MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [static] updated

pull/107/head
Alexandre Dulaunoy 2024-08-30 10:48:42 +02:00
parent 5eefa3453f
commit e961689c51
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
10 changed files with 117982 additions and 115531 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
static/Changelog-PyMISP.txt
View File

@ -2,6 +2,116 @@ Changelog
=========
v2.4.196 (2024-08-21)
---------------------
New
~~~
- Add pre-commit file. [Raphaël Vinot]
Changes
~~~~~~~
- Bump changelog. [Raphaël Vinot]
- Bump version. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
Fix
~~~
- Remove broken config. [Raphaël Vinot]
v2.4.195 (2024-07-27)
---------------------
New
~~~
- Add delete role, test suite for roles. [Raphaël Vinot]
- Test publish & search. [Raphaël Vinot]
- Add delete role, test suite for roles. [Raphaël Vinot]
- Test publish & search. [Raphaël Vinot]
Changes
~~~~~~~
- Bump Changelog. [Raphaël Vinot]
- Bump objects. [Raphaël Vinot]
- Bump Changelog (issue with template) [Raphaël Vinot]
- Bump changelog. [Raphaël Vinot]
- Bump version. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- [publish tests] further debugging. [iglocska]
- [publish test] check if the publishing actually worked as intended.
[iglocska]
- [tests] speculative fix for the published search. [iglocska]
- locally it seems to work as intended, curious what is going on here
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- Bump deps. [Raphaël Vinot]
- [publish tests] further debugging. [iglocska]
- [publish test] check if the publishing actually worked as intended.
[iglocska]
- [tests] speculative fix for the published search. [iglocska]
- locally it seems to work as intended, curious what is going on here
- Bump deps. [Raphaël Vinot]
Fix
~~~
- Bump objects (invalid template) [Raphaël Vinot]
- Do not let a user pass a full dict as tagname. [Raphaël Vinot]
- [publish tests] fixed invalid setting name for disabling background
processing. [iglocska]
- [publish test] invalid path for the publishing outcome in the
response. [iglocska]
- [publish test] fixed. [iglocska]
- was incorrect as it triggered a background processed publishing, which can take time
- Do not let a user pass a full dict as tagname. [Raphaël Vinot]
- Do not let a user pass a full dict as tagname. [Raphaël Vinot]
- [publish tests] fixed invalid setting name for disabling background
processing. [iglocska]
- [publish test] invalid path for the publishing outcome in the
response. [iglocska]
- [publish test] fixed. [iglocska]
- was incorrect as it triggered a background processed publishing, which can take time
Other
~~~~~
- Re-naming variables to make tests happy. [Tobias Mainka]
- Added support to add or update a MISP role. [Tobias Mainka]
- Update tests. [Raphaël Vinot]
- Build(deps): bump certifi from 2024.6.2 to 2024.7.4. [dependabot[bot]]
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04)
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
- MANIFEST.in does not seem to have an effect any longer. [Ulrik Haugen]
- Include docs, examples and tests in sdist. [Ulrik Haugen]
- Re-naming variables to make tests happy. [Tobias Mainka]
- Added support to add or update a MISP role. [Tobias Mainka]
- Update tests. [Raphaël Vinot]
- Build(deps): bump certifi from 2024.6.2 to 2024.7.4. [dependabot[bot]]
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04)
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
- Feat: Adds methods to get attribute by id/uuid. [Sura De Silva]
v2.4.194 (2024-06-21)
---------------------

98
static/Changelog-misp-galaxy.txt
View File

@ -1,11 +1,105 @@
# Changelog
## %%version%% (unreleased)
## v2.4.196 (2024-08-20)
### New
* [fight] new MITRE FiGHT galaxy fixes #986. [Christophe Vandeplas]
### Changes
* [ransomware] inline with ransomlook.io. [Alexandre Dulaunoy]
* [doc] updated. [Alexandre Dulaunoy]
* [sigma-rules] updated to the latest version. [Alexandre Dulaunoy]
* [tools] fix the date input from the sigma rules generator. [Alexandre Dulaunoy]
* [threat-actor] updated. [Alexandre Dulaunoy]
