chg: [doc] changelog updated

pull/72/head
Alexandre Dulaunoy 2022-11-09 15:15:11 +01:00
parent e2c9654a38
commit d373679554
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
10 changed files with 53280 additions and 39582 deletions

View File

@ -2,6 +2,543 @@ Changelog
=========
v2.4.165 (2022-11-09)
---------------------
New
~~~
- [CLI] added pretty and json output modes to list and view feeds.
[iglocska]
- [feed management] added to CLI. [iglocska]
- still needs to add docs
- [acl] Checks for publishing or modifying galaxy clusters. [Jakub
Onderka]
- [acl] Use canModifyEvent for attributes index. [Jakub Onderka]
- [acl] canEditEventReport. [Jakub Onderka]
- [acl] Check sighting deletion in ACLComponent. [Jakub Onderka]
- [acl] User AlcHelper more often. [Jakub Onderka]
- [UI] Show servers where event will be pushed. [Jakub Onderka]
- [oidc] Change organisation name when UUID is provided. [Jakub Onderka]
- [oidc] Allow to create new org with defined UUID. [Jakub Onderka]
- [test] Sighting rest search test. [Jakub Onderka]
- [test] Check sighting rest search ACL vol. 2. [Jakub Onderka]
- [test] Check sighting rest search ACL. [Jakub Onderka]
- [redis] Store some data in Redis compressed to save memory. [Jakub
Onderka]
- [feed] Store freetext feed compressed in cache. [Jakub Onderka]
- [test] test_org_hide_index. [Jakub Onderka]
- [acl] Move disabling correlation checking to Acl component. [Jakub
Onderka]
- [acl] CanModifyTag method in AclHelper. [Jakub Onderka]
- [acl] Move checks from controller to ACL component. [Jakub Onderka]
- [acl] View helper. [Jakub Onderka]
- [workflowModule:attribute_ids_flag_operation] Module to toggle/remove
the to_ids flag. [Sami Mokaddem]
- [workflowModule:attribute_edition] Added generic module to support
attribute edition. [Sami Mokaddem]
Can be extended by other modules
- [workflowModule:attach_enrichment] That attaches enrichment entries to
the enriched attributes. [Sami Mokaddem]
- [correlation] Do not correlate over correlating value again for full
correlation. [Jakub Onderka]
Should help with #8685
- [internal] Add support for simdjson extension. [Jakub Onderka]
- [freetext] Try to parse input as JSON. [Jakub Onderka]
- [freetext] Fetch security vendor domains from warninglist. [Jakub
Onderka]
- [freetext] Remove to_ids from ComplexTypeTool. [Jakub Onderka]
- [tools:misp-zmq] Added subscriber blueprint. [Sami Mokaddem]
- [workflow:execute_module] Allow to ignore format conversion before
executing module. [Sami Mokaddem]
- [triggers:event_after_save_new] Added 2 new triggers for new events
and new events from pull. [Sami Mokaddem]
- [redis] Add support for dragonfly redis replacement. [Jakub Onderka]
- [UI] Show warning if user don't have permission to use API. [Jakub
Onderka]
- [UI] Allow to disable PGP key fetching. [Jakub Onderka]
Changes
~~~~~~~
- [VERSION] bump. [iglocska]
- [PyMISP] Bump. [Raphaël Vinot]
- [warning-list] updated. [Alexandre Dulaunoy]
- [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] many updates including new MITRE ATT&CK changes.
[Alexandre Dulaunoy]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [misp-workflow-blueprints] updated to the latest version. [Alexandre
Dulaunoy]
- [misp-galaxy] updated. [Alexandre Dulaunoy]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [helper:acl] Removed unused function. [Sami Mokaddem]
- [CLI] new functions documented on the automation page. [iglocska]
- [internal] Update warninglist cache just when it is necessary. [Jakub
Onderka]
- [PyMISP] Bump. [Raphaël Vinot]
- [oidc] Create new org by SYSTEM user. [Jakub Onderka]
- [sync] Remove empty events from pull. [Jakub Onderka]
- [internal] Faster fetching event index. [Jakub Onderka]
- [API] Throw exception if invalid ID provided. [Jakub Onderka]
- [internal] Use subquery to sighting fetching. [Jakub Onderka]
- [sync] Use new sighting pull for new MISP instances. [Jakub Onderka]
- [sighting] Include organisation in rest response. [Jakub Onderka]
- [sightings] Optimised fetching. [Jakub Onderka]
- [api] Allow to include uuids to sighting. [Jakub Onderka]
- [sync] New way how to pull sightings. [Jakub Onderka]
- [internal] Optimise sighting rest search. [Jakub Onderka]
- [internal] Add logging for galaxy cluster sync. [Jakub Onderka]
- [misp-workflow-blueprints] updated to the latest version. [Alexandre
Dulaunoy]
- [internal] Store taxonomy in cache compressed. [Jakub Onderka]
- [internal] Move module perms to one place. [Jakub Onderka]
- [acl] Use ACL methods for checks. [Jakub Onderka]
- [acl] Move tags ACL check to one place. [Jakub Onderka]
- [css] put enrich box higher on the screen. [Alexandre Dulaunoy]
- [UI] Allow event mass export for all events. [Jakub Onderka]
- [PyMISP] updated. [Alexandre Dulaunoy]
- [warning-lists] updated. [Alexandre Dulaunoy]
- [acl] Use Acl::canAccess. [Jakub Onderka]
- [acl] Move org index access to ACLComponent. [Jakub Onderka]
- [acl] Use Acl::canAccess. [Jakub Onderka]
- [internal] Put most used controller component to defined variables.
[Jakub Onderka]
- [acl] Simplify acl checking for side menu. [Jakub Onderka]
- [acl] User standard ACL check for event index table. [Jakub Onderka]
- [acl] Fetch host_org_id just once. [Jakub Onderka]
- [API] For warninglist index returns all warninglists. [Jakub Onderka]
- [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [warning-lists] updated. [Alexandre Dulaunoy]
- [correlation] Do not try to unblock value if doing full correlation.
[Jakub Onderka]
- [internal] Micro optimisation. [Jakub Onderka]
- [correlation] Check attribute ID in SQL request. [Jakub Onderka]
- [correlation] Move fetching object later in code. [Jakub Onderka]
- [internal] Cleanup code for JSON decoding. [Jakub Onderka]
- [internal] Normalize user fetching for admins. [Jakub Onderka]
- [internal] Use readJsonFromFile. [Jakub Onderka]
- [internal] Be sure that authorizedIds methods returns int. [Jakub
Onderka]
- [intetrnal] Cleanup code for User::getUsersWithAccess. [Jakub Onderka]
- [internal] Cleanup code for User::beforeSave. [Jakub Onderka]
- [workflowModule:baseModule] Added helper function to collect matching
elements. [Sami Mokaddem]
- [workflowModules:enrich-event] Sort list of modules. [Sami Mokaddem]
- [UI] Cleanup code for widgets. [Jakub Onderka]
- [security] Mark Ubuntu 21.10 as not supported. [Jakub Onderka]
- [internal] Delete attribute code cleanup. [Jakub Onderka]
- [internal] Use JsonTool more often vol. 2. [Jakub Onderka]
- [attribute] Better ssdeep validation. [Jakub Onderka]
- [internal] Use JsonTool more often. [Jakub Onderka]
- [freetext] Optimise parsing. [Jakub Onderka]
- [internal] Speedup saving attributes when workflow is disabled. [Jakub
Onderka]
- [warninglist] Load warninglist from Redis for TLDs and security
vendors. [Jakub Onderka]
- [internal] Simplify add workflow. [Jakub Onderka]
- [api] Better specify what `last` attribute means. [Jakub Onderka]
- [trigger:enrichment-before-query] Include module being queried in
triggerData. [Sami Mokaddem]
- [js:event-graph] Possibility to removes leaves from the graph. [Sami
Mokaddem]
- [tool:evengraph] Include relationships when using pivot key. [Sami
Mokaddem]
- [trigger:event-after-save-new-from-pull] Include pass-along pulling
server. [Sami Mokaddem]
- [api] Return REST responses for modifyTagRelationship. [Jakub Onderka]
- [workflows:triggers] Added filtering capability on the index. [Sami
Mokaddem]
- [logs:index] Allow to filter based on the created field in the UI.
[Sami Mokaddem]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [correlation] Optimise saving object timestamp. [Jakub Onderka]
- [jobs] Small cleanup. [Jakub Onderka]
- [internal] Use specific controller version of jsonDecode. [Jakub
Onderka]
- [events:attributeToolbar] Bulk relationship add shows details of
selected object. [Sami Mokaddem]
- [jobs] Store job data in Redis when SimpleBackgroundJobs are enabled.
[Jakub Onderka]
Will help to solve #8616
- [events:attributeToolbar] Added bulk relationship add. [Sami Mokaddem]
- [redis] Raise default count for deleteKeysByPattern method. [Jakub
Onderka]
- [internal] Cleanup Redis code. [Jakub Onderka]
- [internal] More clear method name. [Jakub Onderka]
- [internal] Use short isset. [Jakub Onderka]
- [internal] Cleanup for RateLimitComponent. [Jakub Onderka]
- [redis] Use redis serializer for storing dashboard cache. [Jakub
Onderka]
- [events:attributeToolbar] Added bulk local tagging. [Sami Mokaddem]
Fix
~~~
- [typo] fixed after crash. [iglocska]
- [eventreports] edit ACL lookup fixed. [iglocska]
- [tags] index search fixed. [iglocska]
- not passing name, filter, search all together would lead to the search not working
- [acl] Added missing entry about eventReport. [Sami Mokaddem]
- [sync] Remove events without sightings from pull. [Jakub Onderka]
- [sync] Do not push galaxy cluster to events that should not be pushed.
[Jakub Onderka]
- [acl] Add event to template when adding shadow attribute. [Jakub
Onderka]
- [UI] Show checkbox for events to all users to allow mass export.
