Skip to content

Changelog

v2.4 aka 2.4 for ever (current changelog)

New

  • [doc] Support request template (#5420) [Steve Clement]

new: [doc] Support request template - [doc] Support request template. [Steve Clement] - [deprecation] Added a new library to handle deprecations. [iglocska]

  • send X-Deprecation-Warning via the API
  • set new Warning flash messages via the UI
  • counting the use of these functionalities / API endpoint and / user

    • added a diagnsitic tool to view the outcome of the collection
    • sharing of these collections with the MISP-Project will be optionally available in the future
  • two modes of operation:

    • hard deprecation (functions certainly to be removed, reported to the users via API/UI)
    • soft deprecation (gauging interest for the continued use of these functions)
  • [sql diagnostics] Started work on a system to automatically generate scripts to fix issues. [iglocska]

  • currently somewhat limited

  • requires additional input to generate correct queries, needs an update for the default schemas
  • generated, but not exposed for now
  • [sync] view remote user tool added to the server index. [iglocska]

  • should help with debugging what user is being used

  • [API] Added attribute_timestamp flag to attributes/restSearch. [iglocska]

Explanation of the 4 timestamp filters: timestamp: Filters on attribute AND event timestamp event_timestamp: Filters on event timestamp attribute_timestamp: Filters on attribute timestamp publish_timestamp: Filters on event.publish_timestamp - [UI] formInfo element added to the form generator. [iglocska] - [API] SQL dump now includes two modes. [iglocska]

  • sql_dump:1 - append the SQL dump to the response
  • sql_dump:2 - only return the SQL dump in the response
  • [API] Cleaner API debugging via the API. [iglocska]

  • passing sql:1 as a url parameter will try to add the sql_dump key to the response if SQL debugging is enabled

  • allows for the easier debugging of for example search queries

Changes

  • [installer] Installer checksum updates. [Steve Clement]
  • [doc] Updated viper-framework (-web is broken) and updated… (#5425) [Steve Clement]

chg: [doc] Updated viper-framework (-web is broken) and updated Debian 10 (minor) - [doc] Minor note on composer update. [Steve Clement] - [doc] Tried to fix viper. Is semi-fixed viper-web broken. [Steve Clement] - [doc] Better wording. [Steve Clement] - [doc] Added 2 templates with automatic labelling. [Steve Clement] - [internal] switch intval to (int) [iglocska] - [internal] Renamed log action name for db worker issues to be <= 20 characters in length. [iglocska]

  • it was a restriction based on the db schema of the log table from before
  • [API] described how to add attachments to /attributes/add and /attributes/edit. [iglocska]
  • [diagnostic:dbSchema] Whitelist columns to ignore and highlight critical differences. [mokaddem]
  • [dbDiagnostic] Removed datefield precision as it's only available on MySQL 5.6+ [mokaddem]
  • [dbDiagnostic] Diagnostic result is stored in a keyed array instead of indexed array. [mokaddem]
  • [UI] Small refactor of the event add/edit views. [iglocska]

  • added new flag to form elements for the generator: stayInLine:1 - skip linebreak after field

  • removed edit view
  • modified add view to work as both add/edit
  • [UI] Using generic form in the edit event view. [chrisr3d]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [UI] Using generic form in the add event view. [chrisr3d]
  • [internal] Hooked the sql_dump flag into the normal flow. [iglocska]
  • [feed] # ZeuS Tracker has been discontinued on Jul 8th, 20… (#5377) [Steve Clement]

chg: [feed] # ZeuS Tracker has been discontinued on Jul 8th, 2019 - [feed] # ZeuS Tracker has been discontinued on Jul 8th, 2019. [Steve Clement] - [installer] Updated installer to latest and amended a zmq… (#5390) [Steve Clement]

chg: [installer] Updated installer to latest and amended a zmq issue - [installer] Updated installer to latest and amended a zmq issue. [Steve Clement] - [internal] Sharing group loader was grabbing organisations one by one, refactored. [iglocska]

  • simply fetch all org objects for the ACL checks in one shot instead of doing it on demand
    • has no real performance impact even on large sharing instances
    • reduces the number of queries greatly making debugging easier

Fix

  • [doc] composer update missing. [Steve Clement]
  • [ACL] added missing function. [Andras Iklody]
  • [user view] server issues fixed. [iglocska]
  • [API] bro deprecation message was premature. [iglocska]

  • needs to be added to restsearch first

  • [deprecation] Added missing component. [iglocska]
  • [attribute:massEdit] Allow removal of non exportable tags. Fix #5408. [mokaddem]
  • [API] fixed notice errors for compact() in PHP 7.3+ [iglocska]
  • [stix2 export] Exporting stix2-pattern objects as pattern. [chrisr3d]

... Instead of failing and being exported as custom object - [indextable] Fixed the link field. [iglocska] - [stix2 import] Avoids importing an object_relation value for single attributes. [chrisr3d] - [stix2 import] Importing stix2-pattern object only if the pattern parsing failed. [chrisr3d]

  • Also adding the uuid of the stix2-pattern object
  • It avoids patterns to be exported twice if we export the misp event created from the import afterwards
  • [internal] site admins should not have to be host org users to see server correlations. [iglocska]
  • [API] adding objects now has better validation errors. [iglocska]

  • instead of silently dropping attributes in certain cases

  • [tagging] Events will be unpublished when a local tag is removed #5363. [iglocska]
  • [attribute:massTagging] Check for POST data in post code path. Fix #5359. [mokaddem]
  • [temporary] Dirty fix for the diagnostic page failing on MySQL < 5.6. [iglocska]
  • [UI] Removed console.log call for debugging purposes. [chrisr3d]
  • [UI] With the correct field name, it works better ;-) [chrisr3d]

  • threat_level_id is the name of the field, and now the hover description works :D

  • [UI] Passing the distribution, threat level & analysis description for the edit event view. [chrisr3d]
  • Just an indent fix for the eyes. [chrisr3d]
  • [internal] Removed duplicate loading of configuration. [iglocska]

  • lazy-loading the event model after an on-the-fly config change would purge the change otherwise

  • config already loaded in bootstrap anyway
  • [UI] Cosmetic changes on the add event form. [chrisr3d]
  • [internal] better error messages for attaching a tag failing. [iglocska]
  • [UI] Fixed sharing group & threat level field names in add event view. [chrisr3d]
  • [internal] Attribute/Event connectors for attribute_timestamp added. [iglocska]
  • [UI] formInfo fixed. [iglocska]
  • [internal] Load MISP version just once in AppController. [Jakub Onderka]
  • [internal] tag attacher could run into a situation where an invalid tag's creation failure is not caught. [iglocska]

  • returns puzzling error messages

Other

  • Merge pull request #5417 from StefanKelm/2.4. [Andras Iklody]

Update AdminShell.php - Update AdminShell.php. [StefanKelm]

Adding "wwwrun" as a user since it is common under SUSE Linux - Merge pull request #5416 from SteveClement/ISSUE_TEMPLATE. [Alexandre Dulaunoy]

chg: [doc] Added 2 templates with automatic labelling - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Revert "Revert "Merge pull request #5304 from JakubOnderka/version- loading"" [iglocska]

This reverts commit 623bb20cb09a79da83d31eed8ae0993bca07db13. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Revert "Merge pull request #5304 from JakubOnderka/version-loading" [Raphaël Vinot]

This reverts commit 71fb7fcbd7d4e63480e6a63c3de5e8beb019ccbe, reversing changes made to 11ee95aeb3d18806ea4753707a0b2c45745cf475. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5304 from JakubOnderka/version-loading. [Andras Iklody]

fix: [internal] Load MISP version just once in AppController - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]

v2.4.118 (2019-11-08)

New

  • [attribute:restSearch] Support of Orgc and GalaxyElement meta searches. [mokaddem]
  • [event:restSearch] Support of Orgc meta searches. [mokaddem]
  • [event:restSearch] Initial work for GalaxyElement searches. [mokaddem]
  • [SightingDB] Added integration with SightingDB. [iglocska]

  • Added configuration tool

  • Added lookups from the event view
  • Added includeSightingdb flag for the restSearch searches
  • Added SightingDB search tool
  • Added SightingDB connection test tool
  • [UI] Added the index filter component. [iglocska]
  • [UI] Added new/improved index and form builder generators - Added form Builder generator - Added new fields to the index table generator - updated some existing fields for the index table generator. [iglocska]
  • [tags] Preminilary support of exclusive tags based on taxonomy data. [mokaddem]
  • [cli] server connectivity test. [Jan Skalny]
  • [servers:DBDiagnostic] Improved indexTable and added new DB schema diagnostic (🚧) [mokaddem]

Changes

  • [version] bump. [iglocska]
  • [diagnostic] Exposed dbSchemaDiagnostic to the API. [mokaddem]
  • [restSearch] Improved meta-search code - Correctly returns nothing if search on metas does not return anything - Renamed orgc.sector into org.sector while still being orgc behind the hood - Removed duplicated code. [mokaddem]
  • [db_schema] Updated to the latest version. [mokaddem]
  • [queryversion] Bumped queryversion. [mokaddem]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [sightingdb] Added support for bulk lookups and namespacing. [iglocska]

  • aligned with the latest version of the sightingdb (support for the /rb endpoint)

  • added namespacing as an option / sightingdb connection, defaults to "all" if left empty
  • [misp-taxonomies] updated to the latest version (exclusivity review) [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [event:view] Exclusive notice UI improvements. [mokaddem]
  • [attribute:addTag] Added support of exclusive at Attribute level. [mokaddem]
  • [tag:exclusive] Added support of local while checking for exclusivity. [mokaddem]
  • [event:view] Added notice and improved inconsistency text message. [mokaddem]
  • [PyMISP] bump PyMISP to the latest version. [Alexandre Dulaunoy]
  • [default] old default 'TLP Amber' is now 'tlp:amber' to be consistent and use MISP taxonomy naming. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version of ATT&CK October 2019. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [doc] Various updates for RHEL8/CentOS8/Debian10.1. [Steve Clement]
  • [stix2 import] Loading the input file once everything is initialysed. [chrisr3d]

  • We no longer pass the loaded stix data as parameter to the parser but we load it once the required variables are initialysed

  • Instead of passing a potentially big dictionary and parsing it into different variables after the initiation of the parser class, we directly set the different data structures while parsing the loaded file
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • Enable mailing in travis. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [installer] Updated installer to support latest Kali Linux chg: [doc] Amended Centos7 mirror foo. [Steve Clement]
  • [stix2 library] Bumped latest version. [chrisr3d]
  • [doc] ssdeep can be installed via pkg_add. [Marcelo H. P. C. Chaves]
  • Usage of camelCase instead of snake_case. [mokaddem]
  • [update] Added special log action for workers performing the DB update. [mokaddem]
  • [update] Remove lock notice when updates finishes. [mokaddem]
  • [update] Actually reset UpdateFailNumber when manually unlocking. [mokaddem]
  • [update] Improved feedback for update lock type in the UI. [mokaddem]
  • [updateProgress] Improved UI. [mokaddem]
  • [ACL] Added missing route to ACLComponent. [mokaddem]
  • [taskScheduler] Correctly link checkbox and removed useless variable declaration. [mokaddem]
  • [travis&install] Updated to use runUpdates instead of updateDatabase [mokaddem]
  • [update] Added postgresql allowed DB update errors. [mokaddem]
  • [updateProgress] Default to success when no pre-update-test. [mokaddem]
  • [updateProgress] No strict validation for db_number (allow also allow string) [mokaddem]
  • [updateProgress] Do no show negative remaining update anymore in the UI. [mokaddem]
  • [update] Parametrized ignore_disabled in ondemand_action and support of string update in update_progress. [mokaddem]
  • [updateProgress] fixed infinit restart loop and added support of autoThrottle in taskScheduler. [mokaddem]
  • [taskScheduler] Improved listener registration. [mokaddem]
  • [update] Added endpoint to release lock and integration with UI. [mokaddem]
  • [update] Do not release the lock if update fails more than 3 times. [mokaddem]
  • [updates] Disabled time-remaining animation and fixed typos. [mokaddem]
  • [updateProgress] Added 2-way binding task status with switch button. [mokaddem]
  • [updateProgress] Cancel animation if switch turned off. [mokaddem]
  • [updateProgress] Added number of remaining db updates. [mokaddem]
  • [updateProgress] Usage of GPU for animation, deleted sleeps and improved task. [mokaddem]
  • [updateProgress:ui] Prevent text selection for switch label. [mokaddem]
  • [updateProgress] Added threshold preventing animations. [mokaddem]
  • [updateProgress] Redraw the switch if it gets overriden. [mokaddem]
  • [updateProgress] Pooling task now use the taskScheduler. [mokaddem]
  • [updateProgress] Started taking into account stack of updates - 🚧. [mokaddem]
  • [diagnostic] Exposed mysql and redis diagnostic on the API. [mokaddem]
  • [dbSchemaDiagnostic] UI improvements. [mokaddem]
  • [dbSchemaDiagnostic] Added db_schema.json and dumpDBSchema.sh [mokaddem]
  • [update] Usage of sprintf instead of string concatenation. [mokaddem]
  • [dbSchemaDiagnostic] Added big warning if dabase is in inconsistent state. [mokaddem]
  • [dbSchemaDiagnostic] show remaining time before update unlock and columns that should not be there. [mokaddem]
  • [update] Added new worker type update to perform updates. [mokaddem]
  • [update] Correctly terminate parallels workers doing updates - 🚧. [mokaddem]
  • [update] Moved locking system from updateDatase to runUpdates - 🚧. [mokaddem]

So that updateMISP is also locked and workers benefits of more context - [update] Keep track of update number in job - 🚧. [mokaddem] - [dbSchemaDiagnostic] Improved wording. [mokaddem] - [dbSchemaDiagnostic] Improved code quality. [mokaddem] - [dbSchemaDiagnostic] Adapt label color. [mokaddem] - [dbSchemaDiagnostic] Catches errors and display them in the UI. [mokaddem] - [dbSchemaDiagnostic] Added support of db_version. [mokaddem] - [dbSchemaDiagnostic] Improved parsing and UI - 🚧. [mokaddem] - [dbSchemaDiagnostic] changing diagnostic - 🚧. [mokaddem] - [update] Update function name are more explicit. [mokaddem] - [update] updateDatabase returns the result of the update (duplicated column are nbot counted as an error) [mokaddem]

Fix

  • [attributes:restSearch] Fixed typo. [mokaddem]
  • [UI] Automatic logout. [Jakub Onderka]
  • [UI] Server diagnostics download link. [Jakub Onderka]
  • [releaseUpdateLock] Fixed error message to reflect the reality. [mokaddem]
  • [proxy] Skip_proxy was broken up until now, fixes #5324. [iglocska]

  • was simply ignored, added the hook for it for the sync tool

  • [Tagging] Fixed the user/org restrictions not being adhered to when tagging. [iglocska]
  • [Tag:exclusive] Code clean up. [mokaddem]
  • MIssing quotes in test cases setup. [Raphaël Vinot]

Fix https://github.com/MISP/PyMISP/issues/484 - [UI] Proposal attachment downloading. [Jakub Onderka] - [stix2 import] Importing directory patterns from external stix. [chrisr3d] - Bumped latest stix2 python version + Updated expected version in the diagnostic. [chrisr3d] - [internal] Remove dead code from AttributesController. [Jakub Onderka] - [UI] Show image attachment for previewing event. [Jakub Onderka] - [stix2 import] Fixed registry-key pattern mapping. [chrisr3d] - Do not test users settings on travis. [Raphaël Vinot] - Revert PyMISP bump. [Raphaël Vinot] - Buggy bump of PyMISP. [Raphaël Vinot] - [stix diagnostic] Updated the latest stix2 version. [chrisr3d] - [user] Include user settings in /users/view. [iglocska] - [internal] Load Regexp just when they are requested. [Jakub Onderka] - [stix export] Making stix json download return json instead of xml. [chrisr3d] - [UI] Remove double id attribute. [Jakub Onderka] - [UI] Remove unused code from Communities view template. [Jakub Onderka] - [UI] Removed unused JS from galaxy view. [Jakub Onderka] - [UI] Input is not pair element. [Jakub Onderka] - [stix2 import] Better pattern parsing for values containing an '=' [chrisr3d] - [stix2 import] Avoid errors with report object refs not actually present in the bundle. [chrisr3d] - [stix2 import] Removed unused variable in dictionary loop. [chrisr3d] - [live:notice UI] Fixed baseurl variable. [mokaddem] - [updateProgress] Fixed return message to better handle translation. [mokaddem] - [update] Apply restriction of only 1 running process for only the update workers. [mokaddem] - [update] Fixed bad merge and added more comments. [mokaddem] - [update] Correctly sets liveOff and do not consider MySQL index addition as an error anymore. [mokaddem] - [update] Init class before using it.. [mokaddem] - [update] do not longer start update job if no update available. [mokaddem] - [update] Switched to default usage of worker for the update. [mokaddem] - [update] Started changing worker place in the update process. [mokaddem]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem]
  • Merge pull request #5311 from JakubOnderka/patch-63. [Andras Iklody]

fix: [UI] Automatic logout - Merge pull request #5259 from JakubOnderka/patch-47. [Alexandre Dulaunoy]

fix: [UI] Server diagnostics download link - Merge pull request #5381 from MISP/feature-meta-search. [Sami Mokaddem]

Feature meta search - Merge branch '2.4' of github.com:MISP/MISP into feature-meta-search. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into feature-meta-search. [mokaddem] - Merge pull request #5002 from MISP/revisedUpdateProcess. [Sami Mokaddem]

Revised update process - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch 'sightingdb' into 2.4. [iglocska] - Merge branch '2.4' into sightingdb. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge pull request #5378 from MISP/feature-exclusive-taxonomy. [Sami Mokaddem]

Feature exclusive taxonomy - Merge branch '2.4' of github.com:MISP/MISP into feature-exclusive- taxonomy. [mokaddem] - Merge pull request #5352 from MISP/Rafiot-patch-3. [Alexandre Dulaunoy]

fix: MIssing quotes in test cases setup - Merge pull request #5318 from JakubOnderka/patch-66. [Andras Iklody]

fix: [UI] Proposal attachment downloading - Merge pull request #5373 from cudeso/2.4. [Andras Iklody]

Force botvrij.eu feed to use HTTPS - Force botvrij.eu feed to use HTTPS. [Koen Van Impe] - Update eventattributetoolbar.ctp. [Andras Iklody] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge pull request #5348 from JanSkalny/2.4. [Andras Iklody]

new: [cli] server connectivity test - Merge pull request #5366 from RichieB2B/ncsc-nl/logrotate. [Alexandre Dulaunoy]

Allow python scripts to write to exec-errors.log - Allow python scripts to write to exec-errors.log. [Richard van den Berg] - Merge pull request #5353 from SteveClement/guides. [Andras Iklody]

chg: [doc] Various updates for RHEL8/CentOS8/Debian10.1 - Merge pull request #5351 from RuneBergh/2.4. [Alexandre Dulaunoy]

Adding commenting for key to use with ldap - Adding commenting for key to use with ldap. [RuneBergh]

Commenting in the PHP_AUTH_USER key which is set by basic auth if using ldap or AD authentication. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5344 from davidonzo/2.4. [Andras Iklody]

Minor visual bug in event view - Minor visual bug in event view. [Davide Baglieri]

Creating a new event with no attributes the "First recorded change" value displayed is "1970-01-01 01:00:00".

MISP_Event

This is quite normal looking at the php code in "app/Controller/EventsController.php" from line 1277 to 1289

$oldest_timestamp = false;
        if (!empty($event['Object'])) {
            foreach ($event['Object'] as $k => $object) {
                if (!empty($object['Attribute'])) {
                    foreach ($object['Attribute'] as $attribute) {
                        if ($oldest_timestamp == false || $oldest_timestamp < $attribute['timestamp']) {
                            $oldest_timestamp = $attribute['timestamp'];
                        }
                    }
                    $attributeCount += count($object['Attribute']);
                }
            }
        }
Since no attributes/objects are added to the event $oldest_timestamp will always be false. It's just a little visual bug. So my pragmatic solution was change line 200 in "app/view/Events/view.ctp from

'value' => date('Y-m-d H:i:s', $oldest_timestamp)

to

'value' => (!$oldest_timestamp) ? '' : date('Y-m-d H:i:s', $oldest_timestamp) - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5343 from JakubOnderka/patch-70. [Andras Iklody]

fix: [internal] Remove dead code from AttributesController - Merge pull request #5306 from JakubOnderka/patch-60. [Andras Iklody]

fix: [UI] Show image attachment for previewing event - Add: [stix2 import] Updated the external pattern mapping with directory & email address objects. [chrisr3d] - Merge pull request #5320 from eCrimeLabs/2.4. [Alexandre Dulaunoy]

Added CVE Feed from Metasploit - Added CVE Feed from Metasploit. [eCrimeLabs]

The feed contains CVE numbers of vulnerabilities in Metasploit. - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5313 from JakubOnderka/patch-64. [Andras Iklody]

fix: [internal] Load Regexp just when they are requested - Add: [restSearch] Support of stix1 json export. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5312 from RichieB2B/ncsc-nl/retention-update. [Andras Iklody]

Update misp_retention.py to new api, use local tags - Update misp_retention.py to new api, use local tags. [Richard van den Berg] - Merge pull request #5310 from JakubOnderka/patch-62. [Andras Iklody]

fix: [UI] Remove double id attribute - Merge pull request #5307 from JakubOnderka/patch-61. [Andras Iklody]

fix: [UI] Remove unused code from Communities view template - Merge pull request #5308 from JakubOnderka/galaxy-unused-code. [Andras Iklody]

fix: [UI] Removed unused JS from galaxy view - Merge pull request #5309 from JakubOnderka/not-pair-input. [Andras Iklody]

fix: [UI] Input is not pair element - Merge pull request #5303 from SteveClement/guides. [Steve Clement]

chg: [installer] Updated installer to support latest Kali Linux - Merge branch '2.4' into guides. [Steve Clement] - Merge pull request #5296 from RichieB2B/ncsc-nl/fix-docs. [Alexandre Dulaunoy]

Fix RHEL 7 / CentOS 7 docs - Fix logrotate module for RHEL 7/CentOS 7. [Richard van den Berg] - Use PATH_TO_MISP consistently. [Richard van den Berg] - Make chcon's more generic. [Richard van den Berg] - Use $WWW_USER everywhere. [Richard van den Berg] - Keep ini files out of php-fpm.d. [Richard van den Berg] - Use python3 from base repo. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5293 from mhpchaves/patch-1. [Alexandre Dulaunoy]

chg: [doc] ssdeep can be installed via pkg_add - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch 'revisedUpdateProcess' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge remote-tracking branch 'origin/2.4' into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into revisedUpdateProcess. [mokaddem] - Merge branch 'workerForDBUpdate' into revisedUpdateProcess. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into workerForDBUpdate. [mokaddem]

v2.4.117 (2019-10-10)

New

  • [user settings] Added restrictions for certain settings. [iglocska]

  • based on role permissions

  • enforce the checks on set/delete
  • add it to the UI elements
  • /users/view /admin/users/view now include the user settings in a simplified format
  • [API] Added rate limiting option to the API. [iglocska]

  • / role setting

  • can be enabled/disabled and if enabled a limit can be set
  • limit counter / 15 minutes starting from the first query
  • x-headers inform the user about their limit/remaining queries/reset in seconds
  • [internal] New AppModel::logException method. [Jakub Onderka]
  • [ca_path] added setting in setting manager. [iglocska]
  • [internal] Allow to use custom CA. [Jakub Onderka]
  • [user settings] Finalised first revision. [iglocska]

More to come in the future - [index table] added json field. [iglocska] - [User settings] Added user settings system. [iglocska]

  • set settings / user
  • settings can be set by user themselves or their org admin / site admin
  • added first setting: publish_alert_filter
  • accepts boolean branched filter options
    • supports deep logical trees
    • OR/NOT/AND
    • currently supports filtering on tags and the creator organisation
  • [internal] Redis diagnostic. [Jakub Onderka]
  • [UI] Added JSON as valid index table field. [iglocska]
  • [API] Netfilter added as new export format. [iglocska]

Changes

  • Bump recommended PYMISP version. [Raphaël Vinot]
  • [PyMISP] Bump. [Raphaël Vinot]
  • [sync] Code cleanup. [Jakub Onderka]
  • [internal] Remove unused code from AttributesController::index. [Jakub Onderka]
  • Version bump. [iglocska]
  • Bumped queryversion. [mokaddem]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [eventGraph] Renamed rotation key to pivot key and do not collaspe when adding/removing edges. Fix #3683. [mokaddem]
  • [event:view] Displays sighting popover if button has been hovered for a specifig time. Fix #5211. [mokaddem]
  • [PyMISP] Bump. [Raphaël Vinot]
  • [UI] updated the generic element index fields. [iglocska]

  • json should accept single values without embedding them in a list

  • generic field should automatically cast a list to a comma separated string
  • [internal] Refactored Events\value_field view. [Jakub Onderka]
  • [internal] Removed unused value_field template from Feeds and Servers view. [Jakub Onderka]
  • [user:me] Added Role object in the return value for the rest context. [mokaddem]
  • [UI] Collapse S/MIME or GPG key. [Jakub Onderka]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [tool] gen_misp_types_categories uses jq. [Christophe Vandeplas]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [feed] Use new AppModel::logException method. [Jakub Onderka]
  • [feed] Compute md5 value just once. [Jakub Onderka]
  • [i18n] Updated translations. [Steve Clement]
  • [cakephp] updated to latest 2.x commit. [iglocska]
  • [mysql.sql] updated. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [internal] Use checkMISPVersion rather than duplicate impl. [Jakub Onderka]
  • [decaying-model] Track latest version of misp-decaying-models. [mokaddem]
  • [internal] Do not log passwords. [Jakub Onderka]
  • [stix test] Updated test files with the recent changes on stix ½ import/export. [chrisr3d]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [feeds] ensuring that format is following feed format standard. [Alexandre Dulaunoy]
  • [feeds] all IPsum feeds added including the different levels. [Alexandre Dulaunoy]

Thanks to @stamparm for the idea during the Cyber Exchange program - [AppController] move debugMode setup code to a function so it can be reused. [Andreas Rammhold]

There were already two places in AppComponent that implemented the same functionality. It makes sense to move this to a common function so it can also be used from Controllers that do not inherit the full beforeFilter functionality.

Since __preAuthException is private and only called from the beforeFilter method after the variable has been setup we can remove the explicit init from there. - [AppController] move the database connection setup to a dedicated function on the AppComponent. [Andreas Rammhold]

This removes a bit of clutter from the already large beforeFilter method and allows other views to resuse the logic without having to duplicate it. - [AppController] move the baseurl configuration into a helper method. [Andreas Rammhold]

This makes the beforeFilter function a bit smaller while keeping all the functionality. It will also help with reusing the setup logic in views that can not execute all of AppComponent::beforeFilter, like the LinOTPAuth plugin. - [AppController] move loading and initialisation of Auth plugins to reuseable method. [Andreas Rammhold]

For some authentication workflows it might be desireable to execute the exact same code without having to call the entire beforeFilter method from the base class. That way you do not have to work around all the edge cases without having to reinvent the same code in multiple locations. - [AppController] move login redirects to dedicated functions. [Andreas Rammhold]

This makes it easier to modify the login redirect behaviour in a unified way. For now this just uses the default Auth loginAction while setting the admin attribute to false. Thus application behaviour should be unchanged. - [PyMISP] latest version. [Alexandre Dulaunoy] - [stix2 export] Better vulnerability object parsing. [chrisr3d]

Fix

  • [PyMISP] Travis tests. [Raphaël Vinot]
  • [internal] missing org object for users/view. [iglocska]
  • [internal] Remove closing PHP tag. [Jakub Onderka]
  • [UI] Showing whitespaces for 'text' field. [Jakub Onderka]
  • Check if variables are defined. [Pierre-Jean Grenier]
  • [iternal] Remove unused method EventShell::__recursiveEcho. [Jakub Onderka]
  • [eventGraph] Fixed UI issue with duplicated ID (attributes and objects) Fix #5181. [mokaddem]
  • [API] rate limit should only run on the API. [iglocska]
  • [missing] component added. [iglocska]
  • [UI] Show advanced and SG input when page is reload. [Jakub Onderka]
  • [AttributesController] Fix issues related to undefined variables. [Pierre-Jean Grenier]
  • [hover enrichment] Fixed variable name that caused issues with hover enrichment for more than 1 module called on 1 single attribute. [chrisr3d]
  • [stix export] Typo. [chrisr3d]
  • [internal] Set attribute restsearch page to 1 if limit is set without setting the page number. [iglocska]
  • [UI] Linebreak between global/public tag add buttons on the attribute list fixed. [iglocska]

  • was driving me nuts

  • [UI] Removed unused JS variable. [Jakub Onderka]
  • [API] massive performance boost for large events with many correlations. [iglocska]

  • the logic of the JSON converter was heavy and unnecesary

  • [UI] Do not show Advanced extraction when not possible. [Jakub Onderka]
  • [sightings] Fix undefined variable with REST search. [Pierre-Jean Grenier]
  • [internal] massive performance boost when loading events with a lot of objects. [iglocska]
  • [internal] user_count variable is already number. [Jakub Onderka]
  • [internal] Correct error handling for invalid taxonomies. [Jakub Onderka]
  • Undefined variable when no feed was enable. [Pierre-Jean Grenier]
  • [feed] fix REST problems. [Pierre-Jean Grenier]
  • [feed] array from NULL is not NULL. [Pierre-Jean Grenier]
  • [UI] Error handling for submitPopoverForm function. [Jakub Onderka]
  • [performance] Small speed boost to the publishing process. [iglocska]

  • don't fetch the event's first degree relations when preparing to publish it

  • [performance] notifications lookup on each UI page load was slow. [iglocska]

  • introduced a major bottleneck on large instances

  • massively reduced the load times for pages that warranted none
  • [performance] notifications lookup on each UI page load was slow. [iglocska]

  • introduced a major bottleneck on large instances

  • massively reduced the load times for pages that warranted none
  • [mysql.sql] typo resolved. [iglocska]
  • [user_settings] added timestamp field. [iglocska]
  • [internal] removed debug calls. [iglocska]
  • [debug] Removed internal breakpoint that was left in. [iglocska]
  • [correlation] Skip correlation on tasks that modify an attribute in a way that wouldn't warrant a recorrelation, fixes #5204. [iglocska]

  • Only recorrelate attribute if:

    • attribute is new
    • attribute already exists and value, disable_correlation, type is updated
  • [API] proposals overriding attributes wasn't always working as expected, fixes #4032. [iglocska]

  • until now it was bound to the to_ids setting (badly) which caused nothing but headache

  • moved the new configuration to instead use the non-permissive nature of the given export formats

  • non-permissive export: if the proposal block is enabled, override attributes

  • permissive export types: ignore the proposals

The reasoning is simple: we use the permissive export types for types that can express additional structures such as proposals, IDS flags, publish flags etc (meaning the MISP JSON/XML formats for example) - [user setting] Left off missing changes to the controller. [iglocska] - [logging] paranoid log entry not logging request body via the API. [iglocska] - [UI] Double side menu fixed. [iglocska] - [internal] Proposals block attributes setting broken when to_ids is an array. [iglocska] - [stix ½ export] Catching potential exceptions and returning it as result in restSearch. [chrisr3d] - [UI] GnuPG diagnostic message. [Jakub Onderka] - [UI] Notices margin. [Jakub Onderka] - [UI] MISP logo is in center at login page. [Jakub Onderka] - [shell] Update updateWarningLists from CLI. [Jakub Onderka] - [UI] Remove duplicate condition in footer.ctp. [Jakub Onderka] - [stix ½ import] Making the publish checkbox work as expected. [chrisr3d]

  • Publishing as exxpected when the option is checked AND the user has the right to publish
  • [stix ½ import] Avoid adding the original stix file in the event if the option is not checked. [chrisr3d]
  • [stix ½ import] Adding misp event json data within the 'Event' field if it is not already in. [chrisr3d]
  • [internal] paranoid log body didn't contain full body for API calls. [iglocska]
  • [stix ½ restSearch] Deleting temporary files in case of an error in the python side. [chrisr3d]
  • [stix2 export] Catching errors that could happen with custom tags. [chrisr3d]
  • [stix import] Avoiding error with no hashes in pe objects. [chrisr3d]
  • [stix test] Updated STIX1 test files with the most recent fixes on the export script. [chrisr3d]
  • [stix export] Fixed dictionary key used to check pe sections to parse. [chrisr3d]
  • [stix test] Fixed stix2 test file generated with changes on the script and the misp event test file. [chrisr3d]
  • [stix test] Fixed relationship type between a file and a pe object. [chrisr3d]
  • [stix2 export] Make Relationship objects happy with relationship types. [chrisr3d]
  • [internal] Clear also cake core and model caches. [Jakub Onderka]
  • [UI] Loading of local tags fixed via the UI, fixes #5197. [iglocska]

  • over-zealous ACL removed local tags for non sync users

  • UI only functionality, no need for the restriction at al
  • [rest client] Fix overflow in the JSON parsed rest response view. [iglocska]
  • [rest client] Add delete as a valid http method. [iglocska]
  • [API] Added DELETE http method to the rest client and fixed the JSON response of the API info. [iglocska]
  • [API] remove weird line breaks from the API descriptions. [iglocska]
  • [diagnostic] Fixed stix python libraries requirements. [chrisr3d]
  • [index view] Fixed index table in the case where row_element is not set. [chrisr3d]
  • [ui] pass static_tags_only to the feed view. [iglocska]
  • [sfv] Fix checksums. [Steve Clement]
  • [community access requests] fixed serveral issues, fixes #5194. [iglocska]

  • added missing view to preview the request

  • don't throw errors when possible, instead show what should have been sent
  • [UI] If a server add with a newly created external organisation fails, set the external organisation as the currently selected option after the validation fail redirect, fixes #5182. [iglocska]
  • [tools] Updated installer SUMS (#5177) [Steve Clement]

fix: [tools] Updated installer SUMS - [tools] Updated installer SUMS. [Steve Clement] - [sync] Single event fetch via the side menu would trigger a full pull. [iglocska] - [UI] Annoying race condition fixed causing redirects to the login, fixes #5172. [iglocska] - [diagnostic] Updated expected stix2 library version. [chrisr3d] - [import modules] Avoiding issues with empty module parameter. [chrisr3d] - [stix2 import] Fixed Galaxy description parsing. [chrisr3d] - [stix2 import] Fixed vulnerability object import. [chrisr3d]

  • Better vulnerability object attributes parsing
  • Including mapping dict for direct call of the parsing function depending on the STIX object type (indicator, observable or vulnerability)

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #5263 from JakubOnderka/patch-51. [Andras Iklody]

chg: [sync] Code cleanup - Merge pull request #5290 from JakubOnderka/patch-59. [Andras Iklody]

chg: [internal] Remove unused code from AttributesController::index - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge pull request #5288 from JakubOnderka/closing-php-tag-remove. [Andras Iklody]

fix: [internal] Remove closing PHP tags - Merge pull request #5287 from JakubOnderka/patch-56. [Andras Iklody]

fix: [UI] Showing whitespaces for 'text' field - Merge pull request #5291 from MISP/fixEventGraphCollapse. [Sami Mokaddem]

Fixes some eventGraph bugs - Merge branch '2.4' of github.com:MISP/MISP into fixEventGraphCollapse. [mokaddem] - Merge pull request #5284 from RichieB2B/ncsc-nl/no-index. [Andras Iklody]

Check if Organisation index exists - Check if Organisation index exists, fixes #4809. [Richard van den Berg] - Merge pull request #5285 from zaphodef/fix/undefined_variables. [Andras Iklody]

fix: check if variables are defined - Merge pull request #5275 from JakubOnderka/patch-55. [Andras Iklody]

fix: [iternal] Remove unused method EventShell::__recursiveEcho - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5278 from JakubOnderka/value-field. [Andras Iklody]

Value field template - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5271 from JakubOnderka/patch-53. [Andras Iklody]

fix: [UI] Show advanced and SG input when page is reload - Merge pull request #5269 from zaphodef/fix/attributes_undef_var. [Andras Iklody]

fix: [AttributesController] Fix issues related to undefined variables - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5267 from garanews/2.4. [Andras Iklody]

Fix some typo - Fix some typo. [garanews]

Fix some typo - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5261 from JakubOnderka/patch-49. [Andras Iklody]

fix: [UI] Removed unused JS variable - Merge pull request #5254 from JakubOnderka/gpg_key_view. [Andras Iklody]

chg: [UI] Collapse S/MIME or GPG key - Merge pull request #5262 from JakubOnderka/patch-50. [Andras Iklody]

fix: [UI] Do not show Advanced extraction when not possible - Merge pull request #5266 from zaphodef/fix/undefined_variable_sightings. [Andras Iklody]

fix: [sightings] Fix undefined variable with REST search - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5260 from JakubOnderka/patch-48. [Andras Iklody]

fix: [internal] user_count variable is already number - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5253 from zaphodef/fix/import_empty_feed. [Andras Iklody]

fix Feed API - Merge branch '2.4' into fix/import_empty_feed. [Andras Iklody] - Merge pull request #5252 from JakubOnderka/patch-45. [Andras Iklody]

fix: [internal] Correct error handling for invalid taxonomies - Merge pull request #5251 from zaphodef/fix/message_fetch_no_feed. [Andras Iklody]

fix: undefined variable when no feed was enable - Merge pull request #5247 from ancailliau/fixes_5244. [Andras Iklody]

Fixes #5244. - Fixes #5244. [Antoine Cailliau]

AttributeController->addTag was searching for attribute id without flattening. - Add: [attributes] new dash cryptocurrency address attribute type. [Alexandre Dulaunoy] - Merge pull request #5245 from ancailliau/fixes-5242. [Andras Iklody]

Fixes #5242 - Fixes #5242. [Antoine Cailliau] - Merge pull request #5205 from JakubOnderka/patch-31. [Andras Iklody]

fix: [UI] Error handling for submitPopoverForm function - Merge pull request #5217 from JakubOnderka/patch-36. [Andras Iklody]

new: [internal] New AppModel::logException method - Merge pull request #5226 from JakubOnderka/patch-39. [Alexandre Dulaunoy]

chg: [feed] Compute md5 value just once - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5239 from SteveClement/i18n. [Andras Iklody]

chg: [i18n] Updated translations - Merge branch 'cacert' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'dev_session' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5198 from JakubOnderka/redis-info. [Andras Iklody]

new: [internal] Redis diagnostic - Merge pull request #5202 from JakubOnderka/patch-30. [Andras Iklody]

fix: [UI] GnuPG diagnostic message - Merge pull request #5222 from JakubOnderka/patch-37. [Andras Iklody]

fix: [UI] Notices margin - Merge pull request #5225 from JakubOnderka/patch-38. [Andras Iklody]

fix: [UI] MISP logo is in center at login page - Merge pull request #5230 from JakubOnderka/patch-41. [Andras Iklody]

fix: [shell] Update updateWarningLists from CLI - Merge pull request #5231 from StefanKelm/2.4. [Andras Iklody]

Update global_menu.ctp - Update global_menu.ctp. [StefanKelm]

Align menu with other entries - Merge pull request #5233 from JakubOnderka/patch-42. [Andras Iklody]

fix: [UI] Remove duplicate condition in footer.ctp - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5215 from ancailliau/add_localtag_api. [Andras Iklody]

Add support to add local tags to an event using the API. - Add support to add local tags to an event using the API. [Antoine Cailliau] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #5216 from JakubOnderka/patch-35. [Andras Iklody]

chg: [internal] Use checkMISPVersion rather than duplicate impl - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Relaxed defanging rules, fixes #5203. [Andras Iklody]

Removed multiple dot implosion for links/urls - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5201 from JakubOnderka/disable-password-logging. [Andras Iklody]

chg: [internal] Do not log passwords

  • affects passwords from server settings, user passwords already sanitised
  • Merge pull request #5200 from davidonzo/2.4. [Alexandre Dulaunoy]

Added DigitalSide OSINT Feed - Added DigitalSide OSINT Feed. [Davide Baglieri]

Added DigitalSide OSINT Feed to the list of available OSINT sources. Here is the home page of the project: https://osint.digitalside.it/

As reported in the project home page the MISP feed cointains a set of Open Source Cyber Threat Intellegence information, monstly based on malware analysis and compromised URLs, IPs and domains. The purpose is to develop new wayes to hunt, analyze, collect and share relevants sets of IoCs to be used by SOC/CSIRT/CERT with minimun effort.

Hope this help the community. Hope the community will help me to share relevant infos as well.

Regards - Merge pull request #5169 from JakubOnderka/clean-caches. [Andras Iklody]

fix: [internal] Clear also cake core and model caches - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5187 from challs/refactor-appController. [Andras Iklody]

Refactor app controller - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]

v2.4.116 (2019-09-16)

New

  • [sync] Added sync priority system to prioritise the order of instances to push to. [iglocska]
  • [CLI] Added cleanup tool to purge all events related to a feed. [iglocska]

  • Simply run /var/www/MISP/app/Console/cake Admin purgeFeedEvents [user_id] [feed_id]

  • works for CSV/Freetext feeds
  • [stix2 export] Parsing relationships between objects. [chrisr3d]

  • Which includes of course relationships between objects and objects, and the ones between objects and attributes

  • [API] verbose output for /servers/update. [iglocska]
  • [event:view] Added support of decay score. [mokaddem]
  • [decaying:rest] Filtering out of decayed attributes. [mokaddem]
  • [decaying] Partial API support - 🚧. [mokaddem]
  • [restResponse] Added entries in Attribute/RestSearch for decaying model support. [mokaddem]
  • [decaying] Added models import and export feature. [mokaddem]
  • [restSearch] restSearch module for ATT&CK Sightings. [chrisr3d]

  • Returning ATTA&CK Sightings in json format for events and attributes with mitre-attack-pattern galaxies attached

  • For further details on the ATT&CK Sightings, please visit https://attack.mitre.org/resources/sightings/
  • Also thanks to @johnwunder for the clarification on the output format
  • [auth key fail logging throttle] Throttle the auth key failed log entries to 1 / hour / key. [iglocska]

Changes

  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest one. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [version] bump. [iglocska]
  • [feed] Break loop when match is found. [Jakub Onderka]
  • [PyMISP] Bump. [Raphaël Vinot]
  • [API] /events/view now accepts the deleted parameter via posted parameters too. [iglocska]
  • [decaying:simulation] Disabled sorting on score (will be implemented in the next decaying version) [mokaddem]
  • [decaying] Changed name column type from text to varchar(255) [mokaddem]
  • [decaying] Added log entry if formula cannot be loaded. [mokaddem]
  • [internal] Simplify installation with composer. [Jakub Onderka]
  • [decaying:(en|dis)able] Converted empty form with built-in cakephp postLink [mokaddem]
  • [decaying] Improve UI when multiple eventTags get overriden by attributeTag. [mokaddem]
  • [decaying:simulation] Swapped round to floor when rounding sightings timestamp. [mokaddem]
  • [decaying:model] Seventh batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [decaying:model] Sixth batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [decaying:model] Fith batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [decaying:model] Fourth batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [decaying:model] Third batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [decaying:model] Second batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [decaying:model] First batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • [database] Added indexes to decaying models and related tables. [mokaddem]
  • [event] applying few PSR2 rules. [mokaddem]
  • [decaying:simulation] restSearch comments added to be fixed in next decaying version. [mokaddem]
  • [decaying] First batch of fix from the PR review - 🚧 (not tested) [mokaddem]
  • Added CR/LF. [mokaddem]
  • [sql] align initial perm with sightings. [mokaddem]
  • [app] bumped queryversion. [mokaddem]
  • [decaying:update] Added a warning in case the folder is empty. [mokaddem]
  • [server:submodule_version] Whitelisted misp-decaying-models for the UI. [mokaddem]
  • [gitmodule] Added git-submodule misp-decaying-models [mokaddem]
  • [decaying:import] When importing a model, mapping is imported as custom mapping. [mokaddem]
  • [decaying] Round all sightings at once. [mokaddem]
  • [decaying:simulation] Support of score on-the-fly threshold override. [mokaddem]
  • [decaying] Added alias score to override on-the-fly the treshold of a model. [mokaddem]
  • [decaying] includeFullModel parameter support in the UI. [mokaddem]
  • [attribute:restSearch] New paramter includeFullModel to attach full model information. [mokaddem]
  • [decaying] Added default column in decayingModels table, code path for rest and improved ACL. [mokaddem]
  • [decaying:add] Added help for parameters. [mokaddem]
  • Bumped query version. [mokaddem]
  • [decaying] Added default models to selection when fetching associated models. [mokaddem]
  • [decaying:simulation] UI Tweakings for screen resize. [mokaddem]
  • [decaying] Improved embedded JSONs saving. [mokaddem]
  • [decaying] Pre-process element to be added just to be sure. [mokaddem]
  • [decaying:base_score_config] Simulation at predicate level in the user interface. [mokaddem]
  • [decaying:base_score_config] Improved UI responsiveness. [mokaddem]
  • [decaying:base_score_config] Consider predicate weight UI only - 🚧. [mokaddem]
  • [decaying:base_score_config] Added reason of taxonomy exclusion. [mokaddem]
  • [roles] Initially sets perm_decaying permission to mirror sighting permission. [mokaddem]
  • [decaying] Improved response when adding a model. [mokaddem]
  • [decaying] Deleted unused lines creating mapping for default models. [mokaddem]
  • [decaying:simulation] Basescore computation steps UI improvements. [mokaddem]
  • [decaying:effectiveRatio] Tags not having numerical_value doesn't impact effective taxonomy ration anymore. [mokaddem]
  • [decaying:JS] refacto - declare local variable. [mokaddem]
  • [decaying:tool] Stringify objects in table. [mokaddem]
  • [decaying] Few views tweakings. [mokaddem]
  • [decaying] More sanitization and indentation is important.. [mokaddem]
  • [decaying] Better Inheritance and comments. [mokaddem]
  • [decaying] Added formula description in multiple location. [mokaddem]
  • [decayingMapping] Refacto - Comments and code optimization. [mokaddem]
  • [decaying] Refacto - Few renames and comments. [mokaddem]
  • [decaying] refact - Accept PUT and added comment for attribute removal in restSearch. [mokaddem]
  • [decaying] Code refactoring, commenting and slight optimization. [mokaddem]
  • [decaying:basescore_config] Tooltip does not modify talbe layout anymore. [mokaddem]
  • [decaying:tool] Handle is placed closer to t=0. [mokaddem]
  • [decaying] Renamed tau and delta into lifetime and decay_speed [mokaddem]
  • [roles] Added perm_decaying role. [mokaddem]
  • [decaying] Improved sidemenu for decaying. [mokaddem]
  • [decaying:simulation] Added sidemenu. [mokaddem]
  • [decaying:tool] Highlight models edition compared to creation. [mokaddem]
  • [decaying] Improved ACL integration for the UI. [mokaddem]
  • [decaying] Added DESCRIPTION variable for each .php formula files. [mokaddem]
  • [decaying:tool] Added table filtering buttons. [mokaddem]
  • [decaying:index] Added quick filter buttons. [mokaddem]
  • [decaying] Improved coverage of model overrides to the API. [mokaddem]
  • [decaying] Slightly improved Model/DecayingModel with shortcuts code quality and options. [mokaddem]
  • [decaying] Usage of cakePHP folder API. [mokaddem]
  • [decaying:add] `all_orgs`` checked by default. [mokaddem]
  • [decaying:index] Improved UI. [mokaddem]
  • [decaying] More consistency about parameters.settings when empty. [mokaddem]
  • [decaying] isDefault for every models and added more JS robustness. [mokaddem]
  • [decaying:edit] Notice if editing a default model. [mokaddem]
  • [decaying] FetchAllowedModels now supports all_orgs [mokaddem]
  • [decaying] Renamed function and started true implemention of ACL for models. [mokaddem]
  • [decaying] Added restricted edition and `all_orgs`` flag - 🚧. [mokaddem]
  • [globalmenu] Added link to /decayingModel/index [mokaddem]
  • [decaying:view] Added logo to distinguish between custom and default models. [mokaddem]
  • [decaying:index] Added logo to distinguish between custom and default models. [mokaddem]
  • [decaying] Added some FIXME and changed FontAwesome classes. [mokaddem]
  • [decaying] Allow for model parameteres override. [mokaddem]
  • [decaying] Usage of classname instead of const, support of retention taxonomy and small fix. [mokaddem]
  • [decaying] Added list of available formulas and model settings - 🚧. [mokaddem]
  • [decaying] Changed default formula name to polynomial. [mokaddem]
  • [sidemenu:decayingModel] Added dividers. [mokaddem]
  • [event:view] Link to simulation page. [mokaddem]
  • [decaying:rest] Renamed decayed into excludeDecayed for better usability. [mokaddem]
  • [decaying] Added axis labels. [mokaddem]
  • [decaying] Added formula field in the index. [mokaddem]
  • [decaying] Split score computation part into classes for more flexibility. [mokaddem]
  • [decaying] Full support of enable/disable model. [mokaddem]
  • [decaying:index] Added support of enable/disable on the index. [mokaddem]
  • [decaying:tool] Added support of enabled model in the UI. [mokaddem]
  • [decaying:tool] Small UI tweek. [mokaddem]
  • [decaying:basescore] Moved JS in its own file. [mokaddem]
  • [decaying] Usage of the assetLoader. [mokaddem]
  • [decaying] UI/UX improvements. [mokaddem]
  • [decaying] Slight refactoroing for styling. [mokaddem]
  • [decaying] static file renaming and moved to its own style file. [mokaddem]
  • [decaying:simulation] Added responsiveness to SVG. [mokaddem]
  • [decaying:simulation] Improved feedback on how default_base_score is set. [mokaddem]
  • [decaying:simulation] No more modal support for simulation tool. [mokaddem]
  • [decaying:tool] Dynamic redraw of the model table to support dynamic update. [mokaddem]
  • [decaying:simulation] Hints for tag override and change to larger popover. [mokaddem]
  • [decaying:simulation] Added current time and score and improved UI. [mokaddem]
  • [decaying:model] Added support of default base_score. [mokaddem]
  • [decaying:simulation] Alert user if base_score has not been configured yet. [mokaddem]
  • [decaying:simulation] Base score computation steps and improved UI. [mokaddem]
  • [decaying:simulation] Added support of base_score computation, various UI improvements and different method to compute scores. [mokaddem]
  • [attribute:search] Added support of contain in fetchAttributeSimple() [mokaddem]
  • [decaying:simulation] Improved tooltip generation. [mokaddem]
  • [decaying:simulation] Removed commented out lines. [mokaddem]
  • [decaying:simulation] Improved UI. [mokaddem]
  • [decaying:simulation] Support of both modal and fullscreen simulation. [mokaddem]
  • [decaying:simulation] Support of sightings in the decaying simulation. [mokaddem]
  • [decaying:simulation] Draft 2 of simulation chart line - 🚧. [mokaddem]
  • [decaying:simulation] Draft of simulation chart line - 🚧. [mokaddem]
  • [decaying:simulation] Support of row clicking. [mokaddem]
  • [decaying:simulation] Attribute searches. [mokaddem]
  • [decaying:simulation] Started simulation view - 🚧. [mokaddem]
  • [decaying:tool] Object categories are treated as an array. [mokaddem]
  • [decaying] Improved UI and limit number of digit in parameters. [mokaddem]
  • [decaying:tool] Full support of base_score configuration. [mokaddem]
  • [decayingModel:controller] Updated edit endpoint to match the correct view. [mokaddem]
  • [decayingModel:add] Edit view based on Add view. [mokaddem]
  • [decaying:base_score] base_score computation for custom tags and Improved UI. [mokaddem]
  • [decaying:base_score] Custom tagging in base score examples. [mokaddem]
  • [decaying:tool] Show available tags in the taxonomy. [mokaddem]
  • [decaying:tool] Added example table with automatic tags picking and pass config to the model - 🚧. [mokaddem]
  • [decaying:tool] Started implementation of tag support and examples in the adjust base_score [mokaddem]
  • [decaying:tool] Filter taxonomies not having numerical score. [mokaddem]
  • [decaying] UI tweaking on the galaxy tree map. [mokaddem]
  • [css] Increase z-index of popover. [mokaddem]
  • [decaying] Improved UI - 🚧. [mokaddem]
  • [decaying] slight UI Improvement - 🚧. [mokaddem]
  • [decaying] Improved UI - 🚧. [mokaddem]
  • [decaying] Started support of taxonomies (base_score) - 🚧. [mokaddem]
  • [decaying] Started taxonomies integretion - 🚧. [mokaddem]
  • [decayingTool] Added missing class. [mokaddem]
  • [decayingTool] Added number of type assigned to a model. [mokaddem]
  • [decayingTool] Added selection history and selection restoration. [mokaddem]
  • [decayingTool] Improved UI - 🚧. [mokaddem]
  • [decaying] fixed bug (array_values) and improved layout - 🚧. [mokaddem]
  • [decaying] Improved getAssociatedModels - 🚧. [mokaddem]
  • [decaying] Clean-up - 🚧. [mokaddem]
  • [Decaying] Improved mapping reset and started integration with the interface. [mokaddem]
  • [decayingTool] Improved related type retreival and improved UI - 🚧. [mokaddem]
  • [DecayingTool] Added more fields. [mokaddem]
  • [decayingModel] Added update mechanism from local files and started decaying_model_mappings [mokaddem]
  • [decayingTool] Added grid in the chart. [mokaddem]
  • [decayingTool] Added filtering/search on the Attribute type table. [mokaddem]
  • [decayingTool] Switched to JQuery plugin instead of raw JS. [mokaddem]
  • [decayingTool] Improved bounding rect - 🚧. [mokaddem]
  • [decayingTool] removed comments. [mokaddem]
  • [decayingTool] UI improvement - 🚧. [mokaddem]
  • [decayingTool] Majority has been moved to d3. Still 🚧. [mokaddem]
  • [devayingTool] UI improvement - 🚧. [mokaddem]
  • [DecayingTool] Playing around with d3 - 🚧. [mokaddem]
  • [decayingTool] Moving from chart.js to d3.js. [mokaddem]
  • [DecayingTool] Added list of available Object Attribute. [mokaddem]
  • [decaying] Improved selection performance. [mokaddem]
  • [decayingTool] Added more description and started support of Object and non-ToIDS Attributes. [mokaddem]
  • [decayingTool] Moved JS in its own file + added table checkbox. [mokaddem]
  • [decayingModel] Improved UI (selectable behavior) - 🚧. [mokaddem]
  • [decayingModel] Added Col org and splitted json into input fields. [mokaddem]
  • [decaying] Model and UI improvement - 🚧. [mokaddem]
  • [decayingTool] Added model and controller. [mokaddem]
  • [decayingTool] More info on Attribute types and model loading - 🚧. [mokaddem]
  • [decayingTool] More info and help text. [mokaddem]
  • [deacyingTool] Improved UI - 🚧. [mokaddem]
  • [decayingTool] Added var. [mokaddem]
  • [decaying] UI skeleton - 🚧. [mokaddem]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • Set composer vendor dir right in composer.json. [Jakub Onderka]
  • Put require PHP version and extension into composer.json. [Jakub Onderka]
  • [users] Remove unused method UsersController::arrayCopy. [Jakub Onderka]
  • Remove not used Net_GeoIP submodule. [Jakub Onderka]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [sync] Further improvements to the connection test logging. [iglocska]
  • [sync] Connection test POST test logs the full response, not just the expected part. [iglocska]

Fix

  • [stix2] Fixed custom objects parsing when an attribute is multiple. [chrisr3d]

  • Avoids loss of attributes that are multiple, during the export, by returning them in a list

  • Supporting import of of custom values that are in a list, as single multiple attributes
  • [internal] Added a code branch to check if saddarray is available - if yes, use it. [iglocska]

  • for the warninglist model's cacheWarninglistEntries function

  • [UI] Allow to skip pagination in IndexTable. [Jakub Onderka]
  • [internal] warninglist missing Redis::sAddArray() fixed. [Andras Iklody]
  • [prio] changePriority function responses fixed. [iglocska]
  • [API] hard delete passable via different methods to /attributes/delete than just ordered URL parameters. [iglocska]
  • [internal] Fix post check for attribute delete function via the API. [iglocska]
  • [server prio] Don't block the reordering even when the requested move is invalid. [iglocska]

  • helps with fixing misaligned server lists

  • [server prio] reprioritise should be more lenient if there's a messed up priority order as the starting point. [iglocska]

  • should still return false for the rearranging, but should re-set the priority list based on the current positions

  • [UI] Attribute search sort by date fixed. [iglocska]
  • [ACL] priority change for servers tied into the ACL. [iglocska]
  • [server prio] Automatically put new servers to lowest prio instead of highest. [iglocska]
  • [UI] Fix typo in community view. [Jakub Onderka]
  • [decaying:base_score] Create temporary false tags when they are defined in their taxonomy but not created yet. [mokaddem]
  • [decaying:base_score] Single taxonomy appear in the correct namespace. [mokaddem]
  • [decaying:base_score] Round base_score config up to 4 digits. [mokaddem]
  • [decaying] .json view in decaying/view [mokaddem]
  • [decaying:import] Force somes fields to be present while importing a decaying model. [mokaddem]
  • [UI] removed obsolete logo preview tool from org add/edit. [iglocska]
  • [stix2 export] Avoids passing variable already contained in another variable passed at the same time. [chrisr3d]
  • [stix2 export] Removed some useless processing. [chrisr3d]
  • [decaying] fixed const error. [mokaddem]
  • [decaying] Correctly add database indexes. [mokaddem]
  • [regression] removed readded invalid acl entry. [Andras Iklody]
  • [ACL] removed two unused functions. [iglocska]
  • [API] Empty strings should be embedded in an array for the JSON output. [iglocska]
  • [decaying:simulation] Make sure every sightings have a rounded timestamp. [mokaddem]
  • [decaying] typo 4. [mokaddem]
  • [decaying] typo 3. [mokaddem]
  • [event] typo 2. [mokaddem]
  • [event] typo. [mokaddem]
  • [decaying:tool] Replaced title function into text [mokaddem]
  • [decaying:import] imported models from directory are correctly saved as default. [mokaddem]
  • [decaying:import] Correctly remove id, uuid and preserve the import data. [mokaddem]
  • [event:view] Toggle boolean buttons. [mokaddem]
  • [acl:decaying] Fixed ACL permissions. [mokaddem]
  • [decaying:add] Name should be input rather than textarea. [mokaddem]
  • [decaying:add] Formula field should be a select. [mokaddem]
  • [event:fetch] DO not duplicate scores for object's attributes anymore. [mokaddem]
  • [decaying:tool] Enabled icon is correctly displayed in the model table. [mokaddem]
  • [appModel] SQL query syntax fixed. [mokaddem]
  • [decaying] UI - Interface errors and sanitization. [mokaddem]
  • [decaying:base_score_config] basescore computation steps works again - 🚧. [mokaddem]
  • [appmodel] Added db_change number for the decaying update. [mokaddem]
  • [Sightings] Plugin.Sightings_policy=Event Owner now shows sightings that belong to the creating org. [mokaddem]
  • [decaying] Include EventTags for score computation in event/view [mokaddem]
  • [Tags] Correctly records numerical_value when enabling a taxonomy for the first time. [mokaddem]
  • [decaying:tool] Correctly update the state of the enable/disable button after editing. [mokaddem]
  • [decaying:tool] Prevent Object types overriding attribute types. [mokaddem]
  • [decayingMapping:tool] Returns all allowed mapping if type list is empty. [mokaddem]
  • [decaying:tool] Set isEditable parameter after editing a model. [mokaddem]
  • [decaying] Set default value and pre-checks. [mokaddem]
  • [decaying:basescore_config] Fixed CSS for large tags. [mokaddem]
  • [decaying:tool] UI - Basescore does not override table anymore. [mokaddem]
  • [decaying:simulation] Sorting result is displayed properly. [mokaddem]
  • [decaying:simulation] Support of object_attribute in the simulation graph. [mokaddem]
  • [decaying:tool] Attribute type table searching regression fixed. [mokaddem]
  • [decaying] Adjust score if the attribute was modified after the last sighting. [mokaddem]
  • [decaying] Fixes on UI, Basescore overflow and unauthorized edition. [mokaddem]
  • [decaying:acl] Various ACL fixes. [mokaddem]
  • [decaying:.json] Restored working behavior of .json views. [mokaddem]
  • [decaying:tool] Correctly record type mapping if assigned during model creation. [mokaddem]
  • [decaying] Do not access existing keys anymore. [mokaddem]
  • [decaying:tool] Correctly save formula changes. [mokaddem]
  • [decaying] attribute_types count fix. [mokaddem]
  • [decaying:tool] Quick fix for mapping attribute type to models. [mokaddem]
  • [decayingModel] Correctly skip tags if taxonomomy has not been configured. [mokaddem]
  • [Taxnomy:updateTag] Do not throw an error if taxonomy does not contain a numerical value. [mokaddem]
  • [taxonomy:update] numerical_value gets updated correctly. [mokaddem]
  • [taxonomy] Keep taxonomy predicates. [mokaddem]
  • [decayingTool] Selection for checkboxes are correctly handled. [mokaddem]
  • [decaying] Allow translation on errors. [mokaddem]
  • [decayingTool] Prevent drawing illegal parameters. [mokaddem]
  • [customauth] default setting for use_header_namespace should adhere to what is displayed (true) [iglocska]

  • as requested by the MELiCERTES consortium for CSP

  • [feed] When fetching feeds, accept also text/plain in HTTP. [Jakub Onderka]
  • Require exact monolog version 1.24. [Jakub Onderka]
  • [internal] blackhole function default fixed. [iglocska]
  • [audit] Correct title in audit log when admin edit user. [Jakub Onderka]
  • [ACL] Added resetremoteauthkey to the ACL system. [iglocska]
  • [sync] Post test fixed for sync users. [iglocska]
  • [stix import] Fixed ttps malware from external stix files parsing. [chrisr3d]
  • [stix import] Additional test if leveraged ttps are not None to avoid issues. [chrisr3d]
  • [stix export] Typo on course of action galaxy type. [chrisr3d]
  • [stix export] Making the validator happy with capec ids. [chrisr3d]
  • [stix export] Avoiding custom vocabularies for an easier parsing of the result file. [chrisr3d]
  • [stix export] Specifying tool name for mitre-tool galaxies. [chrisr3d]
  • [stix export] Exporting tool type. [chrisr3d]

  • Type is what we call galaxy name, for instance Tool, Enterprise Attack - Tool, etc.

