level before). The normal solution would be to encapsulate the
entire table in a form, but since we have formlinks for the deletes /
publishes this would get flagged as form tampering by the security
components.
- As a fix, filter forms are created separately for the 4 search fields within their now with hidden fields that keep the persistence of the previously
entered filter terms
- Incorrect line removed from migration. [iglocska]
- Update to the migration. [iglocska]
- First update to the SQL scripts. [iglocska]
- Wrong file included in previous commit. [iglocska]
- ShadowAttribute notifications, and some minor fixes. [iglocska]
- New field for events, locking an event from sending out a contact
e-mail when a proposal is made to it
- Default setting for the new field is 0, if a shadow attribute is
added an e-mail is sent to all subscribing members of the orgc and the
new field is set to 1
- Accepting a change resets the field to 0
- Extra access control restriction for reportValidationIssues.
[iglocska]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [iglocska]
- Micro cleanup of servers index. [Christophe Vandeplas]
- ReportValidationIssues function. [Christophe Vandeplas]
- Fix UI issue of top bar. [Christophe Vandeplas]
- First start of report functions. see issue #122. [Christophe
Vandeplas]
- Little bit more details about sync errors. [Christophe Vandeplas]
- Shows spaces in attribute value. fixes #19. [Christophe Vandeplas]
- Sanitisation of the data when generating .ioc file. [iglocska]
- Login url won't include /admin/ anymore. [iglocska]
- routing issue fixed
- Addition of the Event History. [iglocska]
- uses the logs to generate a list of actions affecting the selected
event and all of its attributes
- view is very minimalistic, not to show anything restricted
- Sync pull backwards compatibility with MISPv2. [Christophe Vandeplas]
- (workaround) better error message when HTTP problem with Server Pull.
[Christophe Vandeplas]
- UI consistency. [iglocska]
- Several smaller changes. [iglocska]
- Fix to the proposed attribute edit that got broken in a previous
commit
- Fix to the org filters for non admin users
- Some changes to the documentation
- More updates to the manual. [iglocska]
- More updates to the manual. [iglocska]
- Some UI changes and partial update to the manual. [iglocska]
- Added 2 new type of attributes. [iglocska]
- sha256 / filename|sha256
- uploading a malware sample now automatically creates a filename|sha1
and a filename|sha256 in addition to the sample|md5
- Fix incorrect order of checking user info (with REST authkey)
[Christophe Vandeplas]
- Fix MYSQL missing ; [Christophe Vandeplas]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Christophe Vandeplas]
- Reference to maxDist removed in the attribute edit view. [iglocska]
- obsolete
- Removed some obsolete code. [iglocska]
- canEditDist is obsolete, removed some more references to it
- Bug fixed with event creation. [iglocska]
- Previous commit unsetting new attribute IDs breaks if no attributes
present -> fixed
- Fix bug in iocexport. [Christophe Vandeplas]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Christophe Vandeplas]
- Protection against lost attributes with saveAssociated. [iglocska]
- attributes that are added have to have their id unset before being
added in order to avoid overwriting existing attributes
- Fix file download missing extension. [Christophe Vandeplas]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [iglocska]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Christophe Vandeplas]
- Micro improvement. [Christophe Vandeplas]
- Change to the routes. [iglocska]
- disabling the routes to indeces with pagination throws an error when
switching to another page
- Shadow attribute change. [iglocska]
- fixed incorrect link to edit shadow attributes and the distribution
checks
- Update to the publish. [iglocska]
- _publish doesn't attempt to upload events that have a distribution of
0 or 1 (private and community) but instead just set to published and
return true
- Update to the IOCImprt/Export. [iglocska]
- bringing the two components up to date with the distribution changes
- Typo in UsersController fixed. [iglocska]
- Routing and some UI changes to the users admin_index. [iglocska]
- UI changes and more work on the sync. [Iglocska]
- updated the side menu
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Iglocska]
- Minor improvements in documentation. [Christophe Vandeplas]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Christophe Vandeplas]
- Bugfix in UI. [Christophe Vandeplas]
- Pull can not edit events / attributes. [Iglocska]
- added the _edit method in EventsController
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Iglocska]
- Fix to the attribute list when not logged in. [Iglocska]
- incorrect syntax fixed
- Small bug with view() fixed. [Iglocska]
- Some more fixes to the sync. [Iglocska]
- Merge branch 'feature/sync/timestamp' of https://github.com/MISP/MISP
into feature/sync/timestamp. [Iglocska]
- Merge branch 'develop' of https://github.com/MISP/MISP into
feature/sync/timestamp. [Christophe Vandeplas]
Conflicts:
app/View/Attributes/index.ctp
app/View/Events/add.ctp
app/View/Events/edit.ctp
- Merge branch 'feature/gui' into develop. [Christophe Vandeplas]
Conflicts:
app/View/Users/memberslist.ctp
- Performance - caching of CakeRouting and url generation. [Christophe
Vandeplas]
- UI filter of event view (forgot this file) [Christophe Vandeplas]
- Unified links. [Christophe Vandeplas]
- Improve UI of event index filtering. [Christophe Vandeplas]
- Fix documentation link. [Christophe Vandeplas]
- Performance improvement with static urls. [Christophe Vandeplas]
- Fix bug no tooltip with Chrome/IE on attributes. [Christophe
Vandeplas]
- Fix no tooltip bug on Chrome and probably IE. [Christophe Vandeplas]
- Removed not necessary sort results in huge performance improvement.
[Christophe Vandeplas]
- Peformance. [Christophe Vandeplas]
- UI tooltip love. [Christophe Vandeplas]
- Logos shown in memberslist. [iglocska]
- Named pipes and mutex. [iglocska]
- added the 2 types under the artifacts dropped category
- Further changes to the degradation of the distribution. [Iglocska]
- Further work on the distribution. [Iglocska]
- Further changes to the distribution. [Iglocska]
- changed to use the new int field
- Few changes. [Iglocska]
- New sql changes. [iglocska]
- Change to new distribution. [iglocska]
- first stage
- Removed incorrect validation. [iglocska]
- Accidental inclusion of some debug in the previous commit. [iglocska]
- removed
- Small bug with the highlighthelper. [iglocska]
- ending the input with a break line will cause the highlter to fail
- fixed
- Small change to the timestamp. [iglocska]
- Moved the timestamp generation for attributes and events that are
being saved and don't have one to Model->beforeValidate()
- First cleanup of AttributesController and EventsController after the
move to timestamps. [iglocska]
- Small mistake in the previous commit. [Iglocska]
- Update to the sync. [Iglocska]
- timestamp now correctly compared, events that have an older timestamp
will be discarded, same with attributes
- right now the response is the same as a successful edit though, should
be handled more gracefully
- pull is not yet tested
- attachments and shadow attributes not yet implemented
- backflow is nicely blocked by the timestamp as intended
- needs cleanup (from, dist_change)
- Saving over night, something still blocks the timestamp from being
saved after a push... [iglocska]
- More work on the timestamps. [iglocska]
- Event correctly changes timestamp when attribute edited in the UI
- Attribute correctly changes timestamp when edited in the UI
- Still very much work in progress, several parts are not supposed to
work yet
- First (still non-working) version of the timestamp + uuid sync.
[iglocska]
- timestamp field added to events and attributes (int length 11 called
timestamp, default value 0)
- timestamps created on add / edit when apprioriate
- during an add, if an event/attribute is not being pushed through a
sync with an existing timestamp, create a timestamp
- on edit, check whether the timestamp is newer than the old one and
only add the attribute or event then
- Bug with adding an event and the org being set incorrectly. [iglocska]
- Changes to the event filtering. [iglocska]
- there was a bug that pushed the data entered into the "published"
filter field to the date fields -> fixed
- Also a bug in the serverscontroller, pulling threw an undefined
warning from the log controller because a single saveField was used and
the logController couldn't save the url data for the action
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [iglocska]
Conflicts:
app/Controller/EventsController.php
- Fix incorrect location of loadModel for Attribute. [Christophe
Vandeplas]
- Filters updated and some changes for the sync. [iglocska]
- visual changes
- date from/until fields
- published field
- a reset form button
- the org of an event added by a sync user will be that of the host
instance's own organisation identifier
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [iglocska]
- Force passwd change for admin user on creation. [Christophe Vandeplas]
- Create default admin user automatically. [Christophe Vandeplas]
- First version of the new filters on event index. [iglocska]
- Small UI change to the exports screen. [iglocska]
- Small fix to event view attribute access permissions. [iglocska]
- Server only attributes not visible to members of another organisation
- fixed
- Tiny cosmetic change. [iglocska]
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [iglocska]
- UI hide top links when not logged in. [Christophe Vandeplas]
- Changes to the event view. [iglocska]
- reworked the way events are loaded and reloaded to check for
privileges
- Slight change to the event xml output. [iglocska]
- now includes both shadowattributes related to attributes and events
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [iglocska]
Conflicts:
app/View/Events/view.ctp
- UI fix login screen. [Christophe Vandeplas]
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [Christophe Vandeplas]
- Alignment of action buttons. [Christophe Vandeplas]
- Update to the shadow attributes. [iglocska]
- UI changes
- changed the relationship between shadowattributes and events to be
hasMany
- Small mistake in the previous commit. [iglocska]
- Attribute edit US change. [iglocska]
- Removed pointer change on hover for the message css class. [iglocska]
- Display related events in multiple columns. fixes #113. [Christophe
Vandeplas]
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [iglocska]
- Sort arrows. [Christophe Vandeplas]
- More UI changes. [iglocska]
- CSS change for the flash messages. [iglocska]
- Update to the import IOC ui. [iglocska]
- new css class for the graph
- More UI changes. [iglocska]
- Attribute type pipe and mutex. [iglocska]
- 2 new attribute types
- Same change as on develop
- Update to the event index view. [iglocska]
- Slight changes to the role creation and edit views. [Iglocska]
- UI changes. [Andras]
- More UI changes. [Andras]
- UI changes to event add/edit and change to events controller. [Andras]
- updated the UI for the event add and edit views
- change to the privileges when editing events - siteadmins could not edit
events of other orgs.
- New forminfo tooltip and update to search attribute. [Andras]
- added tooltip to css
- small update to search attribute
- UI event fixes. [Christophe Vandeplas]
- UI events partial improvements. [Christophe Vandeplas]
- UI rules and users improvements. [Christophe Vandeplas]
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [Christophe Vandeplas]
Conflicts:
app/View/Logs/admin_index.ctp
app/View/Logs/admin_search.ctp
app/View/Users/memberslist.ctp
- GUI changes for the user views. [iglocska]
- Merge branch 'feature/gui' of https://github.com/MISP/MISP into
feature/gui. [iglocska]
- UI changes to the logs. [iglocska]
- UI Logs, documentation, memberslist and fixed bug in highlight.
[Christophe Vandeplas]
- UI servers. [Christophe Vandeplas]
- UI blacklist whitelist regexp. [Christophe Vandeplas]
- UI export and automation. [Christophe Vandeplas]
- Attribute search and list. [Christophe Vandeplas]
- Hilight row. [Christophe Vandeplas]
- Minor improvements. [Christophe Vandeplas]
- Mirated first parts of nice GUI proposed by Alexandru of CERT-EU.
[Christophe Vandeplas]
- Update to the IOC import tool. [iglocska]
- Tries to resolve some branching to increase the number of successful
imports
- Moved to the event view and the import only adds attributes without
changing the event's data itself
- Visualisation of the original IOC, showing the successes and failures
- Fixing some REST API and XML issues. [Christophe Vandeplas]
- Quick fix for strict warning over an incorrect argument. [iglocska]
- in adminCrudComponent
- Minor cleanup. [Christophe Vandeplas]
- Further cleanup of the REST XML output. [Christophe Vandeplas]
- Fixes information leakage vulnerability on REST XML outputs.
[Christophe Vandeplas]
- Removed useless hop_count. [Christophe Vandeplas]
- Date issue when adding a user. [Iglocska]
- the date for a new user was not set and defaulted to 0000-00-00 - this
caused an issue when the user was edited and the admin was either
prompted to change the date manually or the date was set to 2033.
- date for newsread is now initially set to 2000-01-01
- Disabled HTML5 validation for Users/admin_add. [Iglocska]
- the new cakephp HTML5 validation forced users to enter a GPG key under
all circumstances. Removed.