* [mitre] deprecated entities. [Christophe Vandeplas]
* [fight] swiched to using PyMISPGalaxies. [Christophe Vandeplas]
* [fight] add ATT&CK rel + fix description bug. [Christophe Vandeplas]
* [ransomware] updated. [Alexandre Dulaunoy]
* [producer] improved producer list. [Alexandre Dulaunoy]
* [index] updated. [Alexandre Dulaunoy]
* [producer] added some security companies & CERTs. [Tom]
### Fix
* [fight] readme. [Christophe Vandeplas]
* Launch.json update. [Christophe Vandeplas]
* [fight] fix duplicates. [Christophe Vandeplas]
* [fight] updated README. [Christophe Vandeplas]
* Updated README.md. [Christophe Vandeplas]
* [fight] ugly workaround for duplicate entries. [Christophe Vandeplas]
* [fight] unique refs. [Christophe Vandeplas]
* [README] updated. [Alexandre Dulaunoy]
### Other
* Merge branch 'Mathieu4141-threat-actors/ba010e21-3184-4bdc-87e0-872f16b95338' [Alexandre Dulaunoy]
* Merge branch 'threat-actors/ba010e21-3184-4bdc-87e0-872f16b95338' of https://github.com/Mathieu4141/misp-galaxy into Mathieu4141-threat-actors/ba010e21-3184-4bdc-87e0-872f16b95338. [Alexandre Dulaunoy]
* [threat actors] Update README. [Mathieu4141]
* [threat-actors] Add Hive0137. [Mathieu4141]
* [threat-actors] Add UNC4393. [Mathieu4141]
* [threat-actors] Add SAMBASPIDER. [Mathieu4141]
* [threat-actors] Add Ghostwriter aliases. [Mathieu4141]
* [threat-actors] Add Storm-0506. [Mathieu4141]
* [threat-actors] Add TA4903. [Mathieu4141]
* Update CONTRIBUTE.md. [Alexandre Dulaunoy]
* Merge pull request #1012 from cvandeplas/main. [Christophe Vandeplas]
chg; [mitre] Deprecating entries in ATT&CK
* Merge branch 'main' of https://github.com/cvandeplas/misp-galaxy. [Christophe Vandeplas]
* Merge branch 'MISP:main' into main. [Christophe Vandeplas]
* Wip: [fight] initial work for MITRE FiGTH fixes #986. [Christophe Vandeplas]
* Merge pull request #1011 from MISP/nyx0-main. [Alexandre Dulaunoy]
Nyx0 main
* Merge pull request #1007 from Mathieu4141/threat-actors/9f13f000-33d7-4e23-a87f-877399772e86. [Alexandre Dulaunoy]
[threat actors] Add 3 actors
* [threat actors] Update README. [Mathieu4141]
* [threat-actors] Add APT45. [Mathieu4141]
* [threat-actors] Add UAC-0102. [Mathieu4141]
* [threat-actors] Add Stargazer Goblin. [Mathieu4141]
* Merge pull request #1006 from MISP/gallypette-main. [Alexandre Dulaunoy]
Gallypette main
## v2.4.195 (2024-07-26)

151
static/Changelog-misp-modules.txt
View File

@ -3,8 +3,52 @@
## %%version%% (unreleased)
### New
* [whois] added back the whois module based on Raphael changes. [Alexandre Dulaunoy]
* [yara_export] new export module. [Christophe Vandeplas]
### Changes
* Re-implement uwhois module. [Raphaël Vinot]
Fix #684
* [doc] make deploy. [Christophe Vandeplas]
* [doc] link to website. [Christophe Vandeplas]
* [doc] shorten README + link to githubio. [Christophe Vandeplas]
* [doc] Big doc revamp #680. [Christophe Vandeplas]
* [pip] changed yara-python version and updated pipfile.lock. [Christophe Vandeplas]
### Fix
* [expansion] whois module added back. [Alexandre Dulaunoy]
* [doc] make linting happy. [Christophe Vandeplas]
* [make] be sure the version of misp_modules installed are the one for generating the documentation. [Alexandre Dulaunoy]
* [doc] fixes newline in description. [Christophe Vandeplas]
* Fixes issues added in latest commit. [Christophe Vandeplas]
* [doc] align static documentation pages. [Christophe Vandeplas]
* [modules] many modules not loaded as python module. [Christophe Vandeplas]
* [cisco_firesight_manager_ACL_rule_export] include in __init__ [Christophe Vandeplas]
* [yara_export] add new module to __init__ [Christophe Vandeplas]
* [tests] fix yara issue in unit tests. [Christophe Vandeplas]
* [cve] fix CVE module to new vulnerability.circl.lu url. [Christophe Vandeplas]
* [doc] url fixed. [Alexandre Dulaunoy]
* [doc] regenerated. [Alexandre Dulaunoy]
@ -15,6 +59,113 @@
related to #673
### Other
* Merge pull request #685 from ostefano/actions. [Alexandre Dulaunoy]
Update GitHub actions
* Update GitHub actions. [Stefano Ortolani]
