From f190d679cbdd50f04e86401d487faa4d4f49ba70 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 24 Aug 2023 15:23:26 +0200 Subject: [PATCH] chg: [changelog] updated --- static/Changelog-PyMISP.txt | 21 +++ static/Changelog-misp-galaxy.txt | 35 +++++ static/Changelog-misp-modules.txt | 39 ++++++ static/Changelog-misp-objects.txt | 76 +++++++++++ static/Changelog-misp-stix.txt | 174 +++++++++++++++++++++++ static/Changelog-misp-taxonomies.txt | 7 + static/Changelog-misp-warninglists.txt | 19 +++ static/Changelog.txt | 182 +++++++++++++++++++++++++ 8 files changed, 553 insertions(+) diff --git a/static/Changelog-PyMISP.txt b/static/Changelog-PyMISP.txt index 869e8dd..d001aa4 100644 --- a/static/Changelog-PyMISP.txt +++ b/static/Changelog-PyMISP.txt @@ -2,6 +2,27 @@ Changelog ========= +v2.4.175 (2023-08-23) +--------------------- + +Changes +~~~~~~~ +- Bump objects, missed that. [Raphaël Vinot] +- Bump changelog. [Raphaël Vinot] +- Bump version. [Raphaël Vinot] +- Bump deps, readthedocs config. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] +- Bump deps. [Raphaël Vinot] + +Fix +~~~ +- Update Sharing group info from full object. [Raphaël Vinot] + + Fix #1049 +- Changes in msg-extract strip a character. [Raphaël Vinot] + + v2.4.174 (2023-07-31) --------------------- diff --git a/static/Changelog-misp-galaxy.txt b/static/Changelog-misp-galaxy.txt index b986766..eef7f68 100644 --- a/static/Changelog-misp-galaxy.txt +++ b/static/Changelog-misp-galaxy.txt @@ -1,6 +1,41 @@ # Changelog +## v2.4.175 (2023-08-23) + +### Changes + +* [sigma] updated. [Alexandre Dulaunoy] + +* [sigma] updated. [Alexandre Dulaunoy] + +### Other + +* Merge pull request #858 from danielplohmann/ref-update. [Alexandre Dulaunoy] + + updating multiple references + +* Version bump. [Daniel Plohmann (Saturn)] + +* Replaced various broken links with reachable equivalents. [Daniel Plohmann (Saturn)] + +* Merge pull request #857 from danielplohmann/main-2. [Alexandre Dulaunoy] + + adding MoustachedBouncer + +* Jq fix. [Daniel Plohmann] + +* Adding MoustachedBouncer. [Daniel Plohmann] + +* Merge pull request #856 from danielplohmann/main-1. [Alexandre Dulaunoy] + + alias Callisto -> BlueCharlie + +* Alias Callisto -> BlueCharlie. [Daniel Plohmann] + + not sure, if you also want to have the Microsoft names in here (I think they are tracked separately?), otherwise, that would be Star Blizzard according to the article. + + ## v2.4.174 (2023-07-31) ### Changes diff --git a/static/Changelog-misp-modules.txt b/static/Changelog-misp-modules.txt index be6f9b8..b5e614c 100644 --- a/static/Changelog-misp-modules.txt +++ b/static/Changelog-misp-modules.txt @@ -1,6 +1,45 @@ # Changelog +## v2.4.175 (2023-08-23) + +### New + +* Add waterfall plot to the expanded object. [Luciano Righetti] + +* Add sigmf module to expand a sigmf recording object template. [Luciano Righetti] + +### Fix + +* Remove unused import. [Luciano Righetti] + +* Matplotlib version under python 3.7. [Luciano Righetti] + +* Ci, urlhaus api response changed. [Luciano Righetti] + +* Properly read samples in different datatypes. [Luciano Righetti] + +* Remove debug. [Luciano Righetti] + +### Other + +* Merge pull request #630 from jthom-vmray/fix-optional-field-access. [Alexandre Dulaunoy] + + fix optional field access + +* Fix optional field access. [Jens Thom] + +* Add: sigmf module doc. [Luciano Righetti] + +* Merge pull request #628 from righel/add-sigmf-expand-module. [Luciano Righetti] + + new: add sigmf module to expand a sigmf recording object template + +* Add: support extracting sigmf archives into sigmf recordings. [Luciano Righetti] + +* Add: add required python packages for sigmf expansion module. [Luciano Righetti] + + ## v2.4.174 (2023-07-31) ### Changes diff --git a/static/Changelog-misp-objects.txt b/static/Changelog-misp-objects.txt index e0401d4..1f15e8c 100644 --- a/static/Changelog-misp-objects.txt +++ b/static/Changelog-misp-objects.txt @@ -1,6 +1,82 @@ # Changelog +## v2.4.175 (2023-08-23) + +### New + +* [x-header] new generic X header object for SMTP, HTTP and others. [Alexandre Dulaunoy] + +* Sigmf archive object. [Luciano Righetti] + +* Add fft and waterfall attributes. [Luciano Righetti] + +* Add basic SigMF templates. [Luciano Righetti] + +### Changes + +* [artifact] Changed the `hashes` attribute into the different hash type