- Strict messages fixes #99 and user edit requiring to change password
fixes #67. [Iglocska]
- Plugins and the user model were throwing strict messages in php 5.4+
or with E_STRICT on php 5.3 and lower. Should be fixed.
- New cakePHP added automatic HTML5 validation to form fields, which
breaks fields that can alternatively be left empty to not be edited
(such as the password field in user edits) - removed the html5 form
validation from user edits.
- Update to the mysql.sql file. [Iglocska]
- aros setup from earlier versions was still included. Removed.
- Further progress on the OpenIOC import. [Iglocska]
- works fine now, but a lot of data still gets discarded
- Further work on the IOCImport. [Iglocska]
- Also, major performance fix for the event view
- OpenIOC Importer. [Iglocska]
- Import from .ioc
- map to MISP attributes and insert them
- try to resolve AND logical operators where possible, otherwise discard
- Missing images added closes #92. [iglocska]
- Fixes #88. [Iglocska]
- events searchable by uuid
-> /events/view/
- Merge branch 'develop' of https://github.com/MISP/MISP into develop.
[iglocska]
- Moved fragmented massagedata to Model::beforeValidate() [Christophe
Vandeplas]
- Added the component from the previous commit. [iglocska]
- Moved the ioc export to a component. [Iglocska]
- Less clutter
- Further changes to the export features. [Iglocska]
- fixed issues with some download exports not being downloaded
- eliminated some code repetition
- Issue with event publish logs failing. [Iglocska]
- info was not set with saveField. Fixed.
- Changes to the export conditions. [Iglocska]
- attributes with to_ids == 0 won't be exported unless it's an XML
export
- Fix to a typo in the IOC export
- Merge branch 'develop' of https://github.com/MISP/MISP into develop.
[iglocska]
Conflicts:
app/Controller/EventsController.php
- Merge branch 'develop' of https://github.com/MISP/MISP into develop.
[Christophe Vandeplas]
- First minor cleanup of export #78. [Christophe Vandeplas]
- Typo with several _isSiteAdmin() calls fixed. [Iglocska]
- Merge branch 'develop' of https://github.com/MISP/MISP into develop.
[iglocska]
- Fix rest authentication and further auth clean up. [Christophe
Vandeplas]
- Update to the installation instructions. [Andras Iklody]
- to reflect the removal of the old ACL
- Removal of more remnants of the old ACL and tightening of the filename
checks. [Andras Iklody]
- actAs acl removed from role and user models together with some extra
code related to the ACL
- Fix of the filename regex as pointed out by cvandeplas.
- Further changes to the authorisation. [Andras Iklody]
- Merge branch 'develop' of https://github.com/MISP/MISP into develop.
[iglocska]
- Db changes for the integrated ownership. [Andras Iklody]
- updated the MYSQL.sql file,
- tables aros, acos, aros_acos removed and shadow_attributes added
- Removal of the remains of the old authorization / adding new ones
where needed. [Andras Iklody]
- Reference to a now gone method fixed. [Andras Iklody]
- Small errors with the merge corrected. [Andras Iklody]
- some errors managed to slip through during the merge, should be fixed
- Integrated ownership, ACL and minor fixes. [Andras Iklody]
- Orgs can propose new attributes or changes to existing attributes for
events that they do not own
- publishing users of the owner organisation can see, accept or discard
them
- Reworked the access control
- minor fixes
- Merge branch 'feature/cleansanitize' into develop Fixes #96.
[Christophe Vandeplas]
- Fix sanitization in AppController #96. [Christophe Vandeplas]
- Fix sanitization in AdminCrudComponent #96. [Christophe Vandeplas]
- Fix sanitization in Events #96. [Christophe Vandeplas]
- Fix sanitization in Regexp #96. [Christophe Vandeplas]
- Fix sanitization in Roles #96. [Christophe Vandeplas]
- Fix sanitization in Attributes #96. [Christophe Vandeplas]
- Fix sanitization in Users #96. [Christophe Vandeplas]
- Fix sanitization in Blacklists #96. [Christophe Vandeplas]
- Fix sanitization in Servers #96. [Christophe Vandeplas]
- Fix sanitization in Whitelist. [Christophe Vandeplas]
- Fix sanitization in Logs. [Christophe Vandeplas]
- Merge branch 'develop' of https://github.com/MISP/MISP into develop.
[Christophe Vandeplas]
- Performance tweak. [Andras Iklody]
- User/Role not looked up recursively anymore for authorisation checks -
improves performance significantly. Also, checking perm_add and
perm_modify instead of doing a lookup in the ACL tables
- Merge branch 'feature/correlation' into develop. [Christophe
Vandeplas]
- Cleanup crappy sanitization. [Christophe Vandeplas]
- Rewrote fetching of the related events. [Christophe Vandeplas]
- Remove unused function. [Christophe Vandeplas]
- New logic to generate correlation, relates to issue #95 . Updated DB
schema ! [Christophe Vandeplas]
- Fixes #141. [Christophe Vandeplas]
- Merge branch 'master' of https://github.com/MISP/MISP. [iglocska]
- Tightened the export rules. [Iglocska]
- text, xml, ioc exports of attributes with to_ids == 0 are now
blocked.
- Bug with attribute edits. [iglocska]
- users without publishing rights couldn't edit attributes. Fixed
- Sanitization of the data when creating .ioc files. [iglocska]
- Fix to the highlight issue. [iglocska]
- new line at the end of the search list would break the highlighter and
throw a warning
- fixed
- Show the org logo in the memberslist. [iglocska]
- Merge branch 'namedpipes_mutex' [iglocska]
- Named pipes and mutex. [iglocska]
- added the 2 types under the artifacts dropped category
- Fix for the search. [iglocska]
- Due to the sanitization being fixed, the search results broke
- This is a quick copy of the fix implemented on develop by cvandeplas
- Quick fix to the sanitization. [iglocska]
- the double sanitization needed a quick fix until the development branch
gets merged in the future
- Fix to the bulk search when logged in as a non admin. [iglocska]
The search filter was broken and didn't return the expected result. Should
be fixed.
- Updated README. [Christophe Vandeplas]
- Update README. [Christophe Vandeplas]
- Issue with Correlations going missing. [Andras Iklody]
- Update to the delete in afterSaveCorrelation
- Removed some obsolete code. [Andras Iklody]
- getName functions removed
- Fixed a reference to it in the logable behaviour
- Some fixes to indeces not set. [Andras Iklody]
- Affecting Event creation, attribute deletion remotely and logging of
event deletion
- Merge branch 'removeprivate' into develop. [Andras Iklody]
- Removal of deprecated code. [Andras Iklody]
- The flag private is deprecated, removed together with the code that was
affected by it
- Merge branch 'master' into develop. [Andras Iklody]
Conflicts:
app/Config/bootstrap.default.php
- Merge branch 'master' of https://github.com/MISP/MISP.git. [Christophe
Vandeplas]
- Fixed a sanitization issue with encrypted emails. [Andras Iklody]
- Updated gitignore. [Christophe Vandeplas]
- Fix merge issue. [Christophe Vandeplas]
- Merge branch 'master' of https://github.com/MISP/MISP.git. [Christophe
Vandeplas]
- Merge branch 'master' of https://github.com/MISP/MISP. [Andras Iklody]
Conflicts:
app/Config/bootstrap.default.php
- Small fix. [Andras Iklody]
- Small changes. [Andras Iklody]
- added an optional field to the bootstrap default (used by the e-mail
notification system)
- Clarification about the isAdmin and isSiteAdmin (comment)
- Removes multiple correlation engines Fixes #83 but after testing issue
#95 comes to light. [Christophe Vandeplas]
- Removed unused CyDefSIG.showowner field. Closes issue #93. [Christophe
Vandeplas]
- Merge branch 'develop' [Andras Iklody]
- Merge branch 'develop' [Andras Iklody]
- Updated github url. [Christophe Vandeplas]
- Merge branch 'master' of https://github.com/BeDefCERT/MISP. [iglocska]
- Updated INSTALL docu and apache templates. [Christophe Vandeplas]
- Small fixes. [Andras Iklody]
- Comments about isAdmin vs isSiteAdmin
- Extra config line added to bootstrap.default.php for the built in e-mail
system
- Wrong version of adminCrudComponent. [Andras Iklody]
- Can cause issues when saving roles, replaced with the newer version.
- Removed leftover debug code. [Andras Iklody]
- forced exception to test debug output left in - removed
- Small edit fixes #75. [iglocska]
- Event was not deleted when another non site-admin org user tried to
delete an event due to the event not being read before its organisation
was compared to that of the logged in user -> fixed.
- Bug with pull. [iglocska]
- Pulling all from the server list view would cause all new events to be
pulled as intended, but attachments would not be pulled with their
respective attributes
- the few lines of code responsible for loading the file and base64
encrypting it for the transfer were misplaced within a correlation check
- fixed.
- Small bug with sorting events by validation. [iglocska]
- didn't work properly, fixed.
- Updates to the manual. [iglocska]
- new export features
- contact user features
- Missing view for IOC export. [iglocska]
- First version of an IOC export feature. [iglocska]
- Builds basic .ioc file of an event, OR-ing all eligible attributes
- mass export via a zip file to be implemented later
- Small error. [iglocska]
- Small bug. [iglocska]
- Messages left empty for all but the first user in a mass custom e-mail
- fixed.
- Small message notifying the admin that the e-mail was sent. [iglocska]
- flash message after e-mail sent
- Debug exception left in. [iglocska]
- removed
- E-mailing system for site-admins. [iglocska]
- site admins able to contact users by e-mail from within the system
- PGP encrypted where available
- Password reset with automatic temporary key generation
- all of the above options have a mass-email version where every user is
contacted at once
- Potential new users can be contacted too (GPG key can be supplied)
- Fix to a validation error. [iglocska]
- regkey|value's validation was inversed only accepting incorrect entries
- Double sanitization fixed. [iglocska]
- Extensions of filenames now validate if a number is included.
[iglocska]
- Update to the validation of file names to allow _ in the extension.
[iglocska]
- Search for attributes by organisation. [iglocska]
- New search functionality on request - restrict attributes by
organisation
- Also, attributes in the list attributes and search attributes result
pages, that belong to the user's organisation will have a red event ID
- Related events. [iglocska]
- Implemented on request: related events created by the same organisation are now coloured red
- Validation of vulnerability to CVE number, Fixes #35. [iglocska]
- Change to the location of the add attribute/attachment buttons. Fixes
#49. [iglocska]
- Moved the batch import checkbox, Fixes #50. [iglocska]
- Update to the default config files. [iglocska]
- Some minor changes to the default config files
- Slight change to the xml export of search results. [iglocska]
- Disabled the feature for "List Attributes".
- New export feature. [iglocska]
- To restrict the authentication key from being used by interactive users,
implemented a new export page that uses the uses cake's user
authentication
- the old export features still exist for users with perm_auth enabled
accounts - renamed to automation
- Exporting the events that found attributes belong to in a search
attributes result page
- exporting of individual events to file by clicking a link in event view
- Temporary fix for an issue with the ACL. [iglocska]
- Updates to the manual. [iglocska]
- Update to the targets of contact emails and more. [iglocska]
- The original creator of an event will also get contacted by contact org
if he/she has the contactalerts turned off.
- error in the SQL permissions of normal users and org admins - they
weren't able to modify/delete events of their own organisation that they
themselves didn't create
- Bug fixes. [iglocska]
- issues of admin orgs not being able to edit/delete org events
- owner org removed for org admins
- email only visible from own org to org admins
- Upgrades to the installation and upgrade process. [iglocska]
- Instructions updated
- SQL scripts tidied up of incorrect junk (from export)
- upgrade scripts finish gracefully
- Small change to the migration. [iglocska]
- Change to the migration script fixing an error. [iglocska]
During the structure export of the ACL tables the current increment count
from the test environment got left in, caused errors when creating a new
role.
- Instructions for the upgrade. [iglocska]
- 1st version
- Update to generateCount. [iglocska]
- generateCount used to just run through all attributes and save them, to
generate the count. It led to VERY long execution times on larger
databases (25k+ attributes). With the extra processing that each save()
does for attributes, this was horribly slow.
- new generateCount just saves the events based on the number of
associated attributes, only having to save the events (of which there
are considerably less).
- More updates to the migration. [iglocska]
- Slight change to generating the ArosAcos. [iglocska]
- permission field is not set when roles are read during the ArosAcos
generation script - needed for generateACL. Fixed.