* Merge pull request #686 from MISP/ostefano-refactory. [Alexandre Dulaunoy]
Ostefano refactory
* Merge branch 'refactory' of https://github.com/ostefano/misp-modules into ostefano-refactory. [Alexandre Dulaunoy]
* Migrate to poetry and optimize dependencies. [Stefano Ortolani]
* Merge branch 'main' of https://github.com/MISP/misp-modules. [Christophe Vandeplas]
* Merge branch 'main' of https://github.com/MISP/misp-modules. [Christophe Vandeplas]
* Merge pull request #678 from ByronLabs/main. [Alexandre Dulaunoy]
Re-add Vysion
* Merge branch 'MISP:main' into main. [Germán Esteban]
* Merge pull request #5 from ByronLabs/pr/vysion. [Germán Esteban]
Update vysion package
* Update Vysion in pipfile. [german-esteban]
* Update REQUIREMENTS. [Germán Esteban]
* Update vysion package. [german-esteban]
* Merge branch 'MISP:main' into main. [Germán Esteban]
* Added vysion ito Pipfile. [german-esteban]
* Update expansion/vysion.py. [german-esteban]
* Merge pull request #2 from ByronLabs/pr/vysion. [Germán Esteban]
Pr/vysion
* Update documentation. [german-esteban]
* Update requirements. [german-esteban]
* Added cryptocurrencies types #2. [german-esteban]
* Added cryptocurrencies types. [german-esteban]
* Update REQUIREMENTS. [Germán Esteban]
* Merge branch 'MISP:main' into pr/vysion. [Germán Esteban]
* Update expansion module + Vysion client update version. [german-esteban]
* Merge pull request #679 from VirusTotal/feat/more-gti-attributes. [Alexandre Dulaunoy]
feat(Google Threat Intelligence): Add more attributes to the GTI enrichment
* WIP. [Daniel Pascual]
* WIP. [Daniel Pascual]
* WIP. [Daniel Pascual]
* Add more attributes to the GTI enrichment. [Daniel Pascual]
* Merge pull request #676 from VirusTotal/fix/vt-lib-event-loop-error. [Alexandre Dulaunoy]
fix(VirusTotal): Update vt lib which fix an event loop error
* Update vt lib which fix an event loop error. [Daniel Pascual]
* Merge pull request #677 from cudeso/main. [Alexandre Dulaunoy]
Fix 'Object' object has no attribute 'url' in virustotal
* Fix 'Object' object has no attribute 'url' in virustotal. [Koen Van Impe]
Fix
File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/__init__.py", line 210, in run_request
response = module.handler(q=json_payload)
File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 248, in handler
parser.query_api(attribute)
File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 46, in query_api
self.input_types_mapping[self.attribute.type](self.attribute.value)
File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 143, in parse_hash
related_file_object = self.create_misp_object(related_file)
File "/var/www/MISP/venv/lib/python3.8/site-packages/misp_modules/modules/expansion/virustotal_public.py", line 83, in create_misp_object
misp_object.add_attribute('Url', type='url', value=report.url)
File "/var/www/MISP/venv/lib/python3.8/site-packages/vt/object.py", line 160, in __getattribute__
value = super().__getattribute__(attr)
* Merge pull request #675 from VirusTotal/fix/vt-logo. [Alexandre Dulaunoy]
[VirusTotal] Update VT logo
* Reduce size. [Daniel Pascual]
* Update VT logo. [Daniel Pascual]
## v2.4.195 (2024-07-19)

2
static/Changelog-misp-objects.txt
View File

@ -1,7 +1,7 @@
# Changelog
## %%version%% (unreleased)
## v2.4.196 (2024-08-20)
### Changes

103
static/Changelog-misp-stix.txt
View File

@ -1,6 +1,109 @@
# Changelog
## v2.4.196 (2024-08-21)
### Changes
* [package] Updated version. [Christian Studer]
* [stix2 import] Excluding the producer from the event info title. [Christian Studer]
* [poetry] Bumped latest versions in lock file. [Christian Studer]
* [stix2 import] Better handling of the STIX2 Parser class arguments. [Christian Studer]
- Made the different arguments available with the
command line feature part of the parsing method
rather than setting them with the Parser init
* [stix2 import] Added separation in the generic Event info field, between the title and information on the producer. [Christian Studer]
* [stix2 import] Adding producer - when provided - to the generic info field. [Christian Studer]