  • [stix export] Exporting malware type. [chrisr3d]

  • Type is what we call galaxy name, for instance Stealer, Malware, Ransomware, etc.

  • [stix import] Separation between vulnerability objects & attributes. [chrisr3d]
  • [stix import] Keeping attack pattern, vulnerability & weakness objects uuid. [chrisr3d]
  • [stix import] Listing ttps uuids instead of the full ttp ids. [chrisr3d]

  • Easier to compare directly uuids in related ttps

  • [stix import] Fixed some typos. [chrisr3d]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #5097 from JakubOnderka/patch-18. [Andras Iklody]

chg: [feed] Break loop when match is found - Merge pull request #5163 from JakubOnderka/patch-28. [Andras Iklody]

fix: [UI] Allow to skip pagination in IndexTable - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #5098 from JakubOnderka/patch-19. [Alexandre Dulaunoy]

fix: [UI] Fix typo in community view - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] - Merge pull request #5032 from mokaddem/decaying. [Andras Iklody]

Decaying Models - Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] - Merge pull request #5148 from JakubOnderka/composer-simplify. [Andras Iklody]

chg: [internal] Simplify installation with composer - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] - Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] - Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] - Merge remote-tracking branch 'origin/2.4' into decaying. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into decaying. [mokaddem] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5106 from JakubOnderka/composer-requirements. [Andras Iklody]

chg: Put require PHP version and extension into composer.json - Merge branch '2.4' into composer-requirements. [Jakub Onderka] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5132 from JakubOnderka/patch-27. [Andras Iklody]

fix: [feed] When fetching feeds, accept also text/plain in HTTP - Merge pull request #5121 from JakubOnderka/remove-netgeoip. [Andras Iklody]

chg: Remove not used Net_GeoIP submodule - Merge branch '2.4' into remove-netgeoip. [Andras Iklody] - Merge pull request #5125 from JakubOnderka/patch-25. [Andras Iklody]

fix: Require exact monolog version 1.24 - Merge pull request #5129 from JakubOnderka/array-copy-remove. [Andras Iklody]

chg: [users] Remove unused method UsersController::arrayCopy - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5128 from JakubOnderka/patch-26. [Andras Iklody]

fix: [audit] Correct title in audit log when admin edit user - Add: [stix import] Importing Galaxies supported during stix export. [chrisr3d] - Add: [stix export] Exporting Branded Vulnerability galaxies. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Add: [stix import] Importing attack pattern galaxies. [chrisr3d] - 🚧 [stix import] Functions to import attack pattern, vulnerability & weakness objects. [chrisr3d]

  • Functions to parse galaxies to come soon
  • Add: [stix import] Getting IDs of threat actors, courses of action and ttps related to the incident. [chrisr3d]

  • Will be usefull to separate threat actors, courses of action and ttps that are related to incidents and will be imported as galaxies, form the ones not related that will be imported as attributes or objects

v2.4.115 (2019-09-09)

Changes

  • [version] bump. [iglocska]
  • Install crypt_gpg by composer. [Jakub Onderka]
  • Allow to load Crypt_GPG from composer. [Jakub Onderka]
  • [user] Remove unused private method. [Jakub Onderka]
  • [user] Use machine readable format for fetching PGP keys. [Jakub Onderka]
  • [feed] Error handling for saveFreetextFeedData. [Jakub Onderka]
  • [feed] Handle exceptions for ServerShell::enqueueFeedCache. [Jakub Onderka]
  • [feed] Throw exception if feed filter rules is not valid JSON. [Jakub Onderka]
  • [feed] Better error handling for cacheFeedInitiator method. [Jakub Onderka]
  • [feed] More accurate progress logging for downloadFromFeed. [Jakub Onderka]
  • [feed] Better exception logging. [Jakub Onderka]
  • [feed] New method Feed::jobProgress. [Jakub Onderka]
  • [feed] New private method Feed::isFeedLocal. [Jakub Onderka]
  • [feed] Use Feed::feedGetUri in Feed::getFreetextFeed. [Jakub Onderka]
  • [feed] Feed::getNewEventUuids always return array with 'add' and 'edit' fields. [Jakub Onderka]
  • [feed] Proper error handling for fetching feed cache. [Jakub Onderka]
  • [feed] New method Feed::feedGetUri to deduplicate code. [Jakub Onderka]
  • [feed] Proper error handling for fetching feed events. [Jakub Onderka]
  • [feed] Deduplicate preparing filter rules. [Jakub Onderka]
  • [feed] Proper error handling for fetching freetext feed. [Jakub Onderka]
  • [feed] Follow redirects by internal HttpSocket functionality. [Jakub Onderka]
  • [feed] Proper error handling for fetching feed manifest. [Jakub Onderka]
  • [stix2] Bumped latest STIX2 python library changes. [chrisr3d]

Fix

  • [UI] Removed duplicate button title in userIndexTable.ctp. [Jakub Onderka]
  • Throw exception when GnuGP homedir is not set. [Jakub Onderka]
  • [UI] GPG keys are fetched from CIRCL keyserver. [Jakub Onderka]
  • [UI] Fetching GPG keys. [Jakub Onderka]

This error was introduced in 600e54051694ca4d479a9e2c82db45fe19a46a6c - [stix2 import] Fixed hash patterns import for external STIX files. [chrisr3d] - 🔒 Fix to a vulnerability related to the server index. [iglocska]

  • along with various support tools
  • more information coming soon
  • [internal] orgs restricted to a domain displayed incorrectly. [iglocska]

  • afterfind messes up the keys by reusing the same var for an inner loop

  • [feed] Fetching event manifest. [Jakub Onderka]
  • [sync] Fixed major performance blocker. [iglocska]

  • fix based on the insights of @RichieB2B, the hero we need, not the one we deserve

  • added orgc_uuid to the minimal event index
  • added handlers for it on the pull side
  • when pulling from old instances the new functionality is skipped, resulting in the behaviour we had pre-patch
  • both sides of the sync are encouraged to update, especially if the slow pulls are causing issues
  • [feed] Use own solution how to redirect when fetching feeds. [Jakub Onderka]
  • [feed] shell_exec don't throw Exception. [Jakub Onderka]
  • [UI] Remove rest of unused code. [Jakub Onderka]

Inner code was removed in 3f03ceb22974352648e5163ee4b19eb94bc21106 - [server] on-demand action does not redirect to the updateProgress page anywmore. [mokaddem] - [stix2 import] Dealing with the case of named pipe attribute being imported from custom object. [chrisr3d] - [stix2 export] Avoid fails with named pipe export as custom object. [chrisr3d] - [export] Add a proper filename to the event restsearch API's output to make downloading events a bit more convenient, fixes #4905. [iglocska] - [authentication] prepend the baseurl to the login/logout redirects - fixes #3871. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #5119 from JakubOnderka/patch-24. [Sami Mokaddem]

fix: [UI] Removed duplicate button title in userIndexTable.ctp - Merge pull request #5120 from JakubOnderka/gpg-composer. [Andras Iklody]

Install Crypt_GPG by composer - Merge pull request #5103 from JakubOnderka/circl-key-server- description. [Alexandre Dulaunoy]

fix: [UI] GPG keys are fetched from CIRCL keyserver - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5117 from JakubOnderka/patch-23. [Andras Iklody]

fix: [UI] Fetching GPG keys - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5116 from JakubOnderka/patch-22. [Andras Iklody]

chg: [user] Remove unused private method - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5115 from RichieB2B/ncsc-nl/speedup-pull. [Andras Iklody]

Speedup pull - Log reason for event download failure. [Richard van den Berg] - Log all errors from server pull. [Richard van den Berg] - Loose a find when adding existing event. [Richard van den Berg] - Merge pull request #5112 from JakubOnderka/fix-feed-get-manifest. [Andras Iklody]

fix: [feed] Fetching event manifest - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #5101 from JakubOnderka/patch-20. [Andras Iklody]

chg: [user] Use machine readable format for fetching PGP keys - Merge pull request #5052 from JakubOnderka/error-handling. [Andras Iklody]

Better error handling for fetching feeds - Merge pull request #5102 from JakubOnderka/patch-21. [Andras Iklody]

fix: [UI] Remove rest of unused code - Add: [stix import] Importing pipe objects as named pipe attribute. [chrisr3d] - Add: [stix export] Exporting named pipe attributes. [chrisr3d] - Merge pull request #5084 from RichieB2B/patch-6. [Andras Iklody]

Fix Declaration of RestResponseComponent warning - Fix Declaration of RestResponseComponent warning. [Richie B2B]

v2.4.114 (2019-08-30)

New

  • [API] Added event delegations to the list of API enabled functions. [iglocska]

  • last minute feature creep

  • [requestAccess] Made the requestAccess endpoint more API friendly and some UI improvements. [iglocska]

  • better handling of empty parameters

  • added the mock functionality to both API and UI, this will generate the e-mail to be sent and return it with no actual sending happening
  • defaulting to mock if emailing is disabled
  • fixed some minor bugs
  • [communities] Added version and did some cleanup on the e-mail sent in a request. [iglocska]
  • [communities] Descriptions added to the request form along with the anonymise checkbox. [iglocska]
  • [communities] Include information about the server used to issue the request. [iglocska]
  • [community] Added the first revision of the community metadata. [iglocska]
  • [communities] Added support for requesting access for known communities. [iglocska]

  • site admins can list the misp-project maintained community list

  • request access to any of the communities
  • [Internal] Index generator refactor. [iglocska]

  • loads of new features added

  • bunch of helpers updated
  • mainly a back/forward port from the frozen feed-rework branch with some custom changes
  • [delegations] Added delegation index, fixes #5023. [iglocska]

/event_delegations/index

accepts context as a parameter with the following possible values: - pending: all delegations awaiting my organisation's review (default) - issued: all delegations issued by my organisation

parameters can be passed via key:value parameters or via json objects - [diagnostics] Added SQL table size tool. [iglocska]

  • along with various other small fixes
  • increased recommended memory size additionally

Changes

  • [VERSION] bump. [iglocska]
  • [PyMISP] Bump for release, take 2. [Raphaël Vinot]
  • [PyMISP] Bump for release. [Raphaël Vinot]
  • Enable debug. [Raphaël Vinot]
  • [PyMISP] Bump for Communities. [Raphaël Vinot]
  • [misp-objects] relationships updated. [Alexandre Dulaunoy]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [feed] Name variables after explore in Feed::attachFeedCorrelations. [Jakub Onderka]
  • [feed] Compute Redis cache key prefix just once. [Jakub Onderka]
  • [feed] Fetch sources just when there is correlation. [Jakub Onderka]
  • [feed] Compute composite types just once. [Jakub Onderka]
  • [communities] Change keys (name, uuid, type) [Raphaël Vinot]
  • [field rename] Renamed all community fields with redundancy to something more simple (community_uuid -> uuid, etc) [iglocska]
  • [PyMISP] Bump for communities. [Raphaël Vinot]
  • [restresponse] Added tooltips to the translatable strings, added communities/requestAccess. [iglocska]
  • [API] communities/requestAccess made more API friendly. [iglocska]

  • defaults set automatically if not set

  • tied into self-describe API on GET
  • fixed the attached PGP key to be the one supplied if it deviates from the user's key
  • [cleanup] empty lines removed. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • No need to encapsulate data in API request. [Pierre-Jean Grenier]
  • [PyMISP] Bump tests for Travis. [Raphaël Vinot]
  • [ACL] Added new community functions to the ACL component. [iglocska]
  • [travis] PyMISP bump. [Raphaël Vinot]
  • [PyMISP] Bump tests for Travis. [Raphaël Vinot]
  • [Tests] Bump PyMISP. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • Delegate to org by UUID. [Pierre-Jean Grenier]
  • [doc] MISP works on the latest 18.04.3 ISO, just sayin' (#5051) [Steve Clement]

chg: [doc] MISP works on the latest 18.04.3 ISO, just sayin' - [doc] MISP works on the latest 18.04.3 ISO, just sayin' [Steve Clement] - [taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [tools] Updated installer to consider the memory_limit change. [Steve Clement] - [doc] Updated: memory_limit=512M -> memory_limit=2048M (#5038) [Steve Clement]

chg: [doc] Updated: memory_limit=512M -> memory_limit=2048M - [doc] Updated: memory_limit=512M -> memory_limit=2048M. [Steve Clement] - [doc] Updated composer hash (#5037) [Steve Clement]

chg: [doc] Updated composer hash - [doc] Updated composer hash. [Steve Clement] - [updateProgress] Added sidebar (and sidebar link) [mokaddem] - Show descriptions in import modules. [Pierre-Jean Grenier] - /events/contact/{event_id} can now be properly called from API. [Pierre-Jean Grenier] - [warning-list] Use different algorithm for IPv4 CIDR comparsion. [Jakub Onderka] - [warning-list] Filter CIDR warning list before eval. [Jakub Onderka] - Setting the 'Tag' key when editing a tag through API is not mandatory (consistency) [Pierre-Jean Grenier] - [PyMISP] Bump, changes with sightings. [Raphaël Vinot] - [warninglist] Do not check twice if key in cache exists. [Jakub Onderka] - [cache] Do not check if class exists when cache is already connected. [Jakub Onderka] - Return the sighting when adding one through REST API. [Pierre-Jean Grenier] - [UI] Some more username helper changes. [iglocska] - [UI] Small change to the user name helper. [iglocska] - [PyMISP] Bump tests for Travis. [Raphaël Vinot] - Do not log ForbiddenException by default. [Jakub Onderka]

This exception is thrown when not logged access users/checkIfLoggedIn.json

Fix

  • [API] Messages fixed for event delegations. [iglocska]
  • [API] event delegation inverted invalid IF branch. [iglocska]
  • [internal] return true from the external email sender if no mocking is happening instead of the full email. [iglocska]
  • [API] Set gpgkey to '' instead of array() if user has no pgp key set. [iglocska]
  • [feed] Remove unused variables. [Jakub Onderka]
  • [ui] Missing space and dot at export page. [Jakub Onderka]
  • [invalid link] fixed. [iglocska]
  • [API] Added gpgkey as a valid parameter for requestAccess in the API description. [iglocska]
  • [UI] Fixed the annoying link underlines under action buttons. [iglocska]
  • More issues with PostgreSQL. [Bechkalo Evgeny]

  • fixed error during update Job date_modified field (SQLSTATE[22008]: Datetime field overflow: 7 ERROR: date/time field value out of range)

  • fixed error during fetching events while updating from feeds ( SQLSTATE[42P01]: Undefined table: 7 ERROR: missing FROM-clause entry for table events)
  • fixed Feed edit view with wrong boolean forms (combobox instead checkbox)
  • [invalid url] fixed. [iglocska]
  • [communtiies] Added correct responses to the community request interface. [iglocska]
  • [menu] Added community index to the top menu. [iglocska]
  • SQL-error during obtaining dbSpaceUsage. [Bechkalo Evgeny]

Fixed SQL-error in PostgreSQL for viewing Diagnostics Page Added check for datasource, added PostgreSQL handling (without reclaimable memory). - Contact reporter via API. [Pierre-Jean Grenier] - [ui] Show proper error message for ForbiddenException again. [Jakub Onderka] - [appController] Fixed updateProgress redirection link. Fix #5068. [mokaddem] - [cleanup] removed unused functions. [iglocska] - [API] Fixed output of the attribute histogram. [iglocska]

  • no more STIX-ish barf inducing numeric string keys for dictionaries
  • Fix 'contain' param in app/Model/Attribute.php:fetchAttributes() [Pierre-Jean Grenier]

When we specified eg. 'contain': array('Event'), the merge done by the function was incorrect, and only kept more restrictive stuff, while we wanted to get all the keys related to the Event. - Default to 0 when no distribution is specified. [Pierre-Jean Grenier]

The current behavior conducted to set distribution to -1 in the returned json, and raise an 'Undefined index' notice - [ACL] allow users to see delegations. [iglocska] - [contact reporter] Rules somewhat relaxed. [iglocska] - [UI] Correct class name in View/Elements/Feeds/View/row_attribute.ctp. [Jakub Onderka] - [feed] Preview feed event don't have id. [Jakub Onderka] - [feed] Prevent MITM for feeds that support HTTPS. [Jakub Onderka] - [ui] Link to REST client at Automation page. [Jakub Onderka] - [UI] Info message should not be error. [Jakub Onderka] - [contact reporter] Various fixes, fixes #5040. [iglocska]

  • don't offer contacting a reporter of an event that doesn't have users on the platform
  • fixes to various bugs that broke this feature in the first place
  • Massive potential performance blocker removed from contacting individual reporters
  • [UI] Multi select on the event index fixed, fixes #5047. [iglocska]
  • [UI] Multi select and deletion of events fixed, #5046. [iglocska]
  • [Tags] Correctly records numerical_value when enabling a taxonomy for the first time. [mokaddem]
  • [ui] Show proper error message for ForbiddenException. [Jakub Onderka]
  • [object:merge] Fix #5041, Duplicated value gets unique UUID and relaxed javascript equality check. [mokaddem]
  • [updateProgress] Usage of correct FontAwesome class. [mokaddem]
  • [sightings] Remove unused method. [Jakub Onderka]
  • [organisations] Trim the domain restrictions both on load and on save, fixes #5034. [iglocska]
  • [admin] Invalid domain restriction check for site admins, fixes #5035. [iglocska]
  • Fix messages when we try to delete an attribute. [Pierre-Jean Grenier]
  • [API] Made delegateEvent API friendly, fixes #5026. [iglocska]
  • [API] delegate events by UUID, fixes #5024. [iglocska]
  • Replace not exists MethodNotFoundException with NotFoundException. [Jakub Onderka]
  • [tests] Some changes were not commited. [Raphaël Vinot]
  • [UI] Fixed tag buttons not being in-line on the event view's attribute list. [iglocska]
  • [warninglist] Entries cache is properly deleted. [Jakub Onderka]
  • Import modules using 'misp_standard' format can be called via REST API. [Pierre-Jean Grenier]
  • [ACL] Fixed read only users not being able to list the sightings, fixes #5022. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #5017 from JakubOnderka/feed-optimisations. [Andras Iklody]

Feed correlations optimisations - Merge pull request #5044 from JakubOnderka/patch-9. [Andras Iklody]

fix: [ui] Missing space and dot at export page - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5083 from 4ekin/fix-postgresql-issues. [Andras Iklody]

fix: more issues with PostgreSQL - Merge pull request #5081 from StefanKelm/2.4. [Andras Iklody]

Update index.ctp - Update index.ctp. [StefanKelm]

Tiny typos - Merge branch 'feature/communities' into 2.4. [iglocska] - Merge branch '2.4' into feature/communities. [iglocska] - Merge pull request #5072 from 4ekin/fix-postgresql-issues. [Andras Iklody]

fix: SQL-error during obtaining dbSpaceUsage - Merge pull request #5079 from zaphodef/fix/contact_event_api. [Andras Iklody]

fix: contact reporter via API - Merge pull request #5073 from JakubOnderka/patch-16. [Andras Iklody]

fix: [ui] Show proper error message for ForbiddenException again - Merge pull request #5066 from zaphodef/feature/encapsulation_api. [Andras Iklody]

chg: No need to encapsulate data in API request - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge pull request #5063 from zaphodef/fix/contain_fetchAttributes. [Andras Iklody]

fix: Fix 'contain' param in app/Model/Attribute.php:fetchAttributes() - Merge pull request #5062 from zaphodef/fix/undefined_distribution. [Andras Iklody]

fix: Default to 0 when no distribution is specified - Chd: [travis] Check date. [Raphaël Vinot] - Merge pull request #5061 from zaphodef/feature/delegate_to_org_by_uuid. [Andras Iklody]

chg: Delegate to org by UUID - Merge pull request #5059 from tk-hendrik/2.4_small_cssfix. [Andras Iklody]

attributeTagContainer wrapping - AttributeTagContainer wrapping. [Hendrik]

This change ensures that the attribute table won't explode in width if one uses more tags on an attribute. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5054 from JakubOnderka/patch-15. [Andras Iklody]

fix: [UI] Correct class name in View/Elements/Feeds/View/row_attribute.ctp - Merge pull request #5053 from JakubOnderka/patch-14. [Andras Iklody]

fix: [feed] Preview feed event don't have id - Merge pull request #5050 from JakubOnderka/patch-13. [Alexandre Dulaunoy]

fix: [feed] Prevent MITM for feeds that support HTTPS - Merge pull request #5048 from JakubOnderka/patch-11. [Alexandre Dulaunoy]

fix: [ui] Link to REST client at Automation page - Merge pull request #5049 from JakubOnderka/patch-12. [Alexandre Dulaunoy]

fix: [UI] Info message should not be error - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5043 from JakubOnderka/patch-8. [Andras Iklody]

fix: [ui] Show proper error message for ForbiddenException - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #5042 from StefanKelm/2.4. [Andras Iklody]

Tiny typos - Update default.pot. [StefanKelm]

tiny typo - Update add.ctp. [StefanKelm]

tiny typo - Merge pull request #5039 from SteveClement/tools. [Steve Clement]

chg: [tools] Updated installer to consider the memory_limit change - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5005 from JakubOnderka/remove-toplist. [Andras Iklody]

fix: [sightings] Remove unused method - Merge pull request #5033 from zaphodef/feature/import_module_description. [Andras Iklody]

chg: Show descriptions in import modules - Wrap description in a h() [Pierre-Jean Grenier] - Merge pull request #5036 from zaphodef/feature/events_contact_api. [Andras Iklody]

chg: /events/contact/{event_id} can now be properly called from API - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5014 from JakubOnderka/filter-cidr. [Andras Iklody]

Much faster IPv4 warninglists - Merge pull request #5031 from zaphodef/feature/tag_edit_json. [Andras Iklody]

chg: Setting the 'Tag' key when editing a tag through API is not mand… - Merge pull request #5030 from zaphodef/feature/delete_attribute_messages. [Andras Iklody]

duh, fix a typo - Duh, fix a typo. [Pierre-Jean Grenier] - Merge pull request #5029 from zaphodef/feature/delete_attribute_messages. [Andras Iklody]

fix: Fix messages when we try to delete an attribute - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5006 from JakubOnderka/not-found-exception. [Andras Iklody]

fix: Replace not exists MethodNotFoundException with NotFoundException - Merge pull request #5015 from JakubOnderka/redis-optimisations. [Andras Iklody]

Redis optimisations - Merge pull request #5021 from zaphodef/feature/return_sighting_add_rest. [Andras Iklody]

chg: Return the sighting when adding one through REST API - Merge pull request #5020 from zaphodef/rest_import_module. [Andras Iklody]

fix: Import modules using 'misp_standard' format can be called via RE… - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5010 from JakubOnderka/patch-7. [Andras Iklody]

chg: Do not log ForbiddenException by default

v2.4.113 (2019-08-16)

New

  • [API] get a single server setting via /servers/getSetting/[setting_name], fixes #4964. [iglocska]
  • [API] Allow posting freetext data for ingestion via the event uuid instead of ID, fixes #4995. [iglocska]
  • [internal / API] new component added to handle repeatable code across all controllers (toolbox controller) [iglocska]

  • added UUID -> ID lookup function and integrated it across several functions

  • fixes #4990
  • fixes #4999
  • fixes #4993
  • fixes #4991
  • fixes #4989
  • fixes #4987
  • [session handling] Session handling fixes. [iglocska]

  • changed the cookie name to MISP-[MISP.uuid] to rely on a unique data-point instead of the URL. This solves issues with multiple MISPs running on the same host via port based virtualhosts sharing sessions

  • timeout issues potentially fixed when using the recommended PHP session handler. If the garbage collection is configured in php.ini it could previously purge sessions that based on the session timeout should still be valid
  • [sync] Added a protection from receiving empty published events from other instances. [iglocska]

  • a temporary solution to some older, bugged instances emitting them

  • [debug] Added an on-demand sync debug to assist some debug sessions. [iglocska]

  • very primitives, simply concatenates events to be pushed into a file

  • Reminder to run gen_misp_types_categories when model changes. [Christophe Vandeplas]
  • [API] Attribute add rework - 🚧. [iglocska]

  • handle attribute creation in a unified manner via captureAttributes

  • [internal] Default field list added for attributes. [iglocska]

  • let's try to standardised on things we output instead of doing it manually. It's a first step

Changes

  • [version] bump. [iglocska]
  • [PyMISP] Bump version. [Raphaël Vinot]
  • [Travis] Use default python3 version on the image (3.6+), fix perms on. [Raphaël Vinot]
  • [Travis] Set strict mode on MariaDB. [Raphaël Vinot]
  • [Travis] Initial fix. [Raphaël Vinot]
  • Show sharing groups' uuids. [Pierre-Jean Grenier]
  • Delete an object by its uuid, similar syntax to attribute's deletion. [Pierre-Jean Grenier]
  • [stix test] Updated STIX1 test files with the updated MISP event files export results. [chrisr3d]
  • [stix test] Updated MISP event test files with the latest objects supported. [chrisr3d]
  • [logging] Truncate description lengths that would be longer than what the DB can store with the default setup. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [stix export] Change on leveraged ttp at incident level. [chrisr3d]

  • No longer referencing ttps created out of MISP objects as leveraged ttps at incident level

  • Making sure all ttps, course of actions, threat actors and so on created from MISP galaxies are referenced at incident level
  • [stix export] Handling vulnerability attributes the same way as objects. [chrisr3d]

  • Fixing at the same time some references (with vulnerability objects related to vulnerability attributes) that were lost

  • Modules can now pre-check a checkbox from userConfig. [Pierre-Jean Grenier]
  • [warning-list] Filter CIDR warning list before eval. [Jakub Onderka]
  • [stix export] Keeping references between ttps. [chrisr3d]

  • Keeping references between ttps coming from MISP objects that have references between each others

  • [indentation] small fix. [iglocska]
  • [PyMISP] Bump repo. [Raphaël Vinot]
  • [CLI] server shell -> push now allows passing the event ID to push. [iglocska]

  • also, changed tabs to spaces

  • Bump pymisp. [Raphaël Vinot]
  • [pymisp] enable more tests. [Raphaël Vinot]
  • [internal] Potential fix for a race condition generating orphaned attributes, fixes #4886. [iglocska]

  • This fix will avoid issues where the delay is introduced by the deferred start of the execution via the background workers

  • deleting an event whilst data is being actively added will still not be interrupted
  • [stix2 export] Exporting labels with the Attack Pattern object. [chrisr3d]
  • Bump PyMISP. [Raphaël Vinot]
  • [types] email-subject added as a valid type for network activity. [iglocska]

  • used to describe outgoing e-mail subjects for exfiltration. Perhaps consider adding a new category for exfiltration altogether.

  • Bump Pymisp again. [Raphaël Vinot]
  • [API] servers/serverSettingsEdit now accepts the force parameter in a posted JSON object. [iglocska]

Fix

  • [PyMISP] Bump, missing change. [Raphaël Vinot]
  • [internal] Feed lookup by UUID removed as feeds don't actually have UUIDs, fixes #4998. [iglocska]
  • [ToolboxComponent] fixed model name lookup by moving to Model->alias over Model->name, fixes #5003. [iglocska]
  • [internal] Breaking bug with the feed edit fixed. [iglocska]
  • [API] invalid object reference fixed in objects/view, fixes #5003. [iglocska]

  • the Copy Pasta God™ strikes again

  • [API] get organisation by uuid for sightings/listSightings, fixes #4992. [iglocska]
  • [API] Misp object delete's uuid lookup fixed. [iglocska]
  • [API] removed testing exception. [iglocska]
  • [API] Swapped error messages' content from "don't" to "do not" to avoid weird sanitisation artifacts coming from the exception handler. [iglocska]
  • [API] error message. [iglocska]
  • [API] Attribute edit fixed. [iglocska]
  • Fix error messages. [Pierre-Jean Grenier]
  • [API] /galaxies/view by uuid added, fixes #4993. [iglocska]
  • [API] sightings restSearch now accepts uuids as org_id, fixes #4992. [iglocska]
  • [API] Delete sightings by UUID, fixes #4987. [iglocska]
  • [API] /objects/view should accept UUID as a parameter instead of just ID, fixes #4991. [iglocska]
  • [API] Delete organisations by UUID, fixes #4989. [iglocska]
  • [API] Access event proposals by uuid via shadow_attributes/index/[uuid], fixes #4988. [iglocska]
  • [API] Adding an event without the info field set should never work, fixes #4984. [iglocska]
  • [sharing groups] Fix the behaviour of roaming mode sharing groups, fixes #4983. [iglocska]

  • creating sharing groups without roaming mode and without any sharing group servers should automatically add the own server

  • adapt the new roaming mode behaviour from a few months ago on push: No explicit roaming mode set means no push, even if no servers are added
  • [Sharing groups] Various fixes to align the reported local instance URL as the external_baseurl if set, as opposed to always using the baseurl, fixes #4982. [iglocska]
  • [stix export] Dealing with course of action and threat actor objects the same way as for ttps. [chrisr3d]
  • [sync] Sync object builder tool fixed. [iglocska]

  • was picking the wrong org as the owner of the remote side

  • [warning-list] Split value just if type is malware-sample or contains | char. [Jakub Onderka]
  • [stix export] No longer referencing all ttps from galaxies for each indicator. [chrisr3d]

  • Will save it later for galaxies at attribute level

  • [stix export] Dealing with threat actors from attributes. [chrisr3d]

  • Using the recently added functions

  • [API] /events/delete now accepts UUID as parameter. [iglocska]
  • [stix export] Reusing uuid variable already defined. [chrisr3d]
  • [sessions] Several minor fixes to the session handling. [iglocska]

  • cookieTimeout setting fixed

  • moved the session massaging into a separate function
  • added some translation calls for some of the setting errors involved
  • [sync] Fixed an invalid massaging of object attributes before a sync. [iglocska]

  • on a push, object attributes were not correctly filtered out based on distribution settings

  • [enrichment] Handling correctly comments at objects level. [chrisr3d]

  • Objects level comments were displayed but not handled at the end, they are now displayed, users can modify them as comments at attributes level, and they are handled then with the saved results

  • [stix export] STIX objects id standardization. [chrisr3d]
  • [internal] Double lookup during the pull resolved. [iglocska]
  • [tools] Fixes gen types categories script. [Christophe Vandeplas]
  • [stix export] Replaced try statements with if conditions for more readability. [chrisr3d]

  • It is better we are aware something fails unexpectedly instead of being caught by a try catch statement

  • [stix export] Dictionary name typo. [chrisr3d]
  • [stix export] Better tags handling. [chrisr3d]

  • Avoid passing event level tags everywhere

  • Using class variable for the tlp markings
  • [stix export] Avoiding creation of some objects before we are sure they will be used. [chrisr3d]
  • [API] /servers/restartWorkers response fixed for API users, fixes #4966. [iglocska]
  • [API] Further fixes to /attributes/add. [iglocska]
  • [API] Fixes to the new attribute add. [iglocska]
  • [API] fixed an incorrect fix to the object references add function from earlier today, fixes #4866. [iglocska]
  • [API] Posting on taxonomies/update returns an exception if taxonomies have no numerical_value set, fixes #4899. [iglocska]
  • [API] the returned data when adding object references doesn't include the object_uuid, fixes #4866. [iglocska]
  • [UI] Empty objects threw a notice on the event view. [iglocska]
  • [API] Consistency in returned attribute fields when modifying it. [iglocska]
  • [UI] tag index invalid tag name copy fixed. [iglocska]
  • [API] Object edit clusterfudge fixed. [iglocska]
  • [objects] Fix various issues with objects/edit. [iglocska]

  • value1 and value2 should not be included in the repsonse, fixes #4944

  • fixed input being misunderstood in certain situations
  • [UI] Handle settings being removed from config.php more gracefully in the UI. [iglocska]
  • [UI] Row description in View Warninglists. [Jakub Onderka]
  • [PyMISP] Test cases are working again. [Raphaël Vinot]
  • [UI] Event index tag display default setting fixed. [iglocska]

  • Resolving the fix that really wasn't...

  • [internal] testBoolFalse logic error fixed. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot]
  • Revert "chg: [warning-list] Filter CIDR warning list before eval" [iglocska]

This reverts commit 20632d5e1027d2a6dfc66639ac384e5761988e18. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #5001 from zaphodef/feature/uuid_sharing_group. [Andras Iklody]

chg: Show sharing groups' uuids - Revert "Revert "fix: Fix error messages"" [iglocska]

This reverts commit a12ea04a4caab6be2593d13ead56187b775e336d. - Revert "fix: Fix error messages" [iglocska]

This reverts commit d501c56e5fec7f69aa0a17a3bb0c8a0cf97b4e69. - Merge pull request #5000 from zaphodef/bad_permissions. [Andras Iklody]

fix: Fix error messages - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4986 from zaphodef/delete_object_by_uuid. [Andras Iklody]

chg: delete an object by its uuid, similar syntax to attribute's dele… - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4980 from JakubOnderka/patch-6. [Alexandre Dulaunoy]

[fix] Remove double : - [fix] Remove double : [Jakub Onderka] - Merge pull request #4981 from StefanKelm/2.4. [Alexandre Dulaunoy]

Replace http with https - Replace http with https. [StefanKelm] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Add: [stix export] Updated STIX header with the course of action header. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Add: [stix export] Exporting course-of-action objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4971 from JakubOnderka/patch-5. [Andras Iklody]

fix: [warning-list] Split value just if type is malware-sample or contains | char - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Add: [stix export] Mapping some galaxies to STIX objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4972 from zaphodef/import_module. [Andras Iklody]

chg: modules can now pre-check a checkbox from userConfig - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4965 from JakubOnderka/patch-4. [Andras Iklody]

chg: [warning-list] Filter CIDR warning list before eval - Merge pull request #4969 from obert01/fix-matrix-accessibility. [Andras Iklody]

Improved the accessibility of the galaxy matrix view. - Improved the accessibility of the galaxy matrix view for screen readers. The table elements are now focusable, and only a short text is brailled/spoken by default. [Olivier BERT] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Add: [stix export] Exporting attack-pattern, vulnerability & weakness objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge branch 'feature/attribute_add_rework' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Add: [stix2 export] Exporting Attack Pattern objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4955 from JakubOnderka/patch-3. [Andras Iklody]

fix: [UI] Row description in View Warninglists

v2.4.112 (2019-08-02)

New

  • [sync] Event index cleaned up, total count of listd events added as X-Result-Count header. [iglocska]
  • [sync] Previewing a remote instance now passes pagination rules in the request instead of fetching the full data-set and paginating in memory. [iglocska]

  • fixes issues with empty preview pages

  • massive performance boost
  • requires the remote side to be the same version or newer
  • [API] new parameters added to attributes/restSearch to include additional context, fixes #4935, fixes #4940, affects MISP/PyMISP#415. [iglocska]

  • includeSightings: include sightings for all attributes returned

  • includeCorrelations: include the correlations to other attributes (includes a light-weight event object with each attribute)
  • [CLI] Added cleanCaches command. [iglocska]
  • [API] Disable background processing on-demand via URL parameters. [iglocska]
  • [setting] Disable DB logging completely, fixes #4921. [iglocska]

  • Not recommended, but for certain use-cases it might be desirable

  • [API] Some more context for includeContext, fixes #4935. [iglocska]
  • [API] includeContext now includes the additional event fields in the attributes/restSearch results (in JSON format) [iglocska]
  • [API] Allow adding tags via /attributes/add directly. [iglocska]
  • [alerting] Block the alerting of events based on the date field as an alternative to the timestamp, fixes #4937. [iglocska]

Changes

  • [pymisp] bumped. [iglocska]
  • [version] bump. [iglocska]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • Use faster algorithm for Warninglist::__ipv6InCidr. [Jakub Onderka]
  • [pymisp] Bump. [Raphaël Vinot]
  • More efficient Warninglist::__evalCIDR. [Jakub Onderka]
  • [View] Setting default link value for vulnerability & weakness. [chrisr3d]
  • [misp-object] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version + ATT&CK July edition. [Alexandre Dulaunoy]
  • [UI] Added the new user name helper. [iglocska]
  • [UI] Add a quick button for the event attribute toolbar for the showing of related tags. [iglocska]

  • therapeutic patch for @neok0

  • [pymisp] Bump. [Raphaël Vinot]
  • [stix test] Updated the STIX2 test files. [chrisr3d]

  • Including the newest supported objects added in the mapping, and the latest fixes for some objects previously mapped as custom object and now properly supported

  • [stix test] Updated the test MISP events. [chrisr3d]

  • Added some of the new objects added recently and supported in the mapping

  • Server pull/push endpoints allow the passing of the parameters as a POSTed JSON in addition to URL parameters, partially fixes #4889. [iglocska]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [restClient] Do not override query body if url hasn't changed. [mokaddem]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [Submodules] Bump Taxonomies and objects. [Raphaël Vinot]
  • [PyMISP] Bump. [Raphaël Vinot]
  • [travis] Cleanup pymisp install. [Raphaël Vinot]
  • [pymisp] Bump it. [Raphaël Vinot]
  • [travis] Start workers. [Raphaël Vinot]
  • [travis] Delete the event created by curl test. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • [feed-metadata] Panels Tracker feed added. [Alexandre Dulaunoy]
  • [PyMISP] Bump to full deprecation warnings. [Raphaël Vinot]
  • [genericPicker] Adapt fontAwesome namespace based on the icon. [mokaddem]
  • [galaxy:view] Added missing titles and translation. [mokaddem]
  • Bumped queryversion. [mokaddem]
  • [eventGraph:search] Usage of chosen instead of bootstrap with non- stripped label. [mokaddem]

Fix

  • [pymisp / querystring] versions bumped. [iglocska]
  • [enrichment] Getting objects description from the view. [chrisr3d]
  • [enrichment view] Passing description & template information about objects. [chrisr3d]
  • [UI] enable buttons to add local galaxy clusters for host org users, fixes #4925. [iglocska]
  • [local tags] Host org non admin users should be able to tag data owned by others, partially fixes #4925. [iglocska]
  • [API] csv export incorrect handling of include context parameter if it was pushed and set to 0. [iglocska]
  • [GalaxyCluster] relaxed the matching of cluster names to tags, fixes #4154. [iglocska]
  • [enrichment] Encrypting attribute data if encrypt field is set. [chrisr3d]
  • [webroot] Catching encrypt fields from the enrichment view. [chrisr3d]
  • [enrichment view] Keeping encrypt field in attributes. [chrisr3d]
  • [CSV] headerless flag fixed, fixes #2761. [iglocska]
  • [UI] Fix to the related tags not being shown in the UI due to a local tag related exception. [iglocska]
  • [API] Exception on /sharingGroups/removeOrg fixed, fixes #4884. [iglocska]
  • [stix import] Fixed observable id fetching. [chrisr3d]

  • Avoid issues with observable composition ids

  • [API] /attriutes/index fixed for non admin users. [iglocska]
  • [sync] Fixed local tag sync filter events not being synced on a push as expected. [iglocska]
  • [stix export] Fixed some code + using mapping dictionaries. [chrisr3d]

  • Using another file for mapping dictionaries, as we already do for all the other stix scripts

  • [stix export] Reordered import list for more clarity. [chrisr3d]

  • Helps finding all the imports since their are in alphabetical order, avoiding any miss of STIX or Cybox object while adding/updating some

  • [API] Freetext import now correctly handles the response of non- background processed tasks. [iglocska]
  • [rest client] Potential fix to the skip ssl validation flag not working on wrong CN name. [iglocska]
  • [rest client] Potential fix to the SSL validation skip not working. [iglocska]
  • [UI] tag style on the index now correctly adheres to the default if not set. [iglocska]
  • [UI] tags in minimal view can throw notice errors on the event index. [iglocska]
  • [UI] Notice errors when the local tag on a viewed tag is not set, partially fixes #4938. [iglocska]
  • Error during creating and deleting Attributes on PostgreSQL. [Bechkalo Evgeny]
  • MariaDB error for quoting tablename. [Bechkalo Evgeny]
  • Some PostgreSQL issues. [Bechkalo Evgeny]

Closes: #3066, #3067 Fixes issues: - wrong boolean and smallint conversion; - postgresql table and field naming (field 1_event_id is wrong name for field for example); - postgresql grouping (you cannot select columns without grouping them); - wrong checkbox rendering without keyword. - [UI] notice errors thrown by tags in the event view. [iglocska] - [proposals] POST on shadow_attributes/edit/{attribute_id} inconsistent, fixes #4857. [iglocska] - [API] taxonomy/addTag now correctly responds if queried via the API instead of redirecting, fixes #4865. [iglocska] - [API] sightings/listSightings should also support JSON parameters, fixes #4875. [iglocska] - [API] Organisation edit now also accepts UUID instead of ID via the URL param, fixes #4896. [iglocska] - [API] Fixed an edge case when the attribute historgram throws a notice error. [iglocska]

  • no idea how to reproduce it, the organisation referenced in an event orgc_id not existing is a pre-condition

  • fixes #4880

  • [API] Adding attributes via the freetext importer using the API resulted in several issues. [iglocska]

  • adhereToWarninglists was not correctly adhered to

  • the response didn't reflect what was saved, only what was pushed to be saved (excluding removals by warnintlists, several attributes added by adding more than one valid type, etc)

fixes #4881 - [sharing groups] Add sharing group returns a list instead of a sharing group object, fixes #4882. [iglocska] - [API] Exception on POST sharingGroups/addOrg, fixes #4884. [iglocska] - [settings] Fixed the text for the block_old_event_alert_age setting, fixes #4909. [iglocska] - [proposals] shadow_attributes/index default behavior modified to show all proposals by default, fixes #4936. [iglocska] - [proposals] Fixed automatic setting of the category when adding proposals, fixes #4868. [iglocska] - [API] Empty 'restricted to domains' returns string instead of array, fixes #4928. [iglocska] - [UI] Rest client form validation disabled. [iglocska]

  • it was trying to validate using the Server model validation rules, which is obviously incorrect
  • [UI] Tags were not shortened correctly on the event index since the refactor, fixes #4932. [iglocska]
  • [servers] Adding a server now requires the name to be set, partially fixes #4889. [iglocska]
  • [API] Server deletion now responds correctly via the API. [iglocska]
  • 🔒 Fix to stored XSS. [mokaddem]

  • as reported by David Heise

  • Removed unnecessary uuid rewriting in objects. [chrisr3d]

  • uuid is defined when the object is created

  • Fixed direction of the relationship between files, PEs and their sections. [chrisr3d]

  • The file object includes a PE, and the PE includes sections, not the other way round

  • Backward compatibility with the events created with 'included-in' at the relationship_type between those objects
  • Views invalid marker content fixed (#4820) [Steve Clement]

fix: Views invalid marker content fixed - Views invalid marker content fixed. [4ekin]

Views fixed to avoid errors during POT file generating:

Invalid marker content in /var/www/MISP/app/View/Elements/Events/View/related_event.ctp:23 * __( sprintf('This related event contains %s unique correlation(s)',h(relatedEventCorrelationCount[related['id']])))

Invalid marker content in /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:102 * __( Inflector::humanize($field))

Invalid marker content in /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:108 * __( Inflector::humanize($field))

Invalid marker content in /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:126 * __( Inflector::humanize($field))

Invalid marker content in /var/www/MISP/app/View/Elements/Objects/object_similarities.ctp:132 * __( Inflector::humanize($field)) - Load Galaxy mappings for misp2stix2 seperately from Objects. [Tom King] - [travis] STIX modules. [Raphaël Vinot] - [travis] resque stuff. [Raphaël Vinot] - [travis] Fix composer things. [Raphaël Vinot] - [Travis] Update the installation. [Raphaël Vinot] - [travis] Installation (redis & co) [Raphaël Vinot] - [event:view] Ensure sync users do not get local tags through ajax. [mokaddem] - [tag_collection:index] Download configuration button is back. [mokaddem] - [massageTag] Fallback on global tag if local parameter not set. [mokaddem]

(Tag collections tags do not contain a local parameter) - [tag_collection:index] Admin no longer have access to local tag if they are disabled. [mokaddem] - [tag_collection:index] Correctly assign isAclTagger [mokaddem] - [tagCollection:view] Do not show add LOCAL galaxy button anymore. [mokaddem] - [tag:local] Allow users (with correct authorization) to detach tags. [mokaddem] - Typo when the validation fails on an object. [Raphaël Vinot]

Fix #4903 - [Taxnomy:updateTag] Do not throw an error if taxonomy does not contain a numerical value. [mokaddem] - [taxonomy:update] numerical_value gets updated correctly. [mokaddem] - [travis] Remove legacy tests. [Raphaël Vinot] - [kali] Kali was not in the support map (#4887) [Steve Clement]

fix: [kali] Kali was not in the support map - [kali] Kali was not in the support map. [Steve Clement] - [galaxy:view] Adapt fontAwesome namespace based on the icon. [mokaddem] - [CLI] Response after a CLI pull threw notice error. [Andras Iklody]

Proposal pull now returns int instead of a list of proposals, meaning that count($data) was trying to count an int. - [debug] Remove debug call. [Raphaël Vinot]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4951 from JakubOnderka/patch-2. [Andras Iklody]

chg: Use faster algorithm for Warninglist::__ipv6InCidr - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4949 from JakubOnderka/patch-1. [Andras Iklody]

chg: More efficient Warninglist::__evalCIDR - Merge pull request #4947 from chrisr3d/2.4. [Andras Iklody]

New attribute type 'weakness' - Add: [View] Added link to the defined CWE url for weakness attributes. [chrisr3d] - Add: [Config] Added CWE url for the new attribute type. [chrisr3d] - Add: [Model] New attribute type weakness. [chrisr3d]

  • Describing links linking to the provided CWE lookup
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Add: [stix import] Importing user account object. [chrisr3d]

  • Suppoting UnixUserAccount, UserAccount and WindowsUserAccount objects

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Add: [stix framing] Added the latest supported objects to the STIX header namespaces. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Add: [stix export] Exporting user-account objects. [chrisr3d]
  • Revert "fix: [rest client] Potential fix to the SSL validation skip not working" [iglocska]

This reverts commit 293871cee85522a9bb83fa91ea1ca1017924230b. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4939 from 8ear/patch-3. [Andras Iklody]

Update MYSQL.sql - Update MYSQL.sql. [Max H] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4927 from 4ekin/fix-postgresql-issues. [Andras Iklody]

fix: some PostgreSQL issues - Slightly modified logroate config which rotates all logs in MIS… (#4924) [Steve Clement]

slightly modified logroate config which rotates all logs in MISP/app/… - Update misp.logrotate. [Steve Clement] - Slightly modified logroate config which rotates all logs in MISP/app/tmp/logs when they reach a 50MB limit, with maximum log size set to 500M. rotation is checked every hour. [michael] - Merge branch 'tomking2-bug/misp2stix2_galaxies' into 2.4. [chrisr3d] - Merge branch 'bug/misp2stix2_galaxies' of git://github.com/tomking2/MISP into tomking2-bug/misp2stix2_galaxies. [chrisr3d] - Merge pull request #4919 from MISP/travis_foo. [Raphaël Vinot]

Fix travis. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4915 from MISP/localtag-fixes. [Sami Mokaddem]

Various fixes - Merge pull request #4904 from MISP/fix_4903. [Andras Iklody]

fix: Typo when the validation fails on an object - Merge pull request #4893 from RichieB2B/ncsc-nl/fix-nidsexport. [Andras Iklody]

Fix errors on NIDS export when whitelist is empty - Fix errors on NIDS export when whitelist is empty. [Richard van den Berg] - Merge pull request #4894 from RichieB2B/ncsc-nl/fix-canpush-error. [Andras Iklody]

Make error clearer when canPush bit is missing - Make error clearer when canpush bit is missing. [Richard van den Berg] - Merge pull request #4878 from RichieB2B/ncsc-nl/fix-destroy. [Andras Iklody]

Fix session_destroy errors - Destroy the CakeSession, not the php one. Fixes #4808. [Richard van den Berg] - Merge pull request #4877 from tom564/patch-2. [Alexandre Dulaunoy]

Allow SSL verification to be disabled with config - Allow SSL verification to be disabled with config. [tom564]

Allow SSL verification to be disabled with config. If I understand this right this will need to be scheduled with a cronjob if the expiration framework is wanted?

v2.4.111 (2019-07-14)

New

  • [attribute-type] community-id added. [Alexandre Dulaunoy]

Community-id is a new attribute type to describe a flow hashing algorithm allowing the consumers of output from multiple traffic monitors to link each system's flow records more easily. - [API] Proposal sync rework done. [iglocska] - [proposal sync rework] 🚧. [iglocska] - [doc] "Hidden" NetBSD install (core works) (#4847) [Steve Clement]

new: [doc] "Hidden" NetBSD install (core works) - [doc] Hidden NetBSD install (core works) [Steve Clement]

Changes

  • [version] bump version 2.4.111. [Alexandre Dulaunoy]
  • [version] align PyMISP version with core. [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [error code] Attribute delete now responds with 403 if user is not allowed to delete, instead of 405. [iglocska]
  • [installer] Updated installer. [Steve Clement]
  • [style] This is better. [Steve Clement]
  • [installer] Updated to latest. [Steve Clement]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [doc] Minor updates. Only core works for now. [Steve Clement]
  • [doc] Various NetBSD updates, global vars makes sure PATH_TO_MISP is correct. [Steve Clement]
  • [genericPicker] Prevent submission if no item has been picked. [mokaddem]

Fix

  • [internal] Explicit conditions to avoid ambiguous lookups. [iglocska]
  • [UI] Fixed galaxy add buttons on event index. [iglocska]
  • [bug] RestClient notice error fixed. [iglocska]
  • [objects] delete now accepts delete HTTP method. [iglocska]
  • [install] Do not modify testlive_comprehensive.py (#4864) [Steve Clement]

fix: [install] Do not modify testlive_comprehensive.py - [install] Do not modify testlive_comprehensive.py. [Raphaël Vinot] - [hover enrichement] Fixed index in attribute. [chrisr3d]

  • Depending on the format of attribute passed to the function
  • [utils] Added missing util "sponge" via moreutils (#4861) [Steve Clement]

fix: [utils] Added missing util "sponge" via moreutils - [utils] Added missing util "sponge" via moreutils. [Steve Clement] - [proposal] sync fix stage 1. [iglocska]

  • added new capture function
  • reworked the proposal index
  • [sync] Proposal pull restricted to 14 days. [iglocska]

  • no need to pull ancient proposals each time

  • [api fix] Deletes broken due to invalid boolean. [iglocska]

  • /facepalm

  • [API] delete http requests properly accepted by some /delete endpoints. [iglocska]
  • [galaxy:add] Prevent bug when submitting empty galaxy. [mokaddem]
  • [sync] Fixed a bug breaking the sync. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch 'hotfix/sync_rework' into 2.4. [iglocska]
  • Merge branch '2.4' into hotfix/sync_rework. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Add: [stix2 import] Importing external User Account objects. [chrisr3d]

  • Reusing parsing functions

  • Add: [stix2 import] Importing User Account objects. [chrisr3d]

  • From STIX documents generated with MISP

  • External STIX documents support of User Account object to come very soon

v2.4.110 (2019-07-08)

New

  • [tags] Local tags feature added. [iglocska]

  • Create tags locally if you are a host org user that allows in-place tagging for sync / export filtering

  • Events are NOT modified using these tags
  • Local tags always get stripped before syncing
  • Local tags allow host org users to violate the ownership model of MISP
  • galaxies, attack matries also included

  • some sync fixes

  • [correlation graph] Toggle physics on/off. [iglocska]

.,/#&&@@@@@@@@&%(. .&@@%,,.,,.,,,#%&&&%#(/,,/(%&&&%(/,.......(@@@, &@&,,,,,&&(.... .......//.../../(....(...%..........#&(....@@/ @#,,/&%,.(..........#,/.............................................................../.....(.......&.,@, @,,%@/......#(................................................................................./. (./.#.....#%..%@ @/,,&@,............/(..................................................................................#............&../@ @,/&&.................................................................................................................&,..@ (@,,(&(...................................................................................................................%%..@( #@,,%&......................................................../,...../(......................................................&..@ @,#%,................................................ .. (................................................&.,% @,(%................................................,..(.,,...,/..,.. ... .,.... ...............................................&..@ @%/#.,....%.#%,,...................................................................................................%.........%.,@ @&(**%@,.,/.,.(...//...................................%&(................................& &,....%,..%,,.@ @&(//(&@...%#/.......#/%...( /,..........................................,,...../%,...#..../(.,.@. #@%////#%%&....#.,(.,#,..,...,./.....#(........(,....(.......(%/,,,,&@. /@@@(/(////((((###%&&&&%%%%%%%%&%%##(/******/&@@( ,%@@@@%#((//////******/////(/#%@@@@%, .,/,. - [UI] Filter the object template index using the quick search. [iglocska] - [API] On-demand inclusion of attribute relations via the event view endpoint. [iglocska]

  • new URL param, includeGranularCorrelations:1 added

                               |\    /|
                            ___| \,,/_/
                         ---__/ \/    \
                        __--/     (D)  \
                        _ -/    (_      \
                       // /       \_ / ==\
    

    -------___----/ / _ O o) / / ==/ / / || ) _/\ || / _ / | | | /--___ ___ / : | / __- - / ------ | | \ | - - / | | ) | | - | | ) | | | | | | | | | | | | < | | | |/ < | / < \ / /___\ - [stix import] Parsing observable compositions from external STIX files. [chrisr3d] - 🔒 Made certain settings modifiable via the CLI only. [iglocska]

  • some settings are too risky to be exposed, even to site admins, so made them CLI accessible only

  • [server settings] Added option to disable the write collision safe rotating config.php handler. [iglocska]

Changes

  • [docs] Added excludeLocalTags to events/restSearch. [iglocska]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [version] bumped. [iglocska]
  • [travis] Print permissions on error with travis. [Raphaël Vinot]
  • [doc] Minor update, added known-issues section. [Steve Clement]
  • [doc] Updated Debian testing install docs (#4840) [Steve Clement]

chg: [doc] Updated Debian testing install docs - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [doc] Update to Debian 10 install guide, everything works as expected. chg: [doc] OpenBSD is broken for misp-modules (OpenCV etc) [Steve Clement] - [doc] Updated Debian testing install docs. [Steve Clement] - [travis] Fix perms (?) [Raphaël Vinot] - [travis] Try to fix upload_sample. [Raphaël Vinot] - [PyMISP] Bump version. [Raphaël Vinot] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [travis] more gpg experiments. [Alexandre Dulaunoy] - [travis] It's not my week with GnuPG and OpenPGP. [Alexandre Dulaunoy] - [i18n] Uploaded version from crowdin. Updated default.pot (#4835) [Steve Clement]

chg: [i18n] Uploaded version from crowdin. Updated default.pot - [i18n] Uploaded version from crowdin. Updated default.pot. [Steve Clement] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [enrichment] Reusing the new function fetchInitialObject. [chrisr3d]