- Shell scripts updated to populate the ACL. [iglocska]
- Some changes to the migration script. [iglocska]
- Merge branch 'develop' of https://github.com/BeDefCERT/MISP into
develop. [iglocska]
- Quick fix of the git url. [Christophe Vandeplas]
- Highlighting in log searches. [iglocska]
- new helper that can be used for highlighting
- highlighting of the search terms in the log search result - index view.
- Removed the js title bubble for related events. [Andras Iklody]
- Removed javascripts based title bubble showing the event info in related
events / attributes and in the search attribute view.
- Replaced it with values provided by extra cake queries as the delay for
fetching the info field through a js rest request was annoyingly slow
- some coding standards
- Attribute and event access. [Andras Iklody]
- Updated the check for authorisation to view an event and attribute as
the system hid some valid combinations (such as a server only attribute
in a higher distribution level event).
- Regexp validation. [Andras Iklody]
- an invalid regexp entry could block any event/attribute from being
entered. Introduced a check on regexp entry to block faulty patterns.
- Changes to logs and some minor changes. [Andras Iklody]
- Regexp, blacklist, roles, whitelists now logged
- adminCRUD now sets ID (for the logging) on edit
- some minor UI changes (removal of empty action menues on the left menu
bar)
- Previous edit was an error. [Andras Iklody]
- Error in a previous commit. [Andras Iklody]
- Enabled filename whitelisting for GFI sandbox uploads. [Andras Iklody]
- filename wasn't validated before exec() to unzip before
- Subscription to alerts from contact reporter. [Andras Iklody]
- Users can now choose to subscribe to receive e-mails from the "Contact
Reporter" feature.
- Changed email alert. [Andras Iklody]
- It didn't respect private events and alerted everyone. Fixed.
- Removed sanitization of emails. [Andras Iklody]
- caused linebreaks to be sanitized, it's a plain text e-mail so
sanitization isn't needed.
- Tighter checks so users can't edit events of other orgs. [Andras
Iklody]
- Update to the admin privileges. [Andras Iklody]
- Changed the requirement for a lot of functions to be site admin as
opposed to admin.
- Cleanup of some duplicate junk. [Andras Iklody]
- New regular expressions default values. [Andras Iklody]
- List of new values for the regexp table
- if the user_id for an event is not set, set it to that of the user with
the e-mail address of 'cisprotection@ncirc.nato.int'.
- Colouring of search terms works in links. [Andras Iklody]
- links now have proper colouring to make the found terms more visible
- Some changes to the search. [Andras Iklody]
- changes to the validation of the results
- fixes an issue where the escaping of slashes showed up with a //
- made the found results more visible and case insensitive
- Slight update to the filename regex. [Andras Iklody]
- accept extensions from 2 to 4 characters in length
- Fixed some regex issues and file name validation. [Andras Iklody]
- Fixed an issue that caused attribute values to be converted to 1 on
save in case of an empty regexp table
- Filename validation now happens via whitelisting instead of filename
sanitization
- Checkbox / radio misalignment. [Andras Iklody]
- Fixed an issue with IE interpretting an unset padding value for
checkboxes / radio selects as a good reason to give it some high value.
- Previous edit was incorrect, fixed. [Andras Iklody]
- Tiny Migration and UI edit. [Andras Iklody]
- updates to the migration SQL script
- small change in the new/edit roles UI to solve a misalignment
- Typo... [Andras Iklody]
- Case-sensitivity. [Andras Iklody]
- SQL update. [Andras Iklody]
- Merge branch 'develop' of /home/git/cydefsig into develop. [deresz]
- Export distribution. [Andras Iklody]
- Export didn't take into account distribution rules, should be fixed
- Fixed a bug with editing attributes
- Still issues with the attribute search. [Andras Iklody]
- should be ok now
- Fix to the updated search attributes. [Andras Iklody]
- issue on the live server with the search field left empty, fixed
- Several things (search, migration) [Andras Iklody]
- Changes to the default setting for non private events after migration
- search attribute update to be able to exclude events
- Updated the migration script (SQL) [Andras Iklody]
- Script updated based on the issues during testing
- Changed the file upload/downoad mechanism.
- Composite type change. [Andras Iklody]
- composite type's value not exploded if value1 already set (to hopefully
fix issues with the migration tool)
- Missing migration sql updates. [Andras Iklody]
- Regexp fixed. [Andras Iklody]
- Regexp replacement didn't actually change the data in the object. Fixed.
- Update sql script to go from 1.0 -> 2.0. [Andras Iklody]
- First version of an SQL upgrade script
- Fixed a minor error. [Andras Iklody]
- comma at the end of line missing in SQL file
- Changes to the distribution handling of attributes. [Andras Iklody]
- Only the creating org of the event can change the distribution of
attributes
- Attribute distribution setting are only pushed on edits if they were
manually changed (so that the distribution level of events on the
creating server doesn't get degraded by an edit and push of the event at
a synced server when using connected community settings).
- slight change to the batch attribute search, the search terms are only
echoed up to 9 terms to prevent the mass echoing of a long list
- Some updates to the migration script. [Andras Iklody]
- Getting it up to date
- Attribute edit fixed. [Andras Iklody]
- Editing attributes caused an error because the uuid was not passed back
from the form (and it is used to find the attribute locally for rest)
- UUID is now used from the read attribute for non rest users. In the long
run it would be cleaner to not allow non rest users to reach that part
of the code.
- Minor changes. [Andras Iklody]
- some changes to the access control
- re-renabled regexp and blacklists, will need a closer look though
- editing a role should update ACL
- some other minor things
- Previous commit was slightly off. [Andras Iklody]
Changed the placing of the unset, as it broke the push of attachments.
Should be fine now.
- Major bug with attributes disappearing during sync. [Andras Iklody]
Found a bug where an instance that has a lower attribute count pushing to
another would cause the attributes with equal attribute ID to get
overwritten with the pushed ones. Unsetting the attribute ID before the
push fixes this.
- Update to the menu. [Andras Iklody]
- minor cosmetic change
- Reworked the sync / release control. [Andras Iklody]
- Fixed issues with the sync
- Secondary publishes on remote servers failed
- Introduced new fields in events to stop backward traverse of
edit information that lead to low performance and eroneous
distribution information updates when more than 2 servers were
linked
- Deletion of an attribute now deletes on remote servers
- Changes to the event ownership
- Original creator org now noted in the event itself
- Only original creator org can change distribution
- Events will show up with the original creator org for users
(admins can see both that and the owner of the event on the
local instance)
- Server.organization now used in junction with the connecting
user's org and the instance's org (from the bootstrap) to
determine distribution flow control and access rights
- Lots of minor changes
- Coding standards. [Noud de Brouwer]
this is to the new php53-pear-CakePHP_CodeSniffer-0.1.11.
- Updated structure of the documentation. [Christophe Vandeplas]
- Further cleanup. [Christophe Vandeplas]
- Updated LICENSE from copyright to AGPL and first cleanup of files.
[Christophe Vandeplas]
- Minor change to the validation. [Andras Iklody]
- Some types didn't have any validation info, defaulting in an incorrect
input - fixed
- re-enabled the sanitization of file names
- Minor changes to the validation. [Andras Iklody]
- Changes to link validation and minor fixes. [Andras Iklody]
- Links get validated now to filter malicios code
- removed a double edit button in the case of an admin editing himself
- fixed an error with adding new attributes
- Updates to security. [Andras Iklody]
- perm_auth new toggle, can disable auth key usage for a role
- prevents sync / rest with a perm_auth == false key
- some changes to sync to provide better feedback on why it failed
- rewording of distribution options
- Redirect for ServersController. [Andras Iklody]
Added redirect for index in case of non sync users
- Reworked aros_acos creation. [Andras Iklody]
- moved and fixed the aros_acos creation on the new role creation
- new method in appController that sets all the aros_acos from scratch
(for example for a new instance, or a changed acos / aros table)
- some minor changes, redirects to the terms page on invalid events
removed, etc.
- Missing file from the last commit. [Andras Iklody]
Missed a file from the package
- Fixes to access rights, some sanitization, etc. [Andras Iklody]
- Admins cannot manually change anyone's authkey, they need to generate a
new one via the reset link
- Some pages could be accessed by changing the url - fixed (though needs
further testing)
- Edited a change in the manual that may have been confusing
- Some changes to the way ACL is set up - still needs more work
- Temporary fix for file-uploads under windows. [Andras Iklody]
Added an alternate file-upload/download path creation for PHP_OS ==
'WINNT'
Also removed autofill for the login field
- Corrected a typo preventing the sync from working. [Andras Iklody]
- Changes to the admin org access and sanitization. [Andras Iklody]
1. Some errors fixed in the way redirects worked for org admins
2. fixed some double sanitization resulting in incorrect characters
displayed in certain fields
- Added hover over event IDs in search attributes view. [Andras Iklody]
Hovering over the event IDs now shows the event info in the list generated
by the search attributes page
- Security for UsersController. [Andras Iklody]
org admins could edit users of other orgs by accessing the edit page
through the URL. Fixed.
- Further changes to org admins. [Andras Iklody]
org admins can manage their own server connections
org admins cannot see other orgs' users in the users list
- Issue with uploading attachments fixed. [Andras Iklody]
Uploading an attachment would fail while trying to set the event to
unpublished. Fixed.
- Small update to the regular import regexp view. [Andras Iklody]
An empty table cell caused a cosmetic misalignment of the cell border.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Org admin privileges. [Andras Iklody]
Added restrictions for org admins and regular users to be able to see
regexp/whitelist/blacklist information without being able to edit them.
Org admins can also see the roles but not edit them.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Fix for the synchronisation. [Andras]
An error in the pull fix broke the push/publish feature. Fixed.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Attribute distributions. [Andras Iklody]
Added feature to block distribution levels that would get overruled by the
event distribution. The distribution of the event will be the currently
selected distribution when creating an attribute.
- Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into
develop. [Andras Iklody]
- Distribution. [Noud de Brouwer]
attributes inherit distribution from event.
- Fix for the org admin privileges. [Andras Iklody]
Editing / creating users and the organisation permissions for org admins
- Org admin can only see org logs. [Andras Iklody]
Added check for the above
- RBAC. [Noud de Brouwer]
only create users within own organisation.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Pull fixed. [Andras Iklody]
Fixed the issues with pull, should work fine now
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Fixed push/publish. [Andras Iklody]
Fixed a few issues that caused push/publish not to work
- RBAC. [Noud de Brouwer]
org admin and RBAC admin.
- Better fix to Sanitize::clean() problem. [deresz]
'escape' option was removed.
- Sanitize. [Noud de Brouwer]
Sanitize can not be used in PGP key.
- GPG. [Noud de Brouwer]
start of check/correct.
- DB. [Noud de Brouwer]
in conversion create Blacklist table as well.
- PGP. [Noud de Brouwer]
clean key remark.
- PGP. [Noud de Brouwer]
direction-like-out-commented try.
- RBAC. [Noud de Brouwer]
so role is editable.
(i will not commit/push during after hours ;) )
- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig
into develop. [Noud de Brouwer]
- Roles controller Jquery helper added. [deresz]
For some reason I needed it
- RBAC. [Noud de Brouwer]
role editable on user page (by admin).
- RBAC. [Noud de Brouwer]
roles/view/.
- RBAC. [Noud de Brouwer]
ampesant in html.
- RBAC. [Noud de Brouwer]
admin must be able to edit role, where-ever.
- Distribution level explanation. [Andras Iklody]
The description of the distribution levels has been updated
- Slight change to distribution description. [Andras Iklody]
Changed the explanation for each distribution level on event creation
- Sync. [Noud de Brouwer]
curl test update using a generic named xml.
- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig
into develop. [Noud de Brouwer]
- Small change to batch searches. [Andras Iklody]
An empty new line caused every attribute to be displayed. Fixed.
- Batch search for attributes. [Andras Iklody]
Implementation of request to be able to do batch attribute searches
- Sql blacklist. [Noud de Brouwer]
somehow all _working_ code for blacklist got committed and pushed
but not the sql db change, find this here-in.
- Error. [Noud de Brouwer]
behavior error or just plain wrong on our side.
- Error. [Noud de Brouwer]
behavior error or just plain wrong on our side.
- Error. [Noud de Brouwer]
behavior error or just plain wrong on our side.
- PHP practice. [Noud de Brouwer]
array-content.