[Jakub Onderka]
- [view] Remove unused variable. [Jakub Onderka]
- [template] Remove unused template. [Jakub Onderka]
- [UI] Cleanup for reference bulk add. [Jakub Onderka]
- [UI] Statistics EventTag call. [Jakub Onderka]
- [oidc] Allow to check all users. [Jakub Onderka]
- [internal] Convert array to const. [Jakub Onderka]
- [test] Debug failing test. [Jakub Onderka]
- [sighting] Return just requested sighting. [Jakub Onderka]
- [statistics] do not divide correlation count by 2 - no longer needed.
[Andras Iklody]
We're only storing 1 row / correlation since the engine rework
- As reported by @github-germ
- [sync] Do not try to push no clusters to remote server. [Jakub
Onderka]
- [internal] Server push logging. [Jakub Onderka]
- [backgroundJobs] Added default fallback for settings & Use proper
filepath when Redis not enabled. [Sami Mokaddem]
- [internal] Tag `misp-galaxy:rsit="Information Gathering:Scanning"` was
considered as invalid. [Jakub Onderka]
- [test] Try to debug why tests sometimes fail. [Jakub Onderka]
- [internal] AppController cleanup. [Jakub Onderka]
- [acl] Only site admin can call server pull/push. [Jakub Onderka]
- [idTranslator] Show error when remote event not found. [Jakub Onderka]
- [acl] Event graph. [Jakub Onderka]
- [api] Remove user_id from extensionEvents JSON export. [Jakub Onderka]
- [internal] Remove unused controller method. [Jakub Onderka]
- [security] Permission for tag collections. [Jakub Onderka]
- [internal] Typo in attribute controller. [Jakub Onderka]
- [acl] Extended event UI permission. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [UI] Undefined variable. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [acl] Correlation can disable user that can modify event. [Jakub
Onderka]
- [correlation] Delete correlations when deleting event. [Jakub Onderka]
- [UI] Fetching attribute info with Event.user_id. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [security] Check user permission when attaching clusters. [Jakub
Onderka]
- [acl] Remove duplicate acl definition. [Jakub Onderka]
- [acl] User standard acl checking. [Jakub Onderka]
- [test] Show debug output for warninglist. [Jakub Onderka]
- [correlation] Convert to int. [Jakub Onderka]
- [correlation] Use int type for value_id. [Jakub Onderka]
- [correlation] Do not ublock not blocked value. [Jakub Onderka]
- [internal] Remove unused model SharingGroupElement. [Jakub Onderka]
- [internal] Cleanup code for UserController. [Jakub Onderka]
- [internal] Cleanup controller code. [Jakub Onderka]
- [internal] Cleanup code for tag controller. [Jakub Onderka]
- [templates] Use $hostOrgUser variable. [Jakub Onderka]
- [ACL] Permissions for feeds. [Jakub Onderka]
- [internal] Use standardized API for event unpublishing. [Jakub
Onderka]
- [correlation] Fix over correlating value. [Jakub Onderka]
- [widgets] Fix some widgets. [Jakub Onderka]
- [UI] Nicer view for workflow blueprints index. [Jakub Onderka]
- [workflow] Importing blueprints. [Jakub Onderka]
- [workflow] Menu links. [Jakub Onderka]
- [workflow] Basic cleanup. [Jakub Onderka]
- [notification] Do not send email when no new event for period. [Jakub
Onderka]
- [workflow] Correctly check if workflow is enabled. [Jakub Onderka]
- [workflow:formatConverter] Typo in condition leading to ignore
attribute tags if event tags were missing. [Sami Mokaddem]
- [attribute:hvoerEnrichment] Include even tags. [Sami Mokaddem]
- [UI] Undefined index attribute_tag_id. [Jakub Onderka]
- [UI] Reload just tags part when modifying tag relationship. [Jakub
Onderka]
- [UI] Submit form on CTRL+ENTER on select. [Jakub Onderka]
- [internal] Less fragile event unpublishing. [Jakub Onderka]
- [internal] Lock prefix. [Jakub Onderka]
- [feed] Missing to_ids for freetext feed. [Jakub Onderka]
- [redis] Delete also misp:wlc:* keys. [Jakub Onderka]
- [jobs] Correctly handle incorrectly configured simple background jobs.
[Jakub Onderka]
- [logging] Don't try to push syslog messages when no valid log entry
was created in the first place. [iglocska]
- [workflowModule:webhook] FIxed typo on parameter type. [Sami Mokaddem]
- [workflow:getUserForWorkflow] Forgotten return statement for one
conditional branch. [Sami Mokaddem]
- [redis] Delete all keys by pattern. [Jakub Onderka]
- [internal] Check if user is logged after checking if it is ajax
request. [Jakub Onderka]
- [UI] Do not show publish checkbox when importing MISP event for user
without permission. [Jakub Onderka]
Other
~~~~~
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge pull request #8743 from CriimBow/fix-typo-exists. [Andras
Iklody]
fix: typo in exists (does not exists => does not exist)
- Does not exists => does not exist. [CriimBow]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8737 from JakubOnderka/sync-sighting-fetched.
[Jakub Onderka]
fix: [sync] Remove events without sightings from pull
- Merge pull request #8735 from JakubOnderka/galaxy-cluster-push. [Jakub
Onderka]
fix: [sync] Do not push galaxy cluster to events that should not be p…
- Merge pull request #8702 from JakubOnderka/acl-helper-vol2. [Jakub
Onderka]
Acl helper vol2
- Merge pull request #8441 from JakubOnderka/server-push-details. [Jakub
Onderka]
new: [UI] Show servers where event will be pushed
- Merge pull request #8670 from JakubOnderka/reference-bulk-add-cleanup.
[Jakub Onderka]
fix: [UI] Cleanup for reference bulk add
- Merge pull request #8734 from JakubOnderka/fix-undefined. [Jakub
Onderka]
fix: [UI] Statistics EventTag call
- Merge pull request #8345 from JakubOnderka/oidc-org-uuid. [Jakub
Onderka]
new: [oidc] Allow to create new org with defined UUID
- Merge pull request #8719 from JakubOnderka/pull-remove-empty-events.
[Jakub Onderka]
chg: [sync] Remove empty events from pull
- Merge pull request #8731 from JakubOnderka/debug-failing. [Jakub
Onderka]
fix: [test] Debug failing test
- Merge pull request #8720 from JakubOnderka/sightings-rest-search.
[Jakub Onderka]
Sightings rest search
- Merge pull request #8729 from JakubOnderka/sighting-restsearch-
security-vol2. [Jakub Onderka]
new: [test] Check sighting rest search ACL vol. 2
- Merge pull request #8727 from JakubOnderka/cluster-sync-logging.
[Jakub Onderka]
chg: [internal] Add logging for galaxy cluster sync
- Merge pull request #8728 from JakubOnderka/sighting-restsearch-
security. [Jakub Onderka]
new: [test] Check sighting rest search ACL
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8726 from JakubOnderka/fix-tag-regexp. [Jakub
Onderka]
fix: [internal] Tag `misp-galaxy:rsit="Information Gathering:Scanning…
- Merge pull request #8724 from JakubOnderka/redis-compression. [Jakub
Onderka]
new: [redis] Store some data in Redis compressed to save memory
- Merge pull request #8723 from JakubOnderka/controller. [Jakub Onderka]
fix: [internal] AppController cleanup
- Merge pull request #8722 from JakubOnderka/feed-compression. [Jakub
Onderka]
new: [feed] Store freetext feed compressed in cache
- Merge pull request #8713 from JakubOnderka/tags-acl. [Jakub Onderka]
chg: [acl] Move tags ACL check to one place
- Merge branch 'szopin-patch-2' into develop. [Alexandre Dulaunoy]
- Merge branch 'patch-2' of https://github.com/szopin/MISP into szopin-
patch-2. [Alexandre Dulaunoy]
- Set max-height to allow generating scrollbars on overflow. [szopin]
With this the confirmation_box uses the whole available space for content and generates scrollbar when exceeded (fixes #4307)
- Merge pull request #8712 from JakubOnderka/event-mass-export. [Jakub
Onderka]
chg: [UI] Allow event mass export for all events
- Merge pull request #8710 from JakubOnderka/event-graph-acl. [Jakub
Onderka]
fix: [acl] Event graph
- Merge pull request #8706 from JakubOnderka/tag-collection-permission.
[Jakub Onderka]
fix: [security] Permission for tag collections
- Merge pull request #8705 from JakubOnderka/fix-acl-vol3. [Jakub
Onderka]
Fix acl vol3
- Merge pull request #8696 from JakubOnderka/delete-correlations. [Jakub
Onderka]
fix: [correlation] Delete correlations when deleting event
- Merge pull request #8704 from JakubOnderka/fix-acl-cluster-attach.
[Jakub Onderka]
fix: [security] Check user permission when attaching clusters
- Merge pull request #8697 from JakubOnderka/acl-helper. [Jakub Onderka]
Acl helper
- Merge pull request #8699 from JakubOnderka/warninglist-debug. [Jakub
Onderka]
fix: [test] Show debug output for warninglist
- Merge pull request #8693 from JakubOnderka/over-correlating-fix.
[Jakub Onderka]
Over correlating fix
- Merge pull request #8695 from JakubOnderka/user-organisations. [Jakub
Onderka]
User organisations
- Merge pull request #8694 from JakubOnderka/unpublish. [Jakub Onderka]
fix: [internal] Use standardized API for event unpublishing
- Merge pull request #8692 from JakubOnderka/over-correlating-fix.
[Jakub Onderka]
fix: [correlation] Fix over correlating value
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8688 from JakubOnderka/widget-ui. [Jakub Onderka]
chg: [UI] Cleanup code for widgets
- Merge pull request #8689 from JakubOnderka/security-audit. [Jakub
Onderka]
chg: [security] Mark Ubuntu 21.10 as not supported
- Merge pull request #8687 from JakubOnderka/full-correlation. [Jakub
Onderka]
new: [correlation] Do not correlate over correlating value again
- Merge pull request #8684 from JakubOnderka/attribute-delete-cleanup.
[Jakub Onderka]
chg: [internal] Delete attribute code cleanup
- Merge pull request #8683 from JakubOnderka/use-jsontool-vol2. [Jakub
Onderka]
chg: [internal] Use JsonTool more often vol. 2
- Merge pull request #8682 from JakubOnderka/better-ssdeep-validation.