* [poetry] Bumped lock file with the latest versions. [Christian Studer]
* [poetry] Bumped lock file with the latest dependencies versions. [Christian Studer]
* [readme] Updated command-line import feature arguments instructions. [Christian Studer]
* [misp_stix_converter] Getting the current user organisation uuid to use it for the Custom Clusters creation. [Christian Studer]
* [readme] Updated instruction for the command line feature. [Christian Studer]
### Fix
* [poetry] Tentative to fix lock file. [Christian Studer]
* [misp_stix_converter] Fixed some argparse help values. [Christian Studer]
* [tests] Fixed tests for STIX 2.x Bundles imported as MISP Events where producer and info values are set by user. [Christian Studer]
* [stix2 import] Fixed generic info field to use the title set by users. [Christian Studer]
- Title set by users is defining the info field if set
- Producer information is included as well if set
- If title is not set, then we have the fallback option
with a generic title based on the Bundle id and producer
* [stix2 export] Avoiding issues with EventReport referencing attributes or objects exported as Custom STIX 2 Object. [Christian Studer]
- As Event Reports are converted into STIX 2.1 Note
objects, and we check all the references to existing
data layer within the Event, some Attributes or
objects referenced in the Event report might be
converted to Custom STIX objects
- We have to check if those references are pointing
to custom objects and add the `allow_custom` flag
in that case
* [stix2 import] Avoiding issue with `getattr` which isn't able to check whether a `__` prefixed variable exists or not. [Christian Studer]
* [misp_stix_converter] Handling cases where url or authentication key is not provided to connect to MISP. [Christian Studer]
* [stix2 import] Added missing `producer` argument. [Christian Studer]
* [misp_stix_converter] Updated command-line import arguments. [Christian Studer]
- Added some descriptions on the default values
- Removed the default value for the `org_uuid`
parameter as the default value is set in the
method that is called already, which allows us
to check is the value is None in order to set
the UUID of the organisation of the current user
when we use the MISP connection
* [stix2 import] Added bundle id to the generic Event info field used when there is no Report or Grouping to parse. [Christian Studer]
* [misp_stix_converter] Quick fixes on the command-line feature. [Christian Studer]
* [misp_stix_converter] Providing default value to the version and distribution arguments with the command line feature. [Christian Studer]
* [stix2 import] Avoiding issues with the Event tags variable. [Christian Studer]
### Other
* Add: [misp_stix_converter] Global version argument added. [Christian Studer]
- This answers the request in #66
* Add: [tests] Tests for STIX 2.x Bundle import with specific producer or title set by user. [Christian Studer]
* Add: [misp_stix_converter] Added `title` argument to prefix Event info field with some title. [Christian Studer]
* Add: [readme] Added instructions on the producer argument. [Christian Studer]
* Add: [misp_stix_converter, stix2 import] Added `producer` argument to add in the Events converted from STIX 2.x the name of the producer. [Christian Studer]
* Add: [readme] Added more instructions and examples on the command-line feature usage. [Christian Studer]
* Add: [readme] Additional instructions on the installation process. [Christian Studer]
* Add: [misp_stix_converter] Extended the command line feature to allow to push Events on MISP from the conversion of STIX 2.x Bundles. [Christian Studer]
* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer]
## v2.4.194 (2024-06-21)
### Changes

31
static/Changelog-misp-warninglists.txt
View File

@ -1,6 +1,37 @@
# Changelog
## v2.4.196 (2024-08-20)
### Changes
* [lists] updated. [Alexandre Dulaunoy]
* [censys-scanning] updated. [Alexandre Dulaunoy]
* [warning-lists] updated. [Alexandre Dulaunoy]
### Other
* Merge pull request #283 from MISP/hardcoreslacker-patch-1. [Alexandre Dulaunoy]