- CakePHP. [Noud de Brouwer]
odity, if i add "tes\ntestt\ntes", blacklist the testt,
i get "tes\ntestt" as content. (other behaviors?)
- Blacklist. [Noud de Brouwer]
Blacklist gets activated on Event.info and Attribute.value.
- Behavior. [Noud de Brouwer]
Use settings, par-example, name a field to Import Blacklist.
- Blacklist. [Noud de Brouwer]
AdminCrud looking for Blacklist Flash message
and Import Blacklist menu button.
- Blacklist. [Noud de Brouwer]
A list of stringparts not to be able to enter.
- AdminCrud and coding standard. [Noud de Brouwer]
more AdminCrud and coding standard clean up.
- AdminCrud. [Noud de Brouwer]
use of the AdminCrud component.
- App syntax. [Noud de Brouwer]
Controller/Component to share AdminCrud.
- Git. [Noud de Brouwer]
redo 'git-trigger' change.
- Git. [Noud de Brouwer]
pardon i seem to have had a:
- Unused & coding standard. [Noud de Brouwer]
Removed some total unused code and corrected some toward the CakePHP coding standard.
- Signature Blacklist. [Noud de Brouwer]
removed unused view.
- Import Regexp. [Noud de Brouwer]
removed unused code.
- Import Regexp. [Noud de Brouwer]
Renamed Import Whitelist to Import Regexp.
- Validation field. [Andras Iklody]
A field in the event index showing it clearly whether the event has been
published or not - shows a small image (placeholder atm)
- Fixed deprecated errors. [Andras Iklody]
Removed cause of deprecated errors (Pass by reference)
- Log & code duplication. [Noud de Brouwer]
$this->Html->image($nonExistingImage)
showed up in tmp/logs/error.log and
the origin this is in 2 Views, so a View Element was created.
- Doc & build. [Noud de Brouwer]
move technical_design into app/build/.
- Log. [Noud de Brouwer]
do not logs/error.log if an img does not exist.
- Sanitize. [Noud de Brouwer]
Sanitize countermeasures.
- Log & coding standards. [Noud de Brouwer]
do not logs/error.log if an img does not exist.
and overcome the,
Each PHP statement must be on a line by itself.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- DB. [Noud de Brouwer]
give MYSQL.txt the correct .sql extension.
- Sanitize. [Noud de Brouwer]
Sanitize countermeasures.
- Sanitize. [Noud de Brouwer]
Sanitize countermeasures.
- Added validation field to the event index. [Andras Iklody]
A small image at the front of each line showing whether the event has been
validated (published) or not. The images are placeholders for now.
- Sanitize. [Noud de Brouwer]
Sanitize countermeasures.
- DB. [Noud de Brouwer]
clean up conversion.
- HTML. [Noud de Brouwer]
make Pages/using_the_system.ctp valid HTML.
- HTML. [Noud de Brouwer]
make Events/view.ctp valid HTML.
- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig
into develop. [Noud de Brouwer]
- Removed option "Sandbox" from analysis. [Andras Iklody]
- GenerateAllFor [Charlie Root]
conflicts with CAKE/Model/Model::_call() so no findBy.
(and various very minor other things.)
- JQuery. [Noud de Brouwer]
deactivateButtons.js was bad and is not used anymore, so removed.
- JQuery. [Noud de Brouwer]
version was bumped but actual file not removed.
- Static program analysis. [Noud de Brouwer]
New Static program analysis Makefile for f.i. Coding Standards with reports in app/build.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards typo.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards work file.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- Coding standards. [Noud de Brouwer]
Coding Standards.
- PHP. [Noud de Brouwer]
lcfirst (PHP 5 >= 5.3.0).
- GenerateAllFor [Noud de Brouwer]
missed adding app/Lib/CamelCase.php and app/Config/routes.php.
- Event.analysis. [Noud de Brouwer]
set analysis* in view().
- Paging. [Noud de Brouwer]
6 (used during test) -> 60 again.
- GenerateAllFor [Noud de Brouwer]
so we can use an URL like:
http://localhost//generateAllFor/newValue/oldValue
for example:
http://localhost/events/generateAllForAnalysis/0/null
http://localhost/users/generateAllForInvitedBy/1/0
http://localhost/users/generateAllForRoleId/1/0
- Sanitize. [Noud de Brouwer]
Sanitize::clean() but redo the info and value fields.
- Search. [Noud de Brouwer]
After added feedback on entered search terms for search attributes
and search logs, this now also works for LogsController::index()
and next and previous page.
- Merge branch 'develop' of ssh://misp.ncirc.nato.int/home/git/cydefsig
into develop. [Noud de Brouwer]
- Added missing 4th option to analysis levels. [Andras Iklody]
- Added a missing view for password changes. [Andras Iklody]
- Sanitize. [Noud de Brouwer]
do not Sanitize::clean() $this->request->data.
- Fixed an issue with the events. [Andras Iklody]
- Fix for the Attributes. [Andras Iklody]
- Sanitize. [Noud de Brouwer]
small correction on a "\n" in info.
- 2 SQL files missing. [Andras Iklody]
- added them now
- Added features from branch analysis_levels. [Andras Iklody]
-Analaysis levels setable for events as per milestone item 94
-Password change forced as per milestone item 109
-Added feedback on entered search terms for search attributes
-fixed the authentication issue
-some minor fixes
- Merge branch 'master' into develop. [noud]
- Oeps. [noud]
leftover debug() removed.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
- RESTfull sync. [noud]
this is in responce to the email
From:
To: ,
Subject: Re: sync/REST
Date: Fri, 7 Dec 2012 13:30:10 +0000
in this there is a complaint about the RESTfull sync workings.
the email hints about 2 possible options:
i) RESTfull add event without attributes (conform the web interface)
ii) RESTfull add event with attributes (more conform the code)
both are implemented and can be choisen in bootstrap.php by
Configure::write('CyDefSIG.rest', 'ii') or 'i'.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Model/Event.php
- CakePHP. [noud]
CakePHP update from 2.2.3 to 2.2.4
- JQuery. [noud]
bump JQuery from 1.8.2(.min) to 1.8.3(.min).
- RESTfull sync. [noud]
Let RESTfull only work conform the web pages (to Christophes wish),
so add/edit event apart from add/edit attribute.
(there is annotation in the code to revert back to full RESTfull and
add/edit the attribute(s) alongside add/edit the event.)
- RESTfull sync. [noud]
redone delete attribute and add that to the sync.
- RESTfull. [noud]
make RESTfull event add and edit work again.
- RESTfull sync. [noud]
RESTfull attribute add, edit and view, to be usefull in sync.
- RESTfull/sync. [noud]
redid the sync, so if add and exist, send HTTP 302 and different
Location, and do edit there.
Still, the final result has to compare the attributes and if needed
RESTfull delete.
- Fix bug when published event that is added using REST is not pushed to
remote servers. [Christophe Vandeplas]
- Removing update functionality for REST. [Christophe Vandeplas]
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Christophe
Vandeplas]
- Fix bug of sync. [Christophe Vandeplas]
- ExtJs. [noud]
reverted, cause no need.
was:
does not show on production.
this is the ExtJs not being there?
or php (>5.2.8) not build without --disable-json.
- Role. [noud]
renamed everything group to role (i.s.o. renaming just the visable).
- Role. [noud]
renamed everything group to role (i.s.o. renaming just the visable).
- Source Code Review. [noud]
sanitize everything displayed from the db.
(and some small coding standard whitespaces)
- Roles. [noud]
only be able to tick actions when manage (& publish) org events.
- RBAC and Roles. [noud]
did add Acl Admin and Audit.
- Sync. [noud]
have sync option in role.
and only display the Sync Actions when sync option or admin.
(still has to be disabled if role is below manage org events.
- Attributes. [noud]
display "#Attr.".
- Distribution. [noud]
show "All" if distribution is All communities in Events/index.ctp and
Events/view.ctp.
- Changes to the related events mouseover bubble. [Andras Iklody]
Removed unneeded headers and changed the address to relative to avoid the
sending of an OPTIONS REST request.
- Db. [noud]
clean up temp db .sql files.
- Db. [noud]
clean up temp db .sql files.
- Db. [noud]
besides regex data in MYSQL.txt for a clean install
have MYSQL.regex.sql for a Cydefsig update.
- Db. [noud]
make top db conversion script path relative.
- Db. [noud]
conversion needs a Organization name,
so name that in the README.txt as well.
- Db. [noud]
add the regex table to db conversion.
- Typo. [noud]
typo
- Coding standards. [noud]
coding standards tells us "space"."space"
- Menu. [noud]
correct menu on add/edit Import Whitelist.
- Correlation. [noud]
corrected very old error if one event got 3 attributes having the
same value1 but variation in value2.
(in the past the correlation got signed to the 1st attribute, not to the
respective attributes.)
- Updated some images. [Andras Iklody]
Update to some images to reflect the changes to the whitelists.
- Minor update to some linking to the documentation. [Andras Iklody]
Updated a few links to link to specific portions of certain pages in the
documentation instead of just the page itself.
- Coding standards. [noud]
whitespace police.
- Added bubble when hovering over related events. [noud]
suppres already named caregorie again.
- Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into
develop. [Andras Iklody]
- User Guide. [noud]
corrected conform the app for attributes as well.
- User Guide. [noud]
corrected conform the app.
- Update to the hover effect on related items. [Andras Iklody]
Several occurances of links to the same event in the attribute list
caused all instances except the first one to not display any event info
when hovered over. Fixed.
- Coding standards. [noud]
coding standards tells us "space"."space"
- Whitelists. [noud]
better naming and regex block named in administration.ctp
- Added bubble when hovering over related events. [noud]
suppres already named caregorie again.
- Import Whitelist. [noud]
more replacements to uniform the data, so more correlation.
- Import Whitelist. [noud]
if not regex and only replacement, consider that as a comment.
- Readme.txt. [noud]
readme.txt update
- Added bubble when hovering over related events. [noud]
no need to re-include jquery given it's included in
View/Layouts/default.ctp.
- Added bubble when hovering over related events. [noud]
make baseurl variable conform bootstrap.
- Added bubble when hovering over related events. [noud]
make authkey variable conform the authenticated user.
- Added bubble when hovering over related events. [Andras Iklody]
Hovering over related events will reveal the "info" field of the event
without clicking on it.
- Coding standards. [noud]
correction conform conding standards.
- Import Whitelist. [noud]
if Import Whitelist item has regex and no replacement, then do not allow
an attribute having value the regex and do not allow events having info
conform that regex.
- Code. [noud]
a "1" gremlin removed.
- Regex white/blacklist. [noud]
correct nameing of the buttons.
- Merge branch 'develop' of
ssh://misp.ncirc.nato.int/home/git/cydefsig.git into develop. [noud]
- Changes to the manual. [Andras Iklody]
Added information about Regex, changed some minor things.
- Regex and blacklist. [noud]
blacklist, as in, do not input attributes, is working now,
for manual, batch and GFI Sandbox import.
- Merge branch 'regex' into develop. [Noud de Brouwer]
- Input regex. [noud]
use RegexBehavior on Event.info and Attribute.value.
- Tiny histogram change. [Andras Iklody]
Changed the height of the list of types to fit the amount of data
- Slight change to the histogram. [Andras Iklody]
Data for types that had "|" or "-" in the name (such as ip-src)
were omitted - should be fixed now
- Db. [noud]
spit generatePrivate into attr and event part (given long runtime).
- Correlation. [noud]
do not show the same event id multiple times for one attribute shown.
- User. [noud]
no possibility to delete oneself.
- Trim. [noud]
use the TrimBehavior on all inputable models.
- Terms. [noud]
removed termsaccepted and newsread from user add,
so the user herself has to accept the terms.
- Distibution. [noud]
generatePrivate conform new distribution.
- Distibution. [noud]
add generateHop to migratemisp11to2.
(generatePrivate should still be looked at.)
- Distribution. [noud]
generate hop count.
- Distribution. [noud]
do not do anything upon delete in regard to distribution.
- Distribution. [noud]
if distribute upstream, do not alter org, user_id nor distribution
settings.
- Correlation. [noud]
altered so an event distribution preveals over it's attributes
distribution.
- Even slighter modification to the manual (a typo and a few white
spaces) [Andras Iklody]
- Slight modification to the manual (removing some whitespace errors)
[Andras Iklody]
- Updated the manual to conform with coding standards. [Andras Iklody]
- Coding standards. [noud]
correct conform coding standards.