[Jakub Onderka]
chg: [attribute] Better ssdeep validation
- Merge pull request #8680 from JakubOnderka/use-jsontool. [Jakub
Onderka]
Use JsonTool more often
- Merge pull request #8679 from JakubOnderka/freetext-optim. [Jakub
Onderka]
chg: [freetext] Optimise parsing
- Merge pull request #8653 from JakubOnderka/workflow-fixes. [Jakub
Onderka]
fix: [workflow] Basic cleanup
- Merge pull request #8646 from JakubOnderka/periodic-summary-empty.
[Jakub Onderka]
fix: [notification] Do not send email when no new event for period
- Merge pull request #8678 from JakubOnderka/simdjson. [Jakub Onderka]
new: [internal] Add support for simdjson extension
- Merge pull request #8677 from JakubOnderka/freetext-json. [Jakub
Onderka]
new: [freetext] Try to parse input as JSON
- Merge pull request #8676 from JakubOnderka/security-domains-freetext.
[Jakub Onderka]
Security domains freetext
- Merge pull request #8674 from JakubOnderka/simplify-workflow-code.
[Jakub Onderka]
Simplify workflow code
- Merge pull request #8672 from JakubOnderka/search-last-specify. [Jakub
Onderka]
chg: [api] Better specify what `last` attribute means
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8668 from JakubOnderka/ctrl-enter-submit. [Jakub
Onderka]
fix: [UI] Submit form on CTRL+ENTER on select
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8664 from JakubOnderka/event-unpublish. [Jakub
Onderka]
fix: [internal] Less fragile event unpublishing
- Merge pull request #8661 from JakubOnderka/fix-lock-prefix. [Jakub
Onderka]
fix: [internal] Lock prefix
- Merge pull request #8662 from JakubOnderka/missing-to-ids. [Jakub
Onderka]
fix: [feed] Missing to_ids for freetext feed
- Merge pull request #8663 from JakubOnderka/fix-delete-wlc. [Jakub
Onderka]
fix: [redis] Delete also misp:wlc:* keys
- Merge pull request #8659 from JakubOnderka/jobs-small-fixes. [Jakub
Onderka]
fix: [jobs] Correctly handle incorrectly configured simple background jobs
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8656 from JakubOnderka/jobs-small-fixes. [Jakub
Onderka]
chg: [jobs] Small cleanup
- Merge pull request #8654 from JakubOnderka/controller-json-decode.
[Jakub Onderka]
chg: [internal] Use specific controller version of jsonDecode
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8651 from JakubOnderka/save-jobs-file-in-redis.
[Jakub Onderka]
chg: [jobs] Store job data in Redis when SimpleBackgroundJobs are enabled
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8649 from JakubOnderka/dragonfly-support. [Jakub
Onderka]
new: [redis] Add support for dragonfly redis replacement
- Merge pull request #8647 from JakubOnderka/api-warning. [Jakub
Onderka]
new: [UI] Show warning if user don't have permission to use API
- Merge pull request #8648 from JakubOnderka/add-misp-export-publish.
[Jakub Onderka]
fix: [UI] Do not show publish checkbox when importing MISP event for user without permission
- Merge pull request #8518 from JakubOnderka/disable-key-fetching.
[Jakub Onderka]
new: [UI] Allow to disable PGP key fetching
v2.4.164 (2022-10-06)
---------------------

View File

@ -5,6 +5,77 @@ Changelog
%%version%% (unreleased)
------------------------
New
~~~
- Add in ability to set a taxonomies required status. [Tom King]
Changes
~~~~~~~
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [tests] fix the list name test following latest warning-list updates.
[Alexandre Dulaunoy]
- Bump deps. [Raphaël Vinot]
- Add dependabot. [Raphaël Vinot]
Other
~~~~~
- Revert "chg: [tests] fix the list name test following latest warning-
list" [Alexandre Dulaunoy]
This reverts commit be3715595bcf08d497303198fefdf91c735b3fb2.
- Build(deps): bump actions/setup-python from 2 to 4. [dependabot[bot]]
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v4)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
- Build(deps): bump actions/checkout from 2 to 3. [dependabot[bot]]
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
- Build(deps): bump codecov/codecov-action from 1 to 3.
[dependabot[bot]]
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v3)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
- Create codeql-analysis.yml. [Raphaël Vinot]
v2.4.162.1 (2022-10-02)
-----------------------
Changes
~~~~~~~
- Bump changelog. [Raphaël Vinot]
- Bump deps and version. [Raphaël Vinot]
Fix LIEF vuln.
- Bump deps, objects. [Raphaël Vinot]
Fix
~~~
- Change DNS warning list test. [Raphaël Vinot]

View File

@ -1,6 +1,186 @@
# Changelog
## v2.4.165 (2022-11-08)
### Changes
* [mitre-attack] updated to version 12.0. [Alexandre Dulaunoy]
* [threat-actor] JSON fix. [Alexandre Dulaunoy]
* [mitre] bump to v11.3. [Christophe Vandeplas]
* [tool] make mitre script easier to find. [Christophe Vandeplas]
### Other
* Merge pull request #792 from nyx0/main. [Alexandre Dulaunoy]
Add RomCom TA.
* Add RomCom TA. [Thomas Dupuy]
* Merge pull request #791 from Mathieu4141/threat-actors/add-phosphorus-alias-to-apt-35. [Alexandre Dulaunoy]
[threat-actors] Add Phosphorus in APT35 aliases
* [threat-actors] Add Phosphorus in APT35 aliases. [Mathieu Beligon]
* Merge pull request #790 from Mathieu4141/threat-actors/fix-dust-storm. [Alexandre Dulaunoy]
[threat-actors] Remove DustStorm alias from APT10
* [threat-actors] Remove DustStorm alias from APT10. [Mathieu Beligon]
* Merge pull request #788 from Mathieu4141/threat-actors/fix-cobalt-dickens. [Alexandre Dulaunoy]
[threat-actors] Remove cobalt dickens duplicate
* [threat-actors] Remove cobalt dickens duplicate. [Mathieu Beligon]
* Merge pull request #787 from Mathieu4141/threat-actors/fix-subaat-duplicate. [Alexandre Dulaunoy]
[threat-actors] Remove subaat duplicate
* [threat-actors] Remove subaat duplicate. [Mathieu Beligon]
* Merge pull request #786 from Mathieu4141/threat-actors/remove-skeleton-spider-duplicate. [Alexandre Dulaunoy]
[threat-actors] Remove Skeleton Spider duplicate
* [threat-actors] Remove Skeleton Spider duplicate. [Mathieu Beligon]
* Merge pull request #785 from Delta-Sierra/main. [Alexandre Dulaunoy]
add Prynt Stealer & variants
* Add Prynt Stealer & variants. [Delta-Sierra]
* Merge pull request #784 from Delta-Sierra/main. [Alexandre Dulaunoy]
add Volatile Cedar synonym
* Fix metadata in wrong slot. [Delta-Sierra]
* Add Volatile Cedar synonym. [Delta-Sierra]
* Merge pull request #782 from nyx0/main. [Alexandre Dulaunoy]
Add SharPyShell tool.
* Add SharPyShell tool. [Thomas Dupuy]
* Merge pull request #781 from Mathieu4141/threat-actors/fix-neodymium. [Alexandre Dulaunoy]
[threat-actors] Fix G0055 (NEODYMIUM) alias
* [threat-actors] Fix G0055 (NEODYMIUM) alias. [Mathieu Beligon]
* Merge pull request #780 from Mathieu4141/threat-actors/fix-svmondr. [Alexandre Dulaunoy]
[threat-actors] Remove SVCMONDR duplicate
* [threat-actors] Remove SVCMONDR duplicate. [Mathieu Beligon]
* Merge pull request #778 from Mathieu4141/threat-actors/fix-malware-reuser-duplicate. [Alexandre Dulaunoy]
[threat-actors] Fix Volatile Cedar and Dancing Salome conflicts
* [threat-actors] Fix Volatile Cedar and Dancing Salome conflicts. [Mathieu Beligon]
* Merge pull request #777 from Mathieu4141/threat-actors/fix-equation-group-conflict. [Alexandre Dulaunoy]
[threat-actors] Equation group: separate from Lamberts and add tools
* [threat-actors] Equation group: separate from Lamberts and add tools. [Mathieu Beligon]
* Merge pull request #774 from nyx0/main. [Alexandre Dulaunoy]
Add APT-Q-12 Threat Actor.