  • New function that is exactly the copy paste of what is removed in this commit and replaced by the function call
  • [enrichment] New modules available from event enrichment. [chrisr3d]
  • [installer] Added fork checker. [Steve Clement]
  • [installer] One step closer to "sane" aka. generic os-detection. [Steve Clement]
  • [doc] Leveled RHEL7/RHEL8 Install procedure (🚧) (#4824) [Steve Clement]

chg: [doc] Leveled RHEL7/RHEL8 Install procedure (🚧) - [installer] Updated Installer. [Steve Clement] - [doc] Updated Debian Install. [Steve Clement] - [doc] More CentOS/RHEL updates towards some sort of installer. [Steve Clement] - [doc] Leveled RHEL7/RHEL8 Install procedure (🚧) [Steve Clement] - [i18n] Updated Russian Translation to >30% (#4821) [Steve Clement]

chg: [i18n] Updated Russian Translation to >30% - [i18n] Updated Russian Translation to >30% [Steve Clement] - Bumped query version. [chrisr3d] - [enrichment] Import modules now support new modules format. [chrisr3d]

  • Import module results are sent to the new view (same as for expansion modules) whenever they support objects import
  • Function handling the results right after they are returned from the module has also been moved to Model/Event and is used for both expansion & import modules
  • [enrichment] Making attributes category & type changeable. [chrisr3d]

  • To keep possibility to select the attribute type or category, as it is in freetext import

  • Category and Type values that can be selected by users should be specified in the results, using an array. Otherwise, they are set and cannot be changed in the view (as it is the case for the other fields like value and uuid)
  • This feature is only applicable on attributes level, and not on object attributes level
  • [enrichment] Passing the initial object to the form. [chrisr3d]

  • If the attribute we query the module on is an object attribute, we want to have this object information se we do not add or overwrite attributes already here

  • [ObjectReference] Referenced id, uuid & type set now from a function that could be reused. [chrisr3d]
  • [enrichment] Defined function to appy inflector on strings. [chrisr3d]

So we can use it each time we want to display the freetext import / module results status message - [stix2] Bumped latest version. [chrisr3d]

  • Fixing issues with 'parse' called on bundles containing custom objects
  • [installer] If unattended do not switch user. (#4812) [Steve Clement]

chg: [installer] If unattended do not switch user. - [installer] If unattended do not switch user. [Steve Clement] - Remove php 7.0 from travis. [Raphaël Vinot] - Try to solve the entropy problem on travis. [Raphaël Vinot] - [doc] More tweaks to the CentOS howto. [Steve Clement] - [installer] Updated installer. [Steve Clement] - [doc] Fixed some issues with dashboard. [Steve Clement] - [doc] Added more steps to make it work on RHEL/CentOS. [Steve Clement] - [event:view] More UI tweaking on related-* [mokaddem] - [event:view] UI tweaking on related-* [mokaddem] - [event:view] Make Related * scrollable. [mokaddem] - [relatedEvent:view] Display the number of unique correlation. [mokaddem] - [view:relatedEvents] Improved UI. [mokaddem] - [relatedEvent:view] Started integration into event:view - 🚧. [mokaddem] - [previewEvent] Improved UI of related events - 🚧. [mokaddem] - [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [stix2] Bumped latest version. [chrisr3d] - [installer] Update installer to Fix Auto-VMs. [Steve Clement] - [installer] Updated installer. [Steve Clement] - [doc] Added plyara to kali installer, amended RHEL misp-modules (#4787) [Steve Clement]

chg: [doc] Added plyara to kali installer, amended RHEL misp-modules - [doc] Added plyara to kali installer, amended RHEL misp-modules. [Steve Clement] - [tools] ask_o () wants -e (for colorz) (#4764) [Steve Clement]

chg: [tools] ask_o () wants -e (for colorz) - [tools] ask_o () wants -e (for colorz) [Steve Clement] - [installer] This tweak allows us to reset ssh-keys/ssl- certs/other_things_that_want_to_be_uniqe on firstBoot. (#4751) [Steve Clement]

chg: [installer] This tweak allows us to reset ssh-keys/ssl-certs/other_things_that_want_to_be_uniqe on firstBoot. - [installer] Regen Installer. [Steve Clement] - [installer] This tweak allows us to reset ssh-keys/ssl- certs/other_things_that_want_to_be_uniqe on firstBoot. [Steve Clement] - [doc] Added more bits to GPG key. (#4749) [Steve Clement]

chg: [doc] Added more bits to GPG key. - [doc] Added more bits to GPG key. [Steve Clement] - [tools] Added MISPvars from the installer. Added PATH_TO_MISP as a standard. (#4748) [Steve Clement]

chg: [tools] Added MISPvars from the installer. Added PATH_TO_MISP as a standard. - [tools] Added MISPvars from the installer. Added PATH_TO_MISP as a standard. [Steve Clement] - [installer] Added ask_o () for input validation, fixed tr to be more uniform. Updated installer checksums. (#4747) [Steve Clement]

chg: [installer] Added ask_o () for input validation, fixed tr to be more uniform. Updated installer checksums. - [installer] Added ask_o () for input validation, fixed tr to be more uniform. Updated installer checksums. [Steve Clement] - [reusability] Further modifications - have an on-demand static mode for ajaxTags. [iglocska] - [reusability] modified ajaxTags to massage the data a bit for code- reuse. [iglocska]

Fix

  • [stix2 export] Fixed user account pattern creation. [chrisr3d]
  • [stix2 export] Fixed user account observable extension. [chrisr3d]
  • [galaxies] several minor issues fixed in the UI. [iglocska]
  • [CLI] admin->setDatabaseVersion fixed. [iglocska]
  • [discussions] Fix to a potential black-hole inducing issue. [iglocska]

  • this totally won't do anything

  • [tmpdir] fixed invalid file path. [iglocska]
  • [UI] Fixed erroneous tag add buttons from the index. [iglocska]
  • [internal] upload sample had a hard coded tmp path that would fail to the php fallback if MISP is not installed in /var/www/MISP. [iglocska]
  • [stix2 import] Quick variable simplification. [chrisr3d]
  • [stix2 import] Reusing functions to simplify the code & avoid duplicates. [chrisr3d]
  • [stix2 import] Fixed network socket values from pattern. [chrisr3d]
  • [stix import] Fixed backward compatibility of an exception. [chrisr3d]
  • [eventGraph] Correctly pick the first-matching requiredOneOff to generate the object's label. [mokaddem]
  • [enrichment] Avoiding issues with failing references. [chrisr3d]

  • In our case of handling module results, we don't especially want the results parsing to stop because of a missing/failing reference, we just want to skip it

  • [events] Create massive dummy events. [mokaddem]
  • [enrichment] Fixed meta-category fetching. [chrisr3d]

  • Due to the javascript part, we need to set a 'meta_category' field, which we then translate to the expected 'meta-category' field, but which is not required when enrichment is called from the event level

  • [installer] Variable regression (#4829) [Steve Clement]

fix: [installer] Variable regression - [installer] Variable regression. [Steve Clement] - [doc] Fixed systemd unit (#4827) [Steve Clement]

fix: [doc] Fixed systemd unit - [doc] Fixed systemd unit. [Steve Clement] - [installer] Update to correct checksums. [Steve Clement] - [installer] Installer had some bugs for os-detection. [Steve Clement] - [doc] Added missing misp-modules centos (#4825) [Steve Clement]

fix: [doc] Added missing misp-modules centos - [doc] Added missing misp-modules centos. [Steve Clement] - [modules] Added full attribute to full event enrichment's module query. [iglocska] - [stix2 import] Fixed socket extension parsing + reusing code. [chrisr3d]

  • Reusing the function defined to avoid duplicates for network socket objects generated via the MISP to STIX2 export
  • [stix2 import] Replacing unnecessary defaultdict by dict. [chrisr3d]
  • [stix2 import] Reusing function & avoiding duplicates. [chrisr3d]
  • [stix2 export] Making stix2-validator happy with email additional header fields. [chrisr3d]
  • [stix2 export] Making stix2-validator happpy with registry key patterns. [chrisr3d]
  • [internal] processing freetext data without background workers fixed. [iglocska]
  • [enrichment view] Testing if event metadata elements exist before displaying them. [chrisr3d]
  • [enrichment] Applying regular expressions to values before displaying them. [chrisr3d]

  • So when the DB is queried to find if object attributes with those values already exist, we do not miss some stored values

  • [enrichment] Strengthened query conditions to find existing object attributes. [chrisr3d]
  • [enrichment view] Displaying Tags only if not empty (error otherwise) [chrisr3d]
  • [enrichment] Added missing variable. [chrisr3d]
  • Returning tags & galaxies from module results. [chrisr3d]
  • [enrichment view] Fixed attributes display wwwwwwwwwww. [chrisr3d]

  • Making attribute value display accept to be on multilines to let more space for uuids to be on 1 line

  • This makes the global display lighter with long attribute values, because they were displayed on only 1 line, making uuids displayed on 3 or 4 lines, making the complete view height way bigger than expected
  • [enrichment view] Displaying forgotten header when there is no object in module results. [chrisr3d]
  • [enrichment] Setting importComment value before going to the view. [chrisr3d]

  • Saving a variable & will avoid issues when reusing the view for import modules

  • [enrichment] Json format of validation errors. [chrisr3d]
  • [enrichment view] Fixed mispositioned closing tags. [chrisr3d]
  • [enrichment] Fixed tags classes names following the latest changes on the module results view. [chrisr3d]
  • [enrichment view] Using some MISP event view parts. [chrisr3d]

  • Using the same design as objects and attributes as in the MISP event view

  • [enrichment] Fixed change on types & categories. [chrisr3d]

... that should be applied on attributes level and not on object attributes level - [enrichment] Removing traces of some variables related to the freetext import. [chrisr3d] - [enrichment] Removed possibility to display freetext result in the new module results view. [chrisr3d] - [hover enrichment] Displaying information of empty results when needed. [chrisr3d] - [enrichment] Displaying reference saving errors in the job status. [chrisr3d]

  • Finaly using the dedicated list to display validation errors for references
  • [enrichment] Better references handling. [chrisr3d]

  • References are all handled at the end, after the attributes and objects are all saved (or skipped when needed).

  • Since we no longer have any data in '$failed', we simply skip every reference related to uuids present in this list.
  • '$recovered_uuids' is the list used to handle uuids of resolved attributes/objects already in the event.
  • We also skip references already present in the event (i.e same source, same target and same relationship type).
  • [enrichment] Better resolved objects handling. [chrisr3d]

  • We handle the initial object independently from all the other objects.

  • We make sure Object attributes are not already in the event (i.e the object is not already in the event) before saving it
  • Some other cases handled a better way to make sure we skip saving object attributes or references when they should not be, or to skip what should be skipped.
  • [enrichment] Redefinition of the '$failed' array. [chrisr3d]

  • Used as list and not as dict

  • Used to keep a list of failing attribute & objects
  • Attributes already present in the event are no longer saved in this list, and their uuid is saved in the '$recovered_uuids' list which is used to redirect the resolved attribute / object uuid to the same already present attribute / object
  • [enrichment] Fixed inflector typo. [chrisr3d]
  • [enrichment] Simplified tests if not empty. [chrisr3d]

  • In those specific cases, we can simply skip testing if something is set or equals 0, '' or false, since it is all implied in 'empty'

  • [enrichment view] Quick change, using variable. [chrisr3d]

... Instead of going twice through the dictionary keys to fetch the same value - [enrichment] Displaying error value in the job status instead of the json format. [chrisr3d] - Removed test variables. [chrisr3d]

  • Also pardon my French
  • [enrichment] Typo on Object references field relationship_type. [chrisr3d]
  • [enrichment] Fixed missing object_relation field. [chrisr3d]

... for object attributes fetched from module results form - [enrichment view] Quick display fix. [chrisr3d]

  • Making sure the submit button is always at the bottom of the page
  • Fixed missing closing tags
  • [freetext import] Deleted not used variable. [chrisr3d]
  • [cleanup] Fixed indentations. [chrisr3d]
  • [enrichment] Fixed handleModuleResults input variable name. [chrisr3d]
  • [enrichment] Fixed missing merge conflict. [chrisr3d]
  • [enrichment] Set sharing group id to 0 when distribution is not 'Sharing Group' [chrisr3d]

  • Also setting some return data & fields

  • [enrichment view] Added missing form fields + button typo. [chrisr3d]

  • Those form inputs are the ones that are used in the javascript part to submit results

  • [enrichment view] Fixed Object sharing group field location. [chrisr3d]
  • [enrichment view] Trying to avoid submit button to be somewhere not intended. [chrisr3d]
  • [enrichment] Avoiding errors on distribution and sharing group data. [chrisr3d]

  • Making sure we do have a value for distribution and sharing group

  • Avoid translating distribution levels into their human meaning because the output process capturing data from the form will anyway use the numeric values. Readable values are btw displayed in the form for users confort
  • Also sanitized data displayed
  • [enrichment] Testing if an object has attributes before looping over them. [chrisr3d]
  • [stix2 export] Making stix2-validator happy about mac addresses. [chrisr3d]
  • [stix2 export] Fixed TLP marking definition objects creation. [chrisr3d]
  • [stix2 export] Fixed registry-key keys and values parsing for patterns. [chrisr3d]

  • There was an issue with back slashes that made sometime indicators creation fail

  • Also switched from concatenation to join
  • Libonig2 -> libonig4 (ubuntu bionic) [Raphaël Vinot]
  • [stix2 export] Making reusable subfunctions. [chrisr3d]

  • Useful for the next functions to come using the same pieces of code

  • [stix2 export] Defining pattern with join intead of concatenation. [chrisr3d]

  • Started splitting functions with sub-functions for a reuse

  • [stix2 export] Improved network socket object creation. [chrisr3d]
  • [stix2 export] Fixed credential objects mapping to avoid missing required stix fields. [chrisr3d]
  • [stix import] Fixed stix_edh library import error catching. [chrisr3d]
  • [row_attribute] feed correlation popover not being displayed for feed type other than MISP format. [mokaddem]
  • [relatedEvent:view] catch if number of correlation cannot be found. [mokaddem]
  • [event:addTag] User can add multiple tag collection at once. [mokaddem]
  • [stix2 import] Fixed wrong function used. [chrisr3d]
  • [installer] Currently misp-packer fails on waiting for user inpu… (#4788) [Steve Clement]

fix: [installer] Currently misp-packer fails on waiting for user inpu… - [installer] Currently misp-packer fails on waiting for user input during upgrade. [Steve Clement] - [data-massaging] Removed massaging for float type attributes. [iglocska]

  • it not only stripped anything but floats as expected, but additionally also rounded the value
  • [js] fixes #4678 and javascript errors. [Christophe Vandeplas]
  • [API] Simple worker management added. [iglocska]

  • /servers/startWorker/[queue]

  • /servers/stopWorker/[pid]
  • /servers/getWorkers
  • [object:proposeValidTemplate] Support only_full_group_by sql mode. Fix #4746. [mokaddem]
  • [UI] Enrichment hover should also work after sorting / changing the event attribute context, etc. [iglocska]
  • [stix import] Fixed address objects parsing. [chrisr3d]
  • [shell] ask_o () needed some quotes, regenerated installer. (#4750) [Steve Clement]

fix: [shell] ask_o () needed some quotes, regenerated installer. - [shell] ask_o () needed some quotes, regenerated installer. [Steve Clement] - [stix import] Better handling of missing python libraries. [chrisr3d] - 🔒 Fixed an RCE vulnerability with user controled entries being fed to file_exists. [iglocska]

  • phar protocol paths for php file instructions can lead to RCE via meta-data deserialization
  • mitigated by the functionalities enabling this being only accessible to site admins

  • Reported by Dawid Czarnecki

  • [ajaxTypes] copy pasta fixed. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4841 from SteveClement/guides. [Steve Clement]

chg: [doc] Minor update, added known-issues section - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' into guides. [Steve Clement] - Add: [stix2 export] Exporting user-account objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix2 import] Importing credential objects. [chrisr3d] - Add: [stix2 import] Parsing network traffic in the case of network connection object. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Added norwegian translation (#4832) [Steve Clement]

Added norwegian translation - Added norwegian. [Kortho]

Added norwegian translation - Merge pull request #4807 from RichieB2B/ncsc-nl/IOCImport. [Andras Iklody]

Support empty attribute type in IOC import - Support empty attribute type in IOC import. [Richard van den Berg] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4826 from SteveClement/tools. [Steve Clement]

chg: [installer] One step closer to "sane" aka. generic os-detection - Merge branch '2.4' into tools. [Steve Clement] - Merge branch '2.4' into guides. [Steve Clement] - Merge pull request #4822 from Kortho/patch-1. [Andras Iklody]

fixed mixed dbuser - dbname - Fixed mixed dbuser - dbname. [Kortho]

changed so the script uses the correct var - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch 'module_rework2' into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d] - Add: [enrichment] Fetching data fields from the view. [chrisr3d] - Add: [enrichment view] Added data fields + cancel button to the form. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d] - Add: [enrichment] Displaying + returning tags at attributes level from the module results. [chrisr3d]

  • If one of our UI master could review this and find a better way of displaying the tags at attribute level in the module results view, it would be very cool :D
  • Add: [enrichment] Attaching event level tags returned by the module results. [chrisr3d]
  • Add: [enrichment view] Displaying event level tags. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Add: [enrichment view] Displaying events metadata & number of returned attributes. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • 🚧 [enrichment] Handling the potential uuids differences. [chrisr3d]

  • We want to be sure the references we add to an event are pointing to the right target, so when an attribute/object is already in the event and is a reference target, we want to point to this already existing attribute/object, and not to the one we get from the module results, which will afterall be skipped.

  • Also to to that, attributes already in the event are simply not saved, but we need to find in the event if an event already exists or not, using its attributes
  • More care to the references themselves to come
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • 🚧 [enrichment] Avoiding duplicate object attributes. [chrisr3d]

  • It concerns obviously the case where we query a module using an attribute within an object as input

  • More to come about the ObjectReference field that should not be overwritten/duplicated either
  • 🚧 [enrichment] Passing initial object references as well. [chrisr3d]

  • Also testing if the initial object found is not empty

  • 🚧 [enrichment] Passing the initial object within the request data. [chrisr3d]

  • Makes its parsing easier afterwards

  • Add: [hover enrichment] Displaying resolved objects & attributes from new modules results. [chrisr3d]

  • Also quick indentation fix

  • 🚧 [hover enrichment] Passing new modules results to the hover enrichment view. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • 🚧 [enrichment] Support of object references. [chrisr3d]

  • Handling the references between objects and attributes or objects that are displayed in the form and saving them.

  • Avoiding issue when an attribute or object can not be saved and is referenced: trying to find in the event if it is an attribute, returning a warning message if it is an object or if nothing corresponding to the failing referenced object or attribute is found.
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • 🚧 [enrichment] Returning a status message after the module results handling is done. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • 🚧 [enrichment] Saving attributes & objects from module results. [chrisr3d]

  • Need to handle specific cases, relationships, and to update the progress status information

  • Add: [enrichment] Added possibility to get object template version & uuid. [chrisr3d]
  • 🚧 [enrichment] Capturing objects & attributes. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into rework_modules. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Add: [stix2 export] Added network connection to the mapped objects. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #4802 from SteveClement/guides. [Steve Clement]

chg: [doc] More tweaks to the CentOS howto - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4798 from SteveClement/guides. [Steve Clement]

chg: [doc] Various updates to RHEL/Ubuntu - Add: [stix2 export] Mapping credential MISP objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4570 from mokaddem/relatedEventUI. [Andras Iklody]

Related event ui - Merge branch '2.4' of github.com:MISP/MISP into relatedEventUI. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into relatedEventUI. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into relatedEventUI. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4769 from cvandeplas/2.4. [Andras Iklody]

fix: [js] fixes #4678 and javascript errors - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4674 from juju4/devel-globalstrict. [Andras Iklody]

strict typing - snuffleupagus tests - Strict typing - snuffleupagus tests. [juju4] - Merge pull request #4741 from StefanKelm/2.4. [Andras Iklody]

Update EventBlacklistsController.php - Update edit.ctp. [StefanKelm]

Clarification that "Fetch GnuPG key" actually connects to the MIT key server - Update EventBlacklistsController.php. [StefanKelm]

(minor) aligns the text with app/Controller/Component/BlackListComponent.php - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' into tools. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]

v2.4.109 (2019-06-13)

New

  • [eventblacklist] Added search filters. [iglocska]

  • We really need a DISP - development information sharing platform

  • [eventBlacklist] Added support of bulk deletion of entries. Fix. [mokaddem]
  • [statistics:galaxyMatrix] Added filtering capabilities. [mokaddem]
  • [object:fromAttribute] Started dev on merging selected attributes into an object - 🚧. [mokaddem]
  • [API] added new restSearch filter - date. [iglocska]

  • deprecated to and from

  • date works similarly to timestamp, accepted syntax options:
    • time ranges in the shorthand format (7d or 24h, etc)
    • timestamps
    • fallback parsing for other formats (2019-01-01, "fortnight ago", etc)
    • date ranges using lists [14d, 7d]
  • [cleanup] Added admin tool to remove all published empty events. [iglocska]

  • part of the solution to the empty event sync issue introduced in 2.4.107

  • skips the event blacklisting
  • [sync] Block pulled events from being saved if they contain no attributes/objects. [iglocska]
  • [emailing] Server admins can get a threshold for per org e-mail alerts, fixes #4714. [iglocska]

Changes

  • [VERSION] bump. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [installer] Updated Installer and chksums to latest (#4740) [Steve Clement]

chg: [installer] Updated Installer and chksums to latest - [installer] Updated Installer and chksums to latest. [Steve Clement] - [doc] Added ZMQ to the procedure. [Steve Clement] - Bumped queryversion. [mokaddem] - [querystring] bump. [iglocska] - Bumped queryversion. [mokaddem] - [galaxyMatrix] Added check if event not found. [mokaddem] - [galaxyMatrix] Improved getTagScores to allow with and without ACL tag score fetching. [mokaddem] - [textColourHelper] Little tweaking to prefer black text. [mokaddem] - [attributeTag:getTagScore] Largely improved code. [mokaddem] - [restSearch:attack] Only expose attack return format to the event scope. [mokaddem] - [galaxyMatrix:stats] Only take into account occurences of galaxy once per event. [mokaddem] - [galaxyMatrix] Fix typos. [mokaddem] - [galaxyMatrix] Transformed query into cakephp model query. [mokaddem] - Bumped queryversion. [mokaddem] - [export:attack] Performance improvements. [mokaddem] - [galaxyMatrix] Slight UI improvement on number of items. [mokaddem] - [galaxyMatrix:popup] Layout improvement. Make it scrollable! [mokaddem] - [galaxyMatrix] Added sorting by score. Fix #4608. [mokaddem] - [galaxyMatrix] number of entry per column. Fix #4601. [mokaddem] - [object:fromAttributes] Deleted comments and hardcoded table name. [mokaddem] - [attribute:delete] Simplified search options. [mokaddem] - [object:fromAttributes] Enforce minimum popover size. [mokaddem] - [object:fromAttributes] Method only accesible via AJAX and regular users can use the feature. [mokaddem] - [object:fromAttributes] Added support of hard delete if event not published yet. [mokaddem] - [object:fromAttributes] Changed warning message during the merge review. [mokaddem] - [object:fromAttributes] Improved styling of reference table. [mokaddem] - [object:fromAttributes] Added a bit more styling on the reference table. [mokaddem] - [object:fromAttributes] Show object references that will be dropped. [mokaddem] - [object:fromAttributes] Slightly improved layout. [mokaddem] - [ACL] Updated routing. [mokaddem] - [object:fromAttributes] Added object_relation description. [mokaddem] - [object:fromAttributes] Returns correct value if attribute list is empty. [mokaddem] - [object:fromAttributes] Created Object from Attribute now works. [mokaddem] - [object:fromAttributes] Shows selected types and started implementaion of the actual object creation - 🚧. [mokaddem] - [object:fromAttributes] Added support of form submission - 🚧. [mokaddem] - [object:fromAttributes] Better Attribute filtering - 🚧. [mokaddem] - [object:fromAttributes] Greatly improved UI - 🚧. [mokaddem] - [object:fromAttribute] Continue of web and controller implementation - 🚧. [mokaddem] - Bumped queryversion. [mokaddem] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]

Fix

  • [installer] added missing python zmq lib. [Christophe Vandeplas]
  • [installer] Commit: https://github.com/MISP/MISP/commit/1716ca7da9d671 a5e103069d4b74c867a17b1020 regressed the installer to an earlier version. [Steve Clement]
  • [UI] weird blue button fixed. [iglocska]
  • [galaxyMatrix] Handle case if deprecated galaxy does not exists. [mokaddem]
  • [galaxyMatrix] Catch error if no element in column. [mokaddem]
  • [event:galaxyMatrix] Apply ACL on the galaxy matrix scores (event view) [mokaddem]
  • [galaxyMatrix:export] Removed multiple bugs providing inconsistent result. [mokaddem]
  • [Attribute:restSearch] Prevent failing if file empty. [mokaddem]
  • [galaxyMatrix] fixed layout for other views. [mokaddem]
  • [attributes] Correctly pass the user object and renamed delete function. [mokaddem]
  • Few typos. [mokaddem]
  • [object:fromAttributes] SYNC support for older instances (duplicate attributes and their contexts) [mokaddem]
  • [sync] Correctly capture the attributes from a groupment into an object during the sync. [mokaddem]
  • [attribute:editAttribute] synchronisation support when attributes got merged into an object. [mokaddem]
  • [object:fromAttributes] Catch if requiredType is empty. [mokaddem]
  • [object:fromAttributes] Correctly skip non valid attributes. [mokaddem]
  • [galaxy:add] Fix #4733 (adding galaxies on attribute) [mokaddem]
  • 🔒 Org admins could reset credentials for site admins. [iglocska]

  • org admins have the inherent ability to reset passwords for all of their org's users

  • this however could be abused if for some reason the host org of an instance would create org admins
    • the org admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them
  • the potential for abuse is very circumstancial as it requires the host org to create lower privilege org admins instead of the usual site admins
  • only org admins of the same organisation as the site admin could abuse this

  • as reported by Raymond Schippers

  • [sync] Push all bug with empty events fixed. [iglocska]
  • [permissions] Fixed the default sync/user/publisher permissions to include perm_tagger and perm_tag_editor(sync only) [iglocska]
  • [CSRF] END THIS NIGHTMARE. [iglocska]
  • [CSRF] Potential fix for the CSRF issues via tag/galaxy additions. [iglocska]
  • [session] Fix to automatic session destruction in previous attempt to fix the overflow of API sessions. [iglocska]
  • [API] Destroy the session at the end of the execution. [iglocska]
  • [sync] Temporary fix for empty events showing up in syncs when pulling from a new instance via an outdated one. [iglocska]

Other

  • Merge branch '2.4' into guides. [Steve Clement]
  • Merge pull request #4734 from cvandeplas/2.4. [Steve Clement]

fix: [installer] added missing python zmq lib - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch 'eventblacklist' into 2.4. [iglocska] - Merge pull request #4635 from mokaddem/galaxyMatrixImprovements. [Andras Iklody]

Galaxy matrix improvements - Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixImprovements. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixImprovements. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixImprovements. [mokaddem] - Merge pull request #4672 from mokaddem/mergeAttributeIntoObjects. [Andras Iklody]

Merge attributes into objects - Merge branch '2.4' of github.com:MISP/MISP into mergeAttributeIntoObjects. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into mergeAttributeIntoObjects. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into mergeAttributeIntoObjects. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into mergeAttributeIntoObjects. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into mergeAttributeIntoObjects. [mokaddem] - Merge pull request #4722 from certbe-trey/2.4. [Andras Iklody]

enable misp-wipe where MySQL datastore isn't on localhost - Enable misp-wipewhere MySQL datastore isn't on localhost. [Trey Darley]

The misp-wipe script grabs the MYSQL host parameter from database.conf but it wasn't included in the call to mysqldump. - Merge pull request #1 from MISP/2.4. [Trey Darley]

merge with upstream - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix import] Supporting additional marking & namespace. [chrisr3d]

v2.4.108 (2019-06-04)

New

  • [Sync] Add a tool to create MISP sync configuration JSONs and to ingest them, fixes #4696. [iglocska]

  • sync user can log into remote instance, extract config JSON

  • paste it into own instance as site admin to add MISP sync connection
  • [API] AND for tag filters in restSeach added. [iglocska]
  • [API] Added object_relation as a filter for both the event/attribute restSearch functions. [iglocska]
  • [paranoid logging] Added POST/PUT body logging on demand. [iglocska]
  • [logging] Added paranoid logging mode. [iglocska]

  • will log ANY query's (UI/API):

    • http method
    • requested URL
  • optionally disable DB logging for paranoid log entries

  • [logging] Added verbose logging to the server sync test throwing an unexpected error. [iglocska]

Changes

  • [doc] CentOS 7 updates (#4718) [Steve Clement]

chg: [doc] CentOS 7 updates - [doc] CentOS 7 updates chg: [doc] Cake command failing. [Steve Clement] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [warning-lists] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [version] bump. [iglocska] - [installer] Updated the installer to the latest version. [Steve Clement] - [doc] RHEL8 updates. [Steve Clement] - [tools] unused import module removed. [Alexandre Dulaunoy] - [feeds] Benkow.cc RAT feed added. [Alexandre Dulaunoy] - [default feeds] additional properties is allowed. [Alexandre Dulaunoy] - [doc] Updated SQL (#4670) [Steve Clement]

chg: [doc] Updated SQL - [doc] Updated SQL chg: [installer] Updated installer. [Steve Clement] - [restResponse] Added documentation for adding tags on Objects. [mokaddem] - [diagnostic:view] Improved visibility of the updateAllJson update button. [mokaddem] - [event:view] Correctly display title to large by truncating (+ellipsis) [mokaddem] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [feeds] malshare.com - current all added. [Alexandre Dulaunoy] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] - Bumped queryversion. [mokaddem] - [font-awesome] Bumped version to 5.8.2 and updated glyphs. [mokaddem] - [doc] adde --no-cache to wget to make sure we always have the la… (#4648) [Steve Clement]

chg: [doc] adde --no-cache to wget to make sure we always have the la… - [doc] adde --no-cache to wget to make sure we always have the latest checksums. [Steve Clement]

chg: [installer] Updated installer - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [installer] Checksum update. [Steve Clement] - Bumped queryVersion. [mokaddem] - [doc] Updated Changelog (#4642) [Steve Clement]

chg: [doc] Updated Changelog - [doc] Updated Changelog. [Steve Clement] - [object:add] Disable the first select's option when adding a new row. [mokaddem] - [object:add] Added empty option support in select inputs when creating an object. [mokaddem] - [installer] If shasum is not found, install it (#4634) [Steve Clement]

chg: [installer] If shasum is not found, install it - [installer] Update installer to latest. [Steve Clement] - [installer] Added todo. [Steve Clement] - [installer] If shasum is not found, install it. [Steve Clement] - [installer] Update to latest version (#4633) [Steve Clement]

chg: [installer] Update to latest version - [installer] Update to latest version chg: [installer] Set a dynamic GnuPG passphrase. [Steve Clement] - [installer] Update installer (#4631) [Steve Clement]

chg: [installer] Update installer - [installer] Update installer. [Steve Clement] - [installer] Installer now checks his own checksum (#4630) [Steve Clement]

chg: [installer] Installer now checks his own checksum - [installer] Installer now checks his own checksum. [Steve Clement] - [yara export] fix the correct Python version is used. [Alexandre Dulaunoy]

Fix

  • [UI] Event lock concatinating quoted empty strings. [iglocska]
  • [UI] Double sanitisation of org view fixed, fixes #4704. [iglocska]
  • [sync] Further fixes to the deleted flag changes breakig things. [iglocska]
  • [authkey] Fixed The authkey variable (Viper should work again) (#4694) [Steve Clement]

fix: [authkey] Fixed The authkey variable (Viper should work again) - [authkey] Fixed The authkey variable (Viper should work again next run) fix: [doc] Upated RHEL formatting and added $RUN_MYSQL (scl enable foo) variable. [Steve Clement] - [sync] Critical bug fixed that blocked attributes from being included in a push. [iglocska]

  • due to the change to the deleted flag that was not reflected in the way we prepare events for the synchronisation
  • [sync] Fixed an issue that dropped the remote org. [iglocska]
  • [UI] Add the create server sync description menu to the server list. [iglocska]
  • [sync] whitelist fields that can be added via the JSON config. [iglocska]
  • [UI] Invalid redirect fixed. [iglocska]
  • [organisation:view] Fixed spinner when viewing events from an org. [mokaddem]
  • [API] Weird responses from JSON objects fixed when data returned is empty. [iglocska]
  • [API] Wrong JSON output when /events/index returns empty result, fixes #4690. [iglocska]
  • [UI] Org index filter fixed. [iglocska]
  • [stix2 import] Fixed external domain & x509 patterns import. [chrisr3d]
  • [freetext import] Fixed shadow attribute import. [chrisr3d]
  • [feed] Feodo tracker blocklist URL replaced. [Sascha Rommelfangen]
  • [submodule version check] fixed. [iglocska]
  • [event:view] Correctly support the new deleted parameter behavior. [mokaddem]
  • Fix: [restSearche] Correctly interpret the deleted parameter on event and attribute scope. -- Pair programming with @iglocksa. [mokaddem]
  • [UI] Fixed checklocks polluting the top bar. [iglocska]
  • [upgrade process] For the recovery script, also take "failed" upgrades into account. [iglocska]

  • not all update script errors are actual failures, some insertions of table rows that already exist to resolve potential previous update issues would otherwise not be flagged

  • On-Demand Action missed side menu fixed. [4ekin]
  • [API] Allow more flexibility on the return content types. [iglocska]

  • also set RPZ as txt

  • [enrichment:popover] Correctly fadeout when clicking on the close button. [mokaddem]
  • [eventGraph] Patch to support new font-awesome 5.8. [mokaddem]
  • [STIX] STIX upload fixed for API use. [iglocska]
  • [installer] Piping large shell scripts to bash needs more testin… (#4644) [Steve Clement]

fix: [installer] Piping large shell scripts to bash needs more testin… - [galaxy:add] Consider both model names when doing a mass cluster addition. [mokaddem] - [installer] Piping large shell scripts to bash needs more testing and should not be used, for a very long time. [Steve Clement] - [installer] Checksum checker had a bug (#4632) [Steve Clement]

fix: [installer] Checksum checker had a bug - [installer] Checksum checker had a bug. [Steve Clement] - [stix import] Fixed email attachments parsing. [chrisr3d]

  • Being less restrictive and supporting email attachments that are referencing objects not under the related object fields of the email, but referencing another object at the same level as the email, within the STIX incident
  • Also parsing potential references even when the STIX file is coming from MISP export
  • [stix import] Supporting multi attachment attributes for the email object. [chrisr3d]

  • As specified in the object template

  • [Logs] Event history missing proposal entries and deletions. [iglocska]

Other

  • Merge pull request #4671 from Kortho/patch-1. [Steve Clement]

fixed sql-statement for creating user RHEL - Fixed sql-statement for creating user. [Kortho]

fixed error with creating db-user from $DBNAME to $DBUSER_MISP - Merge pull request #4716 from certbe-trey/patch-1. [Andras Iklody]

enable misp-backup where MySQL datastore isn't on localhost - Enable misp-backup where MySQL datastore isn't on localhost. [Trey Darley]

The misp-backup script grabs the MYSQL host parameter from database.conf but it wasn't included in the call to mysqldump. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4706 from deralexxx/patch-8. [Alexandre Dulaunoy]

This assignment assigns a variable to itself. - This assignment assigns a variable to itself. [Alexander J]

Think that line is not needed. - Merge pull request #4707 from deralexxx/patch-9. [Alexandre Dulaunoy]

Import of 'b64encode' is not used. - Import of 'b64encode' is not used. [Alexander J]

Remove the import - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4683 from MISP/chrisr3d_patch. [Christian Studer]

fix: [freetext import] Fixed shadow attribute import - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4639 from wasserman/patch-1. [Andras Iklody]

GRANTs updated to DBUSER_MISP instead of DBNAME. - GRANTs updated to DBUSER_MISP instead of DBNAME. [wasserman]

Two spots were GRANTing to the DBNAME instead of the DBUSER_MISP. It still works if the user and DBNAME are the same. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4638 from 4ekin/fix-ui-ondemand-action. [Sami Mokaddem]

fix: On-Demand Action missed side menu fixed - Merge pull request #4647 from RichieB2B/ncsc-nl/snort. [Alexandre Dulaunoy]

Match EDNS packets with snort rules - Match EDNS packets with snort rules. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4661 from RichieB2B/ncsc-nl/retention. [Alexandre Dulaunoy]

Add script for expiring IP based IOC's - Add script for expiring IP based IOC's. [Jop van der Lelie] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #4649 from cudeso/2.4. [Steve Clement]

misp-wipe ; delete all non-default orgs & users - Misp-wipe ; delete all non-default orgs & users. [Koen Van Impe] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #4629 from RichieB2B/ncsc-nl/wipe-exports. [Andras Iklody]

Clean cached-exports - Wipe all tmp files, not just the logs. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]

v2.4.107 (2019-05-13)

New

  • [installer] Added rhash and an sfv file for the installer chg: [installer] Updated installer to latest. [Steve Clement]
  • [ATT&CK] Added new export system for restsearch for ATT&CK. [iglocska]

  • Return the ATT&CK matrix data as HTML via the API

  • Directly viewable via the REST client

  • Greetings from the ATT&CK workshop @ Eurocontrol

  • [API] Added includeWarninglistHits to the attribute search API. [iglocska]
  • [API] Added includeWarninglistHits as a possible filter for the event level restsearch. [iglocska]
  • [installer] First scaffolding of an OS detector. [Steve Clement]
  • [update] Injected update-related files/changes from zoidberg. [mokaddem]
  • [yara] Added diagnostics. [iglocska]
  • [object:add] UI to propose to merge into similar objects - 🚧. [mokaddem]

Changes

  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]

fix: MITRE ATT&CK kill-chain missing - [version] bump. [iglocska] - [installer] Updated installer to latest (#4624) [Steve Clement]

chg: [installer] Updated installer to latest - [installer] Updated installer to latest. [Steve Clement] - [conf] Added http to https redirection. [Steve Clement] - [installer] Added systemd unit file for workers (#4623) [Steve Clement]

chg: [installer] Added systemd unit file for workers - [installer] Added systemd unit file for workers. [Steve Clement] - [doc] Added kafka ass a function. [Steve Clement] - [installer] Update installer to latest. [Steve Clement] - [doc] Various documentation updates (#4621) [Steve Clement]

chg: [doc] Various documentation updates - [doc] Better handling of sudoers. [Steve Clement] - [doc] Added 2 more hardening sources. [Steve Clement] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [installer] Updated to latest installer (#4617) [Steve Clement]

chg: [installer] Updated to latest installer - [installer] Updated to latest installer. [Steve Clement] - [doc] Updated RHEL8 to not be BETA chg: [vars] WWW_USER is now autodedected. [Steve Clement] - [installer] Updated Installer (#4611) [Steve Clement]

chg: [installer] Updated Installer - [installer] Updated Installer. [Steve Clement] - [doc] Finally got rid of the RHELL/CentOS specific Cake commands (yay) [Steve Clement] - [tools] Enabled more modules by default and tweaked some settings. [Steve Clement] - [doc] Kafka export is now included in the list of features. [Alexandre Dulaunoy] - [galaxy/taxonomy/warninglists] updated to the latest version. [Alexandre Dulaunoy] - [installer] If we detect packer, we behave accordingly. (#4602) [Steve Clement]

chg: [installer] If we detect packer, we behave accordingly. - [installer] updated installer. [Steve Clement] - [installer] If we detect packer, we behave accordingly. chg: [installer] Updated installer. [Steve Clement] - [installer] Updated installer to latest changes. (#4593) [Steve Clement]

chg: [installer] Updated installer to latest changes. - [installer] Updated installer to latest changes. [Steve Clement] - [doc] Update RHEL/CentOS install guides. [Steve Clement] - [doc] Moved tsurugi away from /INSTALL. [Steve Clement] - [doc] Moved tsurugi install out of the way, to be implemented way later into installer. [Steve Clement] - [adminShell] Added recovery function to replay updates. [mokaddem]

It fetches the last successful DB update number in the log, then re-apply all of them up to the latest available. - [AdminShell] Some comments on current state of bugs. [Steve Clement] - [AdminShell] Let's at least tell what ID was not found. [Steve Clement] - Bump PyMISP. [Raphaël Vinot] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy/misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [AdminShell] Let the user know as which user he exectued the script. [Steve Clement] - [doc] MISP works on OpenBSD 6.5, partially (#4577) [Steve Clement]

chg: [doc] MISP works on OpenBSD 6.5, partially - [doc] MISP works on OpenBSD 6.5, partially chg: [doc] Removed link to Debian PostgreSQL. [Steve Clement] - [event:view] Added button to quickly extend an event. Fix #4481. [mokaddem] - [eventgraph] Force constant color for the eventgraph's nodes. Fix #4536. [mokaddem] - [installer] Updated installer. [Steve Clement] - [doc] Updated to Debian 9.9 via python source install (#4571) [Steve Clement]

chg: [doc] Updated to Debian 9.9 via python source install - [doc] Some changes to misp-modules install. [Steve Clement] - [doc] Updated to Debian 9.9 via python source install. [Steve Clement] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [default-feeds] abuse.ch SSL IP fixed. [Alexandre Dulaunoy] - [distributionNetwork] Filter out organisations not being marked as local. Fix #4568. [mokaddem] - [event:view] Collapse related event in preview[Feed/Event]. Fix #4561. [mokaddem] - [cluster:matrix] Slightly imporved memory performance. [mokaddem] - [diagnostic] Improved worker's message when updating the submodules. [mokaddem] - [diagnostic] Changed update button with more relevant icons. [mokaddem] - [diagnostic] Added message if .git can't be read by MISP. [mokaddem] - [object:add] Changed back button text into Back [mokaddem] - [update] Avoid executing pre-update test multiple times. [mokaddem] - [updates] Implented changes requested by the PR's review #4534. [mokaddem] - [updateProgress] bit of cleanup. [mokaddem] - [updateProgress] Moved CSS in its own file and usage of the assetLoader. [mokaddem] - [onDemandAction] Redirect on updateProgress page is no longueur de default behavior. [mokaddem] - [update] repaired badly merged file. [mokaddem] - [AdminShell] Adde PHP_EOLs where it made sense. (QoL enhancement) [Steve Clement] - [AdminShell] return the name of the setting change and what we changed it to. [Steve Clement] - [doc] Added plyara (#4554) [Steve Clement]

chg: [doc] Added plyara - [doc] Added plyara. [Steve Clement] - [INSTALL] Updated installer. (#4553) [Steve Clement]

chg: [INSTALL] Updated installer. - [INSTALL] Updated installer. [Steve Clement] - [doc] rhel8/fedora30/debian Install guide updates (#4552) [Steve Clement]

chg: [doc] rhel8/fedora30/debian Install guide updates - [doc] Added updates to rhel8, which partially works with Fedora Server 30. [Steve Clement] - [doc] Debian stable install doc still not working, until Python3.6 will be default. Debian 10 will fix that. [Steve Clement] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version of ATT&CK. [Alexandre Dulaunoy] - [event:row_attribute] Added title to the checkboxes. [mokaddem]

This reveal to be useful if the table header is not visible. - [object:revise] Improved text and added a back button. [mokaddem] - [addTag] Force no caching on the submitTag request. [mokaddem] - [object:revise] Changed text of back button. [mokaddem] - [object:revise] Improved help text. [mokaddem] - [object:add] Improved help text. [mokaddem] - [object:similiar] Added back button, improved highlight and text. [mokaddem] - [object_revise] Deleted useless comment. Also, fix #3897. [mokaddem] - [object:reivse] Improved layout. [mokaddem] - [object:revise] Increase threshold of similar_objects_display_threshold and fixed count. [mokaddem] - [object:edit] Moved listener binding into doc.ready. [mokaddem] - [object:element] Transformed object_similarities view into a parametrized view. [mokaddem]

Greatly improved flexibility of the of the view by only displaying available component - [object:revise] Moved object difference view into Elements [mokaddem] - [object] Refacto renamed variables and added comments. [mokaddem] - [object:edit] Added possibility to inject invalid type + UI improvements - 🚧. [mokaddem] - [object:revise] Little perf improvement. [mokaddem] - [object:edit] Clean up. [mokaddem] - [object:edit] Avoid duplicating same multiple entries and usage of threshold instead of harcdoded value. [mokaddem] - [object:edit] Added similarity amount between objects. [mokaddem] - [object:edit] Improved UI and diff recognition - 🚧. [mokaddem] - [object:edit] Continuation integration with template update and object merge - 🚧. [mokaddem] - [object:edit] Started integration to allow updating object templates - 🚧. [mokaddem] - [object:add] Improved UI for similar objects - 🚧. [mokaddem] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [doc/misp-modules generic] update the dependency list. [Alexandre Dulaunoy] - [modules] module choice screen updated. [iglocska]

  • nicer looks
  • sorting
  • [doc] Updates to Debian install document (#4531) [Steve Clement]

chg: [doc] Updates to Debian install document - [doc] Updated misp-modules install howto chg: [doc] /usr/local/src permission fix. [Steve Clement] - [doc] Updates to Debian install document. [Steve Clement]

Fix

  • [genericPicker] allow tagging when the ATT&CK Matrix has been opened. [mokaddem]
  • [object:revise] Removed useless ACL conditions; was failing for users not being admin. [mokaddem]
  • [installer] Identify VMware machinery. [Steve Clement]
  • [doc] CentOS specific cake commands do not exist anymore. [Steve Clement]
  • [sql] SQL Syntax error fix. [Steve Clement]
  • [age based publish blocking] Fixed and using the timestamp. [iglocska]
  • [docs] Added attackGalaxy as a valid option for the restsearch APIs. [iglocska]
  • [bug] getPythonVersion undefined, pull in where it is defined. (#4615) [Steve Clement]

fix: [bug] getPythonVersion undefined, pull in where it is defined. - [bug] getPythonVersion undefined, pull in where it is defined. [Steve Clement] - [API] Some fixes for the restsearch -> attack export. [iglocska] - [installer] Installer Checksums out-of-sync. [Steve Clement] - [doc] Let the user know he wants to be the "webserver" user (#4603) [Steve Clement]

fix: [doc] Let the user know he wants to be the "webserver" user - [doc] Let the user know he wants to be the "webserver" user. [Steve Clement] - [dashboard] netstat is needed for dashboard (#4598) [Steve Clement]

fix: [dashboard] netstat is needed for dashboard - [dashboard] netstat is needed for dashboard. [Steve Clement] - PyMISP install was failing on Travis. [Raphaël Vinot] - [AdminShell] Yet another tyope :( (#4590) [Steve Clement]

fix: [AdminShell] Yet another tyope :( - [AdminShell] Yet another tyope :( [Steve Clement] - [AdminShell] Fixed typo (#4589) [Steve Clement]

fix: [AdminShell] Fixed typo - [AdminShell] Fixed typo. [Steve Clement] - [AdminShell] Added apache user. [Steve Clement] - [AdminShell] Misplaced the debug message. [Steve Clement] - [stix export] Fixed email attachment export. [chrisr3d]

  • Fixed condition trying to reach the case where we have an attachment attribute in the object, which was never true because of a wrong key testing
  • Fixed the email attachment related file object creation initiation
  • [galaxy clusters] Choosing them via the UI was dog slow. [iglocska]

  • now it's just plain slow

  • [update] Disabled background processing until it's fixed. [iglocska]
  • [AdminShell] very dirt fix to get updateObjectTemplates working (#4585) [Steve Clement]

fix: [AdminShell] very dirt fix to get updateObjectTemplates working - [AdminShell] very dirt fix to get updateObjectTemplates working from the CLI. [Steve Clement] - [UI] Notice errors fixed in the discussion threads. [iglocska] - [bug] Fixed a bug in the update process that caused updates to fail due to an invalid value assigned as default for org_id. [iglocska] - 🔒 Fix persistent xss due to invalid sanitisation of image names in titles. [iglocska]

  • triggered by expanding a screenshot

  • as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)

  • 🔒 Fix persistent xss via link type attributes containing javascript:// links. [iglocska]

  • low impact as it requires user interaction to trigger

  • as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)

  • 🔒 Fix persistent xss via discussion links via javascript:// links. [iglocska]

  • low impact as it requires user interaction to trigger

  • as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)

  • [AdminShell] CentOS/RHEL use 'apache' by default (#4580) [Steve Clement]

fix: [AdminShell] CentOS/RHEL use 'apache' by default - [AdminShell] CentOS/RHEL use 'apache' by default. [Steve Clement] - [doc] Remove CentOS 7 from xINSTALL list. (#4579) [Steve Clement]

fix: [doc] Remove CentOS 7 from xINSTALL list. - [doc] Remove CentOS 7 from xINSTALL list. [Steve Clement] - [export] Yara Export variable typo fix. Use getPythonVersion. (#4578) [Steve Clement]

fix: [export] Yara Export variable typo fix. Use getPythonVersion. - [export] Yara Export variable typo fix. Use getPythonVersion. [Steve Clement] - [object:revise] Force field to be value1, preventing bug in some cases. [mokaddem] - [cluster:galaxyMatrix] Increased coverage of attack matrix. [mokaddem]

Now consider the following new links for the pivot tag: Attributes -> Events Events -> Attributes - [installer] Fixed installer misp-modules permissions. (#4558) [Steve Clement]

fix: [installer] Fixed installer misp-modules permissions. - [doc] misp-modules failed to install because of a Permission issue. (#4557) [Steve Clement]

fix: [doc] misp-modules failed to install because of a Permission issue. - [install] Fixed the endless loop in viper db update (#4555) [Steve Clement]

fix: [install] Fixed the endless loop in viper db update - [i18n] Added yara/yara-export. [Steve Clement] - Fixed i18n strings in Event controller, model and view. [4ekin] - Typos in controllers. [4ekin] - [installer] Fixed installer misp-modules permissions. [Steve Clement] - [doc] misp-modules failed to install because of a Permission issue. [Steve Clement] - [install] Fixed the endless loop in viper db update. [Steve Clement] - [required taxonomies] not firing via regular publishing only via publish (no email), fixes #4546. [iglocska] - [UI] Sightings could not be added by read only users, even if they had sighting rights. [iglocska] - [updateSubmodule] Simplified calculation of time difference. [mokaddem] - [object:edit] Removed faulty line. [mokaddem] - [object:revise] Reverted correct endif position - 🚧. [mokaddem] - [diagnostic:submodules] [Sami Mokaddem]

Time difference is correctly calculated. Should solve #4538 - [enrichment] typo causing enrichments to redirect to the event view fixed. [iglocska] - [UI] removed tags embedded in translated text. [iglocska] - [freetext] Also trim out no-break spaces. [iglocska]

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ ░░░░░░░░███████████████░░░░░░░░░░ ░░░░░░███████████████████░░░░░░░░ ░░░░░███░░░░░░░░░░░░░░████░░░░░░░ ░░░░██░░░░░░░░░░░░░░░░░░░███░░░░░ ░░░██░░░░░░░░░░░░░░░░░░░░░███░░░░ ░░██░░███████░░░░░░██████░░██░░░░ ░██░░██─────██░░░░██────██░░██░░░ ░██░░█▄▄▄▄▄▄▄██░░░█▄▄▄▄▄▄██░░██░░ ░██░░████─────█░░░████────█░░░██░ ░██░░█────────█░░░█───────█░░░██░ ██░░░██──────██░░░██─────██░░░░██ ██░░░░████████░░░░░███████░░░░░██ █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ █░░░░░███████████████░░░░░░░░░░░█ █░░░████░░░░░░░░░░░░░░░░░░░░░░░░█ █░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█ ██░░░░░░░░░░░░░░░░░░░░░░░░░░░░░██ ░██░░░░░░░░░░░░░░░░░░░░░░░░░░░░█░ ░░███░░░░░░░░░░░░░░░░░░░░░░░░░██░ ░░░░██░░░░░░░░░░░░░░░░░░░░░░░██░░

Other

  • Merge pull request #4622 from SteveClement/guides. [Steve Clement]

fix: [sql] SQL Syntax error fix - Merge remote-tracking branch 'upstream/2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4616 from SteveClement/guides. [Steve Clement]

chg: [doc] Updated RHEL8 to not be BETA - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' into tools. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4607 from pettai/new-rpz-action-fix. [Andras Iklody]

rpz: fix missing rpz policy actions - Rpz: add missing rpz policy actions. [frpet] - Merge pull request #4600 from pettai/local-data. [Andras Iklody]

rpz: Local-Data - Fix description. [frpet]

make the description clearer - Rpz: action policy rename (to Local-Data) [frpet]

Rename action policy "walled-garden" to "Local-Data" as per the IETF draft (and other documentation for RPZ) - Merge branch '2.4' into tools. [Steve Clement] - Merge pull request #4595 from pettai/action-policy-update. [Andras Iklody]

rpz: make NXDOMAIN default - Rpz: make NXDOMAIN default. [frpet]

Update default action policy from DROP → NXDOMAIN - Merge pull request #4592 from SteveClement/guides. [Steve Clement]

chg: [doc] Update RHEL/CentOS install guides - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4588 from SteveClement/tools. [Steve Clement]

fix: [AdminShell] Added apache user - Merge branch '2.4' into tools. [Steve Clement] - Merge pull request #4587 from pettai/lint-RPZexport. [Andras Iklody]

Lint RPZexport - Update Serial description. [frpet]

Hint about $time, which also is a valid setting - Fix the testForRPZ... functions. [frpet]

Make the testForRPZ... functions happy too. - Merge pull request #4581 from pettai/RPZ-policy-action. [Andras Iklody]

RPZ - Add additional policy actions - Add additional policy actions. [frpet]

Add the last policy actions from the RPZ draft. * rpz-passthru allows for testing without applying changes on the returned answer. * TCP-only forces the client over to use TCP. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' into tools. [Steve Clement] - Merge pull request #4556 from SteveClement/tools. [Steve Clement]

chg: [AdminShell] return the name of the setting change and what we changed it to - Zoidberg's son: Update system (#4534) [Steve Clement]

Zoidberg's son: Update system - Fix typos and i18n in Event controller, model and views (#4541) [Steve Clement]

Fix typos and i18n in Event controller, model and views - Merge branch '2.4' into fix-i18n. [Steve Clement] - Merge branch 'guides' into tools. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch 'yara2' into 2.4. [iglocska] - Cleaning up imports. [edhoedt] - Yara export. [edhoedt] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4545 from MISP/mergeSimilarObject. [Alexandre Dulaunoy]

Several improvement on objects manipulation - Merge branch '2.4' of github.com:MISP/MISP into mergeSimilarObject. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]

v2.4.106 (2019-04-25)

New

  • [tools] Added local forward in case we run under a VM. [Steve Clement]
  • [tools] Added (official) checksums for the Installer. [Steve Clement]
  • [row_attribute] Added title containing the event.info data for the attribute. [mokaddem]
  • [tools] A developer tool to test Pull Requests. [Steve Clement]
  • [thumbnail] Thumbnail are now saved on the disk, greatly improving performance when viewing an event. [mokaddem]
  • [API] Update JSON exposed to the API. [iglocska]
  • [CLI] Update all JSON structures in one shot. [iglocska]
  • [refanging] Attributes automatically refanged in beforeValidate, fixes #4442. [iglocska]
  • [CLI] Worker management added. [iglocska]

  • Added a more exhaustive worker management CLI script package

    • list workers
    • start a worker
    • restart a worker
    • kill a worker
  • [CLI] reset / set a user's API key via the CLI. [iglocska]
  • [CLI] Change password with the --override_password_change (or -o) flag to avoid forcing a password reset. [iglocska]
  • [diagnostic:submodule] Added output message after update - 🚧. [mokaddem]
  • [CLI] Set default role via the CLI. [iglocska]
  • 🚧 LinOTP authentication. [Andreas Rammhold]
  • [UI] refactor of the asset loading. [iglocska]
  • [tags] refactor of the tag picker. [iglocska]

  • massive performance boost

  • re-introduction of the custom tags
  • [CLI] Added restartworkers and update MISP. [iglocska]
  • [feeds] Feed/Server cache search added. [iglocska]

  • /feeds/searchCaches added

  • [UI] First version of the generic index list system. [iglocska]
  • [Attribute] Added possibility to view and resize images. Added php-gd dependency! [mokaddem]
  • [eventindex] clicking on sightings count redirect to the event with sighting only filter activated. [mokaddem]
  • [eventFiltering] Added support of sighting filtering. [mokaddem]

Changes

  • [VERSION] bump. [iglocska]
  • [doc] Updated RHEL8(BETA) doc, core works, misp-modules do not, LIEF does not. (#4529) [Steve Clement]

chg: [doc] Updated RHEL8(BETA) doc, core works, misp-modules do not, LIEF does not. - [doc] Updated RHEL8(BETA) doc, core works, misp-modules do not, LIEF does not. chg: [doc] Some notes for rhel7. [Steve Clement] - [doc] Added more changes to the RHEL/CentOS install doc. [Steve Clement] - Bump PyMISP. [Raphaël Vinot] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [warning-lists] updated to the latest version. [Alexandre Dulaunoy] - [galaxy/taxonomies/warninglists] updated to the latest version. [Alexandre Dulaunoy] - [eventTag] Improved perfs of extraction. [mokaddem] - [event:EventFilteringTool] Forced maximum height. [mokaddem] - [event:EventFilteringTool] Added comments and deleted useless htmlspecialchars [mokaddem] - [event:eventFilteringTool] Improved UI and changted sanitization to allow tag/galaxy pre-filling. [mokaddem] - [event:view] Increase tag colleciton efficiency. [mokaddem] - [event:EventFilteringTool] Display active filtering rules (tags/galaxies) even if not available. [mokaddem]

Due to a recent performance fix, only tags and galaxies of the event are shown, the rule is still displayed event if not matching attributes are found - [event:view] Major performance improvement for large event. [mokaddem]

Due to the introduction of the event filtering widget, attributes were fetched 2 additional times. - [doc] CentOS/RHEL udpates. Merge towards unity. (#4527) [Steve Clement]

chg: [doc] CentOS/RHEL udpates. Merge towards unity. - [doc] CentOS/RHEL udpates. Merge towards unity. [Steve Clement] - [performance] Reworked the pre-fetching of event IDs for the events/restSearch endpoint. [iglocska]