- Coding standards. [noud]
whitespace police
- Updated the manual with the REST API portion. [Andras Iklody]
- Event/attribute delete. [noud]
In version 1 and 2 of misp/cydefsig there's a delete button upper left
in the menu that a) does not delete or b) does not return to a visable
url after deletion.
As a 'fix' those delete buttons are now removed, given there does still
exist delete in the index view.
- Os. [noud]
various test dirs added just for conveniance.
- Db. [noud]
up-to-date db.
- Sync. [noud]
lastpushedid reminder.
- Trim. [noud]
add TrimBehavior to use in Servers and lateron in Attributes.
- Attributes delete. [noud]
oeps, attribute delete inadvertably deleted from view.
- Validation. [noud]
trim all string fields in server.
(later bring this to AppModel or behavior level)
- Audit log & terms. [noud]
do not handle a timed out user log.
and
better check on login and termsaccepted.
- Attributes. [noud]
hide attributeDistribution tooltip on open.
- Delete event. [noud]
in edit event screen now give correct id in delete alert box.
- Correlation. [noud]
repair correlation after introduction of 'This server-only'.
- Correlation. [noud]
sort Related Events decending on date and second on id.
- Coding standards. [noud]
better parameters on callback routines.
- Correlation. [noud]
some correction so no missing correlation.
- Correlation. [noud]
respect the latest added 'This server-only'.
- RBAC. [noud]
respect setting for edit attribute.
- RBAC. [noud]
respect setting for edit event.
- Terms. [noud]
activate a route for routeafterlogin on timeout.
- Private. [noud]
show 'This server-only' events to all on the server.
- Terms. [noud]
deactivate a route.
- Users. [noud]
show the correct Org during edit.
- Terms. [noud]
better routes to support termaccepted.
- RBAC. [noud]
name what to do during install for RBAC tables and content.
- Terms. [noud]
route to terms even if an 'admin' option is chosen.
- Correlation. [noud]
CyDefSIG.correlation being 'default' and 'sql' are depreciated.
- Code standards. [noud]
we emit XHTML 1.0 Transitional.
so to check, encapsulate using:
<>
and use http://sourceforge.net/projects/eclipsetidy/ to validate.
- Sync. [noud]
validation on server.authkey having minlenght of 40 like user.authkey.
- Code standards. [noud]
html cleanup.
- Html. [noud]
removed some html giving warnings.
- Sync. [noud]
corrected pull for events having no distributable attributes.
- Sync & code. [noud]
a new NameController() needs $Name->constructClasses().
odd this ever did work before (CakePHP 2.2.2 versus 2.2.3 diff?).
- Sync & merge. [noud]
merged develop with master and have to alter ServersController a little.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Controller/ServersController.php
- Merge branch 'master' of /home/git/cydefsig. [Andrzej Dereszowski]
Conflicts:
app/Controller/AppController.php
- Fixes bug where no email alert is sent when event is added using API
(and published) [Christophe Vandeplas]
- Fixes bug when alerting and a single gpg key is giving problems.
[Christophe Vandeplas]
- Revert "blackhole" [Christophe Vandeplas]
This reverts commit 899ef6300b554d77aa842e0e987973d6980e2898.
- Bugfix issue where delete event will also be triggered on servers with
no push active. [Christophe Vandeplas]
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Christophe
Vandeplas]
- Fixes download-sync-bug when only one event is present on the remote
instance. [Christophe Vandeplas]
- Fixes bug 87 - on import of existing event: event info changed, tagged
private. Also fixes events tagged private when added using REST api.
[Christophe Vandeplas]
- Sync. [noud]
push from v2 to v1.
- Correlation. [noud]
just for intermediate db-update.
(all MYSQL.*.sql should be removed lateron)
- Code standards. [noud]
whitespace police.
- Terms. [noud]
slight better formulated AppController::beforeFilter()
- Code standards. [noud]
conform code standards.
- Version. [noud]
removed a "-" copied in from a patch file.
- Terms. [noud]
slight better formulated AppController::beforeFilter()
- Code standards. [noud]
respect code standards.
- Sync. [noud]
array correction done so no 2 kinda the same tests during pull.
- Sync. [noud]
pull goes okay with just one event.
pull with multiple events was already okay.
- PHP. [noud]
CakePHP php minimum_version="5.2.8" but lcfirst was introduced in PHP
5.3, so i reverted to 'strtolower(substr('.
- Users views. [noud]
whole menu in admin_view.
active delete button in edit.
- Sync. [noud]
sync attributes on pull.
- Sync. [noud]
conform the new distribution.
pull on events works too.
- Distribution. [noud]
conform latest, having:
- Your organization only
- This server-only
- This Community-only
- Connected communities
- All communities
Push is tested, pull not yet.
- Code. [noud]
have the distribution description in one place, just the model.
- Dns. [noud]
config if there is a name server available and do not use if not there.
- Db. [noud]
db conversion using whitelist, not whitelists.
- Index. [noud]
some line disapeared, in view as well on attribute level.
Andras Iklody suggested a html non breaking space, that worked.
- Code. [noud]
removed small double code.
- Sync (publish) [noud]
Event publish button in events index and event view does
report push failure(s) if any remote server is down.
- Correlation. [noud]
fixed correlations being double accounted.
- Db. [noud]
extra name migratemisp11to2 to run on server.
- Db. [noud]
updated the db conversion from master->develop.
- Terms. [noud]
take 2, for a user must accept terms.
- Sync. [noud]
admin must be able to delete servers, Andras corrected.
- Terms. [noud]
reverted just done commit
(Can't use method return value in write context ).
- Terms. [noud]
check for user logged in (if not a server looks total stalled).
- Sync. [noud]
admins must be able to delete a server.
- Logout. [noud]
keep the logout in footer as well (besides the logout in menu).
- RBAC. [noud]
use $isAclAdd for New Server.
- Whitelist. [noud]
cleanup whitelist.
- Hostname & port. [noud]
if no baseurl given in bootstrap.php use the server configuration.
- Merge branch 'develop' of ssh://172.29.79.164/home/git/cydefsig into
develop. [Andras Iklody]
- Code standards. [noud]
slight updated code standards test script.
- Cleaning up and changing the user guide. [Andras Iklody]
- user guide: information about the new number of attributes field in the list of events added
- updated the event showing a list of events
- removed obsolete images
- Code standards. [noud]
corrections toward code standards.
- Index. [noud]
some line disapeared.
Andras Iklody suggested a html non breaking space, that worked.
- Count. [noud]
result view for AttributesController::checkComposites()
- Count & GFI Sandbox. [noud]
count # attributes in events index.
plus various fixes for distribution in correlation of a GFI Sandbox
upload.
- Merge branch 'develop' of
ssh://misp.ncirc.nato.int/home/git/cydefsig.git into develop. [noud]
- Small change to the user guide. [Andras Iklody]
Fixed the table of contents misalignment and added a line about IE9/10 compatibility mode causing issues
- GFI Sandbox. [noud]
files having size 0 are not md5 summed in CakePHP.
- Correlation. [noud]
if second attribute, create the reverse correlation as well.
- Terms. [noud]
user must accept terms.
- Correlation. [noud]
resolved comment typo.
- RBAC. [noud]
corrected mayModify in Attribute/edit.ctp.
- Correlation. [noud]
respect distribution Org in correlations.
(for this
add correlations.1_private conform MYSQL.correlaton.sql
and
AppController::generateCorrelation() must be run)
- Merge branch 'develop' of
ssh://misp.ncirc.nato.int/home/git/cydefsig.git into develop. [noud]
- Change to the user manual. [Andras Iklody]
Again a slight change, removed a script that numbered the headers for the ToC creation. Also fixed a few images.
- Update to the new user guide. [Andras Iklody]
The old script to create an automatic table of contents was accidentally left in in the previous version, it is removed now.
- New user guide. [Andras Iklody]
User guide for cydefsig v2
- Merge. [noud]
botched merge..so commit..but empty.
- RBAC. [noud]
AttributesController::edit() know's it's own attribute now for RBAC
check.
- Correlation. [noud]
respect distribution Org only.
- Sync. [noud]
make pull work on an event with just one attribute.
- RBAC. [noud]
admin can always publish.
- RBAC. [noud]
slight better left menu if no - items.
- RBAC. [noud]
better users views.
- RBAC. [noud]
servers, but add only when Manage Organization Events.
- RBAC. [noud]
do not show New Event if no right.
- RBAC. [noud]
just edit your own did still give edit org as well.
can be tested if now correct.
- RBAC. [noud]
now should be okay on the checkGroup.
(mind, we have a PHP 5.3.10 (dev) and 5.2.10 (f.a.) difference.
for CakePHP should be php > 5.2.8, pear > 1.9.0 and phpunit 3.5.0)
- RBAC. [noud]
check if $user exists, if no, not logged in.
- RBAC. [noud]
//$user =
ClassRegistry::init('User')->findById($this->Auth->user('id'));
$this->loadModel('User');
$user = $this->User->findById($this->Auth->user('id'));
- RBAC. [noud]
should now respect Manage, so also edit, own and org events
in the db-update procedure as well.
- RBAC. [noud]
should now respect Manage, so also edit, own and org events.
- RBAC. [noud]
change the “Requested Level of User Access” items
conform "draft of Terms-ofUse and Joining Instruction".
- SQL. [noud]
add Servers.organization.
- RBAC. [noud]
role only add could still publish her own events,
this should be not possible anymore.
- Distribution. [noud]
removed No push leftovers as a distribution.
- SQL. [noud]
pull-up all changes to the db model,
so MYSQL.txt has all needed for a clean start db.
- Contact reporter. [noud]
Submit to org button in the contact reporter view – changed it
to just submit, having the tickbox to contact a person only + the submit
to org button seems a bit confusing.
- Distribution. [noud]
removed No push as a distribution.
- Logout. [noud]
moved logout from footer right to Global Actions.
- Distribution. [noud]
now attributes do work same for pull like push.
- Distribution. [noud]
let pull behave same way as a push in regard to distribution.
- Distribution. [noud]
do not push Community nor No push conform private.
- Search attributes. [noud]
disallow invalid combinations of types and
categories which would always throw 0 results.
- RBAC. [noud]
name all Role i.s.o. Group.
- Version. [noud]
show version in footer and only when logged in.
- Flags. [noud]
correct from 50*50 to 48*48, so it's an icon size.
- Audit log. [noud]
Following events are now being logged:
1. Adding a new user.
2. Deleting a user.
- Users. [noud]
invited by filled.
- Audit log. [noud]
Search logs allows for searching for “publish” as Action. Publish is
saved in the logs as an edit with the change being publish () => (1).
Now, edit (so unpublish) is still edit and publish is action.
- Audit log. [noud]
Search logs and paging now works as expected (conform search
attributes).
- NIDS. [noud]
Unpublished events with an attribute flagged for IDS signature will
create an IDS signature (should be published only).
- Whitelist. [noud]
menu in views.
- Users. [noud]
name Delete User on button i.s.o. Delete.
- Users. [noud]
inactive Delete during edit of My Profile.
- Users. [noud]
inactive Delete User in My Profile.
- Audit log. [noud]
paging now works.
- Minor. [noud]
cleanup of groups, logs and whitelists views.
- ExtJs. [noud]
does not show on production.
this is the ExtJs not being there?
or php (>5.2.8) not build without --disable-json.
- Distribution. [noud]
border="1"-testleftover removed.
- Distribution. [noud]
if distribution is All, so not displayed in an index nor in attributes
per event, there is missing a line-part in IE.
Did add 1 space for All, this will maybe display the line-part again.
- Dropdowns. [noud]
let the risk dropdown in event add and edit behave like the other
dropdowns.
- Dropdowns. [noud]
no space in edit Attribute categories dropdown.
- Internationalisation. [noud]
just small __() for translation lateron.
- (internationalization) [noud]
setFlash using __(), so transletable lateron.
- SQL. [noud]
update of MYSQL.servers.sql,
not using organization field.
- Install. [noud]
variable cydefsig home dir.
- Distribution. [noud]
distribution changes conform func.spec.
- RBAC. [noud]
We have a rule(?), if so:
$isAclAdd || $event['Event']['user_id'] == $me['id'].
This rule, i "have add right OR the event was and is already mine".
if that's correct, that was forgotten in the actions_menu.ctp.