* Add APT-Q-12 Threat Actor. [Thomas Dupuy]
* Merge branch 'nyx0-main' into main. [Alexandre Dulaunoy]
* Merge branch 'main' of https://github.com/nyx0/misp-galaxy into nyx0-main. [Alexandre Dulaunoy]
* Add Void Balaur. [Thomas Dupuy]
## v2.4.163 (2022-09-26)
### New
* [malpedia] remove duplicate UUIDs objects (coming from Malpedia API) [Alexandre Dulaunoy]
* [threat-actor] hezb added. [Alexandre Dulaunoy]
### Changes
* [360net] add 360.net APT list fixes #764. [Christophe Vandeplas]
### Fix
* [atrm] fix bug in authors. [Christophe Vandeplas]
* [360net] fixes null entries in lists. [Christophe Vandeplas]
### Other
* Merge pull request #771 from Delta-Sierra/main. [Alexandre Dulaunoy]
fetch malpedia
* Fetch malpedia. [Delta-Sierra]
* Merge pull request #770 from Mathieu4141/threat-actors/add-bitwise-spider. [Alexandre Dulaunoy]
[threat-actors] Add BITWISE SPIDER
* [threat-actors] Add BITWISE SPIDER. [Mathieu Beligon]
* Merge pull request #769 from Mathieu4141/threat-actors-add/no-name-057-06. [Alexandre Dulaunoy]
[threat-actors] Add NoName057(16)
* [threat-actors] Add NoName057(16) [Mathieu Beligon]
* Merge pull request #766 from Mathieu4141/threat-actors/fix-ta505. [Alexandre Dulaunoy]
[threat-actors] Clean TA505 aliases
* [threat-actors] Clean TA505 aliases. [Mathieu Beligon]
* Merge pull request #768 from Delta-Sierra/main. [Alexandre Dulaunoy]
New clusters
* Add PlugX ref. [Delta-Sierra]
* Add Chisel. [Delta-Sierra]
* Add Lorenz ransomware. [Delta-Sierra]
* Add Dark.IoT. [Delta-Sierra]
* Add hezb. [Delta-Sierra]
* Add BumbleBee backdoor. [Delta-Sierra]
* Merge pull request #767 from cvandeplas/360net. [Christophe Vandeplas]
chg: [360net] add 360.net APT list fixes #764
* Merge pull request #765 from Mathieu4141/threat-actors/fix-xenotime. [Alexandre Dulaunoy]
[threat-actors] Remove Xenotime duplicate
* [threat-actors] Keep meta from old Xenotime. [Mathieu Beligon]
* [threat-actors] Remove Xenotime duplicate. [Mathieu Beligon]
## v2.4.162 (2022-09-09)
### Changes

View File

@ -1,6 +1,135 @@
# Changelog
## v2.4.165 (2022-11-08)
### New
* [expansion] Added extract_url_components module to create an object from an URL attribute. [Sami Mokaddem]
* [import] import_blueprint to facilitate an easy-to-use blueprint for data import. [Sami Mokaddem]
* [import] Url_import module to convert batch of URLs into url objects. [Sami Mokaddem]
### Changes
* [mkdocs] updated doc. [Alexandre Dulaunoy]
* [mkdows] footer updated. [Alexandre Dulaunoy]
* [doc] updated. [Alexandre Dulaunoy]
* [cve_advanced] Updated the module to use cvepremium & a few improvements. [Christian Studer]
### Fix
* [url_import/url] added in __init__ [Alexandre Dulaunoy]
* [crowdsec] Fixed the __init__ files. [Christian Studer]
* [variodbs] Fixed indentation issue. [Christian Studer]
- if `exploit_results` is empty, we should not go
any further in the query for next values exploit
results
* [variodbs] Properly handling the exploit results when there is more that 10 results. [Christian Studer]
- We keep querying the VARIoT db API with the link
of the next content until there is no next result
* [variodbs] Fixed the empty vulnerability results case handling, to avoid the module to stop before looking for related exploits. [Christian Studer]
* [variotdbs] Fixed some typos, missing imports, and some issues in the main parsing process. [Christian Studer]
* [variotdbs] Added the reference between the resulting vulnerability object and the initial vulnerability attribute. [Christian Studer]
### Other
* Merge branch 'main' of github.com:MISP/misp-modules. [Christian Studer]
* Merge branch 'main' of github.com:MISP/misp-modules into main. [Sami Mokaddem]
* Merge pull request #590 from crowdsecurity/main. [Alexandre Dulaunoy]
Add crowdsec module
* Add crowdsec module. [Shivam Sandbhor]
* Add: [variotdbs] Updated the exploit object mapping to support the object attributes recently added to the `exploit` template. [Christian Studer]
* Merge branch 'new_module' of github.com:MISP/misp-modules. [Christian Studer]
* Add: [readme] Added description for the variotdbs module. [Christian Studer]
* Add: [documentation] Regenerated documentation with the recently added modules description. [Christian Studer]
* Add: [documentation] Added documentation for the variotdbs module. [Christian Studer]
* Add: [variotdbs] Added the exploit information parsing. [Christian Studer]
- Following a recent change on the variotdbs API
allowing requests to get exploits information
base on a CVE number
* Merge branch 'main' into new_module. [Christian Studer]
* Add: [variotdbs] Added module to query the variotdbs API with a vulnerabliity, to get additional info about it. [Christian Studer]
* Merge branch 'main' of github.com:MISP/misp-modules into new_module. [Christian Studer]
* Merge pull request #586 from RamboV/main. [Alexandre Dulaunoy]
Added more endpoints to the module
* Update hyasinsight.py. [Rambatla Venkat Rao]
* Added few more endpoints. [Rambatla Venkat Rao]
* Merge pull request #585 from extra2000/bump-vt-py-0_17_1. [Alexandre Dulaunoy]
fix(REQUIREMENTS): bump `vt-py` to `0.17.1` due to `0.17.0` is no longer exists
* Fix(REQUIREMENTS): bump `vt-py` to `0.17.1` due to `0.17.0` is no longer exists. [Nik Mohamad Aizuddin]
* Merge branch 'new_module' of github.com:MISP/misp-modules into new_module. [Christian Studer]
* Merge pull request #583 from JakubOnderka/update-dependencies. [Jakub Onderka]
Update REQUIREMENTS
* Update REQUIREMENTS. [Jakub Onderka]
## v2.4.163 (2022-09-26)
### Fix
* [expansion:apivoid] add missing email attribute input types. [Jeroen Pinoy]
### Other
* Merge pull request #579 from szopin/patch-2. [Alexandre Dulaunoy]
Fix for ocr import
* Fix for ocr import. [szopin]
Currently works only for .pdf files, with this .png and .jpg should also work (fixes #512)
* Merge pull request #581 from Wachizungu/add-input-email-attribute-types-to-apivoid-exp-module. [Alexandre Dulaunoy]
fix: [expansion:apivoid] add missing email attribute input types
* Merge pull request #578 from szopin/patch-1. [Alexandre Dulaunoy]
Fix for hashdd
* Fix for hashdd. [szopin]
Endpoint has changed, now only accepts md5 and the format of the reply is also different
## v2.4.162 (2022-09-09)
### New

View File

@ -1,6 +1,40 @@
# Changelog
## v2.4.165 (2022-11-08)
### New
* [telegram-bot] new object to describe Telegram bots. [Alexandre Dulaunoy]
* [intrusion-set] based on the STIX 2.1 definition. [Alexandre Dulaunoy]
TODO - "Open Vocabularies" - value versus description.
### Other
* Merge pull request #373 from MISP/chrisr3d_patch. [Alexandre Dulaunoy]
Updated the `exploit` template
* Add: [exploit] Added `description` and `title` attributes. [Christian Studer]
* Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch. [Christian Studer]
* Merge pull request #372 from Delta-Sierra/master. [Alexandre Dulaunoy]
add username field in telegram-bot object
* Add username field in telegram-bot object. [Delta-Sierra]
## v2.4.163 (2022-09-26)
### New
* [exploit] Exploit object template to describe code or program used to exploit specific vulnerabilities. The objet can be linked to `vulnerability` objects but also device, iot, firmware or alike. [Alexandre Dulaunoy]
## v2.4.162 (2022-09-09)
### New

View File

@ -1,6 +1,106 @@
# Changelog
## v2.4.165 (2022-11-08)
### New
* [misp-workflow] new misp-workflow taxonomy to have a consistent tag message for the MISP workflow. [Alexandre Dulaunoy]
### Changes
* [misp-workflow] move to action-taken predicate. [Alexandre Dulaunoy]
### Other
* Merge pull request #258 from cudeso/main. [Alexandre Dulaunoy]
Sentinel indicator threat types
* Update MANIFEST.json. [Koen Van Impe]
* Update machinetag.json. [Koen Van Impe]
* Update MANIFEST.json. [Koen Van Impe]
* Sentinel indicator threat types. [Koen Van Impe]
Taxonomy in support of integrating MISP with Sentinel. Allows to set the "threatType values".
* Merge pull request #257 from Felix83000/main. [Alexandre Dulaunoy]
[Error Fix] Modify ISAC Tag to A_ISAC Tag
* [Error Fix] Modify ISAC Tag to A_ISAC Tag. [Félix Herrenschmidt]
[Error Fix] Modify ISAC Tag to Aviation ISAC Tag
## v2.4.163 (2022-09-26)
### New
* [financial] a new financial taxonomy to better financial entity in MISP. [Alexandre Dulaunoy]
### Changes
* [financial] Services added as provided by CSSF. [Alexandre Dulaunoy]
* [financial] Updated following CSSF feedback. [Alexandre Dulaunoy]
* [doc] index updated. [Alexandre Dulaunoy]
* [financial] updated with physical presence. [Alexandre Dulaunoy]
* [financial] improved financial taxonomy. [Alexandre Dulaunoy]
### Fix
* Better validation for taxonomy files. [Jakub Onderka]
* [financial] fix the predicate name change. [Alexandre Dulaunoy]
* [financial] typo fixed. [Alexandre Dulaunoy]
### Other
* Merge pull request #256 from JakubOnderka/fix-invalid-taxonomy. [Alexandre Dulaunoy]
fix: Better validation for taxonomy files
* Merge pull request #255 from syloktools/main. [Alexandre Dulaunoy]
Added to File Type taxonomy
* Merge branch 'main' of https://github.com/syloktools/misp-taxonomies. [Robert Nixon]
* Merge branch 'MISP:main' into main. [Robert Nixon]
* Add more file types. [Robert Nixon]
* Merge branch 'main' of https://github.com/syloktools/misp-taxonomies. [Robert Nixon]
* Added bat file type and change data to dat. [Robert Nixon]
* Merge pull request #254 from Felix83000/main. [Alexandre Dulaunoy]
Publication of the Thales Group taxonomy version 3
* Color update. [Félix Herrenschmidt]
* Released version 3. [Félix Herrenschmidt]
Add ISAC and InterCERT France communities.