  • no need to count all existing hits in a non paginated situation. Simply use the result count
  • [misp-warninglists] updated with the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [i18n] Updated language files new: [i18n] Added: Portuguese and Arabic. [Steve Clement]
  • [i18n] Updated default.pot fix: [i18n] Fixed parser error. [Steve Clement]
  • More russian translation. [4ekin]
  • [doc] Added note about 19.04. [Steve Clement]
  • [tools] Updated installer. [Steve Clement]
  • [doc] More variable updates. [Steve Clement]
  • [tools] Updated installer. [Steve Clement]
  • [doc] support function variable updates. [Steve Clement]
  • [doc] More variable updates. [Steve Clement]
  • [tools] Some variable changes. [Steve Clement]
  • [tools] Updated installer. [Steve Clement]
  • [tools] 19.04 test. [Steve Clement]
  • [tools] Updated installer. [Steve Clement]
  • [tools] If staff does not exist do not run commands with that group. [Steve Clement]
  • [tools] Updated installer after doc update. [Steve Clement]
  • [doc] minor note. [Steve Clement]
  • [doc] Testing manual/installer fixing some minor variables. [Steve Clement]
  • [doc] Added -1 to rhel/centos and a future note. [Steve Clement]
  • [tools] Changes to reflect the rename of the installer and generated latest installer. [Steve Clement]
  • [tools] Renamed installer to be more Generic. [Steve Clement]
  • [doc] Reflected INSTALL.sh rename. [Steve Clement]
  • [doc] Brought CentOS6 more in-line with CentOS7 (still needs more testing). Minor changes in CentOS7. [Steve Clement]
  • [doc] Redirect debug error output. [Steve Clement]
  • [UI] Show event info on attribute search results page (via hover), fixes #4490. [iglocska]
  • [tools] Renamed the script, added a few more tweaks. [Steve Clement]
  • [doc] RHEL Install doc updates. [Steve Clement]
  • [doc] CentOS lief how-to added fix: [doc] Fixed the MISP Dashboard Cake commands (if you run as root, config.php permissions will be b0rked) [Steve Clement]
  • [doc] More syntactic sugar (in light of an impending installer script) [Steve Clement]
  • [doc] Updated CentOS 7.x Install guide chg: [doc] Now installs most things correctly under a standard CentOS minimal install. [Steve Clement]
  • [queryversion] bumped queryversion. [mokaddem]
  • [popovers] Added dedicated popover container for expansions and sightings (instead of a shared one with the screenshots) [mokaddem]
  • [misp-objects] object templates updated + relationships. [Alexandre Dulaunoy]
  • [download as] updated - now works on non published events in all cases and uses restsearch whenever possible. Fixes #4468. [iglocska]
  • [UI] server settings double clicking on setting name brings up the value text box. [iglocska]
  • [viewPicture] Added comments. [mokaddem]
  • [eventGraph] Added support of picture. Fix #4433. [mokaddem]
  • [eventGraph] initial work before implementing thumbnails support. [mokaddem]
  • Bump PyMISP. [Raphaël Vinot]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [generic_picker] select_threshold is now parametrized. [mokaddem]
  • [diagnostic:submodules] added updateJSON in the web interface. [mokaddem]
  • [CLI] line-break added at the end of execution. [iglocska]
  • [diagnostic:submodule] Better control of the glue merging command outputs. [mokaddem]
  • [diagnostic:submodules] Added support and feedbacks if workers not available. [mokaddem]
  • [diagnostic:submodule] continued sync DB after pull done - 🚧. [mokaddem]
  • [diagnostic:submodule] Started integration of update DB after pull with workers. [mokaddem]
  • [docs] Added update JSON CLI command description. [iglocska]
  • [misp.js] Moved all listeners inside $.ready() [mokaddem]
  • [user] Usage of the assetLoader instead of echo. [mokaddem]
  • [diag] Added grep -v ^- to make sure we always only get the submodules that are available. [Steve Clement]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [diag] Considered the case if submodules are not checked out and added a local check for the submodule hash. [Steve Clement]
  • [documentation] Added setDefaultRole CLI command to the list of described CLI tasks on the automation page. [iglocska]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [diagnostic:submodule] General improvements (see below) [mokaddem]

  • Allow update button reuse (avoiding blackhole)

  • Improved feedback when errors
  • Check if submodules are readable
  • [doc] Debian testing is working. [Steve Clement]
  • [doc] Tried to update the debian install guide. [Steve Clement]
  • [diagnostic] Renamed variable names. [mokaddem]
  • [disagnostic] Handling submodule younger case. [mokaddem]
  • [diagnostic] Improved submodules version and added individual update. [mokaddem]
  • [diagnostic] Beter parsing of submodule output. [mokaddem]
  • Bump PyMISP. [Raphaël Vinot]
  • [cti-python-stix2] Bumped latest version. [chrisr3d]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [restClient:querybuilder] bit of cleanup. [mokaddem]
  • [restClient:querybuilder] Prefil the QB when picking a saved query - 🚧. [mokaddem]
  • [INSTALL] Do not touch the auto-generated installation file anymore. [mokaddem]
  • [viewPicture] Echo base64decoded data with GIF image type as php-gd does not support animated gif. [mokaddem]
  • [Attribute] Implemented Iglocska review - Do not pass image data to the view anymore - Improved conditions - Added light support of gif. [mokaddem]
  • [INSTALL] Added GD dependency. [mokaddem]
  • [diagnostic] Added GD in PHP extension. [mokaddem]
  • [viewPicture] Adaptative behavior if php-gd not loaded. [mokaddem]
  • [Attribute] Added loading icon when downloading pictures. [mokaddem]
  • Cleanup 2. [mokaddem]
  • Clean-up. [mokaddem]
  • [Attribute] Image thumbnail and view image. [mokaddem]
  • [diag] Added a more dynamic way for submodule version status. [Steve Clement]
  • [matrixPopup] UI improvement to better support small screens. [mokaddem]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • Removed duplicate. [mokaddem]
  • [i18n] Fix filename typo. [Steve Clement]

Fix

  • [doc] Fixed symlink for kali. [Steve Clement]
  • [object:edit] attachment field when empty. [mokaddem]
  • [Sightings] ACL fixed. [iglocska]
  • [event:querybuilder] Force QB wrapper to fit the rules. [mokaddem]
  • [event:EventFilteringTool] Using toggleBoolFilter button does not reset the rules. Fix #4418. [mokaddem]
  • [JS] Correctly handle event locks. [iglocska]
  • [sightings] Users with sighting permissions should be able to add sightings even if they don't have event write access. [iglocska]
  • [cleanup] Fixed indentation. [chrisr3d]
  • [UI] Event lock warnings missing due to missing ctp file. [iglocska]
  • [performance] Manually inject index hints for the value lookup. [iglocska]

  • Disgusting fix for old versions of MySQL

  • I need a shower after this
  • [API] Invalid negative lookup fixed. [iglocska]
  • [debug] Removed breakpoint. [iglocska]
  • [tools] Correct iptables command. [Steve Clement]
  • [tools] fix iptables typo. [Steve Clement]
  • Fixed wrong link to feed event from event attribute hit. [4ekin]
  • I18n fixed in some views. [4ekin]
  • [tools] Somehow there are issues with groups and sudo :( [Steve Clement]
  • [doc] Fixed broken RHEL8 BETA link. [Steve Clement]
  • [stats:galaxyMatrix] No longer trim the end of the cluster name. [mokaddem]
  • [UI] Minor font-awesome switch related issues fixed. [iglocska]
  • [UI] Modifying push/pull rules fails via the server edit. [iglocska]
  • [export] Fixed broken bro export, fixes #4050. [iglocska]
  • [stix2 export] Fixed labels duplication while exporting multiple events from MISP. [chrisr3d]
  • [stix restSearch] Fixed output json format in case of empty results. [chrisr3d]
  • [stix restSearch[ Quick file extension clarification. [chrisr3d]

  • Depending on the format (.stix or .stix2)

  • Impacting temporary files, it is thus for debugging purpose in case of error
  • [restClient] nationality is not a integer anymore. [mokaddem]
  • [statistics] Don't show types with no values. [iglocska]
  • [taxonomies] non initialised variable throwing notices fixed. [iglocska]
  • [CLI] Worker start script reverted. [iglocska]

  • new script moved to start_dynamic.sh

  • stuck workers could not be restarted
  • [UI] Jobs index removed old style tabs. [iglocska]
  • Fix: [ACL] HELLO @RichieB2B! fixed invalid capitalisation in the queryACL. [iglocska]
  • [updates] I can't boolean. [iglocska]
  • [merge] issue. [iglocska]
  • [refanging] Removed invalid pattern. [iglocska]
  • [bug] Typo causing "\" to be stripped from attributes where it shouldn't be stripped. [iglocska]
  • [advanced extraction] Fixed invalid double encryption of the malware samples. [iglocska]
  • [User] Fixed missing files for distribution_network (events index) [mokaddem]
  • [bug] Fixed broken multi-attribute tagger. [iglocska]
  • [acl] added route. [mokaddem]
  • [diagnostic] Fixed required stix2 version to the latest one. [chrisr3d]
  • [acl] added missing entry. [Andras Iklody]

This message was sent from my Blackberry. - [feeds] Stop the reset of the attribute count after a feed pull is completed, fixes #4414. [iglocska] - [distributionGraph] Fix fa icon. [mokaddem] - [UI] First recorded change fixed to not be copy pasta of the last change's timestamp. [iglocska] - [API] role_id is not required when POSTing users if a default role is set on the instance. [iglocska] - Missing test files in PyMISP. [Raphaël Vinot] - [UI] Reverted some breaking changes. [iglocska] - [API] Correctly embed attributes and the event metadata in the object via /objects/view/[ID] [iglocska] - [API] /objects/view should return dictionary not list. [iglocska] - [JS] fixed a JS breaking bug. [iglocska] - Allow x-frames in apache configs. [iwitz] - [UI] Changed the querystring loading for css/js. [iglocska] - TODO i18n strings in Attribute Model and updated default.pot. [4ekin] - Fixed i18n strings in Views. [4ekin] - Fixed i18n strings in Controllers. [4ekin] - [enrichment view] Fixed distribution display at attribute level. [chrisr3d] - [UI] Performance boost for the tag selector. [iglocska] - [UI] Check if user is logged in switched to on-demand JSON version. [iglocska] - [Training] Further fixes. [iglocska] - [Training] typos fixed. [iglocska] - [Training] Fixed user password reset remotely. [iglocska] - [Training] Minor fixes. [iglocska] - [Training] org name vs id mixup fixed. [iglocska] - [Training] Further tuning. [iglocska] - [Training] Further error handling. [iglocska] - [Training] added more debugging. [iglocska] - [Training] host org fixed. [iglocska] - [Training] Org ID for sync users fixed. [iglocska] - [Training] small fixes. [iglocska] - [Training] Fix to the setup script. [iglocska] - [feed] Added missing feed search view. [iglocska] - Missing libonig on travis with PHP nightly. [Raphaël Vinot] - [API] Feed index shouldn't adhere to pagination defaults of the UI, fixes MISP/misp-book#149. [iglocska] - [UI] Colours for feed index buttons fixed. [iglocska] - [ACL] Added ACL for the new cache searches. [iglocska] - [UI] Missing sync / feed pull/push buttons re-added. [iglocska] - [restClient:querybuilder] Fixed a bug where multiple rules where not added correctly and show API info box. [mokaddem] - [RestClient:queryBuilder] Distribution level in the query builder. Fix #4280. [mokaddem] - [Accessibility] Added titles to the role index icons, affects #4258. [iglocska] - [thumbnail] picture preview was not showing up all the time. [mokaddem] - [picturePreview] Don't show the fullscreen button if php-gd is not installed. [mokaddem] - [ACL] Whitelisted viewPicture [mokaddem] - [viewField] Reversed condition (initially set for testing) [mokaddem] - [enrichment view] Making sure the document is ready before calling any javascript. [chrisr3d] - [enrichment] Set potentially missing category, ids & distribution values before going to the view. [chrisr3d]

  • Set the default values in the controller's side instead of the view's side
  • [enrichment view] Fixed typo. [chrisr3d]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge pull request #4484 from obert01/fix-tag-search. [Andras Iklody]

Fixed case sensitivity in the tag search API (/tags/search). - Fixed case sensitivity in the tag search API (/tags/search). [Olivier BERT]

There was still a problem for matching the search on a cluster name. I have also slightly simplified the construction of the SQL request for better code readability. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4492 from mokaddem/eventViewPerfImprov. [Andras Iklody]

[event:view] Major performance improvement for large event - Merge branch '2.4' of github.com:MISP/MISP into eventViewPerfImprov. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into eventViewPerfImprov. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #4517 from SteveClement/i18n. [Steve Clement]

chg: [i18n] Updated language files - Merge pull request #4512 from 4ekin/russian_translation. [Steve Clement]

chg: More russian translation - Merge pull request #4516 from SteveClement/INSTALL_19.04. [Steve Clement]

chg: [tools] Tested and adapted the installer to work with latest Ubuntu Server 19.04 - Merge pull request #4515 from SteveClement/tools. [Steve Clement]

chg: [tools] Updated installer - Merge pull request #4514 from SteveClement/tools. [Steve Clement]

fix: [tools] Correct iptables command - Merge pull request #4513 from 4ekin/fix-i18n. [Andras Iklody]

Fix i18n and wrong link to feed event - Merge pull request #4511 from SteveClement/tools. [Steve Clement]

new: [tools] Added local forward in case we run under a VM. - Merge pull request #4509 from SteveClement/guides. [Steve Clement]

fix: [doc] Fixed broken RHEL8 BETA link. - Merge pull request #4503 from SteveClement/tools. [Steve Clement]

chg: [tools] Updated installer after doc update - Merge pull request #4502 from SteveClement/guides. [Steve Clement]

chg: [doc] Testing manual/installer fixing some minor variables - Merge pull request #4501 from SteveClement/tools. [Steve Clement]

new: [tools] Added (official) checksums for the Installer. - Merge pull request #4498 from SteveClement/tools. [Steve Clement]

chg: [tools] Renamed installer to be more Generic - Merge pull request #4500 from SteveClement/guides. [Steve Clement]

chg: [doc] Reflected INSTALL.sh rename - Merge pull request #4499 from SteveClement/i18n. [Steve Clement]

chg: [i18n] Polish Translation typo fixed - Merge branch '2.4' into i18n. [Steve Clement] - Merge pull request #4493 from obert01/fix-accessibility. [Steve Clement]

New bunch of accessibility fixes. - New bunch of accessibility fixes. [Olivier BERT]

This affects EventBlacklists, Feeds, GalaxyClusters, News (index), OrgBlacklists (index), Organisations (index), SharingGroups (index), Taxonomies (view), Event Discussions, Event attribute table, Event proposal table. - Merge pull request #4496 from SteveClement/guides. [Steve Clement]

chg: [doc] Brought CentOS6 more in-line with CentOS7 - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4488 from SteveClement/tools. [Steve Clement]

new: [tools] A developer tool to test Pull Requests - Merge branch '2.4' into tools. [Steve Clement] - Merge pull request #4478 from RichieB2B/ncsc-nl/centos6. [Steve Clement]

Make xINSTALL.centos6.md work again - Make xINSTALL.centos6.md work again. [Richard van den Berg] - Merge pull request #4487 from SteveClement/guides. [Steve Clement]

chg: [doc] RHEL Install doc updates - Merge pull request #4486 from SteveClement/guides. [Steve Clement]

chg: [doc] CentOS lief how-to added - Merge pull request #4480 from SteveClement/guides. [Steve Clement]

chg: [doc] Updated CentOS 7.x Install guide - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4470 from pettai/ShibbAuth. [Andras Iklody]

Update README.md - Update README.md. [frpet]

Makes API Authorization work - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4441 from mokaddem/eventGraph_thumbnail. [Andras Iklody]

EventGraph thumbnails - Merge pull request #4451 from obert01/fix-delete-user. [Andras Iklody]

Fix for broken "delete user" link in side menu. - Fix for broken "delete user" link in side menu. [Olivier BERT] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch 'feature/attribute_references' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into feature/attribute_references. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4435 from MISP/submoduleUpdatev4. [Steve Clement]

Diagnostic - Submodule update v4 - Merge branch '2.4' into submoduleUpdatev4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4438 from liedekef/patch-1. [Alexandre Dulaunoy]

Install doc fixes - LD_LIBRARY_PATH setting needed for rh-git218. [Franky Van Liedekerke] - Update INSTALL.rhel7.md. [Franky Van Liedekerke] - Redhat install doc updates. [Franky Van Liedekerke]

Selinux simplications (otherwise web-based update won't work anyway) haveged is optional Crypt_GPG was being installed 2 times - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4434 from SteveClement/tools. [Steve Clement]

chg: [diag] Considered the case if submodules are not checked out - Merge branch '2.4' into tools. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4427 from mokaddem/submoduleUpdatev3. [Steve Clement]

Submodule updateV3 - Update Server.php. [Steve Clement]

Small typo - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4430 from SteveClement/guides. [Steve Clement]

chg: [doc] Updated debian guides - Merge pull request #4399 from GOVCERT-LU/chg_add_pipenv. [Raphaël Vinot]

Install python dependencies via Pipfile instead of manually cloning / installing them - Added "fileobjects" to PyMISP; updated PyMISP and stix2 refs. [Georges Toth] - Add Pipfile and Pipfile.lock. [Georges Toth] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - 🚧 [enrichment] Removed debug calls. [chrisr3d]

  • Before having new modules fully operational, let us at least not keep only 2 debugs within an exposed function
  • Merge pull request #4425 from mokaddem/improvedSubmoduleDiagnostic. [Andras Iklody]

Improved submodule diagnostic - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4419 from RichieB2B/ncsc-nl/sql-cleanup. [Andras Iklody]

Be consistent in quoting table names - Be consistent in quoting table names. [Richard van den Berg] - Merge pull request #4421 from andir/2.4-linotp. [Andras Iklody]

new: 🚧 LinOTP authentication - Merge pull request #4420 from RichieB2B/ncsc-nl/misp-wipe-update. [Andras Iklody]

Update misp-wipe - Wipe new SQL tables in misp-wipe. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge branch 'feature/assetloader' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4416 from tom564/patch-1. [Steve Clement]

Fix blank $PATH_TO_MISP - Fix blank $PATH_TO_MISP. [tom564]

Move PATH_TO_MISP={PATH_TO_MISP:-(locate MISP/app/webroot/index.php|sed 's/\/app\/webroot\/index.php//')} outside of if statement checking if manual input is required otherwise is only executed if locate is unable to determine path. - Merge pull request #4413 from iwitz/2.4. [Steve Clement]

fix: allow x-frames in apache configs - Merge pull request #4410 from 4ekin/fix-i18n. [Steve Clement]

Fix i18n in controllers, views, Attribute model - Update WarninglistsController.php. [Steve Clement]

Added more __() - Update WarninglistsController.php. [Steve Clement]

typo - 🚧 [enrichment] Added javascript function to fetch all elements from the view. [chrisr3d] - 🚧 [enrichment view] Displaying multiple additional fields. [chrisr3d]

  • Object ID of the object containing the attribute which was used to query the module is displayed, if it is this attribute is part of an object
  • Displaying Object meta-category and uuid as well
  • Multiple displaying arragements
  • Redefinition of some classes to help finding every element of the form
  • Add: [enrichment] Added MISP Objects distribution in the view. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4390 from couchuser12345/couchuser12345-patch-1. [Steve Clement]

Add updateUser to default config - Add updateUser to default config. [couchuser12345] - Merge pull request #4408 from iwitz/patch-6. [Steve Clement]

add: RHEL7 php-gd installation - Add: php-gd installation. [iwitz] - Merge pull request #4411 from obert01/fix-iconlinks-accessibility. [Andras Iklody] - Accessibility: added roles and aria labels for many icons and icon links (server list, tags, users, roles, attributes, ...) [Olivier BERT]

There is still much work to be done. But we are on the road.

Ideally, and in order to avoid code dupplicates, we should have some utility functions to generate a proper and accessible yes/no icon, an accessible icon link, etc. This would prevent the code from being filled with "aria-label" tags, since the "title" and "aria-label" properties are nearly always the same. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [freetext import] Added disable_correlation checkbox. [chrisr3d]

  • We can now disable correlation on attributes from the resolved attributes view
  • 🚧 [enrichment view] Reordered different elements and classes. [chrisr3d]

  • Making the next step iterations easier

  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • 🚧 [enrichment view] Displaying Object References information. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' into i18n. [Steve Clement]
  • Merge pull request #4387 from mokaddem/prefillQB. [Andras Iklody]

Prefill the restclient querybuilder when picking a saved query - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch 'thumbnail' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into thumbnail. [mokaddem] - Merge pull request #4392 from SteveClement/tools. [Andras Iklody]

chg: [diag] Added a more dynamic way for submodule version status. - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4252 from mokaddem/sightingFiltering. [Steve Clement]

Sighting filtering - Merge branch '2.4' of github.com:MISP/MISP into sightingFiltering. [mokaddem] - Merge branch '2.4' into i18n. [Steve Clement]

v2.4.105 (2019-03-28)

New

  • [diagnostic] Fetch submodules git status. [mokaddem]
  • [export] Replaced the old non-cached export page. [iglocska]

  • uses restsearch

  • similar UI to the cached exports
  • [UI] FA5 update finalised. [iglocska]

  • includes helpers to untangle the branded icon mess

  • [UI] disable threat level from the UI based on a server setting, fixes #4359. [iglocska]

  • bye shitty deprecated field

  • [UI] Move to FA 5. [iglocska]

Changes

  • [version] bump. [iglocska]
  • [diagnostic] Added reload button for submodules git status. [mokaddem]
  • [diagnostic] Changed submodule header table text. [mokaddem]
  • [submodules] added skeleton for submodules git status - 🚧. [mokaddem]
  • Additional Russian translation. [4ekin]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [UI] explain the authkey's source in the new server view, fixes #4368. [iglocska]
  • Bump PyMISP (test case bug) [Raphaël Vinot]
  • Add details when the ACLs are broken. [Raphaël Vinot]
  • Bump warninglists. [Raphaël Vinot]
  • Bump pymisp (improve test cases) [Raphaël Vinot]
  • Bump pymisp (more details in test cases) [Raphaël Vinot]
  • Bump PyMISP - tests for #4355. [Raphaël Vinot]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]

Fix

  • 🔒 Fix to a reflected XSS in the default layout template. [iglocska]

  • as reported by Tuscany Internet eXchange | Misp Team | TIX CyberSecurity

  • [stix import] Fixed issues with additional namespaces. [chrisr3d]

  • Using a list where any additional namespace can be added

  • Catching any missing additional namespace with the return code '4' raised in case of namespace not found error
  • I18n fixed in Views and updated default.pot. [4ekin]

Updated default.pot file according Views and Controllers changes Updated Views with i18n issues - [enrichment view] Avoid displaying empty fields. [chrisr3d] - Fixed i18n string representation and android logo. [4ekin]

Fixed i18n string representation in views: * Diagnostics * Files * Tabs Fixed android icon dissapear in workers tab. - Fixed i18n string representation in Server Controller and Model. [4ekin] - [stix export] Fixed tlp markings that were obscurly set to a wrong value in some cases. [chrisr3d]

  • Setting incident handling object correctly
  • Avoid using distribution levels to set tlp color
  • [sync] Adding a new server caused the pull/push rules to be incorrectly set to an empty string over '[]' causing sync issues, fixes #4369. [iglocska]

  • this fix resolves the issue - new servers added should be fine

  • it also retroactively fixes broken server connections
  • [enrichment view] Fixed typo. [chrisr3d]
  • [enrichment] Fixed results handling function name typo. [chrisr3d]
  • [ACL Component] Added new function (for new modules format) in the list. [chrisr3d]
  • [bug] Fixed a bug that caused attributes not to save via the UI. [iglocska]
  • [UI] Inconsistend pluralisation fixed, fixes #4360. [iglocska]
  • [UI] Remvoed broken edit org button for admins, fixes #4358. [iglocska]
  • Fixed i18n string representation in Views. [4ekin]

Fix for a plenty of Views with incorrect localizations (only English text shown) - Fixed i18n string representation in Controllers. [4ekin]

Fixed i18n string representation (flash and exception messages) in controllers: * OrganisationController * RolesController * TaxonomiesController - [API] fixed adding malware-samples unencrypted with the encrypt key set, fixes #4355. [iglocska]

Other

  • Merge pull request #4337 from mokaddem/submoduleDiagnostic. [Steve Clement]

Submodule diagnostic - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4381 from 4ekin/fix-i18n. [Steve Clement]

Fix i18n in Views and updated default.pot - Merge pull request #4350 from 4ekin/russian_translation. [Steve Clement]

chg: additional Russian translation - Merge pull request #4373 from 4ekin/fix-i18n. [Andras Iklody]

Fix i18n and Android icon in workers - Merge pull request #4370 from obert01/fix-matrix-submit-btn- accessibility. [Andras Iklody]

Make the submit button focusable (tabindex) in the matrix view. - Make the submit button focusable (tabindex) in the matrix view. This is necessary for use with screen readers. [Olivier BERT] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - 🚧 [enrichment view] Displaying sharing group distribution if needed. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - 🚧 [enrichment view] Test returning data from the new form. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - 🚧 [enrichment view] Made IDS, comment and distribution changeable. [chrisr3d]

  • Applied on each attribute and object attribute returned as part of the module results
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge pull request #4351 from 4ekin/fix-i18n. [Andras Iklody]

Fix i18n in Controllers and Views

v2.4.104 (2019-03-21)

New

  • [cluster] Display heatmap on the Att&ck Matrix for all tagged data. fix #4344. [mokaddem]
  • [tagging] Stop pre-populating forms for tagging / attaching of galaxies. [iglocska]

  • avoids any potential CSRF issues, the form is fetched just in time for the submission

  • [galaxyMatrix] Added possibility to pick a galaxy to view it's statistic. [mokaddem]
  • [Required taxonomies] [iglocska]

  • Flip taxonomies into required mode to ensure that events cannot be published without at least one tag from each required taxonomy to be set

  • [REST client] Added history/bookmarks. [iglocska]
  • [DistributionGraph] Added pie chart on sharing group. fix #4101. [mokaddem]
  • [galaxies] Allow deleting full galaxies. [iglocska]
  • [exercises] Added a new setup script for configuring exercise infrastructures rapidly. [iglocska]

  • assumes a hub MISP and a set of training MISPs for different participating teams

  • This script is to be executed on the hub MISP and assuming a consecutively incrementing numeric component in the training MISPs' URL it will pre-configure them
  • each instance has to have the same API key for the site admin (the idea is to clone training VMs)

  • configuration creates users, organisations, sync users, sync connections across both the hub and the individual trainee instances

  • Just copy /var/www/MISP/app/Console/Command/training.default.json to /var/www/MISP/app/Console/Command/training.json and configure it to get started
  • [Feeds] New overlap tool finished. [iglocska]

  • compare a feed against a combination of feeds/servers to find if you can cover the contents with a combination of other cached feeds

  • [Feeds] Implementation of the feed coverage tool (🚧) [iglocska]
  • [API] Add pagination related parameters to event index, fixes #4270. [iglocska]

Changes

  • [version] bump. [iglocska]
  • Bump PyMISP. [Raphaël Vinot]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [statisticsMatrix] Improved redirection URL. [mokaddem]
  • [db script] version bump. [iglocska]
  • Updated comments. [mokaddem]
  • [distributionNetwork] Prevent interactive picking in event index. [mokaddem]
  • [distributionNetwork] Improved consistency in event index and improved UX - 🚧. [mokaddem]
  • [distributionNetwork] Added missing JS. [mokaddem]
  • [distributionNetwork] Integration with event index - 🚧. [mokaddem]
  • [distributionGraph] Added bar chart and deferred distribution data fetching process. [mokaddem]
  • [distributionGraphNetwork] Improved sharing accuracy. [mokaddem]
  • [distributionGraphNetwork] Adjusted gravitationalConstant and mass. [mokaddem]
  • [distributionGraph] Improved UI and added close button. [mokaddem]
  • [distributionGraph] Added description on blocked distribution edge. [mokaddem]
  • [distributionGraph] Added possibility to focus on an organisation. [mokaddem]
  • [distributionGraph] Show event is empty if the event is empty. [mokaddem]
  • [distributionGraph] Added interactive plotting feature. [mokaddem]
  • [distributionGraph] Pin node after drag. [mokaddem]
  • [distributionGraph] Added support of sharing group - 🚧. [mokaddem]
  • [distributionGraph] Continuation of integration, basic distribution is supported - 🚧. [mokaddem]
  • [distributionGraph] Started advanced distribution view. [mokaddem]
  • [distributionGraph] Replaced all tabs by spaces. [mokaddem]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [Training] Further cleanup and interactive mode. [iglocska]

  • splitting of some nastier unreadable functions

  • added interactive mode
  • [REST] Disable all SSL validation if requested by the user. [iglocska]
  • [Training script] Improvements. [iglocska]

  • Create reverse sync accounts/link on demand

  • Create admin users for the player teams on demand
  • Some minor fixes
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [cakephp version] bump. [iglocska]
  • [training] Some additional changes. [iglocska]
  • [training script] Added server indication. [iglocska]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [i18n] Various updates to translations, most notably French is at 100% again. new: [i18n] Added initial Swedish and Polish translations chg: [i18n] Updated default.pot. [Steve Clement]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [feeds] removed broken MISP feed. [Alexandre Dulaunoy]
  • [feeds] inThreat feed removed as it's no longer available. [iglocska]
  • [tasks] anchor typo fixed. [Alexandre Dulaunoy]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version (LS19 exercise) [Alexandre Dulaunoy]
  • [tools] misp-restore updates. Still 🚧. Not working ATM. [Steve Clement]
  • [tools] Various changes to the misp-backup script to make it more stable. Still 🚧. [Steve Clement]
  • [workers] Worker start script has initial support to only restart the workers that are not running. [Steve Clement]

Fix

  • [tools] Fixed empty variable check function. [Steve Clement]
  • [stix2 export] Fixed comma typo. [chrisr3d]
  • [stix2 export] Support of previous versions of python that are more restrictive with arguments syntax. [chrisr3d]
  • [exports] Fixed copy pasta fail breaking the cached exports. [iglocska]
  • [enrichment] Set distributions & sgs for all the possible views. [chrisr3d]
  • [enrichment] Fixed variable name typo. [chrisr3d]
  • [freetext] Stop parsing dates as phone numbers. [iglocska]
  • [bro] typo fixed that caused an exception, fixes #4343. [iglocska]
  • Added missing view. [mokaddem]
  • [taxonomies] Counts fixed. [iglocska]
  • [ACL] fixed. [iglocska]
  • [Galaxy:update] Cast GalaxyElement into a String Ensuring the correct type before the insertion. [mokaddem]
  • [ACL] Fixed ACL. [iglocska]
  • [rest client] Made the links more obvious. [iglocska]
  • [enrichment] Fixed $event variable handling + monkey typo. [chrisr3d]
  • [diagnostics] search field removed from worker tab. [iglocska]
  • [Training] Some clarifications. [iglocska]
  • [Training] Function extraction fail. [iglocska]

  • Shame. Shame. Shame.

  • [Training] Invalid user input capture fixed. [iglocska]
  • [distributionNetwork] Added a threshold on the number of organisation that can be displayed a time. Will need some more love later on. [mokaddem]
  • [ACL] Whitelisted genDistributionGraph [mokaddem]
  • [disitributionNetwork] Empty cached org on redraw. [mokaddem]
  • [distributionGraph] Transform associative array into regular array. [mokaddem]
  • [distributionGraph-network] fixed sharing group singleton. [mokaddem]
  • [distributionGraph:network] Only use sharing group part of the event. [mokaddem]
  • [distributionGraph] Org's name with spaces can be focused. [mokaddem]
  • [training] Added created sync users to the reporting. [iglocska]
  • [enrichment] Added missing data field in attribute in case of attachement type attribute. [chrisr3d]
  • [eventFiltering] quickfilter on value does not filter on wrong category anymore. [mokaddem]
  • [Training] Interesting link. [iglocska]

  • Someone just told us about fmylife.com - if this day continues like this I might have to post there about the development

  • [training] Inverse conditional fixed. [iglocska]
  • [Training] Duplicate user add handling. [iglocska]
  • [Training] Handle sync connections failing to be saved better. [iglocska]
  • [training] Small fix. [iglocska]
  • [training] fixes to the org creation. [iglocska]
  • News View add, index and Controller (flash messages i18n bug. [4ekin]
  • Admin User index, view, edit i18n bug fix: User view i18n bug. [4ekin]
  • Attributes index wrong ditribution field fix: Logs search bug i18n fix: Organisations index bug i18n. [4ekin]
  • Merge issue chg: Russian translation. [4ekin]
  • [Training] Cause I'm a lumberjack and I'm ok. [iglocska]
  • [Training] AAARGH. [iglocska]
  • [training] Further work on the script. [iglocska]
  • [training] Allow for self signed certs. [iglocska]
  • [training] Siplified key management. [iglocska]
  • [Training] Further fixes. [iglocska]
  • [training script] Added some resilience to prior partial executions. [iglocska]
  • [training] Fixes based on failed executions. [iglocska]
  • [training script] Case sensitivty fixed. [iglocska]
  • [training script] verbose mode added. [iglocska]
  • [training script] Minor fixes. [iglocska]
  • [training] training setup script now correctly handles settings. [iglocska]
  • [UI] Removed input field from form where it's not applicable. [iglocska]
  • [API] resetting the authkey didn't respond with the new key before, making automation difficult. [iglocska]
  • [object references] Fixed an issue with the reference type not being loaded correctly. [iglocska]
  • ['rest client'] Python script generator fixed. [iglocska]
  • [export] cached exports for bro were broken. [iglocska]

  • bro still hasn't been migrated to restsearch

  • the exception for this in the caching algorithm called the wrong function
  • [tools] misp-restore works a little better... still 🚧. [Steve Clement]
  • [i18n] Stray file removed. [Steve Clement]
  • [UI] Missing org logos added to statistics -> organisations page, fixes #4271. [iglocska]
  • More filter element i18n bug. [4ekin]
  • Events index filter button i18n bug. [4ekin]

Other

  • Merge pull request #4349 from SteveClement/tools. [Steve Clement]

fix: [tools] Fixed empty variable check function - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4346 from mokaddem/matrixOnGalaxyLevel. [Andras Iklody]

new: [cluster] Display heatmap on the Att&ck Matrix for all tagged data. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - 🚧 [enrichment view] First version of the view for objects & attributes returned from misp modules. [chrisr3d]

  • Visualization atm
  • Submit button + related actions to come soon
  • Possible changes on visual aspects to come too
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4308 from mokaddem/galaxyMatrixStat. [Andras Iklody]

Galaxy matrix statistics available for eligible galaxy - Merge branch '2.4' of github.com:MISP/MISP into galaxyMatrixStat. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4342 from liviuvalsan/bug_fix_bro_export. [Andras Iklody]

Fixing bug when exporting to Bro MISP attributes from events that contain a percentage sign inside the event info - Fixing bug when exporting to Bro MISP attributes from events that contain a percentage sign inside the event info. [Liviu Valsan] - Merge branch 'kafka' into 2.4. [iglocska] - Publish events to Kafka. [Nikos Filippakis] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4341 from liviuvalsan/attribute_performance_improvements. [Andras Iklody]

Addressing performance issues for fetching attributes when blocking attributes via proposals - Addressing performance issues for fetching attributes when blocking attributes via proposals. [Liviu Valsan] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [enrichment view] Added side menu indications. [chrisr3d]

  • Same as for Freetext results.
  • Replacing freetext results when no simplified format is returned as module result
  • Actual results view coming soon
  • 🚧 [enrichment] Handling module results and passing it to the view. [chrisr3d]

  • Work in progress on the view right now

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4313 from pettai/RPZexport. [Andras Iklody]

Add $time for Plugin.RPZ_serial - Add $time for serial. [frpet]

Add $time for generating unixtime as serial - Merge branch 'extendedDistributionGraph' into 2.4. [mokaddem] - Merge pull request #4309 from mokaddem/extendedDistributionGraph. [Alexandre Dulaunoy]

Improvement on distribution visualization - Merge branch '2.4' of github.com:MISP/MISP into extendedDistributionGraph. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into extendedDistributionGraph. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into extendedDistributionGraph. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into extendedDistributionGraph. [mokaddem] - Merge remote-tracking branch 'origin/2.4' into extendedDistributionGraph. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - 🚧 [enrichment] Capturing attributes & objects returned by modules. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4293 from 4ekin/russian_translation. [Steve Clement]

fix: Merge issue - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4299 from nikofil/zmq_flag_fix. [Andras Iklody]

Fix checking of incorrect flags when publishing to ZMQ - Fix checking of incorrect flags when publishing to ZMQ. [Nikos Filippakis]

  • Check Plugin.ZeroMQ_event_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in Event.php
  • Check Plugin.ZeroMQ_audit_notifications_enable instead of Plugin.ZeroMQ_user_notifications_enable in Log.php
  • Check Plugin.ZeroMQ_object_notifications_enable instead of Plugin.ZeroMQ_attribute_notifications_enable in MispObject.php
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • 🚧 [hover enrichment] Started changing hover enrichment as well. [chrisr3d]

  • As for enrichment modules, it does not change the support of the current modules, and should not interfere with them either

  • 🚧 [enrichment] Started changing enrichment modules. [chrisr3d]

  • Passing full attributes to the new modules

  • No changes for the currently used modules
  • Using a parameter to specify which format to use
  • Current format used if no parameter is set ⚠ 🚧, more to be updated soon ⚠
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge pull request #4285 from SteveClement/tools. [Steve Clement]

chg: [tools] More work on misp-restore, still 🚧 but a little more functional - Merge branch '2.4' into tools. [Steve Clement] - Merge pull request #4276 from SteveClement/i18n. [Steve Clement]

chg: [i18n] Various updates to translations, most notably French is at 100% again. - Merge branch '2.4' into i18n. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4275 from RichieB2B/ncsc-nl/workers-stop. [Andras Iklody]

Add workers stop script - Add workers stop script. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4266 from RichieB2B/ncsc-nl/fix-sys-path. [Andras Iklody]

Add correct PyMISP_dir to sys.path - Add correct PyMISP_dir to sys.path. [Richard van den Berg] - Merge pull request #4265 from obert01/fix-index-accessibility. [Andras Iklody]

Event index: Aria label properties on view/edit/publish/delete links … - Event index: Aria label properties on view/edit/publish/delete links for better consistancy accross screen readers and accessibility standards compliance. [Olivier BERT] - Merge pull request #4262 from 4ekin/fix-wrong-i18n. [Andras Iklody]

fix: Events index filter button i18n bug - Merge pull request #4263 from SteveClement/tools. [Steve Clement]

chg: [Tools] misp-backup/-restore improvements, quality of life improvements of worker start.sh

v2.4.103 (2019-03-04)

New

  • Added ldapEmailField example and exaplanation. [iwitz]
  • Add ldapEmailField config option. [iwitz]

The ldapEmailField option can be used to specify different fields in which email addresses of Kerberos-authenticated users can be found. If this option is not used, it defaults to the 'mail' field, which makes it compatible with old configurations. - [API] exposed change_pw function to the API, fixes #4256. [iglocska] - [installer] Added tests. [Steve Clement] - [cli] Added getWorkers to cake Admin Shell. It returns a JSON with the status of the current workers. [Steve Clement] - Add tests after install. [Raphaël Vinot] - [eventview] Shows number of object in the event. [mokaddem] - [UI] Rework of the attribute index toolbar on the event view. [iglocska] - [UI] Added quickfilter for the server settings. [iglocska]

  • no more **** around trying to find the right settings!
  • [UI] Further work on the server settings UI. [iglocska]

  • overview reworked

  • some minor adjustements
  • [UI] Reworked the sharing group add/edit tool. [iglocska]
  • [UI] rework of the server settings. [iglocska]
  • [UI] Updated the server preview index to follow the new tab UI standards. [iglocska]
  • [UI] Refactored the feed preview index UI to the new tab system. [iglocska]
  • [Feed preview UI] Added quick filter to the MISP feed preview. [iglocska]
  • [UI] Added javascript to support the index filtering. [iglocska]
  • [UI] Tied the index filter system into all indeces. [iglocska]

  • 🚧: Event view

  • [UI] Added new system to template index filters. [iglocska]
  • [setting] Use the new setting to set the urls to the current instance on sharing groups when pushing the info via the API. [iglocska]
  • [setting] Added new setting to set external baseurl. [iglocska]

  • idea is to decouple the baseurl (used to prepend links) from the announce baseurl (for sharing groups / emailing)

  • [Rest client] Download results as file. [iglocska]
  • [API] restsearch returns more information about the export system used via headers. [iglocska]
  • [eventFiltering] Added support of toIDS. [mokaddem]
  • [eventFiltering] Added support of server and feed hits filtering. [mokaddem]
  • [eventView] Attribute filtering tool - 🚧. [mokaddem]
  • Add pre-pagination result count to headers. [Hannah Ward]

Fixes #4161 - [galaxies] Added support of kill_chain_order in galaxies. [mokaddem] - [matrix] Replaced the Att&ck matrix by a generic matrix viewer, allowing custom matrix to be displayed. Also added the external id to the chosen input. [mokaddem] - Add CORS settings for external integration. [Hannah Ward] - [UI] Moved the global menu to the new system. [iglocska] - [UI] Added templates for the new global menu system. [iglocska] - [installer] Added progress bar and spinner. [Steve Clement] - [installer] Added function to build the installer. [Steve Clement] - [installer] Generic support functions. [Steve Clement] - [installer] Initial scaffolding and notice about upcoming installer scripts. [Steve Clement] - [UI] Finished refactor of the side menu. [iglocska] - [UI] side menu post link element added. [iglocska] - [CLI] verbose mode added to runUpdates. [iglocska] - [Tag API] New tag search api to search for tags. [iglocska]

  • simply pass the value you want to search for. Use % for wildcards
  • case insensitive
  • taxonomy and galaxy metadata returned with tag
  • [CLI] execute all db updates to bring MISP up to date with any changes. [iglocska]

  • mimics logging in via the UI

  • [UI] Further refactoring to use the modern meta table UI. [iglocska]
  • [UI] metaview refactor. [iglocska]

  • event view uses the new parametrised system

  • massive reduction of weird custom UI stuff to prepare MISP for a move to bootstrap 4
  • should fix the dodgy UI issues that @rommelfs was experiencing on his Playmobil laptop
  • [API] Log search API now allows for last style time ranges using the created field. [iglocska]
  • [UI] Added change tracking sparkline to the event view. [iglocska]
  • [tools] Experimental tool to upgrade MISP via GitHub. [Steve Clement]

Changes

  • [version] bump. [iglocska]
  • Remove debug. [mokaddem]
  • Reduce complexity of authenticate function. [iwitz]

  • create function getEmailAddress to reduce the complexity of the authenticate function

  • fix indentation of comments in the authenticate function
  • [installer] Shortened usr-local-src checker. Added better curl install example. [Steve Clement]
  • Bump PyMISP to 2.4.103. [Raphaël Vinot]
  • [ReST interface] fix typo in label. [Alexandre Dulaunoy]
  • [galaxy_matrix] Added submit button again to please.. they will recognize themselves. [mokaddem]
  • [installer] Level installer. [Steve Clement]
  • [doc] One more line to make SSL a little more secure. [Steve Clement]
  • [doc] Some formatting for the apache conf files and some incentives to be more secure by default. [Steve Clement]
  • [doc] Added small apache hardening tip chg: [installer] regenerated installer. [Steve Clement]
  • [installer] Do not try and initialize mysql if the user table exists new: [installer] Nuke an instance. [Steve Clement]
  • [installer] Make php versions more flexible if not 7.2. [Steve Clement]
  • [recommended versions] Added note on deprecating PHP 7.1 and Python 2.7. [iglocska]
  • Bump PyMISP, new object templates, fix failing tests. [Raphaël Vinot]
  • Bump PyMISP, again. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • [UI] Event index icons switched to FA in preparation of the BS4 move. [iglocska]
  • [objects] updated to the latest version. [Alexandre Dulaunoy]
  • [installer] Updated script to use systemd for workers and modules. [Steve Clement]
  • [doc] Bumped Kali version, updated misp-modules startup way, CentOS typo fix. [Steve Clement]
  • [tools] misp-workers.service need to be able to be installed on a stick MISP install (Ubuntu) other flavours want to be marked as such. (and in a seperate directory, ideally, etc/systemd/system) chg: [tools] Backup script todo added chg: [tools] worker start script todo and fix me added. [Steve Clement]
  • [attribute row] to_ids flag edition is done with a checkbox + prompt. [mokaddem]

Previously, was a select. - [quickEdit UI] Does not resize a column anymore. [mokaddem] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [eventMatrix] Added description of the cluster title and set default score to 0. [mokaddem] - [UI] Highlight scope toggle if scope is selected. [iglocska] - [taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - Added a dot and sanitization of the id. [mokaddem] - [eventIndex] When clicking on the correlation count in the event index, filter the viewed event with correlation only [mokaddem] - [UI] added icon for background workers. [iglocska] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [querystring] bumped. [iglocska] - [cleanup] Junk removed. [iglocska] - [UI] nav tabs ontop of lists should be able to display custom titles on hover. [iglocska] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [internal] Allow the quickfilters to work on URLs that include more than just the baseurl+controller+action. [iglocska] - [CS] indentation. [iglocska] - [doc] Move Debian9 stable install instructions to xPerimental status as only Python 3.5 is supported by default but PyMISP needs 3.6 (There are no easy clean ways to install >3.5) chg: [installer] various changes and cleanups in the installer. [Steve Clement] - [installer] Parsed installer update. [Steve Clement] - [doc] Minor OpenBSD 6.4 tweaks (works again now ;) [Steve Clement] - [installer] Make installer more verbose again, some output is actually needed. [Steve Clement] - Update hover UI. [wagena]

  • add some logic to choose better hover placement
  • make hover hide on outside click, to allow using the scrollbar to view full hover
  • add an icon in the hover tooltip to turn it into a popup
  • move popup close button to better position
  • group attributes for each module in hover UI
  • prevent duplicate enrichment api queries once the first one is done
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [cleanup] removed unused template. [iglocska]
  • [eventFiltering] Added support of feed and server while filtering objects. [mokaddem]
  • [eventFiltering] IU/UX Improvements. [mokaddem]
  • [tags] Improved perfs on tag retrieval (all tags belonging to an event) [mokaddem]
  • [eventFiltering] Started integration of tag filtering - 🚧. [mokaddem]
  • [eventFiltering] Prevent multiple searchFor entries. [mokaddem]
  • [eventfiltering] Added more sanitization. [mokaddem]
  • [eventFiltering] Prepend base url. [mokaddem]
  • [eventFiltering] display the number of active rules. [mokaddem]
  • [eventFiltering] Improved detection of advanced filtering. [mokaddem]
  • [eventFiltering] Simplified filtering conditions and fixed deletion proposal layout. [mokaddem]
  • [eventFiltering] First version on the event filter tool. [mokaddem]
  • [eventFiltering] 🚧 - UI displays all elements. [mokaddem]
  • [eventFiltering] 🚧 - Simplified filtering conditions. [mokaddem]
  • [eventFiltering] 🚧 - fixed filtering bugs and improved warning filtering. [mokaddem]
  • [eventFiltering] 🚧 -Improved filtering and UI. [mokaddem]
  • [eventFiltering] 🚧 - Integrating new filtering behavior into Model. [mokaddem]
  • [eventFiltering] Bumped flag skip_empty. [mokaddem]
  • [eventFiltering] Moved searchFor to the top. [mokaddem]
  • [eventFiltering] Improved UI - 🚧. [mokaddem]
  • [eventFiltering] Improved UI and added filter link. [mokaddem]
  • [eventFiltering] Improved filtering tool - 🚧. [mokaddem]
  • [eventFiltering] renamed file. [mokaddem]
  • [eventView] moved attribute filtering tool in its own file. [mokaddem]
  • Simplified condition 2. [mokaddem]
  • Simplified condition. [mokaddem]
  • [galaxy_matrix] TEMPORARY - Merge scores of both deprecated and mitre- attack galaxy namespace for the matrix view. [mokaddem]

This commit aims to still have correct scores in the galaxy_matrix until the fixMitreTags functions is not live and running - [generic_picker] added an icon to show that a galaxy will trigger the matrix galaxy picker. [mokaddem] - [galaxy] json_encode kill_chain_order in beforeValidate. [mokaddem] - [galaxy_matrix] renamed view_matrix into view_galaxy_matrix. [mokaddem] - [galaxy_matrix] cleanup in variable names to be more generic. [mokaddem] - Removed test code. [mokaddem] - Deleted (now useless) attack matrix view. [mokaddem] - [galaxies] Updated view to support kill_chain_order [mokaddem] - [attackMatrix] Improved layout + fixed bug (carret on scale do not go out of bound anymore) [mokaddem] - [attackMatrix] UI: improved color scale - 🚧. [mokaddem] - [attackMatrix] Updated the matrix to match the changes in the mitre galaxies and improved layout - 🚧. [mokaddem] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - Security warning at step 5. [iwitz] - [installer] Added missing final Install script. [Steve Clement] - [kali] Final kali tests done. [Steve Clement] - [kali] Last tweaks to make sure all deps are present. [Steve Clement] - [installer] Added checkLocale. [Steve Clement] - [kali] undo evil hack, sleep a while, maybe the disable sleep interferes with the execution of the script. [Steve Clement] - [kali] Make sure redis-server is installed early. [Steve Clement] - [installer] More fixes to the installer, mostly kali. [Steve Clement] - [m2m] Added libcaca for faup. [Steve Clement] - [installer] Considered Web Installer option new: [installer] Added ssdeep. [Steve Clement] - [installer] mail2misp typo. [Steve Clement] - [installer] Nicer end. [Steve Clement] - [installer] First working version. [Steve Clement] - [installer] Make sure the template engine is called correctly chg: [installer] If we su to MISP_USER, make sure we are not already. [Steve Clement] - [installer] Minor tweak. [Steve Clement] - [installer] Pre-Install place holder. [Steve Clement] - [installer] Added more documentation chg: [kali] Fixed /usr/local/src perm issue. [Steve Clement] - [installer] -A considered. [Steve Clement] - [installer] Moved some dependencies around. [Steve Clement] - [installer] First version of potentially working installer. [Steve Clement] - [kali] More fixes. [Steve Clement] - [kali] added venv. [Steve Clement] - [kali] A new kali install locks APT, added progressive sleep. [Steve Clement] - [kali] Installer wants to wait until apt is released chg: [installer] Update from template. [Steve Clement] - [installer] Ran template, commiting changes. [Steve Clement] - [installer] Minor tweaks. [Steve Clement] - [installer] Added autognerated script and template. [Steve Clement] - [installer] Symlink to template. [Steve Clement] - [doc] More fixes to installer builder. [Steve Clement] - [doc] Temporary installer workaround. [Steve Clement] - [doc] Search and replace vars. [Steve Clement] - [doc] Added more details on how to stitch the file together. [Steve Clement] - [doc] Added missing file. [Steve Clement] - [doc] Move some code out of the doc and into a file chg: [installer] Moved all the scripts into respective snippet tags. [Steve Clement] - [doc] More shuffling around to make it more logical chg: [installer] More cake tweaks, misp-modules grouping. [Steve Clement] - [installer] Various tweaks and functionizing stuff. [Steve Clement] - [installer] Main install script wants to pull in all function depenecies. Please avoid to source shell scripts somewhere else, it breaks overview. [Steve Clement] - [installer] Misp global vars. [Steve Clement] - [installer] Seperated dependencies for php 7.3 and 7.2. [Steve Clement] - [installer] Added some known Debian based falvours. [Steve Clement] - Remove unnecessary settings. [iwitz] - Set apache as files owner. [iwitz]

this is to be able to update through the web interface - Update software versions. [iwitz] - [refactor] Side menu generic templates moved. [iglocska] - [UI] Some modifications to the side menu link element. [iglocska] - Test url for proxy. [iwitz]

this way the check works even if only github is whitelisted by the web proxy - [doc] license for the logos added. [Alexandre Dulaunoy] - Add stix2 installation. [iwitz] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [Tag search API] now also accepts synonyms as input. [iglocska] - [documentation] Added new CLI function to automation page. [iglocska] - Improved setup bug workaround. [iwitz] - Update php version warning. [iwitz] - No more assumption that only 1 shell is used. [iwitz]

scl enable was used in step 3 to make php, mysql and redis available in a new shell and during the rest of the installation process it was assumed that the same shell was used. The steps are a bit less interdependent now. - Add index to all commands. [iwitz]

this is useful when only some steps apply to a particular environment - Tell people to not use this document. [Raphaël Vinot] - Bump PyMISP. [Raphaël Vinot] - [internal] Moved time resolution to appmodel. [iglocska] - [objects] misp object templates updated to the latest version. [Alexandre Dulaunoy] - [PyMISP] Bump version. [Raphaël Vinot] - [generic_picker] Prevents multiple useless redrawing. [mokaddem] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [tools] Made it a little more universal. [Steve Clement]

Fix

  • [API] hacky fix to capitalisation issues between the old /events/index camelcased parameters and the newer lowercased one, fixes #3855. [iglocska]
  • [grammar] Pluralisation fixed for the freetext import results, fixes #4021. [iglocska]

  • Sunday last minute commit aced

  • [installer] Tests should now run correctly chg: [m2m] Added more functions to faup. [Steve Clement]
  • [API] Allow adding objects without having the correct template via the API fixed. [iglocska]
  • [installer] Installer will never execute due to misplaced ; [Steve Clement]
  • [installer] Minor install fix. [Steve Clement]
  • [installer] Various fixes of missing dependencies. [Steve Clement]
  • [vulnerability] Fixes a vulnerability where a user can view sightings that they should not be eligible for. [iglocska]

  • requires access to the event that has received the sighting

  • affects instances with restrictive sighting settings (event only / sighting reported only)

  • as reported by Tyler McLellan of CanCyber.org

  • RunTests method was totally broken. [Raphaël Vinot]
  • [UI] Contributors - file left off. [iglocska]
  • [UI] Contributor list fixed. [iglocska]
  • [feed] Feed pulls don't update the timestamp of the event. [iglocska]

  • affects freetext feeds

  • this blocks the further propagation of the modifications
  • [ACL] added toggleToIDS. [iglocska]
  • [generic_picker] fix #4219 (Adding ObjectReference) [mokaddem]
  • [docs] added object template update CLI command to the automation page. [iglocska]
  • [API] Attribute edit error response fixes, #4221. [iglocska]
  • [UI] show object UUID via the UI. [iglocska]
  • [performance] Massive performance bug resolved for taxonomy tag selector. [iglocska]
  • [UI] Fixed exclamation point for critical alerts in server settings. [chrisr3d]
  • Typo parameter. [mokaddem]
  • [UI] Fixed issues with the eventattribute tabs, fixes #4211. [iglocska]
  • [UI] Worker tab missing in diagnostic tool. [iglocska]
  • [UI] Invalid requirements passed to scaffolding system in regards to the show attribute context button. [iglocska]
  • [UI] Another switch to FA. [iglocska]
  • [UI] Switched to FA for the warning icons on the attribute values. [iglocska]
  • [correlation UI] Fixed an issue where the cache contained correlations to a feed/server that is no longer in the DB. [iglocska]
  • [enrichment] UI errors fixed when no modules are enabled. [iglocska]

  • also fixed the weird indentation

  • [UI] Don't show the filter bar in the server settings where it wouldn't do any good. [iglocska]
  • [UI] Fix add object menu item. [iglocska]

  • make the scaffolding system aware of the possibility that "this" might get passed along to javascript

  • [UI] Side menu missing the update warninglists button. [iglocska]
  • [UI] Alignment issue resolved on the user view. [iglocska]
  • [UI] Fixed a bug in the UI that caused the event filtering to break. [iglocska]
  • [UI] Pass the server ID to the view for the menu's consistency. [iglocska]
  • [DB] removed not null constraint of the kill chain order field, fixing
  • [iglocska]
  • Object could not be added with no full group by enabled, fixes #4195. [iglocska]
  • [installer] unary operator... chg: [installer] dirty notes in pre- flight check function. [Steve Clement]
  • [installer] small fix to check if dmidecode is present. [Steve Clement]
  • Fixed list regex menu option, fixes #4197. [iglocska]
  • [UI] New thread button fixed. [iglocska]
  • [UI] Terms and conditions & removed from button. [iglocska]
  • [UI] Add sharing group button removed if no permissions present. [iglocska]
  • [UI] trash icon was black on black on event multi delete. [iglocska]
  • [stix2 import] Fixed marking parsing to avoid trying to add None. [chrisr3d]
  • [UI] side menu truncated settings in the global actions scope. [iglocska]
  • [SMIME] Formating issues resolved. [iglocska]
  • [API] Invalid URL parameter suggested in rest client templates for the attribute edit endpoint, fixes #4159. [iglocska]
  • [UI] Logout fixed. [iglocska]
  • [eventview] too many arguments. [mokaddem]
  • [massEdit] UI bug in the synonyms. [mokaddem]
  • [distributionGraph] restaured filtering capabilities. [mokaddem]

Broken since the new event filtering tool - [eventFiltering] Removed debug commands. [mokaddem] - Do not increment count after DB query. [Hannah Ward] - Expose x-result-count to CORS. [Hannah Ward] - [matrix_score] get values regardless of the galaxy. [mokaddem] - [UI] UI monkey cannot z-index. [iglocska] - Re-add CORS headers on REST Response. [Hannah Ward] - [galaxy] prevent drawing view when galaxy_cluster does not exist. [mokaddem] - [merge] added forgotten file... [mokaddem] - [doc] gitchangelo from pip now works un Python 3.7 as expected chg: [doc] Tried to have a more or less clean new Changelog in docs. [Steve Clement] - [installer] Variable typo for Base URL chg: [installer] Renamed installCoredDeps. [Steve Clement] - [installer] Various changes to where we output messages. [Steve Clement] - [installer] More kali fixes and some ubuntu tweaks. [Steve Clement] - [installer] Kali was missing maec. [Steve Clement] - [installer] Kali still had bugs. Most fixed. [Steve Clement] - [installer] Various fixes for depency installs. [Steve Clement] - [installer] Options setting now works. [Steve Clement] - [kali] Various kali fixes to make it install in unattended mode fix: [installer] Various fixes to the installer. [Steve Clement] - [kali] On kali, some times apt is locked, we need to consider that. [Steve Clement] - [installer] Viper is stuborn. [Steve Clement] - [installer] Updated main installer fix: [doc] Viper can be installed with Python3.7. [Steve Clement] - [installer] fix typo. [Steve Clement] - [installer] -ne (== NOT EQUAL != NOT EXIST Grr...) [Steve Clement] - [installer] Added apt update for Kali, fixed some ifs' [Steve Clement] - [installer] fix typo. [Steve Clement] - [UI] post links broken in the side menu. [iglocska] - [UI] removed org would throw notice errors if they are still contained in a sharing group. [iglocska]

  • a situation that should not occur without tampering that is normal on a dev instance anyway, but just in case
  • [UI] Fixed extended by field. [iglocska]
  • Rhel7 diagnostics page detection. [iwitz]
  • Working directory in update function. [iwitz]

fixes a path problem mentioned in issue #3528 - [UI] Fixed menu linking for change_pw action. [iglocska] - [CS] tab fixes. [iglocska] - [CS] indentation fix. [iglocska] - [UI] Potential fix for the weird popover behaviour. [iglocska] - [UI] restored user menu when viewing a user's profile as admin. [iglocska] - Typo in tag ID query. [Hannah Ward] - [Feeds API] blackholes due to invalid csrf check relaxation call. [iglocska] - Bugfix of event info not shown when MISP.showorgalternate is on. [Christophe Vandeplas] - [UI] Trailing removed from org names on the event index. [iglocska] - [API] Galaxies still present as Tag in JSON export fixes #4133. [Christophe Vandeplas] - [style] consistent space indentation. [Christophe Vandeplas] - [ACL] tags/search added to the ACL. [iglocska] - Do not use obsolete rc.local init file. [iwitz] - [stix import] Fixed detection of observable_composition objects. [chrisr3d]

  • Was sometimes passing the text even if no observable composition object was actually defined, because an observable object can have the observable_composition attribute even when it has no actual value
  • [stix 1&2 import] Using local version of PyMISP & MISP Objects. [chrisr3d]

  • So the PyMISP part will not depend on the version installed with pip anymore

  • Need also to specify the MISP Objects path because it is not available from PyMISP subdirectories
  • Lief installation. [iwitz]

  • unnecessary steps removed

  • irrelevant comment removed
  • instructions updated to compile lief for python 3.6 instead of 2.7
  • install lief in the folder where the other dependencies are so that it is detected by the diagnostics page
  • Grammar. [iwitz]
  • [API] Events add/edit return correct error code on failure. [iglocska]
  • [stix export] Support of deprecated python versions. [chrisr3d]
  • [UI] org view with domain restrictions had a layout breaking long key. [iglocska]
  • [restsearch] download as a first parameter should default to json. [iglocska]
  • [UI] event view UUIDs capitalised. [iglocska]
  • [UI] title of org images fixed. [iglocska]
  • [ui] Safari.... [iglocska]
  • [UI] lol. [iglocska]
  • [UI] UI experts at work. [iglocska]
  • [UI] small fix. [iglocska]
  • [ui] small fix. [iglocska]
  • Disable stix test with PyMISP on travis. [Raphaël Vinot]
  • [generic_picker] fix #4083. When picking, force exact match (instead of contains) [mokaddem]
  • [ui] small ui fix. [iglocska]
  • [stix2 export] Fixed attribute counting on restSearch. [chrisr3d]
  • [php min version] Bumped to 7. [iglocska]

  • not enforced yet

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3827 from MISP/fix3819. [Steve Clement]

Allow getting object attribute via rest query. fix #3819 - Allow getting object attribute via rest query. fix #3819. [mokaddem] - Merge pull request #3589 from iwitz/add-email-field-option-for- kerberos-authentication. [Steve Clement]

Add email field option for kerberos authentication - Merge branch '2.4' into add-email-field-option-for-kerberos- authentication. [Steve Clement] - Merge pull request #3658 from ancailliau/issue-3639. [Steve Clement]

Fixes issue #3639 - Fixes issue #3639. [Antoine Cailliau] - Merge pull request #4259 from SteveClement/guides. [Steve Clement]

chg: [installer] Various updates including PyMISP tests - Merge pull request #4243 from raw-data/2.4. [Alexandre Dulaunoy]

[add] MalSilo feeds tracking commodity malware - [add] MalSilo feeds tracking commodity malware. [raw-data] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4250 from SteveClement/tools. [Steve Clement]

new: [cli] Added getWorkers to cake Admin Shell. It returns a JSON with the status of the current workers. - Merge remote-tracking branch 'upstream/2.4' into tools. [Steve Clement] - Merge pull request #4249 from SteveClement/guides. [Steve Clement]

chg: [installer] Added tests - Merge pull request #4248 from SteveClement/guides. [Steve Clement]

chg: [installer] Various updates to the installer. Also tested towards latest Ubuntu 18.04.2 - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4237 from Rafiot/install_tests. [Andras Iklody]

new: Add tests after install - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4230 from SteveClement/guides. [Steve Clement]

new: [installer] Update installer to make use of systemd service units - Merge pull request #4229 from SteveClement/tools. [Steve Clement]

chg: [tools] Various updates to CLI tools - Merge branch '2.4' into tools. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4203 from eCrimeLabs/2.4. [Andras Iklody]

Update defaults.json (Phishtank - Exclude through regex) - Updated defaults.json. [eCrimeLabs]

Bugfixed Phishtank - Update defaults.json. [eCrimeLabs]

Updated Phishtank feed with regex to exclude Phishtank url's \/^http:\\/\\/www.phishtank.com\/i - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4202 from obert01/fix-tag-search. [Andras Iklody]

Fixed search for cluster value in /tags/search - /tags/search was only looking for cluster synonyms, but not in cluster values. [Olivier BERT] - Merge pull request #4201 from bartblaze/2.4. [Alexandre Dulaunoy]

Update README.md - Update README.md. [Bart]

  • Several small fixes
  • Add Zeek (new Bro name)
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4194 from gallypette/hotfixGlobalMenuSeparator. [Andras Iklody]

Fix #4193 GlobalMenuSeparator not checking Roles - Fix #4193 GlobalMenuSeparator not checking Roles. [Jean-Louis Huynen] - Merge pull request #4187 from RichieB2B/patch-5. [Alexandre Dulaunoy]

Fix errors in TagCollections import - Fix errors in TagCollections import. [Richie B2B] - Merge pull request #4185 from SteveClement/guides. [Steve Clement]

chg: [doc] Move Debian9-stable install instructions to xPerimental - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4183 from DomainTools/update-hover-ui. [Alexandre Dulaunoy]

chg: Update hover UI - Fix Useless assignment to local variable. [wagena] - Fix missing variable declaration. [wagena] - Merge branch '2.4' into update-hover-ui. [wagena] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4169 from RichieB2B/patch-4. [Alexandre Dulaunoy]

Fix broken "List Tags" link - Fix broken "List Tags" link. [Richie B2B] - Merge pull request #4076 from mokaddem/eventFiltering. [Alexandre Dulaunoy]

Event filtering tool - Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. [mokaddem] - Merge remote-tracking branch 'origin/2.4' into eventFiltering. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into eventFiltering. [mokaddem] - Merge branch '2.4' into eventFiltering. [mokaddem] - Merge pull request #4165 from MISP/bugfix/x-result-count. [Andras Iklody]

[fix] Correct X-Result-Count - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4164 from MISP/tempoparyFixMatrixStat. [Alexandre Dulaunoy]

Tempopary fix galaxy_matrix heatmap (mitre-attack) - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4158 from MISP/bugfix/disappearing-cors-headers. [Andras Iklody]

fix: re-add CORS headers on REST Response - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4156 from mokaddem/udpatedMatrix. [Alexandre Dulaunoy]

Improved Att&ck Matrix - Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into udpatedMatrix. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4157 from MISP/feature/cors-options-request. [Andras Iklody]

new: Add CORS settings for external integration - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4155 from iwitz/patch-5. [Andras Iklody]

RHEL7 installation security warning at step 5 - Merge pull request #4152 from SteveClement/guides. [Steve Clement]

new: [installer] MISP has now an Install Script for Ubuntu 18.04 - 18.10 and Kali - Merge branch '2.4' into guides. [Steve Clement] - Merge pull request #4146 from hackunagi/2.4. [Alexandre Dulaunoy]

Fix on folder with misp.local.key - Merge pull request #2 from hackunagi/hackunagi-patch-1. [Carlos Borges]

Fixing folder with misp.local.key - Fixing folder with misp.local.key. [Carlos Borges]

### Work environment

Questions Answers
Type of issue Documentation Update
OS version (server) CentOS
OS version (client) Ubuntu, ...
PHP version 7.1
MISP version / git hash 2.4
Browser If applicable

### Expected behavior Follow procedures to install, with no errors.

### Actual behavior Error to create ssl keys, while following procedures. The steps to create openssl private keys on line 335 point to file in /etc/pki/tls/certs/misp.local.key, while later in line 338 it looks for file in /etc/pki/tls/certs/misp.local.key.