- Merge branch 'master' into develop. [noud]
- Blackhole. [noud]
full out-commented.
- Blackhole. [noud]
revert the commit, this screws CSRF
(thanks to Christophe for noticing)
- JQuery. [noud]
bump JQuery from 1.7.2(.min) to 1.8.2(.min).
- CakePHP. [noud]
CakePHP update from 2.2.2 to 2.2.3
- IDS Signature. [noud]
corrected wrong description for IDS Signature.
- Correlation. [noud]
to overcome a possible error on empty correlations.
- Crypt_GPG. [noud]
small comment about debug and
small note in readme about file rights.
- RBAC. [noud]
real inactive buttons.
- Fixed lost JS helper in EventsController. [Andrzej Dereszowski]
- GFI Sandbox. [noud]
Replace Windows specific info in a $string with environment variables en
registry keys.
- Dropdowns. [noud]
undo better optgroup support in dropdown in Attribute::add()
and just remove the not usable empty category.
- Dropdowns. [noud]
better optgroup support in dropdown in Attribute::add().
- Distribution. [noud]
better descriptive tooltip text.
- Dropdowns. [noud]
better optgroup support in dropdowns where 'ALL' or '' is used
in Search Attributes and Search Logs.
- Distribution. [noud]
do not display distribution 'All' in Events index or Event view.
- Outcommented a debug (PGP related). [noud]
- Blackhole. [noud]
add component security to GroupsController.
- Pulldowns. [noud]
removed the select optgroup.
- Distribution. [noud]
distribution on add is default "All".
- GFI Sandbox. [noud]
regexp replacement of usernames.
- Distribution. [noud]
changes and cleanup.
- Wording change. [noud]
so this works.
- Wording change. [Andrzej Dereszowski]
Changed Private column to Distribution + some minor vocabulary changes.
- Merge branch 'master' into develop. [noud]
- Merge branch 'master' of
ssh://misp.ncirc.nato.int/home/git/cydefsig.git. [noud]
- JQuery. [noud]
bump JQuery from 1.7.2(.min) to 1.8.2(.min).
- CakePHP. [noud]
CakePHP update from 2.2.2 to 2.2.3
- IDS Signature. [noud]
corrected wrong description for IDS Signature.
- Correlation. [noud]
to overcome a possible error on empty correlations.
- IDS Signature description. [noud]
wrong description for signature.
(possible commited 2 times)
- Private. [noud]
description in event::view().
- Merge branch 'master' into develop. [noud]
- Crypt_GPG. [noud]
small comment about debug and
small note in readme about file rights.
- New attribute type - yara sig. [Andrzej Dereszowski]
- GFI sandbox. [noud]
better representation of a downloadable attribute
in a link (just href the file name, not including the path).
- Private. [noud]
Add "Pull only" as a sharing state where,
everybody does see an event, is pullable,
but will never be pushed.
Has a generatePrivate for db conversion now.
- Private. [noud]
Private events are true private and
running a server in 2 modes (private and sync),
so real private (red) or private to server (amber)
or full distributable (green).
Mind this needs a change to tables events, attributes and correlation.
These are in MYSQL.private.sql.
- Merge branch 'master' into develop. [noud]
- Blackhole. [noud]
i have an idea this blackholeCallback seems to overcome a lot of
blackhole situations we got.
Notably during deleting multiple events from the index,
this improved not getting a blackhole a lot.
- GFI Sandbox. [noud]
- Routes (logs pagination) [noud]
recommitted to be sure it's in repo.
- RBAC. [noud]
Group in user profile is no link.
- Merge branch 'master' into develop. [noud]
- Code Standards. [noud]
Given xxx.default.php, do not check database.php anymore.
- RBAC. [noud]
more correct deactivated buttons being gray but as well having no
effect.
- RBAC. [noud]
removed a leftover on in-activating buttons that did show on IE.
- Merge branch 'master' into develop. [noud]
- NCIRC PHP security settings compatibility patch. [Andrzej Dereszowski]
This patch corrects a small thing in Cake code that makes it compatible with open_basedir restriction NCIRC uses in /etc/php.ini
new file: build/patches/lib_Cake_View_MediaView.php.diff
- Xxx.default.php. [noud]
put plugins loading into bootstrap.default.php
- Groups. [noud]
Do not delete group if there is still Users as children.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Config/bootstrap.php
- Cosmetic changes. [Andrzej Dereszowski]
Descriptions in the export functionality polished.
- Merge branch 'master' of
ssh://misp.ncirc.nato.int:55555/home/git/cydefsig. [Andrzej
Dereszowski]
- Configuration files renamed to better handle git merges on production
systems. [Andrzej Dereszowski]
Please add new features with their default values. Their should contain only example values.
renamed: app/Config/bootstrap.php -> app/Config/bootstrap.default.php
renamed: app/Config/core.php -> app/Config/core.default.php
renamed: app/Config/database.php -> app/Config/database.default.php
- Merge branch 'master' into develop. [noud]
- Comment. [noud]
The actual view to be able to send comment to Org or Owner/user_id.
- Export. [noud]
Use config CyDefSIG.name in NIDS export.
- Comment. [noud]
Be able to send comment to Org or Owner/user_id.
- Version. [noud]
Display a version in header.
- Export. [noud]
/CyDefSig/MISP/ in NIDS export.
- Validation. [noud]
corrected again..filename was wrong,
filename|md5 was correct.
so reverted the filename|md5 change.
- Code Standards. [noud]
Somehow 2 "!"s got lost in Attribute.php.
Somehow one change from type_definitions to typeDefinitons sliped
through.
- Audit log. [noud]
Edit user (now?) needs an extra check on the second password.
- Merge branch 'master' into develop. [noud]
- Code Standards. [noud]
Cleanup (again) the AppHelper.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Config/bootstrap.php
- CakePHP. [noud]
Removed diffs that already are placed in build/patches.
- CakePHP. [noud]
Update from CakePHP to version 2.2.2
as well as needed patch files.
- Db. [noud]
small notes about database.
- Continious Integration. [noud]
Jenkins makefile.
- Audit log. [noud]
System operators readme message.
- Merge branch 'master' into develop. [noud]
- CakePHP. [noud]
To be able to update CakePHP (regularly),
we found the current differences and now
put these diffs to build/patches.
Patches are now relative to $CakePHP_HOME.
- Code Standards. [noud]
For the moment we use this given we do have Jenkins,
but not the ssh keys in place for Jenkins to connect to Git.
- Audit log. [noud]
After change plugins, forgot to skip revision in SysLogLogableBehavior.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Controller/AppController.php
app/Controller/AttributesController.php
app/Controller/EventsController.php
app/Controller/ServersController.php
app/Controller/UsersController.php
app/Model/Attribute.php
app/Model/Event.php
app/Model/Server.php
app/Model/User.php
app/View/Attributes/edit.ctp
app/View/Attributes/index.ctp
app/View/Elements/actions_menu.ctp
app/View/Events/add.ctp
app/View/Events/index.ctp
app/View/Events/view.ctp
app/View/Events/xml/view.ctp
app/View/Servers/index.ctp
app/View/Users/admin_index.ctp
- Merge and code standards. [noud]
Forgot to clean View/Helper/AppHelper.php.
Changed underscore method names to private and protected where
appropriate given phpcs code standards errors.
- Merge. [noud]
validateAttributeValue always has to return true.
- Merge (code_standards into master) [noud]
Small correction to git manual merge where i did forgot 2 lines in
NidsExportComponent.php so NIDS export did not work anymore. (is okay
again now.)
- Merge branch 'coding_standards' [noud]
Conflicts:
app/Controller/Component/NidsExportComponent.php
- Pagination. [noud]
Same pagination in Events as in Attributes.
- CakePHP. [noud]
Located the patches done to CakePHP to be able to upgrade CakePHP.
- CakePHP Coding Standards. [noud]
Not return in a switch but after that switch statement.
- CakePHP Coding Standards. [noud]
changed to camel caps format where needed.
- CakePHP Coding Standards. [noud]
http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html
Eclipse:
Window->Preferences
General->Editors->Text Editors
Displayed tab width: 4
Insert spaces for tabs NOT
PHP->Code Style->Formatter
Tab policy: Tabs
File->Convert Line Delimeters To->Unix [default]
http://mark-story.com/posts/view/static-analysis-tools-for-php
for instance:
phpcs --standard=CakePHP app/Model/
Not yet done is all camel caps format.
- IE. [noud]
no scrollbars during print fixed wrong,
now overflow visable i.s.o. hidden.
- IE. [noud]
no scrollbars during print.
- Merge branch 'master' of
ssh://misp.ncirc.nato.int/home/git/cydefsig.git. [noud]
Conflicts:
app/Controller/Component/NidsExportComponent.php
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej
Dereszowski]
- Merge branch 'master' of git@code.lab.modiss.be:cydefsig.git.
[Christophe Vandeplas]
- Temporary workaround for bug in slow NIDS export. [Christophe
Vandeplas]
- Whitelist. [noud]
Seemingly we can not do name resolving(?),
function nametoipl containing gethostbynamel removed.
- GFI sandbox import. [noud]
Replace Windows environment variables
%UserProfile% and %AllUsersProfile%.
- GFI sandbox import. [noud]
do not load non existing stored_created_file.
- Better placement of plugins (touching RBAC & Audit log) [noud]
If it's just an existing behavior or lib,
place it in a plugin directory structure in /plugins.
If there is a need to change an extern existing plugin,
extend the existing plugin by a new plugin in /app/Plugin.
This way there is a very clean devision between own and external code.
The external code can be updated without touching own nor changed code.
- RBAC. [noud]
Forgot to call saveAcl in Groups::add().
(to correct wrong behavior, edit group,
do not change any and button submit.)
- RBAC. [noud]
Terms page missed button deactivation.
- XML related. [noud]
Made tools/curl/input/event.xml more anonymous.
Events/xml/view.ctp wrongly showed category_order.
REST Event add did not work anymore given GFI sandbox import.
- Merge branch 'master' into develop. [noud]
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
app/View/Events/view.ctp
- Sync & Correlation. [noud]
During sync and correlation = db,
an attachment or malware did not get processed into
Attribute.data, so will not be synced.
Now, conform other correlation methods being 'default' or 'sql'
the attachment or malware is synced as well.
(master has been synced with mil.be not using db correlation,
so should have the data.)
- NIAS. [noud]
CyDefSIG.showowner=false, to not show email.
CyDefSIG.sync=false, to not show the text 'private'.*)
*) note, this does remove List Servers and no sync from NATO
to MIL.be in functionality besides missing the account so credentials
there.
- Merge branch 'master' of
ssh://misp.ncirc.nato.int/home/git/cydefsig.git. [noud]
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej
Dereszowski]
- Removed published from. [Christophe Vandeplas]
- REST. [noud]
Small correction to delete attribute after uuid change.
- Login. [noud]
small shell script to reset password. Used like:
./Console/cake password
- Sync. [noud]
On publish and no configured GnuPG, do tell
event is published but no email sent.
- Sync and REST. [noud]
REST delete event working again after uuid change.
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej
Dereszowski]
- Fixes inconsistent relatedAttributes and relatedEvents arrays with
different correlation implementations. [Christophe Vandeplas]
- Removes 'Published from' reference. [Christophe Vandeplas]
- Sync and gpg. [noud]
If no gnupg installed.. do not tell, for NIAS demo.
- Validation. [noud]
add event and empty info now does not MethodNotAllowedException
but Flash and show the invalid.
- Sync. [noud]
small correction after uuid correction,
so delete attribute works again.
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej
Dereszowski]
- Merge branch 'master' of git@code.lab.modiss.be:cydefsig.git.
[Christophe Vandeplas]
- Refactored uuid integration (moved to beforeFilter) [Christophe
Vandeplas]
- REST. [noud]
cURL scripts, used besides example-rest.py to do REST testing.
- REST (and Sync) [noud]
Make REST edit work.
- Sync. [noud]
get the user and org correct,
given authkey them are known to the system.
- Further cleanup of logo improvement. [Christophe Vandeplas]
- Fixes bug of bad implementation of header logo. [Christophe Vandeplas]
- Cleaned up artifacts from refactored logo display. [Christophe
Vandeplas]
- Python REST example script. [Christophe Vandeplas]
- Improve logo and email display features. [Christophe Vandeplas]
- Fix document-root location (security) [Christophe Vandeplas]
- Database schema. [noud]
MYSQL.txt is initial schema, so whitelist table must be inhere as well.