* Merge pull request #253 from syloktools/main. [Alexandre Dulaunoy]
Added xlsm file type to file-type taxonomy
* Merge branch 'MISP:main' into main. [Robert Nixon]
* Added xlsm file type. [Robert Nixon]
## v2.4.162 (2022-09-09)
### Changes

View File

@ -1,14 +1,127 @@
# Changelog
## %%version%% (unreleased)
## v2.4.165 (2022-11-09)
### Changes
* [lists] updated automatically. [Alexandre Dulaunoy]
* [doc] updated list of warning lists. [Alexandre Dulaunoy]
* [park_domain] new info source. [David Cruciani]
* [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
* [park dns ns] add source. [David Cruciani]
* [majestic_million] numbers parameter. [David Cruciani]
* [tenable] headers updated. [Alexandre Dulaunoy]
### Fix
* [park domain] ip network. [David Cruciani]
* [park dn ns] jq all things. [David Cruciani]
* [park dn] jq_all_things. [David Cruciani]
* [parking] must be sorted. [Alexandre Dulaunoy]
* [parking-domain] jq all the things. [Alexandre Dulaunoy]
* [generator] remove header. [David Cruciani]
### Other
* Merge pull request #235 from DavidCruciani/main. [Alexandre Dulaunoy]
new info source
* Merge branch 'main' of https://github.com/DavidCruciani/misp-warninglists. [David Cruciani]
* Merge branch 'MISP:main' into main. [David Cruciani]
* Merge pull request #233 from DavidCruciani/main. [Alexandre Dulaunoy]
add some parking domain, ns and ip
* Merge branch 'main' of https://github.com/DavidCruciani/misp-warninglists. [David Cruciani]
* Merge branch 'DavidCruciani-main' into main. [Alexandre Dulaunoy]
* Merge branch 'main' of https://github.com/DavidCruciani/misp-warninglists into DavidCruciani-main. [Alexandre Dulaunoy]
* Merge pull request #230 from DavidCruciani/main. [Alexandre Dulaunoy]
fix: [generator] remove header
* Merge pull request #229 from DavidCruciani/main. [Alexandre Dulaunoy]
chg: [majestic_million] numbers parameter
* Add: [park dn] ns and ip. [David Cruciani]
* Add: [park dns ns] bodis.com. [David Cruciani]
* Add: [park dns ns] freenom.com. [David Cruciani]
* Add: [park dns ns] sedo.com. [David Cruciani]
* Add: [list] parking domain ns. [David Cruciani]
* Add: [list] parking-domains. [David Cruciani]
* Merge pull request #227 from jberkers42/jberkers-tenable-generateall. [Alexandre Dulaunoy]
Updates to reflect addition of Tenable Warninglists
* Updates to reflect addition of Tenable Warninglists - Update generate_all.sh - Update README.md. [John Berkers]
* Merge pull request #226 from jberkers42/jberkers42-tenable. [Alexandre Dulaunoy]
Add generator script for Tenable
* Add generator script for Tenable. [John Berkers]
## v2.4.163 (2022-09-26)
### Changes
* [lists] updated. [Alexandre Dulaunoy]
* [bank-website] add major bank domains. [Jeroen Pinoy]
* [bank-website] remove unregistered domains. [Jeroen Pinoy]
* [bank-website] add major bank domains. [Jeroen Pinoy]
* [lists] updated. [Alexandre Dulaunoy]
* [dns] add 1.1.1.1 as golden. [Alexandre Dulaunoy]
### Other
* Merge pull request #223 from drewm27/main. [Alexandre Dulaunoy]
Combine common range also including 208.100.26.238 learned from securityscorecard
* Combine common range also including 208.100.26.238 from securityscorecard. [Drew Middlesworth]
* Merge pull request #222 from Wachizungu/add-major-banks-domains. [Alexandre Dulaunoy]
chg: [bank-website] add major bank domains
* Merge pull request #220 from Wachizungu/remove-unregistered-domains. [Alexandre Dulaunoy]
chg: [bank-website] remove unregistered domains
* Merge pull request #218 from Wachizungu/add-major-bank-domains. [Alexandre Dulaunoy]
chg: [bank-website] add major bank domains
## v2.4.162 (2022-09-09)

View File

@ -2,6 +2,543 @@ Changelog
=========
v2.4.165 (2022-11-09)
---------------------
New
~~~
- [CLI] added pretty and json output modes to list and view feeds.
[iglocska]
- [feed management] added to CLI. [iglocska]
- still needs to add docs
- [acl] Checks for publishing or modifying galaxy clusters. [Jakub
Onderka]
- [acl] Use canModifyEvent for attributes index. [Jakub Onderka]
- [acl] canEditEventReport. [Jakub Onderka]
- [acl] Check sighting deletion in ACLComponent. [Jakub Onderka]
- [acl] User AlcHelper more often. [Jakub Onderka]
- [UI] Show servers where event will be pushed. [Jakub Onderka]
- [oidc] Change organisation name when UUID is provided. [Jakub Onderka]
- [oidc] Allow to create new org with defined UUID. [Jakub Onderka]
- [test] Sighting rest search test. [Jakub Onderka]
- [test] Check sighting rest search ACL vol. 2. [Jakub Onderka]
- [test] Check sighting rest search ACL. [Jakub Onderka]
- [redis] Store some data in Redis compressed to save memory. [Jakub
Onderka]
- [feed] Store freetext feed compressed in cache. [Jakub Onderka]
- [test] test_org_hide_index. [Jakub Onderka]
- [acl] Move disabling correlation checking to Acl component. [Jakub
Onderka]
- [acl] CanModifyTag method in AclHelper. [Jakub Onderka]
- [acl] Move checks from controller to ACL component. [Jakub Onderka]
- [acl] View helper. [Jakub Onderka]
- [workflowModule:attribute_ids_flag_operation] Module to toggle/remove
the to_ids flag. [Sami Mokaddem]
- [workflowModule:attribute_edition] Added generic module to support
attribute edition. [Sami Mokaddem]
Can be extended by other modules
- [workflowModule:attach_enrichment] That attaches enrichment entries to
the enriched attributes. [Sami Mokaddem]
- [correlation] Do not correlate over correlating value again for full
correlation. [Jakub Onderka]
Should help with #8685
- [internal] Add support for simdjson extension. [Jakub Onderka]
- [freetext] Try to parse input as JSON. [Jakub Onderka]
- [freetext] Fetch security vendor domains from warninglist. [Jakub
Onderka]
- [freetext] Remove to_ids from ComplexTypeTool. [Jakub Onderka]
- [tools:misp-zmq] Added subscriber blueprint. [Sami Mokaddem]
- [workflow:execute_module] Allow to ignore format conversion before
executing module. [Sami Mokaddem]
- [triggers:event_after_save_new] Added 2 new triggers for new events
and new events from pull. [Sami Mokaddem]
- [redis] Add support for dragonfly redis replacement. [Jakub Onderka]
- [UI] Show warning if user don't have permission to use API. [Jakub
Onderka]
- [UI] Allow to disable PGP key fetching. [Jakub Onderka]
Changes
~~~~~~~
- [VERSION] bump. [iglocska]
- [PyMISP] Bump. [Raphaël Vinot]
- [warning-list] updated. [Alexandre Dulaunoy]
- [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] many updates including new MITRE ATT&CK changes.
[Alexandre Dulaunoy]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [misp-workflow-blueprints] updated to the latest version. [Alexandre
Dulaunoy]
- [misp-galaxy] updated. [Alexandre Dulaunoy]
- [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [helper:acl] Removed unused function. [Sami Mokaddem]
- [CLI] new functions documented on the automation page. [iglocska]
- [internal] Update warninglist cache just when it is necessary. [Jakub
Onderka]
- [PyMISP] Bump. [Raphaël Vinot]
- [oidc] Create new org by SYSTEM user. [Jakub Onderka]
- [sync] Remove empty events from pull. [Jakub Onderka]
- [internal] Faster fetching event index. [Jakub Onderka]
- [API] Throw exception if invalid ID provided. [Jakub Onderka]
- [internal] Use subquery to sighting fetching. [Jakub Onderka]
- [sync] Use new sighting pull for new MISP instances. [Jakub Onderka]
- [sighting] Include organisation in rest response. [Jakub Onderka]
- [sightings] Optimised fetching. [Jakub Onderka]
- [api] Allow to include uuids to sighting. [Jakub Onderka]
- [sync] New way how to pull sightings. [Jakub Onderka]
- [internal] Optimise sighting rest search. [Jakub Onderka]
- [internal] Add logging for galaxy cluster sync. [Jakub Onderka]
- [misp-workflow-blueprints] updated to the latest version. [Alexandre
Dulaunoy]
- [internal] Store taxonomy in cache compressed. [Jakub Onderka]
- [internal] Move module perms to one place. [Jakub Onderka]
- [acl] Use ACL methods for checks. [Jakub Onderka]
- [acl] Move tags ACL check to one place. [Jakub Onderka]
- [css] put enrich box higher on the screen. [Alexandre Dulaunoy]
- [UI] Allow event mass export for all events. [Jakub Onderka]
- [PyMISP] updated. [Alexandre Dulaunoy]
- [warning-lists] updated. [Alexandre Dulaunoy]
- [acl] Use Acl::canAccess. [Jakub Onderka]
- [acl] Move org index access to ACLComponent. [Jakub Onderka]
- [acl] Use Acl::canAccess. [Jakub Onderka]
- [internal] Put most used controller component to defined variables.
[Jakub Onderka]
- [acl] Simplify acl checking for side menu. [Jakub Onderka]
- [acl] User standard ACL check for event index table. [Jakub Onderka]
- [acl] Fetch host_org_id just once. [Jakub Onderka]
- [API] For warninglist index returns all warninglists. [Jakub Onderka]
- [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
- [warning-lists] updated. [Alexandre Dulaunoy]
- [correlation] Do not try to unblock value if doing full correlation.