Hardcoreslacker patch 1
* Update list.json. [hardcoreslacker]
Current ranges according to 'https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Data-Collection' last update of the article was 2024-05-03
* Merge pull request #281 from karenyousefi/main. [Alexandre Dulaunoy]
update
* Update list.json. [Karen Yousefi]
* Update list.json. [Karen Yousefi]
add hoo.be
## v2.4.195 (2024-07-26)
### Changes

145
static/Changelog.txt
View File

@ -2,21 +2,162 @@ Changelog
=========
%%version%% (unreleased)
------------------------
v2.4.196 (2024-08-21)
---------------------
New
~~~
- [decaying model] Add a DecayingModel based on true positive and false
positive sightings. [Marcel Slotema]
- [log search] added optional hh:mm:ss accuracy. [iglocska]
- also some refactoring to deal with the boat-load of copy-pasta
░░░░░░░░░░░░ ░░ ░░░░ ░░░░
░░░░░░░░░░ ░░▒▒▓▓██████░░ ░░▒▒██████░░ ░░
░░░░░░░░░░ ░░████ ██░░░░░░██ ██░░
░░░░░░░░░░░░ ▒▒████ ████░░░░▒▒██ ████░░
░░░░░░░░░░ ▒▒██▓▓ ██░░░░▒▒██ ██░░
░░░░░░░░ ▒▒████████░░ ▒▒████████▒▒
░░░░ ░░ ░░ ░░ ▒▒▒▒██░░██████░░▒▒██░░▓▓▓▓░░
░░░░ ░░ ░░▒▒████████████░░░░██████ ▓▓██████▒▒
░░░░░░░░ ▒▒████▒▒░░ ░░░░██░░██░░░░░░████▒▒ ▒▒▓▓
░░░░░░ ░░▒▒██░░██▒▒▓▓████░░░░██░░░░██░░██▒▒ ▒▒██▓▓░░██
░░░░ ░░░░▒▒██▒▒██░░ ▓▓██▒▒██ ░░████░░██░░ ▒▒▓▓▒▒▓▓████░░░░▒▒░░
░░ ░░▒▒██████░░░░ ▓▓▓▓▒▒▒▒▒▒██░░░░░░░░██████▓▓▒▒▒▒▒▒▓▓██▒▒▓▓██████
▒▒██░░▓▓████████▓▓▒▒▒▒▒▒▒▒██████████░░██▓▓▒▒▒▒▒▒▒▒▒▒██████░░░░██
░░▒▒▓▓▒▒░░▓▓██▒▒██▓▓▒▒▒▒▒▒▒▒▒▒██░░░░░░██░░▓▓▓▓▒▒▒▒▒▒▒▒▒▒██ ░░████
░░▒▒██░░▓▓▓▓██░░▒▒██▓▓████████░░░░██████░░░░▒▒██▒▒▒▒▒▒██░░░░██
░░▒▒██░░██░░▒▒██░░░░██▒▒ ░░░░██████▒▒ ██▓▓▒▒████████░░████░░
░░▒▒██▒▒██▒▒▒▒██████░░▓▓████░░░░██░░██░░██▓▓ ░░██▒▒████░░
░░▒▒██████████░░▒▒▒▒██████░░██░░░░████░░ ░░██░░ ██░░
░░░░▒▒▓▓██▒▒░░░░████░░░░░░██░░██░░██▓▓██░░░░████ ██▒▒░░
░░░░▒▒██░░██████▓▓▒▒██████▒▒░░██░░██▓▓██ ░░████░░ ██░░
░░░░▒▒██▓▓▒▒▒▒▒▒▒▒██░░░░░░░░██░░░░██▓▓████ ██▓▓██ ██░░
░░░░░░▒▒▒▒ ░░▒▒██▒▒░░▓▓██████ ██▓▓▒▒████ ██▓▓██░░▓▓▓▓
░░░░░░░░░░░░░░▒▒██░░████████░░██▒▒▒▒████▒▒██▓▓▒▒██░░██▓▓
░░░░░░░░ ▒▒████░░░░▓▓▓▓▓▓████░░▒▒▒▒██▒▒▒▒██▓▓██░░▓▓▓▓
░░░░░░░░▒▒▒▒████░░ ██▓▓▒▒██▓▓░░░░▒▒██▒▒▒▒██▒▒██░░▒▒▓▓
░░░░░░░░▒▒██░░░░▒▒██▓▓░░░░░░░░░░░░ ████▓▓▒▒▒▒██░░▓▓▓▓
░░░░░░░░▒▒████████░░░░ ░░░░░░░░░░ ░░██████░░
- [review user logs] made the button useful. [iglocska]
- was linking to the log index without any filters before
- now links to any changes affecting the user (model = User, model_id = user_id)
- is aware of the use of the new audit log system, linking to the most useful logs
- future improvements: add a secondary button for searches on the user email address in the logs by creation
Changes
~~~~~~~
- [PyMISP] Bump. [Raphaël Vinot]
- [version] bump. [iglocska]
- [decaying-model-formulas] Catches undefined indexes. [Sami Mokaddem]
- [decaying tool] Update sliders when a textbox is changed. [Marcel
Slotema]
- [attributes:restSearch] Added X-Skipped-Elements-Count Header.
[Benni0]
Added the X-Skipped-Elements-Count header, which should indicate how many items are skipped due to postprocessing.
With this header, the client should be able to do proper pagination and can stop iteration when the amount of items,
including the skipped items, is lower than the limit
- [internal] Include in logged message subject and e-mail address when
sending e-mail. [Jakub Onderka]
- [misp-stix] Bumped latest tagged version. [Christian Studer]
- [baseurl handling] fixed for reverse proxies. [iglocska]
- no more weird redirects that drop ports / externally requested baseurls from redirect links
- Thanks to @github-germ (Mitch Germansky) for the long, in-depth debug session and testing all the hacky attempts at fixing it
- [warning-list] updated to the latest version. [Alexandre Dulaunoy]
- [misp-object] updated to the latest version. [Alexandre Dulaunoy]
- [misp-galaxy] updated. [Alexandre Dulaunoy]
- [misp-stix] Bumped latest submodule version. [Christian Studer]
- [misp-stix] Bumped latest submodule version including some fixes.
[Christian Studer]
- [Attributes restSearch] added sort support for publish_timestamp.