- Merge branch 'master' of code.lab.modiss.be:cydefsig. [Andrzej
Dereszowski]
Conflicts:
app/Controller/Component/NidsExportComponent.php
- Fixes bug where expired GPG keys break the email-alert system.
[Christophe Vandeplas]
- Bugfix snort rule-rewriting where some required variables were not
given to the snortRule() function. [Christophe Vandeplas]
- Minor layout improvement on the export info page. [Christophe
Vandeplas]
- Improve accuracy of http hostname detection. [Christophe Vandeplas]
- Sync. [noud]
Database schema updated for sync and re-added event.user_id.
- Sync. [noud]
Better square and croped images.
- Sync. [noud]
To test it's handy to run a virtual hosted CyDefSIG having it's own
database besides an already existing CyDefSIG.
This is the Apache virtual host setup.
- Sync. [noud]
Example data describing the NATO CyDefSIG server.
- Sync. [noud]
The actual logos used for visable flags in Events::index.
- Sync. [noud]
Sync worked, but we did not know what to do with user_id and org.
Now, on sync, anonymize the user_id, get the Server.organization and put
that into Event.org.
And, display owning flag if Event.user_id or get the Server.logo
belonging to Event.org (=Server.organization) when Event.user_id is
empty (=0).
To this there is organization name and logo in bootstrap and
other organizations names and logos in Servers.
- Extra bug. [noud]
Add attribute, do not fill in any, and hit Submit, gives error messages.
- Add attribute. [noud]
Add attribute, do not fill in any, and hit Submit, did give error
messages.
- Correlation. [noud]
do not use the AttributesController::event now,
just use the old EventsController::view.
- Use DS in stead of '/'. [noud]
- Delete (published) event or attribute. [noud]
Previous, upon delete only on the local server the event or attribute
was deleted.
Now, if delete, look for same event or attribute (using it's uuid)
and delete on remote servers as well.
Also look and delete if not published, so no dangling/zombie copies
remain on remote servers.
- Authkey validation bug and cleanup of fixed bugs list. [noud]
- Authkey validation. [noud]
An authkey with any length, so less then 40, could be entered.
Now authkey has to have a length of 40 (or higher).
- HIDS exports sorted (and small indention correction). [noud]
- Whitelist not on NidsExportComponent::urlRule. [noud]
In hindsight, an url should not be excluded given a host or domain name.
- Correlation speedup using AttributesController i.s.o.
EventsController. [noud]
We forgot to change some view things using the right controller.
- REST edit Event implementation. [noud]
Now after publish, edit and (re)publish an event,
that event will be updated on the other servers.
- Event.user_id. [noud]
Event.user_id was re-added but we still missed some,
so an added event would get user_id set to zero.
Now Event gets the correct user_id again from
the person logged in and adding.
(lateron this must not be used during sync.)
- Whitelist. [noud]
Mention the whitelist for NDIS export on Export page.
- Whitelist. [noud]
An admin can maintain a whitelist of host, domain name and ip numbers.
In the NIDS export lines containing whitelist items are commented out.
- Correlation performance gain. [noud]
in Config/bootstrap.php add
Configure::write('CyDefSIG.correlation', 'sql');
possible values:
- default, like it was
- db, correlation in database
- sql, selection on attributes i.s.o. per attribute
(sql improvement possible if result conform db above)
Network activity, ip-src
30 class-C network ip addresses
(7650 tupels) (time in ms)
default db sql
all 25366 16601 15941
24839 16604 15611
paginated 16759 8447 6615
17734 8639 8846
this is used in both:
- events/view/
- attributes/event/
- Bug, unknown server internet name and pull. [noud]
- Fix to pulling from an unknown server. [noud]
- a server having a non-existing internet name gives
"php_network_getaddresses:
getaddrinfo failed: Name or service not known"
on pull.
- Sync Servers, error if server no MISP or non-existing hostname. [noud]
- Sync Servers, fix if server no MISP or non-existing hostname. [noud]
- a server containing no MISP gives "XML cannot be read." on publish.
- a server having a non-existing internet name gives
"php_network_getaddresses: getaddrinfo failed: Name or service not
known" on publish.
- Export HIDS files with MD5 and SHA-1. [noud]
- (Audit) logs. [noud]
The writing of the log in User was done by me using calls to the PHP db
driver (during my second or third day). Very wrong given that is driver
and db dependant. Now use CakePHPs calls to have abstraction.
- GFI Sandbox upload. [noud]
If add event, give a GFI Sandbox export file upload field option.
Unzip, read .xml, add attachment malware, created files and ip-dst.
- LogableBehavior. [noud]
removed some debug() and fixed writing to syslog when deleting event
with attributes.
- Event.user_id rollback(-part). [noud]
- Loggable behaviour. [noud]
some merge correction for events and servers, so we log again.
- SysLog.SysLog lib import. [noud]
- Merge branch 'develop_0.2.2-0.2.3' into develop. [Andrzej Dereszowski]
Conflicts:
app/Config/Schema/schema_0.2.2.php
app/Config/routes.php
app/Controller/AppController.php
app/Controller/UsersController.php
app/Model/User.php
app/README.txt
- Shit. [Andrzej Dereszowski]
- Forgot LogableBehavior in the first commit. [noud]
- Audit and Access Control granulation in News page. [noud]
- Admin Paginator fix. [noud]
- DataBase migrate, Audit and Access Control granulation. [noud]
- Rollback of pagination on event view. [git]
Comeback to previous event layout. This does not change the preformance issue so it is not worth to put in stable.
We will move it to the devel branch
- Fix, paging on event with lots of attributes. [noud]
- 2 new bugs: - event with lots of attributes has no paging. - non-
composite attribute and non-printable. [noud]
- Fixed non-printable in no-composite attribute. [noud]
- Show events with user.email if admin. [noud]
- Redo Event.user_id. [noud]
- Search Attributes fixed. [noud]
- Fixes the Search Attributes. [noud]
- Remove extra dot between filename and ext when downloading attachment.
[noud]
- News: removed some old stuff EventsController: contact mail display
name from the config file. [deresz]
- Merge branch 'develop_0.2.2_fixes' into develop. [Andrzej Dereszowski]
Conflicts:
app/Model/Attribute.php
- New bug.. type filename|md5, conform type md5 strtolower. [noud]
- Fix, do strtolower on types filename|md5 and filename|sha1 conform
types md5 and sha1. [noud]
- New bug, authError gets displayed before login. [noud]
- Fix to authError getting displayed before login. [noud]
- Upload always ticked if malware-sample, always unticked if attachment.
[noud]
- Corrects the download in IE fix, to filename.ext.zip or filename.ext.
(Got filename.ext.zip.zip for attachment and filename.ext.ext for
malware given the previous fix) [noud]
- New bug, Add User and validation error gives extra authkey not
defined. [noud]
- Fix to New User, some validation error then authkey not defined.
[noud]
- Download attachment does not work on MS Internet Explorer. This _can_
be a fix, not sure. If not, CakePHP bug #2554 or others. [noud]
- One extra bug (IE download). [noud]
- Correction to upload so zip only ticked when malware and not when
attachement. [noud]
- Do validation after edit attribute. [noud]
- Bug found. [noud]
- Fix to: Add attribute, non-valid, correct, ´black-holed´. [noud]
- Only show categories with type attachment or malware-sample in Add
Attachement view. (this was..No possibility to upload if type
attachement or malware-sample is not in category.) [noud]
- 2 extra bugs found. [noud]
- No possibility to upload if type attachement or malware-sample is not
in category. [noud]
- List of outstanding and fixed bugs. [noud]
- Edit composite attribute to non-composite attribute fix. [noud]
- Make the documentation "brand-neutral" to be able to develop it in a
community. [deresz]
- Use CyDefSIG.name from Config in alert e-mail subjects. [deresz]
- Correction to "link" attribute type - links were not actually created.
Also changed it to proper "cake" way. [deresz]
- Some modifications to category/attribute matrix. MISP database is now
compatible for sync with CyDefSIG. [deresz]
- Merge branch 'develop' of code.lab.modiss.be:cydefsig into
develop_0.2.2_fixes. [Andrzej Dereszowski]
- Forgot debug comment. [Christophe Vandeplas]
- Improved NIDS output. [Christophe Vandeplas]
- Fixed silly bug in priority assignment of nids export. [Christophe
Vandeplas]
- Fixed nids snort rule conversion because of greedy * and + [Christophe
Vandeplas]
- Minor improvement in usability on index pages. [Christophe Vandeplas]
- Improvement of nids - level and message. [Christophe Vandeplas]
- Micro fix in nids export. [Christophe Vandeplas]
- Changed classtype. [Christophe Vandeplas]
- First migration script for misp0.2 to misp1.0 (not finished)
[Christophe Vandeplas]
- Some improvement on database level. [Christophe Vandeplas]
- Fix an php error when importing attributes with incorrect type -
category validation. [Christophe Vandeplas]
- Updated DB structure. [Christophe Vandeplas]
- Fixing bug created in commit 957e4f232bbfc58ff6630c7da8353d57316e4973.
[Christophe Vandeplas]
- Minor memory usage improvements by referencing in foreach ($array as
&$value) loop. [Christophe Vandeplas]
- Cleanup of comments and todos minor memory performance improvement.
[Christophe Vandeplas]
- Fixed bug in termsaccepted. [Christophe Vandeplas]
- Info on how to use a same CakePHP lib directory for multiple
instances. [Christophe Vandeplas]
- Merge branch 'develop' of code.lab.modiss.be:cydefsig into develop.
[Christophe Vandeplas]
- Cleanup of directory. [Christophe Vandeplas]
- Updated console version from newer cakephp. [Christophe Vandeplas]
- Removed reference to useless user_id. fixed bug where Contact reporter
doesn't work when user does not exist (contact reporter now sends
mails to all the org) [Christophe Vandeplas]
- Servers.lastpushedid and Servers.lastpulledid. [noud]
- Admin Paginator fix. [noud]
- Revert "Audit and ACL first cut." [root]
This reverts commit 5818231f4841bc862f2ad5bdaf70648a811250e9.
- Audit and ACL first cut. [noud]
- Revert "Audit database table." [noud]
This reverts commit f5bf89e62408c29a02b27e5e0be5d2356412fa27.
- Audit database table. [noud]
- I think comment should not be correlated neither but correct me if I'm
wrong. [Andrzej Dereszowski]
- Fixed huge SQL injection vulnerability created in bruteforce
protection. Shame on me !!! [Christophe Vandeplas]
- Minor change. [Christophe Vandeplas]
- Implementation of a anti-brute-force password guessing mechanism.
[Christophe Vandeplas]
- Sanitize::html() to h() for views is the way to go. [Christophe
Vandeplas]
- Unique attribute for nids export. [Christophe Vandeplas]
- Removed description field ( should be replaced by comment )
[Christophe Vandeplas]
- Better error outputting. [Christophe Vandeplas]
- Attribute types validation is now a separate function that uses the
Attribute->type_definitions variable. [Christophe Vandeplas]
- Forgot to add js to previous commits. [Christophe Vandeplas]
- Minor fixes. [Christophe Vandeplas]
- Fixes security issue (overwrite existing event) [Christophe Vandeplas]
- Select boxes with filtering now. [Christophe Vandeplas]
- Improved documentation. [Christophe Vandeplas]
- Minor fix in Attribute tooltip more documentation (autogenerated)
[Christophe Vandeplas]
- Fixed merge conflicts with HEAD at belmod Merge branch 'develop' of
code.lab.modiss.be:cydefsig into develop. [Andrzej Dereszowski]
Conflicts:
app/Controller/EventsController.php
app/Model/Attribute.php
- Part of the documentation added - docu written by Miguel Soria Machado
(CERT-EU) [Christophe Vandeplas]
- Fixed error when type was not set. [Christophe Vandeplas]
- Fixed logic bug. [Christophe Vandeplas]
- Only sync event on publish when sync feature is on. [Christophe
Vandeplas]
- Auto-upload when publish event. [Christophe Vandeplas]
- Moved some functions around. [Christophe Vandeplas]
- Push / pull seems to work with attachment support. Lots of testing
required. [Christophe Vandeplas]
- Limit saveAssociated using fieldList. [Christophe Vandeplas]
- Attachment support in REST API. [Christophe Vandeplas]
- REST XML request also received base64 encoded file content.