attributes. [Christian Studer] + + - A change to adopt the same logic as file objects + regarding the different hash values + - In STIX 2.1 an Artifact object is not necessarily + linked to a File object and both referenced by + an Observed Data object. In some cases Artifact + objects are referenced for instance by Malware + objects, in which case they describe the actual + malware sample. It is then usefull to have the + different hash values in single attributes rather + than concatenated in a text attribute + +### Fix + +* [artifact] Properly JQed the end of file. [Christian Studer] + +* [malware] Fixed `is_family` attribute type. [Christian Studer] + +* [scan-results] JSON and trailing comma ;-) [Alexandre Dulaunoy] + +* Jq all the things. [Luciano Righetti] + +* Minor fixes. [Luciano Righetti] + +* Jq all the things. [Luciano Righetti] + +### Other + +* Merge pull request #404 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + Artifact object update + +* Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch. [Christian Studer] + +* Merge pull request #403 from MISP/chrisr3d_patch. [Alexandre Dulaunoy] + + Malware & Malware Analysis objects + +* Add: [readme] Added `malware` and `malware-analysis` to the list of available object templates, with a small description for each. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch. [Christian Studer] + +* Merge branch 'mFaou-main' into main. [Alexandre Dulaunoy] + +* Merge branch 'main' of https://github.com/mFaou/misp-objects into mFaou-main. [Alexandre Dulaunoy] + +* Added requiredOneOf to scan-result object definition. [Matthieu Faou] + +* Removed the scan-result field requirement in the scan-result object. [Matthieu Faou] + +* Merge pull request #398 from righel/add-sigmf-templates. [Luciano Righetti] + + new: add basic SigMF templates + +* Add: [malware] New object template to describe a malware. [Christian Studer] + +* Add: [malware-analysis] New object template to describe a static or dynamic analysis performed on a malware instance or family. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-objects into chrisr3d_patch. [Christian Studer] + + ## v2.4.174 (2023-07-31) ### New diff --git a/static/Changelog-misp-stix.txt b/static/Changelog-misp-stix.txt index 62216bc..f308add 100644 --- a/static/Changelog-misp-stix.txt +++ b/static/Changelog-misp-stix.txt @@ -1,6 +1,180 @@ # Changelog +## v2.4.175 (2023-08-24) + +### Changes + +* [poetry] Updated lock file. [Christian Studer] + +* [poetry] Updated lock file. [Christian Studer] + +* [package] Set new version. [Christian Studer] + +* [__init__] Clearer classes & methods import as well as `noqa` added to imports. [Christian Studer] + +* [poetry] Bumped latest lock file. [Christian Studer] + +* [package] Bumped version (& pymisp) [Christian Studer] + +### Fix + +* [workflow] Testing both internal & external STIX content to import to MISP. [Christian Studer] + +* [tests] Fixed test samples for external Malware objects converted as Galaxies. [Christian Studer] + +* [stix2 import] Some clean-up - Removed unused stuff & Added missing stuff. [Christian Studer] + +* [stix2 import] Fixed failing message. [Christian Studer] + +* [stix2 import] Some pycodestyle clean-up. [Christian Studer] + +* [stix2 import] A few typing and unused methods fixed. [Christian Studer] + +* [stix2 import] Fixed debugging messages handling in the command-line feature. [Christian Studer] + +* [stix2 import] Removed unused UUID extraction method & made the method to populate object attributes common to all converters. [Christian Studer] + +* [stix2 import] Fixed reverse malware handling depending on the `is_family` flag. [Christian Studer] + +* [stix2 import] Added the missing object attributes populating method. [Christian Studer] + +* [stix2 import] Removed the UUID handling methods in the parsers directory to keep using the original ones from `importparser` as a MISP event also need some of those methods. [Christian Studer] + +* [tests] Fixed STIX 2.0 test method names. [Christian Studer] + +* [stix2 export] Some more pycodestyle to make the mapping cleaner. [Christian Studer] + +* [stix2 import] Some quick pycodestyle to make the mapping cleaner. [Christian Studer] + +* [stix2 import] Fixed debugging messages handling in the command-line feature. [Christian Studer] + +### Other + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'dev' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Wip: [stix2 import] Properly handling Observable. [Christian Studer] + + - We moved the InternalSTIX2toMISPParser back to + its previous state regarding observable objects + handling because we do not generate standalone + observable objects with the MISP to STIX feature + - We fixed some bad observable handling in the + External parser to avoid issues with the `used` + flag which was not handled correctly in some + cases + +* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Fix; [stix2 import] Avoiding issues with missing `time` import. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'parser_feature' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Wip: [stix2 import] Better Observable objects handling. [Christian Studer] + + - Objects referenced by malware & malware-analysis + SDOs are now handled with no duplication issue + +* Wip: [stix2 import] Better parsing for some malware-analysis reference fields. [Christian Studer] + +* Wip: [stix2 import] Storing observable objects differently. [Christian Studer] + + - Preparing for their parsing as standalone + objects or with multiple references from + different SDOs to the same Observable + +* Fix; [stix2 import] Fixed Malware conversion as MISP Object. [Christian Studer] + + - In the case we do not need to return the converted + MISP objects, we should not yield the objects, + as an iterator needs to be consumed, which we + do only when we convert the Malware as a Galaxy + Cluster too and add it to the appropriate + attributes of the MISP object + +* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Wip: [stix2 import] Handling the Malware Analysis objects in the main parsing classes. [Christian Studer] + +* Wip: [stix2 import] Parsing & Converting STIX 2.1 Malware Analysis objects. [Christian Studer] + + - We need to add the parsing mechanisms in the + main parsers + - Some more love is required to handle some of the + fields referenced by the malware analysis object + +* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Wip: [stix2 import] Parsing specific cases where a STIX 2 Malware object is converted as both an object and a galaxy. [Christian Studer] + + - We're adding the galaxy to the attributes with + an ids flag in all the MISP objects that are + generated from the conversion of the Malware + object - there are sometimes software, file or + artifact objects too coming from the different + references the Malware object has + +* Wip: [stix2 import] Added missing galaxy as tag names parsing methods & properly handling the galaxy conversion case. [Christian Studer] + +* Wip: [stix2 import] Added pluggable Observable objects conversion class to handle observable objects references by malware objects. [Christian Studer] + +* Wip: [stix2 import] Calling the already existing converters. [Christian Studer] + + - We keep the parsing methods in the parser scripts + as they are for now, in order to avoid breaking + the whole parsing mechanism for the other STIX + objects which conversion methods are not + implemented in the conversion directory yet + +* Wip: [stix2 import] Properly converting STIX 2.1 Malware objects. [Christian Studer] + +* Wip: [stix2 import] Clarified class names, script names, and improved malware objects parsing. [Christian Studer] + +* Wip: [stix2 import] Converting `script` objects from STIX 2 Malware objects. [Christian Studer] + +* Fix; [stix2 import] Fixed Malware galaxies meta fields parsing. [Christian Studer] + +* Wip: [stix2 import] Porting the conversion capacity with the mappings into the parsers sub-directory. [Christian Studer] + +* Wip: [stix2 import] Externalising conversion capacity to specific parsers. [Christian Studer] + + - Starting with Attack Pattern & Malware (WiP) objects + +* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'main' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'dev' of github.com:misp/misp-stix into parser_feature. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'main' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + +* Merge branch 'dev' of github.com:MISP/misp-stix into dev. [Christian Studer] + + ## v2.4.174 (2023-07-31) ### Changes diff --git a/static/Changelog-misp-taxonomies.txt b/static/Changelog-misp-taxonomies.txt index c578c17..642537a 100644 --- a/static/Changelog-misp-taxonomies.txt +++ b/static/Changelog-misp-taxonomies.txt @@ -1,6 +1,13 @@ # Changelog +## v2.4.175 (2023-08-23) + +### Changes + +* [tlp] fix an unclear thing in tlp:unclear. [Alexandre Dulaunoy] + + ## v2.4.174 (2023-07-31) ### Changes diff --git a/static/Changelog-misp-warninglists.txt b/static/Changelog-misp-warninglists.txt index 05ee7b1..6796d0d 100644 --- a/static/Changelog-misp-warninglists.txt +++ b/static/Changelog-misp-warninglists.txt @@ -1,6 +1,25 @@ # Changelog +## v2.4.175 (2023-08-23) + +### New + +* [zscaler] Zscaler IP addresses added. [Alexandre Dulaunoy] + + Thanks to Remi Akintonde for the idea + +* [openai chatgpt] OpenAI source bot added. [Alexandre Dulaunoy] + +### Changes + +* [warning-lists] updated. [Alexandre Dulaunoy] + +* [doc] warning-lists updated. [Alexandre Dulaunoy] + +* [lists] updated. [Alexandre Dulaunoy] + + ## v2.4.174 (2023-07-31) ### Changes diff --git a/static/Changelog.txt b/static/Changelog.txt index ff43ef8..fdf283b 100755 --- a/static/Changelog.txt +++ b/static/Changelog.txt @@ -2,6 +2,188 @@ Changelog ========= +v2.4.175 (2023-08-24) +--------------------- + +New +~~~ +- [dashboard:widgets] Added support of start_date and end_date options + for vairous widgets + fixed few bugs. [Sami Mokaddem] +- [user:periodicReporting] Allow setting the number of days to look back + (UI only) [Sami Mokaddem] +- [dashboard:orgWidget] Added support of `first_half_year` and + `second_half_year` time frames. [Sami Mokaddem] +- [dashboard:export] Added CSV export functionality. [Sami Mokaddem] +- Allow user to enrich objects. [Luciano Righetti] + +Changes +~~~~~~~ +- [version] bump. [iglocska] +- [misp-stix] Bumped latest version. [Christian Studer] +- Skip if email disabled, avoids logging exception on each email attempt + fixes #9251. [Luciano Righetti] +- [misp-stix] Bumped latest version. [Christian Studer] +- [PyMISP] Bump. [Raphaël Vinot] +- [misp-workflow-blueprints] updated to the latest version. [Alexandre + Dulaunoy] +- [taxonomies] updated to the latest version. [Alexandre Dulaunoy] +- [warning-lists] updated. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] +- [installer] Update installer checksums. [Steve Clement] +- [installer] Update to latest Kali. [Steve Clement] +- [doc] Fix 404 file not found. [Johan Nilsson] +- [cakephp] 2.x updated to include latest version of the CA bundle. + [Alexandre Dulaunoy] +- [dashbord:loginWidget] Added doc for `start_date` and `end_date` [Sami + Mokaddem] +- [dashboardWidget:barChart] Added option `forceLogarithm` [Sami + Mokaddem] +- [feeds] fix typo in the feed. [Alexandre Dulaunoy] +- [dashboard:exportcsv] Small refactoring. [Sami Mokaddem] +- [meta] CERT-PL/NASK malicious domain list added. [Alexandre Dulaunoy] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] +- [doc] Fix python naming swap (based on example and practice) and stray + whitespace. [Anders Einar Hilden] +- [doc] Remove symlink to non-exsisting ubuntu 16.04 docs. [Anders Einar + Hilden] +- [misp-objects] updated to the latest version. [Alexandre Dulaunoy] + +Fix +~~~ +- [misp-stix] Bumped latest version including a quick fix. [Christian + Studer] +- [CRUD-IndexFilter] correct index page filtering for REST requests. fix + #9265. [Jeroen Pinoy] +- Prevent push_rules from being required in API requests to /server/edit + endpoint. [TomOgs] +- Event audit log pagination bug, fixes #9245. [Luciano Righetti] +- [feed] tools updated to configure export path and certificate + validation. [Alexandre Dulaunoy] +- Import event json with key. [Luciano Righetti] +- Allow import of json event without the key. [Luciano Righetti] +- [dashboard:apiActivity] Do not initialize variable if not needed. + [Sami Mokaddem] +- [dashboard:apiActivityWidget] Fixed mixing datetime condition format. + [Sami Mokaddem] +- [dashboard:loginsWidget] Fixed mixing datetime condition format. [Sami + Mokaddem] +- [security] reflected xss on dashboard edit. [Luciano Righetti] +- [dashboard:widgets] Reverted `only_full_group_by` fix as it returns + incorrect data. [Sami Mokaddem] + + Will need to fix this later on +- [Galaxies] fix galaxy view, galaxy clusters search. fix #9224. [Jeroen + Pinoy] +- Not supported. [Luciano Righetti] +- /taxonomies/view filter fixes #8875. [Luciano Righetti] +- [users:periodicReport] Update URL based on the selected number