[Jakub Onderka]
- [internal] Micro optimisation. [Jakub Onderka]
- [correlation] Check attribute ID in SQL request. [Jakub Onderka]
- [correlation] Move fetching object later in code. [Jakub Onderka]
- [internal] Cleanup code for JSON decoding. [Jakub Onderka]
- [internal] Normalize user fetching for admins. [Jakub Onderka]
- [internal] Use readJsonFromFile. [Jakub Onderka]
- [internal] Be sure that authorizedIds methods returns int. [Jakub
Onderka]
- [intetrnal] Cleanup code for User::getUsersWithAccess. [Jakub Onderka]
- [internal] Cleanup code for User::beforeSave. [Jakub Onderka]
- [workflowModule:baseModule] Added helper function to collect matching
elements. [Sami Mokaddem]
- [workflowModules:enrich-event] Sort list of modules. [Sami Mokaddem]
- [UI] Cleanup code for widgets. [Jakub Onderka]
- [security] Mark Ubuntu 21.10 as not supported. [Jakub Onderka]
- [internal] Delete attribute code cleanup. [Jakub Onderka]
- [internal] Use JsonTool more often vol. 2. [Jakub Onderka]
- [attribute] Better ssdeep validation. [Jakub Onderka]
- [internal] Use JsonTool more often. [Jakub Onderka]
- [freetext] Optimise parsing. [Jakub Onderka]
- [internal] Speedup saving attributes when workflow is disabled. [Jakub
Onderka]
- [warninglist] Load warninglist from Redis for TLDs and security
vendors. [Jakub Onderka]
- [internal] Simplify add workflow. [Jakub Onderka]
- [api] Better specify what `last` attribute means. [Jakub Onderka]
- [trigger:enrichment-before-query] Include module being queried in
triggerData. [Sami Mokaddem]
- [js:event-graph] Possibility to removes leaves from the graph. [Sami
Mokaddem]
- [tool:evengraph] Include relationships when using pivot key. [Sami
Mokaddem]
- [trigger:event-after-save-new-from-pull] Include pass-along pulling
server. [Sami Mokaddem]
- [api] Return REST responses for modifyTagRelationship. [Jakub Onderka]
- [workflows:triggers] Added filtering capability on the index. [Sami
Mokaddem]
- [logs:index] Allow to filter based on the created field in the UI.
[Sami Mokaddem]
- [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
- [correlation] Optimise saving object timestamp. [Jakub Onderka]
- [jobs] Small cleanup. [Jakub Onderka]
- [internal] Use specific controller version of jsonDecode. [Jakub
Onderka]
- [events:attributeToolbar] Bulk relationship add shows details of
selected object. [Sami Mokaddem]
- [jobs] Store job data in Redis when SimpleBackgroundJobs are enabled.
[Jakub Onderka]
Will help to solve #8616
- [events:attributeToolbar] Added bulk relationship add. [Sami Mokaddem]
- [redis] Raise default count for deleteKeysByPattern method. [Jakub
Onderka]
- [internal] Cleanup Redis code. [Jakub Onderka]
- [internal] More clear method name. [Jakub Onderka]
- [internal] Use short isset. [Jakub Onderka]
- [internal] Cleanup for RateLimitComponent. [Jakub Onderka]
- [redis] Use redis serializer for storing dashboard cache. [Jakub
Onderka]
- [events:attributeToolbar] Added bulk local tagging. [Sami Mokaddem]
Fix
~~~
- [typo] fixed after crash. [iglocska]
- [eventreports] edit ACL lookup fixed. [iglocska]
- [tags] index search fixed. [iglocska]
- not passing name, filter, search all together would lead to the search not working
- [acl] Added missing entry about eventReport. [Sami Mokaddem]
- [sync] Remove events without sightings from pull. [Jakub Onderka]
- [sync] Do not push galaxy cluster to events that should not be pushed.
[Jakub Onderka]
- [acl] Add event to template when adding shadow attribute. [Jakub
Onderka]
- [UI] Show checkbox for events to all users to allow mass export.
[Jakub Onderka]
- [view] Remove unused variable. [Jakub Onderka]
- [template] Remove unused template. [Jakub Onderka]
- [UI] Cleanup for reference bulk add. [Jakub Onderka]
- [UI] Statistics EventTag call. [Jakub Onderka]
- [oidc] Allow to check all users. [Jakub Onderka]
- [internal] Convert array to const. [Jakub Onderka]
- [test] Debug failing test. [Jakub Onderka]
- [sighting] Return just requested sighting. [Jakub Onderka]
- [statistics] do not divide correlation count by 2 - no longer needed.
[Andras Iklody]
We're only storing 1 row / correlation since the engine rework
- As reported by @github-germ
- [sync] Do not try to push no clusters to remote server. [Jakub
Onderka]
- [internal] Server push logging. [Jakub Onderka]
- [backgroundJobs] Added default fallback for settings & Use proper
filepath when Redis not enabled. [Sami Mokaddem]
- [internal] Tag `misp-galaxy:rsit="Information Gathering:Scanning"` was
considered as invalid. [Jakub Onderka]
- [test] Try to debug why tests sometimes fail. [Jakub Onderka]
- [internal] AppController cleanup. [Jakub Onderka]
- [acl] Only site admin can call server pull/push. [Jakub Onderka]
- [idTranslator] Show error when remote event not found. [Jakub Onderka]
- [acl] Event graph. [Jakub Onderka]
- [api] Remove user_id from extensionEvents JSON export. [Jakub Onderka]
- [internal] Remove unused controller method. [Jakub Onderka]
- [security] Permission for tag collections. [Jakub Onderka]
- [internal] Typo in attribute controller. [Jakub Onderka]
- [acl] Extended event UI permission. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [UI] Undefined variable. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [acl] Correlation can disable user that can modify event. [Jakub
Onderka]
- [correlation] Delete correlations when deleting event. [Jakub Onderka]
- [UI] Fetching attribute info with Event.user_id. [Jakub Onderka]
- [UI] Undefined index. [Jakub Onderka]
- [security] Check user permission when attaching clusters. [Jakub
Onderka]
- [acl] Remove duplicate acl definition. [Jakub Onderka]
- [acl] User standard acl checking. [Jakub Onderka]
- [test] Show debug output for warninglist. [Jakub Onderka]
- [correlation] Convert to int. [Jakub Onderka]
- [correlation] Use int type for value_id. [Jakub Onderka]
- [correlation] Do not ublock not blocked value. [Jakub Onderka]
- [internal] Remove unused model SharingGroupElement. [Jakub Onderka]
- [internal] Cleanup code for UserController. [Jakub Onderka]
- [internal] Cleanup controller code. [Jakub Onderka]
- [internal] Cleanup code for tag controller. [Jakub Onderka]
- [templates] Use $hostOrgUser variable. [Jakub Onderka]
- [ACL] Permissions for feeds. [Jakub Onderka]
- [internal] Use standardized API for event unpublishing. [Jakub
Onderka]
- [correlation] Fix over correlating value. [Jakub Onderka]
- [widgets] Fix some widgets. [Jakub Onderka]
- [UI] Nicer view for workflow blueprints index. [Jakub Onderka]
- [workflow] Importing blueprints. [Jakub Onderka]
- [workflow] Menu links. [Jakub Onderka]
- [workflow] Basic cleanup. [Jakub Onderka]
- [notification] Do not send email when no new event for period. [Jakub
Onderka]
- [workflow] Correctly check if workflow is enabled. [Jakub Onderka]
- [workflow:formatConverter] Typo in condition leading to ignore
attribute tags if event tags were missing. [Sami Mokaddem]
- [attribute:hvoerEnrichment] Include even tags. [Sami Mokaddem]
- [UI] Undefined index attribute_tag_id. [Jakub Onderka]
- [UI] Reload just tags part when modifying tag relationship. [Jakub
Onderka]
- [UI] Submit form on CTRL+ENTER on select. [Jakub Onderka]
- [internal] Less fragile event unpublishing. [Jakub Onderka]
- [internal] Lock prefix. [Jakub Onderka]
- [feed] Missing to_ids for freetext feed. [Jakub Onderka]
- [redis] Delete also misp:wlc:* keys. [Jakub Onderka]
- [jobs] Correctly handle incorrectly configured simple background jobs.
[Jakub Onderka]
- [logging] Don't try to push syslog messages when no valid log entry
was created in the first place. [iglocska]
- [workflowModule:webhook] FIxed typo on parameter type. [Sami Mokaddem]
- [workflow:getUserForWorkflow] Forgotten return statement for one
conditional branch. [Sami Mokaddem]
- [redis] Delete all keys by pattern. [Jakub Onderka]
- [internal] Check if user is logged after checking if it is ajax
request. [Jakub Onderka]
- [UI] Do not show publish checkbox when importing MISP event for user
without permission. [Jakub Onderka]
Other
~~~~~
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch '2.4' into develop. [iglocska]
- Merge pull request #8743 from CriimBow/fix-typo-exists. [Andras
Iklody]
fix: typo in exists (does not exists => does not exist)
- Does not exists => does not exist. [CriimBow]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8737 from JakubOnderka/sync-sighting-fetched.
[Jakub Onderka]
fix: [sync] Remove events without sightings from pull
- Merge pull request #8735 from JakubOnderka/galaxy-cluster-push. [Jakub
Onderka]
fix: [sync] Do not push galaxy cluster to events that should not be p…
- Merge pull request #8702 from JakubOnderka/acl-helper-vol2. [Jakub
Onderka]
Acl helper vol2
- Merge pull request #8441 from JakubOnderka/server-push-details. [Jakub
Onderka]
new: [UI] Show servers where event will be pushed
- Merge pull request #8670 from JakubOnderka/reference-bulk-add-cleanup.
[Jakub Onderka]
fix: [UI] Cleanup for reference bulk add
- Merge pull request #8734 from JakubOnderka/fix-undefined. [Jakub
Onderka]
fix: [UI] Statistics EventTag call
- Merge pull request #8345 from JakubOnderka/oidc-org-uuid. [Jakub
Onderka]
new: [oidc] Allow to create new org with defined UUID
- Merge pull request #8719 from JakubOnderka/pull-remove-empty-events.
[Jakub Onderka]
chg: [sync] Remove empty events from pull
- Merge pull request #8731 from JakubOnderka/debug-failing. [Jakub
Onderka]
fix: [test] Debug failing test
- Merge pull request #8720 from JakubOnderka/sightings-rest-search.
[Jakub Onderka]
Sightings rest search
- Merge pull request #8729 from JakubOnderka/sighting-restsearch-
security-vol2. [Jakub Onderka]
new: [test] Check sighting rest search ACL vol. 2
- Merge pull request #8727 from JakubOnderka/cluster-sync-logging.