[Christophe Vandeplas]
- Minor layout improvement. [Christophe Vandeplas]
- Fixes previous commit. [Christophe Vandeplas]
- Layout improvement in attribute display. [Christophe Vandeplas]
- Workaround for bug where uuid is not set when empty. See bug
http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2893.
[Christophe Vandeplas]
- Fix bug when editing attributes. [Christophe Vandeplas]
- Fixes typo in alert message. [Christophe Vandeplas]
- Help messages implementation (forms and list views). [Andrzej
Dereszowski]
- Explanation messages implemenented for forms and for list views (using
"title" html element) [Andrzej Dereszowski]
- Fix recommendation of pentest for autocomplete. [Christophe Vandeplas]
- Fixes bug where event is not unpublished when attribute is edited.
[Christophe Vandeplas]
- Fixes bugs in NIDS export with duplicate SIDs. [Christophe Vandeplas]
- . [Christophe Vandeplas]
- Fixes event with no attributes in REST request. [Christophe Vandeplas]
- Fixes problem of not being able to import events with single
attribute. [Christophe Vandeplas]
- Added CyDefSIG.name to allow changing the title of the site.
[Christophe Vandeplas]
- Fixes issue 67. [Christophe Vandeplas]
- More fixes for the sync. [Christophe Vandeplas]
- Basic sync push seems to work. [Christophe Vandeplas]
- Fixes security bug in XML REST request. [Christophe Vandeplas]
- Do not show related events if the variable was not set. [Christophe
Vandeplas]
- Fixes lowercase attribute bug in xml output of Events/view and hide
value1 and value2 from the output. [Christophe Vandeplas]
- Fixes issue 64. [Christophe Vandeplas]
- Moved alert email functionality to separate function _sendAlertEmail()
REST event add requests also send out mails where necessary.
[Christophe Vandeplas]
- Fixes issue 66 - https://code.lab.modiss.be/p/cydefsig/issues/66/
[Christophe Vandeplas]
- Fixes bug in discovered while running migrate02to021 script.
[Christophe Vandeplas]
- Split value to value1 and value2. You need to update the DB schema and
run /events/migrate02to021 to migrate the data. [Christophe Vandeplas]
- Bugfix in Attribute validation Do not search for related attributes
for specific types. [Christophe Vandeplas]
- Fixed typo. [Christophe Vandeplas]
- Merge commit '280baac98902789ee69186539474a2e82156659e' into develop.
[Christophe Vandeplas]
Resolved Conflicts in:
app/View/Events/view.ctp
- Patched deleting of attributes. [Andrzej Dereszowski]
- Minor cosmetic changes. [Andrzej Dereszowski]
- REST POST of event and signatures works (basics, no error-handling)
[Christophe Vandeplas]
- Start of documentation concerning REST. [Christophe Vandeplas]
- Allow saving of data using REST API. [Christophe Vandeplas]
- Logging in for REST using Authorized HTTP header field. [Christophe
Vandeplas]
- Fix db engine. [Christophe Vandeplas]
- Db structure for sync functionality. [Christophe Vandeplas]
- Add, edit, delete and (basic) Manual Sync server functionality added.
[Christophe Vandeplas]
- Micro usability improvement. [Christophe Vandeplas]
- Moved security to see profile to isAuthorized to keep consistency.
[Christophe Vandeplas]
- XML format for attributes index. [Christophe Vandeplas]
- Merge commit '9e043116228c4866b18e92acb076462845bcf22a' into develop
Fixed conflicts in: app/View/Events/view.ctp. [Christophe Vandeplas]
- Minor changes: - when admin adds a user, auth key is automatically
suggested - auth refresh is performed after user edition. [Andrzej
Dereszowski]
- Fix for the routing problem on admin-privileged users. All links that
need to be routed to admin-prefixed method have to have 'admin' =>
true in the parameters. [Andrzej Dereszowski]
- - some bugfixes in validation corrected - new attribute type - link to
external site. [Andrzej Dereszowski]
- Bug fixes in the admin view - password changing for other users -
corrected admin_view. [Andrzej Dereszowski]
- - small bug with "No GPG key" message marked in the code - path to
homedir for GPG added in User.php. [Andrzej Dereszowski]
- - Attributes index view fixed (attachments) [Andrzej Dereszowski]
- - signatures are displayed by category always in the same order
defined in model. [Andrzej Dereszowski]
- Minor correction: - login page does not display "invalid user" when
first time presented to the user - "Log Off" button removed from the
print view. [Andrzej Dereszowski]
- Logo position corrected. [Andrzej Dereszowski]
- Merge commit 'dee8a866e691fde2eedbd9a2418a6027f88d07cf' into develop.
[Christophe Vandeplas]
- Fixed bug where GPG homedir was not set in a few places. [Christophe
Vandeplas]
- Implemented basics for private, nonsyncable, Events or Attributes.
[Christophe Vandeplas]
- First version or REST API to export data. [Christophe Vandeplas]
- Minor changes. [Christophe Vandeplas]
- Forgot updated default layout for info bloxes. [Christophe Vandeplas]
- Added some infoboxes when adding Attributes. [Christophe Vandeplas]
- Allow publishing of events without sending email. [Christophe
Vandeplas]
- Fixed minor CSRF vulnerability + added google link on vulnerability
type. [Christophe Vandeplas]
- First experimental test of importing events from a remote server. Only
new events are imported. [Christophe Vandeplas]
- Fixed minor bugs. [Christophe Vandeplas]
- Changed alerted -> published other minor fixes. [Christophe Vandeplas]
- Minor change in getRelatedAttributes function. [Christophe Vandeplas]
- Filename|sha1 data validation. [Christophe Vandeplas]
- Filename|sha1. [Christophe Vandeplas]
- Fix admin routing. [Christophe Vandeplas]
- Added a migrate() function to generate uuid for events and attributes
that didn't have an uuid. [Christophe Vandeplas]
- Renamed Signature to Attribute. [Christophe Vandeplas]
- XML export ... woohoo !!! [Christophe Vandeplas]
- Number of entries in the index lists. [Christophe Vandeplas]
- Fix error when there are no related events/signatures, or simply
signatures. [Christophe Vandeplas]
- Forgot to update DB structure after category support. [Christophe
Vandeplas]
- Micro HTML bugfixes in views. [Christophe Vandeplas]
- Preformance improvement when searching for related events (by reusing
results from related signatures search) [Christophe Vandeplas]
- Md5 and sha1 hashes now automatically lowercase cleaned up some code
and fixed some vulnerabilities. [Christophe Vandeplas]
- Print Cascading Stylesheets and minor layout fixes. [Christophe
Vandeplas]
- Extra vulnerability type. [Christophe Vandeplas]
- Implemented file-upload of attachment or password protected malware-
samples. Base code contributed by Andrzej Dereszowski. [Christophe
Vandeplas]
- Confirm password functionality (thanks to Andrzej) [Christophe
Vandeplas]
- Updated DB structure. [Christophe Vandeplas]
- Minor micro changes. [Christophe Vandeplas]
- Signature is now known as Attribute. [Christophe Vandeplas]
- Not finished editing -> not published. [Christophe Vandeplas]
- Whatever. [Christophe Vandeplas]
- Graph for Signatures Type per organisation. [Christophe Vandeplas]
- Fix bug of login/authinfo not refreshed when reseting authkey.
[Christophe Vandeplas]
- Layout improvements. [Christophe Vandeplas]
- IsAuthorized now handles permissions on admin,delete,edit,... actions.
[Christophe Vandeplas]
- UUID support for syncing. [Christophe Vandeplas]
- Rename Finish Edit to Publish Event. [Christophe Vandeplas]
- Fixes bug: to_ids should be there otherwise you cannot edit the
signature to change the "to_ids" checkbox. By Andrzej Dereszowski.
[Christophe Vandeplas]
- Cleanup old __('Actions') and non echo __() [Christophe Vandeplas]
- Updated DB structure and content. [Christophe Vandeplas]
- Migration to CakePHP 2.1. Most of the functionality migrated, Q&A
review required. [Christophe Vandeplas]
- Terms and Conditions and News splashpage Updated DB structure: ALTER
TABLE `users` ADD `termsaccepted` TINYINT( 1 ) NOT NULL , ADD
`newsread` DATE NOT NULL. [Christophe Vandeplas]
- Micro change in export text. [Christophe Vandeplas]
- Temporary workaround for problem to edit profile. [Christophe
Vandeplas]
- Implement batch import of signatures. [Christophe Vandeplas]
- Powered by. [Christophe Vandeplas]
- Export to text formats. [Christophe Vandeplas]
- Fixed information disclosure vulnerability on groups pages.
[Christophe Vandeplas]
- Updated README based on feedback from Jeroen Vanderauwera and some
corrections. [Christophe Vandeplas]
- Show org for admin. [Christophe Vandeplas]
- Show link between events on the signature level. [Christophe
Vandeplas]
- Reverted sort order of Signature Types Histogram. [Christophe
Vandeplas]
- Changed sort-order of Signature Types Histogram. [Christophe
Vandeplas]
- Snort signature type is now exported to NIDS and cleaned up.
[Christophe Vandeplas]
- Updated table structure. [Christophe Vandeplas]
- Allows the user to choose a custom NIDS start SID. [Christophe
Vandeplas]
- Added more clear Edit Profile button -
https://code.lab.modiss.be/p/cydefsig/issues/29/ [Christophe
Vandeplas]
- Miror layout improvements in emails. [Christophe Vandeplas]
- Fixes HTML entities in email. [Christophe Vandeplas]
- Data validation - duplicate signatures for same event. [Christophe
Vandeplas]
- Bugfix userslist and types_histogram. [Christophe Vandeplas]
- List number of events shared by Org list type of signatures shared by
Org. [Christophe Vandeplas]
- Allow string-in-file. [Christophe Vandeplas]
- Snort signature type has no datavalidation. [Christophe Vandeplas]
- Added 'snort' signature type. [Christophe Vandeplas]
- Added 'snort' signature type. [Christophe Vandeplas]
- Database structure and rough license. [Christophe Vandeplas]
- List members (orgs) of the platform. [Christophe Vandeplas]
- Allow to hide (default) the name of the Organisation that posted the
event. [Christophe Vandeplas]
- Fixed filesystem permissions. [Christophe Vandeplas]
- Default To IDS checkbox is checked. [Christophe Vandeplas]
- To_nids renamed to to_ids and implemented. [Christophe Vandeplas]
- Stylesheet improvements. [Christophe Vandeplas]
- Shows ID in event list and detail. [Christophe Vandeplas]
- Micro fix. [Christophe Vandeplas]
- Contact reporter now lets a user add a custom message. [Christophe
Vandeplas]
- Cleaned workaround for empty password behavior of Auth component.
[Christophe Vandeplas]
- Add basic XSRF protection for add, edit actions. [Christophe
Vandeplas]
- Minor fixes in git repo. [Christophe Vandeplas]
- Authkey reset functionality and fixed bugs in users_controller.
[Christophe Vandeplas]
- Events/snort is now refactored to events/nids Backwards compatibility
with the url is still kept. [Christophe Vandeplas]
- Implemented relations dynamically. [Christophe Vandeplas]
- Removed forgotten comment. [Christophe Vandeplas]
- Fixes authkey generation. [Christophe Vandeplas]
- Added missing files. [Christophe Vandeplas]
- Fixed Snort export - DNS format. [Christophe Vandeplas]
- Xml export now done properly fixed bug in xml export. [Christophe
Vandeplas]
- Changed snort rule message. [Christophe Vandeplas]
- Minor fixes. [Christophe Vandeplas]
- Fixed email + gpg alert bugs. [Christophe Vandeplas]
- Color improvement in notification message. [Christophe Vandeplas]
- Better color-based error messages. [Christophe Vandeplas]
- Moved getRelatedEvents() to Event model. [Christophe Vandeplas]
- Micro improvement. [Christophe Vandeplas]
- Related info also in alert email. [Christophe Vandeplas]
- Added relation between events (implementation not yet ideal)
[Christophe Vandeplas]
- Added AS a signature type. [Christophe Vandeplas]
- Only send out encrypted alerts if set in bootstrap config file.
[Christophe Vandeplas]
- Export info in separate page. [Christophe Vandeplas]
- Minor layout improvements. [Christophe Vandeplas]
- Minor change. [Christophe Vandeplas]
- Initial import. [Christophe Vandeplas]
|