### Steps to reproduce the behavior

### Logs, screenshots, configuration dump, ... - Merge pull request #1 from MISP/2.4. [Carlos Borges]

Merge to original MISP repository - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4136 from iwitz/fix-rhel7-diagnostics-page. [Andras Iklody]

Fix rhel7 diagnostics page - Merge pull request #4147 from iwitz/patch-3. [Andras Iklody]

fix: working directory in update function - Merge pull request #4149 from iwitz/patch-4. [Andras Iklody]

Update software versions in RHEL7 installation procedure - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4139 from iwitz/patch-1. [Andras Iklody]

Change test URL for proxy - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4138 from obert01/warning-icon-fix. [Andras Iklody] - Accessibility: added aria properties for the warning list icon, which was not visible for screen readers. [Olivier BERT] - Merge pull request #4140 from iwitz/patch-2. [Andras Iklody]

Add STIX2 installation to RHEL7 installation procedure - Merge pull request #4137 from MISP/bugfix/tag-rest-edit-incorrect-id. [Andras Iklody]

fix: Typo in tag ID query - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4128 from iwitz/add-systemd-unit-rhel7. [Steve Clement]

chg: [RHEL7] Add systemd unit file in installation procedure - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [diagnostic] Added check for STIX2 python library. [chrisr3d] - Merge pull request #4123 from czechnology/2.4. [Andras Iklody]

Add LDAP network timeout - Add LDAP network timeout. [Martin Kulhavy] - Merge pull request #4121 from iwitz/remove-centos-install-step. [Steve Clement]

Remove CentOS step in RHEL7 installation procedure - Remove centos step. [iwitz]

The instruction to enable the SCL repos is already provided in step 1.4, and the package centos-release-scl does not exist on RHEL7. The fact that step 1.4 may not work on a trial subscription is not relevant because assumptions 0.1 and 0.2 specifically state that a support agreement is required to be able to complete the installation. - Merge pull request #4118 from iwitz/fix-rhel7-lief-installation. [Steve Clement]

Fix RHEL7 lief installation instructions - Merge pull request #4125 from iwitz/fix-scl-shell. [Andras Iklody]

RHEL7 installation fix implicitly SCL-enabled commands - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4117 from kara-1234/patch-2. [Andras Iklody]

Allow HTTPD to send Emails - Allow HTTPD to send Emails. [kara-1234]

Update to allow httpd to send emails. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - [stix2] Bumped stix2 python library latest updates. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Revert "fix: [UI] small fix" [iglocska]

This reverts commit 1c8d725f8ddaeaab7384faf104c83db2fa7741be. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]

v2.4.102 (2019-02-01)

New

  • [kali] Added debug function and breakpoints. [Steve Clement]
  • [doc] Initial MISP with Letsencrypt doc. [Steve Clement]
  • [installer] Initial bash installer functions. [Steve Clement]
  • [doc] moved kali script to generic debian installer script. [Steve Clement]
  • [CLI] Server settings refactored, fixes #4074. [iglocska]

  • moved most of the codebase to the model

  • streamlining of the setting change
  • hooked the callback system into the CLI version of the setter
  • [sighting] Searching for attributes allows to add sightings on the attribute id or value. [mokaddem]
  • [objectReference] Usage of the generic_picker for improved UX. [mokaddem]
  • [dependencies] Added CryptGPG and a dependency thereof to the INSTALL dir. [iglocska]

  • workaround for the pear.php.net pwnage

  • [Tag collections] Export/import tag collections added. [iglocska]

Changes

  • [version] bump. [iglocska]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [installer] Added more comments and implemented base parameter logic. [Steve Clement]
  • [datamodel] me being stupid. [Alexandre Dulaunoy]
  • [datamodel] anonymised updated. [Alexandre Dulaunoy]
  • [datamodel] second step validation for anonymised attribute type. [Alexandre Dulaunoy]
  • [datamodel] anonymised is any category. [Alexandre Dulaunoy]
  • [doc] Copyright dates updated. [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [kali] Major rewrite of install script. [Steve Clement]
  • [doc] Added CentOS vs. RHEL note. [Steve Clement]
  • [doc] script name change. [Steve Clement]
  • [doc] pear needs root permissions as it is installed to /usr/lib. [Steve Clement]
  • [doc] Partially fixed Centos 7 install procedure. Now uses https by default. [Steve Clement]
  • [doc] Remove update-alternatives, dumb idea to change default Python, for now. [Steve Clement]
  • [doc] Added initial misp-modules cake sugar. [Steve Clement]
  • [doc] Added symlink to generic debian installer for bward compat. [Steve Clement]
  • [restsearch] Improvements to the restSearch APIs to function better with URL parameters. [iglocska]

  • fixed returnFormat for events/restSearch

  • added page and limit to the list of parameters
  • [sightings] Hover sighting UI improvement. [iglocska]
  • [feed correlations] Don't attach feed correlations to attributes that have correlations disabled. [iglocska]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [type] zeek attribute added (Zeek is the new name of Bro) [Alexandre Dulaunoy]

Both attribute types, zeek and bro will coexist as exchange of NIDS rules under the old names is common in various MISP sharing communities. - [sighting] Added generic hovering support for openPopover + added support of this feature for sightings. [mokaddem] - [org view] show creation/modification times. [iglocska] - [rest] Bumped `sighting/add{values}`` documentation. [mokaddem] - Bump PyMISP. [Raphaël Vinot] - [generic_picker] Improved the way option templates/data are passed to the view (now done by JS only) [mokaddem] - [generic_picker] Improved memory usage + use of sprintf. [mokaddem] - [galaxy clusters] selectCluster function opened up to the API for reasons. [iglocska] - [doc] add standard MISP logo in SVG format. [Alexandre Dulaunoy] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [documentation] Added the description of URL parameters to the automation page. [iglocska] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - Pump PyMISP, use pipenv in travis. [Raphaël Vinot] - [eventIndex] replaced tag HTML node from to [mokaddem]

So that it indicates that cliking on the tag triggers an action (search in this case), but also to be consistent UI-wise

Part of the project: ~ Making Deborah happy! ~ - [generic_picker] Prevent decoding if additionalData is not set. [mokaddem] - Deleted useless commented line. [mokaddem] - [generic_picker] fixed icon path and added more resilience in case of resizing. [mokaddem] - [layouts] Removed doT.js dependency (not needed anymore) [mokaddem] - [generic_picker] Improved UI. [mokaddem] - [ObjectReference] this was bugging me.. [mokaddem] - [generic_picker] Improved UI. [mokaddem] - [generic_picker] improved layout. [mokaddem] - [generic_picker] added support of infoExtra for pills. [mokaddem] - [generic_picker] moved sanitization to views. [mokaddem] - [generic_picker] all view using the generic_picker now use the generic_picker view elements - 🚧. [mokaddem] - [generic_picker] use php generic_picker elements for constructing the template server side. - 🚧. [mokaddem]

Previously, it was done client side - [doc] Fix kali script, php7.2 was used by apache. Add reference to mkdocs depency. [Steve Clement] - [doc] Added gengeric update section update Debian testing for new stix2. [Steve Clement] - [i18n] Updated: Czech 4%, Danish 53%, German 21%, French 95%, Italian 39%, Japanese 95%, Korean 3%, Brazilian Portuguese 6%, Spanish 3% new: [i18n] Hungarian, Russian, Ukrainian, Simplified Chinese. [Steve Clement] - [composer] composer.json updated. [iglocska] - [query] Query string bump. [iglocska]

Fix

  • [restsearch] CSV special parameters added to the URL parameters. [iglocska]
  • [stix 1&2 export] Switched attachment parameter to make it work. [chrisr3d]

  • When using the url to query restSearch, withAttachements is the correct parameter to use instead of includeAttachements which works btw well with the rest Client anyway

  • [eventGraph] Adding relation via the graph correctly pick the correct element in the confirm modal. [mokaddem]
  • [proposal] Repaired deletion proposal (db save) [mokaddem]
  • [proposal] Repaired deletion proposal. [mokaddem]
  • [stix 1&2 export] Using the restSearch API instead of the old download one. [chrisr3d]
  • [kali] updated composer chksum. [Steve Clement]
  • [installer] Fixed a bug when run on kali. [Steve Clement]
  • [stix export] Monkey typo. [chrisr3d]
  • [stix export] Fixed malware samples (within file objects) parsing. [chrisr3d]

  • Depending if there is the attachment or not

  • [deprecated stix export] fixed, parameters weren't correctly taken into account. [iglocska]

  • affects /events/stix

  • [API] Use restresponse to view an added event via /events/add. [iglocska]
  • [Tagging] MITRE galaxies fixing function. [Christophe Vandeplas]

This function still needs to be called from an upgrade script. - [redirect on login] Fixed an issue where ajax queries would store their URL in the redirect URL field. [iglocska] - Check also event.org_id when validating event ownership in order to fetch attributes. [Patrizio Tufarolo]

Fixes #1918 - [Tagging] Tagging an element with multiple tag collection works as expected. [mokaddem]

Previously, it would only add the latest tag collection - [sighting] Bug adding sightings on every attributes. [mokaddem]

When trying to add a sighting to a value via the REST API, if a value was given to the key values instead of an array, the Model function addSighting would crash and skip the condition on the value, consequently adding a sighting on every attributes. - [UI] Popover gets closed correctly if button clicked twice. reuse generated popover id instead of one-side generation. [mokaddem] - [tagging] attachTagToObject wasn't updating the timestamp of the target object. [iglocska] - [description] setSetting CLI command description fixed. [iglocska] - [api] attirbutes/restSearch forced json format by mistake, fixes #4064. [iglocska] - [redirect] Correctly redirect to the requested URL after a login, fixes #4005, fixes #1301. [iglocska] - [events ui] fix to the event view pagination reseting sorting, fixes #4058. [iglocska] - [sightings] Re-added advanced sightings to the search results. [iglocska] - [Model] Fixed includeAttachments parameters for stix 1&2 export. [chrisr3d] - [internal] Fetching galaxies broken into atomic queries to avoid massive parameter lists. [iglocska] - [automation] Clarification of the different timestamp parameters. [iglocska]

  • we missed describing the input formats
  • [API] removed invalid parameter lookup. [iglocska]
  • [API] Fixed the handling of AND-ed and OR-ed URL parameters. [iglocska]
  • [Model] Added disable_correlation flag to the attributes of the original imported file object. [chrisr3d]
  • [stix import] Updated one condition test to avoid failing with Custom Objects. [chrisr3d]
  • [stix import] Removed unexpected print. [chrisr3d]
  • [stix import] Quick variable cleanup. [chrisr3d]
  • [stix import] Importing data frfom malware-sample single attributes. [chrisr3d]
  • [stix import] Importing malware-sample attributes and their data fields within File objects. [chrisr3d]
  • [stix import] Fixed syntax typo issue. [chrisr3d]
  • [stix export] Exporting malware-sample value within the corresponding observable. [chrisr3d]

  • In case the malware-sample values are not the same as the filename & md5 ones in the object

  • [attribute] Prevent undefined index on tag filtering. [mokaddem]

As tags are popped from the attribute scope first, they will not be available in the event scope. - [restsearch] Added returnformat to URL parameters. [iglocska]

  • attributes/restSearch was additionally missing the published filter
  • [interna] deprecated text() function's tag filter fixed. [iglocska]
  • [filters] Negative tag filters ignored event tags on the attriute search. [iglocska]

  • as reported by @hel10wor1d

  • [copy-pasta] Oops. [iglocska]
  • [stix] Missing data fields added to object malware samples. [iglocska]
  • [stix export] Syntax quick fix. [chrisr3d]
  • [ObjectReference] Making everyone happier. [mokaddem]
  • Mass edit and AttackMatrix work again on objectAttributes. [mokaddem]
  • [stix export] Avoid loss of filename and md5 values in File object. [chrisr3d]

  • We take them from malware-sample value if they do not exist

  • [stix export] Faster & Shorter attributes dictionary creation function. [chrisr3d]
  • [stix export] Removed not used additional param of the artifact object creation function. [chrisr3d]
  • [stix export] Exporting data from malware-sample attributes in file objects. [chrisr3d]

  • Observable composition for the file object

  • Data in malware-sample attribute is exported as Artifact Object
  • The rest of the file rermains unchanged and exported as File
  • [performance] query tweak to fool old crappy versions of mysql. [iglocska]
  • [sighting] prevent ID collision in the UI. Sighting canvas is now correctly positioned regardless of the id. [mokaddem]
  • [doc] The kali script should work again now. [Steve Clement]
  • [stix import] Passing observable title to avoid None value on attachment attributes imported. [chrisr3d]
  • [stix import] Fixed id fetching. [chrisr3d]
  • [server correlation] Fixed broken correlation link on the event level. [iglocska]
  • [UI] annoying empty event warning removed when filtering event attributes. [iglocska]
  • [attribute warnings] financial warnings not showing up in the warnings tab. [iglocska]
  • [gitmodules] updated. [iglocska]
  • [stix2] added attachment inclusion to the download from stix2 UI element. [iglocska]
  • [freetext import] Handle cases where a value can be both a hash and a btc address better. [iglocska]
  • [performance] Potential performance fix for older MySQL versions using the wrong index as key during fetchAttributes() [iglocska]

  • observer a server prioritising the deleted flag index when filtering attributes, leading to a massive performance loss

  • hacky solution to make deleted and object_id (during flattening) indeces unusable
  • [stix2 export] Fixed event labels fecthing. [chrisr3d]
  • [stix2 import] Importing TLP Marking definition objects only. [chrisr3d]

  • Following the changes on export script

  • [stix2 export] Faster tags handling function. [chrisr3d]

  • Compressed the function, removing some useless lines / variables

  • [stix2 export] Exporting only TLP tags as MarkingDefinition. [chrisr3d]

  • The other tags are (as before a recent change) exported as labels

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #4075 from obert01/cluster-detach-accessibility. [Andras Iklody]
  • Accessibility: Added ARIA properties on the "detach" button for clusters. [Olivier BERT]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge pull request #4073 from SteveClement/guides. [Steve Clement]

chg: [installer] Added more comments and implemented base parameter logic - Add: [datamodel] anonymise type added. [Alexandre Dulaunoy]

Anonymised value - described with the anonymisation object via a relationship

Anonymisation object definition: https://www.misp-project.org/objects.html#_anonymisation - Merge pull request #4071 from SteveClement/guides. [Steve Clement]

chg: [kali] Major update to Kali Install script - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Revert "fix: [API] Use restresponse to view an added event via /events/add" [iglocska]

This reverts commit 66037a36c55c66d4d2fe41f71619bc79e27dfdc5. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3995 from patriziotufarolo/2.4. [Andras Iklody]

fix: check also event.org_id when validating event ownership in order to fetch attributes. Fixes #1918 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4053 from Rafiot/pipenv. [Raphaël Vinot]

chg: Pump PyMISP, use pipenv in travis - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4049 from obert01/logs-accessibility-fix. [Andras Iklody]

Accessibility fix in the Logs view - Accessibility: Fixed the aria-label properties of the filter buttons in the Logs view. [Olivier BERT] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4041 from mokaddem/UIObjectReferences. [Sami Mokaddem]

Improved generic_picker and object references - Merge branch '2.4' into UIObjectReferences. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4046 from SteveClement/guides. [Steve Clement]

fix: [doc] Kali installer now working again - Merge branch '2.4' into guides. [Steve Clement] - Merge pull request #4037 from SteveClement/i18n. [Steve Clement]

chg: [i18n] Updated and added Localizations - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix framing] Added Artifact Object in the list. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Update INSTALL.ubuntu1804.md. [Andras Iklody] - Update INSTALL.debian9.md. [Andras Iklody] - Update INSTALL.rhel7.md. [Andras Iklody] - Added crypt_gpg alternate installer. [Andras Iklody] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #4033 from andreybolonin/patch-1. [Alexandre Dulaunoy]

add php 7.3 to travis - Add php 7.3 to travis. [Andrey Bolonin] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]

v2.4.101 (2019-01-20)

New

  • [feeds] Opened up feed inspection to host org users and added servers to overlap matrix. [iglocska]
  • [remote caching] First release version of the remote caching. [iglocska]
  • [server caching] Initial version 🚧. [iglocska]
  • [UI] PopoverConfirm now support shortcut (/+ to submit and to Cancel) [mokaddem]
  • [attackMatrix] Added support of chosen in the ATT&CK Matrix. [mokaddem]
  • [addObject] adding objects is done via the generic_picker. [mokaddem]
  • [galaxy] Added bulk galaxy tagging. [mokaddem]
  • [UI] generic_picker - 🚧. [mokaddem]
  • [cache export] Added the includeEventUuid flag to the output. [iglocska]
  • [publishing] Unpublish function added. [iglocska]

  • users were jumping through hoops to unpublish an event

  • [UI] disable attribute correlation during creation / modification. [iglocska]
  • [config backup] Added logging and a second protective measure. [iglocska]

  • if the current config.php is hosed, don't start the backup process and overwrite the backup

  • [galaxies] adding galaxies no longer needs a full refresh of the page. [iglocska]

  • use the new ajax function to get the galaxy information returned

  • [galaxies] added new function to show galaxies in ajax queries. [iglocska]
  • [tag collections] Add default tag collection per instance. [iglocska]
  • [tag collections] First feature complete minimal version of the tag collection system. [iglocska]
  • [tag collections] Added missing views. [iglocska]
  • [tag collections] Renamed tagCollectionElement to tagCollectionTag. [iglocska]
  • [tag collections] 🚧. [iglocska]
  • [🚧] tag collections 🚧. [iglocska]
  • [tag_collections] Added db upgrade. [iglocska]
  • [Tag collections] Added boilerplate models. [iglocska]

Changes

  • [remote cache] Further progress on caching remote instances. [iglocska]
  • [tagging] Added more ordering while displaying results. [mokaddem]
  • [Object] Added pre-choice of object meta-category. [mokaddem]
  • [refactor] Slight refactor for getAttributesTags() [iglocska]
  • [cleanup] Removal of duplicate code. [iglocska]
  • [generic_popover] Pressing destroy the popover. [mokaddem]
  • Fixed LGTM JavaScript analysis alerts. [mokaddem]
  • [refacto] removed useless code and views. [mokaddem]
  • [css] indent. [mokaddem]
  • [eventView] Replaced link by span. [mokaddem]

So that the focus is not done when clicking on it - [attackMatrix] removed useless view. [mokaddem] - [UI] 🚧 - generic_picker improved title management of popover. [mokaddem] - [UI] 🚧 - generic_picker remove popover on tag deletion. [mokaddem] - [UI] 🚧 - generic_picker popover is attached to body. [mokaddem]

Needed to add reference to the original node that toggle the popover - [UI] 🚧 - generic_picker slightly improved tag template. [mokaddem] - [UI] 🚧 - generic_picker replaced galaxy deletion alert by confirm popover. [mokaddem] - [UI] 🚧 - generic_picker deleting tags uses popover. [mokaddem] - [UI] 🚧 - generic_picker add warning message if number of option is to large. [mokaddem] - [UI] 🚧 - generic_picker filter galaxies by synonyms. [mokaddem] - [UI] 🚧 - generic_picker display expanded taxonomy info. [mokaddem] - [UI] 🚧 - generic_picker added tag styling and additional data in option. [mokaddem] - [UI] 🚧 - generic_picker automatically switch to submit pills if applicable. [mokaddem] - [UI] 🚧 - generic_picker added custom chosen event to support redrawing after searches. [mokaddem] - [UI] 🚧 - generic_picker prevnet drawing empty option. [mokaddem] - [UI] 🚧 - generic_picker improved template (show more fields) [mokaddem] - [UI] 🚧 - generic_picker added templating system for select options. [mokaddem] - [tagging] 🚧 - bulk galaxy tagging on attribute and event. [mokaddem] - [tagging] 🚧 - bulk tagging via generic picker on event and complete support for TagCollection. [mokaddem] - [tagging] 🚧 - bulk tagging via generic picker on tag level. [mokaddem] - [taxonomy choice] replace old popup view by the generic pre-picker. [mokaddem] - [doc] Updated date of testing. [Steve Clement] - [doc] Updated Ubuntu 18.04 install and all generic generic dependencies. [Steve Clement] - [Taxonomy] disable (hide) tags when disabling parent taxonomy. [mokaddem] - [galaxy] updated to the latest version. [Alexandre Dulaunoy] - [internal] timestamp resolution for time ranges should reorder the conditions. [iglocska]

  • always take from (smaller timestamp) to (larger timestamp), no matter the order which they were entered in
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [UI] Added publish timestamp to the event view. [iglocska]
  • [stix] Bumped latest version of cti-python-stix2. [chrisr3d]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [datamodels] fix hassh and hasshserver typo. [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version (hassh-md5 and hasshserver-md5) added. [Alexandre Dulaunoy]
  • [datamodels] new types hassh-md5 and hasshserver-md5 added. [Alexandre Dulaunoy]

"HASSH" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.

Fix #4007 - [feeds] mirai.security.gives feed added. Fix #4009. [Alexandre Dulaunoy] - [MISP objects] Bumped latest version. [chrisr3d] - [stix2 import] Importing Marking Definition objects from STIX files generated with MISP. [chrisr3d]

  • Import of Marking Definition objects as tags
  • Import at attribute and event level
  • Import of Marking Definition objects from external STIX files at event level only
  • [doc] Updated documentation about stix2 python library installation. [chrisr3d]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [stix2] Bumped latest cti-python-stix2 version. [chrisr3d]
  • [stix2 export] Exporting tags as Marking Definition. [chrisr3d]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [cleanup] removed some more leftover junk. [iglocska]
  • [cleanup] Removed obsolete CLI tasks. [iglocska]
  • [automation] described feed previews via the API template system. [iglocska]
  • [session] Added warning about setting the timeout to 0. [iglocska]
  • [documentation] Added JSON structure update commands to CLI documentation. [iglocska]
  • [refactor] Refactoed attachCluster to be more model agnostic. [iglocska]
  • [tag collection tag] Renamed Model references in the codebase. [iglocska]
  • [generic index] Fixed scoping issue with rows. [iglocska]

Fix

  • [caching] Some minor fixes. [iglocska]
  • [ACL] ACL updated. [iglocska]
  • [AttackMatrix] Stopped comparing string with integer. [mokaddem]
  • [generic_picker] avoid having option's name as an array key. [mokaddem]
  • [generic_picker] hide div if empty is selected. [mokaddem]
  • [tags] picking all tags removed galaxies in the picker. [mokaddem]
  • [tag collections] Adding tags to tag collections fixed. [iglocska]
  • [ACL] small ACL fix. [iglocska]
  • [Tag collections] Fix case of several tag IDs being passed. [iglocska]
  • [ACL] Restrict tag collection modification to tag editors. [iglocska]
  • Added some more escaping. [mokaddem]
  • [UI] prevent failing if generic_picker is not in a popover. [mokaddem]
  • [JS] switch to local variable. [mokaddem]
  • [App] Bump queryVersion. [mokaddem]
  • [attackMatrix] do not throw an error for an edge case where the user did not have full permission. [mokaddem]
  • [tagCollection] typo in variable name preventing addition of tag for non-admin users. [mokaddem]
  • [massageTag] variable name collision causing tags to disappear. [mokaddem]
  • [tagCollection] galaxies can be removed from tag collections. [mokaddem]
  • [MassEdit] Prevent undefined clusters/tags if unset + enforce attribute perms. [mokaddem]
  • [UI] generic_picker prevented nested redrawing. [mokaddem]
  • [Unpublish] variable not set when not in event context (i.e. revise_object) [mokaddem]
  • [internal] EventID filter now accepts uuid and ID correctly. [iglocska]
  • [UI] notice error fixed for tag filters in attributes/search. [iglocska]
  • [internal] Fixed uuid/id lookups not working on the attribute level. [iglocska]
  • [UI] mismatched button class usage for discussions. [iglocska]

  • this was driving me nuts.

  • [doc] Updated Kali scripts. [Steve Clement]
  • [stix2 import] Fixed copy paste monkey 'self' missing error. [chrisr3d]
  • Avoid ignoring stix2 scripts. [chrisr3d]
  • [stix2 import] Fixed default event & attribute distribution values. [chrisr3d]
  • [stix import] Fixed default event & attribute distribution values. [chrisr3d]
  • [attribute search] Restore pivoting from attribute tag to the attribute search results. [iglocska]

  • contrary to the pre-API-refactor versions, inherited event tags are also taken into account

  • [attribute search] Trigger the result screen instead of the search form if the tags parameter is provided via the URL in a GET request. [iglocska]
  • [API] correctly handle custom delimiters in the filter builder. [iglocska]
  • [stix2 import] Fixed imported galaxyCluster uuids. [chrisr3d]

  • Which are actually collection_uuids

  • [stix2 export] Fixed GalaxyCluster uuid fetching. [chrisr3d]

  • Which is actually collection_uuid

  • [stix2 import] Using a STIX2 object attribute instead of its dictionary format. [chrisr3d]
  • [stix2 export] Fixed MISP tags parsing. [chrisr3d]

  • To support composite predicates

  • Also changed variable names to match with the actual tag part names
  • [stix2 export] Fixed wrong variable name. [chrisr3d]
  • [stix2 export] Parsing relationships at the end of the event. [chrisr3d]

  • Minor change only impacting the order of the STIX Objects

  • But cleaner code (relationship parsing code in a function)
  • [event] attributes quick tagging. [mokaddem]

scope used to be singular (attribute instead of attributes), it is know set accordingly - Fixes javascript issue #3952. [Christophe Vandeplas] - [eventView] restored bulk tagging feature. [mokaddem]

Since the introduction of the tag collection, bulk tagging of items in the event view stopped working (Behavior of tag's view changed to use scoping instead of calculated variables in the tag's Controller) - [stix2 export] Cleaned up the link attributes parsing. [chrisr3d]

  • Removed useless class attribute
  • Cleaned up the parsing code itself
  • [stix2 import] Avoid error on fetching relationship by uuid. [chrisr3d]

  • Fixes an issue that did not put (for instance) Galaxies on attribute level within the attribute because of the uuid fetching error

  • [stix2 import] Better parsing of external single attributes. [chrisr3d]

  • To parse relationships concerned by the attribute, at the same time, if needed

  • [timeout setting] Fixed invalid cooke timeout name. [iglocska]
  • [tag collections] Fixed hook to reload galaxies. [iglocska]
  • [ACL] Added ajax function to ACL. [iglocska]
  • Bumped cti-python-stix2 latest version. [chrisr3d]
  • [api] editing organisation attributes, other than name. [Jan Skalny]
  • [galaxies] Some minor fixes with the ajaxification. [iglocska]
  • [galaxies] added new view that wasn't finished for the previous commit (stil 🚧) [iglocska]
  • [over-sanitisation] cleared up over-sanitised message in the events controller. [iglocska]
  • [ACL] Added missing function. [iglocska]
  • [tag collections] Fixed several bugs linking to the wrong tag collection when attaching them to an event/attribute. [iglocska]
  • [tag collections] Fixed an issue where if a collection was added that already had all tags attached from before, the process would get stuck with no feedback to the user. [iglocska]
  • [taxonomies] Tag list empty fixed. [iglocska]
  • [data model] added the fix to the org_id field in the tag table to the mysql.sql file. [iglocska]
  • [data model] fixed a bug that caused org_id fields to be tinyint(1) for org_ids on tags. [iglocska]
  • [tag collections] fixed galaxies not showing up. [iglocska]
  • [added missing controller] tag collections controller. [iglocska]
  • [model linking] Made tag collection tag dependent of tag. [iglocska]
  • [db update] Fixed update script for tag collection tags. [iglocska]
  • [cleanup] removed tagCollectionElement. [iglocska]
  • [js] Various fixes with adding/removing tags. [iglocska]

Other

  • Merge branch 'features/server_caching' into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem]
  • Merge branch 'UISelector' into 2.4. [mokaddem]
  • Merge branch '2.4' into UISelector. [mokaddem]
  • Fix/new: [attackMatrix] Attack Matrix works again + added support in tag collection. [mokaddem]
  • New/fix: [MassEdit] Allow addition/deletion of tags and clusters on selected attributes + Lots of usage bug fixes. [mokaddem]
  • [UI] generic_picker merged the pre_picker into the picker - 🚧. [mokaddem]
  • Merge pull request #4028 from SteveClement/guides. [Steve Clement]

Guides - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #4020 from chkp-aliaksandrt/fix-issue-3977-tagged- attributes-search. [Andras Iklody]

Fix of tagged attributes search - Fix of tagged attributes search, displaying tag name instead of numeric Tag ID Closes #3977. [chkp-aliaksandrt] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #4018 from SteveClement/guides. [Steve Clement]

fix: [doc] Updated Kali scripts. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix2 import] Importing Marking Definition objects from external STIX files at attribute level. [chrisr3d] - Add: Added stix2 scripts subdirectory to gitignore. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [mokaddem] - Merge pull request #3989 from cvandeplas/2.4. [Andras Iklody]

fix: Fixes javascript issue #3952 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch 'tag_collections' into 2.4. [iglocska] - Merge branch '2.4' into tag_collections. [iglocska] - Add: [stix2 import] Added a pattern type in the mapping. [chrisr3d] - Merge pull request #3980 from JanSkalny/2.4. [Andras Iklody]

fix: [api] editing organisation attributes, other than name - Merge branch '2.4' into tag_collections. [iglocska]

v2.4.100 (2018-12-31)

New

  • [restClient] Added support of URL param in the querybuilder widget. [mokaddem]
  • [restClient] Transform query to json, more descriptions and layout changes. [mokaddem]

  • Added a lightweight query parser to construct the JSON body from the query builder

  • Added more help text on API fields
  • Added help hoover on API fields (when applicable)
  • Added optgroup in template select
  • Slight CSS modification on the overall page
  • Changed behavior of template fetching (template existance is checked locally, do not wait before pulling the API info HTML)
  • [rest client] added first draft of querybuilder widget. [mokaddem]
  • [attributes] Add cdhash attribute, 40+ digit hash, default Payload delivery, ids=1 (#3965) [Daniel Roethlisberger]
  • [eventview] value quickedit are triggered by clicking a button And no longer using double-click. [Sami Mokaddem]

Changes

  • [version] bump. [iglocska]
  • [objects] updated to the latest version. [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [restClient] small css change. [Sami Mokaddem]
  • [restClient] Still show help for nested parameters instead of crashing. [Sami Mokaddem]
  • [restResponse] removed space in parameters. [Sami Mokaddem]
  • Deleted comments. [Sami Mokaddem]
  • [restClient] Do not show empty rule if builder shown after template picking. Reset the query builder rules if templates is not picked before showing the builder. [Sami Mokaddem]
  • Re-indented view file. [Sami Mokaddem]
  • [restClient] prevent usage of query builder if template not picked. [Sami Mokaddem]
  • [restClient] added show query builder button. [Sami Mokaddem]
  • [restClient] re-indented the whole file. [Sami Mokaddem]
  • [restclient] moved all javascript into its own file. [Sami Mokaddem]
  • [querybuilder] added new js dependencies (chosen, query-builder, doT, extendext and moment) [root]
  • [querybuilder] injected tags are now injected by name instead of ID (allowing sql LIKE) [Sami Mokaddem]
  • [Model] swapped openioc and json so that json is selected by default. [mokaddem]
  • [rest client] re-ordered fields by alphabetical order. [mokaddem]
  • [rest client] added some overwrite functions. [mokaddem]
  • Bump PyMISP, again. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [Objects] Sorts object references types in add reference form (#3969) [Christophe Vandeplas]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [eventView] added quickEdit button for Category, Type and IDS fields + Changed IDS representation (from YES/NO to checkbox) [Sami Mokaddem]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [UI] Clarify the definition of "hide_tag" to an unselectable tag. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version (major update in Malpedia) [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [eventView] applied quick-edit button for comment field. [Sami Mokaddem]
  • [quickEditHover] change variable scope to local. [Sami Mokaddem]
  • [eventGraph] added fail save if requiredOneOff is not set. [Sami Mokaddem]
  • [🚧] added function meant to resolve id vs uuid issues for the UI attribute search. [iglocska]

  • still needs some love

  • Bumped lastest cti-python-stix2 changes from our fork. [chrisr3d]
  • [stix] Changed cti-python-stix2 submodule to our fork. [chrisr3d]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP recommended version. [Raphaël Vinot]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]

Fix

  • [cleanup] Fixed a few issues. [iglocska]

  • unnecesary access to controller from component fixed (load component instead)

  • confusion between private and public variables resolved
  • some minor fixes for rules
  • [restClient] form submission is working again. was blackholed due to form tampering. [Sami Mokaddem]
  • [ui] prevent glitchy popover by increasing item size. [Sami Mokaddem]
  • [object references] Editing an event failed to save new object references. [iglocska]
  • [expansion] Hover broken after pagination fixed. [iglocska]
  • [stix2 export] Fixed number_of_sections field in STIX PE extenstion. [chrisr3d]

  • Avoiding issues when the section referenced in the MISP pe object is actually not in the event

  • [stix2 export] Added required field pe_type in STIX PE extension. [chrisr3d]
  • [stix2 export] Fixed GalaxyCluster UUID fetching. [chrisr3d]

  • Supporting the latest changes on UUID field name for Galaxy clusters

  • Still supporting the previous UUID field name in the case of a terminal execution, with a former version of Galaxy clusters
  • [stix2 export] Some fixes on 'Attribute' ObjectReference key + missing self argument. [chrisr3d]
  • [stix2 export] Removed not used function. [chrisr3d]
  • [stix2 export] Added interoperability parameter to all created STIX objects. [chrisr3d]

  • In order to avoid crashes on MISP data generated via the STIX import

  • [stix2 export] Fixed GalaxyCluster uuids key fetching. [chrisr3d]
  • [tools] Fixes missing sort in the PyMISP describeTypes generation (#3966) [Christophe Vandeplas]
  • [publishing] Fixed several bugs in the background job responsible for publishing events. [iglocska]
  • [stix2 export] Fixed field name Attribute for ObjectReference checking. [chrisr3d]
  • [stix 1&2 export] Checking if a referenced pe-section is indeed in the event before trying to parse it. [chrisr3d]
  • [correlations] Invalid orgc loaded in the attribute level correlations, fixes #3948. [iglocska]
  • Make IE11 compliant by adding startsWith polyfill. [Tom King]
  • Make IE11 compliant by removing default param value from ES2015. [Tom King]
  • Make IE11 compliant by removing default param value from ES2015. [Tom King]
  • [CLI] usage output fixed for the server shell tasks. [iglocska]
  • [sync] Fixed an incorrectly formatted event index output when minimal:1 is passed, breaking the sync pull. [iglocska]

  • ffs

  • [server preview] fixed sharing groups linking to the equivalent ID sharing group on the local instance. [iglocska]
  • [api] Fixed event index to include sharing group metadata. [iglocska]
  • [Restresponse] fixed XML converter. [iglocska]
  • [compatibility] reverted IE11 breaking change in misp.js, fixes #3939. [iglocska]
  • [feeds] Fixed an issue that caused a misp format feed fetch to fail intermittently. [iglocska]
  • [upload_analysis_file] Prevent object creation on non-existing events. [Sami Mokaddem]
  • [eventGraph] Object's label gets set correctly Add both requiredOneOf and required (forgotten one) fields in the Object's label. [Sami Mokaddem]
  • [sync] Issue with events not updating on a pull. [iglocska]

  • overzealous protection removed

  • Conditions blocking an event edit via a pull now rely on the locking mechanism, relaxed via an internal sync link
  • [UI] hover size fixed and scroll bar added. [iglocska]

  • part of the keep @rommelfs happy project

  • [stix import] Fixed parsing of Custom objects. [chrisr3d]
  • [stix 1&2 import] Fixed version attribute of the original filename. [chrisr3d]
  • [doc] Updated install guide to include the latest changes on STIX2 python library. [chrisr3d]
  • [stix2 import] Allowing import of STIX 2.0 documents that have non v4 UUIDs. [chrisr3d]

  • Some further operations may be done on those UUIDs later

  • Atm, we (at least) avoid loading errors from the stix2 python library
  • [API] Attribute tags could be added by 3rd parties via the API. [iglocska]

  • fixed

  • [objecttemplates] fixes issue #3921. [Christophe Vandeplas]
  • [API] tags/attachTagToObject wasn't unpublishing events correctly. [iglocska]
  • [attachement] prevent creation of empty event. [Sami Mokaddem]
  • [restSearch] Using the correct python version to call STIX scripts. [chrisr3d]

  • Using the correct python defined in virtual env, if available, and the default global python3 otherwise

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3974 from eCrimeLabs/2.4. [Alexandre Dulaunoy]

Update Attribute.php - Update Attribute.php. [eCrimeLabs]

Added ja3-fingerprint-md5 as a deticated data type. Also updating the object for ja3 - Merge branch 'qb' into 2.4. [iglocska] - Fix+new [restClient] fixed merge glitch and added support of includeProposals [Sami Mokaddem] - Merge remote-tracking branch 'origin/2.4' into querybuilder. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3909 from ruiwen/fix_postgres. [Andras Iklody]

fix: dev: Update POSTGRES-*.sql files - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3956 from dawid-czarnecki/fix/disable_correlation. [Andras Iklody]

Fix disabling correlations for single attributes - Fix disabling correlations for single attributes. [Dawid Czarnecki] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3954 from kfinny/fix-enrich-event-job-not-marked- as-completed. [Andras Iklody]

Fixes #3907, enrich event job not marked as completed. - Fixes #3907, enrich event job not marked as completed. [Kevin]

The enrichment background process did not do anything to update the job after completing its task. I used the same logic as the adjcacent 'publish' function to record progress, update the message and create a log entry. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3942 from tomking2/2.4. [Andras Iklody]

fix: Make IE11 compliant by adding startsWith polyfill - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3941 from tomking2/2.4. [Andras Iklody]

fix: Make IE11 compliant by removing default param value from ES2015 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3940 from mokaddem/issue#3937-quickEdit. [Andras Iklody]

new: [eventview] quick edits are triggered by clicking a button - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3932 from davidonzo/2.4. [Alexandre Dulaunoy]

Mod headers to be enabled - Mod headers to be enabled. [Davide Baglieri]

Apache configuration needs to load the headers module. Added the line #103 - Merge pull request #3927 from cvandeplas/2.4. [Andras Iklody]

fix: [objecttemplates] fixes issue #3921 - Merge pull request #3924 from keram79/patch-1. [Andras Iklody]

Fix error handling in Server.php - Fix error handling in Server.php. [keram79]

according to http://php.net/manual/de/exception.getmessage.php , the parenthesis are required - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]

v2.4.99 (2018-12-06)

New

  • [usability] Object templates view also accepts uuid as input vector. [iglocska]
  • [UI] Added warning for users not to edit events as site admins. [iglocska]
  • [CLI] Documentation updated. [iglocska]
  • [Rest] Added system for GET requests in the templating system. [iglocska]
  • [ReST] Added statistics. [iglocska]

Changes

  • [version] bump. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • Bump PyMISP recommended version. [Raphaël Vinot]
  • [doc] Updated CentOS 7 Install instructions to use SSL. [Steve Clement]
  • [doc] Some format updates to config files new: [doc] CentOS SSL apache config fix: [doc] Fixed symlink to Ubuntu webmin instructions. [Steve Clement]
  • Bump PyMISP. [Raphaël Vinot]

Fix

  • [stix import] Fixed missing event fields import. [chrisr3d]

  • Such as event info, event date and so on

  • [STIX2] fixed stix2 to use the internal original file capture. [iglocska]
  • [internal] Fixed the original file capture tool. [iglocska]
  • [UI] Fixed event edit warning. [iglocska]
  • [stix import] Fixed indicators parsing. [chrisr3d]

  • For stix1 generated with MISP

  • [stix import] Made sure the header description value fetching test is working is all cases. [chrisr3d]
  • [internal] Handle the upload of original versions of ingested files via a helper function instead of leaving it to external tools. [iglocska]
  • [model] Network activity category: add x509-fingerprint-md5 and x509-fingerprint-sha256. [co59]
  • [stix import] Fixed header description value fetching. [chrisr3d]

  • Again yes, but with the correct test now

  • [UI] Fixed crappy old style flash mesage on events/add that has been an eye sore for ages. [iglocska]
  • [stix2 import] Fixed pattern parsing for a specific case. [chrisr3d]
  • [CLI] Added bruteforce protection cleaning. [iglocska]
  • [API] previous commit fixed. [iglocska]
  • [internal] When editing an object to add new attributes, correctly set the default distribution if nothing is set. [iglocska]
  • [API] object edit fixed to return the object in the correct format. [iglocska]
  • [API] when adding an object, the response should have the correct format. [iglocska]
  • [internal] if no attribute distribution is found in the event edits, set the default instead of defaulting to 0. [iglocska]
  • [i18n] Added __() where needed. fix: [doc] Typo in field. [Steve Clement]
  • [freetext] fix notice on freetext import. [Sascha Rommelfangen]
  • [stix2 import] Function name typo. [chrisr3d]
  • [stix2 import] Handling cases where we have no galaxy. [chrisr3d]
  • Fixed elements returned by the url object parsing function. [chrisr3d]

  • Was raising an unexpected exception in a special case, which was skipping the entire object, because of a missing element to return

  • [merge conflict] resolved, [iglocska]

  • as notified by @a1ext

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3912 from Sh3idan/fix-incoherence-types-and- categories. [Andras Iklody]

fix: [model-data] Network activity category: add x509-...-md5 and x509-...-sha256 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3914 from SteveClement/guides. [Steve Clement]

chg: [doc] Some format updates to config files - Merge pull request #3770 from devnull-/issues_1643_rebase_2.4. [Andras Iklody]

Issues 1643 -- Fix publish_without_email when an event is modified -- rebase - Merge pull request #8 from MISP/2.4. [devnull-]

Update issue 1643 rebase 2.4 - Rebase issue 1643. [Amaury Leroy] - Merge pull request #5 from MISP/2.4. [devnull-]

Update - Merge pull request #4 from MISP/2.4. [devnull-]

Update - Merge pull request #3 from MISP/2.4. [devnull-]

Update - Merge pull request #3910 from SteveClement/2.4. [Steve Clement]

fix: [i18n] Added __() where needed. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3905 from WaryWolf/fix-xml-export. [Andras Iklody]

fix typo in event export to XML code - Fix typo in called method name. [Anthony Vaccaro] - Add: [stix2 import] Parsing external standalone ip address observables. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix2 import] Importing external standalone ip address patterns. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]

v2.4.98 (2018-11-26)

New

  • [server settings] Added automatic backup system for the server settings. [iglocska]
  • [UI] Explain what caching vs fetching feeds means. [iglocska]

via hover column header - [API] Various enhancements and fixes to the APIs. [iglocska]

  • Added result count to restsearch API via the x-result-count header
  • Added the includeProposals parameter to the attribute level restsearch
  • Readability of events controller improved
  • Fixed a bug blocking malware samples from being added using /events/add when the encrypt=1 flag was set for raw sample inclusion
  • [users/mails] Added possibility to send a mail to all users of the same organisation. [mokaddem]
  • [users/mails] add confirmation popup before sending mails. [mokaddem]
  • [freetext] Added BTC recognition, fixes #3864. [iglocska]
  • Various fixes to the reporting of validation errors for saving attributes. [iglocska]

  • view the failed/succeeded saves in batch imports, fixes #3866

  • fixed a bug that inserted junk into the flash messages, fixes #3863
  • fixed a bug that removed all but the last entry in a failed batch import #3865
  • [search] Rework of the UI attribute search complete. [iglocska]
  • [attribute search] Rework of the UI version of the search to unify the functionalities with the event view. [iglocska]
  • [stix2 import] Starting importing external pattern. [chrisr3d]

  • Starting with File objects

  • Also modified functions to make them reusable
  • [enrichment] separate caches for hover and persistent hover results. [iglocska]
  • [enrichment] clickable popup changes. [iglocska]

  • new persistent flag passed to misp modules to differentiate it from hovering

  • various UI changes
  • [feeds] Changed default feed target to fixed event. [iglocska]

  • major cause of death by overcorrelating

  • [doc] Added symlink to generic folder and added note what generic means/is. [Steve Clement]
  • [doc] Added Tsurugi Linux install script. [Steve Clement]
  • [search/sighting] Possiblity to quickly add sightings on ID or VALUE when searching. [mokaddem]
  • [search] Added possibility to directly sight an attribute after a search. [mokaddem]
  • [stix import] Marking parsing at attribute level. [chrisr3d]

  • Made marking parsing function reusable for event & attribute levels

  • [statistics] Added local org and user/org counts. [iglocska]

Changes

  • [bro] Preparation for the move to restsearch. [iglocska]

  • also fixed some edge-case issues

  • [version] bump. [iglocska]
  • [warninglists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP, because I like it... [Raphaël Vinot]
  • Bump PyMISP, again. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • [doc] More hardening ressources. [Steve Clement]
  • [doc] Added hardening section. [Steve Clement]
  • [documentation] Documented the freetext import API on the automation page. [iglocska]
  • [doc] Moved Ubuntu Webmin to experimental, as it is difficult to maintain without working production webmin install. [Steve Clement]
  • [doc] Some updates to the Webmin install doc. [Steve Clement]
  • [doc] Kali 2018.4 tested. Added note that we need fresh-install. [Steve Clement]
  • Bump PyMISP. [Raphaël Vinot]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [diag] Added warning message if getCurrentBranch() in Model/Server.php returns empty. [Steve Clement]
  • [contact email] Aligned button colours with the rest of the UI. [iglocska]
  • [users/emails] Better comments. [mokaddem]
  • [users/email] Changed behavior of sending mail to avoid code duplication. [mokaddem]

If an additional parameter is passed to the url, it will only shows the result of submitting the form without the submission - [eventview] changed default attribute sorting to timestamp->desc. [mokaddem] - [doc] Centos 7 update to make misp-modules work. Some notes on SELinux. [Steve Clement] - [doc] FreeBSD base MISP now works well enough. [Steve Clement] - [doc] Some more FreeBSD updates. [Steve Clement] - [doc] Due to some mimimi, FreeBSD is now "back" in the Archives. (Works on FreeBSD 12.0BETA4) [Steve Clement] - [documentation] Link to the rest client from the automation page. [iglocska] - [seach] 🚧, more work on the attribute search's JS components. [iglocska] - [search] Further progress on the attribute search UI. [iglocska] - [taxonomies] added the exercise taxonomy from CSIRT network discussions. [Alexandre Dulaunoy] - [taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [stix2 import] Parsing relationships & importing galaxies in the appropriate level. [chrisr3d]

  • Importing Galaxies in attribute level when expected by relationships, and possible
  • Importing Galaxies as before in event level otherwise
  • [misp-taxonomies] updated with the new and latest changes. [Alexandre Dulaunoy]
  • [enrichment] Linebreak handling for enrichment hovers. [iglocska]
  • Bump PyMISP. [Raphaël Vinot]
  • [doc] Fixed folder typo. [Steve Clement]
  • [doc] Added Tsurugi Linux to Index and changed some minor issue. [Steve Clement]
  • [doc] Tsurugi nearly done. [Steve Clement]
  • [doc] Initial Install working. Todo: Virtualenv everything. [Steve Clement]
  • [doc] Tsurugi is eXperimental. [Steve Clement]
  • [doc] functionalities updated to include the new ones. [Alexandre Dulaunoy]
  • [doc] Small typo. [Steve Clement]
  • [doc] Fixed yara in all guides. [Steve Clement]
  • [doc] Experimental Debian install now works with PHP 7.3RC4 chg: [doc] Some changes to variable use. [Steve Clement]
  • [doc] Added lief python 3.7 egg issue. [Steve Clement]
  • [doc] changing original MISP pipenv. [Alexandre Dulaunoy]
  • [doc] fix how to get path for Cake PHP. [Alexandre Dulaunoy]
  • [doc] default path for virtualenv fixed (matching the original one previously setup in the documentation) [Alexandre Dulaunoy]
  • [doc] default path for virtualenv fixed (matching the original one previously setup in the documentation) [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [doc] ${PATH_TO_MISP} everywhere. Added more granular php etc variable. [Steve Clement]
  • [doc] Added more notices on misp-dashboard on Ubuntu 16.04. [Steve Clement]
  • [doc] the venv directory needs usr_t profile. [Steve Clement]
  • [doc] Update Centos 6.x and 7.x chg: [doc] re-Added Ubuntu 16.04-LTS as an archived/old INSTALL Guide (tested working) chg: [doc] Adapted some variables in generic scripts. [Steve Clement]
  • [doc] updated Changelog.md to be more markdown friendly chg: [tools] Changed the way gen_misp_install_docs.sh parseses the changelog new: [tools] Added simple tool for git log sanitizing. [Steve Clement]
  • [view/search] close opened popover when clicking the document. [mokaddem]
  • Bump Pymisp, misp-galaxy misp-objects taxonomies. [Raphaël Vinot]
  • [statistics] Show % of users with pgp keys. [iglocska]
  • [taxonomies] bumped. [iglocska]
  • [taxonomies] updated. [iglocska]
  • [sighting restSearch] API documentation fixed (/get is now /restSearch) [Alexandre Dulaunoy]

Fix

  • [ACL] ACL updated. [iglocska]
  • Fixed header description value fetching. [chrisr3d]
  • [sync] Fixed a blocking bug preventing a full push from working with sharing group events. [iglocska]
  • [mactime] Some minor fixes. [iglocska]
  • [CS] CS brought up to date. [iglocska]
  • Error in mactime object. [aksha]
  • [CS] coding standards script re-run. [iglocska]
  • [mispObject] fixed disable_correlation saving & display issue. [Sami Mokaddem]

Before this fix, MISP was not saving any modification related to disable_correlation. Moreover, the value of disable_correlation was always set to the one specified in the object's template regardless of its actual value. - Fixes variable initialization inconsistency in Server push. [Christophe Vandeplas]

Fixes issues like: Warning (2): count(): Parameter must be an array or an object that implements Countable in [/var/www/MISP/app/Model/Server.php, line 2353] - [UI] clarification of the istance owner organisation field on the servers/add view. [iglocska] - [CSV] Fixed some defaults for the CSV export. [iglocska] - [API] Fix non exportable tags being included in the attribute level restsearch. [iglocska] - [API templates] Clarification about the serversettings API. [iglocska] - Test for old school CSV download. [Raphaël Vinot] - [install] Added pip3 installation before the venv installation. [Andras Iklody] - [instructions] Added missing virtualenv dependency. [Andras Iklody] - [tools] misp-restore.sh incorrectly validating 'BackupFile' from the command line. [Chris Ford] - [API] CSV ignore flag restored to old behaviour. [iglocska]

  • if not set, only return published events / to_ids flagged events by default
  • setting ignore:0 will result in the default behaviour
  • setting ignore:1 will result in unpublished events and non to_ids attributes being filtered out
  • fixed a bug that broke the CSV api if ignore:0 was passed
  • [sync] Fixed an issue preventing sharing group distributed data from being pushed. [iglocska]
  • [objects] Fixes issue #3874. [iglocska]