[Jakub Onderka]
chg: [internal] Add logging for galaxy cluster sync
- Merge pull request #8728 from JakubOnderka/sighting-restsearch-
security. [Jakub Onderka]
new: [test] Check sighting rest search ACL
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8726 from JakubOnderka/fix-tag-regexp. [Jakub
Onderka]
fix: [internal] Tag `misp-galaxy:rsit="Information Gathering:Scanning…
- Merge pull request #8724 from JakubOnderka/redis-compression. [Jakub
Onderka]
new: [redis] Store some data in Redis compressed to save memory
- Merge pull request #8723 from JakubOnderka/controller. [Jakub Onderka]
fix: [internal] AppController cleanup
- Merge pull request #8722 from JakubOnderka/feed-compression. [Jakub
Onderka]
new: [feed] Store freetext feed compressed in cache
- Merge pull request #8713 from JakubOnderka/tags-acl. [Jakub Onderka]
chg: [acl] Move tags ACL check to one place
- Merge branch 'szopin-patch-2' into develop. [Alexandre Dulaunoy]
- Merge branch 'patch-2' of https://github.com/szopin/MISP into szopin-
patch-2. [Alexandre Dulaunoy]
- Set max-height to allow generating scrollbars on overflow. [szopin]
With this the confirmation_box uses the whole available space for content and generates scrollbar when exceeded (fixes #4307)
- Merge pull request #8712 from JakubOnderka/event-mass-export. [Jakub
Onderka]
chg: [UI] Allow event mass export for all events
- Merge pull request #8710 from JakubOnderka/event-graph-acl. [Jakub
Onderka]
fix: [acl] Event graph
- Merge pull request #8706 from JakubOnderka/tag-collection-permission.
[Jakub Onderka]
fix: [security] Permission for tag collections
- Merge pull request #8705 from JakubOnderka/fix-acl-vol3. [Jakub
Onderka]
Fix acl vol3
- Merge pull request #8696 from JakubOnderka/delete-correlations. [Jakub
Onderka]
fix: [correlation] Delete correlations when deleting event
- Merge pull request #8704 from JakubOnderka/fix-acl-cluster-attach.
[Jakub Onderka]
fix: [security] Check user permission when attaching clusters
- Merge pull request #8697 from JakubOnderka/acl-helper. [Jakub Onderka]
Acl helper
- Merge pull request #8699 from JakubOnderka/warninglist-debug. [Jakub
Onderka]
fix: [test] Show debug output for warninglist
- Merge pull request #8693 from JakubOnderka/over-correlating-fix.
[Jakub Onderka]
Over correlating fix
- Merge pull request #8695 from JakubOnderka/user-organisations. [Jakub
Onderka]
User organisations
- Merge pull request #8694 from JakubOnderka/unpublish. [Jakub Onderka]
fix: [internal] Use standardized API for event unpublishing
- Merge pull request #8692 from JakubOnderka/over-correlating-fix.
[Jakub Onderka]
fix: [correlation] Fix over correlating value
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8688 from JakubOnderka/widget-ui. [Jakub Onderka]
chg: [UI] Cleanup code for widgets
- Merge pull request #8689 from JakubOnderka/security-audit. [Jakub
Onderka]
chg: [security] Mark Ubuntu 21.10 as not supported
- Merge pull request #8687 from JakubOnderka/full-correlation. [Jakub
Onderka]
new: [correlation] Do not correlate over correlating value again
- Merge pull request #8684 from JakubOnderka/attribute-delete-cleanup.
[Jakub Onderka]
chg: [internal] Delete attribute code cleanup
- Merge pull request #8683 from JakubOnderka/use-jsontool-vol2. [Jakub
Onderka]
chg: [internal] Use JsonTool more often vol. 2
- Merge pull request #8682 from JakubOnderka/better-ssdeep-validation.
[Jakub Onderka]
chg: [attribute] Better ssdeep validation
- Merge pull request #8680 from JakubOnderka/use-jsontool. [Jakub
Onderka]
Use JsonTool more often
- Merge pull request #8679 from JakubOnderka/freetext-optim. [Jakub
Onderka]
chg: [freetext] Optimise parsing
- Merge pull request #8653 from JakubOnderka/workflow-fixes. [Jakub
Onderka]
fix: [workflow] Basic cleanup
- Merge pull request #8646 from JakubOnderka/periodic-summary-empty.
[Jakub Onderka]
fix: [notification] Do not send email when no new event for period
- Merge pull request #8678 from JakubOnderka/simdjson. [Jakub Onderka]
new: [internal] Add support for simdjson extension
- Merge pull request #8677 from JakubOnderka/freetext-json. [Jakub
Onderka]
new: [freetext] Try to parse input as JSON
- Merge pull request #8676 from JakubOnderka/security-domains-freetext.
[Jakub Onderka]
Security domains freetext
- Merge pull request #8674 from JakubOnderka/simplify-workflow-code.
[Jakub Onderka]
Simplify workflow code
- Merge pull request #8672 from JakubOnderka/search-last-specify. [Jakub
Onderka]
chg: [api] Better specify what `last` attribute means
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8668 from JakubOnderka/ctrl-enter-submit. [Jakub
Onderka]
fix: [UI] Submit form on CTRL+ENTER on select
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8664 from JakubOnderka/event-unpublish. [Jakub
Onderka]
fix: [internal] Less fragile event unpublishing
- Merge pull request #8661 from JakubOnderka/fix-lock-prefix. [Jakub
Onderka]
fix: [internal] Lock prefix
- Merge pull request #8662 from JakubOnderka/missing-to-ids. [Jakub
Onderka]
fix: [feed] Missing to_ids for freetext feed
- Merge pull request #8663 from JakubOnderka/fix-delete-wlc. [Jakub
Onderka]
fix: [redis] Delete also misp:wlc:* keys
- Merge pull request #8659 from JakubOnderka/jobs-small-fixes. [Jakub
Onderka]
fix: [jobs] Correctly handle incorrectly configured simple background jobs
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8656 from JakubOnderka/jobs-small-fixes. [Jakub
Onderka]
chg: [jobs] Small cleanup
- Merge pull request #8654 from JakubOnderka/controller-json-decode.
[Jakub Onderka]
chg: [internal] Use specific controller version of jsonDecode
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8651 from JakubOnderka/save-jobs-file-in-redis.
[Jakub Onderka]
chg: [jobs] Store job data in Redis when SimpleBackgroundJobs are enabled
- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami
Mokaddem]
- Merge pull request #8649 from JakubOnderka/dragonfly-support. [Jakub
Onderka]
new: [redis] Add support for dragonfly redis replacement
- Merge pull request #8647 from JakubOnderka/api-warning. [Jakub
Onderka]
new: [UI] Show warning if user don't have permission to use API
- Merge pull request #8648 from JakubOnderka/add-misp-export-publish.
[Jakub Onderka]
fix: [UI] Do not show publish checkbox when importing MISP event for user without permission
- Merge pull request #8518 from JakubOnderka/disable-key-fetching.
[Jakub Onderka]
new: [UI] Allow to disable PGP key fetching
v2.4.164 (2022-10-06)
---------------------

View File

@ -507,6 +507,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_email">email</a></li>
<li><a href="#_employee">employee</a></li>
<li><a href="#_error_message">error-message</a></li>
<li><a href="#_exploit">exploit</a></li>
<li><a href="#_exploit_poc">exploit-poc</a></li>
<li><a href="#_facebook_account">facebook-account</a></li>
<li><a href="#_facebook_group">facebook-group</a></li>
@ -593,6 +594,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_intelmq_report">intelmq_report</a></li>
<li><a href="#_internal_reference">internal-reference</a></li>
<li><a href="#_interpol_notice">interpol-notice</a></li>
<li><a href="#_intrusion_set">intrusion-set</a></li>
<li><a href="#_iot_device">iot-device</a></li>
<li><a href="#_iot_firmware">iot-firmware</a></li>
<li><a href="#_ip_api_address">ip-api-address</a></li>
@ -704,6 +706,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_target_system">target-system</a></li>
<li><a href="#_tattoo">tattoo</a></li>
<li><a href="#_telegram_account">telegram-account</a></li>
<li><a href="#_telegram_bot">telegram-bot</a></li>
<li><a href="#_temporal_event">temporal-event</a></li>
<li><a href="#_threatgrid_report">threatgrid-report</a></li>
<li><a href="#_timecode">timecode</a></li>
@ -10152,6 +10155,189 @@ error-message is a MISP object available in JSON format at <a href="https://gith
</div>
</div>
<div class="sect1">
<h2 id="_exploit"><a class="anchor" href="#_exploit"></a><a class="link" href="#_exploit">exploit</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Exploit object describes a program in binary or source code form used to abuse one or more vulnerabilities.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
exploit is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/main/objects/exploit/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">0day-today-id</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Reference to the 0day.today referencing this exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">accessibility</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Accessibility of the exploit. ['Unknown', 'Public', 'Limited', 'Paid']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Comment associated to the exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">credit</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Credit(s) for the exploit (such as author, distributor or original source).</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">cve-id</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">vulnerability</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Reference to the CVE value targeted by the exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">exploit</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Free text of the exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">exploit-as-attachment</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">attachment</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Attachment of the exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">exploitdb-id</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Reference to the ExploitDB referencing this exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">filename</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Filename used for the exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">level</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Level of the exploit. ['Unknown', 'Proof-of-Concept', 'Functional', 'Production-ready']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">reference</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">link</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Reference to the exploit.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_exploit_poc"><a class="anchor" href="#_exploit_poc"></a><a class="link" href="#_exploit_poc">exploit-poc</a></h2>
<div class="sectionbody">
<div class="paragraph">
@ -42111,6 +42297,137 @@ interpol-notice is a MISP object available in JSON format at <a href="https://gi
</div>
</div>
<div class="sect1">
<h2 id="_intrusion_set"><a class="anchor" href="#_intrusion_set"></a><a class="link" href="#_intrusion_set">intrusion-set</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>A object template describing an Intrusion Set as defined in STIX 2.1. An Intrusion Set is a grouped set of adversarial behaviors and resources with common properties that is believed to be orchestrated by a single organization. An Intrusion Set may capture multiple Campaigns or other activities that are all tied together by shared attributes indicating a commonly known or unknown Threat Actor. New activity can be attributed to an Intrusion Set even if the Threat Actors behind the attack are not known. Threat Actors can move from supporting one Intrusion Set to supporting another, or they may support multiple Intrusion Sets. Where a Campaign is a set of attacks over a period of time against a specific set of targets to achieve some objective, an Intrusion Set is the entire attack package and may be used over a very long period of time in multiple Campaigns to achieve potentially multiple purposes. While sometimes an Intrusion Set is not active, or changes focus, it is usually difficult to know if it has truly disappeared or ended. Analysts may have varying level of fidelity on attributing an Intrusion Set back to Threat Actors and may be able to only attribute it back to a nation state or perhaps back to an organization within that nation state.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