[Benni0]
Fix
~~~
- [misp-stix] Bumped fixed version. [Christian Studer]
- [stix2 import] Updated STIX 2 parsers usage following recent changes
on misp-stix. [Christian Studer]
- [priority order in beforefilter] move the baseurl view var setting
further up in the chain. [iglocska]
- redis errors with benchmarking enabled could throw a notice error about the baseurl not being set for the views otherwise
- [image helper] allow for variable width org logos without overlapping
the text. [iglocska]
- [misp-stix] Bumped latest version including recent fixes. [Christian
Studer]
- [workflow:getEnabledModules] Make sure to return the correct type if
redis fails to load. [Sami Mokaddem]
- [cli setting change] in the previous commit fixed. [iglocska]
- Thanks @ostefano for noticing my fuckup
- [workflow:getEnabledModules] Make sure to return the correct type if
redis fails to load. [Sami Mokaddem]
- [settings] multiple fixes to changing settings on the instance.
[iglocska]
- fix an issue with simplebackgroundjobs setting changes barfing
- add a proper CLI check rather than that puzzling fileOnly shit we've had before
- [attribute search ordering fix] [iglocska]
- [attribute search] id based sliding window reverted. [iglocska]
- sadly the ordering is more expensive than the gain it looks like...
Other
~~~~~
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- Merge branch 'env_dependencies' into develop. [iglocska]
- Merge branch 'develop' into env_dependencies. [iglocska]
- Merge branch 'attributeRestsearchOrder' into develop. [iglocska]
- Merge branch 'develop' into attributeRestsearchOrder. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge branch 'pr-9849' into develop. [Sami Mokaddem]
- Merge branch 'x-skipped-elements-count' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[iglocska]
- Merge pull request #9865 from JakubOnderka/log-exception-email.
[Andras Iklody]
chg: [internal] Include in logged message subject and e-mail address …
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- Merge branch 'dependencies' into develop. [iglocska]
- Default to env dependencies, and fallback to submodules' [Stefano
Ortolani]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Alexandre Dulaunoy]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
- Merge branch 'develop' into 2.4. [iglocska]
- Merge branch '2.4' into develop. [Alexandre Dulaunoy]
- Merge pull request #9862 from kdrypr/patch-3. [Alexandre Dulaunoy]
Update defaults.json
- Update defaults.json. [Kadir YAPAR]
changed company and community
- Merge pull request #9859 from ostefano/openapi. [Andras Iklody]
Fix openapi specification
- Fix openapi specification. [Stefano Ortolani]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- Merge branch '2.4' into develop. [iglocska]
- Merge branch 'develop' of github.com:MISP/MISP into develop.
[Christian Studer]
- [chg] Modified Attributes to support mutlicolumn and
Model.publish_timestamp sorting. [Benni0]
- [chg:AppModel] Modified findOrder to support multicolumn sorting.
[Benni0]
v2.4.195 (2024-07-26)

6
static/img/communities/4431f2b1a0b55c2912c3500943a240e4.png
View File

File diff suppressed because one or more lines are too long

242
static/taxonomies.html
View File

@ -4,7 +4,7 @@
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 2.0.21">
<meta name="generator" content="Asciidoctor 2.0.23">
<title>MISP taxonomies and classification as machine tags</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
<style>
@ -594,6 +594,7 @@ body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-b
<li><a href="#_veris">veris</a></li>
<li><a href="#_vmray">vmray</a></li>
<li><a href="#_vocabulaire_des_probabilites_estimatives">vocabulaire-des-probabilites-estimatives</a></li>
<li><a href="#_vulnerability_3">vulnerability</a></li>
<li><a href="#_workflow">workflow</a></li>
</ul>
</li>
@ -35868,6 +35869,15 @@ cryptocurrency-threat namespace available in JSON format at <a href="https://git
</div>
</div>
<div class="sect2">
<h3 id="_rag_pull">Rag Pull</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatrag_pull">cryptocurrency-threat:Rag Pull</h4>
<div class="paragraph">
<p>Crypto scam that occurs when a team pumps their projects token before disappearing with the funds, leaving their investors with a valueless asset.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_pig_butchering_scam">Pig Butchering Scam</h3>
<div class="sect3">
<h4 id="_cryptocurrency_threatpig_butchering_scam">cryptocurrency-threat:Pig Butchering Scam</h4>
@ -37479,6 +37489,15 @@ dark-web namespace available in JSON format at <a href="https://github.com/MISP/
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructureransomware_post">dark-web:structure="ransomware-post"</h4>
<div class="paragraph">
<p>ransomwarePost</p>
</div>
<div class="paragraph">
<p>Ransomware post published by a ransomware group</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webstructureunclear">dark-web:structure="unclear"</h4>
<div class="paragraph">
<p>unclear</p>
@ -37679,6 +37698,51 @@ dark-web namespace available in JSON format at <a href="https://github.com/MISP/
<p>PGP public key block identified in the dark-web site</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webcontentcountry">dark-web:content="country"</h4>
<div class="paragraph">
<p>country</p>
</div>
<div class="paragraph">
<p>Associated country detected on the code of the dark-web site, following ISO 3166-1 alpha-2</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webcontentcompany_name">dark-web:content="company-name"</h4>
<div class="paragraph">
<p>companyName</p>
</div>
<div class="paragraph">
<p>Company name identified in a dark-web site</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webcontentcompany_link">dark-web:content="company-link"</h4>
<div class="paragraph">
<p>companyLink</p>
</div>
<div class="paragraph">
<p>Company link identified in a dark-web site</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webcontentvictim_address">dark-web:content="victim-address"</h4>
<div class="paragraph">
<p>victimAddress</p>
</div>
<div class="paragraph">
<p>Business address identified in a dark-web site</p>