  • shouldn't be allowed in the first place

  • [admin/email] replaced hardcoded url into baseurl. [mokaddem]
  • [users/emails] submission fix + cleaned code + comments. [mokaddem]
  • [stix import] Fixed uuid fetching. [chrisr3d]
  • [missing files] added missing templates. [iglocska]
  • [attribute search] Fixed invalid JS calls introduced as part of the rework (🚧) [iglocska]
  • [api] Invalid handling of empty parameters in the built in parameter builder. [iglocska]
  • [tags] showAttributeTag function now correctly culls galaxy tags. [iglocska]
  • [stix import] Fixed Tags import. [chrisr3d]
  • [stix export] Fixed dictionary update which requires lists and not tuples. [chrisr3d]
  • [CLI] Fixed the CLI feed fetcher. [iglocska]

  • use "all" to fetch all feeds

  • [sharing groups] Fixed several sharing group issues preventing proper editing of events with SGs. [iglocska]

  • include the uuid and modified time in the sharing group

  • fix the incorrectly embedded organisation object
  • [API] better handling of trying to edit an attribute without permissions to do so. [iglocska]
  • [stix2 import] Fixed relationship target uuid. [chrisr3d]
  • [cleanup] Updated function names to differentiate observable parsing from the next updates on pattern parsing. [chrisr3d]
  • [API] throw a proper error when trying to edit an event without access to doing so. [iglocska]
  • [enrichment] linebreak woes. [iglocska]
  • [enrichment] Adding proper linebreaks, cut 2. [iglocska]
  • [cleanup] removed junk. [iglocska]
  • [cleanup] Cleaned up STIX 1&2 export scripts. [chrisr3d]
  • [stix2 import] Taking Relationship objects target_ref as uuid. [chrisr3d]

  • Better than using the Relationship id that is not going to be represented in MISP

  • We directly have the uuid of the object that will receive an Object Reference
  • Fixes attribute popup UI issues with expansion. [Christophe Vandeplas]
  • [stix2 import] Excluding patterns with any of some linking words. [chrisr3d]

  • Since those patterns contain linking words we do not know how to map, we do not even try to parse them and only stix2-patterns will be created from them

  • [stix 1&2 export] Making initiation lists immutable. [chrisr3d]

  • Lists only used for mapping should be immutable since they are not modified. Thus declaring as tuples is more appropriate

  • [doc] Typo in index for Tsurugi Linux. [Steve Clement]
  • [stix2 import] Better selection of objects to parse in object_refs. [chrisr3d]

  • It is not nececssary to call parsing functions on reports in object_refs because they are already parsed through the loop iterating through reports

  • [stix2 import] Using Report attributes instead of dictionary keys. [chrisr3d]

  • Also improved the loop iterating through reports

  • [stix2 import] Try-catching Report objects creator reference. [chrisr3d]
  • #3774 [restResponse] added missing includeEventTags entry. [mokaddem]
  • [doc] Added note about WSGI issues on Ubuntu 16.04 chg: [doc] Changelog.md updated to latest. [Steve Clement]
  • [doc] Included git repo of gitchangelog due to Python 3.7 bug fix not yet in release: https://github.com/vaab/gitchangelog/issues/107. [Steve Clement]
  • Travis build. [Raphaël Vinot]
  • [acl] bumped ACLComponent. [mokaddem]
  • [stix export] Fixed function header missing self attribute. [chrisr3d]
  • [stix import] Using standard error instead of standard output for missing types in mappings. [chrisr3d]
  • [stix import] Related objects parsing. [chrisr3d]

  • Not only for observables as before, but also for observable objects in indicators

  • [stix import] Using subclasses + Support of STIX coming from multiple MISP events. [chrisr3d]

  • Using subclasses here allowed us to simplify some variables declarations and to reuse some functions

  • STIX coming from multiple MISP events refers to STIX files created via the MISP to STIX export that can include multiple MISP events

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch 'mactime_merge' into 2.4. [iglocska]
  • Merge branch 'new_mactime_feature' into mactime_merge. [iglocska]
  • Update EventsController.php. [Aks6193]
  • Update: mactime file added as attachment for timeline analysis. [aksha]
  • Fixed: attribute issue. [aksha]
  • Add: object structure. [aksha]
  • Add: Misp object for mactime analysis. [aksha]
  • Modify: Changed data representation tables. [aksha]
  • Added Clear option for individual rows. [aksha]
  • Table representation of data. [aksha]
  • Added file content sanitization and line by line selection of text. [aksha]
  • Added Jquery UI and expansion pannels to the file analysis interface. [aksha]
  • Merge: First mactime commit. [aksha]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Add: [stix2 import] Added new combinaison of external pattern types. [chrisr3d]
  • Merge pull request #3895 from plbolduc/bugfix/objectreference. [Andras Iklody]

fixed an issue where the referenced_type was not an integer. - Fixed an issue where the referenced_type was not an integer. [pbolduc] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge pull request #3892 from cvandeplas/2.4. [Andras Iklody]

fix: fixes variable initialization inconsistency in Server push - Merge pull request #3891 from SteveClement/guides. [Steve Clement]

new: [doc] Added hardening section - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3879 from 8ear/patch-2. [Steve Clement]

Update INSTALL.debian9.md - Update INSTALL.debian9.md. [Steve Clement] - Update INSTALL.debian9.md. [Max H]

Add new MISP-MODULE apt dependencies - Merge pull request #3890 from SteveClement/guides. [Steve Clement]

chg: [doc] Some updates to Kali/Ubuntu w webmin and small typo fix. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3880 from crford/fix-misp-restore. [Andras Iklody]

fix: [tools] misp-restore.sh incorrectly validating 'BackupFile' from… - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Steve Clement] - Merge branch 'contact' into 2.4. [iglocska] - Merge branch '2.4' into contact. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3826 from MISP/sortingOnTimestamp. [Steve Clement]

chg: [eventview] changed default attribute sorting to timestamp->desc - Merge pull request #3868 from SteveClement/guides. [Steve Clement]

chg: [doc] Updated FreeBSD and CentOS 7 install guides - Merge branch 'rest_link' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3856 from moshekaplan/patch-1. [Andras Iklody]

Fix minor typo in recommended.actions.md - Update recommended.actions.md. [Moshe Kaplan] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix2 import] Parsing external process patterns. [chrisr3d]

  • Also small update on process mapping since a recent update on Process MISP Object includes more attribute fields
  • Add: [stix2 import] Parsing external network-traffic patterns. [chrisr3d]

  • Code duplication is also avoided in attributes creation, since the only change is the mapping dictionary we can use the same function with only that parameter changing instead of having the same function multiple times

  • Add: [stix2 import] Parsing external regkey patterns. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3852 from RichieB2B/ncsc-nl/fix-stix-cidr. [Christian Studer]

Keep CIDR subnet size in STIX export - Keep CIDR subnet size in stix export. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge pull request #3849 from axpatito/small_compare_fix. [Andras Iklody]

[BUGFIX] Small compare fix - Fixed double check if clause. [Axpatito] - Fix compare issue. [Axpatito] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3844 from SteveClement/guides. [Steve Clement]

fix: [doc] Typo in index for Tsurugi Linux. - Merge pull request #3843 from SteveClement/guides. [Steve Clement]

new: [doc] Added Tsurugi Linux install script - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3821 from StefanKelm/2.4. [Andras Iklody]

super tiny typos - Typo. [StefanKelm] - Merge pull request #3828 from SteveClement/guides. [Steve Clement]

chg: [doc] ${PATH_TO_MISP} everywhere. Added more granular php etc var - Merge pull request #3816 from devnull-/patch-1. [Alexandre Dulaunoy]

Wrong version of php7 opcache in docs/INSTALL.debian9.md - Wrong version of php7.0-opcache. [devnull-]

Change php7.2-opcache to php7.0-opcache (https://packages.debian.org/search?keywords=opcache&searchon=names&suite=stable&section=all) - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [mokaddem] - Merge pull request #3825 from SteveClement/guides. [Steve Clement]

chg: [doc] Added more notices on misp-dashboard on Ubuntu 16.04 - Merge pull request #3824 from SteveClement/guides. [Steve Clement]

fix: [doc] Added note about WSGI issues on Ubuntu 16.04 - Merge pull request #3823 from SteveClement/guides. [Steve Clement]

chg: [doc] Updates to guides: Ubuntu 16.04 - CentOS 6/7 - RedHat EL and updated mkdocs creation script - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [mokaddem] - Merge pull request #3822 from Rafiot/travis. [Raphaël Vinot]

fix: Travis build. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix import] Import of marking values as event tag, including AIS Marking. [chrisr3d]

  • Mapping of markings
  • More to come with the same operation for individual objects

v2.4.97 (2018-10-29)

New

  • [sighting/api] xml output format + improved error feedback. [Sami Mokaddem]
  • [sighting/api] trying to follow the new API architecture. JSON export is broken but CSV is working. 🚧... [Sami Mokaddem]
  • [Sightings/API] Added possiblity to get sightings based on a timerange/source/... [Sami Mokaddem]
  • [docs] Added new sub-sections in seperate files that are shared between install guides. new: [docs] ethX.md to bring back eth0 new: [docs] mail to misp install debian flavored guide new: [docs] ssdeep install debian flavored guide new: [docs] viper install debian flavored guide new: [docs] sudo/etckeeper install debian flavored guide new: [docs] misp dashboard install debian flavored guide. [Steve Clement]
  • [docs] Added 3 generic documentation files, one where the MISP install is completed, A specific centos/etc... one because, well, CentOS.. and the generic recommended actions section that kept repeating in all guides. chg: [docs] Implemented the above 3 files in all the guides. Plus some format changes. [Steve Clement]
  • [docs] Added generic notice about community contributed doc maintenance. [Steve Clement]
  • [galaxy] Several changes. [iglocska]

  • moved the current uuid field on cluster level to a new "collection_uuid" field to better represent the actual purpose

  • added new uuid field that actually captures the cluster's uuid
  • upgrade script is multi-execution safe
  • added /galaxy_clusters/view to the API
  • /galaxy_clusters/view can now be queried via the uuid instead of just the ID
  • [docs] Added globalVariables files to be included by all Install Guides chg: [tools] Updated dependencies on docs creator chg: [docs] Some minor changes to Ubuntu Install guide and added VariableglobalVariables chg: [docs] Updated mkdocs.yml with new dependencies. [Steve Clement]
  • [docs] Added eXperimental RHEL7.6 (BETA) Install Doc. [Steve Clement]
  • [tools] Added tool to create MISP INSTALL Docs and push to gh-page, plus it fetche latest Changelog.txt. [Steve Clement]
  • [docs] Added intial mkdocs directory. [Steve Clement]
  • [API] Added CSV as return format for event index. [iglocska]
  • [API description] Describe how to run diagnostics on MISP via the API. [iglocska]
  • [upgrade] Preparing the data for recovery after the object reference sync fix. [iglocska]

  • update the timestamps of all events / objcts that are affected and are locked = 0

  • [API] Added a way to use the API to throw values at the warninglist for quick evaluations of the values. [iglocska]
  • [logging] Log why an event could not be pulled. [iglocska]
  • [API documentation] Added some missing API templates. [iglocska]
  • [API] Added the log index/search to the API. [iglocska]

  • described in the templates / rest client page

  • [related tags] View the related tags of attributes on the event view (via a toggle) [iglocska]

Changes

  • [sighting/api] improved comments. [Sami Mokaddem]
  • [RestResponse] bump. [Sami Mokaddem]
  • Typo. [Sami Mokaddem]
  • [version] bump. [iglocska]
  • [config] Added permission check for .git directory. [Steve Clement]
  • [docs] Added note on RHEL unmaintainability at this point of time, by the core team. [Steve Clement]
  • [tools] Updated gitchangelog.rc for latest version of toll, added to doc generator. [Steve Clement]
  • Bump misp-galaxy & taxonomies. [Raphaël Vinot]
  • [docs] Added generic sections to debian guides. [Steve Clement]
  • [docs] Added a generic directory where all the platform independent files should reside. chg: [docs] Added MISP Defaults via the cake command to seperate file. [Steve Clement]
  • [misp-objects] forensic objects added. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version (including many new objects) [Alexandre Dulaunoy]
  • [docs] More formatting updates and evened both versions out. [Steve Clement]
  • [docs] Compared with bootstrap.sh and added missing dependencies and tools. [Steve Clement]
  • [docs] Added note on when Kali was last tested working. Added RHEL 7.6 BETA to index. [Steve Clement]
  • [docs] Leveled both install docs, updated debian testing and verified working. [Steve Clement]
  • [docs] Minor regression, fixed. [Steve Clement]
  • [docs] Leveled both guides, 9.5 moved a little closer to testing. [Steve Clement]
  • [docs] Symlink to rhel7 guide chg: [docs] Made the index a little less messy chg: [docs] A minor (but not automated) change to Changelog. [Steve Clement]
  • [tools] Changed testForBinExec as the x-sharedlib type is not only on OpenBSD, Debian has the same type when check if executable. chg: [tools] Added typeinfo to the return so you see in the UI what type it thinks it is. (In case you forced the parameter on the CLI) [Steve Clement]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [docs] More general info about xINSTALL in index. Minor formatting touch-up in license. Added missing sections to mkdocs.yml and adapted it to reflect official MISP repo. [Steve Clement]
  • [docs] Adapted rhel7/Ubuntu18.04/Centos7/UPDATE_Notes to be mkdocs compliant. [Steve Clement]
  • [tools] Added sed to gen_misp_install_docs.sh to replace some formatting tildes which mkdocs does not really understand chg: [docs] Minor touch-up to Changelog.md to correct for formatting issues. chg: [config] Added correct paths to .gitignore for mkdocs. [Steve Clement]
  • [docs] Adapted Debian 9/testing install to mkdocs new: [docs] Added old version of Debian + postgresql guide, needs updating. [Steve Clement]
  • [docs] Added symlinks to new .md to preserve old style for a while. chg: [docs] More details in README.md. [Steve Clement]
  • [docs] Added some symlinks to migrated files. [Steve Clement]
  • [docs] Remove some migrated INSTALL guides, move FreeBSD to old, will not be supported in the future. [Steve Clement]
  • [docs] Typo in UPGRADE.md. [Steve Clement]
  • [docs] Added an old upgrade doc, 2.3 -> 2.4, more as an example then anytyhing else. chg: [docs] Added UPGRADE.md notice for future upgrade steps. [Steve Clement]
  • [docs] Minor formating chage. [Steve Clement]
  • [docs] Removed old Debian stable install guide. [Steve Clement]
  • [docs] Updated Debian install guide. [Steve Clement]
  • [docs] Version bump of OpenBSD to 6.4. [Steve Clement]
  • [docs] Added misp-dashboard instruction, but not really working yet. [Steve Clement]
  • [docs] Another small unattentive typo. [Steve Clement]
  • [docs] Small misp-modules virtualenv typo. [Steve Clement]
  • [docs] Removed old OpenBSD Docs. [Steve Clement]
  • [docs] More or less finalized the Apache2 install. 95% working. [Steve Clement]
  • [docs] Disable native httpd for now added Apache2 conf. [Steve Clement]
  • [docs] Better formatting, more information on the current state of MISP on OpenBSD. [Steve Clement]
  • [docs] Reformated some of the .txt based doc. [Steve Clement]
  • [config] Added mkdocs site directory to be ignored. [Steve Clement]
  • [tools] Added x-sharedlib clause in testForBinExec if on OpenBSD. [Steve Clement]
  • [warninglist] warninglists updated, fixes #3775. [iglocska]
  • [Galaxy] Updated MISP galaxies. [iglocska]
  • Chg: [tools] removed: #@IgnoreInspection BashAddShebang -- Added a better globbing opt: ./* [Steve Clement]
  • [tools] Updated misp-backup and misp-wipe to be a bit more late 2018 compliant. [Steve Clement]
  • [tools] Added misp-wipe/misp-backup config file to .gitignore. [Steve Clement]
  • [python] Added and amended varios places where python is called. [Steve Clement]
  • [fix] Some fixed to the python virtualenv tweaks. [Steve Clement]
  • [python] Added initial python virtualenv support, STIX Tests only. [www-data]
  • [i18n] extracted latest strings to default.pot and cake_dev.pot. [Steve Clement]
  • [i18n] New strings in Spanish translation. [Steve Clement]
  • [i18n] Updated to latest jpn translation, minor changes. [Steve Clement]
  • [i18n] Added 100% French translation. Thanks to all involved so far. wq. [Steve Clement]
  • Bump PyMISP & recommended version. [Raphaël Vinot]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]

Fix

  • [API] minor fixes to the sightings api. [iglocska]

  • fixed duplicate sighting tags in XML output

  • added attribute value to the sighting
  • [sighting/api] added missing sighting source parameter. [Sami Mokaddem]
  • [ACL] bumped queryACL. [Sami Mokaddem]
  • [sightings/api] now support json output format. [Sami Mokaddem]
  • [bug] Fixed bug with stacking login screens ontop of an event view. [iglocska]
  • Aws would error if asked to del non-existing. [Hannah Ward]
  • [stix import] Avoided import of empty header description. [chrisr3d]
  • [galaxy] added collection uuid capture. [iglocska]
  • [view] Added uuids to galaxy cluster view. [iglocska]
  • [stix export] Avoided putting Incident object as attribute everywhere. [chrisr3d]

  • Incident is now a class attribute

  • It also let us make the function parsing some not really common attribute types lighter by putting a conditionnal statement in another function
  • [stix export] Made 'header_comment' a list so we don't overwrite the value. [chrisr3d]

  • There should only be one attribute matching the condition per event, but it is juste to be sure

  • [thumbnail] Thumbnail visualisation broken on proposals, fixes #3793. [iglocska]
  • [server] Allow certificates to be uploaded with other extensions besides .pem, fixes #3797. [iglocska]
  • [stix import] Importing uuids for objects from external sources. [chrisr3d]
  • [stix import] Importing uuids for STIX files generated via MISP. [chrisr3d]
  • [stix import] Improved uuid fetching. [chrisr3d]
  • [stix import] Better event & attribute distribution parsing. [chrisr3d]
  • [stix import] Supporting DHS stix files with ais marking. [chrisr3d]
  • [stix import] Fixed import of File Objects as single attribute. [chrisr3d]
  • [stix framing] Fixed Related Package(s) xml field typo. [chrisr3d]
  • [stix export] Fixed xml package string replacement. [chrisr3d]
  • [stix2 import] Avoiding errors when the imported file name is not specified. [chrisr3d]
  • [routes] Added route for .csv parsing. [iglocska]
  • #3769 Att&ck matrix now render multiple kill_chain by column. [Sami Mokaddem]
  • Check if the format is xml or application/xml on __sendResponse. [Tom King]
  • [cleanup] Removed debug from the bug fixing session. [iglocska]
  • [internal] Sharing group capturing fixed, fixes #3573. [iglocska]

  • As reported by @eCrimeLabs

  • [internal] Unneeded model initialisation for getDefaultAttachments_dir() [iglocska]
  • [stix2 import] Fixed GalaxyCluster description. [chrisr3d]

  • Since description is optionnal in some STIX 2.0 objects, we test if the field is there before trying to use its value

  • [stix2 import] Fixed MISP event info field when importing STIX2 without report object. [chrisr3d]
  • [stix2 import] Fixed json dict monkey syntax error. [chrisr3d]
  • [internal] getPythonVersion woes. [iglocska]
  • [internal] Fix of wonky model function calls across the application for getting default attachment directories. [iglocska]
  • [Galaxy] Various fixes to blocking issues with the galaxy update system, fixes #3773. [iglocska]
  • [API] Handle multiple event IDs being queries or not using the event ID filter when generating the CSV output file names. [iglocska]
  • [internal] Fixes to invalid model function calls. [iglocska]
  • [tools] small typo in she-bang line. [Steve Clement]
  • [stix2 import] Made NetworkTraffic objects import include all the possible cases. [chrisr3d]

  • We were potentially missing some DomainName or IP Address objects data, when it is not a reference of the NetworkTraffic object.

  • Now we look if we still have some of these objects that did not have been parsed, and in that case, parse them.
  • [stix2 import] Quick change on event loading. [chrisr3d]

  • Specifying the encoding within the file opening

  • Allows to get rid of 1 'encode()' call
  • [stix2 import] Better parsing for objects that can be imported as either ip-port or network-socket. [chrisr3d]
  • [stix2 import] Supporting STIX 2 files with no report object. [chrisr3d]
  • [stix2 import] Moved the remaining parsing functions from the mapping script to the main script. [chrisr3d]

  • Fixing at the same time some AttributeName errors

  • [stix2 export] Fixed enumeration errors handling. [chrisr3d]

  • More specific exception types

  • Removed useless try/catch statement
  • [stix2 export] Fixed attributes data parsing. [chrisr3d]

  • With json format, base64 & encode/decode operations are no longer needed since the base64 string is already displayed in data

  • [stix2 import] Fixed process import. [chrisr3d]

Fixing import for cases like: - single process without parent or child - where processes are not referenced as expected - [stix2 import] Fixed monkey coder issue. [chrisr3d] - [stix2 import] Added missing uuid fields to attributes and objects imported. [chrisr3d] - [stix2 import] Quick clean-up. [chrisr3d]

  • Using MISPObject class & attributes instead of adding a MISP object dealing with a dictionary
  • Using STIX objects attributes instead of ditionary keys
  • Removed useless 'continue' statement
  • [stix2 import] Parsing file objects in a more generic way between classes. [chrisr3d]
  • [stix2 import] Moved file object parsing function into the subclass. [chrisr3d]

  • Because it is only called by functions of this subclass

  • [stix2 import] Removed useless function. [chrisr3d]
  • [search] Multiple lines didn't correctly get parsed as separate values in the attribute search. [iglocska]
  • [workers] manage workers by default defaulted to false (should be true) [iglocska]
  • [API] Further fixes to the query builder. [iglocska]
  • Travis import/export. [Raphaël Vinot]
  • [API] Further fixes to the tag handling. [iglocska]
  • [API] Handle filters with no valid tags set as filter patterns correctly. [iglocska]

Other

  • Merge branch 'sighting_api' into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch 'weekend_fixes' into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into HEAD. [iglocska]
  • Merge pull request #3808 from FloatingGhost/2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3804 from 8ear/patch-1. [Alexandre Dulaunoy]

Update CONFIG.SMIME.md - Update CONFIG.SMIME.md. [Max H]

Include code blocks. - Merge pull request #3802 from SteveClement/guides. [Steve Clement]

chg: [tools] RHEL7 update status and added gitchangelog to document creation toolchain. - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3803 from garanews/2.4. [Andras Iklody]

fix accommodate misspelling - Fix accommodate misspelling. [garanews]

accommodate vs accomodate - Merge pull request #3799 from garanews/patch-1. [Alexandre Dulaunoy]

fix separate misspelling - Fix separate misspelling. [garanews]

separate vs seperate - Merge pull request #3800 from garanews/patch-2. [Alexandre Dulaunoy]

fix referred misspelling - Fix referred misspelling. [garanews]

referred vs refered - Merge pull request #3798 from SteveClement/guides. [Steve Clement]

chg: [docs] Major INSTALL Guide update - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix export] Exporting STIX header description from the corresponding comment attribute. [chrisr3d] - Add: [stix import] Importing STIX header description as comment attribute. [chrisr3d] - Merge pull request #3726 from pettai/shibb. [Steve Clement]

add date_created for provisioned users - Add date_created for provisioned users. [Fredrik Pettai]

add date_created then new users are provisioned via shibbauth - Merge pull request #3794 from SteveClement/guides. [Steve Clement]

chg: [docs] The debian install docs are now fully functional and quite a few format changes to some of the install guides. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3784 from SteveClement/guides. [Steve Clement]

new: [docs] Move INSTALL guides formatting to mkdocs - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3771 from P4rs3R/patch-3. [Alexandre Dulaunoy]

Update INSTALL.rhel7.txt - Update INSTALL.rhel7.txt. [A. Cristallo]

Added instruction (at line 109) and updated line 8, minor change. Tested on RHEL 7.5 and CentOS 7.5 - Merge pull request #3779 from MISP/att&ckMatrixFix. [Alexandre Dulaunoy]

fix: #3769 Att&ck matrix now render multiple kill_chain by column. - Merge pull request #3778 from tomking2/2.4. [Andras Iklody]

Fixes Issue #3633 - Returned XML has application/json Content-Type header - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3768 from devnull-/#3748_download_files. [Andras Iklody]

Fix CSV filename #3740 - Define filename (instead of download.csv) [Amaury Leroy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix2 import] Added an entry to the simple pattern mapping dictionary. [chrisr3d] - Merge pull request #3765 from IFX-CDC/2.4. [Andras Iklody]

add: workers diagnostics to the server settings - Fixed workers tab. [netjinho] - Added workers diagnostics to the server settings. [netjinho] - Merge pull request #3766 from SteveClement/misp-wipe. [Andras Iklody]

Misp wipe and backup - Merge pull request #3762 from SteveClement/py-virtualenv. [Andras Iklody]

chg: [tools] Added the option to have Python Virtualenv support - Merge branch '2.4' into py-virtualenv. [www-data] - Merge branch '2.4' into py-virtualenv. [Steve Clement] - Merge branch '2.4' into py-virtualenv. [www-data] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3760 from cudeso/2.4. [Alexandre Dulaunoy]

Ubuntu 18 documentation (sudo logrotate, universe repo) - Ubuntu 18 documentation (sudo logrotate, universe repo) [Koen Van Impe] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3757 from rmarsollier/patch-1. [Andras Iklody]

adding python-maec to the debian9 install - Adding python-maec to the debian9 install. [RbN]

adding python-maec to the debian9 install - Merge pull request #3758 from MISP/chrisr3d_patch. [Christian Studer]

Chrisr3d patch - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d] - 🚧 [stix2 import] Parsing external Network Socket objects when references are hostnames. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠
  • Also reusing functions working for both subclasses
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • Add: [stix2 import] Added 1 easily parsable pattern type for external STIX parsing. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • 🚧 [stix2 import] Parsing external observable IPAddr - NetworkTraffic - Domain composition objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • 🚧 [stix2 import] Parsing external process objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • 🚧 [stix2 import] Parsing external AS objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • 🚧 [stix2 import] Parsing external x509 objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • 🚧 [stix2 import] Parsing external mutex objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • 🚧 [stix2 import] Parsing external mac-address objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • 🚧 [stix2 import] Parsing external url objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • 🚧 [stix2 import] Parsing external regkey objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • 🚧 [stix2 import] Parsing external email objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing functions working for both subclasses
  • 🚧 [stix2 import] Parsing domain & domain-ip attributes/objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Also reusing code that works for both subclasses
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • 🚧 [stix2 import] Included pe & pe-section parsing for file objects. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • Including uuid fields
  • Including refactor on some class attributes to avoid errors and duplications
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • 🚧 [stix2 import] Starting parsing network-traffic objects from external files. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, this script may be broken in some cases atm ⚠

  • 🚧 [stix2 import] Starting parsing observables from external STIX2 files + moving functions to the main script. [chrisr3d]

  • ⚠ 🚧, it is preferable to wait for the branch to be merged, script broken atm ⚠

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3751 from ancailliau/fixes-error-message- control_workers. [Andras Iklody]

Fixes a typo in an error message (control_workers -> manage_workers) - Fixes a typo in an error message (control_workers -> manage_workers) [Antoine Cailliau] - Merge pull request #3750 from Rafiot/csv_travis. [Raphaël Vinot]

fix: travis import/export

v2.4.96 (2018-10-09)

New

  • [ReST client] generate python output too. [iglocska]

  • also, nicer toggle!

  • [API] Added cache export to export list. [iglocska]
  • [ReST Client] added curl output to make everyone's lives a bit easier. [iglocska]
  • [API] Added returnFormat descriptions in a programmatic way to the API info. [iglocska]
  • [API] Added a new export that simply hashes all values with a requested hash format. [iglocska]
  • [API] rework of the searchall/quickFilter parameters. [iglocska]

Now it correctly works as intended on both attribute and event contexts - [API] documentation added for the new APIs. [iglocska] - [export] Further changes required for the reworked export added. [iglocska] - [exports] New export system using restsearch. [iglocska] - [search] download functionalities added to the search. [iglocska] - [search] view changes added for the search. [iglocska] - [search] Search refactored completely to use restsearch. Still needs some minor changes. [iglocska] - [internal] restsearch's bulk code moved to the model for attributes. [iglocska] - [api] CSV export using thin overlay over restsearch. [iglocska] - [API] attributes/restSearch has received CSV as a new export format. [iglocska]

  • added hook to modify parameters based on the export's internal settings
  • [API] restsearch's internals moved to event model and reworked. [iglocska]

  • better chunking and parameter handling

  • [API] events/restSearch reworked, added CSV export. [iglocska]
  • [API] CSV export tool completely reworked. [iglocska]
  • [API] Improvements to the fetcher. [iglocska]

  • cache several objects that were loaded over and over before on bulk exports

  • includeGranularCorrelations internal flag added to include/exclude correlations from the export for certain types
  • some cleanup
  • [internal] Added caching to the sharing group organisations. [iglocska]
  • [internal] Organisation internal caching added. [iglocska]
  • [internal] GalaxyCluster internal caching added. [iglocska]
  • [API] added sendFile function to rest response component. [iglocska]
  • [API] events/restsearch rework - chunked export for performance gains. [iglocska]
  • [API] enable/disable warninglists by name substrings instead of IDs, fixes #3706. [iglocska]

  • {"name": ["alexa", "iana"], "enabled": 1}

  • [freetext] Freetext ingestion is now delegated to the background processing. [iglocska]

  • no setup needed

  • data to be ingested dropped to file, background worker ingests and processes the file
  • [freetext import] Added detection for AS. [iglocska]
  • [Complex type tool] Detection of [1] style refanging. [iglocska]
  • [API] Rework of the restSearch APIs. [iglocska]

  • peformance tuning

    • removed some redundant looping
    • internal memory profiling for attributes/restSearch
    • saving the intermediary results to file instead of keeping it all in memory to reduce the memory footprint
  • added the searchall parameter
  • fixed the ignore parameter
  • added the event_timestamp parameter
  • added manual pagination to the attribute level restsearch (limit, page)
  • [API] Added API description for the warninglist toggleEnable API. [iglocska]
  • [API] Toggle the warninglists on/off in a convenient API. [iglocska]

  • via /warninglists/toggleEnable

  • [blacklisting] pass parameters via named parameters to filter the index. [iglocska]

  • /eventBlacklists/index/event_uuid:[my_event_uuid]

  • [API] Correctly handle objects in flat exports and exposed text export to event level search. [iglocska]
  • [Galaxy] Delete individual clusters. [iglocska]

  • added an API and UI option to delete individual clusters

  • [variable tags] Added the ability to load and display variable tags. [iglocska]

  • as requested by Siemens

  • [API] Added the includeEventTags parameter to the /attributes/restSearch API. [iglocska]

  • appends all event level tags to each attribute

  • [stix import] Adding object describing the original STIX 1.X / 2.X used for import. [chrisr3d]

  • Depending if the variable passed to those scripts are not None, then it is the name of the original file used to import data

  • [API] Added possibility to include the original file while importing STIX data. [chrisr3d]
  • [API] Tied the RPZ export into the restsearch APIs. [iglocska]

  • also, made the export modules aware of the exhaustive parameter list

  • [API] Updated the RPZ export to follow the new API patterns. [iglocska]

Changes

  • [CSV] Added timestamp in CSV output with include context on the event level. [iglocska]
  • [version] version bump. [iglocska]
  • [automation page] cleanup. [iglocska]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [notice-list] updated to the latest version. [Alexandre Dulaunoy]
  • [warning-lists] updated to the latest version. [Alexandre Dulaunoy]
  • [taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • Bumped js version. [Sami Mokaddem]
  • Bump PyMISP. [Raphaël Vinot]
  • [export] Export view correctly fetches the state on whether an export includes attachments. [iglocska]
  • [API] made the CSV export type less restrictive by default (to_ids / published ignored by default) [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [API] new restresponse library addition fixed (send file) [iglocska]
  • Bump PyMISP. [Raphaël Vinot]
  • [sharing-group] fix typo "Added Organisations" -> "Added Instance" [Alexandre Dulaunoy]
  • [misp-objects] add the relationship annotates. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-taxonomy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-object] updated to the latest version. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [stix1 framing] Removed previous stix framing script. [chrisr3d]
  • [stix 1&2 export] Using header, footer and separator from the newest framing script. [chrisr3d]
  • [stix2 export] Using the RestResponse view call instead of having view files. [chrisr3d]
  • [stix2 export] Avoid Orgc Identity object duplication. [chrisr3d]

  • Orgc uuid returned each time a new one is seen in an event

  • All the uuids as parameter of the python script
  • Identity object added only if the current uuid is not in the parameters
  • References to the corresponding identity are (obviously) maintained for the final stix 2.0 file
  • [stix2 export] Multiple events export prepared in Controller & Model side. [chrisr3d]

  • Changes on automation side coming soon

  • [debugkit] Added the commented out loading of debugkit for convenience. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [default-feeds] CoinBlockerLists updated - fix #3682. [Alexandre Dulaunoy]
  • [misp-object] updates to the latest version. [Alexandre Dulaunoy]
  • [doc] Moved INSTALL files around to reflect a more acurate support landscape. chg: [doc] Update README.md to explain some of the folders/files. [Steve Clement]
  • [doc] Added zmq, redis, maec python module installations. [Steve Clement]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-taxonomy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [stix2 import] 2 main parsing cases split in 2 classes. [chrisr3d]

→ 2 cases: - STIX generated via MISP - external STIX - [Cortex] Don't set the content type header for cortex. [iglocska] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [doc] Added README to install directory. [Steve Clement] - [doc] Centos 7 Install doc updates, more automation and some auto defaults. [Steve Clement] - [doc] Updated and tested basic MISP functionality under CentOS 7.5. [Steve Clement] - [i18n] Update to languages: Danish (54%) German (17%) Japanese (100%) French (67%) Spanish (3%) [Steve Clement] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [misp-warninglists] updated to the latest version. [Alexandre Dulaunoy] - Bump recommended pyMispVersion. [Raphaël Vinot]

Fix

  • [sanitisation] Sanitise curl query. [iglocska]
  • [stix2 import] Fixed to_ids flag in imported objects. [chrisr3d]
  • [API] Fixed broken check for overriding IDS flags via proposals, fixes #3748. [iglocska]
  • [stix2 export] Fixed process objects export. [chrisr3d]
  • [stix2 export] Fixed function call typo. [chrisr3d]
  • [Auth] Correctly handle users accounts getting deleted whilst the users are logged in. [iglocska]

  • deauthed users would end up in a forced loop having to read the news creating a new blank user with each page refresh

  • [stix import] Updated external files import to include related indicators. [chrisr3d]
  • [stix import] Fixed custom objects import from external files. [chrisr3d]
  • [Objects] Adding an object would not unpublish the event. [iglocska]
  • [stix2 export] Avoiding export of the object related to the original file used for import. [chrisr3d]
  • [stix export] Avoiding export of the object related to the original file used for import. [chrisr3d]
  • [stix import] Fixed original imported file Object name. [chrisr3d]
  • Sort CSV file before comparing: we do not care what the order of the attributes is. [Raphaël Vinot]
  • [CSV] boolean fields should be set to 1/0 instead of true/false. [iglocska]
  • [freetext] tag field not working fixed. [iglocska]
  • [stix2 export] Handled case where we have only link attributes to be imported. [chrisr3d]
  • [restSearch] Avoiding useless stix python script calls on empty files. [chrisr3d]
  • [stix2] invalid path to script dir. [iglocska]
  • [restSearch] Ignoring square brackets around STIX2 objects returned by the python script. [chrisr3d]

Because they are already provided by the framing script - [stix export] Shortcut passing directly the 'Event' key of an event to the parsing functions. [chrisr3d] - [stix2 export] Avoiding identity object duplication. [chrisr3d]

  • Fixed orgs list, adding each org seen as it was intended but forgotten until now
  • [restSearch] Fixed return format for STIX formats. [chrisr3d]
  • [restSearch] Added STIX 1 & 2 in valid formats. [chrisr3d]

  • Also fixed indentation of the validFormats array

  • [restSearch] Fixed failed merge. [chrisr3d]
  • [stix2 export] Stopped passing ORGs already parsed as argument of the python script. [chrisr3d]
  • [restSearch] Changed how data is handled eeeeeeeeeee. [chrisr3d]

  • Criteria was number of events and is now number of attributes

  • Writing data in a file until the limit number of attributes is reached, then writing in the next file and looping again until all data is written
  • Then for each file, calling the python script to parse MISP events and translate them into STIX
  • Writing parsed STIX data into 1 file used to return the result
  • [stix2 export] Fixed event dictionary reading. [chrisr3d]
  • [stix2 export] Refactored MISP event format used to improve performances. [chrisr3d]

  • For big events, loading json file and parsing it as json format is much faster than loading it as PyMISP objects

  • [stix2 export] Clearer string concatenation in scripts & directories names definitions. [chrisr3d]

  • Reuse of variable name instead of string concatening

  • [restSearch] Refactored MISP event format used to improve performances. [chrisr3d]

  • For big events, loading json file and parsing it as json format is much faster than loading it as PyMISP objects

  • [stix1 export] Fixed baseurl & orgname fetching from scripts arguments. [chrisr3d]

  • Replacing empty arguments by default values

  • [stix1 export] Including the latest changes on the python script. [chrisr3d]
  • [stix2 export] Using class variables to define baseurl & orgname. [chrisr3d]
  • [restSearch] Prettifying stix packages with indents. [chrisr3d]

  • As it is in stix export function from Model/Event.php

  • [cleanup] Fixed indentation in restSearch. [chrisr3d]
  • Added variable to have attribute with no ids flag from fetchEvent. [chrisr3d]
  • [restSearch] Fixed variables & indent. [chrisr3d]
  • [ACL] Added exportSearch to the ACL. [iglocska]
  • [api] Sharing group organisations not iterated if they don't exist. [iglocska]
  • Headers are case-sentitive, do not strtoupper. [Hannah Ward]
  • [distributionGraph] changed condition to support one missing edge case. [Sami Mokaddem]
  • [distributionGraph] Fixed for loop to be less browser dependent. [Sami Mokaddem]
  • [internal] Moved validFormats array into a global for the event model. [iglocska]
  • [ReST] increased ReST client execution time to 300s. [iglocska]
  • [Feed] If no data is returned from a freetext feed a notice was generated. [iglocska]

  • added more graceful handling

  • [log] user zmq logging was always getting the first user instead of the actual one. [iglocska]
  • Travis tests failing, take 2. [Raphaël Vinot]
  • Travis tests failing. [Raphaël Vinot]
  • [graph] Made the correlation graph aware of the new correlation loading. [iglocska]
  • [internal] Organisation caching fixed for the event load. [iglocska]
  • [api] close the file after reading it. [iglocska]
  • [API documentation] Added missing filters to the restSearch API. [iglocska]
  • [API] sgReferenceOnly should work via the API too. [iglocska]
  • [API] handle empty value fields when running a quick search. [iglocska]
  • [API] Fixed the quickfilter parameter. [iglocska]
  • [cleanup] Some cleanup and fixes to invalid exception invocations. [iglocska]
  • [eventGraph] Adapted fa icon to match the current installed fa package. [Sami Mokaddem]
  • [eventGraph] prevents bug if object has no attributes. [Sami Mokaddem]
  • [stix2 export] Fixed Indicator & ObservedData arguments to avoid syntax error with version < 3.5 of python. [chrisr3d]
  • [stix2 export] Fixed string truncation. [chrisr3d]
  • [API] handle to_ids better in the restSearch APIs. [iglocska]

  • invalid default settings for text/suricata exports on the event scope fixed

  • 'exclude' re-introduced as a valid value
  • [API] handle invalid export module calls gracefully. [iglocska]
  • [stix2 export] Fixed unintended syntax error. [chrisr3d]
  • [Event] Prevents bug if object has no attributes. [Sami Mokaddem]

While using the event quick filter, prevents accessing a non existing index if the object has no attributes. - [stix framing] Fixed orgname in stix framing. [chrisr3d] - [stix framing] Removed monkey printing. [chrisr3d] - [stix framing] Redefined stix separator. [chrisr3d]

  • Avoid writing 'related package' xml key after each python script call
  • Those keys are now defined as separator and coming from the framing script
  • [stix export] Switched xml 'related packages' writing into the framing script. [chrisr3d]

  • Instead of doing it in the php side after the framing script is called

  • [stix framing] Fixed xml separator. [chrisr3d]
  • [API] toggle warninglists now correctly handles name lists as parameters instead of just single values, fixes #3706. [iglocska]
  • [enrichment] Made the payload of the API enriching an event with a list of modules a bit more lax. [iglocska]
  • [galaxy UI] clicking on metadata collapsed the galaxy quick view. [iglocska]
  • [Rest client] fixed invalid serialisation of some fields. [iglocska]
  • [cleanup] Fixed missing merge save. [chrisr3d]
  • [import modules] Avoiding issues with userConfig when module is csvimport. [chrisr3d]

  • If users tick the checkbox to specify there is a header in the csv file to import, there should not be an error with empty userConfig header

  • [stix1 framing] Including RichieB2B's patch. [chrisr3d]
  • [stix1 export] Fixed missing change on the framing script call. [chrisr3d]
  • [stix2 export] Fixed syntax in stix2 function. [chrisr3d]
  • [stix2 export] Fixed monkey issue in org uuid to return (in order to avoid duplication) [chrisr3d]
  • [stix2 export] Added missing view for stix2 json download. [chrisr3d]
  • [stix2 export] Fixed event fetching. [chrisr3d]
  • [API] Fixed an invalid lookup in the openioc export. [iglocska]
  • [API] added catcher for include_event_uuid via /attributes/restSearch. [iglocska]

  • affects #3695

  • [stix2 export] Variable typo. [chrisr3d]
  • [API] malware samples not encoded with withAttachments=1 on the event level restSearch. [iglocska]
  • [stix2 export] Cleaned up MISP objects parsing. [chrisr3d]

  • Replaced multiple if statements in a for loop by a dictionary mapping

  • [stix2 export] Removed list of MISP types no longer used. [chrisr3d]
  • [stix2 export] Cleaned up MISP attributes parsing. [chrisr3d]

  • Replaced multiple if statements in a for loop by a dictionary mapping

  • [API] CSV export snafu fixed. [iglocska]

  • perhaps not ignoring the filter parameters and getting the full dataset visible to the current user is a helpful idea

  • [API] Added rpz to restsearch API description. [iglocska]

  • also added text to events/restSearch

  • [internal] Fixed an issue that prevented all to ids attributes from being fetched on the event view. [iglocska]
  • [UI] Glaaxy quick view collapse toggle didn't correctly replace the + with a - when expanded, fixes #3678. [iglocska]
  • [API] Fixed the handling of the to_ids flag. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [ACL] Appease Travis (admin only function explicitly named) [iglocska]
  • [db] Fixed an invalid DB field. [iglocska]
  • [stix2 import] Using stix2 library attributes to load and parse STIX data. [chrisr3d]
  • [stix2 import] Fixed issue with self attribute used before declaration. [chrisr3d]
  • [stix2 import] Changed 1 function name to a more relevant one. [chrisr3d]
  • [sync] Invalid model call in the server pull using the update technique. [iglocska]
  • [diagnostic] Updated cybox reauired default version. [chrisr3d]

  • Since the very latest version is now installed on every new machine generated, we can consider it as default version

  • [stix2 import] Cleaned up duplicate function & Fixed external STIX files parsing. [chrisr3d]

  • External STIX files parsing improvement to come

  • [stix2 import] Fixed mapping between STIX objects and galaxies fields. [chrisr3d]
  • [stix2 export] Fixed fields exported from galaxies. [chrisr3d]

Better mapping regarding the relevance of each field - [stix2 import] Removed no longer used function. [chrisr3d] - [cleanup] Loading mapping dictionary only when needed. [chrisr3d] - [API] various fixes to the timestamp handling. [iglocska] - [Cortex] Unset cortex content-type header when doing a GET request. [iglocska] - [merge issue] resolved merge issue. [iglocska] - [API] fixed an invalid dissection of the tag parameter if the parameter is not set. [iglocska] - [cleanup] Cleanup of removed upgrade scripts. [iglocska] - [upgrade] replay potentially missed updates. [iglocska] - [sync] Fixed some issues throwing notices when pulling. [iglocska] - [sync] Fix pull not working caused by the refactor. [0xiso] - [sync] Fix pull not working. [0xiso] - [doc] Add an option to checkout submodules recursively. [0xiso] - Making python 3.5 happy with exception type ImportError. [chrisr3d] - [stix import] Fixed object_relation field key for the format of the original imported file. [chrisr3d]

  • Following the latest changes on the object
  • [Sighting] Fixed sighting creation. [chrisr3d]
  • [stix1 import] Updated file parsing. [chrisr3d]

  • Including import of single attribute for the latest supported STIX file object

  • Including parsing of the STIX file object field 'full_path' which can be found in any of the different STIX object describing files
  • [stix import] Avoiding encoding errors on reading file. [chrisr3d]
  • [stix import] Quick fix on the new MISP object (for original files imported) attributes. [chrisr3d]

  • Following the changes on the object itself

  • [API] Quick fix on a dict key to fetch the name of the stix file imported. [chrisr3d]
  • [stix import] Importing the original file binary using the data field in attribute instead of value field. [chrisr3d]
  • [stix import] using the decoded binary of the original file imported as attachment. [chrisr3d]
  • [RPZ] flatten attributes for the RPZ export. [iglocska]
  • [API] downloading events in XML format via the UI returns JSON. [iglocska]
  • [Feeds] Don't try to find caches for feeds that don't have caching enabled. [iglocska]
  • [REST client] baseurl can now be set optionally in the url. [iglocska]
  • [Feeds] I CAN'T MATH. [iglocska]
  • [feeds] Feed caching generates a lot of notices. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3743 from WaryWolf/unmanaged-workers. [Andras Iklody]

Add "manage workers" option. - Add "manage workers" option. [Anthony Vaccaro]

This is enabled by default, which replicates the current behaviour of having controls to start, stop and restart workers in the server settings page. When set to disabled, these controls are hidden, which allows server administrators to manage the worker processes externally, e.g. via systemd.

A sample systemd unit file has also been included into the INSTALL directory. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d] - Add: [restSearch] STIX 1 & 2 export for restSearch. [chrisr3d]

Features to be merged: - Export of multiple MISP events - Fetching events and writing them into files, each file containing at most a number of attributes defined by a limit - Each file is then parsed instead of parsing each event individualy, which reduces the number of times the python scripts are called, reducing the execution time of the overall process - The result is then returned as on single file read and displayed - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d] - 🚧 [stix2 export] Supporting export of multiple MISP events. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d] - 🚧 [restSearch] Passing multiple events to the STIX parsing script. [chrisr3d]

  • atm calling the python script every 10 events fetched with fetchEvent
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d]
  • 🚧 [stix1 export] Supporting export of multiple MISP events. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_restSearch_tests. [chrisr3d]
  • 🚧 [restSearch] Added stix2 export in restSearch. [chrisr3d]
  • 🚧 [restSearch] Stix1 export for restSearch. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge pull request #3730 from FloatingGhost/2.4. [Andras Iklody]

fix: Customauth Headers are case-sentitive, do not strtoupper - Merge pull request #3731 from RichieB2B/ncsc-nl/show-more. [Andras Iklody]

Only display "Show 2 more" and up - Only display "Show 2 more" and up. [Richard van den Berg] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Sami Mokaddem] - Merge pull request #3729 from RichieB2B/ncsc-nl/trim-merge. [Andras Iklody]

Trim spaces from source_id in merge form - Trim spaces from source_id in merge form. [Richard van den Berg] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3725 from lhirlimann/2.4. [Alexandre Dulaunoy]

Unify url for modules, make them usable behind proxies - Unify url for modules, make them usable behind proxies. [Ludovic] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3723 from pettai/shibb. [Alexandre Dulaunoy]

fix typo - Fix docs. [Fredrik Pettai]

fix docs (DefaultRoleId is not implemented in the code) - Fix typo. [Fredrik Pettai]

fix typo in error message - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3711 from pettai/install. [Andras Iklody]

add missing meac dep - Add missing meac dep. [Fredrik Pettai]

add missing meac dep - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3707 from Rafiot/2.4. [Raphaël Vinot]

chg: Bump PyMISP - Merge branch 'stix2' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] - Add: [export] Introduction of a framing script. [chrisr3d]

  • atm returning header, separator and footer for both stix 1 & 2 export
  • will do the same for other export formats, as a centralized script taking the parameters needed for the format in subject and returning the corresponding header, footer and separator
  • Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d]
  • Add: [stix2 export] Added stix2 export view. [chrisr3d]
  • Add: [stix2 export] Added instruction about automation part. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3664 from SteveClement/guides. [Andras Iklody]

chg: [doc] Moved INSTALL files around to reflect a more accurate support landscape. - Merge branch '2.4' into guides. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Proposed fix for admin add org with logo. [Sascha Rommelfangen]

proxied via @iglocska - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d] - Merge branch 'feature/variable_tag_value' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3626 from 0xiso/fix-pull-progress. [Andras Iklody]

fix: [sync] Fix pull not working - Merge pull request #3654 from 0xiso/fix-install-doc. [Andras Iklody]

fix: [doc] Add an option to checkout submodules recursively - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3631 from SteveClement/i18n. [Steve Clement]

chg: [i18n] Update to languages: Danish (54%) German (17%) Japanese (100%) French (67%) Spanish (3%) - Merge remote-tracking branch 'upstream/2.4' into i18n. [Steve Clement] - Merge pull request #3630 from SteveClement/guides. [Steve Clement]

chg: [doc] CentOS 7 amendments, basic functionality established - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' into i18n. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - [stix1 import] Changed one of the generic STIX objects parser into a return function. [chrisr3d]

  • So we extend the list of results instead of having it as a parameter
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into chrisr3d_patch. [chrisr3d]
  • Fixed bug where popoverChoice was returning undefined values for some browser. [Sami Mokaddem]

v2.4.95 (2018-09-06)

New

  • [API] set default behaviour to require to_ids and published set to 1 to be included in exports. [iglocska]

  • doesn't affect MISP json and xml formats

  • [automation description] Added legacy mode toggle. [iglocska]
  • [UI] Added an enrichment on-demand pop-up for hover modules. [iglocska]
  • [REST client] Templating system added to the rest client. [iglocska]
  • [REST client] added the api enumeration to the rest client view. [iglocska]
  • [API] Restresponse component function added to enumerate available APIs for the REST client. [iglocska]

  • also, added API descriptions for the restsearch functionalities

  • [ACL] Added soft validation for available API enumeration. [iglocska]
  • [API] evnet level restsearch switched to new modular conversion system. [iglocska]
  • [API] fixed two cases where the new filter parameter builder was being naughty. [iglocska]

  • copy-pasta fail induced skipping of parameters with only NOT parameters fixed

  • OR/AND/NOT formatted parameters with singular values (such as '{"OR": "foo"}' now handled correctly
  • [API] XML export now exports both event and attribute level data. [iglocska]

  • relying on the old XMLConverterTool for event level conversions

  • [API] OpenIOC export library correctly handles both events and attributes as their payload. [iglocska]

  • fixed annoying line breaks in the output

  • [API] NIDS exports now correctly support event and attribute level exports. [iglocska]

  • also, suricata/snort rules now include both the event and the attribute tags in the metadata

  • [API] JSON export library updated to support both attribute and event level conversions. [iglocska]

  • relies on the old JSON library for event level conversions

  • [REST client] Allow skipping SSL validation. [iglocska]
  • [REST client] Resolve urls and show API description if applicable. [iglocska]
  • [API] Added the libraries for the JSON, XML and Text exports. [iglocska]
  • [internal] SQL debug API tool added. [iglocska]

  • just pass /sql:1 to any query via the API to see a dump of all queries

  • Response isn't very clean, JSON pushed infront of whatever the output is
  • requires debug mode = 2
  • [API] rework of the attribute level restsearch. [iglocska]

  • optmisation, use of external converters

  • one api to rule them all concept / controller
  • [API] Made the NIDS export compatible with the new API. [iglocska]
  • [API] Added the new XML converter. [iglocska]
  • [api] Added new open IOC export system. [iglocska]
  • [api] first revision of the attribute export. [iglocska]
  • [API] reworked the attribute level restsearch. [iglocska]

  • use the new filter parameters

  • use the new condition building mechanism

  • no more pre-filtering

  • [rest client] parsers for JSON/HTML return added. [iglocska]
  • [rest client] parser helper css/js added. [iglocska]
  • [API] CSV export tool added. [iglocska]
  • [API] 🚧 work in progress - moving CSV export to standardised converter format. [iglocska]
  • [API] Added publish filter to restsearch. [iglocska]
  • [API] further rework of the restsearch api. [iglocska]

  • move to the new popping filter system

  • [API] rework of the event level restSearch (🚧) [iglocska]
  • [internal] Further work on the filtering. [iglocska]
  • [internal] Rework of the filter handling internally. [iglocska]
  • [internal] Added internal functions to interpret parameters in various formats / coming from various sources. [iglocska]
  • [internal] Added new internal functions to be used by all export APIs in the future. [iglocska]

  • authenticate user via URL params if not already authenticated (to support legacy APIs)

  • harvest parameters in a standardised way for filtering all export APIs
  • [API] new centralised parameter system for APIs. [iglocska]
  • [refactor] CSV api refactor. [iglocska]

  • performance gains

  • first step in unifying all APIs
  • moved the CSV data lookup into fetchattributes
  • internal pagination is now more clever with a watchdog flag that can prevent unneeded executions by whatever calls fetchattributes
  • [API] exposed the server related functionalities to the API. [iglocska]

  • server index

  • server push
  • server pull

  • improved logging / error reporting of the sync functionalities

  • [i18n] Added German Translation (12%) upd: [i18n] Czech 4%, French 19%, Danish 48%, Italian 42%, Korean 3%, Portuguese 6% [Steve Clement]
  • [performance] disable the checking of expired sessions for automatic logouts. [Andras Iklody]
  • Add install instructions. [Hannah Ward]
  • Add download functionality. [Hannah Ward]
  • Add upload/download for attachments. [Hannah Ward]
  • Add S3 client class. [Hannah Ward]
  • [tool] Generator for types/categories in all the places of MISP. [Christophe Vandeplas]
  • [feature] Built in REST client added to test / interact with the API directly from MISP. [iglocska]

  • no more shitty chrome extensions that crash during trainings, rejoice!

Changes

  • [doc] Point to official misp-book, MISP "User Guide" in main codebase is obsolete. [Steve Clement]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [version] Bump. [iglocska]
  • [bug] Fixed wrong event lookup in case the uuid is passed as an eventId. Previously the code had two mutually exclusive conditions Event.id = uuid and Event.uuid = uuid so we were getting Invalid event. error. [chkp-aliaksandrt]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [automation description] Updated the automation page to reflect the changes made to the restSearch APIs. [iglocska]
  • [UI] made the enrichment sticky popup's trigger button behave like a button. [iglocska]
  • [misp feed] schema fixed to include caching_enabled field. [Alexandre Dulaunoy]
  • [misp default feeds] ipspamlist added as a feed provider. [Alexandre Dulaunoy]
  • [doc] Fixed permissions for logrotate. [Steve Clement]
  • [internal] JSONConverterTool's support for the deprecated showorg flag removed. [iglocska]
  • [API] legacy passing of the api key via URL parameters caused an invalid response type. [iglocska]

  • automatically selects json now

  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [cleanup] removed leftover converter. [iglocska]
  • [internal] not needed conditional cleaned up. [iglocska]
  • [whitelisting] Cache the whitelist values in memory for each instance of the whitelist model. [iglocska]

  • instead of loading it over and over

  • Bump PyMISP. [Raphaël Vinot]
  • [rest client] render the response by default. [iglocska]
  • [querystring] version bumped. [iglocska]
  • [API] Fixed fetchAttributes lookup on value to be only optionally a substring search. [iglocska]
  • Bump PyMISP. [Raphaël Vinot]
  • Try xenial on travis. [Raphaël Vinot]
  • [API] further work on the new CSV export. [iglocska]
  • Add more tests. [Raphaël Vinot]
  • [style] function opening brackets fixed. [iglocska]
  • [api] reworked the CSV api to use the new standardised function calls. [iglocska]
  • [cleanup] removed moved and reworked harvestParameters function. [iglocska]
  • [restResponse] Updated restResponse library to produce nicer exceptions. [iglocska]

  • more in-line with the standard exceptions

  • [refactor] Broke contact email function up into parts. [iglocska]
  • [cleanup] Removed todos from userscontroller that have become irrelevant. [iglocska]
  • [internal] Cleanup of the pull function. [iglocska]

  • split into functions based on the concerns it handles

  • separated event download and proposal download into separate functions
  • [cleanup] Removed unused view variable. [iglocska]
  • [doc] MISP logo b&w only added. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [data-model] new bro attribute type to store rule in Bro rule-format. [Alexandre Dulaunoy]

Fixed #3584 - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [misp-warninglists] updated to the latest version. [Alexandre Dulaunoy] - [install] Some minor fixes to the install guide. [Andras Iklody] - [performance] Only check if user is logged in if disable_auto_logout is not set. [Andras Iklody] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version including related changes. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [misp-warninglist] updated to the latest version. [Alexandre Dulaunoy] - [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [visual] Changed the name of the rest client. [iglocska]

Fix

  • [documentation] added missing legacy automation page view. [iglocska]
  • [description] Typo in serverSetting fixed, fixes #3612. [iglocska]
  • [API] using "download" as a returnformat via the URL breaks the restSearch API. [iglocska]

  • we have to keep it as a legacy option and map it to json

  • [API] Fixed the broken CSV export. [iglocska]
  • [stix2 export] Fixed timestamp to datetime conversion for 'date_sighting', using utc format. [chrisr3d]
  • [stix2 import] Fixed Sighting import format. [chrisr3d]
  • Create temp folder if it doesn't exist in EventsController::export() [Xavier Mehrenberger]
  • [stix2 import] Fixed some time-based attribute fields previously wrongly imported from STIX object fields. [chrisr3d]
  • [stix2 import] Keeping uuids from STIX objects imported as attributes. [chrisr3d]
  • [REST client] Fixed the order of execution for the various JS functions when changing template. [iglocska]
  • [REST client] Correctly detect camelised parameters as single values instead of lists. [iglocska]
  • [REST client] resolved issues with the URL builder for the REST queries causing double "/"s after the baseurl. [iglocska]
  • [internal] Invalid export format detection now throws an exception instead of dying ungracefully. [iglocska]
  • [internal] AppController minor fix. [iglocska]

  • fix bug of invalid forcing of JSON export type in certain conditions

  • [API] invalid pass by reference parameter not passed as a variable. [iglocska]

  • fixes "Cannot pass parameter 1 by reference" bug

  • [ACL] getApiInfo added to acl. [iglocska]
  • [internal] Org to org_id conversion correctly handled by restSearch filters. [iglocska]
  • [ACL] exclude afterfilter from the api checks. [iglocska]
  • [internal] Whitelist model initialisation copy paste fail. [iglocska]
  • [api] Added missing files. [iglocska]
  • [REST client] Fixed the url parser for the client not handling named params. [iglocska]
  • [api] added attributes controller wip changes. [iglocska]
  • [internal] removed old restsearch on the attribute level. [iglocska]
  • [REST client] Fixed issues with multiple values in the same header. [iglocska]
  • [merge conflict] added merge conflict resolution. [iglocska]
  • [internal] Handle tags passed via parameters not encapsulated in an array. [iglocska]
  • [API consistency] restsearch on an attribute level should return the same format when hits were found and not. [iglocska]
  • ['UI bug fixed'] adding an attribute could result in an exception after a successful addition. [iglocska]
  • [REST client] fix to the JSON prettyfication. [iglocska]
  • [internal] Block attributes by tag using the event level restsearch API. [iglocska]
  • [internal] Changed the type filter function hook. [iglocska]
  • [CS] Updated recent changes. [iglocska]
  • CSV test. [Raphaël Vinot]
  • [internal] Properly detect buggy parameters passed in the "last" format. [Raphaël Vinot]
  • Improve testing. [Raphaël Vinot]
  • Dirty install of python 3.6 on travis. [Raphaël Vinot]
  • [internal] Fix to the parameter parsing of the CSV path. [iglocska]
  • [API] Class name fixed. [iglocska]
  • [internal] uuid filter fixed. [iglocska]

  • copypastafail

  • [internal] resolveTimeDelta fixes. [iglocska]

  • handle seconds

  • return the current time as a filter if nothing is matched
  • [internal] Fixed incorrect file added in previous commit. [iglocska]
  • [internal] publish_timestamp was ignored by the new restsearch. [iglocska]
  • [internal] resolveTimeDelta() check relaxed to allow for stringified timestmaps and floats. [iglocska]
  • [internal] removed attribute.timestmap from the event level timestamp filters. [iglocska]
  • [API] allow other returnFormats besides download to work for restsearch. [iglocska]
  • [internal] looplimit lowered to 50k for fetchAttributes. [iglocska]

  • maybe we should base this number off the available memory somehow...