intrusion-set is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/main/objects/intrusion-set/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">aliases</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Alternative names used to identify this Intrusion Set.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">description</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>A description that provides more details and context about the Intrusion Set, potentially including its purpose and its key characteristics.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">goals</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>The high-level goals of this Intrusion Set, namely, what are they trying to do. For example, they may be motivated by personal gain, but their goal is to steal credit card numbers. To do this, they may execute specific Campaigns that have detailed objectives like compromising point of sale systems at a large retailer. Another example: to gain information about latest merger and IPO information from ACME Bank.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>A name used to identify this Intrusion Set.</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">primary-motivation</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>The primary reason, motivation, or purpose behind this Intrusion Set. The motivation is why the Intrusion Set wishes to achieve the goal (what they are trying to achieve). For example, an Intrusion Set with a goal to disrupt the finance sector in a country might be motivated by ideological hatred of capitalism. ['accidental - A non-hostile actor whose benevolent or harmless intent inadvertently causes harm. For example, a well-meaning and dedicated employee who through distraction or poor training unintentionally causes harm to his or her organization.', "coercion - Being forced to act on someone else&#8217;s behalf. Adversaries who are motivated by coercion are often forced through intimidation or blackmail to act illegally for someone elses benefit. Unlike the other motivations, a coerced person does not act for personal gain, but out of fear of incurring a loss.", 'dominance - A desire to assert superiority over someone or something else. Adversaries who are seeking dominance over a target are focused on using their power to force their target into submission or irrelevance. Dominance may be found with ideology in some state-sponsored attacks and with notoriety in some cyber vandalism-based attacks.', 'ideology - A passion to express a set of ideas, beliefs, and values that may shape and drive harmful and illegal acts. Adversaries who act for ideological reasons (e.g., political, religious, human rights, environmental, desire to cause chaos/anarchy, etc.) are not usually motivated primarily by the desire for profit; they are acting on their own sense of morality, justice, or political loyalty. For example, an activist group may sabotage a companys equipment because they believe the company is harming the environment.', 'notoriety - Seeking prestige or to become well known through some activity. Adversaries motivated by notoriety are often seeking either personal validation or respect within a community and staying covert is not a priority. In fact, one of the main goals is to garner the respect of their target audience.', 'organizational-gain - Seeking advantage over a competing organization, including a military organization. Adversaries motivated by increased profit or other gains through an unfairly obtained competitive advantage are often seeking theft of intellectual property, business processes, or supply chain agreements and thus accelerating their position in a market or capability.', 'personal-gain - The desire to improve ones own financial status. Adversaries motivated by a selfish desire for personal gain are often out for gains that come from financial fraud, hacking for hire, or intellectual property theft. While a Threat Actor or Intrusion Set may be seeking personal gain, this does not mean they are acting alone. Individuals can band together solely to maximize their own personal profits.', 'personal-satisfaction - A desire to satisfy a strictly personal goal, including curiosity, thrill-seeking, amusement, etc. Threat Actors or Intrusion Set driven by personal satisfaction may incidentally receive some other gain from their actions, such as a profit, but their primary motivation is to gratify a personal, emotional need. Individuals can band together with others toward a mutual, but not necessarily organizational, objective.', 'revenge - A desire to avenge perceived wrongs through harmful actions such as sabotage, violence, theft, fraud, or embarrassing certain individuals or the organization. A disgruntled Threat Actor or Intrusion Set seeking revenge can include current or former employees, who may have extensive knowledge to leverage when conducting attacks. Individuals can band together with others if the individual believes that doing so will enable them to cause more harm.', 'unpredictable - Acting without identifiable reason or purpose and creating unpredictable events. Unpredictable is not a miscellaneous or default category. Unpredictable means a truly random and likely bizarre event, which seems to have no logical purpose to the victims.']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">resource_level</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>This property specifies the organizational level at which this Intrusion Set typically works, which in turn determines the resources available to this Intrusion Set for use in an attack. ['individual - Resources limited to the average individual; Threat Actor acts independently.', 'club - Members interact on a social and volunteer basis, often with little personal interest in the specific target. An example might be a core group of unrelated activists who regularly exchange tips on a particular blog. Group persists long term.', "contest - A short-lived and perhaps anonymous interaction that concludes when the participants have achieved a single goal. For example, people who break into systems just for thrills or prestige may hold a contest to see who can break into a specific target first. It also includes announced 'operations' to achieve a specific goal, such as the original 'OpIsrael' call for volunteers to disrupt all of Israel&#8217;s Internet functions for a day.", 'team - A formally organized group with a leader, typically motivated by a specific goal and organized around that goal. Group persists long term and typically operates within a single geography.', 'organization - Larger and better resourced than a team; typically, a company or crime syndicate. Usually operates in multiple geographic areas and persists long term.', 'government - Controls public assets and functions within a jurisdiction; very well resourced and persists long term.']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">secondary-motivation</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>The secondary reasons, motivations, or purposes behind this Intrusion Set. These motivations can exist as an equal or near-equal cause to the primary motivation. However, it does not replace or necessarily magnify the primary motivation, but it might indicate additional context. The position in the list has no significance. ['accidental - A non-hostile actor whose benevolent or harmless intent inadvertently causes harm. For example, a well-meaning and dedicated employee who through distraction or poor training unintentionally causes harm to his or her organization.', "coercion - Being forced to act on someone else&#8217;s behalf. Adversaries who are motivated by coercion are often forced through intimidation or blackmail to act illegally for someone elses benefit. Unlike the other motivations, a coerced person does not act for personal gain, but out of fear of incurring a loss.", 'dominance - A desire to assert superiority over someone or something else. Adversaries who are seeking dominance over a target are focused on using their power to force their target into submission or irrelevance. Dominance may be found with ideology in some state-sponsored attacks and with notoriety in some cyber vandalism-based attacks.', 'ideology - A passion to express a set of ideas, beliefs, and values that may shape and drive harmful and illegal acts. Adversaries who act for ideological reasons (e.g., political, religious, human rights, environmental, desire to cause chaos/anarchy, etc.) are not usually motivated primarily by the desire for profit; they are acting on their own sense of morality, justice, or political loyalty. For example, an activist group may sabotage a companys equipment because they believe the company is harming the environment.', 'notoriety - Seeking prestige or to become well known through some activity. Adversaries motivated by notoriety are often seeking either personal validation or respect within a community and staying covert is not a priority. In fact, one of the main goals is to garner the respect of their target audience.', 'organizational-gain - Seeking advantage over a competing organization, including a military organization. Adversaries motivated by increased profit or other gains through an unfairly obtained competitive advantage are often seeking theft of intellectual property, business processes, or supply chain agreements and thus accelerating their position in a market or capability.', 'personal-gain - The desire to improve ones own financial status. Adversaries motivated by a selfish desire for personal gain are often out for gains that come from financial fraud, hacking for hire, or intellectual property theft. While a Threat Actor or Intrusion Set may be seeking personal gain, this does not mean they are acting alone. Individuals can band together solely to maximize their own personal profits.', 'personal-satisfaction - A desire to satisfy a strictly personal goal, including curiosity, thrill-seeking, amusement, etc. Threat Actors or Intrusion Set driven by personal satisfaction may incidentally receive some other gain from their actions, such as a profit, but their primary motivation is to gratify a personal, emotional need. Individuals can band together with others toward a mutual, but not necessarily organizational, objective.', 'revenge - A desire to avenge perceived wrongs through harmful actions such as sabotage, violence, theft, fraud, or embarrassing certain individuals or the organization. A disgruntled Threat Actor or Intrusion Set seeking revenge can include current or former employees, who may have extensive knowledge to leverage when conducting attacks. Individuals can band together with others if the individual believes that doing so will enable them to cause more harm.', 'unpredictable - Acting without identifiable reason or purpose and creating unpredictable events. Unpredictable is not a miscellaneous or default category. Unpredictable means a truly random and likely bizarre event, which seems to have no logical purpose to the victims.']</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_iot_device"><a class="anchor" href="#_iot_device"></a><a class="link" href="#_iot_device">iot-device</a></h2>
<div class="sectionbody">
<div class="paragraph">
@ -63241,6 +63558,111 @@ telegram-account is a MISP object available in JSON format at <a href="https://g
</div>
</div>
<div class="sect1">
<h2 id="_telegram_bot"><a class="anchor" href="#_telegram_bot"></a><a class="link" href="#_telegram_bot">telegram-bot</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Information related to a telegram bot.</p>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
telegram-bot is a MISP object available in JSON format at <a href="https://github.com/MISP/misp-objects/blob/main/objects/telegram-bot/definition.json"><strong>this location</strong></a> The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a>.
</td>
</tr>
</table>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
<col style="width: 20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Object attribute</th>
<th class="tableblock halign-left valign-top">MISP attribute type</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Disable correlation</th>
<th class="tableblock halign-left valign-top">Multiple</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">chat-id</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Telegram chat id</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">comment</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Phone associated with the telegram user</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-check"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">name</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Telegram bot name</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">token</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Telegram Token</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">username</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">text</p></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p>Telegram bot username, must end with "bot"</p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
<td class="tableblock halign-left valign-top"><div class="content"><div class="paragraph">
<p><span class="icon"><i class="fa fa-minus"></i></span></p>
</div></div></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="_temporal_event"><a class="anchor" href="#_temporal_event"></a><a class="link" href="#_temporal_event">temporal-event</a></h2>
<div class="sectionbody">
<div class="paragraph">
@ -70927,7 +71349,7 @@ youtube-video is a MISP object available in JSON format at <a href="https://gith
</div>
<div id="footer">
<div id="footer-text">
Last updated 2022-09-09 07:39:53 +0200
Last updated 2022-10-13 21:33:40 +0200
</div>
</div>
</body>

File diff suppressed because it is too large Load Diff