</div>
</div>
<div class="sect3">
<h4 id="_dark_webcontentvictim_tld">dark-web:content="victim-TLD"</h4>
<div class="paragraph">
<p>victimTLD</p>
</div>
<div class="paragraph">
<p>Business Top Level Domain (TLD) of a company identified in a dark-web site</p>
</div>
</div>
</div>
</div>
</div>
@ -59253,12 +59317,24 @@ malware_classification namespace available in JSON format at <a href="https://gi
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categorystalkerware">malware_classification:malware-category="Stalkerware"</h4>
<div class="paragraph">
<p>Stalkerware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryspyware">malware_classification:malware-category="Spyware"</h4>
<div class="paragraph">
<p>Spyware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categoryzombieware">malware_classification:malware-category="Zombieware"</h4>
<div class="paragraph">
<p>Zombieware</p>
</div>
</div>
<div class="sect3">
<h4 id="_malware_classificationmalware_categorybotnet">malware_classification:malware-category="Botnet"</h4>
<div class="paragraph">
<p>Botnet</p>
@ -59874,37 +59950,52 @@ Exclusive flag set which means the values or predicate below must be set exclusi
<div class="sect3">
<h4 id="_mispevent_typeobservation">misp:event-type="observation"</h4>
<div class="paragraph">
<p>observation</p>
<p>observation related to single entity, like an email</p>
</div>
<div class="paragraph">
<p>This event describes traits and indicators closely related to a single entity, like an email campaign or sighting of a reference sample on VirusTotal. Events of this type are typically created by SOC staff and may be verified by analysts. Observed and verified indicators would be consumed by automated filtering systems in order to support near-time threat prevention. In retrospect, observations could be correlated with reports and analysis events in order to help understand the motivation for an attack and to reassess the associated risk.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typeincident">misp:event-type="incident"</h4>
<div class="paragraph">
<p>incident</p>
<p>incident, based on first-hand information</p>
</div>
<div class="paragraph">
<p>This event describes traits and indicators related to a security incident. As such, the event may refer to multiple entities like organizations, bank account numbers, files, and URLs. Events of this type contain first-hand information, that is, the reporting organization took part in the analysis of the incident. Use event type "Report" for second-hand information. Events of this type are typically created and consumed by analysts.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typereport">misp:event-type="report"</h4>
<div class="paragraph">
<p>report</p>
<p>report, based on second-hand information</p>
</div>
<div class="paragraph">
<p>Traceability of indicators can be essential to document compliance of processes with legal obligations or company regulations. This event preserves a report to document the origin and context of indicators. Events of this type need to be checked by a human to ensure correct reproduction of indicators and context. Intended consumers are automated processes. Events may also serve as a basis for analysis reports or to justify preventive measures. If your organization is or was directly involved in an incident and you want to provide a first-hand account, then please use event type "Incident" instead.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typecollection">misp:event-type="collection"</h4>
<div class="paragraph">
<p>collection</p>
<p>collection of unrelated IoCs</p>
</div>
<div class="paragraph">
<p>This event collects unrelated IoCs. For example, an event could combine all network IoCs that were learned of during a day or a week from events of other types.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typeanalysis">misp:event-type="analysis"</h4>
<div class="paragraph">
<p>analysis</p>
<p>analysis, contains context and enrichments</p>
</div>
<div class="paragraph">
<p>This event builds on "observation", "incident", and "report" events; adds enrichments; and provides context. Events of this type will be created by analysts with support by automated tools. Analysts are also the main consumers.</p>
</div>
</div>
<div class="sect3">
<h4 id="_mispevent_typeautomatic_analysis">misp:event-type="automatic-analysis"</h4>
<div class="paragraph">
<p>automatic-analysis</p>
<p>the result of automated analysis.</p>
</div>
</div>
</div>
@ -67972,7 +68063,7 @@ priority-level namespace available in JSON format at <a href="https://github.com
</table>
</div>
<div class="paragraph">
<p>After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on <a href="https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System" class="bare">https://www.us-cert.gov/NCCIC-Cyber-Incident-Scoring-System</a>.</p>
<p>After an incident is scored, it is assigned a priority level. The six levels listed below are aligned with NCCIC, DHS, and the CISS to help provide a common lexicon when discussing incidents. This priority assignment drives NCCIC urgency, pre-approved incident response offerings, reporting requirements, and recommendations for leadership escalation. Generally, incident priority distribution should follow a similar pattern to the graph below. Based on <a href="https://www.cisa.gov/news-events/news/cisa-national-cyber-incident-scoring-system-nciss" class="bare">https://www.cisa.gov/news-events/news/cisa-national-cyber-incident-scoring-system-nciss</a>.</p>
</div>
<div class="admonitionblock important">
<table>
@ -86515,6 +86606,113 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div>
</div>
<div class="sect1">
<h2 id="_vulnerability_3">vulnerability</h2>
<div class="sectionbody">
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
vulnerability namespace available in JSON format at <a href="https://github.com/MISP/misp-taxonomies/blob/main/vulnerability/machinetag.json"><strong>this location</strong></a>. The JSON format can be freely reused in your application or automatically enabled in <a href="https://www.github.com/MISP/MISP">MISP</a> taxonomy.