of + days. [Sami Mokaddem] +- [dashboard:csvExport] Quote elements and correctly apply line break. + [Sami Mokaddem] +- [security] XSS in event index. [Sami Mokaddem] + + - As reported by Marcos Rrodriguez S-V +- [dashboard:widget] Additional comma in function parameters breaks + older PHP version. [Sami Mokaddem] +- [dashboard:trendingTagsWidget] Correctly use fallback value. [Sami + Mokaddem] +- [dashboard:usageDataWidget] Handle division by 0. [Sami Mokaddem] +- [dashboard:widgets] Correctly group to fix `only_full_group_by` + issues. [Sami Mokaddem] +- Only show object enrichment icon if theres an available enrichment for + the template. [Luciano Righetti] +- [server settings] online version check and self-update default + behaviour changed. [iglocska] +- [attribute search] when adding multiple value filters via the && + syntax, don't treat each empty value as a separate entry. [iglocska] + +Other +~~~~~ +- Merge branch 'develop' into 2.4. [iglocska] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Christian + Studer] +- Update bug-form.yml. [Luciano Righetti] + + describe first the actual behaviour +- Merge pull request #9266 from Wachizungu/fix-indexfilter-massage. + [Luciano Righetti] + + fix: [CRUD-IndexFilter] correct index page filtering for REST request… +- Merge pull request #9259 from TomOgs/ServerEditIssue. [Luciano + Righetti] + + fix: check for existence of push_rules in /server/edit requests before parsing JSON +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [Christian Studer] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #9262 from SteveClement/guides. [Steve Clement] + + chg: [installer] Update to latest Kali +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Alexandre + Dulaunoy] +- Merge branch '2.4' into develop. [Alexandre Dulaunoy] +- Merge pull request #9250 from jn9999/fix-404. [Alexandre Dulaunoy] + + chg: [doc] Fix 404 file not found. +- Merge remote-tracking branch 'origin/2.4' into develop. [Sami + Mokaddem] +- 10.64.247.201Merge remote-tracking branch 'origin/2.4' into develop. + [Sami Mokaddem] +- Merge remote-tracking branch 'origin/2.4' into develop. [Sami + Mokaddem] +- Merge branch '2.4' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. [Sami + Mokaddem] +- Merge pull request #9225 from Wachizungu/fix-galaxy-view-galaxy- + clusters-search. [Alexandre Dulaunoy] + + fix: [Galaxies] fix galaxy view, galaxy clusters index search. fix #9224 +- Merge pull request #9233 from righel/fix-8875. [Alexandre Dulaunoy] + + Fix /taxonomies/view string filter +- Merge remote-tracking branch 'origin/2.4' into develop. [Sami + Mokaddem] +- Merge branches 'develop' and 'develop' of github.com:MISP/MISP into + develop. [Sami Mokaddem] +- Merge branch '2.4' into develop. [Sami Mokaddem] +- Merge remote-tracking branch 'origin/2.4' into develop. [Sami + Mokaddem] +- Merge branch 'develop' of github.com:MISP/MISP into develop. + [iglocska] +- Merge pull request #9187 from righel/allow-enrich-objects. [Luciano + Righetti] + + new: allow user to enrich objects +- Merge branch 'develop' into allow-enrich-objects. [Luciano Righetti] +- Merge branch 'selfupdate' into develop. [iglocska] +- New [diag]: Improve diagnostics when instance does not have internet + or does not use self-update. [Anders Einar Hilden] + + Introduces two new settings: + * `MISP.self_update` allows to enable/disable the GUI button for MISP self-update on the Diagnostics page. + * `MISP.online_version_check` allows to enable/disable the online MISP version check when loading the Diagnostics page. + + These settings are useful for 1. container installations that should + not be updated using self-update, and 2. installation that have no + direct or proxy internet access. + + There are also improvements on the Diagnostics page, primarily the MISP + version area. Font color has been replace with classes, this allows the + use of the `bold` class, not just colors, and possible combination with + the red/green/orange colour classes. + + The info/status/warning/error texts have been changed to take into + account the status of `MISP.self_update` and + `MISP.online_version_check`. +- Merge branch '2.4' into develop. [iglocska] +- Merge pull request #9229 from Kagee/kagee-remove-dead-symlink. [Andras + Iklody] + + Kagee remove dead symlink + + v2.4.174 (2023-07-31) ---------------------