  • [internal] Fixed an incorrect parameter lookup for the from/to timefilter parser. [iglocska]
  • [API] copy pasta error in parameter harvester. [iglocska]
  • [cleanup] Fixed an assignment in a comparison. [iglocska]
  • [stix2 export] Reverted a previous change on timestamps. [chrisr3d]

  • Following the STIX 2.0 requirements

  • Including the latest changes on PyMISP
  • Solution adopted before any other one is found (for instance when 2.1 version is released)
  • [stix] Timestamps patched. [chrisr3d]

  • Including the latest patches on PyMISP object timestamps

  • Some other quick timestamps import cleaned up
  • [cleanup] Cleaned up STIX incident creation. [chrisr3d]
  • [stix2 export] Fixed some timeline related fields. [chrisr3d]

  • for instance 'valid_from' should not be related to timestamp

  • Added the 'created' field in report as well, using the event date
  • [Taxonomies] Taxonomy update broken if no expanded values are provided on the predicate or entry level. [iglocska]
  • Old python crap. [Raphaël Vinot]
  • [stix2 import] Importing regkey & regkey|value as attribute and not regkey object. [chrisr3d]
  • [stix1 export] Stripping registry keys and values to avoid spaces. [chrisr3d]
  • [feeds] Custom headers / authorization broken on csv/freetext feeds, fixes #3581. [iglocska]
  • [cleanup] Reduced credential objects parsing complexity. [chrisr3d]
  • [cleanup] Made Exceptions happy specifying types. [chrisr3d]
  • [cleanup] Cleaned up Course of Action parsing. [chrisr3d]
  • [cleanup] Made exceptions happy + cleaned up if statement. [chrisr3d]
  • [cleanup] Reduced complexity of the email objects parsing. [chrisr3d]
  • [cleanup] Cleaned up Exception handling. [chrisr3d]
  • [cleanup] Minor cleanup on custom objects parsing functions. [chrisr3d]
  • [cleanup] Reduced the main function complexity. [chrisr3d]
  • [cleanup] Cleaned up libraries import. [chrisr3d]
  • [cleanup] Reduced complexity in PE objects parsing. [chrisr3d]
  • [cleanup] Cleaned up libraries import. [chrisr3d]
  • [i18n] Variables are in no need to be translated, it will break stuff, horribly. upd: [i18n] Update default.pot again. [Steve Clement]
  • [statistics] Solve the issue with the unfiltered total counters in the user and org statistics. [iglocska]
  • ['UI bug fixed'] adding an attribute could result in an exception after a successful addition. [Andras Iklody]
  • [statistics] fixed an issue where the org statistics didn't correctly apply the local filters. [iglocska]

  • both local and external just showed the sum totals instead of the individual pools

  • [instructions] remove suggestion to check out last tagged version on install. [Andras Iklody]
  • Use configured attachments_dir instead of app/files/ in ShadowAttributesController.php. [Xavier Mehrenberger]
  • [typo] in S3 impementation. [Andras Iklody]

  • Thanks @FloatingGhost for noticing

  • I hope your love for PHP will never cease to grow!
  • Add PHP SDK install instructions. [Hannah Ward]
  • [API] Allow rapid changes to attributes (>1 per second) [iglocska]
  • [encryption] broken S/MIME encryption. [iglocska]

  • as reported and pinpointed by @3c7

  • blind fix, awaits confirmation
  • [usersStat] allow fetching json of statistics/users. [Sami Mokaddem]
  • [cleanup] Improvement of some for loops. [chrisr3d]
  • [stix2 import] Fixed uuid of single ip attributes. [chrisr3d]
  • [cleanup] Cleaned up duplication of code from the previous commit. [chrisr3d]
  • [cleanup] Cleaning up objects parsing. [chrisr3d]
  • [UI] fixed missing sighting sparklines. [iglocska]
  • [bug] fixed a typo preventing the attack matrix from working. [iglocska]
  • [rest client] corrected the calculation of the rest client duration. [iglocska]

  • I can't maff gud

  • [API] Some API rearrange issues fixed in events/add. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Temporary revert to avoid PGP bug. [Sami Mokaddem]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge pull request #3623 from SteveClement/guides. [Andras Iklody]

chg: [doc] Guides in the main code base are obosolete - Merge remote-tracking branch 'upstream/2.4' into guides. [Steve Clement] - Merge branch '2.4' into guides. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3530 from chkp-aliaksandrt/fix-object-add-if-uuid- is-passed-as-eventid. [Andras Iklody]

chg: [bug] Fixed wrong event lookup in case the uuid is passed as an eventId. - Merge pull request #3518 from zeroq/sync_sightings_on_publish. [Andras Iklody]

Sync sightings on publish - Provide uuid of new sighting to save function. [jgo] - Check if sighting with given uuid already exists before saving new sighting. [jgo] - Todo added: do not add sightings that are already there. [jgo] - Attach found sightings to event item. [jgo] - Add attribute UUID to sighting item (easier for synchronization) [jgo] - Merge pull request #3546 from WaryWolf/gpg-clearsign-fix. [Andras Iklody]

Split GPG signing and encrypting of outgoing emails into separate operations - Split signing/encryption decisions into a separate method. [Anthony Vaccaro] - Split GPG signing and encrypting of outgoing emails into separate operations. Allows for plaintext signing of outgoing emails. [Anthony Vaccaro] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Add: [stix1 import] Added STIX 1 object type to the mapping types. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3610 from RichieB2B/patch-3. [Andras Iklody]

Prevent STIX export crash - Prevent STIX export crash. [Richie B2B]

attribute can be None which causes the STIX conversion to crash - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3609 from SteveClement/2.4. [Steve Clement]

chg: [doc] Fixed permissions for logrotate - [chg] fix: Set correct perms for log rotate, faup fixed upstream. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3608 from Lastpixl/fix-export. [Andras Iklody]

fix: create temp folder if it doesn't exist in EventsController::expo… - Add: [stix2 import] Parsing 'valid_until' in indicators as expiration date in Sightings. [chrisr3d] - Add: [stix2 export] Parsing expiration date from sightings as 'valid_until' in indicators. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'feature/api_rework2' into 2.4. [iglocska] - Merge branch 'feature/api_rework' into feature/api_rework2. [iglocska] - Merge branch 'feature/api_rework' into 2.4. [iglocska] - Merge branch '2.4' into feature/api_rework. [iglocska] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [iglocska] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [Raphaël Vinot] - Merge branch '2.4' into feature/api_rework. [iglocska] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [iglocska] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [iglocska] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [Raphaël Vinot] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [iglocska] - Merge branch '2.4' into feature/api_rework. [iglocska] - Merge branch 'feature/api_rework' of github.com:MISP/MISP into feature/api_rework. [iglocska] - Merge pull request #3557 from Rafiot/feature/api_rework. [Raphaël Vinot]

Feature/api rework - Merge pull request #3551 from Rafiot/feature/api_rework. [Raphaël Vinot]

chg: try xenial on travis - Merge branch '2.4' into feature/api_rework. [iglocska] - Merge branch '2.4' into feature/refactortime. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into feature/refactortime. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3597 from lcpdn/patch-12. [Alexandre Dulaunoy]

Add french translation on default.po (18% > 60%) - Update default.po. [lcpdn]

Going from 18% to 60% on crowdin with my parts. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3587 from droe/2.4. [Andras Iklody]

Fix broken timestamps by using 24 hour clock and ISO 8601 date format - Fix broken timestamps by using 24 hour clock and ISO 8601 date format. [Daniel Roethlisberger]

The event view shows a wrong "Last change", e.g. "2018/08/23 06:01:45" for "2018/08/23 18:01:45". The same problem affects the timestamp in the XML generated by IOCExportTool.php. Fix by correcting the PHP date() code "h" to "H".

While here, also switch to a clearer ISO 8601 date representation for "Last change", using dashes instead of slashes for separation of year, month and day. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3579 from SteveClement/2.4. [Steve Clement]

fix: [i18n] Variables are in no need to be translated, it will break stuff. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3578 from SteveClement/2.4. [Steve Clement]

upd: [i18n] Fixed easy missing __() - Upd: [i18n] Fixed easy missing __() [Steve Clement] - Merge pull request #3577 from SteveClement/2.4. [Steve Clement]

upd: [i18n] Update of default English PO template - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge pull request #3576 from SteveClement/2.4. [Steve Clement]

new: [i18n] Added German Translation (12%) - Merge pull request #3575 from SteveClement/2.4. [Steve Clement]

upd: [i18n] 100% Japanese translation. - Upd: [i18n] Update of default English PO template. [Steve Clement] - Upd: [i18n] 100% Japanese translation. [Steve Clement] - Merge pull request #3570 from Lastpixl/fix_attachments_dir. [Andras Iklody]

fix: use configured attachments_dir instead of app/files/ in ShadowAt… - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3560 from FloatingGhost/malware-to-s3. [Andras Iklody]

Use AWS S3 as an attachment storage - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3556 from mokaddem/fixUserStats. [Alexandre Dulaunoy]

fix: [usersStat] allow fetching json of statistics/users - Merge pull request #3555 from WaryWolf/change-password-permissions- fix. [Alexandre Dulaunoy]

Add a permission check to the change password page. - Add a permission check to the change password page. [Anthony Vaccaro]

The 'MISP.disableUserSelfManagement' config variable is checked when rendering the link to the change password page, but is not checked when rendering the page itself. This could lead to unauthorised password changes by users with existing accounts on the MISP instance. - Merge pull request #3553 from PaoloVecchi/patch-9. [Alexandre Dulaunoy]

Update EventsController.php - Update EventsController.php. [Paolo Vecchi]

Just a ) missing. - Merge pull request #3552 from PaoloVecchi/patch-7. [Alexandre Dulaunoy]

Update AttributesController.php - Update AttributesController.php. [Paolo Vecchi]

Just a couple of ')' missing in lines 2105 and 2263 - Merge pull request #3549 from PaoloVecchi/patch-7. [Alexandre Dulaunoy]

Update report_validation_issues_events.ctp - Update report_validation_issues_events.ctp. [Paolo Vecchi]

Speling mistake? 'V' of validation outside php tag. - Merge pull request #3550 from PaoloVecchi/patch-8. [Alexandre Dulaunoy]

Update index.ctp - Update index.ctp. [Paolo Vecchi]

Added space between 'events' and 'on' - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3547 from PaoloVecchi/patch-6. [Andras Iklody]

Update INSTALL.ubuntu1804.with.webmin.txt - Update INSTALL.ubuntu1804.with.webmin.txt. [Paolo Vecchi]

systemd sucks! ;-) - Merge pull request #3542 from PaoloVecchi/patch-5. [Andras Iklody]

Update INSTALL.ubuntu1804.with.webmin.txt - Update INSTALL.ubuntu1804.with.webmin.txt. [Paolo Vecchi]

Fixed a few small things - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge remote-tracking branch 'origin/2.4' into 2.4. [Christophe Vandeplas]

v2.4.94 (2018-08-09)

New

  • [PGP] Added fingerprint to /users/verifyGPG. [iglocska]
  • [internal] Streamlining of the push process. [iglocska]

  • rework of the internals

  • cleaner separation of concerns into more specialised functions
  • [internal] Simplication of the push functionality. [iglocska]
  • [API] rework of the attribute fetcher. [iglocska]

  • correctly handles attribute tags

  • performance improvements due to rework of the internal pagination
  • fixes to issues with too many hits on a tag search causing queries that are too long
  • [internal] subQueryGenerator changes. [iglocska]

  • fixed some issues that made it non-usable before

  • added possibility to run negations (NOT IN)
  • [internal] Added helper functions for tag lookups. [iglocska]
  • [CLI] Get the API key of a given user using the CLI. [iglocska]

  • simply run /var/www/MISP/app/Console/cake Admin getAuthkey [user_email]

  • Added table for user settings. [iglocska]
  • [eventGraph] added jpeg export. [Sami Mokaddem]
  • [eventGraph] added network preview feature. [Sami Mokaddem]
  • [eventGraph] SharingGraph: added skeleton of Model/Controller for saving and sharing the network among organisations (+ javascript interaction functions) [Sami Mokaddem]
  • [eventGraph] DOT Language export. [Sami Mokaddem]
  • [eventGraph] Skeleton of network history + capability to add custom row button in actionTable. [Sami Mokaddem]
  • [eventGraph] Briefly validate imported file + fix node position on drag. [Sami Mokaddem]
  • [eventGraph] Possibility to import/export (json) event graph. [Sami Mokaddem]
  • [js_helpers] empty cells and 2 widgets. [Sami Mokaddem]
  • [Statistics] Added a new tab to the statistics showing the user/organisation additions over the past month/year. [iglocska]
  • Add install docs. [Hannah Ward]
  • Add ability to log to elasticsearch. [Hannah Ward]
  • Add elasticsearch settings. [Hannah Ward]
  • [API] Check for malformed JSON requests. [iglocska]
  • [attackMatrix] possibility to pick multiple galaxy to attach to the event in at the event-level. [Sami Mokaddem]
  • [attackMatrix] contextual menu when clicking on a cell in the event ATT&CK matrix. [Sami Mokaddem]
  • [CLI] Added update commands for Taxonomies, Warning Lists, Notice Lists and Object Templates. [Steve Clement]
  • [sync] Improvements to the pull mechanism. [iglocska]

  • moved the blacklist event skipping to the negotiation phase

  • no longer need to pull and then discard events that have been blacklisted
  • solves issues with slow syncs when a lot of deletions were involved

  • also, moved the sync negotiation + event retrieval to UUID based lookups instead of ID

  • [internal] Added convenience function to get estimated row count for a table. [iglocska]
  • [API] Updated the timestmap handling in the restSearch APIs to use the new smart-system. [iglocska]
  • [internal] setTimestampConditions unified and improved. [iglocska]

  • no more separate codepath for setPublishTimestampConditions

  • accept shorthand time descriptions (1d, 5h, etc)
  • always accept single values or arrays with start/end times
  • [galaxies] Force update galaxies and update improvements in general. [iglocska]

  • passing /1 to the galaxy update function now forces updates on all clusters

  • performance improvements
  • [data model] Added support for monero - new type xmr. [iglocska]

  • soft validation

  • secondary validation with warnings for malformed addresses
  • supporting epic facial hair styles
  • [edit strategy API] To support a smoother integration with the Hive, new API that describes what the edit strategy is for an event. [iglocska]

  • GET on /events/getEditStrategy/[id]

    • where id can be either a local ID or a UUID
  • returns a JSON dictionary with the following fields:

    • strategy: edit | extend (edit if it's an own event, extend otherwise)
    • extensions: list of dictionaries with existing extensions created by the user's org (containing the id, uuid, info fields)
  • The algorithms implementing this should prioritise as such:

  • Check if user can edit the event (strategy == edit) - if yes, edit

  • If no, check if extensions exist - if yes, edit one of those
  • If no, create a new extension to the original event
  • [sync] Added flag to avoid using the proxy. [iglocska]

  • in some cases you have internal sync between instances in which case going through the proxy is silly

  • [Session handling] Force certain session values to fix existing issues with misconfigured instances. [iglocska]
  • [Session handling] Added checkAgent toggle. [iglocska]
  • [API] Added unsafe URL parameter to authenticate users. [iglocska]

  • for legacy tools that cannot pass headers in HTTP requests for some insane reason

  • Needs to be enabled by a site admin - default is that it is disabled
  • MISP's diagnostic tool WILL complain if this is ever enabled

Changes

  • [release] Version bump. [iglocska]
  • [internal] Refactor of the pull function. [iglocska]

  • the various event ID list collection methods are now decided in an external function

  • [cleanup] Removed the 2.3 -> 2.4 upgrade. [iglocska]

  • in case you are reading this and wondering why it's gone:

    • 2.4 came out in 2014
    • If you are still running that version, just upgrade to any prior 2.4 and then upgrade from that version on
    • Also hope that no one will ever find this message relevant, 3+ year old software is just bad.
  • [cleanup] Cleanup of the server settings reader. [iglocska]

  • split into more readable functions

  • [internal] Rework of the emailing. [iglocska]

  • extracted the encryption functions out from the main e-mailing function

  • simplification of the code in several places
  • [cleanup] removed pointless TODOs. [iglocska]
  • [cleanup] Removed duplicate capture field definitions. [iglocska]
  • [cleanup] removed duplicate branching code to set module setting defaults. [iglocska]
  • [internal] moved socket / request creation to appmodel. [iglocska]
  • [PyMISP] updated to the latest version of describeTypes. [Alexandre Dulaunoy]
  • [except] Closed the brackets correctly on the throw except. [Steve Clement]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [internal] instead of replicating the event level distribution rules, the attribute model now inherits the event code. [iglocska]
  • [internal] Opened the buildConditions code up to other models. [iglocska]
  • [cleanup] Removed duplicate httpsocket setups. [iglocska]
  • [refactor] Unified event conditions creation. [iglocska]
  • [cleanup] removed duplicate logging code. [iglocska]
  • [cleanup] added function to check for prio worker's existance in Event.php. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [documenation] Added CLI documentation for the getAuthkey tool. [iglocska]
  • [PyMISP] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [i18n] update from crowdin, French (13%) Danish (43%) Italian (25%) Japanese (86%) Korean (2%) Portuguese (6%) Spanish (1%) [Steve Clement]
  • [csv] added the object_relation field to the CSV export. [iglocska]
  • [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [stix2 import] Preparation for the upcoming changes on stix2 files to import due to the multi export. [chrisr3d]
  • [form] Give change Password field focus. [Steve Clement]
  • [psr-2] Changed view files to space indentation instead of tabs. [iglocska]

  • sniff sniff

  • [CS] Changed to PSR-2. [iglocska]

  • to make contributions easier, adopted PSR-2

  • used php-cs-fixer to rework the style
  • sniff sniff Goodbye tab indentation
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [i18n] update default.pot to include all new strings. Updated cze/fra/ita/jpn/kor/PT_br new: [i18n] Spanish translation file. [Steve Clement]
  • [kali] small typo in git config. [Steve Clement]
  • [stix2 export] Updated Galaxies parsing. [chrisr3d]
  • [stix2 import] Importing pe object custom properties. [chrisr3d]

  • Following the last changes on stix2 export

  • [stix2 export] Exporting not mapped attributes from pe objects as custom properties. [chrisr3d]
  • [kali] redis on boot (for persistent setups) [Steve Clement]
  • [kali] added headers to vhost. More automation in rc.local. [Steve Clement]
  • [kali] added expect to make it work on kali-light. [Steve Clement]
  • [debian] Added profile change to take viper/cake into consideration. [Steve Clement]
  • [stix2 export] Updated galaxy types parsing (improvement + types added) [chrisr3d]
  • [stix2 export] Parsing Galaxies in attributes level. [chrisr3d]
  • [kali] disabled sleep, fixed database.php creation. [Steve Clement]
  • [kali] tpm module wants to be loaded before install rng-tools. [Steve Clement]
  • [kali] Fixed expect, finally, perms for viper fixed too. [Steve Clement]
  • [kali] make sure the tpm module is laoded for more rng. [Steve Clement]
  • [kali] use chpasswd to changes password non-interactively. [Steve Clement]
  • [kali] Shuffle final output. [Steve Clement]
  • [kali] Changed the way expect gets data. [Steve Clement]
  • [kali] Moved db connection blurb around, tried to fix EOF. [Steve Clement]
  • [kali] Checked for misp db presence, made misp.local a thing. [Steve Clement]
  • [kali] Drop user to non-root user. [Steve Clement]
  • [kali] Refactor script, everything runs as root now, but MISP user will be created. [Steve Clement]
  • [kali] Wrapped installer in function. [Steve Clement]
  • [kali] Prepared installer for running in a function. [Steve Clement]
  • [kali] Fixed if typo. [Steve Clement]
  • [doc] Kali script typo. [Steve Clement]
  • [doc] Added check for misp user if run twice… [Steve Clement]
  • [doc] Add bootstrap function for Kali. [Steve Clement]
  • [doc] Kali viper-web improvement. [Steve Clement]
  • [doc] More kali linux fixes. [Steve Clement]
  • [doc] Added mail2misp fixed some automation. [Steve Clement]
  • [doc] Debian tweaks and fix for misp-dashboard. [Steve Clement]
  • [i18n] updated fra/ita/jpn/pt new: [i18n] Added initial Czech translation. [Steve Clement]
  • [i18n] wrap stuff into __construct( [Steve Clement]
  • [i18n] More __(); [Steve Clement]
  • [i18n] Added more __()'s. [Steve Clement]
  • [i18n] typo. [Steve Clement]
  • [i18n] Added __('') where needed/missing. [Steve Clement]
  • [stix2 export] Preliminary changes to prepare a multi events stix2 export coming soon. [chrisr3d]
  • [eventGraph] refacto after comments from the Overmind. [Sami Mokaddem]
  • [appController] bumped query version. [Sami Mokaddem]
  • [eventGraph] removed useless comments and checks. [Sami Mokaddem]
  • [eventGraph] renaming EventNetworkHistory into simply EventGraph. [Sami Mokaddem]
  • [ACL] bumped to reflect networkHistory controller. [Sami Mokaddem]
  • [eventGraph] fixed img_preview size, catch keyboard inputs and removed useless function. [Sami Mokaddem]
  • [eventGraph] removed possibility to import eventGraph. [Sami Mokaddem]
  • [eventGraph] Usage of fetchEvent function, refacto + sorting on creation date + disabling button if user is not authorized to save/delete/.. the network. [Sami Mokaddem]
  • [eventGraph] only networkHistory user creator can delete its saved network. [Sami Mokaddem]
  • [eventGraph] implemented loading graph from the db. [Sami Mokaddem]
  • [eventGraph] Implemented saving/deleting feature. [Sami Mokaddem]
  • [eventGraph] rightCliking on the graph select undelying node. [Sami Mokaddem]

This allows faster contextualMenu operations - [eventGraph] better support of hidden event (possibility to show hidden item back latter on) [Sami Mokaddem] - Move elasticsearch to composer "suggest" [Hannah Ward] - [deps] There is no major difference between 2.1.0.17 and the dev version. [Steve Clement] - [kali] fix. [Steve Clement] - [kali] fix redis install. [Steve Clement] - [kali] misp-modules start on install. [Steve Clement] - [kali] added SSL, removed manual redis install. [Steve Clement] - [kali] skip dist-upgrade for time reasons. [Steve Clement] - [kali] Fixed perms at the end. [Steve Clement] - [doc] Adapted auto messages. [Steve Clement] - [doc] Updates to Debian guides, mostly cake automation new: [doc] Install doc/script for kali linux deployment. [Steve Clement] - [i18n] Latest jpn translation (94%), Latest French (10%) updated default.pot new: [i18n] Initial Italian translation (25%), Spanish (1%), Brazilian Portuguese (3%), Korean (1%) [Steve Clement] - [i18n] updated cake i18n extract --extract-core no --exclude Test,Vendor,Lib. [Steve Clement] - [CLI] Updated admin commands and added FIXMEs. [Steve Clement] - [misp-warninglists] updated to the latest version. [Alexandre Dulaunoy] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [doc] More updates on the debian install guides, small fix on OpenBSD. [Steve Clement] - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - [attackMatrix] UI improvement (contextual menu) [Sami Mokaddem] - [attackMatrix] UI improvements. [Sami Mokaddem] - [attackMatrix] support of quick tagging from the attackMatrix at event view level. [Sami Mokaddem] - [attackMatrix] improved CSS and positioning of the contextual menu. [Sami Mokaddem] - [CLI] updated noticelist response for no update needed. [iglocska] - [stix2 import] Set distribution values to the default ones. [chrisr3d] - [CLI] added force argument. [Steve Clement] - [travis] add PHP 7.2 tests. [Alexandre Dulaunoy] - [PyMISP] updated to latest version. [Alexandre Dulaunoy] - [stix2 import] Importing file objects attachments (malware-sample) [chrisr3d] - [stix2 export] Exporting file objects attachments (malware-sample) [chrisr3d] - [doc] Added $PATH_TO_MISP where necessary. [Steve Clement] - [doc] Further debian install guide automation. [Steve Clement] - [doc] regrouped all the apt install. [Steve Clement] - [doc] Debian 9/testing updates base MISP now fully working. [Steve Clement] - [doc] Merged changes from stable to testing. [Steve Clement] - [cleanup] Removed the deprecated GFI sandbox import. [iglocska]

  • Burn the heretic. Kill the mutant. Purge the unclean.
  • [stix2] added attachment encoding to the stix2 export. [iglocska]
  • Remove unused variable. [Raphaël Vinot]
  • [stix2 import] Importing email objects custom properties + improvement. [chrisr3d]
  • [doc] removed python2 deps. [Steve Clement]
  • [guide] More automation on install guide. [Steve Clement]
  • [refactor] Fixed an issue where too many events would cause a query too large for mysql to handle when querying /events/index via the API, fixes #3444. [iglocska]
  • Case insensitive sort of organisation list. [Dawid Czarnecki]
  • [internal] Don't try to convert shorthand time notations to timestamp if the data is already in timestamp format. [iglocska]
  • [CLI] Convert "false" and "true" for setSettings to 0 and 1 respectively, fixes #3408. [iglocska]
  • Add shebangs. [Raphaël Vinot]
  • Mispzmq -> python3.6. [Raphaël Vinot]
  • [stix2 import] Updated asn objects import to include custom properties. [chrisr3d]
  • [stix2 import] Variable name changed for more clarity with MISP objects property 'name' [chrisr3d]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [stix2 export] Exporting not mapped email object attributes as custom properties. [chrisr3d]
  • [stix2 export] Exporting not mapped asn attributes object as custom properties. [chrisr3d]
  • [UI] Cleaned up proposal correlations and unified attribute/proposal correlation view code. [iglocska]
  • [PyMISP] updated to latest version. [Alexandre Dulaunoy]
  • [PyMISP] released as 2.4.93. [Alexandre Dulaunoy]
  • [Session handling] Added some sane defaults to the session handler. [iglocska]
  • Move old install guides to a sub directory. Init submodules at the right place. [Raphaël Vinot]
  • [attackMatrix] Moved the submit button above the Cancel button. [Sami Mokaddem]

making the matrix's UI more consistent with the application's UI. - [stix2 import] Moved objects parsing dictionary into the main script. [chrisr3d]

  • In case wee need to call self in one of the functions called by the dictionary
  • [stix2 export] Little update on pe-section export as pattern. [chrisr3d]

  • Added a section index in the identification part of the pattern, to avoid confusions between each section

Fix

  • [stix1 import] Fixed journal entries parsing fails. [chrisr3d]
  • [stix1 import] Copy/paste error fixed. [chrisr3d]
  • [cleanup] Some more minor clean up. [chrisr3d]
  • [stix1 export] MISP objects parsing improvement. [chrisr3d]
  • [sync] Fixed an issue blocking the syncing of edits, fixes #3537. [iglocska]
  • [pgp] left of changes for the pgp printout. [iglocska]
  • [cleanup] Fixed libraries import copy/paste issues. [chrisr3d]
  • [stix2 import] Fixed quote error in a dictionary key. [chrisr3d]
  • [stix2 import] Fixed some STIX objects parsing, reading them as dict in order to avoid error on popping elements. [chrisr3d]
  • [stix2 import] Avoided try/catch-ing the loading function so we get the error if it fails. [chrisr3d]
  • [stix2 import] Removed obsolete parsing function & try/catch for custom objects. [chrisr3d]

  • With the 'allow_custom' parameter set to True, the parsing function works even with custom objects

  • [bug] Fixed e-mailing bug introduced during the refactoring. [iglocska]
  • [bug] Fixed several server settings related issues caused by the refactor. [iglocska]
  • [sync] typos fixed. [Andras Iklody]
  • [sync] Fixed buggy connection test. [iglocska]

  • refactor revealed that the sync user access on the remote was never correctly determined

  • fallback method that has since been removed for 2+ year old instances was always used due to the above issue
  • [internal] tightened authkey validation. [iglocska]
  • [cleanup] Invalid assignment in conditional cleaned up. [iglocska]
  • [cleanup] Cleaned up SMIME certificate validation. [iglocska]

  • merged the two functionalities we've had for it

  • [stix2 import] Importing attribute tags from labels. [chrisr3d]
  • [stix2 export] Added attribute tags in stix labels. [chrisr3d]
  • [stix2 export] Avoiding issues with empty data field in attributes. [chrisr3d]
  • [internal] removed massive duplicate lookup function. [iglocska]
  • [cleanup] removed empty if statement. [iglocska]
  • [internal] streamlining the worker removal logging. [iglocska]
  • [cleanup] Removed duplicate code. [iglocska]
  • [cleanup] Cleaned up exceptions types. [chrisr3d]
  • [cleanup] Cleaned up exceptions types, unnecessary else after return and multiple statements in single line. [chrisr3d]
  • [cleanup] Quick cleanup. [chrisr3d]
  • [cleanup] Cleaned up exceptions types, typechecks and other minor items. [chrisr3d]
  • [cleanup] Cleaned up libraries imports. [chrisr3d]
  • [cleanup] cleaned up the setup of httpsockets in the Server.php file. [iglocska]
  • [internal] removed duplicate logging code. [iglocska]
  • [cleanup] removed unneeded concat. [iglocska]
  • [internal] cleanup of some junk. [iglocska]
  • [internal] serveral unreachable breaks removed. [iglocska]
  • [internal] removed unreachable break. [iglocska]
  • [internal] Fixed invalid assignment. [iglocska]
  • [bug] Fixed cryptic ##COMMA## in error message. [iglocska]
  • [tests] CSV export. [Alexandre Dulaunoy]
  • [galaxies] Fixed same value across two namespaces causing issues. [iglocska]
  • [csv] escaped all string fields to fix some oddities. [iglocska]
  • [upgrade] fixed incorrect upgrade scripts. [iglocska]
  • [stix1 export] Removed try catch statements used before depending on the python version. [chrisr3d]

  • Useless now because of python3 forced

  • [stix1 export] Fixed missing namespace schema location + various code cleaning on framing. [chrisr3d]
  • [stix1 export] Removed not used libraries import on framing. [chrisr3d]
  • [stix2 import] Importing Galaxy Cluster uuid. [chrisr3d]
  • [stix2 import] Fixed missing field info, forgotten in the latest changes. [chrisr3d]
  • [stix2 import] Skipping relationships atm to avoid errors. [chrisr3d]

  • Relationships parsing to come later

  • [cleanup] Cleanup of accidental inclusion of a feature in progress. [iglocska]
  • [API] don't allow the same event tag to be added multiple times via an /events/add call, fixes #3507. [iglocska]
  • [data model] Preparation for some taxonomy improvements. [iglocska]
  • [stix1 export] Fixed indentation. [chrisr3d]
  • [stix2 import] Improved file reading in loading function. [chrisr3d]
  • [stix2 export] Fixed missing variable assignment. [chrisr3d]
  • [install] Changed the install instructions to use CLI commands... [Andras Iklody]

...instead of updating config.php. The latter can be dangerous if typos pop-up. - [API] set attribute distribution if it isn't set in the capture attribute call. [iglocska]

  • should have worked via the beforevalidate() but it didn't
  • ah well
  • [delegation] Attribute tags and objects were not transfered during delegation, fixes #3495. [iglocska]

  • The delegation system hasn't been updated since the introduction to the new systems

  • new objects being transferred: objects, attribute tags, object references
  • [stix2 import] Fixed relationship import. [chrisr3d]

  • Skipping it at the moment

  • Will have to rebuild a large part of the import functions to include relationships after the export part is reworked completely
  • [stix2 import] Fixed vulnerability import, following the last changes on export part. [chrisr3d]
  • [stix2 export] Fixed vulnerability export. [chrisr3d]

  • depending on the origin of the object exported: attribute/object or galaxy

  • [bug] Fixed an invalid count() call on the taxonomies index. [iglocska]
  • [i18n] Made PO importable into crowdin. [Steve Clement]
  • [stix2 export] Fixed relationships mapping typo. [chrisr3d]
  • [stix2 export] Watching if a cluster uuid has already been added to be exported instead of a galaxy uuid. [chrisr3d]
  • [stix2 export] Allowed custom properties for all Indicators/ObservedData from MISP objects export. [chrisr3d]
  • [stix2 export] Fixed regkey|value attribute export. [chrisr3d]
  • [stix2 export] Exporting not mapped attributes of regkey objects as custom properties. [chrisr3d]
  • [API] Attribute edit via uuid fails as non site admin, fixes #3487. [iglocska]
  • [AppModel] re-apply the eventGraph SQL query. [Sami Mokaddem]
  • [AppModel] added missing comma in SQL update query. [Sami Mokaddem]
  • [doc] added sudo verification to guide. [Steve Clement]
  • [doc] added sudo verification to guides. [Steve Clement]
  • [eventGraph] export now works on firefox. [Sami Mokaddem]
  • [i18n] Indentation. [Steve Clement]
  • [i18n] added missing %s. [Steve Clement]
  • [i18n] added missing echo. [Steve Clement]
  • [i18n] Typos and __('Fixes') [Steve Clement]
  • [stix2 export] Fixed failing condition on filename|hash composite attribute. [chrisr3d]
  • [eventGraph] removed 'import' label from the contextual header button. [Sami Mokaddem]
  • [actionTable] correctly delete row based on id or position + correctly handle row_action options. [Sami Mokaddem]
  • [mispJS] updated submitDeletion to match the new eventGraph history name. [Sami Mokaddem]
  • [eventGraph] fix validation and Model class name. [Sami Mokaddem]
  • [eventGraph] fixed conditions about determining if loaded graph is the latest version. [Sami Mokaddem]
  • [eventGraph] catch empty node selection if no underlying node is there. [Sami Mokaddem]
  • [eventGraph] Object get correct color when exporting in DOT Language. [Sami Mokaddem]
  • [eventGraph] typo in eventId compatibility validation. [Sami Mokaddem]
  • [eventGraph] swapped function call to hide expanded objectAttribute. [Sami Mokaddem]
  • [eventGraph] canvas menu (right-click) is shown at the correct position. [Sami Mokaddem]
  • [stix2 import] Fixed custom properties parsing following the last changes on x509 object export. [chrisr3d]
  • [python3] Updated script to python3 only. [iglocska]
  • [python3] Missed python3 call instead of python. [iglocska]
  • [i18n] Added default language. [iglocska]
  • One final indentation re-align. [Hannah Ward]
  • Make indentation line up. [Hannah Ward]
  • Use spaces entirely. [Hannah Ward]
  • Indentation on ES client. [Hannah Ward]
  • [stix2 export] Fixed malware-sample data export as pattern. [chrisr3d]
  • [update] checkout the last checked in version of composer.json before attempting a pull. [iglocska]
  • [zmq] Fixed execution of the ZMQ start/stop commands still being python 2. [iglocska]
  • Because people use old python. [Raphaël Vinot]

Should fix #3475 - [kali] Fix RAW URL. [Steve Clement] - [freetext] parser was detecting any number as a phone number, fixes #3469. [iglocska]

  • new requirement: must start with + or contain a -
  • [settings] Make travis happy. [iglocska]
  • [settings] Attempted fix to appease Travis. [iglocska]
  • [CLI] mixup corrected. [Andras Iklody]
  • [settings] Default setting for the attachments directory fixed. [iglocska]
  • Export events csv with CR (fix #3458) [kalyparker]

Export using automation functionnality for ids does not clean the special char like CRLF. When there is a carriage return in the event info, the csv is broken. - [attackMatrix] pressing ESC dismiss the matrix popup. [Sami Mokaddem] - [sti2 import] Fixed pe-extension parsing. [chrisr3d] - [stix2 import] Including import of custom properties for pe & pe- section objects. [chrisr3d] - [stix2 export] Fixed file object references with its contained data object. [chrisr3d] - [stix2 export] Fixed File PE Binary extension. [chrisr3d] - [sti2 import] Fixed import of some attributes that can contain data. [chrisr3d] - [stix2 import] Removed try catch on adding attribute to event. [chrisr3d] - [UI] Fixed the sighting buttons being (non-functionally) available to read only users. [iglocska] - [API] Removed unused optional field from the organisation API descriptions. [iglocska] - [feed] Invalid lookup when editing events via MISP feeds throws notice error, fixes #3366. [iglocska] - [stix2 export] Fixed parsing of some attributes which can contain data. [chrisr3d] - Fix: [stix2 export] Removed ip @ type parsing function duplication. [chrisr3d] - [CLI] Update noticelists correctly passes the user data. [Andras Iklody] - [PyMISP] updated to the latest version. [Alexandre Dulaunoy] - [performance] Changed regex clean all function to work in a chunked fashion. [iglocska] - [cleanup] Removed duplicate line, fixes #3448. [iglocska] - [python version] changed generate_file_objects.py's execution to python3. [iglocska] - [cleanup] Reverted lax baseurl validation. [iglocska] - [sync] pull giving some weird messages when an event is blocked by blacklists. [iglocska]

  • don't warn about failed pulls when the reason is a local blocking of the event.

  • future improvements: remove the blocked events during the negotiation phase

  • [adminTools] undeclared variable removal. [Steve Clement]
  • [stix2 import] Fixed email object import (screenshot & eml attributes) [chrisr3d]

  • Same comments as previous commit for export

  • Also moved parsing functions in subject into the main script to avoid importing python libraries in the dictionaries script
  • [stix2 export] Fixed email object export (screenshot & eml attributes) [chrisr3d]

  • Both of these attributes should not be exported as part the email body

  • Thus: custom property
  • [stix2 import] Improved network socket observable object parsing loop. [chrisr3d]
  • [stix2 import] Removed print. [chrisr3d]
  • [stix2 import] Fixed Custom Object type parsing. [chrisr3d]

  • Unlike usual STIX2 objects, Custom Objects do not have their own type. They are dict and have thus no callable attributes

  • [stix2 export] Fixed custom object type. [chrisr3d]

  • Custom Object type cannot accept capital letters

  • [stix2 import] Fixed pattern parsing following the lastupdate on pattern export. [chrisr3d]
  • [stix2 export] Fixed pattern apostrophes typo. [chrisr3d]
  • [stix2 export] Fixed export of email attachment, eml & screenshot. [chrisr3d]
  • Decode redis in ZMQ. [Steve Clement]
  • [zmq] Backwards compatbility with python 3.4. [Steve Clement]
  • [cleanup] removed obsolete code. [iglocska]
  • [galaxies] Force galaxy update now correctly updates the galaxy itself, not just the contents. [iglocska]
  • [bug] Fixed route to /regexp/admin_index. [iglocska]
  • [galaxy] Further fixes with the saving of the galaxy update data. [iglocska]
  • [bug] Removed unused field from galaxy update. [iglocska]
  • [UI] added galaxy force update to the side menu. [iglocska]
  • Compatibility with python 3.4. [Raphaël Vinot]
  • Set shebangs, cleanup. [Raphaël Vinot]
  • [stix2 import] Removed shitty looping test. [chrisr3d]
  • [stix2 import] Fixed asn object pattern keys. [chrisr3d]
  • [stix2 import] Fixed stix2 'parse' function (from library) parameters. [chrisr3d]
  • [stix2 import] if statement typo. [chrisr3d]
  • [API] Fixed object view API. [iglocska]
  • [UI] fixed typo causing exceptions in the att&ck add function, fixes #3426. [iglocska]
  • [bug] Potential fix for SQL return size limit reached when fetching a list of attributes. [iglocska]
  • [stix2 export] Fixed parameter called while mapping object names. [chrisr3d]
  • [Session handling] Make sure that the autoregenerate setting changes are actually saved. [iglocska]
  • [update] recursively init and update submodules. [Andras Iklody]
  • [attackMatrix] Better popup position for small screen. [Sami Mokaddem]

Dynamically change popup position and placement for smaller screen, forcing that each cell have a minimum width and that the window is scrollable to reveal the remaining of the popup. - [attackMatrix] No longer set the modal position to fixed when the viewport is small. [Sami Mokaddem]

Under a viewport of 1400px, the modal's position is set to absolute alowing the user to use the scrollbar for navigation. - [stix2 import] Fixed object name while importing file with pe & sections. [chrisr3d] - [stix2 export] Fixed observable object of File with PE extension. [chrisr3d] - [stix2 export] Quick fix of issues on files related to PEs. [chrisr3d] - [CSRF] Don't run the CSRF form protection on the attribute search. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3535 from PaoloVecchi/patch-4. [Andras Iklody]

INSTALL.ubuntu18.04.01.with.webmin.txt - INSTALL.ubuntu18.04.01.with.webmin.txt. [Paolo Vecchi]

Added Virtualmin install and repository update for mariadb - Merge pull request #3536 from StefanKelm/2.4. [Andras Iklody]

Default sort order for Id and Date - Update proposal_event_index.ctp. [StefanKelm] - Default sort order for ID and Date: desc. [StefanKelm] - Default sort order for timesamps: desc. [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Fixes missing hostname|port in network activity mapping. [Christophe Vandeplas]

The hostname|port has default category "Network Activity" , but was not allowed by the mapping. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3526 from SteveClement/2.4. [Steve Clement]

chg: [typo] Minor typo - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3520 from ater49/patch-5. [Alexandre Dulaunoy]

Update of french translation - Update default.po. [ater49]

Adding some translations - Merge pull request #3517 from RichieB2B/ncsc-nl/stix-orgname. [Christian Studer]

Use original orgname at stix-header:title - Use original orgname at stix-header:title. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3515 from SteveClement/2.4. [Steve Clement]

chg: [i18n] update from crowdin, French (13%) Danish (43%) Italian (25%) Japanese (86%) Korean (2%) Portuguese (6%) Spanish (1%) - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3512 from ater49/patch-3. [Alexandre Dulaunoy]

Update default.po - Update default.po. [ater49] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3510 from ater49/patch-1. [Andras Iklody]

Update default.po - Update default.po. [ater49] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3502 from SteveClement/2.4. [Andras Iklody]

chg: [form] Give change Password field focus. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3500 from SteveClement/2.4. [Steve Clement]

chg: [i18n] update default.pot to include all new strings - Merge pull request #3499 from SteveClement/2.4. [Steve Clement]

fix: [i18n] Made PO importable into crowdin. - Merge pull request #3498 from eCrimeLabs/2.4. [Andras Iklody]

Fix related to Concerns PR #3492 - Fix related to Concerns PR #3492. [Dennis Rand] - Merge pull request #3493 from SteveClement/guides. [Steve Clement]

chg: [kali] small typo in git config - Add: [stix2 export] Added relationships between SDOs. [chrisr3d]

  • Mostly relationships defined by the official STIX2.0 Relationships Mapping
  • Further changes on relationships to come
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3492 from eCrimeLabs/2.4. [Andras Iklody]

Danish translation attempt. It does miss some changes but it should b… - Danish translation attempt. It does miss some changes but it should be a good start. [Dennis Rand] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3490 from SteveClement/guides. [Steve Clement]

chg: [kali] redis on boot (for persistent setups) - Merge pull request #3489 from SteveClement/guides. [Steve Clement]

chg: [kali] added headers to vhost. More automation in rc.local - Merge pull request #3488 from SteveClement/guides. [Steve Clement]

chg: [doc] Various updates to Debian and Kali Linux install files. - Merge branch '2.4' into guides. [Steve Clement] - Merge pull request #3486 from mokaddem/fix-eventGraphDBUpdate. [Andras Iklody]

Fix event graph db update - Merge branch '2.4' into guides. [Steve Clement] - Merge pull request #3483 from SteveClement/2.4. [Andras Iklody]

chg: [i18n] Added a lot of __('s for our i18n effort - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3449 from mokaddem/sharingGraph. [Andras Iklody]

EventGraph history - Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into sharingGraph. [Sami Mokaddem] - Add: [stix2 export] Exporting not mapped attributes from x509 object as custom properties. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3479 from FloatingGhost/feature-send-logs-to- elasticsearch. [Andras Iklody] - Merge pull request #2890 from truckydev/patch-7. [Steve Clement]

new: [i18n] Create cake_dev.pot for FR_fr - Update cake_dev.po. [truckydev] - Remane pot to po. [truckydev] - Create cake_dev.pot. [truckydev] - Merge pull request #3478 from SteveClement/2.4. [Steve Clement]

chg: [deps] Set the correct and working version of Cybox in diagnostics - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - [stix2 export] Slight data field reading improvement. [chrisr3d] - [stix2 export] Clarified galaxies condition test parsing. [chrisr3d] - [stix2 export] Ip-port object export improvement. [chrisr3d] - Merge pull request #3474 from SteveClement/2.4. [Steve Clement]

new: [kali] Added initial kali linux script that can install a MISP instance with "one click" - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3471 from SteveClement/2.4. [Steve Clement]

chg: [i18n] added and updated various LOCALE files - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3470 from SteveClement/2.4. [Steve Clement]

chg: [doc] Debian guides updated - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3462 from SteveClement/2.4. [Steve Clement]

chg: [CLI] update/WarningLists/NoticeLists/ObjectTemplates/Galaxies to Admin CLI - Merge pull request #2 from iglocska/patch-2. [Steve Clement]

fix: [CLI] mixup corrected - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge pull request #3461 from mokaddem/update/attackMatrix. [Andras Iklody]

new: [attackMatrix] possibility to pick multiple galaxies (event-level) - Merge remote-tracking branch 'upstream/2.4' into update/attackMatrix. [Sami Mokaddem] - Merge pull request #3460 from kalyparker/fix-export-events-csv. [Andras Iklody]

fix: export events csv with CR (fix #3458) - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3455 from mokaddem/update/attackMatrix. [Andras Iklody]

Update/attack matrix - Merge remote-tracking branch 'upstream/2.4' into update/attackMatrix. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3457 from StefanKelm/2.4. [Andras Iklody]

Sod the bloody typos - Typo. [StefanKelm] - Add: [stix2 import] Importing email-attachment attributes. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix2 export] Exporting email-attachment attributes. [chrisr3d] - Merge pull request #1 from iglocska/patch-1. [Steve Clement]

fix: [CLI] Update noticelists correctly passes the user data - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3447 from SteveClement/2.4. [Steve Clement]

chg: [doc] debian testing/stable install guide updates - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3445 from SteveClement/2.4. [Steve Clement]

chg: [doc] debian install guide updates - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge pull request #3443 from SteveClement/2.4. [Steve Clement]

fix: [ZMQ] support for all python versions - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3436 from SteveClement/2.4. [Steve Clement]

Re-work of the Debian Install Guide - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - - Quick command to update galaxies. [Steve Clement] - - Final merge, 90% in line. - More automation - ToDo: Seperate optional features from the essential. [Steve Clement] - - Merged more changes from both files. [Steve Clement] - - Merge debian-stable and debian-testing instructions. [Steve Clement] - - Added env variables to make the install less painful when it comes to variables - Remove apache2.2 instructions, 2.4 is default - Add some automation to do replacements in php.ini. [Steve Clement] - - Added things that do not work. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3439 from dawid-czarnecki/2.4. [Andras Iklody]

chg: Case insensitive sort of organisation list - Merge pull request #3433 from 0xtf/patch-1. [Andras Iklody]

Change 16.04 reference to 18.04 on install guide - Change 16.04 reference to 18.04. [Tiago Faria] - Merge pull request #3435 from SteveClement/2.4. [Andras Iklody]

OpenBSD and FreeBSD Install instructions updated - - More instructions on OpenBSD Install. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - - A more working FreeBSD Install Instruction. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3432 from dak-csis/patch-1. [Andras Iklody]

Fix php blank page on Debian 9 and Ubuntu 16.04 - Update misp. [Daniel Akulenok] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3405 from Rafiot/ditchpy2. [Andras Iklody]

Arbitrary move to python3.6 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3427 from StefanKelm/2.4. [Andras Iklody]

Change --force to --recursive in update/upgrade documentation - Change --force to --recursive. [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch 'attributeFetcherFix' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3417 from SteveClement/2.4. [Steve Clement]

Added initial internationalization for: French (6%), Japanese (21%) Updated FreeBSD and added OpenBSD Install document (🚧-pre-alpha) - - Rudimentary support for apache2, login works. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - - Partially works, again, but still CSS issues. [Steve Clement] - - FreeBSD OpenBSD install updates. [Steve Clement] - - Initial OpenBSD install procedure, based on httpd. [Steve Clement] - - Added initial internationalization for: French (6%), Japanese (21%) -- Please support our translation teams: https://crowdin.com/project/misp -- Other Languages in progress: Italian (9%), Korean (1%), Portuguese (1%) [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Update core.default.php. [Steve Clement]

flipped 'autoRegenerate' sessions. This setting wants to be off for production machines. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3410 from mokaddem/attackMatrixLayout. [Alexandre Dulaunoy]

Attack matrix layout - Merge remote-tracking branch 'upstream/2.4' into attackMatrixLayout. [Sami Mokaddem] - Merge pull request #3382 from MISP/Rafiot-patch-1. [Alexandre Dulaunoy]

Simplify the wording in the warning. - Improvement. [Raphaël Vinot] - Simplify the wording in the warning. [Raphaël Vinot] - Merge pull request #3399 from StefanKelm/2.4. [Andras Iklody]

Default sort order for timestamp in attribute view - Default sort order for timestamp: desc. [StefanKelm] - Add: [stix2 import] Importing files with pe & pe_sections objects. [chrisr3d] - [stix2 import] Improved file observable object parsing. [chrisr3d]

v2.4.93 (2018-06-27)

New

  • [attackMatrix] Skeleton of multiple galaxy picking. [Sami Mokaddem]
  • [stix2 export] Starting exporting PE binary files. [chrisr3d]

→ file, pe & pe-section objects linked with references - [CLI] Added CLI tool to downgrade DB version. [iglocska] - [i18n] Added tools to switch between languages via the server settings. [iglocska] - [attackMatrix] Also consider attack galaxy at event level in the heatmap fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendTool. [Sami Mokaddem] - [attackMatrix] added instance UUID in rest response. [Sami Mokaddem] - [attackMatrix] statistic about attack tags used in the instance chg: [attackMatrix] moved functions in to model and matrix view into elements. [Sami Mokaddem] - [attackMatrix] Possibility to highlight cell matching the typeahead field's value. [Sami Mokaddem] - [AttackMatrix] added Mobile/Pre-Attack Matrix support, UI improvements and code refacto. [Sami Mokaddem] - [GalaxyPicking] Choose the galaxy namespace first before showing related galaxies. [Sami Mokaddem] - [attackMatrix] Ability to attach Mitre att&ck galaxy from the matrix. [Sami Mokaddem] - [attackMatrix] legend scale of the heatmap with dynamic updates. [Sami Mokaddem] - [attackMatrix] force kill chaine header order. [Sami Mokaddem] - [attackMatrix] addition of heatmap on tiles depending on occurence of the tag. [Sami Mokaddem] - Initial skeleton of Mitre attack matrix. [Sami Mokaddem] - [internal] Added convenience method to find the ID of an SG via it's UUID. [iglocska] - [functionality] Kick user out if the session is expired instead of only doing it on a page load. [iglocska] - [UI/UX] Event lock initial version. [iglocska]

  • Show if another user is editing the event you're viewing (same org only)
  • Add email field autofocus on login page. [Dawid Czarnecki]
  • Added event lock functionality. [iglocska]
  • Added event lock table. [iglocska]

  • also added missing permission for ZMQ publisher role

  • Add schema for feed-metadata. [Raphaël Vinot]

Changes

  • [version] Version bump. [iglocska]
  • [misp-galaxy] updated to the latest version (including CFR test) [Alexandre Dulaunoy]
  • [stix1 import] Improved parameters. [chrisr3d]
  • [attackMatrix] removed forgotten debug cmd. [Sami Mokaddem]
  • [attackMatrix] Definitively removed typeahead + code cleanup. [Sami Mokaddem]
  • [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-warninglists] updatd to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [attackMatrix] ATT&CK Tactic is put at the top when picking galaxies and is shown in All namespace mode. [Sami Mokaddem]
  • [diagnostics] Make the STIX diagnostics a bit less cryptic. [iglocska]
  • [API] Changed the default exportable setting for tags that don't contain the field pushed via the API to true. [iglocska]
  • [clarity] Made the file path validationfailing more obvious when adding local feeds. [iglocska]

  • Warning to catch issues that arise due to Steve's fat fingers

  • [stix1 import] Updated message diplayed in case of import error. [chrisr3d]
  • [stix1 import] Properly catching loading errors and returning the corresponding output value. [chrisr3d]
  • [stix1 import] Changed relationship for the header of a pe. [chrisr3d]

  • atm better mapping in export for event imported with this change

  • may change if we decide to create something new to represent headers separately
  • [i18n] Updated pot files. [iglocska]
  • [i18n] Made the strings more i18n friendly across the application. [iglocska]
  • [attackMatrix] added some comments. [Sami Mokaddem]
  • [attackMatrix] Support of JS for interaction in the statistics page. [Sami Mokaddem]
  • [attackMatrix] removed console logging. [Sami Mokaddem]
  • [attackMatrix] Restrict view to be ajax only. [Sami Mokaddem]
  • [attackMatrix] search capabilities and table auto resize. [Sami Mokaddem]
  • [attackMatrix] UI improvement. [Sami Mokaddem]
  • [misp-object] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [travis] setuptools need to be updated too. [Alexandre Dulaunoy]
  • [travis] sudo because Travis said so... [Alexandre Dulaunoy]
  • [travis] Sami influenced me by adding random numerical value at the end of Python packages. [Alexandre Dulaunoy]
  • [travis] self update of pip3 to update pip3. [Alexandre Dulaunoy]
  • [tests] stix 1.2.0.6 python requirements updated. [Alexandre Dulaunoy]
  • [favicon] Changed the favicon. [Sami Mokaddem]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [version bump] querystring bumped. [iglocska]
  • [Diagnostic View] Updated Diagnostic View for STIX1 related python libraries. [chrisr3d]
  • [misp-object] updated to the latest version. [Alexandre Dulaunoy]
  • Add enums in feed-metadata schema. [Raphaël Vinot]

Fix

  • [stix1 import] Fixed Monkey typo. [chrisr3d]
  • [stix1 import] Fixed missing self call. [chrisr3d]
  • [bug] Typo in the event before validate hook. [Andras Iklody]

As pointed out by @To-om - [sync] Fix to the attribute level filters not being applied correctly on a full push. [iglocska]

  • Found during the investigation of #3378
  • [stix1 export] Fixed MISP objects export. [chrisr3d]

  • handle the case when there is no pe & pe-section objects

  • 'resolve_objects2parse' should then be optional considering this case
  • Bump query_version and updated queryACL. [Sami Mokaddem]
  • [attackMatrix] only return the result for the last attached galaxy. [Sami Mokaddem]

If a galaxy is already attached, just skip the message. (The return value is a string, we don't want to compare the string value for each galaxy to be attached) - [attackMatrix] Multiple galaxy attach operations are now support at attribute level. [Sami Mokaddem]

Previsouly, only 1 INSERT INTO command was executed, the others were UPDATE commands - [UI] fixed Event lock breaking the restoration of soft deleted attributes. [iglocska] - Correlation popup format. [iglocska] - Left off view file. [iglocska] - [UI] Fixed a bug with galaxies not being addable. [iglocska] - Fixed an issue where tags couldn't be added anymore since the last commit. [iglocska] - [API] tag capture fixed on newly created objects via the API, fixes MISP/PyMISP#236. [iglocska] - [stix diagnostic] Returning the correct 'success' value in case of error with maec. [chrisr3d] - 🔒 Brute force protection can be bypased with a PUT request. [iglocska]

  • fixes an issue where brute forcing the login would work by using PUT requests
  • as reported by Silver Saks from CCDCOE
  • [stix1 export] Fixed pe & pe-section export when the header is not distinct from the other sections. [chrisr3d]
  • Fixed a bug where users couldn't add galaxies after paginating/filtering on event attributes. [iglocska]
  • Fixed broken correlation toggle on the event view. [iglocska]
  • [stix1 import] Fixed indent that imported some objects split. [chrisr3d]
  • [sync] pull not working due to invalid lookup against galaxies. [iglocska]
  • [error messages] made some of the error messages a bit more uniform. [iglocska]
  • [upgrade] Made an older upgrade script more friendly towards MySQL. [iglocska]
  • [galaxies] Fixed query causing MYSQL errors due to group by not containing a silently loaded field. [iglocska]
  • Don't require API users to acept the terms / change password to get going. [iglocska]

  • to get the API key they need to log in anyway via the interface

  • Use common code-path for user init via the login page and the CLI. [iglocska]

