska] + + - deauthed users would end up in a forced loop having to read the news creating a new blank user with each page refresh +- [stix import] Updated external files import to include related + indicators. [chrisr3d] +- [stix import] Fixed custom objects import from external files. + [chrisr3d] +- [Objects] Adding an object would not unpublish the event. [iglocska] +- [stix2 export] Avoiding export of the object related to the original + file used for import. [chrisr3d] +- [stix export] Avoiding export of the object related to the original + file used for import. [chrisr3d] +- [stix import] Fixed original imported file Object name. [chrisr3d] +- Sort CSV file before comparing: we do not care what the order of the + attributes is. [Raphaël Vinot] +- [CSV] boolean fields should be set to 1/0 instead of true/false. + [iglocska] +- [freetext] tag field not working fixed. [iglocska] +- [stix2 export] Handled case where we have only link attributes to be + imported. [chrisr3d] +- [restSearch] Avoiding useless stix python script calls on empty files. + [chrisr3d] +- [stix2] invalid path to script dir. [iglocska] +- [restSearch] Ignoring square brackets around STIX2 objects returned by + the python script. [chrisr3d] + + Because they are already provided by the framing script +- [stix export] Shortcut passing directly the 'Event' key of an event to + the parsing functions. [chrisr3d] +- [stix2 export] Avoiding identity object duplication. [chrisr3d] + + - Fixed orgs list, adding each org seen as it was + intended but forgotten until now +- [restSearch] Fixed return format for STIX formats. [chrisr3d] +- [restSearch] Added STIX 1 & 2 in valid formats. [chrisr3d] + + - Also fixed indentation of the validFormats array +- [restSearch] Fixed failed merge. [chrisr3d] +- [stix2 export] Stopped passing ORGs already parsed as argument of the + python script. [chrisr3d] +- [restSearch] Changed how data is handled eeeeeeeeeee. [chrisr3d] + + - Criteria was number of events and is now number + of attributes + - Writing data in a file until the limit number of + attributes is reached, then writing in the next + file and looping again until all data is written + - Then for each file, calling the python script to + parse MISP events and translate them into STIX + - Writing parsed STIX data into 1 file used to + return the result +- [stix2 export] Fixed event dictionary reading. [chrisr3d] +- [stix2 export] Refactored MISP event format used to improve + performances. [chrisr3d] + + - For big events, loading json file and parsing it + as json format is much faster than loading it as + PyMISP objects +- [stix2 export] Clearer string concatenation in scripts & directories + names definitions. [chrisr3d] + + - Reuse of variable name instead of string concatening +- [restSearch] Refactored MISP event format used to improve + performances. [chrisr3d] + + - For big events, loading json file and parsing it + as json format is much faster than loading it as + PyMISP objects +- [stix1 export] Fixed baseurl & orgname fetching from scripts + arguments. [chrisr3d] + + - Replacing empty arguments by default values +- [stix1 export] Including the latest changes on the python script. + [chrisr3d] +- [stix2 export] Using class variables to define baseurl & orgname. + [chrisr3d] +- [restSearch] Prettifying stix packages with indents. [chrisr3d] + + - As it is in stix export function from Model/Event.php +- [cleanup] Fixed indentation in restSearch. [chrisr3d] +- Added variable to have attribute with no ids flag from fetchEvent. + [chrisr3d] +- [restSearch] Fixed variables & indent. [chrisr3d] +- [ACL] Added exportSearch to the ACL. [iglocska] +- [api] Sharing group organisations not iterated if they don't exist. + [iglocska] +- Headers are case-sentitive, do not strtoupper. [Hannah Ward] +- [distributionGraph] changed condition to support one missing edge + case. [Sami Mokaddem] +- [distributionGraph] Fixed for loop to be less browser dependent. [Sami + Mokaddem] +- [internal] Moved validFormats array into a global for the event model. + [iglocska] +- [ReST] increased ReST client execution time to 300s. [iglocska] +- [Feed] If no data is returned from a freetext feed a notice was + generated. [iglocska] + + - added more graceful handling +- [log] user zmq logging was always getting the first user instead of + the actual one. [iglocska] +- Travis tests failing, take 2. [Raphaël Vinot] +- Travis tests failing. [Raphaël Vinot] +- [graph] Made the correlation graph aware of the new correlation + loading. [iglocska] +- [internal] Organisation caching fixed for the event load. [iglocska] +- [api] close the file after reading it. [iglocska] +- [API documentation] Added missing filters to the restSearch API. + [iglocska] +- [API] sgReferenceOnly should work via the API too. [iglocska] +- [API] handle empty value fields when running a quick search. + [iglocska] +- [API] Fixed the quickfilter parameter. [iglocska] +- [cleanup] Some cleanup and fixes to invalid exception invocations. + [iglocska] +- [eventGraph] Adapted fa icon to match the current installed fa + package. [Sami Mokaddem] +- [eventGraph] prevents bug if object has no attributes. [Sami Mokaddem] +- [stix2 export] Fixed Indicator & ObservedData arguments to avoid + syntax error with version < 3.5 of python. [chrisr3d] +- [stix2 export] Fixed string truncation. [chrisr3d] +- [API] handle to_ids better in the restSearch APIs. [iglocska] + + - invalid default settings for text/suricata exports on the event scope fixed + - 'exclude' re-introduced as a valid value +- [API] handle invalid export module calls gracefully. [iglocska] +- [stix2 export] Fixed unintended syntax error. [chrisr3d] +- [Event] Prevents bug if object has no attributes. [Sami Mokaddem] + + While using the event quick filter, prevents accessing a non existing index + if the object has no attributes. +- [stix framing] Fixed orgname in stix framing. [chrisr3d] +- [stix framing] Removed monkey printing. [chrisr3d] +- [stix framing] Redefined stix separator. [chrisr3d] + + - Avoid writing 'related package' xml key after + each python script call + - Those keys are now defined as separator and + coming from the framing script +- [stix export] Switched xml 'related packages' writing into the framing + script. [chrisr3d] + + - Instead of doing it in the php side after the + framing script is called +- [stix framing] Fixed xml separator. [chrisr3d] +- [API] toggle warninglists now correctly handles name lists as + parameters instead of just single values, fixes #3706. [iglocska] +- [enrichment] Made the payload of the API enriching an event with a + list of modules a bit more lax. [iglocska] +- [galaxy UI] clicking on metadata collapsed the galaxy quick view. + [iglocska] +- [Rest client] fixed invalid serialisation of some fields. [iglocska] +- [cleanup] Fixed missing merge save. [chrisr3d] +- [import modules] Avoiding issues with userConfig when module is + csvimport. [chrisr3d] + + - If users tick the checkbox to specify there is a + header in the csv file to import, there should + not be an error with empty userConfig header +- [stix1 framing] Including RichieB2B's patch. [chrisr3d] +- [stix1 export] Fixed missing change on the framing script call. + [chrisr3d] +- [stix2 export] Fixed syntax in stix2 function. [chrisr3d] +- [stix2 export] Fixed monkey issue in org uuid to return (in order to + avoid duplication) [chrisr3d] +- [stix2 export] Added missing view for stix2 json download. [chrisr3d] +- [stix2 export] Fixed event fetching. [chrisr3d] +- [API] Fixed an invalid lookup in the openioc export. [iglocska] +- [API] added catcher for include_event_uuid via /attributes/restSearch. + [iglocska] + + - affects #3695 +- [stix2 export] Variable typo. [chrisr3d] +- [API] malware samples not encoded with withAttachments=1 on the event + level restSearch. [iglocska] +- [stix2 export] Cleaned up MISP objects parsing. [chrisr3d] + + - Replaced multiple if statements in a for loop by + a dictionary mapping +- [stix2 export] Removed list of MISP types no longer used. [chrisr3d] +- [stix2 export] Cleaned up MISP attributes parsing. [chrisr3d] + + - Replaced multiple if statements in a for loop by + a dictionary mapping +- [API] CSV export snafu fixed. [iglocska] + + - perhaps not ignoring the filter parameters and getting the full dataset visible to the current user is a helpful idea +- [API] Added rpz to restsearch API description. [iglocska] + + - also added text to events/restSearch +- [internal] Fixed an issue that prevented all to ids attributes from + being fetched on the event view. [iglocska] +- [UI] Glaaxy quick view collapse toggle didn't correctly replace the + + with a - when expanded, fixes #3678. [iglocska] +- [API] Fixed the handling of the to_ids flag. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [ACL] Appease Travis (admin only function explicitly named) [iglocska] +- [db] Fixed an invalid DB field. [iglocska] +- [stix2 import] Using stix2 library attributes to load and parse STIX + data. [chrisr3d] +- [stix2 import] Fixed issue with self attribute used before + declaration. [chrisr3d] +- [stix2 import] Changed 1 function name to a more relevant one. + [chrisr3d] +- [sync] Invalid model call in the server pull using the update + technique. [iglocska] +- [diagnostic] Updated cybox reauired default version. [chrisr3d] + + - Since the very latest version is now installed + on every new machine generated, we can consider + it as default version +- [stix2 import] Cleaned up duplicate function & Fixed external STIX + files parsing. [chrisr3d] + + - External STIX files parsing improvement to come +- [stix2 import] Fixed mapping between STIX objects and galaxies fields. + [chrisr3d] +- [stix2 export] Fixed fields exported from galaxies. [chrisr3d] + + Better mapping regarding the relevance of each field +- [stix2 import] Removed no longer used function. [chrisr3d] +- [cleanup] Loading mapping dictionary only when needed. [chrisr3d] +- [API] various fixes to the timestamp handling. [iglocska] +- [Cortex] Unset cortex content-type header when doing a GET request. + [iglocska] +- [merge issue] resolved merge issue. [iglocska] +- [API] fixed an invalid dissection of the tag parameter if the + parameter is not set. [iglocska] +- [cleanup] Cleanup of removed upgrade scripts. [iglocska] +- [upgrade] replay potentially missed updates. [iglocska] +- [sync] Fixed some issues throwing notices when pulling. [iglocska] +- [sync] Fix pull not working caused by the refactor. [0xiso] +- [sync] Fix pull not working. [0xiso] +- [doc] Add an option to checkout submodules recursively. [0xiso] +- Making python 3.5 happy with exception type ImportError. [chrisr3d] +- [stix import] Fixed object_relation field key for the format of the + original imported file. [chrisr3d] + + - Following the latest changes on the object +- [Sighting] Fixed sighting creation. [chrisr3d] +- [stix1 import] Updated file parsing. [chrisr3d] + + - Including import of single attribute for the + latest supported STIX file object + - Including parsing of the STIX file object field + 'full_path' which can be found in any of the + different STIX object describing files +- [stix import] Avoiding encoding errors on reading file. [chrisr3d] +- [stix import] Quick fix on the new MISP object (for original files + imported) attributes. [chrisr3d] + + - Following the changes on the object itself +- [API] Quick fix on a dict key to fetch the name of the stix file + imported. [chrisr3d] +- [stix import] Importing the original file binary using the data field + in attribute instead of value field. [chrisr3d] +- [stix import] using the decoded binary of the original file imported + as attachment. [chrisr3d] +- [RPZ] flatten attributes for the RPZ export. [iglocska] +- [API] downloading events in XML format via the UI returns JSON. + [iglocska] +- [Feeds] Don't try to find caches for feeds that don't have caching + enabled. [iglocska] +- [REST client] baseurl can now be set optionally in the url. [iglocska] +- [Feeds] I CAN'T MATH. [iglocska] +- [feeds] Feed caching generates a lot of notices. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3743 from WaryWolf/unmanaged-workers. [Andras + Iklody] + + Add "manage workers" option. +- Add "manage workers" option. [Anthony Vaccaro] + + This is enabled by default, which replicates the current behaviour of having controls to start, stop and restart workers in the server settings page. + When set to disabled, these controls are hidden, which allows server administrators to manage the worker processes externally, e.g. via systemd. + + A sample systemd unit file has also been included into the INSTALL directory. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Add: [restSearch] STIX 1 & 2 export for restSearch. [chrisr3d] + + Features to be merged: + - Export of multiple MISP events + - Fetching events and writing them into files, each + file containing at most a number of attributes + defined by a limit + - Each file is then parsed instead of parsing each + event individualy, which reduces the number of + times the python scripts are called, reducing + the execution time of the overall process + - The result is then returned as on single file + read and displayed +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Wip: [stix2 export] Supporting export of multiple MISP events. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Wip: [restSearch] Passing multiple events to the STIX parsing script. + [chrisr3d] + + - atm calling the python script every 10 events + fetched with fetchEvent +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Wip: [stix1 export] Supporting export of multiple MISP events. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into + chrisr3d_restSearch_tests. [chrisr3d] +- Wip: [restSearch] Added stix2 export in restSearch. [chrisr3d] +- Wip: [restSearch] Stix1 export for restSearch. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3730 from FloatingGhost/2.4. [Andras Iklody] + + fix: Customauth Headers are case-sentitive, do not strtoupper +- Merge pull request #3731 from RichieB2B/ncsc-nl/show-more. [Andras + Iklody] + + Only display "Show 2 more" and up +- Only display "Show 2 more" and up. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Sami + Mokaddem] +- Merge pull request #3729 from RichieB2B/ncsc-nl/trim-merge. [Andras + Iklody] + + Trim spaces from source_id in merge form +- Trim spaces from source_id in merge form. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Sami + Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3725 from lhirlimann/2.4. [Alexandre Dulaunoy] + + Unify url for modules, make them usable behind proxies +- Unify url for modules, make them usable behind proxies. [Ludovic] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3723 from pettai/shibb. [Alexandre Dulaunoy] + + fix typo +- Fix docs. [Fredrik Pettai] + + fix docs + (DefaultRoleId is not implemented in the code) +- Fix typo. [Fredrik Pettai] + + fix typo in error message +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3711 from pettai/install. [Andras Iklody] + + add missing meac dep +- Add missing meac dep. [Fredrik Pettai] + + add missing meac dep +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3707 from Rafiot/2.4. [Raphaël Vinot] + + chg: Bump PyMISP +- Merge branch 'stix2' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Add: [export] Introduction of a framing script. [chrisr3d] + + - atm returning header, separator and footer for + both stix 1 & 2 export + - will do the same for other export formats, as a + centralized script taking the parameters needed + for the format in subject and returning the + corresponding header, footer and separator +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Add: [stix2 export] Added stix2 export view. [chrisr3d] +- Add: [stix2 export] Added instruction about automation part. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3664 from SteveClement/guides. [Andras Iklody] + + chg: [doc] Moved INSTALL files around to reflect a more accurate support landscape. +- Merge branch '2.4' into guides. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Proposed fix for admin add org with logo. [Sascha Rommelfangen] + + proxied via @iglocska +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch 'feature/variable_tag_value' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3626 from 0xiso/fix-pull-progress. [Andras Iklody] + + fix: [sync] Fix pull not working +- Merge pull request #3654 from 0xiso/fix-install-doc. [Andras Iklody] + + fix: [doc] Add an option to checkout submodules recursively +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3631 from SteveClement/i18n. [Steve Clement] + + chg: [i18n] Update to languages: Danish (54%) German (17%) Japanese (100%) French (67%) Spanish (3%) +- Merge remote-tracking branch 'upstream/2.4' into i18n. [Steve Clement] +- Merge pull request #3630 from SteveClement/guides. [Steve Clement] + + chg: [doc] CentOS 7 amendments, basic functionality established +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' into i18n. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- [stix1 import] Changed one of the generic STIX objects parser into a + return function. [chrisr3d] + + - So we extend the list of results instead of + having it as a parameter +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. + [chrisr3d] +- Fixed bug where popoverChoice was returning undefined values for some + browser. [Sami Mokaddem] + + +v2.4.95 (2018-09-06) +-------------------- + +New +~~~ +- [API] set default behaviour to require to_ids and published set to 1 + to be included in exports. [iglocska] + + - doesn't affect MISP json and xml formats +- [automation description] Added legacy mode toggle. [iglocska] +- [UI] Added an enrichment on-demand pop-up for hover modules. + [iglocska] +- [REST client] Templating system added to the rest client. [iglocska] +- [REST client] added the api enumeration to the rest client view. + [iglocska] +- [API] Restresponse component function added to enumerate available + APIs for the REST client. [iglocska] + + - also, added API descriptions for the restsearch functionalities +- [ACL] Added soft validation for available API enumeration. [iglocska] +- [API] evnet level restsearch switched to new modular conversion + system. [iglocska] +- [API] fixed two cases where the new filter parameter builder was being + naughty. [iglocska] + + - copy-pasta fail induced skipping of parameters with only NOT parameters fixed + - OR/AND/NOT formatted parameters with singular values (such as '{"OR": "foo"}' now handled correctly +- [API] XML export now exports both event and attribute level data. + [iglocska] + + - relying on the old XMLConverterTool for event level conversions +- [API] OpenIOC export library correctly handles both events and + attributes as their payload. [iglocska] + + - fixed annoying line breaks in the output +- [API] NIDS exports now correctly support event and attribute level + exports. [iglocska] + + - also, suricata/snort rules now include both the event and the attribute tags in the metadata +- [API] JSON export library updated to support both attribute and event + level conversions. [iglocska] + + - relies on the old JSON library for event level conversions +- [REST client] Allow skipping SSL validation. [iglocska] +- [REST client] Resolve urls and show API description if applicable. + [iglocska] +- [API] Added the libraries for the JSON, XML and Text exports. + [iglocska] +- [internal] SQL debug API tool added. [iglocska] + + - just pass /sql:1 to any query via the API to see a dump of all queries + - Response isn't very clean, JSON pushed infront of whatever the output is + - requires debug mode = 2 +- [API] rework of the attribute level restsearch. [iglocska] + + - optmisation, use of external converters + - one api to rule them all concept / controller +- [API] Made the NIDS export compatible with the new API. [iglocska] +- [API] Added the new XML converter. [iglocska] +- [api] Added new open IOC export system. [iglocska] +- [api] first revision of the attribute export. [iglocska] +- [API] reworked the attribute level restsearch. [iglocska] + + - use the new filter parameters + - use the new condition building mechanism + + - no more pre-filtering +- [rest client] parsers for JSON/HTML return added. [iglocska] +- [rest client] parser helper css/js added. [iglocska] +- [API] CSV export tool added. [iglocska] +- [API] WIP work in progress - moving CSV export to standardised + converter format. [iglocska] +- [API] Added publish filter to restsearch. [iglocska] +- [API] further rework of the restsearch api. [iglocska] + + - move to the new popping filter system +- [API] rework of the event level restSearch (WIP) [iglocska] +- [internal] Further work on the filtering. [iglocska] +- [internal] Rework of the filter handling internally. [iglocska] +- [internal] Added internal functions to interpret parameters in various + formats / coming from various sources. [iglocska] +- [internal] Added new internal functions to be used by all export APIs + in the future. [iglocska] + + - authenticate user via URL params if not already authenticated (to support legacy APIs) + - harvest parameters in a standardised way for filtering all export APIs +- [API] new centralised parameter system for APIs. [iglocska] +- [refactor] CSV api refactor. [iglocska] + + - performance gains + - first step in unifying all APIs + - moved the CSV data lookup into fetchattributes + - internal pagination is now more clever with a watchdog flag that can prevent unneeded executions by whatever calls fetchattributes +- [API] exposed the server related functionalities to the API. + [iglocska] + + - server index + - server push + - server pull + + - improved logging / error reporting of the sync functionalities +- [i18n] Added German Translation (12%) upd: [i18n] Czech 4%, French + 19%, Danish 48%, Italian 42%, Korean 3%, Portuguese 6% [Steve Clement] +- [performance] disable the checking of expired sessions for automatic + logouts. [Andras Iklody] +- Add install instructions. [Hannah Ward] +- Add download functionality. [Hannah Ward] +- Add upload/download for attachments. [Hannah Ward] +- Add S3 client class. [Hannah Ward] +- [tool] Generator for types/categories in all the places of MISP. + [Christophe Vandeplas] +- [feature] Built in REST client added to test / interact with the API + directly from MISP. [iglocska] + + - no more shitty chrome extensions that crash during trainings, rejoice! + +Changes +~~~~~~~ +- [doc] Point to official misp-book, MISP "User Guide" in main codebase + is obsolete. [Steve Clement] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [version] Bump. [iglocska] +- [bug] Fixed wrong event lookup in case the uuid is passed as an + eventId. Previously the code had two mutually exclusive conditions + `Event.id = uuid and Event.uuid = uuid` so we were getting `Invalid + event.` error. [chkp-aliaksandrt] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [automation description] Updated the automation page to reflect the + changes made to the restSearch APIs. [iglocska] +- [UI] made the enrichment sticky popup's trigger button behave like a + button. [iglocska] +- [misp feed] schema fixed to include caching_enabled field. [Alexandre + Dulaunoy] +- [misp default feeds] ipspamlist added as a feed provider. [Alexandre + Dulaunoy] +- [doc] Fixed permissions for logrotate. [Steve Clement] +- [internal] JSONConverterTool's support for the deprecated showorg flag + removed. [iglocska] +- [API] legacy passing of the api key via URL parameters caused an + invalid response type. [iglocska] + + - automatically selects json now +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [cleanup] removed leftover converter. [iglocska] +- [internal] not needed conditional cleaned up. [iglocska] +- [whitelisting] Cache the whitelist values in memory for each instance + of the whitelist model. [iglocska] + + - instead of loading it over and over +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [rest client] render the response by default. [iglocska] +- [querystring] version bumped. [iglocska] +- [API] Fixed fetchAttributes lookup on value to be only optionally a + substring search. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- Try xenial on travis. [Raphaël Vinot] +- [API] further work on the new CSV export. [iglocska] +- Add more tests. [Raphaël Vinot] +- [style] function opening brackets fixed. [iglocska] +- [api] reworked the CSV api to use the new standardised function calls. + [iglocska] +- [cleanup] removed moved and reworked harvestParameters function. + [iglocska] +- [restResponse] Updated restResponse library to produce nicer + exceptions. [iglocska] + + - more in-line with the standard exceptions +- [refactor] Broke contact email function up into parts. [iglocska] +- [cleanup] Removed todos from userscontroller that have become + irrelevant. [iglocska] +- [internal] Cleanup of the pull function. [iglocska] + + - split into functions based on the concerns it handles + - separated event download and proposal download into separate functions +- [cleanup] Removed unused view variable. [iglocska] +- [doc] MISP logo b&w only added. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [data-model] new bro attribute type to store rule in Bro rule-format. + [Alexandre Dulaunoy] + + Fixed #3584 +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [install] Some minor fixes to the install guide. [Andras Iklody] +- [performance] Only check if user is logged in if disable_auto_logout + is not set. [Andras Iklody] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version including related changes. + [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglist] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [visual] Changed the name of the rest client. [iglocska] + +Fix +~~~ +- [documentation] added missing legacy automation page view. [iglocska] +- [description] Typo in serverSetting fixed, fixes #3612. [iglocska] +- [API] using "download" as a returnformat via the URL breaks the + restSearch API. [iglocska] + + - we have to keep it as a legacy option and map it to json +- [API] Fixed the broken CSV export. [iglocska] +- [stix2 export] Fixed timestamp to datetime conversion for + 'date_sighting', using utc format. [chrisr3d] +- [stix2 import] Fixed Sighting import format. [chrisr3d] +- Create temp folder if it doesn't exist in EventsController::export() + [Xavier Mehrenberger] +- [stix2 import] Fixed some time-based attribute fields previously + wrongly imported from STIX object fields. [chrisr3d] +- [stix2 import] Keeping uuids from STIX objects imported as attributes. + [chrisr3d] +- [REST client] Fixed the order of execution for the various JS + functions when changing template. [iglocska] +- [REST client] Correctly detect camelised parameters as single values + instead of lists. [iglocska] +- [REST client] resolved issues with the URL builder for the REST + queries causing double "/"s after the baseurl. [iglocska] +- [internal] Invalid export format detection now throws an exception + instead of dying ungracefully. [iglocska] +- [internal] AppController minor fix. [iglocska] + + - fix bug of invalid forcing of JSON export type in certain conditions +- [API] invalid pass by reference parameter not passed as a variable. + [iglocska] + + - fixes "Cannot pass parameter 1 by reference" bug +- [ACL] getApiInfo added to acl. [iglocska] +- [internal] Org to org_id conversion correctly handled by restSearch + filters. [iglocska] +- [ACL] exclude afterfilter from the api checks. [iglocska] +- [internal] Whitelist model initialisation copy paste fail. [iglocska] +- [api] Added missing files. [iglocska] +- [REST client] Fixed the url parser for the client not handling named + params. [iglocska] +- [api] added attributes controller wip changes. [iglocska] +- [internal] removed old restsearch on the attribute level. [iglocska] +- [REST client] Fixed issues with multiple values in the same header. + [iglocska] +- [merge conflict] added merge conflict resolution. [iglocska] +- [internal] Handle tags passed via parameters not encapsulated in an + array. [iglocska] +- [API consistency] restsearch on an attribute level should return the + same format when hits were found and not. [iglocska] +- ['UI bug fixed'] adding an attribute could result in an exception + after a successful addition. [iglocska] +- [REST client] fix to the JSON prettyfication. [iglocska] +- [internal] Block attributes by tag using the event level restsearch + API. [iglocska] +- [internal] Changed the type filter function hook. [iglocska] +- [CS] Updated recent changes. [iglocska] +- CSV test. [Raphaël Vinot] +- [internal] Properly detect buggy parameters passed in the "last" + format. [Raphaël Vinot] +- Improve testing. [Raphaël Vinot] +- Dirty install of python 3.6 on travis. [Raphaël Vinot] +- [internal] Fix to the parameter parsing of the CSV path. [iglocska] +- [API] Class name fixed. [iglocska] +- [internal] uuid filter fixed. [iglocska] + + - copypastafail +- [internal] resolveTimeDelta fixes. [iglocska] + + - handle seconds + - return the current time as a filter if nothing is matched +- [internal] Fixed incorrect file added in previous commit. [iglocska] +- [internal] publish_timestamp was ignored by the new restsearch. + [iglocska] +- [internal] resolveTimeDelta() check relaxed to allow for stringified + timestmaps and floats. [iglocska] +- [internal] removed attribute.timestmap from the event level timestamp + filters. [iglocska] +- [API] allow other returnFormats besides download to work for + restsearch. [iglocska] +- [internal] looplimit lowered to 50k for fetchAttributes. [iglocska] + + - maybe we should base this number off the available memory somehow... +- [internal] Fixed an incorrect parameter lookup for the from/to + timefilter parser. [iglocska] +- [API] copy pasta error in parameter harvester. [iglocska] +- [cleanup] Fixed an assignment in a comparison. [iglocska] +- [stix2 export] Reverted a previous change on timestamps. [chrisr3d] + + - Following the STIX 2.0 requirements + - Including the latest changes on PyMISP + - Solution adopted before any other one is found + (for instance when 2.1 version is released) +- [stix] Timestamps patched. [chrisr3d] + + - Including the latest patches on PyMISP object + timestamps + - Some other quick timestamps import cleaned up +- [cleanup] Cleaned up STIX incident creation. [chrisr3d] +- [stix2 export] Fixed some timeline related fields. [chrisr3d] + + - for instance 'valid_from' should not be related + to timestamp + - Added the 'created' field in report as well, + using the event date +- [Taxonomies] Taxonomy update broken if no expanded values are provided + on the predicate or entry level. [iglocska] +- Old python crap. [Raphaël Vinot] +- [stix2 import] Importing regkey & regkey|value as attribute and not + regkey object. [chrisr3d] +- [stix1 export] Stripping registry keys and values to avoid spaces. + [chrisr3d] +- [feeds] Custom headers / authorization broken on csv/freetext feeds, + fixes #3581. [iglocska] +- [cleanup] Reduced credential objects parsing complexity. [chrisr3d] +- [cleanup] Made Exceptions happy specifying types. [chrisr3d] +- [cleanup] Cleaned up Course of Action parsing. [chrisr3d] +- [cleanup] Made exceptions happy + cleaned up if statement. [chrisr3d] +- [cleanup] Reduced complexity of the email objects parsing. [chrisr3d] +- [cleanup] Cleaned up Exception handling. [chrisr3d] +- [cleanup] Minor cleanup on custom objects parsing functions. + [chrisr3d] +- [cleanup] Reduced the main function complexity. [chrisr3d] +- [cleanup] Cleaned up libraries import. [chrisr3d] +- [cleanup] Reduced complexity in PE objects parsing. [chrisr3d] +- [cleanup] Cleaned up libraries import. [chrisr3d] +- [i18n] Variables are in no need to be translated, it will break stuff, + horribly. upd: [i18n] Update default.pot again. [Steve Clement] +- [statistics] Solve the issue with the unfiltered total counters in the + user and org statistics. [iglocska] +- ['UI bug fixed'] adding an attribute could result in an exception + after a successful addition. [Andras Iklody] +- [statistics] fixed an issue where the org statistics didn't correctly + apply the local filters. [iglocska] + + - both local and external just showed the sum totals instead of the individual pools +- [instructions] remove suggestion to check out last tagged version on + install. [Andras Iklody] +- Use configured attachments_dir instead of app/files/ in + ShadowAttributesController.php. [Xavier Mehrenberger] +- [typo] in S3 impementation. [Andras Iklody] + + - Thanks @FloatingGhost for noticing + - I hope your love for PHP will never cease to grow! +- Add PHP SDK install instructions. [Hannah Ward] +- [API] Allow rapid changes to attributes (>1 per second) [iglocska] +- [encryption] broken S/MIME encryption. [iglocska] + + - as reported and pinpointed by @3c7 + - blind fix, awaits confirmation +- [usersStat] allow fetching json of statistics/users. [Sami Mokaddem] +- [cleanup] Improvement of some for loops. [chrisr3d] +- [stix2 import] Fixed uuid of single ip attributes. [chrisr3d] +- [cleanup] Cleaned up duplication of code from the previous commit. + [chrisr3d] +- [cleanup] Cleaning up objects parsing. [chrisr3d] +- [UI] fixed missing sighting sparklines. [iglocska] +- [bug] fixed a typo preventing the attack matrix from working. + [iglocska] +- [rest client] corrected the calculation of the rest client duration. + [iglocska] + + - I can't maff gud +- [API] Some API rearrange issues fixed in events/add. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Temporary revert to avoid PGP bug. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3623 from SteveClement/guides. [Andras Iklody] + + chg: [doc] Guides in the main code base are obosolete +- Merge remote-tracking branch 'upstream/2.4' into guides. [Steve + Clement] +- Merge branch '2.4' into guides. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3530 from chkp-aliaksandrt/fix-object-add-if-uuid- + is-passed-as-eventid. [Andras Iklody] + + chg: [bug] Fixed wrong event lookup in case the uuid is passed as an eventId. +- Merge pull request #3518 from zeroq/sync_sightings_on_publish. [Andras + Iklody] + + Sync sightings on publish +- Provide uuid of new sighting to save function. [jgo] +- Check if sighting with given uuid already exists before saving new + sighting. [jgo] +- Todo added: do not add sightings that are already there. [jgo] +- Attach found sightings to event item. [jgo] +- Add attribute UUID to sighting item (easier for synchronization) [jgo] +- Merge pull request #3546 from WaryWolf/gpg-clearsign-fix. [Andras + Iklody] + + Split GPG signing and encrypting of outgoing emails into separate operations +- Split signing/encryption decisions into a separate method. [Anthony + Vaccaro] +- Split GPG signing and encrypting of outgoing emails into separate + operations. Allows for plaintext signing of outgoing emails. [Anthony + Vaccaro] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Add: [stix1 import] Added STIX 1 object type to the mapping types. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3610 from RichieB2B/patch-3. [Andras Iklody] + + Prevent STIX export crash +- Prevent STIX export crash. [Richie B2B] + + attribute can be None which causes the STIX conversion to crash +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3609 from SteveClement/2.4. [Steve Clement] + + chg: [doc] Fixed permissions for logrotate +- [chg] fix: Set correct perms for log rotate, faup fixed upstream. + [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3608 from Lastpixl/fix-export. [Andras Iklody] + + fix: create temp folder if it doesn't exist in EventsController::expo… +- Add: [stix2 import] Parsing 'valid_until' in indicators as expiration + date in Sightings. [chrisr3d] +- Add: [stix2 export] Parsing expiration date from sightings as + 'valid_until' in indicators. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'feature/api_rework2' into 2.4. [iglocska] +- Merge branch 'feature/api_rework2' into 2.4. [iglocska] +- Merge branch 'feature/api_rework' into feature/api_rework2. [iglocska] +- Merge branch 'feature/api_rework' into 2.4. [iglocska] +- Merge branch '2.4' into feature/api_rework. [iglocska] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [iglocska] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [Raphaël Vinot] +- Merge branch '2.4' into feature/api_rework. [iglocska] +- Merge branch '2.4' into feature/api_rework. [iglocska] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [iglocska] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [iglocska] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [Raphaël Vinot] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [iglocska] +- Merge branch '2.4' into feature/api_rework. [iglocska] +- Merge branch '2.4' into feature/api_rework. [iglocska] +- Merge branch 'feature/api_rework' of github.com:MISP/MISP into + feature/api_rework. [iglocska] +- Merge pull request #3557 from Rafiot/feature/api_rework. [Raphaël + Vinot] + + Feature/api rework +- Merge pull request #3551 from Rafiot/feature/api_rework. [Raphaël + Vinot] + + chg: try xenial on travis +- Merge branch '2.4' into feature/api_rework. [iglocska] +- Merge branch '2.4' into feature/refactortime. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into feature/refactortime. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3597 from lcpdn/patch-12. [Alexandre Dulaunoy] + + Add french translation on default.po (18% > 60%) +- Update default.po. [lcpdn] + + Going from 18% to 60% on crowdin with my parts. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3587 from droe/2.4. [Andras Iklody] + + Fix broken timestamps by using 24 hour clock and ISO 8601 date format +- Fix broken timestamps by using 24 hour clock and ISO 8601 date format. + [Daniel Roethlisberger] + + The event view shows a wrong "Last change", e.g. "2018/08/23 06:01:45" + for "2018/08/23 18:01:45". The same problem affects the timestamp in + the XML generated by IOCExportTool.php. Fix by correcting the PHP + date() code "h" to "H". + + While here, also switch to a clearer ISO 8601 date representation for + "Last change", using dashes instead of slashes for separation of year, + month and day. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3579 from SteveClement/2.4. [Steve Clement] + + fix: [i18n] Variables are in no need to be translated, it will break stuff. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3578 from SteveClement/2.4. [Steve Clement] + + upd: [i18n] Fixed easy missing __() +- Upd: [i18n] Fixed easy missing __() [Steve Clement] +- Merge pull request #3577 from SteveClement/2.4. [Steve Clement] + + upd: [i18n] Update of default English PO template +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge pull request #3576 from SteveClement/2.4. [Steve Clement] + + new: [i18n] Added German Translation (12%) +- Merge pull request #3575 from SteveClement/2.4. [Steve Clement] + + upd: [i18n] 100% Japanese translation. +- Upd: [i18n] Update of default English PO template. [Steve Clement] +- Upd: [i18n] 100% Japanese translation. [Steve Clement] +- Merge pull request #3570 from Lastpixl/fix_attachments_dir. [Andras + Iklody] + + fix: use configured attachments_dir instead of app/files/ in ShadowAt… +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3560 from FloatingGhost/malware-to-s3. [Andras + Iklody] + + Use AWS S3 as an attachment storage +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3556 from mokaddem/fixUserStats. [Alexandre + Dulaunoy] + + fix: [usersStat] allow fetching json of statistics/users +- Merge pull request #3555 from WaryWolf/change-password-permissions- + fix. [Alexandre Dulaunoy] + + Add a permission check to the change password page. +- Add a permission check to the change password page. [Anthony Vaccaro] + + The 'MISP.disableUserSelfManagement' config variable is checked + when rendering the link to the change password page, but is not checked + when rendering the page itself. This could lead to unauthorised + password changes by users with existing accounts on the MISP + instance. +- Merge pull request #3553 from PaoloVecchi/patch-9. [Alexandre + Dulaunoy] + + Update EventsController.php +- Update EventsController.php. [Paolo Vecchi] + + Just a ) missing. +- Merge pull request #3552 from PaoloVecchi/patch-7. [Alexandre + Dulaunoy] + + Update AttributesController.php +- Update AttributesController.php. [Paolo Vecchi] + + Just a couple of ')' missing in lines 2105 and 2263 +- Merge pull request #3549 from PaoloVecchi/patch-7. [Alexandre + Dulaunoy] + + Update report_validation_issues_events.ctp +- Update report_validation_issues_events.ctp. [Paolo Vecchi] + + Speling mistake? 'V' of validation outside php tag. +- Merge pull request #3550 from PaoloVecchi/patch-8. [Alexandre + Dulaunoy] + + Update index.ctp +- Update index.ctp. [Paolo Vecchi] + + Added space between 'events' and 'on' +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3547 from PaoloVecchi/patch-6. [Andras Iklody] + + Update INSTALL.ubuntu1804.with.webmin.txt +- Update INSTALL.ubuntu1804.with.webmin.txt. [Paolo Vecchi] + + systemd sucks! + ;-) +- Merge pull request #3542 from PaoloVecchi/patch-5. [Andras Iklody] + + Update INSTALL.ubuntu1804.with.webmin.txt +- Update INSTALL.ubuntu1804.with.webmin.txt. [Paolo Vecchi] + + Fixed a few small things +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge remote-tracking branch 'origin/2.4' into 2.4. [Christophe + Vandeplas] + + +v2.4.94 (2018-08-09) +-------------------- + +New +~~~ +- [PGP] Added fingerprint to /users/verifyGPG. [iglocska] +- [internal] Streamlining of the push process. [iglocska] + + - rework of the internals + - cleaner separation of concerns into more specialised functions +- [internal] Simplication of the push functionality. [iglocska] +- [API] rework of the attribute fetcher. [iglocska] + + - correctly handles attribute tags + - performance improvements due to rework of the internal pagination + - fixes to issues with too many hits on a tag search causing queries that are too long +- [internal] subQueryGenerator changes. [iglocska] + + - fixed some issues that made it non-usable before + - added possibility to run negations (NOT IN) +- [internal] Added helper functions for tag lookups. [iglocska] +- [CLI] Get the API key of a given user using the CLI. [iglocska] + + - simply run /var/www/MISP/app/Console/cake Admin getAuthkey [user_email] +- Added table for user settings. [iglocska] +- [eventGraph] added jpeg export. [Sami Mokaddem] +- [eventGraph] added network preview feature. [Sami Mokaddem] +- [eventGraph] SharingGraph: added skeleton of Model/Controller for + saving and sharing the network among organisations (+ javascript + interaction functions) [Sami Mokaddem] +- [eventGraph] DOT Language export. [Sami Mokaddem] +- [eventGraph] Skeleton of network history + capability to add custom + row button in actionTable. [Sami Mokaddem] +- [eventGraph] Briefly validate imported file + fix node position on + drag. [Sami Mokaddem] +- [eventGraph] Possibility to import/export (json) event graph. [Sami + Mokaddem] +- [js_helpers] empty cells and 2 widgets. [Sami Mokaddem] +- [Statistics] Added a new tab to the statistics showing the + user/organisation additions over the past month/year. [iglocska] +- Add install docs. [Hannah Ward] +- Add ability to log to elasticsearch. [Hannah Ward] +- Add elasticsearch settings. [Hannah Ward] +- [API] Check for malformed JSON requests. [iglocska] +- [attackMatrix] possibility to pick multiple galaxy to attach to the + event in at the event-level. [Sami Mokaddem] +- [attackMatrix] contextual menu when clicking on a cell in the event + ATT&CK matrix. [Sami Mokaddem] +- [CLI] Added update commands for Taxonomies, Warning Lists, Notice + Lists and Object Templates. [Steve Clement] +- [sync] Improvements to the pull mechanism. [iglocska] + + - moved the blacklist event skipping to the negotiation phase + - no longer need to pull and then discard events that have been blacklisted + - solves issues with slow syncs when a lot of deletions were involved + + - also, moved the sync negotiation + event retrieval to UUID based lookups instead of ID +- [internal] Added convenience function to get estimated row count for a + table. [iglocska] +- [API] Updated the timestmap handling in the restSearch APIs to use the + new smart-system. [iglocska] +- [internal] setTimestampConditions unified and improved. [iglocska] + + - no more separate codepath for setPublishTimestampConditions + - accept shorthand time descriptions (1d, 5h, etc) + - always accept single values or arrays with start/end times +- [galaxies] Force update galaxies and update improvements in general. + [iglocska] + + - passing /1 to the galaxy update function now forces updates on all clusters + - performance improvements +- [data model] Added support for monero - new type xmr. [iglocska] + + - soft validation + - secondary validation with warnings for malformed addresses + - supporting epic facial hair styles +- [edit strategy API] To support a smoother integration with the Hive, + new API that describes what the edit strategy is for an event. + [iglocska] + + - GET on /events/getEditStrategy/[id] + - where id can be either a local ID or a UUID + + - returns a JSON dictionary with the following fields: + - strategy: edit | extend (edit if it's an own event, extend otherwise) + - extensions: list of dictionaries with existing extensions created by the user's org (containing the id, uuid, info fields) + + - The algorithms implementing this should prioritise as such: + + 1. Check if user can edit the event (strategy == edit) - if yes, edit + 2. If no, check if extensions exist - if yes, edit one of those + 3. If no, create a new extension to the original event +- [sync] Added flag to avoid using the proxy. [iglocska] + + - in some cases you have internal sync between instances in which case going through the proxy is silly +- [Session handling] Force certain session values to fix existing issues + with misconfigured instances. [iglocska] +- [Session handling] Added checkAgent toggle. [iglocska] +- [API] Added unsafe URL parameter to authenticate users. [iglocska] + + - for legacy tools that cannot pass headers in HTTP requests for some insane reason + - Needs to be enabled by a site admin - default is that it is disabled + - MISP's diagnostic tool WILL complain if this is ever enabled + +Changes +~~~~~~~ +- [release] Version bump. [iglocska] +- [internal] Refactor of the pull function. [iglocska] + + - the various event ID list collection methods are now decided in an external function +- [cleanup] Removed the 2.3 -> 2.4 upgrade. [iglocska] + + - in case you are reading this and wondering why it's gone: + - 2.4 came out in 2014 + - If you are still running that version, just upgrade to any prior 2.4 and then upgrade from that version on + - Also hope that no one will ever find this message relevant, 3+ year old software is just bad. +- [cleanup] Cleanup of the server settings reader. [iglocska] + + - split into more readable functions +- [internal] Rework of the emailing. [iglocska] + + - extracted the encryption functions out from the main e-mailing function + - simplification of the code in several places +- [cleanup] removed pointless TODOs. [iglocska] +- [cleanup] Removed duplicate capture field definitions. [iglocska] +- [cleanup] removed duplicate branching code to set module setting + defaults. [iglocska] +- [internal] moved socket / request creation to appmodel. [iglocska] +- [PyMISP] updated to the latest version of describeTypes. [Alexandre + Dulaunoy] +- [except] Closed the brackets correctly on the throw except. [Steve + Clement] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [internal] instead of replicating the event level distribution rules, + the attribute model now inherits the event code. [iglocska] +- [internal] Opened the buildConditions code up to other models. + [iglocska] +- [cleanup] Removed duplicate httpsocket setups. [iglocska] +- [refactor] Unified event conditions creation. [iglocska] +- [cleanup] removed duplicate logging code. [iglocska] +- [cleanup] added function to check for prio worker's existance in + Event.php. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [documenation] Added CLI documentation for the getAuthkey tool. + [iglocska] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [i18n] update from crowdin, French (13%) Danish (43%) Italian (25%) + Japanese (86%) Korean (2%) Portuguese (6%) Spanish (1%) [Steve + Clement] +- [csv] added the object_relation field to the CSV export. [iglocska] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [stix2 import] Preparation for the upcoming changes on stix2 files to + import due to the multi export. [chrisr3d] +- [form] Give change Password field focus. [Steve Clement] +- [psr-2] Changed view files to space indentation instead of tabs. + [iglocska] + + - *sniff sniff* +- [CS] Changed to PSR-2. [iglocska] + + - to make contributions easier, adopted PSR-2 + - used php-cs-fixer to rework the style + - *sniff sniff* Goodbye tab indentation +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [i18n] update default.pot to include all new strings. Updated + cze/fra/ita/jpn/kor/PT_br new: [i18n] Spanish translation file. [Steve + Clement] +- [kali] small typo in git config. [Steve Clement] +- [stix2 export] Updated Galaxies parsing. [chrisr3d] +- [stix2 import] Importing pe object custom properties. [chrisr3d] + + - Following the last changes on stix2 export +- [stix2 export] Exporting not mapped attributes from pe objects as + custom properties. [chrisr3d] +- [kali] redis on boot (for persistent setups) [Steve Clement] +- [kali] added headers to vhost. More automation in rc.local. [Steve + Clement] +- [kali] added expect to make it work on kali-light. [Steve Clement] +- [debian] Added profile change to take viper/cake into consideration. + [Steve Clement] +- [stix2 export] Updated galaxy types parsing (improvement + types + added) [chrisr3d] +- [stix2 export] Parsing Galaxies in attributes level. [chrisr3d] +- [kali] disabled sleep, fixed database.php creation. [Steve Clement] +- [kali] tpm module wants to be loaded before install rng-tools. [Steve + Clement] +- [kali] Fixed expect, finally, perms for viper fixed too. [Steve + Clement] +- [kali] make sure the tpm module is laoded for more rng. [Steve + Clement] +- [kali] use chpasswd to changes password non-interactively. [Steve + Clement] +- [kali] Shuffle final output. [Steve Clement] +- [kali] Changed the way expect gets data. [Steve Clement] +- [kali] Moved db connection blurb around, tried to fix EOF. [Steve + Clement] +- [kali] Checked for misp db presence, made misp.local a thing. [Steve + Clement] +- [kali] Drop user to non-root user. [Steve Clement] +- [kali] Refactor script, everything runs as root now, but MISP user + will be created. [Steve Clement] +- [kali] Wrapped installer in function. [Steve Clement] +- [kali] Prepared installer for running in a function. [Steve Clement] +- [kali] Fixed if typo. [Steve Clement] +- [doc] Kali script typo. [Steve Clement] +- [doc] Added check for misp user if run twice… [Steve Clement] +- [doc] Add bootstrap function for Kali. [Steve Clement] +- [doc] Kali viper-web improvement. [Steve Clement] +- [doc] More kali linux fixes. [Steve Clement] +- [doc] Added mail2misp fixed some automation. [Steve Clement] +- [doc] Debian tweaks and fix for misp-dashboard. [Steve Clement] +- [i18n] updated fra/ita/jpn/pt new: [i18n] Added initial Czech + translation. [Steve Clement] +- [i18n] wrap stuff into __construct( [Steve Clement] +- [i18n] More __(); [Steve Clement] +- [i18n] Added more __()'s. [Steve Clement] +- [i18n] typo. [Steve Clement] +- [i18n] Added __('') where needed/missing. [Steve Clement] +- [stix2 export] Preliminary changes to prepare a multi events stix2 + export coming soon. [chrisr3d] +- [eventGraph] refacto after comments from the Overmind. [Sami Mokaddem] +- [appController] bumped query version. [Sami Mokaddem] +- [eventGraph] removed useless comments and checks. [Sami Mokaddem] +- [eventGraph] renaming EventNetworkHistory into simply EventGraph. + [Sami Mokaddem] +- [ACL] bumped to reflect networkHistory controller. [Sami Mokaddem] +- [eventGraph] fixed img_preview size, catch keyboard inputs and removed + useless function. [Sami Mokaddem] +- [eventGraph] removed possibility to import eventGraph. [Sami Mokaddem] +- [eventGraph] Usage of fetchEvent function, refacto + sorting on + creation date + disabling button if user is not authorized to + save/delete/.. the network. [Sami Mokaddem] +- [eventGraph] only networkHistory user creator can delete its saved + network. [Sami Mokaddem] +- [eventGraph] implemented loading graph from the db. [Sami Mokaddem] +- [eventGraph] Implemented saving/deleting feature. [Sami Mokaddem] +- [eventGraph] rightCliking on the graph select undelying node. [Sami + Mokaddem] + + This allows faster contextualMenu operations +- [eventGraph] better support of hidden event (possibility to show + hidden item back latter on) [Sami Mokaddem] +- Move elasticsearch to composer "suggest" [Hannah Ward] +- [deps] There is no major difference between 2.1.0.17 and the dev + version. [Steve Clement] +- [kali] fix. [Steve Clement] +- [kali] fix redis install. [Steve Clement] +- [kali] misp-modules start on install. [Steve Clement] +- [kali] added SSL, removed manual redis install. [Steve Clement] +- [kali] skip dist-upgrade for time reasons. [Steve Clement] +- [kali] Fixed perms at the end. [Steve Clement] +- [doc] Adapted auto messages. [Steve Clement] +- [doc] Updates to Debian guides, mostly cake automation new: [doc] + Install doc/script for kali linux deployment. [Steve Clement] +- [i18n] Latest jpn translation (94%), Latest French (10%) updated + default.pot new: [i18n] Initial Italian translation (25%), Spanish + (1%), Brazilian Portuguese (3%), Korean (1%) [Steve Clement] +- [i18n] updated cake i18n extract --extract-core no --exclude + Test,Vendor,Lib. [Steve Clement] +- [CLI] Updated admin commands and added FIXMEs. [Steve Clement] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc] More updates on the debian install guides, small fix on OpenBSD. + [Steve Clement] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [attackMatrix] UI improvement (contextual menu) [Sami Mokaddem] +- [attackMatrix] UI improvements. [Sami Mokaddem] +- [attackMatrix] support of quick tagging from the attackMatrix at event + view level. [Sami Mokaddem] +- [attackMatrix] improved CSS and positioning of the contextual menu. + [Sami Mokaddem] +- [CLI] updated noticelist response for no update needed. [iglocska] +- [stix2 import] Set distribution values to the default ones. [chrisr3d] +- [CLI] added force argument. [Steve Clement] +- [travis] add PHP 7.2 tests. [Alexandre Dulaunoy] +- [PyMISP] updated to latest version. [Alexandre Dulaunoy] +- [stix2 import] Importing file objects attachments (malware-sample) + [chrisr3d] +- [stix2 export] Exporting file objects attachments (malware-sample) + [chrisr3d] +- [doc] Added $PATH_TO_MISP where necessary. [Steve Clement] +- [doc] Further debian install guide automation. [Steve Clement] +- [doc] regrouped all the apt install. [Steve Clement] +- [doc] Debian 9/testing updates base MISP now fully working. [Steve + Clement] +- [doc] Merged changes from stable to testing. [Steve Clement] +- [cleanup] Removed the deprecated GFI sandbox import. [iglocska] + + - Burn the heretic. Kill the mutant. Purge the unclean. +- [stix2] added attachment encoding to the stix2 export. [iglocska] +- Remove unused variable. [Raphaël Vinot] +- [stix2 import] Importing email objects custom properties + + improvement. [chrisr3d] +- [doc] removed python2 deps. [Steve Clement] +- [guide] More automation on install guide. [Steve Clement] +- [refactor] Fixed an issue where too many events would cause a query + too large for mysql to handle when querying /events/index via the API, + fixes #3444. [iglocska] +- Case insensitive sort of organisation list. [Dawid Czarnecki] +- [internal] Don't try to convert shorthand time notations to timestamp + if the data is already in timestamp format. [iglocska] +- [CLI] Convert "false" and "true" for setSettings to 0 and 1 + respectively, fixes #3408. [iglocska] +- Add shebangs. [Raphaël Vinot] +- Mispzmq -> python3.6. [Raphaël Vinot] +- [stix2 import] Updated asn objects import to include custom + properties. [chrisr3d] +- [stix2 import] Variable name changed for more clarity with MISP + objects property 'name' [chrisr3d] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [stix2 export] Exporting not mapped email object attributes as custom + properties. [chrisr3d] +- [stix2 export] Exporting not mapped asn attributes object as custom + properties. [chrisr3d] +- [UI] Cleaned up proposal correlations and unified attribute/proposal + correlation view code. [iglocska] +- [PyMISP] updated to latest version. [Alexandre Dulaunoy] +- [PyMISP] released as 2.4.93. [Alexandre Dulaunoy] +- [Session handling] Added some sane defaults to the session handler. + [iglocska] +- Move old install guides to a sub directory. Init submodules at the + right place. [Raphaël Vinot] +- [attackMatrix] Moved the submit button above the Cancel button. [Sami + Mokaddem] + + making the matrix's UI more consistent with the application's UI. +- [stix2 import] Moved objects parsing dictionary into the main script. + [chrisr3d] + + - In case wee need to call self in one of the + functions called by the dictionary +- [stix2 export] Little update on pe-section export as pattern. + [chrisr3d] + + - Added a section index in the identification part + of the pattern, to avoid confusions between + each section + +Fix +~~~ +- [stix1 import] Fixed journal entries parsing fails. [chrisr3d] +- [stix1 import] Copy/paste error fixed. [chrisr3d] +- [cleanup] Some more minor clean up. [chrisr3d] +- [stix1 export] MISP objects parsing improvement. [chrisr3d] +- [sync] Fixed an issue blocking the syncing of edits, fixes #3537. + [iglocska] +- [pgp] left of changes for the pgp printout. [iglocska] +- [cleanup] Fixed libraries import copy/paste issues. [chrisr3d] +- [stix2 import] Fixed quote error in a dictionary key. [chrisr3d] +- [stix2 import] Fixed some STIX objects parsing, reading them as dict + in order to avoid error on popping elements. [chrisr3d] +- [stix2 import] Avoided try/catch-ing the loading function so we get + the error if it fails. [chrisr3d] +- [stix2 import] Removed obsolete parsing function & try/catch for + custom objects. [chrisr3d] + + - With the 'allow_custom' parameter set to True, + the parsing function works even with custom + objects +- [bug] Fixed e-mailing bug introduced during the refactoring. + [iglocska] +- [bug] Fixed several server settings related issues caused by the + refactor. [iglocska] +- [sync] typos fixed. [Andras Iklody] +- [sync] Fixed buggy connection test. [iglocska] + + - refactor revealed that the sync user access on the remote was never correctly determined + - fallback method that has since been removed for 2+ year old instances was always used due to the above issue +- [internal] tightened authkey validation. [iglocska] +- [cleanup] Invalid assignment in conditional cleaned up. [iglocska] +- [cleanup] Cleaned up SMIME certificate validation. [iglocska] + + - merged the two functionalities we've had for it +- [stix2 import] Importing attribute tags from labels. [chrisr3d] +- [stix2 export] Added attribute tags in stix labels. [chrisr3d] +- [stix2 export] Avoiding issues with empty data field in attributes. + [chrisr3d] +- [internal] removed massive duplicate lookup function. [iglocska] +- [cleanup] removed empty if statement. [iglocska] +- [internal] streamlining the worker removal logging. [iglocska] +- [cleanup] Removed duplicate code. [iglocska] +- [cleanup] Cleaned up exceptions types. [chrisr3d] +- [cleanup] Cleaned up exceptions types, unnecessary else after return + and multiple statements in single line. [chrisr3d] +- [cleanup] Quick cleanup. [chrisr3d] +- [cleanup] Cleaned up exceptions types, typechecks and other minor + items. [chrisr3d] +- [cleanup] Cleaned up libraries imports. [chrisr3d] +- [cleanup] cleaned up the setup of httpsockets in the Server.php file. + [iglocska] +- [internal] removed duplicate logging code. [iglocska] +- [cleanup] removed unneeded concat. [iglocska] +- [internal] cleanup of some junk. [iglocska] +- [internal] serveral unreachable breaks removed. [iglocska] +- [internal] removed unreachable break. [iglocska] +- [internal] Fixed invalid assignment. [iglocska] +- [bug] Fixed cryptic ##COMMA## in error message. [iglocska] +- [tests] CSV export. [Alexandre Dulaunoy] +- [galaxies] Fixed same value across two namespaces causing issues. + [iglocska] +- [csv] escaped all string fields to fix some oddities. [iglocska] +- [upgrade] fixed incorrect upgrade scripts. [iglocska] +- [stix1 export] Removed try catch statements used before depending on + the python version. [chrisr3d] + + - Useless now because of python3 forced +- [stix1 export] Fixed missing namespace schema location + various code + cleaning on framing. [chrisr3d] +- [stix1 export] Removed not used libraries import on framing. + [chrisr3d] +- [stix2 import] Importing Galaxy Cluster uuid. [chrisr3d] +- [stix2 import] Fixed missing field info, forgotten in the latest + changes. [chrisr3d] +- [stix2 import] Skipping relationships atm to avoid errors. [chrisr3d] + + - Relationships parsing to come later +- [cleanup] Cleanup of accidental inclusion of a feature in progress. + [iglocska] +- [API] don't allow the same event tag to be added multiple times via an + /events/add call, fixes #3507. [iglocska] +- [data model] Preparation for some taxonomy improvements. [iglocska] +- [stix1 export] Fixed indentation. [chrisr3d] +- [stix2 import] Improved file reading in loading function. [chrisr3d] +- [stix2 export] Fixed missing variable assignment. [chrisr3d] +- [install] Changed the install instructions to use CLI commands... + [Andras Iklody] + + ...instead of updating config.php. The latter can be dangerous if typos pop-up. +- [API] set attribute distribution if it isn't set in the capture + attribute call. [iglocska] + + - should have worked via the beforevalidate() but it didn't + - ah well +- [delegation] Attribute tags and objects were not transfered during + delegation, fixes #3495. [iglocska] + + - The delegation system hasn't been updated since the introduction to the new systems + - new objects being transferred: objects, attribute tags, object references +- [stix2 import] Fixed relationship import. [chrisr3d] + + - Skipping it at the moment + - Will have to rebuild a large part of the import + functions to include relationships after the export + part is reworked completely +- [stix2 import] Fixed vulnerability import, following the last changes + on export part. [chrisr3d] +- [stix2 export] Fixed vulnerability export. [chrisr3d] + + - depending on the origin of the object exported: + attribute/object or galaxy +- [bug] Fixed an invalid count() call on the taxonomies index. + [iglocska] +- [i18n] Made PO importable into crowdin. [Steve Clement] +- [stix2 export] Fixed relationships mapping typo. [chrisr3d] +- [stix2 export] Watching if a cluster uuid has already been added to be + exported instead of a galaxy uuid. [chrisr3d] +- [stix2 export] Allowed custom properties for all + Indicators/ObservedData from MISP objects export. [chrisr3d] +- [stix2 export] Fixed regkey|value attribute export. [chrisr3d] +- [stix2 export] Exporting not mapped attributes of regkey objects as + custom properties. [chrisr3d] +- [API] Attribute edit via uuid fails as non site admin, fixes #3487. + [iglocska] +- [AppModel] re-apply the eventGraph SQL query. [Sami Mokaddem] +- [AppModel] added missing comma in SQL update query. [Sami Mokaddem] +- [doc] added sudo verification to guide. [Steve Clement] +- [doc] added sudo verification to guides. [Steve Clement] +- [eventGraph] export now works on firefox. [Sami Mokaddem] +- [i18n] Indentation. [Steve Clement] +- [i18n] added missing %s. [Steve Clement] +- [i18n] added missing echo. [Steve Clement] +- [i18n] Typos and __('Fixes') [Steve Clement] +- [stix2 export] Fixed failing condition on filename|hash composite + attribute. [chrisr3d] +- [eventGraph] removed 'import' label from the contextual header button. + [Sami Mokaddem] +- [actionTable] correctly delete row based on id or position + correctly + handle row_action options. [Sami Mokaddem] +- [mispJS] updated submitDeletion to match the new eventGraph history + name. [Sami Mokaddem] +- [eventGraph] fix validation and Model class name. [Sami Mokaddem] +- [eventGraph] fixed conditions about determining if loaded graph is the + latest version. [Sami Mokaddem] +- [eventGraph] catch empty node selection if no underlying node is + there. [Sami Mokaddem] +- [eventGraph] Object get correct color when exporting in DOT Language. + [Sami Mokaddem] +- [eventGraph] typo in eventId compatibility validation. [Sami Mokaddem] +- [eventGraph] swapped function call to hide expanded objectAttribute. + [Sami Mokaddem] +- [eventGraph] canvas menu (right-click) is shown at the correct + position. [Sami Mokaddem] +- [stix2 import] Fixed custom properties parsing following the last + changes on x509 object export. [chrisr3d] +- [python3] Updated script to python3 only. [iglocska] +- [python3] Missed python3 call instead of python. [iglocska] +- [i18n] Added default language. [iglocska] +- One final indentation re-align. [Hannah Ward] +- Make indentation line up. [Hannah Ward] +- Use spaces entirely. [Hannah Ward] +- Indentation on ES client. [Hannah Ward] +- [stix2 export] Fixed malware-sample data export as pattern. [chrisr3d] +- [update] checkout the last checked in version of composer.json before + attempting a pull. [iglocska] +- [zmq] Fixed execution of the ZMQ start/stop commands still being + python 2. [iglocska] +- Because people use old python. [Raphaël Vinot] + + Should fix #3475 +- [kali] Fix RAW URL. [Steve Clement] +- [freetext] parser was detecting any number as a phone number, fixes + #3469. [iglocska] + + - new requirement: must start with + or contain a - +- [settings] Make travis happy. [iglocska] +- [settings] Attempted fix to appease Travis. [iglocska] +- [CLI] mixup corrected. [Andras Iklody] +- [settings] Default setting for the attachments directory fixed. + [iglocska] +- Export events csv with CR (fix #3458) [kalyparker] + + Export using automation functionnality for ids does not clean the special char like CRLF. + When there is a carriage return in the event info, the csv is broken. +- [attackMatrix] pressing ESC dismiss the matrix popup. [Sami Mokaddem] +- [sti2 import] Fixed pe-extension parsing. [chrisr3d] +- [stix2 import] Including import of custom properties for pe & pe- + section objects. [chrisr3d] +- [stix2 export] Fixed file object references with its contained data + object. [chrisr3d] +- [stix2 export] Fixed File PE Binary extension. [chrisr3d] +- [sti2 import] Fixed import of some attributes that can contain data. + [chrisr3d] +- [stix2 import] Removed try catch on adding attribute to event. + [chrisr3d] +- [UI] Fixed the sighting buttons being (non-functionally) available to + read only users. [iglocska] +- [API] Removed unused optional field from the organisation API + descriptions. [iglocska] +- [feed] Invalid lookup when editing events via MISP feeds throws notice + error, fixes #3366. [iglocska] +- [stix2 export] Fixed parsing of some attributes which can contain + data. [chrisr3d] +- Fix: [stix2 export] Removed ip @ type parsing function duplication. + [chrisr3d] +- [CLI] Update noticelists correctly passes the user data. [Andras + Iklody] +- [PyMISP] updated to the latest version. [Alexandre Dulaunoy] +- [performance] Changed regex clean all function to work in a chunked + fashion. [iglocska] +- [cleanup] Removed duplicate line, fixes #3448. [iglocska] +- [python version] changed generate_file_objects.py's execution to + python3. [iglocska] +- [cleanup] Reverted lax baseurl validation. [iglocska] +- [sync] pull giving some weird messages when an event is blocked by + blacklists. [iglocska] + + - don't warn about failed pulls when the reason is a local blocking of the event. + + - future improvements: remove the blocked events during the negotiation phase +- [adminTools] undeclared variable removal. [Steve Clement] +- [stix2 import] Fixed email object import (screenshot & eml attributes) + [chrisr3d] + + - Same comments as previous commit for export + - Also moved parsing functions in subject into the + main script to avoid importing python libraries + in the dictionaries script +- [stix2 export] Fixed email object export (screenshot & eml attributes) + [chrisr3d] + + - Both of these attributes should not be exported + as part the email body + - Thus: custom property +- [stix2 import] Improved network socket observable object parsing loop. + [chrisr3d] +- [stix2 import] Removed print. [chrisr3d] +- [stix2 import] Fixed Custom Object type parsing. [chrisr3d] + + - Unlike usual STIX2 objects, Custom Objects do not + have their own type. They are dict and have thus + no callable attributes +- [stix2 export] Fixed custom object type. [chrisr3d] + + - Custom Object type cannot accept capital letters +- [stix2 import] Fixed pattern parsing following the lastupdate on + pattern export. [chrisr3d] +- [stix2 export] Fixed pattern apostrophes typo. [chrisr3d] +- [stix2 export] Fixed export of email attachment, eml & screenshot. + [chrisr3d] +- Decode redis in ZMQ. [Steve Clement] +- [zmq] Backwards compatbility with python 3.4. [Steve Clement] +- [cleanup] removed obsolete code. [iglocska] +- [galaxies] Force galaxy update now correctly updates the galaxy + itself, not just the contents. [iglocska] +- [bug] Fixed route to /regexp/admin_index. [iglocska] +- [galaxy] Further fixes with the saving of the galaxy update data. + [iglocska] +- [bug] Removed unused field from galaxy update. [iglocska] +- [UI] added galaxy force update to the side menu. [iglocska] +- Compatibility with python 3.4. [Raphaël Vinot] +- Set shebangs, cleanup. [Raphaël Vinot] +- [stix2 import] Removed shitty looping test. [chrisr3d] +- [stix2 import] Fixed asn object pattern keys. [chrisr3d] +- [stix2 import] Fixed stix2 'parse' function (from library) parameters. + [chrisr3d] +- [stix2 import] if statement typo. [chrisr3d] +- [API] Fixed object view API. [iglocska] +- [UI] fixed typo causing exceptions in the att&ck add function, fixes + #3426. [iglocska] +- [bug] Potential fix for SQL return size limit reached when fetching a + list of attributes. [iglocska] +- [stix2 export] Fixed parameter called while mapping object names. + [chrisr3d] +- [Session handling] Make sure that the autoregenerate setting changes + are actually saved. [iglocska] +- [update] recursively init and update submodules. [Andras Iklody] +- [attackMatrix] Better popup position for small screen. [Sami Mokaddem] + + Dynamically change popup position and placement for smaller screen, + forcing that each cell have a minimum width and that the window is + scrollable to reveal the remaining of the popup. +- [attackMatrix] No longer set the modal position to fixed when the + viewport is small. [Sami Mokaddem] + + Under a viewport of 1400px, the modal's position is set to absolute + alowing the user to use the scrollbar for navigation. +- [stix2 import] Fixed object name while importing file with pe & + sections. [chrisr3d] +- [stix2 export] Fixed observable object of File with PE extension. + [chrisr3d] +- [stix2 export] Quick fix of issues on files related to PEs. [chrisr3d] +- [CSRF] Don't run the CSRF form protection on the attribute search. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3535 from PaoloVecchi/patch-4. [Andras Iklody] + + INSTALL.ubuntu18.04.01.with.webmin.txt +- INSTALL.ubuntu18.04.01.with.webmin.txt. [Paolo Vecchi] + + Added Virtualmin install and repository update for mariadb +- Merge pull request #3536 from StefanKelm/2.4. [Andras Iklody] + + Default sort order for Id and Date +- Update proposal_event_index.ctp. [StefanKelm] +- Default sort order for ID and Date: desc. [StefanKelm] +- Default sort order for timesamps: desc. [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Fixes missing hostname|port in network activity mapping. [Christophe + Vandeplas] + + The hostname|port has default category "Network Activity" , but was not allowed by the mapping. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3526 from SteveClement/2.4. [Steve Clement] + + chg: [typo] Minor typo +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3520 from ater49/patch-5. [Alexandre Dulaunoy] + + Update of french translation +- Update default.po. [ater49] + + Adding some translations +- Merge pull request #3517 from RichieB2B/ncsc-nl/stix-orgname. + [Christian Studer] + + Use original orgname at stix-header:title +- Use original orgname at stix-header:title. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3515 from SteveClement/2.4. [Steve Clement] + + chg: [i18n] update from crowdin, French (13%) Danish (43%) Italian (25%) Japanese (86%) Korean (2%) Portuguese (6%) Spanish (1%) +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3512 from ater49/patch-3. [Alexandre Dulaunoy] + + Update default.po +- Update default.po. [ater49] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3510 from ater49/patch-1. [Andras Iklody] + + Update default.po +- Update default.po. [ater49] +- Update default.po. [ater49] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3502 from SteveClement/2.4. [Andras Iklody] + + chg: [form] Give change Password field focus. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3500 from SteveClement/2.4. [Steve Clement] + + chg: [i18n] update default.pot to include all new strings +- Merge pull request #3499 from SteveClement/2.4. [Steve Clement] + + fix: [i18n] Made PO importable into crowdin. +- Merge pull request #3498 from eCrimeLabs/2.4. [Andras Iklody] + + Fix related to Concerns PR #3492 +- Fix related to Concerns PR #3492. [Dennis Rand] +- Merge pull request #3493 from SteveClement/guides. [Steve Clement] + + chg: [kali] small typo in git config +- Add: [stix2 export] Added relationships between SDOs. [chrisr3d] + + - Mostly relationships defined by the official + STIX2.0 Relationships Mapping + - Further changes on relationships to come +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3492 from eCrimeLabs/2.4. [Andras Iklody] + + Danish translation attempt. It does miss some changes but it should b… +- Danish translation attempt. It does miss some changes but it should be + a good start. [Dennis Rand] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3490 from SteveClement/guides. [Steve Clement] + + chg: [kali] redis on boot (for persistent setups) +- Merge pull request #3489 from SteveClement/guides. [Steve Clement] + + chg: [kali] added headers to vhost. More automation in rc.local +- Merge pull request #3488 from SteveClement/guides. [Steve Clement] + + chg: [doc] Various updates to Debian and Kali Linux install files. +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #3486 from mokaddem/fix-eventGraphDBUpdate. [Andras + Iklody] + + Fix event graph db update +- Merge branch '2.4' into guides. [Steve Clement] +- Merge pull request #3483 from SteveClement/2.4. [Andras Iklody] + + chg: [i18n] Added a lot of __('s for our i18n effort +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3449 from mokaddem/sharingGraph. [Andras Iklody] + + EventGraph history +- Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami + Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami + Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami + Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami + Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami + Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami + Mokaddem] +- Add: [stix2 export] Exporting not mapped attributes from x509 object + as custom properties. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3479 from FloatingGhost/feature-send-logs-to- + elasticsearch. [Andras Iklody] +- Merge pull request #2890 from truckydev/patch-7. [Steve Clement] + + new: [i18n] Create cake_dev.pot for FR_fr +- Update cake_dev.po. [truckydev] +- Remane pot to po. [truckydev] +- Create cake_dev.pot. [truckydev] +- Merge pull request #3478 from SteveClement/2.4. [Steve Clement] + + chg: [deps] Set the correct and working version of Cybox in diagnostics +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- [stix2 export] Slight data field reading improvement. [chrisr3d] +- [stix2 export] Clarified galaxies condition test parsing. [chrisr3d] +- [stix2 export] Ip-port object export improvement. [chrisr3d] +- Merge pull request #3474 from SteveClement/2.4. [Steve Clement] + + new: [kali] Added initial kali linux script that can install a MISP instance with "one click" +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3471 from SteveClement/2.4. [Steve Clement] + + chg: [i18n] added and updated various LOCALE files +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3470 from SteveClement/2.4. [Steve Clement] + + chg: [doc] Debian guides updated +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3462 from SteveClement/2.4. [Steve Clement] + + chg: [CLI] update/WarningLists/NoticeLists/ObjectTemplates/Galaxies to Admin CLI +- Merge pull request #2 from iglocska/patch-2. [Steve Clement] + + fix: [CLI] mixup corrected +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge pull request #3461 from mokaddem/update/attackMatrix. [Andras + Iklody] + + new: [attackMatrix] possibility to pick multiple galaxies (event-level) +- Merge remote-tracking branch 'upstream/2.4' into update/attackMatrix. + [Sami Mokaddem] +- Merge pull request #3460 from kalyparker/fix-export-events-csv. + [Andras Iklody] + + fix: export events csv with CR (fix #3458) +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3455 from mokaddem/update/attackMatrix. [Andras + Iklody] + + Update/attack matrix +- Merge remote-tracking branch 'upstream/2.4' into update/attackMatrix. + [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3457 from StefanKelm/2.4. [Andras Iklody] + + Sod the bloody typos +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Typo. [StefanKelm] +- Add: [stix2 import] Importing email-attachment attributes. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix2 export] Exporting email-attachment attributes. [chrisr3d] +- Merge pull request #1 from iglocska/patch-1. [Steve Clement] + + fix: [CLI] Update noticelists correctly passes the user data +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3447 from SteveClement/2.4. [Steve Clement] + + chg: [doc] debian testing/stable install guide updates +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3445 from SteveClement/2.4. [Steve Clement] + + chg: [doc] debian install guide updates +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge pull request #3443 from SteveClement/2.4. [Steve Clement] + + fix: [ZMQ] support for all python versions +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3436 from SteveClement/2.4. [Steve Clement] + + Re-work of the Debian Install Guide +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- - Quick command to update galaxies. [Steve Clement] +- - Final merge, 90% in line. - More automation - ToDo: Seperate + optional features from the essential. [Steve Clement] +- - Merged more changes from both files. [Steve Clement] +- - Merge debian-stable and debian-testing instructions. [Steve Clement] +- - Added env variables to make the install less painful when it comes + to variables - Remove apache2.2 instructions, 2.4 is default - Add + some automation to do replacements in php.ini. [Steve Clement] +- - Added things that do not work. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3439 from dawid-czarnecki/2.4. [Andras Iklody] + + chg: Case insensitive sort of organisation list +- Merge pull request #3433 from 0xtf/patch-1. [Andras Iklody] + + Change 16.04 reference to 18.04 on install guide +- Change 16.04 reference to 18.04. [Tiago Faria] +- Merge pull request #3435 from SteveClement/2.4. [Andras Iklody] + + OpenBSD and FreeBSD Install instructions updated +- - More instructions on OpenBSD Install. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- - A more working FreeBSD Install Instruction. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3432 from dak-csis/patch-1. [Andras Iklody] + + Fix php blank page on Debian 9 and Ubuntu 16.04 +- Update misp. [Daniel Akulenok] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3405 from Rafiot/ditchpy2. [Andras Iklody] + + Arbitrary move to python3.6 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3427 from StefanKelm/2.4. [Andras Iklody] + + Change --force to --recursive in update/upgrade documentation +- Change --force to --recursive. [StefanKelm] +- Change --force to --recursive. [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'attributeFetcherFix' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3417 from SteveClement/2.4. [Steve Clement] + + Added initial internationalization for: French (6%), Japanese (21%) + Updated FreeBSD and added OpenBSD Install document (WIP-pre-alpha) +- - Rudimentary support for apache2, login works. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- - Partially works, again, but still CSS issues. [Steve Clement] +- - FreeBSD OpenBSD install updates. [Steve Clement] +- - Initial OpenBSD install procedure, based on httpd. [Steve Clement] +- - Added initial internationalization for: French (6%), Japanese (21%) + -- Please support our translation teams: + https://crowdin.com/project/misp -- Other Languages in progress: + Italian (9%), Korean (1%), Portuguese (1%) [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Update core.default.php. [Steve Clement] + + flipped 'autoRegenerate' sessions. This setting wants to be off for production machines. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3410 from mokaddem/attackMatrixLayout. [Alexandre + Dulaunoy] + + Attack matrix layout +- Merge remote-tracking branch 'upstream/2.4' into attackMatrixLayout. + [Sami Mokaddem] +- Merge pull request #3382 from MISP/Rafiot-patch-1. [Alexandre + Dulaunoy] + + Simplify the wording in the warning. +- Improvement. [Raphaël Vinot] +- Simplify the wording in the warning. [Raphaël Vinot] +- Merge pull request #3399 from StefanKelm/2.4. [Andras Iklody] + + Default sort order for timestamp in attribute view +- Default sort order for timestamp: desc. [StefanKelm] +- Add: [stix2 import] Importing files with pe & pe_sections objects. + [chrisr3d] +- [stix2 import] Improved file observable object parsing. [chrisr3d] + + +v2.4.93 (2018-06-27) +-------------------- + +New +~~~ +- [attackMatrix] Skeleton of multiple galaxy picking. [Sami Mokaddem] +- [stix2 export] Starting exporting PE binary files. [chrisr3d] + + --> file, pe & pe-section objects linked with + references +- [CLI] Added CLI tool to downgrade DB version. [iglocska] +- [i18n] Added tools to switch between languages via the server + settings. [iglocska] +- [attackMatrix] Also consider attack galaxy at event level in the + heatmap fix: [attackMatrix] Typo in ATT&CK + division by 0 in + gradiendTool. [Sami Mokaddem] +- [attackMatrix] added instance UUID in rest response. [Sami Mokaddem] +- [attackMatrix] statistic about attack tags used in the instance chg: + [attackMatrix] moved functions in to model and matrix view into + elements. [Sami Mokaddem] +- [attackMatrix] Possibility to highlight cell matching the typeahead + field's value. [Sami Mokaddem] +- [AttackMatrix] added Mobile/Pre-Attack Matrix support, UI improvements + and code refacto. [Sami Mokaddem] +- [GalaxyPicking] Choose the galaxy namespace first before showing + related galaxies. [Sami Mokaddem] +- [attackMatrix] Ability to attach Mitre att&ck galaxy from the matrix. + [Sami Mokaddem] +- [attackMatrix] legend scale of the heatmap with dynamic updates. [Sami + Mokaddem] +- [attackMatrix] force kill chaine header order. [Sami Mokaddem] +- [attackMatrix] addition of heatmap on tiles depending on occurence of + the tag. [Sami Mokaddem] +- Initial skeleton of Mitre attack matrix. [Sami Mokaddem] +- [internal] Added convenience method to find the ID of an SG via it's + UUID. [iglocska] +- [functionality] Kick user out if the session is expired instead of + only doing it on a page load. [iglocska] +- [UI/UX] Event lock initial version. [iglocska] + + - Show if another user is editing the event you're viewing (same org only) +- Add email field autofocus on login page. [Dawid Czarnecki] +- Added event lock functionality. [iglocska] +- Added event lock table. [iglocska] + + - also added missing permission for ZMQ publisher role +- Add schema for feed-metadata. [Raphaël Vinot] + +Changes +~~~~~~~ +- [version] Version bump. [iglocska] +- [misp-galaxy] updated to the latest version (including CFR test) + [Alexandre Dulaunoy] +- [stix1 import] Improved parameters. [chrisr3d] +- [attackMatrix] removed forgotten debug cmd. [Sami Mokaddem] +- [attackMatrix] Definitively removed typeahead + code cleanup. [Sami + Mokaddem] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglists] updatd to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [attackMatrix] ATT&CK Tactic is put at the top when picking galaxies + and is shown in All namespace mode. [Sami Mokaddem] +- [diagnostics] Make the STIX diagnostics a bit less cryptic. [iglocska] +- [API] Changed the default exportable setting for tags that don't + contain the field pushed via the API to true. [iglocska] +- [clarity] Made the file path validationfailing more obvious when + adding local feeds. [iglocska] + + - Warning to catch issues that arise due to Steve's fat fingers +- [stix1 import] Updated message diplayed in case of import error. + [chrisr3d] +- [stix1 import] Properly catching loading errors and returning the + corresponding output value. [chrisr3d] +- [stix1 import] Changed relationship for the header of a pe. [chrisr3d] + + - atm better mapping in export for event imported + with this change + - may change if we decide to create something new + to represent headers separately +- [i18n] Updated pot files. [iglocska] +- [i18n] Made the strings more i18n friendly across the application. + [iglocska] +- [attackMatrix] added some comments. [Sami Mokaddem] +- [attackMatrix] Support of JS for interaction in the statistics page. + [Sami Mokaddem] +- [attackMatrix] removed console logging. [Sami Mokaddem] +- [attackMatrix] Restrict view to be ajax only. [Sami Mokaddem] +- [attackMatrix] search capabilities and table auto resize. [Sami + Mokaddem] +- [attackMatrix] UI improvement. [Sami Mokaddem] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [travis] setuptools need to be updated too. [Alexandre Dulaunoy] +- [travis] sudo because Travis said so... [Alexandre Dulaunoy] +- [travis] Sami influenced me by adding random numerical value at the + end of Python packages. [Alexandre Dulaunoy] +- [travis] self update of pip3 to update pip3. [Alexandre Dulaunoy] +- [tests] stix 1.2.0.6 python requirements updated. [Alexandre Dulaunoy] +- [favicon] Changed the favicon. [Sami Mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [version bump] querystring bumped. [iglocska] +- [Diagnostic View] Updated Diagnostic View for STIX1 related python + libraries. [chrisr3d] +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- Add enums in feed-metadata schema. [Raphaël Vinot] + +Fix +~~~ +- [stix1 import] Fixed Monkey typo. [chrisr3d] +- [stix1 import] Fixed missing self call. [chrisr3d] +- [bug] Typo in the event before validate hook. [Andras Iklody] + + As pointed out by @To-om +- [sync] Fix to the attribute level filters not being applied correctly + on a full push. [iglocska] + + - Found during the investigation of #3378 +- [stix1 export] Fixed MISP objects export. [chrisr3d] + + - handle the case when there is no pe & pe-section + objects + - 'resolve_objects2parse' should then be optional + considering this case +- Bump query_version and updated queryACL. [Sami Mokaddem] +- [attackMatrix] only return the result for the last attached galaxy. + [Sami Mokaddem] + + If a galaxy is already attached, just skip the message. + (The return value is a string, we don't want to compare the string value for + each galaxy to be attached) +- [attackMatrix] Multiple galaxy attach operations are now support at + attribute level. [Sami Mokaddem] + + Previsouly, only 1 INSERT INTO command was executed, the others were + UPDATE commands +- [UI] fixed Event lock breaking the restoration of soft deleted + attributes. [iglocska] +- Correlation popup format. [iglocska] +- Left off view file. [iglocska] +- [UI] Fixed a bug with galaxies not being addable. [iglocska] +- Fixed an issue where tags couldn't be added anymore since the last + commit. [iglocska] +- [API] tag capture fixed on newly created objects via the API, fixes + MISP/PyMISP#236. [iglocska] +- [stix diagnostic] Returning the correct 'success' value in case of + error with maec. [chrisr3d] +- [security] Brute force protection can be bypased with a PUT request. + [iglocska] + + - fixes an issue where brute forcing the login would work by using PUT requests + - as reported by Silver Saks from CCDCOE +- [stix1 export] Fixed pe & pe-section export when the header is not + distinct from the other sections. [chrisr3d] +- Fixed a bug where users couldn't add galaxies after + paginating/filtering on event attributes. [iglocska] +- Fixed broken correlation toggle on the event view. [iglocska] +- [stix1 import] Fixed indent that imported some objects split. + [chrisr3d] +- [sync] pull not working due to invalid lookup against galaxies. + [iglocska] +- [error messages] made some of the error messages a bit more uniform. + [iglocska] +- [upgrade] Made an older upgrade script more friendly towards MySQL. + [iglocska] +- [galaxies] Fixed query causing MYSQL errors due to group by not + containing a silently loaded field. [iglocska] +- Don't require API users to acept the terms / change password to get + going. [iglocska] + + - to get the API key they need to log in anyway via the interface +- Use common code-path for user init via the login page and the CLI. + [iglocska] + + - also, be consistent with initial settings +- [setup] Brought MYSQL.sql up to date, fixes #3357, fixes #3358. + [iglocska] +- [stix1 import] Started fixing to_ids flags for imported + attributes/objects. [chrisr3d] +- [Cortex] fixed Cortex auth issue. [Andras Iklody] +- [attackMatrix] prevent trowing an error if mitre attack galaxy is not + there. [Sami Mokaddem] +- [attackMatrix] added aggressive sanitization (just to be sure) [Sami + Mokaddem] +- [attackMatrix] added missing entries in ACL component. [Sami Mokaddem] +- [attackMatrix] Prevent hovering listener to overwrite each other. + [Sami Mokaddem] +- [attackMatrix] prevent multiple listener on matrix widgets. [Sami + Mokaddem] +- [attackMatrix] cluster ATT&CK Tactic is shown in Mitre namespace only. + [Sami Mokaddem] +- [AttackMatrix] picking Att&ck tactic correctly redirect on the matrix. + [Sami Mokaddem] +- [eventView] Hide galaxy tags after search. [Sami Mokaddem] +- [travis] update to the latest version of requests. [Alexandre + Dulaunoy] +- [Docs] some install guide clarifications. [Andras Iklody] +- [bug] fixed version comparison for old vs new db versions. [iglocska] +- [UI] Event lock message update eating flash messages fixed. [iglocska] +- [SG/sync] fixed an issue where if a sync user was not allowed to + modify a sharing group, it also couldn't create events with said SG + attached. [iglocska] + + - correctly capture the sharing group, without still being able to modify it, but to extract the ID and link it to the event to be created +- [stix2 export] Fixed attribute value type issue with AS numbers. + [chrisr3d] +- [stix1 export] Fixed AS attribute value export. [chrisr3d] + + - 'number' field in STIX object side if the value is + only digits + - 'handle' if it starts with 'AS' + - + same parsing as the one recently pushed for STIX2 + regarding 'value' and 'comment' fields on MISP side +- [stix2 export] Checking AS attributes value. [chrisr3d] + + - Because it went out that some people sometimes put + the AS value in comment and an ip address as value +- Fixed the annoying getcorrelation errors in the logs if someone has + the jobs index open and times out, fixes #3339. [iglocska] +- [UI] Preserve settings on events add form if anything goes wrong with + the validation. [iglocska] +- [UI] Fixed default value of threat level id. [iglocska] +- [sg bug] Fixed a bug where a user that should be allowed to extend a + sharing group is blocked if they are also a sync user. [iglocska] + + - conditions requires that the sharing group has been synchronised from a remote by a different sync user +- [bug] Fixed a copy pasta fail preventing the adding of galaxies. + [iglocska] +- [stix2 export] Fixed regkey observable creation. [chrisr3d] +- [stix2 export] Fixed network socket observable creation. [chrisr3d] +- [stix2 export] Fixing issues due to the oddity of some enumeration + lists for observable objects. [chrisr3d] +- [stix2 export] Fixed pattern of protocol value in network socket + object creation. [chrisr3d] +- Don't throw users out if debug is enabled with the new check. + [iglocska] +- [bug] Endless loop when terms are not accepted / password not reset + fixed, fixes #3336. [iglocska] +- Fixed premission on a view level for add tags. [iglocska] +- Fixed permission check for adding tags to an event. [iglocska] +- [ACL] added new functions to the ACL. [iglocska] +- [bug] invalid function call for the event lock via the objects + controller. [iglocska] +- [extended events] Correctly handle event extensions via event ID + instead of UUID, fixes #3332. [iglocska] +- [stix1 export] Fixed some credential object attributes export. + [chrisr3d] + + Following the latest update on the import part + which include credential objects import, and in + order to avoid duplicate attribute export and + create authentication STIX Objects more properly: + - Parsing authentication type to avoid as much as + possible to associate passwords with not relevant + authentication types. + - If only one authentication type -> distributing + it to all the passwords (as well as it is the + case for the authentication format). +- Added impfuzzy validation. [iglocska] +- [Diagnostic] Fixed typo in python libraries testing. [chrisr3d] +- Made sure that object edit buttons are only visible to those that can + edit them. [iglocska] + + - also, some cleanup in the code to make it more readable +- [EventView] Still allows object edition event if the event hasn't been + published. [Sami Mokaddem] + +Other +~~~~~ +- Add: [stix1 import] Parsing x509 raw certificate in x509 object. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3384 from MISP/Rafiot-patch-2. [Alexandre + Dulaunoy] + + Makes more sense. +- Makes more sense. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix1 import] Added default distribution values in events + imported. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3372 from mokaddem/attackMatrix. [Andras Iklody] + + Multiple pick in ATT&CK matrix +- Merge branch '2.4' of https://github.com/MISP/MISP into attackMatrix. + [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- [stix2 export] Improved x509 attributes parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3368 from mokaddem/attackMatrix. [Alexandre + Dulaunoy] + + ATT&CK Tactic Matrix at the top! +- Merge branch '2.4' of https://github.com/MISP/MISP into attackMatrix. + [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3367 from SteveClement/2.4. [Steve Clement] + + Various updates to INSTALL instructions +- - remove dupe python3-pip from apt install. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- - Added more automation to install procedure. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix1 export] Exporting pe with its section and the related + file. [chrisr3d] + + - --> WinExecutableFileObject + - next to the generic loop parsing all objects + because of the relations between file, pe, and + pe-section that should be parsed +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'set_db_version' into 2.4. [iglocska] +- Merge pull request #3355 from StefanKelm/2.4. [Andras Iklody] + + Typos within Event graph view +- Update event-graph.js. [StefanKelm] +- Typos... [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3352 from axpatito/patch-1. [Andras Iklody] + + Update INSTALL.rhel7.txt +- Update INSTALL.rhel7.txt. [axpatito] +- Merge pull request #3350 from mokaddem/attack. [Alexandre Dulaunoy] + + Attack +- Merge remote-tracking branch 'upstream/2.4' into attack. [Sami + Mokaddem] +- Merge pull request #3347 from mokaddem/attack. [Alexandre Dulaunoy] + + Mitre ATT&CK Tactic +- Merge remote-tracking branch 'upstream/2.4' into attack. [Sami + Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into attack. [Sami + Mokaddem] +- Add: [stix] Added test files for stix (1 & 2) import & export. + [chrisr3d] + + Including: + - MISP events that can be tested in export + - STIX 1 & 2 files resulting from the export of + the MISP events, that can be used as well in + order to test the import scripts +- Add: [stix2 import] Importing asn objects. [chrisr3d] +- Add: [stix1 import] Importing AS STIX objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3345 from mokaddem/favicon. [Andras Iklody] + + Favicon +- Merge branch '2.4' of https://github.com/MISP/MISP into favicon. [Sami + Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix2 export] Exporting asn MISP objects. [chrisr3d] +- Add: [stix1 export] Exporting asn object. [chrisr3d] +- [stix2 export] Removed intermediary 1 line functions. [chrisr3d] +- [stix2 export] Improved some dictionary use/call. [chrisr3d] +- Add: [stix2 export] Exporting stix2-pattern MISP objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix1 import] Importing Account Objects as credential MISP + Objects. [chrisr3d] +- Add: [stix1 export] Exporting credential MISP objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3330 from dawid-czarnecki/2.4. [Andras Iklody] + + new: Add email field autofocus on login page +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [Diagnostic] Added maec python library requirements. [chrisr3d] +- Merge branch 'samimagic' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #3323 from RichieB2B/ncsc-nl/rhel-python3. + [Alexandre Dulaunoy] + + Enable python3 for php-fpm for RHEL/CentOS +- Enable python3 for php-fpm for RHEL/CentOS. [Richard van den Berg] + + +v2.4.92 (2018-06-07) +-------------------- + +New +~~~ +- [ACL] Added new role permission: publish_zmq. [iglocska] + + - permission flag to use the "publish to ZMQ" button +- [performance] Made the deadlock fix optional. [iglocska] + + - old behaviour by default or if the setting is disabled + - new behaviour with non transactional attribute add / correlation add +- Batch delete should hard delete if event hasn't been published yet, + fixes #3311. [iglocska] +- [API] objects/add now supports uuids and the version number. + [iglocska] + + - API: /objects/add/[template_id]/[version] + - template_id can be a UUID + - version is an optional parameter to select the specific version of a template if searching by uuid +- Hard delete attributes when event was never published, fixes #3311. + [iglocska] +- [performance] Massive performance gains for the warninglists. + [iglocska] +- [tooling] Added benchmark tool to AppModel. [iglocska] + + - create name benchmark runs + - start at different levels of the code's execution + - aggregated mode allows summed execution times over many iterations of a code path + - show peak memory usage or full memory usage timeline of the execution history +- Added CyberCure Blocked IP,Blocked URL & Malware hash feeds + (http://docs.cybercure.ai/) [Mona] +- Stricter validation of baseurl when coming via the API tool. + [iglocska] +- Show galaxy namespaces and allow the loading of the new field. + [iglocska] +- New flash message system, fixes #3252. [iglocska] + + - 3 types of flash messages (success, error, warning) + - uses bootstrap's own classes/structure + +Changes +~~~~~~~ +- [version] VERSION bump. [iglocska] +- Bump PyMISP version. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [API] Adding a tag will no longer throw exceptions if the tag already + exists. [iglocska] + + - instead the existing tag is returned for further reuse along with a HTTP code of 200 +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [cleanup] Benchmarking calls removed. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [stix1 export] Improved journal entries function. [chrisr3d] +- Added remaining parts of the pymisp / new stix diagnostic tool. + [iglocska] +- Allow symlinks for public keys in footer. [Xavier Mehrenberger] + + Allows replacing public GPG & SMIME keys (gpg.asc & + public_certificate.pem) with symbolic links, to store the actual files + in another format. This allows clean separation of MISP code (in + webroot) from configuration data. + + Our use case: run MISP on top of kubernetes, storing configurations and + secrets in dedicated volumes, rather than in the Docker image. +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- New stixtest.py is a bit more granular and adds a check for pymisp. + [iglocska] +- [stix1 export] Updated x509 objects export to use the appropriate STIX + object. [chrisr3d] +- [stix1 export] Updated object attributes parsing functions. [chrisr3d] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [UI Filtering] Do not set searchFor in the URL if no value. [Sami + Mokaddem] + + After a discussion with iglocksa, it is better to fix it js side than + server side. +- [documentation] Better description of command line APIs / automation. + [iglocska] +- [misp-taxonomies] copine scale added. [Alexandre Dulaunoy] +- [stix1 export] Now using python3 as default for stix1 export. + [chrisr3d] +- [misp-galaxy] updated to the latest version with namespaces galaxy. + [Alexandre Dulaunoy] +- Version bump for galaxies. [iglocska] +- [Galaxy] Galaxies updated. [iglocska] +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- Removed debug breaking update. [iglocska] +- [API] Fixed a black hole on API actions via the Objects controller, + fixes #3271. [iglocska] + + - Blanket disabling the security component due to the changes in cakePHP for API requests had the side effect that explicit security component stance changes would lead to exceptions +- Potential fix for the deadlock issue addressing #3264. [iglocska] + + - This will mean a performance hit for correlations / adding attributes in general, but let's see how it goes +- [stix1 import] Removed errors catching to let the logs have it. + [chrisr3d] +- [object references] Object references can be added to deleted + objects/attributes, fixes #3312. [iglocska] +- [performance] Fixed a serious performance issue with object heavy + events. [iglocska] +- [javascript] Fixed JS broken in IE11 #3306. [Christophe Vandeplas] +- [stix1 export] Quick fix on attribute data field. [chrisr3d] +- [stix1 import] Fixed email object import. [chrisr3d] +- [stix1 import] Fixed Artifact STIX objects import. [chrisr3d] + + following the last update on export script +- [stix1 export] Fixed and improved some attributes parsing. [chrisr3d] +- [performance API] fix performance issues with warninglists via the + API. [iglocska] +- [performance] slight tuning for the fetchEvent() function. [iglocska] +- [validation] Fixed urlOrExistingFilepath validation script no longer + uses hard-coded error messages. [iglocska] +- [cleanup] Removed non-sensical line. [iglocska] +- [stix1 import] Fixed some Galaxy & GalaxyCluster fields. [chrisr3d] +- [stix1 import] Fixed event loading function. [chrisr3d] + + - Fixed errors if the event has no 'ttps' field +- [stix1 import] Fixed whois object name mapping. [chrisr3d] +- [stix1 export] Quick fix of set_tlp function. [chrisr3d] +- [stix1 export] Fixed Tags journal entries. [chrisr3d] +- [stix2 export] Cosmetic fix of stix2 report labels. [chrisr3d] +- [stix2 import] Fixed 'from' attribute type mapping for email object. + [chrisr3d] +- [stix1 import] Fixed Whois object attributes import. [chrisr3d] + + - Following the latest changes on Whois object export +- Typo fixed in the tag element, preventing the quick filter from + working. [iglocska] +- Allow updateDatabase to accept numbers. [iglocska] +- Added missing lookup for pymisp versions via the diagnostics. + [iglocska] +- Reflected XSS via the event view. [iglocska] + + - users arriving on an event view via a malicious URL with a javascript payload and then clicking on the show deleted attributes tab would trigger the payload + + - as reported by Jarek Kozluk from zbp.pl +- [stix2 import] Fixed Custom object import attribute type. [chrisr3d] +- [stix2 import] Fixed custom object import type defining for composite + attributes. [chrisr3d] +- [stix1 import] Fixed objects name common case definition. [chrisr3d] +- [stix1 import] Fixed x509 object name mapping. [chrisr3d] +- [stix2 export] Fixed class variable call. [chrisr3d] +- [stix1 export] Fixed dictionary comma. [chrisr3d] +- [stix2 import] Improved process object parsing. [chrisr3d] +- [stix2 export] Improved regkey objects mapping. [chrisr3d] +- [stix2 export] Fixed Custom object type typo. [chrisr3d] +- [stix2 export] Added forgotten processes related function call. + [chrisr3d] +- [stix2 import] Removed useless return functions. [chrisr3d] +- [stix1 import] Fixed object relations for attributes of network + connection object. [chrisr3d] +- [stix2 import] Fixed event loading. [chrisr3d] +- [stix2 export] Fixed observable object creation for port & ip|port + attributes. [chrisr3d] +- [stix1 export] To be sure we're always using utf-8. [chrisr3d] +- [CLI] Allow for empty baseurl via the CLI. [iglocska] +- [UI] Fixed the annoying galaxy collapse issues. [iglocska] +- [UI] Fix to the galaxy cluster expand. [iglocska] +- [UI] automation page cleanup. [iglocska] +- [UI] fixed broken collapse/expand of galaxy clusters. [iglocska] +- [API] Add object request has been black-holed. #3271. [iglocska] + + - blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions +- [UI filtering] be sure that '0' is not interpreted as empty. [Sami + Mokaddem] +- [API] Add object request has been black-holed. #3271. [iglocska] + + - blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions +- Invalid flash message fixed when editing an attribute. [iglocska] + + - was showing an error on success +- [UI filtering] Attribute quick filter broke all the tabbed filters, + fixes #3247. [iglocska] +- Fixed endlessly spinning loading animation when fetching a PGP key + that cannot be found. [iglocska] +- [cleanup] removed debug, fixes #3257. [iglocska] +- [stix1] Updated install & update instructions for stix, cybox & mixbox + libraries. [chrisr3d] +- Fixed editing servers to add a server certificate not saving said + certificate. [iglocska] +- Fixed a DOM based XSS with cortex type attributes. [iglocska] + + - as reported by Dawid Czarnecki (dawid@pz.pl) +- Various fixes to the add feed action/view. [iglocska] +- Ignore camelised vs underscored controller name differences in the + ACL. [iglocska] +- User add form loses checkbox settings on failed submission when + returning the user to the form. [iglocska] +- Invalid pluralisation. [iglocska] +- Fixed layout. [iglocska] +- Fixed some menu misalignment with debug mode off. [iglocska] +- Minor cleanup of the default layout. [iglocska] +- Fixed some issues with the new notifications. [iglocska] +- [stix1 import] Fixed uuid fetching when a STIX object has no id. + [chrisr3d] +- [stix1 import] Fixed test to define if a STIX file is from MISP. + [chrisr3d] +- [stix1 export] Atm skipping objects not mapped yet for export. + [chrisr3d] +- [stix1 export] Fixed reference creation for process object when the + reference is an attribute. [chrisr3d] +- [stix1 import] Commented atm not used attribute in object process. + [chrisr3d] +- [stix1 import] Fixed name of MISP objects parsing for import. + [chrisr3d] +- [stix1 export] Quick fix on variables. [chrisr3d] +- [stix1 export] Cleaned indentation typo. [chrisr3d] +- Fixed invalid org lookup on the attribute index resulting in some + notices thrown. [iglocska] + +Other +~~~~~ +- Bump recommended version of PyMISP. [Raphaël Vinot] +- Merge pull request #3316 from jezkerwin/2.4. [Andras Iklody] + + Quoted scl commands to properly execute python3 + cwd for Cake Install +- Quoted scl commands to properly execute python3 + cwd for Cake + Install. [jezkerwin] + + Installing Cybox and STIX libraries, the SCL command to install won't properly run unless being quoted. + Added command to change working directory to /var/www/MISP before installing Cake +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'deadlockfix' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3310 from jezkerwin/2.4. [Andras Iklody] + + Remove contact details, they don't really need to be in there +- Remove contact details, they don't really need to be in there. + [jezkerwin] +- Merge branch 'performance_benchmarking' into 2.4. [iglocska] +- Test: [benchmark] Added benchmarks for warninglist runs. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3307 from cvandeplas/2.4. [Andras Iklody] + + fix: [javascript] Fixed JS broken in IE11 #3306 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3301 from LDO-CERT/2.4. [Alexandre Dulaunoy] + + fix Typo in MISP settings +- Fix Typo in MISP settings. [garanews] + + fix Typo in MISP settings +- Fix Typo in MISP settings. [garanews] + + fix Typo in MISP settings +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix1 import] Importing Galaxies & Tags from journal entries. + [chrisr3d] +- Add: [stix1 import] Importing Event threat level. [chrisr3d] +- Add: [stix1 import] Importing vulnerability attributes. [chrisr3d] +- Add: [stix1 import] Parsing link attributes in information_source + references. [chrisr3d] +- Add: [stix1 import] Parsing attributes from journal entries. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix1 export] Exporting Whois MISP objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3269 from Lastpixl/2.4. [Andras Iklody] + + chg: allow symlinks for public keys in footer +- Merge pull request #3287 from StefanKelm/2.4. [Andras Iklody] + + Default sort order for timestamp / date reversed on click for Feed preview index +- Update preview_index.ctp. [StefanKelm] +- Merge pull request #3288 from RichieB2B/ncsc-nl/python3. [Andras + Iklody] + + Update installation instructions for STIX export +- Install pymisp for python3. [Richard van den Berg] +- Use python3 to install stix/cybox/mixbox libraries. [Richard van den + Berg] +- [stix1 export][stix2 import] Kept only usefull pymisp library import. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix1 import] Importing x509 Certificate objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3283 from SteveClement/2.4. [Andras Iklody] + + Very small change to give the user a hint that multiple attachments can be uploaded +- - reAdded Debian Testing instructions… [Steve Clement] +- - Make allusion to the fact that you can select multiple files in in + the browse window. [Steve Clement] +- Add: [stix2 import] Importing network-socket objects. [chrisr3d] +- Add: [stix2 export] Exporting network-socket objects. [chrisr3d] +- Add: [stix2 import] Added AS in the list of parsed attributes. + [chrisr3d] +- Add: [stix2 import] Importing process stix2 objects. [chrisr3d] +- Add: [stix2 export] Exporting process MISP object. [chrisr3d] +- Add: [stix2 export] Added AS in the mapped attributes. [chrisr3d] +- Add: [stix1 export] Added x509 Certificate STIX object namespaces. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3280 from 0x150/remove-leading-tab. [Andras + Iklody] + + Remove leading tab +- Remove leading tab. [iso] +- Merge pull request #3281 from cryptba1/cybercure-feeds. [Alexandre + Dulaunoy] + + new: Added CyberCure Blocked IP,Blocked URL & Malware hash feeds (htt… +- Merge pull request #3279 from RichieB2B/ncsc-nl/stixfixes. [Alexandre + Dulaunoy] + + Add timestamp to outer STIX_Package +- Add timestamp to outer STIX_Package. [Richard van den Berg] +- Merge pull request #3277 from RichieB2B/ncsc-nl/stixfixes. [Alexandre + Dulaunoy] + + Fix STIX export corner cases +- Support multiple AttributedThreatActors correctly. [Richard van den + Berg] +- Fix spaces. [Richard van den Berg] +- Initialize incident.attributed_threat_actors when not set. [Richard + van den Berg] +- Fix tabs. [Richard van den Berg] +- Do not break when observable creation fails. [Richard van den Berg] +- Fix STIX TestMechanisms. [Richard van den Berg] +- Do not fail on unknown attribute types. [Richard van den Berg] +- Write STIX json in text mode. [Richard van den Berg] +- Do not catch exceptions that should go to exec-errors.log. [Richard + van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3262 from RichieB2B/ncsc-nl/stix-python3. + [Christian Studer] + + Use python3 interpreter for STIX exports +- Write STIX file in utf8. [Richard van den Berg] +- Fix STIX diagnostics: use python3. [Richard van den Berg] +- Merge pull request #3268 from SteveClement/2.4. [Steve Clement] + + Debian Testing install +- - Fixed curl. [Steve Clement] +- - Added curl to update + galaxies/taxonomies/warninglists/objectTemplates. [Steve Clement] +- - Added yara. [Steve Clement] +- - Checkout "default" it's 2.4 at what you really want. [Steve Clement] +- - Added misp-dashboard. [Steve Clement] +- - Remove > /dev/null foo. [Steve Clement] +- - Added pymisp and modules as well as cake CLI commands. [Steve + Clement] +- - Debian testing install. [Steve Clement] +- Merge pull request #3267 from mokaddem/issue_3247. [Andras Iklody] + + fix: [UI filtering] be sure that '0' is not interpreted as empty. +- Git push origin 2.4 Merge branch '2.4' of github.com:MISP/MISP into + 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix1 export] Supporting export of not mapped MISP objects as + STIX Custom object. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- [stix1 export] typo. [chrisr3d] +- Add: [stix1 export] Added namespaces for WindowsService object. + [chrisr3d] + + - goes with commit eaedccb3f64bfa3a704c68f0e4a42b6df99d29dd + - forgot to include it with the commit \o/ +- Add: [stix1 export] Supporting windows-service-name attribute export. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3250 from WaryWolf/gpg-agent-fix. [Alexandre + Dulaunoy] + + Add config mapping for 'gpgconf' option in Crypt_GPG library. +- Add config mapping for 'gpgconf' option in Crypt_GPG library. [Anthony + Vaccaro] + + This option not only sets the location of the gpgconf binary, but + if set to false, disables behaviour that shuts down running agents + when a Crypt_GPG object is destroyed. This behaviour would also + kill any long-running or daemonised agents that are running and + configured in the gpg.homedir directory. +- [stix1 export] Edited indicator id. [chrisr3d] +- Add: [stix1 export] Added reference between process and other objects. + [chrisr3d] +- Add: [stix1 import] Little update following the process object export + support. [chrisr3d] +- Add: [stix1 export] Exporting Process MISP objects. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: [stix1 export] Exporting network-socket MISP objects. [chrisr3d] +- Add: [stix1 export] Exporting network connection MISP objects. + [chrisr3d] + + +v2.4.91 (2018-05-15) +-------------------- + +New +~~~ +- Remove galaxy cluster information from the sync mechanism for now. + [iglocska] + + - currently galaxy clusters aren't shared anyway, no point in blowing up the data size / processing time +- Added attribute level galaxy clusters. [iglocska] +- Added option to include base64 encoded attachments in the ZMQ output, + fixes #3169. [iglocska] +- [stix1 import] Starting parsing related observables in documents from + misp. [chrisr3d] +- [Export] Added a secondary CSV export that includes more context to + the UI download tool. [iglocska] +- First implementation of the Noticelist system ready. [iglocska] +- Added noticelist view. [iglocska] +- Noticelist system added. [iglocska] +- Refactor of the warning message for the add attribute view. [iglocska] +- Added chartjs dependency. [Sami Mokaddem] +- Possibility to show/hide distribution repartition of + event/attr/objAttr chg: layout adaptation. [Sami Mokaddem] +- Show elements having a distribution lower than the event distribution + in the distribution graph. [Sami Mokaddem] +- Possibility to view connected communities and concerned sharing groups + in distribution graph's tooltip. [Sami Mokaddem] +- Added warning about missing warninglists used for TLD resolution in + the freetext import tool. [iglocska] + + - following the twitter feedback +- Added event enrichment functionality. [iglocska] + + - select and run a set of enrichments on all applicable attributes of the event + - exposed to the API + - exposed to the command line tool + - adheres to attribute distributions +- Added Feed management API. [iglocska] + + - add/edit/delete feeds via the API + - new APIs are RestResponseComponent aware + - GET on add/edit to receive usage information + +Changes +~~~~~~~ +- [PyMISP] updated to latest version. [Alexandre Dulaunoy] +- [stix1 export] Added object name in observable composition id. + [chrisr3d] + + For an easier import +- [stix1 import] Better distinction in the parsing between indicators & + observables. [chrisr3d] + + Following the latest changes on stix1 export (avoiding systematic + observable compositions for MISP objects representation) +- [stix1 import] Improved regkey object parsing. [chrisr3d] +- [stix1 export] Exporting ip|port & hostname|port as socket address + object. [chrisr3d] + + Instead of creating an observable composition +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- [stix1 export] Better parsing MISP objects. [chrisr3d] +- [stix1 export] Improvement of some functions. [chrisr3d] +- [API] Attaching a tag to an object no longer throws an exception if + the tag already exists, fixes #3245. [iglocska] + + - just emits positive vibes by saying that no changes had to be made +- [misp-object] updated to the latest version. [Alexandre Dulaunoy] +- [validation] Change the unique validation for attributes to be escaped + if an object ID is set, as opposed to an object relation. [iglocska] +- [debug] Added debug of failed mass edits to returned JSON. [iglocska] +- Only run the automatic worker restart on upgrade if background + processing is enabled. [iglocska] +- Allow /objects/edit/id to accept a UUID instead of a local ID. + [iglocska] +- Modified how network socket are parsed using the latest created misp + object. [chrisr3d] +- [Controllers] sets the ajax variable globally. [Sami Mokaddem] + + As well as removing useless set in controllers and accessing it instead + of passing through the request. +- Added misp noticelists as a submodule. [iglocska] +- [DistributionGraph] addition of tooltip. [Sami Mokaddem] + + Replaced percentage text in the sharing group progressbar by a tooltip + giving more information +- [EventController] replaced if/else by ternary condition. [Sami + Mokaddem] +- Trying not to break the MVC pattern. [Sami Mokaddem] + + Server model is not passed to the constructor anymore, as well as the + Organisation model. +- [DistributionGraph] added ``distribution description`` text in the + info popup. [Sami Mokaddem] +- [distributionGraph] support of the sharing group event distribution + chg: [distributionGraph] code cleanup. [Sami Mokaddem] +- Update __query version. [Sami Mokaddem] +- Show all by default. [Sami Mokaddem] +- Doughnut part color. [Sami Mokaddem] +- Updated description tooltip text. [Sami Mokaddem] +- Sanitization of data for distribution graph. [Sami Mokaddem] +- Add additional distribution info about to whom we are sharing even if + we don't have element on this distribution level. [Sami Mokaddem] +- Replaced radar chart to doughnut chart. [Sami Mokaddem] +- Moved sharing group outside of the distribution progressbar (as it is + a special case), distribution range is displayed when clicking on the + pb labels and lots of minor improvements. [Sami Mokaddem] +- Changed distribution graph popover title. [Sami Mokaddem] +- Removed useless prints. [Sami Mokaddem] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- First round of refactoring of the side menu. [iglocska] +- Changed the org admin role to not have sync privileges by default. + [iglocska] + +Fix +~~~ +- Detaching galaxy clusters from attributes was using the old function + name. [iglocska] +- Attachcluster to object attributes fails due to no flattening. + [iglocska] +- Validation issue for objects fixed. [iglocska] +- Fixed an invalid link when attaching a cluster via all galaxies. + [iglocska] +- Version bump. [iglocska] +- [stix1 import] Catching port type while importing ip-port MISP + objects. [chrisr3d] +- [stix1 import] Testing if related_indicators/observables is in a + document before watching it. [chrisr3d] +- [stix1 import] Fixed distinction between atttribute values. [chrisr3d] + + - MISP attributes can be INT sometimes, so read the 2nd comment + + - Previously an INT attribute value did not satisfy the condition, + which made it considered as objects attributes and tried to + create a MISP object instead of a single attribute +- [stix1 export] Fixed objects and observables IDs generation. + [chrisr3d] +- [stix1 import] Fixed missing self argument. [chrisr3d] +- [stix1 import] Fixed some attribute parsing function calls. [chrisr3d] +- Some cleanup. [iglocska] +- Added documentation of server setting modifications via the console. + [iglocska] + + - also added left-off server setting for enabling attachments via ZMQ +- [stix1 export] Fixed my omission of ids flag parsing for x509 MISP + objects. [chrisr3d] +- [stix1 export] Quick fix on attribute data field test. [chrisr3d] +- Fixed the enabled field missing for non site admin users in + warninglsits / noticelists. [iglocska] +- [validation] Fixed an issue with the unique attribute validation rule + blocking legitimate use-cases. [iglocska] + + - adding an attribute with a matching pair or category/type/value in an existing object-contained attribute would be incorrectly flagged as violating the attribute uniqueness rule +- Don't lowercase the controllername for the ACL Component. [iglocska] +- [UI] Fixed the field name for input source in the feed edit view. + [iglocska] +- [Feed caching] Readded the feed correlations for non correlating + attributes. [iglocska] + + - it was breaking the indexing for the attached correlations +- [ACL] Fixed the side menu url to the correct capitalisation for the + populate from button. [iglocska] +- [ACL] Made the ACL system's behaviour more lax when it comes to + capitalisation mistakes in the URL, fixes #3240. [iglocska] +- [API] Tightened the disabling of the security component to counter the + effects of cakephp 2.10.x. [iglocska] +- Bumped noticelist version. [iglocska] +- Restart the workers due to the new cakephp version causing issues. + [iglocska] +- Remove form tampering for REST requests. [iglocska] + + - makes MISP compatible with 2.10.x + - No point in running the security component's test since no form is submitted via REST anyway. +- Changed filepath of noticelist not reflected in update script. + [iglocska] +- Cakephp version bumped to latest 2.x. [iglocska] + + - also gets rid of the stupid mcrypt requirement that breaks compatibility with newer ubuntu versions +- Edge case with empty objects caused *barf* [iglocska] +- Account for alternate format for /objects/edit. [iglocska] + + - I need to take a shower after this fix +- Fixed invalid indeces in the feed lookup via the event view. + [iglocska] +- Fixed broken objects/edit. [iglocska] +- Fixed object add. [iglocska] +- Fixed name change of variable breaking /objects/add. [iglocska] +- Added the missing schemaloc namespace for system objects. [chrisr3d] +- Handle no template being passed to objects/add correctly. [iglocska] +- Fixed object->attribute references not being captured correctly. + [iglocska] +- [DistributionGraph] include metadata for all distribution level. [Sami + Mokaddem] + + When fetching distribution graph data, returns information about all + distribution level (even not concerned). +- Removed break point *cough* [iglocska] +- Don't redirect users to terms page if no terms page is set. [iglocska] +- [CorrelationGraph] set the undefined ajax variable when pivoting from + a taxonomy tag / galaxy cluster in fullscreen. [Sami Mokaddem] +- Fixed an issue with the notice message container showing invalid + default data. [iglocska] +- Fixed regkey value string. [chrisr3d] +- Added missing space after the taxonomy name on the taxonomy view. + [iglocska] +- Fixed email observable type parsing. [chrisr3d] +- Using an existing relationship between a process and its network + connections. [chrisr3d] +- Directly take the sharing group name from the event. [Sami Mokaddem] + + Do not fetch the sharing group name as it is already included in the + event. + + fixed a css glitch +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [DistributionGraph] incorrect number in the sg progressbar tooltip. + [Sami Mokaddem] + + Set the correct number of involved sharing instead of the sum of sharing + group in the sg progressbar tooltip +- Fixed a bug that prevented servers from being added. [iglocska] +- [DistributionGraph] sharing group search and uniqueness of results. + [Sami Mokaddem] + + fix a bug where filtering per sharing group was not inlcuding inherit + attributes. + Enforce uniqueness of involved entities. +- Fixed distribution level swapping when filtering from the distribution + chg: moved styling into css new: Loading gif when building the + distribution graph. [Sami Mokaddem] +- Avoid redrawin distribution graph when closin its popover + reset pb + ticks offset at each draw. [Sami Mokaddem] +- Replaced hardcoded eventID by the real event id. [Sami Mokaddem] +- Support of filtering for distribution=0 (empty(0) is true ini php). + Also, only consider attr and obj_attr (ignoring object as they only + carry meta-data) [Sami Mokaddem] +- Honour `MISP.completely_disable_correlation` on attribute/event + save/delete action. [Eugenio Paolantonio] +- Typo. [chrisr3d] +- Fixed typo of a string function. [chrisr3d] +- Attribute values that are too long for mysql text fields don't + generate warnings and just truncate, fixes #3196. [iglocska] + + added validation error +- Removing galaxy filters in the galaxy view would redirect to an + invalid url, fixes #3201. [iglocska] +- Allow "json" not to be set when adding a server via the API. + [iglocska] +- Fixed /servers/add via REST API not working, fixes #3202. [iglocska] + + - corrected list of parameters + - added sane defaults so that only the minimum list of fields is actually required + - fixed a bunch of stuff that was just plain broken with this API +- Low timeout added for module introspection to fix performance + bottlenecks. [iglocska] +- Testing if references before looping on it. [chrisr3d] +- Inverted 2 type values of a DNS Record. [chrisr3d] +- Fixed events from MISP recognition. [chrisr3d] +- Fixed copy pasta fail. [Andras Iklody] + + As reported by @truckydev +- Fixed path / filename split case. [chrisr3d] +- Fixed InformationSource references in STIX incident object. [chrisr3d] +- Source Format -> Input Source (C/P mistake) [Raphaël Vinot] +- Function object typo. [chrisr3d] +- Fixed library import. [chrisr3d] +- Don't correlate attribute to feeds if the correlations are disabled on + the attribute. [iglocska] +- Fixed a typo in the side menu rework. [iglocska] +- Allow filename as an alternative for parsed domains/hostnames. + [iglocska] +- PyMISP version 2.4.90. [Alexandre Dulaunoy] +- Added some sanitisation to the new view. [iglocska] +- Fixed namespaces (causing bugs if not set) [chrisr3d] +- Fixed external ids field type. [chrisr3d] +- Object templates updated to the latest version. [Alexandre Dulaunoy] +- Fixed weird error message if an ajax query goes wrong. [iglocska] +- Hide buttons to create proposals for read only users, fixes #3187. + [iglocska] +- Added event enrichment to the ACL. [iglocska] +- Editing an attribute was not setting the distribution level to the + previous value. [Sami Mokaddem] +- Changed "xhtml:body" into "xhtml:div", to avoid creating a body DOM + which cause listener on the original body to bug. Incremented js + number and check if request is ajax or not in ObjectController. [Sami + Mokaddem] +- MISP warning-lists updated to latest version. [Alexandre Dulaunoy] +- Removed print. [chrisr3d] +- Fixed an issue where attribute searches via the UI would incorrectly + return all visible data. [iglocska] +- Fail gracefully during single user PGP key checks on the user view. + [iglocska] +- Fixed relationships in object references. [chrisr3d] +- Fixed editing feeds via the UI. [iglocska] +- Session.cookie_timeout could not be saved correctly, fixes #3182, + fixes #3171. [iglocska] +- Downasides -> downsides. [Raphaël Vinot] +- Fixed empty event tags on the event index api. [iglocska] +- After adding a tag via the API MISP would always return the first tag, + fixes #3159. [Andras Iklody] +- Cull empty event tags for event index. [iglocska] +- Fixed previewing image attachments via the feeds. [iglocska] +- Fixed some obscure translation errors between python 2 & 3. [chrisr3d] +- Fixed monkey copy paste errors. [chrisr3d] +- Fixed some mapping issues. [chrisr3d] + + -> Threat level name & incident status name mapping +- Fixed color mapping issue that avoided Marking creation. [chrisr3d] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Version bump. [iglocska] +- Add: [stix1 import] Now importing MISP objects from related + observables. [chrisr3d] +- Add: [stix1 import] Added CustomObjects parsing. [chrisr3d] +- Add: [stix1 export] Added socket address object namespace. [chrisr3d] +- [stix1 export] Removed no longer used observable composition for + ip|port. [chrisr3d] +- [stix1 export] Reusing little functions. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: [stix1 import] Importing reply-to attributes. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3237 from StefanKelm/2.4. [Andras Iklody] + + Update attributeConfirmationForm.ctp +- Update attributeConfirmationForm.ctp. [StefanKelm] + + Match message text with what is being displayed at event view +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Added description for the latest functions created. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'global_ajax' into 2.4. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'smallfixes' into 2.4. [iglocska] +- Add: Parsing hostname while importing network connection or socket + object. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3233 from mokaddem/global_ajax. [Andras Iklody] + + chg: [Controllers] sets the ajax variable globally +- Add: Importing System objects containing mac addresses. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: Added namespace for the latest STIX object supported in our + exporter. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: Parsing email-reply-to attributes. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3232 from SteveClement/2.4. [Steve Clement] + + Amended Ubuntu ssdeep instructions - Added 18.04 install file +- - Added Ubuntu 18.04 instructions. [Steve Clement] +- - updated ssdeep instructions. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: Exporting mac-addresses. [chrisr3d] +- [doc] features about new correlation engine added. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3223 from SteveClement/2.4. [Steve Clement] + + - Added mascot drafts +- - Added mascot drafts. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Sami Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into + distributionGraphDonut. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3214 from mokaddem/distributionGraphDonut. [Andras + Iklody] + + Distribution graph +- Merge remote-tracking branch 'upstream/2.4' into + distributionGraphDonut. [Sami Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into distributionGraph. + [Sami Mokaddem] +- Changed distribution label in distribution graph (removed distribution + number) [Sami Mokaddem] +- Center distribution graph inside the popover. [Sami Mokaddem] +- Changed behavior of distribution progressbar: Display event + distribution along with the maximum distribution level of the items + inside the event. [Sami Mokaddem] +- Changed distribution graph popover title. [Sami Mokaddem] +- Removed useless codes. [Sami Mokaddem] +- Updated ACLComponent. [Sami Mokaddem] +- Feature: progress bar showing the range of the maximum distribution of + all items. Moved radar graph and progressbar in a popover. [Sami + Mokaddem] +- Possibility to filter valueInFieldAttribute with multiple value. + distribution graph support inherit distribution level. [Sami Mokaddem] +- Allow filtering attributes based on specific columns (previsouly not + accessible) like distribution. Partial support of onClick for + distribution graph. [Sami Mokaddem] +- Merge remote-tracking branch 'upstream/2.4' into distributionGraph. + [Sami Mokaddem] +- Initial version of the distribution graph. [Sami Mokaddem] +- Add: Parsing network connections in process objects. [chrisr3d] +- Add: Starting parsing process objects. [chrisr3d] +- Merge pull request #3215 from ts-way/for-upstream/disable- + correlations-fix. [Andras Iklody] + + Honour `MISP.completely_disable_correlation` on attribute/event save/delete action +- Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] +- Merge pull request #3212 from StefanKelm/2.4. [Alexandre Dulaunoy] + + Update event-graph.js +- Update event-graph.js. [StefanKelm] +- MISP taxonomies updated. [Alexandre Dulaunoy] +- Add: Starting parsing network socket objects. [chrisr3d] +- Add: Starting parsing network connection objects. [chrisr3d] +- Merge branch 'stix' into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3205 from stephengroat/patch-1. [Alexandre + Dulaunoy] + + cleanup travis and move to requirements.txt +- Cleanup travis and move to requirements.txt. [Stephen] +- Add: MISP objects template updated to the latest version. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: Now resolving domain/uri with relationship 'Resolved_To' to ip + addresses. [chrisr3d] +- Fixed an absent-mindedness due to my chocolate consumption. [chrisr3d] +- Better DNS objects parsing. [chrisr3d] +- Add: Starting parsing some DNS record objects. [chrisr3d] + + - atm parsing attributes that exist in MISP (domain & ip) + + - able to parse DNS related attributes but need to define + how to map it in MISP +- Updated stix header title. [chrisr3d] + + The header is actually skipped in MISP and the one + from misp2stix_framing is used, but usefull for + command line tests +- Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'stix' into 2.4. [chrisr3d] +- Removed print... [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Atm set the version to 1.1.1 to keep compatibility. [chrisr3d] + + ... with the previous misp2stix script +- Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3190 from MISP/quickfix-eventGraph-popover. + [Andras Iklody] + + fix: Do not append popover content (from event graph) into body +- Feature-contextualMenu: Possibility to specify the container in which + to append the menu. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3188 from + mokaddem/edit_attribute_distribution_fix. [Andras Iklody] + + quickfix: editing an attribute was resetting its distribution level +- Merge branch 'correlation_integration' into 2.4. [iglocska] +- Sanitize event_id + bit refacto. [Sami Mokaddem] +- Slight ui adjustement. [Sami Mokaddem] +- Feature: Support of fullscreen in correlation graph in the event view. + [Sami Mokaddem] +- Correlation graph in event view. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Precising error type to better catch where an error is. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Args & string formatting typo. [chrisr3d] +- Merge pull request #3183 from StefanKelm/2.4. [Andras Iklody] + + Update Log.php +- Update Log.php. [StefanKelm] +- Update Log.php. [StefanKelm] + + Alphabetically sort list of Actions pull-down menu within "Search Logs" +- Add: Making references between objects in the event created while + importing STIX. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: Added Windows Service objects parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Added dedscription for each function. [chrisr3d] +- Added return statement. [chrisr3d] +- Turned ttps into class object in order to clean parameters. [chrisr3d] +- Removed self repetition when not required. [chrisr3d] +- Making the module work for both python 2 & 3. [chrisr3d] +- Removed print & added confirmation message at the end. [chrisr3d] +- Removed dependencies modules merged in this one. [chrisr3d] +- MISP to stix, cybox & ciq in 1 module (class methods) [chrisr3d] +- MISP to STIX export refactored & updated to work with python3. + [chrisr3d] + + +v2.4.90 (2018-04-21) +-------------------- + +New +~~~ +- Add download buttons for user profiles. [iglocska] +- Added the extended event lookup to the edit event view. [iglocska] +- Preview the extended event ID / UUID. [iglocska] + + - Also, cleanup of the nasty event tag code +- Added the cookie_timeout setting. [iglocska] + + - still needs some back-end changes for it to be active +- Made the threat_level_id filter for the attribute search more + flexible. [iglocska] +- Added new field threat_level_id to /attributes/restSearch. [iglocska] +- Added getEventInfoById API. [iglocska] +- Added warning and link to the console tasks to the Task index. + [iglocska] + + - let's deprecate this crap +- Added section that describes the command line functions to the + automation page. [iglocska] +- Cleanup of server push, feed fetch, fed cache console commands. + [iglocska] +- Rework of the server/feed command line tools, WIP. [iglocska] +- Added improvements to the Cortex settings. [iglocska] + + - allow for configuring SSL options for Cortex + - previously the API key was not passed to Cortex on GET requests only on POST, breaking Cortex 2 compatibility +- Added event_timestamp parameter to attributes restsearch. [iglocska] +- Extended event first iteration added. [iglocska] + + - when adding/editing an event, add another event's UUID as an extended event UUID to extend the targeted event with the current + - extender events can be viewed in the merged event view +- Added event/attribute add/edit to the restresponse describe + functionality. [iglocska] +- Added server setting management via the command line. [iglocska] + + - Usage: + + - /var/www/MISP/app/Console/cake Admin getSetting [setting] + - setting is optional, if none set "all" is assumed + - returns all or a specific setting's current value and metadata + + - /var/www/MISP/app/Console/cake Admin setSetting [setting] [value] + - set a given server setting by full setting name + - for example the following will enable the import services: + - /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" 1 + + - This feature was created in support of the CIRCL global conglomerate's APAC HQ in Tokyo +- Cleanup of role permissions. [iglocska] + + - fixed name of admin -> org admin + - changed order of org admin <-> site admin + - descriptions updated and now visible by hovering over any permissions' titles +- Added separation between enabled feeds and feeds enabled for caching. + [iglocska] +- Add authorization header for Cortex 2 integration. [iglocska] +- Add event last modified to the event view. [iglocska] +- Added a small diagnostic tool to debug the impact of a bug fixed in + 2.4.89. [iglocska] +- Allow further role settings. [iglocska] + + - exclude a role from non site admin assignment + - set max memory usage and execution time / role + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Changed the extended event lookup box's colour. [iglocska] + + - to appease @adulau +- Shorten the links on the galaxy references. [iglocska] + + - show the full link in the hover over +- Added [:] to the refanging options. [iglocska] +- File path parsing updated following some file MISP object updates. + [chrisr3d] +- Changed the parameter order for the push server shell. [iglocska] +- Renamed the cachefeeds console command to cachefeed for consistency's + sake. [iglocska] +- Moved the command line functions' description to the server model. + [iglocska] +- Added the command line functions to the automation page's parameters + via the controller. [iglocska] +- Bump PyMISP. [Raphaël Vinot] +- Renamed the mapping module (which is no longer only a dictionaries + file) [chrisr3d] +- Added x509 fingerprints parsing for MISP objects. [chrisr3d] +- Dictionaries update to go with the module update. [chrisr3d] +- Added uuid to the org quick filter. [iglocska] +- Documented new attributes/restSearch parameters. Also added an + example. [iglocska] +- Refactor of the complex type tool. [iglocska] + + - makes it more readable +- Removed a succession of conditional statements using a dictionary. + [chrisr3d] + +Fix +~~~ +- Z-index popover issue in event graph. [Sami Mokaddem] +- MISP galaxy updated. [Alexandre Dulaunoy] +- Tag removal fixed. [iglocska] +- Fixed the text of the cookie_timeout setting. [iglocska] +- Added missing view file. [iglocska] +- Enforcewarninglist can still accidentally convert the attribute list + to an attribute dictionary using attribute fetchAttributes(), fixes + #3166. [iglocska] +- Log seach should allow form resubmissions. [iglocska] +- Fix to the invalid refanging (Third time's the charm) [iglocska] +- Fixed invalid refanging. [iglocska] +- + changed to . in url. [iglocska] +- Bug when plotting event without attribute or object. [Sami Mokaddem] +- Set correct (previous) phyisic state after dragging. [Sami Mokaddem] +- Fitting the network more than once can make the camera bug. [Sami + Mokaddem] +- Changed 'removing' text to 'hide' text to avoid confusion. [Sami + Mokaddem] +- Label was not set when display filter was empty. [Sami Mokaddem] +- Switching back and forth between layout is behaving as expected. [Sami + Mokaddem] +- Physics no longer reset when the layout change. [Sami Mokaddem] +- Fixed new namespaces definition, in case of issue with namespaces. + [chrisr3d] +- Fixed some random mixbox namespaces issues while using python3. + [chrisr3d] +- Fixed an edge case where an attribute could be created that is tied to + an object but has no object relation. [iglocska] +- Avoiding import fails caused by unparsed STIX types. [chrisr3d] +- Avoid importing empty objects. [chrisr3d] +- Extends field now correctly shows a plain uuid if no event was found / + visible. [iglocska] +- Removed the validity check for the event UUID in the extended UUID + field. [iglocska] +- If no extension uuid is added to an event the editing via the UI would + fail. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Removed actual file path from the command line functions path. + [iglocska] +- Default behaviour of download_attachments_on_load fixed. [iglocska] +- Handling the case of some files that are not read because of special + caracters. [chrisr3d] +- Fixed a bug where background jobs for feeds would not work correctly + due to headers not being passed along with the feed object. [iglocska] +- Various fixes to the server shell. [iglocska] +- Copy pasta fixed. [iglocska] +- Fixed mess-up with the cortex settings. [iglocska] +- Fixing some report parsing possible issues. [chrisr3d] +- Fixed GalaxyCluster import format. [chrisr3d] +- Fixed STIX objects parsing to avoid errors with not parsable objects. + [chrisr3d] +- Added description parsing as MISP attribute comment. [chrisr3d] +- Fixed ip-port observable import. [chrisr3d] +- Fixed ip-port observable export. [chrisr3d] +- Fixed custom objects parsing. [chrisr3d] +- Fixed custom object arguments & added exception to create a custom + object. [chrisr3d] +- Fixed duplication of some attributes with unintended values. + [chrisr3d] +- Avoid skipping domain & port values in url object export. [chrisr3d] +- Fixed pattern from MISP objects parsing separator to avoid unintended + spaces. [chrisr3d] +- Fixed patterns parsing to avoid useless special caracters import. + [chrisr3d] +- Fixed hash type parsing. [chrisr3d] +- Added misp label to distinguish misp stix2 files. [chrisr3d] +- Handle a non existent case error for the dictionary to return. + [chrisr3d] +- Fixed some dictionary functions bugs. [chrisr3d] +- Handling the stix file title None case. [chrisr3d] +- Changed United States -> United States of America in the org + nationality list. [iglocska] +- Potentially fix an issue if no extended UUID is passed on edit. + [iglocska] +- Autoregenerate causes intermittent logouts, changed the setting + description and guidance in the server settings to reflect this. + [iglocska] +- Fixed info field for import from external STIX. [chrisr3d] +- Added domain restrictions to the possible org index filters, fixes + #3147. [iglocska] +- Added organisation domain restrictions to the org index, partially + fixes issue #3147. [iglocska] +- MISP object templates updated to latest version. [Alexandre Dulaunoy] +- Some minor fixes. [iglocska] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- ValueNotEmpty() switched to stringNotEmpty for the attribute value + validation. [iglocska] + + - Core 1+2 of the new laptop +- MISP galaxy clusters updated to the latest version. [Alexandre + Dulaunoy] +- Fixed issues with non string server settings when changing them via + the console. [iglocska] +- Unknown meta-category do not longer raise an exception (use a default + value instead) [Sami Mokaddem] +- Fixed missing reason for failure if the freetext import had a single + attribute fail during the saving process, fixes #3141. [iglocska] +- Fix wrong object's deletion buttons title depending on the `deleted` + property. [chkp-aliaksandrt] +- Editing an object "loses" comment, fixes #3133. [iglocska] +- Don't try to run the testBaseURL server setting check if the user + comes from the CLI. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Tranformed function not using self as staticmethod as it should be. + [chrisr3d] +- Skipping ttps parsing from external stix atm to avoid bugs. [chrisr3d] +- IDS flag not set when editing attribute, fixes #3126. [iglocska] +- Date order fixed in event view. [iglocska] + + - Now time for fika +- Fixed the contactination issue from before. [iglocska] +- Fixed a crappy event concatination bug for restsearch. [iglocska] +- Added missing changes in evnet.php. [iglocska] +- Financial tool result included in event. [iglocska] + + - also removing trailing . from domain names +- Added pre-fix to cortex2 authorization header. [iglocska] +- Tied the new diagnostic tool into the ACL. [iglocska] +- Handling case of stix events without labels. [chrisr3d] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3170 from mokaddem/ref_graph. [Andras Iklody] + + Extended event support and tag filtergin in the event graph +- Added confirmation box to draw the network based on a threshold. [Sami + Mokaddem] +- Perf: unset filtered data instead of adding them to a new array (thus, + reducing memory consumption by a factor of 2) [Sami Mokaddem] +- Being consistent with indentation + removed useless comment. [Sami + Mokaddem] +- Feature: Possibility to filter on tags. [Sami Mokaddem] +- Added comment. [Sami Mokaddem] +- Do not clusturize if filtering is enabled + only draw hull around + extendeding event in reference scope. [Sami Mokaddem] +- Added source from where the original jarvis march algorithm was taken. + [Sami Mokaddem] +- Feature: Better support of extended event in event graph - Added a + colored region for each event extending the current event scope. [Sami + Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3161 from lucamemini/patch-1. [Andras Iklody] + + added current server timestamp +- Added current server timestamp. [lucamemini] + + Addded, on footer, current server timestamp (MySQL Format). + Little usability enhanced during debug session, task scheduler edit and log analisys (my server time is UTC, my workstation time is Italy localtime) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Arguments cleaned up. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3154 from mokaddem/ref_graph. [Alexandre Dulaunoy] + + New features for event graph +- Updated ACLComponent. [Sami Mokaddem] +- Added custom library used by eventGraph (may be added as a submodule + in the future) [Sami Mokaddem] +- Feature: Added support of extended event in event graph. [Sami + Mokaddem] +- Merge branch '2.4' of https://github.com/MISP/MISP into ref_graph. + [Sami Mokaddem] +- Replaced scope rotation key typeahead by selector + removed trailling + spaces. [Sami Mokaddem] +- Stop physics simulation on node drag. [Sami Mokaddem] +- Moved event graph into its own view file. [Sami Mokaddem] +- Ui: Added shortcuts as background. [Sami Mokaddem] +- Feature: Canvas contextual menu allowing to hide/edit/expand/collapse + the selection. [Sami Mokaddem] +- Added filtering based on authorized JSON key + JSON key is displayed + in the header scope badge. [Sami Mokaddem] +- Support of graph per JSON key (using typeahead) [Sami Mokaddem] +- Feature: Draft of generic graphing from any key. [Sami Mokaddem] +- Feature: Support of Tags in the event graph. [Sami Mokaddem] +- Added scope badge and minor css changes. [Sami Mokaddem] +- Merge branch 'quick-fix-metacategory-graph' into ref_graph. [Sami + Mokaddem] +- UI: swap of icon-text for header graph button. [Sami Mokaddem] +- Draft of filtering per attribute value. [Sami Mokaddem] +- Moved reference logique server-side + First draft of filtering + capabilities. [Sami Mokaddem] +- Compute graph serverside. [Sami Mokaddem] +- Moved layout into Display tab + Created scope and filters (uses + action_table js not added yet) DOM. [Sami Mokaddem] +- Usage of bootstrap popover instead of floating contextual menu. [Sami + Mokaddem] +- Possibility to choose the number of character to display in the label. + [Sami Mokaddem] +- Possibility to choose physics solver in eventGraph. [Sami Mokaddem] +- Added expand/collapse all in eventGraph->display. [Sami Mokaddem] +- Possibility to search for object_relation in the event graph. [Sami + Mokaddem] +- Possibility to choose the object_relation to be displayed in the + object's label. [Sami Mokaddem] +- Added retreiving of object templates in order to let the user choose + the field we want to see in the event graph. [Sami Mokaddem] +- Added possibility to change physics on the fly. [Sami Mokaddem] +- Added physics toogle button for event graph. [Sami Mokaddem] +- Fix #3074: Edit button vanishes on cancelled delete. [Sami Mokaddem] +- Better support of hierachical view and clutering unreferenced nodes. + [Sami Mokaddem] +- First draft of hierarchical layout. [Sami Mokaddem] +- Fixed bug where the node focus was not performed if the node was + already displayed. [Sami Mokaddem] +- When searching for a clustered item, it will uncluster it and focus + the camera to it. [Sami Mokaddem] +- Set correct number of childs in root node label. [Sami Mokaddem] +- Added clustering of unreferenced attributes/objects. [Sami Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch 'disable_auto_download' into 2.4. [iglocska] +- Made the auto download of attachments when loaded in the browser + configurable. [John Doe] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3152 from StefanKelm/2.4. [Andras Iklody] + + Default sort order for id / date reversed on click for Server preview index +- Update preview_index.ctp. [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Parsing course of action related observables. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Parsing more types of external pattern. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge pull request #3149 from StefanKelm/2.4. [Andras Iklody] + + Changes to allowed CVE format and hover output being displayed on top of the attribute +- Update Attribute.php. [StefanKelm] + + According to https://cve.mitre.org/news/archives/2014/news.html#jan152014_New_CVE_ID_Format_in_Effect_as_of_January_1_2014 the four-fixed-digits requirement has been dropped +- Update misp.js. [StefanKelm] + + Hover output on top, not to the left +- Add: Importing course of action stix objects as new course of action + MISP objects. [chrisr3d] +- Starting parsing some easy patterns. [chrisr3d] +- Add: Added course-of-action object parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Add: Added the stix version attribute in stix2-pattern objects. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Added description to galaxies. [chrisr3d] +- Parsing STIX objects that are imported as Galaxies. [chrisr3d] +- Importing vulnerabilities. [chrisr3d] +- STIX2 import Refactor. [chrisr3d] +- Re-enabled loading event function try/catch procedure. [chrisr3d] +- Importing external indicators as stix2-pattern objects. [chrisr3d] + + Now on the same state as the current used import module +- Wip: Import module importing things, but need to fix few attributes + loss. [chrisr3d] +- Wip: Parsing patterns representing MISP objects. [chrisr3d] +- Wip: Parsing observable objects representing MISP objects. [chrisr3d] +- Wip: Parsing STIX2 objects that give MISP attributes with the import. + [chrisr3d] +- Wip: Starting parsing STIX2 from MISP. [chrisr3d] +- STIX2 export refactored. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Parsing ip-port objects. [chrisr3d] + + - Observable added + - Observable & pattern tested +- Wip: Parsing file objects. [chrisr3d] + + - observable added + - observable & pattern tested +- Wip: Parsing email objects. [chrisr3d] + + - observable added + - observable & pattern tested +- Wip: Parsing url objects (observable added & tested + pattern tested) + [chrisr3d] +- Wip: Parsing x509 objects (observable added + pattern & observable + tested) [chrisr3d] +- Wip: Regkey object parsing + Fix on observable object creation. + [chrisr3d] +- Wip: Implementing observable objects generation for MISP objects. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Wip: Should now be able to create indicators for MISP objects. + [chrisr3d] + + - Patterns generation to be tested +- Wip: Parsing Galaxies. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] +- Wip: Fixed typo of some attribute values to delete spaces. [chrisr3d] +- Wip: Catching errors on indicators and observed data, and creating + custom objects instead. [chrisr3d] +- Wip: Fixed typo & bugs. [chrisr3d] + + - tests made for indicators +- Wip: Dictionary for attributes mapping should be ok. [chrisr3d] +- Wip: Always better with a stix package builder and the output file + saved. [chrisr3d] +- Wip: Handling special misp types. [chrisr3d] +- Wip: Should be able to export attributes. [chrisr3d] +- Wip: Refactoring to be continued. [chrisr3d] +- Wip: Dictionary update to go with stix2 export refactoring. [chrisr3d] +- Wip: Refactoring stix2 export & performance improvement. [chrisr3d] +- Wip: First try of refactored stix2 parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3148 from StefanKelm/2.4. [Andras Iklody] + + Update row_attribute.ctp +- Update row_attribute.ctp. [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Better ttps parsing. [chrisr3d] +- Fixed typo. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: Added Course of Action parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #3144 from geertdr/patch-1. [Andras Iklody] + + Spelling error update +- Spelling error update. [Geert De Ron] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3139 from mokaddem/quick-fix-metacategory-graph. + [Andras Iklody] + + fix: Event graph stalling when object has unknown-category +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3134 from chkp-aliaksandrt/fix-object-deletion- + buttons-title. [Andras Iklody] + + fix: Fix wrong object's deletion buttons title +- Merge pull request #3135 from StefanKelm/2.4. [Andras Iklody] + + Update EventShell.php +- Update EventShell.php. [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3125 from StefanKelm/2.4. [Alexandre Dulaunoy] + + Removed trustedsec.com and openbl.org +- Removed trustedsec.com and openbl.org. [StefanKelm] + + Removed https://www.trustedsec.com/banlist.txt and http://www.openbl.org as per https://github.com/MISP/MISP/issues/2541 +- Merge pull request #3119 from 3c7/bugfix/url_default_category. + [Raphaël Vinot] + + Different category in typeDefinition / defaultCategory +- Assigned "Network activity" as default category for url in + $typeDefiitions as defined in $defaultCategories. [Nils Kuhnert] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3123 from ldelavaissiere/patch-1. [Alexandre + Dulaunoy] + + Update INSTALL.ubuntu1604.txt to install pip3 +- Update INSTALL.ubuntu1604.txt to install pip3. [Laurent de la V] + + System complains about missing pip3 when attempting to install support for STIX 2.0 (cf. line 88): + + ubuntu@misp:/var/www/MISP/app/files/scripts/mixbox$ pip3 install stix2 + The program 'pip3' is currently not installed. You can install it by typing: + sudo apt install python3-pip + + Therefore suggest to include installation of python3-pip in previous instance of apt-get usage (line 69) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3106 from ldelavaissiere/patch-1. [Andras Iklody] + + Update default.ctp in order to fix issue #3105 +- Update default.ctp in order to fix issue #3105. [Laurent de la V] + + Re: https://github.com/MISP/MISP/issues/3105 + Adding a viewport element giving the browser instructions to set the width of the page to follow the screen-width of the device fixes the issue +- Merge pull request #3100 from StefanKelm/2.4. [Andras Iklody] + + Use GnuPG consistently +- Update default.pot. [StefanKelm] +- Update user_management.ctp. [StefanKelm] +- Update Server.php. [StefanKelm] +- Update default.pot. [StefanKelm] +- Update verify_g_p_g.ctp. [StefanKelm] +- Update edit.ctp. [StefanKelm] +- Update check_and_correct_pgps.ctp. [StefanKelm] +- Update admin_email.ctp. [StefanKelm] +- Update admin_edit.ctp. [StefanKelm] +- Update admin_add.ctp. [StefanKelm] +- Update user_management.ctp. [StefanKelm] +- Update administration.ctp. [StefanKelm] +- Update User.php. [StefanKelm] +- Update Server.php. [StefanKelm] +- Update ServersController.php. [StefanKelm] +- Update EventsController.php. [StefanKelm] +- Update AppController.php. [StefanKelm] +- Update default.pot. [StefanKelm] +- Update fetchpgpkey.ctp. [StefanKelm] +- Update README.md. [StefanKelm] +- Update CONTRIBUTING.md. [StefanKelm] +- Update default.pot. [StefanKelm] +- Update misp.js. [StefanKelm] +- Update view.ctp. [StefanKelm] +- Update edit.ctp. [StefanKelm] +- Update admin_view.ctp. [StefanKelm] +- Update admin_edit.ctp. [StefanKelm] +- Update admin_add.ctp. [StefanKelm] +- Update user_management.ctp. [StefanKelm] +- Update administration.ctp. [StefanKelm] +- Update administration.ctp. [StefanKelm] +- Update diagnostics.ctp. [StefanKelm] +- Update footer.ctp. [StefanKelm] +- Update User.php. [StefanKelm] +- Update Server.php. [StefanKelm] +- Update Event.php. [StefanKelm] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3071 from AJohnDoe/pass-uuid. [Alexandre Dulaunoy] + + Pass attribute UUID to enrichment modules +- Pass attribute uuid to enrichment modules. [John Doe] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3064 from 3c7/urlhaus-feed. [Alexandre Dulaunoy] + + Added URLhaus (http://urlhaus.abuse.ch) malware urls as feed. +- Added URLhaus (http://urlhaus.abuse.ch) malware urls as feed. [Nils + Kuhnert] +- Removed variables copied/pasted from stix1 but unused in Stix2. + [chrisr3d] +- Changed imports & only kept only used pymisp functions. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] + + +v2.4.89 (2018-03-23) +-------------------- + +New +~~~ +- Added STIX 2.x import to the GUI. [iglocska] +- Purge all/completed jobs via the job index, fixes #3024. [iglocska] +- Describe the new changes to the deleteAttributes API. [iglocska] +- Added self-description of the deleteAttributes API to the api + component. [iglocska] +- Open up the attributes/deleteSelected action to the API. [iglocska] +- Allow the searching of organisations by uuid on the event index (via + the API) [iglocska] +- Finished the first version of the recovery tool. [iglocska] +- Object reconstruction after, resolving the ID bug, WIP. [iglocska] +- Temp diagnostic tool for orphaned object attributes. [iglocska] +- RestResponse::describe() now uses generic URLs with optional url + parameters instead of showing the currently accessed ID. [iglocska] +- Include the attribute UUID in the attribute level restsearch. + [iglocska] + + - simply pass the `includeAttributeUuid` flag and set it to 1 via the API +- Allow requesting of misp standard format for the export modules. + [iglocska] + + - just set the `require_standard_format` to true in the moduleinfo disctionary + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Query string bumped. [iglocska] +- Updates to the deleteAttributes API. [iglocska] + + - Allow passing the "all" wildcard value to the attribute id filter + - Allow passing the "allow_hard_delete" flag to indicate that hard-deletion of soft-deleted attributes is allowed +- Allow the passing of the event ID via the JSON object for the + deleteSelected API. [iglocska] +- Use <> as delimiters for the freetext import too, fixes #2978. + [iglocska] +- Allow GETing the /tags/edit API. [iglocska] + + - will describe itself + - no ID needs to be passed for the description + +Fix +~~~ +- Added annoying missing space between the password field's label and + it's tooltip. [iglocska] +- Handling case of stix events without timestamp. [chrisr3d] +- Revert one part of timestamp conversion failing. [chrisr3d] +- Quick fix on timestamps comversion. [chrisr3d] +- Critical API integrity bug, potentially allowing users to delete + attributes of other events. [iglocska] + + - a crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute +- Get rid of keyboard shortcut footer tool when debug mode is enabled. + [iglocska] +- Handle edge case scenarios where orphaned correlations would throw + notices in the event view. [iglocska] +- PyMISP version is 2.4.89. [Alexandre Dulaunoy] +- PyMISP recommended version fixed. [Alexandre Dulaunoy] +- PyMISP updated to the latest revision. [Alexandre Dulaunoy] +- Various cleanups of the event preview via feeds. [iglocska] +- Support is isSiteAdmin + undeclared var + z-index. [Sami Mokaddem] +- Collapse on object_reference + create object_reference close to the + parent node when expanding. [Sami Mokaddem] +- Fixed various potential XSS issues in the resolved attributes view. + [iglocska] + + - potentially exposed XSS if a malicious MISP module was loaded on the instance + + - as reported by Christophe Vandeplas (@cvandeplas) +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- MISP taxonomies updated. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- Warning lists updated to the latest version. [Alexandre Dulaunoy] +- Added test to check the presence of a timestamp before trying to + assign it to a variable. [chrisr3d] +- Fixed FileObjectType None values handling. [chrisr3d] +- Added missing space between the password and the info icon. [iglocska] + + - my OCD demands it. +- Fixed password complexity popover in the change password view. + [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fixed error message if an attribute fails validation via the freetext + import tool, fixes #3052. [iglocska] +- Fixed PDFFileObjectType parsing. [chrisr3d] + + (waiting for metadata attributes parsing) +- Fixed misp object parsing for cases where there is only 1 attribute. + [chrisr3d] +- Changed recognition of stix from MISP files. [chrisr3d] + + - Fixed the problem of empty events (for stix from MISP) + in the API + - Also removed not used json event loader which would + not have worked in this refactored version +- Quick fix on object_relation field for port attributes. [chrisr3d] +- Parsing composite attribute types. [chrisr3d] +- Added email-attachment to parsed email properties types. [chrisr3d] +- Fixed various issues with the template views, fixes #3050 among + others. [iglocska] +- Object values reset when set to a custom value from a sane default + list, fixes #3049. [iglocska] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fixed view bug causing object reference deletions to fail, fixes + #3041. [iglocska] +- Parsing pe sections. [chrisr3d] +- Fixed pe filename value parsing. [chrisr3d] +- Updated whois parsing function following recent update on whois + Object. [chrisr3d] +- Removed console debug output. [iglocska] +- Fixed invalid removal of attributes based on blocked tags using the + /attributes/restSearch API. [iglocska] +- Tied the clearjobs function into the ACL and fixed a small text error. + [iglocska] +- Correctly fail validation for invalid composite attributes, instead of + throwing an exception, fixes #3025. [iglocska] +- Fix notice error when attribute is added with no correlation flag set + either way. [iglocska] +- MISP taxonomies updated. [Alexandre Dulaunoy] +- MISP objects updated. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fixed invalid object deletion text, fixes #3015. [iglocska] +- Added uuid to organisations in the event index. [iglocska] + + - also unset empty sharing groups from the output +- Fixes an issue where invalid offsets where inspected within the event + add function, fixes #3006. [iglocska] +- Empty events are created when pulling empty feeds, fixes #3008. + [iglocska] + + - as described by Emanuele Acri (@crossbowerbt) +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Added sightings to object attributes in the JSON output, fixes #3007. + [iglocska] +- Added menu option for object reconstruction in the diagnostics page. + [iglocska] +- Added missing view file for the new object reconstruction tool. + [iglocska] +- Add misp objects to log search filter. [iglocska] +- Only check the server's publish email flag if the adding of an event + comes from a remote server. [iglocska] +- Emergency fix for objects getting overwritten on a pull in certain + situations. [iglocska] + + - object IDs not purged on pull can lead to a local object being overwritten + - the patch fixes the capture function to purge the object IDs + + - as discovered and reported by TS-WAY (@TS_WAY_SRL) +- Fixed issue blocking the creation of tags, fixes #2989. [iglocska] + + - as described by @Res260 +- /attributes/text should allow more than one type to be downloaded. + [iglocska] + + - simply pass something such as: + + { + "type": ["ip-src", "ip-dst"] + } +- Object templates updated. [Alexandre Dulaunoy] +- Warning lists updated to the latest version. [Alexandre Dulaunoy] +- Allow parameters for the /attributs/text endpoint to be passed as a + JSON object. [iglocska] +- Reworked the way tags are attached to events on the index. [iglocska] + + - solves issues with the preview when an instance has an extremely high number of events +- Fixed issues with to_json() not supporting datetime objects. + [chrisr3d] +- Fixed an issue with no disable_correlation key existing for an event + in after save correlation. [iglocska] +- Throw an exception of no ID is passed to /threads/viewEvent, fixes + #2977. [iglocska] +- Fixed missing index errors on attribute index. [iglocska] +- Open up /attributes/index to the API, fixes #2975. [iglocska] +- Handle the no modules enabled error more gracefully. [iglocska] +- Made the name field required on tags - prevents the error to be thrown + by the DB instead of the validation. [iglocska] +- Fix tags/add on a GET request via the API. [iglocska] +- Added /tags/add to restresponse. [iglocska] +- Nicer error message when trying to add a tag to an event that doesn't + exist. [iglocska] +- Changed stupid parameter name to better reflec what it does. + [iglocska] + + - affects /attributes/restSearch + - includeAttributeUuid => includeEventUuid +- GUI: Listing Attributes creates many debug.log entries fixes #2969. + [iglocska] +- Fixed an invalid translation in the attributeRestorationForm causing + the confirmation to throw an exception, fixes #2967. [iglocska] +- Fixes an issue where editing an object with an attachment contained + within would soft-delete said attachment, fixes #2966. [iglocska] +- Reverted PR with alternate way of starting scheduler worker. + [iglocska] +- Don't try to refang filepaths, fixes #2926. [iglocska] +- Misleading failure message when failing to create Attributes partially + fixes #2955. [iglocska] +- Typo fixed for the previous commit. [iglocska] + + - apparently can't spell distribution +- No distribution set on the server should default to inherit for object + attributes. [iglocska] +- MISP objects updated. [Alexandre Dulaunoy] +- Attribute distribution defaults fixed for adding objects. [iglocska] +- Disable_correlation now works correctly as expected. [iglocska] +- Warning lists updated to the latest version. [Alexandre Dulaunoy] +- Fixed annoying download list only having one side clickable. + [iglocska] + + - it was annoying to brigadier general @adulau +- Removed left in debug/thrown exception. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Update event-graph.js. [Sami Mokaddem] + + Fixed typo in fa-mapping hex value +- Merge pull request #3063 from mokaddem/ref_graph. [Alexandre Dulaunoy] + + Event graph viewer editor +- Registrered funciton in ACLComponent. [Sami Mokaddem] +- Renamed script again. [Sami Mokaddem] +- Renamed script from references-graph to event-graph. [Sami Mokaddem] +- Directly call the callback function in edit_reference so that tha + manipulation UI get back to normal directly (vis.js iiner behavior) + [Sami Mokaddem] +- Check if input-search has focus before executing global keyboard + shortcut. [Sami Mokaddem] +- Restaured stabilization on first load. [Sami Mokaddem] +- Added possibility to edit references on the fly + edit objects on + their dedicated webpage. [Sami Mokaddem] +- Replaced on/off event function by the once function. [Sami Mokaddem] +- Simplified condition checking on expanding and collapsing nodes. [Sami + Mokaddem] +- Removed useless progressbar and simplified loading popup information. + [Sami Mokaddem] +- Improved FIXME comment. [Sami Mokaddem] +- First iteration of refactoring (reference_graph.js): moved functions + into classes. [Sami Mokaddem] +- Check if the reference is valid before performing the request. [Sami + Mokaddem] +- Added fullscreen + typeahead feature to network graph. [Sami Mokaddem] +- Added characters limitation in nodes + edit shortcut. [Sami Mokaddem] +- Iglocska's magic (Added kind of ajax support in attribute/edit) [Sami + Mokaddem] + + C + (\. \ ,/) + \( |\ )/ + //\ | \ /\\ + (/ /\_#oo#_/\ \) + \/\ #### /\/ + `##' + Ojo +- Improved UX (Generic popup callback + loading and progressbar) + Added + shortcuts. [Sami Mokaddem] +- Added generic popup callback + Support of item deletion in network + graph. [Sami Mokaddem] +- Added basic popover for item addition in relation_graph. [Sami + Mokaddem] +- Reset_view() fits network instead of moving to center only. [Sami + Mokaddem] +- Typos. [Sami Mokaddem] +- Updated centralGravity so that all nodes are closer to the center. + [Sami Mokaddem] +- Camera fits the view after initial load. [Sami Mokaddem] +- Added call back parameter in GenericPopup. [Sami Mokaddem] +- Initial references graphs commit. [root] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3057 from jezkerwin/2.4. [Alexandre Dulaunoy] + + Fixed spelling errors for mysql command and php version. +- Fixed spelling errors for mysql command and php version. [jezkerwin] + + Also changed git clone command for lief installation. +- Typo. [chrisr3d] +- Quick fix on filename / filepath parsing. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Quick fix with indicator's timestamp. [chrisr3d] +- Quick variable fix. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Updated comments: removed commented unused code & added documentation. + [chrisr3d] +- Stix2misp refactor & update !! [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into stiximport. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: Parsing attachments. [chrisr3d] +- Wip: Starting parsing portable executables. [chrisr3d] +- Wip: Added description parsing for stix objects without properties. + [chrisr3d] +- Wip: Whois parsing function improved. [chrisr3d] + + Still need some tests with proper examples to finish this part +- Wip: Starting parsing Whois Objects. [chrisr3d] + + But need some examples to parse properly !!!! +- Wip: Rebuilt hashes & files parsing functions. [chrisr3d] + + Also handling more properly when to import a stix + object as a MISP Object or as Attribute +- Merge pull request #3029 from chrisr3d/stiximport. [Christian Studer] + + Refactor stiximport +- Merge branch 'stiximport' of github.com:MISP/MISP into stiximport. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #3017 from AJohnDoe/fix/module-select. [Andras + Iklody] + + Fixes display of (dropdown), closes #3005. [John Doe] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Display "event" instead of "organisation" - Org Blacklist, fixes + #2473. [Andras Iklody] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Fixed key value that was not correct. [chrisr3d] +- Wip: More types supported & functions clarified. [chrisr3d] +- Wip: Starting to import external stix. [chrisr3d] +- Wip: Supporting more Object types. [chrisr3d] +- Wip: handling malware-sample in file objects. [chrisr3d] +- Wip: Supporting more attribute types. [chrisr3d] +- Wip: Parsing more attribute types & objects. [chrisr3d] + + - More attribute types and objects to come with events testing +- First version parsing some attributes. [chrisr3d] + + - More attribute types to be added + - Objects to be parsed as well +- Wip: Refactor of stix2misp - only a beginning atm. [chrisr3d] +- Merge pull request #3012 from Res260/feature_keyboard_navigation. + [Andras Iklody] + + Add keyboard navigation when choosing tags for an event +- Added a delay before doing the request when searching for tags in the + taxonomy choice. This reduces the possibility of losing characters + when typing fast. [Émilio Gonzalez] +- - Added keyboard navigation with arrows/pageUp/pageDown/enter for tag + selection ( Issue #3001 ) - The color when hovering over a modal + element is now grey, to differentiate from blue when choosing tags + using keyboard. [Émilio Gonzalez] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #3004 from RichieB2B/ncsc-nl/empty-stix. [Andras + Iklody] + + Allow empty STIX files to be returned, closes #2478 +- Avoid 'Invalid argument supplied for foreach()' warning. [Richard van + den Berg] +- Allow empty STIX files to be returned, closes #2478. [Richard van den + Berg] +- Merge pull request #3002 from P4rs3R/patch-2. [Alexandre Dulaunoy] + + pecl and phpenmod need root privileges +- Pecl and phpenmod need root privileges. [x41\x43] + + [line 329] According to stat -c "%U %G" /usr/share/php/.channels/pecl.php.net, the owner is root, so you can't edit this file as normal user, + [line 333] As above, both directories (/etc/php/7.0/cli/conf.d/ and /var/lib/php/modules/7.0/cli/enabled_by_admin/) are "root root": "Permission denied" while creating symbolic link or touching file. + Tested on Ubuntu server x64 16.04 LTS +- Merge branch 'feature/objectreconstruction' into 2.4. [iglocska] +- Merge branch '2.4' into feature/objectreconstruction. [iglocska] +- Merge pull request #2997 from 0xmilkmix/validate_suricata_rules. + [Andras Iklody] + + Validate suricata rules +- Removed tests from class. [milkmix] +- Finished http validation function using sticky and modifiers. + [milkmix] +- Wrote dns validation func, checking modifier after dns_query keyword. + [milkmix] +- Added options extraction function. [milkmix] +- Added validation function for global syntax. [milkmix] +- Initial regexp to match rule pattern. [milkmix] +- Merge pull request #2996 from Res260/fix_IE11. [Andras Iklody] + + Fix IE11 final: remove arrow function (ecmascript6 stuff) +- Fix IE11 final: remove arrow function (ecmascript6 stuff) [Émilio + Gonzalez] +- Merge pull request #2995 from Res260/fix_IE11. [Alexandre Dulaunoy] + + Part 3: Fix IE11 by surrounding a new Promise call with try/catch +- Part 3: Fix IE11 by surrounding a new Promise call with try/catch. + [Émilio Gonzalez] +- Merge pull request #2993 from Res260/fix_IE11. [Andras Iklody] + + Actually remove keyboard shortcuts from MISP.js +- Actually remove keyboard shortcuts from MISP.js. [Émilio Gonzalez] +- Merge pull request #2992 from P4rs3R/patch-1. [Andras Iklody] + + sudo issue while installing mixbox +- Sudo issue while installing mixbox. [x41\x43] + + sudo -u www-data [#83 and #85] + sudo [#86] + Tested on Ubuntu Server x64 16.04.4 LTS +- Merge pull request #2991 from LDO-CERT/2.4. [Andras Iklody] + + Fixed publish_without_email for server sync +- Fixup if statemant for mail and log message cleanup. [lucamemini] + + fixup if statemant for mail and log message cleanup +- Delete Event.php. [lucamemini] +- Fixup if statement for log message. [lucamemini] + + Fixup if statement for log message +- Fixed publish_without_email for remove server event. [lucamemini] + + Fixed broken support for publish_without_email to block email notification when event is pulled from remote server and flag "Publish Without Email" is enabled. +- Merge pull request #1 from MISP/2.4. [lucamemini] + + Refresh from upstream +- Merge pull request #2990 from Res260/fix_IE11. [Andras Iklody] + + Move keyboard shortcuts from misp.js to its own file (to regain compatibility with IE11) +- Move keyboard shortcuts from misp.js to its own file (to regain + compatibility with IE11) [Émilio Gonzalez] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2985 from Res260/fix_filename_ssdeep_import. + [Andras Iklody] + + Fixed a bug regarding filename|ssdeep attributes importing using FreeTextImport +- Fixed a bug regarding filename|ssdeep attributes importing using + FreeTextImport. See Issue #2971. [Émilio Gonzalez] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2979 from SteveClement/2.4. [Alexandre Dulaunoy] + + Added install step to make sure submodule permissions are ignored +- - Added install step to make sure all the submodules ignore + permissions. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve + Clement] +- Merge remote-tracking branch 'origin/i18n_prep' into 2.4. [Steve + Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2962 from Res260/add_pointer_triangle. [Andras + Iklody] + + Small keyboard shortcuts changes +- Add attribute shortcut now triggers the popup instead of changing page + + bottom right triangle now with pointer cursor. [Émilio Gonzalez] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] + + +v2.4.88 (2018-02-21) +-------------------- + +New +~~~ +- Add API response for /sightings/listSightings. [Andras Iklody] +- Reowkred organisation merge workflow, #fixes 2931. [iglocska] + + - Organisation merge is now offered to the user by the edit page if a UUID was used to edit an organisation that is already in use + - Merging a local org with 1+ user(s) into an external organisation converts the target organisation into a local one + - Merging a local organisation with a logo into an organisation without one will move the current logo to over + - caveat: this will only happen for organisations already using the new logo naming ([id].png as opposed to [name].png) +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- ModulesQueryAPI. [Juan C. Montes] + + ModulesQuery controller to can communicate from MISP API to misp_modules +- Added ssdeep threshold setting. [iglocska] + + - set the ssdeep value at which to consider two ssdeep hashes as correlating +- First iteration of ssdeep correlation. [iglocska] +- Added supporting structures for the new STIX API. [iglocska] +- Added STIX import directly to the UI. [iglocska] +- Add search shortcut for events and attributes + fix bug that triggered + shortcuts when dropdown menus were focused. [Émilio Gonzalez] +- Add keyboard shortcuts application-wide, managed using JSON files. + [Émilio Gonzalez] +- Add a "search all tags" input field on the taxonomy modal when adding + a tag to an event. [Émilio Gonzalez] +- Added returnMetaAttributes flag to the /events/freeTextImport API. + [iglocska] + + - directly returns the raw parsing data instead of creating the attributes if set + - 177 days, 23 hours 40 minutes faster implementation than expected by @ilmoka - #PMD +- New APIs to add/remove orgs and servers from sharing groups, fixes + #2888. [iglocska] + + - added functions to manage the additions/removals of objects from sharing groups + - the following APIs are included: + - /sharingGroups/addOrg/[sg_id]/[org_id]/[extend] + - /sharingGroups/removeOrg/[sg_id]/[org_id] + - /sharingGroups/addServer/[sg_id]/[server_id]/[all_orgs] + - /sharingGroups/removeServer/[sg_id]/[server_id] + + - All parameters are optional and can instead be passed as JSON objects such as: + + { + "org_uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", + "sg_id": "49", + "extend": 1 + } + + - The API is extremely flexible with how to name objects, the following parameters are allowed: + - Organisations: + - org_id (The organisation's local instance ID) + - org_uuid (The organisation's global UUID) + - org_name (The organisation's identifier as known to the curent instance) + - Server: + - server_id (The server's local instance ID) + - server_url (The URL of the server) + - server_name (The local name of the server as assigned when adding the server) + + The sharing groups can also be addressed by ID or UUID. +- Allow overriding the action names in the stringified restresponse + messages. [iglocska] + + - for example: 'addOrg' => 'add Organisation to' + +Changes +~~~~~~~ +- Version bump. [Alexandre Dulaunoy] +- Bump PyMISP. [Raphaël Vinot] +- Updated documentation. [iglocska] +- Bump PyMISP to 2.4.87. [Raphaël Vinot] +- Bump PyMISP recommended version. [Raphaël Vinot] +- Bump PyMISP, again. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] + +Fix +~~~ +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- PyMISP fixed to the latest version. [Alexandre Dulaunoy] +- Ssdeep is now updated on PECL - installation updated. [Alexandre + Dulaunoy] +- Warning-lists updated to the latest version. [Alexandre Dulaunoy] +- Typo in README. [Alexandre Dulaunoy] +- Resolved a potentially breaking issue for feed fetches with malformed + objects. [iglocska] +- Keep the original org name if merging an org into a newer copy with a + number appended (such as _1111) [iglocska] + + - no need to edit the resulting merge anymore +- Add org with known remote UUID fails silently, fixes #2930. [iglocska] +- Various fixes to the module api. [iglocska] + + - query function renamed to query enrichment + - added check for disabled modules and for modules that the current user is not allowed to use + - removed the module config from the index function to avoid exposing API keys / credentials to users + - some formating fixes +- ModulesController. [Juan C. Montes] +- ModulesController. [Juan C. Montes] +- Searching for exact values not possible via the attribute search, + fixes #2946. [iglocska] + + - Attribute search now returns only exact matches unless encapsulates between '%' characters +- Now supporting stix objects with only description text. [chrisr3d] + + - These objects are indicators or observables + - Description text in imported as misp attribute 'text' +- Fixed an issue where events wouldn't get properly unpublished when + accepting a proposal, fixes #2943. [iglocska] + + - only happened when a proposed new attribute was accepted, masking the issue +- Fixed command execution for site admins. [iglocska] + + - a server setting allowing the override of the path variable for esoteric RHEL systems allowed site admins to inject arbitrary commands + - impact was limited by the setting being only accessible to the site administrator + + - as reported by Michael Grolimund from Swiss Post (@grolinet) + + - CVE-2018-6926 +- Fixed invalid pgp url for fetching keys from the remote server. + [iglocska] +- Removed debug code, added cleanup for edits/deletes. [iglocska] +- Fixed the attribute selection on the event view. [iglocska] + + - Correctly select sections even on sort or other effects changing the order of elements + - Part of the keep @rommelfs happy package ;) +- Do not try to decrement attribute count below 0. [iglocska] +- Fixed mass delete for soft-deleted attributes. [iglocska] +- Make soft vs hard deletes more obvious. [iglocska] +- Hop over commented out functions in the queryACL tests. [iglocska] +- Parsing more types. [chrisr3d] + + - ignoring whois atm + + - creating object "file" in case of multiple hashes + in only one observable / indicator object +- PyMISP latest version. [Alexandre Dulaunoy] +- Changed the condition to recognize stix from misp. [chrisr3d] +- Add a baseurl if none is set for the stix framing. [iglocska] + + - otherwise we end up with a namespace leading to an empty URL which apparently is the STIX library's kwqryptonite +- Removed the truncating of output file names for the stix2misp script. + [iglocska] +- Fixes to several cases of handling blocked access incorrectly / non- + gracefully. [iglocska] + + - As reported by Christophe Vandeplas + + - stix export: Ungraceful handling of attempted access of unauthorised event (no unauthorised data returned) + - import module: Allows creation of proposals to unauthorised events (no unauthorised data returned, proposals are for new attributes only meaning no automatic override triggered) + - saveFreetext: same as import module +- Don't uppercase the shortcuts as the shortcuts are lowercase. + [Alexandre Dulaunoy] +- CVE en dash converted to '-' [iglocska] +- Fixed extension name of imported files. [chrisr3d] +- Fixed wrong dictionary key call causing empty import. [chrisr3d] +- Updated to the latest version of PyMISP. [Alexandre Dulaunoy] +- Removed object template element changes from logging system. + [iglocska] + + - temporary fix for the model name being too long... +- Escaping user controlled variable. [Andras Iklody] +- Run the db update before trying to add users/orgs. [iglocska] +- Added missing db field to users. [iglocska] + + - fixes a nasty issue with saving users failing when ZMQ is enabled on instances installed after 2.4.69 + - fixes a typo that caused invalid user changes being pushed to the ZMQ channel +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Added new APIs to ACL component. [iglocska] + + - wooooops +- Set the default PGP keyserver to pgp.circl.lu (faster than + pgp.mit.edu) [Alexandre Dulaunoy] + + TODO: A configuration for setting up the PGP keyserver at the MISP + instance setting. +- MISP objects latest version imported (fix ip-port issue with domain) + [Alexandre Dulaunoy] +- User_id in tag table was not included in MYSQL.sql. [iglocska] + + - added it to the initial db bootstrap along with an upgrade script for existing MISPs missing the field +- Galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fix adding tags via the API fails if not encapsulated in "Tag":{}, + fixes #2897. [iglocska] + + - also, add proper response instead of a redirect to make testing a bit more friendly +- Taxonomies updated. [Alexandre Dulaunoy] +- MISP objects updated. [Alexandre Dulaunoy] +- Fix an invalid call to saving a log entry without initialising the + class first. [iglocska] +- Graceful handling of gnupg not being set up on an instnace. [iglocska] + +Other +~~~~~ +- Update list_sightings.ctp. [Andras Iklody] +- Add: Updated to the latest version of taxonomies including new ones. + [Alexandre Dulaunoy] +- Merge branch 'galaxySearch' into 2.4. [iglocska] +- Add filter on GalaxyCluster description too ^^ [truckydev] +- Apply filter to pagination :) [root] +- Add field filter for galaxy cluster. [root] +- Merge pull request #2934 from cvandeplas/fix/modules-api. [Andras + Iklody] + + fix - allows upload of files using the misp-modules API +- Fix - allows upload of files using the misp-modules API. [Christophe + Vandeplas] + + See also #2719 +- Merge pull request #2950 from eCrimeLabs/2.4. [Andras Iklody] + + Update start.sh +- Update start.sh. [eCrimeLabs] + + Fixed bug in scheduler line +- Merge branch 'modulesQuery' into 2.4. [iglocska] +- Merge branch 'ModulesQueryAPI' of https://github.com/juancmontes/MISP + into ModulesQueryAPI. [Juan C. Montes] +- Update ModulesQueryController. [Juan C. Montes] + + Fix the format of the code +- Update ModulesQueryController. [Juan C. Montes] + + Support options (credentials) from config. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2944 from truckydev/patch-10. [Andras Iklody] + + Add the value in the field when filled in. +- Add the value in the field when filled in. [truckydev] + + add the value in the field when filled in on event view. +- Merge pull request #2945 from truckydev/patch-11. [Andras Iklody] + + don't exlude attributes with non-exportable tag +- Don't exlude attributes with non-exportable tag. [truckydev] + + exclude filter on attributes when tag is non-exportable +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2941 from + MattCarothers/fix_log_table_model_column_length. [Andras Iklody] + + Update model column length to 80 characters in the MySQL install file +- Updated model column length to 80 characters. [Matt Carothers] +- Add: new feeds from CoinBlockerLists added. [Alexandre Dulaunoy] +- Merge branch 'feature/ssdeep_correlations' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Add: mime-type attribute added. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2908 from Res260/fix_keyboard_shortcut_focus. + [Andras Iklody] + + new: Add search shortcut for events and attributes + small bugfix +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2906 from Res260/feature_keyboard_shortcuts. + [Alexandre Dulaunoy] + + new: Add keyboard shortcuts application-wide, managed using JSON files +- Add: identity-card-number attribute type to better support goAML. + [Alexandre Dulaunoy] +- Merge pull request #2902 from + Res260/feature_search_tags_on_taxonomy_modal. [Andras Iklody] + + Make search bar available in the "Select Tag Source" modal +- Added vendor and CakeResque folders to gitignore. [Émilio Gonzalez] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: a default category for GENE attribute type. [Alexandre Dulaunoy] +- Add: GENE: Go Evtx sigNature Engine attribute type added. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2899 from RichieB2B/ncsc-nl/misp-wipe-update. + [Andras Iklody] + + Wipe objects & update lists after wipe +- - wipe objects - update taxonomies, warninglists, galaxies and + objectTemplates after wipe. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2886 from MISP/Bump-PyMISP. [Raphaël Vinot] + + chg: Bump PyMISP recommended version +- Merge pull request #2883 from Rafiot/travis. [Raphaël Vinot] + + chg: Bump PyMISP + + +v2.4.87 (2018-01-28) +-------------------- + +New +~~~ +- Mispzmq.py updated with new topic (tags) [iglocska] +- Added boolean attribute type. [iglocska] +- New upgrade system. [iglocska] + + - decouple db changes from version number +- Tie tags into PubSub channel. [iglocska] + + - Reset the catastrophic @ilmoka enrage timer for another 5 days +- Add restore script. [Jérôme Leonard] +- Add regex type to warninglists. [iglocska] +- New BasicAuth header generator for the feed add/edit views. [iglocska] +- Use the new OrgImg helper for fetching org logos in a more consistent + fashion. [iglocska] +- OrgImgHelper - lookup org logoes in a similified helper, accounting + for old and new style logo filenames. [iglocska] +- Allow passing headers along with feeds. [iglocska] + + - add any arbitrary header to a feed + - can be used for authentication via basic auth for example +- Tell users about our lord and saviour, MISP-objects if they try to add + a composite attribute. [iglocska] +- Filter the event index on sharing group IDs, fixes #2845. [iglocska] +- First export of pot files. [iglocska] +- Automatic cateory switching based on currently selected types for the + freetext import/module triage screen. [iglocska] + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Rework of the event history view, no more crazy slow parsing of all + strings in the log table. [iglocska] +- Allow the "uuid" key to work as an alternate for "id" when adding + sightings. [iglocska] +- Various fixes to the way organisations are handled. [iglocska] + + - fix a bunch of issues with the org displays + - hide organisation view from users if they haven't yet contributed data and Security.hide_organisation_index_from_users is enabled +- Add MISP book phrase to Readme. [Andras Iklody] +- Save org logos based on the org ID not the org Name. [iglocska] +- Get rid of the weird http:// baseurls and set some helper variables + for the views. [iglocska] + + - Also load the new OrgImg helper + - @SteveClement wubs global view variables +- Tuned the freetext import tool, fixes #2822. [iglocska] + + - refang e-mail addresses + - add [@] refanging +- Clarified feed action buttons. [iglocska] + +Fix +~~~ +- Removed the crazy complex lookup for attribute tag counts from the tag + index. [iglocska] + + - Users will see the total count without any context avoiding ACL - however, they are still limited to seeing the actual data tagged that they can see anyway. +- Fixed double json decoding due to recent changes to galaxy clusters. + [iglocska] +- View issue fixed caused by previous commit. [iglocska] +- Fixed some galaxy cluster inconsistencies. [iglocska] +- Latest version of MISP galaxy. [Alexandre Dulaunoy] +- Resolved an issue where attaching tags to attributes via the generic + attachToObject() function was throwing an error. [iglocska] +- Reduced memory usage of tags index when requesting it via the API. + [iglocska] +- Load orgc data after attributes are loaded in search csv export. + [iglocska] + + - functionality still needs further fixes, WIP +- Graceful handling of removed users in discussion boards. [iglocska] +- Suricata export URL encodes an IPv6 between [], fixes #2872. + [iglocska] +- Fixed an issue where searching for a non-existing organisation in the + attribute search returned any visible attributes no matter the org. + [iglocska] +- Fixed messed up org logos in attribute search. [iglocska] +- Default sort order for id / date reversed on click for #2723. + [iglocska] +- Improved feedback when importing a blacklisted event, fixes #2859. + [iglocska] +- New mutex object, updated person object and improved registry-key + object. [Alexandre Dulaunoy] +- Fixed a TLP marking issue. [chrisr3d] + + (related to github issue #2623) + Marking is no longer influenced by distribution + level whenever Tags are set: + - in the current attribute + - in the event +- Object deletion view was bugged and non-functional. [iglocska] +- Retain the distribution level / sharing group ID when doing advanced + attachment extraction, fixes #2865. [iglocska] +- Clarifies the scope of a BIC code in the financial sector. [Alexandre + Dulaunoy] + + The Business Identifier Codes (also known as SWIFT-BIC, BIC, SWIFT ID + or SWIFT code)... +- Added missing things for the new org image loader. [iglocska] +- Make hover enrichments work again within objects, fixes #2793. + [iglocska] +- Fixes the object issues pointed out in #2543. [iglocska] + + - Shoutout to the debug hero finding them: @StefanKelm +- Added missing switch to the new OrgImg helper for the proposal index. + [iglocska] +- Fix editing of an organisation that has domain restrictions set. + [iglocska] +- Fixed an issue with invalid termination for a php block in HTML. + [iglocska] +- Fixed an issue where mass accepting proposals didn't unpublish the + event. [iglocska] + + - @rommelfs sees all +- Don't listen to David and Andras together ;-) [Alexandre Dulaunoy] +- Fixed a set of issues with sharing groups that lead to synced events + not saving/updating. [iglocska] +- Add timestamp to the CSV api. [iglocska] +- Fixed invalid lookup when a non site admin searches for attributes, + fixes #2849. [iglocska] +- Clarify timestmap parameter for attributes. [iglocska] +- Add flatten to advanced sightings add within objects. [iglocska] + + - without the flattening the advanced sighting add functionality couldn't be loaded +- Don't block email headers from being added if they have a line break + in them. [iglocska] +- Superfluous > [iglocska] +- Fixed invalid syntax. [iglocska] +- Add alternative x509 fingerprint hashes to the freetext import tool, + fixes #2821. [iglocska] +- Aadmin settings version updated. [iglocska] +- Fixed the inversed confirmation warning for enabling/disabling feeds. + [iglocska] +- PyMISP updated to latest version. [Alexandre Dulaunoy] +- Missing action added to ACL system. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: MISP galaxy updated. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Add: update to the latest version of MISP objects templates. + [Alexandre Dulaunoy] +- Some clarifications of unclear descriptions. [Andras Iklody] +- Merge pull request #1969 from devnull-/GPG_sign_option. [Andras + Iklody] + + Add a option to sign GPG emails +- Merge branch '2.4' into GPG_sign_option. [devnull-] +- Implement 'sign' option. [devnull-] +- Description of the option 'sign' [devnull-] +- Add option 'sign' in GPG section. [devnull-] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2869 from jeromeleonard/backup_restore. [Andras + Iklody] + + Backup and restore MISP configuration and database +- Update: add information for misp-restore.sh script. [Jérôme Leonard] +- Update: add Config php files to backup. [Jérôme Leonard] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2850 from eurodude/patch-1. [Andras Iklody] + + #2788 Corrected Dependencies in documentation +- Corrected Dependencies. [Fabien Mathey] + + Added additional information for installation (Python 3 for stix2, a2enmod headers) + + Additionally, line 120 should not be needed as it should be covered by line 119 but I left it in for the time as it does no harm +- Merge branch 'i18n' into 2.4. [iglocska] +- Merge branch '2.4' into i18n. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2847 from Deventual/patch-13. [Andras Iklody] + + fix permissions commands +- Fix permissions commands. [Deventual] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2832 from treed593/patch-1. [Andras Iklody] + + Update README.md +- Update README.md. [Trevor Reed] +- Merge pull request #2848 from SteveClement/i18n_prep. [Steve Clement] + + I18n - re-Sync +- Merge branch '2.4' into i18n_prep. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Update index.ctp. [Andras Iklody] +- Merge pull request #2831 from MattCarothers/fix_null_job_input_field. + [Andras Iklody] + + Set job_input explicitly to an empty string for cache feed jobs +- Set job_input explicitly to an empty string for cache feed jobs Older + MISP deployments may interpret a missing field as a null value instead + of an empty string, which causes the NOT NULL restriction on the + jobs.job_input field to raise an error. Fixes issue #2804. [Matt + Carothers] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2791 from SteveClement/i18n_prep. [Steve Clement] + + Merging i18n preparations from fork to branch. +- Merge remote-tracking branch 'origin/2.4' into i18n_prep. [Steve + Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- - Feeds/compare_feeds.ctp. [Steve Clement] +- - Fixed various typos/omissions etc. [Steve Clement] +- - Fixed various typos/omissions etc. [Steve Clement] +- - Fixed various typos/omissions etc. [Steve Clement] +- - Fixed various typos/omissions etc. [Steve Clement] +- - Closing parenthesis mistake. [Steve Clement] +- View/SharingGroups -> __(' [Steve Clement] +- View/Sightings -> __(' [Steve Clement] +- View/Taxonomies -> __(' [Steve Clement] +- View/Tasks -> __(' [Steve Clement] +- View/Templates -> __(' [Steve Clement] +- View/ShadowAttributes -> __(' [Steve Clement] +- View/Tags -> __(' [Steve Clement] +- View/Events -> __(' [Steve Clement] +- - View/TemplateElements -> __(' to be completed. [Steve Clement] +- - View/Taxonomies -> __(' to be completed. [Steve Clement] +- - View/Threads -> __(' to be completed. [Steve Clement] +- - View/Users -> __(' to be completed. [Steve Clement] +- - __(' round 1, done. [Steve Clement] +- - View/Warninglists -> __(' to be completed. [Steve Clement] +- - View/Whitelists -> __(' to be completed. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into i18n_prep. [Steve + Clement] +- - View/Pages -> __(' (Except using_the_system.ctp) [Steve Clement] +- - This is another textual beast… [Steve Clement] +- - Fixed automation.ctp parser errors. [Steve Clement] +- View/Organisations -> __(' [Steve Clement] +- - View/Pages -> __(' to be completed. [Steve Clement] +- - View/OrgBlacklists -> __(' done. [Steve Clement] +- - View/Objects -> __(' done. [Steve Clement] +- - View/Regexp -> __(' done. [Steve Clement] +- - View/Servers -> __(' done. [Steve Clement] +- - View/Roles -> __(' done. [Steve Clement] +- - View/Posts -> __(' done. [Steve Clement] +- Merge branch 'i18n_prep' of github.com:SteveClement/MISP into + i18n_prep. [Steve Clement] +- - View/Objects -> __(' [Steve Clement] +- - View/Layouts -> __(' [Steve Clement] +- - Added remaining __(' - needs double checking. [Steve Clement] +- - View/ObjectTemplateElements -> __(' done. [Steve Clement] +- - View/Helper -> __(' done. [Steve Clement] +- - View/News -> __(' done. [Steve Clement] +- - View/Logs -> __(' done. [Steve Clement] +- - View/Jobs -> __(' done. [Steve Clement] +- - Some typo fixes and formatting amendments. [Steve Clement] +- - View/Galaxies -> __(' done. [Steve Clement] +- - View/ObjectReferences -> __(' done. [Steve Clement] +- - View/ObjectTemplates -> __(' done. [Steve Clement] +- - app/View/Elements/ --> __(' [Steve Clement] +- - Refactor format string. [Steve Clement] +- - app/View/Events/ --> __(' [Steve Clement] +- - View/Events/automation.ctp -> Partially done, a lot needs to be + __('-ized. [Steve Clement] +- - View/Feeds -> __(' done. [Steve Clement] +- - View/EventDelegations/ajax -> __(' done. [Steve Clement] +- - View/Errors -> __(' done. [Steve Clement] +- - View/EventBlacklists -> __(' done. [Steve Clement] +- Merge branch 'i18n_prep' of github.com:SteveClement/MISP into + i18n_prep. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into i18n_prep. [Steve + Clement] +- - Elements/templateElements/populateTemplateAttribute.ctp -> __(' + [Steve Clement] +- - Elements/Users/userIndexTable.ctp -> __(' [Steve Clement] +- - Elements/ajaxAttributeTags.ctp Elements/ajaxTags.ctp + Elements/ajaxTemplateTag.ctp -> __(' [Steve Clement] +- - Events/view.ctp -> __(' [Steve Clement] +- - Elements/side_menu.ctp -> __(' [Steve Clement] +- - Elements/histogram.ctp -> __(' [Steve Clement] +- - Elements/Servers -> __(' [Steve Clement] +- - Fixed typo, added __(' where missing. [Steve Clement] +- - Fixed typo and spacing. [Steve Clement] +- - Elements/Events/eventIndexTable.ctp -> __(' [Steve Clement] +- - Elements/healthElements -> __(' [Steve Clement] +- - Elements/Events/View -> __(' [Steve Clement] +- - Replaced random '.......' with '…' - __(' where neeeded. [Steve + Clement] +- - View/Events/index.ctp -> __(' [Steve Clement] +- - View/Servers -> __(' done. [Steve Clement] +- - View/Elements/Feeds -> __(' checked and added where needed. [Steve + Clement] +- Merge remote-tracking branch 'upstream/2.4' into i18n_prep. [Steve + Clement] +- Merge remote-tracking branch 'origin' into i18n_prep. [Steve Clement] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] +- Merge branch 'i18n_prep' of github.com:SteveClement/MISP into 2.4. + [Steve Clement] +- Merge remote-tracking branch 'origin' into i18n_prep. [Steve Clement] +- - __(' -> Added where needed. [Steve Clement] +- - Typo. [Steve Clement] +- - __(' where needed - fixed Typo 'C' [Steve Clement] +- - View/Elements/dashboard -> __(' -> Done! #i18n_prep. [Steve Clement] +- - Removed Sublime fail :( [Steve Clement] +- - Final files in View/Attributes … for now. - Most views tested and + known working as expected. [Steve Clement] +- - Removed some echo ('foo') / echo('bar') -> Coding rules want: echo + foo - Added numerous __(' for i18n. [Steve Clement] +- - __(' added where needed. [Steve Clement] +- - Attributes folder scavenged for Translatables… [Steve Clement] +- - __('')-ized labels, buttons, styles. [Steve Clement] + + +v2.4.86 (2018-01-16) +-------------------- + +New +~~~ +- Mass enable/disable feeds. [iglocska] + + - protecting the sanity of MISP admins since 2012! +- Disable the viewing of a full organisation list by normal users. + [iglocska] + + - Only site admins and sharing group editors can see organisation lists + - this includes the org index and various statistics + - Keep in mind: Sharing group editors CAN see the full organisation list - otherwise they wouldn't be able to create sharing groups. + - Also, users CAN enumerate organisations that have created ANY data on the instance by looking at the given data + - this includes events, proposals, discussion entries, etc +- Expose the Sharing Groups to the API, fixes #2767. [iglocska] + + - Add/Edit/Index/View now exposed to the API + - rework of the sharing group capturing process + - fix to an issue that could potentially block sharing groups from being synced (the creator org of the sharing group wasn't directly exposed and an edit to the organisation's UUID after creating the SG could make the SG non-syncable) + + - various fixes to edge cases + - descriptors to the add/edit APIs via restresponse + + - Operation "Just relaxing and looking at stuff for the baby online" - the x-mas covert development patch(tm) +- Limit modules to a single organisation. [iglocska] + + - new settings in serverSettings +- Add API description to sightings/add, fixes #2806. [iglocska] +- Allow the collapsing of related events on the event view. [iglocska] + +Changes +~~~~~~~ +- Version bumped. [iglocska] +- Warninglists updated. [iglocska] +- Performance tuning. [iglocska] + + - improved performance of inserting batch attributes / passing a large number of attributes to attributes/add + - reworked algorithm to a two phase bulk insertion (validation -> mass insert) instead of looping through all attributes + - removed the build in counter cache for incrementing attribute counts on events in favour of a more lightweight solution + - performance gains on test data set: 50+ seconds -> 32 seconds + + - Greatly improved attribute index / attribute search performance + - fixed an issue that caused the lookup to avoid using indeces + - performance gains on test data when paginating: 11 seconds -> 1 second +- Add hybrid analysis to the freetext import tool, fixes #2797. [Andras + Iklody] +- Bump PyMISP. [Raphaël Vinot] +- Show x more attributes collapse toggle on the attribute correlations + now in brackets so people don't accidentally mix the count up with + event IDs. [iglocska] + +Fix +~~~ +- Remove the option for disabling sightings - it's an integral feature + of the MISP core. Fixes #2820. [iglocska] +- Fixed image element. [iglocska] +- Changed name of server settings -> server settings & maintenance, + fixes #2817. [iglocska] +- Fixed various visual feed issues, fixes #2818, fixes #2819. [iglocska] +- Fixed a bug that caused sharing groups within objects to not be + captured correctly, fixes #2816. [iglocska] +- Added missing view. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Updated to the latest version of the taxonomies. [Alexandre Dulaunoy] +- Latest version of the MISP galaxy updated. [Alexandre Dulaunoy] +- Sharing group ID set to the correct value if set implicitly by setting + the ID instead of passing a full sharing group object along, fixes + #2814. [iglocska] + + - also, fail if no valid sharing group was found. +- Added missing local field to fetched sharing groups, fixes #2812. + [iglocska] +- Parsing more stix doc structures. [chrisr3d] +- Invalid algorithm used for warninglist. [iglocska] +- Objects not purged correctly when deleting an event, fixes #2810. + [iglocska] + + - correctly included objects now in the quick delete function + - new upgrade script that purges existing orphaned objects +- Removed debug. [iglocska] +- Clarify scope for filter options in quick search. [iglocska] +- Better attribute add feedback on validation fail and fix to a failing + attribute index listing for normal users. [iglocska] +- Fixed misaligned org view. [iglocska] +- Fix to invalid role check preventing users from seeing the org index, + even if they should have access. [iglocska] +- Fixed weird eating of event titles on certain unicode characters. + [iglocska] + + - substr choked on them and produced empty strings +- Fixed typo. [iglocska] +- Removed a small slice of stupidity. [iglocska] +- Changed checks from isSiteAdmin to isAclSharingGroup for the org index + anonymisation. [iglocska] +- Better error handling when previewing csv/freetext feeds if no valid + data is returned. [iglocska] +- Better handling of something going wrong whilst fetching a MISP feed's + manifest. [iglocska] +- Removed loading of roboto font css - as it hasn't actually been used + for years. [iglocska] +- Fixed proposal add not setting valid types for each category + automatically. [iglocska] +- Rework of the restresponse URL generator. [iglocska] + + - correctly handle multi-word controllers +- Fixed some UI wonkyness. [iglocska] +- Don't render logo images if they don't exist. [iglocska] +- FetchAttributes() now correctly adheres to object distributions. + [iglocska] +- Removed the https url rule for now. [iglocska] +- Broken Suricata rules due to removed https branch. [iglocska] + + - possible fix, mimicing contents of https://[ip] +- Correctly show advanced sightings for object attributes. [iglocska] +- Sanitise the list of fields fetched for the admin user index. + [iglocska] + + - as reported by @deralexxx +- We are in 2018. [Alexandre Dulaunoy] +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fixed xml stix files loading. [chrisr3d] + + (our stix files at least) +- Fixed object_relation for some specific types. [chrisr3d] +- Supporting objects import. [chrisr3d] + + More object types will be added progressively +- Fixed event delete controller choice. [iglocska] + + - was using the current action's controller instead of locking in the events controller +- Stix 1.X import is now supporting more types. [chrisr3d] + + Still need to: + - test some specific types + - include 'object_relation' field to properly support + objects import +- Quickfilter should include attribute level tags too. [iglocska] +- Fixed misaligned feed hits on the attribute list in the event view. + [iglocska] +- Pagination on event attributes didn't load the feed correlations. + [iglocska] +- Fixed image element sizes. [iglocska] +- Updated to the latest version of MISP objects including annotation and + vulnerability objects: [Alexandre Dulaunoy] + + https://www.misp-project.org/objects.html#_annotation + https://www.misp-project.org/objects.html#_vulnerability +- Opcache_reset() doesn't always exist on our favourite distro - only + execute it if the function exists, fixes #2792. [iglocska] +- Fix to the previous issue with emptying the object_relation in + attributes on fetch. [iglocska] +- Cleaner handling of failed connections during + checkVersionCompatibility, fixes #2786. [iglocska] + + - log the real reason why the connection test failed in case of an exception (such as invalid certificate) +- Fixed null entry for object_relation, fixes #2773. [iglocska] +- Fixed output of batch import errors not correctly showing the failed + attribute positions, fixes #2779. [iglocska] +- Changes following the recent PyMisp updates. [chrisr3d] +- Recursively follow redirects for feeds, fixes #2774. [iglocska] +- Fixed default to_ids setting for proposal edits (should reuse old + setting) [iglocska] +- Fixed additional : in type field. [iglocska] +- Missing / in closing a tag. [iglocska] +- Update to the latest version of the objects template. [Alexandre + Dulaunoy] +- Add a clarification if you have multiple MISP instances to not forget + to change the default Redis port of CakeResque to avoid conflicts + between different CakeResque. [Alexandre Dulaunoy] +- Misp-modules optional installation added. [Alexandre Dulaunoy] +- Sighting anonymisiation should properly remove the org names from the + advanced sighting view. [iglocska] + + - as reported by @hel10world +- Updated to the latest version of the taxonomies. [Alexandre Dulaunoy] +- Travis link fixed. [Alexandre Dulaunoy] +- Warning-lists updated to the latest version. [Alexandre Dulaunoy] +- Naive fix for an issue with tab separated feeds being broken by the + switch to str_getcsv. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] + +Other +~~~~~ +- Merge pull request #2422 from panzertime/add-button-fetch-all-feeds. + [Andras Iklody] + + Added a button to fetch all enabled feeds +- Added a "fetch all" button to the feeds page. [RT Hatfield] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- 1st version of TTPs parsing function. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch 'feature/sg_api' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Starting to parse external xml stix files. [chrisr3d] + + Will test and adapt with data from different sources +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2789 from MISP/pymisp_test2. [Raphaël Vinot] + + chg: Bump PyMISP +- Wip: Some updates on pattern import. [chrisr3d] + + Will work on pattern parser soon +- Merge pull request #2785 from atluxity/patch-1. [Alexandre Dulaunoy] + + Update INSTALL.rhel7.txt +- Update INSTALL.rhel7.txt. [Hans-Petter Fjeld] +- Merge pull request #2787 from dewiestr/2.4. [Andras Iklody] + + Update NidsSuricataExport.php +- Update NidsSuricataExport.php. [dewiestr] + + Removed the ':' from the suricata msg as it removes the message after it in squert. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2782 from SteveClement/i18n_prep. [Andras Iklody] + + i18n prep - small commits… +- - Attributes -> Search Template, __('')-ized. [Steve Clement] +- - test entry. [Steve Clement] +- Add: new default feeds added. [Alexandre Dulaunoy] + + - abuse.ch SSL IPBL + - abuse.ch Dyre SSL IPBL + - cybercrime-tracker.net hashlist + - cybercrime-tracker.net gatelist + - hpHosts - GRM only + - blocklist.greensnow.co + - conficker all domains generated +- Merge pull request #2771 from SteveClement/2.4. [Alexandre Dulaunoy] + + Updated FreeBSD install documentation +- - Updated FreeBSD install to: [Steve Clement] + + -- Do the entire install with binaries (no /usr/ports required) + -- Fixed some Ubuntu remenants + -- Fixed config typos + -- Added all missing dependencies + + +v2.4.85 (2017-12-22) +-------------------- + +New +~~~ +- Limit the max amount of time spent fetching the latest commit ID to 3 + seconds max. [iglocska] + + - should help avoid the unresponsive diagnostic page issue +- Update config.php template with the option whether to chase LDAP + referrals. [Tomi Juntunen] +- Add a way to filter out attributes from being added by enforcing the + warninglists via /attributes/add. [iglocska] + + - either pass the url param /enforceWarninglist:1 or set the "enforceWarninglist":1 key on individual attributes to be checked +- Allow configuring whether to chase LDAP referrals in + ApacheAuthenticate module. [Tomi Juntunen] +- Add console command to reset user's authkey. [iglocska] + + /var/www/MISP/app/Console/cake Authkey [email@of.user] + + - sets a new random authkey and returns it in the output +- Add tag restrictions for a single user. [iglocska] + +Changes +~~~~~~~ +- PyMISP bump. [iglocska] +- Version bumps for everyone! [iglocska] +- Support the changes about registry-key for import as well. [chrisr3d] +- Update following the last changes on registry-key objects. [chrisr3d] +- Show connector tag on the cluster view. [iglocska] +- Check if the stix2 file is from MISP export. [chrisr3d] +- Display names are now fully exported as custom objects. [chrisr3d] +- MISP objects updated to include registrant-org. [Alexandre Dulaunoy] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Changed output file name to .stix2. [Andras Iklody] +- Added sane default org_id to users/add API. [iglocska] + + - takes current user's org_id as the default +- Some cleanup of the event index. [iglocska] + + - removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases + - Changed the behaviour when users click on org logoes (redirect to filtered index) +- Added category field information into labels. [chrisr3d] + + So we have categories while importing stix2 into MISP +- Bump PyMISP. [Raphaël Vinot] +- Add MISP (obj, attr, or galaxy) type in label. [chrisr3d] + + This change avoid losing information about some MISP types + during the export. + For instance: + - hostname and domain --> domain-name in Stix2 + - url and uri --> url in Stix2 +- Now able to distinguish src addr and dst addr. [chrisr3d] + + This change includes ip and email addresses + Also changed a bit Custom Objects + +Fix +~~~ +- Fixed z-index of correlation popovers. [iglocska] +- Fixed stupidly slow cluster selection list. [iglocska] + + - thanks to sort being inside the loop. If you do something expensive, make sure you do it as often as possible! +- Latest version of misp warning-lists. [Alexandre Dulaunoy] +- Collapse attribute correlations. [iglocska] +- Feed quick sync added. [iglocska] +- Warning-lists updated to the latest version. [Alexandre Dulaunoy] +- Some fixes to the hostname parsing for warninglists. [iglocska] +- Warninglists updated. [iglocska] +- Warning-lists updated to the latest version. [Alexandre Dulaunoy] +- Fixed various warninglist performance issues for updating. [iglocska] +- Warninglist bump. [iglocska] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- I ate too much chocolate ;-) [Alexandre Dulaunoy] +- Tie warninglist delete into the ACL. [iglocska] +- Fixed various warninglist issues. [iglocska] + + - no more mysql packet size issues on ingestion + - much hfaster ingestion of warninglists + - delete warninglists from the UI +- MISP galaxy updated. [Alexandre Dulaunoy] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- Fixed missing flatten for advanced sightings view. [iglocska] + + - attributes within objects couldn't generate the advanced sightings view +- Fixed an issue where adding an attribute to an existing object isn't + handled correctly via the API / sync, fixes #2760. [iglocska] +- Cleanup of setting the local server url in sharing groups over and + over in the same request. [iglocska] +- Removed copy pasta fail. [iglocska] +- Correctly attach sharing groups to objects / attributes within + objects. [iglocska] +- Fixed an abusive use of Identity SDO. [chrisr3d] + + - When the attribute category is not 'Person', it + is not always justified to use Identity +- Inverted check on filterwarninglistAttributes causing the warninglist + not to be adhered to correctly. [iglocska] +- Match the rate of the pulisher in the subscriber as default. + [iglocska] +- Remove trailing slash from MISP.baseurl. [Jan Skalny] +- Fixed a tag lookup scope error in attributes/restSearch. [iglocska] + + - searching for an attribute tag returned all attributes contained within the event holding the located attributes + + - for example: Event with 3 attributes, one having the tag "test" + - query /attributes/restSearch with "tags":["test"] returned 3 attributes instead of 1 +- Capture tags on an object-attribute level as expected, fixes #2752. + [iglocska] + + - The tag capturing ignored object attributes prior to this patch + + - emergency patch before the wrath of @ilmoka reaches us +- Add install of stix2 packages to support STIX 2.0 export. [Alexandre + Dulaunoy] +- Add install of stix2 packages to support STIX 2.0 export. [Alexandre + Dulaunoy] +- STIX2 export is no more experimental and can be safely used. + [Alexandre Dulaunoy] +- For the events with no tag. [Christian Studer] +- Misp-object updated to the latest version. [Alexandre Dulaunoy] +- Fixed issue for events with no attributes. [chrisr3d] +- Dictionary key in registry key object. [chrisr3d] +- Issue about ip|port observable objects. [chrisr3d] +- Avoid using the original dictionary for types. [chrisr3d] + + - Deepcopy makes we use each time a fresh copy and + modify only this copy instead of the original dict +- Object attributes calls. [chrisr3d] + + Matching with the last PyMISP release +- Error with SDO's IDs (from Galaxy) [chrisr3d] +- Fixed an issue where url parameters for restsearch didn't block + attributes. [iglocska] + + - url parameters are bad + - shame + - SHAME +- For tag filters, ignore capitalisation. [iglocska] +- X-mailer variable that was wrong. [chrisr3d] +- Some keys of hashes. [chrisr3d] + + For instance shaXXX type is automatically changed in + SHA-XXX by stix2 and needs to be identified with its + new format +- Fixed an issue with opcache not being used yet opcache_reset() being + called, fixes #2727. [iglocska] +- Fixed a condition where adding objects through /events/edit would + fail. [iglocska] +- Fixed an issue with the log model being referenced incorrectly in + MispObject. [iglocska] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- 'port' key of 'ip-src|port' attribute. [chrisr3d] + + Was set to 'dst_port' but is actually 'src_port' +- Added user restrictions for tags to the tag index. [iglocska] +- Fixed the invalid default TLDs if no warninglist is loaded. [iglocska] +- Fixed the disable correlation flags for the objec templates. + [iglocska] + + - also added a force update for individual templates +- Follow up to the previous patch on disable_correlations in object + templates. [iglocska] +- Fixed typo in field name for the object templates. [iglocska] + + - disable_correlation(s) - s was a mistake and it caused the feature in the templates not to work +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Wip: parsing external Stix2 documents. [chrisr3d] + + - atm: read patterns and create a stix2-pattern + Object with the pattern as attribute + - will try to parser pattern & observable objects + for the next updates +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Warninglists updated. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Add: stix2-pattern type added to support the STIX 2 patterning format. + [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2644 from jonas-koeritz/2.4. [Andras Iklody] + + Added an option to customize the page title +- Removed ?? operator to support PHP < 7.0. [Jonas Köritz] +- Added an option to customize the page title. [Jonas Köritz] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2754 from cvandeplas/2.4. [Andras Iklody] + + fixes bug where Server model might not yet be loaded +- Fixes bug where Server model might not yet be loaded. [Christophe + Vandeplas] +- Merge pull request #2753 from anerani/feature/ldap-referral-in-config- + template. [Andras Iklody] + + new: Update config.php with the option of chasing LDAP referrals +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Fix; Fixed the rate of the zmq publishing. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2750 from anerani/allow-ldap-referrals. [Andras + Iklody] + + new: Allow configuring whether to chase LDAP referrals +- Merge pull request #2684 from JanSkalny/fix_baseurl_trailing_slash. + [Andras Iklody] + + fix: remove trailing slash from MISP.baseurl +- Merge pull request #2719 from cvandeplas/2.4. [Andras Iklody] + + basic support for misp-modules via API +- Basic support for misp-modules via API. [Christophe Vandeplas] + + - mini cleanup of FileAccessTool that's not needed + - basic support for misp-modules via API (malware-samples not supported yet) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2751 from jezkerwin/rhel_install_documentation. + [Andras Iklody] + + Creation of install documentation for Red Hat Enterprise Linux (RHEL) 7.x +- Fixed centos7.txt file that was accidently modified. [Jeremy Kerwin] +- Changed RHEL version in title from 7.4 > 7.x. [Jeremy Kerwin] +- Note about issue surround lief compliation. [Jeremy Kerwin] +- Added disclaimer about additional issues after completion of install. + [Jeremy Kerwin] +- Added install instruction for lief and known issues section. [Jeremy + Kerwin] +- Up to the log rotation section. [Jeremy Kerwin] +- Completed the dependencies section. [Jeremy Kerwin] +- Renamed the file to be more generic to RHEL 7. [Jeremy Kerwin] +- More changes. [Jeremy Kerwin] +- Changes around the format a little bit. [Jeremy Kerwin] +- Spelling mistake. [Jeremy Kerwin] +- More updates to the install. Added overview and assumptions. [Jeremy + Kerwin] +- Changes the inital commit to more of a Table of Contents format. + [Jeremy Kerwin] +- Initial Commit. [Jeremy Kerwin] +- Add: parsing malware-sample from our stix2 files. [chrisr3d] + + (Following the latest update on the export module) +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: label to recognize malware samples. [chrisr3d] + + For SDOs generated from Objects +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Add: whois-registrant-org attribute type added. [Alexandre Dulaunoy] + + As requested in https://github.com/MISP/misp-objects/issues/55 +- Add: the last object types that missed before. [chrisr3d] + + - The documents generated by our Stix2 export should + be imported without any problem (otherwise I'll fix it) + - Random Stix2 documents may have problems to be imported + at the moment (depending on the possible observable objects + jungle in observed-data SDOs) - indicators should be ok +- Removed 1 useless test on observable. [chrisr3d] +- Removed a testing print. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Wip: Includes category import. [chrisr3d] + + Still need to include the missing types of object + not supported yet. +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2739 from zachsis/patch-1. [Alexandre Dulaunoy] + + Update xINSTALL.centos7.txt +- Update xINSTALL.centos7.txt. [zachsis] + + added `rh-php56-php-opcache` as part of the `yum install` for CentOS7 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Add: new types added for X509 certificate fingerprint: [Alexandre + Dulaunoy] + + - x509-fingerprint-md5 + - x509-fingerprint-sha256 + + This is required to ensure consistent export while hashes are used. The + associated x509 object template has been fixed to reflect the 3 fingerprint types + instead of the generic hash types. This would allow different export types. + + https://github.com/MISP/misp-objects/commit/b85438fc45b212a21b72d6d2e0df619758fa1444 +- Simplified generation of SDOs from Galaxy. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Wip: fixed bugs that appeared with Objects support. [chrisr3d] +- Add: new feed VXvault - URL List added. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Parsing SDOs from 'email' Object. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2731 from SteveClement/2.4. [Andras Iklody] + + - Initial FreeBSD install document +- - Initial FreeBSD install document. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Wip: Parsing patterns for Objects. [chrisr3d] + + Also little fixes & updates +- Added label with the type for Identity object. [chrisr3d] + + As well as it is done for all the other types +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Wip: Import module from STIX2. [chrisr3d] + + Functional but improvements still needed. + Not all the fields of Stix2 events supported +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2716 from cvandeplas/2.4. [Andras Iklody] + + fixes issue #2698 - malware-sample fails with import modules +- Fixes issue #2698 - malware-sample fails with import modules. + [Christophe Vandeplas] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Added custom object for MISP Objects. [chrisr3d] + + +v2.4.84 (2017-12-06) +-------------------- + +Fix +~~~ +- Fixed a critical issue introduced in 2.4.83 blocking the + synchronisation of edits in certain situations. [iglocska] + + - events being edited didn't set the locked = 1 flag on push + + - as reported by SIEMENS + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Added label to recognize malware-sample attributes. [chrisr3d] + + +v2.4.83 (2017-12-06) +-------------------- + +New +~~~ +- Various improvements to the CSV export. [iglocska] + + - The @FloatingCode and @ilmoka care package + - Improved CSV performance for instances with large number of events + - Added "value" filter for CSV (use-case: I want all indicators for this value with context) + - Added attribute tags to the output of the CSV export +- Add restrictions for e-mail addresses to certain domains. [iglocska] +- Add attribute tag filters to the fetchEvents() functionality. + [iglocska] + + - tag filters now filter on: + - all events cotaining matching tags on event + attribute level (positive lookup) + - all events not containing matching tags (negative lookup) + - filter attributes within a matched event for blocked attributes (negative lookup) + + - moved tag filtering to subquery filtering - should improve performance massively on larger instances when filtering on tags + + - first round of implementations, more on the way +- Various improvements. [iglocska] + + - use the feed uuid caches to link directly to affected MISP events + - various UI improvements + - Feed preview pagination / POSTed event ID filters added +- Add the possibility to limit fields for the CSV export via POST + requests. [iglocska] +- Added mac-address and mac-eui-64 attribute types. [iglocska] +- Added full audit logging to ZMQ and Syslog, fixes #2635. [iglocska] + + - syslog now includes all audit log entries and it's separated into proper severity levels + - ZMQ logging and syslog logging are both optional features +- Added phone number recognition to the freetext import tool. [iglocska] + + - also, changed the massaging of phone number type attributes to replace 00 with + +- Include user action in zmq. [iglocska] +- Added logging to galaxy attach/detach tasks. [iglocska] +- Push the action for user updates/creations/logins along with the user + object to the ZMQ channel. [iglocska] + +Changes +~~~~~~~ +- Version strings updated. [iglocska] +- Bump PyMISP, again. [Raphaël Vinot] +- Bump PyMISP. [Raphaël Vinot] +- Wip. [chrisr3d] +- Wip. [chrisr3d] +- Make misp to stix export work with MISP json formatted. [chrisr3d] +- Push MISP json formatted events to the stix exporter (pending rework) + instead of the direct output of fetchEvents() [iglocska] +- Push the full user object to the ZMQ feed. [iglocska] + +Fix +~~~ +- Updated pyMISP recommended version. [iglocska] +- PyMISP updated. [iglocska] +- Removed the requirement for a comment from the import modules. + [iglocska] + + - if the comment field is set don't override it +- Fixed PyMISP version. [iglocska] +- Removed unused variable. [iglocska] +- Latest version of the MISP galaxy. [Alexandre Dulaunoy] +- Latest version of MISP objects. [Alexandre Dulaunoy] +- Documentation to enable cortex services. [Raphaël Vinot] +- Don't cull the list of possible models based on existing data for the + search logs view. [iglocska] + + - slow and useless +- Fixed a bug with the resolved attributes list for freetext import / + module imports. [iglocska] +- Fixed CSV content type. [iglocska] +- Changed name of export popup. [iglocska] +- Moved attribute_tags in the CSV export to the includeContext flag + instead of the toggle-able attributes. [iglocska] +- Fixed some issues with the related feeds. [iglocska] +- Fix epic snafu in Event->_add() thanks to last minute save by the + Travis tests. [iglocska] +- Some minor fixes to the attribute filtering. [iglocska] +- Fixed an issue where sharing groups were not properly attached to + events for sync users, potentially fixes #2653. [iglocska] +- Added new field to MYSQL.sql. [iglocska] +- Added db changes needed for the user domain restrictions along with + restricting the user self edit action. [iglocska] +- Fixed an issue where proposal quick edits didn't work for normal + users, fixes #2685. [iglocska] +- Fixed update warninglists button being available to non site admin + users. [iglocska] + + - functionality was blocked by ACL, but button shouldn't be shown in the first place +- Block the addition of same type/category/value attributes in one shot + to the same event. [iglocska] + + - via the /events/add api +- Enforce server push rules on a sync user when viewing the events. + [iglocska] + + - user not seeing the data is a side-effect, not the intended effect + - serves to enforce the synchronisation rules + - sync user can still view the hidden attributes via attribute searches etc. Whether we want to remove this in the future is still to be decided, but for now the sync enforcement is the only intended effect. +- Mac-eui-64 not accepted by stix validator. [chrisr3d] + + By the way, it is accepted by the validator at creation.. + . +- Latest version of the MISP objects template imported. [Alexandre + Dulaunoy] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Dns-soa-email didn't have a category. [iglocska] +- Fixed missing entries for mac-eui-64. [iglocska] +- Made CSV parser for freetext import tool / feed ingestion compatible + with escaped CSVs. [iglocska] + + - "" now handled correctly +- Vulnerability (CVE) should correlate (CIRCL and NCSC-NL are supporting + it) fix #2691. [Alexandre Dulaunoy] +- Ambiguity removed from some sharing group related queries. [iglocska] +- Graceful handling of no response during getVersion pre-sync test. + [iglocska] +- Fix an issue with a double quoted integer in the correlation update + script during publishing, fixes #2540. [iglocska] +- Trimp the org uuid upon entering it to avoid copy-pasta issues. + [iglocska] +- Updated the duplicate attribute removal tool to actually remove + instead of trying to deduplicate. [iglocska] +- Fixes notices of no SharingGroupOrg being set due to a bug in the + sharing group cacher for normal users. [iglocska] +- Fixes to various issues with adding proposals via the freetext import + tool. [iglocska] + + - no feedback on whether the resulting dataset will be stored as attributes/proposals + - unpublishing of the event when proposals get entered + - alerting the event creator of new proposals if coming from the freetext import tool +- Quotes issue fixed. [chrisr3d] +- MISP objects updated. [Alexandre Dulaunoy] +- Leaking of hashed passwords in the audit logs fixed. [iglocska] + + - Scope was limited due to the audit log access restrictions to site/org admins +- Expose /users/view/me to the API, fixes #2679. [iglocska] +- Don't verify peer name on self signed certs; don't verify self signed + peer if cert is missing. [Milan Pikula] +- Settings editor not working on touch devices. [Milan Pikula] +- Refresh rows in settings editor. [Jan Skalny] +- Relaxed email validation. [iglocska] + + - because unicode tlds / domains are such a great idea +- Disabled pretty argument. [chrisr3d] + + used while stringifying the final Bundle +- Fixed invalid timestamp generation. [iglocska] +- If no distribution level set, don't try to check if it's set to + sharing group on the attribute level. [iglocska] + + - Attribute->editAttribute() +- MISP object updated to the latest version to fix the unusable ASN + template. [Alexandre Dulaunoy] +- Attribute deletes are again synced correctly. [iglocska] +- Fixes an issue where assigning sharing groups based on existing IDs + didn't work for event creation via the API. [iglocska] + + - expected full sharing groups as provided by the sync, references didn't work +- Fixed the broken feed preview. [iglocska] +- Fixed the new path for the stix files. [iglocska] +- Moved the conversion to JSON after the massage of the data for stix. + [iglocska] +- Add galaxy to valid log action list. [iglocska] +- Shebang mixup. [Steffen Sauler] + + /!bin/sh to !/bin/sh +- 984732984th time is the charm... [iglocska] +- Reduced the user data to just a partial user object and organisation + object for the zmq push. [iglocska] +- Fixed the pubsub user push if the user object is not contained within + a User key. [iglocska] +- Previous commit didn't trigger in all cases. [iglocska] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- Fixed slow /tags/index calls using the API. [iglocska] + + - burned the stupid out of the API +- Fixed the downloadSamples API. [iglocska] +- Fixed silly lookup with injected event IDs on the export page for + normal users. [iglocska] + + - broke instances with a few hundred k events +- Fixed a reflected XSS in the sharing group creator tool. [iglocska] + + - Fixed a reflected XSS in the sharing group editor that requires malicious organisation names + + - Low impact due to the following requirements: + - organisation names with malicious org names (JS in the orgname) + - sharing group editor user has to manually add an organisation to the list that has javascript in the org name + - only vulnerable view is the editor itself, so the impact is limited to + users that manually add organisations with malicious names to the list themselves / edit such sharing groups + + - As reported by Dawid Czarnecki + +Other +~~~~~ +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2706 from Rafiot/cortex_doc. [Raphaël Vinot] + + fix: documentation to enable cortex services +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch 'feature/tag_filter_rework' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into + feature/tag_filter_rework. [iglocska] +- Merge branch '2.4' into feature/tag_filter_rework. [iglocska] +- Merge branch '2.4' into feature/tag_filter_rework. [iglocska] +- Little change about SDOs generated from Galaxy. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Add: a new set of logos for the MISP project. [Alexandre Dulaunoy] + + There are 3 type of logos in the set: + + - core software + - community + - standard + + The objective is not to replace the existing the logo but + to provide a clear logo when this is referencing a specific + sub-part of the MISP project. +- Fixed vulnerability type. [chrisr3d] + + Was generated as custom object because of a change + in the attributes reading function +- Fixed assignment issues for attributes from Object. [chrisr3d] + + Multiple use of the same part of the dictionary caused + assignment errors. Using the 'copy()' method avoid that error. +- Added mac-eui-64 type. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2701 from RichieB2B/ncsc-nl/stixfix. [Andras + Iklody] + + Fix STIX export format +- Use threat level name instead of id in STIX. [Richard van den Berg] +- Use new MISP JSON format (no more AttributeTags) [Richard van den + Berg] +- Merge pull request #2700 from Rafiot/testdescribe2. [Raphaël Vinot] + + chg: bump PyMISP, again +- Add: MISP distributed overview in SVG format. [Alexandre Dulaunoy] +- Merge pull request #2697 from Rafiot/testdescribe. [Raphaël Vinot] + + chg: bump PyMISP +- Little fix with 'info' field in Events. [chrisr3d] +- Added a label to separate SDOs from Objects. [chrisr3d] + + This distinction will probably be helpful for the + Stix2 import module to separate Attributes from + Objects +- Fixed issues with dictionary keys and some objects. [chrisr3d] +- Added Org & Orgc information for the import. [chrisr3d] + + Also clarified a little part of the code +- Added xml files parsing. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Added mac-address type. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Fixed issues about observable objects and patterns. [chrisr3d] +- Parsing attachment attributes. [chrisr3d] + + Also fixed some specific issues with single quotes +- Wip: Import of some of the most common attributes. [chrisr3d] + + Work still in progress in order to: + - Support as many attribute types as possible + - Fix simple quotes (that are not json parsable) +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #2672 from CenturyLinkCIRT/freetext-target-email. + [Andras Iklody] + + added target-email to FreeText Import types +- Added target-email to FreeText Import types. [Thomas Gardner] +- Misp-object templates updated to latest version. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. + [chrisr3d] +- Merge pull request #2671 from milankowww/return-to-orig-url. [Andras + Iklody] + + change behavior of login page to return to original page after authen… +- Change behavior of login page to return to original page after + authentication. [Milan Pikula] +- Merge pull request #2670 from milankowww/self-signed-certificate- + verification. [Andras Iklody] + + fix: self signed cert verification +- Merge pull request #2669 from milankowww/support-touch-screens. + [Andras Iklody] + + fix: settings editor not working on touch devices +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- Merge pull request #2668 from JanSkalny/fix_settings_editor. [Andras + Iklody] + + fix: refresh rows in settings editor +- Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- New relationships added. [Alexandre Dulaunoy] +- Starting to parse info for a stix import. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] +- Merge pull request #2651 from ppanero/sso_org_fix. [Andras Iklody] + + Added possibility to use always default org for new users +- Added possibility to use always default org for new users. [Pablo + Panero] +- Merge branch 'feature/stixunclutter' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2295 from norpol/patch-1. [Andras Iklody] + + Fix gpgv2+ key generation +- Fix gpgv2+ key generation. [Phi|eas |ebada] + + This resolves failing of gpgv2 key generation with the following error message: + ``` + gpg: agent_genkey failed: Permission denied + Key generation failed: Permission denied + ``` + + # Explanation + gpgv2's `pinentry-curses` requires access to a current `tty`. If you `su` or `sudo` between users, your tty's permission will stay the same as the initial login user (see illustrating below). You could, in general, work around issues like this by: + - `old_perms=$(stat -c "%U:%G" $(tty)); chown "www-data:tty" "$(tty)" && { sudo -u www-data gpg --gen-key; chown "${old_perms}" "$(tty)"; }` (uncertain security implications and won't probably work) + - starting screen/tmux within the newuser and then running `gpg --gen-key` + - starting a script session + + But first point can't really be recommended, latter two will fail because www-data login shell is `/usr/sbin/nologin`. + + Just for illustrating the problem better for you: + ``` + ssh alice@somehost: + stat -c "%U:%G $(tty)" $(tty) + alice:tty /dev/pts/1 + su - root + stat -c "%U:%G $(tty)" $(tty) + alice:tty /dev/pts/1 + ` +- Merge pull request #2640 from SHSauler/patch-4. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Added reg-key objects parsing for observed data. [chrisr3d] + + Still not tested as registry-key objects seem to have an issue in MISP +- Support email objects parsing into observed data. [chrisr3d] + + Currently skipping display names in observed data email-addr objects +- Merge pull request #2639 from truckydev/patch-4. [Alexandre Dulaunoy] + + update args.sleep on typeError +- Force int for --sleep. [truckydev] + + ^^ +- Update args.sleep on typeError. [truckydev] + + Convert string to int for time.sleep when sub.py use with -t +- Merge pull request #2633 from dawid-czarnecki/patch-1. [Andras Iklody] + + Download terms redirect fix +- Download terms redirect fix. [dawid-czarnecki] + + When server setting MISP.terms_download=true and MISP.terms_file exists under MISP/app/files/terms directory user wasn't able to download terms and conditions before accepting it. +- Merge pull request #2632 from PaoloVecchi/2.4. [Alexandre Dulaunoy] + + Create INSTALL.ubuntu1604.with.webmin.txt +- Create INSTALL.ubuntu1604.with.webmin.txt. [Paolo Vecchi] + + Some, maybe a friend, can't be asked to configure and manage all the services on an Ubuntu 16.04 so Webmin could be useful. + Tested with: + MISP 2.4.82 + Webmin 1.860 +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2630 from treyka/2.4. [Andras Iklody] + + add cti-python-stix2 to .gitmodules +- Add cti-python-stix2. [Trey Darley] +- Merge pull request #2629 from treyka/2.4. [Andras Iklody] + + typo fixen +- Typo fixen. [Trey Darley] +- Merge pull request #2628 from Delta-Sierra/2.4. [Andras Iklody] + + display "Fetch this event" button function in Servers and Feeds preview index +- Uppercase to be consistent. [Deborah Servili] +- Display "Fetch this event" button function in Servers and Feeds + preview index. [Deborah Servili] +- Some other object types supported in Observed Data. [chrisr3d] + + Object types still not supported (not in 'objectsMapping' + dictionary, from misp2stix2_dictionaries module) are set + to a basic value until the next update, so they do not + generate errors in Stix2 functions +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- 2017 even if it's not 2049 ;-) [Alexandre Dulaunoy] +- Quick fixes. [chrisr3d] + + +v2.4.82 (2017-11-10) +-------------------- + +New +~~~ +- Various features. [iglocska] + + - Added quickhashing to the feed generator + - Objects added to feed preview for MISP feeds + - Attribute tags added to MISP feeds +- Sightings ingested on import/sync. [iglocska] +- Added object references to ZMQ. [iglocska] +- First version of the zmq reimplementation. [iglocska] +- Rework of the feed correlation lookups for the event view. [iglocska] + + - massive performance boost by using redis pipelining + - for events with 10k+ attributes, show truncated feed correlation lookups, informing the user about the number of correlating attributes and a boolean flag on attributes saying that they correlate + - The overall feed correlation counter also allows users to pivot to a view that loads all correlations, though it should be used with some caution as it can be somewhat heavy + +Changes +~~~~~~~ +- PyMISP version bump. [iglocska] +- Pass event_id to import modules, fixes #2612. [Andras Iklody] + + As described by @Vince147 +- Version bump. [iglocska] +- Added some sane default headers to the apache .conf files. [iglocska] + + - protection against clickjacking + - nosniff + + - as reported by Or Hanuka (PALANTIR) + +Fix +~~~ +- 3rd time is the charm (PyMISP updated) [iglocska] +- PyMISP version. [iglocska] +- Warning list updated to the latest version. [Alexandre Dulaunoy] +- Taxonomy updated to the latest version. [Alexandre Dulaunoy] +- MISP object updated to the latest version. [Alexandre Dulaunoy] +- Latest version of the galaxy added. [Alexandre Dulaunoy] +- Added sharing group data to the new ACL functions. [iglocska] +- Rework of tags index / galaxy view. [iglocska] + + - performance tweaks + - no more silly queries + - added sharing group aware ACL to the event/attribute counters +- Added context to the sightings zmq feed. [iglocska] +- Fixed the tags/index performance snafu. [iglocska] +- Ugly fix for the float issues. [iglocska] +- Potential reflected XSS on older browsers in the histogram. [iglocska] + + - As reported by Dawid Czarnecki +- Histogram rework. [iglocska] + + - removed junk debug + - fixed group by issue + - better performance +- Enable auto select for new object rows when adding additional ones via + the multiple expand. [iglocska] +- Minor tuning of suricata rules. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- MISP objects updated to the latest version. [Alexandre Dulaunoy] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Changed relationship name of filesize in add attachments to size-in- + byte. [iglocska] +- Fixed default distribution for upload_sample(), fixes #2608. + [iglocska] +- Invalid redirect when viewing /roles/index as a normal user, fixes + #2606. [iglocska] +- Potential fix to sync issues with sharing groups and pushes, fixes + #2601. [iglocska] +- Convert - to _ in csv headers. [iglocska] + + - to match the previous output +- Add the object fields by default to the CSV export. [iglocska] +- Fixed tag names in the CSV export. [iglocska] +- Fixed escaping of CSV. [iglocska] +- Fixed the CSV field name for date. [iglocska] +- Fixed an issue with the CVE export if no field parameters were passed. + [iglocska] +- Fixed an issue preventing attributes in objects from being edited. + [iglocska] +- Further fixes to the new zmq system. [iglocska] +- Fixed a bug where sightings couldn't be added to objects. [iglocska] +- Updated sub.py. [iglocska] +- Org field not being hot potatoed to resolvAttributes() in the stix + export. [iglocska] +- Added missing parameter org to resolvAttributes() call in the stix + exporter. [iglocska] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Fixed empty emails. [iglocska] +- Added initialisation of Log model in the editAttribute() function if + the save fails. [iglocska] +- Change 2/2 for fixing the feed scheduler fixes #2503. [Andras Iklody] + + As described by @lucamemini +- Change 1/2 for fixing the feed scheduler fixes #2503. [Andras Iklody] + + As described by @lucamemini +- Allow proposing changes to object attributes. [iglocska] +- Attribute type list when editing should be the category's one if + already selected. [ppanero] +- Added default category for gender. [iglocska] +- Added missing IP field to logs. [iglocska] +- Misp-objects updated to the latest version. [Alexandre Dulaunoy] +- Added comment field to objects, fixes #2560. [iglocska] +- Added email-message-id's default category. [iglocska] +- Fixed an issue that caused an event edit to fail due to the invalid + refresh of the correlations. [iglocska] +- Fixed a bug with the restSearch API. [iglocska] + +Other +~~~~~ +- Supporting Observed Data SDOs from event Objects. [chrisr3d] + + Objects currently supported: + - domain-ip + - file + - ip|port + Currently working on the other ones +- Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. + [chrisr3d] +- Fixed typo for custom objects' type. [chrisr3d] + + In order to keep the initial type of the attribute +- Previous version of the dictionary no longer used. [chrisr3d] + + Double quotes seem to not be validated in stix2 patterns +- Fixed an issue with patterns. [chrisr3d] + + Caused by the previous dictionary format + (double and simple quotes management) +- Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. + [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Patterning for Indicators from Objects. [chrisr3d] +- First version with some objects parsed. [chrisr3d] + + Will continue parsing some other ones +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2603 from wotschel/2.4. [Alexandre Dulaunoy] + + Minor changes and additions to Deb 9 Inst. Guide +- Merge pull request #1 from wotschel/wotschel-INSTALL.debian9. + [wotschel] + + Some minor changes and additions Deb 9 Inst. Guide +- Some minor changes and additions. [wotschel] +- Merge branch 'customcve' into 2.4. [iglocska] +- Merge branch '2.4' into customcve. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch 'feature/zmq_rework' into 2.4. [iglocska] +- The last useless coma. [Cédric Bonhomme] +- Harmonizes arrays initializations. [Cédric Bonhomme] +- Enables the user to select the attributes to be included in the CSV + export (event and object attributes). [Cédric Bonhomme] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Added custom objects. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Parsing Identity SDOs for 'Person' category attributes. [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2589 from jurg/attrtypefix. [Andras Iklody] + + bugfix for selecting type in adding / editing attribute +- Bugfix for selecting type in adding / editing attribute. [Jorgen + Bohnsdalen] +- Using PyMISP attributes. [chrisr3d] + + wip: Waiting for some PyMISP issues to be fixed +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #2585 from ppanero/2.4. [Andras Iklody] + + Beautify edit object validation +- Merge branch '2.4' into 2.4. [Andras Iklody] +- Merge pull request #2588 from ppanero/bugfix. [Andras Iklody] + + bugfix for listing types when editing non object attrs +- Bugfix for listing types when editing non object attrs. [ppanero] +- Bug fix for listing types when editing non object attr. [ppanero] +- Beautify object edit validattion. [ppanero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2587 from RichieB2B/ncsc-nl/stixorgs. [Andras + Iklody] + + Add Reporter and Producer fields to STIX +- Add Reporter to STIX Indicent Add Producer to STIX Indicator. [Richard + van den Berg] +- Revert "Fix: Attribute type list when editing should be the category's + one if already selected" [iglocska] + + This reverts commit 27f30aae3bf6f30af1ecbf5dcf6d237aafa66b81. +- Merge pull request #2584 from RichieB2B/ncsc-nl/searchtag. [Andras + Iklody] + + Speed up tag searches +- Speed up tag searches, fixes #2407. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2582 from ppanero/2.4. [Andras Iklody] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Using PyMISP MISPEvent class to parse events. [Raphaël Vinot] +- Merge pull request #2576 from 98Giraffe/fix-type-o-in-diagnostics- + settings. [Andras Iklody] + + Fixed type-o in Server Settings -> Diagnostics -> Advanced attachmen… +- Fixed type-o in Server Settings -> Diagnostics -> Advanced attachment + handler, when referencing pymisp the message stated pydeep. [Joseph + Dane] +- Added exploit-kit as a Tool SDO. [chrisr3d] +- Removed a nonexistent 'non_indicator_attribute' [chrisr3d] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2568 from bambenek/2.4. [Alexandre Dulaunoy] + + Take 2: Changing which bambenek consulting DGA feeds are pulled in defaults.json +- Typofix. [John Bambenek] +- Making changes to feed file to point to different bambenek consulting + DGA feeds. [John Bambenek] +- Added Course of Action SDO. [chrisr3d] +- Added some Galaxy objects that can be easily mapped. [chrisr3d] +- Merge pull request #2565 from RichieB2B/ncsc-nl/fix-2561. [Andras + Iklody] + + Add file objects to STIX 1 export +- Handle filename only attributes. [Richard van den Berg] +- Skip non-observable indicator, fixes #2561. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Added malware-sample case. [chrisr3d] + + Also fixed some 'pattern' fields in the dictionary +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] +- Merge pull request #2563 from RichieB2B/ncsc-nl/stix-tlp. [Andras + Iklody] + + Use MISP TLP tags to set STIX tlpMarking +- Use MISP TLP tags to set STIX tlpMarking. [Richard van den Berg] +- Added a dictionary to manage patterns and observable objects. + [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] + + +v2.4.81 (2017-10-10) +-------------------- + +New +~~~ +- Added first experimental STIX 2 export implementation. [iglocska] + + - kudos to @chrisr3d for digging into the deepest bowels of the scary beast that is STIX2 + + - PoC, definitely needs further improvements/mapping. Let us know about issues you find! +- First round of updates to the correlation engine ready. [iglocska] + + - node deletion temporarily disabled until a bug is resolved +- Further progress on the graphing. [iglocska] + + - also, added new icon field to galaxies +- Further work on the graphing engine. [iglocska] +- First iteration of the graphing engine rework. [iglocska] +- Rework of the attachment uploader. [iglocska] + + - add attachments and upload_sample now share code + - allow the same features via upload_sample (object creation / use of advanced add attachments) + - new flag: advanced + + - example: + + POST to mymisp/events/upload_sample + BODY: + {"request":{"files": [{"filename": "bla.exe", "data": "U3RhckNyYWZ0IElJIGZvcmV2ZXI="}], "distribution": 1, "advanced":1, "info":"bla"}} + + - this commit was brought to you by CEF and + + MMMH$= - ., ,,. %H++ ,= %%$$$$X+ ;=== .= :+HHHMMMHMMM####MMH@@@@@@HHH$= HHH@HHHHH+XXX$$$$$$$$XXXXXXX+ + MMH = -. . ,-,,-,. :H@H =;;++$HH+XX$%+X%+$++=:=.XH@@@HMMMMMMMMH@@@@@@@HHX$ ,X@@@@@@@HHHHHHHHHHXXXXXXXXXXXXXX + . ---, - ,,, +@ .. ;++$HH+HHH++$+++HH+++, .+%HHMHHHHHHHHH+%%%++++$+ +++HHHHHHH+++++++++HHHHHHHHHHHHHH + - -- ,,, --,. - , ,; +$XHH@@@@HHH@@@HHHH+$+$X+HH+$$+ ; ;= . % + ,+$X+++XXXXXXXXXXXXX++HH+++++++ + ---==,,--,-,-., : . -,,:/ $XHH@HMMMMMMMMMM@HHX$H@MHHHHX+H%%$%+H/:.%. $. @,,,. $$XXXXXXXXXXXXXXXXXXXXXXXXXX+ + = - --,, , -- .. =/ +$+H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X+$$ = ,,, - $$XXXXX$$$$X$$$$$$$$$$$$$$X + ====== --,,,, ,= = ,==== ++$$+HHMMM####MH+$$+++HH@+HH@MHMMH@@H@@@HH+$+ ,,, ,. $$+$++$$$$$$$$$$++$$$$$$$X + :==-===-,. ,., == . :;; +++%$+H@HMMMMMMM%$%$$$+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+$$%%%%%%%%$+%%$$$$$XXXXX + , = ==- - . == . =; ++++%++HHHHHHHHHH++%$$X+@@H+HHHMMMMMMHH@@@+X+ , ,,,,- , ,$$$$$$$+++++$$$$XXXXX$$ + ,,- , --= .. . ;/ ++++%$X+HHHHHHH ++$++X+HH+X+H@HMMHHHHHHHH+. ,, ,, , . +$$$$+%+$$$$$$$$$$ + ,-----=-=--, ,== ..;/ +% +%$XX+HH++HH+/+$%++H@@HHXHHH@@@@@@@@HXX . .,,,. ,,,, ,-=$$$$$$$$$$$$$$$$$ + - ,- -- -, ,-= . =/++%++%+++++XXXXX$$+. +HHH@+$XHHHHHHHHH++$ -,,, ,, ,,,. ,+$$$$$$$$$$$$ + ---,-----, . == =/+%+++%++$$+++$X$$$$++,$$+++XXHHHHHHHH+X$+% ,-,-, ,, . . ,+$$+++++++ + == --, -- =--, ,,= . ./++$$++$+X$+/++$$XXXX$$$$XXXXXXH+HH+H+X$%%/ .,,,,,, .. .. ,. ,,,-=+%+++ /++ + + -- - -,,- ., . . . = +$$++++HH+. ,+$$+++++++$XX$X$XHHH+X$$+ ..--,- .. . . ,-, = ====== + MH - ---- --,,, . .. , %++$$X++++ +%++++++++%++$$$$$+H++X$$+ --, . . . = .==== + MM=,-, ---,,,,, . . ...,,, =/++%$$XXXX+/+++@@H@HX$+%$$+HHHHH$$$+: ,-- . ,. .. .. ==::;=-:;;; + MM+ ,----,,,, , .. ,. +++X+HH+++++%++$++++$$+HHH+++$$ ,- , . . : ;/ +%+. + MMH ,-,-,, ,,. . -, = = +$+H@HH++++$$X$$+++HHH+++$ , .. , +++++++%%+%+ + MM@,--,-,,,,,. . ,, . ,-, .=+$XHHHXXHHHHHHHH@@@@HX$%+: ,, . ..,, ..... ...%%%%++%%%%%%%% + M@@== ,,, , ++++XX++HHHHHH++HHH+, , , . .... . +$+%%%%%%+%%%%% + H@H+=,,, .. ,,+%$+H@HHHXX++, , ,, . ... . ,$$$$$%%%%%+%+%%%% + @H+,-,,..... . .,.;; ++$$X+%+:- , . .,,, . ... . XXX$$$%%%%%%+%%%%% + +++ -, . ... . .======== === , ,, . . .. . -,XXX$X$+$+%%%%%%%%% + $+ . ===:; ++++ ++++-,. , ,-, . $X+XX+XXX$$+%++%%%%% + ++: ,. . ,-,,-==:; %%%%%+%$$%$$X$$$+%+:== . . ,, ..+X$XXXXXX$$$+%%$$%%%% + =: ,,, == ++++++$+$$%+++$$$++$+ . == . .,,, +$$$$$$$$$$$$$$+$%%%+ + , ,---, =:;/++$$XX$$$$$$X+H@H@HHH$%%%$X$++;===== . ., .. +%%+$++$%$$$$$$%%++%+ + ===; +++$$$$+ +%+++%+HH@@@@HH+++ ++%+$+, === .. ,=; +++++++++.. :;; + . =:; /++%$$++, ,++HHMMHH@@@@HHHH@HH++++++ ,+$$+ . .. :=;;:;;;;;========== + .,,-==;;;+% %%+$$$$ /+++@@@@@@@@@@HH@M@MH@@@HHHHH$$% /%$XXX$X . -=====::::=========:: + . =; ++++++$+++ , +%H@@@HHH@HH++HHH@MHHH@HHHHHH++++ , +%%+$ ,, - --- ==:=: + ====; ++++$$+% ++H@HHHHHHH+X++X++@@@HHH@MMMMHHHHHH@HHHH+++++. ,,,,-,--- =:==;; + .,., ==;// / ++++%+%+%+++$$+@H@@@@H@HHH+XXX$%+HHHH@@HH@HMMMMMMMMMMMMMMH@+%; ...,,,,,--==;;;/; + . ...= .,+%$++%+$XXX$++%+++H@@@@HHH@HHH+++. ++++H+HHHHHHHMMMMMMMMMMMM@++: ,,, ===;;;;; + ==: . ++++++++HH%H+++X++HH+H@HHHH@HHHHHHH+++++%++%%+%%++ . , = ++$H@@HMHMMH%= . ..,,= + +++%$XXHHHHHH@H@@@@@H@HH@MMM@@HH@HH+HXH@HH%%+HH+XX$$$+++/;:=== ,,,,,, = ::; % :, ...,, + %+++HHH@HHH@@HMHHHH@HHHMHMHHHHHH+XH+HHH++++HHHH@HHHHH++%+ -, = ,=== ,, ,,, . + H@HHHH#M#M#MHHHM#MMMMMMMHHHH@H@H++@H$+++HHM#MMMMHMMH@@HHHHHH%+++++%%%+++ , . + %%%%%%%%%%%%%%++++%%++ .. ... .. . +++%+++++++%++++%+++++++++%+%++%+%%++%++++++% +- Change server settings via the API. [iglocska] + + Usage: + + Viewing current setting value: + + GET /servers/serverSettingsEdit/[mysetting] +- Allow POSTing search parameters to the /tags/index API. [iglocska] + + - to filter the tags index simply POST to /tags/index the following payload: + + {"filter": "malware_classification:malware-category"} +- Added object relations to the CSV export. [iglocska] + +Changes +~~~~~~~ +- Submodules updated. [iglocska] +- Replaced the correlation graph icon to something more appropriate. + [iglocska] +- ACL updated. [iglocska] +- If no object ID is set in the URL for adding an object reference, + check the payload for the object_uuid. [iglocska] +- Added .onion to the TLD list for the complext type tool. [iglocska] + +Fix +~~~ +- Skipping composite objects. [chrisr3d] +- STIX 2.0 report doesn't require labels but the python-stix2 requires + one. [Alexandre Dulaunoy] +- Mixbox and cybox not required then it's removed. [Alexandre Dulaunoy] +- PyMISP and warninglists updated. [iglocska] +- Fix a rare issue with zombie sighting data throwing a notice. + [iglocska] +- Fix to a potential reflected XSS on the quickDelete. [iglocska] + + - low impact, XSS required user confirmation of malicious payload + + - as reported by Or Hanuka (PALANTIR) +- Small fix to a missing ajax check. [iglocska] + + - ajax forms opened full screen look bad +- Various UI fixes. [iglocska] + + - no more walk of shame after demoing MISP on a potato quality projector (beamer for our Belgian/Dutch/German friends) +- Removed debug output from adding object references. [iglocska] + + - caused the spinning loading of doom +- Indicators added in addition to observed data + misp tag for IDS. + [chrisr3d] +- Galaxies updated. [iglocska] +- Fix notice if invalid taxonomy is viewed. [iglocska] +- Some cleanup of the attribute filtering. [iglocska] +- Potential fix to missing proposals during sync. [iglocska] + + - rather stupid adherence to push rules removed for proposal sync +- Fixed wonky object pre-save view. [iglocska] + + - showed numeric distributiion level for attributes + - showed numeric sharing group ID for attributes + - showed currently selected sharing group ID even if the distribution was ultimately not set to sharing groups +- Fix some restsearch filters fetching the same event more than once. + [iglocska] +- Corrected filename for array of events. [iglocska] +- Internal reference: type with a uuid of an event converts to a + clickable link. [iglocska] +- Sanitise all the things for XML, fixes #2522. [iglocska] + + - Sanitise all the things! + + ─────────────────────────────▄██▄ + ─────────────────────────────▀███ + ────────────────────────────────█ + ───────────────▄▄▄▄▄────────────█ + ──────────────▀▄────▀▄──────────█ + ──────────▄▀▀▀▄─█▄▄▄▄█▄▄─▄▀▀▀▄──█ + ─────────█──▄──█────────█───▄─█─█ + ─────────▀▄───▄▀────────▀▄───▄▀─█ + ──────────█▀▀▀────────────▀▀▀─█─█ + ──────────█───────────────────█─█ + ▄▀▄▄▀▄────█──▄█▀█▀█▀█▀█▀█▄────█─█ + █▒▒▒▒█────█──█████████████▄───█─█ + █▒▒▒▒█────█──██████████████▄──█─█ + █▒▒▒▒█────█───██████████████▄─█─█ + █▒▒▒▒█────█────██████████████─█─█ + █▒▒▒▒█────█───██████████████▀─█─█ + █▒▒▒▒█───██───██████████████──█─█ + ▀████▀──██▀█──█████████████▀──█▄█ + ──██───██──▀█──█▄█▄█▄█▄█▄█▀──▄█▀ + ──██──██────▀█─────────────▄▀▓█ + ──██─██──────▀█▀▄▄▄▄▄▄▄▄▄▀▀▓▓▓█ + ──████────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ + ──███─────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ + ──██──────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ + ──██──────────█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ + ──██─────────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ + ──██────────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█ + ──██───────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌ + ──██──────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌ + ──██─────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌ + ──██────▐█▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓█▌ +- Fixed potential double hashing of samples with the encrypt flag. + [iglocska] +- Invalid uuid used in the objectreferences add form. [iglocska] +- Fixed an invalid uuid in the object reference. [iglocska] +- Flatten events for the correlation graph. [iglocska] +- Fixed some weird editing issues. [iglocska] +- IP|Port in Gui, fixes #2505. [iglocska] +- Flatten the events for the restSearch API's lookup functions. + [iglocska] + + - otherwise valid events that only contain objects get blocked +- Fixed an issue with pushing a sample via the API / add attachments + when no object templates are loaded. [iglocska] +- Fixed a bug where normal users couldn't add object references. + [iglocska] + + - as reported by @deralexxx +- Added ObjectTemplateElements to the objectTemplate view via the API. + [iglocska] +- Only lower case search terms work in tags/index's filter. [iglocska] +- Port added to network activity. [iglocska] + +Other +~~~~~ +- Replaced placeholder label with threat-report. [Andras Iklody] +- Merge branch '2.4.81' into 2.4. [iglocska] +- Merge branch '2.4.81' of github.com:MISP/MISP into 2.4.81. [chrisr3d] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Added Tags as labels and links as external_references (both properties + of Reports) [chrisr3d] + + Will also add custom objects later, and handle the precision issues + for 'created' and 'modified' properties of all the STIX Objects +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Add: First WiP STIX 2.0 export from MISP JSON standard format. + [chrisr3d] + + This is an early stage export from MISP JSON into the STIX 2.0 + (still unpublished). Some attributes type are missing, galaxy and + objects needs to be exported into custom object due to the current + limited state of STIX 2.0. Tags will be added later as labels and link + as external_references (open points with OASIS CTI ongoing discussions). +- Merge pull request #2539 from RichieB2B/ncsc-nl/certauth. [Andras + Iklody] + + Allow creating users with CertAuth via userDefaults +- Allow creating users with CertAuth via userDefaults, fixes #2538. + [Richard van den Berg] +- Merge branch 'attributefiltering' into 2.4. [iglocska] +- Add an imput for search on all attributes in an event. field to search + can be modify in administration page. [Tristan METAYER] +- Merge pull request #2536 from RichieB2B/stix-mispobjects. [Andras + Iklody] + + Add MISP objects to STIX export +- Add MISP objects to STIX export. [Richard van den Berg] +- Merge pull request #2537 from RichieB2B/ncsc-nl/stix-conditions. + [Andras Iklody] + + Add Condition attribute to HTTP_Method STIX export +- Add Condition attribute to HTTP_Method STIX export. [Richard van den + Berg] +- Merge pull request #2533 from RichieB2B/stix-composites. [Andras + Iklody] + + Add ip-src|port and ip-dst|port attributes to STIX export +- Add ip-src|port and ip-dst|port attributes to STIX export. [Richard + van den Berg] +- Merge pull request #2529 from SHSauler/patch-3. [Andras Iklody] +- Removed duplicates from $categoryDefinitions. [Steffen Sauler] + + Payload delivery/ip-dst|port + Payload delivery/ip-src|port + Support Tool/text +- Merge pull request #2517 from truckydev/patch-2. [Andras Iklody] + + user right update +- User right update. [truckydev] + + Make all user access to /attributes/describeTypes.json +- Merge pull request #2515 from c-goes/emailregex. [Andras Iklody] + + Allow $ in email addresses +- Allow $ in email addresses. [c-goes] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- MISP galaxy added in the feature list. [Alexandre Dulaunoy] +- MISP objects added. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2502 from aparriel/tag_on_attribute_restSearch. + [Andras Iklody] + + Fix Tag json format +- Fix Tag json format. [Alexandre Parriel] +- Merge pull request #2495 from arnydo/2.4. [Andras Iklody] + + new: added alternate nameserver option to rpzexport +- Move ns_alt parameter to end of api list. [arnydo] +- RPZExport - Alternate NS. [Kyle Parrish] + + Added option to add an alternate nameserver to RPZ export. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2500 from aparriel/tag_on_attribute_restSearch. + [Andras Iklody] + + Add Tag field for restSearch on attributes, Fixes #2497 +- Add Tag field for restSearch on attributes, Fixes #2497. [Alexandre + Parriel] +- Merge pull request #2498 from Rafiot/travis3. [Andras Iklody] + + fix: travis file +- Up: Bump PyMISP. [Raphaël Vinot] +- Up: test file. [Raphaël Vinot] + + +v2.4.80 (2017-09-19) +-------------------- + +New +~~~ +- Various object template improvements. [iglocska] + + - allow multiple versions of a template to be stored at the same time + - select which version is the primary version of a template + - disable/enable templates + - edit objects with one of the older versions of a template if the object's version requires that + + - various UI / bug fixes +- Objects tied into e-mailing. [iglocska] +- Add way to flatten attributes for certain exports (hids, nids) + [iglocska] +- Added objects to object preview. [iglocska] +- Added diagnostics for the new attachment tools. [iglocska] +- Further progress on the synchronisation. [iglocska] +- Added phone-number attribute type. [iglocska] + + - Just the yugest attribute types for @rommelfs +- Expose the caching jobs / getProgress to the API. [iglocska] +- Massive performance improvements to the restSearch API. [iglocska] + + - smarter choice of pre-filtering gives a huge boost for non attribute level parameters + - caching the results of certain parts of the algorithm + - cleaned up some inefficient looping merges +- Sync with objects wip. [iglocska] + + - add/edit of full events now capture all object related structures + - restructuring of the edit/add functionalities into clearly divided subsections +- Further work on the objects. [iglocska] + + - uuids of both sides saved in references + - attachment adding fixed +- Several new features. [iglocska] + + - added multiple flag among other things +- Added first iteration of new add attachment functionality. [iglocska] + + - still WIP +- Added back referencing from a referenced object. [iglocska] + + - also fixed some view file issues +- Various new features for the objects. [iglocska] +- Added object relations. [iglocska] +- Added first iteration of object references and other changes. + [iglocska] + + - various fixes + - rework of the pagination library +- Progress on the Objects. [iglocska] + + - Fixed UI elements in the event view + - Added object-aware filtering to the event view + - Objects can now be deleted and viewed once deleted + - object sanitisation if the setting is set is implemented + - Edit objects directly from the interface (if the template exists) + - Various other fixes +- Collapsible object metadata. [iglocska] +- Further work on the object UI. [iglocska] + + - refactoring + - added objects fields to object rows + - nested rows within the object + - massive cleanup +- WIP - change to model aliasing to solve the reserved class name. + [iglocska] + + - Internal name is now MispObject for the model, but it is used Aliased, removing the need to do any data massaging + - Added WIP edit function +- Added objects submodule. [iglocska] +- Further progress with the objects. [iglocska] + + - added option to populate event with an object to the side menu + - multiselect popup for objects added + - redirect after adding object fixed +- More work on the objects. [iglocska] + + - mostly on adding / validating / saving objects including the UI for it +- Further progress on the objects. [iglocska] + +Changes +~~~~~~~ +- Version bumps all around. [iglocska] +- Updated taxonomies. [iglocska] +- PyMISP updated. [iglocska] +- Some tuning to the freetext import tool. [iglocska] +- Cakephp updated. [iglocska] +- Rename two fields in the object references. [iglocska] + + - source_uuid => object_uuid + - destination_uuid => referenced_uuid +- Removed default distribution for attributes in object - tkaen over by + the pre-validation script. [iglocska] +- Sane defaults set by pre-validation script as a fallback (attributes) + [iglocska] +- Added empty row after each object / attribute-proposal block. + [iglocska] +- Updated object definitions. [iglocska] +- Changed Object to MispObject internally. [iglocska] +- Changed frequency to ui-priority. [iglocska] +- Further work on the objects. [iglocska] + + - view events with objects via the API + - Further improvements to adding objects +- Added new tables to appmodel upgrade script. [iglocska] +- Added new fields to mysql. [iglocska] + +Fix +~~~ +- Reverted CakePHP version. [iglocska] +- Fixed the XML view. [iglocska] + + - please stop using XML, for your own sanity, I beg of you! +- Fixed query string and pymisp version. [iglocska] +- Fixed no specification of the tinyint length for the objects in + MYSQL.sql. [iglocska] +- Fixed double attachment of hashes for malware-samples. [iglocska] +- Updated PyMISP. [iglocska] +- Added an upper limit for max correlations / event. [iglocska] + + - super edge-case test instance got crushed by memory usage +- Correlation improvements. [iglocska] +- Some minor bug fixes. [iglocska] +- Avoid compatibility issue with AGPL license and its warranty clause. + [Alexandre Dulaunoy] +- Capitalisation of default tlp tag didn't match the ones coming from + taxonomies in the event alert e-mail subject. [iglocska] +- Fix to certauth pains. [iglocska] +- Added better debugging to the password shell. [iglocska] +- Corrected a copy paste mistake. [iglocska] +- Fix to an issue blocking the JSON download of single events. + [iglocska] +- Fixes various issues with the certauth. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fixes to various issues with the cert auth. [iglocska] +- Fixed the favourite tags not showing up in the tag index. [iglocska] +- ACL updated. [iglocska] +- When deleting an attirbute/objects, object references to it are not + deleted, fixes #2477. [iglocska] + + - force a reference deletion on attribute/object deletion + - changed it to match deletion type + - soft-deleting an attribute/object soft-deletes all references to it + - hard-deleting an attribute/object hard-deletes all references to it +- Fixed notices described in #2482. [iglocska] +- No attributes set in the objects add form makes MISP barf up notices + instead of gracefully showing an error - fixes #2476. [iglocska] +- Referenced by counter fixed, fixes #2479. [iglocska] +- Fixed the missing refresh on attribute tags when a new tag is added. + [iglocska] +- Unpublish event on object add. [iglocska] +- Updated the xml export tool to support objects. [iglocska] + + - though why do we still support XML?... +- Various fixes for the objects. [iglocska] +- Fixed the add attachments functionalities. [iglocska] +- Fixed the timestamp of object references not being set. [iglocska] +- Fixed the object reference's timestamp not being updated. [iglocska] +- Fixed the empty event warning if an event only has objects but no + attributes. [iglocska] +- Various fixes with object reference editing. [iglocska] +- Fixing various issues with the pull. [iglocska] +- Fixed an invalid user field lookup. [iglocska] +- Removed an invalid line left in from a debug session. [iglocska] + + - caused galaxy cluster not to show up on event view +- Fixed an invalid user call in the paginator. [iglocska] +- Added upload logo functionality to org add form. [iglocska] + + - Forgetfullness correlates directly with age apparently +- Reverted a change from yesterday that breaks the event index. + [iglocska] +- Fixed some parameter issues. [iglocska] +- Some realignment on the attribute add view. [iglocska] +- Fixed array level mess-up. [iglocska] + + derp +- Fixed invalid variable name. [iglocska] +- Fixed invalid lookup for adding object references. [iglocska] +- Added missing object row change. [iglocska] +- Fixed the saving of objects. [iglocska] +- Updated the new ajax methods to follow the new JSON rules. [iglocska] +- Various fixes. [iglocska] +- Fixed an outdated index pointing to a now non-existant field. + [iglocska] +- Ommit object template elements with invalid attribute types. + [iglocska] + + - and warn users + - shout out to all C-level managers at SHA2017 +- Fixed event view issue for empty events. [iglocska] +- Added description field to object template elements. [iglocska] +- Fixed previous commit. [iglocska] +- Missing field in object template elements added to match upgrade + script. [iglocska] +- Updated fields. [iglocska] +- Object renamed to MispObject in form. [iglocska] +- Cakephp updated. [iglocska] +- Removed obsolete table. [iglocska] +- Fixed object references table. [iglocska] +- Add object functions to ACL. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2493 from RichieB2B/patch-2. [Andras Iklody] + + Use sanitized orgname in STIX header +- Use sanitized orgname in STIX header. [Richie B2B] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2490 from ealtintas/2.4. [Andras Iklody] + + Update README.md +- Update README.md. [Ergin ALTINTAS] + + Fix the typo: "Network Detection Intrusion System" -> "Network Intrusion Detection System" +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2489 from truckydev/patch-1. [Andras Iklody] + + bugfix for freetextimport and email +- Bugfix for freetextimport and email. [truckydev] + + Correction for a bug when you add an email in freeTextImport. + + When you select 'whois-registrant-email' attribut never created and an error is displayed. + + because : + 'whois-registrant-email' not in 'Social network' and 'Payload delivery' but only in 'Attribution'. + + This PR add the type 'whois-registrant-email' in 'Social network' and 'Payload delivery' category. + + #### What does it do? + + no issue has been created. + + #### Questions + + - [ ] Does it require a DB change? + - [ ] Are you using it in production? + - [ ] Does it require a change in the API (PyMISP for example)? + + #### Release Type: + - [ ] Major + - [ ] Minor + - [X] Patch +- Merge pull request #2457 from Delta-Sierra/2.4. [Andras Iklody] + + remove old text from documentation +- Remove old text from fdocumentation. [Deborah Servili] +- Merge branch 'objects_wip' into 2.4. [iglocska] +- Merge branch '2.4' into objects_wip. [iglocska] +- Merge pull request #2483 from obert01/accessibility-fix. [Andras + Iklody] + + Accessibility improvement: ARIA properties for the "Add new cluster" button - events/view +- Accessibility improvement: Given the "button" role and appropriate + aria-label to the "Add new cluster" button in the "galaxy quick + preview" on an events/view page. [Olivier BERT] +- Merge pull request #2480 from RichieB2B/empty-stix. [Andras Iklody] + + Return empty STIX when no data +- Return empty STIX when no data, fixes #2478. [Richard van den Berg] +- Merge pull request #2474 from obert01/task-accessibility. [Andras + Iklody] + + Improved the accessibility of the "Scheduled tasks" page for screen readers +- Improved the accessibility of the "Scheduled tasks" page for screen + reader. The "aria-label" of the buttons for each tasks (frequency, + time, date) should be set to their value rather than their meaning. In + fact, the meaning of the value is given by the header of the column, + which is already perfectly read by all screen reader I have tested. + [Olivier BERT] +- Merge pull request #2469 from panzertime/2.4. [Andras Iklody] + + fix for issue #2458 +- Fix for issue #2458. [RT Hatfield] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Security vulnerability reporting about "high number of published CVEs + vs a few swept under the rug" [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2428 from cedricbonhomme/make-vagrant-a-submodule. + [Andras Iklody] + + Make vagrant a submodule +- Added misp-vagrant module. [Cédric Bonhomme] +- Removed vagrant folder. [Cédric Bonhomme] +- Merge pull request #2453 from panzertime/2.4. [Andras Iklody] + + Fixing bug in feed-fetch sched. task +- Fixing bug in feed-fetch sched. task. [RT Hatfield] +- Merge branch '2.4' into objects_wip. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' into objects_wip. [iglocska] +- Merge branch '2.4' into objects_wip. [iglocska] +- Merge branch '2.4' into objects_wip. [iglocska] +- Merge branch '2.4' into objects_wip. [iglocska] +- Merge branch '2.4' into feature/objects. [iglocska] + + +v2.4.79 (2017-08-28) +-------------------- + +New +~~~ +- Feeds added to the scheduled jobs. [iglocska] +- Opened up the taxonomies actions to the API: [iglocska] + + valid APIs: + + index, view, enable, disable +- Exposed Feed previews to the API. [iglocska] + + - The following can now be fetched via the API (requires site admin access): + CSV, Freetext, MISP feeds: /feeds/previewEvent/[feed_id] + MISP feeds: /feeds/previewIndex/[feed_id]/[event_uuid] +- Added command line tool to enable/disable misp. [iglocska] + + - /var/www/MISP/app/Console/cake Live [0|1] + - sets the MISP.live directive +- Add a baseurl changer for shell scripts. [iglocska] + + - cake /var/www/MISP/app/Console Baseurl [new baseurl] + +Changes +~~~~~~~ +- Update for the version release. [iglocska] + + - querystring bump + - version bump + - PyMISP version bump +- PyMISP updated. [iglocska] +- Made the current password confirmation requirement for any user + profile edits optional. [iglocska] + + - default setting is having it off + - incredibly frustrating feature is now only enabled on demand +- MISP-galaxies updated. [iglocska] +- Restrict tag editor permission to only create tags. [iglocska] + + - deleting/eding tags indirectly modifies events created by others + - reduced to site admin only functionality +- Added exit 0 to start.sh to make vagrant happy. [iglocska] + +Fix +~~~ +- Removed url -> tls_cert_subject rule conversion for the suricata + export, fixes #2396. [Andras Iklody] +- Fixed a bug where /events/uuid would return the incorrect event. + [iglocska] +- Only try to look for feed correlations for a proposal if the proposal + list isn't empty. [iglocska] +- MISP taxonomy updated. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Fix to the max items displayed / page using the custom pagination + tool. [iglocska] +- Slight improvement to event uuid lookup on the event view. [iglocska] +- Follow redirect from feed pull if the response is a 302. [iglocska] +- Cleanup for feeds fixed. [iglocska] +- Possible fix to the newsread = null issue. [iglocska] +- Fixed a potential persistent cross site scripting in the comments. + [iglocska] + + - new tag parser for the comments implemented + - Parser now cleanly pre-constructs the replacement items after finding tag pairs + + - This only impacts users of the same instance, as comments are not synchronised + + - as reported by Jurgen Jans and Cedric Van Bockhaven from Deloitte +- Further Event index UI fixes. [iglocska] +- Fixed event index for non site admins. [iglocska] +- Attribute view also accessible via UUID. [iglocska] +- Fetch PGP key button goes into endless loading if no key was found. + [iglocska] +- Fixed an obviously dumb validation rule, fixes #2394. [iglocska] + + - derp +- Fixed a group by issue with the event filter overlay. [iglocska] +- Misaligned event index for read only users fixed, fixes #2397. + [iglocska] +- Fixed mistyped field. [iglocska] +- Fixes to the galaxy import tool. [iglocska] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Fix double pagination of data in the taxonomies controller, fixes + #2399. [iglocska] +- Added event_uuid to attribute view. [iglocska] +- Remove the notice thrown if no valid user exists for the given e-mail. + [iglocska] +- Fixed the XML output for the restresponse library. [iglocska] +- Fixes to several issues with the template editor, fixes #2387, fixes + #2388. [iglocska] +- Several fixes to the template editor. [iglocska] +- Fixes to issues introduced by the ajax JSON rework, fixes #2384. + [iglocska] +- Tightening the sanitisation of indicators for the e-mail alerts. + [iglocska] +- Fixes to several cases of reflected XSS, fixes #2381. [iglocska] + + - as reported by @import-au + + - Additionally enforce content-type on all async APIs called by the UI using CakeResponse + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2419 from RichieB2B/patch-1. [Andras Iklody] + + Make newsread numeric instead of boolean +- Make newsread numeric instead of boolean. [Richie B2B] + + Fixes #2394 +- Merge pull request #2415 from CheYenBzh/2.4. [Andras Iklody] + + Baseurl miss in events filter +- Baseurl miss in events filter. [Antoine Callac] + + Minor change, adding baseurl for events search +- Merge pull request #2412 from cedricbonhomme/vagrant-dev-environment. + [Alexandre Dulaunoy] + + Vagrant dev environment +- Updated default values for OpenSSL and GPG. [Cédric Bonhomme] +- Updated default values for OpenSSL and GPG. [Cédric Bonhomme] +- Merge pull request #2410 from cedricbonhomme/vagrant-dev-environment. + [Andras Iklody] + + Introduction of a development environment based on Vagrant +- Fixed group owner of the MISP installation. [Cédric Bonhomme] +- Updateg .gitignore: ignore Vagrant log files and VM related files. + [Cédric Bonhomme] +- Updated README. [Cédric Bonhomme] +- Updated README. [Cédric Bonhomme] +- Updated README. [Cédric Bonhomme] +- Added Vagrant configuration files for a development environment. + [Cédric Bonhomme] +- Added Vagrant configuration files for a development environment. + [Cédric Bonhomme] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2405 from RichieB2B/patch-3. [Andras Iklody] + + Add Change Password link to profile view +- Add Change Password link to profile view. [Richie B2B] + + Make it easier for users to change their password +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2404 from RichieB2B/patch-2. [Andras Iklody] + + Initialize $abortPost in edit() +- Initialize $abortPost in edit() [Richie B2B] + + Avoid notices about "Undefined variable: abortPost" in debug.log +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2402 from RichieB2B/patch-1. [Andras Iklody] + + Rebuild _authenticateObjects cache in mixed authentication setups +- Rebuild _authenticateObjects cache in mixed authentication setups. + [Richie B2B] + + When CertAuth is mixed with normal FormAuthentication the upgrade from Simple to Blowfish did not happen because of the internal _authenticateObjects cache. Calling constructAuthenticate() rebuilds this cache. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2389 from truckydev/expose-galaxies-lit-to-api. + [Andras Iklody] + + Expose galaxies lit to api +- Update GalaxiesController.php. [truckydev] +- Update GalaxiesController.php. [truckydev] +- Update GalaxiesController.php. [truckydev] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2385 from cedricbonhomme/fix-command-line-tool-to- + enable-disable-MISP. [Andras Iklody] + + Fixed error: 'Value is not a boolean, make sure that you convert 'tru… +- Fixed error: 'Value is not a boolean, make sure that you convert + 'true' to true for example.' when enabling/disabling MISP with the + command line tool. [Cédric Bonhomme] + + +v2.4.78 (2017-08-06) +-------------------- + +New +~~~ +- Exposed Roles to the API. [iglocska] + + - valid commands via the API + - /admin/roles/add [GET, POST] + - /admin/roles/delete/{id} [POST, DELETE] + - /admin/roles/edit/{id} [GET, POST] + - /admin/roles/index [GET] + - /admin/roles/set_default/{id} [POST] + - /roles/index [GET] + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Updated misp galaxies. [iglocska] +- Updated warninglists. [iglocska] + +Fix +~~~ +- Fixed capitalisation of "throw" in templateElementsController. + [iglocska] +- Fixes the lookup of attributes in the UI attribute search to correctly + adhere to sharing groups. [iglocska] + + - Attribute search was not correctly adhering to sharing group rules as it wasn't using the centralised lookup method + + - As reported by Helge Aksdal +- PyMISP version bump. [iglocska] +- Nicer response for the API to push events to ZMQ. [iglocska] +- Fixed a typo in the pushEventToZMQ function. [iglocska] +- Only add the permission description to the Role fetcher if the + permission level is queried. [iglocska] +- Added constants to role permissions for the API. [iglocska] + + - Permission now accepts a constant [read|manage_own|manage_org|publish] in addition to a numeric value [0|1|2|3] + - Querying a role via the API returns the constant additionally to the numeric value in the permission_description field + + - Added /roles/view/{id} to the API +- Previous commit was incorrect, empty filters contain null not false. + [iglocska] +- Fixed "published":0 filter for restsearch. [iglocska] + + - also removed an empty function +- Added put/post to role deletion. [iglocska] +- Invalid model used to push ZMQ messages for discussion posts. + [iglocska] +- Potential fix to the template element adding issue throwing ajax only + exceptions. [iglocska] +- Changed the validation of newsread and change_pw to boolean. [Andras + Iklody] +- Fixed an issue with the roles model failing on stricter MySQL settings + due to missing group by. [iglocska] + +Other +~~~~~ +- Fixed org logos in attribute index. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2364 from strikaco/patch-1. [Alexandre Dulaunoy] + + Adds missing sudo invocation +- Adds missing sudo invocation. [Johnny] +- Fix #2347 - cookie attribute type. [Alexandre Dulaunoy] + + HTTP cookie as often stored on the web client and can be authentication + or even session cookie. +- Merge pull request #2340 from Rafiot/travis. [Alexandre Dulaunoy] + + Update travis file. +- Update travis file, use composer for all PHP deps. [Raphaël Vinot] +- MISP website links and references updated. [Alexandre Dulaunoy] +- A link to the CONTRIBUTING page added. [Alexandre Dulaunoy] + + +v2.4.77 (2017-07-12) +-------------------- + +New +~~~ +- Added php ini path. [iglocska] + +Changes +~~~~~~~ +- PyMISP version bump. [iglocska] +- Redacted certain server settings that could be considered sensitive. + [iglocska] + + - Encryption passwords as well as redis password are now redacted from the server settings + - Also includes the JSON dump of the server settings + + - Thanks to cert.govt.nz for the security report. +- Version bump. [iglocska] + +Fix +~~~ +- Remove delegation request once event delegation is accepted. + [iglocska] + + - TODO, cleanup of zombie delegation requests +- Updated pyMisp and querystring versions. [iglocska] +- Added user password length change to the MYSQL.sql file. [iglocska] +- Tightened the sanitisation of the filenames in the template uploader. + [iglocska] + + - Data from retained uploaded files when re-editing a template popuplation prior to submission was loaded into the JS directly without sanitisation + - Whilst there was no way found to exploit this, introduced tighter sanitisation for the file data + + - Thanks to cert.govt.nz for the security report. +- Fixed some missing css/scripts from the iframe for the template + uploader. [iglocska] +- GFI uploaded archives don't throw exceptions on failed parsing, + instead simply show an error banner after redirect. [iglocska] + + - in situations with misconfigured MISPs (debug enabled), a parsing error + exception thrown while parsing a maliciously malformed archive could include + arbitrary files in the stacktrace accessed from within the apache user's + scope if a symlinked file was uploaded in the archive + + - Thanks to cert.govt.nz for the security report. +- Upgraded hashing algorithm used and added requirement to confirm + password for user profile changes. [iglocska] + + - Added method to upgrade all passwords to blowfish transparently + - All profile edit pages (/users/edit, /admin/users/edit, /users/change_pw) now require the user's password to be confirmed + + - Thanks to cert.govt.nz for the security report. +- Added screenshots to attribute index/attribute search, fixes #2338. + [iglocska] + + - Flickr can start quivering in its boots! +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Value1 and value2 removed from attributes/view/id. [iglocska] +- The server settings page (servers/serverSettings) was crashing when + the redis connection wasn't properly working. [Cédric Bonhomme] +- Further performance tweaks to the feed fetcher. [iglocska] +- Made the feed pull for CSV/Freetext feeds much faster for large feeds. + [iglocska] + + - value de-duplication is now a lot more efficient +- Massive performance boost when adding attributes to an already large + event. [iglocska] +- Return json dict instead of string when queuing a feed pull job. + [iglocska] +- Fix the massive hover popover for modules that keeps breaking the + layout at trainings. [iglocska] + + (ノ°Д°)ノ︵ ┻━┻ +- Fixed TC import. [iglocska] +- Removed unused fulltext index in favour of 255 length index. + [iglocska] +- Fixed a potential issue with galaxy clusters with no elements causing + notices. [iglocska] +- Accessing a pivoted event view URL without having the pivot path + tracked in the session threw a notice. [iglocska] +- Added missing ServersController.php change that populates $php_ini. + [iglocska] + + - faildev forgot to commit the file +- Don't run the regexp replaces on sigma rules. [iglocska] +- JSON export via the UI should download a file, not render the JSON. + [iglocska] +- Invalid redirect from adding attachments when hitting post size limit. + [iglocska] +- Cleanup/sync of installation guides. [SHSauler] +- Fixed the invalid CSV download filename. [iglocska] +- MISP taxonomies updated to the latest version (DML added) [Alexandre + Dulaunoy] +- Fixed sanitisation of feed correlation fields. [iglocska] +- New dataplane.org feeds added. [Alexandre Dulaunoy] +- Meta field in galaxy cluster should be a dict even if empty in the + JSON output, fixes #2280. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2327 from kallix/attachments_dir-settings. [Andras + Iklody] + + Add an optional setting attachments_dir, and adapt existing code to use this setting +- Attachments_dir: Default value queried through a function to + workaround PHP inability to have anything useful stored in a class + property. [Kevin Allix] +- Add an optional setting attachments_dir, and adapt existing code to + use that setting. [Kevin Allix] +- Merge pull request #2332 from Deventual/patch-12. [Alexandre Dulaunoy] + + minor adjustments +- Minor adjustments. [Deventual] +- Merge pull request #2329 from Deventual/patch-10. [Alexandre Dulaunoy] + + added mixbox update instructions +- Merge branch '2.4' into patch-10. [Alexandre Dulaunoy] +- Merge pull request #2330 from Deventual/patch-11. [Alexandre Dulaunoy] + + fix minor instructions +- Fix minor instructions. [Deventual] +- Added mixbox update instructions. [Deventual] +- Merge remote-tracking branch 'origin' into 2.4. [iglocska] +- Merge pull request #2325 from cedricbonhomme/fix-bug-when-redis- + connection-fails. [Andras Iklody] + + fix: The server settings page (servers/serverSettings) was crashing w… +- Merge pull request #2314 from kallix/redis_password. [Andras Iklody] + + Allow Redis to be password-protected +- Merge branch 'redis_password' into 2.4. [iglocska] +- Allow a setting to NOT define a 'test' function. [Kevin Allix] +- Add MISP.redis_password option. [Kevin Allix] +- Use a password to connect to Redis if MISP.redis_password is set in + config.php. [Kevin Allix] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2307 from edhoedt/patch-2. [Andras Iklody] + + Attribute tags: fixing automatic refresh after deleting/adding a tag +- Attribute tags: fixing automatic refresh after deleting/adding a tag. + [edhoedt] + + Attribute_id_tr class should actually be ShadowAttribute_id_tr +- Merge pull request #2306 from edhoedt/patch-1. [Andras Iklody] + + Fixing crash on Event Tag delete+refresh on recent MySQL version +- Fixing crash on Event Tag delete+refresh on recent MySQL version. + [edhoedt] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2294 from garanews/2.4. [Andras Iklody] + + Show the welcome_text in tab title +- Show the welcome_text in tab title. [garanews] + + Show MISP.welcome_text_top value also in the tab title. + Useful when managing many MISP instances. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2293 from FIRSTdotorg/2.4. [Andras Iklody] + + Fixed empty user creation and user updates when org changes +- Fixed issue #2036. [Guilherme Capilé] +- Bugfixes in certificate authentication. [Guilherme Capilé] +- Merge pull request #1 from MISP/2.4. [Guilherme Capilé] + + updating FIRST MISP repository +- Merge pull request #2292 from SHSauler/doc. [Andras Iklody] + + fix: cleanup/sync of installation guides +- Merge pull request #2284 from MISP/revert-2283-getpgid. [Andras + Iklody] + + Revert "Use posix_getpgid to check whether a pid is running" +- Revert "Use posix_getpgid to check whether a pid is running" [Andras + Iklody] +- Merge pull request #2283 from kallix/getpgid. [Andras Iklody] + + Use posix_getpgid to check whether a pid is running +- Use posix_getpgid to check whether a pid is running. [Kevin Allix] +- Merge pull request #2282 from kallix/ps_grep. [Andras Iklody] + + Fix for a small bug: MISP can report mispzmq.py is running when it's not running +- Grepping the output of ps: the grep pattern should be ^pid_value$ + [Kevin Allix] +- Merge pull request #2281 from kallix/portability. [Andras Iklody] + + Change shebang to /usr/bin/env xxx for better portability +- Change (where needed) shebang to /usr/bin/env xxx for better + portability. [Kevin Allix] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2279 from ninSmith/2.4. [Andras Iklody] + + New apache directive with apache 2.4 +- Fixes #2278. [dc] +- Fixes #2278. [dc] +- Merge pull request #2276 from FafnerKeyZee/2.4. [Andras Iklody] + + Install Debian 9 (Stretch) +- Update INSTALL.debian9.txt. [Fafner [_KeyZee_]] +- Update INSTALL.debian9.txt. [Fafner [_KeyZee_]] +- Create INSTALL.debian9.txt. [Fafner [_KeyZee_]] +- Merge remote-tracking branch 'upstream/2.4' into 2.4. [Fafner + [_KeyZee_]] +- Merge pull request #2 from MISP/2.4. [Fafner [_KeyZee_]] + + update + + +v2.4.76 (2017-06-20) +-------------------- + +New +~~~ +- Feed http://cinsscore.com/list/ci-badguys.txt added. [Alexandre + Dulaunoy] +- Contributing guidelines added following the initial wiki document. + [Alexandre Dulaunoy] +- Caching of the CIDR blocks to boost the advanced correlation + performance. [iglocska] + + - massive boost to performance when using advanced correlations +- Push new Discussion items to ZMQ Under the topic + misp_json_conversation. [Hannah Ward] +- Performance improvements for the pub-sub modules. [iglocska] + + - Only load and open connection to redis for the pub-sub connection once. + - Massive performance boost when the ZMQ functionality is enabled +- Add adhereToWarninglists as a JSON parameter to the freetextImport + API. [iglocska] + +Changes +~~~~~~~ +- VERSION bump. [iglocska] +- Some small changes to the discussion ZMQ integration. [iglocska] + + - tied into new way of invoking the ZMQ module + - added some context fields to the messages being pushed (orgname, user email, etc) + +Fix +~~~ +- Warning-lists updated to the latest version. [Alexandre Dulaunoy] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Prevent form from being submitted when changing a template element, + fixes #2274. [iglocska] +- Error handling of proposal sync. [iglocska] + + - don't log errors if no proposals are found + - don't throw an exception if no proposals are found +- Allow triggering the fetch feed from the API. [iglocska] +- Changed the colour of the git output to something more soothing. + [iglocska] +- Fixed an issue in the XML export due to neglect. [iglocska] +- Fixed a group by issue. [iglocska] +- Removed silly duplicate queries from the event index. [iglocska] +- Fixed indexing of the value field for certain instances. [iglocska] +- Moved attachment access diagnostic tool to attributes controller. + [iglocska] +- Yes is not Yee. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Possible fix for a massive performance bug on older MYSQL versions + when entering attributes. [iglocska] +- Fix to the CIDR caching. [iglocska] +- Follow up to the previous patch, also for the individual events' + stixification. [iglocska] +- Throw the STIX errors to file, fixes #2266. [iglocska] + + - saved to /var/www/MISP/app/tmp/logs/exec-errors.log +- Further fixes to the delete attribute length. [iglocska] +- Fix the delete proposal's length based on the number of fields in the + table. [iglocska] +- Explanation regarding meaning of variables. [Steffen Sauler] + + Default OutputDirName (current dir) led to error for me on Ubuntu 16.04, tar 1.28. Provided works and is neater. +- Further performance improvements to the zmq module. [iglocska] + + - should make inserting data faster +- Fixed the duplicate sighting save that kept popping up in the ZMQ + feed. [iglocska] +- Fixed error messages for the CSV export API. [iglocska] +- Don't return the mixbox version if no mixbox is installed. [iglocska] +- New way of checking for API access. [iglocska] + + - meant to resolve some issues such as being redirected to the news page if a new news item exists while running a CSV export via the API +- Possible fix to the stix export for various STIX versions / python + versions. [iglocska] +- Fixed the mixbox version lookup. [iglocska] +- Added Mixbox to the STIX installation, fixes #2262 ##comma## fixes + 2261. [iglocska] + + - provided by @newdominic +- Corrected range of valid port numbers for the attribute validation. + [iglocska] + + - as pointed out by @MattCarothers +- Validation for port attribute The logical check for a valid port was + backwards. It looked for an integer outside the range of 1-65535 + rather than inside. [Matt Carothers] +- Added cache feeds to the gitignore. [iglocska] +- Fixed a notice error in the taxonomy view. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2182 from ppanero/2.4. [Andras Iklody] + + newsread attribute fixed for user registration via sso +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Pablo + Panero] +- Merge branch 'badattch' into 2.4. [iglocska] +- Changing some texts. [root] +- Adding small diagnostic on Server Setting > Diagnostics page to check + if some attachments referenced in database doesn't exist on + filesystem. [root] +- Merge pull request #2032 from dmaciejak/dmaciejak-patch-2. [Andras + Iklody] + + Remove duplicated h() calls +- Merge branch '2.4' into dmaciejak-patch-2. [Andras Iklody] +- Merge pull request #2267 from RichieB2B/nscs-nl/fixframe. [Andras + Iklody] + + Keep misp2stix Python 2.6 compatible +- Keep misp2stix Python 2.6 compatible. [Richard van den Berg] +- Merge pull request #2209 from tk-hendrik/fix/apache_auth. [Andras + Iklody] + + Fix invalid newsread +- Merge branch '2.4' into fix/apache_auth. [Andras Iklody] +- Add: reputation.alienvault.com feed added. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2243 from SHSauler/patch-2. [Andras Iklody] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2264 from FloatingGhost/2.4. [Andras Iklody] + + Push Conversation items to a ZMQ topic +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Hannah + Ward] +- Merge pull request #2260 from + MattCarothers/fix_backwards_port_validation. [Andras Iklody] +- Fix invalid newsread. [Hendrik] +- Merge branch '2.4' into dmaciejak-patch-2. [David Maciejak] +- Remove duplicated h() calls. [David Maciejak] + + +v2.4.75 (2017-06-13) +-------------------- + +New +~~~ +- First round of massive performance tuning (tm)(c) [iglocska] + + - Make MISP fast again +- Export default feed list in Markdown format. [Alexandre Dulaunoy] + + Simple Python script to dump the default feed list in a Markdown list. + The script is to be used for the automatic generation of the + misp-website and documentation to keep an up-to-date list of feeds in + the various public places of the MISP project. +- Mass delete events. [iglocska] + + - simply use the multi select on the event index via the UI + - for the API, simply POST to /events/delete with a payload in the following format: + `{"id": [15, 16, 17]}` + + - if you've accidentally deleted all your events using this functionality, feel free to contact @rommelfs or contact the NSA for backups +- Added Font Awesome for greater glory. [iglocska] +- Added email-body attribute type, fixes #1062. [iglocska] + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Performance tuning: Custom pagination tool. [iglocska] + + - changed set operation to a more performance alternative +- Added event info in feed correlations via a popover. [iglocska] + +Fix +~~~ +- Fixed an error causing combined feed cache issues. [iglocska] +- Relaxed UUID4 requirement for UUID validation. [iglocska] + + - we shouldn't enforce anything beyond the basic format +- Allow browsing events that have a failed full fetch. [iglocska] +- Removed port numbers from correlating, fixes #2141. [iglocska] +- Fixes a feed caching issue introduced by the performance tweaks. + [iglocska] + + - moved the combined feed generation for the fast lookups to the feed caching algorigthms as opposed to an on an on-the-fly merge +- Fixed invalid looping to pick up feed correlation event info fields. + [iglocska] +- Fixes a missing method needed for CIDR correlation, fixes #2256. + [iglocska] + + - CIDR correlation for IPv6 was utterly broken and broke the entry of ip attributes +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Added missing view file. [iglocska] +- Typo fixed. [iglocska] +- GPG vs PGP key naming snafu fixed. [iglocska] +- Fixed the proposal event index view showing org IDs instead of org + names, fixes #2248. [iglocska] +- Truncate log descriptions that are over 65532 character long. + [iglocska] +- No commit message. [iglocska] + + - cleanup refactoring of pub sub tool + - better handling of no access to redis +- Added download buttong for the feed settings in JSON format, fixes + #1895. [iglocska] +- Fixed issues with feeds that time out causing failures. [iglocska] +- Forgot to catch for weird STIX version. [Hannah Ward] +- Another IDGen thing. [Hannah Ward] +- Added empty string as default for feed data. [iglocska] + + - to handle cases where no data is returned. +- Removed second publish button from the menu. [iglocska] + + - copy pasta fail FTL +- Alignment issue fixed. [iglocska] +- New and improved child-lock. [iglocska] +- Use IDGen from literally any module that has it. [Hannah Ward] +- Added child-protection for the mass select on the event index. + [iglocska] + + - only site admins can mass select + delete now. +- Fixed a silly issue in the ZMQ publisher. [iglocska] + + - was setting up the socket and tearing it down for each message, derp + - as reported by @RichieB2B +- Made Python 3 happy with the ZMQ scripts. [iglocska] +- Added missing css loader from the layout. [iglocska] +- Email-attachment and email-body now accept line breaks. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2207 from RichieB2B/ncsc-nl/mixbox. [Alexandre + Dulaunoy] + + Also test for mixbox version +- Merge branch '2.4' into ncsc-nl/mixbox. [Alexandre Dulaunoy] +- Merge pull request #2251 from stinnux/feature/ApacheAuth-AllowUpdate. + [Andras Iklody] + + Feature/apache auth allow update +- Remove Debugging. [Thomas Stinner] +- Disable user in case he has no roles. [Thomas Stinner] +- Allow Updating existing users. [Thomas Stinner] +- Also test for mixbox version. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2244 from FloatingGhost/2.4. [Alexandre Dulaunoy] + + fix: forgot to catch for weird STIX version +- Merge pull request #2242 from MISP/MURDER_STIX. [Alexandre Dulaunoy] + + fix: Another IDGen thing +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2240 from FloatingGhost/2.4. [Alexandre Dulaunoy] + + fix: Use IDGen from literally any module that has it +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Two new feeds from @bambenek added in the default JSON feed. + [Alexandre Dulaunoy] + + +v2.4.74 (2017-05-30) +-------------------- + +New +~~~ +- Added default feed list. [iglocska] +- Publish event to ZMQ on demand and beaconing of ZMQ tool. [iglocska] +- Auto load the default feeds from file. [iglocska] +- Added User and Organisation addition/change data to the ZMQ feed. + [iglocska] +- Added filtering to the tag index. [iglocska] + + - also globally fixed the filter issues when filtering from an index with a different pagination position than the first page +- Added sightings to ZMQ pub sub system. [iglocska] +- Added attribute JSONs to pubsub system. [iglocska] + + - also made mispzmq a but more generic +- Add instance uuid. [iglocska] + +Changes +~~~~~~~ +- VERSION bump. [iglocska] +- Querystring version bump. [iglocska] +- Also store the lookup_visible field from the field import. [iglocska] +- Allow for \t to be used as a CSV feed delimiter. [iglocska] + +Fix +~~~ +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Logrotate, database.php settings explanation. [Steffen Sauler] +- Clarified ZMQ start button (it doesn't restart anything anyway) + [iglocska] +- Made the mispzmq.py script less crap. [iglocska] +- Gitignore updated. [iglocska] +- Initial password reset functionality. [iglocska] + + - invalid parameters sent for new users in the on-demand reset + - been bugged for 4 months, but became somewhat obsolete with the automatic notification so no one noticed +- Added missing topics to the mispzmq.py script. [iglocska] +- Fix a copy paste bug. [iglocska] +- [misp-zmq] add a Poller for future multi-SUBscriber in ZMQ. [Alexandre + Dulaunoy] +- Fixed an issue with false positive sightings throwing notice errors on + the event view. [iglocska] + + - caused by the false positive sightings data being aggregated in the event level sparkline without the correct dates being set + - solution is to remove the false positive data from being entered in the sparkline, the goal of it is only to show sightings anyway. +- Truncate the change field in log entries if it becomes humongous. + [iglocska] + + - solves a rare situation with massive PGP keys breaking user additions / edits +- Some cleanup in the mispzmq script. [iglocska] +- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Misp-galaxy latest version updated. [Alexandre Dulaunoy] +- Skip the import of mixbox for users of older stix libraries. + [Alexandre Dulaunoy] + + If you rely on old idgen from previous stix libraries, mixbox is not installed. + This completes the fix #2186 and should be fine for old and new stix libraries. + + A partial lyric has been included in this commit to ease the pain to work ##comma##: + + Money for nothin' and your stix for free + Money for nothin' and stix for free +- Fixed a notice issue with the feed index if no cache has been + generated yet. [iglocska] +- GUI bug/inconsistency (Explore remote server), fixes #2203. [iglocska] + + - Removed the link from the published sign, it was indeed silly +- Fixed a few silly issues with the hids export. [iglocska] + + - allow POSTed parameters + - simpler response always responds with txt type, won't complain about view not being set for incorrect accept headers +- Hids api threw error on empty result. [iglocska] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Update to the MISP galaxy latest version. [Alexandre Dulaunoy] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Deal with all the weird and "wonderful" stix versions Tries to fix + #2181. [Hannah Ward] +- Move idgen call to mixbox. [Hannah Ward] +- Fixed an issue with the freetext importer failing if no tags were set. + [iglocska] +- Fixed a condition where no proposals downloaded generated a warning in + the debug log. [iglocska] +- Added default comment to event blacklists, fixes #2080. [iglocska] +- Updated cakephp solving TLS 1.2 issues. [iglocska] +- Fixed an API vs documentation mismatch for the nids exports. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2232 from SHSauler/patch-1. [Andras Iklody] + + fix: logrotate, database.php settings explanation +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2230 from ppanero/sso_fix. [Andras Iklody] + + newsread attribute fixed for user registration via sso +- Newsread attribute fixed for user registration via sso. [Pablo Panero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Remove crap introduced by rope project. [Alexandre Dulaunoy] +- Add rope project in the gitignore. [Alexandre Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- First version of a Python ZMQ client to get messages from a MISP + instance. [Alexandre Dulaunoy] + + usage: sub.py [-h] [-s] [-p PORT] [-r HOST] [-o ONLY] [-t SLEEP] + + Generic ZMQ client to gather events, attributes and sighting updates from a + MISP instance + + optional arguments: + -h, --help show this help message and exit + -s, --stats print regular statistics on stderr + -p PORT, --port PORT set TCP port of the MISP ZMQ (default: 50000) + -r HOST, --host HOST set host of the MISP ZMQ (default: 127.0.0.1) + -o ONLY, --only ONLY set filter (misp_json, misp_json_attribute or + misp_json_sighting) to limit the output a specific + type (default: no filter) + -t SLEEP, --sleep SLEEP + sleep time (default: 2) +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2211 from kajogo777/2205. [Andras Iklody] + + FIX #2205 attachTagToObject permissions so that tagger role are able … +- FIX #2205 attachTagToObject permissions so that tagger role are able + to tag objects where obj.orgc_id != user.org_id fixes. [George] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2200 from RichieB2B/ncsc-nl/openioc. [Andras + Iklody] + + Several fixes for OpenIOC importer +- Set OpenIOC attribute distribution to 'Inherit' by default. [Richard + van den Berg] +- Accept RouteEntryItem strings. [Richard van den Berg] +- Test for 'success' key, fixes #2198. [Richard van den Berg] +- Merge pull request #2190 from FloatingGhost/2.4. [Alexandre Dulaunoy] + + Deal with the stupid errors STIX thinks it's ok to just throw +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Hannah + Ward] +- Merge pull request #2186 from FloatingGhost/2.4. [Andras Iklody] + + fix: Move idgen call to mixbox +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2179 from truckydev/2.4. [Andras Iklody] + + add possibility to define tags for import module. +- Add possibility to define tags for import module. Add possibility to + desable validation for String field when empty. [Tristan METAYER] + + +v2.4.73 (2017-05-10) +-------------------- + +New +~~~ +- Update all the json structures in MISP via the API, fixes #2168. + [iglocska] + + - Just post to the following APIs as a site admin: + - /warninglists/update + - /galaxies/update + - /taxonomies/update +- First implementation of the feed analysis system. [iglocska] +- Cortex objects shown in popup. [iglocska] +- New module type: Cortex. [iglocska] + + - similar to Enrichment modules except for not having the options to run hover +- New type - cortex. [iglocska] + + - raw cortex output json +- Use /events/freeTextImport/eventid via the API to directly parse and + create attributes from the input. [iglocska] + + - expected format is {"value": "my_string_to_parse"} with "distribution" being an optional value (otherwise instnace defaults are assumed) + +Changes +~~~~~~~ +- Version bump on the queryVersion. [iglocska] +- In preparation of the various taxonomy types, only update event type + taxonomies or ones without a type. [iglocska] +- Added scroll bar to large cortex object popups. [iglocska] +- Change to the CIRCL pgp keyserver instead of the slowpoke MIT one. + [iglocska] +- Added attribute count to the event view's meta fields too, fixes + #2151. [iglocska] +- Show number of attributes on the all filter in the event view, fixes + #2151. [iglocska] +- Added distribution as a possible module output field. [iglocska] + +Fix +~~~ +- Removed two duplicate fields from MYSQL.sql. [iglocska] +- Added missing fields causing pulled events to not contain attributes, + fixes #2171. [iglocska] +- Fixed two small bugs. [iglocska] +- Don't show links to feeds on the event view to normal users. + [iglocska] +- Several fixes to the feed overlay matrix. [iglocska] + + - lookup was broken for csv/freetext feeds + - allow users to see the feeds if the admin allows it +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Make redis optional (for now) [iglocska] +- Fixed two looping issues in the feed analysis matrix. [iglocska] + + - fixed cache age counter going ape**** + - fixed the overlap value counters in the graph popovers +- Removed an invalid check causing travis to fail. [iglocska] +- Version bump. [iglocska] +- Several feed fixes. [iglocska] +- Added overlap count to the feed analysis hover. [iglocska] +- Added unpublish_event not being loaded. [iglocska] +- Better centering of the cortex object popup. [iglocska] +- Missing parameters for getenabledmodules. [iglocska] +- Fixed a failure with cortex modules (hopefully) [iglocska] +- Set a default colour for tags in the feed preview that don't have a + colour set. [iglocska] +- Reduced the data pushed to the view for the tag index, potentially + resolves #2156. [iglocska] +- Set the content header for module lookups. [iglocska] +- Add event_blacklists and org_blacklists in POSTGRESQL install scripts. + [Adrien RAFFIN] + + Also fix small bug in imported MYSQL syntax + + WARNING: NOT tested in production + + Tests were only done to create database structure, MISP wasn't run with + this database. It still could have incompatibilities with Model +- Add event_blacklists and org_blacklists in MYSQL install scripts. + [Adrien RAFFIN] +- Fixed an issue where certain filters removed some elements from the + object counter, fixes #2151. [iglocska] +- Left off controller changes in the previous commit. [iglocska] +- Removed the automatic sorting from fetchEvent to improve performance. + [iglocska] +- Allow event edits even if the "Event" container isn't set. [iglocska] +- Fixed the publishtimestamp filter issues with the event index. + [iglocska] + + - allow for publishtimestmap and publish_timestamp due to some documentation issues + - fixed the lookup to be greater than by default instad of lower than + - added the option to pass a range by passing an array with a start and end publish timestamp +- Re-added missing config settings to the export modules. [iglocska] +- Added missing distribution defaults to the import modules. [iglocska] +- Bug: Ip-dst attribute should not be able to include a "/", fixes + #2138. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #2128 from deloittem/2.4. [Andras Iklody] + + Snort attribute generation rule now contains the initial msg field +- Update rule generation for attribute snort: generated rule now + contains the initial snort rule msg. [deloittem] +- Merge branch '2164' into 2.4. [iglocska] +- Remove extraneous [Ángel González] +- Reorder and to be properly nested. [Ángel González] +- Cosmetic changes. [Ángel González] + + Change space indents to tabs + Remove ?> at end of file + Add or remove some indentation where appropriate +- Minor tweaking of comments. [Ángel González] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2163 from ppanero/bro_export. [Andras Iklody] + + [WIP] - BroExport types updeted +- BroExport types updeted. [Pablo Panero] +- Merge pull request #2161 from Keisial/2158. [Andras Iklody] + + Change feedback about email notification on sending proposals +- Change feedback about email notification on sending proposals. [Ángel + González] + + Move from a “Failed for at least one recipient” warning notification + to warn when it was not sent to anyone, which is more interesting for + the user sending the proposal. + + Fixes #2158 +- Merge branch 'feature/feedanalysis' into 2.4. [iglocska] +- Merge branch 'feature/cortex' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2154 from truckydev/2.4. [Andras Iklody] + + Add filename key for import modules +- Add test for empty filename. [Tristan METAYER] +- Add filename key for import modules. [Tristan METAYER] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1947 from SekoiaLab/fix/install_sql. [Andras + Iklody] + + Fix/install sql +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Markdown typo fixed. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1809 from devnull-/issues_1643. [Andras Iklody] + + Issues 1643 +- Merge branch '2.4' into issues_1643. [devnull-] +- Merge branch '2.4' into issues_1643. [devnull-] +- Merge branch '2.4' into issues_1643. [devnull-] +- Merge branch '2.4' into issues_1643. [devnull-] +- Merge branch '2.4' into issues_1643. [devnull-] +- Quick & Dirty 'without_email' & 'Unpublish_event' options for Sync + Server. [devnull-] +- Update the database schema unpublish_event (servers) & + PublishWithoutEmail (servers) [devnull-] +- Update the database schema unpublish_event (servers) [devnull-] +- Update the database schema PublishWithoutEmail (servers) [devnull-] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2137 from juju4/2.4. [Andras Iklody] + + Remove default value for column comment +- Remove default value for column comment ERROR 1101 (42000) at line 20: + BLOB, TEXT, GEOMETRY or JSON column 'comment' can't have a default + value https://travis-ci.org/juju4/ansible-MISP/jobs/222624828#L7561 + (ubuntu xenial, mysql 5.7) + https://dev.mysql.com/doc/refman/5.7/en/blob.html. [juju4] + + Strangely, this does not affect centos7 and mariadb 5.5 even if corresponding documentation states the same. + https://travis-ci.org/juju4/ansible-MISP/jobs/222624827#L4862 + + +v2.4.72 (2017-04-14) +-------------------- + +New +~~~ +- Disable taxonomy tags. [iglocska] +- Added attributes / event average to statistics. [iglocska] +- Minimal flag added to the event index. [iglocska] + + - used by the sync, greatly reduces the data fetched / transfered on the initial sync negotiation +- Added JS dev doc. [Hannah Ward] +- Added watchify for on-the-fly dev. [Hannah Ward] +- Add build script for JS new: Add es6 version of misp.js chg: Removed + plain JS. [Hannah Ward] +- Added package.json file. [Hannah Ward] +- Added new flag to events/restSearch to disable sharing group loading. + [iglocska] + + - sgReferenceOnly: Will only load the sharing_group_id not the actual sharing group data + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Querystring bump. [iglocska] +- Make the extension .js for people's syntax highlighters. [Hannah Ward] +- Add npm instructions in install. [Hannah Ward] + +Fix +~~~ +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Enforce the hide tag directive. [iglocska] +- Toggling an attribute's correlation won't reload the page anymore. + [iglocska] + + - Part of the 2017 saving @adulau's sanity initiative(tm) +- Removed sharing group option from the quick distribution edit, fixes + #2116. [iglocska] +- Fixed an issue with the org blacklisting. [iglocska] +- Fixed an issue where a proposal not having an assigned organisation + broke the synchronisation on a pull. [iglocska] +- Fixed a format issue with the minimal index. [iglocska] +- No notify field set in user creation throws error. [iglocska] +- Reverted JS changes for now. [iglocska] +- Further JS fixes. [iglocska] +- Further fixes to the JS. [iglocska] +- Several js fixes. [iglocska] +- Left off changes to misp.js. [iglocska] +- Fixed a missing variable initialisation. [iglocska] +- Fixed uninitialised variable. [iglocska] +- Un-minified JS. Don't bully me. [Hannah Ward] +- Remove now unneeded JS deps. [Hannah Ward] +- Added 'var' in front of new variables. [Hannah Ward] +- Assign global functions to window. [Hannah Ward] +- Added uglifyjs for minified JS. [Hannah Ward] +- Don't try to use the react preset ;) [Hannah Ward] +- Only require node for development purposes - compiles to JS. [Hannah + Ward] +- Ignore the *right* node folder. [Hannah Ward] +- Avoid undefined calls to .value. [Hannah Ward] +- Updated JS to fix Infinite loading when adding an attribute fails, + fixes #2102. [iglocska] +- Removed unnecesary part of the previous fix. [iglocska] +- Fixed a mass attribute edit issue if no sharing groups are created on + the instnace. [iglocska] +- Added fallback for getallheaders() missing for some systems. + [iglocska] +- Missing ; added. [iglocska] +- Query string version bump. [iglocska] +- Added logging to the testconnection post-test. [iglocska] + + - also, fixed the inverted error codes as noted by @ppanero +- Fix to the correlation graph after the relatedevent format changes. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch 'jsfix' into 2.4. [iglocska] +- Ignore node packages in gitignore. [Hannah Ward] + + +v2.4.71 (2017-04-11) +-------------------- + +New +~~~ +- Set distribution level in freetext results / module import results, + fixes #2023. [iglocska] +- Password complexity defaults tightened, also passowrd requirements + shown to users, fixes #2117. [iglocska] +- Check is user is sudo before wiping misp. [Hannah Ward] +- Rework of the restsearch APIs. [iglocska] + + - allows for alternate download types (supported for now: openioc) + - major refactor of the openioc export + - refactor of the CIDR tool + +Changes +~~~~~~~ +- Org blacklisting enabled by default. [iglocska] +- Bumped versions. [iglocska] + + - pymisp + - query string version + - php recommended version +- Version bump. [iglocska] +- DB changes pre-loaded for 2.4.71. [iglocska] +- Default password policy now includes a 16 char+ string option as an + alternative to the short 3/4, fixes #2117. [iglocska] +- Added the proposal to delete flag to the API output, fixes #2105. + [iglocska] +- Automation page updated to reflect the changes to the search APIs. + [iglocska] + + - If your name is Raphael, move along nothing to see here *cough* + +Fix +~~~ +- Invalid lookup in the upgrade script causing the two default entries + for the org blacklist to not populate. [iglocska] +- PyMISP version bump. [iglocska] +- Fixed the missing brace. [iglocska] +- Fixed the upgrade script to 2.4.71. [iglocska] +- Removed obsolete file. [iglocska] +- Removed obsolete js file. [iglocska] +- Cleanup of the role add/edit checkboxes. [iglocska] +- Better error handling for failing to attach tags. [iglocska] +- Added password complexity popover to the password change dialogue. + [iglocska] +- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Misp-warninglists updated to the latest version. [Alexandre Dulaunoy] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Set comment field to an empty string in the attribute pre-validation. + [iglocska] +- DB changes preloaded for 2.4.71. [iglocska] +- Invalid key lookup for roaming in checkIfServerInSG() [iglocska] +- Invalid lookup for the queryversion. [iglocska] +- Fixed a typo in the previous commit. [iglocska] +- Remove sharing groups from json output if empty. [iglocska] +- Slight change of the related events format in the JSON to be more + consistent. [iglocska] + + - Org and Orgc moved within the relatedEvent->Event +- Updated to the latest version of misp-galaxy. [Alexandre Dulaunoy] +- Fixed a small issue that could lead to a failed event push using + sharing groups. [iglocska] +- Enforce the uuid creation on the UI. [iglocska] +- Enforce adding a UUID for external organisations too. [iglocska] + + - No need to support 2.3 any longer +- Default value for the tag exportable field added. [iglocska] +- Fixed the attribute level restsearch returning a weirdly formatted + empty array. [iglocska] +- Do not echo password on misp-wipe. [Hannah Ward] +- History is now available via the API, fixes #2111. [iglocska] +- Whitelist entries being removed breaks the indexing of attribute + arrays. [iglocska] + + - caused issues with JSON serialisation as lists turned into dicts +- Fixed an invalid JSON serialisation for restSearch. [iglocska] +- Minor issue - duplicate style tag, fixes #2106. [iglocska] +- CSRF issue when adding an attribute via the popover. [iglocska] +- Min width added to resolved attribute value. [iglocska] + + - looked terrible on low res screens +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Fixed issues with popups across the board for low res displays, fixes + #2101. [iglocska] + + - Popups get scrollbars / realligned for potato resolutions + - General cleanup of popup related functions in the JS + - Added version querystring to the css files, no more ctrl+f5ing after some updates +- Removed ajax containers from views since they are already provided by + the layout, fixes #1753. [iglocska] + + - resolves some issues with popups not showing up after certain actions +- Rearrange the data for adding proposals. [iglocska] + + - if no ShadowAttribute container is found, encapsulate the posted data +- NotFoundException when no events found by restSearch, fixes #2096. + [iglocska] + + - changed to just return an empty set + - returns {"request":[]} for events/restSearch + - returns [] for events/restSearch +- Removed unused field from user edit view. [iglocska] +- Correction to previous commit. [iglocska] + + - correlations can now be disabled by site admins, no matter who created the event +- Allow disabling correlation for events not owned by the user if the + user is a site admin. [iglocska] +- Freetext import shouldn't require the TLD containing warninglists to + be enabled. [iglocska] + + - as long as it exists it will be used, no need to enable it any longer +- Fixed an issue where discarding a delegation request tried to redirect + to the event view. [iglocska] + + - however, users lose access to the event once they discard the delegation request + - redirects to the index instead now +- Managing Delegation Request - wrong organisation in popup fixed, fixes + #2079. [iglocska] +- Missing JS file for the template file upload re-added, fixes #2084. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Add blob in the url. [Raphaël Vinot] +- Major rewrite of the JSON schema. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2112 from FloatingGhost/2.4. [Andras Iklody] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2091 from jhopp1e/patch-1. [Alexandre Dulaunoy] + + Update xINSTALL.centos6.txt +- Merge branch '2.4' into patch-1. [Alexandre Dulaunoy] +- Update xINSTALL.centos6.txt. [Justin Hopple] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2000 from devnull-/bulk-email. [Andras Iklody] + + Bulk email +- Add 'Precedence: bulk' in email header. [devnull-] +- Merge pull request #2 from MISP/2.4. [devnull-] + + Pull Update +- Merge branch '2.4' into 2.4. [devnull-] + + +v2.4.70 (2017-03-26) +-------------------- + +New +~~~ +- Added 2 new types. [iglocska] + + - hex and sigma +- Sync logging to debug issues. [iglocska] +- Added a POST server connection test. [iglocska] + + - hopefully it should help debug some issues +- Update MISP from the diagnostics page. [iglocska] + + - right now it's pretty dumb, it simply pulls the same branch that the current user is on + - Any failure is shown but not acted upon, if the git pull fails the user will see it but it needs to be resolved via the command line +- Allow for several attributes to be added in one go via + /attributes/add. [iglocska] + + - Also a rework of the internals + - All entry vectors are now handled the same way + - syntax for adding several attributes is [{attribute1}, {attribute2}] + - Sane defaults used automatically, making {"value":"1.2.3.4", "type":"ip-dst"} a valid attribute + +Changes +~~~~~~~ +- Changed js query string. [iglocska] +- Version bump. [iglocska] +- Edit and delete attributes now accept uuids as parameters instead of + IDs. [iglocska] +- Finished round 1 of all accessibility changes. [iglocska] +- Further work on the accessibility changes. [iglocska] +- Further progress. [iglocska] +- Further work on the accessibility changes. [iglocska] + +Fix +~~~ +- Spring cleaning. [iglocska] + + - removal of debug from the syncdebug + - cleanup of the fixes that resulted from it + - removal of the mangle sync from 2.4->2.3 (if you still have partners running 2 year old versions, time to notify them, stop syncing and unfriend on facebook) +- Potential fix for the sync issue. [iglocska] +- Some further fixes. [iglocska] + + - includes a fix to a compatibility test failure causing all instances to test as a legacy MISP +- Added missing ACL entry. [iglocska] +- Added missing popup view file. [iglocska] + + - Also added a new test string in a file for the POST connection test +- Fixed an issue with a notice error when adding a new attribute. + [iglocska] +- Better error handling for partially failed attribute collection POSTs + to /attributes/add. [iglocska] +- Missing echo caused the aria-label of import choices not to be + populated properly, fixes #2038. [iglocska] +- Missing comma added. [iglocska] +- PyMISP to the latest version. [Alexandre Dulaunoy] +- Second round of accessibility changes. [iglocska] +- First round of Accessibility issues resolved with span links. + [iglocska] + +Other +~~~~~ +- Merge branch 'syncdebug' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2073 from deloittem/2.4. [Andras Iklody] + + Manage attributes IP-SRC|PORT and IP-DST|PORT when exporting nids rules +- Manage the new attributes IP-SRC|PORT and IP-DST|PORT when exporting + NIDS rules. [Mathieu Deloitte] +- Merge pull request #2069 from deloittem/2.4. [Andras Iklody] + + All tag cannot be included in export functions such as suricata rules +- New variable includeAllTags added to NIDS export: even not exportable + tags could be included in NIDS export. [Mathieu Deloitte] +- Merge pull request #2068 from ppanero/regex_bugfix. [Andras Iklody] + + testForPath regex fixed in Server.php +- TestForPath regex fixed in Server.php. [Pablo Panero] +- Merge pull request #2057 from RichieB2B/nscs-nl/wipe. [Alexandre + Dulaunoy] + + misp-wipe.sh fixes +- Merge branch '2.4' into nscs-nl/wipe. [Alexandre Dulaunoy] +- Merge pull request #2055 from dspruell/riskiq_logo. [Andras Iklody] + + Riskiq logo +- Remove logo path (probably unneeded to have added to .gitignore) + [Darren Spruell] +- Add org logo for RiskIQ. [Darren Spruell] +- Merge pull request #2056 from RichieB2B/ncsc-nl/perm-sightings. + [Andras Iklody] + + Add perm_sighting to initial database and roles +- Add perm_sighting to initial database and roles. [Richard van den + Berg] +- Merge branch '2.4' into nscs-nl/wipe. [Alexandre Dulaunoy] +- * misp-wipe.sh does not backup, so no outputdir is needed * clear data + model cache upon wiping misp. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1984 from SekoiaLab/feature/serversApi. [Andras + Iklody] + + Adds an api to add and edit servers in MISP +- Feature: Adds the api support to ServersController to edit servers. + [Sebastien Quioc] +- Refactor(controllers): adds checks for input parameters before editing + a server. [Sebastien Quioc] +- Feature: Adds the api support to ServersController to add new servers. + [Sebastien Quioc] +- Merge pull request #2049 from sebdraven/2.4. [Andras Iklody] + + add impfuzzy +- Add impfuzzy. [Sébastien Larinier] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] + + +v2.4.69 (2017-03-10) +-------------------- + +Changes +~~~~~~~ +- Some changes to the users. [iglocska] + + - added date created/modified in the backend + - added date created in the users index + - passowrd reset for a user now shows a warning if no pgp/smime key are set and the user might not be getting the email +- PyMISP update. [iglocska] + +Fix +~~~ +- Version bump. [iglocska] +- Fixed a typo in an upgrade script. [Iglocska] +- Readded the failing entry caused by a typo in the upgrade system. + [iglocska] +- JS version bump. [iglocska] +- Fixed the upload of proposal attachments via the data field, fixes + #2037. [iglocska] +- Changed the main misp js file name and switched to using query strings + to invalidate cached versions on update. [iglocska] + + - stops MISP from disclosing the version string on the login page + + - as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs +- Removed the loading of the main js file from the login page. + [iglocska] + + - stops MISP from disclosing the version string on the login page + + - as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs +- Tightened sanitisation in some view elements - on the index filter + tool - organisation landing page. [iglocska] + + as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs +- Tightened sanitisation in some view elements - on the index filter + tool - organisation landing page. [iglocska] + + as reported by Tien Phan and David Maciejak of Fortinet's FortiGuard Labs. +- Fixed an issue that could under certain conditions lead to empty + events being pushed when synchronising. [iglocska] +- Removed unnecessary implode() code. [David Maciejak] +- Normalised the attirbutes/add and attributes/edit apis. [iglocska] +- Fixed a potential issue causing the attribute validation to fail. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #2033 from rmarsollier/2.4. [Andras Iklody] + + minor bugfix on TagsController.php +- Minor bugfix on TagsController.php. [rmarsollier] +- Merge pull request #2019 from dmaciejak/patch-1. [Andras Iklody] + + fix: remove unnecessary implode() call +- Merge pull request #2031 from deloittem/2.4. [Andras Iklody] + + Suricata export update +- Only display the tag name if the array contains values (depending if + the tag is exportable or not) [Mathieu Deloitte] +- Add the attribute tags to the msg field (Suricata rule) to sort easier + the raised alerts. [Mathieu Deloitte] +- Initialize host to empty value when the URL is formed incorrectly. + [Mathieu Deloitte] + + +v2.4.68 (2017-03-08) +-------------------- + +New +~~~ +- Added float as a new attribute type. [iglocska] +- Added a way to upload org logos directly from the org add/edit view. + [iglocska] +- Enable sync permission for read only accounts. [iglocska] +- Added a way to disable cached exports server wide for low disk space + instnaces. [iglocska] + + - But please consider just adding some more space instead.. + +Changes +~~~~~~~ +- Added some language clarifying the filter rule relations, fixes #2011. + [iglocska] +- Cakephp updated. [iglocska] +- PyMISP updated. [iglocska] +- Quick deletion of events. [iglocska] + + - uses prepared statements instead of the framework's cascading delete + - utterly massive performance boost +- Add the version number to the headers for sync requests. [iglocska] + +Fix +~~~ +- Fixed sql fail. [iglocska] +- AttachTagToObject and removeTagFromObject now accept posted JSON + objects. [iglocska] +- Fixed some default value issues with taxonomy colours. [iglocska] +- Several blacklist related fixes. [iglocska] + + - turned the functionality to a default on feature + - added indexes + - fixed some default values +- Added default value to proposal_to_delete. [iglocska] +- Additional logging when an attribute can't be added. [iglocska] +- Misp-taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Typo fixed. [iglocska] +- Missing file added. [iglocska] +- Some ACL tightening. [iglocska] +- PushProposals requires that the user has perm_add permissions. + [iglocska] +- Potential fix for a weird issue blocking the editing of users, fixes + #1992. [iglocska] +- Fixed an issue with the baseurl diagnostic. [iglocska] +- Added missing network indicators to the network filter tab in the + event view. [iglocska] +- Truncating the title of a log entry at 65KB for some pretty rare edge + cases. [iglocska] +- Misp-galaxy updated to the latest version. [Alexandre Dulaunoy] +- Relaxed TLD validation for hostname|port, domain|ip, jabber-id, fixes + #1977. [Iglocska] +- Allow the disabling of the correlation of an event / attribute on + event add, fixes #1991. [iglocska] +- Fixed several issues with the sightings. [Iglocska] + + - Main issue was the expensive and potentially large query used to find all sightings for a list of tags (used on the tag and galaxy cluster index) + + potentially fixes #1993 + +Other +~~~~~ +- Merge branch 'hotfix-2.4.68' into 2.4. [iglocska] +- Version bump. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch 'feature/readonlysync' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1996 from kx499/2.4. [Andras Iklody] + + Updated comment for enrichment modules to reference value used for enri… +- Updated comment for enrichment modules to refence value used for + enrichment for added context. [kx499] +- Merge pull request #2002 from ppanero/branch_cleanup. [Andras Iklody] + + bro to_IDS and published flags fix on query. Now supporting block_eve… +- Bro to_IDS and published flags fix on query. Now supporting + block_event_proposals. [ppanero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.67 (2017-02-24) +-------------------- + +New +~~~ +- Add reverse proxy support for test of baseurl. [Adrien RAFFIN] +- Added activity charts to tag and galaxy cluster indeces. [iglocska] + + - bunch of small improvements additionally +- Added advanced sightings and sparkline to the event itself. [iglocska] +- User management convenience functions added. [iglocska] + + - quick e-mail: send an e-mail to a user quickly + - orgadmin: see the org admins of a user and contact them + - pgp key issues shown on the user view + - pgp fingerprint shown on the user view + - copy paste auth keys and pgp keys quickly by clicking on them +- Added PGP fingerprint and PGP key status to user view. [iglocska] +- Sightings column added to sightings table. [iglocska] + +Changes +~~~~~~~ +- Removed superfluous style. [iglocska] +- On event create page add a notice #1973. [iglocska] +- Added warnings about the user's encryption status in the quick mailer. + [iglocska] +- Better error message for invalid types when posting sightings. + [iglocska] + + - sent before doing the lookup against existing attributes +- Made the role add/edit forms a bit more sane. [iglocska] + + - allow for some permissions to be given out to read only users + - hide the permissions that can't be selected for the given access level +- Sightings role added to ACL. [iglocska] + +Fix +~~~ +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- More invalid MySQL fields fixed. [iglocska] +- Fixed a mysql issue. [iglocska] +- PyMISP updated. [Alexandre Dulaunoy] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Fixed an issue displaying events without sghting data. [iglocska] +- Added a fix to growing arrays in the ApacheSecureAuth settings, fixes + #1981. [iglocska] +- Relaxed the TLD validation for domains / hostnames, fixes #1977. + [iglocska] +- Typo fixed in the advanced add sighting interface, fixes #1975. + [iglocska] +- Fixed some visual issues with the attribution/targeting data warning + in add attributes. [iglocska] +- Some fixes for the new user admin features. [iglocska] +- Mergeing removal of deprecated JS in the new role creation. [iglocska] +- Small fix for an invalid error message in the sightings. [iglocska] +- Throw an error if the local feed file is not found. [iglocska] +- Re-added the accidentally removed code in a merge, fixes #1965. + [iglocska] + + - affects f0e1a27b7dca2e6d36f904ef52d4976649ccefa3 +- Added validation for sighting type and fixed responses for adding + sightings. [iglocska] + +Other +~~~~~ +- Version bump. [iglocska] +- Merge branch '2.4.67' into 2.4. [iglocska] +- Merge branch '2.4' into 2.4.67. [iglocska] +- Merge pull request #1988 from RichieB2B/ncsc-nl/misp-wipe. [Andras + Iklody] + + Script to wipe (reset) a MISP installation +- Clear tables that can be re-populated. [Richard van den Berg] +- Additional table wipes. [Richard van den Berg] +- Remove unneeded config.php variables, keep user 3. [Richard van den + Berg] +- Added misp-wipe.sh. [Richard van den Berg] +- Merge pull request #1982 from ppanero/patch-2. [Andras Iklody] + + Update Server.php +- Update Server.php. [Pablo Panero] + + Duplicate entry of property +- Merge pull request #1980 from SteveClement/2.4. [Andras Iklody] + + Minor update to start.sh +- - Added root check - Added comment about bash quirk. [Steve Clement] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1971 from SekoiaLab/feature/AddAuthkeyAtCreate. + [Andras Iklody] + + feature: Add support for user creation with authkey +- Feature: Add support for user creation with authkey. [Adrien RAFFIN] +- Merge pull request #1972 from + SekoiaLab/feature/ImproveReverseProxyChecks. [Andras Iklody] + + new: Add reverse proxy support for test of baseurl +- Merge pull request #1974 from ppanero/patch-1. [Andras Iklody] + + Update README.md +- Update README.md. [Pablo Panero] + + Updated readme with apache config for API/Syncs filtering from SSO +- Merge branch '2.4' into 2.4.67. [iglocska] +- PyMISP updated. [iglocska] +- Merge branch '2.4' into 2.4.67. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1967 from truckydev/2.4. [Andras Iklody] + + Code for issue : https://github.com/MISP/MISP/issues/1965 +- Code for issue : https://github.com/MISP/MISP/issues/1965. [truckydev] + + +v2.4.66 (2017-02-19) +-------------------- + +New +~~~ +- Added links to all events that match sightings sources in the + sightings top list. [iglocska] +- Added sighting top list to the statistics. [iglocska] +- Various fixes to the sightings. [iglocska] + + - sparkline got its own column + - delete sightings in the sighting details +- First revision of the new sightings system. [iglocska] +- First iteration of the improved sightings. [iglocska] + +Changes +~~~~~~~ +- Work on the sightings. [iglocska] +- Added default to shadow_attributes old_id. [iglocska] + +Fix +~~~ +- Fixed an issue that prevented < 2.4.63 from being upgraded to the + latest version. [Iglocska] +- Version bump 2.4.66. [Alexandre Dulaunoy] +- Added eventids to the toplist API. [iglocska] +- Left off view file added. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Sightings are in fact not galaxies (heading changed) [iglocska] + + - derp +- Fixed a JS error causing a feed edit to not populate the filter + popover, fixes #1959. [iglocska] +- Fixed some permission issues preventing non site admins from using + some functionalities correctly. [iglocska] +- ACL updated. [iglocska] +- Enforce longer value fields on the event view. [iglocska] +- Added missing column in MYSQL.sql and some indexing. [iglocska] +- Typo. [iglocska] +- MYSQL.sql brought up to date. [iglocska] +- Changed name of the activity sparkline graphs. [iglocska] +- Fixed an annoying effect when adding a sighting. [iglocska] + + - also, js file renamed to current version +- Fixed an issue with the advanced correlation. [iglocska] +- Fixed some view issues with the sightings. [iglocska] +- Execute the cach cleaning before the indexing too. [iglocska] +- Fixed a possible issue with the upgrade mechanism. [iglocska] + + - indexer expecting new indeces +- IP:port attribute types should not be line separated. [iglocska] +- Execute upgrade script. [iglocska] +- Several fixes to the new sightings. [iglocska] +- Some bug fixes. [iglocska] +- Added composer's license. [iglocska] +- Update default field of organisation when creating new accounts. + [Adrien RAFFIN] +- Changed installation behaviour of composer. [iglocska] + + - no longer requires the live download and execution of the composer package + - compromising https://getcomposer.org/ could lead to RCE for new MISP installations during the installation + + - As reported by Trey Darley (@treyka) +- Urlencode the user's event list lookup to prevent oddities. [iglocska] +- Fixed a bug with the freetext import that broke the detection of IP + addresses. [iglocska] +- Added correct recognition of ip:port indicators to the freetext import + tool, fixes #1919. [iglocska] +- Added (dot) to the refanging. [iglocska] +- Incorect IF statment in app/Model/AppModel.php, fixes #1891. + [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'feature/enhanced_sightings' into 2.4. [iglocska] +- Merge branch '2.4' into feature/enhanced_sightings. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into + feature/enhanced_sightings. [iglocska] +- Merge pull request #1958 from devnull-/ssl_client. [Andras Iklody] + + Client SSL Certificate Authentication improvements +- Clean & improve README.md of CertAuth. [devnull-] +- Don't login or create an empty account if the user doesn't exist. + [devnull-] +- Missing 'the' in comment. [devnull-] +- Add details in client SSL authentication comments. [devnull-] +- Merge pull request #1 from MISP/2.4. [devnull-] + + Update fetch upstream +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1955 from treyka/patch-3. [Andras Iklody] + + remove spurious php5-xml +- Remove spurious php5-xml. [Trey Darley] + + php5-xml is not a separate package; it's included with libapache2-mod-php5. +- Merge pull request #1942 from Deventual/patch-5. [Andras Iklody] + + fixed install instructions +- Update INSTALL.debian7.txt. [Deventual] +- Fixed install instructions. [Deventual] + + Added php-xml, without it this issue can rise: + Class 'DOMDocument' not found in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/Xml.php +- Merge pull request #1944 from Deventual/patch-7. [Andras Iklody] + + fixed install instructions +- Fixed install instructions. [Deventual] + + Added php-xml, without it this issue can rise: + Class 'DOMDocument' not found in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/Xml.php +- Merge pull request #1945 from Deventual/patch-8. [Andras Iklody] + + Fixed install instructions +- Fixed install instructions. [Deventual] + + Added php-xml, without it this issue can rise: + Class 'DOMDocument' not found in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/Xml.php +- Merge pull request #1943 from Deventual/patch-6. [Andras Iklody] + + fixed install instructions +- Fixed install instructions. [Deventual] + + Added php-xml, without it this issue can rise: + Class 'DOMDocument' not found in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/Xml.php +- Merge pull request #1937 from Deventual/patch-4. [Andras Iklody] + + Fixed install instructions +- Fixed install instructions. [Deventual] + + Added php-xml, without it this issue can rise: + Class 'DOMDocument' not found in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/Xml.php +- Merge pull request #1936 from Deventual/patch-3. [Andras Iklody] + + fixed install instructions +- Fixed install instructions. [Deventual] + + Added php-xml, without it this issue can rise: + Class 'DOMDocument' not found in [/var/www/MISP/app/Lib/cakephp/lib/Cake/Utility/Xml.php +- Merge pull request #1941 from SekoiaLab/fix/organisation. [Andras + Iklody] + + fix: update default field of organisation when creating new accounts +- Merge pull request #1912 from deloittem/2.4. [Andras Iklody] + + NidsSuricataExport refactoring for attribute *URL* +- Merge branch '2.4' into 2.4. [Alexandre Dulaunoy] +- Merge branch '2.4' into 2.4. [Alexandre Dulaunoy] +- Merge branch '2.4' into 2.4. [Alexandre Dulaunoy] +- NidsSuricataExport refactoring for attribute *URL* [Mathieu Deloitte] +- Merge pull request #1928 from cvandeplas/2.4. [Andras Iklody] + + eventview - cluster id fields +- Eventview - cluster class field. [Christophe Vandeplas] + + use class instead of id +- Eventview - cluster id fields. [Christophe Vandeplas] + + Allows custom CSS to manage the cluster info fields. (example: #cluster_country { display: none; } ) +- Merge pull request #1924 from RichieB2B/nscs-nl/sudo. [Alexandre + Dulaunoy] + + Add sudo for cp logrotate +- Add sudo for cp logrotate. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Update PyMISP. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Update PyMISP. [Raphaël Vinot] + + +v2.4.65 (2017-02-09) +-------------------- + +Changes +~~~~~~~ +- Allow the creation of read only auth users/auditors. [iglocska] + + - also add creator email to json output for auditors + +Fix +~~~ +- Fixed the new indexer generating a notice on a successful indexing. + [iglocska] +- Import whitelist - add a description to make it clearer, fixes #1902. + [iglocska] +- Labels in Add/Edit feed, fixes #1913. [iglocska] +- Remove possible duplicate entries coming from a freetext feed import. + [iglocska] + + - Since we use saveMany() for saving attributes from the freetext/csv feed import the unique attribute constraint was ineffective + - The constraint checks if the event already has a similar type/category/value combination + + - TODO: Refactor this, each insert is also an expensive non buffered SELECT query besides the correlation creation! +- Fix several strict issues. [iglocska] +- Fix to the advanced correlation when no hits are found. [iglocska] +- API request : "An Internal Error Has Occurred." if no Thread for an + event fixes #1900. [iglocska] + + - also, some cleanup of the eventView api +- Fix to a strict mySQL issue with the feed table. [iglocska] +- Fixed several issues with the indexer in the upgrade algorithm. + [iglocska] + + - also, rerun the recent indexing rules + +Other +~~~~~ +- Version bump. [iglocska] +- Merge branch 'auditor' into 2.4. [iglocska] +- Merge branch '2.4' into 2.4. [truckydev] +- Merge branch '2.4' into 2.4. [truckydev] +- Check if auditor have good "org_id" [truckydev] +- Merge branch '2.4' into 2.4. [truckydev] +- Get email creator user for auditor users. [Tristan METAYER] +- Add auditor user auditor user can see event_creator_id. + [Tristan METAYER] + + +v2.4.64 (2017-02-06) +-------------------- + +New +~~~ +- Lookup organisations by uuid using organisations/view. [iglocska] +- Advanced correlations. [iglocska] + + - experimental feature, correlate on CIDR + - can be turned on/off in the server settings + - For the emperor +- Added mass tagging to attributes on the event view. [iglocska] + + - Oooh yes. +- New setting to sanitise attributes on delete. [iglocska] + + - if enabled server wide, any delete of an attribute will not just set the deleted flag, but also sanitise the content fields + - fields sanitised: category, type, value, comment, to_ids +- Send out credentials directly during user creation. [iglocska] +- Added API access to the statistics. [iglocska] + + - first iteration, this is a bit more complex to get it right than this implementation + - data cleanup to make the results somewhat more useful + - raw data needs to be documented + + - available APIs: + - /users/statistics/data.json + - /users/statistics/orgs.json + - /users/statistics/tags.json + - /users/statistics/attributehistogram.json + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Added default log org entry. [iglocska] +- Added ids to the server index. [iglocska] + +Fix +~~~ +- Fixed a bug retrieving an org with no users. [iglocska] +- MISP galaxy updated. [Alexandre Dulaunoy] +- MISP taxonomy to the latest version. [Alexandre Dulaunoy] +- Fixes an issue with tags missing on push. [iglocska] +- Fixes to several issues with the setting change upgrade hooks. + [iglocska] + + - also removed the not null restriction from a problematic field with no default entry, fixes #1853 +- Set IDS flag for all attributes added via Email Import module fixes + MISP/misp-modules#98. [iglocska] +- Added default values for some problematic log columns. [iglocska] +- Simplification of the proposal sync. [iglocska] +- Warning-list for empty hashes doesn't work on malware-sample even if + the warning list is for ALL, fixes #1837. [iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1896 from RichieB2B/ncsc-nl/logrotate. [Andras + Iklody] + + Add logrotation for MISP workers output +- Add logrotation for MISP workers output. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1888 from RichieB2B/ncsc-nl/permissions-comment. + [Andras Iklody] + + Clarify permissions, see #1886 +- Clarify permissions, see #1886. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1886 from cvandeplas/text_export. [Andras Iklody] + + attributes/text - optionally export attributes from not published events +- Attributes/text - optionally export attributes from not published + events. [Christophe Vandeplas] +- Merge branch 'feature/passwordSending' into 2.4. [iglocska] + + +v2.4.63 (2017-02-01) +-------------------- + +New +~~~ +- Small rework of the thread functionalities. [iglocska] + + - API get /threads/view/ and /threads/viewEvent/ + - Added new setting to show post count on the event index including a notification if it has a post newer than 24 hours +- Add and remove tags from object by uuid. [iglocska] + + - /tags/attachTagToObject/uuid/tag + - /tags/removeTagFromObject/uuid/tag + + - tag can be tag ID or tag name (must be an exact match) + - Affects events and attributes + +Changes +~~~~~~~ +- Changes to the email notification. [iglocska] + + - added attribute tags +- Version bump and changed default session engine to php. [iglocska] +- Misp-galaxy update. [iglocska] + +Fix +~~~ +- Fixing a notice introduced in the last commit. [iglocska] +- Warning list updated to the latest version. [Alexandre Dulaunoy] +- Composite attributes displayed in 2 lines. [iglocska] +- Fixed a bug causing CSRF issues for tag removal. [iglocska] + + - at least I hope it did for others. +- Added missing view file, some small fixes, pymisp version bump. + [iglocska] +- Added new functionality to the ACL. [iglocska] +- Cosmetic copy pasta issue fixed. [iglocska] +- [misp-galaxy] updated to the latest version including ransomware. + [Alexandre Dulaunoy] +- Fixed an attribute type description. [iglocska] +- Removing tags now spans its own CSRF tokens in the confirmation popup. + [iglocska] + + - fixes some CSRF issues + - improves rendering performance +- Galaxy source should act as a link if a link is provided. [iglocska] +- Remove the admin setting changes too using the prune job. [iglocska] +- Fix and cleanup script for a specific bug. [iglocska] + + - rare occurance, but some MISP servers enter an upgrade loop causing massive amounts of log entries + - this patch cleans up the bug preventing further upgrade loops as well as offers a script to clean up the fallout +- Fixed a bug that didn't correctly handle validation errors on the + attribute add popup, fixes #1875. [iglocska] +- Removed malware-sample and attachment from the attribute type options. + [iglocska] + + - should not be possible to select these via the add/edit attribute functions +- Fixed various tagging issues. [iglocska] + + - event tag when editing an event wasn't added correctly + - tags that were not exportable returned weird empty lists via the API + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'feature/db_fix' into 2.4. [iglocska] + + +v2.4.62 (2017-01-26) +-------------------- + +New +~~~ +- Added the option to delete files after ingestion of local feed. + [iglocska] +- Local feeds. [iglocska] + + - still needs testing +- Added two new parameters for the attribute restsearch. [iglocska] + + - to_ids, with the following options + - false (default): include all attributes, no matter the to_ids flag + - true: include only to_ids attributes + - "exclude": exclude attributes marked to_ids + + - deleted with the following options + - false (default): only include non deleted attributes + - true: include deleted attributes + - "only": ONLY include deleted attributes + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Added validation errors for a local feed pointing to the wrong + resource. [iglocska] + + - should be a file for non misp feeds + - should be a directory for misp feeds + +Fix +~~~ +- PyMISP version bump. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Fixed an invalid lookup for the site admin debug. [iglocska] +- Fixed an issue where setting site admin debug to false resulted in a + critical warning. [iglocska] +- Empty delimiter for CSV feeds causing grief. [iglocska] +- Fixed an issue that prevented a feed to be convertable between types. + [iglocska] +- Fixed an issue with the feed url validation. [iglocska] +- Fixed an old bug returning an invalid feed pull result. [iglocska] + + - no new events / nothing to update returned an error before +- Views left off. [iglocska] + +Other +~~~~~ +- Merge branch 'feature/localfeeds' into 2.4. [iglocska] +- Merge branch '2.4' into feature/localfeeds. [iglocska] +- Add: Code of conduct added to the MISP Project - fix #1858. [Alexandre + Dulaunoy] +- Add: Code of conduct added to the MISP Project - fix #1858. [Alexandre + Dulaunoy] +- Merge pull request #1860 from RichieB2B/ncsc-nl/brobesitas. [Alexandre + Dulaunoy] + + Truncate bro cached export files +- Truncate bro cached export files. [Richard van den Berg] + + +v2.4.61 (2017-01-22) +-------------------- + +New +~~~ +- New warninglist type: hostname. [Iglocska] + + - use lists designated as hostname lists (which can be domains too) +- Allow the new type "substring" to be used for warninglists. [Iglocska] + +Changes +~~~~~~~ +- Version bump. [Iglocska] +- Updated warninglists. [Iglocska] +- Nicer screenshot view. [Iglocska] +- Click a screenshot to expand/collapse it. [Iglocska] +- Updated the warninglists. [Iglocska] +- Warninglists updated. [Iglocska] + +Fix +~~~ +- Fixed the hacky solution for hostname evaluation in warninglists. + [Iglocska] +- Critical fix to an issue with event add fixed. [Andras Iklody] + + - a reuse of a pointer causes an invalid duplication of an attribute on entry, leading to the last attribute being dropped +- Fixed the org edit API. [Iglocska] + + - it only worked if all fields were set + - switched to a different strategy where any changed field is updated +- Badges, badges and more badges! [Alexandre Dulaunoy] +- Badges more badges! [Alexandre Dulaunoy] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Organisation UI and API improvements. [Iglocska] + + - opened up the organisations controller to API actions + - this includes index/add/edit/delete + - uses the still new-ish standardised REST library + - send GET requests to add/edit to view the parameters + + - reworked the org index to paginate 60 items instead of 20 and to have a view all button +- Fixed an issue that erroneously updated the date of an org creation on + edit. [Iglocska] +- Just force utf8 encoding if it's not set. [Iglocska] +- Added a warning if utf8 encoding isn't set up in the database config. + [Iglocska] + + - also, changed the default database config to enforce utf8 +- Do the centering after the screenshot is shown. [Iglocska] + + - otherwise it returns 0 as the width +- Left off css changes. [Iglocska] +- Whois-registrant-email added as type when an email is detected in + freetext. [Alexandre Dulaunoy] +- ACL updated for attribute level tagging. [Iglocska] +- Don't try to add the attribute tag field to proposals. [Iglocska] +- Andreas Ziegler significant contribution acknowledged in Copyright. + [Alexandre Dulaunoy] +- Temporary fix for no relatedattributes producing an empty string + instead of an empty array in the retrieved data. [Iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1857 from deralexxx/patch-6. [Alexandre Dulaunoy] + + Updating Authors to add Andreas +- Updating Authors to add Andreas. [Alexander J] + + and myself as well + https://github.com/MISP/MISP/commit/ce5973f273420ef602a1c577f35927823014e17b +- Merge pull request #1856 from deralexxx/patch-5. [Andras Iklody] + + Small UI patch to make users aware to upload *.pem files +- Update add.ctp. [Alexander J] +- Update edit.ctp. [Alexander J] + + (*.pem) https://github.com/MISP/MISP/issues/1246 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- [misp-galaxy] - latest version included. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.60 (2017-01-17) +-------------------- + +New +~~~ +- Request encryption of samples via the event REST api. [iglocska] + + - Add the encrypt flag to attributes to be added via the events/add or events/edit api + - simply add "encrypt": true to the attributes that have a sample attached in the "data" field + - make sure that the attribute value is the desired filename, the hashes will be added automagically +- Add a new api to check the supported PyMISP version. [iglocska] +- Index API for sightings added. [iglocska] +- Sightings API improvements WIP. [iglocska] + + - reworked responses + - started work on the new index +- Show attributetags on sync event preview. [Andreas Ziegler] +- Show attributetags on api calls for single attributes. [Andreas + Ziegler] +- Show usage count of an attributetag in tag list. [Andreas Ziegler] +- Show usage count of an attributetag in taxonomies detail view. + [Andreas Ziegler] +- Search for attributetag by clicking on one. [Andreas Ziegler] + + including major reorganisation of attributes search() method +- Add&remove attributetags on event view. [Andreas Ziegler] +- Add search&result for attributetags. [Andreas Ziegler] +- Add findAttributeIdsByAttributeTagNames() to Tag Model. [Andreas + Ziegler] +- Show attributetags on event view. [Andreas Ziegler] +- Show attributetags on attribute index. [Andreas Ziegler] +- Add config options for attribute tagging. [Andreas Ziegler] +- Add AttributeTag. [Andreas Ziegler] +- Add table attribute_tags on updates to 2.4.53. [Andreas Ziegler] +- Add sql for attribute_tags (PostgreSQL) [Andreas Ziegler] +- Add sql for attribute_tags (MySQL) [Andreas Ziegler] + +Changes +~~~~~~~ +- Use cakeresponse for JSON response in updateGraph instead of + serialize. [Iglocska] +- Update of the JS filename. [Iglocska] +- Version bump. [Iglocska] +- Some UI love. [Iglocska] + + - back button fixed on tag selection popup + - esc now closes popup forms / field edits +- Allow disabling/enabling publishing of events imported via the UI, + fixes #1845. [Iglocska] +- Updated the taxonomies. [Iglocska] +- Description of session.timeout updated. [Iglocska] +- Added event ID to the attribute level tags. [iglocska] +- Made the attribute level tagging mandatory. [iglocska] + + - despite my earlier request to @rotanid, there is no need for this feature to be optional, it's one of the few cases where it should be universally enabled + +Fix +~~~ +- Fix a unicode issue with the correlation graphs. [Iglocska] +- Fix an issue with the graphs when no relations are found. [Iglocska] +- Clarification a selectable group is also an active group. [Alexandre + Dulaunoy] + + or an active group is also selectable. +- Epic fail due to missing brackets. [Iglocska] + + - mimicing Apple's gotofail well. +- Some UI love. [Iglocska] +- Update the attribute timestamp on attaching/removing tags. [Iglocska] +- Unpublish event when adding/removing an attribute tag. [Iglocska] + + - also show the event being unpublished immediately +- Fixed some issues with the galaxies that got broken. [iglocska] +- Fixed some issues with the addTag/removeTag APIs. [iglocska] +- Fixed an issue that prevented tas to be added from attributes. + [iglocska] + + - whenever the "all" taxonomy was chosen +- Further merge fixes. [iglocska] +- Merge issue fixed. [iglocska] +- Cleaner fix, testBool doesn't need to run testForEmpty. [Iglocska] +- Don't show value not set on boolean false values that are actually set + in the server settings. [Iglocska] +- Disable_correlation not updated using the events/edit api. [Iglocska] +- Edit events by uuid instead of id, fixes #1842. [Iglocska] +- Only allow malware-samples to be created using the upload_sample api, + fixes #1843. [Iglocska] + + - contrary to the documentation, setting the IDS flag decided the type of the resulting upload (malware-sample vs attachment) + - attachments can easily be created without any black magic using the add attribute api anyway + + - also fixed a bug that prevented the timestamp of events receiving a sample via the upload_sample api from being re-timestamped +- [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [misp-warninglists] updated to the latest version. [Alexandre + Dulaunoy] +- Cannot list users in own org - but button to do so is shown #1749. + [iglocska] + + - normal users saw the option to see their own orgs' users but clicking the button resulted in an exception caused by the ACL + - fixed a bug that caused the button to show up in the first place +- Fixed an issue with an empty SMIME field preventing users from being + added, fixes #1821. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Debug alert removed. [iglocska] +- Copyright dates updated. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- Added sightings index to the ACL. [iglocska] +- Fixed some UI issues. [iglocska] +- Fixed an issue where the published field would disappear on the event + view. [iglocska] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] Galaxy updated to the latest version. [Alexandre + Dulaunoy] +- [misp-galaxy] New clusters exploit-kit and TDS added. [Alexandre + Dulaunoy] +- Small UI issue fixed. [Iglocska] +- Fixed some UI issues with the correlation status on the event view. + [Iglocska] +- Fix empty space issues with server settings. [Iglocska] + + - on input trim the string + - on the not empty check, first trim the string to warn users about existing issues +- Show that an event is unpublished when you accept a proposal, fixes + #1763. [iglocska] + + - we've had the system for a while for adding tags already anyway +- Fixed the editing of tags using the rest API. [iglocska] +- Merge issues fixed. [iglocska] +- Create attributetags during import of attributes. [Andreas Ziegler] +- Prepare attributetags in import data. [Andreas Ziegler] +- Export attributetags as Tag elements (like eventtags) [Andreas + Ziegler] + +Other +~~~~~ +- Merge branch 'feature/attribute-tagging' into 2.4. [Iglocska] +- Merge branch '2.4' into feature/attribute-tagging. [Iglocska] +- Merge branch '2.4' into feature/attribute-tagging. [Iglocska] +- Merge branch '2.4' into feature/attribute-tagging. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1834 from mdtro/patch-1. [Andras Iklody] + + Fixed typo in dependency installs +- Fixed typo in dependency installs. [mdtro] + + rh-php56-bcmath should be rh-php56-php-bcmath +- Merge pull request #1833 from BenDrysdale/2.4. [Andras Iklody] + + Fixed typo in xINSTALL.centos7.txt +- Fixed typo in xINSTALL.centos7.txt. [Ben Drysdale] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1815 from Rafiot/travis. [Raphaël Vinot] + + Fixing travis +- Update pymisp. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' into feature/attribute-tagging. [iglocska] + + +v2.4.59 (2017-01-01) +-------------------- + +New +~~~ +- Added a new field for an exclude regex for the CSV / Freetext feeds. + [iglocska] + + - just set a php compatible PCRE regex pattern to exclude values +- Added feed metadata download link. [iglocska] +- Various new feed features. [iglocska] + + - import feed descriptor json pastes to add a list of pre-defined feeds + - improvements to the feed pull (a single non validating attribute shouldn't break the process) + - altered the saving of the attributes to happen in chunks during a feed pull to avoid very large feeds from stalling the process + - split the feeds into 3 tabs: default, custom, all +- Added caching and pagination to freetext/csv feeds. [iglocska] +- Added session settings to the server settings. [iglocska] + + - also, new method for writing the MISP config file + +Changes +~~~~~~~ +- Version bump. [iglocska] +- Changed the feed cache locations. [iglocska] +- Added description for feed metadata download. [iglocska] +- Added colour fields to sql files. [iglocska] +- Colour field backticks removed. [iglocska] +- Added colour fields to taxonomies. [iglocska] +- View the feed index via the API (to easily extract / share the + settings) [iglocska] + +Fix +~~~ +- Copy paste fail. [iglocska] +- Left off changes to the complextypetool. [iglocska] + + - oops +- Fixed a copy paste bug and the default feed index scope. [iglocska] + + - defaults to all feeds now +- Fix to several issues with the feeds: [iglocska] + + - settings (csv column number, delimiter) were ignored + - skipped fields were still counted by the paginator showing some pages with fewer than the expected 60 values +- Setting naming consistency fail. [iglocska] + + - separator != delimiter +- Fixed some minor issues with the feed import. [iglocska] +- Updated the ACL. [iglocska] +- Added rest response to the importFeeds method. [iglocska] +- Fixed the colour settings for taxonomies. [iglocska] +- Updated to the latest version of the galaxy. [Alexandre Dulaunoy] +- Org field missing in log entry causing proposal sync to fail. + [iglocska] + + - Added SYSTEM as the default value +- Allow users to fetch their PGP keys. [iglocska] +- Updated to the latest version of misp galaxy. [Alexandre Dulaunoy] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Show additional flags for non MISP feeds. [iglocska] +- Fixed a new issue introduced in ajax response handling. [iglocska] +- Invalid element load while browsing the galaxies, fixes #1752. + [iglocska] + + - was hard to spot at first, but indeed the bug is as described in the issue and masked by an ajax load of the contents +- Only show related events in red if it's created by the same org, fixes + #1528. [iglocska] + + - was using the local owner id instead of the creator id + +Other +~~~~~ +- Merge branch '2.4.59' into 2.4. [iglocska] +- Merge branch '2.4' into 2.4.59. [iglocska] +- Merge branch 'feature/colour' into 2.4.59. [iglocska] +- Merge pull request #1786 from RichieB2B/ncsc-nl/fix-fuzzy. [Andras + Iklody] + + Fix STIX exports for malware-sample attributes +- Fix STIX exports for malware-sample attributes. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1784 from SteveClement/patch-1. [Andras Iklody] + + Broken Image Typo +- Broken Image Typo. [Steve Clement] + + Remove bang (!) so it doesn't get interpreted as an image. + + +v2.4.58 (2016-12-22) +-------------------- + +New +~~~ +- Disable correlation. [iglocska] + + - globally + - on an event level + - on an attribute level + +Changes +~~~~~~~ +- Updated misp galaxies. [iglocska] + +Fix +~~~ +- Small fix on the attribute correlation popup's header. [iglocska] + + - F-A-I-L +- MISP galaxy update. [Alexandre Dulaunoy] +- Set event to locked = 1 when importing from a MISP export. [iglocska] +- Changed bro cached export to the .intel extension. [iglocska] +- Changed bro file extension to .intel. [Andras Iklody] +- Broken bro export. [Andras Iklody] + + - Sanitisation issues with linebreaks in comments breaking the export +- Cluster synonyms were shown twice on the event view, fixes #1777. + [iglocska] +- Pull not respecting negated tag rules fixed, fixes #1775. [Andras + Iklody] +- Don't show the attribute level correlation checkboxes if the event + correlation is disabled. [iglocska] +- Invalid closing tag. [iglocska] + + - copy pasta fail supreme +- Added an alternative to bcmod if it doesn't exist. [iglocska] + + - simply threw an exception if the module wasn't loaded on the event view if it contained an IBAN number +- Added ACL changes. [iglocska] +- Some fixes with the automatic publish/unpublish feedback. [iglocska] + + - automatically set the event to unpublished in the view when adding/removing tags + - officially the keep @RichieB2B happy patch ;) +- Unpublish events when tagging/removing tags. [iglocska] + + - same for galaxy clusters + - also, new ajax way of showing/hiding published status +- Invalid lookup caused the same message to be displayed on correlation + disabling and enabling for attributs. [iglocska] + +Other +~~~~~ +- Merge branch 'feature/disable_correlation' into 2.4. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into + feature/disable_correlation. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1779 from RichieB2B/nscs-nl/fuzzyhash. [Andras + Iklody] + + Use Fuzzy_Hash_Value for ssdeep +- Use Fuzzy_Hash_Value for ssdeep. [Richard van den Berg] +- Merge pull request #1774 from enemarke/2.4. [Andras Iklody] + + Added support for creating users into different roles depending on ld… +- Added support for creating users into different roles depending on + ldap group membership. [Emil Enemærke] + + +v2.4.57 (2016-12-19) +-------------------- + +New +~~~ +- Added new option to the attribute level restsearch. [iglocska] + + - filter on attributes using timestamps newer than parameter +- Added the warninglist enforcement flag to the remaining exports. + [iglocska] + + - still missing: Export modules + - consider having the flag for misp JSON/XML and STIX perhaps? +- WIP: Parameter to remove warning list hits from exports. [iglocska] +- Added a way to disable certain tags from the UI, fixes #1733. + [iglocska] + + - also added a new setting to set the default posture when an event containing a tag is pushed (via the API/sync/etc) + - new setting allows to automatically set new tags to hidden + + - the hidden setting only hides the tags from the tag selection when tagging an event +- First iteration of the new types. [iglocska] + +Changes +~~~~~~~ +- Added documentation on the warninglist enforcement to the automation + page. [iglocska] + + - also added a bunch of missing parameter descriptions + - added missing code for some of the warninglist enforcement calls +- Added mobile-application-id to payload installation. [iglocska] +- Exposed the new warninglist override via APIs and moved the lookup + method to the warninglist model. [iglocska] +- Added new attribute type: mobile applicaiton id. [iglocska] + + - Also some further changes to the warninglist enforcement +- Added twitter-id and mapped github-repo to external analysis. + [iglocska] +- Rework of the galaxy UI, fixes #1738. [iglocska] + + - Reworked the UI elements to allow for more convenient pivoting between event index/event view/galaxy pages + - Reworked the galaxy quick view on the event view + - country flags added to the country fields + - added authors to the clusters + - tightened the access control to not show non-working buttons for users that don't have tagging rights +- Changed the event download as filename to misp.event.id.uuid.format, + fixes #1515. [Iglocska] +- Added missing description field and ordered galaxy fields, fixes + #1744. [iglocska] + +Fix +~~~ +- Failtypo fixed. [iglocska] +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Added exception for site admins to be able to add galaxies to events + of other users. [iglocska] +- Galaxy updated to the latest version. [Alexandre Dulaunoy] +- Added additional refanging patterns to the complex type tool, fixes + #470. [iglocska] +- Better validation of links, fixes #1745. [iglocska] + + - move to the built in url validation instead of the regex we used before +- Fixed several issues with the template file uploads, fixes #1743. + [iglocska] + + - Bug with uploading attachments as described in the issue + - move from pass by reference for a loop was still lacking the correct selector to update the array element instead of the loop's copy + - attachment uploader tried to base64 the file-name instead of the file-data and store it as the attachment + + - Fix to an unrelated bug that didn't encrypt malicious files when going through the template uploader +- MISP galaxy updated to the latest version. [Alexandre Dulaunoy] +- Issue with new installations not correctly setting the default + password for the initial user. [iglocska] +- Fixed an invalid link used when pivoting from galaxies to clusters in + the add cluster flow. [iglocska] +- Fixed an issue with the warninglist detection. [iglocska] +- On newer MySQL versions proposing a deletion to an attribute failed, + fixes #1741. [iglocska] +- Fixed an issue with the freetext importer. [iglocska] + + - It looks like PHP does parse single quoted strings and replaces double backslashes with a single literal backslash +- Fixes the missing default for the descriptions of galaxy clusters. + [iglocska] +- Fixes MySQL 5.7 group by issues. [iglocska] +- Python3 tests. [Raphaël Vinot] +- Pivot to the filtered event index from the event view using the + selected cluster as a filter, affects #1731. [Iglocska] +- Galaxy permission issue fixes #1. [Iglocska] + + - affects #1731 + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1769 from RichieB2B/ncsc-nl/tl-in-subj. [Andras + Iklody] + + Make threat level in E-mail subject optional +- Make threatlevel in E-mail subject optional. [Richard van den Berg] +- Merge branch '2.4.57' into 2.4. [iglocska] +- Some fixes and pre-validation modifications. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1767 from RichieB2B/ncsc-nl/backupdir. [Andras + Iklody] + + Don't let misp-backup.sh fill up /tmp +- Use OutputDirName for temporary storage. [Richard van den Berg] +- Merge pull request #1766 from RichieB2B/ncsc-nl/speedup. [Andras + Iklody] + + Speed up MISP by factor 10 +- Add missing indexes. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1760 from moshekaplan/patch-2. [Andras Iklody] + + Update xINSTALL.centos7.txt +- Update xINSTALL.centos7.txt. [Moshe Kaplan] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1757 from RichieB2B/ncsc-nl/24h-sighting. [Andras + Iklody] + + Use 24 hour clock +- Use 24 hour clock. [Richard van den Berg] +- Merge pull request #1755 from RichieB2B/ncsc-nl/fulltext. [Andras + Iklody] + + Add fulltext indexes from AppModel.php to MYSQL.sql +- Add fulltext indexes from AppModel.php to MYSQL.sql. [Richard van den + Berg] +- Merge pull request #1754 from moshekaplan/patch-1. [Andras Iklody] + + Update xINSTALL.centos7.txt +- Update xINSTALL.centos7.txt. [Moshe Kaplan] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1742 from RichieB2B/ncsc-nl/proposal_to_delete. + [Andras Iklody] + + Set proposal_to_delete default to 0 +- Set proposal_to_delete default to 0. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1728 from RichieB2B/ncsc-nl/backup. [Andras + Iklody] + + Some adjustments to misp-backup.sh: +- Some adjustments to misp-backup.sh: - allow setting MISPPath in misp- + backup.conf - use MySQL username/password from database.php by default + - use machine sortable date for output file - do not store TmdDir name + in tar - use tar non-verbosely. [Richard van den Berg] +- Merge pull request #1722 from MISP/travis. [Raphaël Vinot] + + up: Run tests in python3 +- Merge branch '2.4' into travis. [Raphaël Vinot] +- Merge branch '2.4' into travis. [Raphaël Vinot] +- Up: Run tests in python3. [Raphaël Vinot] +- Merge pull request #1727 from kirzaks/2.4. [Andras Iklody] + + Snort optimisation +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Armins] +- Added fast_pattern. [Armins] + + +v2.4.56 (2016-12-07) +-------------------- + +New +~~~ +- Tied the galaxies into the ACL. [Iglocska] +- First RC of MISP galaxies 1.0. [Iglocska] +- Added galaxy attach/detach functions. [Iglocska] +- First iteration of the galaxies (WIP) [Iglocska] +- Added upgrade scripts. [Iglocska] +- Added galaxy tables. [Iglocska] +- Added the publish_timestamp and timestamp parameters to both + restSearch functions, fixes #1703. [Iglocska] + + - TODO document it + - new way of handling it, both accept lists with 2 values for ranges +- Added the published flag to restsearch. [Iglocska] + + - allows users to specify whether the events / attributes returned should come from published / unpublished events only. If the parameter is not set both are included + +Changes +~~~~~~~ +- Some minor UI changes. [Iglocska] +- Update to gitignore. [Iglocska] +- Version bump. [Iglocska] +- More progress on the galaxies. [Iglocska] +- Some minor changes to the galaxy looks. [Iglocska] +- Add the possibility to specify a "type" instead of a list of "types" + in the enrichment modules. [Iglocska] +- Add attribute ID to the context fields in the event view and enable + pagination on it. [Iglocska] +- Added more information to the diagnostics download. [Iglocska] +- Allow JSON POSTing to set parameters for the CSV export. [Iglocska] + + - kill the url parameters with fire + +Fix +~~~ +- Removed a duplicate ACL entry. [Iglocska] +- Clusters added don't have the exportable field set on the tag and + because of that they don't show up on the API. [Iglocska] +- Updated to the latest version of PyMISP. [Alexandre Dulaunoy] +- Moved requeue of pull scheduled job to the front. [Iglocska] +- Fixed missing publish flag in restsearch. [Iglocska] +- Galaxies are now loaded by default. [Iglocska] +- Updated event.json for travis tests. [Iglocska] +- Galaxy update. [Iglocska] +- Added galaxy submodule. [Iglocska] +- Index length fixed for several text fields. [Iglocska] +- Escape field names again. [Iglocska] + + - TODO, have a backtick replacement script for postgres +- Attempt at a fix for SQL woes. [Iglocska] +- Fixed an issue where a normal index was attempted to be created for a + text field causing the installation to fail. [Iglocska] +- Fixed the detaching of galaxies. [Iglocska] +- Added missing dependencies for the index adder. [Iglocska] +- Removed copy paste junk. [Iglocska] +- Update PyMISP. [Raphaël Vinot] +- PyMISP updated. [Alexandre Dulaunoy] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- MISP taxonomies updated. [Alexandre Dulaunoy] +- Warning lists updated. [Alexandre Dulaunoy] +- Do not allow empty values to be returned by the enrichment queries. + [Iglocska] +- Use comment field from modules when using freetext attribute type + detection. [Iglocska] +- Trim strings of brackets before running the freetext detection on + them. [Iglocska] +- Temporary fix for a keyword mismatch between the import modules and + the freetext import. [Iglocska] +- README updated with new features and export formats. [Alexandre + Dulaunoy] +- Access attribute edit / editField via the UUID instead of the ID. + [Iglocska] + + - also cleaned up some dumb crap in the attributes/edit function when POSTing JSONs +- Fixed an issue where the diagnostics complained about STIX not being + installed if the stixtest.py was not readable. [Iglocska] +- Removed an accidentally added edit button. [Iglocska] +- Fixed an issue that incorrectly reported a feed update to have failed + when not using delta-merge mode. [Iglocska] + + - the issue was that in the case of a feed update to a fixed event without delta merge, MISP tried to insert all parsed attributes, which correctly automatically blocked duplicates + - however, since these attributes were blocked by the validator, the feed fetcher reported that the fetch didn't succeed as it contained validation errors + + - this fix simply runs non-delta merge mode updates through the comparisons to the existing event, removing duplicates in advance +- Fixed an issue that prevented the feeds from working in CSV mode if no + value field was set. [Iglocska] +- Removed invalid entry in writeable file diagnostics. [Iglocska] + +Other +~~~~~ +- Merge branch 'syntax' into 2.4. [Iglocska] +- [*] Corrected the bug with endless loops in while() [Birdy42] +- [*] Removed the double htmlentities check, minor text correction. + [Birdy42] +- [+] #1711 added [CODE][/CODE] support for the discussion / posts. + [Birdy42] +- [*] corrected a typo in add.ctp. [Rossier David] +- [+] #359 [Link] feature added to html tag supported for posts. + [Rossier David] +- Merge pull request #1726 from liviuvalsan/bro_export_improvements. + [Andras Iklody] + + Performance improvements, bug fixes and new features for the export to Bro +- - Performance improvements when exporting a large number of attributes + into Bro format. - Fixed file header formatting for the export to Bro + format (tabs used consistently). - Computing the time needed for + generating the export to Bro format when done using a background job. + - When generating the Bro export from the UI all the attributes are + generated in one single text file similar to the CSV export instead of + a zip file with different files inside. - Changed the file extension + of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS + option from the Bro export as it doesn’t make sense to have it (Bro is + an IDS). - Fixed some of the API endpoints which were not accepted + (ACL issues). - Added support for a list of events that should be / + should not be included in the export. - Added a new "meta.desc" column + (added in Bro 2.5, see + https://www.bro.org/sphinx/frameworks/intel.html) containing the + description of the event and of the attribute. - Sanitized the + exported data for Bro. - Fixed a number of value substitutions which + were imported from Snort/Suricata and which were not working for Bro. + Did instead substitutions needed for Bro. [Liviu Valsan] +- Merge branch 'feature/galaxy' into 2.4. [Iglocska] +- Updated PyMISP. [Iglocska] +- Merge branch '2.4' into feature/galaxy. [Iglocska] +- Merge pull request #1709 from Rafiot/travis. [Andras Iklody] + + Add php5-cli in the deps +- Add php-cli in the deps. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.55 (2016-11-22) +-------------------- + +New +~~~ +- Sightings enabled by default. [Iglocska] +- Added timestamps of shadow attributes wherever appropriate. [Iglocska] +- Added uuid as a restsearch parameter, fixes #1683. [Iglocska] + + - search for events/attributes by uuid +- Added checks for the loaded php extensions, fixes #1672. [Iglocska] + + - Diagnosing not loaded extensions was a nightmare + - New system checks the loaded extensions via php and php-cli (could help with un****ing some RHEL/CentOS issues) + - Version check for the php-cli php version added + + - only one extension is checked currently, to be updated at a later point in time (remember to also update the web and the cli extension list!) +- Show the date of the latest sighting / organisation on the event view. + [Iglocska] +- Added multiselect for attributes on the event view. [Iglocska] + + - simply check the checkbox of an attribute/proposal then shift click the checkbox of another to select the full range + - affects #1618 + +Changes +~~~~~~~ +- Version bump. [Iglocska] +- Changed the behaviour of the proposal index. [Iglocska] + + - choose between own events / all visible events + - show timestamps on the proposal index and the creator org of the event +- Updated the NIDS exports. [Iglocska] + + - allow posting JSON/XML payloads with filter options + - Added the type field to be able to restrict / attribute type + +Fix +~~~ +- Some additional changes to accomodate for the automatically enabled + sightings. [Iglocska] +- Tell MISP to run the db update. [Iglocska] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Fixed annoying issues with the tags not looking OK on a feed/server + event preview. [Iglocska] +- Added sighting time to the event sighting summary. [Iglocska] +- Do not try to sort on fields that are not paginated. [Iglocska] +- Opened up attributes/editField to the API, fixes #1674. [Iglocska] +- Fixed an issue where adding an attribute to an empty temlate as a + first element caused an error, fixes #1635. [Iglocska] +- Invalid error returned to the STIX/CyBox diagnostics if no version is + installed, fixes #1661. [Iglocska] +- Revert to previous commit. [Alexandre Dulaunoy] +- Travis move to MySQL 5.6. [Alexandre Dulaunoy] +- Mysql requirements. [Alexandre Dulaunoy] +- Travis mysql requirement. [Alexandre Dulaunoy] +- Fixed an issue with editing MISP feeds, fixes #1664. [Iglocska] +- Fixed pagination issues with the taxonomy view, fixes #1660. + [Iglocska] +- Tightened check for tag removals. [Iglocska] + + - users could remove tags via the api for other organisations +- Fixes an issue where the wrong set of tags were applied when + populating an event from a template, fixes #1636. [Iglocska] +- Left off changes in attribute.php for the previous commit. [Iglocska] +- Added domain|ip to nids exports. [Iglocska] +- Tag API only returns a subset of the results, fixes #1656. [Iglocska] + + - pagination was used even for the API, changed it to a simple find +- Fixed annoyting column order in the statistics. [Iglocska] +- Some small fixes to the add user API, affects #1621. [Iglocska] + + - Do not force change_pw/termsaccepted default settings based on role when using the API + - Some cleanup + +Other +~~~~~ +- Merge branch '2.4.55' into 2.4. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1670 from Rafiot/travis. [Alexandre Dulaunoy] + + Fix mysql on travis +- Fix mysql on travis. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Update to UPDATE.txt. [Andras Iklody] + + - indicate that a git pull is all that is normally needed. +- Merge branch '1641' into 2.4. [Iglocska] +- - search input for "select tag" is fixed and does not scroll up + anymore - removed input end tag - added css classes to select tag and + select tag source popups - so they can be easily changed via the local + extra css. [cristian.bell@freenet.de] +- Merge branch '1652' into 2.4. [Iglocska] +- Replaced ip address with * for the virtualHost. [cristian bell] +- Merge branch '1651' into 2.4. [Iglocska] +- Block alert e-mails based on tag. [Richard van den Berg] +- Merge branch '1642' into 2.4. [Iglocska] +- Update UPDATE.txt. [Deventual] +- Update UPDATE.txt. [Deventual] +- Merge branch '1653' into 2.4. [Iglocska] +- Sorts the "Attributes per organization" array by the total number of + attr, highest on top. [cristian bell] + + +v2.4.54 (2016-11-04) +-------------------- + +New +~~~ +- Added new statistics page, fixes #1648, fixes #1557. [Iglocska] + + - brought back the quick organisation overview as it's a much missed feature + - added treemap for tags + - brought attribute histogram into statistics page + + - more coming in the future +- Added a check and deletion tools for orphaned attributes to the + diagnostics page. [Iglocska] +- Added two additional api filters to the event index (timestamp, + publishtimestamp) [Iglocska] + + - Currently these are not exposed to the filter UI + - Easy way to get metadata newer than timestamp/publish timestamp +- Enrichment queries now pass the base64 encoded data to the enrichment + modules. [Iglocska] + + - first implementation, malware is sent as an encryptet zip base64 encoded +- Added admin user APIs. [Iglocska] + + - The following urls are now available via the API: + - /admin/users/add + - /admin/users/edit/id + - /admin/users/view/id + - /admin/users/index + - /users/resetauthkey/id + + - For add and edit, sending a GET request will describe the APIs + + - New API response system's initial implementation, to be used for other APIs in the future + - standardised responses + - standardised error codes + - convenience functions + + - TODO: + - tie non admin functions into the APIs (maybe?) + - reuse the new API system for other APIs +- First commit for the user API rework and the new response handler. + [Iglocska] +- Show file sizes on the export page, fixes #1640. [Iglocska] +- Added new feature to block attributes from IDS sensitive exports based + on proposals. [Iglocska] + + - Enabled via a new server setting (MISP.proposals_block_attributes) + - Attributes are skipped from exports that require the to_ids flag if: + - they have an active proposal that proposes to remove the to_ids flag + - they have an active proposal that proposes to delete the attribute + + - Currently affected exports: + - OpenIOC + - All HIDS exports + - All NIDS exports + - All text exports + - RPZ Zone file export + +Changes +~~~~~~~ +- Further work on the user APIs. [Iglocska] +- Remove obsolete getEnrichmentSettings() [Andreas Ziegler] + + seems to have been replaced by Module.php getModuleSettings +- Remove obsolete variables. [Andreas Ziegler] +- Remove obsolete dropIndex() [Andreas Ziegler] + + not needed for reference, as there's a duplicate in AppModel.php (& in git) +- Use the TLD lists from the warninglists, fixes #1149. [Iglocska] + + - simply load any enable warninglist entries from the pre-defined TLD warninglists + - Pass the resulting array to the complex type tool + - during domain type heuristics, if the TLD list is not empty use the supplied list + - alternatively generate a list based on the old TLD rules + - does not alter any functionality otherwise + +Fix +~~~ +- PyMISP to the latest version. [Alexandre Dulaunoy] +- Fixed an issue with an incorrect condition on the admin index. + [Iglocska] +- Increased space between taxonomy names in the treemap as some of them + can be quite long. [Iglocska] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- MISP name fixed. [Alexandre Dulaunoy] +- Fixed annoying capitalisation mess in the event index parameters. + [Iglocska] + + - just throw everything to lowercase +- Fixed an invalid path for attribute downloads, fixes #1647. [Iglocska] +- Fixed some merge issues. [Iglocska] +- Fixes an invalid check allowing user profile modifications to target + different users within the org. [Iglocska] + + - User edit had an incorrect check that allowed a normal user edit on a different account within the same org + - Also removed the deprectated option for this function to be used by org/site admins to be used as an alternative to the admin edit + + - as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult. +- Attempted fix for an issue with large stix exports getting truncated. + [Iglocska] +- Certificate typo fixed. [Alexandre Dulaunoy] +- Lowercasing in the tag search wasn't exactly great. [Iglocska] +- Removed test code. [Iglocska] +- Fixed an issue where pushing events worked even if the remote user + wasn't a sync user. [Iglocska] +- Fixed an issue with the attribute search. [Iglocska] + + - a typo prevented the lookup based on event UUIDs +- Check if the taxonomy directory contains the machinetag.json file + before trying to read it, fixes MISP/misp-taxonomies#45. [Iglocska] +- Fixed several issues with the import modules. [Iglocska] + + - config settings are not passed correctly to the import modules + - not having any paste/file upload in an import module would fail + - removed the requirement to have either filled, if a module doesn't use any of the two fields it will simple pass an empty data field + - this could be handy for modules that create event data based on the userconfig fields +- Fixes an issue where attachments / malware samples were erroneously + coloured white. [Iglocska] + + - placeholder hard-coded white class replaced with dynamic value + - Can't check the referenced issue, shame on Norwegian.no for claiming to have wi-fi onboard... +- Invalid bro export generation due to invalid syntax on the intel + field. [Iglocska] +- Made the UUID field in the event view optional. [Iglocska] + + - displaying the UUID field seemed to clutter the UI for some users + - by default it is now disabled and a new control called show context is introduced + - could be reused in the future for similar use-cases +- Fixed a UI issue with proposals and links, fixes #1624. [Iglocska] + + - fixed an issue where link type attribute values were not visible due to links being too similar of a colour to the blue background of attributes with indicators +- Better fix than the previous one. [Iglocska] +- Fixed a potential empty event_id field that blocked new CSV feeds from + being added. [Iglocska] +- Removed double sanitisation of the resolved attributes. [Iglocska] + +Other +~~~~~ +- Version bump. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Add: Screenshot updated. [Alexandre Dulaunoy] +- Add: Screenshot of an event - version 2.4.53. [Alexandre Dulaunoy] +- Merge branch 'features/userapi' into 2.4. [Iglocska] + + Conflicts: + app/Controller/UsersController.php +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Add: Hackathon drawing added. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1578 from rotanid/cleanup. [Andras Iklody] + + Cleanup +- Merge pull request #1637 from deralexxx/patch-3. [Andras Iklody] + + mention Roadmap in readme +- Mention Roadmap in readme. [Alexander J] + + . +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Removed Imported via the Freetext Import ... text. [Christophe + Vandeplas] + + +v2.4.53 (2016-10-21) +-------------------- + +New +~~~ +- Added a way to disable the default HTTP_ header namespace or to alter + it to something else for the custom auth plugin. [Iglocska] +- Added quick search in tag selection popup. [Iglocska] +- CSV feeds and various fixes. [Iglocska] + + - Added the CSV feed format + - users can specify which fields in the CSV should be parsed + - comment lines are automatically omitted + - new settings system added to feeds, currently only used for the value fields + + - Slight rework of the correlation lookup for the feeds + - got the Speed Force treatment + - correctly checks against value1 and value2 instead of value + + - Various freetext import fixes +- Added correlations to the freetext feed preview. [Iglocska] + +Changes +~~~~~~~ +- Added the capability to search for attributes by uuid. [Iglocska] + + - ID field in the attribute search now accepts attribute UUIDs + - Partially dealing with #1618 +- Made the attribute search fields smaller and the form insta-submit on + ctrl+enter. [Iglocska] + + - Deals with sme of the issues in #1618 +- Rename CENTOS install files to get to the end of the list of install + guides. [Iglocska] + + - people seem to think that we recommend CentOS for MISP which is absolutely not the case +- Added UUID to attribute list in event view. [Iglocska] +- Keep the event ID in the correlation graph's event nodes' name in + addition to the info field. [Iglocska] +- Changed the event node names to (partial) event info fields for the + correlation graph. [Iglocska] +- Validate the event_id as a numeric value. [Iglocska] +- Some changes to event defaults. [Iglocska] + + - Added default analysis value in case it is not set when adding a new event + - Changed the threat level default to undefined if no default has been set +- MISP taxonomies updated to the latest version (OSINT + Manifest + updated) [Alexandre Dulaunoy] + +Fix +~~~ +- Fixes an issue where adding a new user allowed an invalid role choice. + [Iglocska] + + - as reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult. +- Fixes an issue where an invalid role could be assigned to a user. + [Iglocska] + + - As reported by: Vytautas Paulikas and Robert Giruckas from SEC Consult. +- Separate the GFI upload directory from the attachment directories. + [Iglocska] + + - ensure that no one can't retrieve GFI export files + - As reported by Vytautas Paulikas and Robert Giruckas from SEC Consult +- Don't correlate shadow attributes to attributes in the same event. + [Iglocska] +- Fixed the titles of some columns on the event index. [Iglocska] +- Resolved an issue where the new uuid field didn't get coloured the + same way as the remaining proposal fields. [Iglocska] +- Don't destroy the session on failed customauth login if customauth is + not enforced. [Iglocska] +- If the custom auth is not required, throw the user to the usual login + if the custom auth login failed. [Iglocska] +- Fixes a bug that returned the wrong user's email address on the event + view, viewed by an org admin. [Iglocska] +- Added default values to some of the event fields when adding a new + event. [Iglocska] + + - basically the only required field now is the info field, everything else uses sane defaults +- Fixed an inverse lookup. [Iglocska] +- Fixed an issue with editing feeds. [Iglocska] +- Pull icon visible even when pull is not enabled for an instance, fixes + #1608. [Iglocska] +- Log name of remote server in event history, fixes #1607. [Iglocska] + + - currently only affects pull + - it is becoming more and more crucial that we differentiate between a normal REST add and a push sync. This would allow us to log source servers also on pushes. +- Default setting change when browsing the preview index. [Iglocska] + + Automatically set a threat level based on the server config +- Changed the default value of the threat level ID to match the previous + fix. [Iglocska] +- Fixed an issue where a validation fail would only semi-populate the + feed add form fields. [Iglocska] +- Fixed an error on the automation page. [Iglocska] +- Fixed various minor issues and a potential more serious bug. + [Iglocska] + + - various UI issues prevented the freetext/csv feed related fields from being hidden when adding a new MISP feed + - issue that potentially prevented new feeds from being saved if no target event is set (cannot reproduce) +- Fixed an issue where adding an empty event would set the error key in + the returned JSON. [Iglocska] +- Fixed an issue with the type restrictions, fixes #1603. [Iglocska] + + - fixes an issue where the type list in the attribute add/edit view wouldn't automatically restrict to the valid options +- Fixes an issue where the csv feed pull would be routed through the + freetext code path. [Iglocska] + +Other +~~~~~ +- Version bump. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1610 from RichieB2B/ncsc-nl/bcmath. [Andras + Iklody] + + Add rh-php56-bcmath as a requirement for CentOS +- Add rh-php56-bcmath as a requirement for CentOS. [Richard van den + Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.52 (2016-10-07) +-------------------- + +New +~~~ +- First implementation of the freetext feed pull. [Iglocska] +- View proposal count on event index and filter events on whether they + have proposals. [Iglocska] + + - only non deleted proposals are counted + - allows users to quickly set up filters to view all events that have pending proposals +- Rework of the attribute/proposal views and popovers round 2. + [Iglocska] + + - also fixes to a bunch of small UI bugs and code style issues +- First cut of the popover rework for form selects. [Iglocska] +- Add the sightings cont to the event index. [Iglocska] +- Add Tool for random string generation. [Andreas Ziegler] +- Add compatibility Lib for random_int. [Andreas Ziegler] +- Added the metadata flag to the event restsearch API. [Iglocska] + + - allows fetching metadata only without including attributes/proposals +- Db structure&data file for PostgreSQL support. [Andreas Ziegler] +- Add basic documentation on experimental PostgreSQL support. [Andreas + Ziegler] +- Add basic experimental support for PostgreSQL. [Andreas Ziegler] + +Changes +~~~~~~~ +- Updated to the latest MISP taxonomies. [Alexandre Dulaunoy] +- Cleanup of removed functionality. [Iglocska] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Misp-warninglists updated to the latest version. [Alexandre Dulaunoy] +- External analysis/text attributes containing a uuid converted to a + link to a MISP event. [Iglocska] +- Simpler handling of empty/temporary arrays. [Andreas Ziegler] +- Remove duplicate array key. [Andreas Ziegler] +- Remove obsolete files. [Andreas Ziegler] +- Update deb8/ubu1604 setup, composer to 1.2.1 (#1569) [Andreas Ziegler] +- Update cakephp to 2.8.9 (#1560) [Andreas Ziegler] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Set var eventIDs only if necessary. [Andreas Ziegler] +- Html input text element should not have a separate closing elem. + [Andreas Ziegler] +- Remove obsolete count variable. [Andreas Ziegler] +- Default roles all have API access. [Andreas Ziegler] + + - changed the default role set to have api access enabled + - existing installations not affected + - if a community wants to restrict API access for certain users they're free to do it + + (same as aa0383064345d24e1ceb32621457ec156c2cd809 but for postgres this time) +- Default roles all have API access. [Iglocska] + + - changed the default role set to have api access enabled + - existing installations not affected + - if a community wants to restrict API access for certain users they're free to do it +- Added sane defaults to the describeTypes api. [Iglocska] +- GeneratePassword now uses random passwords with a minimum length of 12 + characters. [iglocska] +- Allow the usage of posted JSON objects in the bro export. [Iglocska] +- Cleanup of removed Hids and Nids BroExport libraries that got merged + into BroExport.php. [Iglocska] +- Refactor of the Bro export. [Iglocska] +- Reverted the changes to the NIDS export. [Iglocska] +- Correct some spelling issues. [Andreas Ziegler] +- Remove duplicate check for fullAddress. [Andreas Ziegler] + + got already checked a few lines above, can't be something else +- Remove redundant call to beforeFilter, just calling its parent. + [Andreas Ziegler] +- Remove a variable that isnt used. [Andreas Ziegler] +- Remove obsolete code from TagsController. [Andreas Ziegler] +- Remove obsolete js function submitTagForm. [Andreas Ziegler] +- Remove obsolete file view.ctp. [Andreas Ziegler] +- Remove obsolete variables. [Andreas Ziegler] +- Remove redundant className attributes. [Andreas Ziegler] +- Remove some references to variables. [Andreas Ziegler] +- Use new Tool for random string generation. [Andreas Ziegler] +- Remove some obsolete code from View/Layouts. [Andreas Ziegler] +- Remove obsolete files succes.ctp. [Andreas Ziegler] +- Use correct closing tag in view element. [Andreas Ziegler] +- Creator e-mail in the event details, fixes #1252 (#1535) [Cristian + Bell] + + * chg: creator e-mail in the event details, fixes #1252 +- Cleanup of old acl system config files that hasn't been used in years. + [Iglocska] +- Update cakephp to 2.8.7. [Andreas Ziegler] +- Use dependency instead of explicit deleteAll. [Andreas Ziegler] +- Made the new attribute marker in the notification e-mails a bit more + obvious. [Iglocska] +- Replace 2 spaces after tab by double tab. [Andreas Ziegler] +- Replace 4 spaces after tab by double tab. [Andreas Ziegler] +- Replace spaces before tabs by tabs. [Andreas Ziegler] +- Replace spaces between tabs by tabs. [Andreas Ziegler] +- Text moved to the first choice for internal reference category + attributes. [iglocska] +- Changed the response of the functionality in the PR to be in line with + other ajax request responses in MISP. [Iglocska] +- Removed requirement for findAdminsResponsibleForUser for not site + admin. [Iglocska] + + - Take own org's admins / siteadmins before looking for site admins from other orgs +- Chg: only show API/authkey to user with API key rights, fixes #1311 - + code improvements as per @iglocska 's comments. thanks. [Cristian + Bell] +- Only show API/authkey to user with API key rights, fixes #1311 - adds + some missing code parts from the initial commit. [Cristian Bell] +- Only show API/authkey to user with API key rights, fixes #1311. + [Cristian Bell] +- Rename findTags() to findEventIdsByTagNames() [Andreas Ziegler] +- Remove some obsolete code. [Andreas Ziegler] +- Changed the default event table engine to InnoDB. [iglocska] +- Set "User" as the default role for new installations. [iglocska] + +Fix +~~~ +- Fixes to the ssdeep detection as it was way too loose. [Iglocska] +- Resolved several issues with error handling in the new feed system. + [Iglocska] +- Removed already removed file that got reverted. [Iglocska] + + - As first committed by @rotanid + - The file is not used any longer, however removing it causes issues unless we clean the model cache + - upgrading to a new version will force the cleaning of the model cache, so it's a great time to finally remove it +- Various fixes to the feed system. [Iglocska] + + - allow users to override the IDS flags and keep all attributes pulled from a freetext feed IDS = off + - UI changes + - fix to a bug that caused already deleted attributes to be counted as existing ones +- Added missing initialisation of the synctool. [Iglocska] +- Added some missing entries to gitignore. [Iglocska] +- Added missing changes to the javascript file. [Iglocska] +- The JSON schema regarding the related event from Array -> Object. + [Alexandre Dulaunoy] +- Left off the actual file affected for the last commit. [Iglocska] +- Fixed a bug with the event view. [Iglocska] + + - the fetcher was moving proposals within an attribute if the proposal was directed at the attribute (correctly) + - this left the event proposal list in a non progressive array key format, which lead to a weird situation where the JSON format used string numeral keys in a dict as opposed to the desired list. Nobody in their right mind would ever want that. + - fixed +- Fixed the incorrect column order on the event index. [Iglocska] +- Fixed the broken check that prevented the sightings count from + displaying. [Iglocska] +- Really restrict the shown proposal count to non deleted proposals. + [Iglocska] +- Added changes to JS. [Iglocska] +- Added the capability to merge attachments/samples. [Iglocska] +- Fixed the event index in various places (such as the user admin view) + [Iglocska] + + - also added missing view files from previous patch +- Left off the changes to the js. [Iglocska] +- Various fixes to the user index, fixes #1597, fixes #1598. [Iglocska] + + - highlight deleted users + - use the same index for the org user view (without the filter options) + - fixes the pagination of the users when viewing it through the organisation view +- Added the git commit ID to the feed request. [Iglocska] +- Org id potentially not being set when capturing tags. [Iglocska] +- Fixed an issue that resulted in empty event tags showing up in the + event index JSON. [Iglocska] +- Small fix to the worker start script. [Iglocska] +- Even dirtier hack to only replace the STIX_Package object with a + Package object. [Iglocska] +- Several fixes to the STIX export. [Iglocska] + + - based on the findings of @RichieB2B +- Fixed an issue with the restsearch export potentially incorrectly + loading all eligible events in one go into memory. [Iglocska] +- Fix an issue where duplicates of auth methods in Security.auth keep + piling up. [Iglocska] + + - due to a bug, each change in the server settings with an auth plugin enabled would reappend the full list of enabled auth plugins to Security.auth + - this lead to an exponential growth of the number of entries in the array in the config file +- Missing new TLDs in free text import, solves #1149 (#1574) [Cristian + Bell] + + * fix: missing new TLDs in free text import, solves #1149 +- Php warning on buildAlertEmailBody in Event.php. [Andreas Ziegler] + + if an attributes type was longer than $appendlen-2 a php warning was logged. + str_repeat()'s 2nd parameter, an integer, must not be smaller than 0. +- Don't show the org restriction of a tag in the event view JSON. + [Iglocska] +- Set the org_id field to 0 if it is not set. [Iglocska] +- Removed accidentally committed code. [Iglocska] +- Fixed an anchor in the documentation. [Iglocska] + + - as pointed out by @rotanid +- Removed functions needed for the delegation restored. [Iglocska] + + - as discovered by @RichieB2B +- Fixed an issue with the thread index that prevented your org only + threads from ever being visible to users, as highlited in #1570. + [Iglocska] +- Typo in comment. [Andreas Ziegler] +- The server add view incorrectly allowed the internal server settin to + be set even if the default organisation picked wasn't the host + organisation. [Iglocska] +- Hide the salt key in the UI unless it's the old default key, fixes + #1566. [Iglocska] +- No tag set in the remote index leads to notice errors. [Iglocska] +- Sort server preview events by timestamp, fixes #1558. [Iglocska] +- Don't try to show sightings count if sightings aren't enabled. + [Iglocska] +- Missing return keyword before a message-string. [Andreas Ziegler] +- PostgreSQL handling in __dropIndex() [Andreas Ziegler] +- DropIndex before adding indexes on tags/org_id & + cake_sessions/expires. [Andreas Ziegler] + + to make sure they are created from scratch +- Restrict tag usage for restricted tags in a place where it was missed. + [Iglocska] +- Don't load relations when running the password shell. [Iglocska] +- Removed left in debug line. [Iglocska] +- Append text to variable (as originally intended) [Andreas Ziegler] + + without this change, the text won't be used or display ever +- Add keyword 'new' to an exception throw. [Andreas Ziegler] +- Force order of the regex entries. [Iglocska] +- Fixes to the API request e-mail. [Iglocska] +- Fixes a bug introduced by f37963fde4ad91b625d3ee80eb52ebd048f3dc71 + where on API request the user itself receives an e-mail and not his + org_admin or site_admin. [Cristian Bell] +- Added a fallback for no active flag being set on sharing group + capture. [Iglocska] +- Issue resulting from references removal, #1501, 25e52a6 (#1544) + [Andreas Ziegler] +- Fallback to insecure random for php 5.x if the random_compat submodule + isn't loaded. [iglocska] +- Fixed the inversed namespacing in the STIX export, fixes #1543. + [iglocska] +- Added missing changes needed for the new description of the bro + export. [Iglocska] +- Updated the bro documentation. [Iglocska] +- Remove the temp directory after generating the bro cache. [Iglocska] +- Refactor of the bro export to always create a zip archive with + separate files if "all" types are queried. [Iglocska] +- Some changes to the bro export. [Iglocska] + + - moved the whitelisting out of the plugin + - source now contains the instance host org name (if applicable), the event UUID and the creator org name +- Removing some unused code. [Cristian Bell] +- Fix to an invalid parameter description on the automation page, fixes + #1530. [Iglocska] +- Fixed an issue where non API users could not download events in + JSON/XML format, fixes #1525. [Iglocska] +- Updated to the latest version. [Alexandre Dulaunoy] +- Fix the broken bruteforce protection. [Iglocska] + + - Moved the bruteforce protection directly to the login action + - Fixed the datetime format used by the protection + - Cleaned up the logging of failed attempts +- Removed deprecated path from functions that are allowed for API users. + [Iglocska] +- Fixed the style of a page header. [Iglocska] +- Fixed an issue with internal sync failing on more than one added + server. [Iglocska] +- Further fixes to the internal sync. [Iglocska] +- Internal sync fixed for pushes on your org only events. [Iglocska] +- Fixed various issue with the stix export, fixes #1505. [Iglocska] +- Typo recurisve/recursive in EventsController. [Andreas Ziegler] +- Fix to an invalid namespace in CIQ based elements in STIX. [Iglocska] +- Revert to the old functionality of the stix export where the data is + passed back from the internal stix method, fixes #1509. [Iglocska] +- Notify the user requesting API key access if e-mailing is disabled on + the instance. [Iglocska] +- Fixed an issue where fetching the PGP key without entering an e-mail + address in the user creation form wasn't handled cleanly. [iglocska] +- Some clarification on the user creation/edit forms. [iglocska] +- Cleanup of the routes file. [iglocska] +- Removed unreachable line referencing a non-existing variable. + [iglocska] +- Cleanup of missing whitespaces in PR. [Iglocska] +- Fixed a newly introduced bug that breaks the NIDS exports, as + referenced in #1489. [iglocska] +- Added the default role selector to the ACLComponent. [iglocska] +- Removed filename check from the AppController. [iglocska] + + - rerouted all calls to the method to the Model equivalent +- Check whether e-mailing is enabled or not before publishing. + [iglocska] + + - before the publishing process (wheter by a background worker or not) would be executed before checking whether e-mailing was even enabled + - this lead to a lot of e-mail jobs that ended up doing nothing but creating a log entry +- Invalid indeces used for the MISP.host_org_id setting. [iglocska] +- Add key length to text field index. [iglocska] +- Removed incorrect index in the previous commit. [iglocska] +- Update version number to 2.4.51 in MYSQL.sql. [Andreas Ziegler] +- Removed unused lookup in EventsController::index(), fixes #1484. + [iglocska] + + - old code became obsolete when the taxonomies were implemented +- Fixed a copy paste issue with the description comment of a method, + fixes #1483. [iglocska] +- Added 2.4.51's database changes to MYSQL.sql. [iglocska] +- Added internal convenience method to check remote server version. + [iglocska] +- Event index should respect pagination requests for API users. + [iglocska] +- Inverse conditional for cleaning up the expired sessions. [iglocska] +- Moved the example API script using SSL client certificate. [iglocska] + +Other +~~~~~ +- Merge branch '2.4.52' into 2.4. [Iglocska] +- Revert "fix: Removed already removed file that got reverted" + [Iglocska] + + This reverts commit 832321a77c77bf325cc301772792e39a01cad198. +- Merge pull request #1600 from RichieB2B/ncsc-nl/update-tags. [Andras + Iklody] + + Add missing tags from pushed events +- Add missing tags from pushed events. [Richard van den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch 'attribute_merge' into 2.4. [Iglocska] +- Allow merging for site admins. [Richard van den Berg] +- Allow merging of event attributes. [Richard van den Berg] +- Merge branch 'publishalert' into 2.4. [Iglocska] +- Fix indication of new attributes in E-mail alerts, fixes #1521. + [Richard van den Berg] +- Merge branch 'taginfo' into 2.4. [Iglocska] +- Merge branch '2.4' into taginfo. [Iglocska] +- Merge pull request #1595 from RichieB2B/ncsc-nl/stix-fix. [Andras + Iklody] + + Fix STIX XML and JSON exports +- Avoid duplicate key-sequence to satisfy STIX unique identity- + constraint. [Richard van den Berg] +- Fix STIX XML and JSON exports. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Put tag info from event in E-mail subject, fixes #1107. [Richard van + den Berg] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1591 from thomai/patch-2. [Andras Iklody] + + sudo is needed to create new ssl key. +- Sudo is needed to create new ssl key. [Thomas Maier] + + A normal user does not have permissions to the used folder /etc/ssl/private in Ubuntu 16.04/Mint 18 by default. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- MISP rfc repository added. [Alexandre Dulaunoy] +- Basic README added to explain the two JSON schemas. [Alexandre + Dulaunoy] +- Merge pull request #1590 from Rafiot/upschema. [Alexandre Dulaunoy] + + Update JSON schema +- Add lax JSON schema for PyMISP. [Raphaël Vinot] +- Merge pull request #1589 from thomai/patch-1. [Alexandre Dulaunoy] + + Added python-setuptools for ubuntu install howto +- Added python-setuptools for ubuntu install howto. [Thomas Maier] + + You need to install the package python-setuptools on Ubuntu 16.04/Mint 18 to use the setup.py for the STIX installation. +- Merge pull request #1588 from RichieB2B/ncsc-nl/stix-fix. [Andras + Iklody] + + Two small STIX fixes (again) +- Use consistent STIX/CyBOX IDs for domain|ip entries. [Richard van den + Berg] +- Correct CIQ namespace. [Richard van den Berg] +- Merge pull request #1585 from RichieB2B/ncsc-nl/stix-fix. [Andras + Iklody] + + Make STIX validate +- - correct namespace order - stix set_id_namespace calls cybox + set_id_namespace. [Richard van den Berg] +- Revert "fix: missing new TLDs in free text import, solves #1149 + (#1574)" [Cristian Bell] + + This reverts commit e3bb9d3a4204ca00931e3f77afc318aaf292382e. +- Merge pull request #1571 from rotanid/bugfix-php-warning. [Andras + Iklody] + + fix: php warning on buildAlertEmailBody in Event.php +- Merge pull request #1575 from RichieB2B/ncsc-nl/small-fixes. [Andras + Iklody] + + Two small fixes +- Only show publish links for site admins. [Richard van den Berg] +- Log target org instead of requesting org. [Richard van den Berg] +- Separated a2enmod lines to prevent some confusion. [Andras Iklody] +- Merge pull request #1570 from rotanid/cleanup-obsolete. [Andras + Iklody] + + cleanup +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1567 from ppanero/shibbsso. [Alexandre Dulaunoy] + + default org changed to id instead of name +- Default org changed to id instead of name. [ppanero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1559 from rotanid/bugfixes. [Andras Iklody] + + Bugfixes +- Merge pull request #1382 from treyka/patch-2. [Alexandre Dulaunoy] + + Add install procedure for current version of ZeroMQ +- Add install procedure for current version of ZeroMQ. [Trey Darley] + + Debian 8 has an ancient version of ZeroMQ which is not compatible with the latest pyzmq on PyPI. Manually installing the current ZeroMQ release is a viable workaround. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1551 from rotanid/bugfixes. [Andras Iklody] + + Bugfixes & Cleanup +- Merge pull request #1550 from rotanid/mysql-postgresl-too. [Andras + Iklody] + + chg: Default roles all have API access +- Merge pull request #1549 from ppanero/shibbsso. [Alexandre Dulaunoy] + + warining due to session start fixed, warning due to org assigment wh… +- Warining due to session start fixed, warning due to org assigment + when possible null fixed, readme updated. [ppanero] +- Merge pull request #1547 from + cristianbell/fix_request_API_wrong_user_emailed. [Andras Iklody] + + fix: fixes a bug introduced by f37963fde4ad91b625d3ee80eb52ebd048f3dc… +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '1541' into 2.4. [iglocska] +- Merge branch '2.4' into 1541. [iglocska] +- Merge branch '1457' into 2.4. [iglocska] +- Merge branch '2.4' into 1457. [iglocska] +- Merge branch '1501' into 2.4. [iglocska] +- Merge branch '2.4' into 1501. [iglocska] +- Merge branch '1503' into 2.4. [iglocska] +- Merge branch '2.4' into 1503. [iglocska] +- Merge branch '1511' into 2.4. [iglocska] +- Merge branch '2.4' into 1511. [iglocska] +- Merge branch 'feature/bro-export' into 2.4. [iglocska] +- Merge branch '2.4' into feature/bro-export. [iglocska] +- Merge branch '2.4' into feature/bro-export. [Iglocska] + + Conflicts: + app/Model/Event.php +- Model/Server.php modified so the settings remain the same after config + change on the web UI. [ppanero] +- Bro export funtionality. [ppanero] +- Merge pull request #1538 from rotanid/small-cleanup. [Andreas Ziegler] + + Small cleanup +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1527 from rotanid/cakephp-update-287. [Andras + Iklody] + + update cakephp to 2.8.7 +- Merge pull request #1512 from rotanid/cleaner-delete. [Andras Iklody] + + Tag.php: use dependency instead of explicit deleteAll +- Merge pull request #1520 from ppanero/shibbsso. [Andras Iklody] + + stringer checks on email and nids_sid of user calculated from max +- Stringer checks on email and nids_sid of user calculated from max. + [ppanero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1504 from ppanero/shibbsso. [Alexandre Dulaunoy] + + shibboleth sso debug log capabilities added +- Deny by default instead of read-only. [ppanero] +- Typosfixed for PR. [ppanero] +- Shibboleth sso plugin index failure fixed. [ppanero] +- Shibboleth sso debug log capabilities added. [ppanero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1510 from rotanid/bugfix. [Andreas Ziegler] + + fix: typo recurisve/recursive in EventsController +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1502 from rotanid/tabs-spaces. [Andreas Ziegler] + + Tabs vs. spaces indention +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1448 from TheDr1ver/2.4. [Andras Iklody] + + Add support to export an OpenIOC file via API +- Extra indent. [Nick Driver] +- Spaces to Tabs. [Nick Driver] +- Add support to export an OpenIOC file via API (Change spaces to tabs) + [Nick Driver] +- Merge branch 'apirequest' into 2.4. [Iglocska] +- Merge branch '2.4' into apirequest. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch 'cristianbell- + fix_1311_only_show_API/authkey_to_user_with_rights' into 2.4. + [Cristian Bell] +- Merge branch 'fix_1311_only_show_API/authkey_to_user_with_rights' of + https://github.com/cristianbell/MISP into cristianbell- + fix_1311_only_show_API/authkey_to_user_with_rights. [Cristian Bell] +- Merge pull request #1497 from ppanero/centos_install. [Andras Iklody] + + Update INSTALL.centos7.txt +- Update INSTALL.centos7.txt. [Pablo Panero] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1493 from ppanero/centos_install. [Andras Iklody] + + change in SELtype, httpd_sys_content_rw_t does not exists +- Change in SELtype, httpd_sys_content_rw_t does not exists. [ppanero] +- Merge pull request #1485 from MISP/feature/postgresql. [Andras Iklody] + + support PostgreSQL database backend +- Merge pull request #1491 from rotanid/rename-findtags-function. + [Andras Iklody] + + rename findTags() to findEventIdsByTagNames() +- Merge pull request #1492 from rotanid/small-cleanup. [Andras Iklody] + + chg: remove some obsolete code +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1486 from rotanid/update-version-nr-in-sql-file. + [Andras Iklody] + + fix: update version number to 2.4.51 in MYSQL.sql + + +v2.4.51 (2016-08-29) +-------------------- + +New +~~~ +- Add default role to the user creation, fixes #256. [iglocska] +- New piece by piece stix export allowing large datasets to be exported. + [iglocska] +- Add e-mail in event history view, fixes #1389. [iglocska] + + - Only visible to site admins and org members +- Simple diagnostic tool for the modules added. [iglocska] +- Screenshot preview in the event view. [iglocska] +- Added a way to clear worker queues. [iglocska] +- Improved jobs overview. [iglocska] + + - Correctly interpreting job states + - Show errored background jobs + - Show jobs that cannot proceed because no active worker is monitoring the queue + - Allow site admins to view the reason of the failure (up to 24h after the fact) including a stack trace + +Changes +~~~~~~~ +- Enabled 2.4.51 db upgrade. [iglocska] +- Version bump. [iglocska] +- UI changes for the email field in the event history. [iglocska] +- New filename regex & separate functions. [Andreas Ziegler] +- Cleanup of the controllers and models. [iglocska] + + - removed incorrect, useless boiler plate comments + - kept useful comments intact + - added some missing line breaks to make the codebase a bit more uniform + - removed some obviously obsolete TODO comments +- Internal reference category attributes should always default to your + org only. [iglocska] +- Remove obsolete backups of config files. [Andreas Ziegler] +- Use central function for CIDR checks. [Andreas Ziegler] +- Add central function for CIDR check. [Andreas Ziegler] +- Cleanup TemplatesController.php. [Andreas Ziegler] +- Filename regex changes. [Andreas Ziegler] +- Fix indention of 4 files. [Andreas Ziegler] +- Better readability of config files. [Andreas Ziegler] +- Fix indention in some files. [Andreas Ziegler] +- Add space after keywords if/for/foreach/while/switch/catch. [Andreas + Ziegler] +- Add spaces before opening curly brackets. [Andreas Ziegler] +- Remove whitespace at end of line. [Andreas Ziegler] +- Remove whitespace (space/tab) from empty lines. [Andreas Ziegler] +- Add newline character before EOF. [Andreas Ziegler] +- Cleanup Sighting.php. [Andreas Ziegler] +- Remove usage of App::import in favor of ::uses. [Andreas Ziegler] +- Remove not used old plugin file. [Andreas Ziegler] +- If the quickfilter on the event index only returns a single event, + redirect to the event view directly, fixes #1430. [Iglocska] + + - the perfect last-minute-saturday-night patch +- Rename FileAccess to FileAccessTool. [Andreas Ziegler] + + every other tool classes name in the Lib/Tools/ folder also ends with "Tool" +- Change FileAccess from static to instantiable class. [Andreas Ziegler] +- Use 1/0 not true/false for conditions & other boolean sqlquery + elements. [Andreas Ziegler] +- Org UUID visible on the organisations/view/ page #1445 - uuid field + always visible even when value is empty. [Cristian Bell] +- Org UUID visible on the organisations/view/ page #1445. [Cristian + Bell] +- Update cakephp to 2.8.6. [Andreas Ziegler] +- Dont depend on MySQL-result-format of select-count() [Andreas Ziegler] +- Remove obsolete upgrade stuff, unsupported. [Andreas Ziegler] +- Remove obsolete Schema stuff. [Andreas Ziegler] +- Add index for cake_sessions expires to MYSQL.sql. [Andreas Ziegler] +- Added missing new line at the end of file. [iglocska] +- Added the db changes needed for PR #1268. [iglocska] + + - Since 2.4.50 was released without any DB modifications and a current commit required it, it was a good opportunity to add this, as we can fast-track PR 1268 this way +- Replace a MySQL specific function by PHP code. [Andreas Ziegler] +- Remove obsolete backticks from sql queries. [Andreas Ziegler] + + backticks are only necessary to escape reserved keywords. + as backticks are MySQL-specific, having them only where really necessary + makes integrating support for other DBMS easier. +- Fix typo. [Andreas Ziegler] +- Added the tracking to all queued jobs. [iglocska] +- Removed incorrect comments. [iglocska] +- Made histogram.ctp a bit more readable. [iglocska] +- Attribute list on view event page sort by date issue #1355. [Cristian + Bell] +- Attribute list on view event page sort by date issue #1355. [Cristian + Bell] +- Attribute list on view event page sort by date issue #1355. [Cristian + Bell] +- Redundant members list and organisations page - tab versus 4spaces. + [Cristian Bell] +- Redundant members list and organisations page. [Cristian Bell] +- Redundant members list and organisations page #1013. [Cristian Bell] + +Fix +~~~ +- Pushing upgraded to respect the internal sync setting. [iglocska] + + - Allows the push of org only attributes + - No downgrading of attributes/events +- Fixed an invalid log entry breaking the publishing process. [iglocska] +- Added missing job exception viewer view file. [iglocska] +- Fixes to the internal server setup. [iglocska] + + - Only allow enabling internal mode if the host organisation is set and it is chosen as the remote organisation when adding the server sync + - This ensures that internal sync only happens when the same organisation owns both instances +- Some minor fixes to the client_certs for the sync to align it with the + other upstream changes. [iglocska] +- Some exports (HIDS, NIDS) failing on certain MySQL versions due to an + only_full_group_by policy violation in the attribute fetcher, fixes + #1390. [iglocska] +- Updated the stix export files to support separate packaging. + [iglocska] +- Update to the caching task. [iglocska] +- Refactoring of the STIX export. [iglocska] + + - Also adding it to the caching mechanism + - still WIP +- Differentiate queued and running jobs if no granular progress is + returned. [iglocska] +- Version bump. [iglocska] +- Updated to the latest version of the MISP taxonomies. [Alexandre + Dulaunoy] +- Update to latest version of PyMISP. [Alexandre Dulaunoy] +- Corrected attribute degradation on pull. [iglocska] + + - events were correctly degrading, however, attributes weren't on a pull + - also removed some ancient compatibility code that was there for MISP 2.0 which is a version that hasn't been supported in ~3 years +- Cleaner way of handling no correlations in the correlation engine + changes. [iglocska] +- Fixed a missing field in the correlation lookup causing travis to + fail. [iglocska] +- Remove incorrect correlations on deleted attributes. [iglocska] +- Performance boost for the correlations. [iglocska] + + Going through insertMulti to insert correlations to get a massive speed boost +- Removed debug from previous commit. [iglocska] +- Resolved slow ingestion of warninglists. [iglocska] + + - switched to a more direct database access approach for the warninglist entry insertion +- Cleanup of some unused code. [iglocska] + + - based on @rotanid's findings +- Removed incorrect uses of pass by reference, fixes #1472. [iglocska] +- Remove substr() from value in CIDR part of restSearch. [Andreas + Ziegler] +- Add missing $ to variable name in CIDR part of attribute search. + [Andreas Ziegler] +- Fixed an invalid array_merge in the attribute fetcher. [iglocska] +- Raised the default timeout for modules. [iglocska] + + - possible fix for #1466 +- Some exports (HIDS, NIDS) failing on certain MySQL versions due to an + only_full_group_by policy violation in the attribute fetcher, fixes + #1390. [iglocska] +- Missing ACL entries added. [Iglocska] +- Small fix to the Shibboleth authentication. [Iglocska] +- Minor code issues: - added brackets to the IF/ELSE statement. + [Cristian Bell] +- Minor code issues: - redundant var initialisation - for the + automatically created organization the "created_by" is 0, which + produces a Notice error in /View/Organization/view.ctp. [Cristian + Bell] +- Attribute delete should not return the full event via REST, instead a + message saying that it was deleted similar to the event deletion is + enough, fixes #1449. [iglocska] +- Added check for instances not using database sessions to skip the + automatic session cleanup. [iglocska] + + - But... Use database sessions. +- Fixed an issue with the histogram on newer MySQL versions. [iglocska] +- Invalid response by the queryEnrichment() function if the module + server is not reachable. [iglocska] +- Overwrite cached json exports, fixes #1439. [Richard van den Berg] +- Cleaner input for caching jobs. [iglocska] +- Fixed an issue with large samples from modules causing the import + process to fail. [iglocska] +- Don't show the No worker active message in the jobs index if a job is + already completed. [iglocska] +- Fixed the performance issues with the self cleaning by adding an index + to the expired field. [iglocska] +- Some performance tuning for the auto-session-cleanup. [iglocska] +- Debug mode not set throws notices. [iglocska] +- Added automatic cleanup of expired sessions. [iglocska] + + - on page load for site admins +- View for the new jobs screen. [iglocska] +- Invalid permission check order leads to a notice. [iglocska] +- Show tag value in event history, fixes #1422. [iglocska] + + - also log removed tags +- Organisation index view fixes. [iglocska] + + - Changed the name of the User count field + - Fixed an issue where the lookup of an invalid index not handled in the user count array occured when an organisation had no members (for example an external organisation, or a newly created local organisation) +- Moved lookup function from controller to model and fixed some other + issues. [iglocska] + + - That function has no reason not to be in a model + - Removed invalid contain + - Simple lookup against the users table is more efficient +- Permissions for non-auth enabled users to use the API fixed. + [iglocska] +- Hover not working correctly for users viewing the events of another + organisation. [iglocska] + +Other +~~~~~ +- Merge branch '2.4.51' into 2.4. [iglocska] +- Model/Server.php modified so the settings remain the same after config + change on the web UI. [ppanero] +- Merge branch '2.4' into 2.4.51. [iglocska] +- Merge branch '2.4' into 2.4.51. [iglocska] +- Merge branch '2.4' into 2.4.51. [iglocska] +- Merge branch '2.4' into 2.4.51. [iglocska] +- Merge branch 'sslclientsync' into 2.4.51. [iglocska] +- Merge branch 'sslclientcert' into sslclientsync. [iglocska] +- Example API script using client cert. [Richard van den Berg] +- Merge branch '2.4' into sslclientsync. [iglocska] +- Add support for sync server SSL client certificates. [Richard van den + Berg] +- Merge branch '2.4' into 2.4.51. [iglocska] +- Merge branch '2.4' into 2.4.51. [iglocska] +- First iteration of the internal sync rework. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1482 from Rafiot/travis. [Raphaël Vinot] + + Fix travis +- Fix travis. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1476 from rotanid/filename-regexes. [Andras + Iklody] + + new filename regex & separate functions +- Merge pull request #1462 from rotanid/obsolete-files. [Andras Iklody] + + remove obsolete backups of config files +- Merge pull request #1469 from rotanid/centralize-cidr-check. [Andras + Iklody] + + Centralize CIDR checks +- Merge pull request #1470 from rotanid/cleanup-tplctr. [Andras Iklody] + + cleanup TemplatesController.php +- Merge pull request #1471 from rotanid/filename-regexes. [Andras + Iklody] + + filename regex changes +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1468 from rotanid/bugfixes. [Andreas Ziegler] + + Bugfixes +- Merge pull request #1464 from rotanid/indention-fixes. [Andreas + Ziegler] + + fix indention of 4 files +- Merge pull request #1463 from rotanid/config-readability. [Andreas + Ziegler] + + better readability of config files +- Revert "chg: remove not used old plugin file" [Iglocska] + + This reverts commit dd8ec54e2a6512a12c0214287db79a676a8dc968. +- Merge pull request #1461 from rotanid/cleanup. [Andreas Ziegler] + + Cleanup +- Merge pull request #1460 from rotanid/sightings-cleanup. [Andreas + Ziegler] + + chg: cleanup Sighting.php +- Merge pull request #1459 from rotanid/uses-import. [Andras Iklody] + + remove several usages of App::import() in favor of App::uses() +- Merge pull request #1458 from rotanid/cleanup-old-plugin-orphans. + [Andras Iklody] + + chg: remove not used old plugin file +- Merge pull request #1454 from ppanero/sso_integration_plugin. [Andras + Iklody] + + Bug fixing on shibboleth auth. DB group loading and missing email bug… +- Bug fixing on shibboleth auth. DB group loading and missing email bugs + fixed. [ppanero] +- Merge pull request #1456 from rotanid/fileaccess-overhaul. [Andras + Iklody] + + FileAccess cleanup/consistency +- Merge pull request #1451 from cristianbell/fix_minor_code_fixes. + [Andras Iklody] + + fix: minor code issues: +- Merge pull request #1443 from rotanid/boolean-datatype-handling. + [Andras Iklody] + + change of boolean datatype handling #2 +- Merge pull request #1446 from + cristianbell/chg_1445_OrgUUID_visible_to_everyone. [Andras Iklody] + + chg: Org UUID visible on the organisations/view/ page #1445 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1447 from rotanid/cakephp-update-286. [Andras + Iklody] + + update cakephp to 2.8.6 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1444 from Rafiot/bump_pymisp. [Raphaël Vinot] + + Bump PyMISP +- Bump PyMISP. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1442 from rotanid/less-mysql-dependency. [Andreas + Ziegler] + + chg: dont depend on MySQL-result-format of select-count() +- Merge pull request #1441 from rotanid/cleanup. [Andras Iklody] + + Cleanup +- Merge pull request #1440 from RichieB2B/ncsc-nl/cachejson-fix. [Andras + Iklody] + + Overwrite cached json exports instead of appending +- Added placeholder for authkey on server edit. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Delete old and unused configuration file. [Alexandre Dulaunoy] + + Delete old and unused configuration file +- Merge pull request #1438 from rotanid/mysql-index-add-expires. [Andras + Iklody] + + chg: add index for cake_sessions expires to MYSQL.sql +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge pull request #1437 from rotanid/less-mysql-dependency. [Andras + Iklody] + + Less mysql dependency +- Merge pull request #1436 from rotanid/typofix. [Andreas Ziegler] + + chg: fix typo +- Merge branch 'memberslist' into 2.4. [iglocska] +- Merge branch '2.4' into memberslist. [iglocska] +- PyMISP updated to the latest version including the tests. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1435 from cristianbell/fix_#1355. [Andras Iklody] + + chg: attribute list on view event page sort by date issue #1355 +- Merge pull request #1429 from cristianbell/fix_misp2.49.50.js_#1428. + [Andras Iklody] + + GET misp2.4.49.js - 404 Not Found #1428 +- GET misp2.4.49.js - 404 Not Found #1428. [Cristian Bell] +- Update to the latest version of PyMISP. [Alexandre Dulaunoy] +- Version bump. [iglocska] + + +v2.4.50 (2016-08-10) +-------------------- + +New +~~~ +- Added export module first iteration. [Iglocska] +- First revision of the new import system. [Iglocska] + +Changes +~~~~~~~ +- Handle module results in one place. [Iglocska] +- Remove duplicate line from install doc. [Andreas Ziegler] +- Small cleanup of MYSQL.sql. [Andreas Ziegler] + + - integers instead of strings + - spaces after commas, not before + - add&remove spaces +- Updated to the latest version of MISP taxonomies. [Alexandre Dulaunoy] +- Added a warning for site admins for the export page to avoid site + admins sharing a full export by accident. [Iglocska] +- PyMISP updated to the latest version. [Alexandre Dulaunoy] +- Viewing the public attributes of an event. [Iglocska] + + - new named parameter /public:1 for the event view to view the public information of an event + - it will filter out all attributes that are not visible to all or inherit the event + - if an event is not set to distribution all, the view will throw an exception if the parameter is passed + - it can be used for data views by accessing /events/view/event_id/public:1.json or /events/view/event_id/public:1.xml + + - Also some fixes to the fetchEvent algorithm that ignored optional sharing group and distribution settings for site admins +- Small change to allow for categories to be passed through the + enrichment modules. [Iglocska] +- Added sync user's org to the sharing group view. [Iglocska] + +Fix +~~~ +- Some cleanup. [Iglocska] +- Removed debug. [Iglocska] +- Further work on the modules. [Iglocska] +- More capitalisation. [Iglocska] +- Capitalisation > me. [Iglocska] +- More capitalisation issues. [Iglocska] +- I suck at capitalisation. [Iglocska] +- Lowercasetypo. [Iglocska] +- Fixed some issues with the module services not using the correct + url/port settings. [Iglocska] +- Fixed checkbox types. [Iglocska] +- Fixed the import module. [Iglocska] + + - correctly populates the resolved attribute list + - added validation by input type for fields + - added error message from introspection config to the validation check + - still needs plenty of refinement +- XSS vulnerability in a malicious feed provider. [iglocska] + + Thanks to Emanuele Gentili from tigersecurity.pro for reporting this vulnerability +- Small change, removal of unnecesary parameter. [iglocska] +- Fixed some issues with the misp export importer and added better + logging. [iglocska] +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Warning lists updated to the latest version. [Alexandre Dulaunoy] +- Removed the old administrative tools panel. [iglocska] +- Some cleanup in the freetext tool. [iglocska] +- Last pushed/pulled ID are not in the db anymore. [Raphaël Vinot] +- Clarification on menu. [KalyParker] + + Change menu 'Send Credentials' by 'Reset Password' on User's administration page. + The functionality is to reset the password, not simply send credentials :speak_no_evil: +- Description of the JSON and XML was reversed. [Alexandre Dulaunoy] +- Warninglist warnings not shown if no relations are present. [Iglocska] +- Some fixes to the caching. [Iglocska] + + - invalid linebreaks used for the hids caching + - added sha256 to the hids caches +- Added progress bar to JSON cache generation. [Iglocska] +- Various fixes to the cached exports. [Iglocska] + + - Tightened the rules for export generation when no valid published events exist + - Corrected various issues with the progress bars + - Added the missing JSON export to the caches + - XML/JSON caches now correctly take into account the cached attachent inclusion setting + - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not + - Added correct progress bar to the HIDS export +- No categories set in a module causes the enrichment to fail. + [Iglocska] +- If no attribute type change is possible in the resolved + freetext/enrichment results then the correlation popover didn't fire. + [Iglocska] +- Missing parameter in the OpenIOC export fixed, fixes #1393. [Iglocska] +- Fixed the white text on white background in proposal relation + popovers. [Iglocska] +- Some proposal correlations lack the remove event date, for now only + show it if it exists, fixes #1386. [Iglocska] +- If the types field passed back from the enrichment module is a string + the import fails. [Iglocska] +- Aligned freetext import with the changes to the attribute resolution. + [Iglocska] +- Fix to the 2.4.49 SG upgrade. [Iglocska] + + - was incorrectly changing the org_id of the synced sharing group instead of adding the org to the distribution list +- Remove list of instances for roaming sharing groups. [Iglocska] +- Allow distribution level 5 as an option for the upload_sample api, + fixes #1377. [Iglocska] + +Other +~~~~~ +- Merge branch 'feature/import-export-modules' into 2.4. [iglocska] +- Merge branch '2.4' into feature/import-export-modules. [iglocska] +- Merge branch '2.4' into feature/import-export-modules. [iglocska] +- Merge branch '2.4' into feature/import-export-modules. [Iglocska] +- Merge branch '2.4.50' into 2.4. [iglocska] +- Merge branch '1426' into 2.4. [iglocska] +- Jobs creation for admin done under org_id = 0, before was taking the + id of the group. [ppanero] +- Shibboleth authentication refined (Organization creation if the given + one in the configuration does not exists). export process displaying + as queued issue solved. Code changed in JobsController. [ppanero] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1423 from MISP/elhoim-complete-sentence. [Andras + Iklody] + + Complete sentence about confirmation of organisation merging +- Complete sentence about confirmation of organisation merging. [David + André] +- Merge pull request #1403 from Rafiot/fix_dbchange. [Andras Iklody] + + fix: Last pushed/pulled ID are not in the db anymore +- Merge pull request #1417 from RichieB2B/ncsc-nl/fix-exports. [Andras + Iklody] + + Fix export for non md5/sha1/sha256 types +- Fix export for non md5/sha1/sha256 types. [Richard van den Berg] +- Merge pull request #1413 from deloittem/feature/ansible. [Alexandre + Dulaunoy] + + MISP ansible +- Init MISP ansible. [Mathieu Deloitte] +- Merge pull request #1410 from ppanero/sso_integration_plugin. + [Alexandre Dulaunoy] + + SSO plugin (Shibboleth based). Instructions to enable and configure i… +- SSO plugin (Shibboleth based). Instructions to enable and configure it + are present in the app/Plugin/ShibbAuth/README.md. [ppanero] +- Merge pull request #1411 from kalyparker/changemenu. [Andras Iklody] + + fix: clarification on menu +- Merge pull request #1408 from rotanid/install-doc-fix. [Andreas + Ziegler] + + chg: remove duplicate line from install doc +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1398 from rotanid/mysql-cleaner. [Andreas Ziegler] + + chg: small cleanup of MYSQL.sql +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Update UPDATE.txt. [Alexandre Dulaunoy] + + Update the UPDATE process according to the development and release cycle. + + git fetch is required and not git pull. +- Merge pull request #1388 from 3c7/fix_categoriesarray. [Andras Iklody] + + Create categories array, if only one category given +- Create categories array, if only one category given. [nkuhnert] +- Merge pull request #1387 from 3c7/feature_customcomments. [Andras + Iklody] + + Using custom comments for module return values/attributes +- Using custom comments for module return value. [nkuhnert] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.49 (2016-07-22) +-------------------- + +New +~~~ +- Updates to the module system. [Iglocska] + + - hover modules now require a 0.5 second hover to fire off the query + - Introduced a new timeout setting to avoid a long lasting query by the module system to stall MISP +- Added a php version check to teh diagnostics page. [Iglocska] +- Work on the refactoring of the module system. [Iglocska] +- Added a tag restriction to restrict the usage of a tag to a single + organisation. [Iglocska] +- Installation instructions for MISP on Debian 8. [Andreas Ziegler] +- Installation instructions for MISP on Ubuntu 16.04. [Andreas Ziegler] + +Changes +~~~~~~~ +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Version bump. [Iglocska] +- Added the sharing group roaming setting to various parts of the + application. [Iglocska] + + - sharing group add/edit + - summary view + - push rule checks +- Use CASE WHEN instead of IF in $virtualFields. [Andreas Ziegler] +- Use 1/0 not true/false for conditions & other boolean sqlquery + elements. [Andreas Ziegler] +- Tags sharing input style checkbox forced. [Andreas Ziegler] +- Templates sharing input style checkbox forced. [Andreas Ziegler] +- Users autoalert/contactalert not empty & input style checkbox forced. + [Andreas Ziegler] +- Another cleanup of MYSQL.sql. [Andreas Ziegler] +- Information Security Indicators from ETSI and Microsoft CARO added. + [Alexandre Dulaunoy] +- Docs UPDATE/UPGRADE use latest tag/release instead of latest commit. + [Andreas Ziegler] +- Update INSTALL docs to use latest tag/release instead of latest + commit. [Andreas Ziegler] +- Add semicolon in sql queries. [Andreas Ziegler] +- Remove obsolete quotes from sql query. [Andreas Ziegler] +- Remove obsolete spaces from sql queries. [Andreas Ziegler] +- Add AFTER to sql ADD column statement. [Andreas Ziegler] +- Added additional DB changes required for PR #1334. [Iglocska] +- Added documentation on how to use the /index filters, fixes #1347. + [Iglocska] + + - Still has to be moved to the MISP book +- Remove obsolete uuid() wrapper. [Andreas Ziegler] +- Remove duplicate array item. [Andreas Ziegler] +- Move tables to retain alphabetical order. [Andreas Ziegler] +- Taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Remove quotes from integers in MYSQL.sql. [Andreas Ziegler] +- KEY/INDEX are synonyms in MySQL, use INDEX only. [Andreas Ziegler] +- Coding conventions in FileAccess.php. [Andreas Ziegler] +- Remove obsolete upload function from ShadowAttribute. [Andreas + Ziegler] +- Remove obsolete code. [Andreas Ziegler] +- Remove obsolete functions. [Andreas Ziegler] +- Remove quotes from integers in MYSQL.sql. [Andreas Ziegler] +- Use lowercase for int in whole MYSQL.sql. [Andreas Ziegler] +- Remove duplicate spaces from MYSQL.sql. [Andreas Ziegler] +- Added autoRegenerate to default.core.php. [Iglocska] + + - renews the session on activity +- Adding job duration to the "Job done." text. [Cristian Bell] +- Added pull diagram. [Iglocska] +- Allow multiple attributes to be added in one go via the API. + [Iglocska] +- Updated warninglists. [Iglocska] +- Make script executable. [Iglocska] +- Added a check for the prio worker, added it to the worker tab. + [Iglocska] +- Remove some obsolete FIXME notes. [Andreas Ziegler] + + the lines have been checked, only secure values are used as part of filenames and paths +- MISP stickers source added - PDF, SVG and PNG. [Alexandre Dulaunoy] +- Small fixes for ubuntu1604 install doc. [Andreas Ziegler] +- Make old debian install doc wheezy-specific. [Andreas Ziegler] +- New default logo on the login screen and some rearranging of the login + interface elements. [Iglocska] + + - Users with OCD, rejoice! +- Compress IPv6 addresses on import. [Andreas Ziegler] +- Updated to the latest version of the MISP taxonomies. [Alexandre + Dulaunoy] +- Remove useless empty comments at end of line. [Andreas Ziegler] +- Remove obsolete code. [Andreas Ziegler] +- Fix indention. [Andreas Ziegler] +- Use escapeshellarg() instead of addslashes() with exec() [Andreas + Ziegler] +- Add fingerprint to pgp key select popover. [Iglocska] +- DescribeTypes broaden access to non-automation users too. [Alexandre + Dulaunoy] +- Improve file access using new Lib. [Andreas Ziegler] + +Fix +~~~ +- Sharing group edit summary tab issues. [Iglocska] + + - if no external organisations were added it still showed the sentence listing them with the list being empty +- Added salt generation to UserInitShell. [Iglocska] +- Don't require users to accept the terms and conditions if they are not + set, fixes #1381. [Iglocska] +- MySQL error on users.certif_public, fixes #1378. [Iglocska] +- Editing an event via the API should not require the distribution to be + set in the pushed payload. [Iglocska] + + - The goal is to be able to issue quick edits to single fields instead of having to include any other fields + - Permissions are checked before the internal _edit method anyway, this was only used to capture sharing groups +- Publish/Alert responses for API users added. [Iglocska] + + - publishing/alerting worked via the API, but it wasn't returning a response +- Small clarification in the diagnostics message for the PHP version. + [Iglocska] +- Remove the default defined salt #625. [Cristian Bell] +- Removed a DB change that lead to an endless redirect to the news page. + [Iglocska] +- Added the mitigation against httpoxy as described at httpoxy.org. + [Iglocska] +- Allow correlations between a proposal and attributes in the same + event. [Iglocska] +- Tag lookups are not string matches only, substring matches will not + work. [Iglocska] +- Cherry picking and pulling updates should not require the pull flag to + be set on an instance. [Iglocska] +- Removed the debug from the previous commit. [Iglocska] +- Fixed an issue with certificate uploades when adding an instance / + editing an instance. [Iglocska] +- Fix virustotal detection for the freetext import tool, fixes #1373. + [Iglocska] + + - regex currently looks for https://www.virustotal.com, but https://virustotal.com is also valid +- Roaming mode's functionality had to be reversed as it was still using + the logic of limiting the server distribution. [Iglocska] +- Added roaming to sharing groups in the mysql.sql. [Iglocska] +- Updated job_id to process_id for tasks in the leftover spots. + [Iglocska] +- No need for default tasks in the MYSQL.sql file any longer. [Iglocska] + + - handled by the tasks automatically on view +- Added perm_delegate to the default roles in the MYSQL.sql file. + [Iglocska] +- Fixed strings for tinyint(1) type fields in the MYSQL.sql file. + [Iglocska] +- Fixed a typo in the sharing group model. [Iglocska] +- Added the new role permission for perm_delegate to the role model. + [Iglocska] +- Fixes to the upgrade procedure for 2.4.49. [Iglocska] +- Save the process id of caching too. [Iglocska] +- Reverted version number in MYSQL.sql. [Iglocska] +- Changed field name from job_id -> process_id for tasks. [Iglocska] +- Use php5-redis package instead of pecl for deb7/ubu14. [Andreas + Ziegler] +- Submodule updates: force overwrite. [Andreas Ziegler] +- Several fixes to the sharing group behavious. [Iglocska] + + - New setting roaming: + - Until now, users could unselect "Limit instances to which data in this sharing group should be pushed to" + - This lead to no servers added to the distribution list, and MISP would simply determine, based on the sync rules, whether the host organisation of the remote instance is eligible for the event + - This works well in most cases, but in some cases, the local instance is not kept after a sync (aliases for the local instance baseurl vs remote instance's view of the url) + - In these cases the sharing groups ended up being "unlimited", which was not the intent + - Generally this shouldn't cause any issues as MISP still requires the sync link's organisation to be directly contained in an SG before it would push the event further + - However, introducing the roaming setting this can be more clearly defined + - By default, sharing groups are set to non roaming + + - Some further fixes to the sharing group update procedure for 2.4.49 + + - Update the roaming status of existing sharing groups. Local sharing groups with no instances attached will become roaming by default, all others are assumed to be non-roaming +- Add own org of sync user to the Sharing group if the sync user is in + no way contained in the sharing group. [Iglocska] + + - This situation should normally only occur during a pull when the remote end has a sharing group that allows access for all local orgs +- Progress on the sharing group fix for pulled server based sharing + groups. [Iglocska] +- Cleanup of some messy function call parameters. [Iglocska] +- Fixed an issue where a MISP.org setting with non alphanumeric + characters could lead to invalid STIX document generation. [Iglocska] +- Added taxonomies/delete to the ACL component. [Iglocska] +- Added functionality to remove taxonomies, fixes #1365. [Iglocska] +- Allow null values for taxonomies expanded column, fixes #1354. + [Andreas Ziegler] +- Tightened lookups for the addTag / removeTag APIs. [Iglocska] + + - no longer a substring match, users have to specify the full tag name +- Add perm_delegate to MYSQL.sql. [Andreas Ziegler] +- Remove SET from sql ADD column statement. [Andreas Ziegler] +- Update mysql structure for 2.4.49 updates. [Andreas Ziegler] +- Specify correct&specific branches in .gitmodules. [Andreas Ziegler] +- Additional chars =~ in mail address regex. [Andreas Ziegler] +- Use different variable name in sub-loop. [Andreas Ziegler] +- Check for correct event uuid and id. [Andreas Ziegler] +- Fixed an issue where an event view by a malformed UUID would result in + a lookup against the leading numerical value in the malformed UUID, + fixes #1338. [Iglocska] +- Add warninglist tables to MYSQL.sql. [Andreas Ziegler] +- Use same default value as in AppModel update mechanism. [Andreas + Ziegler] +- Tag keywords in attribute search filter has issues with an empty + newline, fixes #1330. [Iglocska] +- Fixed leading/trailing white spaces from breaking the quick filter on + the event index, fixes #1329. [Iglocska] +- Fixed an issue with an invalid offset in a comparison when adding + events. [Iglocska] +- Removed duplicate of the same condition. [Iglocska] +- Filtering on attributes in the event view gives a no attributes + warning if a tab doesn't contain attributes. [Iglocska] + + - Warning now only triggers if the event doesn't have any attributes in any tabs +- Throw exception for malformed xml file. [Andreas Ziegler] +- Set default value for realFileName. [Andreas Ziegler] +- Throw exception if necessary config cant be read. [Andreas Ziegler] +- Fixed two issues for API add event corner cases, fixes #1298. + [Iglocska] + + - Correctly handle old style creator org fields ("orgc":orgc_string) + - Correctly handle new tags with no colour set +- Follow up to the previous patch, same thing for log searches. + [Iglocska] +- Move case statement and add break. [Andreas Ziegler] +- Fixed an issue with org admins having too much access via the logs. + [Iglocska] +- Organisations updated with no changes cause erroneous log entries, + fixes #1099. [Iglocska] +- Allow the export of an empty event in MISP JSON/XML format, fixes + #1295. [Iglocska] +- Fixed an issue that caused MISP's capture org to disambiguate on the + name instead of the UUID in some cases. [Iglocska] + + - Due to a fallback mechanism the disambiguation happened on the name if there was no UUID match during the saving of an event instead of creating a new organisation. This was an issue if a remote org changed UUID for example. +- Added domain|ip to the OpenIOC export. [Iglocska] + + - also, the new system should be much easier to extend with new mapping options and is generally a lot cleaner. + - It would be more complete if Airbus wouldn't have skimped on power outlets on the A380s.... +- Rework of the IOC export component, fixes #1292. [Iglocska] +- Ambiguous order field fixed, fixes REST sort of index. Fixes #1266. + [Iglocska] + + - Fixes an issue where viewing the index of an instance remotely returns no events if sorted on a field. + - This was caused by some ambiguous field names (such as ID) + - Fixed by prepending the sorted field name by "Event." +- Fixed an issue with the attribute search incorrectly showing org + admins the edit button for attributes they don't own, fixes #1278. + [Iglocska] + + - Also added a way to propose directly from the attribute list / search results +- Empty comments may be added to events #1263. [Iglocska] + + - moved to plain jquery + - check on back+frontend + - better responses when adding events + - fixed an issue with the org_id not being selected for posts +- Fixed a notice error with the attribute pagination. [Iglocska] +- Reverted previous change. [Iglocska] +- Secureauth removed from the config dump. [Iglocska] +- Old upgrade SQL script moved to legacy directory. [Alexandre Dulaunoy] +- Removal of unused file. [Alexandre Dulaunoy] +- Removed the field restrictions from the save() calls in the certauth + plugin. [Iglocska] + + - apparently cakephp also removes those fields from the beforevalidation hook, meaning that a plugin can potentially escape any data consolidation methods. Not sure if this is intended behaviour by cakephp... +- Fix to an issue with default values not set by the beforeValidate of + users. [Iglocska] +- Case-insensitive functions calls. [Andreas Ziegler] +- Removed some useless loops, fixes #1231. [Iglocska] +- Reverted the change from addslashes -> escapeshellargs. Will revisit + the reason it was causing the uploads to fail at a later point in + time. [Iglocska] +- Multiple values for the restsearch quickfilter added. [Iglocska] +- Proposals now have the correct page title. [Iglocska] + +Other +~~~~~ +- Merge branch '2.4.49' into 2.4. [Iglocska] +- Merge branch '2.4' into 2.4.49. [Iglocska] + + Conflicts: + app/Controller/AppController.php +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1380 from treyka/patch-1. [Andras Iklody] + + Small documentation clarification +- Small documentation clarification. [Trey Darley] +- Merge branch 'feature/modulerework' into 2.4. [Iglocska] +- Merge branch '2.4' into feature/modulerework. [Iglocska] + + Conflicts: + app/Model/Module.php +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1375 from cristianbell/fix_625_default_salt. + [Andras Iklody] + + fix: Remove the default defined salt #625 +- Merge branch '2.4' into feature/modulerework. [Iglocska] +- Merge branch '2.4' into feature/modulerework. [Iglocska] +- Merge branch '2.4' into feature/modulerework. [Iglocska] + + Conflicts: + app/Model/Module.php + app/Model/Server.php +- Merge branch '2.4' of https://github.com/MISP/MISP into + feature/modulerework. [Iglocska] + + Conflicts: + app/Model/Server.php +- Merge branch '2.4' into 2.4.49. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch 'perm_delegate' into 2.4. [Iglocska] +- - Allow delegation when unpublishedprivate is set - Use perm_delegate + instead of perm_publish for delegation. [Richard van den Berg] +- Update the Javascript package. [Iglocska] +- Fix Change the old job_id field to process_id in the tasks table. + [Iglocska] +- Merge branch 'email' into 2.4. [Iglocska] + + Conflicts: + INSTALL/MYSQL.sql +- For upgrades. [Steve Fossen] +- Mysql for bug #1180. [Steve Fossen] +- Update initial install mysql too. [Steve Fossen] +- Email not being sent causing sync to fail. [Steve Fossen] + + main.ERROR: {"queue":"default","id":"a8bc18ea021640ebce6f9354c2573718","class":"ServerShell","args":[["pull","1","2","full","2770"]]} failed: SQLSTATE[HY000]: General error: 1364 Field 'email' doesn't have a default value {"type":"fail","log":"SQLSTATE[HY000]: General error: 1364 Field 'email' doesn't have a default value", +- Merge branch 'jobid' into 2.4. [Iglocska] +- Change job_id to varchar to resolve #1180. [I-am-Sherlocked] + + As mentioned in #1180, every spot that task->job_id is being set: + + app/Model/Task.php + + app/Controller/TasksController.php + + it's the returned value from CakeResque::enqueueAt which is the process_id (MD5). + And I think renaming the field to process_id might be more representative of what it is? +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1367 from sfossen/patch-27. [Andras Iklody] + + log created is datetime not timestamp. +- Log created is datetime not timestamp. [Steve Fossen] +- Merge pull request #1366 from sfossen/patch-26. [Andras Iklody] + + rename to php variables match sql model +- Rename to php variables match sql model. [Steve Fossen] + + causing sync to fail, when new sharing groups are created. +- Merge pull request #1371 from rotanid/redis-doc-fix. [Andreas Ziegler] + + fix: doc: use php5-redis package instead of pecl for deb7/ubu14 +- Merge pull request #1370 from rotanid/update-doc-fix. [Andreas + Ziegler] + + fix: submodule updates: force overwrite +- Merge branch 'boolean' into 2.4. [Iglocska] +- Merge pull request #1362 from rotanid/taxonomy-expanded-null-value. + [Andreas Ziegler] + + fix: allow null values for taxonomies expanded column, fixes #1354 +- Merge pull request #1361 from rotanid/mysqlsql-clean. [Andreas + Ziegler] + + chg: another cleanup of MYSQL.sql +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1353 from rotanid/install-update-doc-improvements. + [Andras Iklody] + + Install/update doc improvements - releases instead of random commits +- Revert "Revert "chg: remove obsolete uuid() wrapper"" [Iglocska] + + This reverts commit bae6eadfe739a2d58b23dbe0d6263360500808f7. +- Merge pull request #1352 from rotanid/mysql-updates-cleanup. [Andras + Iklody] + + Mysql updates cleanup +- Merge pull request #1351 from rotanid/sql-bugfix. [Andras Iklody] + + Sql bugfix & add to mysql.sql +- Merge pull request #1343 from rotanid/update-appmodel-mysql-update. + [Andras Iklody] + + update mysql structure for 2.4.49 updates +- Merge pull request #1350 from rotanid/gitmodules-fix. [Andras Iklody] + + fix: specify correct&specific branches in .gitmodules +- Merge pull request #1349 from rotanid/mail-regex-change. [Andreas + Ziegler] + + additional chars in mail address regex +- Revert "chg: remove obsolete uuid() wrapper" [Iglocska] + + This reverts commit 77ca0f8dd46222c2a0c7bc38608e0215988f33f3. +- Merge pull request #1342 from rotanid/variable-in-loop. [Andras + Iklody] + + fix: use different variable name in sub-loop +- Merge pull request #1341 from rotanid/remove-uuid-wrapper. [Andras + Iklody] + + remove obsolete uuid() wrapper +- Merge pull request #1340 from rotanid/small-cleanup. [Andreas Ziegler] + + chg: remove duplicate array item +- Revert "fix: Fixed an issue where an event view by a malformed UUID + would result in a lookup against the leading numerical value in the + malformed UUID, fixes #1338" [Iglocska] + + This reverts commit 1b064133755b814152f9c3b988ff0b93f68af326. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1339 from rotanid/bugfix-uuid-id-check. [Andras + Iklody] + + fix: check for correct event uuid and id +- Merge pull request #1337 from CheYenBzh/2.4. [Andreas Ziegler] + + openIOC import issue / fileAccess class not found / Update EventsController.php +- Update EventsController.php. [CheYenBzh] +- Merge pull request #1332 from rotanid/mysql-sql-cleanup. [Andras + Iklody] + + MYSQL.sql cleanup #3 +- Update db_version in MYSQL.sql. [Andreas Ziegler] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1327 from rotanid/mysql-sql-cleanup. [Andras + Iklody] + + MYSQL.sql cleanup #2 +- Merge pull request #1326 from rotanid/fopen-handling-clean. [Andreas + Ziegler] + + chg: coding conventions in FileAccess.php +- Merge pull request #1283 from RichieB2B/ncsc/fix-push-events. [Andras + Iklody] + + Push events to server with push rules on non-exportable tags +- Push events to server with push rules on non-exportable tags. [Richard + van den Berg] +- Merge pull request #1286 from rotanid/shadowattribute- + uploadattachment-removal. [Andras Iklody] + + remove obsolete upload function from ShadowAttribute +- Merge pull request #1256 from rotanid/cleanup2. [Andras Iklody] + + misc cleanup round 3 +- Merge branch 'cleanup3' into 2.4. [Iglocska] +- Merge branch 'write' into 2.4. [Iglocska] +- Merge branch '2.4' into write. [Iglocska] +- Merge pull request #1324 from rotanid/mysql-cleanup. [Andras Iklody] + + MYSQL.sql cleanup +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1319 from cristianbell/fix- + 939_graceful_maintenance_page. [Andras Iklody] + + issue 993: Graceful maintenance message. +- Issue 993: Graceful maintenance message. [Cristian Bell] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Updated MISP taxonomies. [Alexandre Dulaunoy] +- Merge pull request #1321 from + cristianbell/chg_adding_job_duration_time. [Andras Iklody] + + chg: adding job duration to the "Job done." text. +- Merge pull request #1320 from Rafiot/update_tests. [Raphaël Vinot] + + Update testing +- Use more reasonable tests. [Raphaël Vinot] +- Update testing. [Raphaël Vinot] +- Merge pull request #1317 from cristianbell/fix- + mail_jobs_date_modified. [Andras Iklody] + + Email jobs do not update the date modified once completed. +- Email jobs do not update the date modified once completed. [Cristian + Bell] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1316 from deralexxx/patch-2. [Andras Iklody] + + Update UPDATE.txt +- Update UPDATE.txt. [Alexander J] +- Merge pull request #1315 from cristianbell/fix_issue_1289. [Andras + Iklody] + + issue 1289 - Cache jobs do not update the date modified once completed. +- Issue 1289 - Cache jobs do not update the date modified once + completed. I also added this to the contactemail(), publish(), + postsemail() and alertemail(). But it's commented out as it's not part + of the issue. I can commit it again w/ the lines uncommented. + [Cristian Bell] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1309 from rotanid/gfi-exceptions. [Andras Iklody] + + exceptions in _readGfiXml() +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1288 from peasead/2.4. [Andras Iklody] + + updated CentOS 7 INSTALL guide +- Updated CentOS 7 INSTALL guide. [Andrew Pease] +- Merge pull request #1307 from rotanid/bugfix. [Andras Iklody] + + fix: move case statement and add break +- Merge branch 'test' into 2.4. [Iglocska] +- Add prio worker. [Richard van den Berg] +- Create new prio queue for publishing events. [Richard van den Berg] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Misp-warninglists updated. [Alexandre Dulaunoy] +- Merge pull request #1297 from cristianbell/fix- + minor_CSS_HTML_bug_fixes. [Andras Iklody] + + fix minor css and html issues +- Fix minor css and html issues. [Cristian Bell] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1294 from cristianbell/chg- + loader_update_interval_increase. [Andras Iklody] + + changing the loading bar update interval from 1000 to 3000 (as it is … +- Changing the loading bar update interval from 1000 to 3000 (as it is + also in the jobs list); [Cristian Bell] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1282 from rotanid/fixme-cleanup. [Andreas Ziegler] + + remove some obsolete FIXME notes +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1277 from rotanid/install-doc. [Alexandre + Dulaunoy] + + Install document updates +- Merge pull request #1276 from rotanid/doc-ubu. [Alexandre Dulaunoy] + + installation instructions for MISP on Ubuntu 16.04 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Fix #1272. [Alexandre Dulaunoy] +- Merge pull request #1271 from sfossen/patch-25. [Alexandre Dulaunoy] + + typo in alter +- Typo in alter. [Steve Fossen] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1264 from rotanid/ipv6-compress. [Andras Iklody] + + compress IPv6 addresses on import +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1260 from sfossen/patch-24. [Andras Iklody] + + Organization UUID NULLable +- Fix for update script. [Steve Fossen] +- Organization UUID nullable. [Steve Fossen] + + 1. For older MISP there isn't UUID + 2. UUID in out of order RelatedEvent processing compared to first Event from Organization +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Latest version of PyMISP included. [Alexandre Dulaunoy] +- Merge pull request #1255 from rotanid/bugfix. [Andreas Ziegler] + + fix: case-insensitive functions calls +- Merge pull request #1238 from rotanid/cleanup. [Andreas Ziegler] + + cleanup obsolete code +- Merge pull request #1254 from rotanid/escapeshellarg. [Andras Iklody] + + chg: use escapeshellarg() instead of addslashes() with exec() +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.48 (2016-06-08) +-------------------- + +New +~~~ +- Enable/disable feed via API. [Iglocska] + + - simply POST to /feeds/enable/feed_id or /feeds/disable/feed_id to enable and disable a feed + +Changes +~~~~~~~ +- Version bump. [Iglocska] +- Lowered the level of the custom css setting. [Iglocska] +- Added the option to load a custom css after the default css. + [Iglocska] +- Update .gitignore to include .idea. [Andreas Ziegler] + + .idea contains settings of IDEs based on IDEA by IntelliJ +- Remove obsolete variables. [Andreas Ziegler] +- Remove obsolete files. [Andreas Ziegler] +- Use escapeshellarg() instead of addslashes() with exec() [Andreas + Ziegler] +- Use consistent lowercase true/false. [Andreas Ziegler] +- Update jquery to 2.2.4 & jquery-ui to 1.11.4. [Andreas Ziegler] +- Add newline character before EOF to non-minified (text-)files. + [Andreas Ziegler] +- Error handling after zip execution. [Andreas Ziegler] +- Remove comment: there is no exec wrapper in cakephp. [Andreas Ziegler] +- Remove handling of unsupported OS Windows. [Andreas Ziegler] +- Changed the naming convention of some scripts and updated them. + [Iglocska] +- ValueIsUnique assumed the deleted flag to be set on attributes. + [Iglocska] +- Events without attributes - warning for users and owner, fixes #1189. + [Iglocska] +- Changed the default bootstrap to not append port 80 / port 443 in any + case. [Iglocska] + + - it was causing issues for a user using a rather exotic configuration + +Fix +~~~ +- Fix to a bug that allowed adding server connections without an org. + [Iglocska] +- Some small fixes. [Iglocska] + + - Lowered TLP string setting to low importance + - auto set authkey if not set during user creation +- Add missing return statement. [Andreas Ziegler] +- Change to correct variable name. [Andreas Ziegler] +- Case-insensitive function calls. [Andreas Ziegler] +- Small fix to the top menu when debug mode is enabled. [Iglocska] +- Brace ordering. [Andreas Ziegler] +- Dont override type variable. [Andreas Ziegler] +- Case-sensitive functions calls. [Andreas Ziegler] +- Move unlink() to correct location. [Andreas Ziegler] +- Reverted two removals of dynamically accessed vars that shouldn't be + removed. [Iglocska] +- Left off change in view_graph.ctp. [Iglocska] +- Can't add Elements to a newly created Template. fixes #1188. + [iglocska] +- Fixed epel url for centos 7.x. [Iglocska] +- Minor cosmetic issue in distribution, fixes #1197. [Iglocska] +- Use of unset variable in Model/Event.php sendContactEmailRouter(), + fixes #1210. [Iglocska] +- Fix to a duplicate parameter passed to fetchevent instead of passing + the "to" parameter as expected. [Iglocska] +- Reverted a patch to allow organisations without uuids to be added. + [Iglocska] +- Cannot delete users, fixes #1200. [Iglocska] +- Fixed an issue with the text export not returning anything if used via + the API. [Iglocska] +- Default bootstrap fixed for http. [Iglocska] +- Fixed an issue with the default bootstrap.default.php. [Iglocska] +- Two small fixes. [Iglocska] + + - search by uuid on the event index via the quickfilters + - view button on the disussion index added to make the UI a bit more consistent + - This unimaginative patch would not have existed without an uncomfortable British Aerospace ATP +- Added the date field to the related attribute popover, fixes #1190. + [Iglocska] +- Fix to a previous change of the bootstrap.php file to accomodate for + some exotic setups. [Iglocska] +- Accidental invalid debug code left in the verifyGPG admin task + breaking the script. [Iglocska] +- Fix to an error with MISP and MySQL 5.7+ caused by no order clause on + a distinct select query, fixes #1188. [Iglocska] +- Cleanup of the password reset tool. [Iglocska] +- A removed user was giving some notice errors on the thread index. + [Iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Add gitter webhook. [Raphaël Vinot] +- Merge pull request #1237 from rotanid/bugfix3. [Andras Iklody] + + fix: add missing return statement +- Merge pull request #1235 from rotanid/bugfix1. [Andras Iklody] + + fix: change to correct variable name +- Merge pull request #1236 from rotanid/bugfix2. [Andras Iklody] + + fix: case-insensitive function calls +- Merge pull request #1243 from SleuthKid/feature/nav-ng. [Andras + Iklody] + + Small, non breaking changes to the MISP look and feel +- Small, non breaking changes to the MISP look and feel: - Removed old + school glass stuff from navbars (bye bye) - Removed blue flame effect + from MISP branding (srsly WHY?) - Minor ajustments to flush the + changes globally. [Robert Haist] +- Merge pull request #1244 from FIRSTdotorg/2.4. [Andras Iklody] + + fixed compatibility issues between the CertificateAuth plugin and Apache +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Guilherme Capilé] +- Merge pull request #1242 from FIRSTdotorg/2.4. [Andras Iklody] + + create an Organisation if a string is provided (and not org_id) +- Merge pull request #1241 from gitter-badger/gitter-badge. [Andras + Iklody] + + Add a Gitter chat badge to README.md +- Add Gitter badge. [The Gitter Badger] +- Apache compatibility adjustments. [Guilherme Capilé] +- Create an Organisation if a string is provided (and not org_id) + [Guilherme Capilé] +- Merge pull request #1240 from cristianbell/issue-1107. [Andras Iklody] + + Issue 1107 +- TLP:AMBER hardcoded in email subject #1107 - adding a default value. + [Cristian Bell] +- TLP:AMBER hardcoded in email subject #1107. [Cristian Bell] +- Merge pull request #1239 from RichieB2B/ncsc-nl/fix-certauth. [Andras + Iklody] + + Fix CertAuth plugin +- Add userDefaults explanation. [Richard van den Berg] +- Add missing Role, Organization, Server arrays to user. [Richard van + den Berg] +- Fix spaces. [Richard van den Berg] +- Add CertAuth.userDefaults example. [Richard van den Berg] +- Fix parentheses. [Richard van den Berg] +- Merge pull request #1227 from rotanid/patch-1. [Andras Iklody] + + chg: update .gitignore to include .idea +- Merge pull request #1230 from rotanid/bugfix2. [Andras Iklody] + + fix: brace ordering +- Merge pull request #1233 from rotanid/cleanup-variables. [Andras + Iklody] + + chg: remove obsolete variables +- Merge pull request #1229 from rotanid/bugfix1. [Andras Iklody] + + fix: dont override type variable +- Merge pull request #1232 from rotanid/cleanup-files. [Andras Iklody] + + chg: remove obsolete files +- Update bootstrap-timepicker to 0.3.0. [Raphaël Vinot] +- Rollback colorpicker to 2.0.0 ans update datepicker to 1.5.1. [Raphaël + Vinot] +- Update bootstrap-colorpicker. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #1228 from rotanid/case-sensitivity. [Andras + Iklody] + + fix: case-sensitive functions calls +- Revert last change, using the version of the CSS/JS does not work. + [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Merge pull request #1225 from rotanid/escapeshellarg. [Andras Iklody] + + chg: use escapeshellarg() instead of addslashes() with exec() +- Merge pull request #1224 from rotanid/true-false. [Andras Iklody] + + chg: use consistent lowercase true/false +- Merge pull request #1223 from rotanid/unlink. [Andras Iklody] + + fix: move unlink() to correct location +- Add css/js update script, update code accordingly. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + Conflicts: + app/webroot/js/jquery-toc.js +- Merge pull request #1219 from rotanid/jquery-update. [Andras Iklody] + + chg: update jquery to 2.2.4 & jquery-ui to 1.11.4 +- Merge pull request #1218 from rotanid/newlines. [Andras Iklody] + + chg: add newline character before EOF to non-minified (text-)files +- Merge pull request #1217 from rotanid/zip-exec-error-handling. [Andras + Iklody] + + Zip exec error handling +- Merge pull request #1216 from rotanid/no-windows. [Andras Iklody] + + chg: remove handling of unsupported OS Windows +- Merge pull request #1214 from rotanid/fileaccesshandling. [Andras + Iklody] +- EventsController: optimise file handling. [Andreas Ziegler] +- Merge pull request #1213 from rotanid/ModelEventCleanup2. [Andras + Iklody] + + Model/Event.php cleanup 2 +- Model/Event.php: remove unused functions. [Andreas Ziegler] +- Model/Event.php: remove unused variables. [Andreas Ziegler] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + Conflicts: + app/Model/Event.php +- Merge pull request #1212 from rotanid/ModelEventCleanup. [Andras + Iklody] + + Model/Event.php cleanup +- Model/Event.php: use different key variable in sub-loop. [Andreas + Ziegler] +- Model/Event.php: fix indention. [Andreas Ziegler] +- Model/Event.php: fix method invocation. [Andreas Ziegler] +- Model/Event.php: add variable defaults. [Andreas Ziegler] +- Model/Event.php: correct function naming. [Andreas Ziegler] +- Model/Event.php: remove duplicate array keys. [Andreas Ziegler] +- Merge pull request #1211 from rotanid/braces. [Andras Iklody] + + Braces +- Use consistent spacing around else if. [Andreas Ziegler] +- Use consistent spacing around else. [Andreas Ziegler] +- Remove space after unset before opening brace. [Andreas Ziegler] +- Add space after keywords if/for/foreach/while/switch/catch. [Andreas + Ziegler] +- Add space before opening curly brackets. [Andreas Ziegler] +- Merge pull request #1209 from rotanid/removal. [Andras Iklody] + + WhitelistsController.php: remove obsolete variable +- WhitelistsController.php: remove obsolete variable. [Andreas Ziegler] +- Merge pull request #1207 from rotanid/semicolon. [Andras Iklody] + + remove obsolete semicolon after closing curly bracket +- Remove obsolete semicolon after closing curly bracket. [Andreas + Ziegler] +- Merge pull request #1206 from rotanid/obsolete-spaces. [Andras Iklody] + + Removal of obsolete whitespace/spaces +- Remove single spaces after tabs. [Andreas Ziegler] +- Remove single spaces in front of tabs. [Andreas Ziegler] +- Remove whitespace at end of line. [Andreas Ziegler] +- Remove empty lines at end of files. [Andreas Ziegler] +- Remove whitespace (space/tab) from empty lines. [Andreas Ziegler] +- Merge pull request #1203 from sfossen/patch-23. [Andras Iklody] + + allow related events to send org uuid, since events send them already +- Allow related events to send org uuid, since events send them already. + [Steve Fossen] + + There is the potential, that an org shows up in the RelatedEvent before it shows up in an Event and causes sync to fail. Already submitted a pull request to fix the crash, but potential for incomplete data. +- Merge pull request #1202 from sfossen/patch-22. [Andras Iklody] + + not local and no uuid, it's an invalid organisation +- Not local and no uuid, it's an invalid organisation. [Steve Fossen] + + sync fails with + [2016-06-01 21:04:26] main.ERROR: {"queue":"default","id":"99b7d5ef61e24389ea2edf8c3f209856","class":"ServerShell","args":[["pull","1","1","full","2075"]]} failed: SQLSTATE[HY000]: General error: 1364 Field 'uuid' doesn't have a default value {"type":"fail","log":"SQLSTATE[HY000]: General error: 1364 Field 'uuid' doesn't have a default value","job_id":"99b7d5ef61e24389ea2edf8c3f209856","time":55606,"worker":"misp:14872"} [] +- Merge pull request #1154 from sfossen/patch-12. [Andras Iklody] + + reduce warnings in debug log +- Reduce warnings in debug log. [Steve Fossen] + + - don't query if we don't have the key + - set missing keys to null in foreach +- Merge remote-tracking branch 'origin/2.4' into 2.4. [Iglocska] +- Update PULL_REQUEST_TEMPLATE.md. [Raphaël Vinot] +- Update PULL_REQUEST_TEMPLATE.md. [Raphaël Vinot] +- Update ISSUE_TEMPLATE.md. [Raphaël Vinot] +- Merge pull request #1193 from rotanid/defaults. [Andras Iklody] + + add some defaults +- Add some variable defaults. [Andreas Ziegler] +- Merge pull request #1192 from rotanid/removal. [Andras Iklody] + + Removal of obsolete code +- Remove/update obsolete code. [Andreas Ziegler] +- Remove unused functions. [Andreas Ziegler] +- Merge branch 'rotanid1' into 2.4. [Iglocska] +- Remove/update obsolete code. [Andreas Ziegler] +- Remove unused functions. [Andreas Ziegler] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1165 from rotanid/misc2. [Andras Iklody] + + misc cleanup round 2 +- Explicit function call. [Andreas Ziegler] +- Remove obsolete space from: File ( [Andreas Ziegler] +- Explain regex and make it a bit simpler. [Andreas Ziegler] +- Fix upper/lowercase issues. [Andreas Ziegler] +- Remove commented out codelines. [Andreas Ziegler] +- Model/User.php: indention fixed. [Andreas Ziegler] +- Reformatting, indention, comment fixes. [Andreas Ziegler] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1199 from sfossen/patch-21. [Andras Iklody] + + remove continue at the bottom of loop +- Remove continue at the bottom of loop. [Steve Fossen] +- Merge pull request #1198 from Rafiot/composer. [Raphaël Vinot] + + Use composer to install cake resque +- Use composer to install cake resque, remove old dependencies. [Raphaël + Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Update PULL_REQUEST_TEMPLATE.md. [Raphaël Vinot] +- Update PULL_REQUEST_TEMPLATE.md. [Raphaël Vinot] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] +- Add PR template. [Raphaël Vinot] +- Update ISSUE_TEMPLATE.md. [Raphaël Vinot] +- Fix english in template. [Raphaël Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Raphaël + Vinot] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1194 from rotanid/bugfix. [Andras Iklody] + + UsersController.php: remove duplicate array key +- UsersController.php: remove duplicate array key. [Andreas Ziegler] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1129 from I-am-Sherlocked/patch-4. [Andras Iklody] + + Casting the sharing_group_id to int value +- Throw exception for sharing group if unauthorised user. [I-am- + Sherlocked] + + Instead of returning a false value for sharing_group_id, throw an exception if user is not authorised to save modifications to that sharing group. +- Fixing the error caused by a false sharing_group_id. [I-am-Sherlocked] + + If SharingGroup->captureSG returned false indicating it did not save the sharing group, then distribution should be set to 0, and the sharing_group_id to an integer 0. +- Casting the sharing_group_id to int value. [I-am-Sherlocked] + + Saving the sharing_group_id as it is returned by CaptureSG results in Error: [PDOException] SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'sharing_group_id' at row 1. Wrapping it in intval will insert the correct int value. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Warning lists updated to the latest version. [Alexandre Dulaunoy] +- Merge pull request #1182 from sfossen/patch-17. [Andras Iklody] + + Allow empty events in pull since they are pushed and importable +- Allow empty events in pull since they are pushed and importable. + [Steve Fossen] + + Pulling events from a MISP instance didn't match the events imported from that same MISP instance export, nor did it match events published onto that MISP instance and viewable. + + Events without attributes: + 1) can be pushed + 2) imported + 3) exported + + This fix allows them to be pulled to allow consistency with all other actions. +- Merge pull request #1186 from sfossen/patch-20. [Andras Iklody] + + remove deprecation warning. +- Remove deprecation warning. [Steve Fossen] + + Deprecated (16384): Using key `action` is deprecated, use `url` directly instead. [APP/Lib/cakephp/lib/Cake/View/Helper/FormHelper.php, line 383] +- Merge pull request #1185 from sfossen/patch-19. [Andras Iklody] + + don't query every event for proposals, when you don't have permission… +- Don't query every event for proposals, when you don't have permission + to get proposals. [Steve Fossen] + + A little hacky, but without correct permission, the returning null causes the else case ( Fallback for < 2.4.7 instances ) which then queries every event, for proposals which it doesn't have permission for, so wastes resources on both side. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1184 from sfossen/patch-18. [Andras Iklody] + + don't bother trimming if it's going to exit anyways. +- Don't bother trimming if it's going to exit anyways. [Steve Fossen] + + removes a warning on empty attribute. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1181 from sfossen/patch-16. [Andras Iklody] + + typo +- Typo. [Steve Fossen] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1168 from sfossen/patch-15. [Andras Iklody] + + remove default value from the call. +- Update Server.php. [Steve Fossen] +- Merge pull request #1169 from sfossen/patch-14. [Andras Iklody] + + change default to match check and downloadEventFromServer +- Change default to match check and downloadEventFromServer. [Steve + Fossen] +- Merge pull request #1159 from Deventual/patch-1. [Andras Iklody] + + Update UPDATE.txt +- Update UPDATE.txt. [Deventual] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Add issue template. [Raphaël Vinot] + + +v2.4.47 (2016-05-24) +-------------------- + +Fix +~~~ +- Wrong variable name in __ipv6InCidr() [Andreas Ziegler] +- Reverted a change that broke PyMISP's copy_list.py To be revisited for + a better solution. [Iglocska] +- Removed duplicate array keys, fixes #1162. [Iglocska] +- Fixed a broken tag situation when the line wrap happened just between + the tag and its delete button. [Iglocska] +- Tags were distorted when too many where in a single line due to a + crappy table. [Iglocska] +- Left off a change. [Iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1166 from RichieB2B/ncsc-nl/fix-mod_proxy_fcgi- + auth. [Andras Iklody] + + Fix for mod_proxy_fcgi + Apache 2.2 REST API authentication +- Pass Authorization HTTP header to php-fpm environment. [Richard van + den Berg] +- Merge pull request #1164 from rotanid/bugfix. [Andras Iklody] + + fix: wrong variable name in __ipv6InCidr() + + +v2.4.46 (2016-05-23) +-------------------- + +New +~~~ +- Added Statixtics for taxonomy and tag usage, fixes 1158. [Iglocska] + +Changes +~~~~~~~ +- Tiny fix to an if statement. [Iglocska] +- Added sort by value or name option for tag statistics API. [Iglocska] + + - usage: mymisp/tags/tagStatistics/[percentage]/[name-sort] + - both percentage and name-sort accept true/false + - false is always the default setting + - percentage set to true will show the tags by % instead of a count + - name-sort set to true will sort the results by the namespace, alternatively by the count/percentage + +Fix +~~~ +- Fixed some wonky behaviour with the popover enrichment and the warning + list popover. [Iglocska] +- Fixed an issue with the attribute search timing out. [Iglocska] +- Removed a superfluous line that broke lists of values from being + passed to the restsearch API. [Iglocska] +- Bug causing the attribute search to truncate the search terms when a + list of organisations is searched for, fixes #1156. [Iglocska] +- Added hard-delete for soft-deleted attributes, fixes #1144. [Iglocska] +- Added the option for users to see and undelete attributes if an event + was created by their org, fixes #1144. [Iglocska] + + - Also some minor fixes to the ACL + +Other +~~~~~ +- Merge pull request #1153 from sfossen/patch-13. [Andras Iklody] + + Handle error in getEventIdsFromServer better +- Handle error in getEventIdsFromServer better. [Steve Fossen] +- Merge pull request #1152 from rotanid/misc1. [Andras Iklody] + + misc cleanup round 1 +- Misc cleanup. [Andreas Ziegler] +- Merge pull request #1155 from rotanid/bugfix. [Andras Iklody] + + IOCImportComponent.php: correct order of braces +- IOCImportComponent.php: correct order of braces. [Andreas Ziegler] +- Merge pull request #1151 from rotanid/filechecks. [Andras Iklody] + + small change to file checks +- Small change to file checks, use readable() instead of exists() + [Andreas Ziegler] +- Merge pull request #1150 from rotanid/wording. [Andras Iklody] + + improve some text passages +- Improve some text passages. [Andreas Ziegler] + + +v2.4.45 (2016-05-20) +-------------------- + +New +~~~ +- Added the news functionality back. [Iglocska] + + - admins can add/edit/delete news items + - users get redirected if there is a newsitem that they haven't seen yet + +Changes +~~~~~~~ +- Some additional cleanup after the merge of some obsolete stuff. + [Iglocska] +- Some cleanup of old unused stuff. [Iglocska] +- Some more changes to the default bootstrap determination. [Iglocska] + + - updated bootstrap.default.php +- Added php5-json to ubuntu/debian installation guide. [Iglocska] + + - Added php5-json in case it is not installed by default thanks to the do no evil clause in the license (ノಠ益ಠ)ノ彡┻━┻ +- Small fix to the logs index. [Iglocska] +- Small cosmetic change on the log index. [Iglocska] + +Fix +~~~ +- Fix to the redirect issues on logout. [Iglocska] +- Added the new db changes to the SQL files. [Iglocska] +- Some more cleanup on the redirects at login. [Iglocska] +- Removed redirect to the news page if no user is logged on. [Iglocska] +- Fixed an issue that would create blank server entries after a + scheduled pull, fixes #1142. [Iglocska] +- Soft deleted attributes editable and they show up using attribute + search, fixes #1144. [Iglocska] +- Wrong default setting in bootstrap.php fixed. [Iglocska] +- Fix to an issue causing the sync to fail due to an invalid version + error for no reason. [Iglocska] +- Revert to relative paths only for requests coming via the command + line. [Iglocska] + + - baseurl not auto-resolved if the $_SERVER['SERVER_ADDR'] isn't populated + - solves issues with background workers executing requests on an instance where no baseurl is set +- Resolved commented out request type checks, fixes #1141. [Iglocska] +- Fixes to issues with MYSQL >= 5.7. [iglocska] +- Contact Users Form Email Issue fixed, fixes #1130. [Iglocska] + +Other +~~~~~ +- Merge branch 'feature/news' into 2.4. [Iglocska] +- Added url detection to the news items. [Iglocska] +- Merge branch 'pr1148' into 2.4. [Iglocska] +- Simplify file readability check. [Andreas Ziegler] +- Remove unused code-lines. [Andreas Ziegler] +- Remove comment: there is no exec wrapper in cakephp. [Andreas Ziegler] +- Remove commented out code lines. [Andreas Ziegler] +- Remove duplicate sha256 case. [Andreas Ziegler] +- Remove duplicate code. [Andreas Ziegler] +- Fix an array declaration. [Andreas Ziegler] +- Attribute.php: update comments, indention, readability. [Andreas + Ziegler] +- Merge branch 'pr1146' into 2.4. [Iglocska] + + Conflicts: + app/Controller/TemplatesController.php + app/Controller/UsersController.php +- Progressive removal of commented out if-statements. [Andreas Ziegler] +- AttributesController: remove obsolete commented code. [Andreas + Ziegler] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1137 from rotanid/bugfix-pr-976-kerberos. [Andras + Iklody] + + improve quality of PR#976 (kerberos auth) +- Improve quality of PR#976 (kerberos auth) [Andreas Ziegler] +- Merge pull request #1139 from rotanid/improvements. [Andras Iklody] + + improvements for comments & a regex +- Explain regex and make it a bit simpler. [Andreas Ziegler] +- AttributesController.php improvements. [Andreas Ziegler] +- Config.default.php: fix tiny typo. [Andreas Ziegler] +- Merge pull request #1138 from I-am-Sherlocked/patch-6. [Andras Iklody] + + Resolve only_full_group_by error in filterEventIndex +- Resolve only_full_group_by error in filterEventIndex. [I-am- + Sherlocked] + + Event.id required in group by, to resolve + + >Error: [PDOException] SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'Event.id' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by + + in Request URL: /events/filterEventIndex +- Merge pull request #1136 from sfossen/patch-11. [Andras Iklody] + + remove warnings when importing event attributes without distribution set +- Remove warnings when importing event attributes without distribution + set. [Steve Fossen] + + Warning (2): Illegal string offset 'distribution' [APP/Model/Event.php, line 1810] + Notice (8): Uninitialized string offset: 0 [APP/Model/Event.php, line 1810] + Warning (2): Illegal string offset 'distribution' [APP/Model/Event.php, line 1821] + Notice (8): Uninitialized string offset: 0 [APP/Model/Event.php, line 1821] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Visualization of the database schema. [Alexandre Dulaunoy] +- Merge pull request #1131 from I-am-Sherlocked/patch-5. [Andras Iklody] + + Resolving the sql_mode=only_full_group_by error in Search Log +- Resolving the sql_mode=only_full_group_by error in Search Log. [I-am- + Sherlocked] + + Similar to pull request #1121 and issue #749, the ID needs to be in group_by to solve this error in /admin/logs/search + + >Error: [PDOException] SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #1 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'Log.id' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by +- Merge pull request #1128 from sfossen/patch-10. [Andras Iklody] + + fail gracefully if sharing group incomplete +- Fail gracefully if sharing group incomplete. [Steve Fossen] +- Quick filters for the logs. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] + + +v2.4.44 (2016-05-12) +-------------------- + +Fix +~~~ +- Fixed an issue with the download as MISP XML/JSON failing for regular + users due to a permission issue. [Iglocska] +- Fix to an issue with server urls having a trailing slash causing an + invalid sharing group server detection. [Iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1125 from I-am-Sherlocked/patch-3. [Andras Iklody] + + Missing DEFAULT value in certif_public +- Missing DEFAULT value in certif_public. [I-am-Sherlocked] + + +v2.4.43 (2016-05-11) +-------------------- + +New +~~~ +- Started work on the new attribute deletion. [Iglocska] + +Changes +~~~~~~~ +- Prevent attribute edit on deleted attributes, prevent proposal + correlation on deleted attributes. [Iglocska] +- Some small fixes to the soft-delete. [Iglocska] +- Further work on the soft deletes. [Iglocska] +- Soft-delete ready for testing. [Iglocska] +- Further progress on the attribute soft-deletes. [Iglocska] +- Further progress on the attribute soft delete. [Iglocska] +- Further work on the attribute soft delete. [Iglocska] +- DB changes for the attribute deletion. [Iglocska] + +Fix +~~~ +- Attribute search - download as CSV returns empty result set, fixes + #1122. [Iglocska] +- Fixed an issue that would cause invalid empty events to be created + when using the API to delete attributes. [Iglocska] +- Several issues with the soft delete resolved. [Iglocska] +- Fixed broken undelete button. [Iglocska] +- Left off a change. [Iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch 'feature/soft-delete' into 2.4. [Iglocska] +- Merge branch '2.4' into feature/soft-delete. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1120 from sfossen/patch-9. [Andras Iklody] + + patch for smime +- Patch for smime. [Steve Fossen] + + smime patch also needed in base mysql for new installs. +- Merge pull request #1121 from I-am-Sherlocked/patch-1. [Andras Iklody] + + Update UsersController.php +- Update UsersController.php. [I-am-Sherlocked] + + Grouping by Organization.name will throw a MySQL error + "Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'misp.Organisation.id' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by" + in "Request URL: /users/memberslist" , since Organization.name is not a unique field. Grouping by Organization.id instead will fix the issue. +- Fixed the logging of attribute deletes. [Iglocska] + + +v2.4.42 (2016-05-05) +-------------------- + +Changes +~~~~~~~ +- Filter event index for my own events. [Iglocska] + + - Part of the initiative for a happier Andrzej +- Attribute search download also offered as JSON, fixes #1035. + [Iglocska] + + - also added some convenience functions for JSON/XML collections in the appropriate export tools + - can start reusing them in other functionalities +- Added event ID to enrichment input, fixes #1091. [Iglocska] +- Small comment fix. [Iglocska] +- Fixed the flash messages when viewing remote instances. [Iglocska] +- Fixed invalid output of some fields in the remote instance views. + [Iglocska] +- Removed the relation of users -> favourite tags. [Iglocska] + + - at the moment it is not used, but can cause issues + - revisit this later +- Version bump. [Iglocska] +- Added options to inject the SCL php paths into the PATH when executing + the worker shell scripts on RHEL/CentOS. [Iglocska] + +Fix +~~~ +- Problem with osint json/taxonomy, fixes #1119. [Iglocska] + + - Added a new validation for strings where "0" should be a valid value +- Comment from expansion lost after free-text import, fixes #1115. + [Iglocska] +- Attachment upload of existing file, fixes #1024. [Iglocska] +- Fixed an ACL issue preventing normal users from viewing the instance + version. [Iglocska] + + - this is required by the enrichment modules +- Fix to an issue for new installations. [Iglocska] + +Other +~~~~~ +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] + + +v2.4.41 (2016-04-28) +-------------------- + +Changes +~~~~~~~ +- Updated the user edit view to match the user admin edit view's + interpretation of the SMIME certificate field. [Iglocska] +- Renamed the JS used by MISP. [Iglocska] + +Fix +~~~ +- Fixed some issues with the favourite tags. [Iglocska] + + +v2.4.40 (2016-04-28) +-------------------- + +New +~~~ +- Favourite tags. [Iglocska] + + - Add a tag to your favourites list + - When tagging events there is a new setting: Favourite tags, which only contains the tags you've selected + +Changes +~~~~~~~ +- Added encryption feature with PGP or S/MIME support. [Alexandre + Dulaunoy] + +Other +~~~~~ +- Airbus added as contributor. [Alexandre Dulaunoy] + + +v2.4.39 (2016-04-27) +-------------------- + +Changes +~~~~~~~ +- Small test with the embedded headers. [Iglocska] +- Reverted the previous change. [Iglocska] +- Small fix to the headers sent for SMIME. [Iglocska] + +Fix +~~~ +- Fixed an issue with handling SMIME encrypted messages on instances + that don't have a signing key. [Iglocska] + +Other +~~~~~ +- Merge branch 'feature/smime' into 2.4. [Iglocska] +- Updates to the SMIME setup instructions. [Iglocska] +- SMIME changes. [Iglocska] + + - tied into auto upgrade system + - tied into server settings + - some cleanup of overly verbose debug + - Enforcing enable/disable everywhere + - Changed temporary file structure +- Merge branch '2.4' into smime. [Iglocska] + + Conflicts: + app/Controller/AppController.php +- Merge pull request #1106 from koenigswinter/patch-1. [Andras Iklody] + + Update UPDATE.txt +- Update UPDATE.txt. [Heiko Siebel] + + Adopt CyBox Version: 2.1.0.12 (analogue to INSTALL documentation) +- Warning lists added, branches clarified and copyright dates updated. + [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Updated warning list. [Alexandre Dulaunoy] +- Submodule update. [Iglocska] +- Add 'certif_public' in the fields. [devnull-] +- Unset 'certif_public' [devnull-] +- Add 'certif_public' in the searches. [devnull-] +- Missing ''domains.airbus@airbus.com': 'ai' [devnull-] +- Add the 'verify_certificate.ctp' view. [devnull-] +- Display the 'Certificate (x509) set' in the 'Ajax index' [devnull-] +- Add 'verifyCertificate' in 'Administration View' [devnull-] +- Update the config.default.php with the SMIME section. [devnull-] +- Add the field 'certif_public' in the view. [devnull-] +- Add the field 'certif_public' in Form. [devnull-] +- Add the field 'certif_public' in view. [devnull-] +- Add the field 'certif_public' in index. [devnull-] +- Add in form the field 'certif_public' [devnull-] +- Add in form the field 'certif_public' [devnull-] +- Patch SMIME to sign and encrypt email. [devnull-] +- Update fields & add certificate as attachment to email. [devnull-] +- Add function verifyCertificate & update of fields. [devnull-] +- Update the flash messages displayed when no GPG key or certificate are + set. [devnull-] +- Unset the user 'certif_public' [devnull-] +- Add certif_public in CakeSchema. [devnull-] +- Export the public certificate (for Encipherment) to the webroot. + [devnull-] +- Instructions to install SMIME patch. [devnull-] +- Specific transport class to send SMIME with CakePHP (add SMIME + headers) [devnull-] +- PATCH: Update the database schema (SMIME) [devnull-] + + +v2.4.38 (2016-04-23) +-------------------- +- Merge branch 'feature/warninglists' into 2.4. [Iglocska] +- Removed link type from network attributes. [Iglocska] +- Added filter to only view attributes that generate a warning. + [Iglocska] +- Polished the event level warnings. [Iglocska] + + - nice warning box on the right side + - warninglists that cause a clash are now URLs +- Fixed an issue that caused warnings to be attached only after + truncating the attributes for pagination. [Iglocska] +- Single transaction for saving all values of a warninglists from file. + [Iglocska] +- Warning message removed if no warninglists are enabled. [Iglocska] +- Submodule changes. [Iglocska] +- Gitmodules update. [Iglocska] +- Merge branch '2.4' into feature/warninglists. [Iglocska] +- First version of the warnings finished. [Iglocska] +- Further progress. [Iglocska] +- Further progress. [Iglocska] +- Import, enabling, viewing, indexing of warninglists finished. + [Iglocska] +- Warninglists WIP. [Iglocska] +- Fix to an invalid check. [Iglocska] +- Small tune to the freetext import. [Iglocska] + + - url vs filename differentiation still being a headache + - will need a more thorough look +- Keep formating of text type attributes. [Iglocska] +- Left off file. [Iglocska] +- Fix to the previous commit. [Iglocska] +- Fix to the PGP key being loaded into the session. [Iglocska] + + - it can lead to large PGP keys causing failed logins +- Fixed the IDS flag default setting for freetext-imported virus total + links. [Iglocska] +- Fixed several invalid detections in the freetext import tool. + [Iglocska] + + - Composite filename|hash types were incorrectly detected as hash types +- Freetext import tuning. [Iglocska] + + - refanging of various . notations +- Fix to the attribute quick edit field not being consistent with the + attribute list. [Iglocska] + + - use short names for distributions +- Fix to a missing e-mail field on the discussion list for deleted + users. [Iglocska] +- Added customisable main logo. [Iglocska] +- Org admins could not see the roles index. [Iglocska] +- Sighting feature added in the README. [Alexandre Dulaunoy] +- Merge pull request #1001 from deralexxx/2.4. [Andras Iklody] + + misp backup script +- Backup files as well. [Alexander J] +- Update misp-backup.sh. [Alexander J] +- Misp backup script. [deralexxx] +- Merge branch 'permissionfix' into 2.4. [Iglocska] +- Fix typos. [William Robinet] +- Fix permissions. [William Robinet] +- Removed an old unused field, fixes #1092. [Iglocska] + + - thanks to @steventgoossensB for finding the obsolete field +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #953 from MISP/elhoim-search-page-label. [Andras + Iklody] + + Changed text Find valid IOCs in search page +- Changed text Find valid IOCs in search page. [David André] + + Using "Only find IOCs to use in IDS" instead since the IOCs where to_ids=0 are not invalid. + It was confusing to some users. +- Added warning. [Iglocska] + + - to be removed once we do some testing +- Merge branch 'kerberos' into 2.4. [Iglocska] +- Add modification for erreur with ldap user modification for dc in conf + file. [Tristan METAYER] +- Add kerberos Authentification fonction. [trucky dev] +- Fix to the URL generation. [Iglocska] + + - sometimes the URLs are inconsistent in links within MISP (/shadowAttributes vs shadow_attributes) + - the URL generation now takes both cases into consideration +- Don't display menu items that the user has not right to access #1097. + [Iglocska] + + - Removed feeds button for org admins +- Some ACL fixes. [Iglocska] +- 3 significant figures instead of 2 for the attribute type breakdown. + [Iglocska] +- Change_pw was blocked for normal users. [Iglocska] +- Added percentages to the statistics API. [Iglocska] +- Didn't like the previous version of the statistics API. [Iglocska] + + - pretty printed JSONs to prevent eye-bleeds +- Added some statistics APIs for attribute types / categories. + [Iglocska] +- Comment in attribute resolution now reflects the actual source of the + attributes. [Iglocska] + + - instead of always saving it as the result of a freetext import + - it now replaces the comment with the source enrichment module if applicable +- Fixed a capitalisation fail. [Iglocska] +- Filter events by creator e-mail address. [Iglocska] + + - for site admins only +- Naming consistency. [Iglocska] + + - changed event description to event info in some views +- Pretty print event JSONs. [Iglocska] +- Pretty printed queryACL's JSON response. [Iglocska] +- Some small changes. [Iglocska] +- Small fixes. [Iglocska] + + +v2.4.37 (2016-04-18) +-------------------- +- Version bump. [Iglocska] +- Rework of the ACL. [Iglocska] +- Work on the new ACL system. [Iglocska] +- Add event date in alternate search results, fixes #1095. [Iglocska] +- Gitchangelog configuration added. [Alexandre Dulaunoy] +- Version bump. [Iglocska] + + +v2.4.36 (2016-04-15) +-------------------- +- Fixed a check for the upload sample API to check if the target event + actually exists. [Iglocska] +- Added comment field to upload sample API. [Iglocska] +- Changed the publish dating to number of days from fixed date. + [Iglocska] + + +v2.4.35 (2016-04-15) +-------------------- +- Added a way to block old publish alerts from going out. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1085 from rotanid/space-bugfix. [Andras Iklody] + + add margin between fileupload and submit button +- Add margin between fileupload and submit button. [Andreas Ziegler] +- Merge pull request #1078 from sfossen/patch-3. [Andras Iklody] + + defaults for events table. +- Revert the unsigned removal. [Steve Fossen] +- Defaults for events table. [Steve Fossen] +- Merge pull request #1076 from sfossen/patch-1. [Andras Iklody] + + default for roles perm_template +- Default for roles perm_template. [Steve Fossen] +- Merge pull request #1081 from sfossen/patch-6. [Andras Iklody] + + defaults for logs table. +- Defaults for logs table. [Steve Fossen] +- Merge pull request #1077 from sfossen/patch-2. [Andras Iklody] + + defaults for users tables. +- Defaults for users tables. [Steve Fossen] +- Merge pull request #1080 from sfossen/patch-5. [Andras Iklody] + + defaults for organisations table +- Defaults for organisations table. [Steve Fossen] +- Merge pull request #1079 from sfossen/patch-4. [Andras Iklody] + + defaults for jobs table +- Defaults for jobs table. [Steve Fossen] +- Merge pull request #1082 from sfossen/patch-7. [Andras Iklody] + + defaults for servers table. +- Defaults for servers table. [Steve Fossen] +- Merge pull request #1083 from sfossen/patch-8. [Andras Iklody] + + defaults for feeds table. +- Defaults for feeds table. [Steve Fossen] +- Merge pull request #1084 from rotanid/bugfix. [Andras Iklody] + + Model/Attribute.php: remove obsolete HTML-linebreak +- Model/Attribute.php: remove obsolete HTML-linebreak. [Andreas Ziegler] +- Sha-2 entries incorrect under Search Attributes GUI, fixes #1086. + [Iglocska] +- Merge branch 'feature/sightings' into 2.4. [Iglocska] +- Update to the data model. [Iglocska] +- Merge branch '2.4' into feature/sightings. [Iglocska] + + Conflicts: + app/webroot/js/ajaxification.js +- Fix to an issue with the freetext import tool. [Iglocska] + + - Due to a typo 64 character long hashes could not be correctly added via the freetext import tool + - Should be fixed now. +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1069 from RichieB2B/ncsc-nl/defang-hostnames. + [Andras Iklody] + + Defang hostname attributes +- Also defang hostname attributes. [Richard van den Berg] +- Short name for tags, fixes #1075. [Iglocska] +- If a user gets removed, the organisation cannot be shown in his/her + discussion thread posts and MISP throws notices. Show "Deactivated + user" instead. [Iglocska] +- Fix to some deprecated action references in some forms throwing + deprecated notices after upgrading to CakePHP 2.8. [Iglocska] +- [UI] Polulate using freetext in left Event Menu etc, fixes #1068. + [Iglocska] +- JSON structure inconsistencies and bug, fixes #1065. [Iglocska] +- Second iteration of the sightings. [Iglocska] + + - Added STIX sighting support + - better API add (via url parameter or POSTed object) +- Merge branch '2.4' into feature/sightings. [Iglocska] + + Conflicts: + app/Model/Event.php + app/Model/Server.php + app/View/Events/view.ctp +- Sightings column header disabled if sightings disabled. [Iglocska] +- Merge branch '2.4' into feature/sightings. [Iglocska] + + Conflicts: + app/Model/Attribute.php +- Merge branch '2.4' into feature/sightings. [iglocska] + + Conflicts: + app/Controller/SightingsController.php + app/Model/Sighting.php +- Fixed a bug with no sighting data in an event causing a notice. + [iglocska] +- Cleaned up some leftover junk and some new additions. [iglocska] + + - clicking on a sighting count on the event view reveals contributor list + - list of orgs and number of sightings + - Orgs only shown (outside of own) if the policy to anonimise orgs is not enabled + - works on an event and an attribute level +- First version of the sightings. [Iglocska] + + - add / delete sightings via REST + - add sightings via the UI + - View sightings info on an event and attribute level (event view only for now) + - differentiate between own sightings and that of other orgs (additional information via popover still coming) + + - settings: + - 1. enable / disable sightings server wide + - 2. set sightings policy + - a. Only Event owner can see sightings + everyone sees what they themeselves contribute + - b. Anyone that contributes sightings to an event can see the sightings data + - c. Everyone that can see the event can see the sightings + - 3. Anonymisisation (in progress, data correctly retrieved in business logic) + - a. if true, then only own org + "other" is shown + - b. otherwise all orgs that submitted sightings are shown + + Further improvements needed for version 1 of sightings: + - 1. Delete via the interface + - 2. View detailed sightings information + - 3. Graph the sightings data for the event + - 4. Include the Sightings data in the XML/JSON views + - 5. View sighting for attribute / event via the API + + +v2.4.34 (2016-04-08) +-------------------- +- Version bump. [Iglocska] +- Submodule update. [Iglocska] +- CakePHP update. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #1063 from deralexxx/patch-1. [Andras Iklody] + + Update UPDATE.txt +- Update UPDATE.txt. [Alexander J] + + solved an issue I had with "This account is currently not available." + + Guess we can also change that in install guide +- Start the popover script on the event's attribute indexes page load. + [Iglocska] +- Better sanitisation of the XML exports. [Iglocska] +- Fix to a bug with the enrichment system when using freetext type + results. [Iglocska] +- Fixed the event edit redirect on REST add. [Iglocska] + + - sends a 302 instead of a 404 +- Fixed a severe issue with the synchronisation causing edits to fail if + the baseurl was not set on the remote. [Iglocska] +- Changed proposal response parsing from object to array. [Iglocska] +- Renaming an event description does not update the correlations event + description, fixes #1058. [Iglocska] + + - Changing the event info / event date will update the correlations correctly +- Hover enrichment improvements. [Iglocska] + + - store fetched data in a variable, only fetch it once / view + - better handling of arrays returned, can still use improvements +- Organisation filter field was case sensitive. Fixed. [Iglocska] +- Some cleanup for the sync. [Iglocska] + + - fixed some issues with the error detection on synced events + - pre-filtering of events based on sync filters before pushing them should improve performance a great deal +- Changes to the logging to debug further. [Iglocska] +- Log the error code unless it is a 403. [Iglocska] +- Better error handling for pushes. [Iglocska] +- Fixed an invalid is_array call. [Iglocska] +- Typo fixed. [Iglocska] +- Fix to a copy-paste error as described in #935. [Iglocska] +- Typo fixed. [Iglocska] +- Added error handling for an edge case in the upload event to server + mechanism, should help debugging #935. [Iglocska] +- Upload sample API will not create malware-samples if the to_ids flag + is not set. [Iglocska] + + - mimicing the add attachment functionality + - to_ids flag not set will create an attachment instead of a malware-sample + - not setting the flag will not trigger the creation of any hashes +- Event filter window doesn't display correct information, fixes #994. + [Iglocska] +- Fixed an issue with the event edit API. [Iglocska] + + - pushing more than one change per second would get blocked due to the event not being newer even if no timestamp was set +- Added a fix to enrichment modules with hover functionality not showing + any results. [Iglocska] + + - When adding handling for modules returning arrays the default behaviour was overwritten. Fixed now. +- Initial feed loader tries to log an entry without initialising the log + model. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Reference to the Twitter account added. [Alexandre Dulaunoy] +- Changes to the STIX export. [Iglocska] + + - added new hash types + - added domain|ip type + + - some cleanup +- Rework of the correlation popovers. [Iglocska] +- Added the option to export in CSV format without any headers. + [Iglocska] +- Execute cache cleaning on next page load. [Iglocska] +- Cache clearing improved and added a manual cache clearing for admins. + [Iglocska] +- Error in the MYSQL.sql update. [Iglocska] +- MYSQL.sql updated. [Iglocska] +- Force all sessions to be deleted - also, temporarily removed the per + user session destruction. [Iglocska] +- Fixed to an invalid path in the cache cleanup. [Iglocska] +- Cleaner cache cleanup. [Iglocska] +- Destroy sessions on next page load for all users if there was a db + update. [Iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- MISP logo in a square. [Alexandre Dulaunoy] + + +v2.4.32 (2016-03-30) +-------------------- +- Split the tagging permission into two. [Iglocska] + + - New permission flag: perm_tag_editor + - taggers can tag events with existing tags + - tag editors can create / edit / delete tags + + - Fixed several misleading UI elements for tagging + - tagging users that don't own an event and aren't creators thereof cannot tag them + - this was enforced before but the UI elements were present and threw errors + + - Migration is automatic + - all existing tagger roles will automatically become tag editors + - restricting current roles takes manual admin action, but the functionality should remain unchanged for those that just update +- Case insensitive tagname lookup for the addtag / removetag APIs. + [Iglocska] +- Reworked the Tag add/remove APIs. [Iglocska] + + - new syntax + - old syntax still accepted + + - new tool for rearranging request data to allow the APIs to automatically catch and correct typical rearrange errors + + +v2.4.31 (2016-03-30) +-------------------- +- Fix to an issue with the password reset breaking the credentials. + [Iglocska] + + - The password change forced on users by administrators couldn't save new passwords + - instead it reset the password to a new random password + + - Resetting the password of such users via the admin interface should fix the issue + - Alternatively manually setting the password also fixes it +- Re-enabled the missing poporvers on relations. [Iglocska] +- Fixed some issues with the hover enrichment modules. [Iglocska] +- Some refactoring of the freetext tool. [Iglocska] +- Handling of the "freetext" return format via the enrichment modules, + and error handling fixed. [Iglocska] + + - freetext is now a valid return format, it will allow module developers to return an unparsed text blob which MISP will try to loop through the freetext import's detection mechanism + - still a lot of improvements to be done for the detection mechanism + + - error handling for modules, instead of discarding errors they are now shown as a flash message on the freetext import result screen +- Unpublish event if the published flag is not set during an edit. + [Iglocska] +- Fixed an issue where being redirected back to the edit page of the + edit organisation action would leave the user with an unpopulated + country list. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #1050 from SleuthKid/patch-1. [Andras Iklody] + + Small fix for main.css +- Small fix for main.css. [Robert Haist] + + There is a typo in main.css +- CIRCL logo added. [Alexandre Dulaunoy] +- Fix #1051. [Alexandre Dulaunoy] +- Fix #1051. [Alexandre Dulaunoy] +- Fix to an invalid default password complexity validation, fixes #585. + [Iglocska] +- Fixes to the plugin settings not working for any plugin beyond the + first one. [Iglocska] +- Fixed a merge issue that removed the correlations from the freetext + import view. [Iglocska] + + - also added the correlations to the enrichment view + + +v2.4.30 (2016-03-28) +-------------------- +- Verision bump. [Iglocska] + + +v2.4.29 (2016-03-28) +-------------------- +- Added the authkey to the admin user index, including filtering / + searching for them. [Iglocska] +- Added org blacklisting to the global menu. [Iglocska] +- Added logging to the blacklist models. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Expansion modules added. [Alexandre Dulaunoy] +- Fix to an invalid log entry being created for a failed authentication, + even on successful authentication attempts. [Iglocska] +- Version bump. [Iglocska] +- Merge branch '2.4' into feature/authentication. [Iglocska] + + Conflicts: + app/Config/bootstrap.default.php + app/Model/Server.php + app/webroot/js/ajaxification.js +- Appending the port when the baseurl is not set can now be disabled. + [Iglocska] +- Organisation blacklisting added. [Iglocska] +- Don't loop through the available modules when viewing the server + settings if no modules are available. [Iglocska] +- Added timestamp to the feed preview index, fixes #1044. [Iglocska] + + - looks a bit ugly, but since we don't have an event ID this makes sense. Altertnatively we can simply sort by timestamp by default and remove the field. +- Fix to an issue that causes the server certificate to be removed if a + sync connection is edited. [Iglocska] +- Fix to some typos in the templates, fixes #1041. [Iglocska] +- List the Sharing groups via the API, fixes #1032. [Iglocska] +- Fixed Proposal naming, fixes #1034. [Iglocska] +- Add an API for getting a list of types, categories and category-type + mappings supported by MISP, fixes #1031. [Iglocska] +- Further fixes. [Iglocska] +- Better logging of failed authentication attempts. [Iglocska] +- External auth error message changed. [Iglocska] +- Cleaner authentication issue messages. [Iglocska] +- Customise the home button. [Iglocska] +- Fix to the same issue. [Iglocska] +- Small change. [Iglocska] +- Small fix. [Iglocska] +- Added custom password reset / logout url. [Iglocska] +- Better automatic handling of the baseurl. [Iglocska] + + - Used to simply take the server address + - Switched to a method that tries to use SERVER_NAME > HTTP_HOST > SERVER_ADDR +- Fix to an empty validation method call. [Iglocska] +- Optionally remove the log out button from externally authenticated + users. [Iglocska] +- Merge branch '2.4' into feature/authentication. [Iglocska] +- Fix to the incoming address check. [Iglocska] +- First implementation of the new auth mechanism. [Iglocska] + + +v2.4.28 (2016-03-21) +-------------------- +- Version bump. [Iglocska] +- Merge branch 'feature/enrichment' into 2.4. [Iglocska] +- Enrichment system first iteration ready. [Iglocska] +- Fix to the optional settings not being passed to the enrichment + modules. [Iglocska] +- Further progress. [Iglocska] +- Better handling of no modules found / modules not reachable. + [Iglocska] +- Limit available enrichment options based on modules enabled. + [Iglocska] +- Dynamic settings retrieved from modules. [Iglocska] +- Updates to the enrichment system. [Iglocska] +- Merge branch '2.4' into feature/enrichment. [Iglocska] + + Conflicts: + app/Model/Event.php +- Fixed a typo in the feed adder, fixes #1022. [Iglocska] +- Default reverted to have the feeds disabled. [Iglocska] +- Fix to the previous commit. [Iglocska] + + - also enabling the test feed by default +- Update to the MYSQL.sql file for the feeds. [Iglocska] +- Releasable to field creates a popover on hover instead of click, fixes + #1012. [Iglocska] +- Fixed an issue where a non sharing group editor saw the edit / delete + buttons on the SG index, fixes #1012. [Iglocska] +- Attachment upload failing produces invalid flash message. [Iglocska] +- Allow the editing of the value in the freetext import results. + [Iglocska] +- Event.php trying to unset causes fatal error, fixes #1019. [Iglocska] +- Fixed an issue where a proposal correlation would fail. [Iglocska] +- Fixed an invalid org comparison, blocking users that try to add events + created by their own organisation on another instance from adding the + event. [Iglocska] +- Merge branch '2.4' into feature/enrichment. [Iglocska] +- First implementation of the enrichment modularity. [Iglocska] +- Next stage in the enrichments. [Iglocska] +- Merge branch '2.4' into feature/enrichment. [Iglocska] +- Initial version of the enrichment. [Iglocska] + + - setup enrichment service settings via the admin settings + - enable/disable + - set url + - set port + + - on the event view, attributes with enrichment options have a new action + - depends on the choices resolved from /modules from the enrichment service + - user can click enrichment and choose from the list of appropriate modules + + - when the user picks a module, MISP fetches the result of the query + - currently it stores and shows the result in a debug message + + - next step: Tie it into the freetext import results + - add additional fields to the python service + + +v2.4.27 (2016-03-11) +-------------------- +- Re-added a feed. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Fix to a new bug introduced with the freetext import tool. [Iglocska] + + - reusing the same variable name for keys for a loop nested in another loop is not clever +- Popover didn't work if type change was active. [Iglocska] +- Cleaner escaping of the popover. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Freetext import results now show similar attributes. [Iglocska] +- Correctly detect e-mail addresses in the freetext import tool. + [Iglocska] + + +v2.4.26 (2016-03-10) +-------------------- +- Version bump. [Iglocska] +- Temporarily removed a feed. [Iglocska] + + - will readd it in an upcoming hotfix +- Merge branch 'feature/feeds' into 2.4. [Iglocska] +- Feed didn't respect the enabled flag. [Iglocska] + + - if a feed was disabled a site admin could still pull the contents +- First version of Feed system ready. [Iglocska] + + - tied into background processes +- Added default feeds. [Iglocska] +- Removed accidental junk. [Iglocska] +- Annoying non-clickable tags on event index fixed. [Iglocska] +- Correctly assign tag / sharing group to event fetched from feed. + [Iglocska] +- New fields added. [Iglocska] + + - set the distribution and sharing group of a feed + - will set all events received to the appropriate setting + + - set a tag that should be applied by default to the events received from the feed +- Fixed an issue with the filtering. [Iglocska] + + - needle, haystack or haystack, needle. +- Added downloading of an event from the index, better error handling. + [Iglocska] +- Set attribute distribution to Inherit if it is not set. [Iglocska] +- Preview Event implemented. [Iglocska] +- Preview the index of a feed. [Iglocska] +- Merge branch '2.4' into feature/feeds. [Iglocska] + + Conflicts: + app/Model/Attribute.php +- Further progress. [Iglocska] +- Further progress on the feeds. [Iglocska] +- Work in progress on the feeds. [Iglocska] +- Return to the same event attribute pagination after accepting / + discarding proposals. [Iglocska] +- List Organisation in alphabetical order for new users, fixes #989. + [Iglocska] + + - Fixes an issue where organisations in both the admin add and admin edit user views were not sorted alphabetically + - delays Przemek enrage timer +- Set proposal's deleted field to 0 if nothing is set before saving, + fixes #988. [Iglocska] + + +v2.4.25 (2016-03-09) +-------------------- +- Scheduled push incorrectly used the user e-mail address instead of a + user object to initiate the sync, fixes #1000. [Iglocska] + + +v2.4.24 (2016-03-07) +-------------------- +- Version bump. [Iglocska] +- Better feedback on the sync connection test. [Iglocska] + + - sync users that have not accepted the terms / have had a password reset initiated were redirected to the login page + + - fixes to the issue + - if a user with automation/sync access uses the API and gets blocked because the terms weren't accepted or there is a pending password change they will be notified in a JSON/XML response + - the sync test now takes this into consideration starting with this version and will report the cause of the failure + + - Both instances have to be 2.4.24+ for this to be reported correctly +- More flexibility when editing events via the REST API. [Iglocska] + + - Change the distribution / sharing group with a simple payload + - no need to push any fields for the edit that are not required for the change + + - Example to change the distribution of an event via the API: + - POST to /events/edit/event_id + - payload {"Event":{"distribution": 4, "sharing_group_id":5}} + - this will change the distribution to the sharing group with ID=5 + - Requirements: User has to have access to SG(5) +- Fixed an issue with empty event tags still kept in the json output of + the event index. [Iglocska] +- Follow up fix to the previous patch. [Iglocska] +- Fixed a bug in the validation of two attribute types, fixes #1003. + [Iglocska] +- Added logging to the connection test failing. [Iglocska] + + - the logging logs exceptions that pop up during the test + - the idea is to be able to differentiate between no response, certificate issues, etc +- Follow up to the previous patch. [Iglocska] + + - pull / push mechanism would still alert on proposal exchanges +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] +- Fix to an issue with proposal notifications and tightening of the gpg + diagnostics. [Iglocska] + + - Proposal alerts would be generated even if a deleted proposal got synced from a remote instance + + - One of the GPG diagnostic checks could run if a previous prerequisite has already failed +- Slightly better error reporting for GPG diagnostic issues. [Iglocska] +- All events quick filter added to event index, fixes #950. [Iglocska] +- Event Tag numbering fixed. [Iglocska] + + - When fetching events, non exportable tags are blocked at a tag level + - this results in some empty eventTags, which were correctly unset + - however, this resulted in an associative array instead of an indexed one in the exports + + - fixed by reindexing the eventTags +- If a user is disabled then he should not receive mass admin e-mails. + [Iglocska] + + - however, if an admin specifically chooses to e-mail him/her it will still work +- Fixed an issue that blocked the editing of attributes in unpublished + events if the MISP.unpublishedprivate setting was set. [Iglocska] +- Shameless small edit of the install documentation. [Iglocska] +- Update to the Debian install docs to reflect the changes made to the + Ubuntu one. [Iglocska] +- Typo error with registrar fixed #984. [Alexandre Dulaunoy] +- Fixed an issue with the log search where the search terms would be + discarded after pagination. [Iglocska] +- Pagination incorrectly sorts log entries after flipping the page, + fixes #971. [Iglocska] +- Organisations sorted in the server add/edit views alphabetaically, + fixes #974. [Iglocska] +- Added & to the allowed characters in the e-mail type validation, fixes + #972. [Iglocska] +- Added quick filter tabs to the jobs index. [Iglocska] +- Better detection of the proxy settings not being set. [Iglocska] +- Fixed an issue that prevented the correct flash message to be shown + when an event publishing was successful but not all e-mails could be + sent out successfuly. [Iglocska] +- Fixed an issue where a proposal correlation would fail. [Iglocska] +- Fixed an invalid org comparison, blocking users that try to add events + created by their own organisation on another instance from adding the + event. [Iglocska] +- Version bump. [Iglocska] + + +v2.4.23 (2016-02-22) +-------------------- +- Fixed a bug that caused the publish e-mails to not respect the sharing + groups correctly. [Iglocska] + + +v2.4.22 (2016-02-21) +-------------------- +- Added correlation as a quick filter on attributes in the event view. + [Iglocska] +- Mass-accepting proposals did not work, fixes #959. [Iglocska] + + - fixed a legacy style org lookup +- Restore missing tasks if needed and some updates to the install + script. [Iglocska] + + - If a task is missing then visiting the task index will automatically re-create it + - MYSQL.sql brought up to date, the upgrade scripts in the application shouldn't have to run on first login +- Version bump. [Iglocska] + + +v2.4.21 (2016-02-19) +-------------------- +- Fix to a critical vulnerability for the login authentication + mechanism. [Iglocska] + + - The API key check was incorrectly logging in the wrong user when the API key started with a numeric value +- Fixed an issue with the link attributes in the attribute index/search. + [Iglocska] +- Merge pull request #954 from MISP/elhoim-doc-clarification. [Andras + Iklody] + + Clarify documentation for API calls +- Correct mistaken auto-replace of date. [David André] + + 2015-02-15 +- Clarify documentation for API call. [David André] + + Clarify which fields of events are used by **to**, **from** and **last** API calls parameters. +- Fix to an invalid org lookup when regenerating a user's authkey as an + org admin. [Iglocska] +- Disabled the background workers for travis for now. [Iglocska] +- Fix to setting the job progress before initialising the model when + correlating proposals. [Iglocska] +- Fixed a copy paste fail. [Iglocska] + + +v2.4.20 (2016-02-17) +-------------------- +- Added correlations on a proposal level. [Iglocska] + + - tied into automatic datamodel updates + - correlation is one way only (from proposal to attribute) + - proposals don't correlate with one another + + - all distribution rules are adhered to + - further improvements on the upgrade mechanism pipeline +- Changed the tag matching when capturing them case insensitive. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Updated misp-taxonomies. [Alexandre Dulaunoy] +- Fixed the reset button on the dashboard. [Iglocska] +- Fix to an invalid role check. [Iglocska] +- Added last login to org user index too. [Iglocska] +- Show last login for each user on the admin index. [Iglocska] +- Forgot to add save... [Iglocska] +- Some tuning to the previous commit. [Iglocska] +- Refresh auth on dashboard. [Iglocska] +- Several fixes to the add_misp_export tool, fixes #946. [Iglocska] + + - Fixed an issue where a user could take ownership of an event he added via this tool, even if the server setting to allow taking owenership was disabled + - Fixed an issue that allowed a non publisher user to publish via this tool +- Check "Encode Attachments" box on default, fixes #947. [Iglocska] +- Version bump. [Iglocska] +- Reverted a version fix within the XML file. [Iglocska] + + - needs further fixes, sadly the version has always just showed the major and minor version in the exports + - This masked an issue that would block the import of events that are even a hotfix away + + - As a temporary fix, I reverted the changes and the XML version field will now only show the major and minor version to restore compatibility (so 2.4.0 instead of 2.4.19) +- Fix to the issues with the proposals. [Iglocska] + + - proposals on REST edit could get added without an event_ID / attached to the incorrect event if certain conditions were met + - removed proposal from event edit completely, as it goes against the intended functionality of out of bounds proposal management + + - also added an update script that removes the invalid proposals + - these will automatically be rescyncronised on the next pull/push +- A recent CSS change broke the statistics page. [Iglocska] + + - Fixed +- Better log message for the previous commit. [Iglocska] +- Added cleaner error handling for events that could not be uploaded. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Delegation of sharing added in README. [Alexandre Dulaunoy] + + **delegating of sharing**: allows a simple pseudo-anonymous mechanism + to delegate publication of event/indicators to another organization. +- Added new attribute type x509-fingerprint-sha1. [Iglocska] +- Version bump and footer version fix. [Iglocska] + + +v2.4.18 (2016-02-13) +-------------------- +- Merge branch 'features/delegation' into 2.4. [Iglocska] +- Merge fixes. [Iglocska] +- Merge fixes. [Iglocska] +- Merge branch '2.4' into features/delegation. [Iglocska] + + Conflicts: + app/Controller/AppController.php + app/Model/AppModel.php + app/Model/Event.php + app/Model/Log.php + app/Model/Server.php + app/View/Elements/footer.ctp + app/webroot/css/main.css +- Removed an invalid version check. [Iglocska] +- First finished version. [Iglocska] +- First steps. [Iglocska] +- Hovering over an attribute correlations shows the correlated value. + [Iglocska] + + - this helps with composite attributes where only one half of the attribute correlates + + +v2.4.17 (2016-02-11) +-------------------- +- Version bump. [Iglocska] +- Merge branch 'feature/syncfix' into 2.4. [Iglocska] +- Fix to the tag import from XML if there is only a single tag. + [Iglocska] + + - Single element XML import issue is back for the event tag + - fixed +- Merge branch 'feature/syncfix' of https://github.com/MISP/MISP into + feature/syncfix. [Iglocska] +- Hunting down the remaining issues. [Iglocska] + + - creating a random number for the name should only happen on new entries, not on edits + - a sharing group edit can still contain new organisations, create them appropriately +- Remove modified from the fields to keep when updating a sharing group. + [Iglocska] +- Other half of the fix to the UUID issue with sharing groups. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #931 from Rafiot/pick. [Alexandre Dulaunoy] + + Cherry-picked #930 +- Add conditions for generateEmailAttachmentObject. [Richard van den + Berg] +- Add conditions for resolveEmailObservable. [Richard van den Berg] +- Add conditions for generateFileObservable. [Richard van den Berg] +- Set conditions for simple observables. [Richard van den Berg] +- Use constant Exploit Target id. [Richard van den Berg] +- Remove leading backslashes. [Richard van den Berg] +- Fix typo. [Richard van den Berg] +- Add RegKey hives and conditions. [Richard van den Berg] +- Add ExploitTarget title. [Richard van den Berg] +- MISP taxonomies added. [Alexandre Dulaunoy] +- Merge pull request #926 from wllm-rbnt/2.4. [Alexandre Dulaunoy] + + Fix typos +- Fix typos. [William Robinet] +- First take at the fix to the UUID issue with sharing groups. + [Iglocska] +- Fixes to the event downloads / APIs. [Iglocska] + + - download event as JSON now has the option to include attachments + - switched to using the restsearch api instead of the deprecated /events/xml API + + - added attachment inclusion to both restsearch apis + + - fixed some bugs with the API +- Added option to download CSVs of non published events. [Iglocska] + + - automatically overrides IDS flag too +- Issue with filter taxonomies details, fixes #920. [Iglocska] + + The filter options are now added to the pagination +- Removing PEM from a server connection parameter, fixes #771. + [Iglocska] + + - Added a way to remove the certificate file when editing the server connection + - Also, it shows the currently selected certificate file as it caused some confusion before +- Order alphabetically organisations in list of organisations to add, + fixes #918. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #919 from deralexxx/patch-1. [Andras Iklody] + + Update Whitelist.php +- Update Whitelist.php. [Alexander J] + + https://github.com/MISP/MISP/issues/681 +- Taxonomies update. [Iglocska] +- Tag / taxonomy enabling made easy, fixes #914. [Iglocska] + + - Enable tags for a taxonomy in one go + - Have an indicator of how many tags there are in the taxonomy and how many are enabled +- Default threat level setting for instance added. [Iglocska] +- Don't display options to users for which they don't have the rights to + use, fixes #880. [Iglocska] +- Fixed the progress bars on the export view, fixes #902. [Iglocska] +- Template population menu fixes. [Iglocska] +- Fixed a display issue for the template choices when the name of a + template is empty. [Iglocska] +- Removing template elements fixed, fixes #899. [Iglocska] +- Fixed adding / removing tags to a template, fixes #898. [Iglocska] +- Further fixes to the contact e-mail. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #904 from deralexxx/patch-5. [Andras Iklody] + + Comment a line that includes a comment +- Update INSTALL.ubuntu1404.txt. [Alexander J] +- Update INSTALL.ubuntu1404.txt. [Alexander J] +- Fix to the e-mail contents of the contact message. [Iglocska] + + +v2.4.16 (2016-02-02) +-------------------- +- Version bump. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #903 from deralexxx/patch-4. [Andras Iklody] + + Create INSTALL.debian.txt +- Create INSTALL.debian.txt. [Alexander J] + + I know there is already an ubuntu document, but still I found value to have it being mentioned that debian is supported as well + + (There are also some minor changes to the ubuntu docu, would adjust the ubuntu doc as well) +- Fixes to several permission issues with the e-mailer. [Iglocska] + + - contact e-mail recipients were incorrectly set resulting in the e-mails landing at the wrong recipient + - disabled users were not excluded from certain e-mails + + +v2.4.15 (2016-02-02) +-------------------- +- Version bump. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #897 from koenigswinter/2.4. [Andras Iklody] + + Update INSTALL.ubuntu1404.txt +- Update INSTALL.ubuntu1404.txt. [Heiko Siebel] + + 30: + gnupg-agent (apt-get install) + 178: - su www-data -c 'bash /var/www/MISP/app/Console/worker/start.sh', + sudo -u www-data bash /var/www/MISP/app/Console/worker/start.sh (default Ubuntu installation fails to start the workers after a reboot --> "www-data" has no shell in "/etc/passwd"). + 220: + pip install redis +- Major speed boost to the correlation. [Iglocska] + + - it seems that for some reason some conditions in the correlation lookup massacred the performance of the correlation + - doing that additional filter on a PHP level fixes it for now, but it would be interesting to investigate this further and potentially reuse the findings to improve other queries + + - also fixed an issue with the indexing script failing on some fulltext fields if it has to fall back to regular indeces. +- Reverted the automation change. [Iglocska] +- Merge branch 'update_script' into 2.4. [Iglocska] +- Merge pull request #1 from aaronkaplan/aaronkaplan-patch-1. [AaronK] + + Update UPDATE.txt +- Update UPDATE.txt. [AaronK] + + permissions: it's enough to chown -R www-data /var/www/MISP +- Merge branch 'master' of https://github.com/MISP/MISP. [aaronkaplan] +- Updated version check for cybox to be consistent with documentation. + [David André] + + Related to installation documentation update recommending to use 2.1.0.12 as cybox version (a23027eee4ea9c09d92cf1d5b6f9e69fa9934057) +- Merge branch 'master' of https://github.com/MISP/MISP. [aaronkaplan] +- Merge pull request #727 from abulhol/master. [Andras Iklody] + + added composite domain|ip attribute +- Merge branch 'master' of https://github.com/MISP/MISP. [aaronkaplan] +- Fixed the documentation (automation) page. The JSON URL was wrong. + [aaronkaplan] +- Left off a view for the org merge tool. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #894 from deralexxx/patch-3. [Alexandre Dulaunoy] + + Update INSTALL.ubuntu1404.txt +- Update INSTALL.ubuntu1404.txt. [Alexander J] + + change base url should be not optional but required for every installation to be changed +- Made the background workers baseline, should make the installation a + bit easier. [Iglocska] +- Fix to the initial version of the correlation on the event index. + [Iglocska] + + - also removed an expensive lookup of sharing group permissions required for event views utilising the pagination from being run on actions that do not make use of it +- Correlations on the event index, first implementation. [Iglocska] +- Display and Search for model ID in the audit logs, fixes #889. + [Iglocska] + + +v2.4.14 (2016-01-29) +-------------------- +- Version bump. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #893 from deralexxx/patch-2. [Alexandre Dulaunoy] + + mention install howto in Documentation part +- Mention install howto in Documentation part. [Alexander J] + + Spent some minutes to find the documentation how tot install MISP (and it is not mentioned in the PDF btw) +- Fix to the Proposal alerts not going out to users after one has + failed. [Iglocska] +- Flash message if the current user can accept/discard proposals on the + currently viewed event. [Iglocska] +- Fix to the download as... -> CSV export. [Iglocska] + + - incorrect parameter passed blocked CSVs from being exported when non IDS worthy attributes were meant to be included +- Reverted the header change, added note in app/Config/email on how to + enable it. [Iglocska] + + - otherwise it might break custom e-mail configurations +- Fix for the previous header issue. [Iglocska] +- Attempt to fix the returnPath issue. [Iglocska] + + - it looks like PHP is overriding the setting +- Set the returnPath header in e-mails correctly. [Iglocska] +- Version bump. [Iglocska] + + +v2.4.13 (2016-01-28) +-------------------- +- Added org merge tool. [Iglocska] + + - allows a site admin to merge all objects belonging to an organisation into another + - this can be useful if duplicate organisations exist for example + - the tool overrides the built in mechanism and should only be used if absolutely required + - at the end of the process the original organisation is removed + + - the tool generates 2 files that are dropped in the log directory of MISP + - 1 contains a JSON with all the changed fields and the IDs + - 1 contains an SQL script that allows an admin to revert the changes +- URL fallback when adding users fails for the sync user dropdown. + [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Fixed typos for organization. [Alexandre Dulaunoy] +- Fixed a bug that caused the "last" parameter in automation to fail. + [Iglocska] +- Added the option to override attribute creation in the freetext import + tool for site admins. [Iglocska] + + - site admins can now choose to create proposals instead of attributes via the freetext import tool via a checkbox +- Added a back button on the tag selection, fixes #845. [Iglocska] + + - User can now go back to the taxonomy selection when already in the tag select list +- Use freetext import tool for proposals, fixes #871. [Iglocska] + + - Added the ability to use the freetext import tool for proposals +- Show event owner in the alert e-mail, fixes #361. [Iglocska] +- Fixed an issue with the freetext import. [Iglocska] + + - url detection would detect any word with a trailing "." as a valid url + - google. was detected as a url + - this also caused training "."s to be included in valid urls + - http://www.google.com. +- Copy pasta fail on the populate from template action. [Iglocska] + + - the lookup for valid event access was comparing the user's org name to the event's org id which always failed +- Cleanup of loading attachments into the data fields of event data + views. [Iglocska] + + - was done inconsistently between attributes and proposals + - adding it via the fetchEvent method instead of the controller action +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Fix to a translation of the orgs to IDs in the event index filters, + fixes #868. [Iglocska] + + - it will now use the org name instead of the org ID + - also, orgs are now sorted alphabetically instead of by ID +- Discussion notification e-mails linked to an invalid url. [Iglocska] +- Fix to a notice in the log search, fixes #872. [Iglocska] +- Fixed an invalid org lookup on the proposal download blocking users + from downloading proposal attachments, fixes #874. [Iglocska] + + +v2.4.12 (2016-01-21) +-------------------- +- Merge branch 'feature/proposalFix' into 2.4. [Iglocska] +- Entering a valid controller/action and an invalid one produced a + different result pre-auth. [Iglocska] + + - not authenticated users now automatically get redirected to the login page, no matter what action they requested + - This as a nice side effect also removed the bug that was caused by a site admin looking at an admin function before logging out / timing out and being incorrectly redirected to /admin/users/login +- Merge pull request #866 from MISP/cybox-version-check. [Andras Iklody] + + Updated version check for cybox to be consistent with documentation +- Updated version check for cybox to be consistent with documentation. + [David André] + + Related to installation documentation update recommending to use 2.1.0.12 as cybox version (a23027e) +- Same SQL statement twice in a row for the cleanup script. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #865 from MISP/elhoim-patch-1. [Andras Iklody] + + Add php5-mysql in packages to install +- Add php5-mysql in packages to install. [David André] +- Update to the upgrade procedure. [Iglocska] + + - clearer instructions + - removal script for obsolete columns + + - the removed columns can cause exceptions if not removed as described in #814 + + +v2.4.11 (2016-01-20) +-------------------- +- Fix to an invalid org lookup. [Iglocska] + + - prevents normal users from seeing the proposal index + - still a left-over from 2.3 + + +v2.4.10 (2016-01-20) +-------------------- +- Version bump. [Iglocska] +- Fixed an issue with the visibility of proposals to attributes. + [Iglocska] + + - proposals to attributes didn't adhere to the visibility of the attribute + - users that were allowed to see an event but not a specific attribute could see proposals to the attribute +- Change to the previous commit. [Iglocska] +- Fix to the pagination of the orgs. [Iglocska] +- Added full text search to organisation index, fixes #803. [Iglocska] + + - also some fixes and enhancements in general for this + + +v2.4.9 (2016-01-19) +------------------- +- Fix to an issue with the XML cleanup method. [Iglocska] + + - lead to the XML REST add failing +- Attributes not included in the .json / .xml views of an event, leading + to attachments not being synchronised, fixes #862. [Iglocska] + + - it looks like I've left off the attachment encoding for the REST event view + - Should be fixed now +- Some changes to the default config file. [Iglocska] +- The new footer had two left feet. [Iglocska] +- Fix to an invalid permission lookup denying users from mass deleting + attributes due to a copy pasta fail. [Iglocska] +- Removed lowercasing of parsed strings in the freetext import. + [Iglocska] + + - case sensitive values also got lower-cased +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Pdb attribute - format is not checked. [Alexandre Dulaunoy] +- Pdb attributes added. [Alexandre Dulaunoy] + + pdb stands for Microsoft Program database (PDB) path information +- Whois-registrant-name attribute added. [Alexandre Dulaunoy] +- Adding URIs failed because of the missing validation entry. [Iglocska] +- Replaced the footer text. [Iglocska] + + - added link to the github page of MISP + - made the text "Powered by MISP vversion_number" fixed + - Replaced the surrounding text fields with two new fields (empty by default) +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge pull request #856 from rotanid/patch-1. [Raphaël Vinot] + + Update INSTALL.ubuntu1404.txt +- Update INSTALL.ubuntu1404.txt. [Andreas Ziegler] + + Debian 7 (Wheezy) is oldstable since April 2015 +- Replaced encoded copyright sign with the sign itself to avoid the + double encoding in the footer, fixes #853. [Iglocska] +- Reverted a change that leads to the pull failing. [Iglocska] +- Merge pull request #854 from RichieB2B/centos-docs. [Andras Iklody] + + Update CentOS documentation +- CentOS 7 needs chmod +x /etc/rc.local. [Richard van den Berg] +- Restart php-fpm after redis install. [Richard van den Berg] +- Updated MISP 2.4 INSTALL instructions for CentOS 6. [Richard van den + Berg] +- Updated MISP 2.4 INSTALL instructions for CentOS 7. [Richard van den + Berg] +- Fix to a bug allowing regular users of the owner organisation to + edit/delete a synced event as discovered by @h122015. [Iglocska] + + - requirements for the actions changed from an org_id match to an orgc_id match +- Fix to a bug that caused taxonomies to create duplicates instead of + updating an older version. [Iglocska] +- MISP taxonomies sub-module updated. [Alexandre Dulaunoy] +- Feature request via feathub added. [Alexandre Dulaunoy] +- Fix to an issue with the quickfilters not working, fixes comment by + ztormhouse. [Iglocska] + + - invalid search on the org field, a remnant from 2.3 + - didn't cause exceptions on migrated issues as the field isn't removed post upgrade + - throws an exception on fresh installations + + - fix now correctly looks up organisation names matching the entered string and uses the result set to filter the events +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #847 from Rafiot/add_csv_test. [Raphaël Vinot] + + Test CSV download +- Test CSV download. [Raphaël Vinot] +- MISP toolbar logo (CC-BY) [Alexandre Dulaunoy] +- Fix to an invalid data entry pre-validation call that broke prtn + attribute entry with a leading + [Iglocska] + + +v2.4.7 (2016-01-14) +------------------- +- Version bump. [Iglocska] +- Merge branch 'feature/proposalFix' into 2.4. [Iglocska] +- Fixes to the proposal system. [Iglocska] + + - proposals were not synchronised during pulls due to a bug + - affects both 2.3 and 2.4, the bug comes from the switch to json + - missing JSON view for proposal interface + - Also, 2.4->2.4 the organisation objects were incorrectly ommited from the sync + - Fixes: + - reverted back to XML for the old style proposal exchange + - 2.3->2.4 is now fixed + - 2.4->2.4 below 2.4.7 version will still not synchronise proposals on pull + + - Proposal pull reworked + - requires 2.4.7 on both ends or higher + - proposals are now synced in one go + - massive increase in speed and reduction of log entries + + - Proposal e-mailing reworked + - tied into the new 2.4 e-mailer, which was left out on 2.4's release by accident + - triggers correctly now when a proposal is added (also on pull) +- Sort orgs alphabetically in user index filters. [Iglocska] +- Fixed missing validation for malware-type type attributes. [Iglocska] +- Order attributes by UUID for the CSV export, fixes #849. [Iglocska] +- Further fix to the previous commit affecting the log search. + [Iglocska] + + - only show the subset of valid model options for the log search that would yield results based on the current dataset +- Fixed an issue with searching the logs by model where incorrect model + entries would also show up as options. [Iglocska] +- Several changes to the logs. [Iglocska] + + - index now shows the model that the log entry concerns + - added model to the search parameters + - this allows for searches such as new users added (Model:User - action:add) + + - fixed a bug with the log search where going back to the first page of results would return you to the search form +- Added purpose of UPDATE.txt. [Iglocska] +- Small fix to the contact users form for org admins. [Iglocska] +- Fixed a double slashed path in the writeable dir diagnostics. + [Iglocska] +- Fixed an issue where single event exports would fail. [Iglocska] + + - event id not stored in the events array from the passed parameters +- Check permissions on config files, fixes #837. [Iglocska] + + - red warning on the settings page if the config.php file is not writeable + - failed changes in settings due to the config.php file not being writeable logged +- Some small changes to the diagnostics. [Iglocska] + + - made the PHP settings check look a bit more clear and changed it from failures to recommendations + + - added a file permission check for config.php (can add more in the future such as the background worker log files which can prevent the workers from starting) +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Make sure the perms are right after the upgrade. [Raphaël Vinot] +- Merge pull request #840 from Rafiot/2.4. [Raphaël Vinot] + + Merge PR #679, add more php version in the travis runs. +- Add php 5.5 and 7.0 in the travis tests. [Raphaël Vinot] +- Merge branch 'pr/679' into 2.4. [Raphaël Vinot] +- Update .travis.yml. [Steve Peak] +- Update .travis.yml. [Steve Peak] +- Update .travis.yml. [Steve Peak] +- Update .travis.yml. [Steve Peak] +- Create .coveragerc. [Steve Peak] +- Debugging coverage. [Steve Peak] +- Add check for values on diagnostics page, fixes #839. [Iglocska] +- Updated an outdated upgrade procedure for cakephp in UPDATE.txt. + [Iglocska] + + - as described in #833 +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Changes to the organisations table in the upgrade script. [Iglocska] + + - matches the changes made to the MYSQL.sql + - makes contextual fields nullable +- FIxed several issues. [Iglocska] + + - some performance tuning for the restSearch API + - fixed an issue where overriding the contain parameters in the attribute fetcher would lead to an exception + - fixed an issue where accepting a proposal would try to copy the sharing group of the event incorrectly (it now simply gets set to inherit event) + - fixed an issue with the rest search API failing when some fields were not set +- Add org of proposal creator to the event view. [Iglocska] +- Added proposals to the event view attribute filters and fixed some + descriptions, fixes #828, fixes #827, fixes #821. [Iglocska] +- Rework of the scheduled caching jobs. [Iglocska] + + - fixed a series of issues with the exports + + +v2.4.6 (2016-01-07) +------------------- +- Fix to a trailing slash in the baseurl breaking the upgrade script. + [Iglocska] +- Fixed an issue where an event's sharing group ID would get set to the + first available option even when a non sharing group distribution + level is selected. [Iglocska] +- Reverted some contextual org fields to nullable. [Iglocska] +- Some cleanup. [Iglocska] +- Added tags to the CSV export, fixes #809. [Iglocska] +- Rework of the CSV export to include tags. [Iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Branch changed for Travis. [Alexandre Dulaunoy] +- Merge pull request #807 from Rafiot/clean_travis. [Raphaël Vinot] + + Update travis for 2.4, use Ubuntu Trusty +- Update travis for 2.4. [Raphaël Vinot] +- Updated upgrade.txt. [Iglocska] +- Quickfilter added for users. [Iglocska] +- Added malware sample to the file attribute filter. [Iglocska] + + +v2.4.5 (2016-01-04) +------------------- +- First version of the quick filters for the event view. [Iglocska] +- Payload delivery is now the default option for add attachment. + [Iglocska] +- Multiple file upload added to the add attachment functionality. + [Iglocska] +- Removed the test values for some attribute descriptions. [Iglocska] + + - still needs some work, few empty ones remain and a few descriptions could use clarification +- Merge branch 'portip' into 2.4. [Iglocska] + + Conflicts: + app/Model/Attribute.php +- Merge pull request #1 from abulhol/abulhol-patch-1. [Benjamin + Gathmann] + + added domain|ip composite attribute +- Added domain|ip composite attribute. [Benjamin Gathmann] +- Typo fixed in whois-creation-date. [Alexandre Dulaunoy] +- Merge pull request #800 from FafnerKeyZee/2.4. [Alexandre Dulaunoy] + + Adding more information about Whois +- Update Attribute.php. [Fafner [_KeyZee_]] +- Merge pull request #1 from MISP/2.4. [Fafner [_KeyZee_]] + + Update from original) +- Fixes to the CSV export. [Iglocska] +- Invalid org capture method lead to orgs with empty UUIDs being matched + with the first org with no uuid. [Iglocska] +- Add today's date as the event date field if not set. [Iglocska] +- Removal of PGP key generation for travis. [Iglocska] + + +v2.4.4 (2015-12-30) +------------------- +- Fixes to the first user initialisation. [Iglocska] + + - updated the UserInit command line tool + - updated the built in user initialisation +- Fixed a typo in the logging that prevented users from being edited, + fixes #586. [Iglocska] + + - A wrong variable lookup in the logging caused user edits to fail +- Fixes to some of the exports, fixes #798. [Iglocska] + + - Fixed a typo that prevented the event level parameters to be used in the CSV export + - Fixed an issue where adding the contextual info in a CSV could lead to an invalid CSV if an event info field had a linebreak in it + - Tuned the performance of time based filtering (until now it would lookup events that should have been excluded in the first place, only to throw them away after the lookup again) +- Initial JSON schema - MISP event (version 2.4) [Alexandre Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge pull request #797 from FafnerKeyZee/2.4. [Andras Iklody] + + Solving #786 +- Solving #786. [Fafner [_KeyZee_]] +- Solving #786. [Fafner [_KeyZee_]] +- Merge pull request #796 from FafnerKeyZee/2.4. [Andras Iklody] + + Fix for orgc_id into TemplatesController.php +- Update TemplatesController.php. [Fafner [_KeyZee_]] +- Updated to the latest version of PyMISP. [Alexandre Dulaunoy] +- Changed the attachment distribution settings to match the attribute + distribution settings, fixes #777. [iglocska] + + - added inherit event as a distribution option for attachments +- Invalid orgc lookup in the template choice menu, fixes #795. + [iglocska] +- Fixed some issues with the index length of the value fields in the + MYSQL.sql file, fies #793. [iglocska] + + - Also some additional issues resolved +- Create cached export dirs if they don't exist, fixes #791. [iglocska] + + - until now it was assumed that the dirs are already created + - just create them if they don't exist +- Invalid lookup of servers for the scheduled pull. [iglocska] + + - it was erroneously looking up servers that have push enabled instead of pull + + +v2.4.3 (2015-12-27) +------------------- +- Rework of the contributor field, some MYSQL.sql tweaks. [iglocska] + + - added indeces to the MYSQL.sql file + - contributors now looks for shadow attributes instead of log entries (should make the event view much faster and resolve some timeout issues on sync when the log is massive) + + +v2.4.2 (2015-12-26) +------------------- +- Fixes a bug on invalid event IDs passed to the STIX export causing + long execution times, fixes #747. [iglocska] + + - Running a stix export for a specific ID that doesn't exist results in a full STIX export for the user (events visible to the user) + - This leads for an unnecesarily long export process when a quick export is expected + + +v2.4.1 (2015-12-26) +------------------- +- Several fixes to the exports, fixes #790. [iglocska] + + - New generic fetch attribute method was mistakenly using the order field as a condition, resulting in some exports only displaying a subset of the data + - the fix to this fixes the issue described in #790 for text exports + - Fix to the RPZ exports not working correctly + - Fix to the horrible performance of RPZ exports + - Fix to several background worker issues with exports +- Fixed some background worker issues. [iglocska] + + - scheduled pulls would fail because of invalid user object passed + - invalid permissions checks / org checks would cause the RPZ export to fail when using background workers + + +v2.4.0 (2015-12-24) +------------------- +- Merge branch 'feature/fastupgrade' into 2.4. [iglocska] +- Index Correlation values. [iglocska] +- Added the reindexing of all tables to the upgrade procedures. + [iglocska] +- Left off from previous commit. [iglocska] +- Fix to the templating being broken, fixes #787. [iglocska] +- Fast upgrade v1. [iglocska] +- Fix to several issues with the sync and and an issue preventing the + editing of events, fixes #788, fixes #784. [iglocska] +- Removed obsolete news page from the side menu, fixes #780. [iglocska] +- CSV memory usage reduction on automation. [iglocska] + + - reduced the number of attributes at the cost of some additional processing time + - this should reduce very slow processing of large data sets +- Fixed a serious issue with the snort/suricata export which would keep + appending all eligible attributes over and over to the file instead of + properly fetching them event by event resulting in a massive export + file. [iglocska] +- More graceful handling of pgp errors in the emailer. [iglocska] + + - until now the encryption of emails happened in a try catch block + - however, crypt_gpg throws a fatal error instead of an exception, killing the background worker + + - added an extra checking algorithm that will test the key for a valid encryption key (encryption enabled + not expired) + - if it's not there, it will just log an error message and continue execution of the other e-mails +- Event tags correctly saved on rest add if they are set in the + compressed format (event->tag instead of event->eventtag->tag) + [iglocska] +- When adding/editing a sync user, the choice to limit a user by + instance settings shows empty lines for instances without a name. + [iglocska] + + - use the URL in those cases instead +- Editing an event via REST would not capture the tags. [iglocska] + + - if a user is a tagger the tag should be created (if not existing on the current instance) and added to the event +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Added the graphical interface. [Alexandre Dulaunoy] +- Updated to include new functionalities in available in 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre + Dulaunoy] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [Iglocska] +- Don't run the anti IE 8 check on requests that don't have a user agent + set, fixes #775. [Iglocska] +- MISP screenshot panorama. [Alexandre Dulaunoy] +- Screenshots MISP 2.4 added. [Alexandre Dulaunoy] +- Editing an event with new attributes fails because a new id is not + assigned correctly, fixes #773. [Iglocska] + + - the process of detecting and editing existing attributes did not account for a case where the uuid is not set for an attribute and therefore should be saved as a new attribute. Fixed +- Fix for an issue with event edits containing a new attribute and it + not getting an ID as expected. [Iglocska] +- Taxonomies update. [Iglocska] +- Double comment field fixed. [Iglocska] +- Invalid fetchevent call fixed for proposal add attachment. [Iglocska] +- Fixed an issue where non-sharing group events would only send alert + e-mails to site admins. [Iglocska] +- Typo fixed. [Iglocska] +- Removed crappy automatic CakePHP sorting from recorrelation. + [Iglocska] + + - /facepalm +- Added indexing of the tables as an admin script. [Iglocska] +- Typo. [Iglocska] +- Missing subject added back. [Iglocska] +- Removed debug. [Iglocska] +- Fix to a previous merge issue with the e-mailer. [Iglocska] +- Fix to the email target on publish. [Iglocska] +- Update cakephp 2.7 to HEAD. [Raphaël Vinot] + + Fix #740 +- Removed an accidental addition a while back. [iglocska] +- Fixed a menu and some cleanup. [iglocska] + + - Freetext import was loading the wrong menu + - some leftover profiling code removed +- Slightly smarter correlation for generateCorrelations. [iglocska] +- Added default values to the log entry creation to avoid empty fields + giving notices, fixes #769. [iglocska] +- Fix to the correlation peformance. [iglocska] +- More fixes to the background correlation generation. [iglocska] +- Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. + [iglocska] +- Fix mysql install script. [Raphaël Vinot] +- Changes to the generation recreation. [iglocska] +- Fixed an invalid link, fixes #761. [iglocska] +- Fixed issue with the headmmap, fixes #759 and fixes #760. [iglocska] +- Fixed an issue with discussions where a new thread would not have a + default distribution and sharing group ID and would fail on creation, + fixes #758. [iglocska] +- Various fixes. [iglocska] + + - resolved a missing variable issue on event views with no posts fixes #753 + - removed some obsolete code + - sorted tags on the event view when assigning one to an event by name, fixes #416 + + modified: app/Model/Taxonomy.php +- Fixed an issue with the upgrade script. [Iglocska] +- Disable e-mailing globally for an instance. [Iglocska] +- Default settings for roles altered. [Iglocska] +- Merge branch 'master' into 2.4-beta. [Iglocska] + + Conflicts: + VERSION.json +- Merge branch '2.4-beta' of https://github.com/MISP/MISP into 2.4-beta. + [Iglocska] +- Fixed an issue with a certain condition combination failing during + sync. [Iglocska] + + - pushing an event with a sharing group that doesn't exist on the remote and that has the sync user included as part of an all_org instance + - the saving would generate a 405 +- Added some fixes to corner cases. [Iglocska] + + - publishing an event when push is enabled to a 2.3 instance failed with an error instead of blocking + - publishing an event wth the remote instance blocking it due to a sync user sharing group conflict resulted in an exception, handled gracefully now + + - Added mangle-sync towards 2.3 + - gracefully push non sharing group events in a 2.3 format + - timestamps downgraded by 1 second - upgrading the 2.3 instance should automatically allow a resync of mangled events +- Merge branch '2.4-syncrework' into 2.4-beta. [Iglocska] + + Conflicts: + app/Model/Event.php +- Merge branch '2.4-syncrework' of https://github.com/MISP/MISP into + 2.4-syncrework. [Iglocska] + + Conflicts: + app/Controller/LogsController.php +- Event history now takes into account sharing groups. [Iglocska] +- Fix to the HIDS export. [Iglocska] +- Fixed the editing of sharing groups via event updates. [Iglocska] + + - if a sync user adds / edits an event with a newer version of a sharing group + and the sync user is the local sync user of the SG or is an extender of the SG + then the sharing group will be updated + + - valid changes: + - Sharing group metadata changes + - organisation detail changes (except uuid/name) + - add / remove extend flag from orgs in the SG + - add / remove all_orgs flag from servers in the SG +- Fix to the event filtering on organisation. [Iglocska] + + - org filters now accept org ID or org Name as parameter, fixing the sync filter + + - Also, fix to saving sharing group IDs on sync edits on an attribute level +- Merge branch '2.4-syncrework' of https://github.com/MISP/MISP into + 2.4-syncrework. [Iglocska] +- Extend field added to sharinggrouporg object on fetchevent. [Iglocska] +- Capture the sharing groups of attributes on event edit. [Iglocska] +- Merge branch '2.4-syncrework' of https://github.com/MISP/MISP into + 2.4-syncrework. [Iglocska] + + Conflicts: + app/Model/Event.php +- Merge branch '2.4-syncrework' of https://github.com/MISP/MISP into + 2.4-syncrework. [Iglocska] +- Correct conversion of the own server before sync. [Iglocska] + + - also a small fix to the event tags and unicode chars +- Further fixes to the sync. [Iglocska] + + - corrected the edit access rights for sync users with sharing groups + - Various fixes to the organisation sync and how creation / modification dates are transmitted + - Internal format differences compared to 2.3 causing mismatched field lookups fixed +- Merge branch '2.4-syncrework' of https://github.com/MISP/MISP into + 2.4-syncrework. [Iglocska] +- Further fixes on the sharing group sync. [Iglocska] +- Org and SG fixes for issues that are breaking the functionality. + [Iglocska] +- Allow orgs to not have uuids. [Iglocska] + + - only in if they are external orgs +- More junk. [Iglocska] +- Only capture objects when adding an event via the API. [Iglocska] +- Removed junk. [Iglocska] +- Disable users. [Iglocska] + + - users can now be disabled by an admin + - disabled users cannot login (via the UI or the API) and will be informed + - login attempts by disabled users are logged + + - also added the expiration field for later use +- Merge branch '2.4-syncrework' of https://github.com/MISP/MISP into + 2.4-syncrework. [Iglocska] +- Further progress on the sync rework. [Iglocska] +- Fixed the locked field not being set on push. [Iglocska] +- Sharing group changes depend on modification time. [Iglocska] +- Fix to the Discussion boards. [Iglocska] +- Small fixes. [Iglocska] +- Merge branch 'master' into 2.4-syncrework. [Iglocska] + + Conflicts: + VERSION.json + app/Controller/AttributesController.php + app/Controller/ShadowAttributesController.php + app/Lib/Tools/ComplexTypeTool.php + app/Model/Attribute.php + app/View/Pages/administration.ctp +- Visual fixes. [Iglocska] +- Further progress on the sync. [Iglocska] + + - also, added maintenance mode + - various fixes +- Further progress. [Iglocska] +- Further work on the sync. [Iglocska] +- Merge artifact removed. [Iglocska] +- Fix to the download as failing due to an incorrect fetch to check if + the event is visible to the user. [Iglocska] +- First stab at the push filters influencing the pull of a remote + instance. [Iglocska] +- Further work on the discussions complete for now. [Iglocska] + + - adding a new post automatically scrolls to the new post + - adding/editing/deleting posts persists the context (discussion thread vs event view) +- Finish of the new discussion post add. [Iglocska] + + - flips to the page where the post was added + - scrolls to the last post +- Merge and rework of the thread pagination. [Iglocska] + + - not complete yet + + Merge branch 'master' into 2.4-beta + + Conflicts: + VERSION.json + app/Controller/EventsController.php +- Fixes to the logging. [Iglocska] + + - in some places MISP tried to save the org ID instead of the org name in the logs + + - fixed +- Added the possibility to enable debug for site admins. [Iglocska] + + - new option in server settings + - enable debug (equal to normal debug level 1) for site admins only + + - regular users will be unaffected +- Also, enabled the filtering on pull. [Iglocska] + + Merge branch 'master' into 2.4-beta + + Conflicts: + VERSION.json + app/Controller/EventsController.php + app/Lib/Tools/XMLConverterTool.php + app/Model/Event.php + app/Model/Server.php +- Merge branch 'master' into 2.4-beta. [Iglocska] + + Conflicts: + VERSION.json + app/Controller/EventsController.php + app/Controller/ShadowAttributesController.php + app/Model/Event.php + app/View/Elements/side_menu.ctp +- Some small taxonomy fixes. [Iglocska] +- Various fixes throughout the application. [Iglocska] + + - org field still used in some places other than the legitimate use-cases +- Rework of the taxonomies. [Iglocska] + + - users can now add taxonomy tags separately from normal tags on the event view + - tag index now shows taxonomy +- Fix to logging causing certain functions to fail on migrated + installations. [Iglocska] +- Blocked the colour update when the taxonomies are updated. [Iglocska] + + - better to not overwrite the local tag colours unless the tag is refreshed from the taxonomy view. A gree tlp:red looks silly. +- Temporarily re-added org field for jobs. [Iglocska] +- Further work on the taxonomies. [Iglocska] + + - colour coding + - filters on the index + - mass tag creation +- Updated taxonomies. [Iglocska] +- Update to the Taxonomies. [iglocska] +- First bash at Taxonomies. [iglocska] + + What works: + - added submodules for taxonomies + - added import tool for taxonomies + - added models and convenience functions for taxonomies + + - site admins can update taxonomy libraries + - list taxonomies / view indvidual ones (with all resolved tags) + - create tags manually if a taxonomy is enabled + - view related tags / events quickly from the Taxonomy view + + What doesn't work: + - Users still cannot choose a tag from taxonomy lists (this will be the main functionality) + - Feature cannot be disabled +- Update to the gitignore. [iglocska] +- Removed nested gitignores. [iglocska] +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json + app/Controller/Component/IOCImportComponent.php +- Added file as an option when a url like google.com is recognised. + [iglocska] +- Memberslist now links to the organisations. [iglocska] +- Fix to a bug in the template attribute creation. [iglocska] +- New category lookup added to templates. [iglocska] +- Fix to the ZMQ call on publish incorrectly passing data to the event + fetcher. [iglocska] +- Some bugs resolved. [iglocska] +- Empty server list causes the user creation to fail. [iglocska] + + - fixed +- Fixed a newly introduced bug in the IOC import component. [iglocska] +- Fixed too restrictive generateCorrelation attribute fields. [iglocska] +- Small fix to the upgrade script. [iglocska] +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json +- Fix to a bug in the financial tool's validation router. [iglocska] + + - it didn't use the validation type -> validation method array to call the validation function + - resulted in CC validation not being called as expected +- Some left over merging issues among other things. [iglocska] +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json + app/View/Attributes/index.ctp + app/View/Elements/eventattribute.ctp + app/View/Elements/global_menu.ctp + app/View/Elements/side_menu.ctp + app/View/Events/automation.ctp + app/View/Events/index.ctp + app/View/Pages/administration.ctp + app/View/ShadowAttributes/index.ctp + app/View/Tags/index.ctp +- Added logo to organisation page. [iglocska] +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json + app/Lib/Tools/XMLConverterTool.php + app/Model/Event.php + app/Model/EventTag.php + app/Model/TemplateElementAttribute.php + app/Model/TemplateElementFile.php + app/Model/TemplateElementText.php + app/Model/ThreatLevel.php + app/View/Attributes/index.ctp + app/View/Elements/eventattribute.ctp + app/View/Elements/eventattributerow.ctp + app/View/Elements/global_menu.ctp + app/View/Elements/side_menu.ctp + app/View/Events/automation.ctp + app/View/Events/index.ctp + app/View/Pages/administration.ctp + app/View/ShadowAttributes/index.ctp + app/View/Tags/index.ctp +- Fixed an issue with the blacklists not saving the event org. + [iglocska] +- Fix to an invalid json request detection leading to the JSON export + failing. [iglocska] + + - It seems like relying on the Accept header can lead to the data type detection failing when accessing .json extension views + - this issue seems to have gone unnoticed since until now the data passed to the json view was the same as that passed to the html view + - this means that all the additional UI only features may have triggered in the background previously on .json views +- Permission checks. [iglocska] +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json + app/View/Elements/side_menu.ctp + app/View/Pages/administration.ctp +- Added the publisher role to the default role set. [iglocska] +- Tighter control over deleting organisations. [iglocska] +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json + app/Controller/EventsController.php +- Merge branch 'master' into 2.4-beta. [iglocska] + + Conflicts: + VERSION.json + app/Controller/AttributesController.php + app/Controller/EventsController.php + app/Model/Event.php +- Fixed the proposal attachment upload. [iglocska] + + - was bugged before since the switch to the new format + - comments were not enabled + + - fixed an issue where a proposed attribute could not be downloaded as it was pointing to a file in the attribute attachment directory +- Double click edit of attribute values wasn't working. [iglocska] + + - fixed +- Moved the logic for flagging an attribute for a validation issue to + the model. [iglocska] +- Warning icon if a financial indicator fails the validation. [iglocska] +- Bin number added to validation. [iglocska] +- Comments now correctly save on attachments. [iglocska] +- Clarification of the malware checkbox on add attachment. [iglocska] +- Relaxed financial attribute validation. [iglocska] + + - also added 2 new types: bank-account-nr and aba-rtn + - validation is completely relaxed + - idea is to add a visual notification in the view for these attributes types if they are not valid (invalid financial indicators are still interesting) +- Some fixes to the api authentication. [iglocska] + + - Handle user not found gracefully + - Log the failed authentication correctly +- Merge branch 'master' into 2.4-beta. [iglocska] + + Merge and upgrade of several new features + + Conflicts: + VERSION.json + app/Controller/ShadowAttributesController.php + app/Controller/TagsController.php + app/Model/AppModel.php + app/Model/Event.php + app/Plugin/SysLogLogable/Model/Behavior/SysLogLogableBehavior.php +- Merge branch 'master' into 2.4-beta. [Iglocska] + + Also, reworked a lot of remaining distribution checks not handled by the main fetch methods + + Conflicts: + VERSION.json + app/Controller/AttributesController.php + app/Controller/ShadowAttributesController.php + app/View/ShadowAttributes/add.ctp + app/View/ShadowAttributes/edit.ctp +- Merge branch 'feature/sg' into 2.4-beta. [iglocska] +- Merge branch 'feature/sg' of https://github.com/MISP/MISP into + feature/sg. [iglocska] +- Small fix to the syslog. [iglocska] +- Merge branch 'master' into feature/sg. [iglocska] + + Conflicts: + VERSION.json + app/Controller/ShadowAttributesController.php + app/Lib/Tools/JSONConverterTool.php + app/Lib/Tools/XMLConverterTool.php + app/Model/User.php + app/View/Elements/eventattribute.ctp +- Fix to loading the correct logos in the graph view. [iglocska] +- Damn d3.js... Finally it doesn't bug out. [iglocska] +- Fixed an issue where orgs without a logo would not have the + placeholder logo shown on graphs. [iglocska] +- Various bugfixes. [iglocska] +- Fix to the cc validator. [iglocska] +- Debug removed. [iglocska] +- Fix to the financial tool (incorrect CC validation) [iglocska] +- Updated the server preview to work between 2.4 instances. [iglocska] +- Fixed the index view to include the new objects in json view. + [iglocska] +- Check if a tag is pushed with an event before trying to loop through + the tags... [iglocska] +- Fixes to some validations issues using cakephp 2.7. [iglocska] +- Fix to the pubsub tool. [iglocska] +- Small fix thta resolves the inability to delete orgs. [iglocska] +- Further progress. [iglocska] + + - rework of the push mechanism + - rework of the object capture on add + - rework of the sync filter UI +- Further work on the filter UI. [iglocska] +- Fixed an issue with ajax forms. [Iglocska] +- New feature: Proposal to delete attribute, fixes #315. [Iglocska] + + - Users can now propose a deletion to an attribute + - also tied into the mass accept mechanism + - new UI elements to go along with this + + - Code refactoring for category list retrievals + - Until now, several methods got the list of categories from the validation code + - Was awkward with a fake empty element that had to be removed + - altered the validation code to read the categoryDefinitions array instead +- Fixed a faulty replace that causes an infinite loop during the uuid + generation. [Iglocska] +- Moved remaining UUID generation calls to the new uuid wrapper. + [Iglocska] +- Fixed some more invalid org checks. [Iglocska] +- Fixes to the first time initialisation script. [Iglocska] +- Fixes to bugs with org usage from 2.3. [Iglocska] +- Removed debug. [Iglocska] +- Added the first version of the correlation graphing. [Iglocska] + + Conflicts: + VERSION.json +- Merge branch 'master' into feature/sg. [Iglocska] + + Merging all the new changes from master + + Conflicts: + VERSION.json + app/Console/Command/AdminShell.php + app/Controller/AttributesController.php + app/Controller/EventsController.php + app/Model/Attribute.php + app/Model/Event.php + app/Model/Log.php + app/Model/Server.php + app/Model/User.php + app/View/Elements/side_menu.ctp + app/View/Pages/administration.ctp + app/View/Users/admin_index.ctp +- Set of changes to the sync. [Iglocska] + + - finished preview feature + - can now view events and attributes remotely + - can copy over new event to local instance + + - new sync mode (update) + - allows to only pull changes to events that exist locally already + - works well with the manual pull of events, no need to pull events that we didn't manually confirm, but can still update all events that we pulled over + + - Fixed an issue with background tasks causing the logging to fail + + - reworked connection test showing version numbers of both instances + - also telling the admin whether the sync is compatible or not + + - Further refactoring / tweaking of the vent view +- Progress on several features. [Iglocska] + + - implemented a custom pagination tool for data sets that are not directly taken from teh db + - currently creates a pagination object that mocks CakePHP pagination + - supports the CakePHP pagination view helper + - supports: pagination, sorting, custom filters + + - implemented first step of the remote instance browser for admins + - view an index of events on another instance + - filter the events + - uses the new pagination + + - still missing: + - remote event view + - fetch event from remote instance + + - reworked the event view + - separated API and UI code path + - major speedup for the API! + - cleaner code as there was almost 0 overlap + - discussions and attributes are now loaded separately from the event view + - added after the event view loads via ajax + - cleaner pagination + - attribute pagination now finally allows for sorting + - future improvement (coming soon): Show proposals only filter + - filtering on the attributes in general +- 1st version of the upgrade documentation. [Iglocska] +- Progress on the sync. [iglocska] + + - pull from 2.3 -> 2.4 should work correctly now +- Added some fixes for XSS. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Controller/EventsController.php + app/Controller/ServersController.php + app/Model/Attribute.php + app/View/Users/statistics.ctp +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Model/Tag.php + app/files/scripts/misp2stix.py +- First revision of the upgrade scripts. [Iglocska] + + - .sql file to add all the new fields / tables + - admin tool to convert the old organisation fields to the new objects + - still missing a cleanup method (to remove the old organisation fields once the conversion is done) +- Fix to an unescaped ID that could be used to inject XSS into the side + menu on some views. [Iglocska] +- Flag incorrectly set for event edit's publishing right check. + [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Controller/EventsController.php +- Contact details fixed in org add/edit. [Iglocska] +- Fix to the memberslist. [Iglocska] +- Cleanup and fixes to the memberslist. [Iglocska] +- Further progress. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Controller/AttributesController.php + app/Controller/EventsController.php + app/Model/Attribute.php + app/Model/Event.php + app/Model/Server.php +- Relaxed visibility of org UUIDs and sharing groups (the latter for + sync users) [Iglocska] +- Copy pasta fail. [Iglocska] +- Removed SG options if no SGs exist from attribute creation/edit. + [Iglocska] +- Don't offer the SG option in the event add form if none exist. + [Iglocska] +- Removed accidental inclusion. [Iglocska] +- Further work on the Sharing Groups. [Iglocska] +- Added the server filters to the server creation. [Iglocska] +- Duplicate field removed in MYSQL.sql. [Iglocska] +- Small fix to the js scripts involved in the sync rule creation. + [Iglocska] +- UI for server filter rule editing finished. [Iglocska] +- Further work on the sync filters. [Iglocska] +- Slightly better looks. [Iglocska] +- Filters shown correctly when editing a server. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Model/Attribute.php +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Model/Attribute.php + app/Model/Event.php +- Updated MYSQL.sql. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json +- Some work on the new types. [Iglocska] +- Merges. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Lib/Tools/XMLConverterTool.php + app/Model/Event.php +- Work on the new attribute types. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + VERSION.json + app/Controller/ServersController.php + app/Controller/ShadowAttributesController.php + app/Controller/UsersController.php + app/Model/Event.php + app/webroot/js/ajaxification.js +- Some merge issues removed. [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + The merging is complete + + Conflicts: + VERSION.json + app/Console/Command/ServerShell.php + app/Controller/AppController.php + app/Controller/AttributesController.php + app/Controller/EventsController.php + app/Controller/PostsController.php + app/Controller/UsersController.php + app/Model/Attribute.php + app/Model/Event.php + app/Model/Log.php + app/Model/Server.php + app/Model/User.php + app/View/Elements/side_menu.ctp + app/View/Users/admin_index.ctp + app/webroot/js/ajaxification.js +- Progress on the sync. [Iglocska] + + - Creating objects whenever necessary during sync (sharing groups, organisations, etc) + - it's still WIP, but time to sleep +- More changes to the sync. [Iglocska] + + - pushes are now taking into account the push_rules and pull_rules fields +- Further work on the sync. [Iglocska] + + - sharing groups are now correctly checked in restfullEventToServer + - The rules are very simple, the event has to: + - be of distribution value 2 or 3 + - or 4 given that the attached sharing group meets the following requirements: + - The sync user is in the sharing group's org list (otherwise he can't transfer it / become the owner) + - Or the instance that is being synced to has to be set to "all_orgs" + - The SG has to either not include any instances + - Or include the instance that is being synced to +- Work on the sync. [Iglocska] + + - commit to update secondary test instance +- CheckVersionCompatibility tool finished. [Iglocska] + + - compares the local to the remote version + - creates log entries for mismatches / connection issues + - should be used for any server to server action +- Allow login via header for getVersion. [Iglocska] +- Version negotiation. [Iglocska] +- Futher fixes. [Iglocska] + + - organisations don't show any other tabs than events if they aren't local + - some fixes with the SG generated text before creation +- Several changes. [Iglocska] + + - UI cleanup + - separate view for active / passive sharing groups + - deletion of SGs is blocked if there are still events / attributes / threads around that belong to the SG +- Finished the connection test tool. [Iglocska] +- Added connection test. [Iglocska] + + - also a fix to checkAuthUser +- Fixed the Org field on the user view. [Iglocska] +- New Server add / edit. [Iglocska] + + - add the remote organisation while adding a server + - remote organisation can be chosen from the list of local or known remote organisations. Alternatively a new remote org can be created on the fly + - Several UI changes +- Server moved to new org object. [Iglocska] + + - relation added + - index updated +- Further progress. [Iglocska] + + - removed some junk + - more work on the background workers + - rewrote the correlation background job - should work correctly now and be a lot more memory efficient +- Some fixes to the background workers. [Iglocska] + + - also added date tracking on jobs +- Tags added to the e-mail. [Iglocska] +- Lots of progress. [Iglocska] + + - further work on implementing the SG changes everywhere + - reworked the alert e-mails + - reworked a lot of the logging + - several convenience methods +- Fixed xml download of search results. [Iglocska] + + - was using an outdated local xml converter + - it now correctly points to the XML conversion tool +- Several fixes. [Iglocska] + + - views updated + - menues updated + - fixed attribute search +- Further progress. [iglocska] +- Sharing groups correctly selectable in attributes. [Iglocska] + + - still needs work +- Further work on the new version. [Iglocska] + + - org checks fixed in a lot of places + - fixed the searches to work with the new organisations +- Further work on the sharing groups. [Iglocska] +- Further work and some cleanup. [Iglocska] + + - decision to be revised: exports don't expose Sharing groups / org uuids to users unless they are admin (for the future: at least sync users have to be added for the new sync) +- Progress in moving all exports to the new distribution system. + [Iglocska] +- Merge branch 'master' into feature/sg. [Iglocska] + + Conflicts: + app/Controller/EventsController.php + app/Controller/UsersController.php + app/Model/Event.php +- Further work on the sharing groups. [iglocska] + + - correlations should work fine now + - users can only see events they should be allowed to see on the event index / event view / event history view +- Further work on the sharing groups: [iglocska] + + - changes to the data model + - correlation engine updated +- User edit fixed. [iglocska] + + - choose organisation from a list as expected + - fixed refreshauth +- Update to the roles and user filtering. [iglocska] + + - new role permission added for SG editors + - roles reworked, permissions all looked up centrally from the role model instead of code replication across controllers and views + - user filtering now correctly uses organisation objects instead of org strings +- Further work on the sharing groups. [iglocska] +- Further progress. [iglocska] +- Merge branch 'master' into feature/sg. [iglocska] + + Conflicts: + app/webroot/js/ajaxification.js +- Removed debug line. [iglocska] +- Initial commit. [iglocska] + + +v2.3.178 (2015-12-14) +--------------------- +- Merge branch 'hotfix-2.3.178' [iglocska] +- Fixed an issue with the freetext importer where unsetting a duplicate + value would not be reflected in the entry IDs. [iglocska] + + - this caused some attributes to be dropped from the end of the list +- Merge branch 'hotfix-2.3.177' [iglocska] +- Double quoting of quoted messages in discussion threads fixed. + [iglocska] + + +v2.3.177 (2015-12-08) +--------------------- +- Merge branch 'hotfix-2.3.177' [iglocska] +- Invalid message fixed when accepting several proposals at once. + [iglocska] + + +v2.3.176 (2015-12-08) +--------------------- +- Merge branch 'hotfix-2.3.176' [iglocska] +- Several fixes, among others fixes #748. [iglocska] + + - Double sanitisation when edditing an attribute/proposal comment removed + - Fixed an issue where an ip/resource was recognised as a CIDR notation IP range instead of a url + - Changed the flash message for publishing without e-mails to something less scary + + +v2.3.175 (2015-12-04) +--------------------- +- Merge branch 'hotfix-2.3.175' [iglocska] +- Fix to a missing Log Model init causing an exception. [iglocska] +- Fix to the previous fix. [iglocska] + + - Flipped it the wrong way, fixed now +- Merge branch 'hotfix-2.3.174' [iglocska] +- Small fix to the previous commit. [iglocska] + + - Small fix to a copy-paste fail +- Merge branch 'hotfix-2.3.174' [iglocska] +- Further tweaks. [iglocska] + + - fixed some corner cases + - added support for the same defanging to the freetext import tool +- Update to attribute validation and the freetext import tool, fixes + #742. [iglocska] + + - defanged URL type attributes are refanged on input + - admin script to do the same for all existing attributes + + - admin tool doesn't recognise a word followed by a . as a url + + +v2.3.174 (2015-12-04) +--------------------- +- Merge branch 'hotfix-2.3.173' [iglocska] +- Junk left in the previous commit. [iglocska] + + +v2.3.173 (2015-12-02) +--------------------- +- Merge branch 'hotfix-2.3.173' [iglocska] +- Filter and discussion changes. [iglocska] + + - event index filtering now accepts POST requests with a json object + - format has to be filter syntax passed for each field. Example: + - {"tags":"OSINT|TLP:WHITE|!PRIVINT", "published":"1"} + - Fixed an issue with no tags being recognised leading to the index returning an unfiltered list + - Required for filtered pulls from 2.4 + + - Discussions + - Event discussion thread initiated on first post instead of first view +- Merge branch 'hotfix-2.3.172' [iglocska] +- Fix to an incorrect call on sending out alert emails on edit. + [iglocska] + + +v2.3.172 (2015-12-01) +--------------------- +- Merge branch 'hotfix-2.3.172' [iglocska] +- Fix to a newly introduced bug that breaks updates of attributes via + pulls. [iglocska] +- Merge branch 'hotfix-2.3.171' [iglocska] +- Rework of the event add/edit. [iglocska] + + - allows for saving an event even if an attribute fails + - logs attributes that fail validation + + - same for edit + + - add_misp_export updated with the above in mind + + +v2.3.171 (2015-12-01) +--------------------- +- Merge branch 'hotfix-2.3.170' [iglocska] +- Version bump. [iglocska] +- Reimplementation of the Add XML feature. [iglocska] + + - called Add MISP export now + - can be an XML / JSON file + - result browser with explanations of failures + + - REST XML/JSON add/edit of events returns errors instead of the partially succeeding event + + +v2.3.169 (2015-11-27) +--------------------- +- Merge branch 'hotfix-2.3.169' [iglocska] +- Delete proposal attachment if the proposal was accepted / discarded. + [iglocska] + + - there is no need to keep retransfering the actual attached file if all we want to convey is that the proposal is gone. + + +v2.3.168 (2015-11-27) +--------------------- +- Merge branch 'hotfix-2.3.168' [iglocska] +- Fix to an issue where a proposal with an attachment could not be + correctly accepted. [iglocska] + + +v2.3.167 (2015-11-26) +--------------------- +- Merge branch 'hotfix-2.3.167' [iglocska] +- Updated CakePHP version to 2.7.7. [iglocska] +- Merge branch 'hotfix-2.3.166' into develop. [iglocska] +- Merge branch 'hotfix-2.3.166' into develop. [iglocska] +- Merge branch 'hotfix-2.3.165' into develop. [iglocska] +- Merge branch 'hotfix-2.3.166' [iglocska] +- Left off the view file from the previous commit. [iglocska] + + +v2.3.166 (2015-11-26) +--------------------- +- Merge branch 'hotfix-2.3.166' [iglocska] +- Backport of a fix to 2.4 adding comments to proposed attachments. + [iglocska] + + +v2.3.165 (2015-11-26) +--------------------- +- Merge branch 'hotfix-2.3.165' [iglocska] +- Fix to an issue with the proposal uploader. [iglocska] + + - also a small fix to the baseurl auto detection +- Merge branch 'master' into develop. [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Initial JSON schema - MISP event (version 2.3) [Alexandre Dulaunoy] + + +v2.3.164 (2015-11-22) +--------------------- +- Merge branch 'hotfix-2.3.164' [iglocska] +- Changes to the OpenIOC Import, fixes #725. [iglocska] + + - Removed the OpenIOC Indicator UUID persistence and moved it to a comment + - this allows for the same OpenIOC report to be imported into separate events and won't result in a UUID collision + + - Reworked the composite indicator resolver + - more generic, allows for 3 part composites (to allow for regkeypath/regkey/regvalue combinations) + + - Registry values now correctly recognised +- Merge branch 'hotfix-2.3.163' into develop. [iglocska] +- Merge branch 'master' into develop. [iglocska] +- Merge branch 'hotfix-2.3.161' into develop. [iglocska] + + +v2.3.163 (2015-11-19) +--------------------- +- Merge branch 'hotfix-2.3.163' [iglocska] +- Version bump. [iglocska] +- Bugfix pack, fixes #724, fixes #721. [iglocska] + + - Fixed an issue with the new UUID generation method call in OpenIOC + - Fixed an invalid validation check on the salt key + + - Added a note on the server page to make it more obvious that values can be changed by double clicking them + + +v2.3.162 (2015-11-17) +--------------------- +- Merge branch 'hotfix-2.3.162' [iglocska] + + Conflicts: + app/View/Elements/side_menu.ctp +- Security fix fixing an XSS issue with the templates. [iglocska] + + - as discovered and reported by Rafael Pablos García of INCIBE + + - fixed a reflected XSS for template creator users when viewing a template +- Merge branch 'hotfix-2.3.160' into develop. [iglocska] +- Merge branch 'hotfix-2.3.160' into develop. [iglocska] +- Merge branch 'hotfix-2.3.159' into develop. [iglocska] +- Merge branch 'hotfix-2.3.158' into develop. [iglocska] +- Merge branch 'hotfix-2.3.157' into develop. [iglocska] +- Merge branch 'hotfix-2.3.156' into develop. [iglocska] +- Merge branch 'hotfix-2.3.155' into develop. [iglocska] +- Merge branch 'hotfix-2.3.154' into develop. [iglocska] +- Merge branch 'hotfix-2.3.153' into develop. [iglocska] +- Merge branch 'hotfix-2.3.152' into develop. [iglocska] +- Merge branch 'hotfix-2.3.161' [iglocska] +- Fix to a recent patch breaking the publish button. [iglocska] + + +v2.3.161 (2015-11-17) +--------------------- +- Merge branch 'hotfix-2.3.160' [iglocska] +- Reverted the sanitisation of the baseurl variable on the view level. + [iglocska] + + - sanitising it in appcontroller instead + + +v2.3.160 (2015-11-16) +--------------------- +- Merge branch 'hotfix-2.3.160' [iglocska] +- Fixed some deprecated validations left over from the purge a few weeks + ago. [iglocska] +- Merge branch 'basedir' into hotfix-2.3.160. [iglocska] + + Conflicts: + app/Controller/AppController.php + app/View/Pages/administration.ctp +- Updated an anchor that was missed previously. [pugilist] +- Patched termsaccepted and change_pw checks to redirect properly when a + base directory is specified. [pugilist] +- Modified img tags to use baseurl. [pugilist] +- Modified many instances of html anchors and javascript + document.location to use. [pugilist] +- Modified beforefilter to allow to be accessed by all views. + [pugilist] +- Removed a crappy solution to an issue with attributes being + overwritten that was fixed a long time ago correctly on data entry. + [iglocska] +- Fixed a security issue with the regular expressions. [iglocska] + + - as discovered and reported by Egidio Romano of Minded Security + + - Users with the perm_regex permissions could create a malicious regex that leads to RCE using the PHP /e modifier for preg_replace(). + - Regular expressions are now sanitised on edit / creation of the malicious modifier + + - also added an admin tool that lets admins clean their current set of regexes of the harmful modifier + + +v2.3.159 (2015-11-15) +--------------------- +- Merge branch 'hotfix-2.3.159' [iglocska] +- Fixed an invalid detection of JSON requests when not passing the + accept header. [iglocska] + + - some json actions worked by passing the .json extension in the url + - these pages were correctly returning JSONs but were often internally running through the HTML code-path thanks to an invalid detection + - the new correct detection should provide a major speed boost for certain json requests +- Added logging of auth key changes, fixes #715. [iglocska] + + - Changing the auth key now creates a log entry that inclues the user's ID, e-mail address old and new autkeys + - Also removed the logging of the hashed password for newly created users +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- PyMISP submodule updated. [Alexandre Dulaunoy] +- PyMISP submodule updated. [Alexandre Dulaunoy] +- PyMISP updated. [Alexandre Dulaunoy] + + +v2.3.158 (2015-11-13) +--------------------- +- Merge branch 'hotfix-2.3.158' [iglocska] +- Version bump. [iglocska] +- Added an additional role to the default installation. [iglocska] + + - by default there was no publisher role +- Fixed a security issue with the CSRF protection being avoidable using + some site admin functionality. [iglocska] + + - as discovered and reported by Egidio Romano of Minded Security + + - Lacking checks of HTTP methods in some functionality could lead to a site admin uploading and executing malicious scripts + + - Tightened HTTP method verification across the board for actions that modify data + - Turned some administrative tasks to POST only actions +- Fixed a security issue with the site admin file uploader. [iglocska] + + - as discovered and reported by Egidio Romano of Minded Security + + - The site admin file upload tool allowed for unrestricted file upload that could lead to RCE + - Fixed the file uploader to be much more restrictive + - removed the interactive terms file upload +- Merge branch 'hotfix-2.3.157' [iglocska] +- Fixed an issue where PGP keys that are set to never expire show up as + expired. [iglocska] + + +v2.3.157 (2015-11-12) +--------------------- +- Merge branch 'hotfix-2.3.156' [iglocska] +- Better verification of PGP keys. [iglocska] + + - checks whether the key can be used to encrypt and whether it's expired + + +v2.3.156 (2015-11-11) +--------------------- +- Merge branch 'hotfix-2.3.155' [iglocska] +- Merge branch 'hotfix-2.3.154' into hotfix-2.3.155. [iglocska] + + Conflicts: + VERSION.json +- Fix to a security issue. [iglocska] + + - as reported by RichieB2B + - Trying to view an event that doesn't exist and one that the user has no access to resulted in different error messages +- Fix to a security issue in the PGP fetching tool. [iglocska] + + - reported by RichieB2B + - The scraped URL for the PGP fetching tool was not sanitised before being echoed + + +v2.3.155 (2015-11-10) +--------------------- +- Merge branch 'hotfix-2.3.155' [iglocska] +- Fix to 2 security issues as reported by RichieB2B. [iglocska] + + - The scraped URL for the PGP fetching tool was not sanitised before being echoed + - Trying to view an event that doesn't exist and one that the user has no access to resulted in different error messages + + +v2.3.154 (2015-11-10) +--------------------- +- Merge branch 'hotfix-2.3.154' [iglocska] +- Fixed an issue where a linebreak in an event info would break the CSV + export, fixes #710. [iglocska] + + - also added comment field for attributes + - until now multi line fields were both escaped and the line breaks removed + - this was overkill, linebreaks are now kept intact + + +v2.3.153 (2015-11-09) +--------------------- +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Updated PyMISP to the latest version. [Alexandre Dulaunoy] +- Merge branch 'hotfix-2.3.153' [iglocska] +- Fixed a bug with the attribute search API. [iglocska] + + +v2.3.152 (2015-11-08) +--------------------- +- Merge branch 'hotfix-2.3.152' [iglocska] +- Fix to the CSV export, fixes #710. [iglocska] +- Improved logging, fixes #695. [iglocska] + + - Added logging of failed login attempts + - Added (optional) logging of successful authentications + - admin setting that has to be enabled + - will log all API calls (both HTTP method and target url) + + - optional logging of user IP address for all logs + - each log entry created while this setting is enabled will log the IP address of the client + - disabling it also hides the IPs from the interface + - added new IP field for the log search (only if enabled) + + +v2.3.151 (2015-11-03) +--------------------- +- Merge branch 'develop' [iglocska] +- Merge branch 'hotfix-2.3.151' into develop. [iglocska] +- Removed obsolete gitignore files, fixes #704. [iglocska] +- Merge branch 'hotfix-2.3.150' into develop. [iglocska] +- Merge branch 'hotfix-2.3.149' into develop. [iglocska] +- Merge branch 'hotfix-2.3.148' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.147' into develop. [Iglocska] + + +v2.3.150 (2015-10-30) +--------------------- +- Merge branch 'hotfix-2.3.150' [iglocska] +- Documentation changes. [iglocska] +- View all proposals via the API. [iglocska] + + - Proposals that can be accepted / discarded via the API + - Can restrict the index to the proposals of a single event + + +v2.3.149 (2015-10-30) +--------------------- +- Merge branch 'hotfix-2.3.149' [iglocska] +- Tagging added to the API. [iglocska] + + - Create / Edit / Remove / index / view tags via the API + + +v2.3.148 (2015-10-28) +--------------------- +- Merge branch 'hotfix-2.3.148' [Iglocska] +- Added API for proposals. [Iglocska] + + - APIs for the following actions: + - Add new proposed attribute to an event + - Add proposed change to an attribute + - View a proposal + - Accept a proposal + - Discard a proposal + + - new APIs described on the automation page +- Merge branch 'hotfix-2.3.147' [Iglocska] +- More details on the PGP validation tool. [Iglocska] + + +v2.3.147 (2015-10-27) +--------------------- +- Merge branch 'hotfix-2.3.147' [Iglocska] +- Small fix to the pgp key validation tool. [Iglocska] + + - doesn't break on completely invalid keys anymore +- Merge branch 'hotfix-2.3.146' into develop. [iglocska] +- Merge branch 'hotfix-2.3.145' into develop. [iglocska] +- Merge branch 'hotfix-2.3.144' into develop. [iglocska] +- Merge branch 'hotfix-2.3.143' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.143' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.142' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.141' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.140' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.139' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.138' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.136' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.136' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.136' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.135' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.135' into develop. [Iglocska] + + +v2.3.146 (2015-10-27) +--------------------- +- Merge branch 'hotfix-2.3.146' [iglocska] +- Version bump. [iglocska] +- Fix to a vulnerability found in attributescontroller. [iglocska] + + - vulnerability reported by Airbus Group CERT + + - Deprecated ajax attribute view had inverse access control logic + - removed ajax path + - added XML/JSON view + + +v2.3.145 (2015-10-22) +--------------------- +- Merge branch 'hotfix-2.3.145' [iglocska] +- Reverted change in proposal file storage path that wasn't needed. + [iglocska] + + +v2.3.144 (2015-10-21) +--------------------- +- Merge branch 'hotfix-2.3.144' [iglocska] +- Version bump. [iglocska] +- Removed junk. [iglocska] +- Fixes to several issues, fixes #693. [iglocska] + + - Fixed a critical bug in the XML export + - As of recently XML exports include relations as they were missing before + - the sanitisation of the event info field in related attributes was incorrectly sanitized of unicode characters + - this can lead to the XML export breaking and also for affected events to be blocked from synchronisation + + - Proposal fixes + - fixed an invalid uuid generation that lead to an exception + - fixed the attachments for proposals still using the old attachment system that disallows most filenames + - added the automatic creation of hashes for attachment proposals +- Merge branch 'hotfix-2.3.143' [Iglocska] +- Removed junk. [Iglocska] +- Merge branch 'hotfix-2.3.143' [Iglocska] +- Added the attribute relations to the XML / JSON output, fixes #687. + [Iglocska] + + +v2.3.143 (2015-10-15) +--------------------- +- Copyright notices as a list. [Alexandre Dulaunoy] +- Update following recommendation #686. [Alexandre Dulaunoy] +- Merge branch 'master' of github.com:MISP/MISP. [Alexandre Dulaunoy] +- Merge branch 'master' of https://github.com/MISP/MISP. [Iglocska] +- Updates following recommendation #686. [Alexandre Dulaunoy] +- Merge branch 'master' of github.com:MISP/MISP. [Alexandre Dulaunoy] +- Licensed updated to AGPL 3.0 - #686. [Alexandre Dulaunoy] + + +v2.3.142 (2015-10-14) +--------------------- +- Merge branch 'hotfix-2.3.142' [Iglocska] +- Fixed the current user check while removing dead workers, fixes #685. + [Iglocska] + + - as pointed out by RichieB2B + + +v2.3.141 (2015-10-13) +--------------------- +- Merge branch 'hotfix-2.3.141' [Iglocska] +- Replaced get_current_user for the process owner identification, fixes + #685. [Iglocska] + + - As RichieB2B noted, get_current_user() gets the owner of the script in CentOS / RHEL not the user executing the script (as in Ubuntu) + + - Current solution uses posix_getpwuid and posix_geteuid if the php-posix package is installed + - if not, it uses whoami +- Merge branch 'master' of https://github.com/MISP/MISP. [Iglocska] +- Documentation location updated (misp-book) [Alexandre Dulaunoy] + + +v2.3.140 (2015-10-12) +--------------------- +- Merge branch 'hotfix-2.3.140' [Iglocska] +- Issue fixed with open_basedir preventing the worker diagnostics from + working, fixes #685. [Iglocska] + + - for some users the workers appeared to be dead even though the worker processes were functional and started by the correct user + - this was due to access to /proc being blocked by open_basedir directive settings + - added a check and the corresponding view changes to this being the case + + +v2.3.139 (2015-10-09) +--------------------- +- Merge branch 'hotfix-2.3.139' [Iglocska] +- Fix to a previous invalid check on the cakephp version. [Iglocska] +- Merge branch 'hotfix-2.3.138' [Iglocska] +- Fixed the worker diagnostics showing incorrect data under Red Hat / + CentOS, fixes #685. [Iglocska] + + - Under these distros, php is blocked from seeing concurrently running php processes even under the same user + - instead of running ps, the diagnostic now checks the existance of the pid file in /proc/ + + +v2.3.138 (2015-10-09) +--------------------- +- Merge branch 'hotfix-2.3.136' [Iglocska] +- Further fixes that caused issues with old PHP versions. [Iglocska] + + +v2.3.137 (2015-10-09) +--------------------- +- Merge branch 'hotfix-2.3.136' [Iglocska] +- Version bump. [Iglocska] +- Fixed a possible issue with the previous commit on certain php + versions. [Iglocska] + + +v2.3.136 (2015-10-09) +--------------------- +- Merge branch 'hotfix-2.3.136' [Iglocska] +- Upgrade to CakePHP 2.7, fixes #684. [Iglocska] + + - cakephp submodule updated to 2.7 + - make sure that you update your instance! + + - not updating will not break compatibility +- Merge branch 'hotfix-2.3.135' [Iglocska] +- Left off view file. [Iglocska] + + +v2.3.135 (2015-10-08) +--------------------- +- Merge branch 'hotfix-2.3.135' [Iglocska] +- Version bump. [Iglocska] +- Fix to an issue with the calendar and added view to help with gitbook + page generation. [Iglocska] + + - datepicker seems to bug out as of recently + - misplaced popup that overlaps with the top bar + - fixed by updating to a newer version of datepicker + + - added a new view that generates a markdown version of the categories and types view, for easier gitbook generation +- Merge branch 'hotfix-2.3.134' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.133' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.132' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.131' into develop. [iglocska] +- Merge branch 'hotfix-2.3.130' into develop. [iglocska] +- Merge branch 'hotfix-2.3.130' into develop. [iglocska] +- Merge branch 'hotfix-2.3.129' into develop. [iglocska] +- Merge branch 'hotfix-2.3.128' into develop. [iglocska] +- Merge branch 'hotfix-2.3.127' into develop. [iglocska] +- Merge branch 'hotfix-2.3.126' into develop. [iglocska] +- Merge branch 'hotfix-2.3.123' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.122' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.121' into develop. [Iglocska] + + +v2.3.134 (2015-09-24) +--------------------- +- Merge branch 'hotfix-2.3.134' [Iglocska] +- Fix to an issue that blocked event blacklist entries from being added + manually, fixes #676. [Iglocska] +- Merge branch 'hotfix-2.3.133' [Iglocska] +- Fixed an issue where the recorrelation of all events would run into + memory issues. [Iglocska] + + - before the recorrelation admin tool would load all attributes into memory in one go + - now it loads them in chunks of 1k attributes at a time + + +v2.3.133 (2015-09-24) +--------------------- +- Merge branch 'hotfix-2.3.132' [Iglocska] +- Fix to the previous commit. [Iglocska] + + +v2.3.132 (2015-09-23) +--------------------- +- Merge branch 'hotfix-2.3.132' [Iglocska] +- Fixed an issue with old upgraded instances that didn't use the db + session handler. [Iglocska] + + - diagnostic tool would throw exceptions because the db session tables are still missing in some older instances + - if a different session handler is used, the test is skipped +- Changed behaviour where REST delete returns the index on success, + fixes #673. [Iglocska] + + - REST delete of events lacked an API specific response + - simply redirected to the index + + - it now returns eitehr "Event deleted" or "Event was not deleted" depending on the outcome +- Merge pull request #673 from Rafiot/travis. [Raphaël Vinot] + + Add some submodules to the travis run +- Update default version for cakephp, make sure PyMISP follows master. + [Raphaël Vinot] +- Add codecov. [Raphaël Vinot] +- Add pymisp as a submodule. [Raphaël Vinot] +- Add coveralls. [Raphaël Vinot] +- Merge pull request #672 from Rafiot/travis. [Raphaël Vinot] + + Move test cases to PyMISP +- Move test cases to PyMISP. [Raphaël Vinot] + + +v2.3.131 (2015-09-21) +--------------------- +- Merge branch 'hotfix-2.3.131' [iglocska] +- Fix to the text export ignoring the rule to exclude unpublished and + non-IDS flagged data, fixes #646. [iglocska] +- Fixes to the user index, fixes #556. [iglocska] + + - index can now be sorted case insensitive + - removed a notice error during sorting (sorting parameters should not be displayed as a filter) +- Started admin FAQ section, added info on resetting a password using + the command line, fixes #624. [iglocska] +- Merge branch 'hotfix-2.3.130' [iglocska] +- Version bump. [iglocska] + + +v2.3.130 (2015-09-17) +--------------------- +- Merge branch 'hotfix-2.3.130' [iglocska] +- Fix to an issue introduced in 2.3.128 that incorrectly causes MISP to + not sync due to a version mismatch. [iglocska] + + +v2.3.129 (2015-09-16) +--------------------- +- Added an API to quickly check the current MISP version, fixes #664. + [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge pull request #663 from MISP/Rafiot-patch-1. [Andras Iklody] + + Fix #654 +- Fix #654. [Raphaël Vinot] + + At least, I think so, please review :) + + +v2.3.128 (2015-09-16) +--------------------- +- Merge branch 'hotfix-2.3.128' [iglocska] +- Added a diagnostic to check and purge overgrown session tables. + [iglocska] + + +v2.3.127 (2015-09-16) +--------------------- +- Merge branch 'hotfix-2.3.127' [iglocska] +- Fix to a new bug introduced with the correlation engine. [iglocska] + + - an attribute could correlate with another attribut of the same event +- Added ID in the response of the upload sample API. [iglocska] + + - it now also returns the ID of the created/updated event +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge pull request #658 from Rafiot/master. [Raphaël Vinot] + + Fix pull request +- Added gcc in dependencies (related to + https://github.com/MISP/MISP/issues/302) [David André] +- Added gcc in dependencies (related to #302) [David André] + + +v2.3.126 (2015-09-16) +--------------------- +- Merge branch 'hotfix-2.3.126' [iglocska] +- Removed redirect to the news page. [iglocska] +- Removed junk file. [iglocska] +- Collection of changes / fixes. [iglocska] + + - Event blacklist functionality extended + - Several context fields added + - edit existing entries to change the context fields + + - removed the deprecated news page + + - hash attribute types get validated against empty values + + - fixed an excepion on REST add of attributes when the validation stops an attribute from being entered + + - fixed the parameters in some exports being ignored after a recent patch + + - added an admin tool to prune orphaned attributes + + - cleanup and move of the database update methods - they are now accessible from any model + + - Footer now shows MISP version including sub version +- Event blacklist context completed. [iglocska] +- Further progress on several issues. [iglocska] +- Progress on several issues. [Iglocska] + + - switching workstations, this is all WiP +- Merge pull request #653 from Rafiot/master. [Raphaël Vinot] + + [Travis] Fix DB +- [Travis] Fix DB. [Raphaël Vinot] +- Merge pull request #652 from Rafiot/travis2. [Raphaël Vinot] + + [Travis] Big update, Almost ready to run tests. +- Big update, Almost ready to run tests. [Raphaël Vinot] +- Fix to a display bug on the event index when short tags are used. + [Iglocska] + + +v2.3.125 (2015-09-09) +--------------------- +- Merge branch 'hotfix-2.3.125' [Iglocska] +- Left off shell script. [Iglocska] +- Initialise first user via the command line. [Iglocska] + + usage: + + /var/www/MISP/app/Console/cake userInit -q + + returns the created auth key or an error message if users already exist + + The created account is an admin user, with the login being admin@admin.test / admin +- Fixed XSS in several views. [Iglocska] + + - reported by Roberto Suggi Liverani from NCIA +- Added comment in text export paragraph that. [David André] + + non IDS flagged attributes are also exported by default. +- Fix travis message in README. [Raphaël Vinot] + + +v2.3.124 (2015-09-07) +--------------------- +- Merge branch 'hotfix-2.3.124' [Iglocska] +- Several issues resolved. [Iglocska] + + - fixed an issue where pushing a single event would fail + + - both event and attribute edits via the API work without providing a timestamp. The current timestamp is instead attached + + - both event and attribute edits fill the required fields from the data in the database if not supplied (as long as the uuid is found) +- Typo, fixes #632. [Iglocska] +- Fix to a serious bug with adding attributes via the API and + performance fixes. [Iglocska] + + - due to a bug, setting an attribute ID in the /attributes/add API call can lead to overwriting an existing attribute + + performance improvements: + + - massive improvements to the correlation performance + - improvements to the attribute validation process +- Merge pull request #639 from Rafiot/travis. [Raphaël Vinot] + + Add partial travis support +- Add partial travis support. [Raphaël Vinot] + + +v2.3.123 (2015-09-03) +--------------------- +- Merge branch 'hotfix-2.3.123' [Iglocska] +- Enhancements to the reportValidationIssuesAttributes action. + [Iglocska] + + - now also shows issues not related to the value field + - takes an optional parameter to validate a single event's attributes + + +v2.3.122 (2015-09-02) +--------------------- +- Merge branch 'hotfix-2.3.122' [Iglocska] +- Version bump. [Iglocska] +- Fixed XSS in the footer. [Iglocska] + + - reported by Roberto Suggi Liverani from NCIA + + +v2.3.121 (2015-09-02) +--------------------- +- Merge branch 'master' of https://github.com/MISP/MISP. [Iglocska] +- Merge pull request #629 from RichieB2B/ncsc-nl/stix-tags. [Alexandre + Dulaunoy] + + Export MISP tags as STIX journal entries +- Export MISP tags as STIX journal entries. [Richard van den Berg] +- Corrected typo in word-wrapping for description in event display. + [David André] +- Merge pull request #626 from MISP/wrap-description. [Alexandre + Dulaunoy] + + Word-wrap for event description +- Word-wrap for event description. [David André] +- Merge branch 'hotfix-2.3.121' [Iglocska] +- Version bump. [Iglocska] +- Addition to the previous commit. [Iglocska] +- Fix to a reflected XSS in the event choice. [Iglocska] +- Merge branch 'hotfix-2.3.120' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.118' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.117' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.116' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.115' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.120' [Iglocska] +- Cleanup of some mistakes. [Iglocska] + + +v2.3.120 (2015-08-27) +--------------------- +- Merge branch 'hotfix-2.3.118' [Iglocska] +- Add / Remove tags from events via a new API. [Iglocska] + + +v2.3.118 (2015-08-27) +--------------------- +- Merge branch 'master' of https://github.com/MISP/MISP. [Iglocska] +- Merge pull request #618 from nullprobe/patch-1. [Alexandre Dulaunoy] + + Update MYSQL.sql +- Update MYSQL.sql. [nullprobe] + + Unnecessary comma makes the import fail. +- Merge pull request #577 from bemre/patch-1. [Raphaël Vinot] + + Update INSTALL.ubuntu1404.txt +- Update INSTALL.ubuntu1404.txt. [Bâkır Emre] + + it must be core.php instead of Core.php + + +v2.3.117 (2015-08-27) +--------------------- +- Merge branch 'hotfix-2.3.117' [Iglocska] +- Collection of fixes. [Iglocska] + + - CSV export ignored the tag parameters + - tagging events didn't work as expected in some cases + - timing out and clicking on an admin action results in being redirected to a non-existing admin login page + - distribution setting ignored when uploading attachments + + +v2.3.116 (2015-08-25) +--------------------- +- Merge branch 'hotfix-2.3.116' [Iglocska] +- Fix to the previous hotfix. [Iglocska] + + - indexes were not created if they already existed + - this was an issue if a non unique index was present + + - also made the process more verbose and added a generic method that deals with index removal +- Merge branch 'master' of https://github.com/MISP/MISP. [Iglocska] +- Removed git pull (x2) since we are already doing checkout. [David + André] +- Merge branch 'hotfix-2.3.115' [Iglocska] +- Resolved an issue that can lead to duplicate events showing up in + MISP. [Iglocska] + + - UUID uniqueness was previously not enforced + - changed the MYSQL.sql file to reflect the changes + - Added upgrade admin tool to remove duplicate events and make the database changes required + - Tweaked the tool for the attribute uuid fix so that it cannot created duplicate keys + + - some minor fixes, such as automatically removing eventTag objects on event deletion +- Merge branch 'hotfix-2.3.114' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.113' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.112' into develop. [Iglocska] + + +v2.3.114 (2015-08-24) +--------------------- +- Merge branch 'hotfix-2.3.114' [Iglocska] +- Version bump. [Iglocska] +- Fixed a bug with downloadSample that returns all accessible samples + instead of the requested one, fixes #610. [Iglocska] + + - fixed incorrect branch order causing this issue +- Merge branch 'hotfix-2.3.113' [Iglocska] +- Various fixes to the OpenIOC import and the password reset, fixes + #600, fixes #599, fixes #565. [Iglocska] + + - OpenIOC import now correctly sets IDS flags based on type + - OpenIOC import specifies the source file in the comments + + - Fixed a blackhole issue with the password reset popups + + +v2.3.112 (2015-08-18) +--------------------- +- Merge branch 'hotfix-2.3.112' [Iglocska] +- Added event ID field to restSearch APIs, to assist #456. [Iglocska] + + - eventid a new parameter for both event and attribute restsearch + - these APIs now accept arrays in both json and xml format (you can send "eventid": ["15", "16"] instead of "eventid": "15&&16" in addition to the old functionality +- Merge branch 'hotfix-2.3.111' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.111' [Iglocska] +- Some fixes to the OpenIOC import tool. [Iglocska] + + - added support for SHA types + - fixed an issue that caused the import to fail with duplicate attributes (the list gets pruned now) + - fixed an issue where no supplied contextual fields would lead to empty attributes being created + - removed the requirement for the files to have the .ioc extension +- Merge branch 'hotfix-2.3.110' into develop. [Iglocska] + + +v2.3.110 (2015-08-18) +--------------------- +- Merge branch 'hotfix-2.3.110' [Iglocska] +- Fix to a new bug introduced with the blacklisting that can prevent new + events from being added via the UI. [Iglocska] +- Merge branch 'hotfix-2.3.109' into develop. [Iglocska] + + +v2.3.109 (2015-08-18) +--------------------- +- Merge branch 'hotfix-2.3.109' [Iglocska] +- Version bump. [Iglocska] +- Added event ID/UUID to the event filters and attribute search. + [Iglocska] + + - enter a UUID in the event ID field of the attribute search to find attributes belonging to a certain event + - use event IDs / UUIDs to filter events on the event index +- Merge branch 'hotfix-2.3.108' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.107' into develop. [iglocska] +- Merge branch 'hotfix-2.3.106' into develop. [Iglocska] + + +v2.3.108 (2015-08-18) +--------------------- +- Merge branch 'hotfix-2.3.108' [Iglocska] +- Database update admin-actions are now logged and if they fail the + errors are logged. [Iglocska] + + +v2.3.107 (2015-08-17) +--------------------- +- Merge branch 'hotfix-2.3.107' [iglocska] +- Several bigger changes. [iglocska] + + - new functionality: Event blacklisting by UUID + - site admins cna enable this feature in the server settings + - enabling the feature will make the required db changes + - any deleted event will automatically get blacklisted + - this prevents deleted events from flowing back from a synced instance + - site admins can manually add UUIDs to the list and remove entries + + - fix to UUID duplication issues for attributes + - simply run the admin script and it will regenerate the UUID of attributes that are duplicates, if any such exist + - timestamps/event published status will not be affected + + - config.core.php now includes a change that prevents from 404 exceptions being logged + - the sync uses 404s to signal that an event with a given uuid does not exist when negotiating proposal synchronisation + - this causes a dangerously high amount of noise in the logs + + +v2.3.106 (2015-08-07) +--------------------- +- Merge branch 'hotfix-2.3.106' [Iglocska] +- Download all samples for an event ID via the API. [Iglocska] + + - as explained on the automation page + - also, better error handling + + - all API calls that fail during authentication will now return a JSON/XML error message instead of redirecting to the login page +- Merge branch 'hotfix-2.3.105' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.104' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.103' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.102' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.101' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.100' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.99' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.98' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.97' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.96' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.95' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.94' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.93' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.92' into develop. [Iglocska] + + +v2.3.105 (2015-08-07) +--------------------- +- Merge branch 'hotfix-2.3.105' [Iglocska] +- New functionality: API to download sample by hash. [Iglocska] + + - simply pass an MD5 hash along and receive a sample if available zipped and base64 encoded in a response object + - pass any hash along with a flag set and receive any samples from events that have the passed hash + + - Also, fix for an issue with the freetext import not using semi-colons as separators + + +v2.3.104 (2015-08-04) +--------------------- +- Merge branch 'hotfix-2.3.104' [Iglocska] +- Some fixes to the upload malware API. [Iglocska] + + - Threat level ID options correctly set + - Threat level ID validation tightened to reject anything but the existing threat levels + - The upload malware API now logs validation issues during the failed creation of attributes / events +- Merge branch 'master' of https://github.com/MISP/MISP. [Iglocska] +- Update dependencies. [Raphaël Vinot] + + * the real name of libxslt-dev is libxslt1-dev + * curl is required later in the installation and may not be present on the system + + +v2.3.103 (2015-08-04) +--------------------- +- Merge branch 'hotfix-2.3.103' [Iglocska] +- Additional parameters for the upload sample API. [Iglocska] +- A list of changes to the way attachments are uploaded, fixes #559, + fixes #482. [Iglocska] + + - new API for uploading malware samples + - allows the upload of several files + - can be used to populate a pre-existing event, or create a new event + - expects a JSON or an XML object with the samples base64 encoded + - new way of storing malware samples + - original filename not used any longer + - samples are renamed to their md5 hashes + - original filename preserved in a secondary txt file + - removed filename validation as it is no longer used for the command line execution + - this allows unicode name files to be uploaded! + - changed the UI attachment upload to reflect these changes + - code more centralised and extendible + + +v2.3.102 (2015-07-27) +--------------------- +- Merge branch 'hotfix-2.3.102' [Iglocska] +- Added the same functionality to the regex edit. [Iglocska] +- Added error message if regex is added without choosing a type, fixes + #575. [Iglocska] + + - user will be taken back to the form if no type selected +- Merge branch 'hotfix-2.3.101' [Iglocska] +- Mass IDS toggle for freetext import, fixes #576. [Iglocska] + + - added a toggle for the IDS fields in the freetext import to quickly set all found attributes to being IDS worthy + + +v2.3.100 (2015-07-22) +--------------------- +- Merge branch 'hotfix-2.3.100' [Iglocska] +- Fixed an issue with the NIDS export not correctly working for single + events. [Iglocska] +- Merge branch 'hotfix-2.3.99' [Iglocska] +- Incremental export generation for HIDS and NIDS exports. [Iglocska] + + - Instead of fetching all events at once for the export, events are fetched one by one + - Greatly reduces memory footprint (It mostly depends on the event with the most eligible attributes now, instead of the combined list of all events) + - Because of the lower memory usage, the time taken for the export is also slashed to a fragment of what it was before + + +v2.3.99 (2015-07-20) +-------------------- +- Merge branch 'hotfix-2.3.98' [Iglocska] + + +v2.3.98 (2015-07-17) +-------------------- +- Merge branch '570' into hotfix-2.3.98. [Iglocska] +- Convert tab to spaces. [Richard van den Berg] +- Remove unused relatedTTP. [Richard van den Berg] +- Add timezone +00:00 to timestamp. [Richard van den Berg] +- Change incident description to title. [Richard van den Berg] +- Add Indicated_TTP. [Richard van den Berg] +- Add Valid_Time_Position. [Richard van den Berg] +- Add indicator types. [Richard van den Berg] +- Add condition attributes. [Richard van den Berg] +- Some changes to the workers. [Iglocska] + + - some fixes with the previous iteration of the background workers + - PID now checked using ps -p instead of looking for it in /proc +- Changes to the hids exports. [Iglocska] + + - fixed some issues with unset variables (from, to, last) when triggered by the background workers + - reduced memory usage of the hids exports (removed storing the hashes twice in memory, drastically removed the data retrieved from the db when preparing the export) + + +v2.3.97 (2015-07-13) +-------------------- +- Merge branch 'hotfix-2.3.97' [Iglocska] +- Version bump. [Iglocska] +- Merge branch 'pr567' into hotfix-2.3.97. [Iglocska] +- Use setupHttpSocket for fetchPGPKey. [Richard van den Berg] +- Merge branch 'pr564' into hotfix-2.3.97. [Iglocska] +- Edited comment for RPZ_Policy. [David André] + + Removed copy/pasta and added a correct comment for RPZ_Policy +- Merge pull request #1 from MISP/master. [David André] + + Update to latest MISP master +- Merge branch 'pr546' into hotfix-2.3.97. [Iglocska] +- Use innodb engine for cake sessions table. [David André] + + +v2.3.96 (2015-07-12) +-------------------- +- Merge branch 'hotfix-2.3.96' [Iglocska] +- Rework of the diagnostics for background workers. [Iglocska] + + - shows dead background workers + - allows site admins to add workers to any queue on the fly + - allows site admins to kill workers on the fly + + +v2.3.95 (2015-07-09) +-------------------- +- Merge branch 'hotfix-2.3.95' [Iglocska] +- Some tuning to the hostname / url type recognition in the freetext + import tool, fixes #562. [Iglocska] + + +v2.3.94 (2015-07-08) +-------------------- +- Merge branch 'hotfix-2.3.94' [Iglocska] +- Fix to an error with very large strings in an array causing a failure + in the XML conversion of simpleXML, fixes #500. [Iglocska] + + Moved the XML conversion in restfullEventToServer() to MISP's own xml conversion tool + + +v2.3.93 (2015-07-07) +-------------------- +- Merge branch 'hotfix-2.3.93' [Iglocska] +- Fixes to the RPZ export based on the testing of elhoim. [Iglocska] + + - some errors in the format (wrong comment character used, rpz-ip not appended to IP addresses, missing semi-colon) + - removed hostnames that are on domains blocked by the rules based on domain attributes + + +v2.3.92 (2015-07-01) +-------------------- +- Merge branch 'hotfix-2.3.92' [Iglocska] +- Fix to an incorrect validation of temporary filenames. [Iglocska] +- Merge branch 'hotfix-2.3.91' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.90' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.90' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.89' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.91' [Iglocska] +- File management fixed in server settings. [Iglocska] + + - a previous patch removed the contents of the page + + +v2.3.91 (2015-07-01) +-------------------- +- Merge branch 'hotfix-2.3.90' [Iglocska] +- GnuPG.binary demoted to optional setting as it should be. [Iglocska] + + +v2.3.90 (2015-07-01) +-------------------- +- Merge branch 'hotfix-2.3.90' [Iglocska] +- Version bump. [Iglocska] +- Fix to XSS in the template creation process. [Iglocska] +- Security fix: Fix to a possible PHP Object injection. [Iglocska] + + - unserialized user input replaced with json_decode +- Merge branch 'hotfix-2.3.89' [Iglocska] +- Version bump and debug code removed. [Iglocska] +- Fix for disabled fields causing issues with the security component + fixes #555. [Iglocska] + + - the disabled fields are no longer created via the form helper +- Merge branch 'hotfix-2.3.88' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.87' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.87' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.86' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.84' into develop. [iglocska] + + +v2.3.88 (2015-06-29) +-------------------- +- Merge branch 'hotfix-2.3.88' [Iglocska] +- Complete rework of the ZeroMQ implementation. [Iglocska] + + - python server running in the background doing the publishing + - MISP -> python script communication via redis + - configurable / controllable via the admin UI +- Merge branch 'hotfix-2.3.87' [Iglocska] +- Removed debug code. [Iglocska] +- Merge branch 'hotfix-2.3.87' [Iglocska] +- Version bump. [Iglocska] +- Several fixes. [Iglocska] + + - added multi edit to freetext import comments + - added a missing file from hotfix-2.3.87 (pgp key import view) + - updated gitignore to ignore some items that are outside of the scope of the git package +- Proposal mass accept/discard, fixes #466. [Iglocska] + + +v2.3.87 (2015-06-25) +-------------------- +- Merge branch 'hotfix-2.3.86' [Iglocska] +- Merge branch 'fix-stix-date-ranges' into hotfix-2.3.86. [Iglocska] + + Conflicts: + app/View/Events/automation.ctp +- Move example to bottom of h3. [Richard van den Berg] +- Fix bold and spacing. [Richard van den Berg] +- Add/move missing tags examples. [Richard van den Berg] +- Clarify the use of empty parameters in URL. [Richard van den Berg] +- Clarify more date formats. [Richard van den Berg] +- Clarify date format. [Richard van den Berg] +- Add $from and $to to Event->stix() [Richard van den Berg] +- DateFieldCheck actually expects YYYY-MM-DD. [Richard van den Berg] +- Added pub/sub feature using ZeroMQ, fixes #540 and fixes #526. + [Iglocska] + + - by installing the requirements described in the update and the install instructions (ubuntu only for now, centos/red-hat versions to be tested and described), administrators can enable the pub/sub feature + - assign a port to the service via the interface + - each time an event is published, MISP will use ZMQ's PUB feature to push out a MISP JSON package using the "misp_json" prefix +- Some merge issues resolved. [Iglocska] +- Merge branch 'feature/rpz' into hotfix-2.3.86. [Iglocska] + + Conflicts: + app/Console/Command/EventShell.php + app/Model/Server.php +- Opened up the rpz API for automation. [iglocska] +- Merge branch 'master' into feature/rpz. [iglocska] +- Small fixes. [iglocska] + + - filename fix + - per event download fixed +- Added the missing ways to exploit the rpz functionality. [iglocska] + + - rpz added to exports, both old-style and with background workers + - per event rpz functionality added +- First revision of the RPZ export complete. [iglocska] + + - documented in automation view + - right now it follows the simple rule of user > admin settings > default values when generating the export + - Parameters can be passed via url / JSON object / XML object + - filters include filter on event ID, date range, tags + + TODO: + - buttons for a per event download via the UI + - introduce new export option for normal users (via background workers and the old style export) +- Further progress, still rough around the edges. [iglocska] + + - server settings and validation work + - configurable template via settings + - configurable via API as well + + - Also trying to define the structure for future Plugin settings + - The idea is to have them in a separate tab all prepended with the plugin name + - since this is not yet part of the future flexible plugin system, it is still kept in the main codebase, but the idea is to get the naming conventions ready for the future version +- First version of the RPZ export. [iglocska] + + - still undocumented + - very naive policy settings + - limit per event / tags / date range +- Removed some junk. [Iglocska] +- PGP key selection on fetch, fixes #554. [Iglocska] + + - MISP will now fetch a list of all keys matching the e-mail address from the MIT server from the user edit view + - A popup will present all the matching keys (with the creation date, key ID, email addresses associated - and the fingerprint when hovering over them) + - Once the admin clicks on one, it will fetch the desired key + + - future enhancement possibility: move the second stage (the actual key fetch) to the server side instead of a direct ajax query from the user's browser + + +v2.3.85 (2015-06-22) +-------------------- +- Merge branch 'hotfix-2.3.85' [Iglocska] +- Tuning of the complex type tool. [Iglocska] + + +v2.3.84 (2015-06-18) +-------------------- +- Merge branch 'hotfix-2.3.84' [iglocska] +- Various changes and bug fixes. [iglocska] + + - contact reporter first tries to contact orgc users on the instance, if they don't exist, it will contact the owner (instead of going straight to the owner) + - hostname / domain name validation change broke validation of hostnames/domain names / email addresses with a "-" + - Some documentation changes for the REST API (more coming) + - some tuning of the freetext import +- Merge branch 'hotfix-2.3.83' into develop. [iglocska] +- Merge branch 'hotfix-2.3.82' into develop. [iglocska] +- Merge branch 'hotfix-2.3.81' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.80' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.79' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.78' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.77' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.76' into develop. [Iglocska] +- Install instruction change under ubuntu: No more reference to removed + INSTALL.SH file, fixes #520. Also, removed BUGS.txt, fixes #519. + [Iglocska] +- Merge branch 'hotfix-2.3.75' into develop. [Iglocska] + + +v2.3.83 (2015-06-17) +-------------------- +- Merge branch 'hotfix-2.3.83' [iglocska] +- Small tweak to the email/domain/hostname validation, affects #551. + [iglocska] + + +v2.3.82 (2015-06-16) +-------------------- +- Merge branch 'hotfix-2.3.82' [iglocska] +- Relaxed validation of tlds in domain/hostname/email-src/email-dst + attributes to allow for longer custom tlds. [iglocska] +- Merge branch 'hotfix-2.3.81' [Iglocska] +- Removed some junk. [Iglocska] + + +v2.3.81 (2015-06-10) +-------------------- +- Merge branch 'hotfix-2.3.81' [Iglocska] +- Version bump. [Iglocska] +- Some further cleanup / refactoring. [Iglocska] +- Updated the documentation to reflect the correct STIX / CyBox versions + required. [Iglocska] + + - Updated the admin tool to check the STIX / Cybox versions +- Fixes to the e-mailer and the HIDS export. [Iglocska] + + - HIDS exports did not include filename|hash types + - Sending a password reset / welcome message picked the opposite subject line + - line breaks were sent as literals. + + +v2.3.80 (2015-06-09) +-------------------- +- Merge branch 'hotfix-2.3.80' [Iglocska] +- Version bump. [Iglocska] +- Added the option to use an alternat executable for gpg, fixes #498. + [Iglocska] + + - users can specify an alternate gnupg executable + - Since GnuPG2 is not compatible with the last stable CryptGPG version, there are 3 options for CentOS / Red Hat users: + 1. Don't use a passphrase for the server's PGP key + 2. Install the beta version of CryptGPG (1.4.0b4) + 3. Install GnuPG classic and point MISP to the executable + + - This patch enables option 3, administrators can point MISP to the alternate executable in the server settings +- Server setting changes logged, fixes #531. [Iglocska] + + +v2.3.79 (2015-06-06) +-------------------- +- Merge branch 'hotfix-2.3.79' [Iglocska] +- Added documentation changes to avoid a non-compatible cybox + installation, fixes #529. [Iglocska] + + - STIX exports were failing when using the master branch of the Cybox Python libraries + - installation guide now forces users to use the last compatible release +- Documentation for the new export option added. [Iglocska] +- Added a new API parameter that allows to restrict events to the most + recently published ones, #527. [Iglocska] + + - added the new flag "last" to the list of parameters + - exports affected: XML, CSV, NIDS, HIDS, STIX, Text, RestSearch + - Valid values: number + format where format can be d, m, h for day, minute, hour (examples: 5d or 12h or 30m) +- Merge branch 'hotfix-2.3.78' [Iglocska] +- Version bump, also, hotfix fixes #521. [Iglocska] +- Tags sorted by name not ID, fixes #522. [Iglocska] + + - Affected views: Tag index, event view tag attach dropdown +- Fixed an issue with log entries being truncated (Requires + administrator action!) [Iglocska] + + - added a new entry to the admin tools (Administartion -> Administrative tools) + - converts title and change columns in the logs table to text from varchar(255) + + +v2.3.77 (2015-06-05) +-------------------- +- Merge branch 'hotfix-2.3.77' [Iglocska] +- Fix to non publish users being able to get around the restriction. + [Iglocska] + + - fixed an incorrect privilege check on the publish pop-up + + +v2.3.76 (2015-06-04) +-------------------- +- Merge branch 'hotfix-2.3.76' [Iglocska] +- Auth users should only be able to create events for their org. + [Iglocska] + + - Sync users should be able to create an event for another orgc, but auth users should not + - Fixed +- Install instruction change under ubuntu: No more reference to removed + INSTALL.SH file, fixes #520. Also, removed BUGS.txt, fixes #519. + [Iglocska] +- Merge branch 'hotfix-2.3.75' [Iglocska] +- Freetext import tool now prunes duplicate values, fixes #517. + [Iglocska] +- Oversanitisation breaks links in attribute values, fixes #371. + [Iglocska] +- Merge branch 'mbstring' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.74' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.73' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.72' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.71' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.70' into develop. [iglocska] +- Merge branch 'mbstring' [Iglocska] +- CakePHP 2.6.7 requires the php mbstring extension. [Richard van den + Berg] + + - on CentOS this is a separate package php-mbstring + - on Ubuntu this is part of libapache2-mod-php5 + + +v2.3.74 (2015-06-03) +-------------------- +- Merge branch 'hotfix-2.3.74' [Iglocska] +- Timing for rescheduling of tasks changed slightly. [Iglocska] + + - The rescheduling now happens before the task is executed - this way a failed job will not prevent the rescheduling of the next execution time + + +v2.3.73 (2015-06-03) +-------------------- +- Merge branch 'hotfix-2.3.73' [Iglocska] +- AJAX attribute creation would block a follow-up publish request, fixes + #514. [Iglocska] + + - Popover_form purged after the form has been submitted + - a duplicate hidden div was created for confirmation popups within the attribute creation popup and clicking publish populated the wrong div +- Fixes issue with firefox not pasting the fetched PGP key, fixes #514. + [Iglocska] +- Merge branch 'hotfix-2.3.72' [Iglocska] +- Some fixes to the documentation. [Iglocska] + + - workers potentially started as root in the documentation, fixed +- Fixed the max width of the attribute value field, fixes #512. + [Iglocska] +- Updated bootstrap datepicker, fixes #507. [Iglocska] +- NIDS filename changes, fixes #509. [Iglocska] + + - instead of misp.rules the filename becomes misp.format.eventid.rules where eventid is only set if a single event is exported +- Disablerestalert setting clarified and default set to true, fixes 511. + [Iglocska] +- Free text import tool tuning, fixes #510. [Iglocska] + + - comma separated values now correctly parsed + - Ports in IP/url/link/domain/hostname now added as a comment + - virustotal now automatically recognised as external analysis / link + + +v2.3.71 (2015-06-01) +-------------------- +- Merge branch 'hotfix-2.3.71' [Iglocska] +- Events without attributes are now blocked from pull/push, fixes #476. + [Iglocska] + + - Events published / pushed will now refuse to sync if the situation arises where no attributes would be eligible to be synced + - Events pulled that contain no attributes will be thrown away +- Merge branch 'hotfix-2.3.70' [iglocska] +- Version bump. [iglocska] +- Merge branch 'certat' into hotfix-2.3.70. [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [Aaron Kaplan] +- Update INSTALL.ubuntu1404.txt. [AaronK] + + Add a note on Debian Wheezy installation instructions +- Merge branch 'master' of https://github.com/MISP/MISP. [Aaron Kaplan] +- Merge branch 'master' of https://github.com/MISP/MISP. [Aaron Kaplan] +- Merge branch 'master' of https://github.com/MISP/MISP. [Aaron Kaplan] +- Merge branch 'master' of https://github.com/aaronkaplan/MISP. [Aaron + Kaplan] +- Merge branch 'master' of https://github.com/MISP/MISP. [Aaron Kaplan] +- Should read if (defined(...)) [Aaron Kaplan] +- Merge branch 'master' of https://github.com/aaronkaplan/MISP. [Aaron + Kaplan] +- Merge https://github.com/MISP/MISP. [Aaron Kaplan] +- Move CERT.at logo file. [L. Aaron Kaplan] +- Merge https://github.com/MISP/MISP. [Aaron Kaplan] +- Added CERT.at org file Also testing pull requests upstream. [Aaron + Kaplan] +- Merge branch 'hotfix-2.3.69' into develop. [iglocska] + + +v2.3.69 (2015-05-27) +-------------------- +- Merge branch 'hotfix-2.3.69' [iglocska] +- Left of tuning of complex type tool in previous commit. [iglocska] + + - also, appcontroller now loads the security component, so that the blackhole override doesn't produce errors +- Finished the e-mailing rework branch, fixes #505, fixes #504, fixes + #502, fixes #499. [iglocska] + + - this commit is mostly here to capture what was changed in hotfix 2.3.69 + + - e-mailing completely reworked, all e-mails now flow through the same method + - that method will handle all encryption and the decisions whether to send e-mails unencrypted to users without an encryption key, whether to keep the body of the e-mail untruncated, etc + - all e-mails are now also logged here (including the reason of a potential failure) + + - new server settings for default template messages for password resets / new user welcome messages + + - admin e-mail interface reworked and org admins now also have access to the features + + - password resets / new user for site and org admins (where applicable) - quickly reset the password of a user and alert them using the pre-defined reset template + + ===== + + - Tuned the freetext import to really accept free-text. Let me know if you have any tips for tuning the detection further! + + - it now breaks the passed string on whitespace and line-break and tries to resolve the rest. Filename resolution tightened to exclude anthing that starts or ends with a . +- Blackhole message due to csrf replaced with something more obvious, + fixes #504. [iglocska] + + - user will get an explanation of the csrf error and that going back and refreshing the form will fix it + - also, there is a link that will take the user to the baseurl (which will redirect to the login page if the csrf issue occured on the login page) +- New emailer finished. [iglocska] +- Further progress. [iglocska] +- Rework of the e-mailing, part 1. [iglocska] + + - Reworking the way e-mails are sent - all of it goes through a centralised e-mail method + - just pass the recipient, recipient encryption key collection, body, alternate body if the message cannot be encrypted, subject, reply to address and pgp key for reply to along and the method will do the rest + + - encrypt if possible, check if sending without encryption is allowed, signing, adding attachment for reply to encryption key, using alternate sanitised body if it is enforced for accounts that cannot use encryption is all done in one place + + - easy to maintain and expand with future changes (such as the S/MIME pull request on github) +- Merge branch 'unencrypted' into hotfix-2.3.69. [iglocska] +- Removed extraneous dash. [Richard van den Berg] +- Fixed typo. [Richard van den Berg] +- Also respect GnuPG.bodyonlyencrypted for posts alerts. [Richard van + den Berg] +- Merge branch 'ncsc-nl/posts-alerts' into ncsc- + nl/email_body_only_encrypted. [Richard van den Berg] +- Do not send details of events unencrypted. [Richard van den Berg] +- Merge branch 'email-notifications' into hotfix-2.3.69. [iglocska] +- Use correct CakeResque queue. [Richard van den Berg] +- Fix whitespaces. [Richard van den Berg] +- Fix posts alerts. [Richard van den Berg] +- Send E-mail notifications for new posts in discussion and event + threads. [Richard van den Berg] +- Freetext import tool now splits the input by line break and + whitespace, fixes #502. [iglocska] +- Merge branch 'hotfix-2.3.68' into develop. [iglocska] +- Merge branch 'hotfix-2.3.67' into develop. [iglocska] +- Merge branch 'hotfix-2.3.66' into develop. [iglocska] +- Merge branch 'hotfix-2.3.65' into develop. [iglocska] + + +v2.3.68 (2015-05-21) +-------------------- +- Merge branch 'hotfix-2.3.68' [iglocska] +- Date set to today's date by default, fixes #495. [iglocska] + + +v2.3.67 (2015-05-20) +-------------------- +- Merge branch 'hotfix-2.3.67' [iglocska] +- Ignoring non MISP AUTHORIZATION headers, fixes #478. [iglocska] + + - Users being logged on would not be able to use the actions that are also used for automation + - Those actions trigger a check of the authorization header, which in certain use cases can be set with values that is outside of the scope of MISP + + - MISP will now try to only detect MISP auth keys in the headers and if it detects something else it ignores it + + +v2.3.66 (2015-05-15) +-------------------- +- Merge branch 'hotfix-2.3.66' [iglocska] +- Fix to copy pasta issue breaking from/to filters in exports, fixes + #494. [iglocska] + + +v2.3.65 (2015-05-15) +-------------------- +- Merge branch 'hotfix-2.3.65' [iglocska] +- Fixed issue with proxy settings attempted to be added in synctool, + even if not set. [iglocska] +- Merge branch 'hotfix-2.3.64' into develop. [iglocska] +- Merge branch 'password_script' into develop. [iglocska] +- Merge branch 'hotfix-2.3.63' into develop. [iglocska] +- Corrected typo. [Christophe Vandeplas] +- Links to website. [Christophe Vandeplas] +- MISP diagrams in SVG licensed under CC-BY-SA added. [Alexandre + Dulaunoy] +- Merge branch 'hotfix-2.3.62' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.61' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.60' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.59' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.58' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.57' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.64' [iglocska] +- Merge branch 'certauth' into hotfix-2.3.64. [iglocska] +- Minor typo in the unset -- should be ['User']['gpgkey'] [Guilherme + Capilé] +- Removed session handling from plugin and moved to AppController. + [Guilherme Capilé] +- Merge remote-tracking branch 'upstream/master' [Guilherme Capilé] +- Merge branch 'master' of github.com:FIRSTdotorg/MISP. [Guilherme + Capilé] +- Added user defaults to plugin. [Guilherme Capilé] +- Added client SSL certificate authentication as a CakePHP plugin. + [Guilherme Capilé] +- Added client SSL certificate authentication as a CakePHP plugin. + [Guilherme Capilé] +- Added user defaults to plugin. [Guilherme Capilé] +- Added client SSL certificate authentication as a CakePHP plugin. + [Guilherme Capilé] +- Added client SSL certificate authentication as a CakePHP plugin. + [Guilherme Capilé] +- Merge branch 'cakephppath' into hotfix-2.3.64. [iglocska] +- Update UPDATE.txt. [remg427] + + app missing in path for cakephp +- Merge branch 'saltlength' into hotfix-2.3.64. [iglocska] +- Calrify salt length in INSTALL.md. [Gábor Molnár] +- Note salt key length requirement to INSTALL.md. [Gábor Molnár] +- Merge branch 'rsakey' into hotfix-2.3.64. [iglocska] +- Removed the RSA key recommendation from INSTALL.ubuntu1404.txt. [David + André] +- Removed the RSA key recommendation from INSTALL.centos7.txt. [David + André] +- Removed the RSA key recommendation from INSTALL.centos6.txt. [David + André] +- Left off a file. [iglocska] +- PGP key lookup for lazy MISP instance admins, fixes #492. [iglocska] + + - Added a button for the add user / edit user views that fetches the entered e-mail addresses pgp key from pgp.mit.edu +- Implemented correct from / to api parameter checks. [iglocska] + + - based on stevengoossensB's pull request + + +v2.3.64 (2015-05-13) +-------------------- +- Merge branch 'password_script' [iglocska] +- Password reset fix. [iglocska] +- Added link to GNU AGLP License v3 text. [David André] + + +v2.3.63 (2015-05-04) +-------------------- +- Merge branch 'hotfix-2.3.63' [iglocska] +- Removed debug. [iglocska] +- Parse authorization headers for a valid MISP auth key, fixes #478. + [iglocska] + + - Keeps parsing until a valid auth key is found +- Merge branch 'master' into hotfix-2.3.63. [iglocska] +- Corrected typo. [Christophe Vandeplas] +- Links to website. [Christophe Vandeplas] +- MISP diagrams in SVG licensed under CC-BY-SA added. [Alexandre + Dulaunoy] +- Merge pull request #468 from elhoim/patch-6. [Andras Iklody] + + Fix for #467 +- Fix for #467. [David André] + + Fix for issue #467 + Changed the label of IDS checkbox for proposals + + +v2.3.62 (2015-04-16) +-------------------- +- Merge branch 'hotfix-2.3.62' [Iglocska] +- Small fix to editing an event via the api. [Iglocska] + + - adding attributes without a uuid will cause the edit to fail + - attributes without a uuid will now be added as a new attribute +- Merge branch 'hotfix-2.3.61' [Iglocska] +- Fixed various issues with the attribute REST api. [Iglocska] + + - also updated the sample curl scripts + + +v2.3.60 (2015-04-13) +-------------------- +- Merge branch 'hotfix-2.3.60' [Iglocska] +- Background job for pull incorrectly checks the push flag on the + server, fixes #457. [Iglocska] + + - Issue fixed: When background jobs are enabled the wrong flag is checked when attemptying to enqueue a pull + + +v2.3.59 (2015-04-08) +-------------------- +- Merge branch 'hotfix-2.3.59' [Iglocska] +- Fix to an issue with the caching. [Iglocska] + + - CSV caching was saving to file on each attribute, creating extremely high amounts of I/O + - reduced it to saving to file / event + + - fixed incorrect pathing +- Merge branch 'triple-dots' into hotfix-2.3.59. [Iglocska] +- Only truncate string if adding ... will make it shorter. [Richard van + den Berg] +- Merge branch 'cakeresque-update' into hotfix-2.3.59. [Iglocska] +- Include composer.phar self-update. [Richard van den Berg] +- Use cake-resque:4.1.2. [Richard van den Berg] + + - Remove --no-update for cake-resque + - Added UPDATE.txt for keeping up2date between major releases +- Merge branch 'cakephp-update' into hotfix-2.3.59. [Iglocska] +- Remove gitlink for app/Plugin/CakeResque. [Richard van den Berg] + + CakeResque is installed with composer.phar + + Removing the gitlink gets rid of this annoying error message: + No submodule mapping found in .gitmodules for path 'app/Plugin/CakeResque' +- Update cakephp to latest 2.6 branch. [Richard van den Berg] +- Merge branch 'cakeresque-queues' into hotfix-2.3.59. [Iglocska] +- Use correct CakeResque queues. [Richard van den Berg] +- Merge branch 'proxy' into hotfix-2.3.59. [Iglocska] +- Use isOK() for version check. [Richard van den Berg] +- Catch HTTP error codes. [Richard van den Berg] +- Catch invalid proxy configuration. [Richard van den Berg] +- Allow SyncTool with empty $server. [Richard van den Berg] +- Allow SyncTool to be used for generic HTTP(S) connections. [Richard + van den Berg] +- Use SyncTool for diagnostics. [Richard van den Berg] +- Fix typo. [Richard van den Berg] +- Add proxy section to server diagnostics. [Richard van den Berg] +- ConfigProxy() checks for empty arguments, no need to do it twice. + [Richard van den Berg] +- Add proxy support to SyncTool. [Richard van den Berg] +- Merge branch 'ids_example' into hotfix-2.3.59. [Iglocska] +- Removed .swp file ; updated .gitignore. [Koen Van Impe] +- Example file on how to get the exported IDS data from MISP. [Koen Van + Impe] +- Merge pull request #1 from MISP/master. [Koen Van Impe] + + Update from original +- Merge branch 'password' into hotfix-2.3.59. [Iglocska] +- Update to install howto. [Alexander J] + + remove of -p password in order to avoid having the password in your bash history and the install command for postfix +- Merge branch 'gitignore' into hotfix-2.3.59. [Iglocska] +- Fix cakephp path in .gitignore. [Richard van den Berg] +- Merge branch 'stix_no_random_ids' into hotfix-2.3.59. [Iglocska] +- Consistent timestamps for STIX objects. [Richard van den Berg] +- Consistent id's for malware-sample artifacts. [Richard van den Berg] +- Consistent id's for observable compositions. [Richard van den Berg] +- Use property class name in object ID. [Richard van den Berg] +- Use attribute uuid for cybox id's. [Richard van den Berg] +- Merge branch 'stix-info' into hotfix-2.3.59. [Iglocska] +- Use org name and baseurl in XML namespace for STIX. [Richard van den + Berg] +- More informative CIQ titles. [Richard van den Berg] +- More informative STIX titles. [Richard van den Berg] +- Merge branch 'install-centos' into hotfix-2.3.59. [Iglocska] +- Fix line breaks. [Richard van den Berg] +- Php-xml is needed for DOMDocument class. [Richard van den Berg] +- Merge branch 'master' of github.com:MISP/MISP into ncsc-nl/install- + centos. [Richard van den Berg] +- Documentation changes. [Richard van den Berg] + + - Added changes from 9378837f39a52e246fb1c11aac18343c8c8992a0 for CentOS + - Fixed some typos +- Merge branch 'disallow_unpublished_events' into hotfix-2.3.59. + [Iglocska] +- Fixed missing parentheses‎ [Richard van den Berg] +- Make unpublished events private if MISP.unpublishedprivate == true. + [Richard van den Berg] +- Merge remote-tracking branch 'upstream/master' [Richard van den Berg] +- Disallow unpublished events. [Richard van den Berg] + + +v2.3.58 (2015-04-01) +-------------------- +- Merge branch 'hotfix-2.3.58' [Iglocska] +- Sync update issue fixed. [Iglocska] + + - attributes were not correctly updated during a manual push due to an incorrect conditional + - re-publishing was unaffected + + +v2.3.57 (2015-03-16) +-------------------- +- Merge branch 'hotfix-2.3.57' [Iglocska] +- Organization field in Servers too short to fit valid organisation + identifiers, fixes #436. [Iglocska] + + - updated the MYSQL.sql file for future MISP installations + - added admin script to do the update from the web interface +- Merge branch 'hotfix-2.3.56' into develop. [Iglocska] +- Merge branch 'hotfix-2.3.55' into develop. [iglocska] +- Merge branch 'hotfix-2.3.53' into develop. [iglocska] +- Merge branch 'hotfix-2.3.52' into develop. [iglocska] +- Merge branch 'hotfix-2.3.51' into develop. [iglocska] +- Merge branch 'hotfix-2.3.50' into develop. [iglocska] +- Merge branch 'hotfix-2.3.49' into develop. [iglocska] +- Merge branch 'hotfix-2.3.48' into develop. [iglocska] +- Merge branch 'hotfix-2.3.47' into develop. [iglocska] +- Merge branch 'hotfix-2.3.46' into develop. [iglocska] +- Merge branch 'hotfix-2.3.45' into develop. [iglocska] +- Merge branch 'hotfix-2.3.45' into develop. [iglocska] +- Merge branch 'hotfix-2.3.44' into develop. [iglocska] +- Merge branch 'hotfix-2.3.43' into develop. [iglocska] +- Merge branch 'hotfix-2.3.42' into develop. [iglocska] +- Merge branch 'hotfix-2.3.41' into develop. [iglocska] + + +v2.3.56 (2015-03-14) +-------------------- +- Merge branch 'hotfix-2.3.56' [Iglocska] +- Site admins can now create proposals, fixes #417. [Iglocska] + + - site admins can now create proposals to an event / attribute as long as the event does not belong to their organisation + - new icon for proposals to differentiate them from edits +- Version bump. [Iglocska] +- Sync users should default to termsaccepted and no password change + required, fixes #432. [Iglocska] +- Search in logs fixed, fixes #434. [Iglocska] + + - The log search incorrectly set the search terms for empty fields, meaning that any log entries that had unfilled columns, such as it is the case with admin_email would never return results + + +v2.3.55 (2015-03-10) +-------------------- +- Merge branch 'hotfix-2.3.55' [iglocska] +- Security fix. [iglocska] + + - filenames are now enclosed by quotes instead of double quotes while executing the zip command via exec + + +v2.3.54 (2015-02-24) +-------------------- +- Merge branch 'hotfix-2.3.54' [iglocska] +- Version bump. [iglocska] +- Json view fixed, fixes #411. [iglocska] + + +v2.3.53 (2015-02-23) +-------------------- +- Merge branch 'hotfix-2.3.53' [iglocska] +- Version bump. [iglocska] +- Disabled the animation in the MISP logo. [iglocska] + + - it was quite heavy on CPU usage and it was too subtle to notice anyway +- Org admins editing privileged users demotes the privileged user to a + lower permission level, fixes #408. [iglocska] + + - an org admin now correctly can select the previously assigned privileged role for a user that he/she is editing +- Merge branch 'hotfix-2.3.52' [iglocska] +- Version bump. [iglocska] +- API search incorrectly generating JSON with several events, fixes + #407. [iglocska] + + - also fixed the edit button on the index + + +v2.3.52 (2015-02-18) +-------------------- +- Merge branch 'hotfix-2.3.51' [iglocska] +- Version bump. [iglocska] +- Further work on the exports. [iglocska] + + - Performance improvements for the event search exports + - JSON view code moved to Lib + - Fixed an issue that didn't restrict the dates correctly with the from / to parameters + + +v2.3.51 (2015-02-16) +-------------------- +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Fix pull #400. [Alexandre Dulaunoy] +- MISP logo added. [Alexandre Dulaunoy] +- MISP logos added (SVG, PDF and PNG) [Alexandre Dulaunoy] + + +v2.3.50 (2015-02-16) +-------------------- +- Merge branch 'hotfix-2.3.50' [iglocska] +- Added more contextual info for the CSV exports, fixes #391. [iglocska] +- Correlation disabled for http-method, fixes #406. [iglocska] +- Missing json view file added. [iglocska] + + - return attributes fails when requesting the results in JSON + - added missing view file + + +v2.3.49 (2015-02-16) +-------------------- +- Merge branch 'hotfix-2.3.49' [iglocska] +- Relaxed the auth key requirement for nids exports. [iglocska] + + - incorrect check on the nids exports blocked logged in users from downloading the snort/suricata rules of an event + - check removed + + +v2.3.48 (2015-02-10) +-------------------- +- Merge branch 'hotfix-2.3.48' [iglocska] +- Version bump. [iglocska] +- Fixed an issue with the free-text import failing on more than ~100 + parsed values, fixes #389. [iglocska] + + - Caused by a 1k variable / form limit imposed by php since 5.3.9 + - Form data now collected by JS and passed as a single JSON in the POST request + - Allows massive IOC lists to be imported + - improved performance + + +v2.3.47 (2015-02-09) +-------------------- +- Merge branch 'hotfix-2.3.47' [iglocska] +- Documentation changes. [iglocska] +- Merge branch 'hotfix-2.3.46' [iglocska] +- Patch fixing json download, fixes #387. [iglocska] + + - World's smallest patch + + +v2.3.46 (2015-02-05) +-------------------- +- Merge branch 'hotfix-2.3.45' [iglocska] +- New documentation left off. [iglocska] + + +v2.3.45 (2015-02-05) +-------------------- +- Merge branch 'hotfix-2.3.45' [iglocska] +- Version incremented. [iglocska] +- Removed the old documentation, fixes #378 and some small fixes. + [iglocska] + + - resolved an issue of warnings being generated when an event without attributes / relations gets XML exported. + - added new dump of the documentation + + +v2.3.44 (2015-02-04) +-------------------- +- Merge branch 'hotfix-2.3.44' [iglocska] +- Version incremented. [iglocska] +- Left off file in previous hotfix added. [iglocska] + + - added a file that was not pushed during the last hotfix + - some improvements to the XML export to lower memory usage + + +v2.3.43 (2015-02-03) +-------------------- +- Merge branch 'hotfix-2.3.43' [iglocska] +- Documentation fail fixes #384. [iglocska] + + +v2.3.42 (2015-02-03) +-------------------- +- Merge branch 'hotfix-2.3.42' [iglocska] +- Small change to the XML export. [iglocska] + + - won't write to file after all, simply keeps adding to a string in memory. Should still resolve the XML conversion taking up high amounts of memory issue. +- Various improvements to the exports. [iglocska] + + - Unified the way exports accept negated parameters + - Fixed the documentation + - Most exports are now restrictable by the event date (From/To parameters) + - none cached XML export now writes to file after converting each event, clearing the memory and resolving any potential memory issues + + +v2.3.41 (2015-02-02) +-------------------- +- Merge branch 'hotfix-2.3.41' [iglocska] +- Merging several pull requests and a few other changes. [iglocska] + + - Pull request by RichieB2B: CentOS 6 & 7 installation instructions + - Pull request by RichieB2B: STIX exports now include comments for indicators + - Pull request by RichieB2B: Issue fixed with md5 type attributes not generating observables correctly during a STIX export + - Password policy change-able by a site admin via a regex and a min char requirement. Old functionality assumed if not set. + - bug fixed with incorrect jobs being created appearing during a scheduled pull (designates a push) + - slight changes to the installation instructions + - database.default.php now uses localhost instead of 127.0.0.1 and the default MySQL port +- Merge branch 'RichieB2B-ncsc-nl/install-centos' into hotfix-2.3.41. + [iglocska] +- Added INSTALL files for CentOS. [Richard van den Berg] +- Merge branch 'RichieB2B-ncsc-nl/stix_indicator_comments' into + hotfix-2.3.41. [iglocska] +- Pretify some comments. [Richard van den Berg] +- Fixed typo. [Richard van den Berg] +- Fixed typo. [Richard van den Berg] +- Fix string assignments to StructuredText. [Richard van den Berg] +- Map most MISP attribute comments into STIX. [Richard van den Berg] +- Preserve indicator comments in STIX export. [Richard van den Berg] +- Merge branch 'RichieB2B-ncsc-nl/stix_md5_hash' into hotfix-2.3.41. + [iglocska] +- Export md5 hashes without file name in STIX. [Richard van den Berg] +- Fixed a bug with the way scheduled syncs are logged. [iglocska] +- Password complexity definable by admin. [iglocska] + + - administrators can use a regex and a length setting to define password requirements + - old behavior used if left untouched +- Merge branch 'hotfix-2.3.40' into develop. [iglocska] + + +v2.3.40 (2015-01-15) +-------------------- +- Merge branch 'hotfix-2.3.40' [iglocska] +- Fix to the new sync issues since 2.3.39, fixing #365. [iglocska] + + Incorrectly trying to look up authenticated user in the model fixed +- Merge branch 'hotfix-2.3.39' into develop. [iglocska] + + +v2.3.39 (2015-01-12) +-------------------- +- Merge branch 'hotfix-2.3.39' [iglocska] +- Fixes to the scheduled tasks and some documentation issues. [iglocska] + + - Scheduled pulls should work correctly now + - Scheduled pushes and pulls correctly display in the logs + - Scheduled caching correctly sets the next date of execution +- Merge branch 'hotfix-2.3.38' into develop. [iglocska] +- Merge branch 'hotfix-2.3.38' into develop. [iglocska] +- Merge branch 'hotfix-2.3.38' into develop. [iglocska] +- Merge branch 'hotfix-2.3.38' [iglocska] +- Copy pasta fail. [iglocska] +- Merge branch 'hotfix-2.3.38' [iglocska] +- Added missing view. [iglocska] +- Merge branch 'hotfix-2.3.38' [iglocska] +- Remote attribute deletion removed. [iglocska] + + - Deleting attributes on connected MISP instances can cause serious performance issues on multiple interconnected instnaces, temporarily removed + - Version number incremented +- Update to the automation page. [iglocska] + + - new parameters for the text export explained +- New way to download a single event. [iglocska] + + - The event export buttons have been unified into a single download as... button + - clicking it loads a popup with all of the export formats + - added snort, suricata, text dump to the export options + - added the option for an extra setting for some exports (such as including non IDS flagged attributes, encoding attachments) + - easily extendable system + + - moved the hidden popup divs into the general layout, can be easily reused anywhere + + - removed the auth refresh option that was re-enabled recently as it seems to sometimes cause issues + + - text exports now allow "all" to be specified as type, which will dump all attribute values that the user can see + - text exports now allow restricting the results based on event id +- Merge branch 'hotfix-2.3.37' into develop. [iglocska] + + +v2.3.37 (2014-12-12) +-------------------- +- Merge branch 'hotfix-2.3.37' [iglocska] +- Logging of admin emails and auth refresh. [iglocska] + + - admin emails now generate log entries + - authentication is refreshed on activity +- Merge branch 'hotfix-2.3.36' into develop. [iglocska] +- Merge branch 'hotfix-2.3.36' [iglocska] +- Fix to some event altering actions not updating the timestamp. + [iglocska] +- Merge branch 'hotfix-2.3.35' into develop. [iglocska] +- Merge branch 'hotfix-2.3.35' into develop. [iglocska] + + +v2.3.36 (2014-12-10) +-------------------- +- Merge branch 'hotfix-2.3.35' [iglocska] +- Small fix. [iglocska] + + +v2.3.35 (2014-12-10) +-------------------- +- Merge branch 'hotfix-2.3.35' [iglocska] +- Freetext import tool enhancement. [iglocska] + + - mass edit types where applicable + - ip-src/ip-dst type will create two attributes, one for each +- Merge branch 'hotfix-2.3.34' into develop. [iglocska] +- Merge branch 'hotfix-2.3.33' into develop. [iglocska] +- Elhoim and Prz care-package. [iglocska] + + Merge branch 'hotfix-2.3.34' +- Version number incremented. [iglocska] +- Changed the annoying click to view feature on each row on certain + index pages to double clicks. [iglocska] +- Admin contact user menu moved next to new/list user buttons, recipient + e-mails are now sorted alphabetically. [iglocska] +- Empty filter options were not that obvious to some users in the + event/user index filter popup. [iglocska] +- Long filename overlapping with malware button on attachment upload, + fixes #357. [iglocska] +- Attribute search now correctly searches attribute comments too for + contained expressions, fixes #342. [iglocska] +- Added tooltip for event ID in attribute search results, fixes #351. + [iglocska] +- Changed wording of warning message when entering a targeting type + attribute, fixes #355. [iglocska] + + +v2.3.34 (2014-12-05) +-------------------- +- Merge branch 'hotfix-2.3.33' [iglocska] +- STIX export now correctly uses a custom namespace instead of the + default "example", fixes #301. [iglocska] +- Merge branch 'hotfix-2.3.32' into develop. [iglocska] +- Merge branch 'hotfix-2.3.31' into develop. [iglocska] + + +v2.3.33 (2014-12-03) +-------------------- +- Merge branch 'hotfix-2.3.32' [iglocska] +- Fix to an issue with the markings in the STIX export. [iglocska] + + - xpath describing the current node and descendants is incorrect + + +v2.3.31 (2014-11-27) +-------------------- +- Merge branch 'hotfix-2.3.31' [iglocska] +- Version number incremented. [iglocska] +- Merge branch 'hotfix-2.3.31' [iglocska] +- Several issues fixed. [iglocska] + + - MYSQL.sql file now correctly includes the task entries + - GenerateCorrelation admin task is now a background job + - Organisation of events pulled now get the org in the server object as the owner instead of the one who initiates the pull + - Small fix to wrapping text in the pivot graph +- Merge branch 'hotfix-2.3.30' into develop. [iglocska] + + +v2.3.30 (2014-11-27) +-------------------- +- Merge branch 'hotfix-2.3.30' [iglocska] +- Some freetext import tweaks, fixes #330, fixes #334. [iglocska] + + - freetext import now optionally allows setting the comment field + - removing rows in the freetext import result redirects to the event view if all rows are gone +- Incorrect flash message on successfu freetext import fixed, fixes + #322. [iglocska] +- Confidence mapping changed to boolean in stix export, fixes #326. + [iglocska] +- Alternate event org display. [iglocska] + + - shows both orgc and org to normal users + - naming convention changed (orgc => source org, org => member org) + - this should allow users to see if an event was generated on their instance or not. + + +v2.3.29 (2014-11-20) +-------------------- +- Merge branch 'hotfix-2.3.29' [iglocska] +- Improvements to the attribute search. [iglocska] + + - case insensitivity + - tag searches + + also, generatecorrelation is now a background job +- Merge branch 'hotfix-2.3.28' into develop. [iglocska] +- Merge branch 'hotfix-2.3.27' into develop. [iglocska] + + +v2.3.28 (2014-11-19) +-------------------- +- Merge branch 'hotfix-2.3.28' [iglocska] +- Fix to the CSRF protection blocking a proposal add. [iglocska] + + +v2.3.27 (2014-11-14) +-------------------- +- Merge branch 'hotfix-2.3.27' [iglocska] +- Diagnostics check fails on PGP check if the server's key is a sign + only key. [iglocska] +- Merge branch 'hotfix-2.3.25' into develop. [iglocska] +- Merge branch 'hotfix-2.3.25' into develop. [iglocska] +- Merge branch 'hotfix-2.3.25' into develop. [iglocska] +- Merge branch 'hotfix-2.3.25' into develop. [iglocska] +- Merge branch 'hotfix-2.3.25' [iglocska] +- Further corner case fixed (shadow attribute to attribute, not event) + [iglocska] + + +v2.3.26 (2014-11-14) +-------------------- +- Merge branch 'hotfix-2.3.25' [iglocska] +- Comments also sanitized. [iglocska] +- Merge branch 'hotfix-2.3.25' [iglocska] +- Related events not correctly sanitized in the xml export. [iglocska] +- Merge branch 'hotfix-2.3.25' [iglocska] +- Added to the caching mechanism. [iglocska] + + +v2.3.25 (2014-11-14) +-------------------- +- Merge branch 'hotfix-2.3.25' [iglocska] +- Stronger escaping of special characters in the XML exports. [iglocska] +- Merge branch 'hotfix-2.3.24' into develop. [iglocska] +- Merge branch 'hotfix-2.3.23' into develop. [iglocska] +- Merge branch 'hotfix-2.3.24' [iglocska] + + +v2.3.24 (2014-11-12) +-------------------- +- Fix to an issue with the CSV export. [iglocska] + + - missing linebreak after header row added + - fixed an issue with quotes in the value field not being escaped properly + + +v2.3.23 (2014-11-05) +-------------------- +- Merge branch 'hotfix-2.3.23' [iglocska] +- Fixes issue with file attachments not being downloadable for users of + another org. [iglocska] +- Merge branch 'hotfix-2.3.22' into develop. [iglocska] +- Merge branch 'hotfix-2.3.22' into develop. [iglocska] +- Merge branch 'hotfix-2.3.22' [iglocska] +- Document referencing deprecated way of passing authkey in url. + [iglocska] + + +v2.3.22 (2014-11-03) +-------------------- +- Merge branch 'hotfix-2.3.22' [iglocska] +- Added flag to mimic the quickfilter of the event view to the API. + [iglocska] + + - search on any sub-string match in the event info, orgc, attribute value, attribute comment via the API +- Merge branch 'hotfix-2.3.21' into develop. [iglocska] + + +v2.3.21 (2014-10-31) +-------------------- +- Merge branch 'hotfix-2.3.21' [iglocska] +- Fix to the missing accept terms button. [iglocska] +- Merge branch 'hotfix-2.3.20' into develop. [iglocska] + + +v2.3.20 (2014-10-31) +-------------------- +- Merge branch 'hotfix-2.3.20' [iglocska] +- Version pushed. [iglocska] +- Quick filter tool, some further tweaks to the filters. [iglocska] + + - quick filter on the event index + - finds events with a sub-string match on event info, orgc, attribute value, attribute comment +- Added new functionality to the filters. [iglocska] + + - users can now search on attributes + - attribute search returns any event that has a a sub-string match on the entered attribute + - can also be used to negate (e.g: don't show me any events that have a sub-string match on any of its attributes) +- Merge branch 'hotfix-2.3.19' into develop. [iglocska] +- Merge branch 'hotfix-2.3.19' into develop. [iglocska] +- Merge branch 'hotfix-2.3.19' into develop. [iglocska] +- Merge branch 'hotfix-2.3.19' [iglocska] +- Left off from previous commit. [iglocska] +- Merge branch 'hotfix-2.3.19' [iglocska] +- Font change caused some misalignment. [iglocska] + + +v2.3.19 (2014-10-30) +-------------------- +- Merge branch 'hotfix-2.3.19' [iglocska] +- Version updated. [iglocska] +- Merge branch 'hotfix-2.3.19' [iglocska] +- Fix to the STIX export fixes #311 and a temporary fix to an OpenIOC + import issue. [iglocska] + + - STIX export had 2 issues as pointed out by RichieB2B: + - Incorrect name assigned to incidents due to copy-pasta fail + - Historyitems incorrectly handled + + - For the OpenIOC import: + - Mapping DnsEntryItem/Host to hostname + - Mapping of hostnames to Network activity failed due to incorrect capitalistion + - Temporarily removed the ignore function on certain indicators. Ignoring an element in an AND-ed branch happens without a pruning of the element IDs +- Merge branch 'hotfix-2.3.18' into develop. [iglocska] +- Merge branch 'hotfix-2.3.18' into develop. [iglocska] +- Merge branch 'hotfix-2.3.18' [iglocska] +- Small visual fix. [iglocska] + + +v2.3.18 (2014-10-29) +-------------------- +- Merge branch 'hotfix-2.3.18' [iglocska] +- File management added and various small changes. [iglocska] + + - Important! Logo images have now moved to a different location! Make sure that you update your settings! + - Site admins can now manage the uploaded image files and the terms of use file via the server settings interface + - add, link, delete files directly from the interface +- Merge branch 'hotfix-2.3.17' into develop. [iglocska] + + +v2.3.17 (2014-10-28) +-------------------- +- Merge branch 'hotfix-2.3.17' [iglocska] +- Update to the terms and conditions. [iglocska] + + - use terms file as before if nothing else specified + - specify a file in the app/files/terms directory via the server settings tool + - specify whether to show it inline or create a download link for users instead + - by default everything is the same as before, except that the MISP installation path is no longer exposed by a non-existing terms file +- Merge branch 'hotfix-2.3.16' into develop. [iglocska] +- Merge branch 'hotfix-2.3.16' into develop. [iglocska] +- Merge branch 'hotfix-2.3.14' into develop. [iglocska] +- Merge branch 'hotfix-2.3.16' [iglocska] +- Version number fixed. [iglocska] + + +v2.3.16 (2014-10-27) +-------------------- +- Merge branch 'hotfix-2.3.16' [iglocska] +- Made the version check exclusive to the diagnostics tab. [iglocska] + + +v2.3.15 (2014-10-27) +-------------------- +- Merge branch 'hotfix-2.3.15' [iglocska] +- Event attribute pagination is persistent through edits / deletes. + [iglocska] + + +v2.3.14 (2014-10-27) +-------------------- +- Merge branch 'hotfix-2.3.14' [iglocska] +- Version check tool added. [iglocska] + + - check the latest tag on github and compare it to the local version + - from here on all hotfix, minor, major releases should be tagged apropriately. +- Merge branch 'hotfix-2.3.13' into develop. [iglocska] +- Merge branch 'hotfix-2.3.13' [iglocska] +- Changing an attribute's field on the fly now requires a double click. + [iglocska] +- Merge branch 'hotfix-2.3.12' into develop. [iglocska] +- Merge branch 'hotfix-2.3.11' into develop. [iglocska] +- Merge branch 'hotfix-2.3.10' into develop. [iglocska] +- Merge branch 'hotfix-2.3.12' [iglocska] +- Fix to the capitalisation in the user index filter and fix to the + scripts tmp folder not being created on git clone. [iglocska] +- Merge branch 'hotfix-2.3.11' [iglocska] +- Added missing empty file. [iglocska] +- Merge branch 'hotfix-2.3.11' [iglocska] +- Further work on the manual, fix to the user filter. [iglocska] +- Work on the documentation and font change. [iglocska] + + - Adding all the new features to the documentation + - removed Robotolight from css to fix issues with chrome/firefox on Windows +- Merge branch 'hotfix-2.3.10' [iglocska] +- Fix to the GFI upload. [iglocska] +- Merge branch 'hotfix-2.3.10' [iglocska] +- Merge branch 'hotfix-2.3.9' into develop. [iglocska] +- Merge branch 'hotfix-2.3.9' into develop. [iglocska] +- Merge branch 'hotfix-2.3.9' into develop. [iglocska] +- Merge branch 'hotfix-2.3.9' [iglocska] +- Fix to the filters. [iglocska] +- Merge branch 'hotfix-2.3.9' [iglocska] +- Fix to the filters. [iglocska] +- Merge branch 'hotfix-2.3.9' [iglocska] +- Fix to the filter. [iglocska] +- Merge branch 'hotfix-2.3.9' [iglocska] +- Merge branch 'hotfix-2.3.8' into develop. [iglocska] +- Merge branch 'hotfix-2.3.8' [iglocska] +- Changes to the installation. [iglocska] +- Merge branch 'hotfix-2.3.7' into develop. [iglocska] +- Merge branch 'hotfix-2.3.7' [iglocska] +- Added missing comment about enabling the scheduler worker fixes #295. + [iglocska] +- Merge branch 'hotfix-2.3.6' into develop. [iglocska] +- Merge branch 'hotfix-2.3.6' into develop. [iglocska] +- Merge branch 'hotfix-2.3.6' [iglocska] +- Fixes to the proposal ajax mechanism for newer cakephp versions. + [iglocska] +- Merge branch 'hotfix-2.3.6' [iglocska] +- Copy pasta fail breaking the proposal accept button fixed, fixes #293. + [iglocska] +- Merge branch 'hotfix-2.3.5' into develop. [iglocska] +- Merge branch 'hotfix-2.3.5' [iglocska] +- Reverted switch to InnoDB for the events table for now, fixes #292. + [iglocska] + + - fulltext indexes are not supported on mysql < 5.6 for innodb, and the default version for the current ubuntu distribution seems to be 5.5 still + + Might revisit this in the future +- Merge branch 'hotfix-2.3.4' into develop. [iglocska] +- Merge branch 'hotfix-2.3.4' into develop. [iglocska] +- Merge branch 'hotfix-2.3.4' into develop. [iglocska] +- Merge branch 'hotfix-2.3.4' into develop. [iglocska] +- Merge branch 'hotfix-2.3.4' into develop. [iglocska] +- Merge branch 'hotfix-2.3.3' into develop. [iglocska] +- Merge branch 'hotfix-2.3.2' into develop. [iglocska] +- Merge branch 'hotfix-2.3.4' [iglocska] +- Further improvements to the freetext regex to remove unprintable + chars. [iglocska] +- Merge branch 'hotfix-2.3.4' [iglocska] +- Remove non printable characters from free text import. [iglocska] +- Merge branch 'hotfix-2.3.4' [iglocska] +- Better split on linebreaks for the freetext import. [iglocska] +- Merge branch 'hotfix-2.3.4' [iglocska] +- Fix to the previous patch. [iglocska] +- Merge branch 'hotfix-2.3.4' [iglocska] +- Fixes issues with the event filters. [iglocska] + + - tags not filtered correctly + - status bar showing current filters now shows actual strings for tags / analysis / distribution / threat level instead of the IDs +- Merge branch 'hotfix-2.3.3' [iglocska] +- Upgrade to the upgrade documentation to remove the old cache data. + [iglocska] +- Merge branch 'hotfix-2.3.2' [iglocska] +- CIDR now recognised by freetext import. [iglocska] +- Typo fail fixed. [iglocska] + + +v2.3.0 (2014-10-07) +------------------- +- Documentation changes. [iglocska] + + - also added the default templates +- Updates to the documentation. [iglocska] +- Incorrect script tmp directory checked in the health tool. [iglocska] +- Another change to the baseurl check. [iglocska] +- Update to the baseurl check in the health tool. [iglocska] + + - https was checked incorrectly before +- Small fix for the statistics. [iglocska] +- Update to the documentation. [iglocska] +- Change db engine to InnoDB. [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Updated documentation for new release. [Christophe Vandeplas] +- Removed unused column in the health tool. [iglocska] +- Performance improvements. [iglocska] + + - faster load time of the event view by not using Cake's Js generation +- Cleanup of the worker health tool. [iglocska] +- Moved the eventattributerow element back directly into eventattribute. + [iglocska] + + - Removed serious performance issue on large events +- Update to the event view, attribute rows still had parts of the old + forms in them hurting performance. [iglocska] +- UI redesign of the template and worker health. [iglocska] + + - UI of templates a bit clearer + - Worker health tool added to the server settings tool +- Error fixed in the url generation for the filter event index popover. + [iglocska] +- Incorrect naming fixed. [iglocska] +- Added the option to take ownership of an event uploaded via the Add + MISP XML button. [iglocska] + + - server setting has to be enabled to allow for this + - can cause issues if the event gets synchronised with an instance that has a different creator organisation for the same event + - it is recommended not to use this, but in some cases it can be very helpful - the setting for it in the configuration is called MISP.take_ownership_xml_import +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Merge branch 'hotfix-2.2.40' into develop. [iglocska] +- Copy pasta fail. [iglocska] +- Changes to CakeResque installation fixes #287. [iglocska] + + - CakeResque's installation instructions changed +- Merge branch 'hotfix-2.2.39' [iglocska] +- Merge branch 'hotfix-2.2.39' [iglocska] +- Merge branch 'hotfix-2.2.38' [iglocska] +- Updated .gitignore. [iglocska] +- Issue with the new csrf protection with the new ajax fields. + [iglocska] +- Some missing tests added. [iglocska] +- Merge branch 'feature/health' into develop. [iglocska] +- First small changes to the INSTALL.txt, more to follow before 2.3.0 is + ready. [iglocska] +- No feedback from the failed numeric test for incorrect server + settings. [iglocska] +- Download of the settings/diagnostics results implemented. [iglocska] + + - Should help with trouble shooting, administrators can now download a json file containing all the settings and issues shown by the tool. +- Added the new server settings to the menues. [iglocska] +- Several changes for the diagnostic tool. [iglocska] + + - Added extra diagnostic tools +- Default config.php added. [iglocska] +- Reworked the server settings for boolean settings and settings that + have a few options as values. [iglocska] + + - Toggles instead of free-text +- Cleanup, MISP health tool. [iglocska] + + - cleanup of a lot of deprecated settings + - tool to help assess and alter issues with the instance settings + - new mechanism to store settings +- Merge branch 'hotfix-2.2.39' into develop. [iglocska] +- Small fix to avoid repeated incorrect invalid messages after the first + failed check. [iglocska] +- Merge branch 'hotfix-2.2.39' into develop. [iglocska] +- Fix to the PGP key validation tool, fixes #284. [iglocska] +- Debug left in code. [iglocska] +- Changes to the exports, fixes #285. [iglocska] + + - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains + - New option in bootstrap to allow the cached XML export to also include the attachments + - CSV caching slightly rearranged, it's much more memory efficient now + - Some fixes to relatedevent orgs being shown even if showorg is disabled + - Added a new site admin action to generate several 3k events for load testing (slow) +- Pagination controls truncated for events with lots of attributes. + [iglocska] +- Slightly better looks for the tags on the index. [iglocska] +- Some minor changes to the event index. [iglocska] + + - Tags are now fully shown on the event index + - can be enabled via bootstrap (the Configure::write setting is in the bootstrap.default.php file) + - shorthand distribution names + - narrowed some of the fields down +- Several fixes including compatibility with the STIX to_xml() + performance fix. [iglocska] + + - STIX export performance greatly improved thanks to 84ce8d8be6376797053668d68e1b863713f008dd + - some junk removed + - fixed some minor pagination issues on the event view + - site admin dummy event creator now has target-* type attributes +- Merge branch 'hotfix-2.2.38' into develop. [iglocska] +- Fixed authored date format, closes #283. [iglocska] +- Merge branch 'hotfix-2.2.37' [iglocska] +- Import from OpenIOC now includes the original file as an attachment, + fixes #157. [iglocska] +- Added event distribution to alert e-mail, fixes #127. [iglocska] +- Publishing now immediately sets the event to published. A failed push + will keep the event published, but it will note that it failed in the + jobs / flash message. [iglocska] +- Merge branch 'hotfix-2.2.37' into develop. [iglocska] +- Fixed an incorrect check for the no PGP key warning condition + partially responsible for #271. [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge branch 'hotfix-2.2.35' [iglocska] +- Merge branch 'hotfix-2.2.35' [iglocska] +- Merge branch 'hotfix-2.2.36' [iglocska] +- Added the confirmation box div to all the pages that can have the + publish popup. [iglocska] +- Annoying css bug causing the menues that overlap with the filters not + to work. [iglocska] +- Added CVE to the freetext tool. [iglocska] +- CakePHP update. [iglocska] +- Show the number of events for each tag in the tag index. [iglocska] +- Small permission change. [iglocska] +- Index filtering made more generic, added to users. [iglocska] +- Added the option to export the event info field with each attribute in + the csv exports. [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Merge branch 'hotfix-2.2.36' into develop. [iglocska] + + Conflicts: + app/Controller/AppController.php +- Fixes authentication issues for some exports. [iglocska] + + - some exports did not allow users to authenticate via passing the auth key through the header +- Merge branch 'feature/proposalfix' into develop. [iglocska] +- Typo causing the pushed proposals to have an incorrect "old_id" field. + [iglocska] +- Publish button now loads a popover similar to the attribute delete + buttons. [iglocska] +- Failed e-mails don't break the proposal creation any longer. + [iglocska] +- Small tweak to the contributor field. [iglocska] + + - no need for a LIKE in the comparison, should make it slightly faster +- Fix to the push failing. [iglocska] +- MYSQL file left off. [iglocska] +- SQL scripts, some UI chnages. [iglocska] + + MYSQL.sql and upgrade_2.3.sql updated + Fixed incorrect proposal counts showing up due to attributes that are flagged for deletion also being counted + Added some extra fields to the view proposal view to make it more useful +- Same as the previous commit, only for the freetext import tool. + [iglocska] +- Various improvements with the way events are unpublished after + changes. [iglocska] + + - UI improvements, events appear unpublished after ajax queries that alter attributes + - Events get unpublished by the attribute replace tool and template population as they should +- Further work on the sync. [iglocska] + + - changed the pull implementation for proposals +- Merge branch 'hotfix-2.2.35' into feature/proposalfix. [iglocska] +- Merge branch 'hotfix-2.2.35' into feature/proposalfix. [iglocska] +- Publishing now also pushes proposals. [iglocska] + + This is especially important to push deleted proposals once a proposal has been accepted +- Merge branch 'feature/proposalfix' of https://github.com/MISP/MISP + into feature/proposalfix. [iglocska] +- Proposal package now correctly saved on the far end. [iglocska] +- Work on the proposal sync for push - from the sender's side. + [iglocska] +- More work on the sync fix. [iglocska] +- Further work on the sync fixes. [iglocska] +- Push now also only does a differential push. [iglocska] + + - send uuids of events to be pushed together with timestamps to the other instance + - other instance removes events that are already up to date or locally created from the array + - sends the remaining uuids back + - first instance initiates the push of events that were not filtered out +- Futher work on the proposal sync. [iglocska] +- Further changes. [iglocska] +- First round of fixes. [iglocska] +- Merge branch 'hotfix-2.2.35' into develop. [iglocska] +- Further work on the previous patch. [iglocska] +- Merge branch 'hotfix-2.2.35' into develop. [iglocska] +- Fix to the previous commit. [iglocska] +- Proposal validation now calls the Attribute validation method instead + of using the (incorrect) duplication in ShadowAttribute. [iglocska] +- Missing validation for http-method in Shadow-Attributes. [iglocska] +- Merge branch 'hotfix-2.2.34' [iglocska] +- Permission fix to the event filters. [iglocska] + + Users could only choose their own organisation in the org filter due to an overly restrictive filtering of the available options. Relaxed to all organisations that have an event that is visible to the user. +- Small fix to the proposal accept button and cakephp 2.4.8+ (related to + 3da49c9) [iglocska] +- View left off from previous commit. [iglocska] +- Reworking of the event filtering. [iglocska] +- Made thread title clickable in event discussions fixes #270. + [iglocska] +- Fixed an ajax issue with event discussions. [iglocska] + + - could not add posts via the event view + - related to 3da49c964bcb274049f94c130e93ad0bfef004ba +- Merge branch 'hotfix-2.2.34' into develop. [iglocska] +- Commas in CSV now escaped properly fixes #281. [iglocska] +- Update INSTALL.txt. [Alexandre Dulaunoy] + + Fix #252 +- Merge branch 'hotfix/export_suricata' [Christophe Vandeplas] +- Performance. [iglocska] +- Small performance improvement. [iglocska] + + The contributor field in the event view is evaluated based on proposal log entries from the log table affecting the current event. In order to improve performance, the LIKE check for the event ID is moved to the last argument in order to avoid parsing rows that could be ignored by the other arguments quicker. +- Updated cakephp. [iglocska] +- Fixed broken AJAX queries in MISP as a result to changes in cakephp + 2.4.8+ [iglocska] + + A change in cakephp version 2.4.8+ has resulted in ajax form submitions breaking. Reason for this was a change in the SecurityComponent taking the url specified in the form into account when generating the CSRF tokens. + + This is now fixed by embedding the correct url in the ajax forms. +- More missing tag, which the sync automatically filters out, but a manual export and import would fail on edits + + - added a conditional that removes the tag if an event is encapsulated in a request to the edit method +- Merge branch 'hotfix-2.2.26' [iglocska] +- Merge branch 'hotfix-2.2.26' into develop. [iglocska] +- Update to the installation instructions, fixes #257. [iglocska] +- Merge branch 'hotfix-2.2.25' [iglocska] +- Merge branch 'hotfix-2.2.25' into develop. [iglocska] +- Fixed an issue with an incorrect timestamp comparison for attributes, + allowing the update of an attribute with an older version. [iglocska] +- Merge branch 'hotfix-2.2.24' [iglocska] +- Merge branch 'features/ajaxification' into develop. [iglocska] +- Another small permission fix. [iglocska] +- Merge branch 'features/ajaxification' into develop. [iglocska] +- Nicer fix for the previous issue. [iglocska] + + - since checkboxes weren't working for site admins +- Merge branch 'features/ajaxification' into develop. [iglocska] +- Fix to site admins not being allowed to edit attributes. [iglocska] +- Merge branch 'features/ajaxification' into develop. [iglocska] +- Merge branch 'develop' into features/ajaxification. [iglocska] + + Conflicts: + app/View/Elements/img.ctp +- Merge branch 'hotfix-2.2.24' into develop. [iglocska] +- CSV export now includes date for each attribute, fixes #255. + [iglocska] +- Merge branch 'hotfix-2.2.23' [iglocska] +- Merge branch 'hotfix-2.2.23' into develop. [iglocska] +- Incorrect default timeout value fixed in core.php. [iglocska] +- Merge branch 'hotfix-2.2.22' [iglocska] +- Merge branch 'hotfix-2.2.22' into develop. [iglocska] +- Automation authentication via header fixes #254. [iglocska] + + - Authentication via headers was only allowed if _isRest() returned true + - this only happened for pages returning JSON or XML content + + - a new check, _isAutomation() was added that allows authentication via headers for certain methods used by the automation system +- Merge branch 'hotfix-2.2.21' [iglocska] +- Merge branch 'hotfix-2.2.21' into develop. [iglocska] + + Conflicts: + app/Controller/AttributesController.php +- Several fixes. Fixes #246 and fixes #248. [iglocska] + + - Exporting a JSON object erroneously included related objects which prevented the exported event from being added back to MISP via the API + + - Downloading search results as XML / CSV now correctly includes all of the search results instead of just the 60 visible ones on the UI (cut off by the pagination) + + - The tags parameter in the exports now correctly accepts null as a valid value even if it is the last parameter +- Merge branch 'hotfix-2.2.20' [iglocska] +- Merge branch 'hotfix-2.2.20' [iglocska] +- Merge branch 'hotfix-2.2.20' into develop. [iglocska] +- Missing parantheses. [iglocska] + + - fixed. +- Merge branch 'hotfix-2.2.20' into develop. [iglocska] +- GPGKey not showing up for admin/users/view. [iglocska] + + - incorrect conditional fixed +- Very large PGP keys would prevent users from logging in - fixes #142. + [iglocska] + + - removed the PGP key from the Auth user + + - PGP key of currently logged in user is looked up on demand and not stored in the session +- Fix to event REST add. [iglocska] + + - upgrade script broke adding events via the rest interface if they had an xml_version included + + - fixed, also, add now more flexible with directly adding events from an export encapsulated in a response tag +- Merge branch 'hotfix-2.2.19' [iglocska] +- Merge branch 'hotfix-2.2.19' into develop. [iglocska] +- Fixed an issue with IE9 not rendering the contributor image as a small + icon. [iglocska] +- Small changes to the UI to help with low resolutions. [iglocska] + + - side menu now becomes fixed if the resolution is too low to fit all menu elements + - fix to the logo resize script causing errors when on the login screen - due to it never being rendered. +- Fix to the csv export in the automation not allowing a full export + ignoring ids flags. [iglocska] +- Merge branch 'hotfix-2.2.18' into develop. [iglocska] +- Fix to the csv export's issue with exporting all events ignoring the + ids flag. [iglocska] +- Merge branch 'hotfix-2.2.18' into develop. [iglocska] +- Merge branch 'hotfix-2.2.17' [iglocska] +- Merge branch 'hotfix-2.2.17' into develop. [iglocska] +- Fix to the export issue with md5 / sha1 fixes #237. [iglocska] +- Merge branch 'feature/paramToPost' into develop. [iglocska] +- API improvements fixes #234. [iglocska] + + - events/restSearch, attributes/restSearch, events/xml, attributes/returnAttributes + + - users can now POST a search array in XML / json instead of sending the parameters in the url +- Cakephp update. [iglocska] +- Merge branch 'hotfix-2.2.16' [iglocska] +- Update to cakephp. [iglocska] +- Merge branch 'hotfix-2.2.16' into develop. [iglocska] +- RestSearch can now return a json (both attribute and event) fixes + #233. [iglocska] + + - also a whitelisting issue fixed + - tag search field not set now correctly returns all events regardless of tags +- Merge branch 'hotfix-2.2.15' [iglocska] +- Merge branch 'hotfix-2.2.15' into develop. [iglocska] +- Fixed text attribute exports not working with the auth key in the url. + [iglocska] + + - legacy attribute export was broken due to the text action in the attributescontroller not being allowed globally +- Merge branch 'hotfix-2.2.14' [iglocska] +- Merge branch 'hotfix-2.2.14' into develop. [iglocska] +- Event description in alert e-mail subject made optional, fixes #231. + [iglocska] +- Merge branch 'hotfix-2.2.13' [iglocska] +- Merge branch 'hotfix-2.2.13' [iglocska] +- Clearer disctinction between proposals that belong to an attribute and + proposals to an event. [iglocska] +- Ajaxification of the event page done also, replaced histogram in + memberslist. [iglocska] + + - AJAX requests now also respond with a small message at the bottom of the page, notifying the user of the result + - The following actions work now on the event page via ajax: + + 1. Add / remove tags + 2. quick edit any attribute field if eligible + 3. quickly create a proposal of any attribute field if not eligible to edit + 4. popover attribute creation (also works with batch add) + 5. popover proposal creation (also works with batch add) + 6. delete attributes + 7. accept/discard proposals + 8. mass edit / delete attributes + + Also, replaced the old memberslist, with a small lightweight css/js based one. +- Further work on the ajaxification. [iglocska] + + - mass deletes / mass edits + + - tagging now done via ajax + + - also, several small unrelated issues fixed +- Rework of the way the ajax editing works. [iglocska] + + - forms are now dynamically pulled onclick + - performance greatly enhanced + - solves the issues with the CSRF protection kicking in if the user edits a field after using the back button +- Next step in the ajaxification. [iglocska] + + - multiselect / multidelete + - some additional UI changes for the event view +- Next step in the ajaxification of the event view. [iglocska] + + - users can now edit all fields in an attribute whilst on the event page + + - issues left to fix: + - tag changes after an attribute change run into CSRF protection + - batch add not handled gracefully yet + - going back to the event view and editing a field gives users an error message over the CSRF protection - instead, silently check if the page is loaded in a dirty way and refresh the ajax fields silently + - quickadd of attributes still missing +- Next step in the ajaxification. [iglocska] +- Two missing view-elements from the previous commit added. [iglocska] +- First commit of the event view ajaxification. [iglocska] + + - pagination of the attribute index within the event view + - add attributes in a pop-up window + - instantly refresh attributes +- Merge branch 'hotfix-2.2.13' into develop. [iglocska] +- Missing user guide images added. [iglocska] +- Merge branch 'feature/alternate_search' into develop. [iglocska] +- Alternate search results. [iglocska] + + - Users can now elect to receive their attribute search results in the new alternative view + + - instead of receiving a list of attributes matching the search options, users are presented with a list of events that contain matching attributes + + - number of matches and a percentage of those matches being marked as indicators for IDSes are shown + + - the events are ordered by the percentage of IDS worthy attribute +- Merge branch 'hotfix-2.2.13' into develop. [iglocska] +- CSV exports have a new column: to_ids. [iglocska] + + - event level exports from the event view now export all attributes regardless of to_ids value + + - to_ids value now has its own column in the csv exports +- Distribution field in event view shortened. [iglocska] + + - now only shows the distribution level name + - the description is in the title of the field, hovering over it will show it +- Fix to comments not being synced. [iglocska] + + - attribute comments will now be correctly synced +- Merge branch 'hotfix-2.2.12' [iglocska] +- Small change to the new alert e-mail titles. [iglocska] + + - the event description in the subject shortened to 55 characters maximum. +- Merge branch 'patch-8' of https://github.com/Xen0ph0n/MISP into + hotfix-2.2.12. [iglocska] +- Remove Missing GPG flash if Unencrypted Email is enabled. [Chris + Clark] + + Adds a check for a true value in GnuPG.onlyencrypted and will only display the "No GPG Key Set in your Profile" message to the user if it is missing AND MISP is set to send only encrypted email. This way orgs not using GPG will not see the banner on every index view. +- Merge branch 'patch-7' of https://github.com/Xen0ph0n/MISP into + hotfix-2.2.12. [iglocska] +- Tweaks To Email Output. [Chris Clark] + + Small tweaks to email formatting to sync up with UI Changes.. also added event title to Subject (questionable if this is something desired globally as it would not be encrypted). +- Update to include starting the BG Workers. [Chris Clark] + + This is present in the upgrade.txt but not the install.txt. I'm not sure if this is the right location for noting this, but in the current version publishing events will not function w/out starting the BG workers. +- Merge branch 'hotfix-2.2.11' [iglocska] +- Added CSV to pages allowed to be visited without being logged in for + automation. [iglocska] + + - same as the other export formats +- Merge branch 'hotfix-2.2.11' [iglocska] +- CSV export changes. [iglocska] + + - It is now possible to restrict the CSV automation export by type / category + + - updated the automation page to describe how the syntax works + + - fixed an issue with line breaks not being sanitized for the CSV export +- Merge branch 'hotfix-2.2.10' [iglocska] +- Some cleanup. [iglocska] +- Merge branch 'hotfix-2.2.10' [iglocska] +- Updated cakephp. [iglocska] + + - includes the HttpSocket fix to CakePHP by cvandeplas +- Merge branch 'hotfix-2.2.9' [iglocska] +- Some UI changes and other minor changes. [iglocska] + + - images updated in user manual + + - fixed validation issues with named pipe (at the moment it's very loose) + + - Fixed an issue with shadow attriubutes not showing for events that have no attributes + + - some minor UI changes to make MISP a bit prettier +- Merge branch 'hotfix-2.2.9' [iglocska] +- Small animation for the MISP logo. [iglocska] +- User guide and UI changes. [iglocska] + + - first set of changes to the user guide, still missing updated images + + - some UI changes to make the looks a bit more appealing +- Merge branch 'hotfix-2.2.8' [iglocska] +- SHA256 based shadowattribute validation added. [iglocska] + + - it was missing before +- Merge branch 'hotfix-2.2.7' [iglocska] +- The list of contributors no longer show the logo of an org that hasn't + made a proposal. [iglocska] + + - Until now, organisations that have made any change to an event in the past (even including an admin running scripts that update the event) would flag an event as having an extra contributor + + - From now on, the Contributors field only shows orgs that have created proposals +- Merge branch 'hotfix-2.2.7' [iglocska] +- Fix to the xml automation export and various other changes. [iglocska] + + - xml export now correctly exports all attachments if specified as parameter + + - print view fixes + + - disclaimer for old IE versions (< 10) and compatibility mode users when viewing the statistics (The heatmap calendar requires 10+) +- Merge branch 'hotfix-2.2.7' [iglocska] +- Print view fixed for event view. [iglocska] +- Merge branch 'hotfix-2.2.6' [iglocska] +- Previous commit was incorrect, fixed. [iglocska] +- Merge branch 'hotfix-2.2.6' [iglocska] +- Fixed a bug that allowed read-only users to create an event. + [iglocska] +- Merge branch 'hotfix-2.2.6' [iglocska] +- Anonymising the e-mail addresses in discussions. [iglocska] + + - The email addresses were shown on the event view even if the post was made by a user of another org + - fixed +- Merge branch 'hotfix-2.2.6' [iglocska] +- Restricting the event log to show only proposals when selecting the + contributions of an org. [iglocska] + + - the event changes that a proposal creation creates are also logged (such as disarming the proposal email lock) -> this should not be shown in this log view. +- Merge branch 'hotfix-2.2.5' [iglocska] +- Incorrect method call. [iglocska] + + - updateXML was moved to the event model, but some calls still tried to call it within the EventsController +- Merge branch 'hotfix-2.2.4' fixes #220 and fixes #221. [iglocska] +- Incorrect check in the API when using the authkey in the URL. + [iglocska] + + - check lead to the user incorrectly being passed on after authentication, not returning any private data of their own organisation. + + - Also, publishing an event with the background jobs enabled now correctly shows that the job was added to the queue instead of telling the user that the event has been published. +- Incorrect branching code closing bracket. [iglocska] +- Xen0ph0n's patch updated according to his recommendation. [iglocska] + + - replace '.' in domain names, ip-src and ip-dst with '[.]' instead of '-' +- Merge pull request #217 from Xen0ph0n/patch-5. [iglocska] + + Code to defang URLs/Emails/Domains/IPs in Alerts +- Code to defang URLs/Emails/Domains/IPs in Alerts. [Chris Clark] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge branch 'hotfix/2.2.2' [Christophe Vandeplas] +- Correct unneeded $(echo $var) [Christophe Vandeplas] +- Merge branch 'hotfix-2.2.3' [iglocska] +- Fixes with the synchronisation. [iglocska] + + - background pulls fixed + - now correctly logs changes + - now correctly updates attributes +- Incremental pull and fixes to pulling shadow attributes. [iglocska] + + - during the event id pull, the local server already checks the timestamps, removing the ids of events that are not newer than the local version + - this results in only the event metadata being pulled for all events, and the attributes of only those events that need to be updated are pulled resulting in much quicker pulls + + - Fixed an issue with proposals that got pulled not finding the attribute that they are proposals to (for proposals that belong to an attribute) +- Merge branch 'hotfix-2.2.1' [iglocska] +- Changes to the tagging. [iglocska] + + - tags can now be set correctly for all events + - some UI changes to the tags + - moved the deletion of all event_tags when a tag gets deleted to beforefilter +- Merge branch 'hotfix-2.2.1' [iglocska] +- Deleting tags fixed. [iglocska] + + - now it correctly deletes tags + - also deletes all EventTags +- Merge branch 'hotfix-2.2.1' [iglocska] +- Update to the tag automation tag searches. [iglocska] + + - A colon in the tag search tag will render the tag search invalid. Since colons are commonly used in tag names, this poses an issue - users should use a semi-colon instead, which gets automatically converted to a colon. +- Fixing newlines in script. [Christophe Vandeplas] +- Merge branch 'develop' [iglocska] +- Merge branch 'develop' [iglocska] +- Minor corrections in the UPGRADE docu. [Christophe Vandeplas] +- Clean cache at upgrade. [Christophe Vandeplas] +- Merge branch 'develop' [iglocska] +- Merge branch 'develop' [iglocska] +- Merge branch 'develop' [iglocska] +- Merge branch 'develop' [iglocska] +- Merge branch 'develop' [iglocska] + + +v2.2.1 (2014-02-19) +------------------- +- Merge branch 'feature/sharing_groups' into develop. [Alexandru + Ciobanu] +- Save sharing group in EventsController::_add() [skip ci] - changed + JSON Sharing Group format to match other models. [Alexandru Ciobanu] +- Set user org based on new organisation field. Ensures backware + compatibility. [Alexandru Ciobanu] +- Add org back in views, but hidden. [Alexandru Ciobanu] +- Unique organisations and sharing groups - remove old org field from + views, still present in controllers since it'll break everything if + removed - show sharing groups in event view. [Alexandru Ciobanu] +- Sharing groups fixes [skip ci] - exports obey sharing group - + Organisation HABTM SharingGroup - event alerts and publishing + consider sharing group - users can download attachments only if in + correct sharing group - MISP bake template, to be used for new + scaffolds. [Alexandru Ciobanu] +- Adds share to specific server option [skip ci] [Alexandru Ciobanu] +- Enforce access limitations baased on sharing group. [Alexandru + Ciobanu] +- Adds Organisation and Sharing group CRUD [skip CI] - updates message + flashing with better color coding: red == error, yellow == + warning, green == success - updates schema to include organisation + and sharing_groups tables; - adds baked fixtures and test cases for + newly added models; [Alexandru Ciobanu] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [Alexandru Ciobanu] +- Adds initial sharing group structures [skip ci] [Alexandru Ciobanu] +- Fixing newlines in script. [Christophe Vandeplas] +- Minor corrections in the UPGRADE docu. [Christophe Vandeplas] +- Clean cache at upgrade. [Christophe Vandeplas] +- Added OpenIOC mapping for DnsEntryItem/RecordName fixes #210. + [iglocska] +- UI now correctly shows if self-signed certificates are allowed for a + link. [iglocska] +- Changes to uploading a ca file for a server link. [iglocska] + + - create folder if it doesn't exist + - correctly save file if edited +- Bug fixes. [iglocska] + + - issues with the way users were passed to the related event finder during a publish +- Update to the threatconnect import. [iglocska] + + - Threatconnect import now allows any valid threatconnect csv file to be imported as long as type, value, confidence, description and source are included +- Deprecated flag used to check it sync is enabled. [iglocska] + + - fixed, now correctly looking for MISP.sync +- Thread count now correctly displayed in the statistics. [iglocska] + + - Viewing an event without a discussion thread creates an empty thread in preparation of future posts - these empty threads should not count as active threads though. +- Fix to scrolling the heatmaps. [iglocska] + + - Scrolling would reset the organisation data -> fixed +- Small change in the installation description. [iglocska] + + - clearer description of the mysql import process +- Fixed some incorrect values in the MYSQL.sql file. [iglocska] +- Statistics changes. [iglocska] + + - remove actions such as login, logout, changepw + - fixed range so that a addinga a massive event doesn't make every other day seem less active +- Fix to the statistics page. [iglocska] + + - heatmap now fed the correct data +- Updated message for old browsers. [iglocska] +- Bug with the text export. [iglocska] +- Removal of obsolete stuff. [iglocska] + + - taking out the trash +- Some fixes to the automation and an updated manual. [iglocska] + + - made it easier to provide null values if the user would want to specify the n+1th parameter whilst leaving the nth on null +- Xml export now takes null in the eventid parameter as null. [iglocska] + + - also a debug method removed +- Changes to the installation instructions. [iglocska] + + - some changes also to the scripts + - replaced old scripts with newer versions (jquery, d3) + - Some updates to the manual (still needs more work) +- Updated link in gitmodules to cake-resque. [iglocska] +- Check if column exists in mysql upgrade script. [iglocska] + + - if a column already exists, don't try to add it + - if the key of a value exists, don't insert it +- Fixed various things. [iglocska] + + - logging of event publishing enabled for background jobs + - disabled a gpg debug mode that was enabled by accident + - better feedback for publishing +- Merge branch 'feature/test' of https://github.com/MISP/MISP into + feature/test. [iglocska] +- Small fix to the upgrade script. [iglocska] + + - location of the upgrade sql script fixed +- Various changes. [iglocska] + + - regexp structural changes added to the upgrade script (type) + - Added publish / alert to the background jobs + - fixed a misalignment with the statistics +- Fix to issues with the install script. [iglocska] + + - no more relative jumps in the script + - moved the cakephp include directory to fix background worker issues +- Engrish. [iglocska] +- Further work on the install script. [iglocska] +- Updated paths for the console and test. [iglocska] +- Left off line that executes mysql query from the script. [iglocska] +- Cosmetic change to the upgrade script. [iglocska] +- Database update added to upgrade script. [iglocska] +- More fine tuning to the scripts. [iglocska] +- Removed deleted plugin references from default bootstrap file. + [iglocska] +- Changed previous commit. [iglocska] +- More work on the scripts. [iglocska] +- Fix to the upgrade scripts. [iglocska] +- Upgrade shell scripts. [iglocska] +- Integration of plugins / cake core into MISP as submodules. [iglocska] + + - easier installation script + - the goal is to reduce the procedure to a few steps +- Further work on the upgrade scripts / description. [iglocska] +- Bug with the exports. [iglocska] + + - only events that could be seen were checked when calculating whether the user's org needs to recache the exports. This meant that the information was incorrect if another org has a visible event that was newer. +- Typo fixed. [iglocska] +- Added structure for export folders. [iglocska] + + - previously not added because git ignores empty directories +- Update to gitignore. [iglocska] +- Merge branch 'feature/test' of https://github.com/MISP/MISP into + feature/test. [iglocska] +- Added threat level id-s for the event table to the upgrade script. + [iglocska] +- Small fixes. [iglocska] +- CakeResque inclusion. [iglocska] +- Update to the default bootstrap file for 2.2. [iglocska] +- Updated the schema file. [iglocska] +- Removed unused Model file from an old version of the pivots. + [iglocska] +- New upgrade scripts and more. [iglocska] + + - MYSQL.sql updated + - upgrade_2.2.sql updated + + - List of active proposals for you and your organisation now shows the org logos of the contributing organisations +- Changed name of Populate from IOC to OpenIOC fixes #154. [iglocska] +- Visual changes to the attribute list / search Fixes #162. [iglocska] + + - org shown for each attribute + - performance improvement (only necessary fields loaded for the event) +- Mass replace replace of the old CyDefSig name to MISP - fixes #82. + [iglocska] +- Bruteforce logging. [iglocska] + + - if a user becomes blacklisted, the system will log it. Fixes #206 +- Various changes. [iglocska] + + - contributors shown on the event view (list of the organisation logos of users that have contributed through proposals) + - these link to the event history containing only entries from their organisation + + - changes to the activity heatmap + - heatmap now dynamically changes the range on the graph based on the obtained values + - performance improved + - buttons to move back or forward in time on the calendar + + - Attributes: + - warning for the user if he/she has selected the attribute category "targeting-data" or "attribution" as these could contain classified information + - UI improvements across most attribute and shadowattribute input views + + - Updated cal-heatmap to the newest version +- CSV added to tag searches. [iglocska] + + - also, fixed an issue where an incorrect tag search would return all possible IDs that are visible to the user +- Several changes in one (xml version, tag filters for exports) + [iglocska] + + - xml version now included in the xml exports + - MISP will now check the xml version on all imports related to sync / add MISP XML and try to update the incoming info if it detects an older version + + - exports now take tag names as a parameter (affected exports: XML, text, HIDS, NIDS) + + - eventtags now correctly get removed when an event is deleted +- Changes to the logging and scheduling. [iglocska] + + - Scheduled tasks for pull / push now working as intended + - Rescheduling of all tasks fixed + - protection against the rescheduled task ending up in the past + + - further event history fixes + - fixed lots of erroneous logging + - performance improvement with logging (no longer loading controllers for no reason) + - logging extra actions that weren't logged before (proposal accept / discard, server pull / push) +- Changes to the log system. [iglocska] + + - View Event history now shows the logo of the org whose action triggered the log entry + - View Event History now shows different fields than before + - Proposals now logged + - Accepting / Discarding a proposal now doesn't create junk edit / delete entries as before. + - Creators of an event can now see all of the log entries altering an event in the event history log. This includes deleted events. +- Incorrect argument passed to cache generation. [iglocska] +- Org admins should be able to delete / edit their own server links. + [iglocska] +- Permission issue with delete servers. [iglocska] + + - fixed a bug that prevented the deletion of sync links +- Fixes to the tagging. [iglocska] + + - made menu options invisible for non tagging permission users that requires the permission + - colour picker added to edit (was only enabled on add) +- Tagging system. [iglocska] + + - new special role for tagging + - can create tags with a name + colour combination (using a colour picker plugin) + - users can assign tags to events + - can filter events by tags on the index +- New permission. [iglocska] + + - tagger: a user that can create / edit / delete the list of tags that is usable for events +- Changes to the sync action pages. [iglocska] + + - fixed access control + - any admin can now encode new servers. Org admins can pull/push for their own instances. + + - Upload certificates during an edit +- Threat level changes. [iglocska] + + - upgrade script that populates threat level from the old risk field for every event that doesn't have a threat level set. + - threat levels in an event (from a sync for example) that are unknown to the local instance now show the numeric value of the threat level +- Changes to the admin methods. [iglocska] + + - cleaned up the methods, they all now return results without debug mode enabled + - Added a verification method for all user GPG keys (as an expired key for example would send out empty messages) +- Changes to the misc admin functions. [iglocska] + + - cleaned them up a bit, views for results + - removed query() and replaced it with CakePHP find() +- Changes to the automation. [iglocska] + + - authorization key should be sent through headers. + - passing it in the url is deprecated + - updated automation page to reflect the changes + + - csv export now has headers +- Roles correctly visible to users. [iglocska] + + - users can now check what each role group grants in terms of permissions + - users cannot see a non-working add user / list users button +- Accepting / Discarding Proposals changed to POST only. [iglocska] + + - it is not possible to discard / accept a proposal with a GET request anymore +- SSL certificate changes. [iglocska] + + - you can now upload a certificate file and allow a server link to use a provided self signed certificate. This should solve the issues that some organisations are having when trying to connect their instances +- Small change to CVE notation fixes #186. [iglocska] +- Cosmetic changes. [iglocska] + + - Valid renamed to Published on the event index + - Attributes that are flagged as IDS signatures are now shown with a (IDS) notation at the end of the line in the alert e-mail +- Merge branch 'feature/test_attribute_date' into feature/test. + [iglocska] +- Some minor changes and fix to a vulnerability. [iglocska] + + - fix to the creator of a proposal being able to also accept it + - new attributes are now shown in the e-mail denoted by a * when an event is republished + - the date of an attribute's creation is shown +- Changes to the attributes. [iglocska] + + - attributes in the event view now show the date when they were added / modified + + - the alert e-mail now shows which attributes are new since the last commit +- Small fix to the date filter. [iglocska] + + - fixed the datefilter to be inclusive of the border values. Entering all events from the 13th of january should include events that were created on that day, not just the 14th and newer. +- Some changes from master branch. [iglocska] + + - regexp default list + - GFI improvements (removed a lot of junk imports, distribution taken from the event) +- File left off from previous commit. [iglocska] +- Proposal changes. [iglocska] + + - anyone can see proposals that can see an event + - fixed a vulnerability where a user could add a proposal to an event blindly that he couldn't see +- Some security fixes. [iglocska] +- Some minor changes. [iglocska] + + - Statistics page has gotten a lot of extra information + - Removed some old junk files + - Made the size of the graph in the memberslist larger to fit all the new attribute types +- Left off files added. [iglocska] + + -Missing view file for statistics + -Added includes needed for the heatmaps (using http://kamisama.github.io/cal-heatmap) +- Error When Exporting as IOC if not Site Admin. [Chris Clark] + + This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin. +- Tweak to allow IOC Export of events you don't own but are shared + Conflicts: app/Controller/Component/IOCExportComponent.php. [Chris + Clark] +- Added Attribute Category and Types to Track Targeting Data. [Chris + Clark] +- First version of the new statistics page. [iglocska] + + - shows a heatmap of user activity based on the logs + - can show it for all users or for users of a specific org +- Bug fixes. [iglocska] + + - Fix to some of the exports not working in legacy (non background-job) mode + - Issue also occured while using automation +- Fixed vulnerability. [iglocska] + + - Persistent XSS through the thread title fixed +- Serious bug with the discussion boards. [iglocska] + + - A malformed [Thread][/Thread] tag can lead to an infinite loop on the event / thread view. Fixed. +- Some small fixes. [iglocska] + + - Corrected some weak notifications on background jobs + - Changed the view slightly to view background jobs + - fixed an issue where editing a sync server setting would cause an error due to the id not being passed to the logging plugin +- Fix of a new pagination rule overwriting the rest allowing users to + see more than they should. [iglocska] +- Merge branch 'feature/CakeResque' into feature/test. [iglocska] +- Several features. [iglocska] + + - Sync for background jobs (pull + push) + - more e-mailing delegated to background jobs + - A bunch of bug fixes and minor changes +- Work on the background job and the proposals. [iglocska] + + - Proposals now get synced on pull + - several bug fixes + - new startup script for the background workers +- Small change to the tasks index. [iglocska] + + - removed script that after changes was basically a copy of another one +- More work on the background jobs. [iglocska] + + - added scheduler to the export caching + - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed. +- Further work on the background jobs. [iglocska] + + - started work on scheduling + - view to add scheduled tasks (still needs work) + - moved cache job bulk-code to the job model from the controller + - bootstrap timepicker +- Further work on the scheduled tasks. [iglocska] + + - Also some changes left off from the previous commit +- Preparing for the scheduled tasks. [iglocska] + + - incorporated cidr from develop + - some other improvements to the background jobs +- Proposal changes Fixes #192. [iglocska] + + - Contextual comments for proposals + - shows proposal count in the top bar + - new view showing all of the events of the user's organisation with an active proposal +- Further work on the background jobs. [iglocska] + + - contact reporter now moved to the model + - backround job not implemented for it yet +- Merge branch 'develop' into feature/CakeResque. [iglocska] + + Also, more work on the background jobs + - started work on publishing + - started making the background jobs an optional setting in bootstrap + + Conflicts: + app/Controller/AppController.php + app/Controller/EventsController.php +- Next version of exports done. [iglocska] +- Further work on the exports. [iglocska] +- Most of the export caching done. [iglocska] + + - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib +- More work on the background jobs. [iglocska] + + - Started work on the exports +- Removed debugkit. [iglocska] +- Merge branch 'develop' into feature/CakeResque. [iglocska] + + - develop and the first CakeResque implementation merged + + Conflicts: + app/View/Layouts/default.ctp +- :q. [iglocska] +- Revert "Merge branch 'master' into develop" [iglocska] + + This reverts commit fbe2eddc7ac1cc6038196d4b1c497fe84eee532e, reversing + changes made to b59965b971aa8216b3fa65e9dd8881be74a4a0a5. +- Merge branch 'master' into develop. [iglocska] + + Conflicts: + INSTALL/MYSQL.sql + app/Controller/EventsController.php + app/Model/Attribute.php +- Merge pull request #199 from Xen0ph0n/patch-3. [iglocska] + + Issue Exporting Events as IOC's when not SiteAdmin +- Tweak to allow IOC Export of events you don't own but are shared. + [Chris Clark] +- Merge pull request #1 from Xen0ph0n/patch-2. [Chris Clark] + + Error When Exporting as IOC if not Site Admin +- Error When Exporting as IOC if not Site Admin. [Chris Clark] + + Fixed Syntax error if not site admin.. also fix in event component which was comparing wrong values to establish ownership of event +- Error When Exporting as IOC if not Site Admin. [Chris Clark] + + This was comparing the wrong value to the event org to determine org membership and thus $isMyEvent value for privileges for export of IOCs if not a site admin. +- Merge branch 'hotfix-2.1.33' [iglocska] +- Few minor tweaks. [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge pull request #197 from Xen0ph0n/master. [iglocska] + + Update to allow clean entry of Whitelist Items +- Update to allow clean entry of Whitelist Items. [Chris Clark] + + Updated this along with whitelist.php to allow for simple entry of names in the whitelist, this file will allow proper application of those blocked names to exported NIDS sigs. +- Update to allow clean entry of Whitelist Items. [Chris Clark] + + Added non alpha delimiters hardcoded so no preg_match errors and entries in whitelist can be human redable w/out extra leading and trailing chars. +- Merge branch 'hotfix-2.1.33' [iglocska] +- Update to the GFI import. [iglocska] + + - fixed an issue where a blacklisted value added through uloadattachments would break the import + + - fixed the distribution level of attributes created by the GFI import always being your org only + + - removed registry attributes that do not contain a malware sample or a dropped file in the value + + - fixed a set of regular expressions dealing with the sanitisation of user names that would fail on user names consisting of more than one word + + - added a few regular expressions +- Merge branch 'hotfix-2.1.32' [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge pull request #195 from Xen0ph0n/patch-1. [iglocska] + + Capitalized Home in global menu... it was killing my OCD. +- Capitalized Home ... it was killing my OCD. [Chris Clark] +- Merge branch 'hotfix-2.1.32' [iglocska] +- Merge branch 'hotfix-2.1.31' [iglocska] +- Added explanation for CIDR searches to the automation page. [iglocska] +- Merge branch 'hotfix-2.1.32' into develop. [iglocska] + + - Also, added CIDR to rest searches. Make sure you use the following format: + + a.b.c.d|e + + Conflicts: + app/Controller/AttributesController.php +- Fix for incorrect values returned through CIDR search. [iglocska] +- CIDR searches fixes #190. [iglocska] + + - possible to use CIDR when searching attributes +- Call the TAXII client if it's enabled in configuration. [Alexandru + Ciobanu] +- Fixed validation on Event::_add() Try atomic save for events Add + threat level to JSON sample. [Alexandru Ciobanu] +- Replace Risk with ThreatLevel [skip ci] - Event.risk has been + replaced by Event.threat_level_id. all functionality remains the + same and users should not see any difference. ENUM() used + for Event.risk is vendor specific and requires too many hacks to + play nicely with bake. - Added default schema file, SQL dumps + should be avoided since they make updating/upgrading a pain. + - Removed old unused schemas. [Alexandru Ciobanu] +- Basic JSON API CRUD [ci skip] - adds JSON example to shell scripts + - adds sample JSON event - ??? for some redundant Attribute model + conditions - updates travis with CakePHP installation. [Alexandru + Ciobanu] +- Display footer notice of missing PGP/GPG key. [Alexandru Ciobanu] +- PHP 5.4 E_STRICT fix. [Alexandru Ciobanu] +- Initial JSON REST. [Alexandru Ciobanu] + + Some small travins changes too. + FYI there's an automated travis build available at + https://travis-ci.org/MISP/MISP + We don't have unit testing and travis setup is subpar so everything will fail + for now. +- Merge branch 'hotfix-2.1.31' into develop. [iglocska] +- Fix to users with auth key access not being able to reset their + authkey. [iglocska] +- Merge branch 'hotfix-2.1.30' [iglocska] +- First kick at Travis. [Alexandru Ciobanu] +- Post merge changes. [iglocska] + + - some changes to remove strict messages caused by an update to cakephp + + - added missing changes to the sql files - all changes from the merge are reflected in ROLECHANGE.sql, import that to upgrade your instance! +- Merge branch 'feature/discussion' into develop. [iglocska] +- Update to the discussions. [iglocska] + + - Moved the menues out of the views to the common menu element +- Some minor changes. [iglocska] + + - Contextual comments added to all imports (GFI, ThreatConnect, OpenIOC) + + - Some minor fixes to OpenIOC exports and linebreaks in attributes +- Contextual comments. [iglocska] + + - Attributes now have a comment field +- Renamed the .sql file used to upgrade. [iglocska] +- Merge remote-tracking branch 'origin/feature/XML_and_UI' into + feature/discussion. [iglocska] + + - Also some improvements to the shadow attributes + + - some minor UI changes + + Conflicts: + app/Controller/EventsController.php + app/View/Elements/global_menu.ctp + app/View/Layouts/default.ctp +- Small changes after merging the two feature branches. [iglocska] + + - Update to the representation of the new permission flags + + - some small issues with the merge resolved +- Files left off added. [iglocska] +- Merge branch 'feature/roleChanges' into feature/XML_and_UI. [iglocska] + + Conflicts: + app/Controller/UsersController.php + app/View/Regexp/admin_add.ctp + app/View/Regexp/admin_edit.ctp + app/View/Regexp/admin_index.ctp + app/View/Roles/admin_add.ctp + app/View/Servers/add.ctp + app/View/Servers/edit.ctp + app/View/Servers/index.ctp + app/View/Servers/pull.ctp + app/View/Servers/push.ctp +- First rework of the siteadmin role. [iglocska] + + - ADMIN org removed. + + - Siteadmins are now identified by the perm_site_admin flag + + - Siteadmins can now be of any organisation + + - editing the regexp / whitelist rules can now be done by a special user with the perm_regexp_access in his/her role + + - Executing a mass replace of attribute values based on the regexp rules cannot be initiated by a regexp/whitelist user, only by a site admin + + - If the login page is reached without any users / roles defined they are automatically created (perviously it was only the user that was created) + + - Org admins are restricted from assigning perm_site_admin, perm_sync and perm_regexp_access roles to users. This can only be done by a site admin. +- Few more changes. [iglocska] + + - some views didn't have the menu element yet +- Further work on the UI. [iglocska] + + - reworked almost all of the side menues to be centralised + + - Some fixes for the IOC export not handling two new-ish types correctly + + - Some changes to the menues (including a few options that didn't exist before) + + - rework of the popovers in some forms +- Merge branch 'develop' into feature/XML_and_UI. [iglocska] +- First revision of the unified menu and XML upload. [iglocska] + + - centalising the side menu for easier maintainability + + - XML upload of event(s) from the interactive interface +- More changes to the discussion boards. [iglocska] + + - quote / event tags + + - anonymised e-mail addresses +- Merge branch 'develop' into feature/discussion. [iglocska] + + - Pivots, attributes, discussions hideable + + Conflicts: + app/Controller/EventsController.php + app/webroot/css/main.css +- SQL template changes. [iglocska] +- Thread creation if it doesn't exist for an event. [iglocska] +- AJAX upgrade to the discussion board. [iglocska] + + - Quickpost without reloading the page with AJAX + + - for page changes / adding posts show an animated spinner + + - spinner div / styles available from every page (the div is located in the default layout and is hidden unless manually shown) +- Discussions. [iglocska] + + - fully working version + - some improvements still possible (hiding discussion on demand, add/edit with ajax) +- Discussion boards. [iglocska] + + - First fully working version + - Create threads or create a thread attached to an event + - Add posts to threads / edit them / delete them +- First version of the event discussion UI. [iglocska] +- Merge branch 'hotfix-2.1.30' into develop. [iglocska] +- Fix to an issue that prevented attachments being uploaded with invalid + category choices when the malware checkbox was ticked. [iglocska] + + - re-introduced the removed check for valid category / type combinations based on the checkbox and the chosen category +- Merge branch 'hotfix-2.1.29' [iglocska] +- Merge branch 'hotfix-2.1.29' into develop. [iglocska] +- Loosened the filename validation on attachments. [iglocska] + + - filenames without extensions were blocked for example +- Merge branch 'hotfix-2.1.28' [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Merge branch 'hotfix/docu' [Christophe Vandeplas] +- Merge branch 'hotfix-2.1.28' [iglocska] +- Merge branch 'hotfix-2.1.28' into develop. [iglocska] +- Linebreaks shown in list attributes. [iglocska] +- Merge branch 'hotfix-2.1.28' into develop. [iglocska] +- Line breaks not shown in attribute values. [iglocska] +- Merge branch 'hotfix/docu' into develop. [Christophe Vandeplas] +- Quickstart in docu. [Christophe Vandeplas] +- Merge branch 'hotfix-2.1.27' [iglocska] +- Merge branch 'hotfix-2.1.27' into develop. [iglocska] +- Small cosmetic fix. [iglocska] + + - fixed a cosmetic issue with 3+ digit ID numbers, an event info with wide characters can cause the pivot element to flow over into a second row. +- Merge branch 'hotfix-2.1.26' [iglocska] +- Quick fix for the export changes. [iglocska] + + - pass by references on method calls removed +- Merge branch 'feature/IDSsuri' into develop. [Christophe Vandeplas] +- Snort export, updated urls, new url is backwards compatible. + [Christophe Vandeplas] +- NIDS - fixes issue from last commit. [Christophe Vandeplas] +- NIDS - substitute illegal chars, improved some rules. [Christophe + Vandeplas] +- Performance improvements in email and dns. rule for user agent. + [Christophe Vandeplas] +- Improvements in the email NIDS rules. [Christophe Vandeplas] +- Improved smtp rules. [Christophe Vandeplas] +- Start of different structure for multiple rule-formats. [Christophe + Vandeplas] +- Merge branch 'hotfix-2.1.26' into develop. [iglocska] + + Conflicts: + app/Controller/AttributesController.php +- UI fixes. [iglocska] + + - popover effect in IE/Chrome not as annoying anymore + - only the active select will have a popover, clicking away destroys it + + - Added popovers to the add attachments instead of the old info fields +- Merge branch 'hotfix-2.1.25' [iglocska] +- Small fix to the layout. [iglocska] + + - left menu would move along horizontally when forced to scroll left and right on lower resolution screens / smaller windows + + - small script that keeps the left menu at the left edge of the page as opposed to the left edge of the window +- Merge branch 'hotfix-2.1.24' [iglocska] +- Change to the attribute download method. [iglocska] + + - Permissions weren't checked correctly when downloading attachments +- Merge branch 'hotfix-2.1.23' [iglocska] +- Merge branch 'feature/searchapi' into develop. [iglocska] +- Some permission issues with restSearch of an event. [iglocska] + + - __fetchEvent used, which checked the currently logged in user + + - instead now, __fetchEvent has a new optional parameter that automation methods can use to pass the org along that was read from the provided auth key +- Merge branch 'feature/searchapi' into develop. [iglocska] +- Fix to the conditions when doing a restsearch. [iglocska] + + - Was always searching for 'value' due to a bug. Fixed. +- Merge branch 'feature/searchapi' into develop. [iglocska] +- Update to the automation description. [iglocska] + + - Syntax description for the new features +- Merge branch 'feature/searchapi' into develop. [iglocska] +- First release of the new API features. [iglocska] +- Security fix and new download attachment feature. [iglocska] + + - users can now download attachments using the APIkey + + - security issue fixed where a user could download attachments that he/she can't even see by navigating to attributes/download/ +- First round of implementations for the new API searches. [iglocska] + + - users can search RESTfully for attributes based on various filtering mechanisms and get either an event that includes the located attribute(s) or just an array of attributes returned. + + - users can also request all attributes of a (or several) types and get them returned as an XML +- First version of the api search. [iglocska] + + - requires the auth key of a user and the user has to have auth key permission + + - user can specify what should be returned (event / attribute) - currently only event is implemented + + - user can specify 4 filters (value, type, category, org) + + - all these fields can have several values separated by && + + - Values can be negated by putting "!" infront of them +- Merge branch 'hotfix-2.1.23' into develop. [iglocska] +- Fix to the download of attribute search results as XML. [iglocska] + + - now uses the unified __fetchEvent method to retrieve the events + + - __fetchEvent has a new optional parameter "idList" which restricts the results to an array of event IDs. +- Merge branch 'hotfix-2.1.22' [iglocska] +- Merge branch 'hotfix-2.1.22' into develop. [iglocska] +- Fix to the exports not working since the new pivoting. [iglocska] + + - Helper echoed a blank line, breaking the xml export + + - Helper will now only be called during view when it's not a rest request. +- Merge branch 'hotfix-2.1.21' [iglocska] +- Merge branch 'hotfix-2.1.21' [iglocska] +- Merge branch 'hotfix-2.1.21' into develop. [iglocska] +- Accidental debug removed. [iglocska] +- Merge branch 'hotfix-2.1.21' into develop. [iglocska] +- Change to the proposal list. [iglocska] + + - removed own proposals from the list + - allowing site admin to see all proposals of any org +- Merge branch 'hotfix-2.1.19' [iglocska] +- Merge branch 'hotfix-2.1.19' [iglocska] +- Merge branch 'hotfix-2.1.19' [iglocska] +- Merge branch 'hotfix-2.1.20' [iglocska] +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Debug info removed. [iglocska] +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Previous commit fixed. [iglocska] +- Merge branch 'hotfix-2.1.20' into hotfix-2.1.19. [iglocska] +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Fixed a case that could cause overlapping pivot elements to appear. + [iglocska] + + - The height calculation did not take into account gaps between child elements caused by them having several children. This caused a newly added sibling's children to overlap. Fixed by compensating for the vertical displacement between children when returning the height data. +- Merge branch 'hotfix-2.1.20' into develop. [iglocska] +- Fix to the related attributes. [iglocska] + + - related atributes were flowing into the next field if there were too many to fit the 5% width + + - hovering over a related attribute caused a misaligned tooltip to appear and block the link itself on IE +- Merge branch 'hotfix-2.1.19' [iglocska] +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Delete button gone from pivot elements that should not be deleted. + [iglocska] + + - When looking at an event, a user should not be able to delete the pivot path that he/she took to get to that particular event. + + - Deleting the root pivot item is an exception, this will simply reset the pivoting. +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Height adjustment was not cummulative. [iglocska] + + - inserting a branch to a previous sibling only pushed the next sibling down a line, not the following one. Fixed. +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Fix to removing the root element causing issues with pivoting. + [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Typo fixed (missing comma) between 2 attributes. [Alexandre Dulaunoy] +- New attributes added to the shadow attributes. [Alexandre Dulaunoy] + + sha256, http-method, named-pipe and mutex added to the + shadow attributes. Fixing #170 + + This is not solving the core issue of having duplicate + attributes declaration in MISP but this is fixing the + consistency issue between attributes and shadow attributes. +- Merge branch 'hotfix-2.1.19' into develop. [iglocska] +- Finished the first version of the new pivoting. [iglocska] + + - Users can go back to a previous event and branch the pivoting by choosing a new relation + + - users can remove individual pivoted branches +- Further work on the pivoting. [iglocska] + + - still has some issues with arranging the height for some branching +- Heights / depths calculated for rearranging the pivot thread in view. + [iglocska] + + - The idea is to draw a horizontal path instead of a vertical one +- First refactoring of the pivoting. [iglocska] +- Merge branch 'hotfix-2.1.18' [iglocska] +- Merge branch 'hotfix-2.1.18' [iglocska] +- Merge branch 'hotfix-2.1.18' [iglocska] +- Merge branch 'hotfix/2.1.18' [Christophe Vandeplas] +- Merge branch 'hotfix-2.1.18' into develop. [iglocska] +- Deleting attributes deletes associated shadow attributes. [iglocska] + + There was a bug causing "zombie" shadowattributes to stay in events if the attribute has been deleted +- Merge branch 'hotfix-2.1.18' into develop. [iglocska] +- Menu change. [iglocska] + + - added link to view the proposals +- Merge branch 'hotfix-2.1.18' into develop. [iglocska] +- Two files left off. [iglocska] +- Merge branch 'hotfix-2.1.18' into develop. [iglocska] +- Fixes to the Shadow attribute e-mailing. [iglocska] + + - E-mail locks are now correctly reset by discarding / accepting a proposal + + - Also, new index page to see the list of proposals that a user can accept +- Merge branch 'hotfix/2.1.18' into develop. [Christophe Vandeplas] +- Fix bug in pull updated events, improved performance. [Christophe + Vandeplas] +- Merge branch 'hotfix-2.1.17' [iglocska] +- Merge branch 'hotfix-2.1.17' [iglocska] +- Merge branch 'hotfix-2.1.17' into develop. [iglocska] +- Left-over line removed. [iglocska] +- Merge branch 'hotfix-2.1.17' into develop. [iglocska] +- Small cleanup. [iglocska] +- Attachments correctly exported with events/view/1.xml now. [iglocska] + + - bug that broke transfer of attachments on pull fixed + + - data only exported on view() not mass xml exports +- Merge branch 'hotfix-2.1.15' [iglocska] +- Merge branch 'hotfix-2.1.15' [iglocska] +- Merge branch 'hotfix-2.1.15' [iglocska] +- Merge branch 'hotfix-2.1.15' into develop. [iglocska] +- Export fixes. [iglocska] + + - conversion of the array in the XML export to be compatible with the XML parser (some invalid characters could break it) + + - New separate CSV export that includes all visible unpublished and non IDS signature attributes on request +- A fix to the csv export. [iglocska] +- Merge branch 'hotfix-2.1.15' into develop. [iglocska] +- Fix to a typo causing exports to fail. [iglocska] +- Merge branch 'hotfix-2.1.14' [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Fix version number master. [Christophe Vandeplas] +- Merge branch 'hotfix-2.1.14' [iglocska] +- Merge branch 'hotfix-2.1.14' into develop. [iglocska] +- Removed a left-over junk line from the shadow attribute controller. + [iglocska] +- Merge branch 'hotfix-2.1.14' into develop. [iglocska] +- Fix to sync users being able to edit events that don't belong to them + interactively. [iglocska] +- Merge branch 'hotfix-2.1.13' [iglocska] +- Merge branch 'hotfix-2.1.13' into develop. [iglocska] +- Removed vulnerability and comment from correlation. [iglocska] +- Merge branch 'hotfix-2.1.12' [iglocska] +- Merge branch 'hotfix-2.1.12' [iglocska] +- Merge branch 'hotfix-2.1.12' [iglocska] +- Merge branch 'hotfix-2.1.12' [iglocska] +- Merge branch 'hotfix-2.1.12' into develop. [iglocska] +- Final change to the placement of the logos on the login page. + [iglocska] +- Merge branch 'hotfix-2.1.12' into develop. [iglocska] +- Small alignment fix again. [iglocska] +- Merge branch 'hotfix-2.1.12' into develop. [iglocska] +- Small alignment change. [iglocska] +- Merge branch 'hotfix-2.1.12' into develop. [iglocska] +- Added second logo to the left of the login screen. [iglocska] +- Merge branch 'hotfix-2.1.8' [iglocska] +- Merge branch 'hotfix-2.1.11' [iglocska] +- Merge branch 'hotfix-2.1.11' [iglocska] +- Merge branch 'hotfix-2.1.11' [iglocska] +- Merge branch 'hotfix-2.1.8' into develop. [iglocska] +- A previous change reverted by accident in the previous commit. + [iglocska] +- Merge branch 'hotfix-2.1.8' into develop. [iglocska] +- Upgrade script for 2.1.8. [iglocska] + + - we have introduced the "locked" flag for events to protect events of the original creator from being edited by a sync user + + - IMPORTANT: before running the script below, make sure to create the locked field for the event table (see INSTALL/LOCKED.sql) + + - This script (generateLocked found in the Administrative tools menu) will attempt to set the locked value for existing events to ease the transition + + - The default value for locked is 0, and all events created on the instance should be set to this value + + - events that were synced from another instance should have their locked value set to 1 + + - this script checks for local organisations and sets the locked field to 1 for all events not created by them + + - a local organisation, as defined for the scope of this scrips is: an organisation with at least 2 members or an organisation with a single member that is not a sync user. + + - The script is only accessible by site admins and will return a notification about the number of events altered. +- Merge branch 'hotfix-2.1.11' into hotfix-2.1.8. [iglocska] +- Update to the MYSQL.sql file to reflect the 'locked' changed. + [iglocska] +- Introduced a typo in the previous commit. [iglocska] +- Further updates to the sync. [iglocska] +- Merge branch 'hotfix-2.1.11' into develop. [iglocska] +- Fix to the e-mailing. [iglocska] +- Merge branch 'hotfix-2.1.11' into develop. [iglocska] +- Small fix to the previous commit. [iglocska] +- Merge branch 'hotfix-2.1.11' into develop. [iglocska] +- Changes to the shadow attribute controller. [iglocska] + + - users that weren't publishers couldn't accept / discard proposals + + - emails were blocked by an incorrect debug mode for the e-mailer +- Some smaller fixes. [iglocska] + + - PGP key of the user shown in the profile instead of always showing N/A + + - Contact e-mails now include the instance's owning org in the subject + + - Users can now enable/disable contact e-mail subscriptions +- Merge branch 'hotfix-2.1.10' [iglocska] +- Merge branch 'hotfix-2.1.10' into develop. [iglocska] +- Users weren't able to change the contactalert field. [iglocska] +- Merge branch 'hotfix-2.1.9' [iglocska] +- Merge branch 'hotfix-2.1.9' into develop. [iglocska] +- Fix to not being able to accept shadowAttributes. [iglocska] + + - recursive -1 used for loading attribute, then referencing the event +- Merge branch 'hotfix-2.1.7' [iglocska] +- Vulnerability url is now configurable (Fix #153). [Alexandre Dulaunoy] + + A global configuration CyDefSig.cveurl added to specify the URL + where to reference a CVE/NVD number. CyDefSig.cveurl is optional + and if not existing fallbacks to the original google.com URL. +- Attribute http-method added - issue #161 fixed. [Alexandre Dulaunoy] + + The attribute HTTP method added. By default, the values + must match the known HTTP method from RFC2616, RFC2518, + RFC3253, RFC3648, RFC3744, RFC5789, RFC5323. The method + is case sensitive. +- Terms and conditions separated from the template. [Alexandre Dulaunoy] + + If a file terms exists in app/View/Users, the terms are included. + If not, the default message is included to inform the admin. This + avoids to overwrite local terms when updating MISP code. +- Merge branch 'hotfix-2.1.7' into develop. [iglocska] +- Fix to the distribution changes breaking threatconnect imports. + [iglocska] +- Merge branch 'hotfix-2.1.6' [iglocska] +- Merge branch 'hotfix-2.1.5' [iglocska] +- Merge branch 'hotfix-2.1.6' into develop. [iglocska] +- Changes to the initial distribution settings. [iglocska] + + - The initial attribute distribution level now allows the option for 'event', inheriting the event's distribution level +- Merge branch 'hotfix-2.1.5' into develop. [iglocska] +- Attributes won't show two links to the same event anymore on the event + view. [iglocska] +- Merge branch 'hotfix-2.1.4' [iglocska] +- Merge branch 'hotfix-2.1.4' into develop. [iglocska] +- Fix to incorrect distribution setting in the openIOC importer. + [iglocska] +- Merge branch 'master' of https://github.com/MISP/MISP into develop. + [iglocska] +- Merge branch 'hotfix-2.1.3' [iglocska] +- Typographic errors fixed in automation page. [Alexandre Dulaunoy] +- Trailing ":" removed from title page template. [Alexandre Dulaunoy] +- Merge branch 'hotfix-2.1.3' into develop. [iglocska] +- Default distribution level flags in bootstrap.php. [iglocska] + + - Each instance can now have its own default event and attribute distribution level set +- Merge branch 'hotfix-2.1.2' [iglocska] +- Merge branch 'hotfix-2.1.2' into develop. [iglocska] +- Set the default value of the flag disabling rest alert messages to + false. [iglocska] +- Merge branch 'hotfix-2.1.1' [iglocska] +- Merge branch 'hotfix-2.1.1' into develop. [iglocska] +- Notification on rest add of published events. Fixes #138. [iglocska] +- Merge branch 'develop' into 'master' for v2.1. [Christophe Vandeplas] +- Pivot thread changed slightly. [iglocska] + + - There is a reset button in the first arrow + + - adding an event that exists already in the list should not create a new pivot point +- Jumping between pivot thread points changed. [iglocska] + + - no longer adds the event to the thread +- Fixed the CSS issues with the pivot thread. [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [Christophe Vandeplas] +- Incorrect mutex validation fixed. [iglocska] +- Pivot threads and other changes. [iglocska] + + - Users can now see the path they took while jumping from related event to related event + + - Removed the breadcrumbs + + - Some UI changes (user menues were not showing the active page, etc) +- Updated README.md. [Christophe Vandeplas] +- Crumbs not shown on error messages. [iglocska] +- Change to the routing the login to remove the admin tag. [iglocska] +- Removed the breadcrumbs from the login page. [iglocska] +- Accidental change to gitignore reversed. [iglocska] +- File left off from previous commit. [iglocska] +- Breadcrumbs for the views. [iglocska] + + - makes navigating the site easier + - some new css changes to support this +- Fixes to the openIOC import tool. [iglocska] + + - should handle nested OR branches better now + - domain now mapped to Network/DNS +- Fixes #144, the edit page losing the previous setting. [iglocska] +- Change to the confusing invalid event message. [iglocska] +- Changes to the filename validation. [iglocska] + + - . allowed in filenames to allow for names such as test-1.0.ext +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Version 1.0 of MISP XML Document Type Definition. [Alexandre Dulaunoy] + + The first version of the XML format is loosely based on the current XML + format used by MISP in commit 84b552fb7441bf2beb0c711acde3b0af336afba8. + + The purpose is to track down the changes in the format and especially + to ensure a consistent definition of the XML format for external tools + and software using the MISP XML format. +- IOC file import filename regex fix. [iglocska] + + - Didn't account for several words separated by '.'