</td>
</tr>
</table>
</div>
<div class="paragraph">
<p>A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.</p>
</div>
<div class="sect2">
<h3 id="_exploitability">exploitability</h3>
<div class="paragraph">
<p>Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.</p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
Exclusive flag set which means the values or predicate below must be set exclusively.
</td>
</tr>
</table>
</div>
<div class="sect3">
<h4 id="_vulnerabilityexploitabilityindustrialised">vulnerability:exploitability="industrialised"</h4>
<div class="paragraph">
<p>Industrialised</p>
</div>
<div class="paragraph">
<p>Existing vulnerability with detailed attack methods; multiple tools are available for exploitation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilityexploitabilitycustomised">vulnerability:exploitability="customised"</h4>
<div class="paragraph">
<p>Customised</p>
</div>
<div class="paragraph">
<p>Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilityexploitabilitydocumented">vulnerability:exploitability="documented"</h4>
<div class="paragraph">
<p>Documented</p>
</div>
<div class="paragraph">
<p>Existing vulnerability is documented with an attack approach, but tools for exploitation are not available.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilityexploitabilitytheoretical">vulnerability:exploitability="theoretical"</h4>
<div class="paragraph">
<p>Theoretical</p>
</div>
<div class="paragraph">
<p>Publication describes a theoretical but no actual vulnerability is reported.</p>
</div>
</div>
</div>
<div class="sect2">
<h3 id="_information">information</h3>
<div class="paragraph">
<p>Complementary information related to the vulnerability.</p>
</div>
<div class="sect3">
<h4 id="_vulnerabilityinformationpoc">vulnerability:information="PoC"</h4>
<div class="paragraph">
<p>Proof-of-Concept</p>
</div>
<div class="paragraph">
<p>Reference to a proof-of-concept for exploiting the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilityinformationremediation">vulnerability:information="remediation"</h4>
<div class="paragraph">
<p>Remediation</p>
</div>
<div class="paragraph">
<p>Remediation to limit or block the exploitability of the vulnerability.</p>
</div>
</div>
<div class="sect3">
<h4 id="_vulnerabilityinformationannotation">vulnerability:information="annotation"</h4>
<div class="paragraph">
<p>Annotation</p>
</div>
<div class="paragraph">
<p>Annotation or clarification to a vulnerability.</p>
</div>
</div>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_workflow">workflow</h2>
<div class="sectionbody">
<div class="admonitionblock note">
@ -86666,7 +86864,31 @@ workflow namespace available in JSON format at <a href="https://github.com/MISP/
<div class="sect3">
<h4 id="_workflowtodopreserve_evidence">workflow:todo="preserve-evidence"</h4>
<div class="paragraph">
<p>Preseve evidence mentioned in the information tagged</p>
<p>Preserve evidence mentioned in the information tagged</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_relevance">workflow:todo="review-relevance"</h4>
<div class="paragraph">
<p>Review if the event is relevant</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_completeness">workflow:todo="review-completeness"</h4>
<div class="paragraph">
<p>Review if the event is complete</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_accuracy">workflow:todo="review-accuracy"</h4>
<div class="paragraph">
<p>Review the accuracy of an event or attribute</p>
</div>
</div>
<div class="sect3">
<h4 id="_workflowtodoreview_quality">workflow:todo="review-quality"</h4>
<div class="paragraph">
<p>Review the quality of an event or attribute</p>
</div>
</div>
</div>
@ -87367,7 +87589,7 @@ Exclusive flag set which means the values or predicate below must be set exclusi
</div>
<div id="footer">
<div id="footer-text">
Last updated 2024-03-04 10:02:57 +0100
Last updated 2024-08-30 09:45:18 +0200
</div>
</div>
</body>

232625
static/taxonomies.pdf
View File

File diff suppressed because one or more lines are too long