-s (file.name.ext) +- Migration script updated with the regexp changes. [iglocska] +- Fixes an issue with the upload of malware samples not generating an + md5 hash if the file is too large. [iglocska] +- Removed password creation for new users through the contact users + menu. [iglocska] +- Discard shadowattribute changed to Postlink. [iglocska] + + - Prevents deletion through XSRF +- Fixed an issue with siteadmin contact e-mails resetting passwords of + non existing users. [iglocska] + + - a site admin could issue a password reset to a non-existing user +- Fixed a newly created bug in memberslist. [Christophe Vandeplas] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Memberslist based on orgc, is more logic to reflect the contributions. + [Christophe Vandeplas] +- Minor NIDS export performance improvement. [Christophe Vandeplas] +- Some bugs fixed. [iglocska] + + - Resetting the auth key for a user that doesn't exist created an empty + user + + - change_pw showed an admin menu on the side + + - rerouting after an incorrect auth request fixed (users/index doesn't + exist) + + - temporarily disabled the redirect after login +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Fixes XSS vulnerability in filters. [iglocska] +- Fixes in server push. [Christophe Vandeplas] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [Christophe Vandeplas] +- Server push lower memory footprint solving OoM problem. Enabled per-id + push like pull. [Christophe Vandeplas] +- More logging with PGP errors. [Christophe Vandeplas] +- Initial refactoring of the event view / xml exports. [iglocska] + + - event view and xml exports all use __fetchEvent now + + - unified the permission checks + + - same output for event/id.xml and the xml exports +- Minor change with shadowattributes. [iglocska] + + - short was still used on the shadow attribute value field, if the + shadow attribute was a proposal to the event itself and not to an + attribute +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Reverted commit of url validation that didn't validate parts of urls. + [Christophe Vandeplas] +- Fixing problems in pull with distribution data validation. [Christophe + Vandeplas] +- Removed TODO. [Christophe Vandeplas] +- Some css changes broke the shadow attributes. [iglocska] + + - should be fixed +- Change of domain type in IOC Export fixes #134. [iglocska] +- OpenIOC issue. [iglocska] + + - Attribute type domain exported into the wrong ioc term. +- Security issue fixed with UsersController. [iglocska] + + - users could view other user profiles + + - users could view other user profiles through edit user +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Leftovers from communitie/cluster/... [Christophe Vandeplas] +- Removed quotation marks from csv export. [iglocska] + + - Not needed, linebreaks are removed anyway +- Import ThreatConnect attributes into event, see issue #119. + [Christophe Vandeplas] +- Fixes in data validation. [Christophe Vandeplas] +- Revert "fix bug in removing remote attributes if push is not enabled" + [Christophe Vandeplas] + + This reverts commit c4d5344153a7f183372f3acbc703e6bfcb57e23e. +- Fix bug in removing remote attributes if push is not enabled. + [Christophe Vandeplas] +- Cleanup: hidden functions to _function and removed unnecessary + function. [Christophe Vandeplas] +- Minor admin tools improvements. [Christophe Vandeplas] +- Huge performance increase in generateCount. [Christophe Vandeplas] +- Fixes bug introduced in commit + 2334599f3d460c4371597dc336749bebded459de. [Christophe Vandeplas] +- Minor UI glitch in IOC/IDS naming. [Christophe Vandeplas] +- Do not change 'info' field upon pull (was: Imported from $url) + [Christophe Vandeplas] +- Fixes #133. [Christophe Vandeplas] +- Redirects to filtered events page upon delete. [Christophe Vandeplas] +- UI improvement on private event/attribute. [Christophe Vandeplas] +- Removal of some references to the old private flag. [iglocska] +- Re-enabled route from /admin/users/login to /users/login. [iglocska] + + - when an admin user got logged out the system threw an error instead of + returning him/her to the login screen +- Slight colour change for the private background colouring. [iglocska] +- Some UI changes and reattached the regexp for the admin validation + tool. [iglocska] + + - org only events have a redish background in the event index + + - org only events and attributes have their distribution level marked in + red +- Must be sleepy...holliday effect? [Christophe Vandeplas] +- Fixes bug in previous commit. [Christophe Vandeplas] +- Improved password generation algorithm in reset password. [Christophe + Vandeplas] +- Corrections in the documentatino. [Christophe Vandeplas] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- 'type' same size in regexp than in attribute. [Christophe Vandeplas] +- Minor change in reportValidationIssueAttributes() [Christophe + Vandeplas] +- First refactoring of the regexp. [iglocska] +- Some cleanup. [iglocska] + + - removal of references to the old blacklist +- MYSQL.sql change left off from regexp changes. [iglocska] +- Change to the GFI import and the attachment downloads. [iglocska] + + - GFI import issue fixed with attribute ID 1 not existing causing the + import to fail for several attributes + + - GFI import change: registry keys with binary value are now artifacts + dropped instead of persistance mechanism + + - GFI import change: files with size of 0 will be omitted + + - file attachment download change: moved away from the deprecated media + view in favour of cakeresponse->file() +- Some UI fixes related to the debug/nondebug alignment. [iglocska] +- Regexp type changes also for non ADMIN users. [iglocska] + + - left the view for them off in the previous commit +- Continued rework of the regexp. [iglocska] + + - Regular expressions are now only checked for attributes + + - Regular expressions are now defined and checked on a type by type + basis, with the setting "ALL" affecting all attributes + + - creation / deletion of several attributes in one edit to accommodate + for several checked type options + + - perform on all admin option now only saves attributes that actually + get changed by the regexp, making the function usable again for larger + databases + + - Some feedback on what got changed during a perform on all + + - UI changes in the index / regexp add / edit views to reflect the type + sensitivity changes +- Removal of the blacklist. [iglocska] + + - Since regexp can be used to blacklist things, there's no need to have + two separate features that accomplish the same thing + + - Add a regexp named /1.1.1.1/ with nothing as replacement and it will + behave the same as adding a blacklist for 1.1.1.1 in the old system. +- Bug in a previous commit. [iglocska] + + - left in some debug used to escape php encryption during testing +- Attribute index UI bug fixed. [iglocska] +- Regexp changes, UI changes. [iglocska] + + - first cleanup of regexp + + - some changes left off from the UI changes that were not in the views + themselves +- UI changes applied to the actions menu. [iglocska] + + - The side menu is now fixed / relatively positioned based on the debug + mode, like the header and the footer. +- Some changes to the UI. [iglocska] + + - The previous UI changes fixed the top and the bottom bar to the + viewport + + - It was great for the UI with the debug disabled, but it obstructed the + debug info with it on + + - now, turning debug off fixes the top bar and the bottom bar, turning + it on returns it to the top and bottom of the page, as it was in earlier + versions +- Footer download GPG Z-index changes. [iglocska] + + - GPG key download was behind the layer for the center footer, + preventing the user from clicking the download link. Fixed. +- Some more HTML fixes. [iglocska] +- HTML error fix. [iglocska] + + - div id starting with a digit (the id wasn't needed anyway so removed + it) +- HTML error fixed. [iglocska] + + incorrect span in ul +- Some small UI changes. [iglocska] +- Cosmetic relocation of the auth errors on the login screen. [iglocska] +- Small change to the flash messages. [iglocska] + + - fixing it to the same position +- Footer.ctp left off of the previous commit. [iglocska] +- Changes to the UI. [iglocska] + + - login screen looks a bit fancier and is more customisable + - admins can add a Logo next to the login fields, there's a MISP logo + ontop with a line of text above and below it, editable via bootstrap.php + - Footer re-added, has the PGP key download and the center footer text + from MISP 1.1 + - A logo on the right side of the footer, optionally added by + bootstrap.php + + - Header, Footer, menu are now fixed and not affected by scrolling the + screen +- Change to the login screen. [iglocska] + + - Places an optional logo to the left + - MISP logo above the login fields, with an optional pre and post text + + - define them in the bootstrap as indicated in bootsrap.default.php +- Hard coded urls for the event index. [iglocska] + + - Should provide a tiny performance boost +- Several fixes. [iglocska] + + - Fixed the search pagination beyond the first page + + - Hard coded routing of the menues in the global actions area +- Several copy paste failures fixed in the previous commit. [iglocska] + + - /facepalm +- ACL checks changed. [iglocska] + + - until now checkAction was used to check permissions of a user + + - but since all of the role permissions are checked beforefilter in + appcontroller and saved into a public array, doing a lookup of the + array saves an SQL call for each permission check. +- Closes #131. [iglocska] + + - Seems like a change removed this functionality since 2.0, fixed +- Fix to users not being able to edit attributes. [iglocska] +- IOC -> IDS name change for attribute index. [iglocska] + + - also for attribute add and edit +- Small change to the xml search download. [iglocska] +- Search result downloads (CSV format) [iglocska] + + - added the button for the CSV download + - fixed a bug with the csv search result downloader blocking non IOC + results even if the search terms did not specify IOCs only. +- Some cleanup on the views. [iglocska] +- Some UI changes. [iglocska] + + - Signature / IDS Signature changed to IOC +- Bugfix for the creation of several attributes with the same UUID. + [iglocska] + + - SHA256 and SHA1 hash attributes that get auto-generated on malware + sample upload had the same hash as the filename|md5. Fixed. +- Views updated to include CSV in the menues. [iglocska] + + - CSV and also IOC downloads on events are now hidden if the event is + not published +- Update to the exports. [iglocska] + + - export page updated to include the CSV export + + - some changes to the CSV export and incorrect handling of data for + admins +- More changes to the whitelists, exports. [iglocska] +- To_ids turned off on attribute creation by default. [iglocska] +- Firther work on the exports. [iglocska] + + - Some refactoring of the whitelist checks + - tighter rules for published / to_ids on certain exports + - attribute search now has the IOC checkbox +- Changes to export validation, CSV export, Whitelist redesign. + [iglocska] + + - CSV export for individual events, all events, search results + - Whitelists are now preg_matches instead of simple string matches + - whitelist checks are to be applied on almost all exports + (implementation in progress) + - the exception will be the search result exports, if the (to be + implemented) to_ids only checkbox isn't checked +- Width + height, should be fixed (event index images) [iglocska] +- Small part left off from the previous commit.. [iglocska] +- Overriding the css that's blocking the size change. [iglocska] + + - on the event index +- Typo fixed. [iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Solves memory exhaustion upon generateCorrelation. [Christophe + Vandeplas] +- Some UI changes. [iglocska] + + - removed the e-mail for non site admins from the event index (they can + still see it in the event view if the event was created by the same org) + + - added a text MISP logo + + - smaller icons for the event index +- Merge branch 'feature/sync/timestamp' into develop. [Christophe + Vandeplas] +- A. [Christophe Vandeplas] +- Minor changes. [Christophe Vandeplas] +- Page for admin with some links. [Christophe Vandeplas] +- Grouped documentation. [Christophe Vandeplas] +- Removed warning message. [Christophe Vandeplas] +- Update to the attribute search. [iglocska] + + - Use ! to exclude terms in the value/id/org fields + + - org search works the same way as value / id now, you can enter several + terms separated by a newline. Also, adding ! infront of a term will + exclude the organisation from the results + + - sub string search for organisations +- Consistency in MYSQL database file. [Christophe Vandeplas] +- Unify db schema. [Christophe Vandeplas] +- Filter logic reworked. [iglocska] + + - Affects org and info field + + - terms have to be saparated by pipe (|) + + - terms can be terms that will be OR-d or excluded terms that will be + AND-ed + + - to exclude a term use ! + + - A valid filter search for info would be: 'term1|term2|!term3' + -> this would result in all events with the info field containing term1 + or term2 but not term3 +- NOT filter for orgs on the event index. [iglocska] + + - entering for example '!futuremark' would exclude all events created by + the organisation 'futuremark' +- Email addresses of event creators visible to users if same org. + [iglocska] + + - On the event index, users can view the e-mail address of the event + creator, if the event belongs to their own organisation +- Some fixes to the filters event index. [iglocska] + + - siteadmins can now search the creator org instead of the owner org + (like normal users would) + + - Changed the org search to be a partial match instead of an exact match +- Two small changes. [Iglocska] + + - email of the user creating an event shown if current user's org == + event's orgc + + - on export, the check for to_ids will happen outside of the if branch + that sets extra restrictions of non site admins. Otherwise site-admins + would accidentally include attributes that aren't iocs. +- Fix to the filters on IE. [Iglocska] + + - old versions of IE didn't handle an incorrect form creation as gracefully as the other browsers + + - forms should not be created within a table unless it's within a (it was + on level before). The normal solution would be to encapsulate the + entire table in a form, but since we have formlinks for the deletes / + publishes this would get flagged as form tampering by the security + components. + + - As a fix, filter forms are created separately for the 4 search fields within their now with hidden fields that keep the persistence of the previously + entered filter terms +- Incorrect line removed from migration. [iglocska] +- Update to the migration. [iglocska] +- First update to the SQL scripts. [iglocska] +- Wrong file included in previous commit. [iglocska] +- ShadowAttribute notifications, and some minor fixes. [iglocska] + + - New field for events, locking an event from sending out a contact + e-mail when a proposal is made to it + - Default setting for the new field is 0, if a shadow attribute is + added an e-mail is sent to all subscribing members of the orgc and the + new field is set to 1 + - Accepting a change resets the field to 0 +- Extra access control restriction for reportValidationIssues. + [iglocska] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [iglocska] +- Micro cleanup of servers index. [Christophe Vandeplas] +- ReportValidationIssues function. [Christophe Vandeplas] +- Fix UI issue of top bar. [Christophe Vandeplas] +- First start of report functions. see issue #122. [Christophe + Vandeplas] +- Little bit more details about sync errors. [Christophe Vandeplas] +- Shows spaces in attribute value. fixes #19. [Christophe Vandeplas] +- Sanitisation of the data when generating .ioc file. [iglocska] +- Login url won't include /admin/ anymore. [iglocska] + + - routing issue fixed +- Addition of the Event History. [iglocska] + + - uses the logs to generate a list of actions affecting the selected + event and all of its attributes + + - view is very minimalistic, not to show anything restricted +- Sync pull backwards compatibility with MISPv2. [Christophe Vandeplas] +- (workaround) better error message when HTTP problem with Server Pull. + [Christophe Vandeplas] +- UI consistency. [iglocska] +- Several smaller changes. [iglocska] + + - Fix to the proposed attribute edit that got broken in a previous + commit + + - Fix to the org filters for non admin users + + - Some changes to the documentation +- More updates to the manual. [iglocska] +- More updates to the manual. [iglocska] +- Some UI changes and partial update to the manual. [iglocska] +- Added 2 new type of attributes. [iglocska] + + - sha256 / filename|sha256 + - uploading a malware sample now automatically creates a filename|sha1 + and a filename|sha256 in addition to the sample|md5 +- Fix incorrect order of checking user info (with REST authkey) + [Christophe Vandeplas] +- Fix MYSQL missing ; [Christophe Vandeplas] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Christophe Vandeplas] +- Reference to maxDist removed in the attribute edit view. [iglocska] + + - obsolete +- Removed some obsolete code. [iglocska] + + - canEditDist is obsolete, removed some more references to it +- Bug fixed with event creation. [iglocska] + + - Previous commit unsetting new attribute IDs breaks if no attributes + present -> fixed +- Fix bug in iocexport. [Christophe Vandeplas] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Christophe Vandeplas] +- Protection against lost attributes with saveAssociated. [iglocska] + + - attributes that are added have to have their id unset before being + added in order to avoid overwriting existing attributes +- Fix file download missing extension. [Christophe Vandeplas] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [iglocska] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Christophe Vandeplas] +- Micro improvement. [Christophe Vandeplas] +- Change to the routes. [iglocska] + + - disabling the routes to indeces with pagination throws an error when + switching to another page +- Shadow attribute change. [iglocska] + + - fixed incorrect link to edit shadow attributes and the distribution + checks +- Update to the publish. [iglocska] + + - _publish doesn't attempt to upload events that have a distribution of + 0 or 1 (private and community) but instead just set to published and + return true +- Update to the IOCImprt/Export. [iglocska] + + - bringing the two components up to date with the distribution changes +- Typo in UsersController fixed. [iglocska] +- Routing and some UI changes to the users admin_index. [iglocska] +- UI changes and more work on the sync. [Iglocska] + + - updated the side menu +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Iglocska] +- Minor improvements in documentation. [Christophe Vandeplas] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Christophe Vandeplas] +- Bugfix in UI. [Christophe Vandeplas] +- Pull can not edit events / attributes. [Iglocska] + + - added the _edit method in EventsController +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Iglocska] +- Fix to the attribute list when not logged in. [Iglocska] + + - incorrect syntax fixed +- Small bug with view() fixed. [Iglocska] +- Some more fixes to the sync. [Iglocska] +- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP + into feature/sync/timestamp. [Iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into + feature/sync/timestamp. [Christophe Vandeplas] + + Conflicts: + app/View/Attributes/index.ctp + app/View/Events/add.ctp + app/View/Events/edit.ctp +- Merge branch 'feature/gui' into develop. [Christophe Vandeplas] + + Conflicts: + app/View/Users/memberslist.ctp +- Performance - caching of CakeRouting and url generation. [Christophe + Vandeplas] +- UI filter of event view (forgot this file) [Christophe Vandeplas] +- Unified links. [Christophe Vandeplas] +- Improve UI of event index filtering. [Christophe Vandeplas] +- Fix documentation link. [Christophe Vandeplas] +- Performance improvement with static urls. [Christophe Vandeplas] +- Fix bug no tooltip with Chrome/IE on attributes. [Christophe + Vandeplas] +- Fix no tooltip bug on Chrome and probably IE. [Christophe Vandeplas] +- Removed not necessary sort results in huge performance improvement. + [Christophe Vandeplas] +- Peformance. [Christophe Vandeplas] +- UI tooltip love. [Christophe Vandeplas] +- Logos shown in memberslist. [iglocska] +- Named pipes and mutex. [iglocska] + + - added the 2 types under the artifacts dropped category +- Further changes to the degradation of the distribution. [Iglocska] +- Further work on the distribution. [Iglocska] +- Further changes to the distribution. [Iglocska] + + - changed to use the new int field +- Few changes. [Iglocska] +- New sql changes. [iglocska] +- Change to new distribution. [iglocska] + + - first stage +- Removed incorrect validation. [iglocska] +- Accidental inclusion of some debug in the previous commit. [iglocska] + + - removed +- Small bug with the highlighthelper. [iglocska] + + - ending the input with a break line will cause the highlter to fail + - fixed +- Small change to the timestamp. [iglocska] + + - Moved the timestamp generation for attributes and events that are + being saved and don't have one to Model->beforeValidate() +- First cleanup of AttributesController and EventsController after the + move to timestamps. [iglocska] +- Small mistake in the previous commit. [Iglocska] +- Update to the sync. [Iglocska] + + - timestamp now correctly compared, events that have an older timestamp + will be discarded, same with attributes + + - right now the response is the same as a successful edit though, should + be handled more gracefully + + - pull is not yet tested + + - attachments and shadow attributes not yet implemented + + - backflow is nicely blocked by the timestamp as intended + + - needs cleanup (from, dist_change) +- Saving over night, something still blocks the timestamp from being + saved after a push... [iglocska] +- More work on the timestamps. [iglocska] + + - Event correctly changes timestamp when attribute edited in the UI + - Attribute correctly changes timestamp when edited in the UI + + - Still very much work in progress, several parts are not supposed to + work yet +- First (still non-working) version of the timestamp + uuid sync. + [iglocska] + + - timestamp field added to events and attributes (int length 11 called + timestamp, default value 0) + - timestamps created on add / edit when apprioriate + - during an add, if an event/attribute is not being pushed through a + sync with an existing timestamp, create a timestamp + - on edit, check whether the timestamp is newer than the old one and + only add the attribute or event then +- Bug with adding an event and the org being set incorrectly. [iglocska] +- Changes to the event filtering. [iglocska] + + - there was a bug that pushed the data entered into the "published" + filter field to the date fields -> fixed + + - Also a bug in the serverscontroller, pulling threw an undefined + warning from the log controller because a single saveField was used and + the logController couldn't save the url data for the action +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [iglocska] + + Conflicts: + app/Controller/EventsController.php +- Fix incorrect location of loadModel for Attribute. [Christophe + Vandeplas] +- Filters updated and some changes for the sync. [iglocska] + + - visual changes + - date from/until fields + - published field + - a reset form button + + - the org of an event added by a sync user will be that of the host + instance's own organisation identifier +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [iglocska] +- Force passwd change for admin user on creation. [Christophe Vandeplas] +- Create default admin user automatically. [Christophe Vandeplas] +- First version of the new filters on event index. [iglocska] +- Small UI change to the exports screen. [iglocska] +- Small fix to event view attribute access permissions. [iglocska] + + - Server only attributes not visible to members of another organisation + - fixed +- Tiny cosmetic change. [iglocska] +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [iglocska] +- UI hide top links when not logged in. [Christophe Vandeplas] +- Changes to the event view. [iglocska] + + - reworked the way events are loaded and reloaded to check for + privileges +- Slight change to the event xml output. [iglocska] + + - now includes both shadowattributes related to attributes and events +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [iglocska] + + Conflicts: + app/View/Events/view.ctp +- UI fix login screen. [Christophe Vandeplas] +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [Christophe Vandeplas] +- Alignment of action buttons. [Christophe Vandeplas] +- Update to the shadow attributes. [iglocska] + + - UI changes + - changed the relationship between shadowattributes and events to be + hasMany +- Small mistake in the previous commit. [iglocska] +- Attribute edit US change. [iglocska] +- Removed pointer change on hover for the message css class. [iglocska] +- Display related events in multiple columns. fixes #113. [Christophe + Vandeplas] +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [iglocska] +- Sort arrows. [Christophe Vandeplas] +- More UI changes. [iglocska] +- CSS change for the flash messages. [iglocska] +- Update to the import IOC ui. [iglocska] + + - new css class for the graph +- More UI changes. [iglocska] +- Attribute type pipe and mutex. [iglocska] + + - 2 new attribute types + - Same change as on develop +- Update to the event index view. [iglocska] +- Slight changes to the role creation and edit views. [Iglocska] +- UI changes. [Andras] +- More UI changes. [Andras] +- UI changes to event add/edit and change to events controller. [Andras] + + - updated the UI for the event add and edit views + + - change to the privileges when editing events - siteadmins could not edit + events of other orgs. +- New forminfo tooltip and update to search attribute. [Andras] + + - added tooltip to css + + - small update to search attribute +- UI event fixes. [Christophe Vandeplas] +- UI events partial improvements. [Christophe Vandeplas] +- UI rules and users improvements. [Christophe Vandeplas] +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [Christophe Vandeplas] + + Conflicts: + app/View/Logs/admin_index.ctp + app/View/Logs/admin_search.ctp + app/View/Users/memberslist.ctp +- GUI changes for the user views. [iglocska] +- Merge branch 'feature/gui' of https://github.com/MISP/MISP into + feature/gui. [iglocska] +- UI changes to the logs. [iglocska] +- UI Logs, documentation, memberslist and fixed bug in highlight. + [Christophe Vandeplas] +- UI servers. [Christophe Vandeplas] +- UI blacklist whitelist regexp. [Christophe Vandeplas] +- UI export and automation. [Christophe Vandeplas] +- Attribute search and list. [Christophe Vandeplas] +- Hilight row. [Christophe Vandeplas] +- Minor improvements. [Christophe Vandeplas] +- Mirated first parts of nice GUI proposed by Alexandru of CERT-EU. + [Christophe Vandeplas] +- Update to the IOC import tool. [iglocska] + + - Tries to resolve some branching to increase the number of successful + imports + + - Moved to the event view and the import only adds attributes without + changing the event's data itself + + - Visualisation of the original IOC, showing the successes and failures +- Fixing some REST API and XML issues. [Christophe Vandeplas] +- Quick fix for strict warning over an incorrect argument. [iglocska] + + - in adminCrudComponent +- Minor cleanup. [Christophe Vandeplas] +- Further cleanup of the REST XML output. [Christophe Vandeplas] +- Fixes information leakage vulnerability on REST XML outputs. + [Christophe Vandeplas] +- Removed useless hop_count. [Christophe Vandeplas] +- Date issue when adding a user. [Iglocska] + + - the date for a new user was not set and defaulted to 0000-00-00 - this + caused an issue when the user was edited and the admin was either + prompted to change the date manually or the date was set to 2033. + + - date for newsread is now initially set to 2000-01-01 +- Disabled HTML5 validation for Users/admin_add. [Iglocska] + + - the new cakephp HTML5 validation forced users to enter a GPG key under + all circumstances. Removed. +- Strict messages fixes #99 and user edit requiring to change password + fixes #67. [Iglocska] + + - Plugins and the user model were throwing strict messages in php 5.4+ + or with E_STRICT on php 5.3 and lower. Should be fixed. + + - New cakePHP added automatic HTML5 validation to form fields, which + breaks fields that can alternatively be left empty to not be edited + (such as the password field in user edits) - removed the html5 form + validation from user edits. +- Update to the mysql.sql file. [Iglocska] + + - aros setup from earlier versions was still included. Removed. +- Further progress on the OpenIOC import. [Iglocska] + + - works fine now, but a lot of data still gets discarded +- Further work on the IOCImport. [Iglocska] + + - Also, major performance fix for the event view +- OpenIOC Importer. [Iglocska] + + - Import from .ioc + - map to MISP attributes and insert them + - try to resolve AND logical operators where possible, otherwise discard +- Missing images added closes #92. [iglocska] +- Fixes #88. [Iglocska] + + - events searchable by uuid + -> /events/view/ +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Moved fragmented massagedata to Model::beforeValidate() [Christophe + Vandeplas] +- Added the component from the previous commit. [iglocska] +- Moved the ioc export to a component. [Iglocska] + + - Less clutter +- Further changes to the export features. [Iglocska] + + - fixed issues with some download exports not being downloaded + - eliminated some code repetition +- Issue with event publish logs failing. [Iglocska] + + - info was not set with saveField. Fixed. +- Changes to the export conditions. [Iglocska] + + - attributes with to_ids == 0 won't be exported unless it's an XML + export + - Fix to a typo in the IOC export +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] + + Conflicts: + app/Controller/EventsController.php +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [Christophe Vandeplas] +- First minor cleanup of export #78. [Christophe Vandeplas] +- Typo with several _isSiteAdmin() calls fixed. [Iglocska] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Fix rest authentication and further auth clean up. [Christophe + Vandeplas] +- Update to the installation instructions. [Andras Iklody] + + - to reflect the removal of the old ACL +- Removal of more remnants of the old ACL and tightening of the filename + checks. [Andras Iklody] + + - actAs acl removed from role and user models together with some extra + code related to the ACL + + - Fix of the filename regex as pointed out by cvandeplas. +- Further changes to the authorisation. [Andras Iklody] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [iglocska] +- Db changes for the integrated ownership. [Andras Iklody] + + - updated the MYSQL.sql file, + - tables aros, acos, aros_acos removed and shadow_attributes added +- Removal of the remains of the old authorization / adding new ones + where needed. [Andras Iklody] +- Reference to a now gone method fixed. [Andras Iklody] +- Small errors with the merge corrected. [Andras Iklody] + + - some errors managed to slip through during the merge, should be fixed +- Integrated ownership, ACL and minor fixes. [Andras Iklody] + + - Orgs can propose new attributes or changes to existing attributes for + events that they do not own + + - publishing users of the owner organisation can see, accept or discard + them + + - Reworked the access control + + - minor fixes +- Merge branch 'feature/cleansanitize' into develop Fixes #96. + [Christophe Vandeplas] +- Fix sanitization in AppController #96. [Christophe Vandeplas] +- Fix sanitization in AdminCrudComponent #96. [Christophe Vandeplas] +- Fix sanitization in Events #96. [Christophe Vandeplas] +- Fix sanitization in Regexp #96. [Christophe Vandeplas] +- Fix sanitization in Roles #96. [Christophe Vandeplas] +- Fix sanitization in Attributes #96. [Christophe Vandeplas] +- Fix sanitization in Users #96. [Christophe Vandeplas] +- Fix sanitization in Blacklists #96. [Christophe Vandeplas] +- Fix sanitization in Servers #96. [Christophe Vandeplas] +- Fix sanitization in Whitelist. [Christophe Vandeplas] +- Fix sanitization in Logs. [Christophe Vandeplas] +- Merge branch 'develop' of https://github.com/MISP/MISP into develop. + [Christophe Vandeplas] +- Performance tweak. [Andras Iklody] + + - User/Role not looked up recursively anymore for authorisation checks - + improves performance significantly. Also, checking perm_add and + perm_modify instead of doing a lookup in the ACL tables +- Merge branch 'feature/correlation' into develop. [Christophe + Vandeplas] +- Cleanup crappy sanitization. [Christophe Vandeplas] +- Rewrote fetching of the related events. [Christophe Vandeplas] +- Remove unused function. [Christophe Vandeplas] +- New logic to generate correlation, relates to issue #95 . Updated DB + schema ! [Christophe Vandeplas] +- Fixes #141. [Christophe Vandeplas] +- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska] +- Tightened the export rules. [Iglocska] + + - text, xml, ioc exports of attributes with to_ids == 0 are now + blocked. +- Bug with attribute edits. [iglocska] + + - users without publishing rights couldn't edit attributes. Fixed +- Sanitization of the data when creating .ioc files. [iglocska] +- Fix to the highlight issue. [iglocska] + + - new line at the end of the search list would break the highlighter and + throw a warning + - fixed +- Show the org logo in the memberslist. [iglocska] +- Merge branch 'namedpipes_mutex' [iglocska] +- Named pipes and mutex. [iglocska] + + - added the 2 types under the artifacts dropped category +- Fix for the search. [iglocska] + + - Due to the sanitization being fixed, the search results broke + + - This is a quick copy of the fix implemented on develop by cvandeplas +- Quick fix to the sanitization. [iglocska] + + - the double sanitization needed a quick fix until the development branch + gets merged in the future +- Fix to the bulk search when logged in as a non admin. [iglocska] + + The search filter was broken and didn't return the expected result. Should + be fixed. +- Updated README. [Christophe Vandeplas] +- Update README. [Christophe Vandeplas] +- Issue with Correlations going missing. [Andras Iklody] + + - Update to the delete in afterSaveCorrelation +- Removed some obsolete code. [Andras Iklody] + + - getName functions removed + + - Fixed a reference to it in the logable behaviour +- Some fixes to indeces not set. [Andras Iklody] + + - Affecting Event creation, attribute deletion remotely and logging of + event deletion +- Merge branch 'removeprivate' into develop. [Andras Iklody] +- Removal of deprecated code. [Andras Iklody] + + - The flag private is deprecated, removed together with the code that was + affected by it +- Merge branch 'master' into develop. [Andras Iklody] + + Conflicts: + app/Config/bootstrap.default.php +- Merge branch 'master' of https://github.com/MISP/MISP.git. [Christophe + Vandeplas] +- Fixed a sanitization issue with encrypted emails. [Andras Iklody] +- Updated gitignore. [Christophe Vandeplas] +- Fix merge issue. [Christophe Vandeplas] +- Merge branch 'master' of https://github.com/MISP/MISP.git. [Christophe + Vandeplas] +- Merge branch 'master' of https://github.com/MISP/MISP. [Andras Iklody] + + Conflicts: + app/Config/bootstrap.default.php +- Small fix. [Andras Iklody] +- Small changes. [Andras Iklody] + + - added an optional field to the bootstrap default (used by the e-mail + notification system) + + - Clarification about the isAdmin and isSiteAdmin (comment) +- Removes multiple correlation engines Fixes #83 but after testing issue + #95 comes to light. [Christophe Vandeplas] +- Removed unused CyDefSIG.showowner field. Closes issue #93. [Christophe + Vandeplas] +- Merge branch 'develop' [Andras Iklody] +- Merge branch 'develop' [Andras Iklody] +- Updated github url. [Christophe Vandeplas] +- Merge branch 'master' of https://github.com/BeDefCERT/MISP. [iglocska] +- Updated INSTALL docu and apache templates. [Christophe Vandeplas] +- Small fixes. [Andras Iklody] + + - Comments about isAdmin vs isSiteAdmin + + - Extra config line added to bootstrap.default.php for the built in e-mail + system +- Wrong version of adminCrudComponent. [Andras Iklody] + + - Can cause issues when saving roles, replaced with the newer version. +- Removed leftover debug code. [Andras Iklody] + + - forced exception to test debug output left in - removed +- Small edit fixes #75. [iglocska] + + - Event was not deleted when another non site-admin org user tried to + delete an event due to the event not being read before its organisation + was compared to that of the logged in user -> fixed. +- Bug with pull. [iglocska] + + - Pulling all from the server list view would cause all new events to be + pulled as intended, but attachments would not be pulled with their + respective attributes + + - the few lines of code responsible for loading the file and base64 + encrypting it for the transfer were misplaced within a correlation check + + - fixed. +- Small bug with sorting events by validation. [iglocska] + + - didn't work properly, fixed. +- Updates to the manual. [iglocska] + + - new export features + + - contact user features +- Missing view for IOC export. [iglocska] +- First version of an IOC export feature. [iglocska] + + - Builds basic .ioc file of an event, OR-ing all eligible attributes + + - mass export via a zip file to be implemented later +- Small error. [iglocska] +- Small bug. [iglocska] + + - Messages left empty for all but the first user in a mass custom e-mail + - fixed. +- Small message notifying the admin that the e-mail was sent. [iglocska] + + - flash message after e-mail sent +- Debug exception left in. [iglocska] + + - removed +- E-mailing system for site-admins. [iglocska] + + - site admins able to contact users by e-mail from within the system + - PGP encrypted where available + - Password reset with automatic temporary key generation + - all of the above options have a mass-email version where every user is + contacted at once + - Potential new users can be contacted too (GPG key can be supplied) +- Fix to a validation error. [iglocska] + + - regkey|value's validation was inversed only accepting incorrect entries +- Double sanitization fixed. [iglocska] +- Extensions of filenames now validate if a number is included. + [iglocska] +- Update to the validation of file names to allow _ in the extension. + [iglocska] +- Search for attributes by organisation. [iglocska] + + - New search functionality on request - restrict attributes by + organisation + + - Also, attributes in the list attributes and search attributes result + pages, that belong to the user's organisation will have a red event ID +- Related events. [iglocska] + + - Implemented on request: related events created by the same organisation are now coloured red +- Validation of vulnerability to CVE number, Fixes #35. [iglocska] +- Change to the location of the add attribute/attachment buttons. Fixes + #49. [iglocska] +- Moved the batch import checkbox, Fixes #50. [iglocska] +- Update to the default config files. [iglocska] + + - Some minor changes to the default config files +- Slight change to the xml export of search results. [iglocska] + + - Disabled the feature for "List Attributes". +- New export feature. [iglocska] + + - To restrict the authentication key from being used by interactive users, + implemented a new export page that uses the uses cake's user + authentication + + - the old export features still exist for users with perm_auth enabled + accounts - renamed to automation + + - Exporting the events that found attributes belong to in a search + attributes result page + + - exporting of individual events to file by clicking a link in event view +- Temporary fix for an issue with the ACL. [iglocska] +- Updates to the manual. [iglocska] +- Update to the targets of contact emails and more. [iglocska] + + - The original creator of an event will also get contacted by contact org + if he/she has the contactalerts turned off. + + - error in the SQL permissions of normal users and org admins - they + weren't able to modify/delete events of their own organisation that they + themselves didn't create +- Bug fixes. [iglocska] + + - issues of admin orgs not being able to edit/delete org events + + - owner org removed for org admins + + - email only visible from own org to org admins +- Upgrades to the installation and upgrade process. [iglocska] + + - Instructions updated + + - SQL scripts tidied up of incorrect junk (from export) + + - upgrade scripts finish gracefully +- Small change to the migration. [iglocska] +- Change to the migration script fixing an error. [iglocska] + + During the structure export of the ACL tables the current increment count + from the test environment got left in, caused errors when creating a new + role. +- Instructions for the upgrade. [iglocska] + + - 1st version +- Update to generateCount. [iglocska] + + - generateCount used to just run through all attributes and save them, to + generate the count. It led to VERY long execution times on larger + databases (25k+ attributes). With the extra processing that each save() + does for attributes, this was horribly slow. + + - new generateCount just saves the events based on the number of + associated attributes, only having to save the events (of which there + are considerably less). +- More updates to the migration. [iglocska] +- Slight change to generating the ArosAcos. [iglocska] + + - permission field is not set when roles are read during the ArosAcos + generation script - needed for generateACL. Fixed. +- Shell scripts updated to populate the ACL. [iglocska] +- Some changes to the migration script. [iglocska] +- Merge branch 'develop' of https://github.com/BeDefCERT/MISP into + develop. [iglocska] +- Quick fix of the git url. [Christophe Vandeplas] +- Highlighting in log searches. [iglocska] + + - new helper that can be used for highlighting + + - highlighting of the search terms in the log search result - index view. +- Removed the js title bubble for related events. [Andras Iklody] + + - Removed javascripts based title bubble showing the event info in related + events / attributes and in the search attribute view. + + - Replaced it with values provided by extra cake queries as the delay for + fetching the info field through a js rest request was annoyingly slow + + - some coding standards +- Attribute and event access. [Andras Iklody] + + - Updated the check for authorisation to view an event and attribute as + the system hid some valid combinations (such as a server only attribute + in a higher distribution level event). +- Regexp validation. [Andras Iklody] + + - an invalid regexp entry could block any event/attribute from being + entered. Introduced a check on regexp entry to block faulty patterns. +- Changes to logs and some minor changes. [Andras Iklody] + + - Regexp, blacklist, roles, whitelists now logged + + - adminCRUD now sets ID (for the logging) on edit + + - some minor UI changes (removal of empty action menues on the left menu + bar) +- Previous edit was an error. [Andras Iklody] +- Error in a previous commit. [Andras Iklody] +- Enabled filename whitelisting for GFI sandbox uploads. [Andras Iklody] + + - filename wasn't validated before exec() to unzip before +- Subscription to alerts from contact reporter. [Andras Iklody] + + - Users can now choose to subscribe to receive e-mails from the "Contact + Reporter" feature. +- Changed email alert. [Andras Iklody] + + - It didn't respect private events and alerted everyone. Fixed. +- Removed sanitization of emails. [Andras Iklody] + + - caused linebreaks to be sanitized, it's a plain text e-mail so + sanitization isn't needed. +- Tighter checks so users can't edit events of other orgs. [Andras + Iklody] +- Update to the admin privileges. [Andras Iklody] + + - Changed the requirement for a lot of functions to be site admin as + opposed to admin. +- Cleanup of some duplicate junk. [Andras Iklody] +- New regular expressions default values. [Andras Iklody] + + - List of new values for the regexp table + + - if the user_id for an event is not set, set it to that of the user with + the e-mail address of 'cisprotection@ncirc.nato.int'. +- Colouring of search terms works in links. [Andras Iklody] + + - links now have proper colouring to make the found terms more visible +- Some changes to the search. [Andras Iklody] + + - changes to the validation of the results + + - fixes an issue where the escaping of slashes showed up with a // + + - made the found results more visible and case insensitive +- Slight update to the filename regex. [Andras Iklody] + + - accept extensions from 2 to 4 characters in length +- Fixed some regex issues and file name validation. [Andras Iklody] + + - Fixed an issue that caused attribute values to be converted to 1 on + save in case of an empty regexp table + + - Filename validation now happens via whitelisting instead of filename + sanitization +- Checkbox / radio misalignment. [Andras Iklody] + + - Fixed an issue with IE interpretting an unset padding value for + checkboxes / radio selects as a good reason to give it some high value. +- Previous edit was incorrect, fixed. [Andras Iklody] +- Tiny Migration and UI edit. [Andras Iklody] + + - updates to the migration SQL script + + - small change in the new/edit roles UI to solve a misalignment +- Typo... [Andras Iklody] +- Case-sensitivity. [Andras Iklody] +- SQL update. [Andras Iklody] +- Merge branch 'develop' of /home/git/cydefsig into develop. [deresz] +- Export distribution. [Andras Iklody] + + - Export didn't take into account distribution rules, should be fixed + + - Fixed a bug with editing attributes +- Still issues with the attribute search. [Andras Iklody] + + - should be ok now +- Fix to the updated search attributes. [Andras Iklody] + + - issue on the live server with the search field left empty, fixed +- Several things (search, migration) [Andras Iklody] + + - Changes to the default setting for non private events after migration + + - search attribute update to be able to exclude events +- Updated the migration script (SQL) [Andras Iklody] + + - Script updated based on the issues during testing + + - Changed the file upload/downoad mechanism. +- Composite type change. [Andras Iklody] + + - composite type's value not exploded if value1 already set (to hopefully + fix issues with the migration tool) +- Missing migration sql updates. [Andras Iklody] +- Regexp fixed. [Andras Iklody] + + - Regexp replacement didn't actually change the data in the object. Fixed. +- Update sql script to go from 1.0 -> 2.0. [Andras Iklody] + + - First version of an SQL upgrade script +- Fixed a minor error. [Andras Iklody] + + - comma at the end of line missing in SQL file +- Changes to the distribution handling of attributes. [Andras Iklody] + + - Only the creating org of the event can change the distribution of + attributes + + - Attribute distribution setting are only pushed on edits if they were + manually changed (so that the distribution level of events on the + creating server doesn't get degraded by an edit and push of the event at + a synced server when using connected community settings). + + - slight change to the batch attribute search, the search terms are only + echoed up to 9 terms to prevent the mass echoing of a long list +- Some updates to the migration script. [Andras Iklody] + + - Getting it up to date +- Attribute edit fixed. [Andras Iklody] + + - Editing attributes caused an error because the uuid was not passed back + from the form (and it is used to find the attribute locally for rest) + + - UUID is now used from the read attribute for non rest users. In the long + run it would be cleaner to not allow non rest users to reach that part + of the code. +- Minor changes. [Andras Iklody] + + - some changes to the access control + + - re-renabled regexp and blacklists, will need a closer look though + + - editing a role should update ACL + + - some other minor things +- Previous commit was slightly off. [Andras Iklody] + + Changed the placing of the unset, as it broke the push of attachments. + Should be fine now. +- Major bug with attributes disappearing during sync. [Andras Iklody] + + Found a bug where an instance that has a lower attribute count pushing to + another would cause the attributes with equal attribute ID to get + overwritten with the pushed ones. Unsetting the attribute ID before the + push fixes this. +- Update to the menu. [Andras Iklody] + + - minor cosmetic change +- Reworked the sync / release control. [Andras Iklody] + + - Fixed issues with the sync + - Secondary publishes on remote servers failed + - Introduced new fields in events to stop backward traverse of + edit information that lead to low performance and eroneous + distribution information updates when more than 2 servers were + linked + - Deletion of an attribute now deletes on remote servers + + - Changes to the event ownership + - Original creator org now noted in the event itself + - Only original creator org can change distribution + - Events will show up with the original creator org for users + (admins can see both that and the owner of the event on the + local instance) + - Server.organization now used in junction with the connecting + user's org and the instance's org (from the bootstrap) to + determine distribution flow control and access rights + + - Lots of minor changes +- Coding standards. [Noud de Brouwer] + + this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11. +- Updated structure of the documentation. [Christophe Vandeplas] +- Further cleanup. [Christophe Vandeplas] +- Updated LICENSE from copyright to AGPL and first cleanup of files. + [Christophe Vandeplas] +- Minor change to the validation. [Andras Iklody] + + - Some types didn't have any validation info, defaulting in an incorrect + input - fixed + + - re-enabled the sanitization of file names +- Minor changes to the validation. [Andras Iklody] +- Changes to link validation and minor fixes. [Andras Iklody] + + - Links get validated now to filter malicios code + + - removed a double edit button in the case of an admin editing himself + + - fixed an error with adding new attributes +- Updates to security. [Andras Iklody] + + - perm_auth new toggle, can disable auth key usage for a role + + - prevents sync / rest with a perm_auth == false key + + - some changes to sync to provide better feedback on why it failed + + - rewording of distribution options +- Redirect for ServersController. [Andras Iklody] + + Added redirect for index in case of non sync users +- Reworked aros_acos creation. [Andras Iklody] + + - moved and fixed the aros_acos creation on the new role creation + + - new method in appController that sets all the aros_acos from scratch + (for example for a new instance, or a changed acos / aros table) + + - some minor changes, redirects to the terms page on invalid events + removed, etc. +- Missing file from the last commit. [Andras Iklody] + + Missed a file from the package +- Fixes to access rights, some sanitization, etc. [Andras Iklody] + + - Admins cannot manually change anyone's authkey, they need to generate a + new one via the reset link + + - Some pages could be accessed by changing the url - fixed (though needs + further testing) + + - Edited a change in the manual that may have been confusing + + - Some changes to the way ACL is set up - still needs more work +- Temporary fix for file-uploads under windows. [Andras Iklody] + + Added an alternate file-upload/download path creation for PHP_OS == + 'WINNT' + + Also removed autofill for the login field +- Corrected a typo preventing the sync from working. [Andras Iklody] +- Changes to the admin org access and sanitization. [Andras Iklody] + + 1. Some errors fixed in the way redirects worked for org admins + + 2. fixed some double sanitization resulting in incorrect characters + displayed in certain fields +- Added hover over event IDs in search attributes view. [Andras Iklody] + + Hovering over the event IDs now shows the event info in the list generated + by the search attributes page +- Security for UsersController. [Andras Iklody] + + org admins could edit users of other orgs by accessing the edit page + through the URL. Fixed. +- Further changes to org admins. [Andras Iklody] + + org admins can manage their own server connections + org admins cannot see other orgs' users in the users list +- Issue with uploading attachments fixed. [Andras Iklody] + + Uploading an attachment would fail while trying to set the event to + unpublished. Fixed. +- Small update to the regular import regexp view. [Andras Iklody] + + An empty table cell caused a cosmetic misalignment of the cell border. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Org admin privileges. [Andras Iklody] + + Added restrictions for org admins and regular users to be able to see + regexp/whitelist/blacklist information without being able to edit them. + Org admins can also see the roles but not edit them. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Fix for the synchronisation. [Andras] + + An error in the pull fix broke the push/publish feature. Fixed. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Attribute distributions. [Andras Iklody] + + Added feature to block distribution levels that would get overruled by the + event distribution. The distribution of the event will be the currently + selected distribution when creating an attribute. +- Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into + develop. [Andras Iklody] +- Distribution. [Noud de Brouwer] + + attributes inherit distribution from event. +- Fix for the org admin privileges. [Andras Iklody] + + Editing / creating users and the organisation permissions for org admins +- Org admin can only see org logs. [Andras Iklody] + + Added check for the above +- RBAC. [Noud de Brouwer] + + only create users within own organisation. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Pull fixed. [Andras Iklody] + + Fixed the issues with pull, should work fine now +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Fixed push/publish. [Andras Iklody] + + Fixed a few issues that caused push/publish not to work +- RBAC. [Noud de Brouwer] + + org admin and RBAC admin. +- Better fix to Sanitize::clean() problem. [deresz] + + 'escape' option was removed. +- Sanitize. [Noud de Brouwer] + + Sanitize can not be used in PGP key. +- GPG. [Noud de Brouwer] + + start of check/correct. +- DB. [Noud de Brouwer] + + in conversion create Blacklist table as well. +- PGP. [Noud de Brouwer] + + clean key remark. +- PGP. [Noud de Brouwer] + + direction-like-out-commented try. +- RBAC. [Noud de Brouwer] + + so role is editable. + (i will not commit/push during after hours ;) ) +- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig + into develop. [Noud de Brouwer] +- Roles controller Jquery helper added. [deresz] + + For some reason I needed it +- RBAC. [Noud de Brouwer] + + role editable on user page (by admin). +- RBAC. [Noud de Brouwer] + + roles/view/. +- RBAC. [Noud de Brouwer] + + ampesant in html. +- RBAC. [Noud de Brouwer] + + admin must be able to edit role, where-ever. +- Distribution level explanation. [Andras Iklody] + + The description of the distribution levels has been updated +- Slight change to distribution description. [Andras Iklody] + + Changed the explanation for each distribution level on event creation +- Sync. [Noud de Brouwer] + + curl test update using a generic named xml. +- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig + into develop. [Noud de Brouwer] +- Small change to batch searches. [Andras Iklody] + + An empty new line caused every attribute to be displayed. Fixed. +- Batch search for attributes. [Andras Iklody] + + Implementation of request to be able to do batch attribute searches +- Sql blacklist. [Noud de Brouwer] + + somehow all _working_ code for blacklist got committed and pushed + but not the sql db change, find this here-in. +- Error. [Noud de Brouwer] + + behavior error or just plain wrong on our side. +- Error. [Noud de Brouwer] + + behavior error or just plain wrong on our side. +- Error. [Noud de Brouwer] + + behavior error or just plain wrong on our side. +- PHP practice. [Noud de Brouwer] + + array-content. +- CakePHP. [Noud de Brouwer] + + odity, if i add "tes\ntestt\ntes", blacklist the testt, + i get "tes\ntestt" as content. (other behaviors?) +- Blacklist. [Noud de Brouwer] + + Blacklist gets activated on Event.info and Attribute.value. +- Behavior. [Noud de Brouwer] + + Use settings, par-example, name a field to Import Blacklist. +- Blacklist. [Noud de Brouwer] + + AdminCrud looking for Blacklist Flash message + and Import Blacklist menu button. +- Blacklist. [Noud de Brouwer] + + A list of stringparts not to be able to enter. +- AdminCrud and coding standard. [Noud de Brouwer] + + more AdminCrud and coding standard clean up. +- AdminCrud. [Noud de Brouwer] + + use of the AdminCrud component. +- App syntax. [Noud de Brouwer] + + Controller/Component to share AdminCrud. +- Git. [Noud de Brouwer] + + redo 'git-trigger' change. +- Git. [Noud de Brouwer] + + pardon i seem to have had a: +- Unused & coding standard. [Noud de Brouwer] + + Removed some total unused code and corrected some toward the CakePHP coding standard. +- Signature Blacklist. [Noud de Brouwer] + + removed unused view. +- Import Regexp. [Noud de Brouwer] + + removed unused code. +- Import Regexp. [Noud de Brouwer] + + Renamed Import Whitelist to Import Regexp. +- Validation field. [Andras Iklody] + + A field in the event index showing it clearly whether the event has been + published or not - shows a small image (placeholder atm) +- Fixed deprecated errors. [Andras Iklody] + + Removed cause of deprecated errors (Pass by reference) +- Log & code duplication. [Noud de Brouwer] + + $this->Html->image($nonExistingImage) + showed up in tmp/logs/error.log and + the origin this is in 2 Views, so a View Element was created. +- Doc & build. [Noud de Brouwer] + + move technical_design into app/build/. +- Log. [Noud de Brouwer] + + do not logs/error.log if an img does not exist. +- Sanitize. [Noud de Brouwer] + + Sanitize countermeasures. +- Log & coding standards. [Noud de Brouwer] + + do not logs/error.log if an img does not exist. + and overcome the, + Each PHP statement must be on a line by itself. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- DB. [Noud de Brouwer] + + give MYSQL.txt the correct .sql extension. +- Sanitize. [Noud de Brouwer] + + Sanitize countermeasures. +- Sanitize. [Noud de Brouwer] + + Sanitize countermeasures. +- Added validation field to the event index. [Andras Iklody] + + A small image at the front of each line showing whether the event has been + validated (published) or not. The images are placeholders for now. +- Sanitize. [Noud de Brouwer] + + Sanitize countermeasures. +- DB. [Noud de Brouwer] + + clean up conversion. +- HTML. [Noud de Brouwer] + + make Pages/using_the_system.ctp valid HTML. +- HTML. [Noud de Brouwer] + + make Events/view.ctp valid HTML. +- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig + into develop. [Noud de Brouwer] +- Removed option "Sandbox" from analysis. [Andras Iklody] +- GenerateAllFor [Charlie Root] + + conflicts with CAKE/Model/Model::_call() so no findBy. + (and various very minor other things.) +- JQuery. [Noud de Brouwer] + + deactivateButtons.js was bad and is not used anymore, so removed. +- JQuery. [Noud de Brouwer] + + version was bumped but actual file not removed. +- Static program analysis. [Noud de Brouwer] + + New Static program analysis Makefile for f.i. Coding Standards with reports in app/build. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards typo. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards work file. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- Coding standards. [Noud de Brouwer] + + Coding Standards. +- PHP. [Noud de Brouwer] + + lcfirst (PHP 5 >= 5.3.0). +- GenerateAllFor [Noud de Brouwer] + + missed adding app/Lib/CamelCase.php and app/Config/routes.php. +- Event.analysis. [Noud de Brouwer] + + set analysis* in view(). +- Paging. [Noud de Brouwer] + + 6 (used during test) -> 60 again. +- GenerateAllFor [Noud de Brouwer] + + so we can use an URL like: + http://localhost//generateAllFor/newValue/oldValue + for example: + http://localhost/events/generateAllForAnalysis/0/null + http://localhost/users/generateAllForInvitedBy/1/0 + http://localhost/users/generateAllForRoleId/1/0 +- Sanitize. [Noud de Brouwer] + + Sanitize::clean() but redo the info and value fields. +- Search. [Noud de Brouwer] + + After added feedback on entered search terms for search attributes + and search logs, this now also works for LogsController::index() + and next and previous page. +- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig + into develop. [Noud de Brouwer] +- Added missing 4th option to analysis levels. [Andras Iklody] +- Added a missing view for password changes. [Andras Iklody] +- Sanitize. [Noud de Brouwer] + + do not Sanitize::clean() $this->request->data. +- Fixed an issue with the events. [Andras Iklody] +- Fix for the Attributes. [Andras Iklody] +- Sanitize. [Noud de Brouwer] + + small correction on a "\n" in info. +- 2 SQL files missing. [Andras Iklody] + + - added them now +- Added features from branch analysis_levels. [Andras Iklody] + + -Analaysis levels setable for events as per milestone item 94 + -Password change forced as per milestone item 109 + -Added feedback on entered search terms for search attributes + -fixed the authentication issue + -some minor fixes +- Merge branch 'master' into develop. [noud] +- Oeps. [noud] + + leftover debug() removed. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Controller/AttributesController.php + app/Controller/EventsController.php +- RESTfull sync. [noud] + + this is in responce to the email + From: + To: , + Subject: Re: sync/REST + Date: Fri, 7 Dec 2012 13:30:10 +0000 + in this there is a complaint about the RESTfull sync workings. + the email hints about 2 possible options: + i) RESTfull add event without attributes (conform the web interface) + ii) RESTfull add event with attributes (more conform the code) + + both are implemented and can be choisen in bootstrap.php by + Configure::write('CyDefSIG.rest', 'ii') or 'i'. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Controller/AttributesController.php + app/Controller/EventsController.php + app/Controller/ServersController.php + app/Model/Event.php +- CakePHP. [noud] + + CakePHP update from 2.2.3 to 2.2.4 +- JQuery. [noud] + + bump JQuery from 1.8.2(.min) to 1.8.3(.min). +- RESTfull sync. [noud] + + Let RESTfull only work conform the web pages (to Christophes wish), + so add/edit event apart from add/edit attribute. + (there is annotation in the code to revert back to full RESTfull and + add/edit the attribute(s) alongside add/edit the event.) +- RESTfull sync. [noud] + + redone delete attribute and add that to the sync. +- RESTfull. [noud] + + make RESTfull event add and edit work again. +- RESTfull sync. [noud] + + RESTfull attribute add, edit and view, to be usefull in sync. +- RESTfull/sync. [noud] + + redid the sync, so if add and exist, send HTTP 302 and different + Location, and do edit there. + Still, the final result has to compare the attributes and if needed + RESTfull delete. +- Fix bug when published event that is added using REST is not pushed to + remote servers. [Christophe Vandeplas] +- Removing update functionality for REST. [Christophe Vandeplas] +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Christophe + Vandeplas] +- Fix bug of sync. [Christophe Vandeplas] +- ExtJs. [noud] + + reverted, cause no need. + was: + does not show on production. + this is the ExtJs not being there? + or php (>5.2.8) not build without --disable-json. +- Role. [noud] + + renamed everything group to role (i.s.o. renaming just the visable). +- Role. [noud] + + renamed everything group to role (i.s.o. renaming just the visable). +- Source Code Review. [noud] + + sanitize everything displayed from the db. + (and some small coding standard whitespaces) +- Roles. [noud] + + only be able to tick actions when manage (& publish) org events. +- RBAC and Roles. [noud] + + did add Acl Admin and Audit. +- Sync. [noud] + + have sync option in role. + and only display the Sync Actions when sync option or admin. + (still has to be disabled if role is below manage org events. +- Attributes. [noud] + + display "#Attr.". +- Distribution. [noud] + + show "All" if distribution is All communities in Events/index.ctp and + Events/view.ctp. +- Changes to the related events mouseover bubble. [Andras Iklody] + + Removed unneeded headers and changed the address to relative to avoid the + sending of an OPTIONS REST request. +- Db. [noud] + + clean up temp db .sql files. +- Db. [noud] + + clean up temp db .sql files. +- Db. [noud] + + besides regex data in MYSQL.txt for a clean install + have MYSQL.regex.sql for a Cydefsig update. +- Db. [noud] + + make top db conversion script path relative. +- Db. [noud] + + conversion needs a Organization name, + so name that in the README.txt as well. +- Db. [noud] + + add the regex table to db conversion. +- Typo. [noud] + + typo +- Coding standards. [noud] + + coding standards tells us "space"."space" +- Menu. [noud] + + correct menu on add/edit Import Whitelist. +- Correlation. [noud] + + corrected very old error if one event got 3 attributes having the + same value1 but variation in value2. + (in the past the correlation got signed to the 1st attribute, not to the + respective attributes.) +- Updated some images. [Andras Iklody] + + Update to some images to reflect the changes to the whitelists. +- Minor update to some linking to the documentation. [Andras Iklody] + + Updated a few links to link to specific portions of certain pages in the + documentation instead of just the page itself. +- Coding standards. [noud] + + whitespace police. +- Added bubble when hovering over related events. [noud] + + suppres already named caregorie again. +- Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into + develop. [Andras Iklody] +- User Guide. [noud] + + corrected conform the app for attributes as well. +- User Guide. [noud] + + corrected conform the app. +- Update to the hover effect on related items. [Andras Iklody] + + Several occurances of links to the same event in the attribute list + caused all instances except the first one to not display any event info + when hovered over. Fixed. +- Coding standards. [noud] + + coding standards tells us "space"."space" +- Whitelists. [noud] + + better naming and regex block named in administration.ctp +- Added bubble when hovering over related events. [noud] + + suppres already named caregorie again. +- Import Whitelist. [noud] + + more replacements to uniform the data, so more correlation. +- Import Whitelist. [noud] + + if not regex and only replacement, consider that as a comment. +- Readme.txt. [noud] + + readme.txt update +- Added bubble when hovering over related events. [noud] + + no need to re-include jquery given it's included in + View/Layouts/default.ctp. +- Added bubble when hovering over related events. [noud] + + make baseurl variable conform bootstrap. +- Added bubble when hovering over related events. [noud] + + make authkey variable conform the authenticated user. +- Added bubble when hovering over related events. [Andras Iklody] + + Hovering over related events will reveal the "info" field of the event + without clicking on it. +- Coding standards. [noud] + + correction conform conding standards. +- Import Whitelist. [noud] + + if Import Whitelist item has regex and no replacement, then do not allow + an attribute having value the regex and do not allow events having info + conform that regex. +- Code. [noud] + + a "1" gremlin removed. +- Regex white/blacklist. [noud] + + correct nameing of the buttons. +- Merge branch 'develop' of + ssh://misp.ncirc.nato.int/home/git/cydefsig.git into develop. [noud] +- Changes to the manual. [Andras Iklody] + + Added information about Regex, changed some minor things. +- Regex and blacklist. [noud] + + blacklist, as in, do not input attributes, is working now, + for manual, batch and GFI Sandbox import. +- Merge branch 'regex' into develop. [Noud de Brouwer] +- Input regex. [noud] + + use RegexBehavior on Event.info and Attribute.value. +- Tiny histogram change. [Andras Iklody] + + Changed the height of the list of types to fit the amount of data +- Slight change to the histogram. [Andras Iklody] + + Data for types that had "|" or "-" in the name (such as ip-src) + were omitted - should be fixed now +- Db. [noud] + + spit generatePrivate into attr and event part (given long runtime). +- Correlation. [noud] + + do not show the same event id multiple times for one attribute shown. +- User. [noud] + + no possibility to delete oneself. +- Trim. [noud] + + use the TrimBehavior on all inputable models. +- Terms. [noud] + + removed termsaccepted and newsread from user add, + so the user herself has to accept the terms. +- Distibution. [noud] + + generatePrivate conform new distribution. +- Distibution. [noud] + + add generateHop to migratemisp11to2. + (generatePrivate should still be looked at.) +- Distribution. [noud] + + generate hop count. +- Distribution. [noud] + + do not do anything upon delete in regard to distribution. +- Distribution. [noud] + + if distribute upstream, do not alter org, user_id nor distribution + settings. +- Correlation. [noud] + + altered so an event distribution preveals over it's attributes + distribution. +- Even slighter modification to the manual (a typo and a few white + spaces) [Andras Iklody] +- Slight modification to the manual (removing some whitespace errors) + [Andras Iklody] +- Updated the manual to conform with coding standards. [Andras Iklody] +- Coding standards. [noud] + + correct conform coding standards. +- Coding standards. [noud] + + whitespace police +- Updated the manual with the REST API portion. [Andras Iklody] +- Event/attribute delete. [noud] + + In version 1 and 2 of misp/cydefsig there's a delete button upper left + in the menu that a) does not delete or b) does not return to a visable + url after deletion. + As a 'fix' those delete buttons are now removed, given there does still + exist delete in the index view. +- Os. [noud] + + various test dirs added just for conveniance. +- Db. [noud] + + up-to-date db. +- Sync. [noud] + + lastpushedid reminder. +- Trim. [noud] + + add TrimBehavior to use in Servers and lateron in Attributes. +- Attributes delete. [noud] + + oeps, attribute delete inadvertably deleted from view. +- Validation. [noud] + + trim all string fields in server. + (later bring this to AppModel or behavior level) +- Audit log & terms. [noud] + + do not handle a timed out user log. + and + better check on login and termsaccepted. +- Attributes. [noud] + + hide attributeDistribution tooltip on open. +- Delete event. [noud] + + in edit event screen now give correct id in delete alert box. +- Correlation. [noud] + + repair correlation after introduction of 'This server-only'. +- Correlation. [noud] + + sort Related Events decending on date and second on id. +- Coding standards. [noud] + + better parameters on callback routines. +- Correlation. [noud] + + some correction so no missing correlation. +- Correlation. [noud] + + respect the latest added 'This server-only'. +- RBAC. [noud] + + respect setting for edit attribute. +- RBAC. [noud] + + respect setting for edit event. +- Terms. [noud] + + activate a route for routeafterlogin on timeout. +- Private. [noud] + + show 'This server-only' events to all on the server. +- Terms. [noud] + + deactivate a route. +- Users. [noud] + + show the correct Org during edit. +- Terms. [noud] + + better routes to support termaccepted. +- RBAC. [noud] + + name what to do during install for RBAC tables and content. +- Terms. [noud] + + route to terms even if an 'admin' option is chosen. +- Correlation. [noud] + + CyDefSIG.correlation being 'default' and 'sql' are depreciated. +- Code standards. [noud] + + we emit XHTML 1.0 Transitional. + so to check, encapsulate using: + + + + + + <> + + + + and use http://sourceforge.net/projects/eclipsetidy/ to validate. +- Sync. [noud] + + validation on server.authkey having minlenght of 40 like user.authkey. +- Code standards. [noud] + + html cleanup. +- Html. [noud] + + removed some html giving warnings. +- Sync. [noud] + + corrected pull for events having no distributable attributes. +- Sync & code. [noud] + + a new NameController() needs $Name->constructClasses(). + odd this ever did work before (CakePHP 2.2.2 versus 2.2.3 diff?). +- Sync & merge. [noud] + + merged develop with master and have to alter ServersController a little. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Controller/ServersController.php +- Merge branch 'master' of /home/git/cydefsig. [Andrzej Dereszowski] + + Conflicts: + app/Controller/AppController.php +- Fixes bug where no email alert is sent when event is added using API + (and published) [Christophe Vandeplas] +- Fixes bug when alerting and a single gpg key is giving problems. + [Christophe Vandeplas] +- Revert "blackhole" [Christophe Vandeplas] + + This reverts commit 899ef6300b554d77aa842e0e987973d6980e2898. +- Bugfix issue where delete event will also be triggered on servers with + no push active. [Christophe Vandeplas] +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Christophe + Vandeplas] +- Fixes download-sync-bug when only one event is present on the remote + instance. [Christophe Vandeplas] +- Fixes bug 87 - on import of existing event: event info changed, tagged + private. Also fixes events tagged private when added using REST api. + [Christophe Vandeplas] +- Sync. [noud] + + push from v2 to v1. +- Correlation. [noud] + + just for intermediate db-update. + (all MYSQL.*.sql should be removed lateron) +- Code standards. [noud] + + whitespace police. +- Terms. [noud] + + slight better formulated AppController::beforeFilter() +- Code standards. [noud] + + conform code standards. +- Version. [noud] + + removed a "-" copied in from a patch file. +- Terms. [noud] + + slight better formulated AppController::beforeFilter() +- Code standards. [noud] + + respect code standards. +- Sync. [noud] + + array correction done so no 2 kinda the same tests during pull. +- Sync. [noud] + + pull goes okay with just one event. + pull with multiple events was already okay. +- PHP. [noud] + + CakePHP php minimum_version="5.2.8" but lcfirst was introduced in PHP + 5.3, so i reverted to 'strtolower(substr('. +- Users views. [noud] + + whole menu in admin_view. + active delete button in edit. +- Sync. [noud] + + sync attributes on pull. +- Sync. [noud] + + conform the new distribution. + pull on events works too. +- Distribution. [noud] + + conform latest, having: + - Your organization only + - This server-only + - This Community-only + - Connected communities + - All communities + + Push is tested, pull not yet. +- Code. [noud] + + have the distribution description in one place, just the model. +- Dns. [noud] + + config if there is a name server available and do not use if not there. +- Db. [noud] + + db conversion using whitelist, not whitelists. +- Index. [noud] + + some line disapeared, in view as well on attribute level. + Andras Iklody suggested a html non breaking space, that worked. +- Code. [noud] + + removed small double code. +- Sync (publish) [noud] + + Event publish button in events index and event view does + report push failure(s) if any remote server is down. +- Correlation. [noud] + + fixed correlations being double accounted. +- Db. [noud] + + extra name migratemisp11to2 to run on server. +- Db. [noud] + + updated the db conversion from master->develop. +- Terms. [noud] + + take 2, for a user must accept terms. +- Sync. [noud] + + admin must be able to delete servers, Andras corrected. +- Terms. [noud] + + reverted just done commit + (Can't use method return value in write context ). +- Terms. [noud] + + check for user logged in (if not a server looks total stalled). +- Sync. [noud] + + admins must be able to delete a server. +- Logout. [noud] + + keep the logout in footer as well (besides the logout in menu). +- RBAC. [noud] + + use $isAclAdd for New Server. +- Whitelist. [noud] + + cleanup whitelist. +- Hostname & port. [noud] + + if no baseurl given in bootstrap.php use the server configuration. +- Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into + develop. [Andras Iklody] +- Code standards. [noud] + + slight updated code standards test script. +- Cleaning up and changing the user guide. [Andras Iklody] + + - user guide: information about the new number of attributes field in the list of events added + - updated the event showing a list of events + - removed obsolete images +- Code standards. [noud] + + corrections toward code standards. +- Index. [noud] + + some line disapeared. + Andras Iklody suggested a html non breaking space, that worked. +- Count. [noud] + + result view for AttributesController::checkComposites() +- Count & GFI Sandbox. [noud] + + count # attributes in events index. + plus various fixes for distribution in correlation of a GFI Sandbox + upload. +- Merge branch 'develop' of + ssh://misp.ncirc.nato.int/home/git/cydefsig.git into develop. [noud] +- Small change to the user guide. [Andras Iklody] + + Fixed the table of contents misalignment and added a line about IE9/10 compatibility mode causing issues +- GFI Sandbox. [noud] + + files having size 0 are not md5 summed in CakePHP. +- Correlation. [noud] + + if second attribute, create the reverse correlation as well. +- Terms. [noud] + + user must accept terms. +- Correlation. [noud] + + resolved comment typo. +- RBAC. [noud] + + corrected mayModify in Attribute/edit.ctp. +- Correlation. [noud] + + respect distribution Org in correlations. + (for this + add correlations.1_private conform MYSQL.correlaton.sql + and + AppController::generateCorrelation() must be run) +- Merge branch 'develop' of + ssh://misp.ncirc.nato.int/home/git/cydefsig.git into develop. [noud] +- Change to the user manual. [Andras Iklody] + + Again a slight change, removed a script that numbered the

headers for the ToC creation. Also fixed a few images. +- Update to the new user guide. [Andras Iklody] + + The old script to create an automatic table of contents was accidentally left in in the previous version, it is removed now. +- New user guide. [Andras Iklody] + + User guide for cydefsig v2 +- Merge. [noud] + + botched merge..so commit..but empty. +- RBAC. [noud] + + AttributesController::edit() know's it's own attribute now for RBAC + check. +- Correlation. [noud] + + respect distribution Org only. +- Sync. [noud] + + make pull work on an event with just one attribute. +- RBAC. [noud] + + admin can always publish. +- RBAC. [noud] + + slight better left menu if no
  • items. +- RBAC. [noud] + + better users views. +- RBAC. [noud] + + servers, but add only when Manage Organization Events. +- RBAC. [noud] + + do not show New Event if no right. +- RBAC. [noud] + + just edit your own did still give edit org as well. + can be tested if now correct. +- RBAC. [noud] + + now should be okay on the checkGroup. + (mind, we have a PHP 5.3.10 (dev) and 5.2.10 (f.a.) difference. + for CakePHP should be php > 5.2.8, pear > 1.9.0 and phpunit 3.5.0) +- RBAC. [noud] + + check if $user exists, if no, not logged in. +- RBAC. [noud] + + //$user = + ClassRegistry::init('User')->findById($this->Auth->user('id')); + $this->loadModel('User'); + $user = $this->User->findById($this->Auth->user('id')); +- RBAC. [noud] + + should now respect Manage, so also edit, own and org events + in the db-update procedure as well. + ‏ +- RBAC. [noud] + + should now respect Manage, so also edit, own and org events.‏ +- RBAC. [noud] + + change the “Requested Level of User Access” items + conform "draft of Terms-ofUse and Joining Instruction".‏ +- SQL. [noud] + + add Servers.organization. +- RBAC. [noud] + + role only add could still publish her own events, + this should be not possible anymore. +- Distribution. [noud] + + removed No push leftovers as a distribution. +- SQL. [noud] + + pull-up all changes to the db model, + so MYSQL.txt has all needed for a clean start db. +- Contact reporter. [noud] + + Submit to org button in the contact reporter view – changed it + to just submit, having the tickbox to contact a person only + the submit + to org button seems a bit confusing. +- Distribution. [noud] + + removed No push as a distribution. +- Logout. [noud] + + moved logout from footer right to Global Actions. +- Distribution. [noud] + + now attributes do work same for pull like push. +- Distribution. [noud] + + let pull behave same way as a push in regard to distribution. +- Distribution. [noud] + + do not push Community nor No push conform private. +- Search attributes. [noud] + + disallow invalid combinations of types and + categories which would always throw 0 results. +- RBAC. [noud] + + name all Role i.s.o. Group. +- Version. [noud] + + show version in footer and only when logged in. +- Flags. [noud] + + correct from 50*50 to 48*48, so it's an icon size. +- Audit log. [noud] + + Following events are now being logged: + 1. Adding a new user. + 2. Deleting a user. +- Users. [noud] + + invited by filled. +- Audit log. [noud] + + Search logs allows for searching for “publish” as Action. Publish is + saved in the logs as an edit with the change being publish () => (1). + Now, edit (so unpublish) is still edit and publish is action. +- Audit log. [noud] + + Search logs and paging now works as expected (conform search + attributes). +- NIDS. [noud] + + Unpublished events with an attribute flagged for IDS signature will + create an IDS signature (should be published only). +- Whitelist. [noud] + + menu in views. +- Users. [noud] + + name Delete User on button i.s.o. Delete. +- Users. [noud] + + inactive Delete during edit of My Profile. +- Users. [noud] + + inactive Delete User in My Profile. +- Audit log. [noud] + + paging now works. +- Minor. [noud] + + cleanup of groups, logs and whitelists views. +- ExtJs. [noud] + + does not show on production. + this is the ExtJs not being there? + or php (>5.2.8) not build without --disable-json. +- Distribution. [noud] + + border="1"-testleftover removed. +- Distribution. [noud] + + if distribution is All, so not displayed in an index nor in attributes + per event, there is missing a line-part in IE. + Did add 1 space for All, this will maybe display the line-part again. +- Dropdowns. [noud] + + let the risk dropdown in event add and edit behave like the other + dropdowns. +- Dropdowns. [noud] + + no space in edit Attribute categories dropdown. +- Internationalisation. [noud] + + just small __() for translation lateron. +- (internationalization) [noud] + + setFlash using __(), so transletable lateron. +- SQL. [noud] + + update of MYSQL.servers.sql, + not using organization field. +- Install. [noud] + + variable cydefsig home dir. +- Distribution. [noud] + + distribution changes conform func.spec. +- RBAC. [noud] + + We have a rule(?), if so: + $isAclAdd || $event['Event']['user_id'] == $me['id']. + This rule, i "have add right OR the event was and is already mine". + if that's correct, that was forgotten in the actions_menu.ctp. +- Merge branch 'master' into develop. [noud] +- Blackhole. [noud] + + full out-commented. +- Blackhole. [noud] + + revert the commit, this screws CSRF + (thanks to Christophe for noticing) +- JQuery. [noud] + + bump JQuery from 1.7.2(.min) to 1.8.2(.min). +- CakePHP. [noud] + + CakePHP update from 2.2.2 to 2.2.3 +- IDS Signature. [noud] + + corrected wrong description for IDS Signature. +- Correlation. [noud] + + to overcome a possible error on empty correlations. +- Crypt_GPG. [noud] + + small comment about debug and + small note in readme about file rights. +- RBAC. [noud] + + real inactive buttons. +- Fixed lost JS helper in EventsController. [Andrzej Dereszowski] +- GFI Sandbox. [noud] + + Replace Windows specific info in a $string with environment variables en + registry keys. +- Dropdowns. [noud] + + undo better optgroup support in dropdown in Attribute::add() + and just remove the not usable empty category. +- Dropdowns. [noud] + + better optgroup support in dropdown in Attribute::add(). +- Distribution. [noud] + + better descriptive tooltip text. +- Dropdowns. [noud] + + better optgroup support in dropdowns where 'ALL' or '' is used + in Search Attributes and Search Logs. +- Distribution. [noud] + + do not display distribution 'All' in Events index or Event view. +- Outcommented a debug (PGP related). [noud] +- Blackhole. [noud] + + add component security to GroupsController. +- Pulldowns. [noud] + + removed the select optgroup. +- Distribution. [noud] + + distribution on add is default "All". +- GFI Sandbox. [noud] + + regexp replacement of usernames. +- Distribution. [noud] + + changes and cleanup. +- Wording change. [noud] + + so this works. +- Wording change. [Andrzej Dereszowski] + + Changed Private column to Distribution + some minor vocabulary changes. +- Merge branch 'master' into develop. [noud] +- Merge branch 'master' of + ssh://misp.ncirc.nato.int/home/git/cydefsig.git. [noud] +- JQuery. [noud] + + bump JQuery from 1.7.2(.min) to 1.8.2(.min). +- CakePHP. [noud] + + CakePHP update from 2.2.2 to 2.2.3 +- IDS Signature. [noud] + + corrected wrong description for IDS Signature. +- Correlation. [noud] + + to overcome a possible error on empty correlations. +- IDS Signature description. [noud] + + wrong description for signature. + (possible commited 2 times) +- Private. [noud] + + description in event::view(). +- Merge branch 'master' into develop. [noud] +- Crypt_GPG. [noud] + + small comment about debug and + small note in readme about file rights. +- New attribute type - yara sig. [Andrzej Dereszowski] +- GFI sandbox. [noud] + + better representation of a downloadable attribute + in a link (just href the file name, not including the path). +- Private. [noud] + + Add "Pull only" as a sharing state where, + everybody does see an event, is pullable, + but will never be pushed. + + Has a generatePrivate for db conversion now. +- Private. [noud] + + Private events are true private and + running a server in 2 modes (private and sync), + so real private (red) or private to server (amber) + or full distributable (green). + + Mind this needs a change to tables events, attributes and correlation. + These are in MYSQL.private.sql. +- Merge branch 'master' into develop. [noud] +- Blackhole. [noud] + + i have an idea this blackholeCallback seems to overcome a lot of + blackhole situations we got. + Notably during deleting multiple events from the index, + this improved not getting a blackhole a lot. +- GFI Sandbox. [noud] +- Routes (logs pagination) [noud] + + recommitted to be sure it's in repo. +- RBAC. [noud] + + Group in user profile is no link. +- Merge branch 'master' into develop. [noud] +- Code Standards. [noud] + + Given xxx.default.php, do not check database.php anymore. +- RBAC. [noud] + + more correct deactivated buttons being gray but as well having no + effect. +- RBAC. [noud] + + removed a leftover on in-activating buttons that did show on IE. +- Merge branch 'master' into develop. [noud] +- NCIRC PHP security settings compatibility patch. [Andrzej Dereszowski] + + This patch corrects a small thing in Cake code that makes it compatible with open_basedir restriction NCIRC uses in /etc/php.ini + + new file: build/patches/lib_Cake_View_MediaView.php.diff +- Xxx.default.php. [noud] + + put plugins loading into bootstrap.default.php +- Groups. [noud] + + Do not delete group if there is still Users as children. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Config/bootstrap.php +- Cosmetic changes. [Andrzej Dereszowski] + + Descriptions in the export functionality polished. +- Merge branch 'master' of + ssh://misp.ncirc.nato.int:55555/home/git/cydefsig. [Andrzej + Dereszowski] +- Configuration files renamed to better handle git merges on production + systems. [Andrzej Dereszowski] + + Please add new features with their default values. Their should contain only example values. + + renamed: app/Config/bootstrap.php -> app/Config/bootstrap.default.php + renamed: app/Config/core.php -> app/Config/core.default.php + renamed: app/Config/database.php -> app/Config/database.default.php +- Merge branch 'master' into develop. [noud] +- Comment. [noud] + + The actual view to be able to send comment to Org or Owner/user_id. +- Export. [noud] + + Use config CyDefSIG.name in NIDS export. +- Comment. [noud] + + Be able to send comment to Org or Owner/user_id. +- Version. [noud] + + Display a version in header. +- Export. [noud] + + /CyDefSig/MISP/ in NIDS export. +- Validation. [noud] + + corrected again..filename was wrong, + filename|md5 was correct. + so reverted the filename|md5 change. +- Code Standards. [noud] + + Somehow 2 "!"s got lost in Attribute.php. + Somehow one change from type_definitions to typeDefinitons sliped + through. +- Audit log. [noud] + + Edit user (now?) needs an extra check on the second password. +- Merge branch 'master' into develop. [noud] +- Code Standards. [noud] + + Cleanup (again) the AppHelper. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Config/bootstrap.php +- CakePHP. [noud] + + Removed diffs that already are placed in build/patches. +- CakePHP. [noud] + + Update from CakePHP to version 2.2.2 + as well as needed patch files. +- Db. [noud] + + small notes about database. +- Continious Integration. [noud] + + Jenkins makefile. +- Audit log. [noud] + + System operators readme message. +- Merge branch 'master' into develop. [noud] +- CakePHP. [noud] + + To be able to update CakePHP (regularly), + we found the current differences and now + put these diffs to build/patches. + + Patches are now relative to $CakePHP_HOME. +- Code Standards. [noud] + + For the moment we use this given we do have Jenkins, + but not the ssh keys in place for Jenkins to connect to Git. +- Audit log. [noud] + + After change plugins, forgot to skip revision in SysLogLogableBehavior. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Controller/AppController.php + app/Controller/AttributesController.php + app/Controller/EventsController.php + app/Controller/ServersController.php + app/Controller/UsersController.php + app/Model/Attribute.php + app/Model/Event.php + app/Model/Server.php + app/Model/User.php + app/View/Attributes/edit.ctp + app/View/Attributes/index.ctp + app/View/Elements/actions_menu.ctp + app/View/Events/add.ctp + app/View/Events/index.ctp + app/View/Events/view.ctp + app/View/Events/xml/view.ctp + app/View/Servers/index.ctp + app/View/Users/admin_index.ctp +- Merge and code standards. [noud] + + Forgot to clean View/Helper/AppHelper.php. + Changed underscore method names to private and protected where + appropriate given phpcs code standards errors. +- Merge. [noud] + + validateAttributeValue always has to return true. +- Merge (code_standards into master) [noud] + + Small correction to git manual merge where i did forgot 2 lines in + NidsExportComponent.php so NIDS export did not work anymore. (is okay + again now.) +- Merge branch 'coding_standards' [noud] + + Conflicts: + app/Controller/Component/NidsExportComponent.php +- Pagination. [noud] + + Same pagination in Events as in Attributes. +- CakePHP. [noud] + + Located the patches done to CakePHP to be able to upgrade CakePHP. +- CakePHP Coding Standards. [noud] + + Not return in a switch but after that switch statement. +- CakePHP Coding Standards. [noud] + + changed to camel caps format where needed. +- CakePHP Coding Standards. [noud] + + http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html + + Eclipse: + Window->Preferences + General->Editors->Text Editors + Displayed tab width: 4 + Insert spaces for tabs NOT + PHP->Code Style->Formatter + Tab policy: Tabs + File->Convert Line Delimeters To->Unix [default] + + http://mark-story.com/posts/view/static-analysis-tools-for-php + for instance: + phpcs --standard=CakePHP app/Model/ + + Not yet done is all camel caps format. +- IE. [noud] + + no scrollbars during print fixed wrong, + now overflow visable i.s.o. hidden. +- IE. [noud] + + no scrollbars during print. +- Merge branch 'master' of + ssh://misp.ncirc.nato.int/home/git/cydefsig.git. [noud] + + Conflicts: + app/Controller/Component/NidsExportComponent.php +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej + Dereszowski] +- Merge branch 'master' of git@code.lab.modiss.be:cydefsig.git. + [Christophe Vandeplas] +- Temporary workaround for bug in slow NIDS export. [Christophe + Vandeplas] +- Whitelist. [noud] + + Seemingly we can not do name resolving(?), + function nametoipl containing gethostbynamel removed. +- GFI sandbox import. [noud] + + Replace Windows environment variables + %UserProfile% and %AllUsersProfile%. +- GFI sandbox import. [noud] + + do not load non existing stored_created_file. +- Better placement of plugins (touching RBAC & Audit log) [noud] + + If it's just an existing behavior or lib, + place it in a plugin directory structure in /plugins. + + If there is a need to change an extern existing plugin, + extend the existing plugin by a new plugin in /app/Plugin. + + This way there is a very clean devision between own and external code. + The external code can be updated without touching own nor changed code. +- RBAC. [noud] + + Forgot to call saveAcl in Groups::add(). + (to correct wrong behavior, edit group, + do not change any and button submit.) +- RBAC. [noud] + + Terms page missed button deactivation. +- XML related. [noud] + + Made tools/curl/input/event.xml more anonymous. + Events/xml/view.ctp wrongly showed category_order. + REST Event add did not work anymore given GFI sandbox import. +- Merge branch 'master' into develop. [noud] + + Conflicts: + app/Controller/EventsController.php + app/Model/Attribute.php + app/View/Events/view.ctp +- Sync & Correlation. [noud] + + During sync and correlation = db, + an attachment or malware did not get processed into + Attribute.data, so will not be synced. + Now, conform other correlation methods being 'default' or 'sql' + the attachment or malware is synced as well. + (master has been synced with mil.be not using db correlation, + so should have the data.) +- NIAS. [noud] + + CyDefSIG.showowner=false, to not show email. + CyDefSIG.sync=false, to not show the text 'private'.*) + + *) note, this does remove List Servers and no sync from NATO + to MIL.be in functionality besides missing the account so credentials + there. +- Merge branch 'master' of + ssh://misp.ncirc.nato.int/home/git/cydefsig.git. [noud] +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej + Dereszowski] +- Removed published from. [Christophe Vandeplas] +- REST. [noud] + + Small correction to delete attribute after uuid change. +- Login. [noud] + + small shell script to reset password. Used like: + ./Console/cake password +- Sync. [noud] + + On publish and no configured GnuPG, do tell + event is published but no email sent. +- Sync and REST. [noud] + + REST delete event working again after uuid change. +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej + Dereszowski] +- Fixes inconsistent relatedAttributes and relatedEvents arrays with + different correlation implementations. [Christophe Vandeplas] +- Removes 'Published from' reference. [Christophe Vandeplas] +- Sync and gpg. [noud] + + If no gnupg installed.. do not tell, for NIAS demo. +- Validation. [noud] + + add event and empty info now does not MethodNotAllowedException + but Flash and show the invalid. +- Sync. [noud] + + small correction after uuid correction, + so delete attribute works again. +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej + Dereszowski] +- Merge branch 'master' of git@code.lab.modiss.be:cydefsig.git. + [Christophe Vandeplas] +- Refactored uuid integration (moved to beforeFilter) [Christophe + Vandeplas] +- REST. [noud] + + cURL scripts, used besides example-rest.py to do REST testing. +- REST (and Sync) [noud] + + Make REST edit work. +- Sync. [noud] + + get the user and org correct, + given authkey them are known to the system. +- Further cleanup of logo improvement. [Christophe Vandeplas] +- Fixes bug of bad implementation of header logo. [Christophe Vandeplas] +- Cleaned up artifacts from refactored logo display. [Christophe + Vandeplas] +- Python REST example script. [Christophe Vandeplas] +- Improve logo and email display features. [Christophe Vandeplas] +- Fix document-root location (security) [Christophe Vandeplas] +- Database schema. [noud] + + MYSQL.txt is initial schema, so whitelist table must be inhere as well. +- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej + Dereszowski] + + Conflicts: + app/Controller/Component/NidsExportComponent.php +- Fixes bug where expired GPG keys break the email-alert system. + [Christophe Vandeplas] +- Bugfix snort rule-rewriting where some required variables were not + given to the snortRule() function. [Christophe Vandeplas] +- Minor layout improvement on the export info page. [Christophe + Vandeplas] +- Improve accuracy of http hostname detection. [Christophe Vandeplas] +- Sync. [noud] + + Database schema updated for sync and re-added event.user_id. +- Sync. [noud] + + Better square and croped images. +- Sync. [noud] + + To test it's handy to run a virtual hosted CyDefSIG having it's own + database besides an already existing CyDefSIG. + This is the Apache virtual host setup. +- Sync. [noud] + + Example data describing the NATO CyDefSIG server. +- Sync. [noud] + + The actual logos used for visable flags in Events::index. +- Sync. [noud] + + Sync worked, but we did not know what to do with user_id and org. + Now, on sync, anonymize the user_id, get the Server.organization and put + that into Event.org. + And, display owning flag if Event.user_id or get the Server.logo + belonging to Event.org (=Server.organization) when Event.user_id is + empty (=0). + + To this there is organization name and logo in bootstrap and + other organizations names and logos in Servers. +- Extra bug. [noud] + + Add attribute, do not fill in any, and hit Submit, gives error messages. +- Add attribute. [noud] + + Add attribute, do not fill in any, and hit Submit, did give error + messages. +- Correlation. [noud] + + do not use the AttributesController::event now, + just use the old EventsController::view. +- Use DS in stead of '/'. [noud] +- Delete (published) event or attribute. [noud] + + Previous, upon delete only on the local server the event or attribute + was deleted. + Now, if delete, look for same event or attribute (using it's uuid) + and delete on remote servers as well. + Also look and delete if not published, so no dangling/zombie copies + remain on remote servers. +- Authkey validation bug and cleanup of fixed bugs list. [noud] +- Authkey validation. [noud] + + An authkey with any length, so less then 40, could be entered. + Now authkey has to have a length of 40 (or higher). +- HIDS exports sorted (and small indention correction). [noud] +- Whitelist not on NidsExportComponent::urlRule. [noud] + + In hindsight, an url should not be excluded given a host or domain name. +- Correlation speedup using AttributesController i.s.o. + EventsController. [noud] + + We forgot to change some view things using the right controller. +- REST edit Event implementation. [noud] + + Now after publish, edit and (re)publish an event, + that event will be updated on the other servers. +- Event.user_id. [noud] + + Event.user_id was re-added but we still missed some, + so an added event would get user_id set to zero. + Now Event gets the correct user_id again from + the person logged in and adding. + (lateron this must not be used during sync.) +- Whitelist. [noud] + + Mention the whitelist for NDIS export on Export page. +- Whitelist. [noud] + + An admin can maintain a whitelist of host, domain name and ip numbers. + In the NIDS export lines containing whitelist items are commented out. +- Correlation performance gain. [noud] + + in Config/bootstrap.php add + Configure::write('CyDefSIG.correlation', 'sql'); + + possible values: + - default, like it was + - db, correlation in database + - sql, selection on attributes i.s.o. per attribute + (sql improvement possible if result conform db above) + + Network activity, ip-src + 30 class-C network ip addresses + (7650 tupels) (time in ms) + + default db sql + all 25366 16601 15941 + 24839 16604 15611 + paginated 16759 8447 6615 + 17734 8639 8846 + + this is used in both: + - events/view/ + - attributes/event/ +- Bug, unknown server internet name and pull. [noud] +- Fix to pulling from an unknown server. [noud] + + - a server having a non-existing internet name gives + "php_network_getaddresses: + getaddrinfo failed: Name or service not known" + on pull. +- Sync Servers, error if server no MISP or non-existing hostname. [noud] +- Sync Servers, fix if server no MISP or non-existing hostname. [noud] + + - a server containing no MISP gives "XML cannot be read." on publish. + - a server having a non-existing internet name gives + "php_network_getaddresses: getaddrinfo failed: Name or service not + known" on publish. +- Export HIDS files with MD5 and SHA-1. [noud] +- (Audit) logs. [noud] + + The writing of the log in User was done by me using calls to the PHP db + driver (during my second or third day). Very wrong given that is driver + and db dependant. Now use CakePHPs calls to have abstraction. +- GFI Sandbox upload. [noud] + + If add event, give a GFI Sandbox export file upload field option. + Unzip, read .xml, add attachment malware, created files and ip-dst. +- LogableBehavior. [noud] + + removed some debug() and fixed writing to syslog when deleting event + with attributes. +- Event.user_id rollback(-part). [noud] +- Loggable behaviour. [noud] + + some merge correction for events and servers, so we log again. +- SysLog.SysLog lib import. [noud] +- Merge branch 'develop_0.2.2-0.2.3' into develop. [Andrzej Dereszowski] + + Conflicts: + app/Config/Schema/schema_0.2.2.php + app/Config/routes.php + app/Controller/AppController.php + app/Controller/UsersController.php + app/Model/User.php + app/README.txt +- Shit. [Andrzej Dereszowski] +- Forgot LogableBehavior in the first commit. [noud] +- Audit and Access Control granulation in News page. [noud] +- Admin Paginator fix. [noud] +- DataBase migrate, Audit and Access Control granulation. [noud] +- Rollback of pagination on event view. [git] + + Comeback to previous event layout. This does not change the preformance issue so it is not worth to put in stable. + We will move it to the devel branch +- Fix, paging on event with lots of attributes. [noud] +- 2 new bugs: - event with lots of attributes has no paging. - non- + composite attribute and non-printable. [noud] +- Fixed non-printable in no-composite attribute. [noud] +- Show events with user.email if admin. [noud] +- Redo Event.user_id. [noud] +- Search Attributes fixed. [noud] +- Fixes the Search Attributes. [noud] +- Remove extra dot between filename and ext when downloading attachment. + [noud] +- News: removed some old stuff EventsController: contact mail display + name from the config file. [deresz] +- Merge branch 'develop_0.2.2_fixes' into develop. [Andrzej Dereszowski] + + Conflicts: + app/Model/Attribute.php +- New bug.. type filename|md5, conform type md5 strtolower. [noud] +- Fix, do strtolower on types filename|md5 and filename|sha1 conform + types md5 and sha1. [noud] +- New bug, authError gets displayed before login. [noud] +- Fix to authError getting displayed before login. [noud] +- Upload always ticked if malware-sample, always unticked if attachment. + [noud] +- Corrects the download in IE fix, to filename.ext.zip or filename.ext. + (Got filename.ext.zip.zip for attachment and filename.ext.ext for + malware given the previous fix) [noud] +- New bug, Add User and validation error gives extra authkey not + defined. [noud] +- Fix to New User, some validation error then authkey not defined. + [noud] +- Download attachment does not work on MS Internet Explorer. This _can_ + be a fix, not sure. If not, CakePHP bug #2554 or others. [noud] +- One extra bug (IE download). [noud] +- Correction to upload so zip only ticked when malware and not when + attachement. [noud] +- Do validation after edit attribute. [noud] +- Bug found. [noud] +- Fix to: Add attribute, non-valid, correct, ´black-holed´. [noud] +- Only show categories with type attachment or malware-sample in Add + Attachement view. (this was..No possibility to upload if type + attachement or malware-sample is not in category.) [noud] +- 2 extra bugs found. [noud] +- No possibility to upload if type attachement or malware-sample is not + in category. [noud] +- List of outstanding and fixed bugs. [noud] +- Edit composite attribute to non-composite attribute fix. [noud] +- Make the documentation "brand-neutral" to be able to develop it in a + community. [deresz] +- Use CyDefSIG.name from Config in alert e-mail subjects. [deresz] +- Correction to "link" attribute type - links were not actually created. + Also changed it to proper "cake" way. [deresz] +- Some modifications to category/attribute matrix. MISP database is now + compatible for sync with CyDefSIG. [deresz] +- Merge branch 'develop' of code.lab.modiss.be:cydefsig into + develop_0.2.2_fixes. [Andrzej Dereszowski] +- Forgot debug comment. [Christophe Vandeplas] +- Improved NIDS output. [Christophe Vandeplas] +- Fixed silly bug in priority assignment of nids export. [Christophe + Vandeplas] +- Fixed nids snort rule conversion because of greedy * and + [Christophe + Vandeplas] +- Minor improvement in usability on index pages. [Christophe Vandeplas] +- Improvement of nids - level and message. [Christophe Vandeplas] +- Micro fix in nids export. [Christophe Vandeplas] +- Changed classtype. [Christophe Vandeplas] +- First migration script for misp0.2 to misp1.0 (not finished) + [Christophe Vandeplas] +- Some improvement on database level. [Christophe Vandeplas] +- Fix an php error when importing attributes with incorrect type - + category validation. [Christophe Vandeplas] +- Updated DB structure. [Christophe Vandeplas] +- Fixing bug created in commit 957e4f232bbfc58ff6630c7da8353d57316e4973. + [Christophe Vandeplas] +- Minor memory usage improvements by referencing in foreach ($array as + &$value) loop. [Christophe Vandeplas] +- Cleanup of comments and todos minor memory performance improvement. + [Christophe Vandeplas] +- Fixed bug in termsaccepted. [Christophe Vandeplas] +- Info on how to use a same CakePHP lib directory for multiple + instances. [Christophe Vandeplas] +- Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop. + [Christophe Vandeplas] +- Cleanup of directory. [Christophe Vandeplas] +- Updated console version from newer cakephp. [Christophe Vandeplas] +- Removed reference to useless user_id. fixed bug where Contact reporter + doesn't work when user does not exist (contact reporter now sends + mails to all the org) [Christophe Vandeplas] +- Servers.lastpushedid and Servers.lastpulledid. [noud] +- Admin Paginator fix. [noud] +- Revert "Audit and ACL first cut." [root] + + This reverts commit 5818231f4841bc862f2ad5bdaf70648a811250e9. +- Audit and ACL first cut. [noud] +- Revert "Audit database table." [noud] + + This reverts commit f5bf89e62408c29a02b27e5e0be5d2356412fa27. +- Audit database table. [noud] +- I think comment should not be correlated neither but correct me if I'm + wrong. [Andrzej Dereszowski] +- Fixed huge SQL injection vulnerability created in bruteforce + protection. Shame on me !!! [Christophe Vandeplas] +- Minor change. [Christophe Vandeplas] +- Implementation of a anti-brute-force password guessing mechanism. + [Christophe Vandeplas] +- Sanitize::html() to h() for views is the way to go. [Christophe + Vandeplas] +- Unique attribute for nids export. [Christophe Vandeplas] +- Removed description field ( should be replaced by comment ) + [Christophe Vandeplas] +- Better error outputting. [Christophe Vandeplas] +- Attribute types validation is now a separate function that uses the + Attribute->type_definitions variable. [Christophe Vandeplas] +- Forgot to add js to previous commits. [Christophe Vandeplas] +- Minor fixes. [Christophe Vandeplas] +- Fixes security issue (overwrite existing event) [Christophe Vandeplas] +- Select boxes with filtering now. [Christophe Vandeplas] +- Improved documentation. [Christophe Vandeplas] +- Minor fix in Attribute tooltip more documentation (autogenerated) + [Christophe Vandeplas] +- Fixed merge conflicts with HEAD at belmod Merge branch 'develop' of + code.lab.modiss.be:cydefsig into develop. [Andrzej Dereszowski] + + Conflicts: + app/Controller/EventsController.php + app/Model/Attribute.php +- Part of the documentation added - docu written by Miguel Soria Machado + (CERT-EU) [Christophe Vandeplas] +- Fixed error when type was not set. [Christophe Vandeplas] +- Fixed logic bug. [Christophe Vandeplas] +- Only sync event on publish when sync feature is on. [Christophe + Vandeplas] +- Auto-upload when publish event. [Christophe Vandeplas] +- Moved some functions around. [Christophe Vandeplas] +- Push / pull seems to work with attachment support. Lots of testing + required. [Christophe Vandeplas] +- Limit saveAssociated using fieldList. [Christophe Vandeplas] +- Attachment support in REST API. [Christophe Vandeplas] +- REST XML request also received base64 encoded file content. + [Christophe Vandeplas] +- Minor layout improvement. [Christophe Vandeplas] +- Fixes previous commit. [Christophe Vandeplas] +- Layout improvement in attribute display. [Christophe Vandeplas] +- Workaround for bug where uuid is not set when empty. See bug + http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2893. + [Christophe Vandeplas] +- Fix bug when editing attributes. [Christophe Vandeplas] +- Fixes typo in alert message. [Christophe Vandeplas] +- Help messages implementation (forms and list views). [Andrzej + Dereszowski] +- Explanation messages implemenented for forms and for list views (using + "title" html element) [Andrzej Dereszowski] +- Fix recommendation of pentest for autocomplete. [Christophe Vandeplas] +- Fixes bug where event is not unpublished when attribute is edited. + [Christophe Vandeplas] +- Fixes bugs in NIDS export with duplicate SIDs. [Christophe Vandeplas] +- . [Christophe Vandeplas] +- Fixes event with no attributes in REST request. [Christophe Vandeplas] +- Fixes problem of not being able to import events with single + attribute. [Christophe Vandeplas] +- Added CyDefSIG.name to allow changing the title of the site. + [Christophe Vandeplas] +- Fixes issue 67. [Christophe Vandeplas] +- More fixes for the sync. [Christophe Vandeplas] +- Basic sync push seems to work. [Christophe Vandeplas] +- Fixes security bug in XML REST request. [Christophe Vandeplas] +- Do not show related events if the variable was not set. [Christophe + Vandeplas] +- Fixes lowercase attribute bug in xml output of Events/view and hide + value1 and value2 from the output. [Christophe Vandeplas] +- Fixes issue 64. [Christophe Vandeplas] +- Moved alert email functionality to separate function _sendAlertEmail() + REST event add requests also send out mails where necessary. + [Christophe Vandeplas] +- Fixes issue 66 - https://code.lab.modiss.be/p/cydefsig/issues/66/ + [Christophe Vandeplas] +- Fixes bug in discovered while running migrate02to021 script. + [Christophe Vandeplas] +- Split value to value1 and value2. You need to update the DB schema and + run /events/migrate02to021 to migrate the data. [Christophe Vandeplas] +- Bugfix in Attribute validation Do not search for related attributes + for specific types. [Christophe Vandeplas] +- Fixed typo. [Christophe Vandeplas] +- Merge commit '280baac98902789ee69186539474a2e82156659e' into develop. + [Christophe Vandeplas] + + Resolved Conflicts in: + app/View/Events/view.ctp +- Patched deleting of attributes. [Andrzej Dereszowski] +- Minor cosmetic changes. [Andrzej Dereszowski] +- REST POST of event and signatures works (basics, no error-handling) + [Christophe Vandeplas] +- Start of documentation concerning REST. [Christophe Vandeplas] +- Allow saving of data using REST API. [Christophe Vandeplas] +- Logging in for REST using Authorized HTTP header field. [Christophe + Vandeplas] +- Fix db engine. [Christophe Vandeplas] +- Db structure for sync functionality. [Christophe Vandeplas] +- Add, edit, delete and (basic) Manual Sync server functionality added. + [Christophe Vandeplas] +- Micro usability improvement. [Christophe Vandeplas] +- Moved security to see profile to isAuthorized to keep consistency. + [Christophe Vandeplas] +- XML format for attributes index. [Christophe Vandeplas] +- Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop + Fixed conflicts in: app/View/Events/view.ctp. [Christophe Vandeplas] +- Minor changes: - when admin adds a user, auth key is automatically + suggested - auth refresh is performed after user edition. [Andrzej + Dereszowski] +- Fix for the routing problem on admin-privileged users. All links that + need to be routed to admin-prefixed method have to have 'admin' => + true in the parameters. [Andrzej Dereszowski] +- - some bugfixes in validation corrected - new attribute type - link to + external site. [Andrzej Dereszowski] +- Bug fixes in the admin view - password changing for other users - + corrected admin_view. [Andrzej Dereszowski] +- - small bug with "No GPG key" message marked in the code - path to + homedir for GPG added in User.php. [Andrzej Dereszowski] +- - Attributes index view fixed (attachments) [Andrzej Dereszowski] +- - signatures are displayed by category always in the same order + defined in model. [Andrzej Dereszowski] +- Minor correction: - login page does not display "invalid user" when + first time presented to the user - "Log Off" button removed from the + print view. [Andrzej Dereszowski] +- Logo position corrected. [Andrzej Dereszowski] +- Merge commit 'dee8a866e691fde2eedbd9a2418a6027f88d07cf' into develop. + [Christophe Vandeplas] +- Fixed bug where GPG homedir was not set in a few places. [Christophe + Vandeplas] +- Implemented basics for private, nonsyncable, Events or Attributes. + [Christophe Vandeplas] +- First version or REST API to export data. [Christophe Vandeplas] +- Minor changes. [Christophe Vandeplas] +- Forgot updated default layout for info bloxes. [Christophe Vandeplas] +- Added some infoboxes when adding Attributes. [Christophe Vandeplas] +- Allow publishing of events without sending email. [Christophe + Vandeplas] +- Fixed minor CSRF vulnerability + added google link on vulnerability + type. [Christophe Vandeplas] +- First experimental test of importing events from a remote server. Only + new events are imported. [Christophe Vandeplas] +- Fixed minor bugs. [Christophe Vandeplas] +- Changed alerted -> published other minor fixes. [Christophe Vandeplas] +- Minor change in getRelatedAttributes function. [Christophe Vandeplas] +- Filename|sha1 data validation. [Christophe Vandeplas] +- Filename|sha1. [Christophe Vandeplas] +- Fix admin routing. [Christophe Vandeplas] +- Added a migrate() function to generate uuid for events and attributes + that didn't have an uuid. [Christophe Vandeplas] +- Renamed Signature to Attribute. [Christophe Vandeplas] +- XML export ... woohoo !!! [Christophe Vandeplas] +- Number of entries in the index lists. [Christophe Vandeplas] +- Fix error when there are no related events/signatures, or simply + signatures. [Christophe Vandeplas] +- Forgot to update DB structure after category support. [Christophe + Vandeplas] +- Micro HTML bugfixes in views. [Christophe Vandeplas] +- Preformance improvement when searching for related events (by reusing + results from related signatures search) [Christophe Vandeplas] +- Md5 and sha1 hashes now automatically lowercase cleaned up some code + and fixed some vulnerabilities. [Christophe Vandeplas] +- Print Cascading Stylesheets and minor layout fixes. [Christophe + Vandeplas] +- Extra vulnerability type. [Christophe Vandeplas] +- Implemented file-upload of attachment or password protected malware- + samples. Base code contributed by Andrzej Dereszowski. [Christophe + Vandeplas] +- Confirm password functionality (thanks to Andrzej) [Christophe + Vandeplas] +- Updated DB structure. [Christophe Vandeplas] +- Minor micro changes. [Christophe Vandeplas] +- Signature is now known as Attribute. [Christophe Vandeplas] +- Not finished editing -> not published. [Christophe Vandeplas] +- Whatever. [Christophe Vandeplas] +- Graph for Signatures Type per organisation. [Christophe Vandeplas] +- Fix bug of login/authinfo not refreshed when reseting authkey. + [Christophe Vandeplas] +- Layout improvements. [Christophe Vandeplas] +- IsAuthorized now handles permissions on admin,delete,edit,... actions. + [Christophe Vandeplas] +- UUID support for syncing. [Christophe Vandeplas] +- Rename Finish Edit to Publish Event. [Christophe Vandeplas] +- Fixes bug: to_ids should be there otherwise you cannot edit the + signature to change the "to_ids" checkbox. By Andrzej Dereszowski. + [Christophe Vandeplas] +- Cleanup old __('Actions') and non echo __() [Christophe Vandeplas] +- Updated DB structure and content. [Christophe Vandeplas] +- Migration to CakePHP 2.1. Most of the functionality migrated, Q&A + review required. [Christophe Vandeplas] +- Terms and Conditions and News splashpage Updated DB structure: ALTER + TABLE `users` ADD `termsaccepted` TINYINT( 1 ) NOT NULL , ADD + `newsread` DATE NOT NULL. [Christophe Vandeplas] +- Micro change in export text. [Christophe Vandeplas] +- Temporary workaround for problem to edit profile. [Christophe + Vandeplas] +- Implement batch import of signatures. [Christophe Vandeplas] +- Powered by. [Christophe Vandeplas] +- Export to text formats. [Christophe Vandeplas] +- Fixed information disclosure vulnerability on groups pages. + [Christophe Vandeplas] +- Updated README based on feedback from Jeroen Vanderauwera and some + corrections. [Christophe Vandeplas] +- Show org for admin. [Christophe Vandeplas] +- Show link between events on the signature level. [Christophe + Vandeplas] +- Reverted sort order of Signature Types Histogram. [Christophe + Vandeplas] +- Changed sort-order of Signature Types Histogram. [Christophe + Vandeplas] +- Snort signature type is now exported to NIDS and cleaned up. + [Christophe Vandeplas] +- Updated table structure. [Christophe Vandeplas] +- Allows the user to choose a custom NIDS start SID. [Christophe + Vandeplas] +- Added more clear Edit Profile button - + https://code.lab.modiss.be/p/cydefsig/issues/29/ [Christophe + Vandeplas] +- Miror layout improvements in emails. [Christophe Vandeplas] +- Fixes HTML entities in email. [Christophe Vandeplas] +- Data validation - duplicate signatures for same event. [Christophe + Vandeplas] +- Bugfix userslist and types_histogram. [Christophe Vandeplas] +- List number of events shared by Org list type of signatures shared by + Org. [Christophe Vandeplas] +- Allow string-in-file. [Christophe Vandeplas] +- Snort signature type has no datavalidation. [Christophe Vandeplas] +- Added 'snort' signature type. [Christophe Vandeplas] +- Added 'snort' signature type. [Christophe Vandeplas] +- Database structure and rough license. [Christophe Vandeplas] +- List members (orgs) of the platform. [Christophe Vandeplas] +- Allow to hide (default) the name of the Organisation that posted the + event. [Christophe Vandeplas] +- Fixed filesystem permissions. [Christophe Vandeplas] +- Default To IDS checkbox is checked. [Christophe Vandeplas] +- To_nids renamed to to_ids and implemented. [Christophe Vandeplas] +- Stylesheet improvements. [Christophe Vandeplas] +- Shows ID in event list and detail. [Christophe Vandeplas] +- Micro fix. [Christophe Vandeplas] +- Contact reporter now lets a user add a custom message. [Christophe + Vandeplas] +- Cleaned workaround for empty password behavior of Auth component. + [Christophe Vandeplas] +- Add basic XSRF protection for add, edit actions. [Christophe + Vandeplas] +- Minor fixes in git repo. [Christophe Vandeplas] +- Authkey reset functionality and fixed bugs in users_controller. + [Christophe Vandeplas] +- Events/snort is now refactored to events/nids Backwards compatibility + with the url is still kept. [Christophe Vandeplas] +- Implemented relations dynamically. [Christophe Vandeplas] +- Removed forgotten comment. [Christophe Vandeplas] +- Fixes authkey generation. [Christophe Vandeplas] +- Added missing files. [Christophe Vandeplas] +- Fixed Snort export - DNS format. [Christophe Vandeplas] +- Xml export now done properly fixed bug in xml export. [Christophe + Vandeplas] +- Changed snort rule message. [Christophe Vandeplas] +- Minor fixes. [Christophe Vandeplas] +- Fixed email + gpg alert bugs. [Christophe Vandeplas] +- Color improvement in notification message. [Christophe Vandeplas] +- Better color-based error messages. [Christophe Vandeplas] +- Moved getRelatedEvents() to Event model. [Christophe Vandeplas] +- Micro improvement. [Christophe Vandeplas] +- Related info also in alert email. [Christophe Vandeplas] +- Added relation between events (implementation not yet ideal) + [Christophe Vandeplas] +- Added AS a signature type. [Christophe Vandeplas] +- Only send out encrypted alerts if set in bootstrap config file. + [Christophe Vandeplas] +- Export info in separate page. [Christophe Vandeplas] +- Minor layout improvements. [Christophe Vandeplas] +- Minor change. [Christophe Vandeplas] +- Initial import. [Christophe Vandeplas] + + diff --git a/Changelog-PyMISP.txt b/Changelog-PyMISP.txt new file mode 100644 index 0000000..0afdee4 --- /dev/null +++ b/Changelog-PyMISP.txt @@ -0,0 +1,4262 @@ +Changelog +========= + + +v2.4.151 (2021-11-19) +--------------------- + +New +~~~ +- Add Blind Carbon Copy (bcc) headers. [Sami Tainio] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- [feed-generator] Make the feature to exlude attribute type more + generic. [Sami Mokaddem] +- [feed-generator] Added exclude malware samples option. [Sami Mokaddem] +- Bump deps, chardet is required by pyfaup. [Raphaël Vinot] +- Removed a whitespace. [Sami Tainio] +- Keep strict and generate attributes when needed. [Raphaël Vinot] +- Slight changes regarding timezones. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Unified constructors. [Thomas Dupuy] +- Slight changes regarding timezones. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [types] remove the duplicate. [Alexandre Dulaunoy] +- [describeTypes] remove duplicate filename-pattern. [Alexandre + Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Bump many dependencies. [Raphaël Vinot] +- Add in test case for get_sharing_group and validate orgs are present. + [Tom King] +- Improve sharing groups, bring back organsations included and ability + to get specific SG. [Tom King] +- Add in test case for searching against orgs and users. [Tom King] +- Add ability to search against orgs and users by freetext search (both) + or organisation (users) [Tom King] +- [test] Check if all category types exists. [Jakub Onderka] +- Bump changelog. [Raphaël Vinot] +- [py] Typo. [Steve Clement] +- [describeTypes] updated to include ssh-fingerprint. [Alexandre + Dulaunoy] + +Fix +~~~ +- [feed-generator] Revert back the event initial search to use the index + endpoint instead of RestSearch. [Sami Mokaddem] + + Relying on RestSearch was offering more flexibility than index in terms of filtering options, + however, it might introduce a significant overhead potentially leading to timeout. +- PyMISP.get_user_setting method. [Jakub Onderka] +- [tests] Remove debug prints. [Jakub Onderka] +- Fix final nosetest. [Tom King] +- Fix nosetests. [Tom King] +- [types] Update types to use `filename-pattern` type. [Jakub Onderka] +- [test] Remove debug print. [Jakub Onderka] +- [test] Correct error messages for blocked event. [Jakub Onderka] +- Missing import in __init__ [Raphaël Vinot] + + Fix #796 +- [tests] Fixed stix test. [chrisr3d] +- [py] Typo. [Steve Clement] + +Other +~~~~~ +- Update README.md. [Raphaël Vinot] + + +v2.4.148.1 (2021-09-30) +----------------------- + +New +~~~ +- Add few keys to email object creator. [Raphaël Vinot] + + Fix #787 +- Test cases for edit objects and upload stix. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [doc] Minor fixes, note and typo. [Steve Clement] +- Bump deps. [Raphaël Vinot] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Update tutorial for custom objects. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump live tests. [Raphaël Vinot] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [types] updated types/categories mapping. [Christophe Vandeplas] +- Remove test files. [Raphaël Vinot] +- Automatically pull the malwares repo when running + tests/testlive_comprehensive.py. [Raphaël Vinot] +- Remove submodules with malware. [Raphaël Vinot] +- Add test for updating a objects from a custom template. [Raphaël + Vinot] +- Re-bump changelog. [Raphaël Vinot] + +Fix +~~~ +- Message_from_bytes really dislikes newline at the beginning of a mail. + [Raphaël Vinot] +- Skip IPs in Received header. [Raphaël Vinot] +- Name is passed to super. [Raphaël Vinot] +- Do not create empty manifest, json load dislikes it. [Raphaël Vinot] +- Initial round of cleanup on redis feed generator. [Raphaël Vinot] +- Upload of STIX document with non-ascii characters. [Raphaël Vinot] + + Due to: https://github.com/psf/requests/issues/5560 + + TL;DR: a variable of type str passed to data in a POST request will be + silently re-encoded to ISO-8859-1, making MISP barf on the other side. +- Remove outdated deps from setup.py. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/7729 + +Other +~~~~~ +- Remove unicode to ascii parts. [Sami Tainio] +- Fix #787 and add Unicode to ASCII function. [Sami Tainio] + + Fix #787 + - Uses regex to pick up the hostnames/domains from the "Received: from" headers. + + Unicode to ASCII function + - Spam messages more often than not contain junk text as unicode characters in the headers. The "from" and "subject" headers being the most common ones. Before this change the script would error on such emails or sometimes replace the unicode characters with questionmarks "?". + - Function takes argument as an input and then encodes it in ascii while ignoring any malformed data. It then returns an ASCII string without the unicode characters. + - Currently implemented for "from" and "subject" handling. +- Update README.md. [Raphaël Vinot] + + Not using travis anymore. + + +v2.4.148 (2021-08-05) +--------------------- + +New +~~~ +- Method `sharing_group_exists` [Jakub Onderka] +- Method `update_sharing_group` [Jakub Onderka] +- Save one REST call when initialize PyMISP class. [Jakub Onderka] +- Method `organisation_exists` [Jakub Onderka] +- Method `sharing_group_exists` [Jakub Onderka] +- Method `update_sharing_group` [Jakub Onderka] +- `to_dict` method supports `json_format` parameter. [Jakub Onderka] +- Method `organisation_exists` [Jakub Onderka] +- Method `sharing_group_exists` [Jakub Onderka] +- Method `update_sharing_group` [Jakub Onderka] +- Save one REST call when initialize PyMISP class. [Jakub Onderka] +- Method `organisation_exists` [Jakub Onderka] +- Method `sharing_group_exists` [Jakub Onderka] +- Method `update_sharing_group` [Jakub Onderka] +- Exclude decayed attributes in search. [Raphaël Vinot] + + Fix #753 + +Changes +~~~~~~~ +- Bump objects template. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Remove duplicates tests. [Raphaël Vinot] +- [testlive_comprehensive] correct path to access sharing group + releasability after edit. [iglocska] +- Properly validate update_sharing_group without pythonify. [Raphaël + Vinot] +- Bump missing dep. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [testlive_comprehensive] correct path to access sharing group + releasability after edit. [iglocska] +- [authkey test] removed from testlive_comprehensive. [iglocska] + + - the default now enables advanced authkeys making the retriaval of keys impossible after the user creation +- Do not load schema for event when not necessary. [Jakub Onderka] +- Bump deps. [Raphaël Vinot] +- `get_taxonomy` supports namespace. [Jakub Onderka] +- Properly validate update_sharing_group without pythonify. [Raphaël + Vinot] +- Bump missing dep. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [testlive_comprehensive] correct path to access sharing group + releasability after edit. [iglocska] +- [authkey test] removed from testlive_comprehensive. [iglocska] + + - the default now enables advanced authkeys making the retriaval of keys impossible after the user creation +- Do not load schema for event when not necessary. [Jakub Onderka] +- Bump deps. [Raphaël Vinot] +- `get_taxonomy` supports namespace. [Jakub Onderka] +- Properly validate update_sharing_group without pythonify. [Raphaël + Vinot] +- Bump missing dep. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [testlive_comprehensive] correct path to access sharing group + releasability after edit. [iglocska] +- [authkey test] removed from testlive_comprehensive. [iglocska] + + - the default now enables advanced authkeys making the retriaval of keys impossible after the user creation +- Do not load schema for event when not necessary. [Jakub Onderka] +- Bump deps. [Raphaël Vinot] +- `get_taxonomy` supports namespace. [Jakub Onderka] +- Update mypy, change accordingly. [Raphaël Vinot] + +Fix +~~~ +- Typo in key name. [Raphaël Vinot] +- [test] test_sharing_groups. [Jakub Onderka] +- [test] test_sharing_groups again. [Jakub Onderka] +- [test] test_sharing_groups. [Jakub Onderka] +- Typo in key name. [Raphaël Vinot] +- [test] test_sharing_groups again. [Jakub Onderka] +- [test] test_sharing_groups. [Jakub Onderka] +- [test] test_sharing_groups again. [Jakub Onderka] +- [test] test_sharing_groups. [Jakub Onderka] +- Flake8 stuff. [Raphaël Vinot] +- Revert rename, fix mypy. [Raphaël Vinot] +- Properly handle the case MISP is in a sub redirect. [Raphaël Vinot] + + Fix #757 + +Other +~~~~~ +- Revert "chg: Remove legacy stix converter." [iglocska] + + This reverts commit 94ce4a367bbde9284a6f29e6e6152c91de386879. + + - breaks misp-stix converter, reverting it for now, let's find a way to deprecate this without outright removing it +- Revert "chg: Remove legacy stix converter." [iglocska] + + This reverts commit 94ce4a367bbde9284a6f29e6e6152c91de386879. + + - breaks misp-stix converter, reverting it for now, let's find a way to deprecate this without outright removing it +- Revert "chg: Remove legacy stix converter." [iglocska] + + This reverts commit 94ce4a367bbde9284a6f29e6e6152c91de386879. + + - breaks misp-stix converter, reverting it for now, let's find a way to deprecate this without outright removing it + + +v2.4.144 (2021-06-07) +--------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump object templates. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] + +Other +~~~~~ +- Fix misp API response content parsing. [Silvian I] + + +v2.4.143 (2021-05-14) +--------------------- + +New +~~~ +- Method to get the raw object template. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version, deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump objects templates. [Raphaël Vinot] + +Fix +~~~ +- First-seen and last-seen on attributes and objects were not checked + for sanity. [Raphaël Vinot] +- Remove search_all example, use search instead. [Raphaël Vinot] + + +v2.4.142 (2021-04-26) +--------------------- + +New +~~~ +- Support for correlation exclusion list. [Raphaël Vinot] + + Fix #732 + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Fix test suite. [Raphaël Vinot] +- Bump objects templates. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Add comment for controller attribute in search. [Raphaël Vinot] + +Fix +~~~ +- Enable/disable feeds. [Raphaël Vinot] +- Mistake in mypy config. [Raphaël Vinot] +- Exclude data from mypy. [Raphaël Vinot] + + +v2.4.141.1 (2021-04-02) +----------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Re-bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] + +Other +~~~~~ +- Fix bump version, deps, templates. [Raphaël Vinot] +- Update README.md. [Raphaël Vinot] + + +v2.4.141 (2021-04-01) +--------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Get_uuid_or_id_from_abstract_misp accepts dict. [Raphaël Vinot] +- Remove references to ExpandedPyMISP. [Raphaël Vinot] + + Fix #721 +- Follow best practices and remove the logging handler. [Raphaël Vinot] +- Strip NULL string from value. [Raphaël Vinot] + + https://github.com/MISP/PyMISP/issues/678 +- Bump deps. [Raphaël Vinot] +- Raise exception on missing template in CSVLoader. [Raphaël Vinot] +- Bump templates. [Raphaël Vinot] +- Re-bump objects. [Raphaël Vinot] +- Bump object templates. [Raphaël Vinot] +- Add test case, fix mypy. [Raphaël Vinot] +- Take simple_value as value in MISPObject.add_attribute. [Raphaël + Vinot] + +Fix +~~~ +- Use get_uuid_or_id_from_abstract_misp in tag methods. [Raphaël Vinot] + + Fix #725 +- Skip nameless sections in ELF. [Raphaël Vinot] +- Make reportlab tests optional if missing dep. [Raphaël Vinot] +- Enable taxonomy failed if global pythonify is on. [Raphaël Vinot] +- Properly pass content-type. [Raphaël Vinot] +- Re-enable support for uploading STIX 1 documents. [Raphaël Vinot] + + Fix #711 + + +v2.4.140 (2021-03-03) +--------------------- + +New +~~~ +- Soft delete object in MISPEvent. [Raphaël Vinot] + + Fix #706 +- Add in ability to add a new cluster relation. [Tom King] +- MISP Galaxy 2.0 capability. [Tom King] +- Soft delete object in MISPEvent. [Raphaël Vinot] + + Fix #706 + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump object templates. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [describetypes] updated. [Alexandre Dulaunoy] +- Bump objects templates. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump tests for galaxy cluster. [Raphaël Vinot] +- Improve Pydoc on search method's timestamp parameter. [Raphaël Vinot] + + Fix #708 +- Bump poetry file. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [data] describeTypes updated. [Alexandre Dulaunoy] +- Add deprecation warning for Python < 3.8. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Don't parse the meta key into cluster elements on a MISPEvent, but + allow users to manually perform this action. [Tom King] +- Add in nosetests for MISP Galaxy functions, check default key as a + dict attribute not MISPAbstract attribute. [Tom King] +- Add in more Galaxy 2.0 functions and code cleanup. [Tom King] +- Add in add_cluster function and ability to search clusters within a + galaxy. [Tom King] +- Remove legacy stix converter. [Raphaël Vinot] +- Improve Pydoc on search method's timestamp parameter. [Raphaël Vinot] + + Fix #708 +- Bump poetry file. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- [data] describeTypes updated. [Alexandre Dulaunoy] +- Add deprecation warning for Python < 3.8. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] + +Fix +~~~ +- Typo in tests. [Raphaël Vinot] +- Make mypy happy in python 3.6 and 3.7. [Raphaël Vinot] +- Cosmetic changes, fix mypy. [Raphaël Vinot] +- Support text search again. [Raphaël Vinot] + + Fix #705 +- Do not add the serial-number twice. [Raphaël Vinot] +- Skip PE section if name is none AND size is 0. [Raphaël Vinot] +- Urllib3.__version__ may not have a patch number. [Raphaël Vinot] + + fix https://github.com/MISP/PyMISP/issues/698 +- Fix mispevent edit test by including default and distribution keys on + a GalaxyCluster. [Tom King] +- Support text search again. [Raphaël Vinot] + + Fix #705 +- Do not add the serial-number twice. [Raphaël Vinot] +- Skip PE section if name is none AND size is 0. [Raphaël Vinot] +- Urllib3.__version__ may not have a patch number. [Raphaël Vinot] + + fix https://github.com/MISP/PyMISP/issues/698 + +Other +~~~~~ +- Removed unused import. [Nick] +- Supress ssl warnings. [Nick] +- Re-added error checking for defaults. [Nick] +- Deleted all references to org as it's unneeded. [Nick] +- Re-added brackets. [Nick] +- Multiple updates to proofpoint example. [Nick] + + - Added additionally necessary keys to keys.py.example + - Added error check for unset keys + - Used built-in HTTP Basic Auth for requests instead of manually-created header + - Removed setting of orgc as that's pulled from the MISP key being used + - +- Removed cast of str to str. [Nick] +- Added check for invalid creds. [Nick] + + Without the added check, the script will error out on line 29 since the key doesn't exist in the dict. This at least gives a reason. +- Removed unused import. [Nick] +- Supress ssl warnings. [Nick] +- Re-added error checking for defaults. [Nick] +- Deleted all references to org as it's unneeded. [Nick] +- Re-added brackets. [Nick] +- Multiple updates to proofpoint example. [Nick] + + - Added additionally necessary keys to keys.py.example + - Added error check for unset keys + - Used built-in HTTP Basic Auth for requests instead of manually-created header + - Removed setting of orgc as that's pulled from the MISP key being used + - +- Removed cast of str to str. [Nick] +- Added check for invalid creds. [Nick] + + Without the added check, the script will error out on line 29 since the key doesn't exist in the dict. This at least gives a reason. + + +v2.4.138 (2021-02-08) +--------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] + + +v2.4.137.4 (2021-02-04) +----------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Add kw_params to tags. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump template ID in test case. [Raphaël Vinot] + + +v2.4.137.3 (2021-02-02) +----------------------- + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Fix and improve optional dependencies. [Raphaël Vinot] +- Make brotli optional. [Raphaël Vinot] + + +v2.4.137.2 (2021-02-01) +----------------------- + +New +~~~ +- Add in ability to create/update/delete MISP Event Reports. [Tom King] +- Hard delete flag for objects. [Raphaël Vinot] +- Fail if a duplicate object is added to an event. [Raphaël Vinot] +- Support brotli compression. [Jakub Onderka] +- Hard delete flag for objects. [Raphaël Vinot] +- Fail if a duplicate object is added to an event. [Raphaël Vinot] +- Add in ability to create/update/delete MISP Event Reports. [Tom King] +- Add in ability to create/update/delete MISP Event Reports. [Tom King] +- Hard delete flag for objects. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Add brotli support in the dependencies. [Raphaël Vinot] +- Make mypy happy. [Raphaël Vinot] +- Make clear that to_json returns str. [Raphaël Vinot] +- Disable correlation on malware-sample for FileObject. [Raphaël Vinot] +- Bump objects templates. [Raphaël Vinot] +- Add missing autodoc. [Raphaël Vinot] + + fix #693 +- Add in delete function for a MISP Object. [Tom King] +- Fix return of delete_event_report. [Raphaël Vinot] +- Remove critical warning if lief is not installed. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/6908 +- Bump deps. [Raphaël Vinot] +- Allow response of delete to be pythonify, add in nosetest. [Tom King] +- Add ability to get event reports from the Event ID. [Tom King] +- Remove travis file, GH Actions is better. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Remove critical warning if lief is not installed. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/6908 +- Add test case fir add_attribute and enforceWarninglist=True. [Raphaël + Vinot] +- Add testcase with breakOnDuplicate in a MISPObject. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Add test case for page/limit in logs search. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Improve docstring for get_event. [Raphaël Vinot] + + fix #686 +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Show size when the json is not loadable. [Raphaël Vinot] +- Add authenticode support in generate_file_objects. [Raphaël Vinot] +- Use lief 0.11.0, generate authenticode entries. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump deps, add 3.9 in GH. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps, objects templates. [Raphaël Vinot] +- Make clear that to_json returns str. [Raphaël Vinot] +- Disable correlation on malware-sample for FileObject. [Raphaël Vinot] +- Bump objects templates. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Add missing autodoc. [Raphaël Vinot] + + fix #693 +- Add in delete function for a MISP Object. [Tom King] +- Bump deps. [Raphaël Vinot] +- Fix return of delete_event_report. [Raphaël Vinot] +- Remove travis file, GH Actions is better. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Remove critical warning if lief is not installed. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/6908 +- Add test case fir add_attribute and enforceWarninglist=True. [Raphaël + Vinot] +- Add testcase with breakOnDuplicate in a MISPObject. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Add test case for page/limit in logs search. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Improve docstring for get_event. [Raphaël Vinot] + + fix #686 +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Show size when the json is not loadable. [Raphaël Vinot] +- Add authenticode support in generate_file_objects. [Raphaël Vinot] +- Use lief 0.11.0, generate authenticode entries. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump deps, add 3.9 in GH. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps, objects templates. [Raphaël Vinot] +- Allow response of delete to be pythonify, add in nosetest. [Tom King] +- Add ability to get event reports from the Event ID. [Tom King] +- Remove travis file, GH Actions is better. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Remove critical warning if lief is not installed. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/6908 +- Add test case fir add_attribute and enforceWarninglist=True. [Raphaël + Vinot] +- Add testcase with breakOnDuplicate in a MISPObject. [Raphaël Vinot] + +Fix +~~~ +- Flake error. [Raphaël Vinot] +- Update testlive accordingly. [Raphaël Vinot] +- Better warning if lief is outdated. [Raphaël Vinot] +- Call the AbstractMISP.from_dict at the end of the function to ensure + the edited flag remains false. [Tom King] +- Better warning if lief is outdated. [Raphaël Vinot] +- Update minimal dependency for lief in setup.py. [Raphaël Vinot] +- [dev mode only] force older jedi to avoid ipython exception. [Raphaël + Vinot] +- Add python 3.9 in GH Actions. [Raphaël Vinot] +- Update testlive accordingly. [Raphaël Vinot] +- Better warning if lief is outdated. [Raphaël Vinot] +- Update minimal dependency for lief in setup.py. [Raphaël Vinot] +- [dev mode only] force older jedi to avoid ipython exception. [Raphaël + Vinot] +- Add python 3.9 in GH Actions. [Raphaël Vinot] +- Call the AbstractMISP.from_dict at the end of the function to ensure + the edited flag remains false. [Tom King] + + +v2.4.137.1 (2021-01-21) +----------------------- + +New +~~~ +- Fail if a duplicate object is added to an event. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Add test case for page/limit in logs search. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Improve docstring for get_event. [Raphaël Vinot] + + fix #686 +- Bump changelog. [Raphaël Vinot] + +Fix +~~~ +- Better warning if lief is outdated. [Raphaël Vinot] +- Update minimal dependency for lief in setup.py. [Raphaël Vinot] + + +v2.4.137 (2021-01-20) +--------------------- + +New +~~~ +- Allow to pass an object template to MISPObject.__init__ [Raphaël + Vinot] + + MISPObject part of #6670 + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Show size when the json is not loadable. [Raphaël Vinot] +- Add authenticode support in generate_file_objects. [Raphaël Vinot] +- Use lief 0.11.0, generate authenticode entries. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump deps, add 3.9 in GH. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps, objects templates. [Raphaël Vinot] +- Add controller argument to get_csv script. [Raphaël Vinot] +- [test] file object template are now 24. [Alexandre Dulaunoy] +- [test] file object template is now at version 24. [Alexandre Dulaunoy] +- [misp-objects] updated. [Alexandre Dulaunoy] +- [type] favicon-mmh3 is the murmur3 hash of a favicon as used in + Shodan. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Clarify misp_objects_template_custom. [Raphaël Vinot] +- Add docstring for misp_objects_template_custom. [Raphaël Vinot] +- Trigger GH actions on PR. [Raphaël Vinot] +- Improve documentation of MISPAttribute.malware_binary. [Raphaël Vinot] +- Remove trailing space. [Raphaël Vinot] +- On-demand decryption of malware-binary, speeds up pythonify. [Raphaël + Vinot] +- Force a few packages versions. [Raphaël Vinot] + +Fix +~~~ +- [dev mode only] force older jedi to avoid ipython exception. [Raphaël + Vinot] +- Add python 3.9 in GH Actions. [Raphaël Vinot] +- Do not fail if extract_msg is missing. [Raphaël Vinot] +- Properly decode the body depending on the encoding of the email. + [Raphaël Vinot] + + Fix #671 +- Properly match IO in load event. [Raphaël Vinot] +- Typing on recent mypy. [Raphaël Vinot] +- Typing edge case. [Raphaël Vinot] +- Add attribute dict as proposal. [Raphaël Vinot] + +Other +~~~~~ +- Noticed that test data mail_5.msg was malformatted. Replaced with + working test msg. [seamus tuohy] +- Updated emailobject. [seamus tuohy] + + Email object no longer requires extra php libraries for install. + Tests have been expanded to improve coverage. + RTF encapsulated HTML and Plain Text will now be de-encapsulated. + The raw MSG binary will now be included in the extracted email object. +- Adding check if "from" is in the "received" header row. [nighttardis] +- Update `vmray_automation` to stay compatible with the changes made to + `vmray_import` MISP modules. [Jens Thom] +- Update mispevent.py. [Raphaël Vinot] + + +v2.4.135.3 (2020-11-24) +----------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Improve typing. [Raphaël Vinot] +- Improve add_attribute with a list. [Raphaël Vinot] + +Fix +~~~ +- Do not fail on PyMISP import when mail-parser is not present. [Raphaël + Vinot] + + +v2.4.135.2 (2020-11-24) +----------------------- + +New +~~~ +- Add Github workflow. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Improve error message if a type in missing. [Raphaël Vinot] +- [type] process-state added. [Alexandre Dulaunoy] +- Bump misp-objects. [Raphaël Vinot] +- [misp-objects] updated. [Alexandre Dulaunoy] +- Add path to CSV sample files. [Raphaël Vinot] +- [types] jarm-fingerprint added. [Alexandre Dulaunoy] + +Fix +~~~ +- Remove python 3.9 from action (lief not supported yet) [Raphaël Vinot] +- Initialize submodules in gh action. [Raphaël Vinot] +- Make mail-parser really optional. [Raphaël Vinot] + + +v2.4.135.1 (2020-11-24) +----------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version, travis install. [Raphaël Vinot] +- Make mail-parser an optional dependency. [Raphaël Vinot] + + +v2.4.135 (2020-11-23) +--------------------- + +New +~~~ +- Test parsing just email header. [Jakub Onderka] +- Test parsing outlook message format. [Jakub Onderka] +- Add tests for EmailObject. [Jakub Onderka] +- Refactored emailobject generator. [Jakub Onderka] +- Export display name from email. [Jakub Onderka] +- Parse date from email. [Jakub Onderka] +- Method to check attribute and object existence. [Jakub Onderka] +- Allow to get just event metadata after add_event and edit_event. + [Jakub Onderka] +- Method to check event existence. [Jakub Onderka] +- Add method to search for tags. [Raphaël Vinot] + + fix #648 + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Add search info field with "\" [Raphaël Vinot] +- Improve documentation of search_index. [Raphaël Vinot] +- Improve error handling for Outlook emails. [Raphaël Vinot] +- Bump object templates. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Update gitignore. [Raphaël Vinot] + + fix #613 +- Do not split a string into a list in complex query builder. [Raphaël + Vinot] + + fix #597 +- Force enable debug in test, test update tags. [Raphaël Vinot] +- Use REST search for the tags. [Raphaël Vinot] + + Related to comments on a1326f2cf2bcfd6e285188e0661b12076fe92747 +- Add typing meta. [Raphaël Vinot] + +Fix +~~~ +- [emailobject] Correctly parse multiple addresses. [Jakub Onderka] +- Test suite for exists calls. [Raphaël Vinot] +- Path for event creating and editing. [Jakub Onderka] +- Object_uuid could be None. [Raphaël Vinot] + + Fix #640 +- Last_seen has to be after first_seen, and it should habe been failing + before. [Raphaël Vinot] +- Missing f-string marker. [Raphaël Vinot] +- Fix: Docstring improvment based on @chrisinmtown's feedback. [Raphaël + Vinot] + +Other +~~~~~ +- We can now upload stix object directly. File is not necessary. [Remy + Dewailly] +- We can now upload stix object directly. File is not necessary. [Remy + Dewailly] + + +v2.4.134 (2020-11-02) +--------------------- + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Keep connection alive between requests. [Jakub Onderka] +- Bump deps. [Raphaël Vinot] +- Format docstrings in mispevent.py. [Lott, Christopher (cl778h)] + + Add ":param " prefix to parameters to improve ReadTheDocs output. + Fix some minor typos in docstrings. +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] + +Fix +~~~ +- Remove duplicate check if debug logging is enabled. [Jakub Onderka] +- Do now fail on requests returning plain text. [Raphaël Vinot] + + Fix #639 + +Other +~~~~~ +- Revert "Update .travis.yml" [Raphaël Vinot] + + lief isn't compatible with python 3.9 + + This reverts commit e10843fa33c9a08b7da4ef24cbce457be53a7459. +- Update .travis.yml. [Raphaël Vinot] + + Add python 3.9 +- Drop `encoding=` in Python 3.9. [Friedrich Lindenberg] + + +v2.4.133 (2020-10-16) +--------------------- + +New +~~~ +- [attribute type] telfhash added. [Alexandre Dulaunoy] +- [add_gitlab_user] new gitlab user fetch script to MISP object. + [Alexandre Dulaunoy] + + usage: add_gitlab_user.py [-h] -e EVENT [-f] -u USERNAME [-l LINK] + + Fetch GitLab user details and add it in object in MISP + + optional arguments: + -h, --help show this help message and exit + -e EVENT, --event EVENT + Event ID to update + -f, --force-template-update + -u USERNAME, --username USERNAME + GitLab username to add + -l LINK, --link LINK Url to access the GitLab instance, Default is + www.gitlab.com. +- [example] add_github_user example - WiP. [Alexandre Dulaunoy] + + usage: add_github_user.py [-h] -e EVENT [-f] -u USERNAME + + Fetch GitHub user details and add it in object in MISP + + optional arguments: + -h, --help show this help message and exit + -e EVENT, --event EVENT + Event ID to update + -f, --force-template-update + -u USERNAME, --username USERNAME + GitHub username to add +- Method to get the new version of the templates. [Raphaël Vinot] +- Delete tags via update_attribute, search by sharing group. [Tom King] + +Changes +~~~~~~~ +- Bump object templates. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump test cases. [Raphaël Vinot] +- [type] updated. [Alexandre Dulaunoy] +- Bump file obj version in tests. [Raphaël Vinot] +- [data] misp-objects updated. [Alexandre Dulaunoy] +- Bump build system to poetry 1.1. [Raphaël Vinot] +- [type] new type added. [Alexandre Dulaunoy] +- [add_github_user] add ssh keys of the user in the MISP object. + [Alexandre Dulaunoy] +- [add_github_user] more fields added from the GitHub API. [Alexandre + Dulaunoy] +- Bump deps, objects. [Raphaël Vinot] +- Add test for delete=True in get_event. [Raphaël Vinot] +- [add_github_user] add following to the MISP object. [Alexandre + Dulaunoy] +- Bump dependencies. [Raphaël Vinot] +- Pass a list to add_attributes. [Raphaël Vinot] +- Use MISPObject instead of GenericObjectGenerator. [Raphaël Vinot] +- [doc] add a reference to the license. [Alexandre Dulaunoy] +- Add docstrings and extend conf.py for RTD. [Lott, Christopher + (cl778h)] + + Add minimal docstrings to public methods so ReadTheDocs will display them. + Add autodoc mock import for lief so RTD can generate HTML for tools. + + This fixes issue #626 +- Remove PyMISPExpanded from the docs. [Raphaël Vinot] +- Add comments to ELF, PE, and MachO object generators. [Raphaël Vinot] +- Improve error message, add comments, rename whitelist->allowedlist. + [Raphaël Vinot] +- Remove SG search for search() func as this doesn't support SG + searching, but the index does. [Tom King] + +Fix +~~~ +- Test on macosx. [Raphaël Vinot] + + Fix #630 +- Do not modify default_attributes_parameters in MISPObject. [Raphaël + Vinot] +- Wrong call to pymisp.search_index. [Raphaël Vinot] +- Few outdated calls in the tutorial. [Raphaël Vinot] +- Make flake8 happy. [Raphaël Vinot] +- Merge SG params to allow search. [Tom King] + +Other +~~~~~ +- Fix PyMISP repo URL. [garanews] + + MISP/PyMISP vs CIRCL/PyMISP +- Fix typo. [garanews] + + fix typo +- Attempt to decode utf-8-sig encoded emails. [seamus tuohy] + + eml files downloaded from Windows Online security on some Windows 11 + systems are automatically encoded in UTF with a byte order mark (BOM) + at the front of the file. This will cause the email parser to fail. + + This is a somewhat isolated problem. It only will affects a small + subset of Windows users who download and re-upload eml files. But, + this small subset of users is the target user-base for the MISP + email module: low expertiese users who wish to quickly share + high-value indicators on an ad-hoc basis. + + While this fix could be tacked onto the MISP email module instead of + here, I beleive that this fix is more appropriate in the PyMISP object + code. As the "email" object parser this object should be built to + parse all manner of emails that it may encounter. This includes common + malformations such as this one and, even horrors such as, the .msg + format. This commit adds a generically named "attempt_decoding" + function which can be expanded to address all manner of sins that + are encountered in the future. + + +v2.4.131 (2020-09-08) +--------------------- + +New +~~~ +- [test] Validate tag removal. [Raphaël Vinot] +- [describeTypes] sha3 added. [Alexandre Dulaunoy] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- [describeTypes] updated. [Alexandre Dulaunoy] +- [describeTypes] updated. [Alexandre Dulaunoy] +- Bump objects. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump file template version. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Rename blacklist -> blocklist. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] + + +v2.4.130 (2020-08-20) +--------------------- + +New +~~~ +- Blacklist methods. [Raphaël Vinot] +- Add list of missing calls. [Raphaël Vinot] +- Add test_obj_references_export. [louis] +- Add MISPObject.standalone property. [louis] + + Setting MISPObject.standalone updates MISPObject._standalone and + add/removes "ObjectReference" from AbstractMISP.__not_jsonable using + update_not_jsonable/_remove_from_not_jsonable. +- Add AbstractMISP._remove_from_not_jsonable. [louis] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump types. [Raphaël Vinot] +- [testlive_comprehensive] Updated generic tagging method to match + changes in MISP. [mokaddem] +- Cleanup blocklist methods. [Raphaël Vinot] +- Remove outdated example. [Raphaël Vinot] + + Fix #611 +- New test_get_non_exists_event. [Jakub Onderka] +- Bump dependencies. [Raphaël Vinot] +- Enable more tests. [Raphaël Vinot] +- Make get_object return a not standalone object. [louis] +- Remove standalone default value from MISPObject children c'tor. + [louis] + + MISPObject.__init__ sets standalone=True by default, so there is no + need to do it in its child classes. +- Make MISPObject standalone by default. [louis] + + standalone defaults to True in MISPObject.__init__, and is set to False + when the object is added to an event. +- Add MISPObject._standalone type. [louis] + +Fix +~~~ +- Bump file template version. [Raphaël Vinot] +- Test_get_non_exists_event. [Jakub Onderka] +- IP removed from the public DNS list. [Raphaël Vinot] +- Example using deprecated calls. [Raphaël Vinot] + + fix #602 +- Add STIX XML output for the search. [Raphaël Vinot] + + Use stix-xml as return_format. + + Fix #600 https://github.com/MISP/MISP/issues/5618 +- Dummy event example. [Raphaël Vinot] + + Fix #598 + +Other +~~~~~ +- Exclude section correlation .rsrc and zero-filled. [deku] +- Linting/Add missing whitespace. [Paal Braathen] +- Remove explicit loglevel checking. [Paal Braathen] +- Remove explicit traceback printing. [Paal Braathen] +- Master branch has been renamed to main. [Arcuri Davide] +- Update README.md. [Raphaël Vinot] + + fix: #599 + + +v2.4.128 (2020-06-22) +--------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Add a few test cases. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] + + +v2.4.127.1 (2020-06-19) +----------------------- + +New +~~~ +- Optionally include deleted attributes/objects in feed. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add test case for get event deleted. [Raphaël Vinot] +- Add test case for search deleted. [Raphaël Vinot] +- Update comments for search. [Raphaël Vinot] + +Fix +~~~ +- Keep deleted key in MISPObject and MISPObjectAttribute. [Raphaël + Vinot] + + +v2.4.127 (2020-06-16) +--------------------- + +New +~~~ +- Add helper and test case for GitVulnFinderObject. [Raphaël Vinot] +- Add git-commit-id type. [Raphaël Vinot] +- Add deleted in field export. [Raphaël Vinot] + + Fix #586 +- Timeout for connection/request, fixes #584. [Christophe Vandeplas] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Rename master -> main. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Rename branches master -> main. [Raphaël Vinot] +- Remove extra parameter in change_user_password. [Raphaël Vinot] + +Fix +~~~ +- Do not fail if the attribute value is not a string. [Raphaël Vinot] +- Properly strip value in MISPObject.add_attribute, take 2. [Raphaël + Vinot] + + Fix #546 +- Properly strip value in MISPObject.add_attribute. [Raphaël Vinot] + + Fix #546 +- Deleted is not always required in the feed export. [Raphaël Vinot] +- Make mypy happy. [Raphaël Vinot] +- Fixes bug in timeout change. [Christophe Vandeplas] +- Fixes bug in timeout change. [Christophe Vandeplas] +- Fixes bug in timeout change. [Christophe Vandeplas] +- Fixes bug in timeout change. [Christophe Vandeplas] +- Fixes bug in timeout change. [Christophe Vandeplas] + + hail to Rafiot +- Fixes bug in timeout change. [Christophe Vandeplas] +- Fixes bug in timeout change. [Christophe Vandeplas] + +Other +~~~~~ +- Previously file object was reporting the libmagic description of a + file instead of the mimetype. According to [MISP + DataModels](https://www.misp-project.org/datamodels/#types) ``` mime- + type: A media type (also MIME type and content type) is a two-part + identifier for file formats and format contents transmitted on the + Internet ``` more precisely defined in + [RFC2045](https://tools.ietf.org/html/rfc2045) and others. [Troy Ross] + + The description returned by libmagic is more useful than the generic mime-type, + but I did not find a place to put the description in the current data model. +- Fix end of line encoding of examples/cytomic_orion.py. [Sebastian + Wagner] + + +v2.4.126 (2020-05-18) +--------------------- + +New +~~~ +- Test search with timestamp. [Raphaël Vinot] +- Add testcase for updating partial event. [Raphaël Vinot] +- Add pyfaup as optional dependency. [Raphaël Vinot] +- [dev] add microblog object tool. [VVX7] +- Very simple test case for rest search on objects. [Raphaël Vinot] +- Self registration, object level search (initial) [Raphaël Vinot] +- [dev] add flag to get extended misp event. [VVX7] +- [dev] add flag to get extended misp event. [VVX7] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-object. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Add test for feed partial update. [Raphaël Vinot] +- Strip empty parameters in build_complex_query. [Raphaël Vinot] + + Fix #577 +- Simplify delete_attribute. [Raphaël Vinot] +- Bump travis install. [Raphaël Vinot] +- Add comment in microblog object. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- [dev] clean up how keys are accessed in self._parameters. [VVX7] +- [dev] use isinstance() type check. [VVX7] +- [dev] fix abstract generator import. add logger. [VVX7] +- [dev] change type() == list. [VVX7] +- Bump misp-objects. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- [dev] remove duplicate line. [VVX7] +- [dev] add extend_event() test. chg typo in get_event() [VVX7] +- Re-Bump CHANGELOG. [Raphaël Vinot] + +Fix +~~~ +- Settings is not required in MISPFeed. [Raphaël Vinot] +- Properly skip timestamp in __iter__ when needed. [Raphaël Vinot] +- Catch exception when liblua-5.3 is not present. [Raphaël Vinot] +- Make flake8 happy. [Raphaël Vinot] +- Properly load feeds, fix undefined variable. [Raphaël Vinot] +- Make flake8 happy. [Raphaël Vinot] +- Remove extra print. [Raphaël Vinot] +- Typo, add test for extended event. [Raphaël Vinot] + +Other +~~~~~ +- Update docstring in api.py. [Bernhard E. Reiter] + + * remove typo in ssl parameter docstring. + * Add hint that other certs (which are not in the default CAs, but also are not self signed in a strict sense) can also use the CA_BUNDLE function of the ssl parameter. + + +v2.4.125 (2020-04-30) +--------------------- + +New +~~~ +- Extended option on get event. [Raphaël Vinot] + + Related to #567 + +Changes +~~~~~~~ +- Bump version in pyproject. [Raphaël Vinot] +- Bump CHANGELOG. [Raphaël Vinot] +- Bump objects, deps. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Remove old suricata script, keep reference to old code. [Raphaël + Vinot] + +Fix +~~~ +- Enable autoalert on admin user. [Raphaël Vinot] +- [abstract] Forces file to be read with utf8 encoding. [mokaddem] +- Properly handle timezone in tests. [Raphaël Vinot] + +Other +~~~~~ +- Update up.py. [Raphaël Vinot] + + Fix #563 +- Fixed __query_virustotal return type. [DocArmoryTech] + + __query_virustotal returned a Response object and not the json expected; modified so that report_json is returned instead of report. + + +v2.4.124 (2020-03-30) +--------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add option to aggregare by country. [Raphaël Vinot] +- [CSSE COVID] Publish the event immediately. [Raphaël Vinot] +- Add changelog and readme in the package. [Raphaël Vinot] +- Bump version in pyproject. [Raphaël Vinot] + +Fix +~~~ +- Strip every string in AbstractMISP. [Raphaël Vinot] + + fix #546 +- Incorrect expectation of attribute value to be a str - take 2. + [Raphaël Vinot] + + Related #553 +- Incorrect expectation of attribute value to be a str. [Raphaël Vinot] + + Fix #553 + +Other +~~~~~ +- Dos2unix examples/stats_report.py. [Sebastian Wagner] +- Cytomic Orion API access. [Koen Van Impe] +- Add organisations from CSV. [Koen Van Impe] +- Minor updates to vmray_automation for travis. [Koen Van Impe] +- VMRay Automation with ExpandedPyMISP. [Koen Van Impe] + + +v2.4.123 (2020-03-10) +--------------------- + +New +~~~ +- Add import script for dxy data. [Raphaël Vinot] +- Csse covid19 daily report importer. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- JSON files are UTF8. [Raphaël Vinot] + + Bump dev deps, update comment +- Add tag, set distribution, add file and source (CSSE importer) + [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] + + +v2.4.122 (2020-02-26) +--------------------- + +New +~~~ +- Add uuid by default in MISPEvent, add F/L seen in feed output. + [Raphaël Vinot] +- Admin script to setup a sync server. [Raphaël Vinot] +- Add feed generation example in notebook. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Comments were still referencing pipenv. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump dep. [Raphaël Vinot] +- Fix typo in readme. [Raphaël Vinot] +- Use bionic on travis. [Raphaël Vinot] +- Add poetry support. [Raphaël Vinot] + +Fix +~~~ +- Test cases & template version. [Raphaël Vinot] +- Mypy, more typing. [Raphaël Vinot] +- Do not skip data in add_attribute methods. [Raphaël Vinot] +- Remove references to the old API. [Raphaël Vinot] + +Other +~~~~~ +- Use poetry everywhere, fix readme. [Raphaël Vinot] + + +v2.4.121.1 (2020-02-07) +----------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] + +Fix +~~~ +- Make lief optional again. [Raphaël Vinot] + + fix #538 + + +v2.4.121 (2020-02-06) +--------------------- + +New +~~~ +- Add includeDecayScore to rest search. [VVX7] +- Support for first_seen/last_seen. [Raphaël Vinot] + + Cleaner import of datetime +- [attributes] chrome-extension-id added. [Alexandre Dulaunoy] + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Do not install neo by default. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- More flexible when an event is in a weird state. [Raphaël Vinot] +- Str to int, properly load SharingGroup. [Raphaël Vinot] + + Fix #535 +- Bump deps, add pep8 test. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Support dict in tag/untag. [Raphaël Vinot] +- Test update last seen. [Raphaël Vinot] +- Add test cases in feed. [Raphaël Vinot] +- Add test cases. [Raphaël Vinot] +- Normalize to_datetime conversion. [Raphaël Vinot] +- Trustar example uses objects. [Raphaël Vinot] +- Add lief in the generic requirements. [Raphaël Vinot] +- Refactorize typing, validate. [Raphaël Vinot] + +Fix +~~~ +- Bump objects. [Raphaël Vinot] +- Issue with readme. [Raphaël Vinot] +- Remove debugging. [Raphaël Vinot] +- [*-seen] Consider that `-` can also be in the date component while + parsing. [mokaddem] +- First seen was after last seen, trigerring the exception. [Raphaël + Vinot] +- Tests failing if local tz was not CET. [Raphaël Vinot] +- Syntax and typos. [Raphaël Vinot] +- Bugs introduced by last commit. [Raphaël Vinot] + +Other +~~~~~ +- Doc: fix Search-FullOverview.ipynb code example. [Bernhard E. Reiter] +- Chore: delete old examples. [Manabu Niseki] + + Delete examples which use deprecated/deleted methods +- Scrape trustar intel platform reports and create misp events. + [th3jiv3r] +- Configuration for trustar integration. [th3jiv3r] +- Fixed trailing lines. [turtlefac3] +- Fixed trailing lines. [turtlefac3] +- Custom integration written in python to scrape Proofpoint VAP API for + metrics of top Very Attacked Persons and create MISP events. + [turtlefac3] +- Fix typos on FullOverview.ipynb. [Bernhard E. Reiter] + + +v2.4.120 (2020-01-17) +--------------------- + +New +~~~ +- [attribute type] kusto-query attribute type. [Alexandre Dulaunoy] + + Kusto query is the query language for the Kusto services in Azure used + to search large dataset. It's used in Windows Defender ATP Hunting-Queries + and also Azure Sentinel (Cloud-native SIEM). +- Remove python < 3.6 support. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump dependencies, add debug. [Raphaël Vinot] +- Upate dummy events creator. [Raphaël Vinot] +- Add tests on more version of Python. [Raphaël Vinot] +- Search with the STIX output returns a json STIX. [Raphaël Vinot] + + Was XML before. +- Bump dependencies. [Raphaël Vinot] +- Add more typing information. [Raphaël Vinot] +- Add typing markup. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump Dependencies. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] + +Fix +~~~ +- Bump template_version in test cases. [Raphaël Vinot] +- Add missing variable in dummy creator. [Raphaël Vinot] +- Et2misp was python2 only. [Raphaël Vinot] +- Feed generator was broken. [Raphaël Vinot] + + Fix #506 +- Event without hashable attribute. [Raphaël Vinot] + + Related #506 + +Other +~~~~~ +- Update api.py. [AaronK] + + minor typo, can;t help it noticing those. sorry, +- Fixed TODO, added quarantineFolder/quarantineRule from + messagesBlocked, added some error handling to prevent empty attributes + from trying to be added. [th3jiv3r] +- Scrape proofpoint tap api for messages blocked/delivered & clicks + blocked/permitted and create misp events. [th3jiv3r] +- Add variable for proofpoint tap api auth. [th3jiv3r] +- Update README.md. [AaronK] + + minor typo +- Define the number of entries to output. [AndreC10002] + + Allow for defining in the settings.py file the number of entries to output +- Update generate.py. [AndreC10002] +- Cleanup of code and 'quick-n-dirty' sanitizing of tags. [Koen Van + Impe] +- Sync. [Koen Van Impe] +- Update README.md. [Raphaël Vinot] + + +v2.4.119.1 (2019-12-17) +----------------------- + +New +~~~ +- URLObject (requires pyfaup) [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Version bump. [Raphaël Vinot] +- Bump test files. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Debug travis error message. [Raphaël Vinot] +- [types] eppn type added. [Alexandre Dulaunoy] +- Fix typo. [Raphaël Vinot] +- Move scrippsco2 feed generator to a sub directory. [Raphaël Vinot] +- Update documentation. [Raphaël Vinot] + + Fix #396 +- Bump objects. [Raphaël Vinot] + +Fix +~~~ +- Properly test custom objects. [Raphaël Vinot] +- Adding a sighting takes a little bit of time. [Raphaël Vinot] +- Test case on reference. [Raphaël Vinot] +- Add missing fields to event & attribute for the feed output. [Raphaël + Vinot] +- Make sure the publish timestamp is bumped on update. [Raphaël Vinot] + + +v2.4.119 (2019-12-02) +--------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] + +Fix +~~~ +- Bump lief to 0.10.1. [Raphaël Vinot] +- Update tests. [Raphaël Vinot] +- Raise PyMISPError instead of Exception. [Raphaël Vinot] +- Rename feed_meta_generator so it clearly fails with python<3.6. + [Raphaël Vinot] + + +v2.4.117.3 (2019-11-25) +----------------------- + +New +~~~ +- Script to generate the metadata of a feed out of a directory. [Raphaël + Vinot] +- Add to_feed export to MISPEvent. [Raphaël Vinot] +- Validate object templates. [Raphaël Vinot] + + fix https://github.com/MISP/misp-objects/issues/199 +- Test cases for restricted tags. [Raphaël Vinot] + + Fix #483 +- Get Database Schema Diagnostic. [Raphaël Vinot] + + Fix #492 + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Require stable version of lief again. [Raphaël Vinot] +- Few more improvements on the feed export. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Make the feed generator more generic. [Raphaël Vinot] +- Use New version of PyMISP in the feed generator. [Raphaël Vinot] +- Bump misp-object. [Raphaël Vinot] +- Allow to sort and indent the json output for objects. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- [test] feed test updated as botvrij is now TLS by default. [Alexandre + Dulaunoy] + +Fix +~~~ +- Improve stability of feed output. [Raphaël Vinot] +- Do not unitialize the uuid in MISPEvent. [Raphaël Vinot] +- Bump url template version in test cases. [Raphaël Vinot] +- Python 2.7 tests. [Raphaël Vinot] +- Print the full json blob in debug mode. [Raphaël Vinot] + + Related https://github.com/MISP/PyMISP/issues/462 + +Other +~~~~~ +- Cch: Bump misp-objects. [Raphaël Vinot] + + +v2.4.117.2 (2019-10-30) +----------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] + +Fix +~~~ +- Avoid exception on legacy MISP. [Raphaël Vinot] + + +v2.4.117.1 (2019-10-30) +----------------------- + +New +~~~ +- Add support for UserSettings. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Use default category from template. [Raphaël Vinot] + + Fix #477 +- Skip usersettings tests when emails are disabled. [Raphaël Vinot] + +Fix +~~~ +- [examples] typo uuid. [Jean-Louis Huynen] + + give me a hoodie. +- Prevents exception when lief is not installed. [Christophe Vandeplas] +- Python <3.4 should work again.... [Raphaël Vinot] + + Fix #482 +- Remote_describe_types response was invalid. [Raphaël Vinot] +- Missing file in last commit. [Raphaël Vinot] +- Remove overwrite of remote_describe_types. [Raphaël Vinot] + +Other +~~~~~ +- Added example for checking sync servers. [wotschel] +- Corrected docstring. [Shortfinga] +- Include to_ids and replace newlines in title. [Koen Van Impe] +- Update aping.py. [ater49] + + Just fixing a typo +- Remove unused MISPFileCache from PyMISP class. [Marc Hoersken] + + +v2.4.117 (2019-10-10) +--------------------- + +New +~~~ +- Better handling of delete(d) attributes. [Raphaël Vinot] + + * Hard delete on attribute + * Get the deleted attributes within an event + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Test if json exists in cached method. [Raphaël Vinot] +- Decode datetime without dateutils if possible. [Raphaël Vinot] +- Add support for rapidjson, refactoring and code cleanup. [Raphaël + Vinot] +- Cleanups. [Raphaël Vinot] +- Cleanups and improvements. [Raphaël Vinot] +- [types] updated to the latest version. [Christophe Vandeplas] + + now using the gen_misp_types_categories using jq +- [describeTypes] updated to the latest version. [Alexandre Dulaunoy] +- Bump dependencies. [Raphaël Vinot] +- Add missing return formats in restsearch, bump objects. [Raphaël + Vinot] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Update search examples. [Raphaël Vinot] +- Update main notebook. [Raphaël Vinot] +- [test] remove attribute field which was not foreseen in 2.4 branch. + [Alexandre Dulaunoy] +- Fix travis tests due to sighting_timestamp. [Raphaël Vinot] +- Use default for warnings. [Raphaël Vinot] + + fix: #453 +- Dump dependencies, update tests. [Raphaël Vinot] +- Bump readme. [Raphaël Vinot] +- Update upload malware/attachment example script. [Raphaël Vinot] + + Fix #447 + + Make data at attibute level more generic with getter/setter methods + +Fix +~~~ +- [Python2] Use LRU cache decorator, fix call to describe_types in + PyMISP. [Raphaël Vinot] +- Python2 SyntaxError... [Raphaël Vinot] +- Objects helpers were broken, do not overwrite describe_types. [Raphaël + Vinot] +- Support for legacy python versions. [Raphaël Vinot] + + 90 days and counting, folks. +- Cache object templates at AbstractMISP level. [Raphaël Vinot] + + Related #468 and #471 +- Cache describeTypes at AbstractMISP level. [Raphaël Vinot] +- Big speed improvment when loading MISPEvent. [Raphaël Vinot] + + 1. `properties` is a list comprehension + 2. Massively reduce the amount of calls to `properties` +- Python 2.7 support. [Raphaël Vinot] + + I want a cookie. + +Other +~~~~~ +- Use classmethod instead of staticmethod and avoid hard-coded + reference. [Marc Hoersken] +- Cache JSON definitions in memory LFU cache provided by cachetools. + [Marc Hoersken] + + - Path and modified time of JSON file are used as the cache key + - Global state is hidden away inside a root-class for re-use + - Maximum size is 150 considering the number of JSON definitions + + During my tests the memory usage of the test suites was halved. +- Fix mixed whitespace in the travis helper script files. [Marc + Hoersken] +- Remove explicit clonce as the viper-test-files are now a Git + submodule. [Marc Hoersken] +- Add viper-test-files repository as Git submodule. [Marc Hoersken] +- Update .gitignore to exclude files produced during tests. [Marc + Hoersken] +- Code cleanup. [Koen Van Impe] +- Update type and code cleanup. [Koen Van Impe] +- List all the sightings - show_sightings.py. [Koen Van Impe] +- Disable to_ids based on false positive sightings reporting. [Koen Van + Impe] +- Adds support to add local tags. [Antoine Cailliau] + + Requires https://github.com/MISP/MISP/pull/5215 to be merged first. +- Minor grammar errors. [Miroslav Stampar] +- Make client_certs out of the box friendly. [Campbell McKenzie] + + +v2.4.114 (2019-08-30) +--------------------- + +New +~~~ +- [Community] Request access. [Raphaël Vinot] +- Initial support for communities. [Raphaël Vinot] +- Contact event reporter. [Raphaël Vinot] +- Delegate Event. [Raphaël Vinot] + + And more test cases + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Temp disable tests for request_community_access. [Raphaël Vinot] +- Disable test for now. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Bump Dependencies. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Re-enable a few test cases. [Raphaël Vinot] +- Make sure delegation is enabled while testing. [Raphaël Vinot] +- [tests] Check the type of the response. [Raphaël Vinot] +- New local key in Org/Orgc. [Raphaël Vinot] +- [tests] Do not run in fast mode by default. [Raphaël Vinot] +- Better handling of sightings. [Raphaël Vinot] +- [Travis] Add more debug. [Raphaël Vinot] +- Add test related to travis. [Raphaël Vinot] + +Fix +~~~ +- Event delegation was incorrect. [Raphaël Vinot] +- Automatically skip empty string in add_attribute at object level. + [Raphaël Vinot] + + Fix #439 + + Re-enable test cases. +- [Travis] User cannot create tag, Travis was right. [Raphaël Vinot] +- Invalid tests in last commit. [Raphaël Vinot] +- [Travis] Slight changes to help debug on Travis. [Raphaël Vinot] + +Other +~~~~~ +- Bump Changelog. [Raphaël Vinot] + + +v2.4.113 (2019-08-16) +--------------------- + +New +~~~ +- Helpers & testcases for syncing. [Raphaël Vinot] +- Preliminaty setup for testing syncing. [Raphaël Vinot] +- Add few tests for admin tasks. [Raphaël Vinot] +- Update MISP, test sync server. [Raphaël Vinot] +- Properly support attribute/add of multiple attributes (2.4.113+) + [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Improve test cases. [Raphaël Vinot] +- Update and improve live testing. [Raphaël Vinot] +- Add tests cases for sync, bump describeTypes. [Raphaël Vinot] +- Return empty list instead of None. [Pierre-Jean Grenier] + + In all cases but one, the 3rd returned object is a (potentially empty) list. +- Some more code cleanup. [Raphaël Vinot] +- Code cleanup. [Raphaël Vinot] +- Enable more tests. [Raphaël Vinot] +- #4891 was fixed. [Raphaël Vinot] +- Bump describeTypes. [Raphaël Vinot] + +Fix +~~~ +- Fallback to propose attribute update. [Raphaël Vinot] +- Properly __repr__ MISPUser. [Raphaël Vinot] +- Move __not_jsonable *inside* the __init__ [Raphaël Vinot] + + Turns out, if you modify a variable defined outside the __init__, + every instances (and inherited classes) of that class will be impacted by it. +- Exception when posting multiple attributes on attributes/add. [Raphaël + Vinot] + + Fix #433 + + Few cleanups in code. + +Other +~~~~~ +- Include date_from & date_to in subject and report content. [Koen Van + Impe] +- Allow statistics date_from date_to. [Koen Van Impe] + + - date_from + date_to + - move misp object creation after argument parser +- Allow to supply mail options as arguments on command line. [Koen Van + Impe] +- Fix stats_report example to use ExpandedPyMISP. [Maxime Thiebaut] + + The stats_report example relied on deprecated functions making it crash. + This has been fixed by upgrading to ExpandedPyMISP. Further checks have + been introduced to ensure used dictionnary keys do exist as the example + also crashed on clean MISP instances due to empty responses. + + +v2.4.112 (2019-08-02) +--------------------- + +New +~~~ +- [Search] Add a few new options in rest search. [Raphaël Vinot] +- Allow to change the template on an object on-the-fly. [Raphaël Vinot] +- [example] Script to load datasets from Scripps CO2. [Raphaël Vinot] +- Get_objects_by_name in MISPEvent. [Raphaël Vinot] + + new: Convert datetime objects to python datetime. + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- [tests] Few improvements. [Raphaël Vinot] +- [tests] Add new test cases. [Raphaël Vinot] +- Rename relationship included-in -> includes. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- [deps] Bump. [Raphaël Vinot] +- [examples] pythonify properly when needed. [Raphaël Vinot] +- [tests] Toggle pythonify in create_massive_dummy_events. [Raphaël + Vinot] + +Fix +~~~ +- Inconsistency in MISPEvent, reenable tests. [Raphaël Vinot] +- Some test cases need more love. [Raphaël Vinot] +- PyTaxonomies is not compatible with python<3.6. [Raphaël Vinot] +- Rename filename. [Raphaël Vinot] +- [deprecation] Wrong deprecation message. [Raphaël Vinot] + + Also, deprecated method was broken. + + Fix #424 + +Other +~~~~~ +- Add: New attribute type weakness. [chrisr3d] +- Fix missing f in f-string. [Paal Braathen] +- Wrong variable. [Georges Toth] +- Remove unused line. [kovacsbalu] +- Fix tag help text Minor pycodestyle. [kovacsbalu] + + +v2.4.111.2 (2019-07-22) +----------------------- + +New +~~~ +- [Sightings] Delete method. [Raphaël Vinot] + + Fix #230 +- [tests] non-exportable tags. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump verison. [Raphaël Vinot] +- Make pythonify=False default everywhere. [Raphaël Vinot] + + Add a method to toggle pythonify globally +- [tests] Update stats. [Raphaël Vinot] +- [tests] Remove travis exceptions. [Raphaël Vinot] + +Fix +~~~ +- [tests] Path to test file. [Raphaël Vinot] + + Fix #423 +- [objects] Allow the value of an attribute to be 0. [Raphaël Vinot] +- [tests] Disable one of the test cases for now. [Raphaël Vinot] +- [tests] By default, the workflow taxonomy isn't enabled. [Raphaël + Vinot] +- Properly handle fallbacks add/update/delete attributes. [Raphaël + Vinot] +- [add_attribute] Only create a proposal when needed. [Raphaël Vinot] + +Other +~~~~~ +- Fix for issue 420. [github-pba] + + +v2.4.111.1 (2019-07-18) +----------------------- + +New +~~~ +- Add option to locally expand malware samples with LIEF. [Raphaël + Vinot] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Remove legacy tests. [Raphaël Vinot] +- Improve deprecation message on PyMISP. [Raphaël Vinot] +- [describeTypes] updated to add community-id. [Alexandre Dulaunoy] +- Bump examples to python3. [Raphaël Vinot] +- Reorganise ExpandedPyMISP methods, normalise the parameters. [Raphaël + Vinot] +- Deprecate everything in PyMISP. [Raphaël Vinot] + +Fix +~~~ +- Python < 3.6 support. [Raphaël Vinot] + +Other +~~~~~ +- Create statistical reports for MISP. [Koen Van Impe] + + PyMISP script to run every x-days to get an overview of new + events/attributes ; MISP-Galaxies ; MITRE ; Tags + + Output of report is on screen or sent via e-mail ; all stats attached + as CSV + + +v2.4.111 (2019-07-12) +--------------------- + +New +~~~ +- Introduce ability to create a sharing group. [Tom King] +- Allow to pass delimiter & quotechar to the CSV loader. [Raphaël Vinot] +- [example] Added edit_organisation examples. [Steve Clement] +- Method to POST a STIX file to MISP and create a new event. [Raphaël + Vinot] +- Object generator for ssh authorized_keys files. [Raphaël Vinot] +- Allow custom user-agent. [Christophe Vandeplas] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bumb misp-objects. [Raphaël Vinot] +- [tests] WTF upload_sample on travis. [Raphaël Vinot] +- [tests] Add custom error message on upload_sample - fix last commit. + [Raphaël Vinot] +- [tests] Add custom error message on upload_sample. [Raphaël Vinot] +- Remove roaming as it can't be set in this request. [Tom King] +- Allow for deletion of security group. [Tom King] +- Bump dependencies. [Raphaël Vinot] +- [last] You can now paginate over multiple results in the last example + command. [Alexandre Dulaunoy] + + You can do stuff like this: + + python3 last.py -l 48h -m 10 -p 2 | jq .[].Event.info + + which means the last 10 events on second page which are between a + time range of 0 and 48 hours. +- [tests] now deleted flag is returning only the deleted values (to be + consistent) [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- Bump deps (lief 0.10 dev) [Raphaël Vinot] +- Use pydeep from pypi, add test. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Bump Pipfile for python 3.7. [Raphaël Vinot] + +Fix +~~~ +- Skip attribute in object when value is empty, skip empty objects. + [Raphaël Vinot] +- [perms] Added try/except for various permission conditions, also + create the output dir if not exist fix: [try/except] Catch Ctrl-c + keyboard interrupt fix: [style] isort imports. [Steve Clement] +- [direct_call] Allows the response type to be something else than a + JSON (e.g. csv). [mokaddem] +- [feed generator] Added missing fields. [iglocska] +- Properly fix deprecation warning. [Raphaël Vinot] + + fix #390 +- Travis & python2. [Raphaël Vinot] +- Last commit foobar. [Raphaël Vinot] +- Install lief on python < 3.7 with pipenv. [Raphaël Vinot] + +Other +~~~~~ +- [openioc] changed default mapping for + RouteEntryItem/Destination/string. [0x3c7] +- [openioc] Changed mapping for RouteEntryItem/Destination/string to + domain instead of url because UrlHistoryItem/URL is mostly used for + urls. [0x3c7] +- Fixes other mapping to other types. [0x3c7] +- [openioc] Allow the use of types in openioc content tags. [0x3c7] +- Sync sightings between MISP servers. [Koen Van Impe] + + Sync sightings between MISP servers + Sync from multiple clients to one authoritative MISP instance. + To be run from cron + (blog docu coming) +- Added includeWarninglistHits as a possible filter for the event level + restsearch. [Jeroen Pinoy] +- Resolve issue with change_sharing_group which do not update event + successfully. [hrifflet] +- Use misp_verifycert flag. [Koen Van Impe] +- Take 'to_ids' setting in account and PEP8 checks. [Koen Van Impe] + + - Include check if 'to_ids' is included in the data returned from the + import module + - PEP8 checks +- Automation script that links vmray_submit and vmray_import. [Koen Van + Impe] + + Import finished VMRay tasks ; add attributes to event + Makes use of the 'incomplete' workflow taxonomy + Needs to be put in a cronjob to run in the background +- Update PyMISP_tutorial.ipynb. [Carlos Borges] + + The function to collect event_id and put it into a list isn't looking into each MISPAttribute. + Just updated the script to look it. + + +v2.4.106 (2019-04-24) +--------------------- + +New +~~~ +- Test cases for attributes and proposals. [Raphaël Vinot] +- Improve python3.6+ lib. [Raphaël Vinot] +- Add_attributes method in MISPObject (for multiple attributes) [Raphaël + Vinot] +- Method to set the default role. [Raphaël Vinot] +- Default to "me" in the get_user method, update ExpandedPyMISP. + [Raphaël Vinot] + + Fix #377 +- Add get_object to ExpandedPyMISP. [Raphaël Vinot] + + Fix #372 +- Test cases for CSV loader, add cleaner methods in ExpandedPyMISP. + [Raphaël Vinot] +- Add CSV loader. [Raphaël Vinot] + + Fix #376 +- Helper to create MISP Objects for regcheck.org.uk. [Raphaël Vinot] +- Test for ACLs in testlive. [Raphaël Vinot] +- Test for manual calls to add_object and add_object_reference. [Raphaël + Vinot] +- Test update object in event. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump Objects. [Raphaël Vinot] +- Bump version, Bump changelog. [Raphaël Vinot] +- Add python 3.7 support for pipenv users. [Raphaël Vinot] +- Allow to pass a eml as string to EmailObject. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] + + Fix CVE-2019-11324 (urllib3) +- Bump dependencies. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Allow to pass an AbstractMISP to add_reference. [Raphaël Vinot] + + Fix #379 +- Rework notebooks. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Display an error on failure in testlive. [Raphaël Vinot] +- Add tests for disable_tag. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Reorganize some tests. [Raphaël Vinot] +- Orders of tests in make_bool. [Raphaël Vinot] +- Bump dependencies. [Raphaël Vinot] +- Initial set of refactoring on PDF generator. [Raphaël Vinot] +- Add i8n for pdfexport, without all the fonts in the main repo. + [Raphaël Vinot] + +Fix +~~~ +- Bump Test files because of new template version. [Raphaël Vinot] +- Build on readthedocs. [Raphaël Vinot] +- [typo] Fixed a small typo I noticed in the docs. [Steve Clement] +- Add missing files for testing (CSV loader) [Raphaël Vinot] +- Properly test query ACLs. [Raphaël Vinot] +- Update all json submodules at one place in testlive. [Raphaël Vinot] +- Disable some tests for the run on travis. [Raphaël Vinot] +- [exportpdf] Doc update. [Falconieri] +- [exportpdf] Coding Style. [Falconieri] +- Improper handling of to_ids passed as integer in MISPEvent. [Raphaël + Vinot] + + Fix #364 +- Do not fail when importing the reportlab file. [Raphaël Vinot] +- PDF Export requires python 3.6+. [Raphaël Vinot] +- Do not run PDF Export tests on python < 3.6. [Raphaël Vinot] +- [exportpdf] Custom path for fonts and font package. [Falconieri] +- Allow to use global variables HTTP_PROXY and HTTPS_PROXY again. + [Raphaël Vinot] + + Fix #365 +- Slight changes in new .change_disable_correlation method. [Raphaël + Vinot] +- Get_object_template_id was broken. Add test case. [Raphaël Vinot] + + Fix #361 + +Other +~~~~~ +- New Add test for ASNObject. [Raphaël Vinot] +- Update README.md. [Steve Clement] + + Added number of monthly PyPi downloads +- Add: [exportpdf] documentation added about exportPDF. [Falconieri] +- Fix for "'NoneType' object has no attribute 'setdefault'" [Jacco + Ligthart] +- Fix a type on function name. [l3m0ntr33] +- Add new function + PyMISP.change_disablecorrelation(attribute_uuid,disable_correlation) + to be able to enable/disable correlation on attributes. [hrifflet] + + +v2.4.103 (2019-03-01) +--------------------- + +New +~~~ +- [badge] Added pypi and python version badge. [Steve Clement] +- Add auth parameter to pass to python-requests. [Raphaël Vinot] +- Add readthedocs config. [Raphaël Vinot] + +Changes +~~~~~~~ +- Build all formats for the documentation. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- [jupyter] remove all the response key (as response is removing it) + [Alexandre Dulaunoy] +- Enforce strict in object testing to ease debugging. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- [pipenv] Pipfile.lock generated. [Alexandre Dulaunoy] +- [exportpdf] BIG refactoring. Classes, comments, Galaxy starting. + [Falconieri] +- [exportPDF] add basic handling of clusters. [Falconieri] +- [exportpdf] Add metadata, bugfixes cases (too long values, + sanitization), links to misp instances. [Falconieri] +- Add sphinx-autodoc-typehints. [Raphaël Vinot] +- Use version 2 of readthedoc config file. [Raphaël Vinot] +- [doc] add a reference to the Jupyter Notebook. [Alexandre Dulaunoy] +- Remove dependency on six. [Raphaël Vinot] + +Fix +~~~ +- [exportpdf] fix empty object/attribute/galaxy bugs. [Falconieri] +- [exportpdf] Add suggestions (UX) [Falconieri] +- [exportpdf] switch page size to A4. [Falconieri] +- [exportpdf] switch page size to A4. [Falconieri] +- Hopefully last fix for python 2.7 & reportlab. [Raphaël Vinot] +- Python 2.7 blah foo. [Raphaël Vinot] +- Bump tests relatively to the file template. [Raphaël Vinot] +- Let's act as if python2 doesn't exists. [Raphaël Vinot] +- Properly pass the auth parameter to the request. [Raphaël Vinot] +- Properly catch error if reportlab isn't installed. [Raphaël Vinot] +- Make sure install works even without reportlab installed. [Raphaël + Vinot] +- [gitmodules] revert to official misp-objects. [Steve Clement] +- URLJoin condition for double quotes. [Hannah Ward] +- Do not override sub-path from root URL. [Hannah Ward] +- [exportpdf] None if no Galaxies bug. [Falconieri] +- [reportlab] Galaxies and Clusters printing. [Falconieri] +- [reportlab] Clusters added. Still UX to perform. [Falconieri] +- [reportlab] working clusters and galaxies. Not nice however. + [Falconieri] +- [exportPDF] Adding facultative text description, sightings, tests + cases. [Falconieri] +- [exportpdf] Add Object date. [Falconieri] +- [exportpdf] Double property printing error fixed. [Falconieri] +- [exportpdf] Refactoring, nicer code. [Falconieri] +- [exportpdf] tests paths. [Falconieri] +- [exportpdf] Remove comment that codefactor doesn't like. [Falconieri] +- [pdfexport] Fix tests paths, dependency in pipfile, imports, and + 'file' name overwrite in test function. [Falconieri] +- Copy event dictionary when creating a MISPEvent. [Raphaël Vinot] + + Fix #321 +- Wrong documentation on PyMISP.search_sightings. [Raphaël Vinot] + + Fix #336 +- Disable all logging in the tests. [Raphaël Vinot] +- Typo in sphinx config. [Raphaël Vinot] +- Typo in documentation. [Raphaël Vinot] +- Fix dependencies for py2. [Raphaël Vinot] +- Disable STIX test on travis. [Raphaël Vinot] +- Properly inform user when they try to run the live tests on old + systems. [Raphaël Vinot] + + Fix #329 + +Other +~~~~~ +- Re-bump changelog. [Raphaël Vinot] +- - Set my misp-objects… [Steve Clement] +- Add : [exportpdf] Objects handling, tests cases, test files. + [Falconieri] +- Add: [exportpdf] Handling pictures embedded as attributes. + [Falconieri] +- Add : [exportpdf] Picture management, manual. [Falconieri] +- Fix & add: [exportpdf] Add metadata, fix special cases (too long + values, sanitization) [Falconieri] +- Add: exportpdf tool working. [Falconieri] +- General improvement : deisgn, exhaustiviness of mispEvent values + displayed, good pratice concerning paragraphe/table made. [Falconieri] +- Update with table basics. [Falconieri] +- Structure of the improvements OK : test file, test folder, report + generator. [Falconieri] +- Search function fix to comply new version of MISP. [Armīns Palms] + + +v2.4.102 (2019-02-03) +--------------------- + +New +~~~ +- Add test cases for stix export. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump Version & changelog. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- [datamodel] new anonymised type added. [Alexandre Dulaunoy] +- [data] types updated to include the new zeek type. [Alexandre + Dulaunoy] + +Other +~~~~~ +- Check if IOC values are in warninglist. [Armīns Palms] + + +v2.4.101 (2019-01-28) +--------------------- + +New +~~~ +- Add missing test case for NOT on attribute level, update Pipfile. + [Raphaël Vinot] +- Add support for unix timestamp in set_date. [Raphaël Vinot] + + fix #302 +- Add test for references when adding/updating a full event. [Raphaël + Vinot] +- Bump describe types. [Raphaël Vinot] + + fix #317 +- [usersStats] Possibility to fetch users/statistics data for all + context (usage, org, tags, ...) [Sami Mokaddem] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump version, misp-objects. [Raphaël Vinot] +- Force to_ids to be a boolean, as MISP is expecting. [Raphaël Vinot] + + fix #320 +- Add support for sharing group filter for search_index. [Tom King] +- Support for Payload Delivery > Other attribute as PyMISP function. + [Tom King] +- Add Pipfile config. [Raphaël Vinot] +- [data] fix describeTypes. [Alexandre Dulaunoy] +- [data] new types added (hassh-md5 and hasshserver-md5) [Alexandre + Dulaunoy] +- Bump misp-objects. [Raphaël Vinot] +- [misp-objects] templates updated to the latest version. [Alexandre + Dulaunoy] +- [data] describeTypes updated (grabbed from MISP HEAD) [Alexandre + Dulaunoy] +- [data] ja3-fingerprint-md5 type added. [Alexandre Dulaunoy] +- [test] set a default distribution for massive event creation. + [Alexandre Dulaunoy] +- [data] describeTypes.json updated to the latest version. [Alexandre + Dulaunoy] +- More flexibility when loading an object from python dict. [Raphaël + Vinot] +- Pass all parameters to the search API. [Raphaël Vinot] +- Remove compat for MISP 2.4.52, cleanup. [Raphaël Vinot] +- Set verifycert to false in tests. [Raphaël Vinot] +- [tests] Added verifycert option in case of using self-signed cert. + [Steve Clement] + +Fix +~~~ +- Remove jupyter & ipython from dev install so it works with python2. + [Raphaël Vinot] +- Wrong variable name in MISPEvent. [Raphaël Vinot] +- Documentation error fix #278. [Raphaël Vinot] +- Attempt to fix memory footprint in MISPAttribute. [Raphaël Vinot] +- Still support simple event dict content. [Raphaël Vinot] +- Don't modify event passed to the add_attribute methods. [Raphaël + Vinot] + + fix #321 +- The wrong class name was used when there is an error at Event + creation. [Raphaël Vinot] +- Use new API in get_csv.py. [Raphaël Vinot] + + Fix #314 +- Test case was broken. [Raphaël Vinot] +- Create massive event using ExpandedPyMISP. [Raphaël Vinot] +- Error vs errors key. [Raphaël Vinot] +- Typo. [Raphaël Vinot] +- Get_object_template_id. [Christophe Vandeplas] + +Other +~~~~~ +- Update pymisp tutorial. [Sandro Winkler] + + Extract the "response" field from the json result returned by misp.search_index +- Sort describeTypes.json output. [Christophe Vandeplas] + + This is needed for the compatibility with the gen_misp_types_categories.py script. Data was sorted using the order_dict function of the gen_misp_types_categories script. + + +v2.4.99 (2018-12-06) +-------------------- + +New +~~~ +- Auto generate doc for PyMISPExpanded. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump Changelog, again. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects & describeTypes. [Raphaël Vinot] + +Fix +~~~ +- Auto generate doc for PyMISPExpanded. [Raphaël Vinot] + +Other +~~~~~ +- Dded get_object & get_attribute. [DragonDev1906] +- Fix for last pymisp version. [garanews] + + +v2.4.98 (2018-12-03) +-------------------- + +New +~~~ +- Search_index in ExpandedPyMISP, cleanup, update jupyter. [Raphaël + Vinot] +- Add log search. [Raphaël Vinot] +- Add test for pushing an event to ZMQ. [Raphaël Vinot] +- Change_distribution method. [Raphaël Vinot] +- Add test cases for sightings, cleanup. [Raphaël Vinot] +- [example] Added sighting rest search example. [Sami Mokaddem] +- [sighting] Added support of sighting REST API. [Sami Mokaddem] +- Allow to pass csv to return_format in search. [Raphaël Vinot] +- Page/limit in search. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Version bump. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add test cases for default distribution levels. [Raphaël Vinot] +- Include proposals in attributes search. [Dawid Czarnecki] + + Add includeProposals param to the search method +- Bump misp-objects. [Raphaël Vinot] +- Update readme to document testing. [Raphaël Vinot] +- Fixes & update Jupyter. [Raphaël Vinot] +- [tuto] Update search. [Raphaël Vinot] +- Add a script to load the API key from the file system (training VM) + [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add print in testlive to debug travis. [Raphaël Vinot] +- Bump objects. [Raphaël Vinot] + +Fix +~~~ +- Test failing on travis... [Raphaël Vinot] +- Properly handle errors on event creation/update. [Raphaël Vinot] +- Test case. [Raphaël Vinot] +- Do not run the zmq test on travis. [Raphaël Vinot] +- Type of quick_filter. [Raphaël Vinot] +- Quick_filter was broken. [Raphaël Vinot] +- Properly initialize the config when jupyter runs on the VM. [Raphaël + Vinot] +- Travis run. [Raphaël Vinot] +- Readme update + python3 + pep8. [Christophe Vandeplas] + + align python path to readme specifying python3 +- Feed-generator gitignore. [Christophe Vandeplas] +- Test cases. [Raphaël Vinot] +- Test cases sample files. [Raphaël Vinot] + +Other +~~~~~ +- Mention virtualenv. [Alexander J] + + mide make sense for people who want to use it with virtualenv +- Be more precise with the supported time indicators. [Sascha + Rommelfangen] +- Fixed documentation bug. [Sascha Rommelfangen] +- Fixes date parameters for search_index() function. [Nils Kuhnert] +- Align examples on custom usage of misp_verifycert. [juju4] + + +v2.4.96 (2018-10-12) +-------------------- + +New +~~~ +- [freedFromRedis] try to create an object/attribute out of the incoming + data even if not added with the helper. [Sami Mokaddem] +- Direct_call without data means GET. [Raphaël Vinot] +- Add direct call to just post data on a URL. [Raphaël Vinot] +- Tests for update modules. [Raphaël Vinot] +- Tests for upload_sample. [Raphaël Vinot] +- Add more test cases. [Raphaël Vinot] +- Update warninglists. [Raphaël Vinot] +- Add test for warninglists. [Raphaël Vinot] +- Toggle warning list, add test case. [Raphaël Vinot] +- Add lots of test cases, find lots of bugs. [Raphaël Vinot] +- Use new CSV interface, add test cases. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Allow to pass a json string to direct_call. [Raphaël Vinot] +- More test cases. [Raphaël Vinot] +- Update order parameters & doc. [Raphaël Vinot] +- Add an extra IP from the warninglists. [Raphaël Vinot] +- Test for event UUID in attribute. [Raphaël Vinot] + +Fix +~~~ +- Prevent checking length on a integer. [Sami Mokaddem] +- Direct call & add example. [Raphaël Vinot] +- Disable test for travis, take 2. [Raphaël Vinot] +- Disable test for travis. [Raphaël Vinot] +- Skip tests that fail on travis for no reason... [Raphaël Vinot] +- Tentative to fix tests on travis. [Raphaël Vinot] +- Disable test warning lists. Enabling is not deterministic. [Raphaël + Vinot] +- Use proper dependency (enum34) [Raphaël Vinot] +- Make travis happy again. [Raphaël Vinot] +- Python2 support. [Raphaël Vinot] + + Fix #274 + +Other +~~~~~ +- Fixed leaked taxonomy tags problem. [netjinho] +- Added some getters and setters for taxonomies, warninglists, + noticelists and tags & documentation. [netjinho] +- Added update_galaxies and update_taxonomies. [netjinho] +- Add: Advanced Extraction to upload_sample. [root] +- Add: update noticelists and object templates. [Raphaël Vinot] +- Add: Add __eq__ to AbstractMISP. [Raphaël Vinot] + + Allow to discard duplicate tags. +- Add: more test cases. [Raphaël Vinot] +- Fix invalid py2 keyword. [Georges Toth] +- - Add description from README.md as long-description -> displayed on + pypi. - Add project related URLs to be displayed on pypi. [Georges + Toth] + + +v2.4.95.1 (2018-09-06) +---------------------- + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] + + +v2.4.95 (2018-09-06) +-------------------- + +New +~~~ +- Add helpers for new server related APIs. [Raphaël Vinot] + + Fix #266 +- [test] Attribute modification. [Raphaël Vinot] +- More test cases, bug fixes. [Raphaël Vinot] +- Reworking the REST API (WiP) [Raphaël Vinot] +- Add Jupyter for search. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump misp-objects. [Raphaël Vinot] +- Version bump. [Raphaël Vinot] +- [data-model] updated describeTypes file. [Alexandre Dulaunoy] +- Fix testing. [Raphaël Vinot] +- More testing improvments. [Raphaël Vinot] +- Finish rewrite testing. [Raphaël Vinot] +- Rework test cases. [Raphaël Vinot] +- Add more test cases. [Raphaël Vinot] +- Make it possible to run the tests manually. [Raphaël Vinot] +- Print error message. [Raphaël Vinot] +- Remove tests on python 3.5. [Raphaël Vinot] +- Added email-header attribute. [Tom King] +- Updated types/categories mapping. [Christophe Vandeplas] +- Open all json files as bytes before loading in json. [Raphaël Vinot] +- [MISP] update to the latest version of the describeTypes. [Alexandre + Dulaunoy] +- Bump misp-objects. [Raphaël Vinot] +- Add travis tests on python 3.7. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add comments. [Raphaël Vinot] + + Fix #242 +- Bump misp-objects. [Raphaël Vinot] +- [PyMISP] describeTypes.json updated to add XMR type. [Alexandre + Dulaunoy] + +Fix +~~~ +- Normalizing the outputs. [Raphaël Vinot] +- Jerry rig support for old python. [Raphaël Vinot] +- Format of the describeTypes. [Alexandre Dulaunoy] +- [search.py] more example of query type added. [Alexandre Dulaunoy] +- Tests are passing fine now. [Raphaël Vinot] +- Properly validate the last-type search query. [Raphaël Vinot] +- Live test failing on list order. [Raphaël Vinot] +- Add dependency. [Raphaël Vinot] +- Py3.5 compat, take 2. [Raphaël Vinot] +- Py3.5 compat. [Raphaël Vinot] +- Opening the json blobs as bytes was buggy. [Raphaël Vinot] +- One more failing test. [Raphaël Vinot] +- Tests were failing. [Raphaël Vinot] +- Allow boolean parameters in search_index. [Raphaël Vinot] +- Typo in OpenIOC script. [Raphaël Vinot] + + Fix #237 +- Bad URL in get_attachment. [Raphaël Vinot] + + Fix #240 +- Improve error message in case the object template is unknown. [Raphaël + Vinot] + +Other +~~~~~ +- Fix #270 uniquely identifying sample. [Steffen Sauler] +- Fix print. [Deborah Servili] +- Revert "chg: Add travis tests on python 3.7" [Raphaël Vinot] +- Yara_dump - fixed private rules causing issues. [Christophe Vandeplas] + + +v2.4.93 (2018-07-01) +-------------------- + +New +~~~ +- Add many comments in the jupyter notebook. [Raphaël Vinot] +- Return the new object in `add_object` [Raphaël Vinot] +- Add the ability to add Other attributes via the API. [Paul Stark] +- Tuto for MISPEvent. [Raphaël Vinot] +- Load Org and Orgc as MISPOrganisation. [Raphaël Vinot] + + Related to #239 + +Changes +~~~~~~~ +- Bump changelog, again. [Raphaël Vinot] +- Bump changelog & version. [Raphaël Vinot] +- Moar jupyter. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add full example. [Raphaël Vinot] +- Add few more calls. [Raphaël Vinot] +- Fix sample retrieval from new-style zips. [Xavier Mehrenberger] +- Bump misp-objects. [Raphaël Vinot] +- Raise an exception if the response is not in JSON. [Raphaël Vinot] + +Other +~~~~~ +- Enabled published search parameter for attributes controler. [Tobias + Mainka] +- Added unzip-flag. [Steffen Sauler] + + added: download_samples(..., unzip=True) + + +v2.4.92.1 (2018-06-05) +---------------------- + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] + +Fix +~~~ +- Index out of range in add_object. [Raphaël Vinot] + + +v2.4.92 (2018-06-05) +-------------------- + +New +~~~ +- Add edit_object, simplify add_object. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] + +Fix +~~~ +- Correct docstring of search method. [iso] +- Response data type mismatch in _send_attributes() [Raphaël Vinot] + + Fix #206 +- Decoding issue. [Raphaël Vinot] + +Other +~~~~~ +- Fix issue when adding multiple attributes and the instance is too + slow. [Raphaël Vinot] + + +v2.4.90.1 (2018-05-09) +---------------------- + +New +~~~ +- Properly implement the Email object creator. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Version bump. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Normalize the RestResponse calls. [Raphaël Vinot] + +Fix +~~~ +- Wrong version. [Raphaël Vinot] +- Properly get and decode the body of the email. [Raphaël Vinot] +- Provide the extension of the EML file to attach. [Raphaël Vinot] +- Properly handle attachments. [Raphaël Vinot] +- Test cases & attributes automatically getting an UUID. [Raphaël Vinot] +- Typo in the *feed methods. [Raphaël Vinot] + + +v2.4.90 (2018-04-25) +-------------------- + +New +~~~ +- Add more feed management methods. [Raphaël Vinot] + + Fix #221 +- Add update_attribute method. [Raphaël Vinot] +- Add event_timestamp to REST search. [Raphaël Vinot] + + Fix #220 +- Add helper for Geolocation object. [Raphaël Vinot] +- Add helper for ASN object. [Raphaël Vinot] +- More flexibility in -> datetime. [Raphaël Vinot] +- Add helper for DomainIP. [Raphaël Vinot] +- Add preliminary fail2ban object. [Raphaël Vinot] + +Changes +~~~~~~~ +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add more examples. [Raphaël Vinot] +- Remove useless timestamp cleanup. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Make object helpers more generic, cleanup. [Raphaël Vinot] +- Update fail2ban helper & example. [Raphaël Vinot] +- Bump misp-object. [Raphaël Vinot] + +Fix +~~~ +- Use the recommended approach to add an attribute. [Raphaël Vinot] +- Tests, new template version. [Raphaël Vinot] +- New key - extends_uuid. [Raphaël Vinot] +- Update test file accordingly to the default value. [Raphaël Vinot] +- Geolocation object filename. [Raphaël Vinot] +- Consider a timestamp < 30000000 as a date. [Raphaël Vinot] +- Typo. [Raphaël Vinot] +- AbstractMISP.from_dict() do not accept positional argument. [Sami + Mokaddem] +- Typo. [Raphaël Vinot] +- Properly create fail2ban object. [Raphaël Vinot] +- Add Info field to the event. [Raphaël Vinot] +- Disable email object for python <3.6. [Raphaël Vinot] + +Other +~~~~~ +- Added missing field to feed generator. [Andras Iklody] +- Add the ability to add an Autonomous System(AS) via the API. [Paul + Stark] +- Typo. [Sami Mokaddem] +- Changed shebang to python3. [Sami Mokaddem] +- Update default category for url as in + https://github.com/MISP/MISP/pull/3119. [Nils Kuhnert] +- Deleted remaining outputs. [Sami Mokaddem] +- First jupyter notebook tutorial (1 iterations) [Sami Mokaddem] +- Added change_analysis_status API. [Matteo Lodi] +- Fix add_named_attribute regression, update add_named_attribute.py + example. [user] +- Example of specifying special attribute type in your search: here yara + attribute. [Philippe Langlois] + + +v2.4.89 (2018-03-23) +-------------------- + +New +~~~ +- Add email object generator. [Raphaël Vinot] +- Method to return an object by uuid. [chrisr3d] + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] + +Fix +~~~ +- Test files. [Raphaël Vinot] +- Do not try to upload objects in case make_binary_objects fails. + [Raphaël Vinot] + + Fix #192 +- Typo. [chrisr3d] +- Update reference test cases. [Raphaël Vinot] + +Other +~~~~~ +- Update README.md. [Sami Mokaddem] + + Replaced WHAT by Description +- Update README.md. [Sami Mokaddem] + + Added example of flush operation +- Added more examples. [Sami Mokaddem] +- Added usage in README. [Sami Mokaddem] +- Added MISPItemToRedis and updated readme accordingly. [Sami Mokaddem] +- Updated readme 2. [Sami Mokaddem] +- Updated readme. [Sami Mokaddem] +- Moved object constructor into their own folder. [Sami Mokaddem] +- Feature: Added support of MISP object constructor instead of the + generic_generator. [Sami Mokaddem] +- Added brief object description. [Sami Mokaddem] +- Removed unused function. [Sami Mokaddem] +- Generator handles file flushing itself. [Sami Mokaddem] +- Added description of generator object. [Sami Mokaddem] +- Updated README. [Sami Mokaddem] +- Creation of the generator object which permit to easily add attributes + and objects to daily events, stored as a MISP feed. Plus, script + fromredis which pops queue element in redis to put them in the feed. + [Sami Mokaddem] +- Added install script. [Sami Mokaddem] +- Added support of MISP Object. [Sami Mokaddem] +- Overhall seems to work, need testing. [Sami Mokaddem] +- Init draft of redis to feed. [Sami Mokaddem] +- Fix typo(s) [weslambert] +- Point to right anchor for client side certificates. [Richard van den + Berg] +- Add misp2cef example. [Richard van den Berg] +- Use from_dict. [Richard van den Berg] +- Add search on sighting. [ANSSI-BSO-D] + + added the possibility to search sightings : + Here some example : + ```python + print(misp.sighting_list(424242)) + ``` + The answer will give a sighting list corresponding to the attribute 424242. + ```python + print(misp.sighting_list(element_id=42, org_id=2, scope=event)) + ``` + The return will be a sighting list of event 42 with a filter for organisation 2. +- Add attributes within objects as well, for tagging via value/id/uuid. + [Tobias Mainka] + + +v2.4.87.1 (2018-02-13) +---------------------- + +New +~~~ +- APIs to manage sharing groups. [Raphaël Vinot] + + Fix #185 +- ReturnMetaAttributes flag for freeTextImport API. [Raphaël Vinot] + + Fix #188 + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Version bump. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump describeTypes (add mime) [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump describeType. [Raphaël Vinot] +- Bump describeType. [Raphaël Vinot] + +Fix +~~~ +- Encode string in _encode_file_to_upload. [Raphaël Vinot] + +Other +~~~~~ +- Prevent unpublished events to be included in feed. [Koen Van Impe] + + Change default proposed config + + +v2.4.87 (2018-01-28) +-------------------- + +New +~~~ +- Add bindings for Galaxies and Taxonimies. [Raphaël Vinot] +- Add bindings to PyMISPWarninglists. [Raphaël Vinot] + +Changes +~~~~~~~ +- Version bump. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Skip sample upload test on python 3.4. [Raphaël Vinot] +- Re-enable python3.4 on travis... [Raphaël Vinot] +- Bump misp-object & describeTypes. [Raphaël Vinot] +- Cleanup new sbsignature generator. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Use defaultdict when possible. [Raphaël Vinot] +- Raise an exception when distribution is sharing group, but the ID is + missing. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Improve Object Attribute editing. [Raphaël Vinot] +- Allow to pass a directory with custom object templates. [Raphaël + Vinot] +- Remove old warning. [Raphaël Vinot] + +Fix +~~~ +- Only skip test for 3.0->3.5. [Raphaël Vinot] +- Sys.api_version -> sys.version_info. [Raphaël Vinot] +- Allow to pass value, UUID, or ID to a sighting. [Raphaël Vinot] +- Do not use basicConfig in __init__ [Raphaël Vinot] + + Fix #170 +- Add_hashes was broken. [Raphaël Vinot] + + Fix #174 +- Make python2 happy. [Raphaël Vinot] +- Download old samples was broken. [Raphaël Vinot] + +Other +~~~~~ +- Revert "chg: Re-enable python3.4 on travis..." [Raphaël Vinot] + + Lief doesn't support python 3.4 + + This reverts commit 35a8d92acecd7a313bedcf197539eaa82176bcc7. +- Add: Allow to fetch warninglists. [Raphaël Vinot] + + Fix #180 +- Add tag test. [Louis LCE] +- Add a simple test for uploading samples. [Louis LCE] +- Add warning when failing to import dependencies. [Louis LCE] +- Improve and refactor attributes tests. [Louis LCE] +- Sb-signature library. [garanews] + + Created sb-signature library with relative example for testing. + Thanks @dadokkio +- Linting. [Kory Kyzar] +- Bug fix. [Kory Kyzar] +- Change in add_attachment. Allow explicit attachment naming. [Kory + Kyzar] +- Change in new_tag function. Added attributie 'hide_tag' [Armīns Palms] +- Change the comment of attribute. [Armīns Palms] +- Fix add_hashes test function parameters. [Louis LCE] +- Added misp object templates path argument. [Tobias Mainka] +- Update settings.default.py. [Andras Iklody] + + +v2.4.85.1 (2018-01-10) +---------------------- + +Changes +~~~~~~~ +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Cleanup from last commit. [Raphaël Vinot] +- Move MISPTag to Abstract MISP. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Fix tests (new template version) [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Add test for loading existing malware sample from MISP. [Raphaël + Vinot] +- Multiple changes. [Raphaël Vinot] + + * Fix timestamp dump (properly enforce UTC) + * Properly handle proposals + * Add many getter/setter + * Add dedicated test cases for MISPEvent and other objects +- Allow do pass a category in default_attributes_parameters for object. + [Raphaël Vinot] + + fix #166 +- Add MISPSighting class. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] + +Fix +~~~ +- Edited method works as expected, add tests. [Raphaël Vinot] +- Forgotten test files in last commit... [Raphaël Vinot] +- Disable_correlation from template not properly used. [Raphaël Vinot] +- Don't remove the distribution and sharing_group_id from + default_attributes_parameters. [Raphaël Vinot] +- The sharing_group_id isn't required. [Raphaël Vinot] +- Last commit was broken... [Raphaël Vinot] +- Properly set Tag to attributes within objects. [Raphaël Vinot] +- Add method to add tags to objects. [Raphaël Vinot] + + Fix #160 +- Typo in set_sightings. [Raphaël Vinot] + + Fix #161 + +Other +~~~~~ +- Set_sightings. [AninaAntonie] + + Maybe I didn't use it correctly but the method set_sightings didn't work for me. It's working now but I'm not sure whether sending a request for every sighting in the list is the best solution. +- _default_attributes_parameters - if set - is a dict. [Arcuri Davide] + + Manage distribution and sharing_group_id as dict key like the other fields. + -- Not sure about default + + +v2.4.85 (2017-12-22) +-------------------- + +New +~~~ +- Add last field to get_csv. [Raphaël Vinot] +- (hopefully) Cleverer handling of timestamps in the objects. [Raphaël + Vinot] + + & some cleanup + +Changes +~~~~~~~ +- Bump misp-objects. [Raphaël Vinot] +- Version bump. [Raphaël Vinot] +- Update documentation. [Raphaël Vinot] +- Update documentation, cleanup. [Raphaël Vinot] +- Bump describeTypes.json. [Raphaël Vinot] +- Validate attributes in attributes.setter. [Raphaël Vinot] +- Add get_attribute_tag method at MISPEvent level. [Raphaël Vinot] + + Also add a MISPTag class for consistency. +- Bump misp-objects. [Raphaël Vinot] +- Bump describeTypes. [Raphaël Vinot] +- Add __repr__ methods (fix last commit) [Raphaël Vinot] +- Add __repr__ methods. [Raphaël Vinot] +- Use new format for filtering. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump describeTypes. [Raphaël Vinot] + +Fix +~~~ +- Properly use the edited flag. [Raphaël Vinot] +- Add setter for Attribute in MISPEvent. [Raphaël Vinot] +- Forgotten calls to master class. [Raphaël Vinot] +- Properly call datetime.datetime.utcfromtimestamp. [Raphaël Vinot] +- Fix typo. [Raphaël Vinot] +- Fix python2.7 support. [Raphaël Vinot] +- Initialize default class parameters. [Raphaël Vinot] + + Fix #155 + +Other +~~~~~ +- Fix MISPObject missing distribution and sharing_group_id. [Christophe + Vandeplas] + + - fix MISPObject missing distribution concept + - fix language typo paramaters => parameters +- Document submodule downloading. [Christophe Vandeplas] +- Include documentation and examples in source dist. [Sebastian Wagner] + + +v2.4.84 (2017-12-13) +-------------------- + +New +~~~ +- Add methods to get taxonomy(ies) [Raphaël Vinot] + + Thanks to @truckydev +- Add method to get all the events modified in an interval. [Raphaël + Vinot] + +Changes +~~~~~~~ +- Bump misp-objects. [Raphaël Vinot] +- Bump Changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Make the library easier to use. [Raphaël Vinot] +- Allow to pass a pseudofile to LIEF. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Update changelog. [Raphaël Vinot] + +Fix +~~~ +- Disable pseudofile support in py2, skip tests. [Raphaël Vinot] +- Typo in error output text description. [Eric Jaw] + +Other +~~~~~ +- Further tests added (for public methods) [Stefan Hagen (Individual)] +- Changed asserts from dict usecases to set comparison to workaround non + 3.6 behavior. [Stefan Hagen (Individual)] +- Enhance coverage and fix en passant with focus on api. [Stefan Hagen + (Individual)] +- - Correction for 'last' param. 'last' gives the latest events that + have been published - add get_events_last_modified() this function + returns the modified events based on timestamp. [Tristan METAYER] + + +v2.4.83 (2017-12-06) +-------------------- + +New +~~~ +- Add get CSV method. [Raphaël Vinot] + +Changes +~~~~~~~ +- Allow to pass a proxy to query VT. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Bump version to 2.4.83. [Raphaël Vinot] +- Do not get the event from the server before publishing if + PyMISP.publish gets an ID. [Raphaël Vinot] +- Add live tests for recommended pymisp version and describeTypes up-to- + date. [Raphaël Vinot] +- Add a way to check if the ACL is up-to-date. [Raphaël Vinot] +- Add validators for describeTypes on the live instance. [Raphaël Vinot] +- Update PDF link to doc. [Raphaël Vinot] +- Add example file to push OpenIOC file to MISP. [Raphaël Vinot] + + chg: Add some imports in the tool's init file +- Bump misp-objects. [Raphaël Vinot] +- Change version number to master in the doc. [Raphaël Vinot] +- Add new objects: MISPUser and MISPOrganisation. [Raphaël Vinot] +- Add a generic MISP object generator. [Raphaël Vinot] +- Allow to add multiple attribute of the same type. [Raphaël Vinot] +- Add fast publish method. [Raphaël Vinot] + + Fix #86 +- Improve documentation. [Raphaël Vinot] + + Fix #121 + +Fix +~~~ +- Typo in the tests. [Raphaël Vinot] +- Typo in live tests. [Raphaël Vinot] +- Bump describeTypes.json. [Raphaël Vinot] + + Add testing + +Other +~~~~~ +- Improve the exception message for a server 500+ response with no + response content. [StrayLightning] +- Check for zero-length 500 response from the server and produce a + suitable error message. [StrayLightning] + + In experimenting with PyMISP I am triggering problems on the server I + am using. Occasionally the server will return a 500 response with a + message indicating an internal error, but more often than not it returns + a 500 response with no contents, and _check_response falls over itself, + generating hard-to-fathom exception from the json internals. + + This commit hardens _check_response by detecting zero-length responses + and raising a suitable exception. + + Also fix a missing bracket in one of the subsequent exception strings. +- Make FileObject creation work if lief parsing fails. [c-goes] +- Allow deletion of objects and object references. [c-goes] +- Update doc badge links. [Raphaël Vinot] +- Adding multiple named attributes require a single POST request now. + [3c7] +- Fixed typo. [c-goes] +- - Remove CIRCL reference from README.md - Updated 2 bad indentations + where epydoc was Warning. [Steve Clement] +- Added default_category for email-message-id. [c-goes] +- Rework of the feed generator. [iglocska] + + - use objects, attribute tags and object references correctly + - generate quickhashlist for fast lookups / future MISP caching mechanism + - saner structure (herp-a-derp) + + +v2.4.82 (2017-11-09) +-------------------- + +New +~~~ +- Proper debug system. [Raphaël Vinot] + + Make it easy to investigate the json blobs sent to the server. + +Changes +~~~~~~~ +- Bump PyMISP version. [Raphaël Vinot] +- Bump CHANGELOG. [Raphaël Vinot] +- Bump misp-objects. [Raphaël Vinot] +- Update readme for new logging system. [Raphaël Vinot] +- Small improvments in the logging system. [Raphaël Vinot] +- Properly use python logging module. [Raphaël Vinot] +- Update asciidoctor generator. [Raphaël Vinot] +- Remove warning if PyMISP is too new. [Raphaël Vinot] +- Add simple asciidoc generator for MISP event. [Raphaël Vinot] +- Update changelog. [Raphaël Vinot] + +Fix +~~~ +- Typo loger -> logger. [Raphaël Vinot] +- Let load unknown object relations in known templates. [Raphaël Vinot] + + This isn't recommended, but happens very often. +- Allow to load non-malware ZIP files in MISP Event. [Raphaël Vinot] + + Prior to his patch, any zip file loaded by MISP Event was unpacked and + processed as an excrypted malware from MISP. +- Properly pass the distribution when uploading a sample. [Raphaël + Vinot] +- Properly upload a sample in an existing event. [Raphaël Vinot] + + Fix https://github.com/MISP/PyMISP/issues/123 +- Properly set the distribution at event level. [Raphaël Vinot] + + fix #120 +- Properly pop the distribution key. [Raphaël Vinot] +- Update dependencies for VT generator. [Raphaël Vinot] + +Other +~~~~~ +- Fix test suite. [Raphaël Vinot] +- Created add_generic_object.py. [garanews] + + usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT + + Examples: + python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' + python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' + python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' +- Added vtreportobject and vt_to_misp example. [Thomas Gardner] +- Created add_generic_object.py. [garanews] + + usage: add_generic_object.py [-h] -e EVENT -t TYPE -d DICT + + Examples: + python3 add_generic_object.py -e 1683 -t email -d '{"subject":"The Pink Letter", "to":"jon@snow.org"}' + python3 add_generic_object.py -e 2343 -t person -d '{"first-name":"Daenerys", "last-name":"Targaryen", "place-of-birth":"Dragonstone"}' + python3 add_generic_object.py -e 3596 -t "domain|ip" -d '{"domain":"stormborn.org", "ip":"50.63.202.33"}' + + +v2.4.81.2 (2017-10-24) +---------------------- + +Changes +~~~~~~~ +- Version bump. [Raphaël Vinot] +- Update changelog. [Raphaël Vinot] + +Fix +~~~ +- Properly bundle object templates. [Raphaël Vinot] + + +v2.4.81.1 (2017-10-24) +---------------------- + +Changes +~~~~~~~ +- Bump version. [Raphaël Vinot] +- Do not raise an exception when the object template is unknown. + [Raphaël Vinot] + + + bump misp-object +- Bump misp-objects. [Raphaël Vinot] +- Allow to hard delete an attribute by ID. [Raphaël Vinot] +- Update comments. [Raphaël Vinot] +- Bump misp-objects and describeTypes. [Raphaël Vinot] + +Fix +~~~ +- Properly bundle object templates. [Raphaël Vinot] +- Fix typos and logic mistakes in mispevent. [Raphaël Vinot] +- Fix travis build. [Raphaël Vinot] +- Min required version of setuptools. [Raphaël Vinot] +- Improve dependencies listing. [Raphaël Vinot] + + Partial fix for #110 +- Missing default category. [Raphaël Vinot] + + Fix #119 + +Other +~~~~~ +- Update openioc.py. [Andras Iklody] +- Added **kwargs to add_named_attribute call in add_attachment. + [tssbo82] +- Update README. [Raphaël Vinot] +- Update changelog. [Raphaël Vinot] + + +v2.4.81 (2017-10-09) +-------------------- + +Fix +~~~ +- Changelog config + update. [Raphaël Vinot] + +Other +~~~~~ +- Up: bump version. [Raphaël Vinot] +- Up: Bump misp-objects. [Raphaël Vinot] + + +v2.4.80.1 (2017-10-04) +---------------------- + +Changes +~~~~~~~ +- Update changelog. [Raphaël Vinot] + +Fix +~~~ +- Change readme. [Raphaël Vinot] +- Create file object. [Raphaël Vinot] + + Was broken in case the file was neither PE/ELF/Mach-O +- Allow again to tag/delete unsaved attributes. [Raphaël Vinot] +- Live tests. [Raphaël Vinot] +- Import the openioc converter from tool again. [Raphaël Vinot] + +Other +~~~~~ +- Up: Version bump. [Raphaël Vinot] +- Up: Bump misp-objects & describeTypes. [Raphaël Vinot] +- Update readme. [Raphaël Vinot] +- Similar to #114 on attribute level. [cgi1] + + `add_attribute_tag(tag,attribute_identifier)` fails if attribute does not have any tag in before. +- Fixing #114. [cgi1] +- Formatted "Unknown MISP object" error message. [infosec-intern] + + When a user tries to add an object with a name that doesn't exist, the error thrown was missing its format string + This ended up looking like + pymisp.exceptions.UnknownMISPObjectTemplate: {} is unknown in the MISP object directory. + Here's a patch that adds self.name to the format string +- TST: skip test with optional files if not existing. [Sebastian Wagner] +- TST: update test requirements. [Sebastian Wagner] +- Update: make make_binary_objects more flexible. [Raphaël Vinot] + + fix: use proper exception handlers + + +v2.4.80 (2017-09-18) +-------------------- +- Properly initialize a new malware sample. [Raphaël Vinot] +- Permission issue... [Alexandre Dulaunoy] +- Bump misp object. [Raphaël Vinot] +- Allow to get the list of known types out of MISPEvent again. [Raphaël + Vinot] +- Changed source => object / destination => referenced. [iglocska] +- Use MISPAbstract as a master class everywhere. [Raphaël Vinot] + + This is probably breaking everything.... ¯\_(ツ)_/¯ +- Bump miso-objects. [Raphaël Vinot] +- Changed two fields in object references. [iglocska] + + - source_uuid => object_uuid + - destination_uuid => referenced_uuid +- Some more refactoring. [Raphaël Vinot] +- Some more refactoring and cleanup. [Raphaël Vinot] +- Update object definitions. [Raphaël Vinot] +- Update PE generator. [Raphaël Vinot] +- Refactoring in order to load objects. [Raphaël Vinot] +- Add support for multiple entries of the same type in an object. + [Raphaël Vinot] +- Remove some python versions from travis. [Raphaël Vinot] +- Do not try to run code requiring lief. [Raphaël Vinot] +- Remove ImportError. [Raphaël Vinot] +- Install deps in travis. [Raphaël Vinot] +- Update tests. [Raphaël Vinot] +- Do not fail if pymisp is not installed. [Raphaël Vinot] +- Add support for ELF and MachO objects. [Raphaël Vinot] +- Update get_template_id, cleanup. [Raphaël Vinot] +- Refactor all the things. [Raphaël Vinot] + + Add script for MISP core, make everything generic. +- Fixing undefined ressources_path. [edhoedt] +- Update function names in mispevent. [Raphaël Vinot] +- Re-enable python < 3.5 support. [Raphaël Vinot] +- Update file/pe/pe-sections objects creator. [Raphaël Vinot] +- Doesn't require describe_types in MISPAttribute's constructor. + [Raphaël Vinot] +- Update accordingly to the current server implementation. [Raphaël + Vinot] +- Re-enable python2 support... [Raphaël Vinot] +- Initial commit supporting MISP Objects. [Raphaël Vinot] +- ChangeLog updated to the latest version. [Alexandre Dulaunoy] + + +v2.4.79 (2017-08-25) +-------------------- + +New +~~~ +- Add ZMQ publishing method. [Hannah Ward] + +Other +~~~~~ +- Version bump. [Raphaël Vinot] +- Exact match on the value when adding tag. [Raphaël Vinot] +- Update README.md. [Deventual] +- Improve event ID detection in publish method. [Raphaël Vinot] +- Update api.py. [Deventual] +- Implemented much faster publish method to replace the old one. + [Deventual] + + new publish method that is less resourceful and also having the ability to send emails (same as the web interface). + The method depends on the publish misp api method instead of update. +- Update path to roles API. [Raphaël Vinot] +- Fix typo in variable name. [Raphaël Vinot] +- Fixing undefined ressources_path. [edhoedt] +- Allow to load the event_id in MISPAttrbute. [Raphaël Vinot] +- Doesn't require describe_types in MISPAttribute's constructor. + [Raphaël Vinot] +- Fix shebangs and executable permissions. [Sebastian Wagner] + + Files containing a shebang should be executable (examples/*.py) + Non-executable files should not contain a shebang (pymisp/...) + + spotted with rpmlint +- Fix typo in the method name. [Raphaël Vinot] +- Update describe types. [Raphaël Vinot] +- Improve document generation. [Raphaël Vinot] +- Add test of the authkey, update warnings. [Raphaël Vinot] +- Remove useless import. [Raphaël Vinot] +- Search paramaters validation. [Raphaël Vinot] + + Fix #96 +- Allow to pass a bytestream to upload_sample. [Raphaël Vinot] + + Fix #101 +- Add sample for get_attachment. [Raphaël Vinot] +- Fix get_attachment. [Raphaël Vinot] + + Fix #105 +- Update describeTypes.json. [Raphaël Vinot] +- Allow to list roles and tags on a MISP instance. [Raphaël Vinot] +- Improve errors flattening. [Raphaël Vinot] + + +v2.4.77 (2017-07-12) +-------------------- + +New +~~~ +- Added changelog in-repo fixes #75. [Hannah Ward] +- Enable async option for search() [Hannah Ward] +- Added async method for search_index. [Hannah Ward] +- Added base async imports. [Hannah Ward] + +Fix +~~~ +- If array passed to add_attrib, add each individually. [Hannah Ward] +- Don't even bother trying with futuressession if Async isn't ok fixes + #85. [Hannah Ward] +- Added docstring for search. [Hannah Ward] +- Add docstring for asynch. [Hannah Ward] +- Can't instantiate basestring fixes #76. [Hannah Ward] + +Other +~~~~~ +- Version bump. [Raphaël Vinot] +- Avoid a comment set to NoneNone. [Raphaël Vinot] + + Fix https://github.com/MISP/misp-modules/issues/127 +- Add handling a string response. [Alex Bolshakov] + + To avoid AttributeError when variable to_return is a string with a value "Pull queued for background execution." +- Simplfy MISPEvent.add_attribute. [Raphaël Vinot] +- Revert "Simplfy MISPEvent.add_attribute" [Raphaël Vinot] + + This reverts commit f64f42ac71c11349c1f7dcfc5bf4b2d7c55a0e25. +- Simplfy MISPEvent.add_attribute. [Raphaël Vinot] +- Revert "Fix OpenIOC import" [Raphaël Vinot] + + This reverts commit acd6d8b0523963baecb3b6e8f4c77b1466045dd4. +- Fix OpenIOC import. [Raphaël Vinot] +- Exposing more feeds functions (for which _isRest() is available) to + the API. [raw-data] +- Fix args.quiet and status msgs. [raw-data] +- Example script to invoke the cache_all_feeds() from PyMISP. + [obsidianpentesting] +- Simple function to cache all feeds at once. This is almost identical + to fetch_feed. In the future, I would like to specify the scope to + include other values. [obsidianpentesting] +- Doc version updated to 2.4.71. [Alexandre Dulaunoy] +- Add multithreaded suricata search code, fetching ids rules based on + parameters and terms. [raw-data] +- Use misp_verifycert. [Alexander J] + + from keys.py +- Fix missing %s in debug. [aparriel] + + Missing %s in logger.debug call lead to error. +- Use misp_verifycert. [Alexander J] + + misp_verifycert +- Create README.md. [Alexander J] +- Add support for freetext import in the API. [Raphaël Vinot] +- Typo fixed. [Alexandre Dulaunoy] + + Paris is not the center of the world as the idiot of the World village + would said. +- Create fetch_events_feed.py. [CheYenBzh] +- Add function to fetch all events from a feed. [CheYenBzh] + + Function takes the feed id as argument (-f). +- Make pep8 happy. [Raphaël Vinot] +- Fix not_values type check in __prepare_rest_search. [George] +- Correction for https://travis-ci.org/MISP/misp-modules/jobs/231065469. + [Tristan METAYER] + + code refactoring + + add new composite +- Cleanup warning function. [Raphaël Vinot] +- Fix typos. [Raphaël Vinot] +- Remove unused variable. [Tristan METAYER] +- Remove category It will be automaticly detected + https://github.com/MISP/PyMISP/blob/master/pymisp/tools/openioc.py. + [Tristan METAYER] +- Revert tab to escape. [Tristan METAYER] +- Ajout de mapping Ajout de la prise en compte d'autre composite. + [Tristan METAYER] +- Fix checks of recommended version. [Lukas Bernhard] +- Add exception types to api.py. [fluxas] +- Use logging instead of print; deprecate debug param. [fluxas] +- Normalize output between misp.search_index and misp.search Fix issue: + https://github.com/CIRCL/PyMISP/issues/78. [Paul A] +- Fixed the JSON output format (\n breaks JSON loading afterwards) [Paul + A] +- Add: gitchangelogrc configuration file added. [Alexandre Dulaunoy] +- Quick and dirty fix for #97. [Raphaël Vinot] +- Update offline tests. [Raphaël Vinot] +- Fix testing. [Raphaël Vinot] +- Test: add test for user and organisation. [Adrien RAFFIN] + + This is a proposition of test to create a user and an organisation in MISP +- Allow to pass some parameters as False or 0. [Raphaël Vinot] + + When creating or updating users and organisations + + Fix #70 +- Use POST instead of get in search_index. [Raphaël Vinot] + + Fix #73 +- Fix typos and pep8. [Raphaël Vinot] + + +v2.4.71 (2017-04-11) +-------------------- + +Fix +~~~ +- Pass disable_correlation flag from add_attribute. [Hannah Ward] +- Add default values for mandatory variable. [Adrien RAFFIN] +- Org_type was not the correct variable. [Adrien RAFFIN] +- Raise exception if uuid not setted in remote org. [Adrien RAFFIN] +- Update script had `latest`'s docstrings. [Hannah Ward] +- Don't double-json-encode when sending proposals. [Hannah Ward] +- Entrypt isn't a word! fixes #59. [Hannah Ward] + +Other +~~~~~ +- Update types. [Raphaël Vinot] +- Version Dump. [Raphaël Vinot] +- Feat: add filter to specify which organisation to list. [Adrien + RAFFIN] +- Update validation. [Raphaël Vinot] + + * Allow strict validation + * Add workaround to avoid all JSON dumps from MISP <=2.4.70 to fail +- Update test file. [Raphaël Vinot] +- Update last.py. [Paul] +- Updated last.py to dump json results straight away. [Paul] + + Output was not usable with cli utilities such as: ```cat results.json | python -m simplejson.tool```. + It's now usable and works perfectly. +- Treemap.py requirements updated in the README.MD file. [Student CIRCL] +- Major rewrite of the schema. [Raphaël Vinot] +- Return json when adding attributes. [Richard van den Berg] +- Properly display deprecation warning. [Raphaël Vinot] +- Fix python 3 support. [Raphaël Vinot] + + Fix #94 +- Cleanup misp2clamav. [Raphaël Vinot] +- Add misp2clamav. [Richard van den Berg] +- Extended the Windows fix to lines 168 and 471. [Nick Driver] +- Publish_timestamp Windows 7 Fix. [Nick Driver] + + On Windows 7 datetime.datetime.fromtimestamp(int(0)) returns a date before 1970, which causes the script to crash. This fixes the bug. +- Allow to pass a MISPEvent to add_event and update_event. [Raphaël + Vinot] +- Add an attributes to an event without sending the full existing event. + [Raphaël Vinot] +- Allow to pass None to to_ids, default to sane default. [Raphaël Vinot] +- Small change to make travis happy. [iglocska] + + - attribute_count default changed to 0 in misp +- Fix add_domain_ip. [Déborah Servili] +- Example using the search() function. [Nick Driver] + + Accepts specific parameters from search() instead of just using search_all(). +- Update types, allow 0 as attribute value. [Raphaël Vinot] + + +v2.4.68 (2017-03-09) +-------------------- +- Version bump. [Raphaël Vinot] +- Fix tests. [Raphaël Vinot] +- Using the facilities introduced by MISP commit + bdbd0920ba760a514cffdb30cc741b61b589d9da (fix: attachTagToObject and + removeTagFromObject now accept posted JSON objects) [rmarsollier] +- Throw exception for invalid uuid. [rmarsollier] +- Example using tag() function instead of add_tag() [rmarsollier] +- Reorganisation, make add attribute more flexible. [Raphaël Vinot] +- Properly split ip:port for ipv4 (openioc import) [Raphaël Vinot] +- Properly support CDATA fields in OpenIOC files. [Raphaël Vinot] + + +v2.4.67 (2017-02-27) +-------------------- +- Install PyMISP with python3 by default. [Raphaël Vinot] + + Because reasons. +- Version bump. [Raphaël Vinot] +- Allow to pass a pseudo file to OpenIOC loader. [Raphaël Vinot] +- Security fix: do not try to load any valid path as a MISP Event. + [Raphaël Vinot] + + The MISP Event loader was trying to open any string passed as parameter + if is an existing filepath. Anything that isn't a valid MISP event would + raise an exception, but I can see it used for malicous purposes. + + load_file is will do the same, but the user can decide if it is safe to + use. +- Allow filenames with regexes. [Raphaël Vinot] + + Fix #52 +- Feature: Adds new methods to edit servers in MISP. [Sebastien Quioc] +- Feature: Adds new methods to add new servers in MISP. [Sebastien + Quioc] +- Feature: Add support for authkey in PyMISP operations. [Adrien RAFFIN] +- Update tests. [Raphaël Vinot] + + Fix #86 +- Allow 'Your organisation only' distribution for attributes. [Richard + van den Berg] +- Potential fix for the errors not being picked up by pymisp from the + response "errors" field. [iglocska] +- Add method to set sightings from a string. [Raphaël Vinot] +- Fix travis online. [Raphaël Vinot] +- Update bundled-in describeTypes.json. [Raphaël Vinot] +- Added creator email field to the assertions. [iglocska] + + +v2.4.65 (2017-02-09) +-------------------- + +Fix +~~~ +- Don't auto-publish events. [Hannah Ward] + +Other +~~~~~ +- Version dump. [Raphaël Vinot] +- Add support for {attach,remove}TagToObject. [Raphaël Vinot] + + Fix #47 +- Add legend. [Déborah Servili] +- YARA dumper for all rules. [Christophe Vandeplas] + + This dumper also does YARA rule validation, ignores invalid rules and prevents duplicate rule names. The output is a file called misp.yara which can be used with your favorite YARA tool. +- Get_all_attributes_txt - support the additional flags. [Christophe + Vandeplas] +- Restore file deleted by mistake. [Déborah Servili] +- Add ta_scatter.py script & reorganise tools. [Déborah Servili] +- Fix error message. [Raphaël Vinot] + + +v2.4.63 (2017-01-31) +-------------------- +- Version bump. [Raphaël Vinot] +- Fix regression. [Raphaël Vinot] + + Fix #46 + + +v2.4.62.1 (2017-01-27) +---------------------- + +Changes +~~~~~~~ +- Allow for old-style tag add. [Hannah Ward] + +Other +~~~~~ +- Version bump. [Raphaël Vinot] +- Fix testing. [Raphaël Vinot] +- Bug fixes. [Raphaël Vinot] + + * Improve version checking + * Fix attribute update +- Allow to add a tag to a MISPEvent and MISPAttribute. [Raphaël Vinot] +- Make it little more readable. [Alexander J] + + guess that way it is easier to understand + + +v2.4.62 (2017-01-26) +-------------------- + +New +~~~ +- Added ability to disable correlation on attributes. [Hannah Ward] +- Added ability to add attachments to events. [Hannah Ward] + +Changes +~~~~~~~ +- Updated api.py docstrings to comply with PEP257. [Hannah Ward] + +Other +~~~~~ +- Fix python3 support. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Add orgs managment. [Raphaël Vinot] +- Run on more python versions. [Raphaël Vinot] +- Exemple addtag (dirty) [Déborah Servili] +- Fix last commit. [Raphaël Vinot] +- Wrong use of API for dateuntil. [Koen Van Impe] + + PyMISP uses “dateto” whereas the API expects “dateuntil”. + https://github.com/MISP/misp-book/tree/master/automation +- Refactoring search method. [Raphaël Vinot] +- Revert "Add options to restsearch calls." [Raphaël Vinot] + + This reverts commit 3241e415b5cb166fffb14dcc1ac3beb7bde8d883. +- Add options to restsearch calls. [Raphaël Vinot] + + Related to: + https://github.com/MISP/MISP/commit/8c63e6f3d54a262bc4bf6f77138c058287be5826 +- Doc link updated. Fix #39. [Alexandre Dulaunoy] +- Minor documentation clarification. [Christophe Vandeplas] +- Fix typo. [Raphaël Vinot] +- Fix last commit. [Raphaël Vinot] +- Add support for attribute level tagging. [Raphaël Vinot] +- Fix travis. [Raphaël Vinot] +- + separate function change_sharing_group using update_event. [cgi] +- Allow to update an event by UUID, syntax fixes. [Raphaël Vinot] +- Update tests. [Raphaël Vinot] +- Fix get sharing groups. [Raphaël Vinot] + + Fix #79 +- Add new key in online test. [Raphaël Vinot] +- Idem. [Tristan METAYER] +- Refere to FloatingGhost comment. [Tristan METAYER] +- Add uuid serch with pymisp. [Tristan METAYER] +- Load RelatedEvent as MISPEvent. [Raphaël Vinot] + + Fix #76 +- Allow to mark an attribute as deleted in a MISPEvent. [Raphaël Vinot] + + Related to #33 +- Fix typo in comments of 'search_index' method definition. [Georges + Bossert] +- Add warning of PyMISP and MISP version don't match. [Raphaël Vinot] +- Fix sharing group distribution level. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/1761 + + +v2.4.56 (2016-12-09) +-------------------- +- Add basic support for Galaxy. [Raphaël Vinot] +- Bump to v2.4.56. [Raphaël Vinot] +- Allow to change the to_ids flag of an attribute. [Raphaël Vinot] +- Add support for data field (malware-sample) [Raphaël Vinot] +- Fix tests. [Raphaël Vinot] +- Ignore order in event. [Raphaël Vinot] +- Fix typo in add_mutex. [Raphaël Vinot] +- Added galaxyies to the test. [Iglocska] +- Reorganize json dumps. [Raphaël Vinot] +- Map() is a generator in Python3. [Nicolas Bareil] +- Python3 does not like lambda (x,y) syntax. [Nicolas Bareil] +- Unit-tests. [Nicolas Bareil] +- Capitalizeformat() does not exist on Python2 and fix category + variables. [Nicolas Bareil] +- Factorize all add_* in favor of add_named_attribute() [Nicolas Bareil] + + Not tested... +- Fixed missing parenthesis. [morallo] +- Fixed synthax error. [morallo] +- Solved warnings in tests when run under Python3. [morallo] +- Added test case for search_index by tag. [morallo] +- Fix neo4j. [Raphaël Vinot] +- Remove crazy replace. [Raphaël Vinot] +- Use misp_stix_converter.converters.convert's load_stix method. [Hannah + Ward] +- Improve debug mode. [Raphaël Vinot] +- More granularity in the verification. [Raphaël Vinot] +- Allow to pass a passphrase as parameter for signing. [Raphaël Vinot] +- Avoid error if pyme3 isn't installed. [Raphaël Vinot] +- Bump recommended python3 version. [Raphaël Vinot] +- Add signing support for MISP events. [Raphaël Vinot] + + +v2.4.54 (2016-11-16) +-------------------- +- Version bump. [Raphaël Vinot] +- Update missing dependency exception. [Raphaël Vinot] +- Fix documentation generation. [Raphaël Vinot] +- Set user parameters in a function. [Raphaël Vinot] +- Allow to set org_id and orgc_id when creating a new MISPEvent. + [Raphaël Vinot] + + Squashed commit of the following: + + commit 8a5dfda8a728d8722dfba890729066948e744e44 +- Fix openioc loader, update mapping. [Raphaël Vinot] +- Neo4j stuff moved into graphdb directory. [Alexandre Dulaunoy] +- Moving Neo4j into graphdb. [Alexandre Dulaunoy] +- Improvements in the user api. [Déborah Servili] +- Fix package installation. [Raphaël Vinot] +- Add some mapping to openioc, add python version in the user agent. + [Raphaël Vinot] +- Initial version of the OpenIOC loader. [Raphaël Vinot] +- Add query example. [Raphaël Vinot] +- Fix forgotten import. [Raphaël Vinot] +- Update import. [Raphaël Vinot] +- Add helper tool to load STIX objects. [Raphaël Vinot] +- Fix Python2 - Python3 support. [Raphaël Vinot] +- Cleanup neo4j support. [Raphaël Vinot] +- Add simple script to push MISP events into Neo4j. [Raphaël Vinot] +- Properly warn if the user is using python2. [Raphaël Vinot] +- Allow to load a MISP event without attributes. [Raphaël Vinot] +- Add user management and examples. [Déborah Servili] +- Add example add_named_argument.py. [Déborah Servili] + + +v2.4.53 (2016-10-21) +-------------------- +- Bump to v2.4.53. [Raphaël Vinot] +- Cleanup. [Raphaël Vinot] +- Including Network-Other option for API. [Tom] +- Fix Python2 support. [Raphaël Vinot] +- Print a warning in case python2 is used. [Raphaël Vinot] +- Fix schemas. [Raphaël Vinot] +- Remove test import. [Déborah Servili] +- Update comment. [Déborah Servili] +- Use only metadata in situational awareness tags functions. [Déborah + Servili] +- Add metadata flag to search. [Déborah Servili] +- Fix indentation. [Déborah Servili] +- Fix date formatting in mispevent.py + some PEP8 cleaning. [Déborah + Servili] +- Fix situational-awareness examples. [Déborah Servili] +- Avoid validation issue if attribute_count is none. [Raphaël Vinot] +- Fix flatten. [Déborah Servili] +- Add forgotten variable. [Raphaël Vinot] +- Fix test. [Raphaël Vinot] +- Use sane_defaults from describeTypes.json if unable to fetch it from + the instance. [Raphaël Vinot] +- Do not dump an empty list of attrbutes. [Raphaël Vinot] +- Raise exception if the dest instance is < 2.4.52, set User-Agent. + [Raphaël Vinot] +- More logical output for _prepare_full_event. [Raphaël Vinot] +- Fix upload function. [Raphaël Vinot] +- Make sure all integers are string in the dumped json. [Raphaël Vinot] +- Fix python 2.7 support, add missing test file. [Raphaël Vinot] +- More cleanup. [Raphaël Vinot] +- Getting closed to a full support of a misp event as a Python Object. + [Raphaël Vinot] +- First batch of changes, will be squashed. [Raphaël Vinot] +- Fixed search_index. [Hannah Ward] +- Toggle flag instead of value. [Alexandre Dulaunoy] + + +v2.4.51.1 (2016-09-12) +---------------------- +- Version bump. [Raphaël Vinot] +- Fix examples after removal of MISP XML support. [Raphaël Vinot] +- Add some examples. [Déborah Servili] +- Add tags_to_graphs.py in ecamples/situational-awareness. [Déborah + Servili] +- Update examples/situational-awareness/README.md. [Déborah Servili] +- Update examples/situational-awareness/README.md. [Déborah Servili] + + +v2.4.51 (2016-08-29) +-------------------- +- Bump to 2.4.51. [Raphaël Vinot] +- Fix flattening, fix python2.7. [Raphaël Vinot] +- Cleanup create_events. [Raphaël Vinot] +- Improve testing. [Raphaël Vinot] +- Fix error flattening. [Raphaël Vinot] +- Add badge. [Raphaël Vinot] +- Update rendering doc. [Raphaël Vinot] +- Fix auto generation of doc. [Raphaël Vinot] +- Update doc. [Raphaël Vinot] +- Add doc. [Raphaël Vinot] +- Update documentation for client side certificate. [Raphaël Vinot] +- Add ssl client certificate support. [Richard van den Berg] +- Add auth error test. [Raphaël Vinot] +- Speed up et2misp. [Richard van den Berg] +- Add some more tests. [Raphaël Vinot] +- Add tests. [Raphaël Vinot] +- Update testing. [Raphaël Vinot] +- Add dependency. [Raphaël Vinot] +- Add travis. [Raphaël Vinot] +- Add forgotten files. [Raphaël Vinot] +- Initial version of the offline TestCases. [Raphaël Vinot] + + Related #56 + + +v2.4.50 (2016-08-17) +-------------------- +- Version bump. [Raphaël Vinot] +- Provide sane defaults for upload-sample/samplelist. [Jurriaan Bremer] + + Most of the arguments are unused when a proper event ID has been + provided, hence default them to standard values. +- Magic value enumerations. [Jurriaan Bremer] +- Allow multiple attributes to be sent off at once. [Jurriaan Bremer] + + Slightly worked out version of the suggestion by doomedraven in #42. +- Fix tests. [Raphaël Vinot] +- Add et2misp example. [Richard van den Berg] +- Fixed double status code check on helpers and other functions. [Thomas + King] +- Proper support of functions returning plain text instead of json. + [Raphaël Vinot] +- Fix prints in tests. [Sebastian Wagner] +- Fix calls to __prepare_session. [Raphaël Vinot] + + Fix #58 +- Change: remove XML output, all functions return a Python dictionary. + [Raphaël Vinot] +- Set default distribution for attributes to inherit. [Richard van den + Berg] +- Properly handle errors while fetching the types. [Raphaël Vinot] + + Fix #53 +- Add option to search function to only return attributes instead of + events. [Raphaël Vinot] + + +v2.4.49 (2016-08-02) +-------------------- +- Version bump. [Raphaël Vinot] +- Fix fetching method for tag_search and tags_count. [Raphaël Vinot] +- Caught exception on python3.4 where base64encode returns bytes and not + str, and bytes are not json encodable. This caused a failure in + upload_sample. [Kenneth Adam Miller] +- Fix PEP8. [Raphaël Vinot] +- Add support for proxies in the library. [Raphaël Vinot] + + Fix #48 +- Add a method to add a textual detection name under the 'Antivirus + detection' category. [Jessy Campos] +- Major refactoring of the SVG generator. [Raphaël Vinot] +- Initial refactoring, PEP8 and cleanup. [Raphaël Vinot] +- Update README.md. [Deborah Servili] +- Make printed date more consistent + update README.md. [Déborah + Servili] +- Fixes: expected bytes, got in download_samples() [Nils] +- Added STIX retrieval - misp.get_stix(event_id=ID, + with_attachment=True/False, from_date=YYYY-MM- + DD, to_date=YYYY-MM-DD, tags=["tag1", "tag2"] + ) [Hannah Ward] +- Update tools.py. [Deborah Servili] + + Correct function isTagIn(dataframe, tag) +- Modify fetching method to use last. [Déborah Servili] +- Handling some NaN exceptions. [Déborah Servili] +- Rename examples/statistics/attribute_treemap.py to + examples/treemap/treemap.py. [Deborah Servili] +- Move files from examples/treemap to examples/situational-awareness/ + [Déborah Servili] +- Rename examples/treemap/treemap.py to + examples/statistics/attribute_treemap.py. [Deborah Servili] + + +v2.4.48.2 (2016-07-11) +---------------------- +- Version bump. [Raphaël Vinot] +- Add remove tag method. [Raphaël Vinot] +- Use same variable names as testing environment. [Raphaël Vinot] +- Make scripts executable. [Raphaël Vinot] +- Random names for dummy files. [Déborah Servili] +- Add examples "create_dummy_event" and "create_massive_dummy_events" + [Déborah Servili] +- Update README.md with install instructions. [Antonio Sánchez] +- Added function to AV detection link. [Antonio S] +- Added add_domain_ip attribute function. [Antonio S] +- Remove useless comments. [Déborah Servili] +- Add example "create attributes distribution treemap" [Déborah Servili] +- Fix python3 compat. Make Pep8 happy. [Raphaël Vinot] +- Make pep8 happy. [Raphaël Vinot] +- Comment removed. [Alexandre Dulaunoy] + + +v2.4.48.1 (2016-06-15) +---------------------- +- Fix check MISP latest version. [Raphaël Vinot] +- Add tag script. [Raphaël Vinot] +- Make pep8 happy. [Raphaël Vinot] + + +v2.4.48 (2016-06-09) +-------------------- +- Tag version 2.4.48. [Raphaël Vinot] +- Add function get_tags_statistics. [Déborah Servili] +- File indention fixed. [Alexandre Dulaunoy] +- Add function get_sharing_groups. [Déborah Servili] +- Form. [ANSSI-BSO-D] +- Init for ioc-2-misp. [Tristan METAYER] +- Add Attribute by named category and type. [KevTheHermit] +- Add function for sighting using attribute id, uuid or a json file. + [Déborah Servili] +- More stats example. [Alexandre Dulaunoy] +- Debug print removed. [Alexandre Dulaunoy] +- Statistics test script added. [Alexandre Dulaunoy] +- Add function get_attributes_statistics. [Déborah Servili] +- Add 'add_yara' to upload yara rules, increase flexibility of config. + [Raphaël Vinot] + + fix #38 + + +v2.4.36 (2016-04-15) +-------------------- +- Update version to v2.4.36. [Raphaël Vinot] +- Add comment field in upload_sample. [Déborah Servili] +- Add function add filename. [Déborah Servili] +- Type-category association checking automated. [Déborah Servili] +- Removing some unnecessary checks. [Déborah Servili] +- Type-category association checking automated. [Déborah Servili] +- Add SSDEEP and FILENAME|SSDEEP support. [Nick Driver] +- Add internal reference attributes. [Nick Driver] +- Added the option to filter out attributes based on distribution level. + [Iglocska] +- Type-category association checking automated. [Déborah Servili] +- Add SSDEEP and FILENAME|SSDEEP support. [Nick Driver] +- Add internal reference attributes. [Nick Driver] +- Added the option to filter out attributes based on distribution level. + [Iglocska] +- Correct module help. [Déborah Servili] +- Capitalisation issues. [Iglocska] +- Ann missing categories in the authorized ones. [Raphaël Vinot] +- Revert "Add upload_attachment" [Raphaël Vinot] + + This reverts commit 6db19ace9eb7d69aecd4708a000b13e9eba741aa. +- Revert "Use correct function to upload an attachment" [Raphaël Vinot] + + This reverts commit 1b7877dd0652ff12a6fdef5b51d392a578f575e7. +- Make PEP8 happy. [Raphaël Vinot] +- Use correct function to upload an attachment. [Raphaël Vinot] + + Fix #33 +- Designed in same style as search, all attributes can be used. [=] +- Fix pep8. [Raphaël Vinot] +- Add upload_attachment. [Tristan METAYER] +- Improve examples. [Raphaël Vinot] +- Update version to 2.3. [Raphaël Vinot] +- Make pep8 happy. [Raphaël Vinot] +- Python 2/3 compatible, urllib module. [Thomas King] +- Added in searchable indexes, only brings back index and count etc, not + results within the index. [Thomas King] +- Add method change_threat_level. [Sébastien Larinier] +- Add threat actor through API, Create new tag. [Thomas King] +- Add add_tag method to an event and value 5 to distribution attribute. + [Sébastien Larinier] +- Add method to export txt all attributes by type. [Sébastien Larinier] +- Check if objectType exists in event. [Koen Van Impe] + + Prevent failing when f.e. an event does not have a tag. +- Updated the feed generator. [Iglocska] + + - only save fields that are actually necessary and don't reveal too much of unneeded information (such as correlation) + - add contextual fields to the manifest +- Remove a small bug introduced by previous commit. [Alexandre Dulaunoy] +- Update yara.py. [Alexander J] +- Update upload.py. [Alexander J] +- Update searchall.py. [Alexander J] +- Update get.py. [Alexander J] +- Update last.py. [Alexander J] +- Script for the upcoming feed generator. [Iglocska] + + - also some minor modifications to the get_index api +- Update testcases for 2.4. [Raphaël Vinot] +- Initial Tags API. [Raphaël Vinot] +- Normalize error messages. [Raphaël Vinot] +- Add debug option. [Raphaël Vinot] +- Fix KeyError when no results in time period. [Will Urbanski] + + Fix a KeyError when no results were found for the specified time period. +- Threat level id is from 1 to 4 (not from 0 to 3) [Alexandre Dulaunoy] + + https://github.com/MISP/MISP/issues/729 +- Reverted my previous commit that broke an assertion. [iglocska] +- Print the event so we can see what travis is trying to compare + against. [iglocska] + + - should help with the debugw +- Fixed an invalid assertion. [iglocska] + + - attribute count is None not u'0' when no attributes exist (should be fixed on MISP side in the long run) +- Fixed a typo causing the tests to fail. [iglocska] +- README updated including keys.py usage. [Alexandre Dulaunoy] +- Authentication parameters updated. [Alexandre Dulaunoy] +- Auth parameters updated. [Alexandre Dulaunoy] +- Updated auth parameters. [Alexandre Dulaunoy] +- Normalized auth parameters. [Alexandre Dulaunoy] +- Normalized auth parameters. [Alexandre Dulaunoy] +- Sample keys file added. [Alexandre Dulaunoy] +- Normalized auth parameters. [Alexandre Dulaunoy] +- Normalized auth parameters. [Alexandre Dulaunoy] +- Auth parameters normalized. [Alexandre Dulaunoy] + + +v2.1.1 (2015-11-05) +------------------- +- Add add_ipsrc. [Raphaël Vinot] +- Add basic support for the proposal API. [Raphaël Vinot] +- Whitespace cleaned. [grolinet] +- Helper methods added. [grolinet] +- Missing types added. [unknown] +- Missing types added. [unknown] +- Missing types added. [unknown] +- [UnitTest] Add some functions, testing. [Raphaël Vinot] +- Improve error handling. [Raphaël Vinot] + + +v2.0.1 (2015-09-22) +------------------- +- Add test cases (initial) [Raphaël Vinot] +- Fix typo in categories names. [Raphaël Vinot] +- Check the MISP instance to query is valid. [Raphaël Vinot] + + And return a json object from upload_sample. +- Force json if nothing else is supported. [Raphaël Vinot] +- Better error handling of no URL/Key are passed. [Raphaël Vinot] +- Add support for downloading unzipped samples. [Raphaël Vinot] +- Add version-related methods. [Raphaël Vinot] +- Add methods to query the version of MISP (master and local) [Raphaël + Vinot] +- Add publish method. [Raphaël Vinot] + + +v1.8.2 (2015-09-12) +------------------- +- Try to convert event ID to integer if not None. [Raphaël Vinot] + + +v1.8.1 (2015-09-12) +------------------- +- Fix bug in download sample function. [Raphaël Vinot] + + Thanks to @kevthehermit +- Timestamp not needed to update an event. [Raphaël Vinot] + + Fix #18 +- Restore python3 support. [Raphaël Vinot] +- Cleanup + add helpers for network attributes. [Raphaël Vinot] +- Add helpers to update events with specific attributes. [Raphaël Vinot] +- Reorganise. [Raphaël Vinot] +- Multiple updates, cleanup. [Raphaël Vinot] + + * Remove attribute (Fix #4) + * Deprecate pure XML API + * Cleanups and fixes in the upload file functionality +- Fix download of samples with the new archive format. [Raphaël Vinot] +- Add Yara rules download support (by event) [Raphaël Vinot] +- Fix license mentioned in setup.py. [Raphaël Vinot] + + fix #16 +- Events id are integers not strings. [Alexandre Dulaunoy] +- Dump the entire event including the 'Event' container element. + [iglocska] +- Add test scripts to get and update an event. [Raphaël Vinot] +- Fix bug introduced by using urljoin. [Raphaël Vinot] +- Add sample download. [Raphaël Vinot] +- Add search all. [Raphaël Vinot] +- Increase flexibility of upload sample. [Raphaël Vinot] +- Fix last commit. [Raphaël Vinot] +- Initial changes to increase flexibility for Viper module. [Raphaël + Vinot] + + +v1.1.2 (2015-08-05) +------------------- +- Fix PyPi package. [Raphaël Vinot] +- Add netflow filter output. [Koen Van Impe] + + - get event data for event with “—event X” + - get netflow filter with “—netflow” + simple host X or host X +- Add last param to restSearch + example script. [Raphaël Vinot] +- Cleanup of the upload API. [Raphaël Vinot] +- Preliminary version of the file uploader. [Raphaël Vinot] +- Add test script to add attachement to event. [Raphaël Vinot] +- Bug fix: get_index now works properly and return the events index. + [Alexandre Dulaunoy] + + An bug was introduced and appending "{}" to the /index url which + gives a 404 on a MISP server. +- API made a bit more flexible with input data. [Iglocska] + + - input for add_event() and update_event() can now be a JSON object, JSON string, XML +- Fix to an issue with using XML as input for add_event() and + update_event() [Iglocska] + + - also a change to the copy_list.py script to account for the change +- Add 2 download functions of suricata rules events. [Debra Jules] +- Update / Add need a JSON object as data. [didelphodon] + + ... furthermore content-type application was necessary otherwise MISP-REST API refuses to work as expected, at least with my installation. +- Make the code python3 friendly. [Raphaël Vinot] +- Make PEP8 Happy. [Raphaël Vinot] +- Use JSON POST to do the search. [Raphaël Vinot] +- Example script to download MISP network activity. [Koen Van Impe] +- Documentation reference added. [Alexandre Dulaunoy] +- Add license. [Raphaël Vinot] +- Support update events. [Raphaël Vinot] +- Small cleanup, update to 1.0.1. [Raphaël Vinot] +- Add the following options: [Raphaël Vinot] + + - possibility to copy in one direction or the other between instance + - add loop to simply put event ids to copy +- Add readme. [Raphaël Vinot] +- Add installer, proper copy script. [Raphaël Vinot] +- Add support for self-signed certificate. [Raphaël Vinot] + + Add comments +- Add search by organisation. [Raphaël Vinot] +- Add export-import of a list. [Raphaël Vinot] +- Cleanup style. [Raphaël Vinot] +- Support xml and json copy. [Raphaël Vinot] +- Delete export_import.py. [Raphaël Vinot] +- Fix event_add, add example. [Raphaël Vinot] +- Make the API a class. [Raphaël Vinot] +- Json export is not supported everywhere. [Raphaël Vinot] +- Some testing. [Raphaël Vinot] +- Initial commit. [Raphaël Vinot] + + diff --git a/Changelog-misp-galaxy.txt b/Changelog-misp-galaxy.txt new file mode 100644 index 0000000..0174c6e --- /dev/null +++ b/Changelog-misp-galaxy.txt @@ -0,0 +1,6184 @@ +# Changelog + + +## v2.4.151 (2021-11-19) + +### Changes + +* [att&ck] update to ATT&CK v10. [Christophe Vandeplas] + +* [malpedia] remove duplicate. [Alexandre Dulaunoy] + +* [malpedia] duplicates removed. [Alexandre Dulaunoy] + +* [malpedia] updated. [Alexandre Dulaunoy] + +* [threat-actor] add origin country to UNC2452 & HAFNIUM. [Rony] + + addressed https://github.com/MISP/misp-galaxy/pull/660#issuecomment-884475015 + +### Fix + +* [malpedia] remove duplicate urls. [Alexandre Dulaunoy] + +### Other + +* Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy] + +* Update malpedia. [marjatech] + +* Merge pull request #666 from Wachizungu/add-common-raven. [Alexandre Dulaunoy] + + Add threat actor common raven + +* Add threat actor common raven. [Jeroen Pinoy] + +* Merge pull request #665 from thomaspatzke/main. [Alexandre Dulaunoy] + + Added O365 techniques + +* Added O365 techniques. [Thomas Patzke] + + Source: + https://www.inversecos.com/2021/09/office365-attacks-bypassing-mfa.html + +* Merge pull request #664 from nyx0/main. [Alexandre Dulaunoy] + + Adding TA and Tool + +* Add BLUELIGHT tool. [Thomas Dupuy] + +* Add InkySquid synonym. [Thomas Dupuy] + +* Merge pull request #663 from danielplohmann/patch-10. [Alexandre Dulaunoy] + + fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) + +* Fixed typo in actor name (CLOCKWORD -> CLOCKWORK SPIDER) [Daniel Plohmann] + +* Merge pull request #662 from r0ny123/patch-1. [Alexandre Dulaunoy] + + Add origin country to UNC2452 & HAFNIUM + + +## v2.4.147 (2021-07-27) + +### Other + +* Merge pull request #660 from r0ny123/patch-1. [Alexandre Dulaunoy] + + References for APT40, APT31 & HAFNIUM + +* Update threat-actor.json. [Rony] + +* Another fix. [Rony] + +* Fix. [Rony] + +* Multiple updates to apt40, apt31 & hafnium. [Rony] + +* From Gov Canada & MFA Japan. [Rony] + +* Adding references for APT40 & APT31. [Rony] + +* Merge pull request #658 from jasperla/oilrig. [Alexandre Dulaunoy] + + merge APT34 with OilRig + +* Merge APT34 with OilRig. [Jasper Lievisse Adriaanse] + + OilRig already has "APT 34" and "APT34" as synonyms. Additionally + MITRE has since combined them due to overlap in activity: + https://attack.mitre.org/groups/G0049/ + +* Merge pull request #659 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add NOBELIUM and related + +* Merge branch 'main' into master. [Deborah Servili] + +* Add NOBELIUM and related. [Delta-Sierra] + +* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] + +* Remove more duplicates. [Delta-Sierra] + +* Version fix. [Delta-Sierra] + + +## v2.4.145 (2021-06-28) + +### Other + +* Merge pull request #657 from jloehel/add_matanbuchus. [Alexandre Dulaunoy] + + [cluster][tool] Adds Matanbuchus + +* [cluster][tool] Adds Matanbuchus. [Jürgen Löhel] + + + threat actor: BelialDemon + +* Merge pull request #656 from jloehel/add_hackboss. [Alexandre Dulaunoy] + + [cluster][stealer] Adds HackBoss + +* [cluster][stealer] Adds HackBoss. [Jürgen Löhel] + +* Merge pull request #654 from nyx0/main. [Alexandre Dulaunoy] + + Added BackdoorDiplomacy and Gelsemium. + +* Added BackdoorDiplomacy and Gelsemium. [Thomas Dupuy] + + +## v2.4.144 (2021-06-07) + +### Changes + +* [threat-actor] added cybercrime threat group profiles from Crowdstrike & Secureworks. [Rony] + +### Other + +* Merge pull request #653 from r0ny123/cybercrime. [Alexandre Dulaunoy] + + Adding CyberCrime actor profiles from Crowdstrike & Secureworks + +* More ta544 references. [Rony] + +* Merge pull request #652 from danielplohmann/patch-9. [Alexandre Dulaunoy] + + adding Twisted Spider as alias for TA2101 (Maze) + +* Twisted Spider -> TWISTED SPIDER. [Daniel Plohmann] + + fair point + +* Adding Twisted Spider as alias for TA2101 (Maze) [Daniel Plohmann] + +* Merge pull request #650 from Still34/patches/alias-tick-1. [Alexandre Dulaunoy] + + Add alias for Tick + +* Add Nian alias. [Still Hsu] + +* Merge pull request #649 from Still34/patches/country-blacktech-1. [Alexandre Dulaunoy] + + Add country origin for BlackTech + +* Add country origin for BlackTech. [Still Hsu] + +* Merge pull request #648 from danielplohmann/patch-8. [Andras Iklody] + + fixing broken/dead links + +* Fixing broken/dead links. [Daniel Plohmann] + + +## v2.4.143 (2021-05-14) + +### New + +* [ransomware] Ragnarok added. [Alexandre Dulaunoy] + +### Changes + +* [ransomware] COLT (Compromise to Leak Time) added on Darkside and Pysa. [Alexandre Dulaunoy] + + "COLT – Compromise to Leak Time" - new meta colt-median/colt-average. + + For reference: https://vulnerability.ch/2021/05/colt-compromise-to-leak-time/ + +* [att&ck] bump to latest ATT&CK version from MITRE. [Christophe Vandeplas] + +### Fix + +* [ransomware] Related key should be outside metas. [mokaddem] + +### Other + +* Merge pull request #646 from r0ny123/update. [Alexandre Dulaunoy] + + Updates to APT27 & Tick + +* Merge branch 'update' of https://github.com/r0ny123/misp-galaxy into update. [Rony] + +* FlatChestWare duplicate removed. [Rony] + +* FlatChestWare duplicate removed. [Rony] + +* Merged STALKER PANDA to Tick. [Rony] + +* Several updates to apt27. [Rony] + + +## v2.4.142 (2021-04-26) + +### New + +* [att&ck] support for subtechniques. [Christophe Vandeplas] + +* [dev] fix empty strings, lists. [VVX7] + +* [dev] add ASPI's China Defence University Tracker. [VVX7] + + Thanks to Cormac Doherty for writing the web scraper! To update the galaxy run the included gen_defence_university.py script. + + "The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. It was created by ASPI’s International Cyber Policy Centre. + + It includes entries on nearly 100 civilian universities, 50 People’s Liberation Army institutions, China’s nuclear weapons program, three Ministry of State Security institutions, four Ministry of Public Security universities, and 12 state-owned defence industry conglomerates. + + The Tracker is a tool to inform universities, governments and scholars as they engage with the entities from the People’s Republic of China. It aims to build understanding of the expansion of military-civil fusion—the Chinese government’s policy of integrating military and civilian efforts—into the education sector. + + The Tracker should be used to inform due diligence of Chinese institutions. However, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links." - ASPI (https://unitracker.aspi.org.au/about/) + +* Added Bhadra framework for mobile attacks. [iglocska] + + - based on the paper published here: https://arxiv.org/pdf/2005.05110.pdf + - thanks to the ATT&CK EU community conference speakers highlighting this framework! + +* [country] galaxy added. [iglocska] + +* [galaxy] AMITT (Adversarial Misinformation and Influence Tactics and Techniques) framework for describing disinformation incidents. AMITT is part of misinfosec - work on adapting information security practices to help track and counter misinformation - and is designed as far as possible to fit existing infosec practices and tools. [VVX7] + +* Added draft of the election guildelines galaxy. [mokaddem] + +* Add entries from Bambenek Consulting. [Raphaël Vinot] + +### Changes + +* [ransomware] duplicate removed. [Alexandre Dulaunoy] + +* [ransomware] duplicate removed. [Alexandre Dulaunoy] + +* [ransomware] duplicates removed. [Alexandre Dulaunoy] + +* [ransomware] Flyper removed. [Alexandre Dulaunoy] + +* [ransomware] first duplicate removed. [Alexandre Dulaunoy] + +* [ransomware] remove duplicate "File-Locker" [Alexandre Dulaunoy] + +* [malpedia] jq all the file and removed ref duplicates. [Alexandre Dulaunoy] + +* [clusters] fixing broken UUID fix #628. [Alexandre Dulaunoy] + +* [ransomware] fix the broken UUID fix #628. [Alexandre Dulaunoy] + +* [microsoft activity group] HAFNIUM added. [Alexandre Dulaunoy] + +* [tool] SUNSPOT added. [Alexandre Dulaunoy] + +* [rsit] rsit as galaxy name. [Alexandre Dulaunoy] + +* [threat-actor] UNC2452/DarkHalo added - ref. #614. [Alexandre Dulaunoy] + +* [ransomware] Babuk Ransomware added. [Alexandre Dulaunoy] + +* [ransomware] RegretLocker added. [Alexandre Dulaunoy] + +* Fix gh actions. [Raphaël Vinot] + +* Add PR to GH actions. [Raphaël Vinot] + +* [doc] Travis is dead, GH Action is alive. [Alexandre Dulaunoy] + +* [att&ck] update to latest MITRE ATT&CK version. [Christophe Vandeplas] + +* [cryptominer] updated. [Alexandre Dulaunoy] + +* [rename] tea matrix. [Alexandre Dulaunoy] + +* [tea] matrix updated to include brewing time and the milk attack technique. [Alexandre Dulaunoy] + +* [tea] first version. [Alexandre Dulaunoy] + +* [att&ck] no tag for subtechnique. [Christophe Vandeplas] + +* [botnet] Katura mess added. [Alexandre Dulaunoy] + +* [galaxy] fix the name to China Defence Universities Tracker. [Alexandre Dulaunoy] + +* [dev] jq. [VVX7] + +* [dev] gen_defence_university.py no longer outputs empty strings, lists. [VVX7] + +* [threat-actor] remove duplicate references. [Alexandre Dulaunoy] + +* [threat-actor] fix #561 by using new meta to classify as a campaign only. [Alexandre Dulaunoy] + + Based on https://github.com/MISP/misp-galaxy/issues/469 + + There is an old and persistence issue in attribution world and basically no-one really agrees on this. So we decided to start a specific metadata `threat-actor-classification` on the threat-actor to define the various types per cluster entry: + + - _operation_: + - _A military operation is the coordinated military actions of a state, or a non-state actor, in response to a developing situation. These actions are designed as a military plan to resolve the situation in the state or actor's favor. Operations may be of a combat or non-combat nature and may be referred to by a code name for the purpose of national security. Military operations are often known for their more generally accepted common usage names than their actual operational objectives._ from Wikipedia + - **In the context of MISP threat-actor name, it's a single specific operation.** + - _campaign_: + - _The term military campaign applies to large scale, long duration, significant military strategy plans incorporating a series of inter-related military operations or battles forming a distinct part of a larger conflict often called a war. The term derives from the plain of Campania, a place of annual wartime operations by the armies of the Roman Republic._ from Wikipedia + - **In the context of MISP threat-actor-name, it's long-term activity which might be composed of one or more operations.** + - threat-actor + - **In the context of MISP threat-actor-name, it's an agreed name by a set of organisations.** + - activity group + - **In the context of MISP threat-actor-name, it's a group defined by its set of common techniques or activities.** + - unknown + - **In the context of MISP threat-actor-name, it's still not clear if it's an operation, campaign, threat-actor or activity group** + + The meta field is an array to allow specific cluster of threat-actor to show the current disagreement between different organisations about the type (threat actor, activity group, campaign and operation). + +* Bump travis. [Raphaël Vinot] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [preventive-measure] packet filtering added. [Alexandre Dulaunoy] + +* [threat-actor] remove the non-unique elements. [Alexandre Dulaunoy] + +* [ta] fix the JSON. [Alexandre Dulaunoy] + +* [jq] JSON fixed. [Alexandre Dulaunoy] + +* [json] add missing comma. [Alexandre Dulaunoy] + +* [country] jq all. [Alexandre Dulaunoy] + +* [malpedia] fixes. [Alexandre Dulaunoy] + +* [threat-actor] JSON fixed. [Alexandre Dulaunoy] + +* [travis] pip3. [Alexandre Dulaunoy] + +* [ransomware] Nodera ransomware added. [Alexandre Dulaunoy] + +* [threat-actor] typo fixed. [Alexandre Dulaunoy] + +* [threat-actor] format fixed. [Alexandre Dulaunoy] + +* [threat-actor] fix order. [Alexandre Dulaunoy] + +* [threat-actor] Budminer APT added based on document from "Soesanto, Stefan" [Alexandre Dulaunoy] + +* [threat-actor] SideWinder APT group added. [Alexandre Dulaunoy] + +* [threat-actor] jq. [Alexandre Dulaunoy] + +* [dark-pattern] namespace: misp. [Jean-Louis Huynen] + +* [ransomware] jq ;-) [Alexandre Dulaunoy] + +* [clean-up] jq all the things. [Alexandre Dulaunoy] + +* [threat-actor] Lucky Mouse synonym added. [Alexandre Dulaunoy] + +* [threat-actor] Calypso group added. [Alexandre Dulaunoy] + + Ref: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/calypso-apt-2019-rus.pdf + MISP UUID: 5ca4718b-7f38-4822-83b7-0a1a0a00b412 + +* [threat-actor] threat-actor-classification updated. [Alexandre Dulaunoy] + +* [threat-actor] jq is jq. [Alexandre Dulaunoy] + +* [threat-actor] Operation WizardOpium added. [Alexandre Dulaunoy] + + ref: https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/ + +* [attack] update to latest ATT&CK data. [Christophe Vandeplas] + +* [attck4fraud] jq all the things. [Alexandre Dulaunoy] + +* [attck4fraud] updates based on issue #466. [Alexandre Dulaunoy] + +* [galaxy] added AMITT galaxy/cluster generator script. [VVX7] + +* [galaxy] version number to int. [VVX7] + +* [misp-galaxy] jq all the things. [Alexandre Dulaunoy] + +* [tool] COMPfun - Reductor added. [Alexandre Dulaunoy] + +* [threat-actor] new LookBack (Malware?Campaign?TA?) [Alexandre Dulaunoy] + +* [threat-actor] Evil Eye and POISON CARP. [Alexandre Dulaunoy] + +* [threat-actor] add machete-apt synonyms as reported in #445. [Alexandre Dulaunoy] + +* [threat-actor] jq all. [Alexandre Dulaunoy] + +* [threat-actor] LYCEUM added - 443 #fixed. [Alexandre Dulaunoy] + +* [threat-actor] rollback as discussed by chat with Andras until version 2.0. [Alexandre Dulaunoy] + +* [att&ck] July ATT&CK release included in MISP galaxy. [Alexandre Dulaunoy] + +* [threat-actor] version updated. [Alexandre Dulaunoy] + +* [threat-actor] duplicated refs removed. [Alexandre Dulaunoy] + +* [threat-actor] synonyms fixed. [Alexandre Dulaunoy] + +* [threat-actor] jq everything. [Alexandre Dulaunoy] + +* [branded_vulnerability] version updated. [Alexandre Dulaunoy] + +* Add PyMISPGalaxies test. [Raphaël Vinot] + +* [attack-pattern] Sync kill-chain with data from MITRE. [mokaddem] + +* [o365-exchange-techniques] Actions on Intent added (finalized) [Alexandre Dulaunoy] + +* [o365-exchange-techniques] Expansion added (WiP) [Alexandre Dulaunoy] + +* [o365-exchange-techniques] Persistence kill-chain added (WiP) [Alexandre Dulaunoy] + +* [o365-exchange-techniques] Compromise row added (WiP) [Alexandre Dulaunoy] + +* [o365-exchange-techniques] [WiP] based on John Lambert matrix techniques. [Alexandre Dulaunoy] + +* [malpedia] duplicates fixed. [Alexandre Dulaunoy] + +* [malpedia] jq all the things. [Alexandre Dulaunoy] + +* [malpedia] updated to the latest version. [Rintaro KOIKE] + +* [threat-actor] FIN4 updates. [Alexandre Dulaunoy] + +* [ATT&CK] updated to the latest version. [Alexandre Dulaunoy] + +* [exploit-kit] jq all the things. [Alexandre Dulaunoy] + +* [tool] Cowboy and KimJongRAT (Sorry Paul, we forgot ;-) [Alexandre Dulaunoy] + + ref: https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/ + +* [tool] jq all the things. [Alexandre Dulaunoy] + +* [tool] Karkoff tool added. [Alexandre Dulaunoy] + +* [ransomware] various fixes. [Alexandre Dulaunoy] + +* [ransomware] jq all the things(tm) [Alexandre Dulaunoy] + +* [ransomware] fix the meta to payment-method. [Alexandre Dulaunoy] + +* [mitre att&ck] updated with new version. [Alexandre Dulaunoy] + +* [threat-actor] change attribution confidence to be a string by default. [Alexandre Dulaunoy] + +* [tools] fix the attribution confidence level. [Alexandre Dulaunoy] + +* [attck4fraud] updated. [Alexandre Dulaunoy] + +* [attck4fraud] completed. [Alexandre Dulaunoy] + +* [attck4fraud] Assets Transfer added. [Alexandre Dulaunoy] + +* [attck4fraud] Obtain Fraudulent Assets added. [Alexandre Dulaunoy] + +* [attck4fraud] Perform fraud added. [Alexandre Dulaunoy] + +* [attck4fraud] Target compromise updated. [Alexandre Dulaunoy] + +* [attck4fraud] more techniques. [Alexandre Dulaunoy] + +* [threat-actor] BRONZE UNION is also uppercase. [Alexandre Dulaunoy] + +* [threat-actor] updated the version to avoid the past issue with 0 value for integer values. [Alexandre Dulaunoy] + +* [sector] typo fixed - reported in #364. [Alexandre Dulaunoy] + +* [attck4fraud] fix the type issue. [Alexandre Dulaunoy] + +* [attck4fraud] uuid fixed. [Alexandre Dulaunoy] + +* [attck4fraud] ATM Shimming added. [Alexandre Dulaunoy] + +* [attck4fraud] description fixed for FT1003. [Alexandre Dulaunoy] + +* [threat-actor] SandCat added. [Alexandre Dulaunoy] + +* [threat-actor] new attribution-confidence level introduced. [Alexandre Dulaunoy] + +* [threat-actor] jq all the things. [Alexandre Dulaunoy] + +* [threat-actor] IRIDIUM added. [Alexandre Dulaunoy] + +* [tools] jq all the things. [Alexandre Dulaunoy] + +* [tool] SLUB Backdoor added. [Alexandre Dulaunoy] + +* [tool] Xbash description updated. [Alexandre Dulaunoy] + +* [threat-actor] format fixed. [Alexandre Dulaunoy] + +* [threat-actor] jq all the things late in the night. [Alexandre Dulaunoy] + +* [threat-actor] uuid fixed. [Alexandre Dulaunoy] + +* [tool] BabyShark added. [Alexandre Dulaunoy] + +* [threat-actor] STOLEN PENCIL added. [Alexandre Dulaunoy] + +* [cert-eu-govsector] version fixed. [Alexandre Dulaunoy] + +* [threat-actor] version fixed. [Alexandre Dulaunoy] + +* [ransomware] no related object in meta. [Alexandre Dulaunoy] + +* [mitre-attack-pattern] jq. [Alexandre Dulaunoy] + +* [mitre-attack-pattern] bumped version number. [mokaddem] + +* [mitre-attack-pattern] Added kill_chain_order. [mokaddem] + +* [election-guidelines] sorting is important ;-) [Alexandre Dulaunoy] + +* [schema] optional kill_chain_order field added. [Alexandre Dulaunoy] + +* [election-guidelines] jq. [Alexandre Dulaunoy] + +* [mitre] Deprecated pre/enterprise/mobile separate galaxies. [Christophe Vandeplas] + +* [tool] jq jq jq jq jq jq jq jq. [Alexandre Dulaunoy] + +* [doc] new year copyright fun. [Alexandre Dulaunoy] + +* [mitre] bump to latest MITRE ATT&CK dataset. [Christophe Vandeplas] + +* [mitre] re-generated galaxies and values using the MITRE sources. [Christophe Vandeplas] + + and also using the MISP version to keep manually created relationships and such + +* [malpedia] updated to the latest version. [Alexandre Dulaunoy] + +* [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy] + + To remove ambiguity of licensing and allowing users to select + the license they would like to use CC0 or 2-clause BSD. + + Related to: https://github.com/MISP/misp-taxonomies/issues/126 + +* [doc] move how to contribute to the CONTRIBUTE file. [Alexandre Dulaunoy] + +* [doc] Added some dependency pointers. [Steve Clement] + +* Uuid fixed. [Alexandre Dulaunoy] + +* [threat-actor] INDRIK SPIDER added. [Alexandre Dulaunoy] + +* [ransomware] duplicate removed. [Alexandre Dulaunoy] + +* Further categorization of galaxies. [Christophe Vandeplas] + +* Categorization of galaxies. [Christophe Vandeplas] + + This allows relationships to be created. + +* Removal of older unused relationships. [Christophe Vandeplas] + +* MITRE relationships included in the respective cluster. [Christophe Vandeplas] + +* Mappings are now in the generated adoc. [Christophe Vandeplas] + + plus massive performance improvement + +* Magical mapping with malpedia. [Christophe Vandeplas] + +* [malpedia] duplicate urls removed. [Alexandre Dulaunoy] + +* [tool] NOKKI added. [Alexandre Dulaunoy] + + ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-new-konni-malware-attacking-eurasia-southeast-asia/ + +* [botnet] Torii added. [Alexandre Dulaunoy] + +* [threat-actor] Iron Group added. [Alexandre Dulaunoy] + + ref: https://www.intezer.com/iron-cybercrime-group-under-the-scope-2/ + +* [tool] Xbash added. [Alexandre Dulaunoy] + + ref: https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/ + +* [tool] biscuit biscvt tool BISKVIT. [Alexandre Dulaunoy] + + ref: https://www.fortinet.com/blog/threat-research/russian-army-exhibition-decoy-leads-to-new-biskvit-malware.html + +* [threat-actor] APT-C-35 actor added. [Alexandre Dulaunoy] + + ref: https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/ + +* [mapping] Generated automatic mapping between clusters. [Christophe Vandeplas] + +* [tool] KEYMARBLE malware added. [Alexandre Dulaunoy] + + ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A + +* [threat-actor] jq document. [Alexandre Dulaunoy] + +* [schema clusters] fix the JSON indentation. [Alexandre Dulaunoy] + +* [threat-actor] The Gordon Group added. [Alexandre Dulaunoy] + + ref: https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/ + +* [rat] Hallaj PRO Rat added. [Alexandre Dulaunoy] + + ref: https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/ + misp-event: 5b63f5e4-bf24-4f46-8340-48fc02de0b81 + +* [threat-actor] leafminer - RASPITE added. [Alexandre Dulaunoy] + +* [tool] added based on Carbanak tooling description from Crowdstrike. [Alexandre Dulaunoy] + + ref: https://www.crowdstrike.com/blog/arrests-put-new-focus-on-carbon-spider-adversary-group/ + +* [threat-actor] new reference to CARBON SPIDER/Carbanak. [Alexandre Dulaunoy] + +* [tool] Bisonal malware added (new variant with encryption capabilities) [Alexandre Dulaunoy] + +* [threat-actor] The Big Bang campaign/group added. [Alexandre Dulaunoy] + +* [botnet] Xor DDoS added. [Alexandre Dulaunoy] + +* RANCOR group added. [Alexandre Dulaunoy] + +* Stalker Panda description added. [Alexandre Dulaunoy] + +* Old MITRE ATT&CK (2017) is moving to deprecated namespace. [Alexandre Dulaunoy] + +* Namespace mitre-attack added for version 2 of the MITRE ATT&CK after 2018. [Alexandre Dulaunoy] + +* [misp-galaxy] namespace misp added. [Alexandre Dulaunoy] + +### Fix + +* Cryptominers type. [Jakub Onderka] + +* Rename "Innitial Access" to "Initial Access" [Thijsvanede] + + Renamed mitre-ics-tactics "Innitial Access" to "Initial Access". + Original was a minor spelling mistake. + The fixed naming corresponds to the original ATT&CK framework description https://collaborate.mitre.org/attackics/index.php/Initial_Access + +* Reorganize GH actions. [Raphaël Vinot] + +* Sort keys, fix tests. [Raphaël Vinot] + +* Remove comma. [Thomas Dupuy] + +* Name of SoD Matrix cluster to match galaxy. [Raphaël Vinot] + + Fix #566 + +* Small fixes to the bhadra framework. [iglocska] + +* JQ all the things. [Raphaël Vinot] + +* [attack] fixes old MITRE relationships not being removed. [Christophe Vandeplas] + +* [adoc] ignore deprecated galaxies. [Christophe Vandeplas] + +* [region] inconsistent type. [Christophe Vandeplas] + +* [misinfosec] fixes inconsistent filename. [Christophe Vandeplas] + +* [misinfosec] fixed kill_chain fields. [mokaddem] + +* Make tests happy. [Raphaël Vinot] + +* O365-exchange-techniques (duplicate values, duplicate UUIDs) [Raphaël Vinot] + +* UUID issues. [Raphaël Vinot] + +* Duplicate values, typos. [Raphaël Vinot] + +* Make validate all happy. [Raphaël Vinot] + +* Wrong (duplicate) value. [Raphaël Vinot] + +* [tool] MITRE conversion script. [Christophe Vandeplas] + +* [ransomware] more duplicates removed. [Alexandre Dulaunoy] + +* [ransomware] removed duplicate values. [Alexandre Dulaunoy] + +* [ransomware] duplicate removed. [Alexandre Dulaunoy] + +* [graph.py] small fix to make it work. [Alexandre Dulaunoy] + +* [malpedia] version. [Alexandre Dulaunoy] + +* [malpedia] broken reference has been fixed. [Alexandre Dulaunoy] + +* Add missing relations from commit 78c1f073590c4ae1822c8508f62934ffb215fab2. [Christophe Vandeplas] + +* Add missing relations from commit b857be9cabb02fb24aa5ef7db8e0c209a630189b. [Christophe Vandeplas] + +* Add missing relations from commit a81bbe288f91298fad0028e0f3c940c41c8d27fa. [Christophe Vandeplas] + +* Add missing relations from commit 29beb01dc3ed0067db6ccc33f41456147d38d2d7. [Christophe Vandeplas] + +* Intrusion is an actor and not a tool. [Christophe Vandeplas] + +* Jq all the things. [Christophe Vandeplas] + +* Minor newline difference after jq_all_the. [Christophe Vandeplas] + +* Automatically fix missing uuids. [Christophe Vandeplas] + +* Array in synonyms (MISP accepts it but not the schema ;-) [Alexandre Dulaunoy] + +* [threat-actor] added missing uuids. [Christophe Vandeplas] + +* [threat-actor] related is an array of JSON objects. [Alexandre Dulaunoy] + +* [JSON schema] related element is an array of JSON objects. [Alexandre Dulaunoy] + +* Jq all the things(tm) [Alexandre Dulaunoy] + +* [threat-actor] synonyms are always arraus. [Alexandre Dulaunoy] + +* Cleanup the link generation based on type instead of title (Thanks to Juan Rocha for the report) [Alexandre Dulaunoy] + +* Duplicate ELECTRUM entry. [Raphaël Vinot] + + Fix #212 + +* Duplicate UUID in tools. [Raphaël Vinot] + +* JSON format. [Alexandre Dulaunoy] + +* PureMasuta added to Masuta. [Alexandre Dulaunoy] + +* Typo in meta field. [Alexandre Dulaunoy] + +* Updated description to clearly states that only branded vulnerabilities. [Alexandre Dulaunoy] + +* Dedication page (CEF) and update overall structure of the document generated. [Alexandre Dulaunoy] + +* BARIUM and LEAD added. [Alexandre Dulaunoy] + +* Preventive measures added. [Alexandre Dulaunoy] + +* Naming normalisation. [Iglocska] + +### Other + +* Merge pull request #647 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Remove duplicate + +* Fix duplicates and add relations. [Delta-Sierra] + +* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] + +* Merge pull request #645 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Adding ransomware names [WIP 2/3] + +* Merge pull request #644 from danielplohmann/patch-7. [Alexandre Dulaunoy] + + adding Yanbian Gang as threat actor + +* Adding Yanbian Gang as threat actor. [Daniel Plohmann] + +* Merge pull request #643 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Adding ransomware names[WIP] + +* Removing duplicate. [Delta-Sierra] + +* Removing unexpected line. [Delta-Sierra] + +* Adding ransomware names [WIP 3] [Delta-Sierra] + +* Adding ransomware names [WIP 2] [Delta-Sierra] + +* Fix version. [Delta-Sierra] + +* Adding ransomwares WIP. [Delta-Sierra] + +* Merge pull request #642 from danielplohmann/patch-6. [Alexandre Dulaunoy] + + Symantec uses Palmerworm as alias for BlackTech + +* Symantec uses Palmerworm as alias for BlackTech. [Daniel Plohmann] + + Adding Palmerworm as Symantec alias for BlackTech (with reference). + +* Merge pull request #641 from nyx0/main. [Alexandre Dulaunoy] + + Add Ghostwriter. + +* Add Ghostwriter. [Thomas Dupuy] + +* Merge pull request #639 from r0ny123/patch-1. [Alexandre Dulaunoy] + + remove turbine panda synonyms from hafnium + +* Reverted changes made into 52ae97718d520ad800cc2fa8631e44cfbf44dab5. [Rony] + +* Merge pull request #638 from sebdraven/main. [Alexandre Dulaunoy] + + add Turbinia Panda to Haffnium + +* Validation jsons. [sebdraven] + +* Update threat-actor.json. [Sebdraven] + + add a synonym to Haffnium + +* Merge pull request #637 from sebdraven/main. [Alexandre Dulaunoy] + + Add RedEcho Threat Actor + +* Validation ok. [sebdraven] + +* Update threat-actor.json. [Sebdraven] + + format json + +* Update threat-actor.json. [Sebdraven] + + add redecho threat actor + +* Merge pull request #2 from MISP/main. [sebdraven] + + Sync Forks + +* Merge pull request #636 from JakubOnderka/cryptominers-type. [Alexandre Dulaunoy] + + fix: Cryptominers type + +* Merge branch 'marjatech-main' into main. [Alexandre Dulaunoy] + +* Update to latest Ref: https://malpedia.caad.fkie.fraunhofer.de/api/get/misp. [Jakob M] + +* Merge pull request #634 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Serveral updates and additions + +* Fix progress. [Delta-Sierra] + +* Fix merge & jq. [Delta-Sierra] + +* Merge. [Delta-Sierra] + +* Merge pull request #633 from r0ny123/patch-1. [Alexandre Dulaunoy] + + add more HAFNIUM references + +* From Nextron. [Rony] + +* More! [Rony] + +* More references. [Rony] + + From + Crowdstrike + MSRC + and kql hunting query from James Quinn + +* Add HAFNIUM detection refs. [Rony] + +* Fix. [Rony] + +* Add more HAFNIUM references. [Rony] + +* Merge pull request #632 from r0ny123/patch-1. [Alexandre Dulaunoy] + + Adding alias NOBELIUM + +* Adding alias NOBELIUM. [Rony] + +* Merge pull request #631 from r0ny123/Enhancement. [Alexandre Dulaunoy] + + Add HAFNIUM + +* Added HAFNIUM. [Rony] + + Updates: + Tonto Team + UNC2452 + +* Add relationships between Maze, Rgnar, Egregor and Sekhmet. [Delta-Sierra] + +* Add Sekhmet ransomware. [Delta-Sierra] + +* Add TeamTNT ref. [Delta-Sierra] + +* Add Ragnar Locker and update accordingly. [Delta-Sierra] + +* Add Covidloc and tycoon ransomware + small updates on some ransomwares. [Delta-Sierra] + +* Add TeamTNT. [Delta-Sierra] + +* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] + +* Fix merge. [Delta-Sierra] + +* Update sidewinder threat actor. [Delta-Sierra] + +* Merge pull request #1 from MISP/main. [sebdraven] + + merge + +* Merge pull request #630 from sebdraven/main. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Sebdraven] + + update Sidewinder card + +* Merge pull request #629 from nyx0/main. [Alexandre Dulaunoy] + + Update Infy TA. + +* Update Infy TA. [Thomas Dupuy] + +* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy] + +* Merge pull request #627 from r0ny123/patch-2. [Alexandre Dulaunoy] + + removing DePrimon + +* Removing DePrimon. [Rony] + + DePrimon is not a TA, added malfamily (waiting for approval) to Malpedia to better reflect that. + +* Merge pull request #626 from nyx0/main. [Alexandre Dulaunoy] + + Add RDAT backdoor + +* Add RDAT backdoor. [Thomas Dupuy] + +* Merge pull request #625 from Thijsvanede/patch-1. [Alexandre Dulaunoy] + +* Merge pull request #624 from nyx0/main. [Alexandre Dulaunoy] + + Add Exaramel and P.A.S. webshell tool. + +* Remove empty values. [Thomas Dupuy] + +* Add Exaramel and P.A.S. webshell tool. [Thomas Dupuy] + +* Merge pull request #623 from nyx0/main. [Alexandre Dulaunoy] + + Add Caterpillar WebShell. + +* Add Caterpillar WebShell. [Thomas Dupuy] + +* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy] + +* Merge pull request #622 from danielplohmann/patch-5. [Alexandre Dulaunoy] + + adding ClearSky alias for Volatile Cedar + +* Adding ClearSky alias for Volatile Cedar. [Daniel Plohmann] + + adding ClearSky report as source and alias to the VolatileCedar entry. As proof from the report: "We attributed the operation to Lebanese Cedar (also known as Volatile Cedar), mainly based on the code overlaps between the 2015 variants of Explosive RAT and Caterpillar WebShell, to the 2020 variants of these malicious files." + +* Merge pull request #621 from cudeso/main. [Alexandre Dulaunoy] + + RSIT Galaxy/Cluster + +* Move cfr-type-of-incident to meta. [Koen Van Impe] + +* RSIT Galaxy/Cluster. [Koen Van Impe] + +* Merge pull request #620 from StefanKelm/main. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Lazarus + +* Merge pull request #619 from nyx0/main. [Alexandre Dulaunoy] + + Update tool cluster + +* Add HyperBro in tools. [Thomas Dupuy] + +* Update ZxShell tool. [Thomas Dupuy] + +* Merge pull request #618 from StefanKelm/main. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Lazarus + +* Merge pull request #617 from danielplohmann/patch-4. [Alexandre Dulaunoy] + + merge COVELLITE into Lazarus Group + +* Merge COVELLITE into Lazarus Group. [Daniel Plohmann] + + I would propose to move COVELLITE as tracked by Dragos as an alias into Lazarus Group and merge the references. + Dragos' own description states that it refers to the same group as "Lazarus" and "Hidden Cobra" in that infrastructure and tools are the same: https://www.dragos.com/threat-activity-groups/ - the entry in MISP's threat actor library also reflects that. + +* Merge pull request #616 from r0ny123/patch-2. [Alexandre Dulaunoy] + + removing Starcruft + +* Update threat-actor.json. [Rony] + + Don't know how StarCraft + +* Merge pull request #615 from danielplohmann/patch-3. [Alexandre Dulaunoy] + + merging ScarCruft->APT37 + +* Merging ScarCruft->APT37. [Daniel Plohmann] + + I would like to propose merging entry "ScarCruft" into "APT37". It really just seems like a redundancy, as both its aliases "Operation Daybreak" and "Operation Erebus" are already present for "APT37", along alias "StarCruft", which just seems to be a less popular variation of the name ("StarCruft" 3.2k google hits vs "ScarCruft" 31.5k google hits). The references of the entry can be fully merged as well - they do not overlap so far. + +* Merge pull request #612 from r0ny123/patch-1. [Alexandre Dulaunoy] + + BISMUTH + +* Update threat-actor.json. [Rony] + +* BISMUTH. [Rony] + +* Merge pull request #609 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + DeathStalker, Mabna + +* Merge pull request #610 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add new clusters + +* Add BazarBackdoor. [Delta-Sierra] + +* Add RansomEXX. [Delta-Sierra] + +* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] + +* Merge pull request #608 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Turla + +* Merge pull request #607 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + OceanLotus + +* Merge branch 'main' of github.com:MISP/misp-galaxy into main. [Alexandre Dulaunoy] + +* Merge pull request #606 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + APT27 + +* Merge https://github.com/MISP/misp-galaxy. [Delta-Sierra] + +* Merge pull request #604 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + +* Merge pull request #603 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Lazarus + +* Add Darkside ransomware. [Delta-Sierra] + +* Merge pull request #602 from snurilov/patch-1. [Alexandre Dulaunoy] + + Add ConfuserEx and Beds Protector .NET packers to tools.json cluster + +* Add ConfuserEx and Beds Protector .NET packers to tools.json cluster. [snurilov] + + Add ConfuserEx and Beds Protector .NET packers to tools.json cluster + +* Merge pull request #601 from snurilov/patch-1. [Alexandre Dulaunoy] + + Update rat.json to include Iperius Remote + +* Update rat.json to include Iperius Remote. [snurilov] + + Add Iperius Remote to the rat.json cluster. + +* Merge pull request #600 from StefanKelm/master. [Christophe Vandeplas] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + OceanLotus + +* Merge pull request #598 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Kimsuky + +* Merge pull request #596 from r0ny123/patch-1. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Remove duplicate! [Rony] + +* Update threat-actor.json. [Rony] + + Added TRACER KITTEN, FIN11, UNC1878, Operation Skeleton Key + +* Merge pull request #594 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update microsoft activity groups + +* Merge branch 'main' into master. [Deborah Servili] + +* Merge branch 'enhanced-master' into main. [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/enhanced/misp-galaxy into enhanced-master. [Alexandre Dulaunoy] + +* Added a new cryptominer galaxy and additional missing recent families to various clusters. [JJ Cummings] + +* Merge pull request #591 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Kimsuky + +* Merge pull request #588 from danielplohmann/patch-2. [Alexandre Dulaunoy] + + adding PowerPool alias IAmTheKing (Kaspersky) + +* Adding PowerPool alias IAmTheKing (Kaspersky) [Daniel Plohmann] + + after a quick search I haven't found a nice source except for costin's tweet. + +* Merge pull request #587 from StefanKelm/master. [Christophe Vandeplas] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + TA505 + +* Update threat-actor.json. [StefanKelm] + + XDSpy + +* Clarify error messages in validate_all.sh. [Christophe Vandeplas] + +* Fixes issues in attack-ics. [Christophe Vandeplas] + +* Added MITRE ICS to readme. [Christophe Vandeplas] + +* MITRE ATT&CK for ICS fixes #586. [Christophe Vandeplas] + + fixed issues in pull request #586 + +* Merge pull request #586 from tw010101/main. [Christophe Vandeplas] + + Mitre ATT&CK for ICS Galaxies/Clusters + +* Revert "Merge pull request #586 from tw010101/main" [Christophe Vandeplas] + + This reverts commit a416987d4052221eb80a92169616a5af86f54bd8. + +* Merge pull request #586 from tw010101/main. [Christophe Vandeplas] + + Mitre ATT&CK for ICS Galaxies/Clusters + +* Add files via upload. [tw010101] + +* Add files via upload. [tw010101] + + Mitre ATT&CK for ICS + Galaxy + Cluster files Mitre ATT&CK for ICS - Assets + Galaxy + Cluster files Mitre ATT&CK for ICS - Groups + Galaxy and Cluster files Mitre ATT&CK for ICS - Levels + Galaxy + Cluster files for Mitre ATT&CK for ICS - Software + Galaxy + Cluster files for Mitre ATT&CK for ICS - Tactics + Galaxy + Cluster files for Mitre ATT&CK for ICS - Techniques + Galaxy + Cluster files for Mitre ATT&CK for ICS - Technique Matrix + +* Merge pull request #585 from StefanKelm/master. [Alexandre Dulaunoy] + + Lazarus + +* Lazarus. [StefanKelm] + +* Merge pull request #584 from bartblaze/patch-1. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Bart] + + Add Machete alias + +* Merge pull request #583 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + GADOLINIUM + +* Merge pull request #582 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + APT28 + +* Jq. [Delta-Sierra] + +* Update microsoft activity groups. [Delta-Sierra] + +* Add Sepulcher RAT. [Deborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #581 from r0ny123/patch-3. [Alexandre Dulaunoy] + + FBI FLASH AC-000133-TT + +* FBI FLASH AC-000133-TT. [Rony] + +* Merge pull request #580 from r0ny123/patch-2. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + + Adding Fox-Kitten and cleaned (or improved) winnti + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #579 from danielplohmann/ta413-evilnum. [Alexandre Dulaunoy] + + Adding TA413 and Evilnum + +* Adding TA413 and Evilnum. [Daniel Plohmann (jupiter)] + +* Merge pull request #578 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + APT33 + +* Merge pull request #577 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + STRONTIUM + +* Merge pull request #576 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Lazarus, FIN7 + +* Merge pull request #575 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + TA542 + +* Merge pull request #574 from VVX7/main. [Alexandre Dulaunoy] + + new: [dev] add ASPI's China Defence University Tracker. + +* Merge pull request #573 from rmkml/master. [Alexandre Dulaunoy] + + add Conti Ransomware + +* Add Conti Ransomware. [rmkml] + +* Merge pull request #572 from nyx0/main. [Alexandre Dulaunoy] + + Few updates + +* Update Tonto Team/CactusPete threat actor. [Thomas Dupuy] + +* Add Drovorub tool. [Thomas Dupuy] + +* Update TA APT40. [Thomas Dupuy] + +* Merge pull request #571 from danielplohmann/patch-30. [Alexandre Dulaunoy] + + adding Kaspersky's name for Microcin. + +* Update threat-actor.json. [Daniel Plohmann] + + adding Kaspersky's name for Microcin. + +* Merge pull request #570 from nyx0/master. [Alexandre Dulaunoy] + + Add WellMess and WellMail + +* Add WellMess and WellMail. [Thomas Dupuy] + +* Merge pull request #569 from rmkml/master. [Alexandre Dulaunoy] + + add Ragnarok Ransomware + +* Merge branch 'master' of https://github.com/rmkml/misp-galaxy. [rmkml] + +* Add Ragnarok Ransomware. [rmkml] + +* Add Ragnarok Ransomware. [rmkml] + +* Merge pull request #568 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy] + + Motive correction based on the EU Cert motive taxonomy + +* Motive correction based on the EU Cert motive taxonomy. [Vasileios Mavroeidis] + + Changed the motive in object 29af2812-f7fb-4edb-8cc4-86d0d9e3644b from Hactivism-Nationalist to Hacktivists-Nationalists + +* Merge branch 'StefanKelm-master' into main. [Alexandre Dulaunoy] + +* Update threat-actor.json. [StefanKelm] + + OilRig + +* Merge pull request #563 from r0ny123/patch-1. [Steve Clement] + +* Update threat-actor.json. [Rony] + + Moved the JUDGMENT PANDA references to APT31 following the previous commit. + Off note, Crowdstrike quietly removed the JUDGMENT PANDA section from its GTR-2019 report. However if anyone wants to grab the unchanged report, they can get it [here](https://b-ok.asia/book/3697424/2ab30a). + +* Update threat-actor.json. [Rony] + +* Merge pull request #564 from StefanKelm/master. [Christophe Vandeplas] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Turla + +* Merge pull request #562 from cudeso/main. [Alexandre Dulaunoy] + + SoD Matrix + +* SoD Matrix. [Koen Van Impe] + + Described at https://github.com/cudeso/SoD-Matrix + +* Add refs. [Deborah Servili] + +* Merge. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #559 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + APT31 + +* Merge pull request #558 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + APT30 + +* Merge pull request #556 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + TA505 + +* Merge pull request #557 from r0ny123/patch-1. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Merge branch 'r0ny123-master' [Alexandre Dulaunoy] + +* Fixed typo! [Rony] + +* Adding GALLIUM Threat Actor. [Rony] + +* Merge pull request #1 from MISP/master. [Rony] + + update + +* Merge pull request #554 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Higaisa + +* Commit. [Deborah Servili] + +* Merge pull request #553 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Cycldek + +* Merge pull request #552 from danielplohmann/reference-fixes. [Alexandre Dulaunoy] + + Reference fixes + +* Fixing deadlinks where possible. [Daniel Plohmann (jupiter)] + +* Default to HTTPS to be consistent with other links to same page. [Daniel Plohmann (jupiter)] + +* Merge pull request #551 from nyx0/master. [Alexandre Dulaunoy] + + Add CrackMapExec, metasploit, Cobalt Strike and Covenant + +* Remove duplicate TA (Chafer), fix symantec link, add synonyme for DarkHotel. [Thomas Dupuy] + +* Add CrackMapExec, metasploit, Cobalt Strike and Covenant. [Thomas Dupuy] + +* Merge pull request #550 from r0ny123/patch-1. [Alexandre Dulaunoy] + + fix + +* Update threat-actor.json. [Rony] + +* Fix. [Rony] + +* Merge branch '3c7-secureworks_profiles' [Alexandre Dulaunoy] + +* Merged (most) SecureWorks threat actor profiles && jq. [Nils Kuhnert] + +* Merge pull request #547 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Snake Ransomware + +* Fix missing description. [Deborah Servili] + +* Add Snake Ransomware. [Deborah Servili] + +* Merge pull request #546 from danielplohmann/patch-29. [Alexandre Dulaunoy] + + msft name: BORON for APT3 + +* Msft name: BORON for APT3. [Daniel Plohmann] + + as per tweet: https://twitter.com/bkMSFT/status/1259578051962306562 + +* Merge branch 'nyx0-master' [Alexandre Dulaunoy] + +* Add Sednit's Exploit-kit Sedkit. [Thomas Dupuy] + +* Add Higaisa Threat Actor. [Thomas Dupuy] + +* Merge pull request #542 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add speculoos bakdoor + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #541 from nyx0/master. [Alexandre Dulaunoy] + + Add DenesRAT/METALJACK + +* Add DenesRAT/METALJACK. [Thomas Dupuy] + +* Merge branch 'intezer-fix/reports' [Alexandre Dulaunoy] + +* Added misp info. [de Rosen] + +* Merge pull request #539 from r0ny123/MergingTA. [Alexandre Dulaunoy] + + Adding alias Thallium and merging STOLEN PENCIL + +* Adding alias Thallium and merging STOLEN PENCIL. [Rony] + + Pretty much confirmed from the crowdstrike talk at ATT&CKon 2.0. + And also Netscout named the campaign as STOLEN PENCIL. + +* Merge branch 'rvs1st-patch-1' [Alexandre Dulaunoy] + +* Update threat-actor.json. [rvs1st] + + Added on line 1403: Trident per campaign malicious RTF documents to exploit CVE-2017-11882 and CVE-2012-0158 + +* Merge pull request #537 from danielplohmann/patch-28. [Alexandre Dulaunoy] + + Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. + +* Adding Nazar APT as described by JAGS in his OPCDE talk yesterday. [Daniel Plohmann] + +* Merge pull request #536 from danielplohmann/patch-27. [Alexandre Dulaunoy] + + adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source referen… + +* Adding VOYEUR as alias (used by NSA) for MAGIC KITTEN (source reference included) [Daniel Plohmann] + +* Merge pull request #535 from ITAYC0HEN/feature/AddDarkUniverseActor. [Alexandre Dulaunoy] + + Add ItaDuke/DarkUniverse actor + +* Add ItaDuke/DarkUniverse actor. [itayc0hen] + +* Add speculoos bakdoor. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #534 from danielplohmann/fin1. [Alexandre Dulaunoy] + + adding FIN1 + +* Adding FIN1. [pnx@pyrite] + +* Merge pull request #533 from r0ny123/MergingTA. [Alexandre Dulaunoy] + + fix + +* Typo. [Rony] + + thanks to @patricksvgr + +* Update threat-actor.json. [Rony] + +* More fix. [Rony] + +* Fix broken links. [Rony] + +* Dead link. [Rony] + +* Add link. [Rony] + +* Merging APT23 & Tropic Trooper. [Rony] + +* Merge pull request #531 from r0ny123/patch-3. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #529 from danielplohmann/patch-26. [Alexandre Dulaunoy] + + fixing/removing some more dead links + +* Removed duplicate entry. [Daniel Plohmann] + +* Fixing/removing some more dead links. [Daniel Plohmann] + +* Merge pull request #528 from Delta-Sierra/master. [Alexandre Dulaunoy] + + UPdate Ransomware Galaxy + +* Add Operation Shadow Forece. [Deborah Servili] + +* Add coronavirus ransomware. [Deborah Servili] + +* Add Pyta ransomnotes. [Deborah Servili] + +* Add pyza ransomware. [Deborah Servili] + +* Merge pull request #526 from Delta-Sierra/master. [Alexandre Dulaunoy] + + PARINACOTA group + +* PARINACOTA group. [Deborah Servili] + +* Merge pull request #523 from danielplohmann/patch-24. [Alexandre Dulaunoy] + + adding aliases MERCURY, HOLMIUM + +* Adding aliases MERCURY, HOLMIUM. [Daniel Plohmann] + + Muddywater->MERCURY: https://twitter.com/moranned/status/1234071210822184960 + APT33->HOLMIUM: https://www.zdnet.com/article/microsoft-notified-10000-victims-of-nation-state-attacks/ + +* Merge pull request #524 from danielplohmann/patch-25. [Alexandre Dulaunoy] + + Kimsuki -> Black Banshee + +* Kimsuki -> Black Banshee. [Daniel Plohmann] + + PWC refers to Kimsuki as Black Banshee (https://www.pwc.co.uk/issues/cyber-security-data-privacy/research/tracking-kimsuky-north-korea-based-cyber-espionage-group-part-2.html) + +* Merge pull request #522 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add sdbbot + +* Add SdBbot. [Deborah Servili] + +* Add clop ransomware extension. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #519 from danielplohmann/crowdstrike2020report. [Alexandre Dulaunoy] + + adding new/updated threat actor names from CrowdStrike 2020 report + +* While we are at it, we can also do Longhorn = APT-C-39. [Daniel Plohmann (jupiter)] + +* IMPERIAL KITTEN as alias for Tortoiseshell. [Daniel Plohmann (jupiter)] + +* Adding new/updated threat actor names from CrowdStrike 2020 report. [pnx@pyrite] + +* Merge branch 'cocaman-patch-1' [Alexandre Dulaunoy] + +* Fixing a comma error. [Corsin Camichel] + +* Adding Raccoon (win.raccoon) [Corsin Camichel] + +* Merge pull request #518 from danielplohmann/patch-21. [Alexandre Dulaunoy] + + Accenture calls APT32 - "POND LOACH" + +* Accenture calls APT32 - "POND LOACH" [Daniel Plohmann] + +* Merge branch 'nyx0-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/nyx0/misp-galaxy into nyx0-master. [Alexandre Dulaunoy] + +* Add InvisiMole cluster. [Thomas Dupuy] + +* Merge pull request #517 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update ransomware galaxy + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #516 from rmkml/master. [Alexandre Dulaunoy] + + add MedusaLocker ransomware + +* Add MedusaLocker ransomware. [rmkml] + +* Add extension to clop ransomware. [Deborah Servili] + +* Add razor ransomware. [Deborah Servili] + +* Merge pull request #513 from danielplohmann/patch-20. [Alexandre Dulaunoy] + + adding APT-C-12 + +* Adding APT-C-12. [Daniel Plohmann] + +* Merge pull request #512 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add several tools + +* Add tools used by TA505 + others. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Add warzone RAT. [Deborah Servili] + +* Merge pull request #510 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ransomwares + +* Add ransomwares. [Deborah Servili] + +* Merge pull request #509 from r0ny123/patch-3. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + + those are the name of aliases of the same malware family sykipot. so removing it. + +* Merge pull request #508 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Operation Wocao + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #507 from nyx0/master. [Alexandre Dulaunoy] + + Add Attor and DePriMon + +* Add Attor and DePriMon. [Thomas Dupuy] + +* Merge pull request #506 from danielplohmann/patch-19. [Alexandre Dulaunoy] + + removing and fixing deadlinks in the best possible way + +* Removing and fixing deadlinks in the best possible way. [Daniel Plohmann] + + Hi! While migrating Malpedia to our new reference data format, we noticed a few potentially dead/moved references in your cluster. This pull request should fix most of them, for some I was not able to find an appropriate replacement. + +* Merge pull request #505 from danielplohmann/patch-18. [Alexandre Dulaunoy] + + adding references and TEMP.MixMaster as alias for WIZARD SPIDER + +* Adding references and TEMP.MixMaster as alias for WIZARD SPIDER. [Daniel Plohmann] + + with kudos to @tbarabosch + +* Merge pull request #504 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update target location galaxy + +* Merge pull request #503 from StefanKelm/master. [Alexandre Dulaunoy] + + Update ransomware.json + +* Update ransomware.json. [StefanKelm] + +* Update ransomware.json. [StefanKelm] + + 5ss5c + +* Merge pull request #502 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update tool galaxy + +* Jq. [Deborah Servili] + +* Add Operation Wocao. [Deborah Servili] + +* Complete Zimbabwe cluster. [Deborah Servili] + +* Update target location galaxy. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #500 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update target information + +* Merge pull request #501 from StefanKelm/master. [Alexandre Dulaunoy] + + Update tool.json + +* Update tool.json. [StefanKelm] + + LiquorBot + +* Merge pull request #499 from StefanKelm/master. [Alexandre Dulaunoy] + + Update tool.json + +* Update tool.json. [StefanKelm] + + Lampion + +* Add Autochk Rootkit as tool. [Deborah Servili] + +* Add two wipers to tools. [Deborah Servili] + +* Update target information. [Deborah Servili] + +* Merge pull request #498 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + +* Update threat-actor.json. [StefanKelm] + + BRONZE PRESIDENT + +* Merge pull request #497 from r0ny123/patch-2. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Merge pull request #496 from bartblaze/patch-1. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Bart] + + Adds Operation Wocao.. + +* Merge pull request #495 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add clop ransomware + +* Add clop ransomware. [Deborah Servili] + +* Merge pull request #494 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add BitPaymer Synonyms + +* Jq. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #493 from Delta-Sierra/master. [Deborah Servili] + + add tools used by GALLIUM + +* Merge pull request #492 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Operation Soft Cell ralated Updates + +* Merge pull request #491 from wagner-certat/threat-actor-syn-sofacy. [Alexandre Dulaunoy] + + sofacy: add apt_sofacy as synonym + +* Sofacy: add apt_sofacy as synonym. [Sebastian Wagner] + +* Merge pull request #490 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Update threat actor galaxy + +* Add BitPaymer Synonsyms. [Deborah Servili] + +* Add tools used by GALLIUM. [Deborah Servili] + +* Add GALLIUM as microsoft activities group and similar to Operation Soft Cell. [Deborah Servili] + +* Update threat actor version. [Deborah Servili] + +* Add relation suspected link between operation soft cell and apt10. [Deborah Servili] + +* ##COMMA## [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #489 from danielplohmann/patch-16. [Alexandre Dulaunoy] + + added APT-C-34 / Golden Falcon + +* Added APT-C-34 / Golden Falcon. [Daniel Plohmann] + +* Merge pull request #488 from Delta-Sierra/master. [Alexandre Dulaunoy] + + create new galaxy - surveillance-vendor + +* Merge pull request #487 from gallypette/patch-1. [Alexandre Dulaunoy] + + add: [dark-pattern] updates the README + +* Add: [dark-pattern] updates the README. [Jean-Louis Huynen] + +* Merge pull request #486 from gallypette/master. [Alexandre Dulaunoy] + + chg: [dark-pattern] namespace: misp + +* Merge pull request #485 from danielplohmann/patch-15. [Alexandre Dulaunoy] + + added TA2101 + +* Added TA2101. [Daniel Plohmann] + +* Merge pull request #484 from gallypette/master. [Alexandre Dulaunoy] + + add: [dark-pattern] galaxy to tag dark patterns + +* Add: [dark-pattern] add a source. [Jean-Louis Huynen] + +* Add: [dark-pattern] galaxy to tag dark patterns. [Jean-Louis Huynen] + +* Add Axiom synonym. [Deborah Servili] + +* Add Sofacy ref. [Deborah Servili] + +* Add clusters to surveillance-vendor galaxy. [Deborah Servili] + +* Fix surveillance-vendor galaxy. [Deborah Servili] + +* Fix-tentative. [Deborah Servili] + +* Fix. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Update schema_cluster. [Deborah Servili] + +* Add FlexiSPY + jq. [Deborah Servili] + +* Add new galaxy - surveillance-vendor. [Deborah Servili] + +* Add Private Internet Access as Tool. [Deborah Servili] + +* Merge branch 'rmkml-master' [Alexandre Dulaunoy] + +* Merge branch 'master' into master. [rmkml] + +* Merge pull request #482 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add DePriMon malicious downloader & Cyborg ransomware + +* Jq. [Deborah Servili] + +* Add cyborg ransomnote refs. [Deborah Servili] + +* Add cyborg ransomnote filename. [Deborah Servili] + +* Add cyborg ranspmware extension. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add DePriMon malicious downloader & Cyborg ransomware. [Deborah Servili] + +* Merge pull request #481 from Delta-Sierra/master. [Andras Iklody] + + add silence synonym & new meta field spoken-language + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge. [Deborah Servili] + +* Merge pull request #480 from rmkml/master. [Alexandre Dulaunoy] + + Add Maze Ransomware + +* Merge pull request #477 from rmkml/master. [Alexandre Dulaunoy] + + Add Desync Ransomware + +* Merge pull request #476 from StefanKelm/master. [Alexandre Dulaunoy] + + new refs for APT33 + +* New refs for APT33. [StefanKelm] + +* Merge pull request #475 from Delta-Sierra/master. [Alexandre Dulaunoy] + + target information update [WIP] + +* Merge pull request #473 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update target location WIP + +* Merge. [Deborah Servili] + +* Add silence synonym & new meta field spoken-language. [Deborah Servili] + +* Traget information update [WIP] [Deborah Servili] + +* Jq. [Deborah Servili] + +* Traget information update [WIP] [Deborah Servili] + +* Add Palestine PPound. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #472 from rmkml/master. [Alexandre Dulaunoy] + + Add DoppelPaymer Ransomware + +* Merge pull request #471 from rmkml/master. [Alexandre Dulaunoy] + + Add FreeMe Ransomware + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #468 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Turla Group Symonym variant + +* Merge pull request #467 from Delta-Sierra/master. [Deborah Servili] + + Few updates + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #465 from r0ny123/patch-1. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Jq. [Deborah Servili] + +* Update target location WIP. [Deborah Servili] + +* Add Turla Group Symonym variant. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add Winnti related tools etc. [Deborah Servili] + +* Add operation soft cell. [Deborah Servili] + +* Merge pull request #464 from MISP/fix-misinfosec. [Sami Mokaddem] + + fix: [misinfosec] fixed kill_chain fields + +* Merge pull request #463 from VVX7/master. [Alexandre Dulaunoy] + + new: [galaxy] AMITT (Adversarial Misinformation and Influence Tactics… + +* Merge pull request #462 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add synonyms + +* Jq. [Deborah Servili] + +* Add legitimate tools. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #461 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] + + Target location galaxy + +* Fix empty string. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add TVSPY tool. [Deborah Servili] + +* WIP update target info. [Deborah Servili] + +* Try to please CodeFactor. [Deborah Servili] + +* Add script used to create region galaxy (Not optimised or anything) [Deborah Servili] + +* New galaxy - Region based on UN M49. [Deborah Servili] + +* WIP update target info. [Deborah Servili] + +* Merge pull request #459 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] + + Target location galaxy + +* Jq. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy into target-location-galaxy. [Deborah Servili] + +* Merge pull request #458 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add Tortoiseshell thrat actor + +* WIP update target info - fix empty string. [Deborah Servili] + +* WIP update target info. [Deborah Servili] + +* WIP update target info. [Deborah Servili] + +* Moar clusters. [Deborah Servili] + +* Update target information [draft] [Deborah Servili] + +* Update target information. [Deborah Servili] + +* Update target information. [Deborah Servili] + +* Improve target-information. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Add PlugX rat sysnonyms. [Deborah Servili] + +* Add Sodinokibi synonym. [Deborah Servili] + +* Version update. [Deborah Servili] + +* Add Tortoiseshell thrat actor. [Deborah Servili] + +* Merge pull request #457 from rmkml/master. [Alexandre Dulaunoy] + + Add Mr.Dec Ransomware + +* Merge pull request #456 from rmkml/master. [Alexandre Dulaunoy] + + Add Hildacrypt Ransomware + +* Merge pull request #455 from rmkml/master. [Alexandre Dulaunoy] + + Add InnfiRAT + +* Merge pull request #454 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Silent Librarian + +* Merge pull request #453 from rmkml/master. [Alexandre Dulaunoy] + + Add AsyncRAT + +* Fix Add FTCode Ransomware. [rmkml] + +* Add FTCode Ransomware. [rmkml] + +* Add Maze Ransomware. [rmkml] + +* Revert "Add Maze Ransomware" [rmkml] + + This reverts commit cfc6e2802cf8760e1389e77d3f1452f3eda7fb8f. + +* Add Maze Ransomware. [rmkml] + +* Add Desync Ransomware. [rmkml] + +* Add DoppelPaymer Ransomware. [rmkml] + +* Add FreeMe Ransomware. [rmkml] + +* Add Mr.Dec Ransomware. [rmkml] + +* Add Hildacrypt Ransomware. [rmkml] + +* Add InnfiRAT. [rmkml] + +* Merge branch 'master' into master. [rmkml] + +* Merge pull request #452 from Delta-Sierra/master. [Deborah Servili] + + aff SectorJ04 group + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #450 from rmkml/master. [Alexandre Dulaunoy] + + Add Buran Ransomware + +* Merge pull request #449 from danielplohmann/patch-14. [Alexandre Dulaunoy] + + 'SectorJ04 Group' as alias introduced by NSHC for TA505 + +* 'SectorJ04 Group' as alias introduced by NSHC for TA505. [Daniel Plohmann] + + Not explicitly mentioned in the blog post but it looks like we just got an alias for TA505... https://threatrecon.nshc.net/2019/08/29/sectorj04-groups-increased-activity-in-2019/ + +* Merge pull request #448 from rmkml/master. [Alexandre Dulaunoy] + + Add Nemty Ransomware + +* Merge pull request #447 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] + + improve more clusters + +* Improve more clusters. [Deborah Servili] + +* Merge pull request #446 from wagner-certat/tool-empty-strings. [Alexandre Dulaunoy] + + Add test for empty strings + +* Target-information: fix territory-type for China. [Sebastian Wagner] + +* Add test for empty strings. [Sebastian Wagner] + + Should prevent MISP/misp-galaxy#438 + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #441 from Delta-Sierra/target-location-galaxy. [Deborah Servili] + + More clusters improved + +* More clusters improved. [Deborah Servili] + +* Merge pull request #444 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Add ITG08 as synonym for FIN6 + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Aff SectorJ04 group. [Deborah Servili] + +* Add Asruex Backdoor. [Deborah Servili] + +* Add ref for Gamaredon. [Deborah Servili] + +* Merge pull request #440 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] + + Target location galaxy + +* More clusters improved. [Deborah Servili] + +* More clusters improved. [Deborah Servili] + +* Merge pull request #439 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] + + Target location galaxy + +* More clusters improved. [Deborah Servili] + +* More clusters improved. [Deborah Servili] + +* More countries. [Deborah Servili] + +* Merge pull request #438 from wagner-certat/empty-strings. [Alexandre Dulaunoy] + + Remove some empty strings + +* Remove empty strings. [Sebastian Wagner] + +* Merge pull request #437 from Delta-Sierra/target-location-galaxy. [Deborah Servili] + + Target location galaxy + +* Complete more cluster + country is now an array. [Deborah Servili] + +* Target-informatione - add membership member-of attribute - Example:member-of NATO. [Deborah Servili] + +* Merge pull request #436 from Delta-Sierra/target-location-galaxy. [Alexandre Dulaunoy] + + Target location galaxy + +* Jq. [Deborah Servili] + +* Change attribute name. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Complete some clusters. [Deborah Servili] + +* Fix building mistakes. [Deborah Servili] + +* Add tld. [Deborah Servili] + +* Add target-information galaxy file. [Deborah Servili] + +* Rename galaxy target-location -> target-information. [Deborah Servili] + +* New galaxy target-location [DRAFT] [Deborah Servili] + +* Merge pull request #435 from hackunagi/master. [Alexandre Dulaunoy] + + Adding Amavaldo Banking Trojan + +* Adding Amavaldo Banking Trojan. [Carlos Borges] + +* Merge pull request #434 from r0ny123/patch-1. [Alexandre Dulaunoy] + + added microsoft naming for the groups + +* Added microsoft naming for the groups. [Rony] + +* Merge pull request #433 from nyx0/master. [Alexandre Dulaunoy] + + add APT41 + +* Add synonyme for Turla. [Thomas Dupuy] + +* Update victims. [Thomas Dupuy] + +* Add APT41. [Thomas Dupuy] + +* Merge pull request #431 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Amavaldo + +* Jq. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Add Amavaldo. [Deborah Servili] + +* Merge pull request #430 from 3c7/patch-2. [Alexandre Dulaunoy] + + [threat-actor] Remove local file reference in threat actor galaxy + +* Remove local file link :) [Nils Kuhnert] + +* Lowercased value field for DarkHotel. [Andras Iklody] + +* Merge pull request #429 from danielplohmann/patch-13. [Alexandre Dulaunoy] + + adding secureworks actor names for energetic bear and teamspy + +* Merge branch 'master' into patch-13. [Alexandre Dulaunoy] + +* Merge pull request #428 from danielplohmann/patch-12. [Alexandre Dulaunoy] + + adding Proofpoint's TA428 + +* Adding Proofpoint's TA428. [Daniel Plohmann] + +* Adding secureworks actor names for energetic bear and teamspy. [Daniel Plohmann] + +* Merge pull request #426 from mokaddem/patch-2. [Alexandre Dulaunoy] + + Update mitre-course-of-action.json + +* Update mitre-course-of-action.json. [Sami Mokaddem] + + Changed icon + +* Merge pull request #425 from mokaddem/patch-1. [Alexandre Dulaunoy] + + Update banker.json + +* Update banker.json. [Sami Mokaddem] + + Changed icon name + +* Merge pull request #424 from mokaddem/patch-3. [Alexandre Dulaunoy] + + Update mitre-enterprise-attack-course-of-action.json + +* Update mitre-enterprise-attack-course-of-action.json. [Sami Mokaddem] + + Changed icon + +* Merge pull request #423 from mokaddem/patch-4. [Alexandre Dulaunoy] + + Update mitre-mobile-attack-course-of-action.json + +* Update mitre-mobile-attack-course-of-action.json. [Sami Mokaddem] + + Changed icon + +* Merge pull request #422 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add SWEED threat actor + +* Jq. [Deborah Servili] + +* Add SWEED threat actor. [Deborah Servili] + +* Merge pull request #420 from Delta-Sierra/master. [Deborah Servili] + + add Felipe Trojan + +* Jq. [Deborah Servili] + +* Add Felipe Trojan. [Deborah Servili] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Alexandre Dulaunoy] + +* Fix duplicate. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* ##COMMA## [Deborah Servili] + +* Fix duplicate. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Merge pull request #419 from r0ny123/patch-6. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Merge pull request #415 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update threat actor galaxy + +* Fix duplicate and links update (APT34) [Deborah Servili] + +* Fix duplicate. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Tryto fix duplicate. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Merge pull request #414 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update threat actor galaxy + +* Fix duplicate. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #413 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update threat actor galaxy + +* Merge pull request #412 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update threat actors and tools + +* Merge pull request #411 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update threat-actor galaxy + +* Merge pull request #409 from rmkml/master. [Alexandre Dulaunoy] + + Add GetCrypt Ransomware + +* Merge pull request #408 from rmkml/master. [Alexandre Dulaunoy] + + Add Phobos Ransomware + +* Merge pull request #407 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add BlueKeep vulnerability + +* Update threat actor galaxy. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Update Threat actor galaxy. [Deborah Servili] + +* Update threat actor. [Deborah Servili] + +* Update threat actor darkhotel (nemim might be a typo) [Deborah Servili] + +* Update threat actor. [Deborah Servili] + +* FlawedAmmy RAT. [Deborah Servili] + +* Fix multiple refs. [Deborah Servili] + +* Update threat actors. [Deborah Servili] + +* Update threat actors. [Deborah Servili] + +* Update threat actors and tools. [Deborah Servili] + +* Fix merge mistakes. [Deborah Servili] + +* Update threat actor. [Deborah Servili] + +* Update threat actor. [Deborah Servili] + +* Update threat-actor galaxy. [Deborah Servili] + +* Update Anchor Panda Threat Actor. [Deborah Servili] + +* Add BlueKeep. [Deborah Servili] + +* Add AsyncRAT. [rmkml] + +* Add Buran Ransomware. [rmkml] + +* Add Nemty Ransomware. [rmkml] + +* Add GetCrypt Ransomware. [rmkml] + +* Merge branch 'master' into master. [rmkml] + +* Merge pull request #406 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Rework of ransomware galaxy + +* Fix ransomware ransomnotes. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Rework of ransomware galaxy. [Deborah Servili] + +* Merge pull request #405 from danielplohmann/patch-11. [Alexandre Dulaunoy] + + adding TA542 to MUMMY SPIDER (emotet) + +* Adding TA542 to MUMMY SPIDER (emotet) [Daniel Plohmann] + +* Merge pull request #404 from r0ny123/patch-5. [Alexandre Dulaunoy] + + merging Pacifier & Turla + +* Merging Pacifier & Turla. [Rony] + +* Merge pull request #403 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Reaver and probably related tools + +* Add Reaver and probably related tools. [Deborah Servili] + +* Merge pull request #402 from danielplohmann/patch-9. [Alexandre Dulaunoy] + + adding APT31/ZIRCONIUM + +* Adding APT31/ZIRCONIUM. [Daniel Plohmann] + +* Merge pull request #401 from mokaddem/bump-attack-pattern. [Alexandre Dulaunoy] + + chg: [attack-pattern] Sync kill-chain with data from MITRE. + +* Merge pull request #400 from Delta-Sierra/master. [Deborah Servili] + + add Sodinokibi + +* Add Sodinokibi. [Deborah Servili] + +* Merge pull request #399 from r0ny123/patch-4. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Merge pull request #395 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Scranos + +* Add Scarnos. [Deborah Servili] + +* Merge pull request #394 from StefanKelm/master. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [StefanKelm] + + Silent Librarian / COBALT DICKENS + +* Merge pull request #393 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add AESDDoS Botnet and JasperLoader + +* Add JasperLoader. [Deborah Servili] + +* Add AESDDoS Botnet. [Deborah Servili] + +* Merge branch 'nao-sec-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/nao-sec/misp-galaxy into nao-sec-master. [Alexandre Dulaunoy] + +* Merge branch 'r0ny123-patch-2' [Alexandre Dulaunoy] + +* Update threat-actor.json. [Rony] + +* Update threat-actor.json. [Rony] + +* Update threat-actor.json. [Rony] + +* Updated FIN4. [Rony] + +* Merge branch 'Kafeine-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy] + +* += Spelevo. [Kafeine] + +* ZTDS. [Kafeine] + +* Novidade,taurus. [Kafeine] + +* Merge pull request #387 from r0ny123/patch-1. [Alexandre Dulaunoy] + + more report on APT36 + +* More report on APT36. [Rony] + +* Merge pull request #386 from Delta-Sierra/master. [Alexandre Dulaunoy] + + ad Sea Turtle Campaign + +* Add Sea Turtle campaign. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Chg; [threat-actor] validate + version bump. [Christophe Vandeplas] + +* Merge pull request #385 from bartblaze/master. [Christophe Vandeplas] + + Add Whitefly + +* Add Whitefly. [Bart] + +* Merge. [Deborah Servili] + +* Merge pull request #384 from r0ny123/patch-3. [Deborah Servili] + + fixed the broken link + +* Fixed the broken link. [Rony] + +* Merge pull request #383 from rmkml/master. [Deborah Servili] + + Add BigBobRoss Ransomware + +* Merge pull request #382 from rmkml/master. [Alexandre Dulaunoy] + + Add Caesar RAT + +* Merge pull request #381 from rmkml/master. [Alexandre Dulaunoy] + + Add Tellyouthepass Ransomware + +* Merge pull request #380 from bartblaze/master. [Alexandre Dulaunoy] + + Add DoNot team references + +* Add DoNot team references. [Bart] + +* Merge pull request #379 from rmkml/master. [Alexandre Dulaunoy] + + Add BlackWorm Ransomware + +* Merge branch 'danielplohmann-patch-8' [Alexandre Dulaunoy] + +* Merge branch 'patch-8' of https://github.com/danielplohmann/misp-galaxy into danielplohmann-patch-8. [Alexandre Dulaunoy] + +* Based on additional research, APT36 can actually be merged into Mythic Leopard. [Daniel Plohmann] + +* Merge pull request #377 from r0ny123/patch-2. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Rony] + +* Merge pull request #376 from r0ny123/patch-1. [Alexandre Dulaunoy] + + adding additional resources for APT36 + +* Update threat-actor.json. [Rony] + +* Adding additional resources for APT36. [Rony] + +* Merge pull request #375 from rmkml/master. [Alexandre Dulaunoy] + + Add Globe Imposter Ransomware + +* Merge pull request #374 from rmkml/master. [Alexandre Dulaunoy] + + Add Parasite HTTP RAT + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Add ref for Ryuk and LockerGoga ransomwares. [Deborah Servili] + +* Add Phobos Ransomware. [rmkml] + +* Add Cr1ptt0r Ransomware. [rmkml] + +* Add SpelevoEK. [rmkml] + +* Add Planetary Ransomware. [rmkml] + +* Add BigBobRoss Ransomware. [rmkml] + +* Add Caesar RAT. [rmkml] + +* Add Ave Maria Stealer. [rmkml] + +* Add Tellyouthepass Ransomware. [rmkml] + +* Add Vidar Stealer. [rmkml] + +* Add Brushaloader Malware. [rmkml] + +* Add BlackWorm Ransomware. [rmkml] + +* Add Globe Imposter Ransomware. [rmkml] + +* Add Parasite HTTP RAT. [rmkml] + +* Merge pull request #373 from danielplohmann/patch-7. [Alexandre Dulaunoy] + + adding FireEye's TMP.Lapis / APT36 + +* Adding FireEye's TMP.Lapis / APT36. [Daniel Plohmann] + +* Merge branch 'ismasma-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/ismasma/misp-galaxy into ismasma-master. [Alexandre Dulaunoy] + +* Add payment method and price. [ismasma] + +* Merge pull request #371 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add Operation ShadowHammer + +* Add Operation ShadowHammer. [Deborah Servili] + +* Add relationship between Cardinal RAT and EVILNUM. [Deborah Servili] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Jq. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Add Cardinal RAT ref. [Deborah Servili] + +* Add AOT-C-27 Goldmouse. [Deborah Servili] + +* Add SPOILER vulnerability + other minor changes. [Deborah Servili] + +* Remove mitre-relationships from readme. [Deborah Servili] + +* Merge pull request #370 from danielplohmann/patch-6. [Alexandre Dulaunoy] + + added APT-C-27 / GoldMouse + +* Added APT-C-27 / GoldMouse. [Daniel Plohmann] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #363 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add H-worm RAT + +* Add H-worm RAT. [Deborah Servili] + +* Add: [attck4fraud] initial attck-like matrix for fraud from https://github.com/burritoblue/attck4fraud (WiP) [Alexandre Dulaunoy] + +* Merge pull request #362 from bartblaze/master. [Alexandre Dulaunoy] + + Update preventive-measure.json + +* Update preventive-measure.json. [Bart] + + Add ACL + +* Merge pull request #361 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Operation Comando - hit version 100 + +* Add Operation Comando - hit version 100. [Deborah Servili] + +* Merge pull request #359 from nyx0/master. [Alexandre Dulaunoy] + + add synonym, no need for uppercase in the name :) + +* Add synonym, no need for uppercase in the name :) [Thomas Dupuy] + +* Merge pull request #358 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add attribution-confidence attribute to threat-actor + +* Add attribution-confidence attribute to threat-actor. [Deborah Servili] + +* Merge pull request #357 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New clusters + +* Relations between SLUB Backdoor. [Deborah Servili] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #356 from danielplohmann/patch-5. [Alexandre Dulaunoy] + + another actor described by 360TIC. + +* Update threat-actor.json. [Daniel Plohmann] + + another actor described by 360TIC. + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #355 from danielplohmann/patch-4. [Alexandre Dulaunoy] + + FireEye upgraded TEMP.Periscope to APT40 + +* FireEye upgraded TEMP.Periscope to APT40. [Daniel Plohmann] + +* Add StealthWorker malware. [Deborah Servili] + +* Add SLUB backdoor. [Deborah Servili] + +* Add Jokeroo RaaS. [Deborah Servili] + +* Add operation Kabar Cobra. [Deborah Servili] + +* Add ref for garrantydecrypt. [Deborah Servili] + +* Add relation between Lazarus Group and Operation SharpShooter. [Deborah Servili] + +* Add Rising Sun Backdoor. [Deborah Servili] + +* Add Razdel. [Deborah Servili] + +* Merge pull request #350 from bartblaze/master. [Alexandre Dulaunoy] + + Add more info on Lotus Blossom + +* Add more info on Lotus Blossom. [Bart] + + Add 2 more references, fix typo - Trend calls it "Esile", not "Eslie" as mistakenly stated by CFR. The backdoor itself is commonly referred to as Elise. + +* Merge pull request #347 from bartblaze/master. [Alexandre Dulaunoy] + + Update cert-eu-motive.json + +* Update cert-eu-motive.json. [Bart] + + Fix typo + +* Merge pull request #346 from danielplohmann/patch-3. [Alexandre Dulaunoy] + + Two more actor names from GTR2019 + +* Two more actor names from GTR2019. [Daniel Plohmann] + + I found two more actor names while going again over the crowdstrike's report and updating the cross-references to malpedia. + +* Merge pull request #345 from danielplohmann/patch-2. [Alexandre Dulaunoy] + + Added missing actors from CrowdStrike GTR2019 + +* Added missing actors from CrowdStrike GTR2019. [Daniel Plohmann] + +* Merge pull request #344 from ITAYC0HEN/patch-1. [Alexandre Dulaunoy] + + Fix 404'd reference of BuhTrap + +* Fix 404'd reference of BuhTrap. [Itay Cohen] + +* Merge pull request #343 from mokaddem/newMitre. [Alexandre Dulaunoy] + + Added kill_chain_order in mitre-attack-pattern + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy into newMitre. [mokaddem] + +* Merge pull request #342 from mokaddem/electionGuidelines. [Alexandre Dulaunoy] + + new: Added draft of the election guildelines galaxy + +* Merge pull request #320 from cvandeplas/mitre_attack. [Alexandre Dulaunoy] + + chg: [mitre] Deprecated pre/enterprise/mobile separate galaxies + +* Merge pull request #341 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add several clusters + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #340 from nyx0/master. [Alexandre Dulaunoy] + + add ANEL/UPPERCUT in tool cluster + +* Add ANEL/UPPERCUT in tool cluster. [Thomas Dupuy] + +* Merge pull request #338 from netjinho/patch-1. [Alexandre Dulaunoy] + + Updated "Iran" name + +* Updated "Iran" name. [João Neto] + + This extra space leads to an unnecessary key error when parsing the json file + +* Merge pull request #337 from 3c7/synonym/velvet-chollima. [Alexandre Dulaunoy] + + Added Velvet Chollima as synonym to Kimsuki + +* Added Velvet Chollima as synonym to Kimsuki. [Nils Kuhnert] + +* Merge pull request #336 from 3c7/synonym/static-kitten. [Christophe Vandeplas] + + Added static kitten as synonym for MuddyWater + +* Added static kitten as synonym for MuddyWater. [Nils Kuhnert] + +* Merge pull request #334 from 3c7/synonym/cobalt-spider. [Alexandre Dulaunoy] + + Added Cobalt Spider as Synonym for Cobalt + +* Added Cobalt Spider reference. [Nils Kuhnert] + +* Added Cobalt Spider as Synonym for Cobalt. [Nils Kuhnert] + +* Merge pull request #335 from 3c7/synonym/turbine-panda. [Alexandre Dulaunoy] + + Added Turbine Panda as synonym for APT 26 + +* Added Turbine Panda as synonym for APT 26. [Nils Kuhnert] + +* Merge pull request #333 from 3c7/synonym/oceanbuffalo. [Alexandre Dulaunoy] + + Added Ocean Buffalo synonym for Ocean Lotus + +* Added Ocean Buffalo synonym for Ocean Lotus. [Nils Kuhnert] + +* Merge pull request #332 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add APT39 & LockerGoga + +* Merge pull request #331 from 3c7/synonym/quilted_tiger. [Alexandre Dulaunoy] + + Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. + +* Added Quilted Tiger as Synonym for Patchwork/Dropping Elephant. [Nils Kuhnert] + +* Merge pull request #330 from 3c7/synonym/shadow_crane. [Alexandre Dulaunoy] + + Added Shadow Crane as synonym for Dark Hotel. + +* Added Shadow Crane as synonym for Dark Hotel. [Nils Kuhnert] + +* Add Gallmaker and other clusters. [Deborah Servili] + +* Add OSX/Shlayer and some refs. [Deborah Servili] + +* Add Siesta campaign. [Deborah Servili] + +* Add APT39. [Deborah Servili] + +* Add LockerGoga ransomware. [Deborah Servili] + +* Merge pull request #329 from 3c7/synonym/stardustchollima. [Alexandre Dulaunoy] + + Added "Stardust Chollima" as synonym for Lazarus. + +* Added "Stardust Chollima" as synonym for Lazarus. [Nils Kuhnert] + +* Merge pull request #328 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Silence Group + +* Add Silence Group. [Deborah Servili] + +* Merge pull request #327 from nyx0/master. [Alexandre Dulaunoy] + + add alternative name for DarkHydrus + +* Add alternative name for DarkHydrus. [Thomas Dupuy] + +* Merge pull request #326 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Cold River Threat actor + +* Add LoJax ref. [Deborah Servili] + +* Add Cold River Threat actor. [Deborah Servili] + +* Merge pull request #325 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add several ransomware and threat actors + +* Fix versions. [Deborah Servili] + +* Add several ransomware and threat actors. [Deborah Servili] + +* Merge pull request #324 from Delta-Sierra/master. [Alexandre Dulaunoy] + + TA505 threat actorand affiliates malwares + +* Add drakhydrus ref. [Deborah Servili] + +* TA505 threat actorand affiliates malwares. [Deborah Servili] + +* Merge pull request #322 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Cryptomix variants refs + +* Add hidenad synonym. [Deborah Servili] + +* Add Cryptomix variants refs. [Deborah Servili] + +* Merge pull request #321 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add AndroidOS_HidenAd + +* Update version. [Deborah Servili] + +* Add AndroidOS_HidenAd. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #319 from cvandeplas/master. [Christophe Vandeplas] + + chg: [mitre] bump to latest MITRE ATT&CK dataset + +* MITRE galaxy regeneration + updated migration script. [Christophe Vandeplas] + +* MITRE sorted. [Christophe Vandeplas] + + While dicts were sorted, lists were not yet sorted. This current sort algo is not yet the best, but is a good start. A good sort is needed for better comparison afterwards with automated tools. In a next stage tt will also be needed in the validate_all scripts. + +* MITRE galaxy - initial conversion and migration script. [Christophe Vandeplas] + + this is not fully working yet ! + +* Merge pull request #318 from 3c7/feature/helixkitten. [Alexandre Dulaunoy] + + Added OilRig synonym "Helix Kitten". + +* Added OilRig synonym "Helix Kitten". [Nils Kuhnert] + +* Merge pull request #316 from danielplohmann/master. [Alexandre Dulaunoy] + + New name SNAKEMACKEREL for APT28 by Accenture + +* Microsoft alias for apt29 is YTTRIUM. [Daniel Plohmann] + +* New name SNAKEMACKEREL for APT28 by Accenture. [Daniel Plohmann] + +* Removed Puplishing industry. [Gerard Wagener] + +* Merge pull request #315 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add OSX malwares + +* Merge pull request #314 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New clusters + +* Add ransomwares. [Deborah Servili] + +* Add OSX malwares. [Deborah Servili] + +* Add operation sharpshooter. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #313 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add some clusters or info + +* Merge pull request #310 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add several clusters + +* Update toll version. [Deborah Servili] + +* Add shamoon synonym. [Deborah Servili] + +* Fix tool version. [Deborah Servili] + +* Fix exploit-kit version. [Deborah Servili] + +* Add some clusters or info. [Deborah Servili] + +* Add Goden Chickens and affiliates. [Deborah Servili] + +* Add ransomwares. [Deborah Servili] + +* Add Operation Poison Needles. [Deborah Servili] + +* Add clusters. [Deborah Servili] + +* Add several clusters. [Deborah Servili] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Add DNSpionage cluster. [Deborah Servili] + +* Add everbe rasomnotes. [Deborah Servili] + +* Add ransomwares. [Deborah Servili] + +* Add ransomwares. [Deborah Servili] + +* Merge pull request #309 from cvandeplas/master. [Alexandre Dulaunoy] + + pep8, include the misp-galaxy tag in the output + +* Pep8, include the misp-galaxy tag in the output. [Christophe Vandeplas] + +* Add: [doc] contribution doc added. [Alexandre Dulaunoy] + +* Merge pull request #306 from SteveClement/master. [Steve Clement] + + chg: [doc] Added some dependency pointers. + +* Merge pull request #305 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add Rotexy + +* Add Aurora Ransomware metadata. [Deborah Servili] + +* Add Aurora Ransomware synonym. [Deborah Servili] + +* Fix version. [Deborah Servili] + +* Add Rotexy. [Deborah Servili] + +* Merge pull request #304 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add PNG Dropper + +* Update version. [Deborah Servili] + +* Add PNG Dropper. [Deborah Servili] + +* Merge pull request #303 from Delta-Sierra/master. [Deborah Servili] + + add several references for Emotet and others + +* Add reference for Emotet/Geodo. [Deborah Servili] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] + +* Add several references for Emotet and others. [Deborah Servili] + +* Merge pull request #302 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update oilrig related clusters + others + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Merge pull request #300 from Delta-Sierra/master. [Deborah Servili] + + add several rqansomware and HookAds campaign + +* Update oilrig related clusters + others. [Deborah Servili] + +* Fix rat galaxy version. [Deborah Servili] + +* Jq and add ref in tool galaxy -hit version 100- [Deborah Servili] + +* Add TheOneSpy. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #299 from b3n7s/patch-1. [Alexandre Dulaunoy] + + Update threat-actor.json + +* Update threat-actor.json. [Benoit Sevens] + + Add LuckyMouse link + +* Merge pull request #297 from danielplohmann/patch-1. [Alexandre Dulaunoy] + + added APT38 as (FireEye) alias for Lazarus + +* Added APT38 as (FireEye) alias for Lazarus. [Daniel Plohmann] + + cross-references in https://content.fireeye.com/apt/rpt-apt38 suggest the link to Lazarus. + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Add several rqansomware and HookAds campaign. [Deborah Servili] + +* Add/update ransomawares. [Deborah Servili] + +* Add several tools and refs. [Deborah Servili] + +* Merge pull request #296 from Delta-Sierra/master. [Deborah Servili] + + update ransomware galaxy + +* Update ransomware galaxy. [Deborah Servili] + +* Merge pull request #295 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update Red Alert 2 Android Banking Trojan + +* Jq fix. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Update Red Alert 2 Android Banking Trojan. [Deborah Servili] + +* Merge pull request #294 from Delta-Sierra/master. [Deborah Servili] + + add ransomwares + +* Add ransomwares. [Deborah Servili] + +* Merge pull request #293 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Operation EvilTraffic + +* Add Chalubo botnet (+ jqallthethings) [Deborah Servili] + +* Add Operation EvilTraffic. [Deborah Servili] + +* Add Operation EvilTraffic. [Deborah Servili] + +* Merge pull request #292 from 3c7/master. [Alexandre Dulaunoy] + + Corrected DarkHotel threat actor entry + +* Corrected DarkHotel threat actor entry. [Nils Kuhnert] + +* Merge pull request #291 from Delta-Sierra/master. [Deborah Servili] + + Clusters & references + +* Fix duplicate ref. [Deborah Servili] + +* Add August Stealer. [Deborah Servili] + +* Add NukeSped reference. [Deborah Servili] + +* Add GhostMiner. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #290 from cvandeplas/master. [Alexandre Dulaunoy] + + tool: experimental graphing tool + +* Tool: experimental graphing tool. [Christophe Vandeplas] + +* Merge pull request #289 from cvandeplas/master. [Alexandre Dulaunoy] + + chg: further categorization of galaxies + +* Merge pull request #288 from cvandeplas/master. [Alexandre Dulaunoy] + + categorization of galaxies + +* Jq. [Christophe Vandeplas] + +* Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas] + +* Merge pull request #287 from cvandeplas/master. [Alexandre Dulaunoy] + + fixes an important bug in the gen_relations + +* Some minor fixes. [Andras Iklody] + +* Merge remote-tracking branch 'MISP/master' [Christophe Vandeplas] + +* Merge pull request #286 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Several clusters, refs, others. + +* Merge pull request #285 from cvandeplas/master. [Alexandre Dulaunoy] + + MITRE relationships included in the respective cluster + +* Merge pull request #284 from cvandeplas/master. [Alexandre Dulaunoy] + + chg: mappings are now in the generated adoc + +* Add tools from https://github.com/misterch0c/shadowbroker. [Deborah Servili] + +* Add DarkPulsar and affiliates + update some refs. [Deborah Servili] + +* Add GreyEnergy. [Deborah Servili] + +* Add refs & synonyms. [Deborah Servili] + +* Add several refs. [Deborah Servili] + +* Add several refs. [Deborah Servili] + +* Add roaming mantis group. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #283 from cvandeplas/master. [Alexandre Dulaunoy] + + fixes + relations with malpedia + +* Jq sort keys. [Christophe Vandeplas] + + Allows automation to edit the files + +* Merge branch 'steffenenders-patch-1' [Alexandre Dulaunoy] + +* Jq all the things. [Alexandre Dulaunoy] + +* Updated malpedia.json to the current state. [Steffen Enders] + + Fetched the new malpedia galaxy cluster from https://malpedia.caad.fkie.fraunhofer.de/api/get/misp - this includes an additional ~120 new families. + +* Merge pull request #281 from Delta-Sierra/master. [Deborah Servili] + + add SAVEfiles ransomware + +* Merge pull request #280 from Delta-Sierra/master. [Deborah Servili] + + update matrix ransomware + +* Add magecart ref. [Deborah Servili] + +* Add SAVEfiles ransomware. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Update matrix ransomware. [Deborah Servili] + +* Merge pull request #279 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Triout Android Malware + +* Add Triout Android Malware. [Deborah Servili] + +* Merge pull request #278 from Delta-Sierra/master. [Alexandre Dulaunoy] + + fix failed copy-paste + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #276 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add CoalaBot + Kraken Cryptor Ransmware + refs + +* Merge pull request #277 from dadokkio/master. [Alexandre Dulaunoy] + + Added Malpedia Galaxy + +* Added Malpedia Galaxy. [Davide Arcuri] + + based on malpedia git repo + +* Merge pull request #274 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Refs updates + +* Merge pull request #273 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update synonyms & attributions + +* Merge pull request #272 from Delta-Sierra/master. [Deborah Servili] + + New clusters based on CIG Circular 66 – FASTCash ATM Cash Out Campaign + +* Merge pull request #271 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Several updates + +* Fix failed copy-paste. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili] + +* Add CoalaBot + Kraken Cryptor Ransmware + refs. [Deborah Servili] + +* Add Persirai botnet. [Deborah Servili] + +* Update Torii botnet. [Deborah Servili] + +* Add ref for Torii botnet. [Deborah Servili] + +* Add refs. [Deborah Servili] + +* Add ZEBROCY tool. [Deborah Servili] + +* Update regarding https://twitter.com/adulau/status/1047764090410737664. [Deborah Servili] + +* Update synonyms & attributions. [Deborah Servili] + +* Add NukeSped. [Deborah Servili] + +* Add FASTCash. [Deborah Servili] + +* Add ref for magecart. [Deborah Servili] + +* New threat actors & tools. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #270 from Delta-Sierra/master. [Alexandre Dulaunoy] + + new clusters, relations and information + +* Merge pull request #268 from botherder/master. [Alexandre Dulaunoy] + + Added missing country values + +* Added missing country values. [Nex] + +* Merge pull request #267 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New clusters + +* Merge pull request #266 from Delta-Sierra/master. [Alexandre Dulaunoy] + + small updates + +* Merge pull request #265 from Delta-Sierra/master. [Alexandre Dulaunoy] + + new threat actors + +* Merge pull request #264 from Delta-Sierra/master. [Alexandre Dulaunoy] + + more clusters~ + +* Add synonym. [Deborah Servili] + +* Add refs. [Deborah Servili] + +* Jq. [Deborah Servili] + +* New clusters and informtion. [Deborah Servili] + +* New ransomware and relations. [Deborah Servili] + +* Add relationships on Mirai. [Deborah Servili] + +* Add references. [Deborah Servili] + +* Add BusyGasper android spyware. [Deborah Servili] + +* Add Cobalt Dickensthreat actor. [Deborah Servili] + +* Add remcos ref. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Fix field mistake. [Deborah Servili] + +* Update Lazarus group cluster. [Deborah Servili] + +* New unnamedthreat actor. [Deborah Servili] + +* New threat actors. [Deborah Servili] + +* Merge. [Deborah Servili] + +* Merge pull request #263 from botherder/bahamut. [Alexandre Dulaunoy] + + Added Bahamut to threat actors list + +* Added Bahamut to threat actors list. [Nex] + +* Merge pull request #262 from botherder/mythic-leopard. [Alexandre Dulaunoy] + + Added additional name to C-Major + +* Added additional name to C-Major. [Nex] + +* Merge pull request #261 from botherder/dedup. [Alexandre Dulaunoy] + + Removed duplicates + +* Removed duplicates. [Nex] + +* Merge pull request #259 from botherder/country-sync. [Alexandre Dulaunoy] + + Synced country codes with suspected state sponsor + +* Synced country codes with suspected state sponsor. [Nex] + +* Merge pull request #258 from botherder/transparent-tribe. [Alexandre Dulaunoy] + + Merged Transparent Tribe in C-Major + +* Merged Transparent Tribe in C-Major. [Nex] + +* Merge pull request #257 from Delta-Sierra/master. [Alexandre Dulaunoy] + + adding and updating clusters + +* Merge pull request #256 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ref for operation Applejeus + +* Merge pull request #255 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Schema update + +* Merge pull request #254 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ransomwares + +* Add notpetya and update jadeRAT. [Deborah Servili] + +* Add references. [Deborah Servili] + +* Add magentocore malware. [Deborah Servili] + +* Add blacknurse logo. [Deborah Servili] + +* Add blacknurse. [Deborah Servili] + +* Add Crypt0saur ransomware. [Deborah Servili] + +* Adding and updating clusters. [Deborah Servili] + +* Add description for sigma ransomware. [Deborah Servili] + +* Fix versions. [Deborah Servili] + +* Add ref for operation Applejeus. [Deborah Servili] + +* Fix version. [Deborah Servili] + +* Add Operation AppleJeus. [Deborah Servili] + +* Fix schema. [Deborah Servili] + +* Fix some relations. [Deborah Servili] + +* Clusters. [Deborah Servili] + +* More clusters~ [Deborah Servili] + +* Add CamuBot Banker Trojan. [Deborah Servili] + +* Jq~ [Deborah Servili] + +* Add ransomwares. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* "jq all the thing (tm)" [Alexandre Dulaunoy] + +* Merge branch 'Kafeine-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy] + +* + Fallout. [Kafeine] + +* Hunter EK > Active. [Kafeine] + +* Adding Underminer EK. [Kafeine] + +* Status from Terror, Bingo and Astrum. [Kafeine] + +* Adapting to modification from Misp repository. [Kafeine] + +* Merge pull request #250 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cfr data + +* Add ransomware. [Deborah Servili] + +* Add cfr data. [Deborah Servili] + +* Update microsoft-activity-group.json version. [Deborah Servili] + +* Merge pull request #249 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Update and add threat actors + +* More clusters. [Deborah Servili] + +* Add APT28/STRONTIUM refs. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #248 from Delta-Sierra/master. [Deborah Servili] + + merge black ruby duplicate (delete the newer) + +* Merge pull request #247 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New clusters + +* Update Dharma Ransomware. [Deborah Servili] + +* Version update. [Deborah Servili] + +* Merge black ruby duplicate (delete the newer) [Deborah Servili] + +* Merge. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Fix. [Deborah Servili] + +* Resolve merge confilct -I hope- [Deborah Servili] + +* Cosmetic change. [Christophe Vandeplas] + +* No change: dump files with sort_keys=True. [Christophe Vandeplas] + + This is needed to keep better track of the changes when other tools load and save the json files. + +* Merge pull request #246 from Delta-Sierra/master. [Deborah Servili] + + add Skygofree android spyware + +* Merge pull request #245 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add tools used by SamSam + +* Merge pull request #244 from Delta-Sierra/master. [Deborah Servili] + + add ransomwares + +* Fix typo and missing uuid. [Deborah Servili] + +* Add Rosenbridge backdoor. [Deborah Servili] + +* Add KEYPASS ransomware. [Deborah Servili] + +* Add Skygofree android spyware. [Deborah Servili] + +* Add tools used by SamSam. [Deborah Servili] + +* Add ransomwares. [Deborah Servili] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Update schema. [Deborah Servili] + +* Update schema. [Deborah Servili] + +* Tags is an array. [Deborah Servili] + +* Relationship system - v2. [Deborah Servili] + +* Update some clusters and try to add a relationship system. [Deborah Servili] + +* Merge pull request #242 from Delta-Sierra/master. [Deborah Servili] + + add RedAlpha campaigns + +* Add RedAlpha campaigns. [Deborah Servili] + +* Merge pull request #239 from Delta-Sierra/master. [Alexandre Dulaunoy] + + more clusters + +* Delete forgotten conflict marker. [Deborah Servili] + +* Resolve merge conflict. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Resolve merge conflict. [Deborah Servili] + +* Merge pull request #241 from 3c7/threat-actor/darkhydrus. [Andras Iklody] + + Added DarkHydrus + +* Added DarkHydrus. [Nils Kuhnert] + +* Merge pull request #240 from 3c7/fix/typos. [Alexandre Dulaunoy] + + Two small typos + +* Two small typos. [Nils Kuhnert] + +* Merge pull request #238 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Kronos Banking Trojan + +* Merge pull request #237 from Delta-Sierra/master. [Deborah Servili] + + Add CFR.org metadata into the galaxy - part 2 + +* Delete duplicate gorgon group. [Deborah Servili] + +* More clusters. [Deborah Servili] + +* Add Kronos Banking Trojan. [Deborah Servili] + +* Add CFR.org metadata into the galaxy - part 2. [Deborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #236 from raw-data/master. [Alexandre Dulaunoy] + + [add] new cluster + galaxy + +* [add] new backdoor cluster. [raw-data] + +* [add] new backdoor galaxy and cluster. [raw-data] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Merge pull request #235 from raw-data/master. [Alexandre Dulaunoy] + + [add] x1 new entry in stealer.json - AZORult + +* [add] x1 new entry in stealer.json - AZORult. [raw-data] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #234 from Delta-Sierra/master. [Alexandre Dulaunoy] + + cfr update -in progress- + add clusters associated to RANCOR + +* Merging attempt. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #233 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add CFR.org metadata into the galaxy - Test + +* Merge pull request #231 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] new entries in banker, rat and tool + +* [ADD] x1 new entry in tool.json - Koadic. [raw-data] + +* [ADD] x2 new rat - Sisfader, SocketPlayer. [raw-data] + +* [ADD] banker.json version bump. [raw-data] + +* [ADD] x2 new banker - Backswap, Karius. [raw-data] + +* Merge pull request #230 from 3c7/patch-1. [Alexandre Dulaunoy] + + Updated APT1 report link + +* Updated APT1 report link. [Nils Kuhnert] + +* Update cert-eu-govsector.json. [Deborah Servili] + +* Update cert-eu-govsector.json. [Deborah Servili] + +* Fix typo in type. [Deborah Servili] + +* Merge pull request #229 from iglocska/patch-1. [Andras Iklody] + + Fixed typo + +* Fixed typo. [Andras Iklody] + +* Merge pull request #228 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Thrip as threat actor + +* Merge pull request #227 from Delta-Sierra/master. [Andras Iklody] + + Ransomwares and Olympic Destroyer + +* Merge pull request #226 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Even more clusters + +* Merge pull request #225 from Delta-Sierra/master. [Alexandre Dulaunoy] + + More ransomwares and other clusters + +* Add cfr related informations -still in progress- [Deborah Servili] + +* Cfr update -in progress + add clusters associated to RANCOR. [Deborah Servili] + +* Add cfr prefix for cfr data - test. [Deborah Servili] + +* Add CFR.org metadata into the galaxy - Test. [Deborah Servili] + +* Some updates. [Deborah Servili] + +* Update verion. [Deborah Servili] + +* Add Thrip as threat actor. [Deborah Servili] + +* Add olympic destroyer. [Deborah Servili] + +* Add severals ransomware. [Deborah Servili] + +* More clusters. [Deborah Servili] + +* Add cluster in threat actor. [Deborah Servili] + +* Add ClipboardWalletHijacker. [Deborah Servili] + +* Add MysteryBot in android galaxy. [Deborah Servili] + +* Add some ransomwares. [Deborah Servili] + +* Merge pull request #224 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add some clusters + +* Add some tools. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Add some clusters. [Deborah Servili] + +* Minor layout corrections - validate_all. [Christophe Vandeplas] + +* Merge pull request #222 from Kafeine/master. [Christophe Vandeplas] + +* Merge pull request 222. [Christophe Vandeplas] + +* Fix. [Kafeine] + +* + Glazunov. [Kafeine] + +* Guuid & + VenomKit. [Kafeine] + +* +ThreadKit. [Kafeine] + +* +Glazunov. [Kafeine] + +* Merge pull request #223 from Delta-Sierra/master. [Deborah Servili] + + Add tools + +* Add BabaYaga Malware. [Deborah Servili] + +* Add PLEAD. [Deborah Servili] + +* Merge pull request #221 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New clusters + +* Add sigrun ransomware's ransomnotes. [Deborah Servili] + +* Add Sigrun ransomwaremeta data. [Deborah Servili] + +* Add Sigrun ransomware. [Deborah Servili] + +* Add another cryptomix variant. [Deborah Servili] + +* Add Brambul worm. [Deborah Servili] + +* Add Joanap RAT. [Deborah Servili] + +* Add: Iron Backdoor. [Alexandre Dulaunoy] + +* Merge pull request #220 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] New Stealer galaxy and cluster + +* [FIX] botnet file link. [raw-data] + +* [ADD] Stealer galaxy definition. [raw-data] + +* [ADD] x2 new info/pwd stealers - Nocturnal Stealer, TeleGrab. [raw-data] + +* [ADD] Introduced stealer cluster. [raw-data] + +* Merge pull request #219 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] x2 new entries for banker.json and rat.json + +* [ADD] NavRAT. [raw-data] + +* [ADD] DanaBot. [raw-data] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #218 from Delta-Sierra/master. [Alexandre Dulaunoy] + + fix typo in pre-attack-relationship script - thanks @Terrtia + +* Fix typo in pre-attack-relationship script - thanks @Terrtia. [Deborah Servili] + +* Merge pull request #217 from Terrtia/master. [Alexandre Dulaunoy] + + fix typo mitre-pre-attack-relationship + +* Fix typo mitre-pre-attack-relationship. [Thirion Aurélien] + +* Merge pull request #216 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] VPNFilter in tool.json cluster + +* [ADD] VPNFilter in tool.json cluster. [raw-data] + +* Merge pull request #215 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster + +* [ADD] Pontoeb, WICKED and Brain Food into botnet.json cluster. [raw-data] + +* Add: mitre-attack namespace for all the ATT&CK galaxies. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Merge pull request #214 from Delta-Sierra/master. [Deborah Servili] + + update mitre galaxies - add external id and killchain + +* Jq. [Deborah Servili] + +* Fix scripts for nobile and pre attack attack pattern. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Update mitre galaxies - add external id and killchain. [Deborah Servili] + +* Merge pull request #213 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update mitre 2.0 scripts to add external_id in meta + +* Update mitre 2.0 scripts to add external_id in meta (still need to be tested) [Deborah Servili] + +* Schema updated to have namespace key at galaxy level. [Alexandre Dulaunoy] + +* Merge pull request #211 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Added links in relation to Threat-actor info from Dragos + +* Added data related to Dragos Adverseries. [Dennis Rand] + +* Merge pull request #2 from MISP/master. [eCrimeLabs] + + Updated from Core + +* Merge pull request #209 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster + +* [ADD] RadRAT, ARS VBS Loader and FlawedAmmyy into rat.json cluster. [raw-data] + +* Merge pull request #210 from Delta-Sierra/master. [Deborah Servili] + + update/add some clusters + +* Add Stalinlocker. [Deborah Servili] + +* Add Mettle botnet. [Deborah Servili] + +* Update some clusters. [Deborah Servili] + +* Merge pull request #208 from Delta-Sierra/master. [Deborah Servili] + + add maikspy + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #207 from Delta-Sierra/master. [Deborah Servili] + + New clusters + +* Merge pull request #206 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update ransomware version + +* Merge pull request #205 from Delta-Sierra/master. [Deborah Servili] + + update - GandCrab v3 + +* Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New clusters~ + +* Merge pull request #203 from Delta-Sierra/master. [Deborah Servili] + + add ZooPark campaign + +* Add maikspy. [Deborah Servili] + +* Jq~ [Deborah Servili] + +* Add reference for HNS botnet. [Deborah Servili] + +* Add HNS bot net & HPE iLO 4 Ransomware/Wiper. [Deborah Servili] + +* Add Kitty malware. [Deborah Servili] + +* Update version -oops- [Deborah Servili] + +* Update - GandCrab v3. [Deborah Servili] + +* Add an unnamed ransomware. [Deborah Servili] + +* Add spymaster pro as rat. [Deborah Servili] + +* Add ZooPark campaign. [Deborah Servili] + +* Add: threat actors from Dragos Inc. (based on https://dragos.com/adversaries.html) [Alexandre Dulaunoy] + +* Merge pull request #202 from Delta-Sierra/master. [Alexandre Dulaunoy] + + MOAR & MOAR Clusters + +* Jq. [Deborah Servili] + +* Add Rubella Macro Builder. [Deborah Servili] + +* Add GravityRAT. [Deborah Servili] + +* Add HOGFISH as APT10 synonym. [Deborah Servili] + +* Merge pull request #201 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Henbox + +* Add Henbox. [Deborah Servili] + +* Merge pull request #200 from Delta-Sierra/master. [Alexandre Dulaunoy] + + MOAR CLUSTERS + +* Add Orangeworm, Kwampirs, Iron ransomware and Ton ransomware. [Deborah Servili] + +* Add Muhstik botnet. [Deborah Servili] + +* Merge pull request #199 from StefanKelm/master. [Alexandre Dulaunoy] + + add NMCRYPT ransomware + +* NMCRYPT ransomware. [Stefan Kelm] + +* Merge pull request #198 from Delta-Sierra/master. [Deborah Servili] + + add Xiaoba + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy. [Deborah Servili] + +* Update Ransomware galaxy version. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add Xiaoba. [Deborah Servili] + +* Merge pull request #197 from Delta-Sierra/master. [Deborah Servili] + + add some ransomwares + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #195 from droe/master. [Alexandre Dulaunoy] + + Add Comnie RAT + +* Add Comnie RAT. [Daniel Roethlisberger] + +* Merge pull request #194 from StefanKelm/master. [Alexandre Dulaunoy] + + Update to 'Chthonic' galaxy + +* Added 'Chtonic' synonym. [StefanKelm] + +* Remove Chthonic since it's a duplicate (banker.json) [StefanKelm] + +* Merge pull request #192 from Delta-Sierra/master. [Deborah Servili] + + add some ransomwares & threat actors + +* Merge pull request #191 from Delta-Sierra/master. [Deborah Servili] + + add Rovnix + +* Merge pull request #190 from Delta-Sierra/master. [Deborah Servili] + + add LockCrypt ransomware & GoScanSSH tool + +* Merge pull request #189 from Delta-Sierra/master. [Deborah Servili] + + add PUBG ransomware + +* Merge pull request #188 from Delta-Sierra/master. [Deborah Servili] + + update matrix ransomware + +* Merge pull request #187 from Delta-Sierra/master. [Deborah Servili] + + update threat actor galaxy based on https://www.fireeye.com/content/d… + +* Add some ransomwares. [Deborah Servili] + +* Add some ransomwares & threat actors. [Deborah Servili] + +* Add Rovnix. [Deborah Servili] + +* Add IcedID reference. [Deborah Servili] + +* Add GoScanSSH tool. [Deborah Servili] + +* Add LockCrypt ransomware. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add PUBG ransomware. [Deborah Servili] + +* Update matrix ransomware. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Update matrix ransomware. [Deborah Servili] + +* Update threat actor galaxy based on https://www.fireeye.com/content/dam/collateral/en/mtrends-2018.pdf. [Deborah Servili] + +* Merge pull request #186 from Delta-Sierra/master. [Deborah Servili] + + add BlackRuby& WhiteRose ransomwares (+some fix) + +* Add BlackRuby& WhiteRose ransomwares (+some fix) [Deborah Servili] + +* Merge pull request #185 from Delta-Sierra/master. [Deborah Servili] + + merge the two Igexin clusters - fix #183 + +* Merge the two Igexin clusters - fix #183. [Deborah Servili] + +* Merge pull request #184 from Delta-Sierra/master. [Deborah Servili] + + add 2 -supposed- wipers + +* Add 2 -supposed- wipers. [Deborah Servili] + +* Merge pull request #182 from Delta-Sierra/master. [Deborah Servili] + + Add hajime botnet + update cryptomix (new variant) + +* Update ransomware galaxy versionC. [Deborah Servili] + +* Update cryptomix. [Deborah Servili] + +* Update botnet version. [Deborah Servili] + +* Complete hajime botnet. [Deborah Servili] + +* Add hajime botnet. [Deborah Servili] + +* Merge pull request #181 from Delta-Sierra/master. [Deborah Servili] + + add external_id to values (MITRE galaxies) + +* Jq. [Deborah Servili] + +* Add external_id to values. [Deborah Servili] + +* Add: SHARPKNOT. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Merge pull request #179 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add several tools + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Add several tools. [Deborah Servili] + +* Merge pull request #176 from StefanKelm/master. [Alexandre Dulaunoy] + + Cosmetic changes only + +* Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm] + +* Update create_mitre-enterprise-attack-tool_galaxy.py. [StefanKelm] + +* Update create_mitre-enterprise-attack-relationship_galaxy.py. [StefanKelm] + +* Update create_mitre-enterprise-attack-malware_galaxy.py. [StefanKelm] + +* Update create_mitre-enterprise-attack-intrusion-set_galaxy.py. [StefanKelm] + +* Update create_mitre-enterprise-attack-course-of-action_galaxy.py. [StefanKelm] + +* Update create_mitre-enterprise-attack-attack-pattern_galaxy.py. [StefanKelm] + +* Update mitre-enterprise-attack-intrusion-set.json. [StefanKelm] + +* Update README.md. [StefanKelm] + +* Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm] + +* Rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm] + +* Update mitre-entreprise-attack-relationship.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-tool.json to mitre-enterprise-attack-tool.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-relationship.json to mitre-enterprise-attack-relationship.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-malware.json to mitre-enterprise-attack-malware.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-intrusion-set.json to mitre-enterprise-attack-intrusion-set.json. [StefanKelm] + +* Update mitre-enterprise-attack-course-of-action.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-course-of-action.json to mitre-enterprise-attack-course-of-action.json. [StefanKelm] + +* Update and rename mitre-entreprise-attack-attack-pattern.json to mitre-enterprise-attack-attack-pattern.json. [StefanKelm] + +* Merge pull request #175 from Delta-Sierra/master. [Deborah Servili] + + add Zenis ransomware + +* Update Android galaxy based on: https://source.android.com/security/reports/Google_Android_Security_2017_Report_Final.pdf - possible duplicates! [Deborah Servili] + +* Add Zenis ransomware. [Deborah Servili] + +* Merge pull request #174 from Delta-Sierra/master. [Deborah Servili] + + add gamut botnet + +* Merge branch 'master' into master. [Deborah Servili] + +* Merge pull request #173 from danielplohmann/leviathan. [Alexandre Dulaunoy] + + adding Leviathan / TEMP.Periscope + +* Added leviathan. [Daniel Plohmann (jupiter)] + +* Merge pull request #172 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group + +* Added RoyalCli and RoyalDNS related to APT15 based on information from NCC Group. [Dennis Rand] + +* Merge pull request #1 from MISP/master. [eCrimeLabs] + + Syncing Fork + +* Merge pull request #171 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add qwerty ransomware + +* Merge pull request #170 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Malware Used by APT37 + +* Malware Used by APT37. [eCrimeLabs] + + Malware Used by APT37 + +* Added tools from APT37. [eCrimeLabs] + + Malware Used by APT37 + +* Merge pull request #167 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update some clusters + +* Merge pull request #166 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Nautilus, Neuron and update GandCrab + +* Merge pull request #165 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add some tools + +* Merge pull request #164 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add RSAUtil and Coldroot + +* Merge pull request #163 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add TSCookie Malware and RAT + +* Add gamut botnet. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add qwertyransomware. [Deborah Servili] + +* Update version. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add missing uuid. [Deborah Servili] + +* Add ref for BS2005. [Deborah Servili] + +* Update Mirage Threat actor. [Deborah Servili] + +* Add Nautilus, Neuron and update GandCrab. [Deborah Servili] + +* Update GandCrab. [Deborah Servili] + +* Jq all the things. [Deborah Servili] + +* Add missing uuid. [Deborah Servili] + +* Add Shipup. [Deborah Servili] + +* Add ghotex. [Deborah Servili] + +* Add miniflame. [Deborah Servili] + +* Add Downloader-FGO. [Deborah Servili] + +* Add Cheshire Cat -hack.lu video as reference! [Deborah Servili] + +* Add Aurora/Hydraq. [Deborah Servili] + +* Add Rotinom. [Deborah Servili] + +* Add Exforel. [Deborah Servili] + +* Add RSAUtil and Coldroot. [Deborah Servili] + +* Add TSCookie Malware and RAT. [Deborah Servili] + +* Merge pull request #162 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add uuid to every cluster + +* Jq. [Deborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Fix #161. [Alexandre Dulaunoy] + +* Merge pull request #160 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add botnets to galaxy + +* Merge pull request #159 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add MITRE Galaxies V2.0 + +* Modify argument in add_missing_uuid script. [Deborah Servili] + +* Jq ftw. [Deborah Servili] + +* Add uuid to every cluster. [Deborah Servili] + +* Add extension for Thanatos ransomware. [Deborah Servili] + +* Add botnets to galaxy. [Deborah Servili] + +* Add Thanatos ransomware. [Deborah Servili] + +* Removing duplicates refs - 2. [Deborah Servili] + +* Manage duplicate refs - first try. [Deborah Servili] + +* Clean version. [Deborah Servili] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Add: UUID also at value level. [Alexandre Dulaunoy] + +* Merge pull request #157 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add botnet galaxy and other stuffs + +* Merge pull request #156 from Delta-Sierra/master. [Alexandre Dulaunoy] + + complete gandcrab - add ransomnotes + +* Merge pull request #155 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add gandcrap ransomware + update references + +* Jq all the things. [Deborah Servili] + +* Add uuid as a field. [Deborah Servili] + +* Fix empty meta field. [Deborah Servili] + +* Add MITRE Galaxies V2.0. [Deborah Servili] + +* Add botnet galaxy to readme. [Deborah Servili] + +* Create botnet galaxy. [Deborah Servili] + +* Add ShurL0ckr ransomware. [Deborah Servili] + +* Add synonym and ref for Emissary Panda (Iron Tiger APT) [Deborah Servili] + +* Jq. [Deborah Servili] + +* Complete gandcrab. [Deborah Servili] + +* Add gandcrap ransomware + update references. [Deborah Servili] + +* Merge branch 'Kafeine-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Kafeine/misp-galaxy into Kafeine-master. [Alexandre Dulaunoy] + +* ~Sakura description. [Kafeine] + +* +SPL Exploit Kit, ~Grandsoft. [Kafeine] + +* BlackTDS added. [Kafeine] + +* Merge pull request #153 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Smominru + +* Add Smominru. [Deborah Servili] + +* Merge pull request #152 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add CrossRat + +* Add CrossRat. [Deborah Servili] + +* Add ref to Nexus Zeta. [Alexandre Dulaunoy] + +* Add: Nexus Zeta is no stranger when it comes to implementing SOAP relatedrelated exploit ;-) [Alexandre Dulaunoy] + +* Add: Matsuta IoT botnet added. [Alexandre Dulaunoy] + +* Merge pull request #151 from danielplohmann/dark-caracal. [Alexandre Dulaunoy] + + adding dark caracal + +* Adding dark caracal. [Daniel Plohmann] + +* Merge pull request #150 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Digmine + +* Add Digmine. [Deborah Servili] + +* Merge pull request #149 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add downAndExec + +* Add downAndExec. [Deborah Servili] + +* Merge pull request #148 from Delta-Sierra/master. [Deborah Servili] + + add travle/PYLOT + +* Add travle/PYLOT. [Deborah Servili] + +* Merge pull request #147 from Delta-Sierra/master. [Deborah Servili] + + fix forgotten value Microcin + +* Fix forgotten value Microcin. [Deborah Servili] + +* Merge pull request #146 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add macOS malwares + +* Add macOS malwares. [Deborah Servili] + +* Merge pull request #145 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add monero miner + +* Add monero miner. [Deborah Servili] + +* Merge pull request #144 from Delta-Sierra/master. [Alexandre Dulaunoy] + + rename files + update README.md + +* Rename files + update README.md. [Deborah Servili] + +* Merge pull request #143 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New galaxy Branded Vulnerability + +* New galaxy Branded Vulnerability. [Deborah Servili] + +* Add in preventive measures: blacklisting phone numbers. [Alexandre Dulaunoy] + +* Merge pull request #142 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add SedKit + +* Jqallthethings. [Deborah Servili] + +* Update Sofacy tools. [Deborah Servili] + +* Modify SedKit description. [Deborah Servili] + +* Add SedKit. [Deborah Servili] + +* Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add "Power"tools + +* Add "Power"tools. [Deborah Servili] + +* Merge pull request #140 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add satori (Mirai Variant) + +* Add satori (Mirai Variant) [Deborah Servili] + +* Merge pull request #139 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update Android galaxy + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #138 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add source for NewCore RAT + +* Merge pull request #137 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update OilRig threat actor + +* Merge pull request #136 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add OSX.Pirrit + +* Add PRILEX & CUTLET MAKER. [Deborah Servili] + +* Add GratefulPOS. [Deborah Servili] + +* Update Android galaxy. [Deborah Servili] + +* Add source for NewCore RAT. [Deborah Servili] + +* Update OilRig threat actor. [Deborah Servili] + +* Add file spider ransomware. [Deborah Servili] + +* Add OSX.Pirrit. [Deborah Servili] + +* TRISIS is the main name of TRITON as discussed in https://twitter.com/DragosInc/status/941355602512613381. [Alexandre Dulaunoy] + +* TRITON added. [Alexandre Dulaunoy] + +* Merge pull request #135 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Quant Loader + +* Add SSHDoor. [Deborah Servili] + +* Add cryptomix variant. [Deborah Servili] + +* Add Quant Loader. [Deborah Servili] + +* Merge pull request #134 from Delta-Sierra/master. [Deborah Servili] + + Add MoneyTaker + +* Add MoneyTaker. [Deborah Servili] + +* Update threat actor galaxy. [Deborah Servili] + +* Merge pull request #133 from Delta-Sierra/master. [Deborah Servili] + + add source for BankBot + +* Add source for BankBot. [Deborah Servili] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-galaxy into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Jq. [Deborah Servili] + +* Add malware/ransomwares. [Deborah Servili] + +* Merge conflict solved - wp-vcd added. [Alexandre Dulaunoy] + +* StrongPity2 added. [Alexandre Dulaunoy] + +* Merge pull request #131 from Delta-Sierra/master. [Deborah Servili] + + add SLocker + +* Add SLocker. [Deborah Servili] + +* Merge pull request #130 from Delta-Sierra/master. [Deborah Servili] + + add HC7 ransomware + +* Add HC7 ransomware. [Deborah Servili] + +* Merge pull request #129 from Delta-Sierra/master. [Deborah Servili] + + add StorageCrypt Ransomware + +* Add StorageCrypt Ransomware. [Deborah Servili] + +* Merge pull request #128 from Delta-Sierra/master. [Deborah Servili] + + add Halloware ransomware + +* Add Halloware ransomware. [Deborah Servili] + +* Merge pull request #127 from Delta-Sierra/master. [Deborah Servili] + + update cryptomix + +* Update cryptomix. [Deborah Servili] + +* Add: Tizi malware added. [Alexandre Dulaunoy] + +* Merge pull request #126 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add UBoatRAT + +* Add UBoatRAT. [Deborah Servili] + +* Merge pull request #125 from Delta-Sierra/master. [Raphaël Vinot] + + update ROKRAT + +* Update ROKRAT. [Deborah Servili] + +* Merge pull request #124 from Delta-Sierra/master. [Deborah Servili] + + cryptomix - update + +* Cryptomix - update. [Deborah Servili] + +* Merge pull request #123 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add IcedID banker + +* Add IcedID banker. [Deborah Servili] + +* Merge pull request #122 from Delta-Sierra/master. [Deborah Servili] + + cryptomix - merge duplicates and update + +* Cryptomix - add ransomnotes. [Deborah Servili] + +* Cryptomix - merge duplicates and update. [Deborah Servili] + +* Merge pull request #121 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Ordinypt + +* Add Ordinypt. [Deborah Servili] + +* Merge pull request #120 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update tool galaxy + +* Jq. [Deborah Servili] + +* Update tool galaxy. [Deborah Servili] + +* Merge pull request #119 from steffenenders/patch-1. [Alexandre Dulaunoy] + + Fixed mixed up description/value for MuddyWater + +* Fixed mixed up description/value for MuddyWater. [steffenenders] + +* Merge pull request #118 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add MuddyWater + Update HIDDEN COBRA and update its tools + +* Add MuddyWater + Update HIDDEN COBRA and update its tools. [Deborah Servili] + +* Merge pull request #117 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Silence Trojan + +* Add Silence Trojan. [Deborah Servili] + +* Merge pull request #116 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Fix typo + +* Update version number. [Deborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #115 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ALMA Communicator + +* Merge pull request #114 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Sowbug group + +* Merge pull request #113 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add sector vocabulary + +* Merge pull request #112 from Delta-Sierra/master. [Deborah Servili] + + update Felismus RAT + +* Merge pull request #111 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Fix README.md AGAIN + +* Fix typo - Spaaaace~ [Deborah Servili] + +* Add ALMA Communicator. [Deborah Servili] + +* Add Sowbug group. [Deborah Servili] + +* Add sector vocabulary. [Deborah Servili] + +* Update Falismus RAT. [Deborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #110 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Fix README.md + +* ##comma## AGAIN. [Deborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #108 from sbrom/master. [Alexandre Dulaunoy] + + Updated with data from APT Groups and Operations + +* Merge pull request #4 from frbor/fix-iso-code-3. [sbrom] + + Fix iso codes + +* Fix-iso-code-3. [Fredrik Borg] + +* Fix iso codes. [Fredrik Borg] + +* Merge pull request #2 from frbor/master. [sbrom] + + Remove duplicate references + +* Merge branch 'fix-duplicates' [Fredrik Borg] + +* Remove duplicate references. [Fredrik Borg] + +* Merge pull request #1 from frbor/master. [sbrom] + + Replace tab with space and add newline at end of file + +* Replace tab with space and add newline at end of file. [Fredrik Borg] + +* Updated with data from APT Groups and Operations. [Siri Bromander] + +* Merge pull request #109 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update README + +* ##comma## [Deborah Servili] + +* Update README. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #107 from frbor/iso-codes. [Raphaël Vinot] + + Use standard (2 digits) ISO codes for all countries + +* Bump version number. [Fredrik Borg] + +* Use standard (2 digits) ISO codes for all countries. [Fredrik Borg] + +* Update banker galaxy. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Merge pull request #106 from Delta-Sierra/master. [Deborah Servili] + + add htpRAT + +* Add htpRAT. [Deborah Servili] + +* Merge pull request #105 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add dimnie + +* Add dimnie. [Deborah Servili] + +* Merge pull request #104 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ttp-categories descriptions + +* Add ttp-categories descripiions. [Deborah Servili] + +* Merge pull request #103 from Delta-Sierra/master. [Deborah Servili] + + add Formbook + +* Fix typo. [Deborah Servili] + +* Add Formbook. [Deborah Servili] + +* Cosmetic updates. [Raphaël Vinot] + +* Deduplicate Android cluster. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Merge pull request #102 from Delta-Sierra/master. [Alexandre Dulaunoy] + + delete x_ prefix from mitre_attack_pattern + +* Jq. [Deborah Servili] + +* Add galaxy icon to mitre-cti tools & regenerate galaxies. [Deborah Servili] + +* Delete x_ prefix from mitre_attack_pattern. [Deborah Servili] + +* Add android and banker galaxies. [Raphaël Vinot] + +* Remove the executable flag from the json files, again. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Merge pull request #101 from Delta-Sierra/master. [Deborah Servili] + + add BadRabbit ransomware + +* Add BadRabbit ransomware. [Deborah Servili] + +* Merge pull request #100 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cert EU govsectors galaxy + +* Update README.md. [Deborah Servili] + +* Add cert EU govsectors galaxy. [Deborah Servili] + +* Merge pull request #99 from Delta-Sierra/master. [Deborah Servili] + + typo + +* Typo. [Deborah Servili] + +* SOCKET23 RAT added. [Alexandre Dulaunoy] + +* JadeRAT added. [Alexandre Dulaunoy] + +* Merge pull request #98 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cert-eu based vocabularies + +* Jq. [Deborah Servili] + +* Add IoT_reaper. [Deborah Servili] + +* Delete duplicate. [Deborah Servili] + +* Add cert-eu based vocabularies. [Deborah Servili] + +* Jq all the things. [Alexandre Dulaunoy] + +* Merge pull request #97 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add synonym in tool galaxy + +* Add synonym in tool galaxy. [Deborah Servili] + +* Merge pull request #96 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cert EU's motive vocabulary + +* ##comma## [Deborah Servili] + +* Add cert EU's motive vocabulary. [Deborah Servili] + +* Merge pull request #95 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add sectors galaxy + +* Add sectors galaxy. [Deborah Servili] + +* Merge pull request #94 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add lukitus extension to Locky + +* Add lukitus ransomnote to Locky. [Deborah Servili] + +* Add lukitus extension to Locky. [Deborah Servili] + +* Merge pull request #93 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add year of apparition for Rats + fixing some typos + +* Fix typo. [Deborah Servili] + +* Add year of apparition for Rats + fixing some typos. [Deborah Servili] + +* Merge pull request #92 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Remote Access/Administration Tools + +* Jq. [Deborah Servili] + +* Add Remote Access/Administration Tools. [Deborah Servili] + +* Merge pull request #91 from danielplohmann/apt33. [Alexandre Dulaunoy] + + add APT33 as identified by FireEye + +* Add APT33 as identified by FireEye. [Daniel Plohmann] + +* Schema updated to include icon field. [Alexandre Dulaunoy] + +* As now everything is in the Blockchain, ransomware are too. [Alexandre Dulaunoy] + +* Icons for the grand Master who is redesigning the overall graphical view. [Alexandre Dulaunoy] + +* Merge pull request #90 from Delta-Sierra/master. [Deborah Servili] + + add Adwind RAT synonyms + +* Add Adwind RAT synonyms. [Deborah Servili] + +* Fix typo. [Deborah Servili] + +* Merge pull request #89 from Delta-Sierra/master. [Deborah Servili] + + add SyncCrypt Ransomwar + +* Add SyncCrypt Ransomwar. [Deborah Servili] + +* Merge pull request #88 from Delta-Sierra/master. [Deborah Servili] + + add SynAck Ransomware + +* Add SynAck Ransomware ransomnote's name. [Deborah Servili] + +* Add SynAck Ransomware. [Deborah Servili] + +* Merge pull request #87 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add tools and rat + +* Fix typo~ [Deborah Servili] + +* Add tools and rat. [Deborah Servili] + +* Remove the executable flag from the json files. [Raphaël Vinot] + +* JQ all the things. [Raphaël Vinot] + +* Fixed with jq ;-) [Alexandre Dulaunoy] + +* Merge pull request #86 from Kafeine/master. [Alexandre Dulaunoy] + + Up EK and TDS + +* Merge branch 'master' into master. [Kafeine] + +* Merge pull request #85 from Delta-Sierra/master. [Deborah Servili] + + add ransomwares + +* Add ransomwares. [Deborah Servili] + +* Merge pull request #84 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add fireball malware + +* Add fireball malware. [Deborah Servili] + +* Merge pull request #83 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Joao malware + +* Add Joao malware. [Deborah Servili] + +* EngineBox malware added. [Alexandre Dulaunoy] + +* Adversarial Tactics, Techniques & Common Knowledge from MITRE ATT&CK added. [Alexandre Dulaunoy] + +* Merge pull request #82 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update mitre galaxies and scripts + +* Jq. [Deborah Servili] + +* Update mitre galaxies. [Deborah Servili] + +* Script mitre - version given as an input + renaming. [Deborah Servili] + +* Merge pull request #81 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Fixed some issues with a misnamed galaxy - script + +* Fixed some issues with a misnamed galaxy - script. [Deborah Servili] + +* Fixed some issues with a misnamed galaxy. [iglocska] + +* Merge pull request #80 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add mitre based galaxies + +* Version is integer. [Deborah Servili] + +* Put uuid as meta. [Deborah Servili] + +* New generation of mitre galaxies. [Deborah Servili] + +* Fix mitre-cti script - replace 'name' by 'value' [Deborah Servili] + +* Add mitre based galaxies. [Deborah Servili] + +* Asciidoctor-pdf is now stable. [Alexandre Dulaunoy] + +* Documentation generator added. [Alexandre Dulaunoy] + +* Merge pull request #79 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK + +* Add scripts to create galaxy from https://github.com/mitre/cti/tree/master/ATTACK - still under testing. [Deborah Servili] + +* Fix space typo. [Deborah Servili] + +* Merge pull request #78 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add GlobeImposter synonym + +* Type is array -shh I'm bad with the format, I know. [Deborah Servili] + +* Type is meta. [Deborah Servili] + +* Jq~ [Deborah Servili] + +* Add/update tool galaxy. [Deborah Servili] + +* Add GlobeImposter synonym. [Deborah Servili] + +* Merge pull request #75 from Delta-Sierra/master. [Raphaël Vinot] + + add svpeng tool + +* Jq. [Deborah Servili] + +* Merge branch 'master' into master. [Deborah Servili] + +* Try to merge 'CowerSnail added' [Deborah Servili] + +* Add svpeng tool. [Deborah Servili] + +* Merge pull request #77 from danielplohmann/fin7. [Raphaël Vinot] + + added FIN7 as alias for anunak + +* Added FIN7 as alias for anunak. [Daniel Plohmann] + +* Merge pull request #76 from danielplohmann/axiom-merge. [Raphaël Vinot] + + merged barium into axiom (only one redundant reference given) + +* Merged barium into axiom (only one redundant reference given) [Daniel Plohmann] + +* CowerSnail added. [Alexandre Dulaunoy] + +* Remove duplicates. [Raphaël Vinot] + +* Merge pull request #74 from Delta-Sierra/master. [Raphaël Vinot] + + adding clusters based on MISP data + +* Clean tool.json. [Deborah Servili] + +* Update Spring Dragon threat actor. [Deborah Servili] + +* Adding clusters based on MISP data. [Deborah Servili] + +* Add missing name XtremeRAT. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Raphaël Vinot] + +* Add validators for vocabularies and misp. [Raphaël Vinot] + +* Remove empty string. [Raphaël Vinot] + +* Add new entries in meta key. [Raphaël Vinot] + +* Remove duplicates. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #73 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cerber synonym + +* Add cerber synonym. [Deborah Servili] + +* Cobalt gang added. [Alexandre Dulaunoy] + +* El Machete added. [Alexandre Dulaunoy] + +* Merge pull request #72 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add synonym for ammyyadmin + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #71 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add SOREBRECT ransomware + +* Add synonym for ammyyadmin. [Deborah Servili] + +* Add SOREBRECT ransomware. [Deborah Servili] + +* Jq all ;-) [Alexandre Dulaunoy] + +* Merge pull request #70 from jaimeblasco/master. [Alexandre Dulaunoy] + + Added FIN8 actor + +* Added FIN8 actor. [Jaime] + +* Merge pull request #69 from Delta-Sierra/master. [Alexandre Dulaunoy] + + alwaaays moooore RAT + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #68 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add rats + +* Alwaaays moooore RAT. [Deborah Servili] + +* Add rats from https://www.lifewire.com/free-remote-access-software-tools-2625161. [Deborah Servili] + +* Add rats. [Deborah Servili] + +* Validation added. [Alexandre Dulaunoy] + +* Jq. [Alexandre Dulaunoy] + +* Merge pull request #67 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add some rats and tools + +* Add some rats sand tools. [Deborah Servili] + +* Merge pull request #66 from elhoim/patch-2. [Alexandre Dulaunoy] + + Added Symantec alias for sofacy + +* Added Symantec alias for sofacy. [David André] + +* Merge pull request #65 from danielplohmann/hidden-cobra-lazarus. [Alexandre Dulaunoy] + + added Hidden Cobra as alias for Lazarus Group + +* Merge branch 'master' into hidden-cobra-lazarus. [danielplohmann] + +* Merge pull request #64 from danielplohmann/threat-actor-electrum. [Alexandre Dulaunoy] + + Threat actor electrum + +* Added ELECTRUM to threat-actor.json (afaik not confirmed as an alias atm) [Daniel Plohmann] + +* Added PLATINUM to threat-actor.json (afaik not confirmed as an alias atm) [Daniel Plohmann] + +* Added Hidden Cobra as alias for Lazarus Group. [Daniel Plohmann (jupiter)] + +* Merge pull request #62 from Delta-Sierra/master. [Raphaël Vinot] + + update rat galaxy + +* Merge https://github.com/MISP/misp-galaxy. [Deborah Servili] + +* Merge pull request #58 from danielplohmann/wildneutron. [Alexandre Dulaunoy] + + added WildNeutron (Morph, Butterfly, Sphinx Moth) + +* Added WildNeutron (Morph, Butterfly, Sphinx Moth) [Daniel Plohmann (jupiter)] + +* Merge pull request #61 from Delta-Sierra/master. [Alexandre Dulaunoy] + + edit threat actor - should fix #59 and #60 + +* Update rat. [Deborah Servili] + +* Edit threat actor - should fix #59 and #60. [Deborah Servili] + +* Merge pull request #56 from elhoim/patch-1. [Alexandre Dulaunoy] + + Added synonyms for APT10 and one for APT1 + +* Added synonyms for APT10 and one for APT1. [David André] + +* RAT added. [Alexandre Dulaunoy] + +* Merge pull request #57 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add rat galaxy + +* Jq. [Deborah Servili] + +* Add RAT listed in https://github.com/kevthehermit/RATDecoders. [Deborah Servili] + +* Add rat galaxy. [Deborah Servili] + +* SilverTerrier added. [Alexandre Dulaunoy] + +* Jq all. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #54 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Uiwik ransomware + +* Jq 'n ##COMMA## [Deborah Servili] + +* Add Uiwik ransomware. [Deborah Servili] + +* Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add synonym - half done + +* Add synonym and cleaning. [Deborah Servili] + +* Merge hiddentear & cryptear data. [Deborah Servili] + +* Add synonym - half done. [Deborah Servili] + +* Add synonym - step 1. [Deborah Servili] + +* Merge pull request #52 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add synonym to hancitor + +* Add synonym to hancitor. [Deborah Servili] + +* Merge pull request #51 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add jaff Ransomware + +* Add jaff Ransomwarejq-ed. [Deborah Servili] + +* Add jaff Ransomware. [Deborah Servili] + +* Emotet/Geodo added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #50 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Update ransomware galaxy - possible duplicate + +* Property requirement updated. [Deborah Servili] + +* Update Wannacry ransomware. [Deborah Servili] + +* Make it mergable (try to) [Deborah Servili] + +* Update ransomware galaxy - possible duplicate. [Déborah Servili] + +* Remove duplicate ref. [Alexandre Dulaunoy] + +* Input from Deborah incorporated. [Alexandre Dulaunoy] + +* APT32 added. [Alexandre Dulaunoy] + +* WannaCry added. [Alexandre Dulaunoy] + +* PDF added. [Alexandre Dulaunoy] + +* Fixed the double trailing dot. [Alexandre Dulaunoy] + +* Add meaningful infobox. [Alexandre Dulaunoy] + +* A tool to convert MISP Galaxy Cluster into an asciidoctor document. [Alexandre Dulaunoy] + +* Kazuar: Multiplatform Espionage Backdoor with API Access added. [Alexandre Dulaunoy] + +* Duplicate references removed. [Alexandre Dulaunoy] + +* Merge pull request #49 from Delta-Sierra/master. [Alexandre Dulaunoy] + + reformat ransomware galaxy + +* Add source to please the schema~ [Déborah Servili] + +* Change sources for authors. [Déborah Servili] + +* Jq on ransomware. [Déborah Servili] + +* Managing duplicate. [Déborah Servili] + +* Managing duplicate. [Déborah Servili] + +* Reformat ransomware galaxy - including http://pastebin.com/raw/GHgpWjar. [Déborah Servili] + +* Reformat ransomware galaxy. [Déborah Servili] + +* Additional properties allowed on the meta part. [Alexandre Dulaunoy] + +* REDLEAVES malware added. [Alexandre Dulaunoy] + +* Merge pull request #48 from Delta-Sierra/master. [Raphaël Vinot] + + add Cardinal RAT + +* Update tools. [Déborah Servili] + +* Feodo added. [Alexandre Dulaunoy] + +* FlexiSpy. [Alexandre Dulaunoy] + +* Shadow broker leak of NSA tools from https://github.com/misterch0c/shadowbroker. [Alexandre Dulaunoy] + +* First batch of shadow broker leak (NSA name of exploit and tools) from https://github.com/misterch0c/shadowbroker. [Alexandre Dulaunoy] + +* Jq all. [Alexandre Dulaunoy] + +* Merge pull request #40 from Kafeine/master. [Alexandre Dulaunoy] + + Updated. + +* Merge pull request #47 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add synonyms for Da Vinci RCS + +* Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add some tools/threat actor + +* Add Cardinal RAT. [Déborah Servili] + +* Add synonyms for Da Vinci RCS. [Déborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* Merge pull request #45 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html + +* ##comma## [Déborah Servili] + +* Add some tools/threat actor. [Déborah Servili] + +* Correct copypasta mistake. [Déborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* Merge pull request #44 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Update tool's galaxy + +* Add tools from https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html. [Déborah Servili] + +* Update tool. [Déborah Servili] + +* Json fix. [Déborah Servili] + +* Update tool's galaxy using http://contagiodump.blogspot.lu/2013/03/mandiant-apt1-samples-categorized-by.html. [Déborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* Longhorn (CIA) added. [Alexandre Dulaunoy] + +* Sathurbot added. [Alexandre Dulaunoy] + +* The product from NSO Group Technologies added to the list of tools. [Alexandre Dulaunoy] + + The Pegasus name is used as synonym of Chrysaor ;-) + +* The mysterious ZIRCONIUM activity group added. [Alexandre Dulaunoy] + +* Merge pull request #43 from nyx0/master. [Alexandre Dulaunoy] + + Add new Sednit name + +* Add new Sednit name according to https://www.secureworks.com/research/iron-twilight-supports-active-measures. [nyx0] + +* Trochilus and MoonWind RATs added. [Alexandre Dulaunoy] + +* KHRAT added. [Alexandre Dulaunoy] + +* Merge pull request #42 from chrisdoman/master. [Alexandre Dulaunoy] + + Added descriptions and reference to threat-actor json + +* Added descriptions and reference to threat-actor json. [chrisdoman] + +* JQ all. [Alexandre Dulaunoy] + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* +WhiteHole +ref for Disdain. [Kafeine] + +* +disdain+captainblack-Neutrino. [Kafeine] + +* Update exploit-kit.json. [Kafeine] + +* Fix. [Kafeine] + +* +Bingo -- Hunter > Retired. [Kafeine] + +* Update tds.json. [Kafeine] + +* Fix. [Kafeine] + +* Update Terror. [Kafeine] + +* Updated. [Kafeine] + + Blaze <-> Terror - Updated Sundown and Nebula status + +* Merge branch 'master' into master. [Raphaël Vinot] + +* JQ all the things. [Raphaël Vinot] + +* Merge pull request #41 from CERT-Bund/patch-1. [Raphaël Vinot] + + Added groups, joined groups, added synonyms (see extended description) + +* Fix typo. [Raphaël Vinot] + +* Added groups, joined groups, added synonyms (see extended description) [CERT-Bund] + +* IMEIJ added. [Alexandre Dulaunoy] + +* Missing \n at the end of the file. [Alexandre Dulaunoy] + +* Merge pull request #38 from chrisdoman/master. [Alexandre Dulaunoy] + + Added references + +* Ran jq. [Chris Doman] + +* Added references. [Chris Doman] + + Mostly added references to existing groups + Capitalised DarkHotel, put a space in APT30 default name (the others + had that) + +* Add: Gamaredon Group added. [Alexandre Dulaunoy] + +* Merge pull request #37 from cvandeplas/master. [Christophe Vandeplas] + + minor correction + +* Minor correction. [Christophe Vandeplas] + +* Merge pull request #36 from Th4nat0s/gutembergII. [Alexandre Dulaunoy] + + Gutemberg II + +* Remove duplicate of ratdecode import. [Thanat0s] + +* Add a bunch of rat from ratdecoder list. [Thanat0s] + +* Pimp Epic turla. [Thanat0s] + +* Pimp and agreggate turla. [Thanat0s] + +* Somes alias fetch from : https://attack.mitre.org/wiki/Groups. [Thanat0s] + +* Pimp comrat. [Thanat0s] + +* Pimp xneteagle. [Thanat0s] + +* Pimp xscontrol. [Thanat0s] + +* Update Xagent from aptnote Bitdefender-Whitepaper-APT-Mac-A4-en-EN-web(02-23-2017) [Thanat0s] + +* Pimp lecna/Backspace. [Thanat0s] + +* Pimp lecna/Backspace. [Thanat0s] + +* Pimp RarStone. [Thanat0s] + +* Pimp Pirpi. Hard to say:) [Thanat0s] + +* Pimp webc2. [Thanat0s] + +* Pimp winnti. [Thanat0s] + +* Pimp nettraveler. [Thanat0s] + +* Cleanup zeus duplicate in alias and name. [Thanat0s] + +* Update apt28 tools. [Thanat0s] + +* Remove duplicate AlienSpy. [Thanat0s] + +* Merge pull request #32 from Th4nat0s/donokilljson. [Alexandre Dulaunoy] + + modify validators to check json an format, stop on any error + +* Block by default, but usable anyway with param. [Thanat0s] + +* Modify validators to check json an format, stop on any error. [Thanat0s] + +* Merge pull request #30 from Th4nat0s/gutemberg. [Alexandre Dulaunoy] + + Gutemberg work.. + +* Add info to the famous mimikatz. [Thanat0s] + +* Add moudor info. [Thanat0s] + +* Add Tinba banking. [Thanat0s] + +* Udpate trojan.main. [Thanat0s] + +* Update evilgrab. [Thanat0s] + +* Remove coreshell duplicate. [Thanat0s] + +* Add derusbi. [Thanat0s] + +* Merge IEchecker et sasfi. [Thanat0s] + +* Go for caro, add hi-zor. [Thanat0s] + +* Fix side victims of schemaupdate. [Thanat0s] + +* Update 2 array. [Thanat0s] + +* Go 4 string. [Thanat0s] + +* Follow the format. [Thanat0s] + +* Json typo. [Thanat0s] + +* Locky removed > ransomware. [Thanat0s] + +* Json issue. [Thanat0s] + +* Generic plugx names. [Thanat0s] + +* Update. [Thanat0s] + +* Remove JOYRat -> team -> https://www.crowdstrike.com/blog/whois-numbered-panda/ [Thanat0s] + +* Remove Lstudio (group using elise) , add info to PWOBOT. [Thanat0s] + +* Remove EK and Ransomwares. [Thanat0s] + +* Gutemberg on first 10. [Thanat0s] + +* Merge pull request #33 from Th4nat0s/checkdup. [Alexandre Dulaunoy] + + Tool to find duplicate + +* Add tool to find duplicate. [Thanat0s] + +* PupyRAT added. [Alexandre Dulaunoy] + +* Strict schema, update clusters accordingly. [Raphaël Vinot] + +* Add validator for galaxies. [Raphaël Vinot] + +* Fix validation, remove duplicate. [Raphaël Vinot] + +* Initial Json schema. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #29 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Erebus ransomware + +* Add Erebus ransomware. [Déborah Servili] + +* Merge pull request #28 from Kafeine/master. [Alexandre Dulaunoy] + + Added Microsoft Naming + +* StreamEX added. [Alexandre Dulaunoy] + +* ZeroT added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #26 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Change author name to 'Various' + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* Change author name to 'Various' [Déborah Servili] + +* Flokibot added. [Alexandre Dulaunoy] + +* Merge pull request #25 from Delta-Sierra/master. [Alexandre Dulaunoy] + + ransomware galaxy + +* Fix galaxy ##comma## [Déborah Servili] + +* Ransomware galaxy. [Déborah Servili] + +* Merge pull request #24 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ransomware galaxy + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* Merge pull request #23 from Delta-Sierra/master. [Alexandre Dulaunoy] + + improve csv_to_galaxy + +* Merge pull request #22 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add csv to galaxy converter + +* Add ransomware galaxy. [Déborah Servili] + +* Improve csv_to_galaxy 2. [Déborah Servili] + +* Improve csv_to_galaxy. [Déborah Servili] + +* Merge https://github.com/MISP/misp-galaxy. [Déborah Servili] + +* Merge pull request #20 from cgi1/master. [Alexandre Dulaunoy] + + Adding Zeus to tools + +* Adding Zeus to tools. [cgi] + +* Greenbug added. [Alexandre Dulaunoy] + +* Tavdig was missing. [Alexandre Dulaunoy] + +* LuminosityLink RAT added. [Alexandre Dulaunoy] + +* EyePyramid added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #18 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add APT28's tools + +* GhostAdmin added. [Alexandre Dulaunoy] + +* Add csv to galaxy converter. [Déborah Servili] + +* Add APT28's tools. [Déborah Servili] + +* Equation Group added. [Alexandre Dulaunoy] + +* "the shoemaker's son always goes barefoot" Regin added. [Alexandre Dulaunoy] + +* Merge pull request #17 from Delta-Sierra/master. [Alexandre Dulaunoy] + + begin preventive-measure galaxy + +* Complete preventive-measure. [Déborah Servili] + +* Begin preventive-measure galaxy. [Déborah Servili] + +* Shamoon added. [Alexandre Dulaunoy] + +* Import manually cert-eu contribution. [Alexandre Dulaunoy] + + - Fix the meta attributes (like the motive field ) to be within meta and not + outside + - Remove some "null" values that seems to come from previous tests + - Pretty-print the Javascript (better for diffing) + +* MM Core added. [Alexandre Dulaunoy] + +* Shiz Trojan + Shifu. [Alexandre Dulaunoy] + +* GeminiDuke added. [Alexandre Dulaunoy] + +* Separate APT30 from Naikon group. [Alexandre Dulaunoy] + +* PassCV group added. [Alexandre Dulaunoy] + +* Cadelle and Chafer groups added. [Alexandre Dulaunoy] + +* Exploit-kit and TDS added. [Alexandre Dulaunoy] + +* Merge pull request #15 from Kafeine/master. [Alexandre Dulaunoy] + + Exploit Kit and TDS Galaxies + +* Empire status, Nebula, Blaze/Terror. [Kafeine] + +* +Pangimop, alias Microsoft for magnitude. [Kafeine] + +* Fix. [Kafeine] + +* +Derbit alias for Sundown. [Kafeine] + +* Indent. [Kafeine] + +* Added Microsoft Naming. [root] + +* TDS Cluster: EOF. [root] + +* EK and TDS clusters : several minor fixes. [root] + +* EK and TDS clusters : Removed empty entries. [root] + +* TDS Cluster: json fix. [root] + +* EK Cluster : several fixes. [root] + +* EK Cluster typo fix. [root] + +* EK Cluster update. [root] + +* EK galaxie. [root] + +* Mwi added. [root] + +* Init. [root] + +* Clarification regarding the contribution and the different models. [Alexandre Dulaunoy] + +* Various updates including the addition of Chthonic Banking Trojan. [Alexandre Dulaunoy] + +* Packrat added. [Alexandre Dulaunoy] + +* DownRage added. [Alexandre Dulaunoy] + +* Java RAT updated. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #14 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update readme + +* Update readme. [Déborah Servili] + +* Merge pull request #13 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Add microsoft-activity-group cluster + +* ##comma## [Déborah Servili] + +* Add microsoft-activity-group cluster. [Déborah Servili] + +* Seaduke added. [Alexandre Dulaunoy] + +* MISP integration added. [Alexandre Dulaunoy] + +* MISP galaxy screenshot. [Alexandre Dulaunoy] + +* Operation Iron Tiger added as synonym. [Alexandre Dulaunoy] + +* Molerats, PROMETHIUM and NEODYMIUM added. [Alexandre Dulaunoy] + +* BlackEnergy malware family added. [Alexandre Dulaunoy] + +* TeleBots group added. [Alexandre Dulaunoy] + +* TERBIUM added. [Alexandre Dulaunoy] + +* Mirai and BASHLITE added. [Alexandre Dulaunoy] + +* Links fixed. [Alexandre Dulaunoy] + +* Added missing file. [Iglocska] + +* Threat-actor fixed. [Alexandre Dulaunoy] + +* Singular everywhere. [Alexandre Dulaunoy] + +* Singular everywhere. [Alexandre Dulaunoy] + +* Singular everywhere. [Alexandre Dulaunoy] + +* Singular everywhere. [Alexandre Dulaunoy] + +* Structure ready for MISP 2.4.56. [Alexandre Dulaunoy] + +* Fixed to merge PR #11. [Alexandre Dulaunoy] + +* Meta added as required by MISP 2.4.56. [Alexandre Dulaunoy] + +* Source added as required by MISP 2.4.56. [Alexandre Dulaunoy] + +* Source field added as required to MISP 2.4.56. [Alexandre Dulaunoy] + +* Add a source field for the clusters (required for MISP 2.4.56) [Alexandre Dulaunoy] + +* Merge pull request #10 from cvandeplas/master. [Alexandre Dulaunoy] + + Metushy, Uroburos, Pfinet synonyms added + +* Metushy, Uroburos, Pfinet synonyms added. [Christophe Vandeplas] + +* Yahoyah added. [Alexandre Dulaunoy] + +* Tropic Trooper added. [Alexandre Dulaunoy] + +* KeyBoy malware added. [Alexandre Dulaunoy] + +* Merge pull request #9 from cvandeplas/master. [Alexandre Dulaunoy] + + added Callisto threat actor, and removed duplicates + +* Added Callisto. [Christophe Vandeplas] + +* Removed duplicates. [Christophe Vandeplas] + +* Merge pull request #7 from cvandeplas/master. [Alexandre Dulaunoy] + + Added Rocket Kitten + +* Added Rocket Kitten. [Christophe Vandeplas] + +* Description added for Volatile Cedar. [Alexandre Dulaunoy] + +* Explosive malware added. [Alexandre Dulaunoy] + +* Volatile Cedar added. [Alexandre Dulaunoy] + +* OilRig added. [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/MISP/misp-galaxy. [Iglocska] + +* Empire post-exploitation tool added. [Alexandre Dulaunoy] + +* Some small fixes. [Iglocska] + + - more uniform pluralisation + - Added display name fields + +* Plural it's plural (tm) [Alexandre Dulaunoy] + +* README updated to reflect the new structure. [Alexandre Dulaunoy] + +* Threat actors simplified (no more groups) it's already in the value field. [Alexandre Dulaunoy] + +* Tools added. [Alexandre Dulaunoy] + +* Merge pull request #6 from MISP/restructure. [Alexandre Dulaunoy] + + Restructure + +* Typo fixed. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Some small fixes. [Iglocska] + +* Some small changes. [Iglocska] + +* Moving things around. [Iglocska] + +* Merge pull request #5 from cvandeplas/master. [Alexandre Dulaunoy] + + adding additional threat-actor-tools + +* Minor correction. [Christophe Vandeplas] + +* Added additional threat-actor-tools. [Christophe Vandeplas] + +* Merged branch master into master. [Christophe Vandeplas] + +* Houdini added. [Alexandre Dulaunoy] + +* Corrected typo in njRAT synonym. [Christophe Vandeplas] + +* Removed empty synonym. [Christophe Vandeplas] + +* Odinaff added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #4 from cvandeplas/master. [Alexandre Dulaunoy] + + additional adversary groups + +* Additional adversary groups. [Christophe Vandeplas] + + Using as a source https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit + +* TeamXRat added. [Alexandre Dulaunoy] + +* StrongPity added (more refs required) [Alexandre Dulaunoy] + +* Libyan Scorpions added. [Alexandre Dulaunoy] + +* FIN6 added. [Alexandre Dulaunoy] + +* Suckfly added. [Alexandre Dulaunoy] + +* GCMAN added. [Alexandre Dulaunoy] + +* More synonyms. [Alexandre Dulaunoy] + +* TA530 added. [Alexandre Dulaunoy] + +* Dust storm added. [Alexandre Dulaunoy] + +* More synonyms added. [Alexandre Dulaunoy] + +* Lazagne tools added. [Alexandre Dulaunoy] + +* Pirpi reference added. [Alexandre Dulaunoy] + +* Buckeye added. [Alexandre Dulaunoy] + +* Gothic Panda updated. [Alexandre Dulaunoy] + +* Sauron versus Project Sauron (Kasperksy used both) [Alexandre Dulaunoy] + +* License (PD) added. [Alexandre Dulaunoy] + +* Umbreon added. [Alexandre Dulaunoy] + +* Turla synonym added. [Alexandre Dulaunoy] + +* Ozone RAT added. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* UUID added. [Alexandre Dulaunoy] + +* UUID added. [Alexandre Dulaunoy] + +* Mapping triples/machine tags with galaxy, clusters and so on. [Alexandre Dulaunoy] + +* Revert "Machine tags/triple tags mapping" [Alexandre Dulaunoy] + + This reverts commit 06e2372d6674f86e32c10216fcbf5e4ea3ee03f1. + +* Machine tags/triple tags mapping. [Alexandre Dulaunoy] + +* Make JSON key values inline with the other elements. [Alexandre Dulaunoy] + +* ProjectSauron added. [Alexandre Dulaunoy] + +* Badnews added. [Alexandre Dulaunoy] + +* Moonsoon added. [Alexandre Dulaunoy] + +* NANHAISHU added. [Alexandre Dulaunoy] + +* Threat Group-3390 added. [Alexandre Dulaunoy] + +* Moafee added. [Alexandre Dulaunoy] + +* DragonOK added. [Alexandre Dulaunoy] + +* Quedagh added. [Alexandre Dulaunoy] + +* Poseidon Group added. [Alexandre Dulaunoy] + +* Scarlet Mimic added. [Alexandre Dulaunoy] + +* Admin338 updated. [Alexandre Dulaunoy] + +* Turla is also known as Waterbug. [Alexandre Dulaunoy] + +* Prikormka malware added. [Alexandre Dulaunoy] + +* Operation Transparent Tribe added. [Alexandre Dulaunoy] + +* Crimson malwre added. [Alexandre Dulaunoy] + +* Mad Max malware added. [Alexandre Dulaunoy] + +* More references. [Alexandre Dulaunoy] + +* Chinastrats added. [Alexandre Dulaunoy] + +* HummingBad added. [Alexandre Dulaunoy] + +* Pacifier APT added. [Alexandre Dulaunoy] + +* More RU tools. [Alexandre Dulaunoy] + +* ScarCruft added. [Alexandre Dulaunoy] + +* ShimRAT added. [Alexandre Dulaunoy] + +* Darkhotel added. [Alexandre Dulaunoy] + +* IRONGATE added. [Alexandre Dulaunoy] + +* HDRoot added. [Alexandre Dulaunoy] + +* WINNTI reference updated. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* HerHer Trojan and Helminth Backdoor added. [Alexandre Dulaunoy] + +* Stealth Falcon added. [Alexandre Dulaunoy] + +* Hancitor and Ruckguv added. [Alexandre Dulaunoy] + +* Pretty-print of the adversary groups. [Alexandre Dulaunoy] + +* Lazarus group (KP) added. [Alexandre Dulaunoy] + +* NanoCore RAT added. [Alexandre Dulaunoy] + +* Lost Door RAT added. [Alexandre Dulaunoy] + +* SPIVY added. [Alexandre Dulaunoy] + +* Laziok added. [Alexandre Dulaunoy] + +* PWOBot added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Add Travis file (validate json files) [Raphaël Vinot] + +* Slempo added. [Alexandre Dulaunoy] + +* Timo Steffens contributed various refs, tools and actors. [Alexandre Dulaunoy] + +* PK actor added Operation C-Major. [Alexandre Dulaunoy] + +* Recommendation regarding the pull-request. [Alexandre Dulaunoy] + +* Backdoor.Dripion added. [Alexandre Dulaunoy] + +* Missing comma. [Christophe Vandeplas] + +* APT 4 synonyms added. [Alexandre Dulaunoy] + +* Snifula added. [Alexandre Dulaunoy] + +* More adversary tools. [Alexandre Dulaunoy] + +* More adversary tools added. [Alexandre Dulaunoy] + +* New synonyms and potential adversary groups. [Alexandre Dulaunoy] + +* More RATs added. [Alexandre Dulaunoy] + +* More RATs and description added. [Alexandre Dulaunoy] + +* Adversary tools added + some clarification. [Alexandre Dulaunoy] + +* Threat-actor tools added. [Alexandre Dulaunoy] + +* More adversaries tools. [Alexandre Dulaunoy] + +* First version of adversary tools. [Alexandre Dulaunoy] + +* Fix #3 - as black energy is sometimes mentioned as group (even if it seems to be more a campaign). [Alexandre Dulaunoy] + +* Nitro/CN added. [Alexandre Dulaunoy] + +* Codoso/CN added. [Alexandre Dulaunoy] + +* More IR. [Alexandre Dulaunoy] + +* More IR added. [Alexandre Dulaunoy] + +* Additional IR operation added. [Alexandre Dulaunoy] + +* SNOWGLOBE added. [Alexandre Dulaunoy] + +* New elements added. [Alexandre Dulaunoy] + +* Threat-actor-sophistication-vocabulary added. [Alexandre Dulaunoy] + +* The ThreatActorSophisticationVocab enumeration is used to define the default STIX vocabulary for expressing the subjective level of sophistication of a threat actor. [Alexandre Dulaunoy] + +* Threat actor type added. [Alexandre Dulaunoy] + +* Threat actor type vocabulary added. [Alexandre Dulaunoy] + +* Foxy Panda added. [Alexandre Dulaunoy] + +* Karma panda added. [Alexandre Dulaunoy] + +* New actors + refs added. [Alexandre Dulaunoy] + +* Planning-and-operational-support-vocabulary added. [Alexandre Dulaunoy] + +* The PlanningAndOperationalSupportVocab is the default STIX vocabulary for expressing the planning and operational support functions available to a threat actor. added. [Alexandre Dulaunoy] + +* Planning-and-operational-support-vocabulary added. [Alexandre Dulaunoy] + +* JSON beautified. [Alexandre Dulaunoy] + +* Description added. [Alexandre Dulaunoy] + +* More descriptions added. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* More adversaries... [Alexandre Dulaunoy] + +* Thomas added. [Alexandre Dulaunoy] + +* More groups. [Alexandre Dulaunoy] + +* Synonyms updates. [Alexandre Dulaunoy] + +* RU and CN updates. [Alexandre Dulaunoy] + +* More actors CN,TN and RU + synonyms. [Alexandre Dulaunoy] + +* CN group updated. [Alexandre Dulaunoy] + +* IR group added. [Alexandre Dulaunoy] + +* RU synonym of TeamSpy. [Alexandre Dulaunoy] + +* AE group added. [Alexandre Dulaunoy] + +* CN synonyms added + IR group. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-galaxy. [Alexandre Dulaunoy] + +* Merge pull request #1 from rotanid/patch-1. [Andras Iklody] + + fix small grammatical errors in README.md + +* Fix small grammatical errors in README.md. [Andreas Ziegler] + +* Certainty level added. [Alexandre Dulaunoy] + +* Certainty-level added. [Alexandre Dulaunoy] + +* Certainty level of an associated element or cluster added. [Alexandre Dulaunoy] + +* Adversary groups added. [Alexandre Dulaunoy] + +* APT groups renamed to adversary groups. [Alexandre Dulaunoy] + +* Deleted old APT groups. [Alexandre Dulaunoy] + +* Adversary groups instead of APT. [Alexandre Dulaunoy] + +* Adversary groups instead of APT. [Alexandre Dulaunoy] + +* Motivation vocabulary added. [Alexandre Dulaunoy] + +* Motivation vocabulary added. [Alexandre Dulaunoy] + +* The MotivationVocab is the default STIX vocabulary for expressing the motivation of a threat actor. [Alexandre Dulaunoy] + +* More CN-based groups. [Alexandre Dulaunoy] + +* More CN-based groups. [Alexandre Dulaunoy] + +* Some more CN actors. [Alexandre Dulaunoy] + +* More CN groups. [Alexandre Dulaunoy] + +* MISP distribution to be applied on cluster objects. [Alexandre Dulaunoy] + +* First explanation. [Alexandre Dulaunoy] + +* Some more CN groups. [Alexandre Dulaunoy] + +* More CN groups. [Alexandre Dulaunoy] + +* Groups array updated. [Alexandre Dulaunoy] + +* Description added + stix version reference. [Alexandre Dulaunoy] + +* More groups from RU. [Alexandre Dulaunoy] + +* Example of galaxy including a cluster which is default type where you can add as much element as you want. [Alexandre Dulaunoy] + + The elements are the default values known by MISP but a local + instance can add more or overwrite some elements. + + diff --git a/Changelog-misp-modules.txt b/Changelog-misp-modules.txt new file mode 100644 index 0000000..3ae0f4f --- /dev/null +++ b/Changelog-misp-modules.txt @@ -0,0 +1,5470 @@ +# Changelog + + +## v2.4.151 (2021-11-19) + +### New + +* [doc] Passive SSH documentation. [Alexandre Dulaunoy] + +### Changes + +* [py] Dependency bump. Works on buuntu 18.04.x. [Steve Clement] + +* [py] Pandas requirements update. [Steve Clement] + +* [documentation] updated. [Alexandre Dulaunoy] + +* [doc] updated. [Alexandre Dulaunoy] + +### Fix + +* [py] Dependency fix. [Steve Clement] + +* [mkdocs] updated configuration for version 5 of mkdocs. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #534 from SteveClement/main. [Steve Clement] + +* Merge pull request #533 from SteveClement/main. [Steve Clement] + +* Merge pull request #532 from SteveClement/main. [Steve Clement] + +* Merge pull request #529 from gallypette/main. [Alexandre Dulaunoy] + + passive-ssh expansion module + +* Merge branch 'MISP:main' into main. [Jean-Louis Huynen] + +* Merge pull request #528 from rderkachrf/rf_release_2_0. [Alexandre Dulaunoy] + + Release 2.0: Update Recorded future expansion module with the new data + +* Update Recorded future expansion module with the new data. [rderkach] + + In this release, we added new data that we have called Links. + It represents better and more filtered related data. + Also did some code formatting. + +* Add: [passive-ssh] initial commit. [Jean-Louis Huynen] + +* Merge pull request #526 from korrosivesec/patch-1. [Alexandre Dulaunoy] + + Add libcaca-dev to apt packages required + +* Add libcaca-dev to apt packages required. [Kory Kyzar] + + I needed to add libcaca-dev to make gtcaca. + + ## Before + ``` + misp@server:/usr/local/src/gtcaca/build$ cmake .. && make + -- The C compiler identification is GNU 7.5.0 + -- The CXX compiler identification is GNU 7.5.0 + -- Check for working C compiler: /usr/bin/cc + -- Check for working C compiler: /usr/bin/cc -- works + -- Detecting C compiler ABI info + -- Detecting C compiler ABI info - done + -- Detecting C compile features + -- Detecting C compile features - done + -- Check for working CXX compiler: /usr/bin/c++ + -- Check for working CXX compiler: /usr/bin/c++ -- works + -- Detecting CXX compiler ABI info + -- Detecting CXX compiler ABI info - done + -- Detecting CXX compile features + -- Detecting CXX compile features - done + CMake system name: Linux + -- Found PkgConfig: /usr/bin/pkg-config (found version "0.29.1") + pkg config path: + -- Check if the system is big endian + -- Searching 16 bit integer + -- Looking for sys/types.h + -- Looking for sys/types.h - found + -- Looking for stdint.h + -- Looking for stdint.h - found + -- Looking for stddef.h + -- Looking for stddef.h - found + -- Check size of unsigned short + -- Check size of unsigned short - done + -- Using unsigned short + -- Check if the system is big endian - little endian + -- Checking for module 'caca' + -- No package 'caca' found + CMake Error at /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:415 (message): + A required package was not found + Call Stack (most recent call first): + /usr/share/cmake-3.10/Modules/FindPkgConfig.cmake:593 (_pkg_check_modules_internal) + CMakeLists.txt:69 (pkg_check_modules) + + + -- Configuring incomplete, errors occurred! + See also "/usr/local/src/gtcaca/build/CMakeFiles/CMakeOutput.log". + ``` + + ## After + ``` + misp@server:/usr/local/src/gtcaca/build$ cmake .. && make + CMake system name: Linux + pkg config path: + -- Checking for module 'caca' + -- Found caca, version 0.99.beta19 + libcaca link library: -lcaca + CMake system: Linux + -- Configuring done + -- Generating done + -- Build files have been written to: /usr/local/src/gtcaca/build + ``` + + +## v2.4.150 (2021-10-19) + +### New + +* [hashlookup] documentation added. [Alexandre Dulaunoy] + +* [hashlookup] new hashlookup module added. [Alexandre Dulaunoy] + + https://www.circl.lu/services/hashlookup/ + +* [hashlookup] new hashlookup module added. [Alexandre Dulaunoy] + +### Changes + +* [hashlookup] KnownMalicious field added. [Alexandre Dulaunoy] + +* [hashlookup] add new fields such as source, SSDEEP and TLSH. [Alexandre Dulaunoy] + +* [hashlookup] Using the actual attribute types for FileName & FileSize. [chrisr3d] + + - Following the recent changes on the obejct template + to use `filename` as attribute type for the FileName + object relation instead of `text` + https://github.com/MISP/misp-objects/commit/d2b93f5aa69e0d9bfc549915b8f691cc5f62bf6c + +* [hashlookup] logo updated. [Alexandre Dulaunoy] + +* [logo] CIRCL logo added for hashlookup service. [Alexandre Dulaunoy] + +### Fix + +* [yara_query] Fixed module input parsing. [chrisr3d] + + - The module used to work properly when called + from a single attribute enrichment, but was + broken when called from the hover enrichment + feature, because of the additional `persistent` + field used to define which type of hover + enrichment is queried + +* [hashlookup] FileName and size are not required fields and can be missing in a hashlookup record. [Alexandre Dulaunoy] + +* Add missing dependency (ndjson) of cof2misp1. [Luciano Righetti] + +* Added note about the Domaintools module being deprecated. [Andras Iklody] + + - as requested by Domaintools, including a link to their own, up to date module + +* [hashlookup] Fixed the errors handling. [chrisr3d] + + - Since the modules system is waiting for a dict, + we return `misperrors` instead of the actual + value of the 'error' key, and the module will + no longer fail when there is no result to parse + +* [greynoise] typo fixed. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #520 from aaronkaplan/fix-github-alerts. [Alexandre Dulaunoy] + + Fix github's security alert: fix + +* Fix github's security alert: fix * CVE-2021-28676 * CVE-2021-25287 * CVE-2021-28675 * CVE-2021-28678 * CVE-2021-25288 * CVE-2021-28677. [aaronkaplan] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] + +* Merge pull request #519 from Lastline-Inc/main. [Alexandre Dulaunoy] + + Update dependency files + +* Update dependency files. [Jason Zhang] + +* Merge pull request #517 from mohlcyber/main. [Alexandre Dulaunoy] + + Added McAfee MVISION Insights Expansion Module + +* Added McAfee MVISION Insights. [Martin Ohl] + +* Update README.md. [Martin Ohl] + +* Create mcafee_insights_enrich.py. [Martin Ohl] + + Module to expand IOC information with McAfee MVISION Insights + +* Revert "fix: [greynoise] typo fixed" [Alexandre Dulaunoy] + + This reverts commit e36e3ea117b2b6562eaad2008f23a98c5b69f9e5. + +* Merge pull request #516 from Lastline-Inc/main. [Alexandre Dulaunoy] + + Sanity checks + +* Sanity checks. [Jason Zhang] + +* Merge pull request #515 from GreyNoise-Intelligence/greynoise_update_doc_json. [Alexandre Dulaunoy] + + Update the greynoise.json file + +* Update greynoise.json. [Brad Chiappetta] + +* Merge pull request #514 from GreyNoise-Intelligence/greynoise-add-cve-enhance-ip. [Alexandre Dulaunoy] + + Add CVE Lookup and Enhance IP Lookup + +* Documenation updates. [Brad Chiappetta] + +* Add cve support and enhance ip lookups. [Brad Chiappetta] + + +## v2.4.148 (2021-08-09) + +### Other + +* Merge pull request #513 from Lastline-Inc/main. [Alexandre Dulaunoy] + + Add vmware_nsx module + +* Add vmware_nsx module. [Jason Zhang] + +* Merge pull request #507 from aaronkaplan/cof2misp. [Alexandre Dulaunoy] + + Cof2misp + +* Fix the last issues of #493 (https://github.com/MISP/misp-modules/issues/493) [Aaron Kaplan] + +* Unit test for dnsdbflex in lib/cof.py. [Aaron Kaplan] + +* Merge branch 'main' of https://github.com/MISP/misp-modules into cof2misp. [aaronkaplan] + +* Push version. [aaronkaplan] + +* Add a function to validate dnsdbflex output add dnsdbflex parser. It's rather easy. [aaronkaplan] + +* Merge remote-tracking branch 'origin/cof2misp' into cof2misp. [aaronkaplan] + +* Add a function to validate dnsdbflex output. [aaronkaplan] + + +## v2.4.145 (2021-06-28) + +### Changes + +* [virustotal_public] make flake8 happy. [Alexandre Dulaunoy] + +* [travis] flake8 updated. [Alexandre Dulaunoy] + +* [virustotal] make flake8 happy. [Alexandre Dulaunoy] + +* [requirements] remove the pypi index from the requirements. [Alexandre Dulaunoy] + + This fixes #505 but we need to find a clean solution for Pipfile generating + it. + +* [tests] btc_steroid not working via CI. [Alexandre Dulaunoy] + +* [travis] remove old docker before install. [Alexandre Dulaunoy] + +* Bump deps. [Raphaël Vinot] + +* Bump deps. [Raphaël Vinot] + + +## v2.4.144 (2021-06-07) + +### Other + +* Merge pull request #501 from legoguy1000/virustotal-proxy. [Alexandre Dulaunoy] + + Add proxy configs for virus total modules + +* Add proxy configs for virus total modules. [Alex Resnick] + +* Merge pull request #499 from RamboV/main. [Alexandre Dulaunoy] + + Farsight DNSDB - Added Default Distribution Setting + +* Updated Distribution Constant. [Rambatla Venkat Rao] + +* Default distribution setting to DNSDB Objects. [Rambatla Venkat Rao] + +* Added a default distribution setting to Objects. [Rambatla Venkat Rao] + + +## v2.4.143 (2021-05-14) + +### Changes + +* [test] onyphe no way to test without authentication keys. [Alexandre Dulaunoy] + +* [cof2misp] bailiwick is optional. [Alexandre Dulaunoy] + +* [doc] cof2misp documentation added. [Alexandre Dulaunoy] + +* [cof2misp] debugging removed. [Alexandre Dulaunoy] + +* [cof2misp] remove logging in the misp-modules. [Alexandre Dulaunoy] + +* [cof2misp module] fix the import module/package "__init__.py" missing. [Alexandre Dulaunoy] + +* [farsight_passivedns] Updated the bailiwick attribute type, following the latest changes on the passive-dns object template. [chrisr3d] + +### Fix + +* [farsight_passivedns] Handling exceptions raised from a query error. [chrisr3d] + + - This can happen with for instance a wrong server URL + +### Other + +* Merge pull request #498 from sebdraven/master. [Alexandre Dulaunoy] + + Refactorin onype module + +* Fix bug on loop. [Sebdraven] + +* Remove print and variable unsuable. [Sebdraven] + +* Merge pull request #4 from MISP/main. [sebdraven] + + merge + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge pull request #497 from aaronkaplan/cof2misp. [Alexandre Dulaunoy] + + Cof2misp + +* Oops, there was a minor error. print(..., file=sys.stDerr) . Typo! [root] + +* Add license text. No logical changes in this commit. [aaronkaplan] + +* Merge pull request #491 from aaronkaplan/cof2misp. [Alexandre Dulaunoy] + + Version 0.2 of the cof2misp import module. + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Make teh special attributes *_ip and _domain not needed. See the discussion in https://github.com/MISP/misp-objects/pull/314. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Make stub strict parser. [aaronkaplan] + +* Again, make flake8 happy. My local flake8 was already happy. hm. [aaronkaplan] + +* Flake8, you suck. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Make flake8 happier. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Merge branch 'cof2misp' of github.com:aaronkaplan/misp-modules into cof2misp. [aaronkaplan] + +* Version 0.2 of the cof2misp import module. [aaronkaplan] + +* Version 0.2 of the cof2misp import module. [aaronkaplan] + +* Add summary ip, domain and hostname. [Sebdraven] + +* Fix bug. [Sebdraven] + +* Add reference. [Sebdraven] + +* Add test to check. [Sebdraven] + +* Fixe typo. [Sebdraven] + +* Remove pass. [Sebdraven] + +* Add object certificate. [Sebdraven] + +* Add hostname. [Sebdraven] + +* Update onyphe.py. [Sebdraven] + + remove typo + +* Check entry in result dico. [Sebdraven] + +* Add logs. [Sebdraven] + +* Fix logical test. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add summary ip. [Sebdraven] + + object domain + +* Refactoring of the module. [Sebdraven] + + +## v2.4.142 (2021-04-26) + +### New + +* [logo] yeti logo added. [Alexandre Dulaunoy] + +* [ChangeLog] added. [Alexandre Dulaunoy] + +### Changes + +* [doc] yeti logo added. [Alexandre Dulaunoy] + +* [doc] Makefile fixed. [Alexandre Dulaunoy] + +* [doc] README cleanup and historical stuff removed. [Alexandre Dulaunoy] + +* [doc] fix path of mkdocs output. [Alexandre Dulaunoy] + +### Fix + +* [tests] Back to the former ip address in the threatcrowd module test. [chrisr3d] + +* [doc] Travis button was on the old master branch. [Alexandre Dulaunoy] + + fix: [doc] Travis button was on the old master branch + +* [doc] build script. [Alexandre Dulaunoy] + +### Other + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] + +* Merge pull request #488 from sebdraven/master. [Alexandre Dulaunoy] + + Module Yeti + +* Add pyeti package. [Sebdraven] + +* Merge branch 'main' [Sebdraven] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Fix typo. [Sebdraven] + +* Remove variable unused. [Sebdraven] + +* Remove import unused and add package in requirements. [Sebdraven] + +* Create yeti.json. [Sebdraven] + + add doc + +* Update yeti.py. [Sebdraven] + + pep 8 compliant + +* Update yeti.py. [Sebdraven] + + remove tags and entity + +* Update yeti.py. [Sebdraven] + + add input + +* Merge pull request #2 from MISP/master. [sebdraven] + + Master + +* Update yeti.py. [Sebdraven] + + add tests + +* Update yeti.py. [Sebdraven] + + add ns record dst and src link + +* Update yeti.py. [Sebdraven] + + add test to create result + +* Update yeti.py. [Sebdraven] + + fix edges + +* Update yeti.py. [Sebdraven] + + fix typo + +* Update yeti.py. [Sebdraven] + + change params + +* Update yeti.py. [Sebdraven] + + add ns_record object + +* Update yeti.py. [Sebdraven] + + change loop + +* Update yeti.py. [Sebdraven] + + fix bug + +* Update yeti.py. [Sebdraven] + + remove tests + +* Update yeti.py. [Sebdraven] + + filter by id + +* Update yeti.py. [Sebdraven] + + add src + +* Update yeti.py. [Sebdraven] + + fix keyerror + +* Update yeti.py. [Sebdraven] + + fix bug about id + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add test of id + +* Update yeti.py. [Sebdraven] + + add log + +* Update yeti.py. [Sebdraven] + + add descripton + +* Update yeti.py. [Sebdraven] + + add file to add in attribute + +* Update yeti.py. [Sebdraven] + + add tags for attribute + +* Update yeti.py. [Sebdraven] + + remove tag + +* Update yeti.py. [Sebdraven] + + test tags + +* Update yeti.py. [Sebdraven] + + change tags method + +* Update yeti.py. [Sebdraven] + + add related observable and AS + +* Update yeti.py. [Sebdraven] + + remove print debug + +* Update yeti.py. [Sebdraven] + + fix bugs key error + +* Update yeti.py. [Sebdraven] + + add param + +* Update yeti.py. [Sebdraven] + + try typo + +* Update yeti.py. [Sebdraven] + + remove print + +* Update yeti.py. [Sebdraven] + + remove tests + +* Update yeti.py. [Sebdraven] + + test + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + try test + +* Update yeti.py. [Sebdraven] + + add check + +* Update yeti.py. [Sebdraven] + + correct bug + +* Update yeti.py. [Sebdraven] + + add log + +* Update yeti.py. [Sebdraven] + + add log + +* Update yeti.py. [Sebdraven] + + correct typo + +* Update yeti.py. [Sebdraven] + + add relation + +* Update yeti.py. [Sebdraven] + + refactoring and add Url neighboors + +* Update yeti.py. [Sebdraven] + + add key results + +* Update yeti.py. [Sebdraven] + + delete attr + +* Update yeti.py. [Sebdraven] + + correction format strings + +* Update yeti.py. [Sebdraven] + + change logs + +* Update yeti.py. [Sebdraven] + + value attribute + +* Update yeti.py. [Sebdraven] + + change logs + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add relation + +* Update yeti.py. [Sebdraven] + + remove add + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + change relations + +* Update yeti.py. [Sebdraven] + + change modification + +* Update yeti.py. [Sebdraven] + + update relation + +* Update yeti.py. [Sebdraven] + + change relation type + +* Update yeti.py. [Sebdraven] + + add relationship + +* Update yeti.py. [Sebdraven] + + add ref + +* Update yeti.py. [Sebdraven] + + add test + +* Update yeti.py. [Sebdraven] + + change attribute add + +* Update yeti.py. [Sebdraven] + + change relationship + +* Update yeti.py. [Sebdraven] + + log json + +* Update yeti.py. [Sebdraven] + + log object + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + change type attr and relation + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + change relation type and misp event init + +* Update yeti.py. [Sebdraven] + + add relation object + +* Update yeti.py. [Sebdraven] + + add object + +* Update yeti.py. [Sebdraven] + + refactoring + +* Update yeti.py. [Sebdraven] + + using attribute + +* Update yeti.py. [Sebdraven] + + use format misp + +* Update yeti.py. [Sebdraven] + + modify acess dict + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add logs + +* Update yeti.py. [Sebdraven] + + add neighboors iocs to add the event + +* Update yeti.py. [Sebdraven] + + modify call yeti + +* Update yeti.py. [Sebdraven] + + Correct bugs + +* Update yeti.py. [Sebdraven] + + change inherit + +* Update yeti.py. [Sebdraven] + + change path to access config settings + +* Update yeti.py. [Sebdraven] + + add log + +* Update yeti.py. [Sebdraven] + + add ip-dst to enrich + +* Update yeti.py. [Sebdraven] + + add logs + +* Yeti pluggin. [Sebdraven] + + get_entities and get_neighboors + +* Update yeti.py. [Sebdraven] + + add introspection method + +* Update yeti.py. [Sebdraven] + + add method version + +* Update yeti.py. [Sebdraven] + + correct import + +* Update REQUIREMENTS. [Sebdraven] + + correct conflic + +* Update yeti.py. [Sebdraven] + + add config and struct + +* Add new module. [Sebdraven] + + new module yeti + +* Update .gitignore. [Sebdraven] + + update .gitignore to env pycharm + +* Merge pull request #1 from MISP/master. [sebdraven] + + Master + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] + + +## v2.4.141 (2021-04-19) + +### Changes + +* [tests] LiveCI set for RBL tests (network connectivity issues in the CI) [Alexandre Dulaunoy] + +* [rbl] Added a timeout parameter to change the resolver timeout & lifetime if needed. [chrisr3d] + +* [rbl] Small changes on the rbl list and the results handling. [chrisr3d] + +* [test] skip some tests if running in the CI (API limitation or specific host issues) [Alexandre Dulaunoy] + +* [tests] historical records in threatcrowd. [Alexandre Dulaunoy] + +* [test] fixing IP addresses. [Alexandre Dulaunoy] + +* [passivetotal] new test IP address. [Alexandre Dulaunoy] + +* [farsight] make PEP happy. [Alexandre Dulaunoy] + +* [requirements] openpyxl added. [Alexandre Dulaunoy] + +* [travis] missing dep. [Alexandre Dulaunoy] + +* [test expansion] IPv4 address of CIRCL updated. [Alexandre Dulaunoy] + +* [coverage] install. [Alexandre Dulaunoy] + +* [pipenv] removed. [Alexandre Dulaunoy] + +* [travis] get rid of pipenv. [Alexandre Dulaunoy] + +* [Pipfile.lock] updated. [Alexandre Dulaunoy] + +* [doc] fix index of mkdocs. [Alexandre Dulaunoy] + +* [documentation] updated. [Alexandre Dulaunoy] + +* [farsight_passivedns] Making first_time and last_time results human readable. [chrisr3d] + + - We get the datetime format instead of the raw + timestamp + +* Bump deps. [Raphaël Vinot] + +* [farsight_passivedns] Making first_time and last_time results human readable. [chrisr3d] + + - We get the datetime format instead of the raw + timestamp + +* [farsight_passivedns] Added input types for more flex queries. [chrisr3d] + + - Standard types still supported as before + - Name or ip lookup, with optional flex queries + - New attribute types added will only send flex + queries to the DNSDB API + +* [doc] fix #460 - rh install. [Alexandre Dulaunoy] + +* [requirements] fix 463. [Alexandre Dulaunoy] + +### Fix + +* [tests] Fixed btc_steroids test assertion. [chrisr3d] + +* [ocr_enrich] Making Pep8 happy. [chrisr3d] + +* [tests] Fixed variable names that have been changed with the latest commit. [chrisr3d] + +* [ocr_enrich] Fixed tesseract input format. [chrisr3d] + + - It looks like the `image_to_string` method now + assumes RGB format and the `imdecode` method + seems to give BGR format, so we convert the + image array before + +* [tests] Fixed tests for some modules waiting for standard MISP Attribute format as input. [chrisr3d] + +* [tests] Fixed hibp test which requires an API key. [chrisr3d] + +* [hibp] Fixed config handling to avoir KeyError exceptions. [chrisr3d] + +* [test] dns module. [Alexandre Dulaunoy] + +* [main] Disable duplicate JSON decoding. [Jakub Onderka] + +* [cve_advanced] Some CVEs are not in CWE format but in NVD-CWE-Other. [Alexandre Dulaunoy] + +* [farsight_passivedns] Fixed lookup_rdata_name results desclaration. [chrisr3d] + + - Getting generator as a list as it is already the + case for all the other results, so it avoids + issues to read the results by accidently looping + through the generator before it is actually + needed, which would lose the content of the + generator + - Also removed print that was accidently introduced + with the last commit + +* [farsight_passivedns] Excluding last_seen value for now, in order to get the available results. [chrisr3d] + + - With last_seen set we can easily get results + included in a certain time frame (between first + seen and last seen), but we do not get the + latest results. In order to get those ones, we + skip filtering on the time_last_before value + +* [farsight_passivedns] Fixed lookup_rdata_name results desclaration. [chrisr3d] + + - Getting generator as a list as it is already the + case for all the other results, so it avoids + issues to read the results by accidently looping + through the generator before it is actually + needed, which would lose the content of the + generator + - Also removed print that was accidently introduced + with the last commit + +* Making pep8 happy. [chrisr3d] + +* [farsight_passivedns] Fixed queries to the API. [chrisr3d] + + - Since flex queries input may be email addresses, + we nake sure we replace '@' by '.' in the flex + queries input. + - We also run the flex queries with the input as + is first, before runnning them as second time + with '.' characters escaped: '\\.' + +* Google.py module. [Jürgen Löhel] + + The search result does not include always 3 elements. It's better to + enumerate here. + The googleapi fails sometimes. Retry it 3 times. + +* Google.py module. [Jürgen Löhel] + + Corrects import for gh.com/abenassi/Google-Search-API. + +* Consider mail body as UTF-8 encoded. [Jakub Onderka] + +### Other + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] + +* Fix; [tests] Changes on assertion statements that should fix the passivetotal, rbl & shodan tests. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] + +* Merge pull request #435 from JakubOnderka/remove-duplicate-decoding. [Alexandre Dulaunoy] + + fix: [main] Remove duplicate JSON decoding + +* Add: [farsight_passivedns] Adding first_seen & last_seen (when available) in passivedns objects. [chrisr3d] + + - The object_relation `time_first` is added as the + `first_seen` value of the object + - Same with `time_last` -> `last_seen` + +* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] + +* Merge pull request #484 from GreyNoise-Intelligence/main. [Alexandre Dulaunoy] + + Update to GreyNoise expansion module + +* Update community api to released ver. [Brad Chiappetta] + +* Fix ver info. [Brad Chiappetta] + +* Updates for greynoise community api. [Brad Chiappetta] + +* Merge pull request #485 from jgwilson42/patch-1. [Alexandre Dulaunoy] + + Update README.md + +* Update README.md. [James Wilson] + + Ensure that the clone of misp-modules is owned by www-data + +* Merge pull request #482 from MISP/new_features. [Alexandre Dulaunoy] + + Farsight_passivedns module updated with new input types compatible with flex queries + +* Add: [farsight_passivedns] New lookup argument based on the first_seen & last_seen fields. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into new_features. [chrisr3d] + +* Merge pull request #481 from cocaman/main. [Alexandre Dulaunoy] + + Adding ThreatFox enrichment module + +* Adding additional tags. [Corsin Camichel] + +* First version of ThreatFox enrichment module. [Corsin Camichel] + +* Merge pull request #480 from cocaman/patch-1. [Alexandre Dulaunoy] + + updating "hibp" for API version 3 + +* Updating "hibp" for API version 3. [Corsin Camichel] + +* Merge pull request #477 from jloehel/fix/google-module. [Alexandre Dulaunoy] + + Fix/google module + +* Merge pull request #476 from digihash/patch-1. [Alexandre Dulaunoy] + + Update README.md + +* Update README.md. [Kevin Holvoet] + + Added fix based on https://github.com/MISP/MISP/issues/4045 + +* Merge pull request #475 from adammchugh/patch-3. [Alexandre Dulaunoy] + + Fixed the censys version + +* Fixed the censys version. [adammchugh] + + Unsure how I managed to get the version so wrong, but I have updated it to the current version and confirmed as working. + +* Merge pull request #474 from JakubOnderka/patch-4. [Alexandre Dulaunoy] + + fix: Consider mail body as UTF-8 encoded + +* Merge pull request #473 from adammchugh/patch-2. [Alexandre Dulaunoy] + + Change to pandas version requirement to address pip install failure + +* Included missing dependencies for censys and pyfaup. [adammchugh] + + Added censys dependency + Added pyfaup dependency + +* Change to pandas version requirement to address pip install failure. [adammchugh] + + Updated pandas version to 1.1.5 to allow pip install as defined at https://github.com/MISP/misp-modules to complete successfully. + +* Merge pull request #470 from adammchugh/patch-1. [Alexandre Dulaunoy] + + Update assemblyline_submit.py - Add verify SSL option + +* Update assemblyline_submit.py. [adammchugh] + +* Update assemblyline_query.py. [adammchugh] + +* Update assemblyline_submit.py. [adammchugh] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Alexandre Dulaunoy] + +* Update README long hyphen is not standard ASCII hyphen. [Alexandre Dulaunoy] + + Fix #464 + + +## v2.4.137 (2021-01-25) + +### Changes + +* Bump deps. [Raphaël Vinot] + +* Bump requirements. [Raphaël Vinot] + +* [pipenv] Enable email extras for PyMISP. [Jakub Onderka] + +### Fix + +* Bump PyMISP dep to latest. [Raphaël Vinot] + +* Use PyMISP from PyPi. [Raphaël Vinot] + +* Use pymisp from pypi. [Raphaël Vinot] + +* [pipenv] Missing clamd. [Jakub Onderka] + +### Other + +* Merge pull request #466 from NoDataFound/main. [Alexandre Dulaunoy] + + Corrected VMray rest API import + +* Corrected VMray rest API import. [Cory Kennedy] + + When loading misp-modules, the VMray module ```modules/expansion/vmray_submit.py ``` incorrectly imports the library. VMray's documentation and examples here: https://pypi.org/project/vmray-rest-api/#history also reflect this change as the correct import. + +* Merge pull request #457 from trustar/main. [Alexandre Dulaunoy] + + added more explicit error messages for indicators that return no enri… + +* Added more explicit error messages for indicators that return no enrichment data. [Jesse Hedden] + +* Merge pull request #452 from kuselfu/main. [Alexandre Dulaunoy] + + update vmray_import, add vmray_summary_json_import + +* Fix imports and unused variables. [Jens Thom] + +* Resolve merge conflict. [Jens Thom] + +* Merge remote-tracking branch 'upstream/main' into main. [Jens Thom] + +* Merge pull request #451 from JakubOnderka/versions-update. [Alexandre Dulaunoy] + + fix: [pipenv] Missing clamd + +* Merge pull request #450 from JakubOnderka/versions-update. [Alexandre Dulaunoy] + + chg: [pipenv] Enable email extras for PyMISP + +* Merge pull request #448 from HacknowledgeCH/export_defender_endpoint. [Alexandre Dulaunoy] + + Export defender endpoint + +* Fixed error reported by LGTM analysis. [milkmix] + +* Added documentation. [milkmix] + +* Added missing quotes. [milkmix] + +* Added URL support. [milkmix] + +* Typo in python src name. [milkmix] + +* Initial work on Defender for Endpoint export module. [milkmix] + +* * add parser for report version v1 and v2 * add summary JSON import module. [Jens Thom] + + +## v2.4.134 (2020-11-18) + +### New + +* [expansion] Added html_to_markdown module. [mokaddem] + + It fetches the HTML from the provided URL, performs a bit of DOM + clean-up then convert it into markdown + +* [clamav] Module for malware scan by ClamAV. [Jakub Onderka] + +* [passivedns, passivessl] Add support for ip-src|port and ip-dst|port. [Jakub Onderka] + +* Censys Expansion module. [Golbark] + +* Expansion module to query MALWAREbazaar API with some hash attribute. [chrisr3d] + +### Changes + +* [pipenv] Updated lock Pipfile again. [chrisr3d] + +* [pipenv] Updated lock Pipfile. [chrisr3d] + +* Added socialscan library in Pipfile and updated the lock file. [chrisr3d] + +* [documentation] Cleaner documentation directories & auto-generation. [chrisr3d] + + Including: + - A move of the previous `doc` and `docs` directories to `documentation` + - `documentation` is now the default directory + - The documentation previously under `doc` is now in `documentation/website` + - The mkdocs previously under `docs` is now in `documentation/mkdocs` + - All single JSON documentation files have been JQed + - Some small improvements to list fields displaying + +* [pipenv] Updated Pipfile. [chrisr3d] + +* [documentation] Updated the farsight-passivedns documentation. [chrisr3d] + +* [cpe] Added default limit to the results. [chrisr3d] + + - Results returned by CVE-search are sorted by + cvss score and limited in number to avoid + potential massive amount of data retuned back + to MISP. + - Users can overwrite the default limit with the + configuration already present as optional, and + can also set the limit to 0 to get the full list + of results + +* [farsight_passivedns] Now using the dnsdb2 python library. [chrisr3d] + + - Also updated the results parsing to check in + each returned result for every field if they are + included, to avoid key errors if any field is + missing + +* [cpe] Support of the new CVE-Search API. [chrisr3d] + +* [doc] Updated the farsight_passivedns module documentation. [chrisr3d] + +* [farsight_passivedns] More context added to the results. [chrisr3d] + + - References between the passive-dns objects and + the initial attribute + - Comment on object attributes mentioning whether + the results come from an rrset or an rdata + lookup + +* [farsight_passivedns] Rework of the module to return MISP objects. [chrisr3d] + + - All the results are parsed as passive-dns MISP + objects + - More love to give to the parsing to add + references between the passive-dns objects and + the input attribute, depending on the type of + the query (rrset or rdata), or the rrtype + (to be determined) + +* [cpe] Changed CVE-Search API default url. [chrisr3d] + +* [clamav] Add reference to original attribute. [Jakub Onderka] + +* [clamav] TCP port connection must be an integer. [Alexandre Dulaunoy] + +* Bump deps. [Raphaël Vinot] + +* Updated expansion modules documentation. [chrisr3d] + + - Added documentation for the missing modules + - Renamed some of the documentation files to match + with the module names and avoid issues within + the documentation file (README.md) with the link + of the miss-spelled module names + +* Updated the bgpranking expansion module test. [chrisr3d] + +* Updated documentation for the recently updated bgpranking module. [chrisr3d] + +* Updated the bgpranking expansion module to return MISP objects. [chrisr3d] + + - The module no longer returns freetext, since the + result returned to the freetext import as text + only allowed MISP to parse the same AS number as + the input attribute. + - The new result returned with the updated module + is an asn object describing more precisely the + AS number, and its ranking for a given day + +* Turned the Shodan expansion module into a misp_standard format module. [chrisr3d] + + - As expected with the misp_standard modules, the + input is a full attribute and the module is able + to return attributes and objects + - There was a lot of data that was parsed as regkey + attributes by the freetext import, the module now + parses properly the different field of the result + of the query returned by Shodan + +* Updated documentation about the greynoise module. [chrisr3d] + +* Updated Greynoise tests following the latest changes on the expansion module. [chrisr3d] + +* Making use of the Greynoise v2 API. [chrisr3d] + +* Bump deps. [Raphaël Vinot] + +* [doc] Added details about faup. [Steve Clement] + +* [doc] in case btc expansion fails, give another hint at why it fails. [Steve Clement] + +* [travis] Added gtcaca and liblua to faup. [Steve Clement] + +* [travis] Added py3.8. [Steve Clement] + +* Bump dependencies. [Raphaël Vinot] + + Should fix https://github.com/MISP/MISP/issues/5739 + +* Quick ransomdncoin test just to make sure the module loads. [chrisr3d] + + - I do not have any api key right now, so the test + should just reach the error + +* Catching missing config issue. [chrisr3d] + +### Fix + +* [pipenv] Removed duplicated dnsdb2 entry that I missed while merging conflict. [chrisr3d] + +* Removed debugging print command. [chrisr3d] + +* [tests] Less specific assertion for the rbl module test. [chrisr3d] + +* [farsight_passivedns] Fixed pep8 backslash issue. [chrisr3d] + +* [farsight_passivedns] Fixed issue with variable name. [chrisr3d] + +* [documentation] Added missing cpe module documentation. [chrisr3d] + +* [cpe] Fixed typo in vulnerable-configuration object relation fields. [chrisr3d] + +* [farsight_passivedns] Fixed typo in the lookup fields. [chrisr3d] + +* [farsight_passivedns] Uncommented mandatory field that was commented for tests. [chrisr3d] + +* [tests] Small fixes on the expansion tests. [chrisr3d] + +* [dnsdb] Avoiding AttributeError with the sys library, probably depending on the python version. [chrisr3d] + +* [documentation] Updated links to the scripts, with the default branch no longer being master, but main. [chrisr3d] + +* Typo. [chrisr3d] + +* Updated Pipfile. [chrisr3d] + +* [cpe] Typos and variable name issues fixed + Making the module available in MISP. [chrisr3d] + +* [cve-advanced] Using the cpe and weakness attribute types. [chrisr3d] + +* [cve_advanced] Avoiding potential MISP object references issues. [chrisr3d] + + - Adding objects as dictionaries in an event may + cause issues in some cases. It is better to pass + the MISP object as is, as it is already a valid + object since the MISPObject class is used + +* [virustotal_public] Resolve key error when user enrich hostname. [chrisr3d] + + - Same as #424 + +* [virustotal] Resolve key error when user enrich hostname. [Jakub Onderka] + +* Typo in EMailObject. [Raphaël Vinot] + + Fix #427 + +* Making pep8 happy. [chrisr3d] + +* Fixed pep8. [chrisr3d] + +* Fixed pep8 + some copy paste issues introduced with the latest commits. [chrisr3d] + +* Avoid issues with the attribute value field name. [chrisr3d] + + - The module setup allows 'value1' as attribute + value field name, but we want to make sure that + users passing standard misp format with 'value' + instead, will not have issues, as well as + keeping the current setup + +* [virustotal] Subdomains is optional in VT response. [Jakub Onderka] + +* Fixed list of sigma backends. [chrisr3d] + +* Fixed validators dependency issues. [chrisr3d] + + - Possible rollback if we get issues with virustotal + +* Removed multiple spaces to comply with pep8. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Removed trustar_import module name in init to avoid validation issues. [chrisr3d] + + (until it is submitted via PR?) + +* [circl_passivessl] Return proper error for IPv6 addresses. [Jakub Onderka] + +* [circl_passivessl] Return not found error. [Jakub Onderka] + + If passivessl returns empty response, return Not found error instead of error in log + +* [circl_passivedns] Return not found error. [Jakub Onderka] + + If passivedns returns empty response, return Not found error instead of error in log + +* [pep] Comply to PEP E261. [Steve Clement] + +* [travis] gtcaca has no build directory. [Steve Clement] + +* [pip] pyfaup required. [Steve Clement] + +* [doc] corrected filenames for 2 docs. [Christophe Vandeplas] + +* Making pep8 happy. [chrisr3d] + +* Catching errors in the reponse of the query to URLhaus. [chrisr3d] + +* Making pep8 happy with indentation. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Removed unused import. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Making the module config available so the module works. [chrisr3d] + +* [VT] Disable SHA512 query for VT. [Jakub Onderka] + +### Other + +* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge pull request #429 from MISP/new_module. [Christian Studer] + + New module using socialscan to check the availability of an email address or username on some online platforms + +* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Add: Added documentation for the socialscan new module. [chrisr3d] + + - Also quick fix of the message for an invalid + result or response concerning the queried email + address or username + +* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Add: New module using socialscan library to check email addresses and usernames linked to accounts on online platforms. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge pull request #445 from chrisr3d/main. [Christian Studer] + + Added missing cpe module documentation + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Add: [farsight-passivedns] Optional feature to submit flex queries. [chrisr3d] + + - The rrset and rdata queries remain the same but + with the parameter `flex_queries`, users can + also get the results of the flex rrnames & flex + rdata regex queries about their domain, hostname + or ip address + - Results can thus include passive-dns objects + containing the `raw_rdata` object_relation added + with 0a3e948 + +* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge branch 'chrisr3d_patch' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge pull request #443 from trustar/main. [Alexandre Dulaunoy] + + fixed typo causing firstSeen and lastSeen to not be pulled from enric… + +* Fixed typo causing firstSeen and lastSeen to not be pulled from enrichment data. [Jesse Hedden] + +* Merge pull request #440 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + Farsight passivedns module update + +* Merge pull request #437 from chrisr3d/main. [Alexandre Dulaunoy] + + New expansion module to get the vulnerabilities related to a CPE + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge pull request #436 from MISP/new-html-to-markdown. [Christian Studer] + + new: [expansion] Added html_to_markdown module + +* Add: Documentation for the html_to_markdown expansion module. [chrisr3d] + +* Add: Added documentation for the cpe module. [chrisr3d] + +* Add: First shot of an expansio module to query cve-search with a cpe to get the related vulnerabilities. [chrisr3d] + +* Merge pull request #432 from JakubOnderka/clamav. [Alexandre Dulaunoy] + + chg: [clamav] Add reference to original attribute + +* Merge pull request #431 from JakubOnderka/clamav. [Alexandre Dulaunoy] + + new: [clamav] Module for malware scan by ClamAV + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [Raphaël Vinot] + +* Merge pull request #424 from JakubOnderka/vt-subdomains-fix. [Christian Studer] + + fix: [virustotal] Resolve key error when user enrich hostname + +* Merge pull request #426 from hildenjohannes/main. [Alexandre Dulaunoy] + + Recorded Future module: Add proxy support and User-Agent header + +* Add proxy support and User-Agent header. [johannesh] + +* Merge pull request #425 from elhoim/elhoim-patch-1. [Alexandre Dulaunoy] + + Disable correlation for detection-ratio attribute in virustotal.py + +* Disable correlation for detection-ratio in virustotal.py. [David André] + +* Merge pull request #422 from trustar/feat/EN-5047/MISP-manual-update. [Alexandre Dulaunoy] + + Feat/en 5047/misp manual update + +* Merge branch 'main' into feat/EN-5047/MISP-manual-update. [Jesse Hedden] + +* Merge pull request #420 from hildenjohannes/main. [Alexandre Dulaunoy] + + Fix typo error introduced in commit: 3b7a5c4dc2541f3b07baee69a7e8b969… + +* Fix typo error introduced in commit: 3b7a5c4dc2541f3b07baee69a7e8b9694a1627fc. [johannesh] + +* Merge pull request #417 from trustar/feat/EN-4664/trustar-misp. [Alexandre Dulaunoy] + + Feat/en 4664/trustar misp + +* Added description to readme. [Jesse Hedden] + +* Merge branch 'master' of github.com:trustar/misp-modules into feat/EN-4664/trustar-misp. [Jesse Hedden] + +* Removed obsoleted module name. [Jesse Hedden] + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge pull request #416 from hildenjohannes/main. [Alexandre Dulaunoy] + + Add Recorded Future module documentation + +* Improve wording. [johannesh] + +* Add Recorded Future module documentation. [johannesh] + +* Add: Specific error message for misp_standard format expansion modules. [chrisr3d] + + - Checking if the input format is respected and + displaying an error message if it is not + +* Merge pull request #415 from hildenjohannes/main. [Alexandre Dulaunoy] + + Add Recorded Future expansion module + +* Add Recorded Future expansion module. [johannesh] + +* Added comments. [Jesse Hedden] + +* Added comments. [Jesse Hedden] + +* Added comments. [Jesse Hedden] + +* Added error checking. [Jesse Hedden] + +* Updating to include metadata and alter type of trustar link generated. [Jesse Hedden] + +* Merge pull request #1 from trustar/feat/EN-4664/trustar-misp. [Jesse Hedden] + + Feat/en 4664/trustar misp + +* Merge branch 'main' of github.com:MISP/misp-modules into main. [chrisr3d] + +* Merge pull request #411 from JakubOnderka/vt-subdomains-fix. [Alexandre Dulaunoy] + + fix: [virustotal] Subdomains is optional in VT response + +* Merge remote-tracking branch 'origin' into main. [chrisr3d] + +* Add: Trustar python library added to Pipfile. [chrisr3d] + +* Merge branch 'trustar-feat/EN-4664/trustar-misp' [chrisr3d] + +* Merge branch 'feat/EN-4664/trustar-misp' of https://github.com/trustar/misp-modules into trustar-feat/EN-4664/trustar-misp. [chrisr3d] + +* Removed obsolete file. [Jesse Hedden] + +* Corrected variable name. [Jesse Hedden] + +* Fixed indent. [Jesse Hedden] + +* Fixed incorrect attribute name. [Jesse Hedden] + +* Fixed metatag; convert summaries generator to list for error handling. [Jesse Hedden] + +* Added strip to remove potential whitespace. [Jesse Hedden] + +* Removed extra parameter. [Jesse Hedden] + +* Added try/except for TruSTAR API errors and additional comments. [Jesse Hedden] + +* Added comments and increased page size to max for get_indicator_summaries. [Jesse Hedden] + +* Uploaded TruSTAR logo. [Jesse Hedden] + +* Updated client metatag and version. [Jesse Hedden] + +* Added module documentation. [Jesse Hedden] + +* Added client metatag to trustar client. [Jesse Hedden] + +* Ready for code review. [Jesse Hedden] + +* WIP: initial push. [Jesse Hedden] + +* Initial commit. not a working product. need to create a class to manage the MISP event and TruStar client. [Jesse Hedden] + +* Merge pull request #381 from MISP/new_module. [Christian Studer] + + New module for MALWAREbazaar + +* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge pull request #407 from JakubOnderka/patch-3. [Alexandre Dulaunoy] + + fix: [circl_passivessl] Return proper error for IPv6 addresses + +* Merge pull request #406 from JakubOnderka/ip-port. [Alexandre Dulaunoy] + + new: [passivedns, passivessl] Add support for ip-src|port and ip-dst|port + +* Merge pull request #405 from JakubOnderka/patch-2. [Alexandre Dulaunoy] + + fix: [circl_passivedns] Return not found error + +* Merge pull request #402 from MISP/dependabot/pip/httplib2-0.18.0. [Alexandre Dulaunoy] + + build(deps): bump httplib2 from 0.17.0 to 0.18.0 + +* Build(deps): bump httplib2 from 0.17.0 to 0.18.0. [dependabot[bot]] + + Bumps [httplib2](https://github.com/httplib2/httplib2) from 0.17.0 to 0.18.0. + - [Release notes](https://github.com/httplib2/httplib2/releases) + - [Changelog](https://github.com/httplib2/httplib2/blob/master/CHANGELOG) + - [Commits](https://github.com/httplib2/httplib2/compare/v0.17.0...v0.18.0) + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge pull request #395 from SteveClement/master. [Steve Clement] + + chg: [deps] pyfaup seems to be required but not installed + +* Merge pull request #393 from vmray-labs/update-vmray-module. [Alexandre Dulaunoy] + + Update vmray_submit module + +* Update vmray_submit. [Matthias Meidinger] + + The submit module hat some smaller issues with the reanalyze flag. + The source for the enrichment object has been changed and the robustness + of user supplied config parsing improved. + +* Merge pull request #388 from Golbark/censys_expansion. [Christophe Vandeplas] + + new: usr: Censys Expansion module + +* Fix variable issue in the loop. [Golbark] + +* Adding support for more input types, including multi-types. [Golbark] + +* Add: Added documentation for the latest new modules. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #380 from JakubOnderka/patch-1. [Christian Studer] + + csvimport: Return error if input is not valid UTF-8 + +* Csvimport: Return error if input is not valid UTF-8. [Jakub Onderka] + +* Merge pull request #379 from cudeso/master. [Alexandre Dulaunoy] + + Cytomic Orion MISP Module + +* Documentation for Cytomic Orion. [Koen Van Impe] + +* Update __init__ [Koen Van Impe] + +* Make Travis (a little bit) happy. [Koen Van Impe] + +* Cytomic Orion MISP Module. [Koen Van Impe] + + An expansion module to enrich attributes in MISP and share indicators + of compromise with Cytomic Orion + +* Merge pull request #377 from 0xbennyv/master. [Alexandre Dulaunoy] + + Added SophosLabs Intelix as expansion module + +* Removed Unused Import. [bennyv] + +* Fixed handler error handling for missing config. [bennyv] + +* Fixed formatting in README.md. [bennyv] + +* Updated the README.md for SOPHOSLabs Intelix. [bennyv] + +* Initial Build of SOPHOSLabs Intelix Product. [bennyv] + +* Merge pull request #374 from M0un/projet-m2-oun-gindt. [Christian Studer] + + Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // No… + +* Rendu projet master2 sécurité par Mathilde OUN et Vincent GINDT // Nouveau module misp de recherche google sur les urls. [Mathilde Oun et Vincent Gindt] + +* Merge pull request #373 from seanthegeek/patch-1. [Christian Studer] + + Create missing __init__.py for _ransomcoindb + +* Revert change inteded for other patch. [Sean Whalen] + +* Install cmake to build faup. [Sean Whalen] + +* Create __init__.py. [Sean Whalen] + +* Merge pull request #371 from GlennHD/master. [Christian Studer] + + Added GeoIP_City and GeoIP_ASN Database Modules + +* Update geoip_asn.py. [GlennHD] + +* Update geoip_city.py. [GlennHD] + +* Added geoip_asn and geoip_city to load. [GlennHD] + +* Added GeoIP_ASN Enrichment module. [GlennHD] + +* Added GeoIP_City Enrichment module. [GlennHD] + +* Added GeoIP City and GeoIP ASN Info. [GlennHD] + +* Merge pull request #370 from JakubOnderka/vt-query-sha512. [Alexandre Dulaunoy] + + fix: [VT] Disable SHA512 query for VT + +* Merge pull request #368 from andurin/lastline_verifyssl. [Christian Studer] + + Lastline verify_ssl option + +* Lastline verify_ssl option. [Hendrik] + + Helps people with on-prem boxes + + +## v2.4.121 (2020-02-06) + +### Fix + +* Making pep8 happy. [chrisr3d] + +* [tests] Fixed BGP raking module test. [chrisr3d] + +### Other + +* Merge pull request #367 from joesecurity/master. [Christian Studer] + + joe: (1) allow users to disable PE object import (2) set 'to_ids' to False + +* Joe: (1) allow users to disable PE object import (2) set 'to_ids' to False. [Georg Schölly] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #365 from ostefano/analysis. [Alexandre Dulaunoy] + + change: migrate to analysis API when submitting files to Lastline + +* Change: migrate to analysis API when submitting tasks to Lastline. [Stefano Ortolani] + +* Merge pull request #364 from cudeso/master. [Christian Studer] + + 2nd fix for VT Public module + +* 2nd fix for VT Public module. [Koen Van Impe] + +* Fix error message in Public VT module. [Koen Van Impe] + + +## v2.4.120 (2020-01-21) + +### New + +* Updated ipasn and added vt_graph documentation. [chrisr3d] + +* Enrichment module for querying APIVoid with domain attributes. [chrisr3d] + +### Changes + +* Making ipasn module return asn object(s) [chrisr3d] + + - Latest changes on the returned value as string + broke the freetext parser, because no asn number + could be parsed when we return the full json + blob as a freetext attribute + - Now returning asn object(s) with a reference to + the initial attribute + +* Bumped pipfile.lock with up-to-date libraries and new vt_graph_api library requirement. [chrisr3d] + +* Checking attributes category. [chrisr3d] + + - We check the category before adding the + attribute to the event + - Checking if the category is correct and if not, + doing a case insensitive check + - If the category is not correct after the 2 first + tests, we simply delete it from the attribute + and pymisp will give the attribute a default + category value based on the atttribute type, at + the creation of the attribute + +* Regenerated the modules documentation following the latest changes. [chrisr3d] + +* Updated documentation following the latest changes on the passive dns module. [chrisr3d] + +* Made circl_passivedns module able to return MISP objects. [chrisr3d] + +* Updated documentation following the latest changes on the passive ssl module. [chrisr3d] + +* Made circl_passivessl module able to return MISP objects. [chrisr3d] + +* Bump dependencies. [Raphaël Vinot] + +* Install faup in travis. [Raphaël Vinot] + +* Deactive emails tests, need update. [Raphaël Vinot] + +* Update email import module, support objects. [Raphaël Vinot] + +* Bump dependencies. [Raphaël Vinot] + +### Fix + +* Fixed ipasn test input format + module version updated. [chrisr3d] + +* Updated ipasn test following the latest changes on the module. [chrisr3d] + +* Typo. [chrisr3d] + +* Fixed vt_graph imports. [chrisr3d] + +* Fixed pep8 in the new module and related libraries. [chrisr3d] + +* Fixed typo on function import. [chrisr3d] + +* [doc] Added APIVoid logo. [chrisr3d] + +* Making pep8 happy with whitespace after ':' [chrisr3d] + +* [tests] With values, tests are always better ... [chrisr3d] + +* [tests] Fixed copy paste issue. [chrisr3d] + +* [tests] Fixed error catching in passive dns and ssl modules. [chrisr3d] + +* [tests] Avoiding issues with btc addresses. [chrisr3d] + +* Making pep8 happy by having spaces around '+' operators. [chrisr3d] + +* [tests] Added missing variable. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Missing dependency in travis. [Raphaël Vinot] + +* Properly install pymisp with file object dependencies. [Raphaël Vinot] + +* Quick variable name fix. [chrisr3d] + +* OTX tests were failing, new entry. [Raphaël Vinot] + +* Somewhat broken emails needed some love. [Raphaël Vinot] + +* MIssing parameter in skip. [Raphaël Vinot] + +* Missing pushd. [Raphaël Vinot] + +* Missing sudo. [Raphaël Vinot] + +### Other + +* Merge pull request #361 from VirusTotal/master. [Christian Studer] + + add vt_graph export module + +* Add vt-graph-api to the requirements. [Alvaro Garcia] + +* Add vt_graph export module. [Alvaro Garcia] + +* Merge pull request #360 from ec4n6/patch-1. [Alexandre Dulaunoy] + + Fix ipasn.py bug + +* Update ipasn.py. [Erick Cheng] + +* Add: Documentation for the new API Void module. [chrisr3d] + +* Add: [tests] Test case for the APIVoid module. [chrisr3d] + +* Revert "fix: [tests] Fixed copy paste issue" [chrisr3d] + + This reverts commit fd711475dd84749063f9ff15961453f90c804101. + +* Add: Test cases for reworked passive dns and ssl modules. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + + +## v2.4.119 (2019-12-03) + +### Changes + +* Bump dependencies. [Raphaël Vinot] + +* Use MISPObject in ransomcoindb. [Raphaël Vinot] + +* Reintroducing the limit to reduce the number of recursive calls to the API when querying for a domain. [chrisr3d] + +### Fix + +* Making pep8 happy. [chrisr3d] + +* Fixed AssemblyLine input description. [chrisr3d] + +* Fixed input types list since domain should not be submitted to AssemblyLine. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Added missing AssemblyLine logo. [chrisr3d] + +* Avoiding KeyError exception when no result is found. [chrisr3d] + +### Other + +* Merge pull request #356 from ostefano/lastline. [Alexandre Dulaunoy] + + add: Modules to query/import/submit data from/to Lastline + +* Add: Modules to query/import/submit data from/to Lastline. [Stefano Ortolani] + +* Revert "Merge pull request #341 from StefanKelm/master" [Raphaël Vinot] + + This reverts commit 1df0d9152ed3346a9432393177c89e137bfc0c64, reversing + changes made to 6042619c6b7fb40fd77b5328f933e67e839e1e83. + + This PR was a fixing a typo in a test case. The typo is in a 3rd party + service. + +* Merge pull request #341 from StefanKelm/master. [Raphaël Vinot] + + Update test_expansions.py + +* Update test_expansions.py. [StefanKelm] + + Tiniest of typos + +* Merge branch 'aaronkaplan-master' [Raphaël Vinot] + +* Oops , use relative import. [aaronkaplan] + +* Use a helpful user-agent string. [aaronkaplan] + +* Final url fix. [aaronkaplan] + +* Revert "fix url" [aaronkaplan] + + This reverts commit 44130e2bf9842c03fb80245b90a873917b56df74. + +* Revert "fix url again" [aaronkaplan] + + This reverts commit c5924aee2543b268b296a57096e636261676b63c. + +* Fix url again. [aaronkaplan] + +* Fix url. [aaronkaplan] + +* Mention the ransomcoindb in the README file as a new module. [aaronkaplan] + +* Remove pprint. [aaronkaplan] + +* Initial version of the ransomcoindb expansion module. [aaronkaplan] + +* Merge pull request #352 from aaronkaplan/patch-1. [Alexandre Dulaunoy] + + Update README.md + +* Update README.md. [AaronK] + + fixes #351 + +* Add: Added documentation for the AssemblyLine query module. [chrisr3d] + +* Add: Module to query AssemblyLine and parse the results. [chrisr3d] + + - Takes an AssemblyLine submission link to query + the API and get the full submission report + - Parses the potentially malicious files and the + IPs, domains or URLs they are connecting to + - Possible improvement of the parsing filters in + order to include more data in the MISP event + +* Add: Added documentation and description in readme for the AssemblyLine submit module. [chrisr3d] + +* Add: Updated python dependencies to include the assemblyline_client library. [chrisr3d] + +* Add: New expansion module to submit samples and urls to AssemblyLine. [chrisr3d] + + +## v2.4.118 (2019-11-08) + +### Changes + +* Using EQL module description from blaverick62. [chrisr3d] + +* [test expansion] Enhanced results parsing. [chrisr3d] + +* [travis] skip E226 as it's more a question of style. [Alexandre Dulaunoy] + +* [apiosintds] make flake8 happy. [Alexandre Dulaunoy] + +* [Pipfile] apiosintDS added as required by new module. [Alexandre Dulaunoy] + +* [env] Pipfile updated. [Alexandre Dulaunoy] + +* [pipenv] updated. [Alexandre Dulaunoy] + +* Avoids returning empty values + easier results parsing. [chrisr3d] + +* Taking into consideration if a user agent is specified in the module configuration. [chrisr3d] + +* Updated csv import documentation. [chrisr3d] + +### Fix + +* Fixed csv file parsing. [chrisr3d] + +* Fixed Xforce Exchange authentication + rework. [chrisr3d] + + - Now able to return MISP objects + - Support of the xforce exchange authentication + with apikey & apipassword + +* Added urlscan & secuirtytrails modules in __init__ list. [chrisr3d] + +* Avoiding empty config error on passivetotal module. [chrisr3d] + +* More clarity on the exception raised on the securitytrails module. [chrisr3d] + +* Better exceptions handling on the passivetotal module. [chrisr3d] + +* Fixed results parsing for various module tests. [chrisr3d] + +* Fixed variable name. [chrisr3d] + +* Bumped Pipfile.lock with the latest libraries versions. [chrisr3d] + +* Fixed config parsing and the associated error message. [chrisr3d] + +* Fixed config parsing + results parsing. [chrisr3d] + + - Avoiding errors with config field when it is + empty or the apikey is not set + - Parsing all the results instead of only the + first one + +* Fixed VT results. [chrisr3d] + +* Making urlscan module available in MISP for ip attributes. [chrisr3d] + + - As expected in the the handler function + +* Avoiding various modules to fail with uncritical issues. [chrisr3d] + + - Avoiding securitytrails to fail with an unavailable + feature for free accounts + - Avoiding urlhaus to fail with input attribute + fields that are not critical for the query and + results + - Avoiding VT modules to fail when a certain + resource does not exist in the dataset + +* Fixed config field parsing for various modules. [chrisr3d] + + - Same as previous commit + +* [expansion] Better config field handling for various modules. [chrisr3d] + + - Testing if config is present before trying to + look whithin the config field + - The config field should be there when the module + is called form MISP, but it is not always the + case when the module is queried from somewhere else + +* [test expansion] Using CVE with lighter results. [chrisr3d] + +* Avoid issues when some config fields are not set. [chrisr3d] + +* Updated pipfile.lock with the correct geoip2 library info. [chrisr3d] + +* Fixed requirements for pymisp and geoip python libraries. [chrisr3d] + +* Fixed Geoip with the supported python library + fixed Geolite db path management. [chrisr3d] + +* Removed unused self param turning the associated functions into static methods. [chrisr3d] + +* Updates following the latest CVE-search version. [chrisr3d] + + - Support of the new vulnerable configuration + field for CPE version > 2.2 + - Support of different 'unknown CWE' message + +* Fixed module names with - to avoid errors with python paths. [chrisr3d] + +* Fixed tesseract python library issues. [Christian Studer] + + - Avoiding 'tesseract is not installed or it's not in your path' issues + +* Using absolute path to open files instead of relative path. [chrisr3d] + +* Removed unused import\ [chrisr3d] + +* Handling issues when the otx api is queried too often in a short time. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Avoiding empty values + Fixed empty types error + Fixed filename KeyError. [chrisr3d] + +* Fixed ThreatMiner results parsing. [chrisr3d] + +* Catching wikidata errors properly + fixed errors parsing. [chrisr3d] + +* Grouped two if conditions to avoid issues with variable unassigned if the second condition is not true. [chrisr3d] + +* Handling errors and exceptions for expansion modules tests that could fail due to a connection error. [chrisr3d] + +* Considering the case of empty results. [chrisr3d] + +* Catching results exceptions properly. [chrisr3d] + +* Catching exceptions and results properly depending on the cases. [chrisr3d] + +* Handling cases where there is no result from the query. [chrisr3d] + +* DBL spamhaus test. [chrisr3d] + +* Quick typo & dbl spamhaus test fixes. [chrisr3d] + +* Fixed pattern parsing + made the module hover only. [chrisr3d] + +* Travis tests should be happy now. [chrisr3d] + +* Copy paste syntax error. [chrisr3d] + +* Fixed greynoise test following the latest changes on the module. [chrisr3d] + +* Returning results in text format. [chrisr3d] + + - Makes the hover functionality display the full + result instead of skipping the records list + +* Making pep8 happy. [chrisr3d] + +* Avoiding errors with uncommon lines. [chrisr3d] + + - Excluding first from data parsed all lines that + are comments or empty + - Skipping lines with failing indexes + +* Fixed unassigned variable name. [chrisr3d] + +* Removed no longer used variables. [chrisr3d] + +* Csv import rework & improvement. [chrisr3d] + + - More efficient parsing + - Support of multiple csv formats + - Possibility to customise headers + - More improvement to come for external csv file + +* Making pep8 happy. [chrisr3d] + +* [tests] Fixed tests to avoid config issues with the cve module. [chrisr3d] + + - Config currently empty in the module, but being + updated soon with a pending pull request + +### Other + +* Add: Updated documentation with the EQL export module. [chrisr3d] + +* Merge branch 'master' of github.com:blaverick62/misp-modules. [chrisr3d] + +* Added documentation json for new modules. [Braden Laverick] + +* Updated README to include EQL modules. [Braden Laverick] + +* Add: Xforce Exchange module tests. [chrisr3d] + +* Merge pull request #347 from MISP/tests. [Christian Studer] + + More advanced expansion tests + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Add: Updated documentation with the latest modules info. [chrisr3d] + +* Updated README with new modules and fixed some links. [chrisr3d] + +* Add: Added test for vulners module. [chrisr3d] + +* Add: Added qrcode module test with its test image. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Merge pull request #346 from blaverick62/master. [Alexandre Dulaunoy] + + EQL Query Generation Modules + +* Removed extraneous comments and unused imports. [Braden Laverick] + +* Fixed python links. [Braden Laverick] + +* Changed file name to mass eql export. [Braden Laverick] + +* Fixed comments. [Braden Laverick] + +* Added ors for compound queries. [Braden Laverick] + +* Fixed syntax error. [Braden Laverick] + +* Changed to single attribute EQL. [Braden Laverick] + +* Added EQL enrichment module. [Braden Laverick] + +* Fixed string formatting. [Braden Laverick] + +* Fixed type error in JSON parsing. [Braden Laverick] + +* Attempting to import endgame module. [Braden Laverick] + +* Added endgame export to __all__ [Braden Laverick] + +* Added EQL export test module. [Braden Laverick] + +* Add: [test expansion] Added various tests for modules with api authentication. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Add: [test expansion] New modules tests. [chrisr3d] + + - Starting testing some modules with api keys + - Testing new apiosintDS module + +* Merge pull request #344 from davidonzo/master. [Alexandre Dulaunoy] + + Added apiosintDS module to query OSINT.digitalside.it services + +* Added apiosintDS module to query OSINT.digitalside.it services. [Davide] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #345 from 0xmilkmix/fix_geoip2. [Alexandre Dulaunoy] + + updated to geoip2 to support mmdb format + +* Updated to geoip2 to support mmdb format. [milkmix] + +* Add: cve_advanced module test + functions to test attributes and objects results. [chrisr3d] + +* Merge pull request #342 from MISP/tests. [Christian Studer] + + More expansion tests + +* Merge branch 'tests' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Add: Tests for all the office, libreoffice, pdf & OCR enrich modules. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Add: threatminer module test. [chrisr3d] + +* Add: Tests for expansion modules with different input types. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #339 from MISP/tests. [Christian Studer] + + Expansion modules tests update + +* Add: Added tests for the rest of the easily testable expansion modules. [chrisr3d] + + - More tests for more complex modules to come soon + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Merge branch 'tests' of github.com:MISP/misp-modules. [chrisr3d] + +* Add: Tests for sigma queries and syntax validator modules. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into tests. [chrisr3d] + +* Add: More modules tested. [chrisr3d] + +* Add: Added tests for some expansion modules without API key required. [chrisr3d] + + - More tests to come + +* Merge pull request #338 from MISP/features_csvimport. [Christian Studer] + + Fixed the CSV import module + +* Merge pull request #335 from FafnerKeyZee/patch-2. [Christian Studer] + + Travis should not be complaining with the tests after the latest update on "test_cve" + +* Adding custom API. [Fafner [_KeyZee_]] + + Adding the possibility to have our own API server. + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #334 from FafnerKeyZee/patch-1. [Alexandre Dulaunoy] + + Cleaning the error message + +* Cleaning the error message. [Fafner [_KeyZee_]] + + The original message can be confusing is the user change to is own API. + + +## v2.4.116 (2019-09-17) + +### Other + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #329 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy] + + Update mkdocs documentation + +* Fixing Install.md. [8ear] + +* Fix Install.md. [8ear] + +* Change Install documentation. [8ear] + +* Merge pull request #328 from 8ear/8ear-add-docker-capabilitites. [Alexandre Dulaunoy] + + Add Docker Capabilitites + +* Add .travis.yml command for docker build. [8ear] + +* Merge github.com:MISP/misp-modules into 8ear-add-docker-capabilitites. [8ear] + +* Disable not required package virtualenv for final stage. [8ear] + +* Fix entrypoint bug. [8ear] + +* Improve the Dockerfile. [8ear] + +* Add Dockerfile, Entrypoint and Healthcheck script. [8ear] + +* Update install doc. [8ear] + +* Bugfixing for MISP-modules. [8ear] + +* Add: New parameter to specify a custom CVE API to query. [chrisr3d] + + - Any API specified here must return the same + format as the CIRCL CVE search one in order to + be supported by the parsing functions, and + ideally provide response to the same kind of + requests (so the CWE search works as well) + + +## v2.4.114 (2019-08-30) + +### Changes + +* [cuckooimport] Handle archives downloaded from both the WebUI and the API. [Pierre-Jean Grenier] + +### Fix + +* Prevent symlink attacks. [Pierre-Jean Grenier] + +* Have I been pwned API changed again. [Raphaël Vinot] + +### Other + +* Merge pull request #327 from zaphodef/cuckooimport. [Alexandre Dulaunoy] + + fix: prevent symlink attacks + +* Merge pull request #326 from zaphodef/cuckooimport. [Alexandre Dulaunoy] + + chg: [cuckooimport] Handle archives downloaded from both the WebUI and the API + + +## v2.4.113 (2019-08-19) + +### New + +* Rewrite cuckooimport. [Pierre-Jean Grenier] + +### Changes + +* Update PyMISP version. [Pierre-Jean Grenier] + +### Fix + +* Avoiding issues when no CWE id is provided. [chrisr3d] + +* Fixed unnecessary dictionary field call. [chrisr3d] + + - No longer necessary to go under 'Event' field + since PyMISP does not contain it since the + latest update + +### Other + +* Merge pull request #322 from zaphodef/cuckooimport. [Alexandre Dulaunoy] + + Rewrite cuckooimport + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Add: Added initial event to reference it from the vulnerability object created out of it. [chrisr3d] + + +## v2.4.112 (2019-08-02) + +### New + +* First version of an advanced CVE parser module. [chrisr3d] + + - Using cve.circl.lu as well as the initial module + - Going deeper into the CVE parsing + - More parsing to come with the CWE, CAPEC and so on + +### Changes + +* [docs] add additional references. [Alexandre Dulaunoy] + +* [travis] revert. [Alexandre Dulaunoy] + +* [travis] github token. [Alexandre Dulaunoy] + +* [travis] mkdocs disabled for the time being. [Alexandre Dulaunoy] + +* [doc] Fix #317 - update the link to the latest version of the training. [Alexandre Dulaunoy] + +* [doc] README updated to the latest version. [Alexandre Dulaunoy] + +* [docs] symbolic link removed. [Alexandre Dulaunoy] + +* [docs] add logos symbolic link. [Alexandre Dulaunoy] + +* Add print to figure out what's going on on travis. [Raphaël Vinot] + +* Bump dependencies. [Raphaël Vinot] + +* Updated the module to work with the updated VirusTotal API. [chrisr3d] + + - Parsing functions updated to support the updated + format of the VirusTotal API responses + - The module can now return objects + - /!\ This module requires a high number of + requests limit rate to work as expected /!\ + +* Adding references between a domain and their siblings. [chrisr3d] + +* Getting domain siblings attributes uuid for further references. [chrisr3d] + +### Fix + +* Using the attack-pattern object template (copy-paste typo) [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Fixed cvss-score object relation name. [chrisr3d] + +* Avoid issues when there is no pe field in a windows file sample analysis. [chrisr3d] + + - For instance: doc file + +* Avoid adding file object twice if a KeyError exception comes for some unexpected reasons. [chrisr3d] + +* Testing if file & registry activities fields exist before trying to parse it. [chrisr3d] + +* Testing if there is some screenshot data before trying to fetch it. [chrisr3d] + +* Fixed direction of the relationship between files, PEs and their sections. [chrisr3d] + + - The file object includes a PE, and the PE + includes sections, not the other way round + +* Fixed variable names. [chrisr3d] + +* Wrong change in last commit. [Raphaël Vinot] + +* Skip tests on haveibeenpwned.com if 403. Make pep8 happy. [Raphaël Vinot] + +* Changed the way references added at the end are saved. [chrisr3d] + + - Some references are saved until they are added + at the end, to make it easier when needed + - Here we changed the way they are saved, from a + dictionary with some keys to identify each part + to the actual dictionary with the keys the + function add_reference needs, so we can directly + use this dictionary as is when the references are + added to the different objects + +* Fixed link in documentation. [chrisr3d] + +* Avoiding issues with non existing sample types. [chrisr3d] + +* Undetected urls are represented in lists. [chrisr3d] + +* Changed function name to avoid confusion with the same variable name. [chrisr3d] + +* Quick fix on siblings & url parsing. [chrisr3d] + +* Typo. [chrisr3d] + +* Parsing detected & undetected urls. [chrisr3d] + +* Various fixes about typo, variable names, data types and so on. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +### Other + +* Merge pull request #319 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy] + + Add `make deploy` to Makefile + +* Added docker and non-docker make commands. [8ear] + +* Add `make deploy` [8ear] + +* Merge pull request #318 from chrisr3d/master. [Christian Studer] + + Updated cve_advanced module to parse CWE and CAPEC data related to the CVE + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Add: Making vulnerability object reference to its related capec & cwe objects. [chrisr3d] + +* Add: Parsing CAPEC information related to the CVE. [chrisr3d] + +* Add: Parsing CWE related to the CVE. [chrisr3d] + +* Merge pull request #316 from 8ear/8ear-add-mkdocs-documentation. [Alexandre Dulaunoy] + + Add web documentation via mkdocs + +* Fix Bugs. [8ear] + +* Fix Fossa in index.md. [8ear] + +* Delete unused file. [8ear] + +* Change mkdocs deploy method. [8ear] + +* Change index.md. [8ear] + +* Merge branch 'master' into 8ear-add-mkdocs-documentation. [Max H] + +* Add: Parsing linux samples and their elf data. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Add: Parsing apk samples and their permissions. [chrisr3d] + +* Add: Added virustotal_public to the list of available modules. [chrisr3d] + +* Add: TODO comment for the next improvement. [chrisr3d] + +* Add: [documentation] Updated README and documentation with the virustotal modules changes. [chrisr3d] + +* Add: Parsing communicating samples returned by domain reports. [chrisr3d] + +* Add: Parsing downloaded samples as well as the referrer ones. [chrisr3d] + +* Add: Object for VirusTotal public API queries. [chrisr3d] + + - Lighter analysis of the report to avoid reaching + the limit of queries per minute while recursing + on the different elements + +* Add: Updated README file with the new module description. [chrisr3d] + +* Change contribute.md. [8ear] + +* Update index.md. [8ear] + +* Add mkdocs as a great web documentation. [8ear] + +* Merge pull request #1 from fossabot/master. [Max H] + + Add license scan report and status + +* Add license scan report and status. [fossabot] + + +## v2.4.110 (2019-07-08) + +### New + +* [doc] Joe Sandbox added in the list. [Alexandre Dulaunoy] + +* Expansion module to query urlhaus API. [chrisr3d] + + - Using the next version of modules, taking a + MISP attribute as input and able to return + attributes and objects + - Work still in process in the core part + +### Changes + +* [documentation] Making URLhaus visible from the github page. [chrisr3d] + + - Because of the white color, the logo was not + visible at all + +* Moved JoeParser class to make it reachable from expansion & import modules. [chrisr3d] + +* [install] REQUIREMENTS file updated. [Alexandre Dulaunoy] + +* [install] Pipfile.lock updated. [Alexandre Dulaunoy] + +* [requirements] Python API wrapper for the Joe Sandbox API added. [Alexandre Dulaunoy] + +* Bump dependencies. [Raphaël Vinot] + +* [pep8] try/except # noqa. [Steve Clement] + + Not sure how to make flake happy on this one. + +* Updated csvimport to support files from csv export + import MISP objects. [chrisr3d] + +### Fix + +* Added missing add_attribute function. [chrisr3d] + +* [documentation] Fixed json file name. [chrisr3d] + +* [documentation] Fixed some description & logo. [chrisr3d] + +* Testing if an object is not empty before adding it the the event. [chrisr3d] + +* Making travis happy. [chrisr3d] + +* Support of the latest version of sigmatools. [chrisr3d] + +* We will display galaxies with tags. [chrisr3d] + +* Returning tags & galaxies with results. [chrisr3d] + + - Tags may exist with the current version of the + parser + - Galaxies are not yet expected from the parser, + nevertheless the principle is we want to return + them as well if ever we have some galaxies from + parsing a JoeSandbox report. Can be removed if + we never galaxies at all + +* Removed duplicate finalize_results function call. [chrisr3d] + +* Making pep8 happy + added joe_import module in the init list. [chrisr3d] + +* Fixed variable name typo. [chrisr3d] + +* Fixed references between domaininfo/ipinfo & their targets. [chrisr3d] + + - Fixed references when no target id is set + - Fixed domaininfo parsing when no ip is defined + +* Some quick fixes. [chrisr3d] + + - Fixed strptime matching because months are + expressed in abbreviated format + - Made data loaded while the parsing function is + called, in case it has to be called multiple + times at some point + +* Making pep8 & travis happy. [chrisr3d] + +* Added references between processes and the files they drop. [chrisr3d] + +* Avoiding network connection object duplicates. [chrisr3d] + +* Avoid creating a signer info object when the pe is not signed. [chrisr3d] + +* Avoiding dictionary indexes issues. [chrisr3d] + + - Using tuples as a dictionary indexes is better + than using generators... + +* Avoiding attribute & reference duplicates. [chrisr3d] + +* Handling case of multiple processes in behavior field. [chrisr3d] + + - Also starting parsing file activities + +* Testing if some fields exist before trying to import them. [chrisr3d] + + - Testing for pe itself, pe versions and pe signature + +* Removed test print. [chrisr3d] + +* Fixed output format to match with the recent changes on modules. [chrisr3d] + +* Making pep8 happy. [chrisr3d] + +* Checking not MISP header fields. [chrisr3d] + + - Rejecting fields not recognizable by MISP + +* Using pymisp classes & methods to parse the module results. [chrisr3d] + +* Clearer user config messages displayed in the import view. [chrisr3d] + +* Removed unused library. [chrisr3d] + +* Make pep8 happy. [chrisr3d] + +* [pep8] More fixes. [Steve Clement] + +* [pep8] More pep8 happiness. [Steve Clement] + +* [pep8] Fixes. [Steve Clement] + +* Fixed standard MISP csv format header. [root] + + - The csv header we can find in data produced from + MISP restSearch csv format is the one to use to + recognize a csv file produced by MISP + +* Fixed introspection fields for csvimport & goamlimport. [root] + + - Added format field for goaml so the module is + known as returning MISP attributes & objects + - Fixed introspection to make the format, user + config and input source fields visible from + MISP (format also added at the same time) + +* Fixed libraries import that changed with the latest merge. [root] + +* Fixed fields parsing to support files from csv export with additional context. [chrisr3d] + +* Handling the case of Context included in the csv file exported from MISP. [chrisr3d] + +* Fixed changes omissions in handler function. [chrisr3d] + +* Fixed object_id variable name typo. [root] + +* Making json_decode even happier with full json format. [chrisr3d] + + - Using MISPEvent because it is cleaner & easier + - Also cleaner implementation globally + +* Using to_dict on attributes & objects instead of to_json to make json_decode happy in the core part. [chrisr3d] + +### Other + +* Add: [documentation] Added some missing documentation for the most recently added modules. [chrisr3d] + +* Add: [documentation] Added documentation for Joe Sandbox & URLhaus. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #309 from Kortho/patch-2. [Steve Clement] + + changed service pointer + +* Changed service pointer. [Kortho] + + Changed so the service starts the modules in the venv where they are installed + +* Merge pull request #308 from Kortho/patch-1. [Steve Clement] + + Fixed missing dependencies for RHEL install + +* Fixed missing dependencies for RHEL install. [Kortho] + + Added dependencies needed for installing the python library pdftotext + +* Add: Added screenshot of the behavior of the analyzed sample. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #307 from ninoseki/fix-missing-links. [Alexandre Dulaunoy] + + Fix missing links in README.md + +* Fix missing links in README.md. [Manabu Niseki] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge pull request #306 from MISP/new_module. [Alexandre Dulaunoy] + + New modules able to return MISP objects + +* Add: Added new modules to the list. [chrisr3d] + +* Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge pull request #305 from joesecurity/new_module. [Alexandre Dulaunoy] + + joesandbox_query.py: improve behavior in unexpected circumstances + +* Joesandbox_query.py: improve behavior in unexpected circumstances. [Georg Schölly] + +* Add: New expansion module to query Joe Sandbox API with a report link. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'joesecurity-joesandbox_submit' [Alexandre Dulaunoy] + +* Merge branch 'joesandbox_submit' of https://github.com/joesecurity/misp-modules into joesecurity-joesandbox_submit. [Alexandre Dulaunoy] + +* Add expansion for joe sandbox. [Georg Schölly] + +* Merge pull request #304 from joesecurity/new_module. [Alexandre Dulaunoy] + + add support for url analyses + +* Support url analyses. [Georg Schölly] + +* Improve forwards-compatibility. [Georg Schölly] + +* Add: Parsing MITRE ATT&CK tactic matrix related to the Joe report. [chrisr3d] + +* Add: Parsing domains, urls & ips contacted by processes. [chrisr3d] + +* Add: Starting parsing dropped files. [chrisr3d] + +* Add: Starting parsing network behavior fields. [chrisr3d] + +* Add: Parsing registry activities under processes. [chrisr3d] + +* Add: Parsing processes called by the file analyzed in the joe sandbox report. [chrisr3d] + +* Add: Parsing some object references at the end of the process. [chrisr3d] + +* Add: [new_module] Module to import data from Joe sandbox reports. [chrisr3d] + + - Parsing file, pe and pe-section objects from the + report file info field + - Deeper file info parsing to come + - Other fields parsing to come as well + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge pull request #300 from cudeso/master. [Alexandre Dulaunoy] + + Bugfix for "sources" ; do not include as IDS for "access" registry keys + +* Bugfix for "sources" ; do not include as IDS for "access" registry keys. [Koen Van Impe] + + - Bugfix to query "operations" in files, mutex, registry + - Do not set IDS flag for registry 'access' operations + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* New VMRay modules (#299) [Steve Clement] + + New VMRay modules + +* New VMRay modules. [Koen Van Impe] + + New JSON output format of VMRay + Prepare for automation (via PyMISP) with workflow taxonomy tags + +* Merge pull request #1 from MISP/master. [Koen Van Impe] + + Sync + +* Add: Added urlhaus in the expansion modules init list. [root] + +* Merge branch 'new_module' of https://github.com/MISP/misp-modules into new_module. [root] + +* Merge branch 'features_csvimport' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] + +* Merge branch 'features_csvimport' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into features_csvimport. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge branch 'master' of https://github.com/MISP/misp-modules into new_module. [root] + +* Merge branch 'master' of https://github.com/MISP/misp-modules into new_module. [root] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + + +## v2.4.106 (2019-04-27) + +### New + +* Devel mode. [Raphaël Vinot] + + Fix #293 + +* Modules for greynoise, haveibeenpwned and macvendors. [Raphaël Vinot] + +* Add missing dependency (backscatter) [Raphaël Vinot] + +* Add systemd launcher. [Raphaël Vinot] + +* Intel471 module. [Raphaël Vinot] + +* [btc] Very simple BTC expansion chg: [req] yara-python is preferred. [Steve Clement] + +* First version of a yara rule creation expansion module. [chrisr3d] + +* Documentation concerning modules explained in markdown file. [chrisr3d] + +* Expansion hover module to check spamhaus DBL for a domain name. [chrisr3d] + +### Changes + +* [doc] install of deps updated. [Alexandre Dulaunoy] + +* Bump REQUIREMENTS. [Raphaël Vinot] + +* Bump dependencies. [Raphaël Vinot] + +* [doc] new MISP expansion modules added for PDF, OCR, DOCX, XLSX, PPTX , ODS and ODT. [Alexandre Dulaunoy] + +* [init] cleanup for pep. [Alexandre Dulaunoy] + +* [pdf-enrich] updated. [Alexandre Dulaunoy] + +* [Pipfile] collection removed. [Alexandre Dulaunoy] + +* Bump dependencies. [Raphaël Vinot] + +* [doc] Added new dependencies and updated RHEL/CentOS howto. (#295) [Steve Clement] + + chg: [doc] Added new dependencies and updated RHEL/CentOS howto. + +* [doc] Added new dependencies and updated RHEL/CentOS howto. [Steve Clement] + +* [init] removed trailing whitespace. [Alexandre Dulaunoy] + +* [ocr] re module not used - removed. [Alexandre Dulaunoy] + +* Bump dependencies, update REQUIREMENTS file. [Raphaël Vinot] + +* [doc] cuckoo_submit module added. [Alexandre Dulaunoy] + +* Require python3 instead of python 3.6. [Raphaël Vinot] + +* [travis] because we all need sudo. [Alexandre Dulaunoy] + +* [travis] because everyone need a bar. [Alexandre Dulaunoy] + +* [doc] qrcode and Cisco FireSight added. [Alexandre Dulaunoy] + +* [qrcode] add requirements. [Alexandre Dulaunoy] + +* [qrcode] added to the __init__ [Alexandre Dulaunoy] + +* [qrcode] flake8 needs some drugs. [Alexandre Dulaunoy] + +* [qrcode] various fixes to make it PEP compliant. [Alexandre Dulaunoy] + +* Bump dependencies. [Raphaël Vinot] + + Fix CVE-2019-11324 (urllib3) + +* Bump Dependencies. [Raphaël Vinot] + +* [doc] Updated README to reflect current virtualenv efforts. TODO: pipenv. [Steve Clement] + +* [doc] new modules added. [Alexandre Dulaunoy] + +* Bump dependencies. [Raphaël Vinot] + +* Bump dependencies. [Raphaël Vinot] + +* Bump Requirements. [Raphaël Vinot] + +* [doc] asciidoctor requirement removed (new PDF module use reportlab) [Alexandre Dulaunoy] + +* Bump dependencies, add update script. [Raphaël Vinot] + +* [doc] PDF export. [Alexandre Dulaunoy] + +* [pdfexport] make flake8 happy. [Alexandre Dulaunoy] + +* [pipenv] fix the temporary issue that python-yara is not officially released. [Alexandre Dulaunoy] + +* [requirements] reportlab added. [Alexandre Dulaunoy] + +* [pipenv] Pipfile.lock updated. [Alexandre Dulaunoy] + +* [requirements] updated. [Alexandre Dulaunoy] + +* [PyMISP] dep updated to the latest version. [Alexandre Dulaunoy] + +* PyMISP requirement. [Alexandre Dulaunoy] + +* [pypi] Made sure url-normalize installs less stric. [Steve Clement] + +* [btc_scam_check] fix spacing for making flake 8 happy. [Alexandre Dulaunoy] + +* [backscatter.io] blind fix regarding undefined value. [Alexandre Dulaunoy] + +* [doc] backscatter.io updated. [Alexandre Dulaunoy] + +* [doc] backscatter.io documentation added. [Alexandre Dulaunoy] + +* [backscatter.io] remove blank line at the end of the file. [Alexandre Dulaunoy] + +* [backscatter.io] Exception handler fixed for recent version of Python. [Alexandre Dulaunoy] + +* Bump dependencies. [Raphaël Vinot] + +* Use pipenv, update bgpranking/ipasn modules. [Raphaël Vinot] + +* [doc] Nexthink module added. [Alexandre Dulaunoy] + +* [doc] osquery export module added. [Alexandre Dulaunoy] + +* [doc] Nexthink export format added. [Alexandre Dulaunoy] + +* [doc] cannot type today. [Alexandre Dulaunoy] + +* [intel471] module added. [Alexandre Dulaunoy] + +* Regenerated documentation markdown file. [chrisr3d] + +* [onyphe] fix #252. [Alexandre Dulaunoy] + +* [btc] Removed simple PoC for btc expansion. [Steve Clement] + +* [doc] btc module added. [Alexandre Dulaunoy] + +* [doc] generated documentation updated. [Alexandre Dulaunoy] + +* [doc] btc module added to documentation. [Alexandre Dulaunoy] + +* [tools] Added psutil as a dependency to detect misp-modules PID. [Steve Clement] + +* [init] Added try/catch in case misp-modules is already running on a port, or port is in use... [Steve Clement] + +* Validating yara rules after their creation. [chrisr3d] + +* [documentation] osquery logo added. [Alexandre Dulaunoy] + +* [documentation] generated. [Alexandre Dulaunoy] + +* [docs] Added some missing dependencies and instructions for virtualenv deployment. [Steve Clement] + +* [doc] documentation generator updated to include links to source code. [Alexandre Dulaunoy] + +* Changed documentation markdown file name. [chrisr3d] + +* Structurded data. [chrisr3d] + +* Modified the mapping dictionary to support misp-objects updates. [chrisr3d] + +* Modified output format. [chrisr3d] + +* Add new dependency (oauth2) [Raphaël Vinot] + +* Dnspython3 has been superseded by the regular dnspython kit. [Raphaël Vinot] + +* Wikidata module added. [Alexandre Dulaunoy] + +* SPARQLWrapper added (for wikidata module) [Alexandre Dulaunoy] + +### Fix + +* Re-enable python 3.6 support. [Raphaël Vinot] + +* CTRL+C is working again. [Raphaël Vinot] + + Fix #292 + +* Make flake8 happy. [Raphaël Vinot] + +* [doc] Small typo fix. [Steve Clement] + +* Pep8 foobar. [Raphaël Vinot] + +* Add the new module sin the list of modules availables. [Raphaël Vinot] + +* Typos in variable names. [Raphaël Vinot] + +* Remove unused import. [Raphaël Vinot] + +* Tornado expects a KILL now. [Raphaël Vinot] + +* [exportpdf] update documentation. [Falconieri] + +* [exportpdf] custom path parameter. [Falconieri] + +* [exportpdf] add parameters. [Falconieri] + +* [exportpdf] mising whitespace. [Falconieri] + +* [exportpdf] problem on one line. [Falconieri] + +* [exportpdf] add configmodule parameter for galaxy. [Falconieri] + +* [reportlab] Textual description parameter. [Falconieri] + +* [pdfexport] Bugfix on PyMisp exportpdf call. [Falconieri] + +* Systemd service. [Raphaël Vinot] + +* Regenerated documentation. [chrisr3d] + +* Description fixed. [chrisr3d] + +* Pep8 related fixes. [Raphaël Vinot] + +* Make flake8 happy. [Raphaël Vinot] + +* Change in the imports in other sigma module. [Raphaël Vinot] + +* Change in the imports. [Raphaël Vinot] + +* Change module name. [Raphaël Vinot] + +* Allow redis details to be retrieved from environment variables. [Ruiwen Chua] + +* Remove tests on python 3.5. [Raphaël Vinot] + +* Make pep8 happy. [Raphaël Vinot] + +* Removed not valid input type. [chrisr3d] + +* Cleaned up not used variables. [chrisr3d] + +* Updated rbl module result format. [chrisr3d] + + - More readable as str than dumped json + +* Added Macaddress.io module in the init list. [chrisr3d] + +* Typo on input type. [chrisr3d] + +* Fixed type of the result in case of exception. [chrisr3d] + + - Set as str since some exception types are not + jsonable + +* Added hostname attribute support as it is intended. [chrisr3d] + +* Threatanalyzer_import - bugfix for TA6.1 behavior. [Christophe Vandeplas] + +* Displaying documentation items of each module by alphabetic order. [chrisr3d] + + - Also regenerated updated documentation markdown + +* Updated yara import error message. [chrisr3d] + + - Better to 'pip install -I -r REQUIREMENTS' to + have the correct yara-python version working + for all the modules, than having another one + failing with yara hash & pe modules + +* Specifying a yara-python version that works for hash & pe yara modules. [chrisr3d] + +* Making yara query an expansion module for single attributes atm. [chrisr3d] + +* Catching errors while parsing additional info in requests. [chrisr3d] + +* Reduced logos size. [chrisr3d] + +* Typo for separator between each explained module. [chrisr3d] + +* Making python 3.5 happy with the exception type ImportError. [chrisr3d] + +* Fixed exception type for python 3.5. [chrisr3d] + +* Fixed exception type. [chrisr3d] + +* Fixed syntax error. [chrisr3d] + +* Fixed indentation error. [chrisr3d] + +* Fixed 1 variable misuse + cleaned up variable names. [chrisr3d] + + - Fixed use of 'domain' variable instead of 'email' + - Cleaned up variable names to avoid redefinition + of built-in variables + +* Avoiding adding attributes that are already in the event. [chrisr3d] + +* Fixed quick variable issue. [chrisr3d] + +* Cleaned up test function not used anymore. [chrisr3d] + +* Multiple attributes parsing support. [chrisr3d] + + - Fixing one of my previous changes not processing + multiple attributes parsing + +* Removed print. [chrisr3d] + +* Some cleanup and output types fixed. [chrisr3d] + + - hashes types specified in output + +* Quick cleanup. [chrisr3d] + +* Quick cleanup. [chrisr3d] + +* Ta_import - bugfixes. [Christophe Vandeplas] + +* [cleanup] Quick clean up on exception type. [chrisr3d] + +* [cleanup] Quick clean up on yaml load function. [chrisr3d] + +* [cleanup] Quick clean up on exception type. [chrisr3d] + +* Put the report location parsing in a try/catch statement as it is an optional field. [chrisr3d] + +* Put the stix2-pattern library import in a try statement. [chrisr3d] + + --> Error more easily caught + +* Removed STIX related libraries, files, documentation, etc. [chrisr3d] + +* Avoid trying to build attributes with not intended fields. [chrisr3d] + + - Previously: if the header field is not an attribute type, then + it was added as an attribute field. + PyMISP then used to skip it if needed + + - Now: Those fields are discarded before they are put in an attribute + +* Using userConfig to define the header instead of moduleconfig. [chrisr3d] + +* Fixed input & output of the module. [chrisr3d] + +* Added an object checking. [Christian Studer] + + - Checking if there are objects in the event, and then if there is at least 1 transaction object + - This prevents the module from crashing, but does not guaranty having a valid GoAML file (depending on objects and their relations) + +* Fixed input & output of the module. [chrisr3d] + + Also updated some functions + +* Fixed typo of the aml type for country codes. [chrisr3d] + +* Typo in references mapping dictionary. [chrisr3d] + +* Added an object checking. [chrisr3d] + + - Checking if there are objects in the event, and then + if there is at least 1 transaction object + - This prevents the module from crashing, but does not + guaranty having a valid GoAML file (depending on + objects and their relations) + +* Added the moduleinfo field need to have MISP event in standard format. [chrisr3d] + +* Missing cve module test. [Alexandre Dulaunoy] + +* Goamlexport added. [Alexandre Dulaunoy] + +* Python version in Travis. [Alexandre Dulaunoy] + +* Solved reading problems for some files. [chrisr3d] + +* Skipping empty lines. [chrisr3d] + +* Make travis happy. [Raphaël Vinot] + +* OpenIOC importer. [Raphaël Vinot] + +* #137 when a CVE is not found, a return message is given. [Alexandre Dulaunoy] + +* Use the proper formatting method and not the horrible % one. [Hannah Ward] + +* Misp-modules are by default installed in /bin. [Alexandre Dulaunoy] + +* Module_config should be set as introspection relies on it. [Alexandre Dulaunoy] + +* Types array. [Alexandre Dulaunoy] + +* Run the server as "python3 misp-modules" [Raphaël Vinot] + +* Stupid off-by-n line... [Alexandre Dulaunoy] + +### Other + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Removed trailing whitespaces. [Sascha Rommelfangen] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] + +* New modules added. [Sascha Rommelfangen] + +* New requirements for new modules. [Sascha Rommelfangen] + +* Introduction of new modules. [Sascha Rommelfangen] + +* Merge remote-tracking branch 'upstream/master' [Steve Clement] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] + +* Renamed file. [Sascha Rommelfangen] + +* Renamed module. [Sascha Rommelfangen] + +* Initial version of OCR expansion module. [Sascha Rommelfangen] + +* Merge pull request #291 from Evert0x/submitcuckoo. [Alexandre Dulaunoy] + + Expansion module - File/URL submission to Cuckoo Sandbox + +* Generate latest version of documentation. [Ricardo van Zutphen] + +* Document Cuckoo expansion module. [Ricardo van Zutphen] + +* Use double quotes and provide headers correctly. [Ricardo van Zutphen] + +* Update Cuckoo module to support files and URLs. [Ricardo van Zutphen] + +* Update __init__.py. [Evert0x] + +* Create cuckoo_submit.py. [Evert0x] + +* Brackets are difficult... [Sascha Rommelfangen] + +* Merge branch 'qr-code-module' of https://github.com/rommelfs/misp-modules into rommelfs-qr-code-module. [Alexandre Dulaunoy] + +* Initial version of QR code reader. [Sascha Rommelfangen] + + Module accepts attachments and processes pictures. It tries to identify and analyze an existing QR code. + Identified values can be inserted into the event. + +* Merge branch 'iceone23-patch-1' [Raphaël Vinot] + +* Create cisco_firesight_manager_ACL_rule_export.py. [iceone23] + + Cisco Firesight Manager ACL Rule Export module + +* Merge pull request #289 from SteveClement/master. [Steve Clement] + + fix: [doc] Small typo fix + +* Merge remote-tracking branch 'upstream/master' [Steve Clement] + +* Merge pull request #285 from wesinator/patch-1. [Alexandre Dulaunoy] + + Fix command highlighting + +* Fix command highlighting. [Ԝеѕ] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] + +* Merge pull request #284 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + fix: [exportpdf] custom path parameter + +* Merge pull request #283 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + fix: [exportpdf] add parameters + +* Merge pull request #281 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + fix: [exportpdf] add configmodule parameter for galaxy + +* Merge pull request #282 from cgi1/patch-1. [Alexandre Dulaunoy] + + Adding virtualenv to apt-get install + +* Adding virtualenv to apt-get install. [cgi1] + +* Merge pull request #279 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + fix: [reportlab] Textual description parameter + +* Chr: Restart the modules after update. [Raphaël Vinot] + +* Fixed a bug when checking malformed BTC addresses. [Sascha Rommelfangen] + +* Merge remote-tracking branch 'upstream/master' [Steve Clement] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #278 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + chg: [pdfexport] Fix pdf export, by calling new PyMISP tool for Misp Event export + +* Fix [exportpdf] update parameters for links generation. [Falconieri] + +* Tidy: Remove old dead export code. [Falconieri] + +* Test 1 - PDF call. [Falconieri] + +* Print values. [Vincent-CIRCL] + +* Test update. [Vincent-CIRCL] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #276 from iwitz/patch-1. [Alexandre Dulaunoy] + + Add RHEL installation instructions + +* Add: rhel installation instructions. [iwitz] + +* Add: [doc] Added backscatter.io logo + regenerated documentation. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into new_module. [chrisr3d] + +* Merge pull request #274 from 9b/master. [Alexandre Dulaunoy] + + Backscatter.io expansion module + +* Use the write var on return. [9b] + +* Stubbed module. [9b] + +* Add: New module to check if a bitcoin address has been abused. [chrisr3d] + + - Also related update of documentation + +* Sometimes server doesn't return expected values. fixed. [Sascha Rommelfangen] + +* Merge pull request #266 from MISP/pipenv. [Raphaël Vinot] + + chg: Use pipenv, update bgpranking/ipasn modules, fix imports for sigma + +* Merge pull request #259 from ruiwen/fix_redis. [Alexandre Dulaunoy] + + fix: allow redis details to be retrieved from environment variables + +* Add: [doc] link documentation to README. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #258 from HacknowledgeCH/export_nexthink. [Alexandre Dulaunoy] + + Export nexthink + +* Added 2 blank lines to comply w/ pep8. [milkmix] + +* Removed unused re module. [milkmix] + +* Added documentation. [milkmix] + +* Added domain attributes support. [milkmix] + +* Support for md5 and sha1 hashes. [milkmix] + +* First export feature: sha1 attributes nxql query. [milkmix] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Sascha Rommelfangen] + +* Add: Added missing expansion modules in readme. [chrisr3d] + +* Add: Completed documentation for expansion modules. [chrisr3d] + +* Add: Updated more expansion documentation files. [chrisr3d] + +* Add: Added new documentation for hashdd module. [chrisr3d] + +* Add: Update to support sha1 & sha256 attributes. [chrisr3d] + +* Add: More documentation on expansion modules. [chrisr3d] + +* Add: Started filling some expansion modules documentation. [chrisr3d] + +* Add: Added yara_query module documentation, update yara_syntax_validator documentation & generated updated documentation markdown. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Add: Added test files for yara to test yara library & potentially yara syntax. [chrisr3d] + +* Add: Added imphash to input attribute types. [chrisr3d] + +* Cosmetic output change. [Sascha Rommelfangen] + +* Debug removed. [Sascha Rommelfangen] + +* API changes reflected. [Sascha Rommelfangen] + +* Merge pull request #253 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + Validation of yara rules + +* Merge branch 'master' of github.com:MISP/misp-modules into chrisr3d_patch. [chrisr3d] + +* Merge pull request #251 from MISP/rommelfs-patch-4. [Raphaël Vinot] + + bug fix regarding leftovers between runs + +* Bug fix regarding leftovers between runs. [Sascha Rommelfangen] + +* Merge pull request #250 from SteveClement/btc. [Steve Clement] + + chg: [btc] Removed simple PoC for btc expansion. + +* Merge pull request #249 from MISP/rommelfs-patch-3. [Steve Clement] + + added btc_steroids + +* Added btc_steroids. [Sascha Rommelfangen] + +* Merge pull request #248 from rommelfs/master. [Sascha Rommelfangen] + + Pull request for master + +* Added btc_steroids to the list. [Sascha Rommelfangen] + +* Initial version of a Bitcoin module. [Sascha Rommelfangen] + +* Merge pull request #247 from SteveClement/btc. [Alexandre Dulaunoy] + + new: [module] Added very simple BitCoin expansion/hover module + +* Merge pull request #245 from chrisr3d/master. [Alexandre Dulaunoy] + + YARA rules from hashes expansion module + +* Updated list of modules in readme. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Add: [documentation] osquery logo. [Alexandre Dulaunoy] + +* Merge pull request #241 from 0xmilkmix/doc_osqueryexport. [Alexandre Dulaunoy] + + Added basic documentation for OS query + +* Merge branch 'master' into doc_osqueryexport. [Alexandre Dulaunoy] + +* Merge pull request #240 from 0xmilkmix/support_osquery_win_named_obj. [Alexandre Dulaunoy] + + super simple support for mutexes through winbaseobj in osquery 3.3 + +* Merge branch 'master' into support_osquery_win_named_obj. [Alexandre Dulaunoy] + +* Merge pull request #242 from 0xmilkmix/module_writting. [Steve Clement] + + chg: [doc] Additional documentation for export module + +* Documentation for export module. [milkmix] + +* Super simple support for mutexes through winbaseobj in osquery 3.3. [milkmix] + +* Added basic documentation. [milkmix] + +* Merge pull request #239 from SteveClement/master. [Steve Clement] + + chg: [docs] Added some missing dependencies and instructions for virtualenv deployment + +* Merge pull request #237 from 0xmilkmix/export_osquery. [Alexandre Dulaunoy] + + Export osquery + +* Merge branch 'master' into export_osquery. [Julien Bachmann] + +* Merge pull request #232 from CodeLineFi/master. [Alexandre Dulaunoy] + + macaddres.io module - Date conversion bug fixed + +* Merge branch 'master' into master. [Alexandre Dulaunoy] + +* Merge pull request #233 from chrisr3d/documentation. [Christian Studer] + + Modules documentation + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* Updated documentation result file. [chrisr3d] + +* Add: Added documentation for expansion modules. [chrisr3d] + +* Add: Started adding logos on documentation for each module. [chrisr3d] + +* Renamed directory to have consistency in names. [chrisr3d] + +* Removed documentation about a module deleted from the repository. [chrisr3d] + +* Merging readme. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into documentation. [chrisr3d] + +* First try of documentation for import & export modules. [chrisr3d] + + - Providing information about the general purpose of + the modules, their requirements, how to use them + (if there are special features), some references + about the format concerned or the vendors, and their + input and output. + - Documentation to be completed by additional fields + of documentation and / or more detailed descriptions + +* Added Documentation explanations on readme file. [chrisr3d] + +* CSV import documentation first try. [chrisr3d] + +* GoAML modules documentation first try. [chrisr3d] + +* Updated README. Added a link to the integration tutorial. [Codelinefi-admin] + +* Fixed a bug with wrong dates conversion. [Codelinefi-admin] + +* Merge branch 'vulnersCom-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/vulnersCom/misp-modules into vulnersCom-master. [Alexandre Dulaunoy] + +* Fixed getting of the Vulners AI score. [isox] + +* Merge pull request #230 from lctrcl/master. [Alexandre Dulaunoy] + +* Merge branch 'master' into master. [lctrcl] + +* Merge pull request #229 from lctrcl/master. [Alexandre Dulaunoy] + + New vulners module added + +* HotFix: Vulners AI score. [Igor Ivanov] + +* Code cleanup and formatting. [Igor Ivanov] + +* Added exploit information. [Igor Ivanov] + +* Initial Vulners module PoC. [Igor Ivanov] + +* Merge pull request #226 from CodeLineFi/master. [Alexandre Dulaunoy] + + New macaddress.io hover module added + +* Macaddress.io hover module added. [Codelinefi-admin] + +* Merge pull request #223 from chrisr3d/master. [Christian Studer] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #222 from chrisr3d/master. [Christian Studer] + + Clean up + fix of some modules + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #221 from MISP/rommelfs-patch-2. [Alexandre Dulaunoy] + + fixed typo + +* Fixed typo. [Sascha Rommelfangen] + + via #220 + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #218 from surbo/patch-1. [Alexandre Dulaunoy] + + Update urlscan.py + +* Update urlscan.py. [SuRb0] + + Added hash to the search so you can take advantage of the new file down load function on urlscan.io. You can use this to pivot on file hashes and find out domains that hosting the same malicious file. + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #217 from threatsmyth/master. [Alexandre Dulaunoy] + + Add error handling for DNS failures, reduce imports, and simplify attribute comments + +* Merge branch 'master' into master. [David J] + +* Merge pull request #215 from threatsmyth/master. [Alexandre Dulaunoy] + + Create urlscan.py + +* Add error handling for DNS failures, reduce imports, and simplify misp_comments. [David J] + +* Create urlscan.py. [David J] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #214 from chrisr3d/chrisr3d_patch. [Alexandre Dulaunoy] + + New module to check DBL Spamhaus + +* Merge branch 'chrisr3d_patch' of github.com:chrisr3d/misp-modules. [chrisr3d] + +* Add: Added DBL spamhaus module documentation and in expansion init file. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Ta_import - bugfixes for TA 6.1. [Christophe Vandeplas] + +* Merge pull request #210 from chrisr3d/master. [Christian Studer] + + Put the report location parsing in a try/catch statement as it is an optional field + +* Merge pull request #209 from cvandeplas/master. [Christophe Vandeplas] + + ta_import - support for TheatAnalyzer 6.1 + +* Ta_import - support for TheatAnalyzer 6.1. [Christophe Vandeplas] + +* Securitytrails.com expansion module added. [Alexandre Dulaunoy] + +* Merge pull request #208 from sebdraven/dnstrails. [Alexandre Dulaunoy] + + module securitytrails + +* Merge branch 'master' into dnstrails. [sebdraven] + +* Merge pull request #206 from chrisr3d/master. [Alexandre Dulaunoy] + + Expansion module displaying SIEM signatures from a sigma rule + +* Merge branch 'master' into master. [Alexandre Dulaunoy] + +* Remove the never release Python code in Travis. [Alexandre Dulaunoy] + +* Remove Python 3.4 and Python 3.7 added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #202 from SteveClement/master. [Alexandre Dulaunoy] + + Removed test modules from view + +* - Removed test modules from view - Moved skeleton expansion module to it's proper place. [Steve Clement] + +* Merge pull request #201 from chrisr3d/master. [Alexandre Dulaunoy] + + add: STIX2 pattern syntax validator + +* Add: Experimental expansion module to display the SIEM signatures from a sigma rule. [chrisr3d] + +* Add: stix2 pattern validator requirements. [chrisr3d] + +* Add: STIX2 pattern syntax validator. [chrisr3d] + +* Merge pull request #199 from SteveClement/master. [Alexandre Dulaunoy] + + Added (Multipage) PDF support to OCR Module, minor refactor + +* - Reverted to <3.6 compatibility. [Steve Clement] + +* - Fixed log output. [Steve Clement] + +* - Forgot to import sys. [Steve Clement] + +* - Added logger functionality for debug sessions. [Steve Clement] + +* - content was already a wand.obj. [Steve Clement] + +* Merge remote-tracking branch 'upstream/master' [Steve Clement] + +* Threatanalyzer_import - order of category tuned. [Christophe Vandeplas] + +* Merge branch 'master' of github.com:SteveClement/misp-modules. [Steve Clement] + +* Merge branch 'master' into master. [Alexandre Dulaunoy] + +* - Some more comments - Removed libmagic, wand can handle it better. [Steve Clement] + +* - Set tornado timeout to 300 seconds. [Steve Clement] + +* - Quick comment ToDo: Avoid using Magic in future releases. [Steve Clement] + +* - added wand requirement - fixed missing return png byte-stream - move module import to handler to catch and report errorz. [Steve Clement] + +* - fixed typo move image back in scope. [Steve Clement] + +* - Added initial PDF support, nothing is processed yet - Test to replace PIL with wand. [Steve Clement] + +* Change type of status. [Sebdraven] + +* Remove print. [Sebdraven] + +* Last commit for release. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add searching_stats. [Sebdraven] + +* Add searching_stats. [Sebdraven] + +* Correct key. [Sebdraven] + +* Correct key. [Sebdraven] + +* Correct param. [Sebdraven] + +* Add searching domains. [Sebdraven] + +* Add searching domains. [Sebdraven] + +* Add return. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add whois expand to test. [Sebdraven] + +* Add whois expand to test. [Sebdraven] + +* Correct index error. [Sebdraven] + +* Error call functions. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add status_ok to true. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Correct out of bound returns. [Sebdraven] + +* Correct key and return of functions. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Correct typo. [Sebdraven] + +* Test whois history. [Sebdraven] + +* History whois dns. [Sebdraven] + +* Correct typo. [Sebdraven] + +* Rename misp modules. [Sebdraven] + +* Add a test to check if the list is not empty. [Sebdraven] + +* Add a test to check if the list is not empty. [Sebdraven] + +* Add logs. [Sebdraven] + +* Debug whois. [Sebdraven] + +* Debug ipv4 or ipv6. [Sebdraven] + +* Add debug. [Sebdraven] + +* Debug. [Sebdraven] + +* Change status. [Sebdraven] + +* Change history dns. [Sebdraven] + +* Add logs to debug. [Sebdraven] + +* Correct call function. [Sebdraven] + +* Add history mx and soa. [Sebdraven] + +* Add history dns and handler exception. [Sebdraven] + +* Add history dns. [Sebdraven] + +* Switch type ip. [Sebdraven] + +* Refactoring expand_whois. [Sebdraven] + +* Correct typo. [Sebdraven] + +* Add ipv6 and ipv4. [Sebdraven] + +* Change type. [Sebdraven] + +* Change type. [Sebdraven] + +* Change loop. [Sebdraven] + +* Add time sleep in each request. [Sebdraven] + +* Control return of records. [Sebdraven] + +* Add history ipv4. [Sebdraven] + +* Add logs. [Sebdraven] + +* Change categories. [Sebdraven] + +* Concat results. [Sebdraven] + +* Change name keys. [Sebdraven] + +* Change return value. [Sebdraven] + +* Add logs. [Sebdraven] + +* Change errors. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add expand whois. [Sebdraven] + +* Typo. [Sebdraven] + +* Add categories and comments. [Sebdraven] + +* Add expand subdomains. [Sebdraven] + +* Add expand subdomains. [Sebdraven] + +* Change categories. [Sebdraven] + +* Changes keys. [Sebdraven] + +* Add status ! [Sebdraven] + +* Add methods. [Sebdraven] + +* Add expand domains. [Sebdraven] + +* Add link pydnstrain in requirements. [Sebdraven] + +* Add new module dnstrails. [Sebdraven] + +* Merge pull request #198 from chrisr3d/master. [Alexandre Dulaunoy] + + Sigma syntax validator expansion module + some updates + +* Updated README to add sigma & some other missing modules. [chrisr3d] + +* Updated the list of modules (removed stiximport) [chrisr3d] + +* Add: Sigma syntax validator expansion module. [chrisr3d] + + --> Checks sigma rules syntax + - Updated the expansion modules list as well + - Updated the requirements list + +* Updated the list of expansion modules. [chrisr3d] + +* Corrected typos and unused imports. [milkmix] + +* Added support for scheduledtasks. [milkmix] + +* Added support for service-displayname, regkey|value. [milkmix] + +* Initial implementation supporting regkey. mutexes support waiting osquery table. [milkmix] + +* Merge pull request #197 from sebdraven/onyphe_full_module. [Alexandre Dulaunoy] + + Onyphe full module + +* Add return handle domains. [Sebdraven] + +* Add search. [Sebdraven] + +* Add domain to expand. [Sebdraven] + +* Correct bugs. [Sebdraven] + +* Add domain expansion. [Sebdraven] + +* Add comment. [Sebdraven] + +* Correct bugs. [Sebdraven] + +* Correct comments. [Sebdraven] + +* Add threat list expansion. [Sebdraven] + +* Change method to concat methods. [Sebdraven] + +* Set status after requests. [Sebdraven] + +* Set status after requests. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Add logs. [Sebdraven] + +* Pep 8. [Sebdraven] + +* Correct bug. [Sebdraven] + +* Add datascan expansion. [Sebdraven] + +* Add reverse infos. [Sebdraven] + +* Add reverse infos. [Sebdraven] + +* Add reverse infos. [Sebdraven] + +* Add reverse infos. [Sebdraven] + +* Add forward infos. [Sebdraven] + +* Add comment of attributes. [Sebdraven] + +* Add comment of attributes. [Sebdraven] + +* Error loops. [Sebdraven] + +* Error method. [Sebdraven] + +* Error type. [Sebdraven] + +* Error keys. [Sebdraven] + +* Add expansion synscan. [Sebdraven] + +* Change key access domains. [Sebdraven] + +* Change add in results. [Sebdraven] + +* Add logs. [Sebdraven] + +* Correct error keys. [Sebdraven] + +* Test patries expansion. [Sebdraven] + +* Add onyphe full module. [Sebdraven] + +* Add onyphe full module and code the stub. [Sebdraven] + +* Merge pull request #194 from chrisr3d/master. [Alexandre Dulaunoy] + + Removed STIX1 related requirements to avoid version issues + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #193 from sebdraven/onyphe_module. [Alexandre Dulaunoy] + + Onyphe module + +* Delete vcs.xml. [sebdraven] + +* Correct codecov. [Sebdraven] + +* Pep 8 compliant. [Sebdraven] + +* Correct type of comments. [Sebdraven] + +* Correct typo. [Sebdraven] + +* Correct typo. [Sebdraven] + +* Add domains forward. [Sebdraven] + +* Add domains. [Sebdraven] + +* Add targeting os. [Sebdraven] + +* Add category for AS number. [Sebdraven] + +* Change keys. [Sebdraven] + +* Change type. [Sebdraven] + +* Add category. [Sebdraven] + +* Add as number with onyphe. [Sebdraven] + +* Add as number with onyphe. [Sebdraven] + +* Error indentation. [Sebdraven] + +* Correct key in map result. [Sebdraven] + +* Correct a bug. [Sebdraven] + +* Add pastebin url imports. [Sebdraven] + +* Add onyphe module. [Sebdraven] + +* Updated requirements to avoid version issues in the MISP packer installation script. [chrisr3d] + +* Update countrycode.py. [Andras Iklody] + +* Add: mixing modules. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #190 from chrisr3d/master. [Alexandre Dulaunoy] + + Updated csv import following our recent discussions + +* Updated delimiter finder function. [chrisr3d] + +* Add: Added user config to specify if there is a header in the csv to import. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #189 from chrisr3d/master. [Andras Iklody] + + Using userConfig to define the header instead of moduleconfig + +* Merge pull request #188 from cvandeplas/master. [Christophe Vandeplas] + + ta import - noise removal + +* Merge branch 'master' into master. [Christophe Vandeplas] + +* Merge pull request #187 from cvandeplas/master. [Christophe Vandeplas] + + threatanalyzer_import - minor generic noise removal + +* Threatanalyzer_import - minor generic noise removal. [Christophe Vandeplas] + +* Ta import - more filter for pollution. [Christophe Vandeplas] + +* Threatanalyzer_import - minor generic noise removal. [Christophe Vandeplas] + +* Merge pull request #185 from cvandeplas/master. [Christophe Vandeplas] + + threatanalyzer_import - loads sample info + pollution fix + +* Threatanalyzer_import - loads sample info + pollution fix. [Christophe Vandeplas] + +* Merge pull request #184 from cvandeplas/master. [Christophe Vandeplas] + + threatanalyzer_import - fix regkey issue + +* Threatanalyzer_import - fix regkey issue. [Christophe Vandeplas] + +* Merge pull request #177 from TheDr1ver/patch-1. [Alexandre Dulaunoy] + + fix missing comma + +* Fix missing comma. [Nick Driver] + + fix ip-dst and vulnerability input + +* Merge pull request #176 from cudeso/master. [Alexandre Dulaunoy] + + Fix VMRay API access error + +* Fix VMRay API access error. [Koen Van Impe] + + hotfix for the "Unable to access VMRay API" error + +* Merge remote-tracking branch 'MISP/master' [Koen Van Impe] + +* Merge pull request #173 from m3047/master. [Alexandre Dulaunoy] + + Add exception blocks for query errors. + +* Add exception blocks for query errors. [Fred Morris] + +* Merge pull request #170 from P4rs3R/patch-1. [Alexandre Dulaunoy] + + Improving regex (validating e-mail) + +* Improving regex (validating e-mail) [x41\x43] + + Line 48: + The previous regex ` ^[\w\.\+\-]+\@[\w]+\.[a-z]{2,3}$ ` matched only a small subset of valid e-mail address (e.g.: didn't match domain names longer than 3 chars or user@this-domain.de or user@multiple.level.dom) and needed to be with start (^) and end ($). + This ` [a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+\/=?^_`{|}~-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])? ` is not perfect (e.g: can't match oriental chars), but imho is much more complete. + + Regex tested with several e-mail addresses with Python 3.6.4 and Python 2.7.14 on Linux 4.14. + +* Merge pull request #169 from chrisr3d/master. [Alexandre Dulaunoy] + + Updated GoAML import including Object References + +* Clarified functions arguments using a class. [chrisr3d] + +* Add: Added Object References in the objects imported. [chrisr3d] + +* Merge pull request #168 from chrisr3d/goaml. [Alexandre Dulaunoy] + + GoAML import module & GoAML export updates + +* Merge branch 'master' of github.com:MISP/misp-modules into goaml. [chrisr3d] + +* Merge pull request #167 from chrisr3d/csvimport. [Alexandre Dulaunoy] + + Updated csvimport + +* Merge branch 'csvimport' of github.com:chrisr3d/misp-modules into goaml. [chrisr3d] + +* Removed print. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into csvimport. [chrisr3d] + +* Merge pull request #165 from chrisr3d/goaml. [Alexandre Dulaunoy] + + fix: Added an object checking + +* Add: added goamlimport. [chrisr3d] + +* Fixed some details about the module output. [chrisr3d] + +* Converting GoAML into MISPEvent. [chrisr3d] + +* Now parsing all the transaction attributes. [chrisr3d] + +* Add: Added dictionary to map aml types into MISP types. [chrisr3d] + +* Typo. [chrisr3d] + +* Merge branch 'master' of github.com:chrisr3d/misp-modules into aml_import. [chrisr3d] + +* Merge pull request #164 from chrisr3d/master. [Alexandre Dulaunoy] + + Latest fixes to make GoAML export module work + +* Add: Added an example file generated by GoAML export module. [chrisr3d] + +* Added GoAML export module in description. [chrisr3d] + +* Reading the entire document, to create a big dictionary containing the data, as a beginning. [chrisr3d] + +* Add: new expansion module to check hashes against hashdd.com including NSLR dataset. [Alexandre Dulaunoy] + +* Merge pull request #163 from chrisr3d/master. [Alexandre Dulaunoy] + + GoAML export + +* Typo. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Quick fix to the invalid hash types offered on all returned hashes, hopefully fixes #162. [Andras Iklody] + +* Explicit name. [chrisr3d] + + Avoiding confusion with the coming import module for goaml + +* Added "t_to" and "t_from" required fields: funds code & country. [chrisr3d] + +* Added a required field & the latest attributes in transaction. [chrisr3d] + +* Added report expected information fields. [chrisr3d] + +* Simplified ObjectReference dictionary reading. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* Add: YARA syntax validator. [Alexandre Dulaunoy] + +* Merge pull request #161 from eCrimeLabs/ecrimelabs_dev. [Alexandre Dulaunoy] + + Added Yara syntax validation expansion module + +* Added Yara syntax validation expansion module. [Dennis Rand] + +* Added some report information. [chrisr3d] + + Also changed the ObjectReference parser to replace + all the if conditions by a dictionary reading + +* Suporting the recent objects added to misp-objects. [chrisr3d] + + - Matching the aml documents structure + - Some parts of the document still need to be added + +* Wip: added location & signatory information. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-modules into test. [chrisr3d] + +* Merge pull request #157 from CenturyLinkCIRT/master. [Alexandre Dulaunoy] + + added csvimport to __init__.py + +* Added csvimport to __init__.py. [Thomas Gardner] + +* Add: CSV import module added. [Alexandre Dulaunoy] + +* Outputting xml format. [chrisr3d] + + Also mapping MISP and GoAML types + +* First tests for the GoAML export module. [chrisr3d] + +* Merge pull request #156 from chrisr3d/master. [Alexandre Dulaunoy] + + CSV import + +* Merge branch 'master' of github.com:MISP/misp-modules. [chrisr3d] + +* 3.7-alpha removed. [Alexandre Dulaunoy] + +* Updated delimiter finder method. [chrisr3d] + +* Fixed data treatment & other updates. [chrisr3d] + +* Updated delimiter parsing & data reading functions. [chrisr3d] + +* First version of csv import module. [chrisr3d] + + - If more than 1 misp type is recognized, for each one an + attribute is created + + - Needs to have header set by user as parameters of the module atm + + - Review needed to see the feasibility with fields that can create + confusion and be interpreted both as misp type or attribute field + (for instance comment is a misp type and an attribute field) + +* Merge pull request #154 from cvandeplas/master. [Raphaël Vinot] + + added CrowdStrike Falcon Intel Indicators expansion module + +* Added CrowdStrike Falcon Intel Indicators expansion module. [Christophe Vandeplas] + +* Add: RBL added. [Alexandre Dulaunoy] + +* Merge pull request #150 from chrisr3d/master. [Alexandre Dulaunoy] + + RBL check module + +* Merge github.com:MISP/misp-modules. [chrisr3d] + +* Merge pull request #149 from cvandeplas/master. [Alexandre Dulaunoy] + + Added ThreatAnalyzer sandbox import + +* Added ThreatAnalyzer sandbox import. [Christophe Vandeplas] + + Experimental module - some parts should be migrated to + +* Check an IPv4 address against known RBLs. [chrisr3d] + +* Fix farsight_passivedns - rdata 404 not found. [Christophe Vandeplas] + +* Added ThreatStream and PDF export. [Alexandre Dulaunoy] + +* Merge branch 'robertnixon2003-master' + a small fix. [Alexandre Dulaunoy] + +* Fix the __init__ import. [Alexandre Dulaunoy] + +* Update threatStream_misp_export.py. [Robert Nixon] + +* Updated __init__.py. [Robert Nixon] + + Added reference to new ThreatStream export module + +* Added threatStream_misp_export.py. [Robert Nixon] + +* Merge branch 'cvandeplas-master' [Alexandre Dulaunoy] + +* Fixes missing init file in dnsdb library folder. [Christophe Vandeplas] + +* New Farsight DNSDB Passive DNS expansion module. [Christophe Vandeplas] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] + +* Merge pull request #144 from attritionorg/patch-1. [Andras Iklody] + + minor touch-ups on error messages for user friendliness + +* Minor touch-ups on error messages for user friendliness. [Jericho] + +* Merge pull request #140 from cudeso/master. [Alexandre Dulaunoy] + + VulnDB Queries + +* VulnDB Queries. [Koen Van Impe] + + Search on CVE at https://vulndb.cyberriskanalytics.com/ + https://www.riskbasedsecurity.com/ + Get extended CVE info, links + CPE + +* Merge remote-tracking branch 'MISP/master' [Koen Van Impe] + +* Add quick and dirty pdf export. [Raphaël Vinot] + +* Merge pull request #139 from Rafiot/master. [Raphaël Vinot] + + fix: OpenIOC importer + +* Merge pull request #135 from DomainTools/domaintools-patch-1. [Raphaël Vinot] + + Added code to allow 3rd party modules + +* Added default parameter for new -m flag. [Viktor von Drakk] + +* Added code to allow 3rd party modules. [Viktor von Drakk] + + The new '-m pip.module.name' feature allows a pip-installed module to be specified on the command line and then loaded into the available modules without having to copy-paste files into the appropriate directories of this package. + +* Broken links fixed. [Alexandre Dulaunoy] + +* ThreatConnect export module added. [Alexandre Dulaunoy] + +* Merge pull request #133 from CenturyLinkCIRT/master. [Alexandre Dulaunoy] + + ThreatConnect export module + +* Added threat_connect_export to export_mod.__init__ [Thomas Gardner] + +* Added test files for threat_connect_export. [Thomas Gardner] + +* Added threat_connect_export.py. [Thomas Gardner] + +* Merge pull request #129 from seamustuohy/utf_hate. [Raphaël Vinot] + + Added support for malformed internationalized email headers + +* Added support for malformed internationalized email headers. [seamus tuohy] + + When an emails contains headers that use Unicode without properly crafing + them to comform to RFC-6323 the email import module would crash. + (See issue #119 & issue #93) + + To address this I have added additional layers of encoding/decoding to + any possibly internationalized email headers. This decodes properly + formed and malformed UTF-8, UTF-16, and UTF-32 headers appropriately. + When an unknown encoding is encountered it is returned as an 'encoded-word' + per RFC2047. + + This commit also adds unit-tests that tests properly formed and malformed + UTF-8, UTF-16, UTF-32, and CJK encoded strings in all header fields; UTF-8, + UTF-16, and UTF-32 encoded message bodies; and emoji testing for headers + and attachment file names. + +* Merge branch 'master' into utf_hate. [seamus tuohy] + +* Added unit tests for UTF emails. [seamus tuohy] + +* OTX and ThreatCrowd added. [Alexandre Dulaunoy] + +* Merge pull request #130 from chrisdoman/master. [Alexandre Dulaunoy] + + Add AlienVault OTX and ThreatCrowd Expansions + +* Add AlienVault OTX and ThreatCrowd Expansions. [Chris Doman] + +* Use proper version of PyMISP. [Raphaël Vinot] + +* Update travis, fix open ioc import. [Raphaël Vinot] + +* Merge pull request #122 from truckydev/master. [Alexandre Dulaunoy] + + Add tags on import with ioc import module + +* Replace tab by space. [Tristan METAYER] + +* Add a field for user to add tag for this import. [Tristan METAYER] + +* Merge pull request #121 from truckydev/master. [Andras Iklody] + + If filename add iocfilename as attachment + +* Typo correction. [Tristan METAYER] + +* Add user config to not add file as attachement in a box. [Tristan METAYER] + +* If filename add iocfilename as attachment. [Tristan METAYER] + +* Merge pull request #118 from truckydev/master. [Alexandre Dulaunoy] + + Add indent field for export + +* Add indent field for export. [Tristan METAYER] + +* Merge pull request #115 from FloatingGhost/master. [Alexandre Dulaunoy] + + fix: Use the proper formatting method and not the horrible % one + +* Missing expansion modules added in README. [Alexandre Dulaunoy] + +* ThreatMiner added. [Alexandre Dulaunoy] + +* Merge pull request #114 from kx499/master. [Alexandre Dulaunoy] + + ThreatMiner Expansion module + +* Bug fixes. [kx499] + +* Threatminer initial commit. [kx499] + +* Cosmetic changes. [Raphaël Vinot] + +* Merge pull request #111 from kx499/master. [Raphaël Vinot] + + Handful of changes to VirusTotal module + +* Bug fixes, tweaks, and python3 learning curve :) [kx499] + +* Initial commit of IPRep module. [kx499] + +* Fixed spacing, addressed error handling for public api, added subdomains, and added context comment. [kx499] + +* OpenIOC import module added. [Alexandre Dulaunoy] + +* Add OpenIOC import module. [Raphaël Vinot] + +* Merge pull request #109 from truckydev/master. [Alexandre Dulaunoy] + + add information about offline installation + +* Add information about offline installation. [truckydev] + +* Merge pull request #106 from truckydev/master. [Alexandre Dulaunoy] + + Lite export of an event + +* Exclude internal reference. [Tristan METAYER] + +* Add lite Export module. [Tristan METAYER] + +* Merge pull request #100 from rmarsollier/master. [Alexandre Dulaunoy] + + Some improvements of virustotal plugin + +* Some improvements of virustotal plugin. [rmarsollier] + +* Merge pull request #96 from johestephan/master. [Raphaël Vinot] + + XForce Exchange v1 (alpha) + +* Passed local run check. [Joerg Stephan] + +* V1. [Joerg Stephan] + +* Removed urrlib2. [Joerg Stephan] + +* Python3 changes. [Joerg Stephan] + +* Merged xforce exchange. [Joerg Stephan] + +* XForce Exchange v1 (alpha) [Joerg Stephan] + +* Merge pull request #56 from RichieB2B/ncsc-nl/mispjson. [Alexandre Dulaunoy] + + Simple import module to import MISP JSON format + +* Updated description to reflect merging use case. [Richard van den Berg] + +* Simple import module to import MISP JSON format. [Richard van den Berg] + +* Merge pull request #92 from seamustuohy/duck_typing_failure. [Alexandre Dulaunoy] + + Email import no longer unzips major compressed text document formats. + +* Email import no longer unzips major compressed text document formats. [seamus tuohy] + + Let this commit serve as a warning about the perils of duck typing. + Word documents (docx,odt,etc) were being uncompressed when they were + attached to emails. The email importer now checks a list of well known + extensions and will not attempt to unzip them. + + It is stuck using a list of extensions instead of using file magic because + many of these formats produce an application/zip mimetype when scanned. + +* Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] + +* Merge pull request #91 from Rafiot/master. [Raphaël Vinot] + + Improve email import module + +* Keep zip content as binary. [Raphaël Vinot] + +* Fix tests, cleanup. [Raphaël Vinot] + +* Improve support of email attachments. [Raphaël Vinot] + + Related to #90 + +* Merge pull request #89 from Rafiot/fix_87. [Raphaël Vinot] + + Improve VT support. + +* Standardised key checking. [Hannah Ward] + +* Fixed checking for submission_names in VT JSON. [Hannah Ward] + +* Update virustotal.py. [CheYenBzh] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] + +* Training materials updated + Cuckoo JSON import module was missing. [Alexandre Dulaunoy] + +* Improve support of email importer if headers are missing. [Raphaël Vinot] + + Fix #88 + +* Remove python 3.3 support. [Raphaël Vinot] + +* Fix python 3.6 support. [Raphaël Vinot] + +* Make PEP8 happy. [Raphaël Vinot] + +* Add email_import in the modules loaded by default. [Raphaël Vinot] + +* Make PEP8 happy. [Raphaël Vinot] + +* Fix failing test (bug in the mail parser?) [Raphaël Vinot] + +* Add additional email parsing and tests. [seamus tuohy] + + Added additional attribute parsing and corresponding unit-tests. + E-mail attachment and url extraction added in this commit. This includes + unpacking zipfiles and simple password cracking of encrypted zipfiles. + +* Fixed basic errors. [seamus tuohy] + +* Merged with current master. [seamus tuohy] + +* Merge pull request #85 from rmarsollier/master. [Raphaël Vinot] + + add libjpeg-dev as a dep to allow pillow to be installed succesfully + +* Add libjpeg-dev as a dep to allow pillow to be installed succesfully. [robin.marsollier@conix.fr] + +* GeoIP module added. [Alexandre Dulaunoy] + +* Merge pull request #84 from MISP/amuehlem-master. [Raphaël Vinot] + + Fix PR + +* Do not crash if the dat file is not available. [Raphaël Vinot] + +* Fix path to config file. [Raphaël Vinot] + +* Merge branch 'master' of https://github.com/amuehlem/misp-modules into amuehlem-master. [Raphaël Vinot] + +* Added empty line to end of config file. [Andreas Muehlemann] + +* Removed DEFAULT section from configfile. [Andreas Muehlemann] + +* Fixed more typos. [Andreas Muehlemann] + +* Fixed typo. [Andreas Muehlemann] + +* Changed configparser from python2 to python3. [Andreas Muehlemann] + +* Updated missing parenthesis. [Andreas Muehlemann] + +* Merge branch 'geoip_country' [Andreas Muehlemann] + +* Removed unneeded config option for misp. [Andreas Muehlemann] + +* Removed debug message. [Andreas Muehlemann] + +* Added config option to geoip_country.py. [Andreas Muehlemann] + +* Added pygeoip to the REQUIREMENTS list. [Andreas Muehlemann] + +* Updated geoip_country to __init__.py. [Andreas Muehlemann] + +* Added geoip_country.py. [Andreas Muehlemann] + +* Better error reporting. [Raphaël Vinot] + +* Catch exception. [Raphaël Vinot] + +* Add reverse lookup. [Raphaël Vinot] + +* Refactoring of domaintools expansion module. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] + +* Merge pull request #83 from stoep/master. [Alexandre Dulaunoy] + + Added cuckooimport.py + +* Added cuckooimport.py. [Ubuntu] + +* DomainTools module added. [Alexandre Dulaunoy] + +* Remove domaintools tests. [Raphaël Vinot] + +* Add test for domaintools. [Raphaël Vinot] + +* Merge pull request #78 from deralexxx/patch-2. [Alexandre Dulaunoy] + + Update README.md + +* Update README.md. [Alexander J] + + mentioning import / export modules + +* Merge pull request #76 from deralexxx/patch-1. [Alexandre Dulaunoy] + + Update README.md + +* Update README.md. [Alexander J] + +* Merge pull request #75 from Rafiot/domtools. [Raphaël Vinot] + + Add Domain Tools module + +* Update requirements list. [Raphaël Vinot] + +* Add domaintools to the import list. [Raphaël Vinot] + +* Fix Typo. [Raphaël Vinot] + +* Add domain profile and reputation. [Raphaël Vinot] + +* Add more comments. [Raphaël Vinot] + +* Fix typo. [Raphaël Vinot] + +* Remove json.dumps. [Raphaël Vinot] + +* Avoid passing None in comments. [Raphaël Vinot] + +* Add comments to fields when possible. [Raphaël Vinot] + +* Add initial Domain Tools module. [Raphaël Vinot] + +* Merge pull request #74 from cudeso/master. [Raphaël Vinot] + + Extra VTI detections + +* Merge remote-tracking branch 'MISP/master' [Koen Van Impe] + +* Update README.md. [Raphaël Vinot] + +* Merge pull request #73 from FloatingGhost/master. [Raphaël Vinot] + + Use SpooledTemp, not NamedTemp file + +* Use git for everything we can. [Hannah Ward] + +* Ok we'll use the dep from misp-stix-converter. Surely this'll work? [Hannah Ward] + +* Use the CIRCL pymisp. Silly @rafiot ;) [Hannah Ward] + +* Travis should now use the master branch. [Hannah Ward] + +* Maybe it'll take the git repo now? [Hannah Ward] + +* Added pymisp to reqs. [Hannah Ward] + +* Don't cache anything pls travis. [Hannah Ward] + +* Removed unneeded modules. [Hannah Ward] + +* Use SpooledTemp, not NamedTemp file. [Hannah Ward] + +* VMRay import module added. [Alexandre Dulaunoy] + +* Merge pull request #72 from FloatingGhost/master. [Raphaël Vinot] + + Migrated stiximport to use misp-stix-converter + +* Moved to misp_stix_converter. [Hannah Ward] + +* Merge pull request #70 from cudeso/master. [Raphaël Vinot] + + Submit malware samples + +* Extra VTI detections. [Koen Van Impe] + +* Submit malware samples. [Koen Van Impe] + + _submit now includes malware samples (zipped content from misp) + _import checks when no vti_results are returned + bugfix + +* Fix STIX import module. [Raphaël Vinot] + +* Multiple clanges in the vmray modules. [Raphaël Vinot] + + * Generic fix to load modules requiring a local library + * Fix python3 support + * PEP8 related cleanups + +* Merge pull request #68 from cudeso/master. [Andras Iklody] + + VMRay Import & Submit module + +* VMRay Import & Submit module. [Koen Van Impe] + + * First commit + * No support for archives (yet) submit + +* Merge pull request #59 from rgraf/master. [Alexandre Dulaunoy] + + label replaced by text, which is existing attribute + +* Label replaced by text, which is existing attribute. [Roman Graf] + +* Adding basic test mockup. [seamus tuohy] + +* Adding more steps to module testing. [seamus tuohy] + +* Added attachment and url support. [seamus tuohy] + +* Added email meta-data import module. [seamus tuohy] + + This email meta-data import module collects basic meta-data from an e-mail + and populates an event with it. It populates the email subject, source + addresses, destination addresses, subject, and any attachment file names. + This commit also contains unit-tests for this module as well as updates to + the readme. Readme updates are additions aimed to make it easier for + outsiders to build modules. + +* Merge pull request #58 from rgraf/master. [Alexandre Dulaunoy] + + Added expansion for Wikidata. + +* Added expansion for Wikidata. Analyst can query Wikidata by label to get additional information for particular term. [Roman Graf] + +* Merge pull request #55 from amuehlem/reversedns. [Raphaël Vinot] + + added new module reversedns.py, added reversedns to __init__.py + +* Added new module reversedns.py, added reversedns to __init__.py. [Andreas Muehlemann] + +* Merge pull request #53 from MISP/Rafiot-patch-1. [Alexandre Dulaunoy] + + Dump host info as text + +* Dump host info as text. [Raphaël Vinot] + +* Fix typo. [Raphaël Vinot] + +* Merge pull request #52 from Rafiot/master. [Alexandre Dulaunoy] + + Add simple Shodan module + +* Add simple Shodan module. [Raphaël Vinot] + +* Merge pull request #49 from FloatingGhost/master. [Alexandre Dulaunoy] + + Removed useless pickle storage of stiximport + +* Removed useless pickle storage of stiximport. [Hannah Ward] + +* Create LICENSE. [Alexandre Dulaunoy] + +* Update README.md. [Andras Iklody] + +* Typo fixed. [Alexandre Dulaunoy] + +* CEF export module added. [Alexandre Dulaunoy] + +* Cef_export module added. [Alexandre Dulaunoy] + +* Merge pull request #47 from FloatingGhost/CEF_Export. [Alexandre Dulaunoy] + + CEF export, fixes in CountryCode, virustotal + +* Removed silly subdomain module. [Hannah Ward] + +* Added CEF export module. [Hannah Ward] + +* Now searches within observable_compositions. [Hannah Ward] + +* Removed calls to print. [Hannah Ward] + +* Added body.json to gitignore. [Hannah Ward] + +* Added virustotal tests. [Hannah Ward] + +* CountryCode JSON now is only grabbed once per server run. [Hannah Ward] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Raphaël Vinot] + +* Merge pull request #46 from Rafiot/master. [Raphaël Vinot] + + Make misp-modules really asynchronous + +* Add timeout for the modules, cleanup. [Raphaël Vinot] + +* Fix python 3.3 and 3.4. [Raphaël Vinot] + +* Make misp-modules really asynchronous. [Raphaël Vinot] + +* Improve tornado parallel. [Raphaël Vinot] + +* Coroutine decorator added to post handler. [Alexandre Dulaunoy] + +* -d option added - enabling debug on queried modules. [Alexandre Dulaunoy] + +* New modules added to __init__ [Alexandre Dulaunoy] + +* README updated for the new modules. [Alexandre Dulaunoy] + +* Merge pull request #45 from FloatingGhost/master. [Alexandre Dulaunoy] + + 2 new modules -- VirusTotal and CountryCode + +* Modified readme with virustotal/countrycode. [Hannah Ward] + +* Added virustotal module. [Hannah Ward] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Hannah Ward] + +* Merge pull request #44 from Rafiot/travis. [Alexandre Dulaunoy] + + Add coverage, update logging + +* Add coverage, update logging. [Raphaël Vinot] + +* Merge pull request #43 from FloatingGhost/master. [Alexandre Dulaunoy] + + StixImport now uses TemporaryFile rather than a named file in /tmp + +* Improved virustotal module. [Hannah Ward] + +* Added countrycode, working on virustotal. [Hannah Ward] + +* Added lookup by country code. [Hannah Ward] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Hannah Ward] + +* Fix a link to the STIX import module reference. [Alexandre Dulaunoy] + +* Stiximport now uses temporary files to store stix data. [Hannah Ward] + + Set max size in config, in bytes + +* Merge pull request #42 from MISP/pr/41. [Alexandre Dulaunoy] + + Cleanup on the stix import module + +* Merge remote-tracking branch 'origin/master' into pr/41. [Raphaël Vinot] + +* Add info about the import modules. [Alexandre Dulaunoy] + +* Make PEP8 happy \o/ [Raphaël Vinot] + +* Move stiximport.py to misp_modules/modules/import_mod/ [Raphaël Vinot] + +* There was a missing comma. [Hannah Ward] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Hannah Ward] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #40 from Rafiot/master. [Alexandre Dulaunoy] + + Remove bin script, use cleaner way. Fix last commit. + +* Remove bin script, use cleaner way. Fix last commit. [Raphaël Vinot] + +* Merge pull request #39 from Rafiot/master. [Alexandre Dulaunoy] + + Use entry_points instead of scripts in the install. + +* Use entry_points instead of scripts. [Raphaël Vinot] + +* Pip --upgrade must be always called (to have modules updated) [Alexandre Dulaunoy] + +* Added STIX to setup.py. [Hannah Ward] + +* Added STIX to reqs. [Hannah Ward] + +* Merge branch 'stix_import' [Hannah Ward] + +* Added tests, also disregards related_observables. Because they're useless. [Hannah Ward] + +* Fixed observables within an indicator not being added. [Hannah Ward] + +* Stiximport will now consume campaigns. [Hannah Ward] + +* Stiximport will now identify file hashes. [Hannah Ward] + +* I can't spell. [Hannah Ward] + +* Added STIXImport to readme. [Hannah Ward] + +* Threat actors now get imported by stix. [Hannah Ward] + +* Added docs to stiximport. [Hannah Ward] + +* Added stix import -- works for IPs/Domains. [Hannah Ward] + +* Update to the DNS module to support domain|ip. [iglocska] + +* Small change to the skeleton export. [iglocska] + +* Merge remote-tracking branch 'origin/import-test' [iglocska] + +* Added test export module. [Iglocska] + +* Merge branch 'master' of github.com:MISP/misp-modules. [Alexandre Dulaunoy] + +* Merge pull request #37 from Rafiot/master. [Raphaël Vinot] + + Update documentation. + +* Update documentation. [Raphaël Vinot] + + Fix https://github.com/MISP/MISP/issues/1424 + +* Merge branch 'import-test' of github.com:MISP/misp-modules into import-test. [Alexandre Dulaunoy] + +* Merge pull request #36 from Rafiot/import-test. [Alexandre Dulaunoy] + + Pass the server port as integer to the uwhois client + +* Pass the server port as integer to the uwhois client. [Raphaël Vinot] + +* Merge pull request #35 from Rafiot/import-test. [Alexandre Dulaunoy] + + Add whois module + +* Add whois module. [Raphaël Vinot] + +* First version of an Optical Character Recognition (OCR) module for MISP. [Alexandre Dulaunoy] + +* First version of the import skeleton. [Iglocska] + +* Added simple import skeleton. [Iglocska] + +* Merge pull request #33 from Rafiot/master. [Raphaël Vinot] + + fix: run the server as "python3 misp-modules" + +* Added category to the return format description. [Iglocska] + +* Merge pull request #31 from treyka/patch-1. [Alexandre Dulaunoy] + + Refine the installation procedure + +* Refine the installation procedure. [Trey Darley] + + Tweak this to make it more inline with the MISP installation docs, start misp-modules at startup via /etc/rc.local + +* Install documentation updated. [Alexandre Dulaunoy] + +* Merge pull request #28 from Rafiot/pip. [Alexandre Dulaunoy] + + Make it a package + +* Also run travis tests on the system-wide instance. [Raphaël Vinot] + +* Fix typos in the readme. [Raphaël Vinot] + +* Fix travis. [Raphaël Vinot] + +* Make sure misp-modules can be launched from anywhere. [Raphaël Vinot] + +* Proper testcases. [Raphaël Vinot] + +* Make it a package. [Raphaël Vinot] + +* Merge pull request #29 from iglocska/master. [Alexandre Dulaunoy] + + Added skeleton structure for new modules + +* Added skeleton structure for new modules. [Iglocska] + +* Fixed a bug introduced by previous commit if started from the current directory. [Alexandre Dulaunoy] + +* Merge pull request #26 from Rafiot/master. [Alexandre Dulaunoy] + + Automatic chdir when the modules are started + +* Automatic chdir when the modules are started. [Raphaël Vinot] + +* Merge pull request #25 from eu-pi/eupi_expansion_fix. [Alexandre Dulaunoy] + + [EUPI] Fix expansion for empty EUPI response + +* [EUPI] Fix expansion for empty EUPI response. [Rogdham] + + Offer no enrichment instead of displaying an error message + +* Merge pull request #24 from eu-pi/eupi_hover. [Alexandre Dulaunoy] + + [EUPI] Change module for a simple hover status + +* [EUPI] Simplify hover. [Rogdham] + +* Merge pull request #23 from Rafiot/master. [Raphaël Vinot] + + [EUPI] Return error message if unknown + +* [EUPI] Return error message is unknown. [Raphaël Vinot] + +* Merge pull request #22 from Rafiot/master. [Raphaël Vinot] + + [EUPI] Do not return empty results + +* [EUPI] Do not return empty results. [Raphaël Vinot] + +* ASN History added. [Alexandre Dulaunoy] + +* Merge pull request #21 from Rafiot/master. [Raphaël Vinot] + + [ASN description] Fix input type + +* [ASN description] Fix input type. [Raphaël Vinot] + +* Merge pull request #20 from Rafiot/master. [Raphaël Vinot] + + Add ASN Description expansion module + +* Add ASN Description expansion module. [Raphaël Vinot] + +* Merge pull request #19 from Rafiot/master. [Raphaël Vinot] + + Fix last commit + +* Fix last commit. [Raphaël Vinot] + +* Merge pull request #18 from Rafiot/master. [Raphaël Vinot] + + Improve rendering of IP ASN + +* Improve rendering of IP ASN. [Raphaël Vinot] + +* Merge pull request #17 from Rafiot/master. [Raphaël Vinot] + + Fix again IPASN module + +* Fix again IPASN module. [Raphaël Vinot] + +* Merge pull request #16 from Rafiot/master. [Raphaël Vinot] + + Fix IPASN module + +* Fix IPASN module. [Raphaël Vinot] + +* Ipasn module added. [Alexandre Dulaunoy] + +* Merge pull request #15 from Rafiot/master. [Alexandre Dulaunoy] + + Add IPASN history module + +* Add IPASN history module. [Raphaël Vinot] + +* Merge pull request #14 from eu-pi/listen-addr. [Alexandre Dulaunoy] + + Add option to specify listen address + +* Add option to specify listen address. [Rogdham] + +* EUPI module added. [Alexandre Dulaunoy] + +* Merge pull request #13 from Rafiot/master. [Raphaël Vinot] + + Fix eupi module + +* Fix eupi module. [Raphaël Vinot] + +* Merge pull request #12 from Rafiot/master. [Raphaël Vinot] + + Add EUPI module + +* Add redis server. [Raphaël Vinot] + +* Add EUPI module. [Raphaël Vinot] + +* Skip modules that cannot import. [Alexandre Dulaunoy] + +* Skip dot files. [Alexandre Dulaunoy] + +* Value is not required. [Alexandre Dulaunoy] + +* Cache helper added. [Alexandre Dulaunoy] + + The cache helper is a simple helper to cache data + in Redis back-end. The format in the cache is the following: + m::sha1(key) -> value. Default expiration is 86400 seconds. + +* Skeleton for misp-modules helpers added. [Alexandre Dulaunoy] + + Helpers will support modules with basic functionalities + like caching or alike. + +* Option -p added to specify the TCP port of the misp-modules server. [Alexandre Dulaunoy] + +* Intelmq req. removed. [Alexandre Dulaunoy] + +* Argparse used for the test mode. [Alexandre Dulaunoy] + +* Deleted. [Alexandre Dulaunoy] + +* Intelmq is an experimental module (not production ready) [Alexandre Dulaunoy] + +* Merge pull request #11 from Rafiot/master. [Raphaël Vinot] + + Fix test mode + +* Fix test mode. [Raphaël Vinot] + +* Fix install commands. [Raphaël Vinot] + +* Add Travis logo. [Raphaël Vinot] + +* Merge pull request #10 from Rafiot/travis. [Raphaël Vinot] + + Add basic travis file + +* Add basic travis file. [Raphaël Vinot] + +* Merge pull request #9 from Rafiot/master. [Alexandre Dulaunoy] + + Please PEP8 on all expansions + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Raphaël Vinot] + +* Merge pull request #8 from aaronkaplan/master. [Alexandre Dulaunoy] + + initial example of intelmq connector/enrichtment. Need to change to u… + +* Initial example of intelmq connector/enrichtment. Need to change to use the eventDB RESTful API, not the postgresql DB. [aaronkaplan] + +* Update README.md. [Raphaël Vinot] + +* Dns module test with option added. [Alexandre Dulaunoy] + +* New modules added. [Alexandre Dulaunoy] + +* Dns MISP module - option to specify nameserver added. [Alexandre Dulaunoy] + +* Slides reference added. [Alexandre Dulaunoy] + +* Add missing requirements. [Alexandre Dulaunoy] + +* Merge pull request #7 from Rafiot/master. [Alexandre Dulaunoy] + + Make loader more flexible + +* Make PEP8 happy. [Raphaël Vinot] + +* Add CIRCL pssl module. [Raphaël Vinot] + +* Make loader more flexible. [Raphaël Vinot] + +* First module to test the freetext import functionality. [Alexandre Dulaunoy] + +* CIRCL Passive DNS output attributes updated. [Alexandre Dulaunoy] + +* PyPDNS requirement added. [Alexandre Dulaunoy] + +* CIRCL Passive DNS added. [Alexandre Dulaunoy] + +* Tests updated to include CIRCL passive dns. [Alexandre Dulaunoy] + +* Test file for passivetotal updated. [Alexandre Dulaunoy] + +* Merge pull request #5 from passivetotal/master. [Alexandre Dulaunoy] + + Rewrote the entire PassiveTotal extension + +* Rewrote the entire PassiveTotal extension. [Brandon Dixon] + +* Return a text attribute for an hover only module. [Alexandre Dulaunoy] + +* How to start MISP modules. [Alexandre Dulaunoy] + +* 2.4.28 includes misp modules by default. [Alexandre Dulaunoy] + +* Types are now described. [Alexandre Dulaunoy] + +* Debug removed. [Alexandre Dulaunoy] + +* Convert the base64 to ascii. [Iglocska] + +* Module-type added as default. [Alexandre Dulaunoy] + +* Return base64 value of the archived data. [Alexandre Dulaunoy] + +* Merge pull request #2 from iglocska/master. [Alexandre Dulaunoy] + + Some changes to the sourcecache expansion + +* Merge branch 'alternate_response' [Iglocska] + +* Some changes to the sourcecache expansion. [Iglocska] + + - return attachment or malware sample + +* Cve module tests added. [Alexandre Dulaunoy] + +* CVE hover expansion module. [Alexandre Dulaunoy] + + An hover module is a module returning a JSON that can be used + as hover element in the MISP UI. + +* Sourcecache module includes the metadata config. [Alexandre Dulaunoy] + +* README updated to reflect config parameters changes. [Alexandre Dulaunoy] + +* Removed unused attributes. [Alexandre Dulaunoy] + +* Sample JSON files reflecting config changes. [Alexandre Dulaunoy] + +* Config parameters are now exposed via the meta information. [Alexandre Dulaunoy] + + config uses a specific list of values exposed via the + introspection of the module. config is now passed as an additional + dictionary to the request. MISP attributes include only MISP attributes. + +* Sourcecache module added. [Alexandre Dulaunoy] + +* A minimal caching module added to cache link or url from MISP. [Alexandre Dulaunoy] + +* Typo fixed + meta output. [Alexandre Dulaunoy] + +* Minimal functions requirements updated + PR request. [Alexandre Dulaunoy] + +* Exclude dot files from modules list to be loaded. [Alexandre Dulaunoy] + +* Example of module introspection including meta information. [Alexandre Dulaunoy] + +* Module meta added to return version, description and author per module. [Alexandre Dulaunoy] + +* Authentication notes added. [Alexandre Dulaunoy] + +* Passivetotal module added. [Alexandre Dulaunoy] + +* First version of a passivetotal MISP expansion module. [Alexandre Dulaunoy] + +* Default DNS updated. [Alexandre Dulaunoy] + +* Add a note regarding error codes. [Alexandre Dulaunoy] + +* Handling of error added. [Alexandre Dulaunoy] + +* Merge pull request #1 from Rafiot/master. [Alexandre Dulaunoy] + + Make PEP8 happy. + +* Make PEP8 happy. [Raphaël Vinot] + +* Output updated (type of module added) [Alexandre Dulaunoy] + +* Add a version per default. [Alexandre Dulaunoy] + +* Add type per module. [Alexandre Dulaunoy] + +* Format updated following Andras updates. [Alexandre Dulaunoy] + +* Default var directory added. [Alexandre Dulaunoy] + +* Python pip REQUIREMENTS file added. [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/MISP/misp-modules. [Iglocska] + +* Minimal logging added to the server. [Alexandre Dulaunoy] + +* Debug messages removed. [Alexandre Dulaunoy] + +* Minimal documentation added. [Alexandre Dulaunoy] + +* Curl is now silent. [Alexandre Dulaunoy] + +* Changed the output format to include all matching attribute types. [Iglocska] + + - changed the output format to give us a bit more flexibility + - return an array of results + - return the valid misp attribute types for each result + +* Basic test cases added. [Alexandre Dulaunoy] + +* MISP dns expansion module. [Alexandre Dulaunoy] + +* First version of a web services to provide ReST API to MISP expansion services. [Alexandre Dulaunoy] + + diff --git a/Changelog-misp-objects.txt b/Changelog-misp-objects.txt new file mode 100644 index 0000000..dee977f --- /dev/null +++ b/Changelog-misp-objects.txt @@ -0,0 +1,3480 @@ +# Changelog + + +## v2.4.151 (2021-11-19) + +### New + +* [ja3s] JA3 server object template added Fix #296. [Alexandre Dulaunoy] + +* Submarine object template added. [iglocska] + +* Added submarine. [iglocska] + +* Add address related relationships. [Jeroen Pinoy] + +* Postal address object. [Jeroen Pinoy] + +* [relationships] new "alerts" relationship type. [Alexandre Dulaunoy] + +* [security-playbook] security-playbook added. [Pavel Eis] + +* [hashlookup] new hashlookup.circl.lu object. [Alexandre Dulaunoy] + +* [relationships] parent-of added. [Alexandre Dulaunoy] + +### Changes + +* [ja3s] updated. [Alexandre Dulaunoy] + +* [doc] object template list updated. [Alexandre Dulaunoy] + +* [submarine] fixes and list of types added. [iglocska] + +* Jq all the things. [iglocska] + +* [report] disable correlation on report type. [Alexandre Dulaunoy] + +* [passive-ssh] newlines disaster. [Alexandre Dulaunoy] + +* [passive-ssh] change fingerprint type. [Jean-Louis Huynen] + +* [schema] updated ssh-fingerprint type. [Alexandre Dulaunoy] + +* [device] ui-priority added. [Alexandre Dulaunoy] + +* [devices] fixed missing ui-priority. [Alexandre Dulaunoy] + +* [device] added hits, status and infection_type (from ShadowServer) - request for VarIOT project. [Alexandre Dulaunoy] + +* [geolocation] countrycode added as requested for the VarIOT. [Alexandre Dulaunoy] + +* [email] add a `bcc` field, `reply-to` can be multiple. [Sami Tainio] + + Fix #329 + +* [security-playbook] updated. [Alexandre Dulaunoy] + +* [doc] updated README. [Alexandre Dulaunoy] + +* [hashlookup] add KnownMalicious field in hashlookup record. [Alexandre Dulaunoy] + +* [hashlookup] add source, TLSH, SSDEEP fields in the object template. [Alexandre Dulaunoy] + +* [process] remove ambiguity between user-creator and current user running the process. [Alexandre Dulaunoy] + + Following CISA/DHS feedback + + Fix #322 + +* [domain-ip] newline fix. [Alexandre Dulaunoy] + +* [ss7-attack] order and newline. [Alexandre Dulaunoy] + +* [hashlookup] Using the `filename` type for the FileName attribute instead of `text` [chrisr3d] + +* [index] add hashlookup object in the directory list. [Alexandre Dulaunoy] + +* [hashlookup] newline because you know. [Alexandre Dulaunoy] + +* [hashlookup] filename changed. [Alexandre Dulaunoy] + +* [tsk-web-search-query] jq all the things. [Alexandre Dulaunoy] + +* [relationships] jq all the things. [Alexandre Dulaunoy] + +### Fix + +* [naval] meta category fixed. [iglocska] + +* [report] Removed parenthesis from the object relation `report-file` [chrisr3d] + +* [playbook] it's always a newline story ;-) [Alexandre Dulaunoy] + +* [security-playbook] newline issue. [Alexandre Dulaunoy] + +* [security-playbook] Categories are case sensitive. [Alexandre Dulaunoy] + +* [user-account] replace the unclear text in description. [Alexandre Dulaunoy] + + Feedback from CISA/DHS - fix #323 + +### Other + +* Merge pull request #336 from iglocska/main. [Alexandre Dulaunoy] + + new: submarine object template added + +* Revert "new: added submarine" [iglocska] + + This reverts commit d1401437cb5c4a3b67582515536c2a9af73cc78e. + +* Merge pull request #335 from Wachizungu/add-address-related-relationships. [Alexandre Dulaunoy] + + new: add address related relationships + +* Merge pull request #334 from Wachizungu/add-postal-address-object-template. [Alexandre Dulaunoy] + + new: postal address object + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge pull request #332 from gallypette/master. [Alexandre Dulaunoy] + + add: [passive-ssh] new object + +* Add: [passive-ssh] new object. [misp] + +* Add: [email] Added display name attribute for CC and BCC. [chrisr3d] + +* Merge pull request #330 from samitainio/patch-1. [Alexandre Dulaunoy] + + chg: [email] add a `bcc` field, `reply-to` can be multiple + +* Ran jq_all_the_things_.sh. [Sami Tainio] + +* Merge pull request #328 from 0xrawsec/main. [Alexandre Dulaunoy] + + Added edr-report MISP Object Template + +* Ran jq_all_the_things.sh. [Quentin JEROME] + +* Update descriptions of edr-report. [qjerome] + +* Added edr-report MISP Object definition. [Quentin JEROME] + +* Merge branch 'Vasileios-Mavroeidis-improved-descriptions-02102021' into main. [Alexandre Dulaunoy] + +* Update definition.json. [Vasileios Mavroeidis] + + Improved the descriptions of the properties to aid their usability and resolve numerous ambiguities. + +* Merge pull request #325 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy] + + Update definition.json + +* Update definition.json. [Vasileios Mavroeidis] + + person-role is not included in the attributes + +* Merge branch 'Aisik00-main' into main. [Alexandre Dulaunoy] + +* Remove multiple from ip field. [Andras Iklody] + +* Merge branch 'yodresh-SS7-gt-leasing' into main. [Alexandre Dulaunoy] + +* Added few fields for GT Leasing - v3. [Alexandre De Oliveira] + +* Fix incorrect type for domain. [Alexandre Dulaunoy] + + +## v2.4.145 (2021-06-28) + +### Changes + +* Make mypy happy. [Raphaël Vinot] + +* [email] add a from-domain field to add domain when full email is not known or a wild card. [Alexandre Dulaunoy] + + Fix #318 + + Feedback from Eurocontrol training + +### Other + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + + +## v2.4.144 (2021-06-07) + +### New + +* [open-data-security] new object template based on open data security definition. [Alexandre Dulaunoy] + + To be used in VARIoT project. https://www.variot.eu/ + +### Changes + +* [paloalto-threat-event] fix newline. [Alexandre Dulaunoy] + +* [ddos] fix newline. [Alexandre Dulaunoy] + +* [doc] list of object templates updated. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [geolocation] fix UUID to be valid UUIDv4. [Alexandre Dulaunoy] + +* [phishing] newline. [Alexandre Dulaunoy] + +* [phishing] version bump. [Alexandre Dulaunoy] + +* [passive-dns] jq. [Alexandre Dulaunoy] + +* [passive-dns] fix. [Alexandre Dulaunoy] + +### Fix + +* [passive-dns-dnsdbflex] newline. [Alexandre Dulaunoy] + +* [network-socket] Typo. [chrisr3d] + +* [passive-dns] fix the JSON and the version. [Alexandre Dulaunoy] + +### Other + +* Merge branch 'phmazzoni-patch-4' into main. [Alexandre Dulaunoy] + +* Disabling some field correlations. [phmazzoni] + + Disabling some field correlations to avoid excessive number of events + +* Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA. [Alexandre Dulaunoy] + + Multiple fields for port, ip-src,dst-port following feedback from CONCORDIA + +* Merge branch 'aaronkaplan-cof2misp-dnsdbflex' into main. [Alexandre Dulaunoy] + +* Dnsdbflex object. [aaronkaplan] + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Add: [network-socket] Added Socket type attribute. [chrisr3d] + +* Merge branch 'aaronkaplan-main' into main. [Alexandre Dulaunoy] + +* Re-Do the definition.json, according to the results of the discussion in https://github.com/MISP/misp-objects/pull/314. [aaronkaplan] + + Removing *_ip and *_domain + Keeping bailiwick a domain type + +* Merge branch 'main' of https://github.com/MISP/misp-objects. [aaronkaplan] + +* Merge branch 'aaronkaplan-patch-1' into main. [Alexandre Dulaunoy] + +* Update definition.json. [AaronK] + + Added time_first_ms, time_last_ms. Clarified a few things in the descriptions. + +* As discussed with @rafiot, we can't simply add rdata and rrname as text only into MISP objects. Why? Because otherwise we can't use MISP's correlation engine to correlate attributes (rrname, rdata) inside these MISP objects with other events. Because "text" would not correlate with other "ip-src" or "domain" types in other objects/attributes. [aaronkaplan] + + Kind of sucks to duplicate the rrname and rdata entries, but that's the + only solution we came up with. + + The COF2MISP module will populate both the rrname,rdata as well as the + rrname_{domain,ip} and rdata_{domain,ip} attributes. + + Checked with jq_all_the_things.sh. + Thanks for your consideration. + + +## v2.4.142 (2021-04-27) + +### New + +* [doc] gitchangelog.rc added. [Alexandre Dulaunoy] + +* [dkim] DomainKeys Identified Mail - DKIM object template. [Alexandre Dulaunoy] + +* [windows-service] windows-service object added. [Alexandre Dulaunoy] + +* [telegram-user] basic telegram user. [Alexandre Dulaunoy] + +* [jarm] new jarm object to describe TLS/SSL implementation matching a jarm fingerprint. [Alexandre Dulaunoy] + +* GH workflow. [Raphaël Vinot] + +* [sh] Added process state. [Steve Clement] + +* [cpe-asset] an asset as defined with a CPE value. [Alexandre Dulaunoy] + + This object was created to support the use-case of pisax.org for the + following use-case: + + - They define well-known assets which are used by IXPs and GRXs via + their CPEs; + - The assets are defined in a set of fixed/master MISP events; + - Those events are used to query NVD/CVE database via cve-search + (https://github.com/cve-search/cve-search) using a PyMISP script + - Then the CVEs matching the CPE are added in MISP and dispatched to the + sharing community of users as specific MISP events. + +* [gitlab-user] GitLab user. Gitlab.com user or self-hosted GitLab instance object template. [Alexandre Dulaunoy] + +* [github-user] a GitHub user object template. [Alexandre Dulaunoy] + + Based on the information seen on the web interface. + +* Android-app object template. [Raphaël Vinot] + +* [dev] add Twitter objects: twitter-account, twitter-list, twitter-post. add YouTube objects: youtube-channel, youtube-comment, youtube-playlist, youtube-video. add object: image. [VVX7] + +* [dev] add Reddit objects: reddit-account, reddit-post, reddit-comment, reddit-subreddit. [VVX7] + +* [dev] add facebook-account. [VVX7] + +* [dev] add facebook-post object. [VVX7] + +* [dev] add facebook-page object. [VVX7] + +* [dev] add facebook-group object. [VVX7] + +* Preliminary version of git-vuln-finder object template. [Raphaël Vinot] + +* Objects and relations for FollowTheMoney. [Raphaël Vinot] + +* [publication] jq'd the object. [VVX7] + +* [publication] add object to describe academic journals, books, etc. [VVX7] + +* Category FollowTheMoney. [Raphaël Vinot] + + To represent objects described there: + https://docs.alephdata.org/developers/FollowTheMoney + +* [object] add scheduled-event, add social-media-group. [VVX7] + +* [object] add narrative. [VVX7] + +* Add covid19 dxy live object. [Raphaël Vinot] + +* Health object meta type. [Raphaël Vinot] + +* [crypto-material] add generic-symmetric-key. [Raphaël Vinot] + +* CSSE COVID-19 Dataset - Daily report. [Raphaël Vinot] + + Source: + https://github.com/CSSEGISandData/COVID-19/tree/master/csse_covid_19_data + +* [iot] a first version of the IoT object. [Alexandre Dulaunoy] + + Ref: based on the workshop discussion in https://github.com/C00kie-/workshop-materials + + The idea is to have this root object when a new IoT device is documented + and further objects will be connected such as firmware or even file object + +* [objects] add instant-message object. add instant-message-group object. [VVX7] + +* [objects] news-agency, news-media. [VVX7] + +* TruStar report object. [Raphaël Vinot] + +* [attributes] chrome-extension-id added. [Alexandre Dulaunoy] + +* [objects] blog, forged-document, leaked-document, meme-image. [VVX7] + +* [attribute type] kusto-query attribute type. [Alexandre Dulaunoy] + + Kusto query is the query language for the Kusto services in Azure used + to search large dataset. It's used in Windows Defender ATP Hunting-Queries + and also Azure Sentinel (Cloud-native SIEM). + +* IntelQM objects. [Raphaël Vinot] + +* [virustotal-graph] VirusTotal graph object added. [Alexandre Dulaunoy] + + Based on the discussion with VT, virustotal-graph object has been added which will + be used with the expansion modules and also to trigger the specific + quick-tab in MISP to display the VT graph result in an iframe if this + object is present. + +* Weakness & attack-pattern objects to describe CWE & CAPEC related to a CVE. [chrisr3d] + + - The attack-pattern object is using a new + attribute type called weakness to describe CWE + id, which will link to its own information as + described in https://cve.circl.lu + +* Add "includes" relationship. [Raphaël Vinot] + +* Objects for Scripps CO2. [Raphaël Vinot] + +* New object describing user accounts. [chrisr3d] + +* [imsi-catcher] object based on the output format of IMSI-catcher open source tools. [Alexandre Dulaunoy] + + The object has been created to show the flexibility of the object + template during the PassTheSalt 2019 conference and the D4 presentation. + +* [shell-commands] Object describing a series of shell commands executed. This object can be linked with malicious files in order to describe a specific execution of shell commands. [Alexandre Dulaunoy] + +* Add offset, virtual_address and virtual_size to the pe section object. [Raphaël Vinot] + + Related to https://github.com/MISP/PyMISP/issues/388 + +* Internal reference object. [Raphaël Vinot] + +* Add Alfred relationships (CCCS) [Raphaël Vinot] + +* New Object describing original files usedd to import data in MISP. [chrisr3d] + +* [tracking-id] Analytics and tracking ID such as used in Google Analytics or other analytic platform. [Alexandre Dulaunoy] + +* [short-message-service] Short Message Service (SMS) object template describing one or more SMS message added. [Alexandre Dulaunoy] + +* Threatgrid-report object template. [Raphaël Vinot] + +* Exploit-poc object describing a proof of concept or exploit of a vulnerability. This object has often a relationship with a vulnerability object. [Alexandre Dulaunoy] + +* Add EML to the email template. [Raphaël Vinot] + +* Attach logfile to fail2ban. [Raphaël Vinot] + +* Fail2ban object. [Raphaël Vinot] + +### Changes + +* [doc] list of objects updated. [Alexandre Dulaunoy] + +* Make jq validation happy. [Raphaël Vinot] + +* Make jq validation happy. [Raphaël Vinot] + +* Add PR to GH actions. [Raphaël Vinot] + +* [report] add a report type. [Alexandre Dulaunoy] + +* [person] full-name attribute type added + expanding object person with full-name. [Alexandre Dulaunoy] + +* [schema] dkim and dkim signature added. [Alexandre Dulaunoy] + +* [network-element] jq. [Alexandre Dulaunoy] + +* [network-profile] AS updated. [Alexandre Dulaunoy] + +* [network-profile] add jarm-fingerprint. [Alexandre Dulaunoy] + +* [relationships] jq all the things. [Alexandre Dulaunoy] + +* Update json schema for relationships to include opposite key. [Théo BARRAGUÉ] + +* [report] make link or summary as non-required field. [Alexandre Dulaunoy] + +* [regexp] fixed. [Alexandre Dulaunoy] + +* [regexp] added Farsight Compatible Regular Expressions (FCRE) added. [Alexandre Dulaunoy] + +* [splunk] object updated. [Alexandre Dulaunoy] + +* [report] add a link field to the report object template. [Alexandre Dulaunoy] + +* Disable correlation in VT objects. [Raphaël Vinot] + +* [relationships] updated. [Alexandre Dulaunoy] + +* [relationships] writes added. [Alexandre Dulaunoy] + +* [url] jq all the things. [Alexandre Dulaunoy] + +* Allow multiple IPs in URL object. [Raphaël Vinot] + +* [telegram-account] required attributes. [Terrtia] + +* [telegram-account] fixes. [Alexandre Dulaunoy] + +* Update objects to match lief output for authenticode. [Raphaël Vinot] + +* [jarm] jq all the things. [Alexandre Dulaunoy] + +* [jarm] jarm type is jarm-fingerprint. [Alexandre Dulaunoy] + +* [doc] fixed. [Alexandre Dulaunoy] + +* [trustar_report] Updated to add "THREAT_ACTOR" [Alexandre Dulaunoy] + + Fixing #273 + +* [yara] disable correlations on some fields. [Alexandre Dulaunoy] + +* [crypto-material] add a public field for public cryptographic materials. [Alexandre Dulaunoy] + +* [favicon] jq all the things. [Alexandre Dulaunoy] + +* [favicon] A favicon, also known as a shortcut icon, website icon, tab icon, URL icon, or bookmark icon, is a file containing one or more small icons, associated with a particular web site or web page. The object template can include the murmur3 hash of the favicon to facilitate correlation. [Alexandre Dulaunoy] + +* [type] favicon-mmh3 is the murmur3 hash of a favicon as used in Shodan. [Alexandre Dulaunoy] + +* [doc] MISP objects list updated. [Alexandre Dulaunoy] + +* [twitter-post] jq. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [doc] travis removed. [Alexandre Dulaunoy] + +* Can have mutliple text attributes. [Beaujeant] + +* [domain-ip] hostname added as an attribute. [Alexandre Dulaunoy] + +* Add type in schema. [Raphaël Vinot] + +* [schema] process-state updated. [Alexandre Dulaunoy] + +* [jq] all the [things] [Alexandre Dulaunoy] + +* [json] sort. [Steve Clement] + +* [process] revert back to single char in light of the new process-attribute. [Steve Clement] + +* [process] Added sane defaults. [Steve Clement] + +* [process] Updated process object. [Steve Clement] + +* [types] jarm-fingerprint added. [Alexandre Dulaunoy] + +* Using the actual attribute type for cpe and weakness instead of text. [chrisr3d] + +* [cpe-asset] updated. [Alexandre Dulaunoy] + +* [vulnerability] fixed. [Alexandre Dulaunoy] + +* [vulnerability] vulnerable_configuration are now cpe type. [Alexandre Dulaunoy] + +* [file] because sorted is always better. [Alexandre Dulaunoy] + +* [file] imphash and telfhash added. [Alexandre Dulaunoy] + +* [attribute type] new telfhash added. [Alexandre Dulaunoy] + +* [gitlab-user] because -r is important. [Alexandre Dulaunoy] + +* [type] new type added. [Alexandre Dulaunoy] + +* [doc] object lists updated. [Alexandre Dulaunoy] + +* Sort json. [Raphaël Vinot] + +* [github-user] reflect the API fields. [Alexandre Dulaunoy] + +* [keybase] be consistent with keybase API. [Alexandre Dulaunoy] + +* [keybase-account] at least username is required. [Alexandre Dulaunoy] + +* [twitter-account] incorrect description fixed. [Alexandre Dulaunoy] + +* [relationships] leaks, leaked-by doxed-by. [Alexandre Dulaunoy] + +* [schema] updated. [Alexandre Dulaunoy] + +* Making source port attribute multiple in the ip-port object. [chrisr3d] + +* [keybase] newline issue. [Alexandre Dulaunoy] + +* [keybase-account] meta category updated. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [keybase] description updated. [Alexandre Dulaunoy] + +* [keybase] updated. [Alexandre Dulaunoy] + +* [restore] file. [Alexandre Dulaunoy] + +* [doc] MISP object template. [Alexandre Dulaunoy] + +* [doc] example was broken. [Alexandre Dulaunoy] + +* [doc] README. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [jq] all the things. [Alexandre Dulaunoy] + +* [relationships] update relationships with space. [Alexandre Dulaunoy] + +* [tools] now using main branch instead of master while generating documentation. [Alexandre Dulaunoy] + +* [vulnerability] vulnerability is is now a vulnerability type. [Alexandre Dulaunoy] + + The vulnerability type is an official CVE number. + + We might need to add in the future a new attribute in the object + for non-CVE id of a vulnerability or adding other id type in the object. + + This commit fixes #234 + +* [schema] new types added. [Alexandre Dulaunoy] + +* [misp-objects] newline newline newline is the evil. [Alexandre Dulaunoy] + +* [pe] multiple is true not 1 ;-) [Alexandre Dulaunoy] + +* [pe] richpe. [Alexandre Dulaunoy] + +* [RichPE] added. [Andras Iklody] + +* [file] jq. [Alexandre Dulaunoy] + +* [doc] misp-objects list updated. [Alexandre Dulaunoy] + +* [license] clarify the license of MISP objects and software. [Alexandre Dulaunoy] + + The MISP objects JSON template are dual-licensed under CC-0 or 2-clause + BSD (like the taxonomies). + + Only the software in /tools is under the AGPL. + + Fix #266 + +* [dev] add Parler app objects. [VVX7] + +* [cortex-taxonomy] sort attributes. [Marc Hörsken] + + Make sure the attributes are sorted like a Cortex taxonomy + would normally be displayed/summarized: + + `namespace:predicate="value"` with `level` as a meta information. + +* [dev] disable correlation on some attributes. fix underscore typo in account profile-image. [VVX7] + +* [dev] make Reddit attributes (mostly) reflect Reddit API. [VVX7] + +* [dev] run validate_all/jq. [VVX7] + +* [dev] make twitter object attributes more consistent with twitter api. [VVX7] + +* [dev] add object properties from #257. [VVX7] + +* [dev] fix attribute type. [VVX7] + +* [dev] add user avatar. [VVX7] + +* [dev] change post-id attribute type to text. [VVX7] + +* [dev] run rq. [VVX7] + +* [dev] update tracking-id to disable correlation on id description. minor changes to attribute descriptions. [VVX7] + +* [new types] git-commit-id added. [Alexandre Dulaunoy] + +* [sms] format fixed. [Alexandre Dulaunoy] + +* [boleto] JSON fixed. [Alexandre Dulaunoy] + +* [publication] modify requiredOneOf, contributor type to text attribute. [VVX7] + +* Sort relationships. [Raphaël Vinot] + +* Sort all entries in jq script. [Raphaël Vinot] + +* Sort all the entries in the templates by default. [Raphaël Vinot] + +* [legal-entity] website and logo added for legal entity. [Alexandre Dulaunoy] + + Thanks to Emmanuel MANCIET for the proposal + +* [object] add new microblog attributes, change some of the descriptions to make them clearer. [VVX7] + +* [victim] add a domain to field to reference a victim by their Internet domain name. [Alexandre Dulaunoy] + +* [object] update narrative required object fields. [VVX7] + +* [object] update narrative object fields. [VVX7] + +* [x509] using built-in types wherever possible. [Golbark] + +* [doc] clarify the need to validate before doing a PR. [Christophe Vandeplas] + +* [object] disable correlation on some fields. add external references. [VVX7] + +* [object] add narrative description/summary. [VVX7] + +* [object] add narrative description/summary. [VVX7] + +* [object] change narrative version. [VVX7] + +* Bump CSSE COVID-19 Daily report to new version. [Raphaël Vinot] + +* [victim] add reference to case (as requested by law-enforcement - ENFORCE project) [Alexandre Dulaunoy] + +* [http-request] fixed. [Alexandre Dulaunoy] + +* [network-socket] add filename to object template. [Alexandre Dulaunoy] + +* [microblog] add Twitter-id reference. [Alexandre Dulaunoy] + +* [IntelMQ Event] replace non-ascii double quote by single quote. [Raphaël Vinot] + +* [vulnerability] remove underscore from the object. [Alexandre Dulaunoy] + +* [iot-device] reference added. [Alexandre Dulaunoy] + +* [file] imphash removed as it should be at PE level. [Alexandre Dulaunoy] + +* [pe] imphash and impfuzzy can be as key attribute. [Alexandre Dulaunoy] + +* [domain-crawled] domain shouldn't be a multiple. [Terrtia] + +* [iot] add SPI, Serial and JTAG status. [Alexandre Dulaunoy] + +* [iot] because reusing UUID is bad. [Alexandre Dulaunoy] + +* [schema] iot category added. [Alexandre Dulaunoy] + +* [crawled domain] rename object. [Terrtia] + +* Add domain crawled object. [Terrtia] + +* [relationships] 'knows' relationship added. [Alexandre Dulaunoy] + +* [sms] the SMS center is a phone number. [Alexandre Dulaunoy] + +* [rtir] disable correlation on incident state. [Alexandre Dulaunoy] + +* [sms] missing Cellebrite fields added. [Alexandre Dulaunoy] + +* [email] ip-src added in the email object templated as requested by Norberto Chavez. [Alexandre Dulaunoy] + +* [vehicule] image + type of vehicle added. [Alexandre Dulaunoy] + +* [organization] typo fixed + description added. [Alexandre Dulaunoy] + +* [phone] add brand and model. [Alexandre Dulaunoy] + +* [new object pgp-meta] Metadata extracted from a PGP keyblock, message or signature. [Terrtia] + +* [object fields] allow additional requiredOneOf fields in blog, microblog, meme-image objects. add attachment field to blog object. add username to news-media. [VVX7] + +* [object field] add profile picture to user-account. [VVX7] + +* [object field] enable multiple URL/link in microblog. [VVX7] + +* [object field] add title to microblog. [VVX7] + +* [object field] add link for user-account page. [VVX7] + +* [object fields] add forged-document types, add microblog state. [VVX7] + +* [microblog] allow multiple attachments per the enhancement request. [VVX7] + +* [microblog] add attachment field for issue #186. [VVX7] + +* [misinfosec objects] add archive (Internet Archive, Archive.is, etc) fields, change blog post title description. [VVX7] + +* [blog] add title field to object. [VVX7] + +* [meme-image] uuid and name duplicate. [VVX7] + +* [domain-ip] port added (required by AIL crawling) [Alexandre Dulaunoy] + +* [microblog] disable correlation for the verified-username state. [Alexandre Dulaunoy] + +* [annotation] 'full report' type added. [Alexandre Dulaunoy] + +* [organization] VAT - TAX-ID added in the template. [Alexandre Dulaunoy] + +* [relationships] mentions relationship has been added. [Alexandre Dulaunoy] + + Fix #214 + +* [microblog] add the ability to have non-malicious links. [Alexandre Dulaunoy] + + Fix #215 + +* [dark-pattern] typos. [Jean-Louis Huynen] + +* [types] updated. [Alexandre Dulaunoy] + +* [script] attachment field added. [Alexandre Dulaunoy] + +* Update crypto-material and url. [Raphaël Vinot] + +* [microblog] verified field added to add the state of the username. [Alexandre Dulaunoy] + +* [x509, crypto-material] several changes: - enables correlation on n, p, q; - allows for only providing modulus for crypto material; - specifies the expected data format of several fields. [Jean-Louis Huynen] + +* [crypto-material] new object to described key materials (public and private) [Alexandre Dulaunoy] + +* [x509] to map with D4 project snakeoil database. [Alexandre Dulaunoy] + +* [cowrie] to add HASSH of the client SSH session following Salesforce algorithm. [Alexandre Dulaunoy] + + As mentioned in #84 + +* [coin-address] DASH cryptocurrency address added. [Alexandre Dulaunoy] + +* [schema] updated to the latest version. [Alexandre Dulaunoy] + +* [translation] double entry fixed in requiredOneOf. [Alexandre Dulaunoy] + + Signed-off by: By de leaduh of JavaScript and decayin' indicatawhs + +* [translation] list of sane default for the languages + type of translation. [Alexandre Dulaunoy] + +* [credential] adding disable correlation when required. [Alexandre Dulaunoy] + +* [new object templates] various updates. [Alexandre Dulaunoy] + +* [relationships] new relationship added is-author-of - fix #183. [Alexandre Dulaunoy] + +* [validation] complement schema with categories/types. [Christophe Vandeplas] + +* [validation] improve validation script. [Christophe Vandeplas] + +* Rename category environment -> climate. [Raphaël Vinot] + +* [process] updated following the "mess" of representation in process object. [Alexandre Dulaunoy] + +* [doc] new object templates added. [Alexandre Dulaunoy] + +* [network-connection] community-id added. [Alexandre Dulaunoy] + +* [netflow] attribute community-id added in netflow object template. [Alexandre Dulaunoy] + +* [yara] add a yara-rule-name field which can be optional or the only field. [Alexandre Dulaunoy] + + As requested in https://github.com/MISP/MISP/issues/4858 + +* [objects] new objects added in the README. [Alexandre Dulaunoy] + +* Added user-id attribute as one of the required ones. [chrisr3d] + +* [rogue-dns] new object template expressing rogue dns. [Alexandre Dulaunoy] + + Thanks to CERT.br for the contribution + +* [relationships] screenshot-of added to the list of default relationships. [Alexandre Dulaunoy] + +* [shell-commands] fix typo in object name. [Alexandre Dulaunoy] + +* [doc] shell-commands object added. [Alexandre Dulaunoy] + +* [script] requiredOneOf for script or filename. [Alexandre Dulaunoy] + + Malicious scripts can be received without having a filename. + +* [doc] ssh-authorized-keys object template added. [Alexandre Dulaunoy] + +* [person] Gender unknown added. [Alexandre Dulaunoy] + + This has been added when investigation is ongoing and + alias is know but gender is unknown discovered during + Enforce training. + + topic:enforce + +* [microblog] state field added to describe if the tweet is malicious or just OSINT. [Alexandre Dulaunoy] + +* [authenticode] signerinfo template added. [Alexandre Dulaunoy] + +* [authenticode-signerinfo] first version. [Alexandre Dulaunoy] + +* [jq] jq all the things(tm) [Alexandre Dulaunoy] + +* [x509] improve X.509 certificate description to match required ones from LIEF (as discussed in #180). [Alexandre Dulaunoy] + +* [regripper] version updated. [Alexandre Dulaunoy] + +* [irc] add nickname used for associated IRC server and channel(s) [Alexandre Dulaunoy] + +* [device] name of an object must be lowercase. [Alexandre Dulaunoy] + +* [doc] phishing-kit object added to the list. [Alexandre Dulaunoy] + +* [phishing-kit] small typo fixed in the description. [Alexandre Dulaunoy] + +* [tools] remove trailing dot if presents. [Alexandre Dulaunoy] + +* Allow to create a file object with a non-malicious file. [Raphaël Vinot] + + Fix #175 #176 + +* [doc] new organization and device object added. [Alexandre Dulaunoy] + +* [schema] category removed. [Alexandre Dulaunoy] + +* [ip-port] ip-src added to fix #149. [Alexandre Dulaunoy] + +* [script] filename added to fix #149. [Alexandre Dulaunoy] + +* [doc] tor-hiddenservices added. [Alexandre Dulaunoy] + +* [lnk] new LNK object (Windows Shortcut) [Alexandre Dulaunoy] + +* [process] fix the type - fix #160. [Alexandre Dulaunoy] + +* Bump vehicle object. [Raphaël Vinot] + +* [person] Spanish IDs added (NIE, NIF and DNI) [Alexandre Dulaunoy] + +* [elf] disable correlation on file type. [Alexandre Dulaunoy] + +* [email] IP and hostname fields from extracted headers. [Alexandre Dulaunoy] + +* [file] preferred charset used by the file (if decoded from mime-type parsing) [Alexandre Dulaunoy] + +* [doc] to_ids flag was missing in the README. [Alexandre Dulaunoy] + +* [phishing] removed the IDS flag on the email used for takedown - and change attribute type. [Alexandre Dulaunoy] + +* [anonymisation] add level-of-knowledge to request for more information if needed. [Alexandre Dulaunoy] + +* [anonymisation] algo list fixed. [Alexandre Dulaunoy] + +* [script] added PHP in the most used programming language (at least when looking at malicious WebShells on the Internet) [Alexandre Dulaunoy] + + - I sense a new stackoverflow survey category + +* [http-request] IP as allowed type. [Christophe Vandeplas] + +* [doc] copyright date fixed. [Alexandre Dulaunoy] + +* [relationships] witness-of added. [Alexandre Dulaunoy] + +* [doc] facial-composite object added. [Alexandre Dulaunoy] + +* [person] portrait added #133. [Alexandre Dulaunoy] + +* [person] OFAC fields - Office of Foreign Assets Control. [Alexandre Dulaunoy] + +* Chg: [microblog] a small clarification about the username to avoid the @ [Alexandre Dulaunoy] + +* [cortex] description updated as TheHive/Cortex observables will be attributes with relationships from this object. [Alexandre Dulaunoy] + +* [cortex-taxonomy] aka mini-report. [Alexandre Dulaunoy] + +* [definition] Extended crypto coin object to be able to enrich with interesting data. [Steve Clement] + +* [mactime-timeline-analysis] disable some correlations. [Alexandre Dulaunoy] + +* [ip-api-adress] updated to ensure correlation disabled. [Alexandre Dulaunoy] + +* Add type of internal reference. [Raphaël Vinot] + +* [regripper-sam-hive-single-user] uuid fixed. [Alexandre Dulaunoy] + +* [tsk-web-downloads] including link versus url (we assume it's malicious link by default) [Alexandre Dulaunoy] + +* Jq'ed all the objects. [aksha] + +* [pcap-metadata] linktype added in the sane default. [Alexandre Dulaunoy] + +* [relationships] newline and relationship file ;-) [Alexandre Dulaunoy] + +* [person] add attributes to whois-related information which can be associated to a person. [Alexandre Dulaunoy] + +* [relationships] references added (useful for *INT collection referencing something which needs further analysis) [Alexandre Dulaunoy] + + - Example: a tweet referencing a hash which needs further analysis: + +* [network-connection] disable correlation. [Alexandre Dulaunoy] + +* [process] disable correlation where it's not required. [Alexandre Dulaunoy] + +* [phishing] new object added. [Alexandre Dulaunoy] + +* [phishing] new template object (first draft) based on the phishtank format. [Alexandre Dulaunoy] + +* [doc] mactime template added. [Alexandre Dulaunoy] + +* Jq all the things ;-) [Alexandre Dulaunoy] + +* [relationship] annotates relationship added (useful for the annotation object) [Alexandre Dulaunoy] + +* [README] malware-config object added. [Alexandre Dulaunoy] + +* [malware-config] new object to describe malware configuration in clear-text or encrypted/encoded. [Alexandre Dulaunoy] + + ref: fix https://github.com/MISP/MISP/issues/3679 + +* [file] fullpath can be part of a single file object. [Alexandre Dulaunoy] + +* [relationships] updated with new relationships. [Alexandre Dulaunoy] + +* [ail] version of the template updated. [Alexandre Dulaunoy] + +* [tracking-id] add the tracker origin such as the vendor or software. [Alexandre Dulaunoy] + +* [original-import-file] list of "sane" default format. [Alexandre Dulaunoy] + +* [doc] tracking-id added to the list of templates. [Alexandre Dulaunoy] + +* Deleted filename attribute since it is already contained in attachment. [chrisr3d] + +* [file] following some CyBOX import adding a fullpath field which includes filename and path request. [Alexandre Dulaunoy] + +* [forensic-evidence] updated to include other tools and correlation disabled for some fields. [Alexandre Dulaunoy] + +* Chg: [forensic-case] object added based on the original one from @Aks6193. [Alexandre Dulaunoy] + + The idea is to separate the evidences from the case itself as you can + have multiple acquisitions for a specific case. Another object template + is required such as [forensic-evidence] to be able to link between the + forensic-case object and one or more evidences. + +* [ja3] categories removed (default attributes categories will be used) [Alexandre Dulaunoy] + + Fix MISP/MISP/issues/3593 + +* [geolocation] disable correlation on specific attributes. [Alexandre Dulaunoy] + +* [vehicle] Vehicle object template to describe a vehicle information and registration. [Alexandre Dulaunoy] + +* [paste object] add a link attribute when the paste reference is not malicious. [Alexandre Dulaunoy] + +* [misp-objects] multiple flag is now visible in asciidoctor output. [Alexandre Dulaunoy] + +* Allow multiple domains too fix #108. [Alexandre Dulaunoy] + +* [threadgrid-report] added in the list of objects. [Alexandre Dulaunoy] + +* [coin-address] ETN symbol added. [Alexandre Dulaunoy] + +* [relationship] exploits added. [Alexandre Dulaunoy] + +* [exploit-poc] a same context can contains multiple PoC samples. [Alexandre Dulaunoy] + +* [exploit-poc] added to the list of objects. [Alexandre Dulaunoy] + +* [JSON schema] vulnerability added as meta-category. [Alexandre Dulaunoy] + +* [vulnerability] is now in its own vulnerability meta-category. [Alexandre Dulaunoy] + +* [vulnerability] updated following NATO and CIRCL feedback. [Alexandre Dulaunoy] + + - CVSS score added + - CVSS string added + - credit attribute added + - text -> description + - vulnerability attribute can now be any format (not only the CVE + format) + +* [coin-address] XMR type address added in addition to the default Bitcoin address format. [Alexandre Dulaunoy] + +* Jq all the things. [Alexandre Dulaunoy] + +* New script template object. [Alexandre Dulaunoy] + + Object describing a computer program written to be run in a special run-time environment. The script or shell + script can be used for malicious activities but also as support tools for threat analysts. + + Fix #101 + +* EPSG and spacial-reference add fix #102. [Alexandre Dulaunoy] + + Following feedback during the last ENISA Cyber Europe 2018, we updated + the geolocation object to the following: + + - Fixing ui-priority to ensure lat,long in order + - Adding the ability to specify an EPSG value instead of coordinates + (handy if you want to quickly express a known location/area) + - Set a default spacial-reference to avoid confusion between reported + value from GPS versus values projected into a specific spacial + projection. default is WGS-84. + +* Shortened-link template added. [Alexandre Dulaunoy] + +* Username of the author added + disable correlation for origin. [Alexandre Dulaunoy] + +* Change version of the SS7 template object. [Alexandre Dulaunoy] + +* Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. [Alexandre Dulaunoy] + +* Update email template. [Raphaël Vinot] + +* [email] add email-body in requiredOneOf. [Raphaël Vinot] + +* Disable correlations in fail2ban. [Raphaël Vinot] + +* Fix&update fail2ban def. [Raphaël Vinot] + +* Added address and zip code attributes. [chrisr3d] + +* Updated name of the new attribute. [chrisr3d] + +* Added identity card number. [chrisr3d] + +* Whois object now includes registrant-org matching new MISP attributes type - whois-registrant-org. [Alexandre Dulaunoy] + +* Allow malware-sample as only attribute in file. [Raphaël Vinot] + +* Fix logic in URL. [Raphaël Vinot] + + Fix #21 + +* Disable some correlations by default in URL. [Raphaël Vinot] + + Fix #47 + +### Fix + +* [stix2-pattern] disable correlation on version. [Alexandre Dulaunoy] + + Thanks to the new feature in MISP 2.4.142 to find top correlations ;-) + +* Typo. [Raphaël Vinot] + +* [dkim] clean-up. [Alexandre Dulaunoy] + +* Commas were sometimes doubled. [Théo BARRAGUÉ] + +* [splunk] fixed. [Alexandre Dulaunoy] + +* Keys order in VT object. [Raphaël Vinot] + +* [tool] link to object template fixed. [Alexandre Dulaunoy] + +* [twitter-post] underscore - minus are difficult to choose from ;-) [Alexandre Dulaunoy] + +* JSON Validation. [chrisr3d] + +* Disabling correlation for all the bgp-ranking object attributes. [chrisr3d] + +* JSON validation. [chrisr3d] + +* Incorrect relationships in requiredoneof field. [Raphaël Vinot] + +* Validate json. [Raphaël Vinot] + +* Validation issue fixed. [chrisr3d] + +* Normalised object relations of the ilr objects. [chrisr3d] + + - Using dash as separator instead of space + +* Normalised object relations of the vehicle object. [chrisr3d] + + - Using dash as separator instead of space + +* Normalised object relations of the phishing objects. [chrisr3d] + + - Using dash as separator instead of space + +* Normalised object relations of the ip-api-address object. [chrisr3d] + + - Using dash as separator instead of space + +* Python2 is dead dead dead. [Raphaël Vinot] + +* Align directory names with object name. [Raphaël Vinot] + +* Typo in requiredOneOf. [Raphaël Vinot] + +* Typo in requiredOneOf. [Raphaël Vinot] + +* Attachment object relation does not exists. [Raphaël Vinot] + +* Added iban as an alternative to bank account for the requirements. [Andras Iklody] + + - fixes https://github.com/MISP/MISP/issues/5358 + +* [new object pgp-meta] remove first seen/last seen + fix description. [Terrtia] + +* Missing pep8 check. [Raphaël Vinot] + +* Wrong name in requiredOneOf. [Raphaël Vinot] + +* To_ids must be a bool. [Raphaël Vinot] + +* [microblog] to_ids changes. [Andras Iklody] + +* Type asn -> AS. [Raphaël Vinot] + +* Ui-priority is required in the object template. [Raphaël Vinot] + +* Make jq happy. [Raphaël Vinot] + +* Duplicate in coin-address. [Raphaël Vinot] + +* [virustotal] corrected typo in category. [Christophe Vandeplas] + +* [timesketch] fix incorrect attribute type. [Christophe Vandeplas] + +* [process] change undefined attributes. [Pierre-Jean Grenier] + + misp-attributes 'uuid' and 'src-port' do not exist, change those to something else so that we can use this object properly + +* JQed all the things. [chrisr3d] + +* TYPO. [chrisr3d] + +* Disabled correlation for original imported samples. [chrisr3d] + +* [relationships] removed duplicate. [Christophe Vandeplas] + +* [cortex-taxonomy] jq all the things(tm) [Alexandre Dulaunoy] + +* [definition] Fixed current balance type, is float. [Steve Clement] + +* JQ things. [Raphaël Vinot] + +* Various typos. [Alexandre Dulaunoy] + +* Jq all the things(tm) [Alexandre Dulaunoy] + +* Changed TSK object names to lower case. [aksha] + +* Regripper object templates fixed. [aksha] + +* NTUser template. [aksha] + +* Disabled correlation of imported files format attribute. [chrisr3d] + +* JQed ip-api-address template. [chrisr3d] + +* Fixed ip-api-address object template filename. [chrisr3d] + +* [ail-leak] disable correlation. [Terrtia] + +* Typo in link to an object. [chrisr3d] + +* Changed 'type' attribute that is more relevant as being called 'format' [chrisr3d] + +* [geolocation] to include accuracy-radius as described by maxmind geoip2 API. [Alexandre Dulaunoy] + +* Some relationships typo fixed. [chrisr3d] + +* Fixed exploits relationship properties. [chrisr3d] + +* [suricata] allow multiple Suricata rules in the object (similar context) and fix the rule to be in Snort format. [Alexandre Dulaunoy] + + Fix #106 + +* Missing ui-priority. [Alexandre Dulaunoy] + +* RequiredOneOf field. [chrisr3d] + + Sorry, ate too much ananas in my pizza + +* Jq all. [Alexandre Dulaunoy] + +* Bump email template version. [Raphaël Vinot] + +* Add hostname to ip-port template and make attributes multiple. [Alexandre Dulaunoy] + +* File path added in file object. [Alexandre Dulaunoy] + +* Fix: Feedback from @sheidan. [Alexandre Dulaunoy] + +* Name of the object template was incorrect. [Alexandre Dulaunoy] + +* Wrong attribute name. [Raphaël Vinot] + +* Attribute type fixed. [Alexandre Dulaunoy] + +* Version field added if stix2-pattern has multiple version in the future. [Alexandre Dulaunoy] + +* Whois record object updated to cover both cases: domain or IP address. [Alexandre Dulaunoy] + +* Raw whois is also accepted as single attribute in whois object. [Alexandre Dulaunoy] + + Required for importing STIX CybOX 1.1 object where just a raw whois + entry is added in remarks. + +* Some parts of the URL can be repeated such as resource path, anchor... [Alexandre Dulaunoy] + + multiple flag added to the potential part to be repeated. + + following a discussion in Gitter with @makflwana + +* Disable correlation for compression algorithms. [Alexandre Dulaunoy] + +* Cowrie object - SSH attributes added. [Alexandre Dulaunoy] + +* Add missing destination and source port. [Alexandre Dulaunoy] + +* Jq all the things. [Alexandre Dulaunoy] + +* Fixed somme bank-account fields. [chrisr3d] + +* Use new attribute type mime-type instead of text. [Alexandre Dulaunoy] + +* Trailing dot removed. [Alexandre Dulaunoy] + +* Improve ip-port object to add domain instead of IP address. [Alexandre Dulaunoy] + +* Increment version of the MISP email object. [Alexandre Dulaunoy] + +* Sandbox report. [Alexandre Dulaunoy] + +* Sandbox signature added. [Alexandre Dulaunoy] + +* Sandbox report object added in the list. [Alexandre Dulaunoy] + +* Passive DNS records especially on the disabled_correlation fields. [Alexandre Dulaunoy] + +* Make the schema happy. [Raphaël Vinot] + +* Make JQ happy. [Raphaël Vinot] + +* Person object updated to match AML client record + various fixes. [Alexandre Dulaunoy] + +* Registry-key updated. [Alexandre Dulaunoy] + +* We are in 2018. [Alexandre Dulaunoy] + +* Annotation object. [Alexandre Dulaunoy] + +* Add missing attribute type for the state. [Alexandre Dulaunoy] + +* Vulnerability object improved to include the case of unpublished security vulnerability. [Alexandre Dulaunoy] + +* GTPInterface updated. [Alexandre Dulaunoy] + +* GTP attack - multiple on GTP interface. [Alexandre Dulaunoy] + +* Disable correlation on fields where is not needed. [Alexandre Dulaunoy] + +* Disable correlation on microblog type (Twitter or alike) [Alexandre Dulaunoy] + +* Disable correlation on all filename-* [Alexandre Dulaunoy] + +* Disable correlation on filename by default. [Alexandre Dulaunoy] + +* Update registry-key to match correct MISP attributes. [Alexandre Dulaunoy] + +* X509 object now uses the new and proper fp type. [Alexandre Dulaunoy] + +* Update android permissions based on Google latest list. [Alexandre Dulaunoy] + +* MISP type are case-sensitive - fixing AS number type. [Alexandre Dulaunoy] + +* AIL leak object to include raw-data. [Alexandre Dulaunoy] + +* Subnets announced is an ip-src type. [Alexandre Dulaunoy] + +* Structure fixed + CEF dedication added. [Alexandre Dulaunoy] + +* Origin of credential as sane_default. [Alexandre Dulaunoy] + +* RequiredOneOf list of r2graphity was wrong. [Raphaël Vinot] + + Fix #20 + +* Missing description added in asciidoc files. [Alexandre Dulaunoy] + +* Fixed typo. [iglocska] + +* Updated the required value field to values list. [iglocska] + +* Updated the required_value field with the new name: values_list. [iglocska] + +* Fixed an issue with the email object not having the correct requiredoneof fieldnames, fixes MISP/MISP#2481. [iglocska] + +* Port is used instead of text type. [Alexandre Dulaunoy] + +* Communicate-with relationship added. [Alexandre Dulaunoy] + +* Tld type not existing in MISP. [Alexandre Dulaunoy] + +### Other + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge branch 'phmazzoni-patch-3' into main. [Raphaël Vinot] + +* Create definition.json. [phmazzoni] + +* Delete objects/panorama directory. [phmazzoni] + +* Merge pull request #308 from phmazzoni/main. [Raphaël Vinot] + + Create Palo Alto Threat Log Object Template. + +* Create definition.json. [phmazzoni] + + Create Palo Alto Threat Log Object Template. + +* Merge pull request #307 from hackunagi/main. [Alexandre Dulaunoy] + + Creation of Network Profile MISP Object + +* Creation of Network Profile MISP Object. [Carlos Borges] + + The idea behind this object is to provide a unique form to identify network artifacts. + It's a mix of different including whois, URL and domain. + + The need for a consolidated object comes to group correlated elements. + + Beyond that, I'm introducing the idea to use the correlation feature in more generic ways. + Example: + + The value of "threat-actor-infrastructure-value" is the unique value observed on a network resource that identify it. A practical and tested example is this resources from Kaspesky. + + https://securelist.com/the-tetrade-brazilian-banking-malware/97779/ + + On this article they mention a trojan family called Javali. They recover the C2 server abusing Google Docs services. The mentioned field "threat-actor-infrastructure-value" would register the values available on this image. This item should be hard to correlate with other similar items, as this can change frequently. + + A way to change it is also to register a more general pattern of the data with the "threat-actor-infrastructure-pattern". I.E + + inicio{ + "host":"", + "porta":"" + }fim + + With other investigations and registry of it on MISP, is possible to correlate this data, facilitate identification of patterns used for tracking purposes and facilitate analysis. + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge pull request #306 from theobarrague/main. [Alexandre Dulaunoy] + + Ajout des relations opposées dans relationships/definition.json + +* Merge branch 'main' into main. [Théo BARRAGUÉ] + +* Add: check if opposite key is valid in relationships. [Théo BARRAGUÉ] + +* Add: tool to validate if declared opposites exist. [Théo BARRAGUÉ] + +* Add: opposite of 26 relationships. [Théo BARRAGUÉ] + +* Merge pull request #305 from marcnil815/patch-1. [Alexandre Dulaunoy] + + Update definition.json + +* Update definition.json. [marcnil815] + + Added possibility for multiple searches in same object to accomodate using raw searches and datamodel searches. + +* Merge pull request #304 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [telegram-account] required attributes + +* Merge pull request #302 from ater49/main. [Alexandre Dulaunoy] + + Adding fields in twitter-post and paste + +* Typo and version number correction + adding a field in twitter-post. [ater49] + + Adding created-at field in twitter-post + +* Add media in twitter-post in order to store attached medias in a tweet. [ater49] + + Add pastebin.fr in source of paste and paste_file for storing whole + paste file. + +* Merge pull request #303 from seamustuohy/pymisp-pr/631. [Alexandre Dulaunoy] + + Updated for support for msg format. + +* Updated for support for msg format. [seamus tuohy] + + Adding first class support for Emails in .msg format to the email definition. + This includes making the attribute support multiple bodies. Msg formats + nearly always have at least 2, if not 3, versions of the body (plain text, rtf, html). + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge pull request #299 from beaujeant/main. [Alexandre Dulaunoy] + + chg: can have mutliple text attributes + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge branch 'SteveClement-process' into main. [Alexandre Dulaunoy] + +* Merge branch 'process' of https://github.com/SteveClement/misp-objects into SteveClement-process. [Alexandre Dulaunoy] + +* Merge remote-tracking branch 'upstream/main' into process. [Steve Clement] + +* Merge remote-tracking branch 'upstream/master' into process. [Steve Clement] + +* Add: [passive-dns] Added a raw_rdata object relation. [chrisr3d] + +* Merge pull request #297 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + Using the actual attribute type for cpe and weakness instead of text + +* Merge pull request #295 from rhallick/intel471-1. [Raphaël Vinot] + + Addition of intel471-vulnerability-intelligence object + +* .DS_Store file removed. [Richard Hallick] + + .DS_Store file removed. + +* Addition of Intel 471 vulnerability intelligence object. [Richard Hallick] + + Intel 471 object to contain structured vulnerability related data. + +* Addition of intel471-vulnerability-intelligence object. [Richard Hallick] + + Intel 471 object to contain structured vulnerability related data. + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Add: Description of the bgp-ranking new object added to the list of objects. [chrisr3d] + +* Merge pull request #293 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + BGP Ranking object & relationships + +* Add: Added specific relationship between an asn object and the recently added bgp-ranking object. [chrisr3d] + +* Add: Added some relationships introduced recently in misp modules. [chrisr3d] + +* Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch. [chrisr3d] + +* Add: Added an IP address family attribute to describe the address family concerned by the BGP ranking. [chrisr3d] + +* Add: First version of a BGP ranking object to represent the ranking of an ASN at a specific point of time. [chrisr3d] + + - We can then associate as many bgp-ranking + objects as we need to the corresponding ASN + object, each one of them being the ranking of + the ASN for a given day + +* Merge pull request #291 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + Normalisation of the object relations for some object + small change on an attribute of the ip-port object + +* Merge branch 'C00kie--main' into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main. [Alexandre Dulaunoy] + +* Revert "added description field in attributes" [Pauline Bourmeau] + + This reverts commit 3224f78d4ff6b40bd34fe25f4f7f6b2d2d12eed6. + +* Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main. [Alexandre Dulaunoy] + +* Jq-ed file. [Pauline Bourmeau] + +* Added description field in attributes. [Pauline Bourmeau] + +* Fixed comments. [Pauline Bourmeau] + +* First addition of keybase object. [Pauline Bourmeau] + +* Merge pull request #284 from C00kie-/patch-5. [Alexandre Dulaunoy] + + added json multiple objects twitter-following and twitter-followers + +* Update definition.json. [Pauline Bourmeau] + +* Merge pull request #283 from C00kie-/patch-3. [Alexandre Dulaunoy] + + added multiple json object for following and followers + +* Update definition.json. [Pauline Bourmeau] + +* Merge pull request #282 from C00kie-/patch-1. [Alexandre Dulaunoy] + + Update definition.json + +* Update definition.json. [Pauline Bourmeau] + +* Merge branch 'C00kie--main' into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of https://github.com/C00kie-/misp-objects into C00kie--main. [Alexandre Dulaunoy] + +* Update definition.json. [Pauline Bourmeau] + +* Update definition.json. [Pauline Bourmeau] + +* Update definition.json. [Pauline Bourmeau] + +* Merge branch 'main' of github.com:MISP/misp-objects into main. [Alexandre Dulaunoy] + +* Merge pull request #276 from rmkml/main. [Alexandre Dulaunoy] + + add SHA3 Hash on definition.json + +* Add SHA3 Hash on definition.json. [rmkml] + +* Merge branch 'rmkml-main' into main. [Alexandre Dulaunoy] + +* UUID must be the same. [Alexandre Dulaunoy] + +* Add vhash (VirusTotal Hash) on definition.json. [rmkml] + +* Merge pull request #269 from emilhf/additional-dns-records. [Alexandre Dulaunoy] + + Add more rrtypes to dns-record + +* Add more rrtypes to dns-record. [Emil Henry Flakk] + +* Merge pull request #265 from VVX7/master. [Andras Iklody] + + chg: [dev] add Parler app objects + +* Merge pull request #264 from mback2k/patch-1. [Alexandre Dulaunoy] + + chg: [cortex-taxonomy] sort attributes + +* Merge pull request #262 from gallypette/master. [Alexandre Dulaunoy] + + add: [d4] authentication failure report object + +* Add: [d4] authentication failure report object. [Jean-Louis Huynen] + +* Merge pull request #261 from VVX7/master. [Alexandre Dulaunoy] + + chg: [dev] disable correlation on some attributes. + +* Merge pull request #260 from VVX7/master. [Alexandre Dulaunoy] + + chg: [dev] make Reddit attributes reflect Reddit API. + +* Merge pull request #258 from VVX7/master. [Alexandre Dulaunoy] + + chg: [dev] add object properties from #254 + +* Merge pull request #259 from trustar/EN-4434/misp-objects/trustar_report_update. [Alexandre Dulaunoy] + + extending trustar_report object in order to provide fields in which e… + +* Fixed order. [Jesse Hedden] + +* Extending trustar_report object in order to provide fields in which enrichment data from a planned expansion module can be stored. [Jesse Hedden] + +* Merge pull request #257 from VVX7/master. [Alexandre Dulaunoy] + + new reddit objects + +* Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] + +* Merge pull request #256 from VVX7/master. [Alexandre Dulaunoy] + + facebook account object + +* Merge pull request #255 from VVX7/master. [Andras Iklody] + + add facebook objects + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #253 from MISP/git-vuln-finder. [Raphaël Vinot] + + new: Preliminary version of git-vuln-finder object template + +* Merge branch 'hackunagi-master' [Alexandre Dulaunoy] + +* Updating template version. [Carlos Borges] + +* Updating a missing comma. [Carlos Borges] + +* Adding phone company of the sending SMS number. [Carlos Borges] + + While sharing some data using this object, we saw the need to add the phone company of the number sending the sms. + With it we can make good local correlations and have an idea of flaws ocurring on phone number release by these companies. + Using web services like Truecaller, it's possible to enrich an analysis with this data. + +* Merge pull request #2 from MISP/master. [Carlos Borges] + + Fork update + +* Merge branch 'hackunagi-master' [Alexandre Dulaunoy] + +* New object - Boleto. [Carlos Borges] + + Boleto is a very common form of payment used in Brazil and used a lot by cybercriminals to execute fraud. + Basically a bank or financial instituion is allowed to generate boletos, that is a 40 digit number code. + This object will help institutions identify frauds sources and improve orgs protection. + +* Merge pull request #1 from MISP/master. [Carlos Borges] + + Fork update + +* Merge pull request #250 from VVX7/master. [Alexandre Dulaunoy] + + chg: [publication] modify requiredOneOf field + +* Merge pull request #249 from VVX7/master. [Alexandre Dulaunoy] + + new: [publication] add object to describe academic journals, books, etc. + +* Merge pull request #248 from MISP/sort. [Alexandre Dulaunoy] + + Sort all json files, fix a few directories names. + +* Merge pull request #247 from VVX7/master. [Andras Iklody] + + chg: [object] add new microblog attributes + +* Merge pull request #246 from VVX7/master. [Alexandre Dulaunoy] + + chg: [object] update narrative required object fields + +* Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] + +* Merge pull request #245 from VVX7/master. [Alexandre Dulaunoy] + + chg: [narrative] add disproof property + +* Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] + +* Merge pull request #244 from Golbark/x509_enhancements. [Christophe Vandeplas] + + chg: [x509] using built-in types wherever possible + +* Merge pull request #243 from VVX7/master. [Alexandre Dulaunoy] + + chg: [narrative] update narrative object + +* Merge branch 'master' of https://github.com/misp/misp-objects. [VVX7] + +* Merge pull request #242 from VVX7/master. [Alexandre Dulaunoy] + + new: [object] add narrative. + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Merge pull request #241 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + External references attribute for attack-pattern object + +* Add: External references attribute for attack-pattern object. [chrisr3d] + +* Merge branch 'master' into chrisr3d_patch. [chrisr3d] + +* Merge pull request #240 from cudeso/master. [Alexandre Dulaunoy] + + Objects for data coming from the Cytomic Orion API + +* JQ-all-the-things. [Koen Van Impe] + +* Update object definition with first-|last- seen. [Koen Van Impe] + +* Remove -x from JSON files. [Koen Van Impe] + +* Fix with jq_all_the_things. [Koen Van Impe] + +* Objects for data coming from the Cytomic Orion API. [Koen Van Impe] + +* Merge pull request #239 from cbboggs/cbboggs-http-request. [Alexandre Dulaunoy] + + Adding optional ip-src to http-request + +* Adding optional ip-src to http-request. [cbboggs] + + modified existing "ip" attribute to "ip-dst", and added attribute for ip-src. This allows http-request to be used in scenarios where observed connections are source specific, not destination specific. + +* Merge pull request #238 from pettai/intelmq_event. [Alexandre Dulaunoy] + + More explicit misp-attribute types + +* Update definition.json. [frpet] + + bump version + +* Use more explicit misp-attribute types. [frpet] + + Use the apropriate misp-attribute type for *local_hostname, *fqdn, *.md5|*.sha* + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Merge pull request #235 from MISP/gen_sym_key. [Alexandre Dulaunoy] + + new: [crypto-material] add generic-symmetric-key + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Add: [iot-firmware] new object template to describe IoT firmware. [Alexandre Dulaunoy] + + The relationship will be often between iot-device and iot-firmware. + +* Merge pull request #233 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [domain-crawled] domain shouldn't be a multiple + +* Merge pull request #232 from Terrtia/master. [Alexandre Dulaunoy] + + domain-crawled object + +* Merge pull request #231 from Delta-Sierra/master. [Alexandre Dulaunoy] + + allow several subjects or sender for email objects + +* Update version. [Deborah Servili] + +* Allow several subjects or sender for email objects. [Deborah Servili] + +* Merge pull request #229 from ater49/master. [Alexandre Dulaunoy] + + Adding compatibility with some HAR fields + +* Adding some parts from HAR format description (http://www.softwareishard.com/blog/har-12-spec/) (More to come) [ater49] + +* Merge pull request #228 from VVX7/master. [Alexandre Dulaunoy] + + new: [objects] instant message objects + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #227 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [new object pgp-meta] + +* Merge pull request #226 from VVX7/master. [Alexandre Dulaunoy] + + chg: [object fields] allow additional requiredOneOf fields + +* Merge pull request #225 from VVX7/master. [Alexandre Dulaunoy] + + chg: [object field] add title to microblog + +* Merge pull request #223 from VVX7/master. [Alexandre Dulaunoy] + + chg: [misinfosec objects] add archive field + +* Fic: Make pep8 happy. [Raphaël Vinot] + +* Merge pull request #222 from VVX7/master. [Alexandre Dulaunoy] + + chg: [blog] add title field to blog object + +* Merge pull request #221 from VVX7/master. [Alexandre Dulaunoy] + + Disinformation objects + +* Merge remote-tracking branch 'upstream/master' [VVX7] + +* Merge pull request #219 from N1col4s5742/master. [Alexandre Dulaunoy] + + Add vehicle state + +* Change definition.json for vehicle and geolocation with verification sponge. [Nicolas] + +* Change definition.json for vehicle and geolocation. [Nicolas] + +* Change definition.json for vehicle. [Nicolas] + +* Vehicle state. [N1col4s5742] + +* Bump version. [N1col4s5742] + +* Add vehicle state. [N1col4s5742] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #220 from StefanKelm/master. [Alexandre Dulaunoy] + + Update definition.json + +* Update definition.json. [StefanKelm] + + Add compilation timestamp (similar to pe object) + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #217 from Delta-Sierra/master. [Deborah Servili] + + add imphash in file object + +* Add imphash in file object. [Deborah Servili] + +* Switch requiredOneOf list to required since it contains only one element. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #216 from gallypette/patch-1. [Christian Studer] + + chg: [dark-pattern] typos + +* Merge pull request #213 from gallypette/master. [Alexandre Dulaunoy] + + add: [dark-pattern] new object to share dark-patterns + +* Add: [dark-pattern] new object to share dark-patterns. [Jean-Louis Huynen] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #211 from file-not-found/master. [Alexandre Dulaunoy] + + added "type" to "requiredOneOf" + +* Updated "version" to 4. [m4tze] + +* Added "type" to "requiredOneOf" [m4tze] + +* New [tools] simple tool to dump list of objects with their descriptions. [Alexandre Dulaunoy] + +* Merge pull request #209 from gallypette/master. [Alexandre Dulaunoy] + + chg: [x509, crypto-material] several changes: + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Update definition.json. [Alexandre Dulaunoy] + + Following discussion during MISP training - new language seen in a malware campaign. + +* Merge pull request #207 from Delta-Sierra/master. [Alexandre Dulaunoy] + + rename object misc to organization + update version + +* Rename object misc to organization + update version. [Deborah Servili] + +* Update version of paste object. [Deborah Servili] + +* Merge pull request #206 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add translation object + +* Jq. [Deborah Servili] + +* Add translation object. [Deborah Servili] + +* Add hashtag attribute in microblog object. [Deborah Servili] + +* Merge pull request #205 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update microblog object - use link for non malicious link of the micr… + +* Merge https://github.com/MISP/misp-objects. [Deborah Servili] + +* Merge pull request #204 from saadkadhi/patch-1. [Alexandre Dulaunoy] + + Better wording + +* Better wording. [Saad Kadhi] + +* Merge pull request #203 from saadkadhi/patch-2. [Alexandre Dulaunoy] + + Better wording + +* Better wording. [Saad Kadhi] + +* Update microblog object - use link for non malicious link of the microblog post and embedded-link forlink into the microblog post. [Deborah Servili] + +* Merge branch 'Delta-Sierra-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-objects into Delta-Sierra-master. [Alexandre Dulaunoy] + +* Draft command object. [Deborah Servili] + +* Add impersonation object. [Deborah Servili] + +* Merge pull request #200 from cvandeplas/master. [Christophe Vandeplas] + + adds validation on type/categories and fixes an incorrect one + +* Sort schema_objects. [Christophe Vandeplas] + +* Merge pull request #198 from zaphodef/patch-3. [Raphaël Vinot] + + fix: [process] change undefined attributes + +* Add: Updated readme with the latest objects added. [chrisr3d] + +* Merge pull request #197 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add injects-into and injected-into relationships + +* Merge. [Deborah Servili] + +* Merge pull request #196 from zaphodef/patch-1. [Christophe Vandeplas] + + Change undefined category to "External analysis" + +* Change undefined category to "External analysis" [Pierre-Jean Grenier] + +* Merge pull request #195 from chrisr3d/new_objects. [Alexandre Dulaunoy] + + New objects to describe CWE & CAPEC data related to a CVE + +* Merge pull request #193 from kx499/master. [Alexandre Dulaunoy] + + Adds employee object, dns-record object, and shodan object + +* Merge remote-tracking branch 'upstream/master' [kx1499] + +* Merge remote-tracking branch 'upstream/master' [kx1499] + +* Merge remote-tracking branch 'upstream/master' [kx1499] + +* Merge branch 'master' of https://github.com/kx499/misp-objects. [kx1499] + +* Merge remote-tracking branch 'upstream/master' [kx499] + +* Updated employee object to disable correlation on specific fields. [kx499] + +* Merge remote-tracking branch 'upstream/master' [kx499] + +* Updated disabling correlation for userid. [kx1499] + +* Merge remote-tracking branch 'upstream/master' [kx1499] + +* Added employee-type. [kx499] + +* Added employee object. [kx499] + +* Dns record and shodan report objects. [kx499] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Disable correlation on the text field. [Sascha Rommelfangen] + +* Transaction number must be multiple (and text) [Sascha Rommelfangen] + +* Merge pull request #191 from MISP/rommelfs-patch-5. [Sascha Rommelfangen] + + fixed issue with requirements + +* Bumped version. [Sascha Rommelfangen] + +* Fixed issue with requirements. [Sascha Rommelfangen] + +* Merge pull request #190 from MISP/rommelfs-patch-4. [Sascha Rommelfangen] + + missing parts for balance corrected + +* Bumped version. [Sascha Rommelfangen] + +* Missing parts for balance corrected. [Sascha Rommelfangen] + +* Merge pull request #188 from rommelfs/master. [Alexandre Dulaunoy] + + btc wallet and transaction object templates + +* Merge pull request #1 from rommelfs/rommelfs-patch-1. [Sascha Rommelfangen] + + removed unneeded characters + +* Removed unneeded characters. [Sascha Rommelfangen] + +* Merge commit 'ad1300767f7b7757867a8c01ffb4c7d6fa308540' [Sascha Rommelfangen] + +* Add: btc wallet and transaction object templates. [Sascha Rommelfangen] + +* Merge pull request #187 from chrisr3d/master. [Alexandre Dulaunoy] + + User account object + +* Add: [ip-port] Added ip-dst as one of the required attributes. [chrisr3d] + +* Add: [ip-port] Added ip-dst attribute eeeeeeeeeeeeeeeeeeeeeee. [chrisr3d] + + - Users can then choose between "ip" when they do + not know whever it is a source or destination IP + address, or "ip-src" & "ip-dst" to have more + clarity about the IP address + +* Merge pull request #185 from ater49/master. [Alexandre Dulaunoy] + + Adding IIN and bank_name in objects + +* Adding IIN and bank_name. [ater49] + +* Merge pull request #2 from MISP/master. [ater49] + + update + +* Add: [ssh-authorized-keys] object to add elements from SSH authorized keys (and do correlation for fun-and-profit(tm)) [Alexandre Dulaunoy] + +* Merge pull request #181 from ater49/master. [Alexandre Dulaunoy] + + Adding registration-date in domain-ip + +* Correcting "_" to "-" in fields name. [ater49] + +* Adding registration-date to domain-ip. [ater49] + +* Merge pull request #1 from MISP/master. [ater49] + + merge + +* Merge pull request #179 from mtday/fix-empty-misp-attribute. [Alexandre Dulaunoy] + + Attribute Fixes + +* Update the misp-attribute to specify a valid value instead of an empty string. [mday] + +* Merge pull request #178 from mtday/fix-missing-required-attribute. [Alexandre Dulaunoy] + + Fix Missing Required Attributes + +* Update the definition files of various object types so that the `required` and `requiredOneOf` lists no longer specify attributes that do not exist in the objects. [mday] + +* Add: [irc] IRC object to describe an IRC server with associated IRC channels. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Merge pull request #177 from haxpak/haxpak/update-device. [Andras Iklody] + + Haxpak/update device + +* Changed device type drop down from category to sane_default. [haxpak] + +* Merge pull request #174 from haxpak/haxpak/relationship-executes. [Andras Iklody] + + Haxpak/relationship executes + +* [added] relationship 'executes' : Describes a an object that executes another object. [haxpak] + +* Added relationship "executes" [haxpak] + +* Merge pull request #173 from haxpak/master. [Andras Iklody] + + added option "Further Analysis Required" to attribute stage of object course-of-action + +* Added option "Further Analysis Required" to attribute stage. [haxpak] + +* Merge pull request #172 from haxpak/haxpak/#24. [Andras Iklody] + + updated device object + +* Merge branch 'master' into haxpak/#24. [Andras Iklody] + +* Merge pull request #170 from haxpak/haxpak-objects. [Andras Iklody] + + Haxpak objects + +* Meta category for organization changed back to misc since schema_objects.json does not recognize organization as a meta category. [haxpak] + +* Corrected typo. [haxpak] + +* Added meta category organization. [haxpak] + +* Modified: relationships/definition.json. [haxpak] + +* Modified: objects/device/definition.json modified: objects/phishing-kit/definition.json. [haxpak] + +* Added MAC address to device meta category of organization changed to organization meta category of person object changed to organization new object phishing-kit. [haxpak] + +* Merge pull request #166 from haxpak/haxpak-objects. [Alexandre Dulaunoy] + + Added new objects + +* Changed organization meta category to misc. [haxpak] + +* Merge pull request #163 from haxpak/master. [Alexandre Dulaunoy] + + add : relationship "creates" + +* Added attribute DNS name to device object changed MAC address misp attribute to mac-address. [haxpak] + +* Added OS, version, dns-name attribute to device changed misp-attribute of mac-address from text to mac-address. [haxpak] + +* Reverted device to misc category. [haxpak] + +* Added requiredOneOf to device definition. [haxpak] + +* Fixed typos and ran jq_all_things. [haxpak] + +* - added : attachment attribute to annotation - added : new object type device. [haxpak] + +* Added : meta_category "organization" #162. [haxpak] + +* Modified : person object "changed UI priority of the attributes" modified : report object "added attachment to report" [haxpak] + +* New-object : Organization "Defines an organization" [haxpak] + +* Add : relationship "creates" [haxpak] + +* Add: [tor-hiddenservice] a simple object template to describe Tor Onion Service. [Alexandre Dulaunoy] + +* Merge pull request #161 from geekscrapy/geekscrapy-patch-1. [Alexandre Dulaunoy] + + Username is often utilised alongside a credential + +* Username is often utilised alongside a credential. [molley] + + Username can often identify malicious behavior, and is usually part of the credential tuple - it can also be used to highlight common user accounts without password/api key + +* Merge pull request #159 from geekscrapy/patch-1. [Alexandre Dulaunoy] + + Added current-directory to required field + +* Added current-directory to required field. [molley] + + This field will often indicate where a malicious binary is started from, therefore a good candidate for solo use + +* Merge pull request #158 from geekscrapy/patch-2. [Alexandre Dulaunoy] + + Added issuer as one of the required fields + +* Added issuer as one of the required fields. [molley] + + This is often a field used on it's own to identify a malicious cert + +* Add: New relationship "retrieved-from" [chrisr3d] + +* Merge pull request #155 from Delta-Sierra/master. [Alexandre Dulaunoy] + + remove accent from ilr objects + +* Merge pull request #154 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ilr-notification-incident object + +* Merge pull request #153 from Delta-Sierra/master. [Alexandre Dulaunoy] + + fix ilr-impact attributes names + +* Merge pull request #152 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ilr-impact object + +* Add injects-into and injected-into relationships. [Deborah Servili] + +* Remove accent from ilr objects - bis. [Deborah Servili] + +* Remove accent from ilrobjects. [Deborah Servili] + +* Add ilr-notification-incident object. [Deborah Servili] + +* Fix lr-impact attributes names. [Deborah Servili] + +* Disable correlations on ilr-impact attributes. [Deborah Servili] + +* Add ilr-impact object. [Deborah Servili] + +* Merge pull request #151 from MISP/rommelfs-patch-3. [Alexandre Dulaunoy] + + corrected order + +* Corrected order. [Sascha Rommelfangen] + +* Merge pull request #148 from marcnil815/master. [Alexandre Dulaunoy] + + Create splunk object definition.json + +* Jq'ed definition.json. [marcnil815] + +* Create splunk object definition.json. [marcnil815] + + Adding misp-object for basic splunk search/correlation search values. + +* Merge pull request #147 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Person object - Add a (or several) role to a person + +* Person object - Add a (several) role to a person. [Deborah Servili] + +* Merge pull request #144 from MISP/rommelfs-patch-1. [Alexandre Dulaunoy] + + added hostname attribute to the phishing object + +* Added hostname attribute to the phishing object. [Sascha Rommelfangen] + +* Merge pull request #143 from rommelfs/master. [Alexandre Dulaunoy] + + added values valuable to operators + +* Added values valuable to operators. [Sascha Rommelfangen] + +* Update definition.json. [Andras Iklody] + +* Add: [anonymisation] Anonymisation object describing an anonymisation technique which is used in MISP anonymised attributes. [Alexandre Dulaunoy] + +* Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy] + + fix jq_all_the_things script + +* Fix jq_all_the_things script. [Deborah Servili] + +* Merge pull request #140 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add interpol notice object + +* Merge https://github.com/MISP/misp-objects. [Deborah Servili] + +* Merge pull request #139 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Person object - add alias as a requiredOneof attribute + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Fix required field for interpol notice. [Deborah Servili] + +* Add interpol notice object. [Deborah Servili] + +* Update person object version. [Deborah Servili] + +* Add alias as a requiredOneof attribute. [Deborah Servili] + +* Merge pull request #138 from cvandeplas/master. [Alexandre Dulaunoy] + + chg: [http-request] IP as allowed type + +* Merge pull request #137 from StefanKelm/master. [Alexandre Dulaunoy] + + New object: Information related to known scanning activity (e.g. from research projects) + +* New object: Information related to known scanning activity (e.g. from research projects) [Stefan Kelm] + +* Merge pull request #136 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the … + +* Updated JA3 to have own data type ja3-fingerprint-md5 and bumped the version. [eCrimeLabs] + +* Merge pull request #135 from cvandeplas/master. [Christophe Vandeplas] + + fix: [relationships] removed duplicate + +* Add: [facial-composite] new facial composite object. [Alexandre Dulaunoy] + +* Merge pull request #134 from Delta-Sierra/master. [Alexandre Dulaunoy] + + Object Victim - Extended requiredOneof + +* Object Victim - Extended requiredOneof. [Deborah Servili] + +* Merge pull request #130 from deralexxx/patch-2. [Raphaël Vinot] + + new misp object for a timesketch message + +* New misp object for a timesketch message. [Alexander J] + + to be able to push timesketch messages (timesketch.org) to a misp event it is handy to have a specific type of object for it. + +* Add: [cortex] new object based on a discussion with Jerome L. from TheHive (thanks to SNCF) [Alexandre Dulaunoy] + +* Merge pull request #129 from tk-hendrik/cortex-taxonomy-obj. [Alexandre Dulaunoy] + + Added cortex taxonomy object definition + +* Added cortex taxonomy object definition. [Hendrik] + +* Merge pull request #127 from thomaspatzke/process-extension. [Alexandre Dulaunoy] + + Extension of process object + +* Extension of process object. [Thomas Patzke] + +* Merge pull request #126 from thomaspatzke/paste-fix. [Alexandre Dulaunoy] + + Fixed misp-attribute in link attribute of paste object + +* Fixed misp-attribute in link attribute of paste object. [Thomas Patzke] + +* Merge pull request #125 from SteveClement/master. [Alexandre Dulaunoy] + + chg: [definition] Extended crypto coin for enrichment module + +* Typo fixed. [Alexandre Dulaunoy] + +* Fix typo. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #123 from neok0/sandbox-file-attribute. [Alexandre Dulaunoy] + + added sandbox-file type as attribute for storing e.g. sandbox results… + +* Fix failing check via running .jq_all_the_things.sh. [Tobias Mainka] + +* Added sandbox-file type as attribute for storing e.g. sandbox results file in sandbox-report object. [Tobias Mainka] + +* Merge pull request #122 from neok0/master. [Alexandre Dulaunoy] + + enable multiple summary attribute in report object + +* Enable multiple summary attribute in report object. [Tobias Mainka] + +* Merge branch 'master' of https://github.com/Aks6193/misp-objects. [Alexandre Dulaunoy] + +* Add: Web artefacts objects. [aksha] + +* Add: python-etvx object. [aksha] + +* Add: Regripper objects (System + Software Hive) [aksha] + +* Add: regripper objects for system hive. [aksha] + +* Add: Regripper 3 object templates including SAM hive and NTUSer.dat. [aksha] + +* Fix the required part of the url. [Alexandre Dulaunoy] + +* Add: [pcap-metadata] new object template for pcap file metadata (WiP) [Alexandre Dulaunoy] + +* Merge pull request #120 from MISP/alfred. [Alexandre Dulaunoy] + + new: Add Alfred relationships (CCCS) + +* Updated list of objects in README. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #117 from DigitalLeukocyte/master. [Alexandre Dulaunoy] + + Added new IP Address Object + +* Added ip-api-address object. [DigitalLeukocyte] + + Object useful for IP data from http://ip-api.com. + +* Delete IP_API_IP_Address.json. [DigitalLeukocyte] + +* Deleted IP_API single file. [DigitalLeukocyte] + +* Uploaded IP_API Object in folder. [DigitalLeukocyte] + +* Updated to match more of ip-api.com. [DigitalLeukocyte] + +* Created for data from ip-api.com. [DigitalLeukocyte] + +* Create IP_API.JSON. [DigitalLeukocyte] + +* Merge branch 'Aks6193-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/Aks6193/misp-objects into Aks6193-master. [Alexandre Dulaunoy] + +* Add: Misp object for Mactime-timeline-analysis. [aksha] + +* Merge pull request #115 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add docs - time related objects + +* Add docs - time related objects. [Deborah Servili] + +* Merge pull request #114 from StefanKelm/master. [Alexandre Dulaunoy] + + BGP hijack + +* Bgp-hijack. [Stefan Kelm] + +* Bgp-hijack. [Stefan Kelm] + +* Bgp-hijack. [Stefan Kelm] + +* Merge pull request #113 from Terrtia/master. [Alexandre Dulaunoy] + + fix: [ail-leak] disable correlation + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects into chrisr3d_patch. [chrisr3d] + +* Jq all the things (tm) [Alexandre Dulaunoy] + +* Merge pull request #112 from Aks6193/master. [Alexandre Dulaunoy] + + Forensic-evidence + +* Update: Forensic-evidence object. [aksha] + +* Fixed intendation. [aksha] + +* Add: Object template for digital evidence. [aksha] + +* Merge pull request #1 from MISP/master. [Aks6193] + + chg: [forensic-case] object added based on the original one from @Aks… + +* Add: Misp object for Digital Forensic - Case metadata. [aksha] + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Added "signed-by" relationship fix #87. [Alexandre Dulaunoy] + +* Merge pull request #111 from Delta-Sierra/master. [Alexandre Dulaunoy] + + fix requiredOneOf lists regarding non-existing attributes + +* Fix file object version. [Deborah Servili] + +* Fix RequiredOneOf list in fle object. [Deborah Servili] + +* Url is not a field of email object, then not one of the requiredOneOf. [Deborah Servili] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Allow multiple "pattern-in-file" in file object, fixes #109. [Andras Iklody] + +* Add: Updated relationships list with Cybox relationships best practices. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #105 from chrisr3d/master. [Alexandre Dulaunoy] + + Added some relations used on stix1 files + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Add: Added some relations seen on stix. [chrisr3d] + +* Add: missing timesketch-timeline object template. [Alexandre Dulaunoy] + +* Merge pull request #104 from ahuan-gdms/master. [Alexandre Dulaunoy] + + adding STIX AIS Information source Object + +* STIX AIS Information source. [AH] + +* Merge pull request #103 from Terrtia/master. [Alexandre Dulaunoy] + + modify ail-leak object for the tagging system + +* Modify ail-leak object for the tagging system. [Thirion Aurélien] + +* Merge pull request #100 from cocaman/master. [Alexandre Dulaunoy] + + New misp-object for a shortened URL and the redirect URL + +* Renamed url attributed, versioning date based. [Corsin Camichel] + +* Updated definition, removed some attributes. [Corsin Camichel] + +* Shortened link and its redirect target. [Corsin Camichel] + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Add: Timecode object to describe a start of video sequence (e.g. CCTV evidence) and the end of the video sequence. [Alexandre Dulaunoy] + +* Attribute typo. [chrisr3d] + +* Add: Added protocol attribute in the network socket object. [chrisr3d] + +* Add: Added hostname (src & dst) attributes. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Fixed link. [chrisr3d] + +* Network socket connection template object added. [Alexandre Dulaunoy] + +* Missing objects added. [Alexandre Dulaunoy] + +* Merge pull request #98 from yodresh/patch-2. [Alexandre Dulaunoy] + + Update definition.json + +* Update definition.json. [Alexandre De Oliveira] + + To avoid having multiple object for each similar attacks coming from the same source, we allow multiple attack source in the same attack. + +* First version of process object. [chrisr3d] + + - Potentially more attributes to come + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Added definition. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Add: Context where the YARA rule can be applied. [Alexandre Dulaunoy] + +* Add: new timestamp object. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Merge pull request #97 from StefanKelm/master. [Alexandre Dulaunoy] + +* Update definition.json. [StefanKelm] + +* Allow multiple domains and/or IP addresses per object. [StefanKelm] + +* Network connection object. [chrisr3d] + +* Add: Added 2 relationships seen on stix. [chrisr3d] + +* Merge pull request #96 from ater49/master. [Raphaël Vinot] + + Adding comment fields in VT report objects + +* Adding ui-priority fields. [ater49] + +* Correction for multiple parameter. [ater49] + +* Modifying version number. [ater49] + +* Dding comment fields in VT report objects. [ater49] + +* Merge pull request #94 from Delta-Sierra/master. [Deborah Servili] + + regexp object - disable correlation on type + +* Regexp object - change version. [Deborah Servili] + +* Regexp object - disable correlation on type. [Deborah Servili] + +* Merge pull request #93 from chrisr3d/master. [Andras Iklody] + + Course of Action object + +* Add: Course of action description added in readme. [chrisr3d] + +* Course of Action object. [chrisr3d] + +* Merge pull request #92 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Added target-system + +* Moved object into internal. [Dennis Rand] + +* Added target-system as object. [Dennis Rand] + +* Merge pull request #3 from MISP/master. [eCrimeLabs] + + Update + +* Merge pull request #2 from MISP/master. [eCrimeLabs] + + Updated from master + +* Add: Suricata template object added. [Alexandre Dulaunoy] + +* Add: Suricata object added with context. [Alexandre Dulaunoy] + +* Fail2ban and yara object template added in list. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Version fixed for X509 object. [Alexandre Dulaunoy] + +* Merge pull request #86 from Sh3idan/master. [Alexandre Dulaunoy] + + x509-add-required-one-of-serial-number + +* X509-add-required-one-of-serial-number. [Sheidan] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Add: new yara object added with a version number. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Jq all. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Add: Connected_To (old STIX 1.1 relationship) [Alexandre Dulaunoy] + +* Merge pull request #1 from MISP/master. [eCrimeLabs] + + fix: some parts of the URL can be repeated such as resource path, anc… + +* Merge pull request #85 from mokaddem/master. [Alexandre Dulaunoy] + + typo: passsword -> password + +* Typo: passsword -> password. [Sami Mokaddem] + +* Add: Cowrie object template added. [Alexandre Dulaunoy] + +* Add: Cowrie honeypot object template. [Alexandre Dulaunoy] + +* Merge branch 'zoomequipd-patch-1' [Alexandre Dulaunoy] + +* Correct rbn --> rtn. [zoomequipd] + +* Add aba-rtn to bank-account object. [zoomequipd] + +* Merge pull request #82 from chrisr3d/master. [Alexandre Dulaunoy] + + Fixed somme bank-account fields + +* Merge pull request #81 from chrisr3d/master. [Alexandre Dulaunoy] + + Fixed the bank-account meta-category + +* Fixed the bank-account meta-category. [chrisr3d] + + ... which is actually "financial" + +* Merge pull request #80 from chrisr3d/transaction_test. [Alexandre Dulaunoy] + + Attributes describing "t_to" and "t_from" fields of a transaction + +* Added default values of funds code. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-objects into transaction_test. [chrisr3d] + +* Merge pull request #79 from chrisr3d/master. [Alexandre Dulaunoy] + + Added optional attributes for a transaction + +* Added attributes to describe some origin and target fields of a transaction. [chrisr3d] + +* Added attributes for the teller and the authorizer of a transaction. [chrisr3d] + +* Changed http request object template. [Andras Iklody] + + require either uri or url, http method is no longer required. + +* Add: Common Alerting Protocol Version (CAP) object templates. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #78 from chrisr3d/master. [Alexandre Dulaunoy] + + Transaction Object definition and readme file updated + +* Updated description and readme. [chrisr3d] + +* Add: Common Alerting Protocol Version (CAP) resource object. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Merge pull request #76 from chrisr3d/master. [Alexandre Dulaunoy] + + Transaction object, first version + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Transaction object. [chrisr3d] + +* Add: Common Alerting Protocol Version (CAP) info object. [Alexandre Dulaunoy] + +* Common Alerting Protocol Version (CAP) alert object. [Alexandre Dulaunoy] + +* Merge pull request #75 from chrisr3d/master. [Alexandre Dulaunoy] + + legal-entity object + +* Fixed disable_correlation variable type. [chrisr3d] + +* Typo. [chrisr3d] + +* Added additional attributes. [chrisr3d] + +* Updated readme. [chrisr3d] + +* Merge branch 'master' of github.com:MISP/misp-objects. [chrisr3d] + +* Merge pull request #74 from chrisr3d/master. [Alexandre Dulaunoy] + + Updated person & geolocation objects + +* First version of the legal-entity object. [chrisr3d] + +* Description typo. [chrisr3d] + +* Merge pull request #73 from d-lord/master. [Alexandre Dulaunoy] + + Add email-body to the email object definition + +* Add email-body to the email object definition. [David Lord] + +* Add: bank-account added in the list. [Alexandre Dulaunoy] + +* Add: an object describing bank account information based on account description from goAML 4.0. [Alexandre Dulaunoy] + + A generic bank account partially based on the goAML 4.0 standard. + The bank account alone can convey information regarding the type + of transactions seen or suspected which allow to use the object alone + without the need to describe the full list of transactions. + + Additional objects could be created like report, transactions and like + to fully support AML. + + The existing person in MISP objects was previously updated to include + the field missing from AML. + + A potential evolution is based on the transaction status which can + be described as a simple relationship between MISP objects like: + + Bought, Sold, Let, Hired, Exchanged, Donated, Destroyed and Other + +* Merge branch 'LDO-CERT-master' [Raphaël Vinot] + +* Sandbox-signature. [garanews] + + Added object sb-signature + +* Add: Object to describe mutual exclusion locks (mutex) as seen in memory or computer program. [Alexandre Dulaunoy] + +* Remove registry hive because registry-key is enough. [Alexandre Dulaunoy] + +* Add: registry-hive object describing a Windows registry hive including key, subkey and value (and associated data if any) [Alexandre Dulaunoy] + +* Merge pull request #68 from yodresh/patch-1. [Alexandre Dulaunoy] + + Update SS7-attack definition.json + +* Update definition.json. [Alexandre De Oliveira] + + Adding the multiple possibility for SMSC GT to cover SMS Spaming case. Also text field for multiple details if needed. + Adding "MapSmsText" attribute to help matching malicious URL, keywords or MSISDN inside SMS. + +* Merge pull request #66 from c-goes/sandbox_report_object. [Alexandre Dulaunoy] + + added sandbox-report object + +* Added sandbox-report object. [c-goes] + +* Add: An annotation object allowing analysts to add annotations, comments, executive summary to a MISP event, objects or attributes. [Alexandre Dulaunoy] + +* Add: ss7-attack object for the attack against GSM/UMTS networks seen in SS7 logging. [Alexandre Dulaunoy] + +* Add: Diameter attack object targeting GSM, UMTS and 4G networks. [Alexandre Dulaunoy] + +* Add: first version of a MISP object to describe GTP attack on GSM/UTMS/3G network. [Alexandre Dulaunoy] + +* Add: new relationship "drops" - This relationship describes an object which drops another object. [Alexandre Dulaunoy] + +* Add: new stix2-pattern object to include STIX 2 patterning. [Alexandre Dulaunoy] + +* Merge pull request #61 from cvandeplas/master. [Alexandre Dulaunoy] + + whois - adds nameserver attributes + +* Whois - adds nameserver attributes. [Christophe Vandeplas] + + adding nameserver attributes as a whois response contains those + +* Jq all the things! [Alexandre Dulaunoy] + +* Merge pull request #41 from truckydev/patch-1. [Alexandre Dulaunoy] + + regex addon + +* Regex addon. [truckydev] + + Add field to specify which type correspond to this regex. + +* Merge pull request #58 from c-goes/master. [Alexandre Dulaunoy] + + disable correlation for last-seen/first-seen/text + +* Disable correlation for last-seen/first-seen/text. [c-goes] + +* Android-permission and coin-address added. [Alexandre Dulaunoy] + +* Merge pull request #57 from c-goes/coin-address. [Alexandre Dulaunoy] + + Coin address object + +* Added coin-address object(2) [c-goes] + +* Added coin-address object. [c-goes] + +* Never trust standards using Google docs to store list of machine parsable information. [Alexandre Dulaunoy] + + Another good reason, why all open vocabularies in OASIS should be + in parsable and validated JSON files. And not *bloody* list of words + in a Google doc. + +* State of the file is no more correlated - and default state value is Malicious. [Alexandre Dulaunoy] + +* Merge pull request #56 from c-goes/victim_wip. [Alexandre Dulaunoy] + + Victim object extended, attributes changed + +* Victim object: changed attributes, added object relations(2) [c-goes] + +* Victim object: changed attributes, added object relations. [c-goes] + +* Disable correlation on classification on the victim object. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Add: x509-fingerprint-sha1 added to file object description (e.g signed APK but not PE) [Alexandre Dulaunoy] + +* Registar->registrar. [Alexandre Dulaunoy] + +* Add: first version of an android permission(s) object. [Alexandre Dulaunoy] + +* Merge pull request #54 from Delta-Sierra/master. [Alexandre Dulaunoy] + + ddos v5 - add destination domain attribute + +* Ddos v5 - add destination domain attribute. [Deborah Servili] + +* Merge pull request #53 from c-goes/filenames_multiple. [Alexandre Dulaunoy] + + allow multiple filenames for file + +* Allow multiple filenames. [c-goes] + +* Raw data is now an attachment. [Alexandre Dulaunoy] + +* Being lax on origin to avoid rebuilding url path for unknown services. [Alexandre Dulaunoy] + +* AIL leak template updated to include duplicate of leaks. [Alexandre Dulaunoy] + +* Add: "followed-by" - "preceding-by" added as relationship type when the time is not known. [Alexandre Dulaunoy] + +* Asn added in the default objects. [Alexandre Dulaunoy] + +* Added: Autonomous system object describing an autonomous system which can include one or more network operators management an entity (e.g. ISP) along with their routing policy, routing prefixes o r alike. [Alexandre Dulaunoy] + + Fix #50 + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Merge pull request #49 from c-goes/master. [Alexandre Dulaunoy] + + Added file attribute screenshot to email object + +* Added file attribute screenshot to email object. [c-goes] + +* Merge pull request #48 from Delta-Sierra/master. [Andras Iklody] + + allow multiple ips in domain|ip object + +* Allow multiple ips in domain|ip object. [Deborah Servili] + +* Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update ail-leak object + +* Update ail-leak object. [Deborah Servili] + +* Description clarified. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* New objects added. [Alexandre Dulaunoy] + +* Add: credential object (fix #44) [Alexandre Dulaunoy] + +* Merge pull request #43 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cert eu relationships + +* Add cert eu relationships. [Deborah Servili] + +* Merge pull request #42 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cert-eu relationships + +* Replace space by dash in names. [Deborah Servili] + +* Add cert-eu relationships. [Deborah Servili] + +* Remove the executable flag from the json files. [Raphaël Vinot] + +* Add report object. [Raphaël Vinot] + +* Merge pull request #40 from CenturyLinkCIRT/master. [Raphaël Vinot] + + Disabled correlation for software name in av-signature + +* Fixed av-signature merge conflicts with upstream. [Thomas Gardner] + +* Fix the file object. [Alexandre Dulaunoy] + +* State added to file like signed, harmless... [Alexandre Dulaunoy] + +* Jq all the things. [Raphaël Vinot] + +* Merge pull request #39 from CenturyLinkCIRT/master. [Raphaël Vinot] + + added av-signature and virustotal-report + +* Disabled AV software correlation and re-ran jq-all-the-things. [Thomas Gardner] + +* Added av-signature and virustotal-report. [Thomas Gardner] + +* Merge pull request #34 from MISP/fix-31-2. [Alexandre Dulaunoy] + + Fix object name + +* Fix object name. [Raphaël Vinot] + + Related to: https://github.com/MISP/misp-objects/issues/31 + +* Merge pull request #33 from MISP/fix-31-1. [Alexandre Dulaunoy] + + Fix object name. + +* Fix object name. [Raphaël Vinot] + + Related to: https://github.com/MISP/misp-objects/issues/31 + +* Fix typo in the field. [Alexandre Dulaunoy] + +* Some updates including description of fields. [Alexandre Dulaunoy] + +* First version of Netflow object based on proposal from @JanKoDFNCERT. [Alexandre Dulaunoy] + + Open questions: + + - What is a minimal Netflow records? I relax a bit the required fields. + - How does this work with IPFIX (and variable templates)? + - How should we express the TCP flags expressed? (S/SA/SAF) + +* Add: RTIR - Request Tracker for Incident Response added in index. [Alexandre Dulaunoy] + +* Add: RTIR object added (as requested by CSP - Cyber Security Core Service Platform) [Alexandre Dulaunoy] + +* Merge branch 'ater49-patch-4' [Alexandre Dulaunoy] + +* Use url attribute type for link inside a post. [Alexandre Dulaunoy] + +* Merge branch 'patch-4' of https://github.com/ater49/misp-objects into ater49-patch-4. [Alexandre Dulaunoy] + +* Update definition.json. [ater49] + + Link attribute added in case of url present into the post. + + Multiple set to true for "username-quoted" + +* Merge pull request #29 from ater49/patch-2. [Alexandre Dulaunoy] + + New attribute: title + +* New attributes: title. [ater49] + + In case of paste or post has a title. + + Ghostbin.com origin added + +* Paste added. [Alexandre Dulaunoy] + +* Add: Paste or similar post from a website allowing to share privately or publicly posts. [Alexandre Dulaunoy] + +* Microblog object added. [Alexandre Dulaunoy] + +* Merge pull request #28 from deralexxx/patch-1. [Alexandre Dulaunoy] + + mention uuid + +* Mention uuid. [Alexander J] + + How to create a uuid and also mention the UUID in the example. + + https://twitter.com/alexanderjaeger/status/913505371817435138 + +* Merge branch 'ater49-patch-1' [Alexandre Dulaunoy] + +* Jq all and fix the space ;-) [Alexandre Dulaunoy] + +* Attributes username-quoted added. [ater49] + + Added Attributes: "username-quoted" + Added types: LinkedIn, Reddit, Google+, Instagram + +* Add: Microblog post object like a Twitter tweet or a post on a Facebook wall. [Alexandre Dulaunoy] + +* Carbon copy field added. [Alexandre Dulaunoy] + +* Documentation links added. [Alexandre Dulaunoy] + +* Return-path added in email object. [Alexandre Dulaunoy] + +* Fixed the release version. [Alexandre Dulaunoy] + +* Sane_default added in the documentation. [Alexandre Dulaunoy] + +* Victim object added to the list. [Alexandre Dulaunoy] + +* Victim object added mainly based on the STIX 2.0 victim proposal. [Alexandre Dulaunoy] + +* Ja3 and person added in the list. [Alexandre Dulaunoy] + +* First version of the ja3 object based on the proposal from @delbs. [Alexandre Dulaunoy] + +* Fixing typo in the credit-card object. [Alexandre Dulaunoy] + +* 2.4.80 released. [Alexandre Dulaunoy] + +* Whois template fixed. [Alexandre Dulaunoy] + +* Fix #22. [Alexandre Dulaunoy] + +* Values_list added in the documentation. [Alexandre Dulaunoy] + +* An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression. [Alexandre Dulaunoy] + +* Add: first version of a person object (partially based on the PNR types) [Alexandre Dulaunoy] + +* Link fixed. [Alexandre Dulaunoy] + +* Url fixed. [Alexandre Dulaunoy] + +* Add: first version of the credit-card object. [Alexandre Dulaunoy] + +* Port type instead of text. [Alexandre Dulaunoy] + +* Disable some correlations. [Raphaël Vinot] + +* Be consistent and use hyphen everywhere (not more underscore). [Alexandre Dulaunoy] + + Thanks to Terry MacDonald + +* Feedback from David added (two new relationships - triggers and detected_as) [Alexandre Dulaunoy] + +* Updated following Andras feedback. [Alexandre Dulaunoy] + +* Yabin updated following Andras feedback. [Alexandre Dulaunoy] + +* First version of a yabin object. [Alexandre Dulaunoy] + +* Relationships added to the documentation export. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Add descriptions in all the objects. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* First version of a documentation generator tool. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Phone object added. [Alexandre Dulaunoy] + +* Remove pipe from PE object def. [Raphaël Vinot] + +* Update definitions of binaries. [Raphaël Vinot] + +* Allow multiple entries of type flag in the ELFSection object. [Raphaël Vinot] + +* Phone defintion fixed. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* First version of a mobile phone object. [Alexandre Dulaunoy] + +* Calls relationship type added. [Alexandre Dulaunoy] + +* Mach object file format added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* New relationship types added. [Alexandre Dulaunoy] + +* Some more relationship type. [Alexandre Dulaunoy] + +* Update ELF definitions, add MachO. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Relationships types added + target MISP version. [Alexandre Dulaunoy] + +* Often used relationships added used for malware analysis. [Alexandre Dulaunoy] + +* Keep it consistent. [Alexandre Dulaunoy] + +* Add mimetype to file object template. [Raphaël Vinot] + +* Add schema for relationships. [Raphaël Vinot] + +* Make relationship type more generic. [Alexandre Dulaunoy] + + Make the relationship types more generic especially to avoid issue + with community-designed standards that might change later the types, + broke compatibility or decide to change their mind due to some + proprietary vendors trying to lock-in the users. + +* First version of the types of relationships for MISP objects. [Alexandre Dulaunoy] + + Relationship type can be from existing STIX 2.0 ones, MISP + relationships or other proposed by the community. Please be + careful that a relationship type can influence the ability + of export of MISP events if the type is not supported by + the target format. + +* Version updated. [Alexandre Dulaunoy] + +* Merge pull request #18 from truckydev/truckydev_2357. [Alexandre Dulaunoy] + + add X509-fingerprint + +* Add X509-fingerprint. [truckydev] + + https://github.com/MISP/MISP/pull/2357 + +* Merge pull request #17 from CenturyLinkCIRT/master. [Alexandre Dulaunoy] + + added http-request object + +* Added http-request object. [Thomas Gardner] + +* A cookie object has been added. [Alexandre Dulaunoy] + + An HTTP cookie (web cookie, browser cookie) is a small piece of data + that a server sends to the user's web browser. The object includes + type which can help to describe the malicious use-case of the cookie. + +* Typo fixed in key-size - Thanks to @StefanKelm. [Alexandre Dulaunoy] + +* Update required entries for PE objects. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Improved Tor node object to include support of the new Tor monitoring. [Alexandre Dulaunoy] + +* Template definitions are not always distributed along with the objects. [Alexandre Dulaunoy] + +* Add a comment field. [Alexandre Dulaunoy] + +* Tor node object template which are part of the Tor network at a time. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority. [Alexandre Dulaunoy] + +* Ui-priority updated. [Alexandre Dulaunoy] + +* Ui-frequency updated. [Alexandre Dulaunoy] + +* Ui-frequency is the one! [Alexandre Dulaunoy] + +* Ui-priority is now the King! [Alexandre Dulaunoy] + +* Ui-priority is now the new frequency. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency updated. [Alexandre Dulaunoy] + +* Misp-usage-frequency. [Alexandre Dulaunoy] + +* Misp-usage-frequency -> ui-priority. [Alexandre Dulaunoy] + +* Fix #14. [Alexandre Dulaunoy] + +* Merge pull request #15 from MISP/ddos-port-fix. [Alexandre Dulaunoy] + + Changed DDOS port attributes to port type + +* Changed DDOS port attributes to port type. [Andras Iklody] + +* Update versions. [Raphaël Vinot] + +* Enforce meta-category. [Raphaël Vinot] + +* Now meta category for ail to misc. [Alexandre Dulaunoy] + +* The list of default meta-category: file, network, financial, misc, internal has been updated. [Alexandre Dulaunoy] + +* Geolocation object added. [Alexandre Dulaunoy] + +* Jq of geolocation object. [Alexandre Dulaunoy] + +* Geolocation - an object to describe a geographic location. [Alexandre Dulaunoy] + +* Ail-leak, elf, self-section and r2graphity added to the list of MISP objects. [Alexandre Dulaunoy] + +* Jq of ail-leak. [Alexandre Dulaunoy] + +* Information leak object as defined by the AIL Analysis Information Leak framework. [Alexandre Dulaunoy] + +* Update required fields on PE object. [Raphaël Vinot] + +* Update attributes os r2graphity object. [Raphaël Vinot] + +* Updade r2graphity definition. [Raphaël Vinot] + +* Add initial version of the r2graphity object. [Raphaël Vinot] + +* Remove duplicate entries in file object. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Jq all. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Alexandre Dulaunoy] + +* Disable_correlation added. [Alexandre Dulaunoy] + +* Add and enforce UUID in the object definitions. [Raphaël Vinot] + +* Add malware-sample to file object. [Raphaël Vinot] + +* Merge pull request #10 from sebdraven/master. [Raphaël Vinot] + + add impfuzzy + +* Correct travis. [Sébastien Larinier] + +* Add impfuzzy. [Sébastien Larinier] + +* Disable_correlation added. [Alexandre Dulaunoy] + +* Update PE object. [Raphaël Vinot] + +* Merge pull request #9 from sebdraven/master. [Raphaël Vinot] + + add information in elf and elf sections + +* Correct travis failed. [Sébastien Larinier] + +* Add type of sections. [Sébastien Larinier] + +* Add attributes. [Sébastien Larinier] + +* Delete attribute. [Sébastien Larinier] + +* Merge pull request #8 from sebdraven/master. [Raphaël Vinot] + + add elf,elf-section and number of sections in a pe, and move pehash in pe object + +* Add elf,elf-section and number of sections in a pe, and move pehash in pe. [Sébastien Larinier] + +* Merge pull request #7 from sebdraven/master. [Alexandre Dulaunoy] + + add characteristics and ssdeep to pe-sections + +* Correct bug on characteristics. [Sébastien Larinier] + +* Correct bug. [Sébastien Larinier] + +* Correct bug. [Sébastien Larinier] + +* Add characteristics and ssdeep to pe-sections. [Sébastien Larinier] + +* Add disable_correlation. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Add sane_default to the schema. [Alexandre Dulaunoy] + +* JQifized. [Alexandre Dulaunoy] + +* Url object added. [Alexandre Dulaunoy] + +* Url object JQified. [Alexandre Dulaunoy] + +* Url object describes an url along with its normalized field (e.g. using faup parsing library) and its metadata. [Alexandre Dulaunoy] + +* PE section added. [Alexandre Dulaunoy] + +* Update file/PE objects. [Raphaël Vinot] + + * Add sane defaults + * Disable correlation when it doesn't make sense + +* Merge branch 'master' of github.com:MISP/misp-objects. [Raphaël Vinot] + +* Portable Executable format added. [Alexandre Dulaunoy] + +* Update file and pe, add pe-section. [Raphaël Vinot] + +* Add PE object. [Raphaël Vinot] + +* Update schema. [Raphaël Vinot] + +* Jq all the things. [Alexandre Dulaunoy] + +* Required_value for protocol added. [Alexandre Dulaunoy] + +* Required_value and sane_default description added. [Alexandre Dulaunoy] + +* DDoS object added. [Alexandre Dulaunoy] + +* First proposal of a DDoS object in MISP. [Alexandre Dulaunoy] + +* Add forgotten dep for travis. [Raphaël Vinot] + +* JQ all the things. [Raphaël Vinot] + +* Add testing, update travis. [Raphaël Vinot] + +* Registry-key and email objects added. [Alexandre Dulaunoy] + +* Merge pull request #1 from mike1703/master. [Alexandre Dulaunoy] + + email object added + +* Registry key object added. [Michael Kerscher] + +* Email object added. [Michael Kerscher] + +* Merge pull request #2 from MISP/Rafiot-patch-1. [Alexandre Dulaunoy] + + Update definition.json + +* Update definition.json. [Raphaël Vinot] + +* Passive dns link fixed. [Alexandre Dulaunoy] + +* Clarification regarding the multiple field as discussed with @igloska as used in the vulnerability object. [Alexandre Dulaunoy] + +* First version of the vulnerability object (basic CVE support) [Alexandre Dulaunoy] + +* Fix json files (file and whois) [Raphaël Vinot] + +* Add Travis file (validate json files) [Raphaël Vinot] + +* Raw-base64 attribute added. [Alexandre Dulaunoy] + +* X509 object added. [Alexandre Dulaunoy] + +* Ip-port added. [Alexandre Dulaunoy] + +* Ip-port added. [Alexandre Dulaunoy] + + An IP address and a port seen as a tuple (or as a triple) in a specific + time frame. + +* Passive DNS record added as misp-object. [Alexandre Dulaunoy] + +* Passive DNS object added. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Definition and some clarification. [Alexandre Dulaunoy] + +* Optional text attributes added. [Alexandre Dulaunoy] + +* Pattern-in-file added. [Alexandre Dulaunoy] + +* File object added. [Alexandre Dulaunoy] + +* First version of the file object. [Alexandre Dulaunoy] + +* Whois object added + requireOneOf added. [Alexandre Dulaunoy] + +* Whois object added. [Alexandre Dulaunoy] + +* Misp-attribute is more logical. [Alexandre Dulaunoy] + +* Updates on the attributes format. [Alexandre Dulaunoy] + +* Some updates. [Alexandre Dulaunoy] + +* Simple README added. [Alexandre Dulaunoy] + +* Everything is meta... [Alexandre Dulaunoy] + +* Adding a category field to classify the object (e.g. quick filter) [Alexandre Dulaunoy] + +* Updated version based on feedback from Andras. [Alexandre Dulaunoy] + +* Proposal updated based on feedback from Andras. [Alexandre Dulaunoy] + +* A first experimental description of a MISP combined object. [Alexandre Dulaunoy] + + diff --git a/Changelog-misp-taxonomies.txt b/Changelog-misp-taxonomies.txt new file mode 100644 index 0000000..b29c5ed --- /dev/null +++ b/Changelog-misp-taxonomies.txt @@ -0,0 +1,2474 @@ +# Changelog + + +## v2.4.151 (2021-11-19) + +### New + +* [interactive-cyber-training-training-setup] added missing taxonomies. [Alexandre Dulaunoy] + +* [interactive-cyber-training-environment] added missing taxo. [Alexandre Dulaunoy] + +* [manifest] updated. [Alexandre Dulaunoy] + +### Changes + +* [fr-classif] updated following changes from July 2021 with 2 new levels. [Alexandre Dulaunoy] + + Thanks to ANSSI-FR for the contribution + +* [exercise] Locked Shields 2022 added as exercise. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [interactive-cyber] remove unused directory. [Alexandre Dulaunoy] + +* [clean] remove unused directory. [Alexandre Dulaunoy] + +* [interactive-cyber-training-*] jq all the things. [Alexandre Dulaunoy] + +* [dark-web] ransomware group. [Terrtia] + +### Fix + +* [typo] fixed. [Alexandre Dulaunoy] + +* Reorganize order taxonomies. [Raphaël Vinot] + +### Other + +* Merge pull request #217 from lcpdn/patch-1. [Alexandre Dulaunoy] + + Correction de "Non classifiée" vers "Non protégé" + +* Correction de "Non classifiée" vers "Non protégé" [lcpdn] + + L'IGI1300 décrit 2 niveaux de classification : Secret et Très Secret. Les informations ainsi protégées sont dites classifiées. L'IGI1300 (§1.3.2) précise également qu'il existe une mention de protection dite "Diffusion Restreinte" pour des informations non classifiées. Or, les informations non classifiées et non protégées par la mention Diffusion Restreinte sont dites "Non protégées". + +* Delete interactive-cyber-training-environment directory. [Alexandre Dulaunoy] + + Fix + +* Mv: [training-training-env] updated. [Alexandre Dulaunoy] + +* Merge pull request #215 from Delta-Sierra/master. [Alexandre Dulaunoy] + + New taxonomies based on Cyber Taxi + +* CyberTaxi update. [Delta-Sierra] + +* Add new taxonomies based on Cyber Taxi. [Delta-Sierra] + +* Merge pull request #214 from wagner-certat/update-rsit. [Alexandre Dulaunoy] + + update RSIT to version 1003 + +* Update RSIT to version 1003. [Sebastian Wagner] + + v1.3 was released in May: https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/releases/tag/v1.3 + including the version tag fix + (https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/pull/109) + +* Merge pull request #213 from Terrtia/main. [Alexandre Dulaunoy] + + [dark-web] Add ransomware group + + +## v2.4.147 (2021-07-27) + +### Other + +* Merge pull request #212 from R1ch01d/patch-1. [Alexandre Dulaunoy] + + Typo fix in Confidence levels + +* Typo fix in Confidence levels. [01d$] + + +## v2.4.145 (2021-06-28) + +### Changes + +* [phishing] BEC typo fixed. [Alexandre Dulaunoy] + +* [doc] README updated. [Alexandre Dulaunoy] + +* [thales group] fix #209. [Alexandre Dulaunoy] + +* [thales] exportable removed. [Alexandre Dulaunoy] + +* [thales] fix the unknown field "exportable" in the taxonomy. [Alexandre Dulaunoy] + +* [thales] taxonomy updated. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #211 from eli-cyb/patch-1. [Alexandre Dulaunoy] + + Update machinetag.json + +* Update machinetag.json. [eli-cyb] + + Added the value "business email compromise" as part of the distribution predicate. + Previously not included in as an available tag. + +* Merge pull request #207 from Felix83000/main. [Alexandre Dulaunoy] + + Thales Group taxonomy to contribute for the official MISP taxonomy repository + +* Update README.md. [Félix Herrenschmidt] + +* Update README.md. [Félix Herrenschmidt] + + Init description. + +* Create machinetag.json. [Félix Herrenschmidt] + + Init Thales Group taxonomy. + + +## v2.4.144 (2021-06-07) + +### New + +* [misp] event-type added to have a generic way to label an event. [Alexandre Dulaunoy] + +* [cycat] Taxonomy used by cycat (Universal Cybersecurity Catalogue) to categorize namespace available in their cybersecurity catalogue. (DRAFT version) [Alexandre Dulaunoy] + +* GH workflow. [Raphaël Vinot] + +* [misinformation-website-labels] first proposal. [Cookie] + +* [extended-event] first proposal. [Cookie] + +* [taxonomy] Pandemic and covid-19 type tracking. [Christophe Vandeplas] + +* [taxonomy] new current-events taxonomy covering covid-19. [Christophe Vandeplas] + +* [taxonomy] add new "DFRLab Dichotomies of Disinformation" taxonomy courtesy the Atlantic Council DFRLab. [VVX7] + +* [failure-mode-in-machine-learning] new taxonomy for Failure Modes in Machine Learning. [Alexandre Dulaunoy] + + Ref: + https://docs.microsoft.com/en-us/security/failure-modes-in-machine-learning + +* Added Manifest and Markdown generators. [mokaddem] + +* [ics] FIRST.ORG CTI SIG - MISP Proposal for ICS/OT Threat Attribution (IOC) Project (WiP) [Alexandre Dulaunoy] + +* [phishing] Taxonomy to classify phishing attacks including techniques, collection mechanisms and analysis status. [Alexandre Dulaunoy] + +* Scripps CO2 taxonomies. [Raphaël Vinot] + +* Flags used by scrippsco2. [Raphaël Vinot] + +* Add mwdb taxonomy. [Raphaël Vinot] + +* [csirt-americas] taxonomy updated. [Alexandre Dulaunoy] + +* [threats-to-dns] New taxonomy threats to DNS. [Alexandre Dulaunoy] + + An overview of some of the known attacks related to DNS as described by Torabi, S., Boukhtouta, A., Assi, C., & Debbabi, M. (2018) in Detecting Internet Abuse by Analyzing + Passive DNS Traffic: A Survey of Implemented Systems. IEEE Communications Surveys & Tutorials, 1–1. doi:10.1109/comst.2018.2849614 + + As seen during FIRSTCON19 + +* [flesch-reading-ease] Flesch Reading Ease is a revised system for determining the comprehension difficulty of written material. The scoring of the flesh score can have a maximum of 121.22 and there is no limit on how low a score can be (negative score are valid). [Alexandre Dulaunoy] + +* [information-security-data-source] add new taxonomy. [Alexandre Dulaunoy] + +* [information-security-data-source] Taxonomy to classify the information security data sources (WiP) [Alexandre Dulaunoy] + +* [cyber-exercise] Cyber exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise. [Alexandre Dulaunoy] + +* Added gsma-fraud taxonomy. [iglocska] + +* [gsma-attack-category] first version of Taxonomy used by GSMA for their information sharing program with telco describing the attack categories. [Alexandre Dulaunoy] + +* Add all other relevant taxonomies. [Raphaël Vinot] + +* CCCS taxonomies, first batch. [Raphaël Vinot] + +* [rsit] Reference Security Incident Classification Taxonomy added. [Alexandre Dulaunoy] + + thanks to ENISA @amicaross @aaronkaplan + +* False positive taxonomy. [Raphaël Vinot] + +* A taxonomy (infoleak) describing information leaks and especially information classified as being potentially leaked. [Alexandre Dulaunoy] + +* Incident-disposition taxonomy added. [Alexandre Dulaunoy] + +* Added basic binary file taxonomy. Fixes #59. [Hannah Ward] + +### Changes + +* [domain-abuse] include registry and registrar incident. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [course-of-action] typo fixed. [Alexandre Dulaunoy] + +* [threatmap] namespace is lower space. [Alexandre Dulaunoy] + +* [MANIFEST] fixed. [Alexandre Dulaunoy] + +* [ioc] typo fixed in predicate. [Alexandre Dulaunoy] + +* [README] list updated. [Alexandre Dulaunoy] + +* [circl] updated the original proposal + ransomware added + classification proposal removed (should be in a different taxonomy) [Alexandre Dulaunoy] + +* [cti/ioc] jq and MANIFEST updated. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [vmray] jq the JSON file. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [summary] updated. [Alexandre Dulaunoy] + +* [adversary] C2 type added. [Alexandre Dulaunoy] + +* [ransomware] academic reference added. [Alexandre Dulaunoy] + +* [manifest] updated. [Alexandre Dulaunoy] + +* [manifest] updated. [Alexandre Dulaunoy] + +* [cycat] updated. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [copyright] we are in 2021. [Alexandre Dulaunoy] + +* [adversary] sinkholed action added. [Alexandre Dulaunoy] + +* [doc] Travis is dead, GH Action is alive! [Alexandre Dulaunoy] + +* Add PR to GH actions. [Raphaël Vinot] + +* Master -> main everywhere. [Raphaël Vinot] + +* [threat-match] fixed all the namespaces. [Alexandre Dulaunoy] + +* [MANIFEST] regenerated. [Alexandre Dulaunoy] + +* [threatmatch*] jq all the things. [Alexandre Dulaunoy] + +* [information-website-label] fixed. [Alexandre Dulaunoy] + +* [misinformation-website-label] version is an integer. [Alexandre Dulaunoy] + +* [misinformation-website-label] updated. [Alexandre Dulaunoy] + +* [manifest] updated. [Alexandre Dulaunoy] + +* [misinformation-website-labels] updated. [Alexandre Dulaunoy] + +* [extended-event] description typo fixed. [Alexandre Dulaunoy] + +* [extended-event] updated to please our strict rules. [Alexandre Dulaunoy] + +* [exercise] a new generic predicate added for comcheck without name. [Alexandre Dulaunoy] + +* [pandemic] geostrategy added. [Alexandre Dulaunoy] + +* [pandemic] Disinfrmation added. [Andras Iklody] + +* [phishing] JSON fixed. [Alexandre Dulaunoy] + +* [pandemic] events and pandemic namespace added. [Alexandre Dulaunoy] + +* [circl] covid-19 topic added. [Alexandre Dulaunoy] + +* Update travis file. [Raphaël Vinot] + +* Fix travis. [Raphaël Vinot] + +* [travis] pytaxonomies fixed. [Alexandre Dulaunoy] + +* Fix directory name. [Raphaël Vinot] + +* [travis] temp fix before pytaxonomies is fixed. [Alexandre Dulaunoy] + +* [travis] default to pip3. [Alexandre Dulaunoy] + +* [MANIFEST] fixed. [Alexandre Dulaunoy] + +* [DFRLab] fix namespace to match default directory. [Alexandre Dulaunoy] + +* [MANIFEST] for new: [taxonomy] add "DFRLab Dichotomies of Disinformation" #177. [Alexandre Dulaunoy] + +* [travis] Python 3.8 test added - removed the nightly build (3.9 is heavily broken) [Alexandre Dulaunoy] + +* [doc] summary updated. [Alexandre Dulaunoy] + +* [iep2] MANIFEST updated, set version value to string (all are strings in taxonomies) [Alexandre Dulaunoy] + + Notes: $text feature is something not implemented currently in MISP (IEP is the only taxonomy having variable + values). Maybe having a set of police like SPDX license module would help to have more generic agreement. + +* [exercise] Cyber Coalition 2019 and more added. [Christophe Vandeplas] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [tools] a quick-and-dirty script to dump missing expanded fields. [Alexandre Dulaunoy] + +* [mwdb] added missing expanded predicate values. [Alexandre Dulaunoy] + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [misp] ids predicate added following discussion in a MISP user-group. [Alexandre Dulaunoy] + + A new predicate has been added to potentially influence IDS flag at + event or attribute level. This is often a desired option to overwrite + existing IDS flag set by the event creator by a local preference. + + - `misp:ids="true"` -> set the IDS flag + - `misp:ids="force"` -> force the use of the ids predicate (over the IDS flag set) + - `misp:ids="false"` -> unset the IDS flag + + This predicates is not currently used in MISP directly but must be + used for external tools using it. Those tags can be set at local or + global level depending of the use-case. + +* [MANIFEST] updated. [Alexandre Dulaunoy] + +* [exercise] LS20 added. [Alexandre Dulaunoy] + +* [false-positive] missing expanded. [Alexandre Dulaunoy] + +* [cssa] version updated. [Alexandre Dulaunoy] + +* [IOT] Data Sharing Level is now exclusive. [Alexandre Dulaunoy] + +* [IoT] put the exclusive flag on the "Data Sharing Level" [Alexandre Dulaunoy] + +* [doc] copyright statement updated. [Alexandre Dulaunoy] + +* [doc] summary added. [Alexandre Dulaunoy] + +* [doc] Summary file removed. [Alexandre Dulaunoy] + +* [MANIFEST] newline is the king of the castle. [Alexandre Dulaunoy] + +* [tool] sort before output. [mokaddem] + +* [tools] utf-8 by default. [Alexandre Dulaunoy] + +* [MANIFEST] update. [Alexandre Dulaunoy] + +* [economical-impact] No need to bump version twice. [mokaddem] + +* [numerical_value] Incremented version of taxonomies having num_val. [mokaddem] + +* [exclusive] Set `exclusive` meta for relevant taxonomies. [mokaddem] + +* [infoleak] add public-key. [Terrtia] + +* [coa] typo fixed for deceive. [Alexandre Dulaunoy] + +* [MANIFEST] jq all the things. [Alexandre Dulaunoy] + +* [MANIFEST] updated to the latest version. [Alexandre Dulaunoy] + +* [expiration] 10 years expiration. [Alexandre Dulaunoy] + +* [infoleak] Added IP address tag value. [mokaddem] + +* Reorder predicates in ICS. [Raphaël Vinot] + +* [MANIFEST] updated to the latest version. [Alexandre Dulaunoy] + +* [false-positive] confirmed predicate added. [Alexandre Dulaunoy] + +* [collaborative-intelligence] request malware config added. [Alexandre Dulaunoy] + + Following feedback during a workshop session at a bank. + +* [ics] remove duplicate value entries. [Alexandre Dulaunoy] + +* [ics] references added. [Alexandre Dulaunoy] + +* [ics] OT IR Security Issues added. [Alexandre Dulaunoy] + +* [ics] more data transmission protocols. [Alexandre Dulaunoy] + +* [ics] OT IR Communication Interface added. [Alexandre Dulaunoy] + +* [false-positive] reorder the logic behind the numerical_value (to be consistent with the decaying model) [Alexandre Dulaunoy] + +* [MANIFEST] updated targeted-threat-index. [Alexandre Dulaunoy] + +* [targeted-threat-index] set MISP numerical_value range. [Alexandre Dulaunoy] + + TODO: Improve taxonomy format to add original_numerical_value to get the + original value of the taxonomy author + +* [ics] new RTOS added. [Alexandre Dulaunoy] + +* [MANIFEST] phishing taxonomy updated. [Alexandre Dulaunoy] + +* [phishing] Fix #157. [Alexandre Dulaunoy] + +* [phishing] add principles of persuasions - based on: - Cialdini's principal of influence, - Graggs's psychological triggers, - Stajano's principles of scams, - see associated paper: Ferreira & al. DOI: 10.1007/978-3-319-20376-8_4. [Jean-Louis Huynen] + +* [phishing] various updates and clarification. [Alexandre Dulaunoy] + + - psychological-acceptability predicate added to define the social acceptance of a phishing attack + - report-type and report-origin replaced ambiguous type/report + - distribution predicate added to move distribution out of techniques + + Thanks to Bertrand Lathoud and Sascha Rommelfangen for the feedback :sparkles: + +* Numerical values added. [Alexandre Dulaunoy] + +* [analyst-assessment] numerical_value fixed to match new model. [Alexandre Dulaunoy] + +* [copine] numerical values added. [Alexandre Dulaunoy] + +* [phishing] fix the missing expanded. [Alexandre Dulaunoy] + +* [phishing] dispute resolution added. [Alexandre Dulaunoy] + +* [MANIFEST] phishing taxonomy added. [Alexandre Dulaunoy] + +* Bump Manifest. [Raphaël Vinot] + +* [workflow] updated to the new OSINT acquisition process. [Alexandre Dulaunoy] + +* Minor text changes. [itAtcsirtamericasDotOrg] + +* [remove] old directory. [Alexandre Dulaunoy] + +* [csirt-americas] updated directory. [Alexandre Dulaunoy] + +* [CSIRTamericas] updated. [Alexandre Dulaunoy] + +* [all] Sami request to have "numerical values" for the decaying indicators project. [Alexandre Dulaunoy] + +* [misp-taxonomies] make numerical values consistent based on Sami feedback. [Alexandre Dulaunoy] + +* [maec-malware-capabilities] typo fixed - #149 fixed. [Alexandre Dulaunoy] + +* [dark-web] taxonomy version updated. [Alexandre Dulaunoy] + +* [darkweb] version updated. [Alexandre Dulaunoy] + +* [darkweb] updated to the latest version. [Alexandre Dulaunoy] + +* [dark-web] json fixed. [Alexandre Dulaunoy] + +* [retention] hide_tag removed to validate current schema. [Alexandre Dulaunoy] + + Maybe we could improve the format to include it by default to + taxonomy format to trigger the MISP hide tag functionality directly. + + {'value': 'expired', 'expanded': 'Set when the retention period has expired', 'numerical_value': 0, 'hide_tag': True}: Additional properties are not allowed ('hide_tag' was unexpected) + +* [MANIFEST] retention taxonomy added. [Alexandre Dulaunoy] + +* [ransomware] jq all the things. [Alexandre Dulaunoy] + +* [infoleak] add pgp-public-key-block, pgp-signature. [Terrtia] + +* [rsit] updated to the latest version. [Alexandre Dulaunoy] + +* [mapping] updated to the latest version. [Alexandre Dulaunoy] + +* [circl] sextortion added - #133 fixed. [Alexandre Dulaunoy] + +* [misp] misp2yara related tags added. [Alexandre Dulaunoy] + +* [ransomware] spaces removed. [Alexandre Dulaunoy] + +* [MANIFEST] ransonware added in the manifest. [Alexandre Dulaunoy] + +* [MANIFEST] fix the EUCI description. [Alexandre Dulaunoy] + +* [common-taxonomy] version fixed. [Alexandre Dulaunoy] + +* [MANIFEST] common-taxonomy added. [Alexandre Dulaunoy] + +* [dcso-sharing] fix the namespace name. [Alexandre Dulaunoy] + +* [dcso-sharing] jq all the things. [Alexandre Dulaunoy] + +* [dcso-sharing] fixing the path. [Alexandre Dulaunoy] + +* [MANIFEST] updated to the latest version. [Alexandre Dulaunoy] + +* [exercise] locked shields 2019 added. [Alexandre Dulaunoy] + +* [MANIFEST] updated for the exercise taxonomy. [Alexandre Dulaunoy] + +* [exercise] Cyber SOPEx added. [Alexandre Dulaunoy] + +* [MANIFEST] fixed. [Alexandre Dulaunoy] + +* [cryptocurrency-threat] fixing small typo. [Alexandre Dulaunoy] + +* [tools] replace function fixed. [Alexandre Dulaunoy] + +* [tools] quick-and-dirty tools to generate markdown list of taxonomies for misp-project.org. [Alexandre Dulaunoy] + +* [passivetotal] typo fixed. [Alexandre Dulaunoy] + +* [information-security-data-source] updated to the latest version. [Alexandre Dulaunoy] + +* [information-security-data-source] more predicates (WiP) [Alexandre Dulaunoy] + +* [information-security-data-source] more predicates described (WiP) [Alexandre Dulaunoy] + +* [information-security-data-source] originality added (WiP) [Alexandre Dulaunoy] + +* [information-security-data-source] descriptions added for type of information (WiP) [Alexandre Dulaunoy] + +* [economical-scale] updated to the latest version. [Alexandre Dulaunoy] + +* [economical-impact] scale of loss/gain increased as million and billion gain/lost are reported. [Alexandre Dulaunoy] + +* Update MANIFEST file. [Raphaël Vinot] + +* [licensing] 2-clause BSD added in addition to CC0. [Alexandre Dulaunoy] + + To remove ambiguity of licensing and allowing users to select + the license they would like to use CC0 or 2-clause BSD. + + Fix #126 + +* [MANIFEST] updated descriptions. [Alexandre Dulaunoy] + +* [description] fixed. [Alexandre Dulaunoy] + +* [description] fixed. [Alexandre Dulaunoy] + +* Description improved of the accessnow and action-taken taxonomies. [Alexandre Dulaunoy] + +* [accessnow] improved the description. [Alexandre Dulaunoy] + +* [osint] new collection methods added (manual) to cover such as open directory or publicly accessible evidences. [Alexandre Dulaunoy] + +* [exercise] EU-NATO PACE exercise added. [Alexandre Dulaunoy] + +* [exercise] NATO exercise added. [Alexandre Dulaunoy] + +* Cyber-exercise is now less cyber cyber cyber. [Alexandre Dulaunoy] + +* [MANIFEST] Cyber exercise is a taxonomy to describe if the information is part of one or more cyber or crisis exercise added. [Alexandre Dulaunoy] + +* [event-classification] event-classification renamed + description updated. [Alexandre Dulaunoy] + +* [MANIFEST] updated with gsma-network-technology. [Alexandre Dulaunoy] + +* [gsma-network-technology] first version (still a WiP) Taxonomy used by GSMA for their information sharing program with telco describing the types of infrastructure. WiP. [Alexandre Dulaunoy] + +* [workflow] add a review for privacy. [Alexandre Dulaunoy] + +* [workflow] draft state added and release-requested as todo added to fix #122. [Alexandre Dulaunoy] + +* [ifx-vetting] add expanded values to IFX vetting. [Alexandre Dulaunoy] + +* [admiralty-scale] description has been included based on below ref. [Alexandre Dulaunoy] + + ref: https://fas.org/irp/doddir/army/fm2-22-3.pdf + +* [admiralty-scale] deliberately deceptive added. [Alexandre Dulaunoy] + + Issue to solve: + + ref. Scientific Methods of Inquiry of Intelligence Analysis added + additional code and there is an inconsistency in the values. Other + docs to be checked for colliding values required. + +* [admiralty-scale] when information or source cannot be judged - the numerical scale should be 50% as the information is considered as an average estimated trust. [Alexandre Dulaunoy] + + source: Scientific Methods of Inquiry of Intelligence Analysis + +* [manifest] updated to the latest revision. [Alexandre Dulaunoy] + +* [honeypot-basic] medium interaction added (based on various papers definition from EURECOM to Georg Wicherski paper) [Alexandre Dulaunoy] + +* [honeypot-basic] extended with adaptive interaction level. [Alexandre Dulaunoy] + + ref: http://www.ecmlpkdd2018.org/wp-content/uploads/2018/09/262.pdf + +* [monarc-threat] taxonomy added. [Alexandre Dulaunoy] + +* [monarc] change the namespace to monarc-threat (more to come) [Alexandre Dulaunoy] + +* [honeypot-simple] updated to the new version. [Alexandre Dulaunoy] + +* [honeypot-basic] updated to include no-interactive honeypot + network capture as data collection. [Alexandre Dulaunoy] + +* Link to PyTaxonomies library added. [Alexandre Dulaunoy] + +* [event-assessment] fixing typographic error. [Alexandre Dulaunoy] + +* Fix the name of the taxonomy. [Alexandre Dulaunoy] + +* Ifx-vetting added. [Alexandre Dulaunoy] + +* Jq all the things(tm) [Alexandre Dulaunoy] + +* [infoleak] add iban. [Terrtia] + +* [infoleak] add binary and hexadecimal. [Terrtia] + +* [nis] NIS taxonomy added to the Manifest. [Alexandre Dulaunoy] + +* Reorder predicates in smart-airports-threats. [Raphaël Vinot] + +* [smart-airport-threats] finalised based on WP2016-1.1 doc. [Alexandre Dulaunoy] + +* [smart-airports-threats] some more malicious actions. [Alexandre Dulaunoy] + +* [smart-airport-threats] third-party-failures added. [Alexandre Dulaunoy] + +* [smart-airport-threats] natural and social phenomena added. [Alexandre Dulaunoy] + +* [smart-airports-threats] system failures predicate added. [Alexandre Dulaunoy] + +* Saner veris taxonomy generation. [Raphaël Vinot] + +* VERIS taxonomy updated to the latest version. [Alexandre Dulaunoy] + +* Change predicate order to make PyTaxonomies happy. [Raphaël Vinot] + +* Added binary-class to README. [Hannah Ward] + +### Fix + +* [threatmatch] predicate typos fixed. [Alexandre Dulaunoy] + +* [threatmatch] typo fixed in predicate value. [Alexandre Dulaunoy] + +* [threatmatch] various fixes. [Alexandre Dulaunoy] + +* [tools] website and README list generator are now the same. [Alexandre Dulaunoy] + +* [doc] README cleanup and lists updated with the new format. [Alexandre Dulaunoy] + +* Update URL in MANIFEST. [Raphaël Vinot] + +* Incorrect merge. [Raphaël Vinot] + +* Reorder predicates. [Raphaël Vinot] + +* Reorder predicates, make pytaxonomies happy. [Raphaël Vinot] + +* [tool] newline. [Alexandre Dulaunoy] + +* [tool] Write in utf8. [mokaddem] + +* Broken json. [Raphaël Vinot] + +* Missing patenthesis. [Raphaël Vinot] + +* Typo in rsit, predicates order in misp. [Raphaël Vinot] + +* Typo in last commit. [Raphaël Vinot] + +* Bad filename for the drugs taxonomy. [Raphaël Vinot] + +* Wrong namespace. [Raphaël Vinot] + +* Reorder predicates. [Raphaël Vinot] + +* Remove extra comma. [Raphaël Vinot] + +* Reorder exercise taxonomy. [Raphaël Vinot] + +* Typo, empty entries. [Raphaël Vinot] + +* Force non-empty strings and arrays. [Raphaël Vinot] + +* [gsma-attack-category] added in the manifest. [Alexandre Dulaunoy] + +* Remove empty expanded field. [Raphaël Vinot] + + Fix #117 + +* [infoleak] typo. [Terrtia] + +* Duplicate fixed. [iglocska] + +* Duplicate removed. [Alexandre Dulaunoy] + +* Remove duplicate. [Alexandre Dulaunoy] + +* MAEC namespace added. [Alexandre Dulaunoy] + +* Make namespace consistent for MAEC. [Alexandre Dulaunoy] + +* Ensure javascript is valid. [Alexandre Dulaunoy] + +* Remove the incorrect namespace. [Alexandre Dulaunoy] + +* Reorder infoleak predicates. [Raphaël Vinot] + +* MANIFEST updated. [Alexandre Dulaunoy] + +* A typo to include numerical_value in the asciidoctor output. [Alexandre Dulaunoy] + +* Add cryptojacking as proposed in #90 - CIRCL will do the update on their side too. [Alexandre Dulaunoy] + +* Description are top-level of the namespace is different than description at lower levels. [Alexandre Dulaunoy] + +* Version missing added in cyber-threat-framework. [Alexandre Dulaunoy] + +* Order of predicate (misp). [Raphaël Vinot] + +* Typos in predicate names (CERT-XLM & pentest). [Raphaël Vinot] + +* Misp tool added (misp2stix) to be used as label. [Alexandre Dulaunoy] + +* Exclusive flag added in documentation generation. [Alexandre Dulaunoy] + +* Clarification of the certainty entry based on feedback from an analyst. [Alexandre Dulaunoy] + + The probability is now set in the expanded value. The percentage has been removed + to avoid confusion. + +* Structure of the document + CEF dedication. [Alexandre Dulaunoy] + +* Typo fixed in JSON. [Alexandre Dulaunoy] + +* JSON schema fixed to have a colour at entry level. [Alexandre Dulaunoy] + +* Table of content level reduced for asciidoctor output. [Alexandre Dulaunoy] + +* Typo in readme. [Hannah Ward] + +### Other + +* Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of https://github.com/paulingega-sa/misp-taxonomies into paulingega-sa-main. [Alexandre Dulaunoy] + +* Update machinetag.json. [paulingega-sa] + +* Update threatmatch taxonomies into a single taxonomy. [paulingega-sa] + +* Merge branch 'vxsh4d0w-patch-3' into main. [Alexandre Dulaunoy] + +* Merge branch 'patch-3' of https://github.com/vxsh4d0w/misp-taxonomies into vxsh4d0w-patch-3. [Alexandre Dulaunoy] + +* Update machinetag.json. [V] + +* Incident classification updates. [V] + + This proposal involves new incident categories and adds a section related information classification. + +* Merge branch 'ghost-main' into main. [Alexandre Dulaunoy] + +* Creation of CTI taxonomy. [Carlos Borges] + + The CTI taxonomy follows a standard process/cycle. + This classification helps teams to control the workflow of their activities + +* Creation of IOC taxonomy. [Carlos Borges] + + The IOC taxonomy was created to address automation needs. + As we share IoC's, some of them are not malicious in nature, but it's presence can point to something malicious happening. + For automation purposes, the use of data classification helps when you need to block something or not. + +* Merge branch 'kuselfu-main' into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of https://github.com/kuselfu/misp-taxonomies into kuselfu-main. [Alexandre Dulaunoy] + +* Add VMRay taxonomies. [Jens Thom] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy] + +* Merge pull request #204 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update ransomware taxonomy + +* Update ransomware taxonomy. [Delta-Sierra] + +* Merge pull request #202 from JakubOnderka/patch-1. [Alexandre Dulaunoy] + + rsit: Update to version 1002 + +* Rsit: Update to version 1002. [Jakub Onderka] + + Latest version from https://github.com/enisaeu/Reference-Security-Incident-Taxonomy-Task-Force/blob/master/working_copy/machinev1 + +* Merge pull request #201 from CyCat-project/main. [Alexandre Dulaunoy] + + Updates from Freddy + +* Update machinetag.json. [Freddy Dezeure] + +* Update machinetag.json. [Freddy Dezeure] + +* Merge pull request #200 from CyCat-project/main. [Alexandre Dulaunoy] + + Policy added + +* Policy added. [Alexandre Dulaunoy] + +* Merge pull request #198 from CyCat-project/main. [Alexandre Dulaunoy] + + Better wording + +* Better wording. [Saad Kadhi] + +* Merge pull request #196 from CyCat-project/main. [Alexandre Dulaunoy] + + Updates + +* Update machinetag.json. [Freddy Dezeure] + +* Update machinetag.json. [Freddy Dezeure] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies into main. [Alexandre Dulaunoy] + +* Merge pull request #195 from Vasileios-Mavroeidis/patch-1. [Alexandre Dulaunoy] + + Update machinetag.json + +* Update machinetag.json. [Vasileios Mavroeidis] + + Updated Taxonomy for Sectors and Digital Services based on the EU NIS Directive. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016L1148&from=EN#ntr17-L_2016194EN.01000101-E0017 + + Removed entity types that have been misclassified as sub-sectors. If we wanted to include entity types we should have done the same for all subsectors and not selectively for the sectors that do not define subsectors. If this is something that we desire, instead of removing what I have suggested we need to include all the ones that haven't initially. + + Second, the digital service providers in the NIS Directive should not be classified as sectors but as digital services. Normally this would require a new taxonomy of three entities only. I can go both ways. + +* Merge branch 'paulingega-sa-main' into main. [Alexandre Dulaunoy] + +* Adding ThreatMatch taxonomies. [paulingega-sa] + +* Adding ThreatMatch taxonomies. [paulingega-sa] + +* Merge branch 'C00kie--master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/C00kie-/misp-taxonomies into C00kie--master. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Merge branch 'C00kie--master' [Alexandre Dulaunoy] + +* Complete version before merge. [Cookie] + +* Update to predicate. [Cookie] + +* Merge pull request #189 from stricaud/trust. [Alexandre Dulaunoy] + + Trust Taxonomy + +* After running ./jq_all_the_things.sh. [Sebastien Tricaud] + +* Adding the trust taxonomy to the MANIFEST. [Sebastien Tricaud] + +* Change the README. [Sebastien Tricaud] + +* Adding the Taxonomy for Trust. [Sebastien Tricaud] + +* Merge branch 'vxsh4d0w-patch-1' [Alexandre Dulaunoy] + +* Proposal for whaling phishing. [V] + + Suggestion for another phishing attack related directors and executive employees, usually named also as Ceo Spoofing attack. + +* Merge pull request #185 from stricaud/trust. [Alexandre Dulaunoy] + + Trust + +* After running the ./jq_all_the_things.sh. [Sebastien Tricaud] + +* Wrap all values under the value array. [Sebastien Tricaud] + +* Merge pull request #184 from stricaud/trust. [Alexandre Dulaunoy] + + Adding the Trust Taxonomy + +* Adding the expanded description. [Sebastien Tricaud] + +* Adding trust to the MANIFEST file. [Sebastien Tricaud] + +* Changes after running the tool ./jq_all_the_things.sh. [Sebastien Tricaud] + +* Adding the Trust Taxonomy. It is using the reverse approach in order to describe what is known to be good, instead of the bad stuff. [Sebastien Tricaud] + +* Merge pull request #182 from cvandeplas/master. [Alexandre Dulaunoy] + + Covid-19 tracking + +* Merge branch 'cudeso-master' [Alexandre Dulaunoy] + +* Taxonomy to describe desired actions for Cytomic Orion. [Koen Van Impe] + +* Merge branch 'VVX7-master' [Alexandre Dulaunoy] + +* Merge branch 'terrymacdonald-iep2' [Alexandre Dulaunoy] + +* Renamed iep policy reference to shorter name. [temacdonald] + +* Corrected policy statement options and iep_version. [temacdonald] + +* Initial IEP 2.0 creation commit. [temacdonald] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Merge branch 'feature-exclusive' [mokaddem] + +* Merge pull request #174 from MISP/feature-exclusive. [Alexandre Dulaunoy] + + Feature `exclusive` and `numerical_value` + +* Merge pull request #173 from wesinator/patch-1. [Alexandre Dulaunoy] + + Correct Diamond model taxonomy description + +* Correct Diamond model taxonomy description. [Ԝеѕ] + + #172 + +* Merge pull request #167 from Delta-Sierra/master. [Alexandre Dulaunoy] + + [WiP] - starting IoT taxonomy based on https://iotuk.org.uk/wp-content/upload… + +* Jq. [Deborah Servili] + +* Update MANIFEST.json. [Deborah Servili] + +* Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] + +* Merge pull request #171 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [infoleak] add public-key + +* Merge pull request #170 from Nedfire2347/master. [Deborah Servili] + + Risk Add + +* [root] + +* [root] + +* [root] + +* Merge pull request #169 from Nedfire2347/master. [Deborah Servili] + + gea-nz + +* [root] + +* [root] + +* [root] + +* [root] + +* Merge branch 'master' into master. [Nedfire23] + +* Merge branch 'yannw-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/yannw/misp-taxonomies into yannw-master. [Alexandre Dulaunoy] + +* Update MANIFEST.json. [yannw] + +* Coa taxonomie to describe aktion taken. [yannw] + +* Merge pull request #166 from yannw/patch-4. [Alexandre Dulaunoy] + + add "report" + +* Add report. [yannw] + +* Merge pull request #164 from MISP/infoleak5. [Alexandre Dulaunoy] + + chg: [infoleak] Added IP address tag value + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #161 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Course of Action + +* Added Course of Action A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability. [Dennis Rand] + +* Added Course of Action A Course Of Action analysis considers six potential courses of action for the development of a cyber security capability. [Dennis Rand] + +* Typo. [Sami Mokaddem] + +* Merge pull request #158 from gallypette/master. [Alexandre Dulaunoy] + + chg: [phishing] add principles of persuasions + +* Merge pull request #156 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + add: [tags] crypto, contreband, etc. + +* Add: [tags] crypto, contreband, etc. [Vincent-CIRCL] + +* [root] + +* [root] + +* [root] + +* [root] + +* [root] + +* [root] + +* [root] + +* [root] + +* Progress on IoT taxonomy - add description. [Deborah Servili] + +* Progress on IoT taxonomy - add description [still WiP] [Deborah Servili] + +* Progress on IoT taxonomy. [Deborah Servili] + +* Starting IoT taxonomy based on https://iotuk.org.uk/wp-content/uploads/2017/01/IOT-Taxonomy-Report.pdf. [Deborah Servili] + +* Merge pull request #155 from itATcsirtamericasDOTorg/master. [Alexandre Dulaunoy] + + chg:minor text changes + +* Merge branch 'itATcsirtamericasDOTorg-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/itATcsirtamericasDOTorg/misp-taxonomies into itATcsirtamericasDOTorg-master. [Alexandre Dulaunoy] + +* Adding first version of CSIRTAmericas.org Taxonomy. [itAtcsirtamericasDotOrg] + +* Merge pull request #153 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + add: [darkweb] ddos services, politics, whistleblower + +* Add: [darkweb] ddos services, politics, whistleblower, ... [Vincent-CIRCL] + +* Merge pull request #152 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + fix [darkweb] videos and ponies + +* Fix [darkweb] videos and ponies. [Vincent-CIRCL] + +* Merge pull request #151 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + add: [darkweb] tags for hate-speech, religious, privacypolicy + +* Add: [darkweb] tags for hate-speech, religious, privacypolicy. [Vincent-CIRCL] + +* Merge pull request #150 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + add: [darkweb] tags for mailprovider, mysterybox, vpn provider, conspirationist… + +* Add: [darkweb] tags for mailprovider, mysterybox, vpn provider, conspirationist, ... [Vincent-CIRCL] + +* Merge pull request #148 from Vincent-CIRCL/master. [Alexandre Dulaunoy] + + Scam, Software, Escrow and a few definitions + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Vincent-CIRCL] + +* Merge branch 'Vincent-CIRCL-master' [Alexandre Dulaunoy] + +* Add: [core] darkweb improvement : scame, softwares, escrow, ... [Vincent-CIRCL] + +* Add: [core] darkweb structures and fixing previous motivations and topics. [Vincent-CIRCL] + +* Add: [core] darkweb structures and fixing previous motivations and topics. [Vincent-CIRCL] + +* Merge branch 'RichieB2B-ncsc-nl/retention' [Alexandre Dulaunoy] + +* Add retention taxonomy. [Jop van der Lelie] + +* Merge branch 'bartblaze-master' [Alexandre Dulaunoy] + +* Update machinetag.json. [Bart] + + Made several edits and additions. + +* Merge pull request #144 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [infoleak] add pgp-public-key-block, pgp-signature + +* Add: [dark-web] Criminal motivation on the dark web: A categorisation model for law enforcement. [Alexandre Dulaunoy] + + Ref: + + Criminal motivation on the dark web: A categorisation model for law + enforcement + Janis Dalins, Campbell Wilson, Mark Carman + +* Merge pull request #143 from michael-hamm/master. [Alexandre Dulaunoy] + + RSIT taxonomie added + +* RSIT taxonomie added. [Michael Hamm] + +* Merge pull request #142 from SwitHak/patch-1. [Alexandre Dulaunoy] + + Update Ransomware Taxonomy + +* Update Ransomware taxonomy. [SwitHak] + + Integer value (sic) + +* Update Ransomware galaxy. [SwitHak] + + Date: 2019-04-11 + Author: SwitHak + Purpose: Add 3 meta tag to be able to give specification of extensions usage: + - ransomware-appended-extension + -> This is the extension added by the ransomware to the files. + - ransomware-encrypted-extensions", + -> This is the list of extensions that will be encrypted by the ransomware. Beware to keep the order. + - ransomware-excluded-extensions", + -> This is the list of extensions that will not be encrypted by the ransomware. Beware to keep the order. + + If I missed something, tell me through the PR or via Twitter: @SwitHak + +* Merge pull request #141 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add ransomware taxonomy [WIP] + +* Ransomware taxonomy - purpose. [Deborah Servili] + +* Ransomware taxonomy - complexity level. [Deborah Servili] + +* Ransomware taxonomy [WIP] [Deborah Servili] + +* Add complexity level [WIP - DO NOT MERGE] [Deborah Servili] + +* ##COMMA## [Deborah Servili] + +* Ransomware taxonomy : decribe some elements. [Deborah Servili] + +* Ransomware taxonomy : decribe some elements. [Deborah Servili] + +* Ransomware taxonomy : decribe some types. [Deborah Servili] + +* Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] + +* Add ransomware taxonomy WIP. [Deborah Servili] + +* Update readme. [Deborah Servili] + +* Fix space. [Deborah Servili] + +* Merge branch 'agent334-patch-1' [Alexandre Dulaunoy] + +* Common Taxonomy for LE and CSIRTs (Cybercrime) [Alvaro] + + The Common Taxonomy for Law Enforcement and The National Network of CSIRTs bridges the gap between the CSIRTs and international Law Enforcement communities by adding a legislative framework to facilitate the harmonisation of incident reporting to competent authorities, the development of useful statistics and sharing information within the entire cybercrime ecosystem. + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Merge pull request #137 from DCSO/master. [Alexandre Dulaunoy] + + DCSO Sharing Taxonomy added + +* DCSO Sharing Taxonomy added. [Mezz] + +* Add drugs taxonomy. [Raphaël Vinot] + + Initial source: https://github.com/HTasselli/taxonomy_drugs + +* Merge pull request #131 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add cryptocurrency threat taxonomy, based on CipherTrace report + +* Add cryptocurrency threat taxonomy, based on CipherTrace report. [Deborah Servili] + +* Merge pull request #130 from Delta-Sierra/master. [Alexandre Dulaunoy] + + fix jq_all_the_things script + +* Fix jq_all_the_things script. [Deborah Servili] + +* Add: [type] Taxonomy to describe different types of intelligence gathering discipline which can be described the origin of intelligence. [Alexandre Dulaunoy] + + This taxonomy has been created for various reasons: + + - For the past years, we have seen a recurring tag called "type:osint" + actively used by various sharing communities. + - The Intelligence Community is actively using the information + gathering classification. + + So we basically merged in the type namespace which has the advantage + to keep the old free tag "type:osint" valid and get a more consistent approach + for the overall classification used in information gathering in IC. + +* Merge pull request #128 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add new Taxonomy type -improvement still needed- + +* Add new Taxonomy type -improvement still needed- [Deborah Servili] + +* Add: [data-classification] Data classification for data potentially at risk of exfiltration based on table 2.1 of Solving Cyber Risk book. [Alexandre Dulaunoy] + +* Merge branch 'd3sre-master' [Raphaël Vinot] + +* Added use case applicability machinetag.json. [des] + +* Add: [tools] a simple generator for the list of taxonomies to be included in the RFC. [Alexandre Dulaunoy] + +* Merge pull request #125 from michael-hamm/master. [Alexandre Dulaunoy] + + RTIR Event Classification + +* Change from plural to singular. [Michael Hamm] + +* Move RTIR Event Classification to Generic Event Classification. [Michael Hamm] + +* Fix Mainifest. [Michael Hamm] + +* RTIR Event Classification. [Michael Hamm] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Update machinetag.json. [Andras Iklody] + +* Small change. [Andras Iklody] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [iglocska] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #124 from MISP/init_tax_cccs. [Raphaël Vinot] + + new: CCCS taxonomies, first batch + +* Merge pull request #120 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update workflow taxonomy + +* Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] + +* Merge pull request #119 from raw-data/master. [Alexandre Dulaunoy] + + [fix] trim space content of value + +* [fix] trim space content of value. [raw-data] + +* Merge pull request #118 from raw-data/master. [Alexandre Dulaunoy] + + [add] new file-type taxonomy + +* Update machinetag.json. [raw-data] + +* Update MANIFEST.json. [raw-data] + +* [fix] remove duplicated words. [raw-data] + +* [add] new file-type taxonomy + version bump. [raw-data] + +* [add] file-type taxonomy description. [raw-data] + +* [add] new file-type taxonomy. [raw-data] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #116 from Delta-Sierra/master. [Alexandre Dulaunoy] + + improve workfloy taxonomy, add not do-not-delete and add-mitre-attack… + +* Merge pull request #115 from jfrocha/patch-1. [Alexandre Dulaunoy] + + Add MONARC Taxonomy + +* Check json format. [Juan Rocha] + +* Fix Typo. [Juan Rocha] + +* MONARC Threats taxonomy. [Juan Rocha] + + Add v1.0 of MONARC threats taxonomy + +* Update workflow taxonomy. [Deborah Servili] + +* Fix typo. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Update workflow version. [Deborah Servili] + +* Improve workfloy taxonomy, add not do-not-delete and add-mitre-attack-cluster values. [Deborah Servili] + +* Merge branch 'IFX-CDC-RaphaelOtto-patch-1' [Alexandre Dulaunoy] + +* Update machinetag.json. [RaphaelOtto] + + Added description for all fields + +* Add ifx-vetting taxonomy. [RaphaelOtto] + +* Merge pull request #109 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [infoleak] add iban + +* Merge pull request #108 from ibakatsis/patch-1. [Alexandre Dulaunoy] + + Update README.md + +* Update README.md. [ibakatsis] + +* Merge pull request #107 from Terrtia/master. [Alexandre Dulaunoy] + + chg: [infoleak] add binary and hexadecimal + +* Merge branch 'feature/nis' [iglocska] + +* Rework of the NIS taxonomy. [iglocska] + +* Added first version of nis taxonomies. [iglocska] + +* Rsit should be lower-case. [Alexandre Dulaunoy] + +* Manifest fixed with proper name. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #105 from Terrtia/master. [Alexandre Dulaunoy] + + infoleak, add type of submission, output format and test predicates + +* Infoleak, add type of submission, output format and test predicates. [Terrtia] + +* Add: [WiP] Threat taxonomy in the scope of securing smart airports by ENISA. [Alexandre Dulaunoy] + +* Merge branch 'makflwana-master' [Alexandre Dulaunoy] + +* Updated MAEC 5.0 malware capabilties. [makflwana] + +* MAEC 5.0 Malware obfuscation methods. [makflwana] + +* MAEC 5.0 Malware Delivery Vectors. [makflwana] + +* MAEC 5.0 Malware capabilties. [makflwana] + +* MAEC 5.0 Malware behavior. [makflwana] + +* Merge pull request #102 from Terrtia/master. [Alexandre Dulaunoy] + + fix typo + +* Fix typo. [Terrtia] + +* Typo fixed. [Alexandre Dulaunoy] + +* Add: The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. [Alexandre Dulaunoy] + +* Add: The COPINE Scale is a rating system created in Ireland and used in the United Kingdom to categorise the severity of images of child sex abuse. [Alexandre Dulaunoy] + +* Merge pull request #101 from Terrtia/master. [Alexandre Dulaunoy] + + infoleak taxonomy, add ail tags + +* Infoleak taxonomy, add ail tags. [Terrtia] + +* Merge pull request #100 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add new incident-classification tags in circl taxonomy + +* Add new incident-classification tags in circl taxonomy. [Deborah Servili] + +* Add: A taxonomy describing information leaks and especially information classified as being potentially leaked. [Alexandre Dulaunoy] + +* List of taxonomies updated. [Alexandre Dulaunoy] + +* MANIFEST file updated for fpf and gdpr taxonomy. [Alexandre Dulaunoy] + +* Merge pull request #97 from circlsupportuser/master. [Alexandre Dulaunoy] + + Add two taxonomies related to data protection, specifically in the scope of GDPR + +* Add taxonomy to classify the degree of identifiability of personal data. [circlsupportuser] + +* Add taxonomy to classify special categories of personal data as defined in the GDPR. [circlsupportuser] + +* Add: Economical impact is a taxonomy to describe the financial impact as positive or negative gain to the tagged information. [Alexandre Dulaunoy] + +* Version updated. [Alexandre Dulaunoy] + +* Add: Expressing Confidence In Analytic Judgments. [Alexandre Dulaunoy] + +* Add: Expressing Confidence In Analytic Judgments added in estimative language namespace. [Alexandre Dulaunoy] + + source of the document (page 114): http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_0.pdf + +* Merge pull request #94 from Delta-Sierra/master. [Alexandre Dulaunoy] + + rename workflow tag - disambiguation between create and add MISP galax… + +* Rename workflow tag - disambiguation between creat and add MISP galaxy cluster. [Deborah Servili] + +* Add: EU-NIS Sector and Subectors. [Alexandre Dulaunoy] + +* Remove file instead of directory. [Alexandre Dulaunoy] + +* Merge pull request #93 from F3N0B1/patch-1. [Alexandre Dulaunoy] + + eu-nis-sector-and-subsectors + +* Create eu-nis-sector-and-subsectors. [F3N0B1] + + Taxonomy created that includes the sectors and sub sectors according to the NIS Directive. + Adding the sub sectors allows creation of using more detailed tags. + Content is strictly based on the directive requirements. + +* Add: priority-level added in MANIFEST. [Alexandre Dulaunoy] + + After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System. + +* Add: new priority-level taxonomy based on NCCIC Cyber Incident Scoring System. [Alexandre Dulaunoy] + +* Add: add missing galaxy in the case we need a large group of classification. [Alexandre Dulaunoy] + +* Cyber Threat Framework added in README. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #88 from yannw/patch-3. [Alexandre Dulaunoy] + + Update machinetag.json + +* Update machinetag.json. [yannw] + + added "please analyse sample" tag + +* Add: cyber-threat-framework taxonomy added. [Alexandre Dulaunoy] + + Cyber Threat Framework was developed by the US Government to enable consistent characterization and categorization of cyber threat events, and to identify trends or changes in the activities of + cyber adversaries. + +* Merge pull request #85 from gianninou/master. [Alexandre Dulaunoy] + + add pentext taxonomy + +* Add references for pentest taxonomy. [Valentin Giannini] + +* Update namespace pentest. [Valentin Giannini] + +* Add pentext taxonomy. [Valentin Giannini] + +* Add: incident-disposition taxonomy. [Alexandre Dulaunoy] + +* Merge pull request #83 from gianninou/master. [Alexandre Dulaunoy] + + Add CERT-XLM taxonomie + +* Add CERT-XLM on MANIFEST.json. [Valentin Giannini] + +* Update CERT-XLM json. [Valentin Giannini] + +* Add missing. [Valentin Giannini] + +* Add CERT-XLM taxonomie. [Valentin Giannini] + +* Merge pull request #81 from droe/master. [Alexandre Dulaunoy] + + Set exclusive flag on misp:automation-level predicate + +* Set exclusive flag on automation-level predicate. [Daniel Roethlisberger] + +* Merge pull request #80 from droe/master. [Alexandre Dulaunoy] + + Add automation-level predicate to misp taxonomy + +* Bumping version to 6. [Daniel Roethlisberger] + +* Add automation-level to the list of predicate descriptions. [Daniel Roethlisberger] + +* Rename "automatic" to "unsupervised" after review with @amuehlem. [Daniel Roethlisberger] + +* Add: New predicate misp:automation-level indicating whether an event or attribute was imported into MISP in a fully automatic fashion, was reviewed by a human, or directly stems from manual analysis. [Daniel Roethlisberger] + + /cc @h122015 + +* Add: new taxonomy added Christian Seifert, Ian Welch, Peter Komisarczuk, ‘Taxonomy of Honeypots’, Technical Report CS-TR-06/12, VICTORIA UNIVERSITY OF WELLINGTON, School of Mathematical and Computing Sciences, June 2006, http://www.mcs.vuw.ac.nz/comp/Publications/archive/CS-TR-06/CS-TR-06-12.pdf. [Alexandre Dulaunoy] + +* Merge pull request #79 from michael-hamm/master. [Alexandre Dulaunoy] + + Honeypot basic taxonomy + +* Replace underscore with dash. [Michael Hamm] + +* Role in Multi-tier Architecture added. [Michael Hamm] + +* Communication-interface added. [Michael Hamm] + +* Distribution Appearance added. [Michael Hamm] + +* Containment added. [Michael Hamm] + +* Data Capture added. [Michael Hamm] + +* Honeypot basic taxonomy. [Michael Hamm] + +* Fixed. [Alexandre Dulaunoy] + +* New taxonomy runtime-packer added. [Alexandre Dulaunoy] + + Runtime or software packer used to combine compressed data with the decompression code. The decompression code can add additional obfuscations mechanisms including polymorphic-packer or other o + bfuscation techniques. This taxonomy lists all the known or official packer used for legitimate use or for packing malicious binaries. + +* Manifest updated. [Alexandre Dulaunoy] + +* Workflow: review credibility added. [Alexandre Dulaunoy] + +* Perms changed. [Alexandre Dulaunoy] + +* Perms changed. [Alexandre Dulaunoy] + +* Add: Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information. [Alexandre Dulaunoy] + +* Add: numerical value is now displayed in the documentation. [Alexandre Dulaunoy] + +* Osint version updated. [Alexandre Dulaunoy] + +* Add: exclusive property added to express exclusivity at predicate or value level. [Alexandre Dulaunoy] + + Exclusive property allows to express if a predicate or a value is exclusive. + The exclusive property applies at namespace level (if the predicate is exclusive) or + at predicate level is the value is exclusive. + + TLP and fr-classif updated with exclusive property. + + The exclusive property can be used by the software (e.g. MISP) to warn users + if (s)he tries to add multiple tags on the same element (attribute, event...). + It's up to the configuration of the software to enforce it or not. + + By default, tags are not exclusive. + +* Cannot type Today. [Alexandre Dulaunoy] + +* Numerical values added to admiralty scale based on feedback. [Alexandre Dulaunoy] + +* Update: OSINT now includes a "presentation" type source. [Alexandre Dulaunoy] + +* Ais-marking added to manifest. [Alexandre Dulaunoy] + +* AIS marking based on The AIS Marking Schema implementation is maintained by the National Cybersecurity and Communication Integration Center (NCCIC) of the U.S. Department of Homeland Security (DHS). [Alexandre Dulaunoy] + +* Merge pull request #76 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update mapping + +* Update mapping. [Deborah Servili] + +* Description added at predicate level too. [Alexandre Dulaunoy] + +* Add: description is now added in the asciidoc output for the values. [Alexandre Dulaunoy] + +* Merge pull request #75 from michael-hamm/master. [Alexandre Dulaunoy] + + eCSIRT taxonomy updated to fully support version mkVI of 31 March 201… + +* ECSIRT taxonomy updated to fully support version mkVI of 31 March 2015 and still support IntelMQ taxonomy-type mapping. [Michael Hamm] + +* Add: mapping of taxonomy added in the asciidoc output. [Alexandre Dulaunoy] + +* Added: numerical value (approximation) added to estimative language namespace. [Alexandre Dulaunoy] + +* Collaborative analysis updated. [Alexandre Dulaunoy] + +* Request detection-signature. [Alexandre Dulaunoy] + +* Collaborative-intelligence added. [Alexandre Dulaunoy] + +* Collaborative-intelligence namespace added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Properly fix manifest. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Remove duplicate. [Raphaël Vinot] + +* Add schema for mapping. [Raphaël Vinot] + +* Added: Collaborative intelligence support language is a common language to support analysts to perform their analysis to get crowdsourced support when using threat intelligence sharing platform like MISP. The objective of this language is to advance collaborative analysis and to share earlier than later. [Alexandre Dulaunoy] + +* Change the path of the default asciidoctor-pdf. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Update manifest. [Raphaël Vinot] + +* CSSA agreed taxonomy added. [Alexandre Dulaunoy] + +* Cssa: Version must be an integer. [Alexandre Dulaunoy] + +* Moved to a proper directory - The CSSA agreed sharing taxonomy. [Alexandre Dulaunoy] + +* Remove cssa file. [Alexandre Dulaunoy] + +* Merge pull request #73 from yannw/patch-1. [Raphaël Vinot] + + CSSA Taxonomy + +* CSSA Taxonomy. [yannw] + + Used by CSSA e.V. members to add the Class (quality of the data: High_class, Vetted, Unvetted) anbd the Origin of the data. + +* Update validate. [Raphaël Vinot] + +* Clean travis. [Raphaël Vinot] + +* Cleanup tests. [Raphaël Vinot] + +* Improve consistency when lising the predicates, remove duplicates. [Raphaël Vinot] + + * SeekmoSearchAssistant was here twice in ms-caro-malware-full + * Mult was here twice in ms-caro-malware-full + * CouponRuc was here twice in ms-caro-malware-full + * mobile-malware was here twice in enisa + * spear-phishing-attacks was here twice in enisa + +* Cleanup veris. [Raphaël Vinot] + +* Force run PyTaxonomies in travis. [Raphaël Vinot] + +* Make the schema more sane. [Raphaël Vinot] + +* Generator added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #72 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update manifest + +* Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] + +* Update manifest. [Deborah Servili] + +* Add DöL to readme. [Deborah Servili] + +* Additional sources including honeypot, spamtramp or alike. [Alexandre Dulaunoy] + +* Merge pull request #71 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add DML taxonomy + +* Merge branch 'master' of https://github.com/Delta-Sierra/misp-taxonomies. [Deborah Servili] + +* Add DML taxonomy. [Deborah Servili] + +* Automatic-analysis added. [Alexandre Dulaunoy] + +* Merge pull request #69 from Delta-Sierra/master. [Alexandre Dulaunoy] + + mapping tlp + +* Correct typo~ [Deborah Servili] + +* Merge https://github.com/MISP/misp-taxonomies. [Deborah Servili] + +* Fix #67 - typo in the description of Culture-oriented organisation. [Alexandre Dulaunoy] + +* Merge pull request #68 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add action-taken taxonomy + +* Mapping tlp. [Deborah Servili] + +* Jq. [Deborah Servili] + +* Add action-taken taxonomy. [Deborah Servili] + +* Documentation links added. [Alexandre Dulaunoy] + +* MinItem for the array. [Alexandre Dulaunoy] + +* Type added to only allow tagging on users or organisations. [Alexandre Dulaunoy] + +* Schema updated to include the type - https://github.com/MISP/MISP/issues/2159. [Alexandre Dulaunoy] + + By default all taxonomies are applicable to events and attributes. But + new features will be introduced to support specific tagging for + users or organisations. + + For more information: https://github.com/MISP/MISP/issues/2159 + +* New type added - user and org only. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #63 from gallypette/master. [Alexandre Dulaunoy] + + New items to analyst assessment, removal of analysis-related items + +* Adds experience related to web application security. [gallypette] + +* Adds experience related to crypto. [gallypette] + +* Adds OS, and web-related items. [gallypette] + +* Removes parts that belong to the analysis, adds predicates relating to reversing. [gallypette] + +* New taxonomy event-assessment - series of assessment predicates describing the event assessment performed to make judgement(s) under a certain level of uncertainty. [Alexandre Dulaunoy] + +* New taxonomy to describe Tor network infrastructure added. [Alexandre Dulaunoy] + +* Fix the asciidoctor admonition reference to have a proper output. [Alexandre Dulaunoy] + +* Machinetag list is now sorted by default. [Alexandre Dulaunoy] + +* A first version of A series of assessment predicates describing the analyst capabilities to perform analysis or making judgments under a certain level of uncertainty. These assessment can be assigned by the analyst him/herself or by another party evaluating the analyst or the analysis. [Alexandre Dulaunoy] + + This is based on various documents but especially those two documents: + + - Psychology of Intelligence Analysis (Richards J. Heuer, Jr.) + - Judgment under Uncertainty: Heuristics and Biases (Amos Tversky; Daniel Kahneman) + + The challenge when doing such taxonomy is to describes a human process + into a machine-readable taxonomy. So feedback (via PR or issues) + is more than welcome. + +* Merge pull request #61 from FloatingGhost/master. [Alexandre Dulaunoy] + + Basic binary taxonomy + +* Vocabulaire des probabilités estimatives added to index. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Make pep8 happy. [Raphaël Vinot] + +* Vocabulaire des probabilités estimatives added based on the document from "Service canadien de renseignements criminels". [Alexandre Dulaunoy] + +* Typo corrected. [Andras Iklody] + +* A first taxonomy covering DDoS attack. [Alexandre Dulaunoy] + +* Merge pull request #60 from MISP/access. [Raphaël Vinot] + + [WIP] Add assessnow taxonomy + +* Add assessnow taxonomy. [Raphaël Vinot] + +* Clean-up. [Alexandre Dulaunoy] + +* Proposal for blocking module expansion. [Alexandre Dulaunoy] + +* Update schema, fix taxonomies accordingly. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Raphaël Vinot] + +* Diamond model added to the README and MANIFEST. [Alexandre Dulaunoy] + +* Merge pull request #58 from FloatingGhost/master. [Alexandre Dulaunoy] + + Update machinetag to allow running from any directory + +* Update machinetag to allow running from any directory. [Hannah Ward] + +* Merge pull request #57 from gbossert/killchain-weaponization. [Alexandre Dulaunoy] + + Typo fix: replaces weaponiSation by weaponiZation + +* Upgrade version number from 1 to 2 in cyber killchain taxo. [Georges Bossert] + +* Typo fix: replaces weaponiSation by weaponiZation. [Georges Bossert] + + The official term (see. http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html) relies on the American/Oxford + spelling. + +* MANIFEST updated. [Alexandre Dulaunoy] + +* Source-code-repository as source added. [Alexandre Dulaunoy] + +* JQ all the things. [Raphaël Vinot] + +* Add schema. [Raphaël Vinot] + +* Merge pull request #56 from FloatingGhost/master. [Alexandre Dulaunoy] + + Added passivetotal tags for #30. + +* Restored manifest to have the right entries. [Hannah Ward] + +* Added basic PassiveTotal tags, updated MANIFEST. [Hannah Ward] + +* MANIFEST file version updated. [Alexandre Dulaunoy] + +* Merge pull request #55 from gbossert/stix-ttp. [Andras Iklody] + + Registers stix-ttp taxonomy in MANIFEST.json. + +* Registers stix-ttp taxonomy in MANIFEST.json. [Georges Bossert] + +* Merge pull request #54 from gbossert/stix-ttp. [Andras Iklody] + + Introducing STIX-TTP Taxonomy + +* Introducing STIX-TTP Taxonomy. [Georges Bossert] + + The STIX-TTP taxonomy follows the STIX model to handle the classification of event TTPs. + This version covers both Victim Trageting by Sector and Victim Targeting by Information Type. + +* OSINT updated. [Alexandre Dulaunoy] + +* Microblog-post added in the type OSINT source. [Alexandre Dulaunoy] + +* Default branch of MISP changed - so raw path images too... [Alexandre Dulaunoy] + +* MANIFEST updated to add TTI. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* TTI added. [Alexandre Dulaunoy] + +* Targeted-threat-index taxonomy added. [Alexandre Dulaunoy] + + The Targeted Threat Index is a metric for assigning an overall threat + ranking score to email messages that deliver malware to a victim’s + computer. The TTI metric was first introduced at SecTor 2013 by Seth + Hardy as part of the talk “RATastrophe: Monitoring a Malware Menagerie” + along with Katie Kleemola and Greg Wiseman. + + ref: https://citizenlab.org/2013/10/targeted-threat-index/ + +* Galaxy removed. [Alexandre Dulaunoy] + +* MISP galaxy removed as included by default via galaxy. [Alexandre Dulaunoy] + + https://github.com/MISP/MISP/issues/1731#issuecomment-265766291 + +* Reference added to the diamond model taxonomy. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #52 from pstirparo/master. [Alexandre Dulaunoy] + + adding diamond model taxonomy + +* Adding diamond model taxonomy. [Pasquale Stirparo] + +* Merge pull request #50 from cvandeplas/master. [Alexandre Dulaunoy] + + Updated misp-galaxy taxonomy + +* Updated misp-galaxy taxonomy. [Christophe Vandeplas] + +* Merge pull request #51 from flmsc/master. [Alexandre Dulaunoy] + + Fixed some broken links in README.md + +* Fixed some broken links in README.md. [Florian Schuetz] + +* Version for galaxy updated. [Alexandre Dulaunoy] + +* Merge pull request #49 from cvandeplas/master. [Alexandre Dulaunoy] + + Updated misp-galaxy taxonomy + +* Updated misp-galaxy taxonomy. [Christophe Vandeplas] + +* Merge pull request #47 from cvandeplas/master. [Alexandre Dulaunoy] + + Updated misp-galaxy taxonomy + +* Updated misp-galaxy taxonomy. [Christophe Vandeplas] + +* Version updated. [Alexandre Dulaunoy] + +* Updated to the latest version of the MISP galaxy. [Alexandre Dulaunoy] + +* Fixing the galaxy with the new clusters name. [Alexandre Dulaunoy] + +* Merge pull request #46 from Delta-Sierra/master. [Alexandre Dulaunoy] + + update mapping + +* Update mapping. [Déborah Servili] + +* Match taxonomy namespace. [Alexandre Dulaunoy] + +* Stealth_malware to match taxonomy namespace. [Alexandre Dulaunoy] + +* Stealth-malware namespace added. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Merge pull request #44 from RichieB2B/ncsc-nl/stealth-malware. [Alexandre Dulaunoy] + + Add Stealth Malware Taxonomy as defined by Joanna Rutkowska + +* Add Stealth Malware Taxonomy as defined by Joanna Rutkowska. [Richard van den Berg] + +* Merge pull request #43 from cvandeplas/master. [Alexandre Dulaunoy] + + Galaxy elements as taxonomies + +* Converted galaxy to taxonomy. [Christophe Vandeplas] + +* Script to convert galaxy to taxonomy. [Christophe Vandeplas] + +* MISP mapping changed key as object to add optional fields like colour, description. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #41 from cvandeplas/master. [Alexandre Dulaunoy] + + dynamically build taxonomies list + +* Dynamically build taxonomies list. [Christophe Vandeplas] + + solves the problem to update the list constantly + +* Explicitely set values to null if there are none. [Raphaël Vinot] + +* New mapping taxonomy library added. [Alexandre Dulaunoy] + + A simple JSON format where a vernacular/common name describes + all the potential associated machine tags. + + The format is a simple JSON object with a key for the common name + which references a list of potential associated machine tags. + + The usage (in a first step) in MISP will be the following: + + - The replacement in the index UI of the corresponding list of machine + tags by the vernacular/common name. + + - The ability to add automatically associated machine tags when tagging with the + vernacular/common name. + + Even if the machine tags is not enabled in MISP, the tag will be added. + +* Fix Typos in TLP & PAP. [Raphaël Vinot] + +* Version of MISP taxonomy updated. [Alexandre Dulaunoy] + +* Misp:should-not-sync added (to be used with feeds or other local event which are not recommended to be synced) [Alexandre Dulaunoy] + +* Manifest fixed. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + + Conflicts: + osint/machinetag.json + +* Merge pull request #39 from cvandeplas/master. [Alexandre Dulaunoy] + + added OSINT source-type expansion + +* Added OSINT source-type expansion. [Christophe Vandeplas] + +* Fix inconsistencies between MANIFEST, directory names and taxonomies. [Raphaël Vinot] + +* Merge pull request #38 from michael-hamm/rt_event_status. [Alexandre Dulaunoy] + + Status of events used in Request Tracker. + +* Status of events used in Request Tracker. [Michael Hamm] + +* Merge pull request #37 from bradh/patch-1. [Alexandre Dulaunoy] + + Typo fix + +* Typo fix. [Brad Hards] + +* Filter or block list added to the OSINT taxonomy. [Alexandre Dulaunoy] + +* Domain-abuse addetd. [Alexandre Dulaunoy] + +* Merge pull request #36 from mausding/master. [Alexandre Dulaunoy] + + Domain name abuse taxonomy + +* Added domain-abuse. [Michael Hausding] + +* Added domain-abuse taxonomy. [Michael Hausding] + +* Merge branch 'master' of github.com:mausding/misp-taxonomies. [Michael Hausding] + +* Name of taxonomies updated. [Alexandre Dulaunoy] + +* OSINT: numerical value added to confidence level. [Alexandre Dulaunoy] + +* Threat-level predicate fixed. [Alexandre Dulaunoy] + +* Added predicate description. [Andras Iklody] + +* Low risk added. [Alexandre Dulaunoy] + +* New threat level created (including CEUS mapping) [Alexandre Dulaunoy] + +* Merge pull request #34 from rommelfs/patch-1. [Alexandre Dulaunoy] + + Update, language related + +* Update, language related. [Sascha Rommelfangen] + +* Typo fixed. [Alexandre Dulaunoy] + +* MISP confidence level updated. [Alexandre Dulaunoy] + + The confidence levels have been changed to 100, 75, 50, 25 and 0. + Undefined confidences are not set to avoid ambiguities. + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Fixed a typo in the MUST NOT tag. [Andras Iklody] + + As discovered by @packet-rat in https://github.com/MISP/misp-taxonomies/issues/33 + +* First experimental confidence level for MISP taxonomy. [Alexandre Dulaunoy] + +* License clarification - CC0. [Alexandre Dulaunoy] + +* TLP updated according to FIRST SIG about TLP. [Alexandre Dulaunoy] + + For more info: https://www.first.org/tlp + +* Merge pull request #31 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add Botnet to malware_classification:malware-category + +* Add Botnet to malware_classification:malware-category. [Raphaël Vinot] + +* Galaxy mapping removed - moved to the galaxy repo. [Alexandre Dulaunoy] + +* Galaxy moved to galaxy repo. [Alexandre Dulaunoy] + +* URLs to galaxy, clusters and elements fixed. [Alexandre Dulaunoy] + +* Simplify the mapping. [Alexandre Dulaunoy] + + KISS KISS KISS principle + +* Reserved taxonomy added. [Alexandre Dulaunoy] + +* First idea of mapping the MISP galaxy with taxonomies. [Alexandre Dulaunoy] + +* IEP added. [Alexandre Dulaunoy] + +* Domain Name Abuse. [Michael Hausding] + + Taxonomy to tag domain names used for cybercrime. + Use europol-incident to tag abuse-activity. + + TF-CSIRT hackathon Zurich: + + sykaeh + mausding + +* PAP added. [Alexandre Dulaunoy] + +* PAP added to the Manifest file. [Alexandre Dulaunoy] + +* PAP to pap for the file directory. [Alexandre Dulaunoy] + +* Colour values added to PAP. [Alexandre Dulaunoy] + +* Merge pull request #28 from jenter8/master. [Alexandre Dulaunoy] + + Permissible Actions Protocol ("PAP") + +* Add files via upload. [jenter8] + +* Add files via upload. [jenter8] + +* Add test with PyTaxonomies. [Raphaël Vinot] + +* Update version. [Raphaël Vinot] + +* Fix manifest. [Raphaël Vinot] + +* Directory names fixed. [Alexandre Dulaunoy] + +* Left off the new MANIFEST.json. [Iglocska] + +* Added versions to manifest and some directory name changes. [Iglocska] + + - made some changes to the directory names to reflect the actual namespace + - added version numbers in MANIFEST.json + +* First version of the root MANIFEST file for the MISP taxonomies. [Alexandre Dulaunoy] + + The objective is to generate all the public indexes of MISP taxonomies + from that MANIFEST file including the ones from the MISP website, + taxonomies and documentation. The file can be also used for automatic + updates of taxonomies from MISP or any other application. + + Note for taxonomy maintainer, don't forget to PR for the MANIFEST + update. + + To be included in the MANIFEST are the external references too (as + a ref array in each taxonomy). + +* Open Threat Taxonomy added. [Alexandre Dulaunoy] + +* Merge pull request #27 from SDOIR/master. [Raphaël Vinot] + + Add Open Threat Taxonomy + +* Add Open Threat Taxonomy. [SDOIR] + +* Merge pull request #26 from 2xyo/information-security-indicators. [Alexandre Dulaunoy] + + Add the Information Security Indicators taxonomy + +* Add the Information Security Indicators taxonomy. [Yohann Lepage] + +* Merge pull request #25 from SDOIR/master. [Alexandre Dulaunoy] + + Microsoft's Computer Antivirus Research Organization (CARO) implement… + +* Microsoft's Computer Antivirus Research Organization (CARO) implementation including malware families. This taxonomy is large and and difficult to work with without a search feature. Instead, use ms-caro-malware. [SDOIR] + +* Microsoft malware classification added. [Alexandre Dulaunoy] + +* Ms-caro-malware taxonomy added. [Alexandre Dulaunoy] + +* Remove jso file. [Alexandre Dulaunoy] + +* Merge pull request #24 from SDOIR/master. [Alexandre Dulaunoy] + + Microsoft's Computer Antivirus Research Organization implementation f… + +* Microsoft's Computer Antivirus Research Organization implementation for malware classification. [SDOIR] + +* Microsoft's Computer Antivirus Research Organization implementation for malware classification. [SDOIR] + +* Estimative language added. [Alexandre Dulaunoy] + +* Estimative language taxonomy added. [Alexandre Dulaunoy] + +* Fixed JSON format. [Alexandre Dulaunoy] + +* Estimative language from Intelligence Community Directive 203 (ICD 203) added. [Alexandre Dulaunoy] + +* Skip non-existing expanded value. [Alexandre Dulaunoy] + +* Expanded values for the variable string. [Alexandre Dulaunoy] + +* Skip tags without expanded value. [Alexandre Dulaunoy] + +* Information Exchange Policy framework updated. [Alexandre Dulaunoy] + +* Cyber Kill Chain added. [Alexandre Dulaunoy] + +* Kill-chain taxonomy added. [Alexandre Dulaunoy] + +* Merge pull request #23 from iglocska/master. [Alexandre Dulaunoy] + + Updated the kill chain explanations to reflect the meaning of the kil… + +* Updated the kill chain explanations to reflect the meaning of the kil chain phase instead of the remedy. [Iglocska] + +* Added the Cyber kill-chain. [Iglocska] + +* Added Forum Incident Response and Security Teams (FIRST) Information Exchange Policy framework Version 1.0. [Alexandre Dulaunoy] + +* Misp contibutor predicate. [Alexandre Dulaunoy] + +* ENISA link added. [Alexandre Dulaunoy] + +* Updated to reflect the ENISA and Europol taxonimies added. [Alexandre Dulaunoy] + +* Complete ENISA Threat Taxonomy added. [Alexandre Dulaunoy] + +* ENISA updated. [Alexandre Dulaunoy] + +* Eavesdropping/ Interception/ Hijacking added. [Alexandre Dulaunoy] + +* Outages added. [Alexandre Dulaunoy] + +* ENISA taxonomy updated. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + + Conflicts: + tools/machinetag.py + +* Add Europol types of events taxonomy. [Raphaël Vinot] + +* Add doc, update tool. [Raphaël Vinot] + +* Add Europol incidents taxonomy. [Raphaël Vinot] + +* Add the ENISA taxonomy. [Alexandre Dulaunoy] + +* Colour added to the TLP taxonomy (fix #21) [Alexandre Dulaunoy] + + Colour is now an optional field that can be at predicate level + or value level to set a default color for the tag. + +* Updated ENISA taxonomies. [Alexandre Dulaunoy] + +* More disasters added. [Alexandre Dulaunoy] + +* Typo fixed + disaster predicate added. [Alexandre Dulaunoy] + +* More unintentional-damage. [Alexandre Dulaunoy] + +* More entries added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Initial MISP internal taxonomy to infer with MISP behaviors. [Alexandre Dulaunoy] + +* Namespace and predicated added - ENISA Threat Taxonomy A tool for structuring threat information. [Alexandre Dulaunoy] + +* Asciidoctor output fixed. [Alexandre Dulaunoy] + +* FR Classification - pretty print. [Alexandre Dulaunoy] + +* EU Critical Sectors added. [Alexandre Dulaunoy] + +* DHS CIIP reference added. [Alexandre Dulaunoy] + +* Add adversary infrastructure taxonomy. [Alexandre Dulaunoy] + +* Merge pull request #20 from smsiebe/patch-2. [Andras Iklody] + + typo fix + +* Typo fix. [Steven Siebert] + + documentation typo fix + +* Merge pull request #19 from smsiebe/patch-1. [Andras Iklody] + + fix missing step in command line example + +* Fix missing step in command line example. [Steven Siebert] + + command line example starting on line 76 missed a step, and if followed, results in the machinetag.json file being created in the wrong directory + +* Update readme. [Raphaël Vinot] + +* Add travis file. [Raphaël Vinot] + +* Presentation added. [Alexandre Dulaunoy] + +* Merge pull request #18 from remg427/patch-2. [Alexandre Dulaunoy] + + Update machinetag.json + +* Update machinetag.json. [remg427] + + Official Classification markings EUCI + +* Typo fixed. [Alexandre Dulaunoy] + +* New taxonomies added. [Alexandre Dulaunoy] + +* DHS CIIP added + some fixes from pull request. [Alexandre Dulaunoy] + +* Include #16. [Alexandre Dulaunoy] + +* FR gov classification. [Alexandre Dulaunoy] + +* Remove fr-classif (should be a directory by default) [Alexandre Dulaunoy] + +* Merge pull request #15 from eu-pi/patch-1. [Alexandre Dulaunoy] + + FR data classification + +* Update fr-classif. [eu-pi] + +* Create fr-classif. [eu-pi] + +* -n option added to view a specific namespace. [Alexandre Dulaunoy] + +* Action added to the adversary name space. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Infrastructure state has been added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-taxonomies. [Alexandre Dulaunoy] + +* Merge pull request #10 from deralexxx/patch-1. [Alexandre Dulaunoy] + + How to write your private taxonomy + +* How to write your private taxonomy. [Alexander J] + +* DE German (DE) - Government classification markings (VS) added. [Alexandre Dulaunoy] + +* To be UTF-8 consistent. [Alexandre Dulaunoy] + +* Merge pull request #12 from MichaelDwucet/master. [Alexandre Dulaunoy] + + Merge German (DE) Government classification markings (VS) with misp-taxonomies master + +* Update README.md. [Michael Dwucet] + + typo + +* Merge pull request #2 from MichaelDwucet/MichaelDwucet-patch-DE-Classified-Information-2. [Michael Dwucet] + + Create README.md for German Classifed Information Taxonomy + +* Create README.md. [MichaelDwucet] + + Readme for DE-VS Taxonomy. + +* Merge pull request #1 from MichaelDwucet/MichaelDwucet-patch-DE-Classified-Information-1. [Michael Dwucet] + + Create machinetag.json for German Classifed Information Taxonomy + +* Create machinetag.json. [MichaelDwucet] + + New machinetag.json for German (DE) Government classification markings (VS) + +* New taxonomies listed. [Alexandre Dulaunoy] + +* SANS malware classification added. [Alexandre Dulaunoy] + +* FIRST Case classification added in the index. [Alexandre Dulaunoy] + +* UTF-8 output. [Alexandre Dulaunoy] + +* Malware namespace added. [Alexandre Dulaunoy] + +* Merge pull request #9 from deralexxx/master. [Alexandre Dulaunoy] + + first shot of malware classification + +* First shot of malware classification. [deralexxx] + +* First_csirt_case_classification added in the tool. [Alexandre Dulaunoy] + +* Merge pull request #8 from deralexxx/master. [Alexandre Dulaunoy] + + CSIRT Case Classification (Example for Enterprise CSIRT) + +* Tags. [deralexxx] + +* Readme. [deralexxx] + +* TDS fixed. [Alexandre Dulaunoy] + +* Adversary taxonomy: typo fixed. [Alexandre Dulaunoy] + +* Adversary expanded with TDS and panel classification. [Alexandre Dulaunoy] + +* Adversary machine tag added - first draft version. [Alexandre Dulaunoy] + +* OSINT add in the list. [Alexandre Dulaunoy] + +* Certainty scale added. [Alexandre Dulaunoy] + + The scale is based on the section "An Odds Table" from the following + reference: https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/sherman-kent-and-the-board-of-national-estimates-collected-essays/6words.html + +* OSINT taxonomy (early version) added. [Alexandre Dulaunoy] + +* NATO classification marking added. [Alexandre Dulaunoy] + +* Image added. [Alexandre Dulaunoy] + +* Image of the explanation added. [Alexandre Dulaunoy] + +* Overview of the MISP taxonomies technique. [Alexandre Dulaunoy] + +* Expanded namespace for TLP added. [Alexandre Dulaunoy] + +* Support for expanded namespace added. [Alexandre Dulaunoy] + +* EUCI added. [Alexandre Dulaunoy] + +* Description fixed. [Alexandre Dulaunoy] + +* Description added in the asciidoctor output. [Alexandre Dulaunoy] + +* EUCI added. [Alexandre Dulaunoy] + +* EUCI marking added. [Alexandre Dulaunoy] + +* EU classified information (EUCI) marking added. [Alexandre Dulaunoy] + +* Logo added in documentation generation. [Alexandre Dulaunoy] + +* Generate asciidoctor pages from JSON taxonomies. [Alexandre Dulaunoy] + + Option -a added to generate asciidoctor output of all taxonomies. + +* -v verbose option added to print descriptions. [Alexandre Dulaunoy] + +* NATO classification markings. (first DRAFT) [Alexandre Dulaunoy] + +* ISM added. [Alexandre Dulaunoy] + +* Missing atomicEnergyMarkings added. [Alexandre Dulaunoy] + +* Initial support for ISM (Information Security Marking Metadata) as described by DNI.gov. [Alexandre Dulaunoy] + +* First version of Information Security Marking Metadata (DNI.gov) [Alexandre Dulaunoy] + +* ECSIRT added. [Alexandre Dulaunoy] + +* Added Incident Classification by the ecsirt.net project WP4 clearinghouse policy and updated by IntelMQ. [Alexandre Dulaunoy] + +* List of taxonomies added. [Alexandre Dulaunoy] + +* How to contribute your taxonomy added. [Alexandre Dulaunoy] + +* Added missing version. [Alexandre Dulaunoy] + +* MISP link added. [Alexandre Dulaunoy] + +* Generic taxonomies support starts in MISP 2.4. [Alexandre Dulaunoy] + +* Typo fixed. [Alexandre Dulaunoy] + +* Veris added. [Alexandre Dulaunoy] + +* Minimal code to parse Veris label and generate triple tags/machine tags. [Alexandre Dulaunoy] + +* Veris added + skipping non expanded predicates. [Alexandre Dulaunoy] + +* Vocabulary for Event Recording and Incident Sharing (VERIS) added. [Alexandre Dulaunoy] + +* CIRCL Taxonomy added. [Alexandre Dulaunoy] + +* CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection added. [Alexandre Dulaunoy] + +* CIRCL Taxonomy - Schemes of Classification in Incident Response and Detection added. [Alexandre Dulaunoy] + +* TLP classification added - fix #3. [Alexandre Dulaunoy] + +* TLP (Traffic Light Protocol) added as triple tags format. [Alexandre Dulaunoy] + + based on the description from CIRCL: + https://www.circl.lu/pub/traffic-light-protocol/ + +* Support triple tags JSON file without values. [Alexandre Dulaunoy] + +* Added a version number in the JSON - Fix #2. [Alexandre Dulaunoy] + +* Some clarification of the machine tags usage. [Alexandre Dulaunoy] + +* Minimal README added. [Alexandre Dulaunoy] + +* Parsing tool for MISP taxonomies expressed in Machine Tags (Triple Tags) to list all valid tags from a specific taxonomy. [Alexandre Dulaunoy] + +* JSON coherence. [Alexandre Dulaunoy] + +* Default json added. [Alexandre Dulaunoy] + +* First version of the Admiralty Scale machine tags described in JSON. [Alexandre Dulaunoy] + +* Dmiralty-scale added (description and overview) [Alexandre Dulaunoy] + + diff --git a/Changelog-misp-warninglists.txt b/Changelog-misp-warninglists.txt new file mode 100644 index 0000000..c20da03 --- /dev/null +++ b/Changelog-misp-warninglists.txt @@ -0,0 +1,1690 @@ +# Changelog + + +## v2.4.151 (2021-11-19) + +### New + +* Include dnscrypt-resolvers IP addresses to public-dns lists. [Jakub Onderka] + +### Changes + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [lists] updated. [Alexandre Dulaunoy] + +* [lists] updated. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [[publicdns] update the golden list. [Alexandre Dulaunoy] + +* [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +* [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #194 from drewm27/main. [Alexandre Dulaunoy] + + Additional sinkholes found for shadowserver and looking up neighbor IP ranges for sinkhole DNS names + +* Sinkhole.fitsec.com revese DNS. [Drew Middlesworth] + +* Reverse lookup of this IP shows sinkhole.hyas.com. [Drew Middlesworth] + +* This range all has reverse DNS lookup info pointing to sinkholed.by.zinkhole.org. [Drew Middlesworth] + +* Combine cert.pl range, a significant number of these IPs revese lookup to sinkhole.cert.pl. [Drew Middlesworth] + +* 5 of the hosts in this range are also shadowserver sinkholes according to their reverse DNS. [Drew Middlesworth] + +* Reverse looking up all these addresses in this range mention sinkhole. [Drew Middlesworth] + +* Added sinkhole used for abuseat.org and spamhaus. [Drew Middlesworth] + +* Merge pull request #193 from drewm27/main. [Alexandre Dulaunoy] + + New sinkholes from a few sources + +* Fix order. [Drew Middlesworth] + +* New sinkholes detected from work with riskrecon.com and other security sites. Running curl on any of these IPs pretty well shows they are sinkholes. [Drew Middlesworth] + +* Merge pull request #191 from JakubOnderka/dnscrypt. [Alexandre Dulaunoy] + + new: Include dnscrypt-resolvers IP addresses to public-dns lists + + +## v2.4.148 (2021-08-09) + +### Changes + +* [warning-lists] updated. [Alexandre Dulaunoy] + + +## v2.4.147 (2021-07-27) + +### Changes + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +* [tools] add golden IPv4 DNS server in the generate-publicdns.py script. [Alexandre Dulaunoy] + + One of the source is regularly dropping 9.9.9.9 as a source of + publicdns. This additional list can be used to ensure these known golden + DNS public resolver are there. + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [dynamic-dns] jq all the things. [Alexandre Dulaunoy] + +### Fix + +* [public-dns] 9.9.9.9 added. [Alexandre Dulaunoy] + +### Other + +* Fix typo in the license part. [Alexandre Dulaunoy] + +* Merge branch 'ekamioka-patch-2' into main. [Alexandre Dulaunoy] + +* Merge branch 'patch-2' of https://github.com/ekamioka/misp-warninglists into ekamioka-patch-2. [Alexandre Dulaunoy] + +* Add more dynamic DNS domains. [ekamioka] + + +## v2.4.145 (2021-06-28) + +### New + +* List of known SMTP receiving IP addresses. [Jakub Onderka] + +* List of known SMTP sending IP ranges. [Jakub Onderka] + +* Generator for Akamai. [Jakub Onderka] + +* [crl] Genreate domains and IPs directly from Mozilla intermediate list. [Jakub Onderka] + +* [apple] IP ranges assigned to Apple. [Jakub Onderka] + +* [google-gmail-sending-ips] Add generator and update to latest version. [Jakub Onderka] + +* [google-gcp] Add generator and update to latest version. [Jakub Onderka] + +* [azure] List for Azure China, Germany and US Gov cloud. [Jakub Onderka] + +* [second-level-tlds] Add generator and update to latest version. [Jakub Onderka] + +### Changes + +* [doc] list updated. [Alexandre Dulaunoy] + +* [update] update of all the warning-lists. [Alexandre Dulaunoy] + +* [cidr] Consolidate CIDR networks. [Jakub Onderka] + +* [microsoft-office365-cn] Update to latest version. [Jakub Onderka] + +* [doc] list of warning-lists updated. [Alexandre Dulaunoy] + +* [ovh-cluster] Change list typo to cidr. [Jakub Onderka] + +* [rfc] Normalize RFC lists description. [Jakub Onderka] + +* [doc] warning-lists updated. [Alexandre Dulaunoy] + +* [dynamic-dns] jq all the things. [Alexandre Dulaunoy] + +### Fix + +* [script] typo in one of the script name. [Alexandre Dulaunoy] + +* [mozilla-IntermediateCA] Typo. [Jakub Onderka] + +* [google-gmail-sending-ips] typo. [Jakub Onderka] + +* [stackpath] List was empty. [Jakub Onderka] + +* [moz] Moz is not Mozilla. [Jakub Onderka] + +* [publicdns] IP addresses should be cidr. [Jakub Onderka] + +* [schema] wildmask is not valid type. [Jakub Onderka] + +### Other + +* Merge pull request #190 from JakubOnderka/smtp. [Alexandre Dulaunoy] + + new: List of known SMTP sending IP ranges + +* Merge pull request #189 from JakubOnderka/consolidate-networks. [Alexandre Dulaunoy] + + chg: [cidr] Consolidate CIDR networks + +* Merge pull request #188 from JakubOnderka/office365-cn. [Alexandre Dulaunoy] + + chg: [microsoft-office365-cn] Update to latest version + +* Merge pull request #185 from JakubOnderka/crl. [Alexandre Dulaunoy] + + new: [crl] Genreate domains and IPs directly from Mozilla + +* Merge pull request #184 from JakubOnderka/update. [Alexandre Dulaunoy] + + Update + +* Merge branch 'ekamioka-main' into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of https://github.com/ekamioka/misp-warninglists into ekamioka-main. [Alexandre Dulaunoy] + +* Init a list of dyn DNS TLD domains. [ekamioka] + + +## v2.4.144 (2021-06-07) + +### New + +* [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +### Changes + +* [update] MISP warning-lists updated. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #181 from Wiscy-Security/main. [Andras Iklody] + + generate-stackpath.py: Added scraper on website to get new link for ipblocks.txt file + +* Generate-stackpath.py: Added scraper on website to get new link for ipblocks.txt file. [Kevin Holvoet] + +* Set theme jekyll-theme-minimal. [Alexandre Dulaunoy] + + +## v2.4.143 (2021-05-14) + +### New + +* [tools] simple python script to generate the list of warning-lists in Markdown. [Alexandre Dulaunoy] + +### Changes + +* [doc] fix link and description. [Alexandre Dulaunoy] + +* [doc] warning list updated. [Alexandre Dulaunoy] + +* [doc] list updated. [Alexandre Dulaunoy] + +* [url-shortners] fix #177. [Alexandre Dulaunoy] + +* [nioc] sorted/jq. [Alexandre Dulaunoy] + +* [tools] fix the link for the documentation generator. [Alexandre Dulaunoy] + +* [config] gitchangelog configuration added. [Alexandre Dulaunoy] + +### Other + +* Merge branch 'RichieB2B-nioc-filehash' into main. [Alexandre Dulaunoy] + +* Merge branch 'nioc-filehash' of https://github.com/RichieB2B/misp-warninglists into RichieB2B-nioc-filehash. [Alexandre Dulaunoy] + +* Add nioc-filehash. [Richard van den Berg] + + +## v2.4.142 (2021-04-26) + +### New + +* GH workflow. [Raphaël Vinot] + +* Added covid generators / lists. [iglocska] + +* Added covid warninglist. [iglocska] + +* Added common warninglists. [iglocska] + +* [list] The Moz Top 500 Domains and Pages (#104) [Steve Clement] + + new: [list] The Moz Top 500 Domains and Pages + +* [list] Added Mozilla Top 500 domains. [Steve Clement] + +* [tool] Generate The Moz top 500 Domain list from https://moz.com/top500. [Steve Clement] + +* [disposal-email] added. [Alexandre Dulaunoy] + +* [disposal-email] a list of disposable and temporary email address domains. [Alexandre Dulaunoy] + + From https://github.com/martenson/disposable-email-domains + + Fix https://github.com/MISP/misp-taxonomies/issues/136 + +* [VPN] lists of common VPN IPv4 and IPv6 addresses added. [Alexandre Dulaunoy] + + Source of the IPv4/IPv6 is https://github.com/ejrv/VPNs + +### Changes + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [lists] updated. [Alexandre Dulaunoy] + +* [stackpath] host IPv6 addresses are without subnet. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [update] run on all. [Alexandre Dulaunoy] + +* [public-resolver] revert to previous one as the source is dropping many known public resolver such as quad9. [Alexandre Dulaunoy] + +* [updates] updated warning-lists. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [updated] warning-lists updated. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [update] automatic update. [Alexandre Dulaunoy] + +* Add PR to GH actions. [Raphaël Vinot] + +* [doc] Travis removed. [Alexandre Dulaunoy] + +* [updates] updated warning lists. [Alexandre Dulaunoy] + +* [warning-list] updated. [Alexandre Dulaunoy] + +* Bump moz-top500. [Raphaël Vinot] + +* [update] misp-warninglists updated. [Alexandre Dulaunoy] + +* [schema] wildmask type added to prepare the merge into MISP. [Alexandre Dulaunoy] + +* [warning-lists] updated to the latest version. [Alexandre Dulaunoy] + +* Changed name to be displayed as warning and description. [chrisr3d] + +* Turned the regexes for audiovisual works into a single one. [chrisr3d] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [update] following changes + regular update. [Alexandre Dulaunoy] + +* [automatic updates] all warning-lists. [Alexandre Dulaunoy] + +* [automatic] updated. [Alexandre Dulaunoy] + +* [automatic] updated. [Alexandre Dulaunoy] + +* [tranco] updated. [Alexandre Dulaunoy] + +* [public-dns] updated. [Alexandre Dulaunoy] + +* [microsoft-azure] updated. [Alexandre Dulaunoy] + +* [tld] updated to the latest version. [Alexandre Dulaunoy] + +* [aws] updated. [Alexandre Dulaunoy] + +* [office 365] updated. [Alexandre Dulaunoy] + +* [office 365] updated. [Alexandre Dulaunoy] + +* [mozilla-intermediate-CA] updated to the latest version. [Alexandre Dulaunoy] + +* Chmod +x for new scripts in tools folder. [Kevin Holvoet] + +* [whats-my-ip] fix 152. [Alexandre Dulaunoy] + +* [jq] all. [Alexandre Dulaunoy] + +* [tranco10k] jq all the things. [Alexandre Dulaunoy] + +* [amazon-aws] updated to the latest version. [Alexandre Dulaunoy] + +* [microsoft-office365] updated to the latest version. [Alexandre Dulaunoy] + +* [covid] added covidmemory.lu. [Andras Iklody] + +* Update validate all. [Raphaël Vinot] + +* Add script to make lists unique, and sort the keys. [Raphaël Vinot] + + Update covid lists. + +* Covid lists bumped. [iglocska] + +* [covid] lists updated. [iglocska] + +* [whats-my-ip] Fix #139. [Alexandre Dulaunoy] + +* [covid] aatishb.com added due to https://aatishb.com/covidtrends/ [Alexandre Dulaunoy] + + (thanks to @doegox) + +* [covid] added Heliox_lab domain. [Alexandre Dulaunoy] + +* [covid] adding luxemburg's covid domains. [Jean-Louis Huynen] + +* [doc] updated readme with covid list. [Christophe Vandeplas] + +* [covid] added Portugal and Belgium. [Christophe Vandeplas] + +* [tranco] updated to the latest version. [Alexandre Dulaunoy] + +* [office365] updated to the latest version. [Alexandre Dulaunoy] + +* [cloudflare] updated to the latest version. [Alexandre Dulaunoy] + +* [aws] updated. [Alexandre Dulaunoy] + +* [cloudflare] updated. [Alexandre Dulaunoy] + +* [office365] IP addresses and domains updated. [Alexandre Dulaunoy] + +* [doc] wikimedia warning-list added. [Alexandre Dulaunoy] + +* [wikimedia] jq all the things. [Jean-Louis Huynen] + +* [university_domains] updated to the latest version. [Alexandre Dulaunoy] + +* [disposable] updated to the latest version. [Alexandre Dulaunoy] + +* [vpn] IP addresses updated. [Alexandre Dulaunoy] + +* [mozilla] CA list updated. [Alexandre Dulaunoy] + +* [empty-hashes] empty ssdeep hashes added. [Alexandre Dulaunoy] + +* [dax30] updated and fixed. [Alexandre Dulaunoy] + +* [alexa] Updated with the script in tools. [Steve Clement] + +* [moz500] Fix actual list. [Steve Clement] + +* [moz500] Added Pages too. Updated list. [Steve Clement] + +* [moz500] Added info how to regenerate, added provisional urls/files to topPages. [Steve Clement] + +* [security-provider-blogpost] version updated. [Alexandre Dulaunoy] + +* [doc] list of warning-lists updated. [Alexandre Dulaunoy] + +* [o365 ip] title of the warning list changed. [Alexandre Dulaunoy] + +* [o365 tools] fix title of the IP address warning list. [Alexandre Dulaunoy] + +* [o365] separate Microsoft Office 365 lists (hostname and IP addresses) [Alexandre Dulaunoy] + +* [o365] jq all the things. [Alexandre Dulaunoy] + +* [tools] alexa script fixed. [Alexandre Dulaunoy] + +* [alexa] updated to the latest version (seems to be back) [Alexandre Dulaunoy] + +* [tools] fix cisco script. [Alexandre Dulaunoy] + +* [cisco/umbrella top list] updated to the latest version. [Alexandre Dulaunoy] + +* [amazon-aws] updated to the latest version available. [Alexandre Dulaunoy] + +* [README] added university domains. [Alexandre Dulaunoy] + +* [doc] akamai network added. [Alexandre Dulaunoy] + +* [akamai] jq everything. [Alexandre Dulaunoy] + +* [doc] CRL list added. [Alexandre Dulaunoy] + +* [public-dns-v6] cloudflare dns added. [Alexandre Dulaunoy] + +* [public-dns-v4] cloudflare recursive dns added. [Alexandre Dulaunoy] + +* [amazon-aws] updated to the recent version. [Alexandre Dulaunoy] + +* [sinkholes] duplicate entry removed. [Alexandre Dulaunoy] + +* [sinkholes] added. [Alexandre Dulaunoy] + +* [doc] new lists added. [Alexandre Dulaunoy] + +* List of warning-lists updated. [Alexandre Dulaunoy] + +* Lists/microsoft-attack-simulator/list.json added. [Alexandre Dulaunoy] + +* Enforce type in schema. [Raphaël Vinot] + +* Remove exec flag on json files. [Raphaël Vinot] + +### Fix + +* Python 3.9 compat, take 2. [Raphaël Vinot] + +* Python 3.9 compat. [Raphaël Vinot] + +* Changed parsing algorithm to string, see #7c1de70. [Andras Iklody] + +* Sort entries. [Raphaël Vinot] + +* [schema] regexp added as supported type. [Alexandre Dulaunoy] + +* [alex] The generator wants to decode things ;) [Steve Clement] + +* [moz500] Fix the confusion about Moz.com and Mozilla.com (#107) [Steve Clement] + + fix: [moz500] Fix the confusion about Moz.com and Mozilla.com + +* [moz500] Fix the confusion about Moz.com and Mozilla.com. [Steve Clement] + +* [tools] Made python scripts executable. (#105) [Steve Clement] + + fix: [tools] Made python scripts executable. + +* [tools] Made python scripts executable. [Steve Clement] + +* Wrong file name in the scripts. [Raphaël Vinot] + +* Flienames of new warning lists. [Raphaël Vinot] + +* Common IOC warning list added. [Alexandre Dulaunoy] + +* Various fixes + add number of elements in each lists. [Alexandre Dulaunoy] + +* Perfect match is string ;-) [Alexandre Dulaunoy] + +* Reverse.it added to the list of dynamic malware analysis tools. [Alexandre Dulaunoy] + +* CIDR block added. [Alexandre Dulaunoy] + +* Public-dns-hostname not following schema. [Raphaël Vinot] + +* Resolver expressed as hostname removed. [Alexandre Dulaunoy] + +* Typo fixed for Travis. [Alexandre Dulaunoy] + +* Jq output to /dev/null - Travis. [Alexandre Dulaunoy] + +* JSON tests. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #178 from Wiscy-Security/main. [Alexandre Dulaunoy] + + Added new warninglist for Stackpath CDN + +* Add stackpath to generate_all.sh script. [Kevin Holvoet] + +* Gave execute permissions to generate_phone_numbers.py. [Kevin Holvoet] + +* Created new Stackpath CDN IP list. [Kevin Holvoet] + +* Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy] + +* Merge pull request #176 from przemekzny/patch-1. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [przemekzny] + + Added domains of PKO Bank Polski S.A. + +* Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy] + +* Merge pull request #173 from DocArmoryTech/patch-1. [Alexandre Dulaunoy] + + Added Neo23x0/ti-falsepositive warninglist + +* Corrected version number to one. [Cormac Doherty] + +* Jq all the things. [Cormac Doherty] + +* Added Neo23x0/ti-falsepositive warninglist. [DocArmoryTech] + + Neo23x0:Neo23x0/ti-falsepositive is a "hash generator for typical false positive hashes". + + This warninglist was generated using a modified version of the generator (see: DocArmoryTech:DocArmoryTech-mispwl) + + `python3 ./fp-hashes.py > list.json` + +* Merge pull request #172 from pettai/Fastly. [Alexandre Dulaunoy] + + Add Fastly IPs + +* Add Fastly IPs. [pettai] + + Add all Fastlys IP addresses + +* Merge pull request #170 from chrisr3d/main. [Alexandre Dulaunoy] + + Added a few more entries to the phone numbers warninglist + +* Add: A few more phone numbers regexes. [chrisr3d] + +* Add: Added regexes for the american fictitious numbers in the list. [chrisr3d] + +* Merge pull request #168 from chrisr3d/main. [Alexandre Dulaunoy] + + New warning list for unattributed phone numbers + +* Add: Added phone numbers warninglist to the list. [chrisr3d] + +* Add: New Warninglist for phone numbers that should never be attributed. [chrisr3d] + + - First examples filling the list of regexes: the + phone numbers used for audiovisual works, or + the communications companies internal numbers. + Those phone numbers are reserved and should + never be given to any user + - We'll add as well the numbers reserved for the + american audiovisual works soon + +* Merge pull request #166 from pettai/GCP. [Alexandre Dulaunoy] + + Add GCP IPs + +* +jq_all_the_things.sh. [pettai] + + missed to run jq_all_the_things.sh + +* Add GCP IPs. [pettai] + + Add GCP (Google Cloud Platform) IP addresses + +* Merge pull request #165 from HugeekMcGill/main. [Alexandre Dulaunoy] + + Adding replacement for wildcard and dash inputs + +* Adding replacement for wildcard and dash inputs. [hugeek] + +* Merge pull request #164 from cyber288/main. [Alexandre Dulaunoy] + + Change hostname type to string type for multiple lists + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Update version number. [cyber288] + +* Update version number. [cyber288] + +* Update version number. [cyber288] + +* Fix date. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Changed matching algorithm to string. [cyber288] + +* Merge pull request #163 from rhaist/patch-1. [Alexandre Dulaunoy] + + Create requirements.txt + +* Create requirements.txt. [Robert Haist] + + Those are the additional Python3 requirements I needed to generate all the lists. + +* Changed matching algorithm to string. [Andras Iklody] + + Example for a dangerous entry: dropbox.com with the hostname algorithm and url as a valid attribute type means that https://dropbox.com/malicious/files.exe would get excluded from the automation systems when using the warninglist. + + I've changed the algorithm to full string matches. + +* Merge pull request #162 from Wiscy-Security/main. [Alexandre Dulaunoy] + + Refactor last scripts, central logging, central directory for downloads, automation script + +* Merge upstream, update lists, fix conflicts. [Kevin Holvoet] + + Merge remote-tracking branch 'upstream/main' into main + +* Merge pull request #161 from bartblaze/patch-1. [Alexandre Dulaunoy] + + Add new domains + +* Add new domains. [Bart] + +* Merge pull request #157 from sustefil/fix-issue-156. [Alexandre Dulaunoy] + + Fix generator.py:download_to_file + +* Fix generator.py:download_to_file. [Filip Suster] + + When some script which is using generator.py module (e.g. generate-publicdns.py) is run for the + first time, the file is missing and unhandled exception is thrown + +* Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet] + +* Merge pull request #154 from Wiscy-Security/main. [Alexandre Dulaunoy] + + Refactoring of code + updates of warninglists + +* Refactor last scripts, logging, central directory for downloads. [Kevin Holvoet] + + * Refactored generate_moz-top50.py + * Download all file to new /tmp file to centralize all downloads + * Add central logging to generators.log file + * Create Bash script that generates all warninglists + * Add /tmp folder and extra files to .gitignore + * Start adding exception handling in download_to_file and write_to_file + +* Refactor more generators. [Kevin Holvoet] + +* Remove extra .txt extension from downloaded filed. [Kevin Holvoet] + +* Add check if downloaded file has changed on server before downloading. [Kevin Holvoet] + +* Refactor code to make it simpler/more uniform. [Kevin Holvoet] + +* Chg generator-publicdns: work with new CSV format 1. The CSV format has changed with the update on 2020-07-14. 2. The script also generates IPv4, IPv6, and the hostname lists at once. 3. Downloaded file added to .gitignore. [Kevin Holvoet] + +* Solved LGTM alerts. [Kevin Holvoet] + +* Added multiple lists from Cisco Umbrella list. Solves issue #24 and #13. [Kevin Holvoet] + +* Merge remote-tracking branch 'upstream/main' into main. [Kevin Holvoet] + +* Merge pull request #153 from Wiscy-Security/main. [Alexandre Dulaunoy] + + Change tool/scripts permission + update tranco lists + +* Updated lists after updating scripts. [Kevin Holvoet] + +* Add .gitignore for downloaded files, refactor code for generators: use central module, remove useless code, fix minor issues. [Kevin Holvoet] + +* Fix Microsoft Azure generator: format changed from XML to JSON + download link changed. [Kevin Holvoet] + +* Merge tranco scripts,:generate_tranco.py generates both full and 10k list. [Kevin Holvoet] + +* Automatically copy output to list.json file in correct folder. [Kevin Holvoet] + +* Refactored mozilla certificate generator: solve relative path issue, remove unused code, refactor structure of code. [Kevin Holvoet] + +* Renamed cisco top1m to top1k to reflect reality. [Kevin Holvoet] + +* Update Tranco & Tranco10k list. [Kevin Holvoet] + +* Merge branch 'main' of github.com:MISP/misp-warninglists into main. [Alexandre Dulaunoy] + +* Merge pull request #151 from JakubOnderka/tlds-update. [Alexandre Dulaunoy] + + Update TLDs list + +* Update TLDs list. [Jakub Onderka] + +* Merge pull request #150 from houey/patch-3. [Alexandre Dulaunoy] + + adding forms.gle which is for google forms. + +* Adding forms.gle which is for google forms. [Houston] + + adding forms.gle to the list. This is a short link for Google Forms managed by Google Firebase + +* Merge pull request #149 from houey/patch-2. [Alexandre Dulaunoy] + + added gvt1.com to Google domains warning list. + +* Added gvt1.com to Google domains warning list. [Houston] + +* Merge pull request #148 from GlennHD/master. [Alexandre Dulaunoy] + + Fixed typo in list.json of Tranco10k + +* Fixed typo. [GlennHD] + + Fixed typo in list.json + +* Merge branch 'GlennHD-master' [Alexandre Dulaunoy] + +* Update README.md. [GlennHD] + +* Added Tranco10k list. [GlennHD] + +* Create tranco10k list.json. [GlennHD] + +* Added tranco10k. [GlennHD] + +* Merge pull request #146 from GlennHD/patch-3. [Alexandre Dulaunoy] + + Added Majestic Million to Readme + +* Added Majestic Million to Readme. [GlennHD] + + Added Majestic Million to Readme + +* Merge pull request #145 from JakubOnderka/validate-values. [Andras Iklody] + + Validate values in CI + +* Validate values in CI. [Jakub Onderka] + +* Merge pull request #143 from bartblaze/patch-9. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Make hostname only, same for another one already in the list. + +* Update list.json. [Bart] + +* Jq the covid lists. [iglocska] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [iglocska] + +* Merge pull request #140 from kirzaks/master. [Alexandre Dulaunoy] + + Arcgis whitelistening + +* Version change. [Armins Palms] + +* Arcgis whitelist. [Armins Palms] + +* Merge pull request #138 from bartblaze/patch-8. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Add CAPEv2 + +* Merge pull request #137 from gallypette/patch-1. [Alexandre Dulaunoy] + + chg: [covid] adding luxemburg's covid domains. + +* Merge pull request #136 from rommelfs/patch-2. [Alexandre Dulaunoy] + + duplicate removed + +* Duplicate removed. [Sascha Rommelfangen] + +* Merge pull request #135 from rommelfs/patch-1. [Christophe Vandeplas] + + added info-coronavirus.be + +* Added info-coronavirus.be. [Sascha Rommelfangen] + +* Update to the covid list. [Andras Iklody] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #133 from GlennHD/patch-2. [Alexandre Dulaunoy] + + Create list.json + +* Create list.json. [GlennHD] + +* Merge pull request #132 from GlennHD/patch-1. [Alexandre Dulaunoy] + + Create generate_majestic-million.py + +* Create generate_majestic-million.py. [GlennHD] + + Pulls top 10K of the most referred to hosts from Majestic Million. + +* Merge pull request #131 from bartblaze/patch-7. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Adds localizaip domains. + +* Merge pull request #130 from houey/patch-1. [Alexandre Dulaunoy] + + Added domain cutt.ly + +* Added domain cutt.ly. [Houston] + +* Merge pull request #129 from StefanKelm/master. [Andras Iklody] + + Update list.json + +* Update list.json. [StefanKelm] + + merky.de + +* Merge pull request #128 from davidljohnson/patch-1. [Alexandre Dulaunoy] + + Added windowsupdate.com domain + +* Added windowsupdate.com domain. [David J] + + I received false positives and detections for this domain. Thought it should added. + +* Merge pull request #127 from bartblaze/patch-6. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Adds ipv6-test + +* Merge pull request #126 from elhoim/master. [Andras Iklody] + + Added domains using Azuredns-prd.info as Nameserver + +* Added domains using Azuredns-prd.info as Nameserver. [David André] + + azuredns-prd.info is verified as being Microsoft owned and operated for some Azure related domains + +* Merge pull request #125 from certbe-trey/master. [Alexandre Dulaunoy] + + Add Tranco warning list (and generator) + +* Add Tranco warning list to README. [Trey Darley] + +* Add Tranco warning list (https://tranco-list.eu/) [Trey Darley] + +* Add script to generate warning list from Tranco (https://tranco-list.eu/) [Trey Darley] + +* Merge pull request #124 from bartblaze/patch-5. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Bump version number, add/edit domains. + +* Merge pull request #123 from bartblaze/patch-4. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Add Extreme IP. + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #122 from wesinator/patch-1. [Alexandre Dulaunoy] + + add sinkhole IP + +* Add sinkhole IP. [Ԝеѕ] + + https://dns.google.com/query?name=sinkhole.dynu.net + https://dns.google.com/query?name=a.sinkhole.yourtrap.com&type=A&dnssec=true + +* Merge pull request #121 from bartblaze/patch-3. [Alexandre Dulaunoy] + + Add domain + +* Add domain. [Bart] + +* Merge pull request #120 from bartblaze/patch-2. [Alexandre Dulaunoy] + + Add sndbox + +* Add sndbox. [Bart] + +* Merge pull request #119 from wesinator/patch-1. [Alexandre Dulaunoy] + + Add additional Sinkhole IPs + +* Add additional Sinkhole IPs. [Ԝеѕ] + + https://github.com/brakmic/Sinkholes/pull/10/files + https://github.com/brakmic/Sinkholes/pull/12/files + https://github.com/grettir/malware-sinkholes/pull/2/files + +* Merge pull request #118 from mkb2091/master. [Alexandre Dulaunoy] + + Fixed typo in akamai list description + +* Fixed typo in akamai list description. [Alex Williams] + +* Merge pull request #117 from bartblaze/patch-1. [Alexandre Dulaunoy] + + Update list.json + +* Update list.json. [Bart] + + Add some systems. + +* Merge pull request #115 from gallypette/master. [Alexandre Dulaunoy] + + Wikimedia + +* Add: [wikimedia] adds a warning list for wikimedia infrastructure. [Jean-Louis Huynen] + +* Merge pull request #113 from droe/master. [Alexandre Dulaunoy] + + Fix minor field syntax error in google-gmail-sending-ips + +* Remove erroneous space character and bump version. [Daniel Roethlisberger] + +* Merge pull request #112 from elhoim/master. [Andras Iklody] + + Three new warning lists + +* Modified README to includ three new added warning lists. [elhoim] + +* Added list for Googlebot crawler IP ranges. [elhoim] + +* Added list with Google gmail sending IPs. [elhoim] + +* Added list and tool to generate list for cloudflare IP ranges. [elhoim] + +* Merge pull request #111 from github-pba/more-german-banks. [Alexandre Dulaunoy] + + URL change ING, new bank Mainzer Volksbank + +* Name change ING, new bank Mainzer Volksbank. [github-pba] + +* Update list.json. [cgi1] + + Adding BMW + +* Dax30 inital version. [cgi1] + +* Merge pull request #106 from SteveClement/tools. [Alexandre Dulaunoy] + + fix: [alexa] The generator wants to decode things ;) + +* Merge pull request #103 from obert01/remove-pastebin. [Alexandre Dulaunoy] + + Removed pastebin.com, as it is not a security provider. + +* Removed pastebin.com, as it is not a security provider. [Olivier BERT] + + It is often used by malware to download configuration or payloads. + +* Merge pull request #101 from crondaemon/crondaemon. [Alexandre Dulaunoy] + + Remove wrong line from vpn-ipv4. + +* Remove wrong line from vpn-ipv4. [Dario Lombardo] + +* Merge pull request #100 from zMathieu/patch-1. [Alexandre Dulaunoy] + + Transform URL to domains for few entries + +* Transform URL to domains for few entries. [zMathieu] + + Remove / or http for some domains. + +* Add: [doc] mozilla CA and intermediate CA added. [Alexandre Dulaunoy] + +* Merge pull request #99 from CERN-CERT/certificates. [Alexandre Dulaunoy] + + Add warning lists based on Mozilla's trusted CA and Intermediates + +* CAs: Fix final new line in json. [Vincent Brillault] + +* CAs: Fix json indentation (2 spaces, not 4) [Vincent Brillault] + +* Mozilla CA/intermediate: also match x509-fingerprint-* [Vincent Brillault] + +* Add warning lists based on Mozilla's trusted CA and Intermediates. [Vincent Brillault] + +* Add: Test for list.json filename. [Raphaël Vinot] + +* Merge pull request #98 from liviuvalsan/domain_ips. [Alexandre Dulaunoy] + + Make sure that matching attributes are consistent for lists that include domains + +* Make sure that matching attributes are consistent for lists that include domains. [Liviu Valsan] + +* Merge pull request #97 from kx499/master. [Alexandre Dulaunoy] + + A couple of office 365 list fixes + +* Updated office 365 file names, changed string to substring, and changed lists.json to list.json. [Faber] + +* Merge branch 'kx499-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/kx499/misp-warninglists into kx499-master. [Alexandre Dulaunoy] + +* Updated MS O365 script to handle json and updated list.json. [Faber] + +* Merge branch 'kx499-master' [Alexandre Dulaunoy] + +* Adding akamai warning list. [Faber] + +* Merge pull request #93 from ater49/master. [Alexandre Dulaunoy] + + Adding university domains warninglist + +* Correcting updater. [ater49] + +* Correcting updater. [ater49] + +* Correction of duplicate. [ater49] + +* Adding updater for crl warninglist. [ater49] + +* Adding update tool for university domains list. [ater49] + +* Adding university domains warninglist from issue #38. [ater49] + +* Merge pull request #91 from ater49/master. [Alexandre Dulaunoy] + + Adding CRL Whistelist (Issue #83) + +* Modifying type from string to substring. [ater49] + +* Modifying version number to int. [ater49] + +* Correction for non-unique values in json. [ater49] + +* Adding CRL Whistelist (Issue #83) [ater49] + +* Merge pull request #90 from ater49/master. [Alexandre Dulaunoy] + + Adding cape.contextis.com in sandbox warninglist + +* JQing all the things. [ater49] + +* Adding "cape.contextis.com" to sandbox warninglists. [ater49] + +* Merge pull request #89 from robertnixon2003/master. [Andras Iklody] + + Updated Cisco warninglist + +* Added type. [Robert Nixon] + +* Fixed with jq all the things. [Robert Nixon] + +* Add files via upload. [Robert Nixon] + +* Update list.json. [Robert Nixon] + +* Create list.json. [Robert Nixon] + +* Delete list.json. [Robert Nixon] + +* Merge pull request #87 from wotschel/master. [Alexandre Dulaunoy] + + added the shortener of the german state rlp + +* Added the shortener of the german state rlp. [Bjoern Mainz] + + added the shortener of the german state rhineland-palatinate (rlp) + +* Merge pull request #86 from StefanKelm/master. [Alexandre Dulaunoy] + + more german bank sites + +* More german bank sites. [StefanKelm] + +* Merge pull request #85 from mlodic/master. [Alexandre Dulaunoy] + + fixed value in ovh-cluster and added new url shortener + +* Fixed value in ovh-cluster and added new url shortener. [Matteo Lodi] + +* Merge pull request #84 from liviuvalsan/update-security-provider-blogpost. [Alexandre Dulaunoy] + + Removing imgur.com from the list of known security providers/vendors blog domains + +* Removing imgur.com from the list of known security providers/vendors blog domains. [Liviu Valsan] + +* Merge pull request #82 from robertnixon2003/master. [Alexandre Dulaunoy] + + Updated Cisco Top 1000 List + +* Updated list "version": 20181012. [Robert Nixon] + +* Deleting list to add updated list. [Robert Nixon] + +* Add: [doc] added the new sinkholes list. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #80 from ater49/master. [Alexandre Dulaunoy] + + New warninglist for bank websites. + +* New warninglist for bank websites. The list is based on university proxylist (ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/bank.tar.gz). [ater49] + +* Merge pull request #79 from StefanKelm/master. [Alexandre Dulaunoy] + + New list: Windows 10 connection endpoints + +* Win10 connection endpoints. [Stefan Kelm] + +* New list: win10 connection endpoints. [Stefan Kelm] + +* Merge pull request #78 from robertnixon2003/master. [Alexandre Dulaunoy] + + Fixed cisco gen script + +* Pulled list again after fixing generation script. [Robert Nixon] + +* Fixed TLD truncation issue. [Robert Nixon] + + Fixed TLD truncation issue + +* Merge pull request #76 from robertnixon2003/master. [Alexandre Dulaunoy] + + replace Alexa with Cisco Umbrella + +* Added Alexa list back. [Robert Nixon] + +* Added generate_alexa.py back and added type param. [Robert Nixon] + +* Updated list. [Robert Nixon] + +* Not sure why Travis is failing. [Robert Nixon] + +* Added type for Travis. [Robert Nixon] + +* Removing gen Alexa. [Robert Nixon] + +* New script to generate Cisco Umbrella Top 1000. [Robert Nixon] + +* Created new list. [Robert Nixon] + +* Removed Alexa List. [Robert Nixon] + +* Add: [microsoft-attack-simulator] warning list about phishing campaign for "security awareness" [Alexandre Dulaunoy] + +* Add: common IOC false-positives as mentioned by Florian Roth. [Alexandre Dulaunoy] + +* Merge pull request #73 from raw-data/master. [Alexandre Dulaunoy] + + [add] new domain for whats-my-ip section + +* [add] new domain for whats-my-ip section. [raw-data] + +* Merge pull request #71 from xbmc-goph/patch-2. [Alexandre Dulaunoy] + + Update version file + +* Update version file. [xbmc-goph] + +* Merge pull request #70 from xbmc-goph/patch-1. [Alexandre Dulaunoy] + + Updated with italian "what's my ip" services + +* Added the required separtor #2. [xbmc-goph] + +* Added the required separator. [xbmc-goph] + +* Updated with italian "what's my ip" services. [xbmc-goph] + +* Merge pull request #69 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] new domains for whats-my-ip section and url-shortener section + +* [ADD] 1 new domain for url-shortener section. [raw-data] + +* [ADD] 3 new domains for whats-my-ip section. [raw-data] + +* Merge pull request #68 from raw-data/master. [Alexandre Dulaunoy] + + [ADD] 3 new domains for whats-my-ip section + +* [ADD] 1 new domain for url-shortener section. [raw-data] + +* [ADD] 3 new domains for whats-my-ip section. [raw-data] + +* [ADD] 3 new domains for whats-my-ip section. [raw-data] + +* Merge pull request #67 from droe/master. [Alexandre Dulaunoy] + + Add reference to PyMISPWarningLists + +* Add reference to PyMISPWarningLists. [Daniel Roethlisberger] + +* Add: BIT gTLD was missing. [Alexandre Dulaunoy] + +* Merge pull request #65 from StefanKelm/master. [Alexandre Dulaunoy] + + add RFC 6761 list + +* Update list.json. [StefanKelm] + +* Update README.md. [StefanKelm] + +* Update list.json. [StefanKelm] + +* Update list.json. [StefanKelm] + +* Create list.json. [StefanKelm] + +* Merge branch 'gizolka-master' [Alexandre Dulaunoy] + +* Merge branch 'master' of https://github.com/gizolka/misp-warninglists into gizolka-master. [Alexandre Dulaunoy] + +* Created a converter of MISP warning lists to asciidoctor format. [Joanna] + +* Fix #64. [Alexandre Dulaunoy] + +* Indeed LoL is not a security provider ;-) Fix #62. [Alexandre Dulaunoy] + +* Add: OVH cluster. [Alexandre Dulaunoy] + +* Merge pull request #61 from ater49/dev. [Alexandre Dulaunoy] + + Adding Ovh-cluster WarningList + +* Modification of errors in json. [ater49] + +* Modify errors. [ater49] + +* Revert "New WarningList for OVH Cluster" [ater49] + + Thir reverts commit 2bf5201110859bbc2b108178ee673b858bb4e3d5. + +* New WarningList for OVH Cluster. [ater49] + +* OVH Cluster IP add to misp-warninglists. [ater49] + +* Merge pull request #57 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Bugfix and update + +* Updated with IPv6 addresses. [eCrimeLabs] + +* Bugfix (l.append) [eCrimeLabs] + +* Add: amazon-aws warning lists. [Alexandre Dulaunoy] + +* Merge pull request #55 from eCrimeLabs/master. [Alexandre Dulaunoy] + + Amazon AWS IP range for Warninglists + +* Bugfix type. [eCrimeLabs] + +* Fixed typo. [eCrimeLabs] + +* "type": "cidr", [eCrimeLabs] + +* Added "type": "cidr", [eCrimeLabs] + +* Update generate-amazon-aws.py. [eCrimeLabs] + +* Added Warninglists for Amazon AWS. [root] + +* Merge pull request #1 from eCrimeLabs/eCrimeLabs-dev. [eCrimeLabs] + + Generate json file of Amazon AWS IP's + +* Generate json file of Amazon AWS IP's. [eCrimeLabs] + +* Merge pull request #56 from sebdraven/master. [Alexandre Dulaunoy] + + add app.any.run in warninglists + +* Add app.any.run in warninglists. [Sébastien Larinier] + +* Merge pull request #53 from Delta-Sierra/master. [Alexandre Dulaunoy] + + add security provider blogpost warninglist + +* Elements must be unique. [Deborah Servili] + +* Add security provider blogpost warninglist. [Deborah Servili] + +* Merge pull request #52 from cgi1/patch-1. [Alexandre Dulaunoy] + + Resolving outdated list from #51 + +* Resolving outdated list from #51. [cgi1] + + @adulau + +* Merge pull request #48 from elhoim/patch-2. [Andras Iklody] + + Added some security vendors sites + +* Added some security vendors sites. [David André] + +* Add: regex type added as now available in MISP https://github.com/MISP/MISP/commit/98e07175a898434a0cdc82f3dff0e957bd28ea29. [Alexandre Dulaunoy] + +* Merge pull request #47 from elhoim/patch-1. [Andras Iklody] + + Changed matching algorithm to domain to avoid false positive matches + +* Changed matching algorithm to domain to avoid false positive matches. [David André] + + Changed matching algorithm to domain to avoid false positive matches + version bump + +* Version bump. [iglocska] + +* Wrong algorithm. [iglocska] + +* Changed matching algorithm to domain to avoid false positive matches. [iglocska] + +* Merge pull request #46 from c-goes/patch-1. [Alexandre Dulaunoy] + + Fix link to ipv6-linklocal list + +* Fix link to ipv6-linklocal list. [c-goes] + +* Add: automated-malware-analysis known domain list. [Alexandre Dulaunoy] + + Fix #45 + +* Add: Microsoft Azure Datacenter IP Ranges added including tool to generate the JSON. [Alexandre Dulaunoy] + + Fix #43 + +* Fix (temp): office 365 warning list only matching as substring (new list for CIDR block matching required) [Alexandre Dulaunoy] + +* Add: list of Microsoft office365/azure in China + extraction tool added. [Alexandre Dulaunoy] + + fix #42 + +* Office 365 warning-list updated to the latest version. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Changed type and parser for hostname based public resolver list. [iglocska] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #44 from cvandeplas/master. [Alexandre Dulaunoy] + + quad9 project + +* Quad9 project. [Christophe Vandeplas] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Raphaël Vinot] + +* Merge pull request #39 from ater49/patch-1. [Alexandre Dulaunoy] + + checkip.amazonaws.com added into warninglist + +* Update list.json. [ater49] + + Comma added to the line + +* Update list.json. [ater49] + + Just to add checkip.amazonaws.com into WarningList + +* List of known public DNS resolvers expressed as hostname added. [Alexandre Dulaunoy] + + The list has been separated from ipv4 list to be sure matching works in + MISP + +* Changed warninglist from sting matches to hostname type. [Andras Iklody] + +* Merge pull request #35 from rmarsollier/ggl. [Alexandre Dulaunoy] + + adding some google owned domains v2 + +* Solving last problem with google domain list. [rmarsollier] + +* Adding wikipedia scrapper for google domains. [rmarsollier] + +* Importing google domains from wikipedia. [rmarsollier] + +* Merge pull request #31 from rmarsollier/patch-2. [Alexandre Dulaunoy] + + Fixing #23 + +* Fix typo. [RbN] + +* Adding domains of #23. [RbN] + +* Merge pull request #30 from rmarsollier/patch-1. [Alexandre Dulaunoy] + + Adding sha224 to empty_hashs + +* Adding sha224. [RbN] + + d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f is a sha224, let's use it. + +* Fixed #25 adding more URL shorteners. [Alexandre Dulaunoy] + +* Run JQ on empty-hashes. [Raphaël Vinot] + +* Matching_attributes isn't required. [Raphaël Vinot] + +* Merge pull request #22 from devnull-/eicar.com. [Andras Iklody] + + No attribute filtering -- eicar.com + +* Add matching_attributes. [devnull-] + +* Merge pull request #21 from devnull-/empty-hashes. [Andras Iklody] + + No attribute filtering -- empty-hashes + +* Formating. [devnull-] + +* Add matching_attributes. [devnull-] + +* Merge pull request #1 from MISP/master. [devnull-] + + Pull update + +* Do not allow additional properties in the schema. [Raphaël Vinot] + +* Update travis. [Raphaël Vinot] + +* Fix JQ all the things. [Raphaël Vinot] + +* Revert "JQ all the things" [Raphaël Vinot] + + This reverts commit d422560a4e773d1fd58193a2fa3633e1d9265217. + +* Install dep. [Raphaël Vinot] + +* Fix travis. [Raphaël Vinot] + +* JQ all the things. [Raphaël Vinot] + +* Update lists, add schema. [Raphaël Vinot] + +* EICAR added in the README. [Alexandre Dulaunoy] + +* Merge pull request #20 from michael-hamm/eicar.com. [Alexandre Dulaunoy] + + Hashes for EICAR, EICAR zip and EICAR 2x zip. + +* Hashes for EICAR, EICAR zip and EICAR 2x zip. [Michael Hamm] + +* RFC 6598 added in the README. [Alexandre Dulaunoy] + +* Merge pull request #19 from michael-hamm/rfc6598. [Alexandre Dulaunoy] + + RFC 6598 - Carrier- Grade NAT (CGN) devices + +* RFC 6598 - Carrier- Grade NAT (CGN) devices. [Michael Hamm] + +* Merge pull request #18 from nbareil/master. [Alexandre Dulaunoy] + + No attribute filtering + +* Adds matching_attribute. [Nicolas Bareil] + +* Typo in the name. [Nicolas Bareil] + +* Type of warning-list added. [Alexandre Dulaunoy] + +* Bumped the date to force an update. [Iglocska] + +* Merge branch 'master' of https://github.com/MISP/misp-warninglists. [Iglocska] + +* Date updated. [Alexandre Dulaunoy] + +* Switched alexa to the "hostname" list. [Iglocska] + +* Added url type to the alexa list. [Iglocska] + +* Type was not declared as substring. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #16 from devnull-/URL-shortener-services. [Alexandre Dulaunoy] + + Warning list URL shorteners services + +* Merge branch 'master' into URL-shortener-services. [devnull-] + +* Merge pull request #15 from devnull-/whats-my-ip. [Alexandre Dulaunoy] + + Warning list "What's my IP" domains + +* Add types URI & URL. [devnull-] + +* Add ip-score.com. [devnull-] + +* Warning list "What's my IP" service. [devnull-] + +* Warning list URL shorteners services. [devnull-] + +* Substring added (to support the new substring matching) [Alexandre Dulaunoy] + +* Merge pull request #12 from CZ-NIC/master. [Alexandre Dulaunoy] + + Checks for open resolvers in the list of IPs. + +* Checks for open resolvers in the list of IPs. [Edvard Rejthar] + + Is able to fetch the MISP warning list a say if there are some resolvers. + +* Add version and name to the office365 warning list. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #10 from Maijin/master. [Raphaël Vinot] + + Add Comodo public DNS + +* Add Comodo public DNS. [Maijin] + +* Office 365 URLs and IP address ranges added. [Alexandre Dulaunoy] + +* Known microsoft domains added. [Alexandre Dulaunoy] + +* Warning list of known microsoft domains added. [Alexandre Dulaunoy] + +* Merge branch 'master' of github.com:MISP/misp-warninglists. [Alexandre Dulaunoy] + +* Merge pull request #8 from claudex/fix-travis. [Alexandre Dulaunoy] + + Fix travis build + +* View error output from jq. [Xavier Claude] + +* Fix travis build using jq from packages. [Xavier Claude] + +* License clarified. [Alexandre Dulaunoy] + +* Merge pull request #6 from claudex/dns. [Alexandre Dulaunoy] + + Use DNS list from http://public-dns.info/ + +* Add public dns v4 and v6 resolvers IP from the tool. [Xavier Claude] + +* Add a tool to generate public dns resolver list. [Xavier Claude] + + The tool generate two lists, one for IPv4 (list4.json) and one for IPv6 + (list6.json) to allow the user to only enable one of the two. + + The list is downloaded from http://public-dns.info/ and a sample of the + list was tested with: + + for dns in $( awk -F "," '{ print $1 }' < nameservers.csv ) ; do dig +noedns @$dns google.com | grep NOERROR 1>/dev/null || echo $dns ; done + + ~95% of the tested servers responded. So the list is not all crap. + +* Merge pull request #7 from claudex/rfc4291. [Alexandre Dulaunoy] + + Add IPv6 link local prefix + +* Add IPv6 link local prefix. [Xavier Claude] + +* Merge pull request #5 from claudex/alexa. [Alexandre Dulaunoy] + + Alexa + +* Actualy put alexa 1000 top domains in the output list. [Xavier Claude] + +* Write the alexa top1M zip file after download. [Xavier Claude] + +* Fix alexa top1M url. [Xavier Claude] + +* Merge pull request #4 from claudex/rfc3849. [Alexandre Dulaunoy] + + Add RFC 3849 - IPv6 prefix for documentation + +* Add RFC 3849 - IPv6 prefix for documentation. [Xavier Claude] + +* Merge branch 'list_updates' [Iglocska] + +* Updated warninglists with domains or IP addresses to also include domain|ip type attributes. [Iglocska] + + - fixes issue as reported by @Delta-Sierra + +* Build status icon added. [Alexandre Dulaunoy] + +* Travis test scripts added. [Alexandre Dulaunoy] + +* RFC 5735 added. [Alexandre Dulaunoy] + +* Alexa top 1000 list added. [Alexandre Dulaunoy] + +* Alexa top 1000 MISP warning list added including generation tool. [Alexandre Dulaunoy] + +* Multicast CIDR blocks added. [Alexandre Dulaunoy] + +* Rfc5771 added. [Alexandre Dulaunoy] + +* More public DNS servers added. [Alexandre Dulaunoy] + +* Google added. [Alexandre Dulaunoy] + +* List of known google domains and hostnames. [Alexandre Dulaunoy] + +* Merge pull request #3 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy] + + Expand second level tlds from Wikipedia + +* Expand second level tlds from Wikipedia. [William Robinet] + +* Second-level of TLD lists. [Alexandre Dulaunoy] + +* Merge pull request #2 from wllm-rbnt/second-level-tlds. [Alexandre Dulaunoy] + + Add second level tlds from Mozilla Foundation + +* Add second level tlds from Mozilla Foundation. [William Robinet] + +* Merge pull request #1 from wllm-rbnt/openresolver. [Alexandre Dulaunoy] + + Add level3 open resolver + +* Add level3 open resolver. [William Robinet] + +* Basic README added. [Alexandre Dulaunoy] + +* Version added. [Alexandre Dulaunoy] + +* RFC 1918 networks. [Alexandre Dulaunoy] + +* Hashes of empty files. [Alexandre Dulaunoy] + +* Public-dns warning list. [Alexandre Dulaunoy] + +* Initial list with TLDs. [Alexandre Dulaunoy] + +