  • also, be consistent with initial settings

  • [setup] Brought MYSQL.sql up to date, fixes #3357, fixes #3358. [iglocska]
  • [stix1 import] Started fixing to_ids flags for imported attributes/objects. [chrisr3d]
  • [Cortex] fixed Cortex auth issue. [Andras Iklody]
  • [attackMatrix] prevent trowing an error if mitre attack galaxy is not there. [Sami Mokaddem]
  • [attackMatrix] added aggressive sanitization (just to be sure) [Sami Mokaddem]
  • [attackMatrix] added missing entries in ACL component. [Sami Mokaddem]
  • [attackMatrix] Prevent hovering listener to overwrite each other. [Sami Mokaddem]
  • [attackMatrix] prevent multiple listener on matrix widgets. [Sami Mokaddem]
  • [attackMatrix] cluster ATT&CK Tactic is shown in Mitre namespace only. [Sami Mokaddem]
  • [AttackMatrix] picking Att&ck tactic correctly redirect on the matrix. [Sami Mokaddem]
  • [eventView] Hide galaxy tags after search. [Sami Mokaddem]
  • [travis] update to the latest version of requests. [Alexandre Dulaunoy]
  • [Docs] some install guide clarifications. [Andras Iklody]
  • [bug] fixed version comparison for old vs new db versions. [iglocska]
  • [UI] Event lock message update eating flash messages fixed. [iglocska]
  • [SG/sync] fixed an issue where if a sync user was not allowed to modify a sharing group, it also couldn't create events with said SG attached. [iglocska]

  • correctly capture the sharing group, without still being able to modify it, but to extract the ID and link it to the event to be created

  • [stix2 export] Fixed attribute value type issue with AS numbers. [chrisr3d]
  • [stix1 export] Fixed AS attribute value export. [chrisr3d]

  • 'number' field in STIX object side if the value is only digits

  • 'handle' if it starts with 'AS'
    • same parsing as the one recently pushed for STIX2 regarding 'value' and 'comment' fields on MISP side
  • [stix2 export] Checking AS attributes value. [chrisr3d]

  • Because it went out that some people sometimes put the AS value in comment and an ip address as value

  • Fixed the annoying getcorrelation errors in the logs if someone has the jobs index open and times out, fixes #3339. [iglocska]
  • [UI] Preserve settings on events add form if anything goes wrong with the validation. [iglocska]
  • [UI] Fixed default value of threat level id. [iglocska]
  • [sg bug] Fixed a bug where a user that should be allowed to extend a sharing group is blocked if they are also a sync user. [iglocska]

  • conditions requires that the sharing group has been synchronised from a remote by a different sync user

  • [bug] Fixed a copy pasta fail preventing the adding of galaxies. [iglocska]
  • [stix2 export] Fixed regkey observable creation. [chrisr3d]
  • [stix2 export] Fixed network socket observable creation. [chrisr3d]
  • [stix2 export] Fixing issues due to the oddity of some enumeration lists for observable objects. [chrisr3d]
  • [stix2 export] Fixed pattern of protocol value in network socket object creation. [chrisr3d]
  • Don't throw users out if debug is enabled with the new check. [iglocska]
  • [bug] Endless loop when terms are not accepted / password not reset fixed, fixes #3336. [iglocska]
  • Fixed premission on a view level for add tags. [iglocska]
  • Fixed permission check for adding tags to an event. [iglocska]
  • [ACL] added new functions to the ACL. [iglocska]
  • [bug] invalid function call for the event lock via the objects controller. [iglocska]
  • [extended events] Correctly handle event extensions via event ID instead of UUID, fixes #3332. [iglocska]
  • [stix1 export] Fixed some credential object attributes export. [chrisr3d]

Following the latest update on the import part which include credential objects import, and in order to avoid duplicate attribute export and create authentication STIX Objects more properly: - Parsing authentication type to avoid as much as possible to associate passwords with not relevant authentication types. - If only one authentication type -> distributing it to all the passwords (as well as it is the case for the authentication format). - Added impfuzzy validation. [iglocska] - [Diagnostic] Fixed typo in python libraries testing. [chrisr3d] - Made sure that object edit buttons are only visible to those that can edit them. [iglocska]

  • also, some cleanup in the code to make it more readable
  • [EventView] Still allows object edition event if the event hasn't been published. [Sami Mokaddem]

Other

  • Add: [stix1 import] Parsing x509 raw certificate in x509 object. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3384 from MISP/Rafiot-patch-2. [Alexandre Dulaunoy]

Makes more sense. - Makes more sense. [Raphaël Vinot] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix1 import] Added default distribution values in events imported. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3372 from mokaddem/attackMatrix. [Andras Iklody]

Multiple pick in ATT&CK matrix - Merge branch '2.4' of https://github.com/MISP/MISP into attackMatrix. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - [stix2 export] Improved x509 attributes parsing. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3368 from mokaddem/attackMatrix. [Alexandre Dulaunoy]

ATT&CK Tactic Matrix at the top! - Merge branch '2.4' of https://github.com/MISP/MISP into attackMatrix. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3367 from SteveClement/2.4. [Steve Clement]

Various updates to INSTALL instructions - - remove dupe python3-pip from apt install. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - - Added more automation to install procedure. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix1 export] Exporting pe with its section and the related file. [chrisr3d]

  • → WinExecutableFileObject
  • next to the generic loop parsing all objects because of the relations between file, pe, and pe-section that should be parsed
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch 'set_db_version' into 2.4. [iglocska]
  • Merge pull request #3355 from StefanKelm/2.4. [Andras Iklody]

Typos within Event graph view - Update event-graph.js. [StefanKelm] - Typos... [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3352 from axpatito/patch-1. [Andras Iklody]

Update INSTALL.rhel7.txt - Update INSTALL.rhel7.txt. [axpatito] - Merge pull request #3350 from mokaddem/attack. [Alexandre Dulaunoy]

Attack - Merge remote-tracking branch 'upstream/2.4' into attack. [Sami Mokaddem] - Merge pull request #3347 from mokaddem/attack. [Alexandre Dulaunoy]

Mitre ATT&CK Tactic - Merge remote-tracking branch 'upstream/2.4' into attack. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into attack. [Sami Mokaddem] - Add: [stix] Added test files for stix (1 & 2) import & export. [chrisr3d]

Including: - MISP events that can be tested in export - STIX 1 & 2 files resulting from the export of the MISP events, that can be used as well in order to test the import scripts - Add: [stix2 import] Importing asn objects. [chrisr3d] - Add: [stix1 import] Importing AS STIX objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3345 from mokaddem/favicon. [Andras Iklody]

Favicon - Merge branch '2.4' of https://github.com/MISP/MISP into favicon. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix2 export] Exporting asn MISP objects. [chrisr3d] - Add: [stix1 export] Exporting asn object. [chrisr3d] - [stix2 export] Removed intermediary 1 line functions. [chrisr3d] - [stix2 export] Improved some dictionary use/call. [chrisr3d] - Add: [stix2 export] Exporting stix2-pattern MISP objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix1 import] Importing Account Objects as credential MISP Objects. [chrisr3d] - Add: [stix1 export] Exporting credential MISP objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3330 from dawid-czarnecki/2.4. [Andras Iklody]

new: Add email field autofocus on login page - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [Diagnostic] Added maec python library requirements. [chrisr3d] - Merge branch 'samimagic' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge pull request #3323 from RichieB2B/ncsc-nl/rhel-python3. [Alexandre Dulaunoy]

Enable python3 for php-fpm for RHEL/CentOS - Enable python3 for php-fpm for RHEL/CentOS. [Richard van den Berg]

v2.4.92 (2018-06-07)

New

  • [ACL] Added new role permission: publish_zmq. [iglocska]

  • permission flag to use the "publish to ZMQ" button

  • [performance] Made the deadlock fix optional. [iglocska]

  • old behaviour by default or if the setting is disabled

  • new behaviour with non transactional attribute add / correlation add
  • Batch delete should hard delete if event hasn't been published yet, fixes #3311. [iglocska]
  • [API] objects/add now supports uuids and the version number. [iglocska]

  • API: /objects/add/[template_id]/[version]

    • template_id can be a UUID
    • version is an optional parameter to select the specific version of a template if searching by uuid
  • Hard delete attributes when event was never published, fixes #3311. [iglocska]
  • [performance] Massive performance gains for the warninglists. [iglocska]
  • [tooling] Added benchmark tool to AppModel. [iglocska]

  • create name benchmark runs

  • start at different levels of the code's execution
  • aggregated mode allows summed execution times over many iterations of a code path
  • show peak memory usage or full memory usage timeline of the execution history
  • Added CyberCure Blocked IP,Blocked URL & Malware hash feeds (http://docs.cybercure.ai/) [Mona]
  • Stricter validation of baseurl when coming via the API tool. [iglocska]
  • Show galaxy namespaces and allow the loading of the new field. [iglocska]
  • New flash message system, fixes #3252. [iglocska]

  • 3 types of flash messages (success, error, warning)

  • uses bootstrap's own classes/structure

Changes

  • [version] VERSION bump. [iglocska]
  • Bump PyMISP version. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-warninglists] updated to the latest version. [Alexandre Dulaunoy]
  • [misp-objects] updated to the latest version. [Alexandre Dulaunoy]
  • [API] Adding a tag will no longer throw exceptions if the tag already exists. [iglocska]

  • instead the existing tag is returned for further reuse along with a HTTP code of 200

  • [misp-object] updated to the latest version. [Alexandre Dulaunoy]
  • [cleanup] Benchmarking calls removed. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • [stix1 export] Improved journal entries function. [chrisr3d]
  • Added remaining parts of the pymisp / new stix diagnostic tool. [iglocska]
  • Allow symlinks for public keys in footer. [Xavier Mehrenberger]

Allows replacing public GPG & SMIME keys (gpg.asc & public_certificate.pem) with symbolic links, to store the actual files in another format. This allows clean separation of MISP code (in webroot) from configuration data.

Our use case: run MISP on top of kubernetes, storing configurations and secrets in dedicated volumes, rather than in the Docker image. - [misp-objects] updated to the latest version. [Alexandre Dulaunoy] - New stixtest.py is a bit more granular and adds a check for pymisp. [iglocska] - [stix1 export] Updated x509 objects export to use the appropriate STIX object. [chrisr3d] - [stix1 export] Updated object attributes parsing functions. [chrisr3d] - [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [UI Filtering] Do not set searchFor in the URL if no value. [Sami Mokaddem]

After a discussion with iglocksa, it is better to fix it js side than server side. - [documentation] Better description of command line APIs / automation. [iglocska] - [misp-taxonomies] copine scale added. [Alexandre Dulaunoy] - [stix1 export] Now using python3 as default for stix1 export. [chrisr3d] - [misp-galaxy] updated to the latest version with namespaces galaxy. [Alexandre Dulaunoy] - Version bump for galaxies. [iglocska] - [Galaxy] Galaxies updated. [iglocska] - [misp-taxonomies] updated to the latest version. [Alexandre Dulaunoy] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]

Fix

  • Removed debug breaking update. [iglocska]
  • [API] Fixed a black hole on API actions via the Objects controller, fixes #3271. [iglocska]

  • Blanket disabling the security component due to the changes in cakePHP for API requests had the side effect that explicit security component stance changes would lead to exceptions

  • Potential fix for the deadlock issue addressing #3264. [iglocska]

  • This will mean a performance hit for correlations / adding attributes in general, but let's see how it goes

  • [stix1 import] Removed errors catching to let the logs have it. [chrisr3d]
  • [object references] Object references can be added to deleted objects/attributes, fixes #3312. [iglocska]
  • [performance] Fixed a serious performance issue with object heavy events. [iglocska]
  • [javascript] Fixed JS broken in IE11 #3306. [Christophe Vandeplas]
  • [stix1 export] Quick fix on attribute data field. [chrisr3d]
  • [stix1 import] Fixed email object import. [chrisr3d]
  • [stix1 import] Fixed Artifact STIX objects import. [chrisr3d]

following the last update on export script - [stix1 export] Fixed and improved some attributes parsing. [chrisr3d] - [performance API] fix performance issues with warninglists via the API. [iglocska] - [performance] slight tuning for the fetchEvent() function. [iglocska] - [validation] Fixed urlOrExistingFilepath validation script no longer uses hard-coded error messages. [iglocska] - [cleanup] Removed non-sensical line. [iglocska] - [stix1 import] Fixed some Galaxy & GalaxyCluster fields. [chrisr3d] - [stix1 import] Fixed event loading function. [chrisr3d]

  • Fixed errors if the event has no 'ttps' field
  • [stix1 import] Fixed whois object name mapping. [chrisr3d]
  • [stix1 export] Quick fix of set_tlp function. [chrisr3d]
  • [stix1 export] Fixed Tags journal entries. [chrisr3d]
  • [stix2 export] Cosmetic fix of stix2 report labels. [chrisr3d]
  • [stix2 import] Fixed 'from' attribute type mapping for email object. [chrisr3d]
  • [stix1 import] Fixed Whois object attributes import. [chrisr3d]

  • Following the latest changes on Whois object export

  • Typo fixed in the tag element, preventing the quick filter from working. [iglocska]
  • Allow updateDatabase to accept numbers. [iglocska]
  • Added missing lookup for pymisp versions via the diagnostics. [iglocska]
  • Reflected XSS via the event view. [iglocska]

  • users arriving on an event view via a malicious URL with a javascript payload and then clicking on the show deleted attributes tab would trigger the payload

  • as reported by Jarek Kozluk from zbp.pl

  • [stix2 import] Fixed Custom object import attribute type. [chrisr3d]
  • [stix2 import] Fixed custom object import type defining for composite attributes. [chrisr3d]
  • [stix1 import] Fixed objects name common case definition. [chrisr3d]
  • [stix1 import] Fixed x509 object name mapping. [chrisr3d]
  • [stix2 export] Fixed class variable call. [chrisr3d]
  • [stix1 export] Fixed dictionary comma. [chrisr3d]
  • [stix2 import] Improved process object parsing. [chrisr3d]
  • [stix2 export] Improved regkey objects mapping. [chrisr3d]
  • [stix2 export] Fixed Custom object type typo. [chrisr3d]
  • [stix2 export] Added forgotten processes related function call. [chrisr3d]
  • [stix2 import] Removed useless return functions. [chrisr3d]
  • [stix1 import] Fixed object relations for attributes of network connection object. [chrisr3d]
  • [stix2 import] Fixed event loading. [chrisr3d]
  • [stix2 export] Fixed observable object creation for port & ip|port attributes. [chrisr3d]
  • [stix1 export] To be sure we're always using utf-8. [chrisr3d]
  • [CLI] Allow for empty baseurl via the CLI. [iglocska]
  • [UI] Fixed the annoying galaxy collapse issues. [iglocska]
  • [UI] Fix to the galaxy cluster expand. [iglocska]
  • [UI] automation page cleanup. [iglocska]
  • [UI] fixed broken collapse/expand of galaxy clusters. [iglocska]
  • [API] Add object request has been black-holed. #3271. [iglocska]

  • blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions

  • [UI filtering] be sure that '0' is not interpreted as empty. [Sami Mokaddem]
  • [API] Add object request has been black-holed. #3271. [iglocska]

  • blanket disabling the security component for API requests clashes with explicit disabling of certain security component features in the objects controller causing exceptions

  • Invalid flash message fixed when editing an attribute. [iglocska]

  • was showing an error on success

  • [UI filtering] Attribute quick filter broke all the tabbed filters, fixes #3247. [iglocska]
  • Fixed endlessly spinning loading animation when fetching a PGP key that cannot be found. [iglocska]
  • [cleanup] removed debug, fixes #3257. [iglocska]
  • [stix1] Updated install & update instructions for stix, cybox & mixbox libraries. [chrisr3d]
  • Fixed editing servers to add a server certificate not saving said certificate. [iglocska]
  • Fixed a DOM based XSS with cortex type attributes. [iglocska]

  • as reported by Dawid Czarnecki (dawid@pz.pl)

  • Various fixes to the add feed action/view. [iglocska]
  • Ignore camelised vs underscored controller name differences in the ACL. [iglocska]
  • User add form loses checkbox settings on failed submission when returning the user to the form. [iglocska]
  • Invalid pluralisation. [iglocska]
  • Fixed layout. [iglocska]
  • Fixed some menu misalignment with debug mode off. [iglocska]
  • Minor cleanup of the default layout. [iglocska]
  • Fixed some issues with the new notifications. [iglocska]
  • [stix1 import] Fixed uuid fetching when a STIX object has no id. [chrisr3d]
  • [stix1 import] Fixed test to define if a STIX file is from MISP. [chrisr3d]
  • [stix1 export] Atm skipping objects not mapped yet for export. [chrisr3d]
  • [stix1 export] Fixed reference creation for process object when the reference is an attribute. [chrisr3d]
  • [stix1 import] Commented atm not used attribute in object process. [chrisr3d]
  • [stix1 import] Fixed name of MISP objects parsing for import. [chrisr3d]
  • [stix1 export] Quick fix on variables. [chrisr3d]
  • [stix1 export] Cleaned indentation typo. [chrisr3d]
  • Fixed invalid org lookup on the attribute index resulting in some notices thrown. [iglocska]

Other

  • Bump recommended version of PyMISP. [Raphaël Vinot]
  • Merge pull request #3316 from jezkerwin/2.4. [Andras Iklody]

Quoted scl commands to properly execute python3 + cwd for Cake Install - Quoted scl commands to properly execute python3 + cwd for Cake Install. [jezkerwin]

Installing Cybox and STIX libraries, the SCL command to install won't properly run unless being quoted. Added command to change working directory to /var/www/MISP before installing Cake - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'deadlockfix' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3310 from jezkerwin/2.4. [Andras Iklody]

Remove contact details, they don't really need to be in there - Remove contact details, they don't really need to be in there. [jezkerwin] - Merge branch 'performance_benchmarking' into 2.4. [iglocska] - Test: [benchmark] Added benchmarks for warninglist runs. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3307 from cvandeplas/2.4. [Andras Iklody]

fix: [javascript] Fixed JS broken in IE11 #3306 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3301 from LDO-CERT/2.4. [Alexandre Dulaunoy]

fix Typo in MISP settings - Fix Typo in MISP settings. [garanews]

fix Typo in MISP settings - Fix Typo in MISP settings. [garanews]

fix Typo in MISP settings - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix1 import] Importing Galaxies & Tags from journal entries. [chrisr3d] - Add: [stix1 import] Importing Event threat level. [chrisr3d] - Add: [stix1 import] Importing vulnerability attributes. [chrisr3d] - Add: [stix1 import] Parsing link attributes in information_source references. [chrisr3d] - Add: [stix1 import] Parsing attributes from journal entries. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix1 export] Exporting Whois MISP objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3269 from Lastpixl/2.4. [Andras Iklody]

chg: allow symlinks for public keys in footer - Merge pull request #3287 from StefanKelm/2.4. [Andras Iklody]

Default sort order for timestamp / date reversed on click for Feed preview index - Update preview_index.ctp. [StefanKelm] - Merge pull request #3288 from RichieB2B/ncsc-nl/python3. [Andras Iklody]

Update installation instructions for STIX export - Install pymisp for python3. [Richard van den Berg] - Use python3 to install stix/cybox/mixbox libraries. [Richard van den Berg] - [stix1 export][stix2 import] Kept only usefull pymisp library import. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: [stix1 import] Importing x509 Certificate objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3283 from SteveClement/2.4. [Andras Iklody]

Very small change to give the user a hint that multiple attachments can be uploaded - - reAdded Debian Testing instructions… [Steve Clement] - - Make allusion to the fact that you can select multiple files in in the browse window. [Steve Clement] - Add: [stix2 import] Importing network-socket objects. [chrisr3d] - Add: [stix2 export] Exporting network-socket objects. [chrisr3d] - Add: [stix2 import] Added AS in the list of parsed attributes. [chrisr3d] - Add: [stix2 import] Importing process stix2 objects. [chrisr3d] - Add: [stix2 export] Exporting process MISP object. [chrisr3d] - Add: [stix2 export] Added AS in the mapped attributes. [chrisr3d] - Add: [stix1 export] Added x509 Certificate STIX object namespaces. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3280 from 0x150/remove-leading-tab. [Andras Iklody]

Remove leading tab - Remove leading tab. [iso] - Merge pull request #3281 from cryptba1/cybercure-feeds. [Alexandre Dulaunoy]

new: Added CyberCure Blocked IP,Blocked URL & Malware hash feeds (htt… - Merge pull request #3279 from RichieB2B/ncsc-nl/stixfixes. [Alexandre Dulaunoy]

Add timestamp to outer STIX_Package - Add timestamp to outer STIX_Package. [Richard van den Berg] - Merge pull request #3277 from RichieB2B/ncsc-nl/stixfixes. [Alexandre Dulaunoy]

Fix STIX export corner cases - Support multiple AttributedThreatActors correctly. [Richard van den Berg] - Fix spaces. [Richard van den Berg] - Initialize incident.attributed_threat_actors when not set. [Richard van den Berg] - Fix tabs. [Richard van den Berg] - Do not break when observable creation fails. [Richard van den Berg] - Fix STIX TestMechanisms. [Richard van den Berg] - Do not fail on unknown attribute types. [Richard van den Berg] - Write STIX json in text mode. [Richard van den Berg] - Do not catch exceptions that should go to exec-errors.log. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3262 from RichieB2B/ncsc-nl/stix-python3. [Christian Studer]

Use python3 interpreter for STIX exports - Write STIX file in utf8. [Richard van den Berg] - Fix STIX diagnostics: use python3. [Richard van den Berg] - Merge pull request #3268 from SteveClement/2.4. [Steve Clement]

Debian Testing install - - Fixed curl. [Steve Clement] - - Added curl to update galaxies/taxonomies/warninglists/objectTemplates. [Steve Clement] - - Added yara. [Steve Clement] - - Checkout "default" it's 2.4 at what you really want. [Steve Clement] - - Added misp-dashboard. [Steve Clement] - - Remove > /dev/null foo. [Steve Clement] - - Added pymisp and modules as well as cake CLI commands. [Steve Clement] - - Debian testing install. [Steve Clement] - Merge pull request #3267 from mokaddem/issue_3247. [Andras Iklody]

fix: [UI filtering] be sure that '0' is not interpreted as empty. - Git push origin 2.4 Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix1 export] Supporting export of not mapped MISP objects as STIX Custom object. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - [stix1 export] typo. [chrisr3d] - Add: [stix1 export] Added namespaces for WindowsService object. [chrisr3d]

  • goes with commit eaedccb3f64bfa3a704c68f0e4a42b6df99d29dd
  • forgot to include it with the commit \o/
  • Add: [stix1 export] Supporting windows-service-name attribute export. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #3250 from WaryWolf/gpg-agent-fix. [Alexandre Dulaunoy]

Add config mapping for 'gpgconf' option in Crypt_GPG library. - Add config mapping for 'gpgconf' option in Crypt_GPG library. [Anthony Vaccaro]

This option not only sets the location of the gpgconf binary, but if set to false, disables behaviour that shuts down running agents when a Crypt_GPG object is destroyed. This behaviour would also kill any long-running or daemonised agents that are running and configured in the gpg.homedir directory. - [stix1 export] Edited indicator id. [chrisr3d] - Add: [stix1 export] Added reference between process and other objects. [chrisr3d] - Add: [stix1 import] Little update following the process object export support. [chrisr3d] - Add: [stix1 export] Exporting Process MISP objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: [stix1 export] Exporting network-socket MISP objects. [chrisr3d] - Add: [stix1 export] Exporting network connection MISP objects. [chrisr3d]

v2.4.91 (2018-05-15)

New

  • Remove galaxy cluster information from the sync mechanism for now. [iglocska]

  • currently galaxy clusters aren't shared anyway, no point in blowing up the data size / processing time

  • Added attribute level galaxy clusters. [iglocska]
  • Added option to include base64 encoded attachments in the ZMQ output, fixes #3169. [iglocska]
  • [stix1 import] Starting parsing related observables in documents from misp. [chrisr3d]
  • [Export] Added a secondary CSV export that includes more context to the UI download tool. [iglocska]
  • First implementation of the Noticelist system ready. [iglocska]
  • Added noticelist view. [iglocska]
  • Noticelist system added. [iglocska]
  • Refactor of the warning message for the add attribute view. [iglocska]
  • Added chartjs dependency. [Sami Mokaddem]
  • Possibility to show/hide distribution repartition of event/attr/objAttr chg: layout adaptation. [Sami Mokaddem]
  • Show elements having a distribution lower than the event distribution in the distribution graph. [Sami Mokaddem]
  • Possibility to view connected communities and concerned sharing groups in distribution graph's tooltip. [Sami Mokaddem]
  • Added warning about missing warninglists used for TLD resolution in the freetext import tool. [iglocska]

  • following the twitter feedback

  • Added event enrichment functionality. [iglocska]

  • select and run a set of enrichments on all applicable attributes of the event

  • exposed to the API
  • exposed to the command line tool
  • adheres to attribute distributions
  • Added Feed management API. [iglocska]

  • add/edit/delete feeds via the API

  • new APIs are RestResponseComponent aware
  • GET on add/edit to receive usage information

Changes

  • [PyMISP] updated to latest version. [Alexandre Dulaunoy]
  • [stix1 export] Added object name in observable composition id. [chrisr3d]

For an easier import - [stix1 import] Better distinction in the parsing between indicators & observables. [chrisr3d]

Following the latest changes on stix1 export (avoiding systematic observable compositions for MISP objects representation) - [stix1 import] Improved regkey object parsing. [chrisr3d] - [stix1 export] Exporting ip|port & hostname|port as socket address object. [chrisr3d]

Instead of creating an observable composition - [misp-warninglists] updated to the latest version. [Alexandre Dulaunoy] - [stix1 export] Better parsing MISP objects. [chrisr3d] - [stix1 export] Improvement of some functions. [chrisr3d] - [API] Attaching a tag to an object no longer throws an exception if the tag already exists, fixes #3245. [iglocska]

  • just emits positive vibes by saying that no changes had to be made
  • [misp-object] updated to the latest version. [Alexandre Dulaunoy]
  • [validation] Change the unique validation for attributes to be escaped if an object ID is set, as opposed to an object relation. [iglocska]
  • [debug] Added debug of failed mass edits to returned JSON. [iglocska]
  • Only run the automatic worker restart on upgrade if background processing is enabled. [iglocska]
  • Allow /objects/edit/id to accept a UUID instead of a local ID. [iglocska]
  • Modified how network socket are parsed using the latest created misp object. [chrisr3d]
  • [Controllers] sets the ajax variable globally. [Sami Mokaddem]

As well as removing useless set in controllers and accessing it instead of passing through the request. - Added misp noticelists as a submodule. [iglocska] - [DistributionGraph] addition of tooltip. [Sami Mokaddem]

Replaced percentage text in the sharing group progressbar by a tooltip giving more information - [EventController] replaced if/else by ternary condition. [Sami Mokaddem] - Trying not to break the MVC pattern. [Sami Mokaddem]

Server model is not passed to the constructor anymore, as well as the Organisation model. - [DistributionGraph] added distribution description text in the info popup. [Sami Mokaddem] - [distributionGraph] support of the sharing group event distribution chg: [distributionGraph] code cleanup. [Sami Mokaddem] - Update __query version. [Sami Mokaddem] - Show all by default. [Sami Mokaddem] - Doughnut part color. [Sami Mokaddem] - Updated description tooltip text. [Sami Mokaddem] - Sanitization of data for distribution graph. [Sami Mokaddem] - Add additional distribution info about to whom we are sharing even if we don't have element on this distribution level. [Sami Mokaddem] - Replaced radar chart to doughnut chart. [Sami Mokaddem] - Moved sharing group outside of the distribution progressbar (as it is a special case), distribution range is displayed when clicking on the pb labels and lots of minor improvements. [Sami Mokaddem] - Changed distribution graph popover title. [Sami Mokaddem] - Removed useless prints. [Sami Mokaddem] - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - Bump PyMISP. [Raphaël Vinot] - First round of refactoring of the side menu. [iglocska] - Changed the org admin role to not have sync privileges by default. [iglocska]

Fix

  • Detaching galaxy clusters from attributes was using the old function name. [iglocska]
  • Attachcluster to object attributes fails due to no flattening. [iglocska]
  • Validation issue for objects fixed. [iglocska]
  • Fixed an invalid link when attaching a cluster via all galaxies. [iglocska]
  • Version bump. [iglocska]
  • [stix1 import] Catching port type while importing ip-port MISP objects. [chrisr3d]
  • [stix1 import] Testing if related_indicators/observables is in a document before watching it. [chrisr3d]
  • [stix1 import] Fixed distinction between atttribute values. [chrisr3d]

  • MISP attributes can be INT sometimes, so read the 2nd comment

  • Previously an INT attribute value did not satisfy the condition, which made it considered as objects attributes and tried to create a MISP object instead of a single attribute

  • [stix1 export] Fixed objects and observables IDs generation. [chrisr3d]
  • [stix1 import] Fixed missing self argument. [chrisr3d]
  • [stix1 import] Fixed some attribute parsing function calls. [chrisr3d]
  • Some cleanup. [iglocska]
  • Added documentation of server setting modifications via the console. [iglocska]

  • also added left-off server setting for enabling attachments via ZMQ

  • [stix1 export] Fixed my omission of ids flag parsing for x509 MISP objects. [chrisr3d]
  • [stix1 export] Quick fix on attribute data field test. [chrisr3d]
  • Fixed the enabled field missing for non site admin users in warninglsits / noticelists. [iglocska]
  • [validation] Fixed an issue with the unique attribute validation rule blocking legitimate use-cases. [iglocska]

  • adding an attribute with a matching pair or category/type/value in an existing object-contained attribute would be incorrectly flagged as violating the attribute uniqueness rule

  • Don't lowercase the controllername for the ACL Component. [iglocska]
  • [UI] Fixed the field name for input source in the feed edit view. [iglocska]
  • [Feed caching] Readded the feed correlations for non correlating attributes. [iglocska]

  • it was breaking the indexing for the attached correlations

  • [ACL] Fixed the side menu url to the correct capitalisation for the populate from button. [iglocska]
  • [ACL] Made the ACL system's behaviour more lax when it comes to capitalisation mistakes in the URL, fixes #3240. [iglocska]
  • [API] Tightened the disabling of the security component to counter the effects of cakephp 2.10.x. [iglocska]
  • Bumped noticelist version. [iglocska]
  • Restart the workers due to the new cakephp version causing issues. [iglocska]
  • Remove form tampering for REST requests. [iglocska]

  • makes MISP compatible with 2.10.x

  • No point in running the security component's test since no form is submitted via REST anyway.
  • Changed filepath of noticelist not reflected in update script. [iglocska]
  • Cakephp version bumped to latest 2.x. [iglocska]

  • also gets rid of the stupid mcrypt requirement that breaks compatibility with newer ubuntu versions

  • Edge case with empty objects caused barf [iglocska]
  • Account for alternate format for /objects/edit. [iglocska]

  • I need to take a shower after this fix

  • Fixed invalid indeces in the feed lookup via the event view. [iglocska]
  • Fixed broken objects/edit. [iglocska]
  • Fixed object add. [iglocska]
  • Fixed name change of variable breaking /objects/add. [iglocska]
  • Added the missing schemaloc namespace for system objects. [chrisr3d]
  • Handle no template being passed to objects/add correctly. [iglocska]
  • Fixed object->attribute references not being captured correctly. [iglocska]
  • [DistributionGraph] include metadata for all distribution level. [Sami Mokaddem]

When fetching distribution graph data, returns information about all distribution level (even not concerned). - Removed break point cough [iglocska] - Don't redirect users to terms page if no terms page is set. [iglocska] - [CorrelationGraph] set the undefined ajax variable when pivoting from a taxonomy tag / galaxy cluster in fullscreen. [Sami Mokaddem] - Fixed an issue with the notice message container showing invalid default data. [iglocska] - Fixed regkey value string. [chrisr3d] - Added missing space after the taxonomy name on the taxonomy view. [iglocska] - Fixed email observable type parsing. [chrisr3d] - Using an existing relationship between a process and its network connections. [chrisr3d] - Directly take the sharing group name from the event. [Sami Mokaddem]

Do not fetch the sharing group name as it is already included in the event. + fixed a css glitch - [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy] - [DistributionGraph] incorrect number in the sg progressbar tooltip. [Sami Mokaddem]

Set the correct number of involved sharing instead of the sum of sharing group in the sg progressbar tooltip - Fixed a bug that prevented servers from being added. [iglocska] - [DistributionGraph] sharing group search and uniqueness of results. [Sami Mokaddem]

fix a bug where filtering per sharing group was not inlcuding inherit attributes. Enforce uniqueness of involved entities. - Fixed distribution level swapping when filtering from the distribution chg: moved styling into css new: Loading gif when building the distribution graph. [Sami Mokaddem] - Avoid redrawin distribution graph when closin its popover + reset pb ticks offset at each draw. [Sami Mokaddem] - Replaced hardcoded eventID by the real event id. [Sami Mokaddem] - Support of filtering for distribution=0 (empty(0) is true ini php). Also, only consider attr and obj_attr (ignoring object as they only carry meta-data) [Sami Mokaddem] - Honour MISP.completely_disable_correlation on attribute/event save/delete action. [Eugenio Paolantonio] - Typo. [chrisr3d] - Fixed typo of a string function. [chrisr3d] - Attribute values that are too long for mysql text fields don't generate warnings and just truncate, fixes #3196. [iglocska]

added validation error - Removing galaxy filters in the galaxy view would redirect to an invalid url, fixes #3201. [iglocska] - Allow "json" not to be set when adding a server via the API. [iglocska] - Fixed /servers/add via REST API not working, fixes #3202. [iglocska]

  • corrected list of parameters
  • added sane defaults so that only the minimum list of fields is actually required
  • fixed a bunch of stuff that was just plain broken with this API
  • Low timeout added for module introspection to fix performance bottlenecks. [iglocska]
  • Testing if references before looping on it. [chrisr3d]
  • Inverted 2 type values of a DNS Record. [chrisr3d]
  • Fixed events from MISP recognition. [chrisr3d]
  • Fixed copy pasta fail. [Andras Iklody]

As reported by @truckydev - Fixed path / filename split case. [chrisr3d] - Fixed InformationSource references in STIX incident object. [chrisr3d] - Source Format -> Input Source (C/P mistake) [Raphaël Vinot] - Function object typo. [chrisr3d] - Fixed library import. [chrisr3d] - Don't correlate attribute to feeds if the correlations are disabled on the attribute. [iglocska] - Fixed a typo in the side menu rework. [iglocska] - Allow filename as an alternative for parsed domains/hostnames. [iglocska] - PyMISP version 2.4.90. [Alexandre Dulaunoy] - Added some sanitisation to the new view. [iglocska] - Fixed namespaces (causing bugs if not set) [chrisr3d] - Fixed external ids field type. [chrisr3d] - Object templates updated to the latest version. [Alexandre Dulaunoy] - Fixed weird error message if an ajax query goes wrong. [iglocska] - Hide buttons to create proposals for read only users, fixes #3187. [iglocska] - Added event enrichment to the ACL. [iglocska] - Editing an attribute was not setting the distribution level to the previous value. [Sami Mokaddem] - Changed "xhtml:body" into "xhtml:div", to avoid creating a body DOM which cause listener on the original body to bug. Incremented js number and check if request is ajax or not in ObjectController. [Sami Mokaddem] - MISP warning-lists updated to latest version. [Alexandre Dulaunoy] - Removed print. [chrisr3d] - Fixed an issue where attribute searches via the UI would incorrectly return all visible data. [iglocska] - Fail gracefully during single user PGP key checks on the user view. [iglocska] - Fixed relationships in object references. [chrisr3d] - Fixed editing feeds via the UI. [iglocska] - Session.cookie_timeout could not be saved correctly, fixes #3182, fixes #3171. [iglocska] - Downasides -> downsides. [Raphaël Vinot] - Fixed empty event tags on the event index api. [iglocska] - After adding a tag via the API MISP would always return the first tag, fixes #3159. [Andras Iklody] - Cull empty event tags for event index. [iglocska] - Fixed previewing image attachments via the feeds. [iglocska] - Fixed some obscure translation errors between python 2 & 3. [chrisr3d] - Fixed monkey copy paste errors. [chrisr3d] - Fixed some mapping issues. [chrisr3d]

-> Threat level name & incident status name mapping - Fixed color mapping issue that avoided Marking creation. [chrisr3d]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Version bump. [iglocska]
  • Add: [stix1 import] Now importing MISP objects from related observables. [chrisr3d]
  • Add: [stix1 import] Added CustomObjects parsing. [chrisr3d]
  • Add: [stix1 export] Added socket address object namespace. [chrisr3d]
  • [stix1 export] Removed no longer used observable composition for ip|port. [chrisr3d]
  • [stix1 export] Reusing little functions. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Add: [stix1 import] Importing reply-to attributes. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • [misp-galaxy] updated to the latest version. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3237 from StefanKelm/2.4. [Andras Iklody]

Update attributeConfirmationForm.ctp - Update attributeConfirmationForm.ctp. [StefanKelm]

Match message text with what is being displayed at event view - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Added description for the latest functions created. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'global_ajax' into 2.4. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'smallfixes' into 2.4. [iglocska] - Add: Parsing hostname while importing network connection or socket object. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3233 from mokaddem/global_ajax. [Andras Iklody]

chg: [Controllers] sets the ajax variable globally - Add: Importing System objects containing mac addresses. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: Added namespace for the latest STIX object supported in our exporter. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: Parsing email-reply-to attributes. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3232 from SteveClement/2.4. [Steve Clement]

Amended Ubuntu ssdeep instructions - Added 18.04 install file - - Added Ubuntu 18.04 instructions. [Steve Clement] - - updated ssdeep instructions. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: Exporting mac-addresses. [chrisr3d] - [doc] features about new correlation engine added. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3223 from SteveClement/2.4. [Steve Clement]

  • Added mascot drafts
    • Added mascot drafts. [Steve Clement]
  • Merge remote-tracking branch 'upstream/2.4' into 2.4. [Sami Mokaddem]
  • Merge remote-tracking branch 'upstream/2.4' into distributionGraphDonut. [Sami Mokaddem]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3214 from mokaddem/distributionGraphDonut. [Andras Iklody]

Distribution graph - Merge remote-tracking branch 'upstream/2.4' into distributionGraphDonut. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into distributionGraph. [Sami Mokaddem] - Changed distribution label in distribution graph (removed distribution number) [Sami Mokaddem] - Center distribution graph inside the popover. [Sami Mokaddem] - Changed behavior of distribution progressbar: Display event distribution along with the maximum distribution level of the items inside the event. [Sami Mokaddem] - Changed distribution graph popover title. [Sami Mokaddem] - Removed useless codes. [Sami Mokaddem] - Updated ACLComponent. [Sami Mokaddem] - Feature: progress bar showing the range of the maximum distribution of all items. Moved radar graph and progressbar in a popover. [Sami Mokaddem] - Possibility to filter valueInFieldAttribute with multiple value. distribution graph support inherit distribution level. [Sami Mokaddem] - Allow filtering attributes based on specific columns (previsouly not accessible) like distribution. Partial support of onClick for distribution graph. [Sami Mokaddem] - Merge remote-tracking branch 'upstream/2.4' into distributionGraph. [Sami Mokaddem] - Initial version of the distribution graph. [Sami Mokaddem] - Add: Parsing network connections in process objects. [chrisr3d] - Add: Starting parsing process objects. [chrisr3d] - Merge pull request #3215 from ts-way/for-upstream/disable- correlations-fix. [Andras Iklody]

Honour MISP.completely_disable_correlation on attribute/event save/delete action - Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] - Merge pull request #3212 from StefanKelm/2.4. [Alexandre Dulaunoy]

Update event-graph.js - Update event-graph.js. [StefanKelm] - MISP taxonomies updated. [Alexandre Dulaunoy] - Add: Starting parsing network socket objects. [chrisr3d] - Add: Starting parsing network connection objects. [chrisr3d] - Merge branch 'stix' into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3205 from stephengroat/patch-1. [Alexandre Dulaunoy]

cleanup travis and move to requirements.txt - Cleanup travis and move to requirements.txt. [Stephen] - Add: MISP objects template updated to the latest version. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: Now resolving domain/uri with relationship 'Resolved_To' to ip addresses. [chrisr3d] - Fixed an absent-mindedness due to my chocolate consumption. [chrisr3d] - Better DNS objects parsing. [chrisr3d] - Add: Starting parsing some DNS record objects. [chrisr3d]

  • atm parsing attributes that exist in MISP (domain & ip)

  • able to parse DNS related attributes but need to define how to map it in MISP

  • Updated stix header title. [chrisr3d]

The header is actually skipped in MISP and the one from misp2stix_framing is used, but usefull for command line tests - Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'stix' into 2.4. [chrisr3d] - Removed print... [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Atm set the version to 1.1.1 to keep compatibility. [chrisr3d]

... with the previous misp2stix script - Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into stix. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3190 from MISP/quickfix-eventGraph-popover. [Andras Iklody]

fix: Do not append popover content (from event graph) into body - Feature-contextualMenu: Possibility to specify the container in which to append the menu. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3188 from mokaddem/edit_attribute_distribution_fix. [Andras Iklody]

quickfix: editing an attribute was resetting its distribution level - Merge branch 'correlation_integration' into 2.4. [iglocska] - Sanitize event_id + bit refacto. [Sami Mokaddem] - Slight ui adjustement. [Sami Mokaddem] - Feature: Support of fullscreen in correlation graph in the event view. [Sami Mokaddem] - Correlation graph in event view. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Precising error type to better catch where an error is. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Args & string formatting typo. [chrisr3d] - Merge pull request #3183 from StefanKelm/2.4. [Andras Iklody]

Update Log.php - Update Log.php. [StefanKelm]

Alphabetically sort list of Actions pull-down menu within "Search Logs" - Add: Making references between objects in the event created while importing STIX. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: Added Windows Service objects parsing. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Added dedscription for each function. [chrisr3d] - Added return statement. [chrisr3d] - Turned ttps into class object in order to clean parameters. [chrisr3d] - Removed self repetition when not required. [chrisr3d] - Making the module work for both python 2 & 3. [chrisr3d] - Removed print & added confirmation message at the end. [chrisr3d] - Removed dependencies modules merged in this one. [chrisr3d] - MISP to stix, cybox & ciq in 1 module (class methods) [chrisr3d] - MISP to STIX export refactored & updated to work with python3. [chrisr3d]

v2.4.90 (2018-04-21)

New

  • Add download buttons for user profiles. [iglocska]
  • Added the extended event lookup to the edit event view. [iglocska]
  • Preview the extended event ID / UUID. [iglocska]

  • Also, cleanup of the nasty event tag code

  • Added the cookie_timeout setting. [iglocska]

  • still needs some back-end changes for it to be active

  • Made the threat_level_id filter for the attribute search more flexible. [iglocska]
  • Added new field threat_level_id to /attributes/restSearch. [iglocska]
  • Added getEventInfoById API. [iglocska]
  • Added warning and link to the console tasks to the Task index. [iglocska]

  • let's deprecate this crap

  • Added section that describes the command line functions to the automation page. [iglocska]
  • Cleanup of server push, feed fetch, fed cache console commands. [iglocska]
  • Rework of the server/feed command line tools, 🚧. [iglocska]
  • Added improvements to the Cortex settings. [iglocska]

  • allow for configuring SSL options for Cortex

  • previously the API key was not passed to Cortex on GET requests only on POST, breaking Cortex 2 compatibility
  • Added event_timestamp parameter to attributes restsearch. [iglocska]
  • Extended event first iteration added. [iglocska]

  • when adding/editing an event, add another event's UUID as an extended event UUID to extend the targeted event with the current

  • extender events can be viewed in the merged event view
  • Added event/attribute add/edit to the restresponse describe functionality. [iglocska]
  • Added server setting management via the command line. [iglocska]

  • Usage:

    • /var/www/MISP/app/Console/cake Admin getSetting [setting]
    • setting is optional, if none set "all" is assumed
    • returns all or a specific setting's current value and metadata

    • /var/www/MISP/app/Console/cake Admin setSetting [setting] [value]

    • set a given server setting by full setting name
    • for example the following will enable the import services:
      • /var/www/MISP/app/Console/cake Admin setSetting "Plugin.Import_services_enable" 1
  • This feature was created in support of the CIRCL global conglomerate's APAC HQ in Tokyo

  • Cleanup of role permissions. [iglocska]

  • fixed name of admin -> org admin

  • changed order of org admin <-> site admin
  • descriptions updated and now visible by hovering over any permissions' titles
  • Added separation between enabled feeds and feeds enabled for caching. [iglocska]
  • Add authorization header for Cortex 2 integration. [iglocska]
  • Add event last modified to the event view. [iglocska]
  • Added a small diagnostic tool to debug the impact of a bug fixed in 2.4.89. [iglocska]
  • Allow further role settings. [iglocska]

  • exclude a role from non site admin assignment

  • set max memory usage and execution time / role

Changes

  • Version bump. [iglocska]
  • Changed the extended event lookup box's colour. [iglocska]

  • to appease @adulau

  • Shorten the links on the galaxy references. [iglocska]

  • show the full link in the hover over

  • Added [:] to the refanging options. [iglocska]
  • File path parsing updated following some file MISP object updates. [chrisr3d]
  • Changed the parameter order for the push server shell. [iglocska]
  • Renamed the cachefeeds console command to cachefeed for consistency's sake. [iglocska]
  • Moved the command line functions' description to the server model. [iglocska]
  • Added the command line functions to the automation page's parameters via the controller. [iglocska]
  • Bump PyMISP. [Raphaël Vinot]
  • Renamed the mapping module (which is no longer only a dictionaries file) [chrisr3d]
  • Added x509 fingerprints parsing for MISP objects. [chrisr3d]
  • Dictionaries update to go with the module update. [chrisr3d]
  • Added uuid to the org quick filter. [iglocska]
  • Documented new attributes/restSearch parameters. Also added an example. [iglocska]
  • Refactor of the complex type tool. [iglocska]

  • makes it more readable

  • Removed a succession of conditional statements using a dictionary. [chrisr3d]

Fix

  • Z-index popover issue in event graph. [Sami Mokaddem]
  • MISP galaxy updated. [Alexandre Dulaunoy]
  • Tag removal fixed. [iglocska]
  • Fixed the text of the cookie_timeout setting. [iglocska]
  • Added missing view file. [iglocska]
  • Enforcewarninglist can still accidentally convert the attribute list to an attribute dictionary using attribute fetchAttributes(), fixes #3166. [iglocska]
  • Log seach should allow form resubmissions. [iglocska]
  • Fix to the invalid refanging (Third time's the charm) [iglocska]
  • Fixed invalid refanging. [iglocska]
    • changed to . in url. [iglocska]
  • Bug when plotting event without attribute or object. [Sami Mokaddem]
  • Set correct (previous) phyisic state after dragging. [Sami Mokaddem]
  • Fitting the network more than once can make the camera bug. [Sami Mokaddem]
  • Changed 'removing' text to 'hide' text to avoid confusion. [Sami Mokaddem]
  • Label was not set when display filter was empty. [Sami Mokaddem]
  • Switching back and forth between layout is behaving as expected. [Sami Mokaddem]
  • Physics no longer reset when the layout change. [Sami Mokaddem]
  • Fixed new namespaces definition, in case of issue with namespaces. [chrisr3d]
  • Fixed some random mixbox namespaces issues while using python3. [chrisr3d]
  • Fixed an edge case where an attribute could be created that is tied to an object but has no object relation. [iglocska]
  • Avoiding import fails caused by unparsed STIX types. [chrisr3d]
  • Avoid importing empty objects. [chrisr3d]
  • Extends field now correctly shows a plain uuid if no event was found / visible. [iglocska]
  • Removed the validity check for the event UUID in the extended UUID field. [iglocska]
  • If no extension uuid is added to an event the editing via the UI would fail. [iglocska]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Removed actual file path from the command line functions path. [iglocska]
  • Default behaviour of download_attachments_on_load fixed. [iglocska]
  • Handling the case of some files that are not read because of special caracters. [chrisr3d]
  • Fixed a bug where background jobs for feeds would not work correctly due to headers not being passed along with the feed object. [iglocska]
  • Various fixes to the server shell. [iglocska]
  • Copy pasta fixed. [iglocska]
  • Fixed mess-up with the cortex settings. [iglocska]
  • Fixing some report parsing possible issues. [chrisr3d]
  • Fixed GalaxyCluster import format. [chrisr3d]
  • Fixed STIX objects parsing to avoid errors with not parsable objects. [chrisr3d]
  • Added description parsing as MISP attribute comment. [chrisr3d]
  • Fixed ip-port observable import. [chrisr3d]
  • Fixed ip-port observable export. [chrisr3d]
  • Fixed custom objects parsing. [chrisr3d]
  • Fixed custom object arguments & added exception to create a custom object. [chrisr3d]
  • Fixed duplication of some attributes with unintended values. [chrisr3d]
  • Avoid skipping domain & port values in url object export. [chrisr3d]
  • Fixed pattern from MISP objects parsing separator to avoid unintended spaces. [chrisr3d]
  • Fixed patterns parsing to avoid useless special caracters import. [chrisr3d]
  • Fixed hash type parsing. [chrisr3d]
  • Added misp label to distinguish misp stix2 files. [chrisr3d]
  • Handle a non existent case error for the dictionary to return. [chrisr3d]
  • Fixed some dictionary functions bugs. [chrisr3d]
  • Handling the stix file title None case. [chrisr3d]
  • Changed United States -> United States of America in the org nationality list. [iglocska]
  • Potentially fix an issue if no extended UUID is passed on edit. [iglocska]
  • Autoregenerate causes intermittent logouts, changed the setting description and guidance in the server settings to reflect this. [iglocska]
  • Fixed info field for import from external STIX. [chrisr3d]
  • Added domain restrictions to the possible org index filters, fixes #3147. [iglocska]
  • Added organisation domain restrictions to the org index, partially fixes issue #3147. [iglocska]
  • MISP object templates updated to latest version. [Alexandre Dulaunoy]
  • Some minor fixes. [iglocska]
  • MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
  • ValueNotEmpty() switched to stringNotEmpty for the attribute value validation. [iglocska]

  • Core 1+2 of the new laptop

  • MISP galaxy clusters updated to the latest version. [Alexandre Dulaunoy]
  • Fixed issues with non string server settings when changing them via the console. [iglocska]
  • Unknown meta-category do not longer raise an exception (use a default value instead) [Sami Mokaddem]
  • Fixed missing reason for failure if the freetext import had a single attribute fail during the saving process, fixes #3141. [iglocska]
  • Fix wrong object's deletion buttons title depending on the deleted property. [chkp-aliaksandrt]
  • Editing an object "loses" comment, fixes #3133. [iglocska]
  • Don't try to run the testBaseURL server setting check if the user comes from the CLI. [iglocska]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Tranformed function not using self as staticmethod as it should be. [chrisr3d]
  • Skipping ttps parsing from external stix atm to avoid bugs. [chrisr3d]
  • IDS flag not set when editing attribute, fixes #3126. [iglocska]
  • Date order fixed in event view. [iglocska]

  • Now time for fika

  • Fixed the contactination issue from before. [iglocska]
  • Fixed a crappy event concatination bug for restsearch. [iglocska]
  • Added missing changes in evnet.php. [iglocska]
  • Financial tool result included in event. [iglocska]

  • also removing trailing . from domain names

  • Added pre-fix to cortex2 authorization header. [iglocska]
  • Tied the new diagnostic tool into the ACL. [iglocska]
  • Handling case of stix events without labels. [chrisr3d]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3170 from mokaddem/ref_graph. [Andras Iklody]

Extended event support and tag filtergin in the event graph - Added confirmation box to draw the network based on a threshold. [Sami Mokaddem] - Perf: unset filtered data instead of adding them to a new array (thus, reducing memory consumption by a factor of 2) [Sami Mokaddem] - Being consistent with indentation + removed useless comment. [Sami Mokaddem] - Feature: Possibility to filter on tags. [Sami Mokaddem] - Added comment. [Sami Mokaddem] - Do not clusturize if filtering is enabled + only draw hull around extendeding event in reference scope. [Sami Mokaddem] - Added source from where the original jarvis march algorithm was taken. [Sami Mokaddem] - Feature: Better support of extended event in event graph - Added a colored region for each event extending the current event scope. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3161 from lucamemini/patch-1. [Andras Iklody]

added current server timestamp - Added current server timestamp. [lucamemini]

Addded, on footer, current server timestamp (MySQL Format). Little usability enhanced during debug session, task scheduler edit and log analisys (my server time is UTC, my workstation time is Italy localtime) - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Arguments cleaned up. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3154 from mokaddem/ref_graph. [Alexandre Dulaunoy]

New features for event graph - Updated ACLComponent. [Sami Mokaddem] - Added custom library used by eventGraph (may be added as a submodule in the future) [Sami Mokaddem] - Feature: Added support of extended event in event graph. [Sami Mokaddem] - Merge branch '2.4' of https://github.com/MISP/MISP into ref_graph. [Sami Mokaddem] - Replaced scope rotation key typeahead by selector + removed trailling spaces. [Sami Mokaddem] - Stop physics simulation on node drag. [Sami Mokaddem] - Moved event graph into its own view file. [Sami Mokaddem] - Ui: Added shortcuts as background. [Sami Mokaddem] - Feature: Canvas contextual menu allowing to hide/edit/expand/collapse the selection. [Sami Mokaddem] - Added filtering based on authorized JSON key + JSON key is displayed in the header scope badge. [Sami Mokaddem] - Support of graph per JSON key (using typeahead) [Sami Mokaddem] - Feature: Draft of generic graphing from any key. [Sami Mokaddem] - Feature: Support of Tags in the event graph. [Sami Mokaddem] - Added scope badge and minor css changes. [Sami Mokaddem] - Merge branch 'quick-fix-metacategory-graph' into ref_graph. [Sami Mokaddem] - UI: swap of icon-text for header graph button. [Sami Mokaddem] - Draft of filtering per attribute value. [Sami Mokaddem] - Moved reference logique server-side + First draft of filtering capabilities. [Sami Mokaddem] - Compute graph serverside. [Sami Mokaddem] - Moved layout into Display tab + Created scope and filters (uses action_table js not added yet) DOM. [Sami Mokaddem] - Usage of bootstrap popover instead of floating contextual menu. [Sami Mokaddem] - Possibility to choose the number of character to display in the label. [Sami Mokaddem] - Possibility to choose physics solver in eventGraph. [Sami Mokaddem] - Added expand/collapse all in eventGraph->display. [Sami Mokaddem] - Possibility to search for object_relation in the event graph. [Sami Mokaddem] - Possibility to choose the object_relation to be displayed in the object's label. [Sami Mokaddem] - Added retreiving of object templates in order to let the user choose the field we want to see in the event graph. [Sami Mokaddem] - Added possibility to change physics on the fly. [Sami Mokaddem] - Added physics toogle button for event graph. [Sami Mokaddem] - Fix #3074: Edit button vanishes on cancelled delete. [Sami Mokaddem] - Better support of hierachical view and clutering unreferenced nodes. [Sami Mokaddem] - First draft of hierarchical layout. [Sami Mokaddem] - Fixed bug where the node focus was not performed if the node was already displayed. [Sami Mokaddem] - When searching for a clustered item, it will uncluster it and focus the camera to it. [Sami Mokaddem] - Set correct number of childs in root node label. [Sami Mokaddem] - Added clustering of unreferenced attributes/objects. [Sami Mokaddem] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch 'disable_auto_download' into 2.4. [iglocska] - Made the auto download of attachments when loaded in the browser configurable. [John Doe] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3152 from StefanKelm/2.4. [Andras Iklody]

Default sort order for id / date reversed on click for Server preview index - Update preview_index.ctp. [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Parsing course of action related observables. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] - Parsing more types of external pattern. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] - Merge pull request #3149 from StefanKelm/2.4. [Andras Iklody]

Changes to allowed CVE format and hover output being displayed on top of the attribute - Update Attribute.php. [StefanKelm]

According to https://cve.mitre.org/news/archives/2014/news.html#jan152014_New_CVE_ID_Format_in_Effect_as_of_January_1_2014 the four-fixed-digits requirement has been dropped - Update misp.js. [StefanKelm]

Hover output on top, not to the left - Add: Importing course of action stix objects as new course of action MISP objects. [chrisr3d] - Starting parsing some easy patterns. [chrisr3d] - Add: Added course-of-action object parsing. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] - Add: Added the stix version attribute in stix2-pattern objects. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] - Added description to galaxies. [chrisr3d] - Parsing STIX objects that are imported as Galaxies. [chrisr3d] - Importing vulnerabilities. [chrisr3d] - STIX2 import Refactor. [chrisr3d] - Re-enabled loading event function try/catch procedure. [chrisr3d] - Importing external indicators as stix2-pattern objects. [chrisr3d]

Now on the same state as the current used import module - 🚧 Import module importing things, but need to fix few attributes loss. [chrisr3d] - 🚧 Parsing patterns representing MISP objects. [chrisr3d] - 🚧 Parsing observable objects representing MISP objects. [chrisr3d] - 🚧 Parsing STIX2 objects that give MISP attributes with the import. [chrisr3d] - 🚧 Starting parsing STIX2 from MISP. [chrisr3d] - STIX2 export refactored. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d] - Parsing ip-port objects. [chrisr3d]

  • Observable added
  • Observable & pattern tested
  • 🚧 Parsing file objects. [chrisr3d]

  • observable added

  • observable & pattern tested
  • 🚧 Parsing email objects. [chrisr3d]

  • observable added

  • observable & pattern tested
  • 🚧 Parsing url objects (observable added & tested + pattern tested) [chrisr3d]
  • 🚧 Parsing x509 objects (observable added + pattern & observable tested) [chrisr3d]
  • 🚧 Regkey object parsing + Fix on observable object creation. [chrisr3d]
  • 🚧 Implementing observable objects generation for MISP objects. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d]
  • 🚧 Should now be able to create indicators for MISP objects. [chrisr3d]

  • Patterns generation to be tested

  • 🚧 Parsing Galaxies. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into stix2. [chrisr3d]
  • 🚧 Fixed typo of some attribute values to delete spaces. [chrisr3d]
  • 🚧 Catching errors on indicators and observed data, and creating custom objects instead. [chrisr3d]
  • 🚧 Fixed typo & bugs. [chrisr3d]

  • tests made for indicators

  • 🚧 Dictionary for attributes mapping should be ok. [chrisr3d]
  • 🚧 Always better with a stix package builder and the output file saved. [chrisr3d]
  • 🚧 Handling special misp types. [chrisr3d]
  • 🚧 Should be able to export attributes. [chrisr3d]
  • 🚧 Refactoring to be continued. [chrisr3d]
  • 🚧 Dictionary update to go with stix2 export refactoring. [chrisr3d]
  • 🚧 Refactoring stix2 export & performance improvement. [chrisr3d]
  • 🚧 First try of refactored stix2 parsing. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #3148 from StefanKelm/2.4. [Andras Iklody]

Update row_attribute.ctp - Update row_attribute.ctp. [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Better ttps parsing. [chrisr3d] - Fixed typo. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: Added Course of Action parsing. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #3144 from geertdr/patch-1. [Andras Iklody]

Spelling error update - Spelling error update. [Geert De Ron] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3139 from mokaddem/quick-fix-metacategory-graph. [Andras Iklody]

fix: Event graph stalling when object has unknown-category - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3134 from chkp-aliaksandrt/fix-object-deletion- buttons-title. [Andras Iklody]

fix: Fix wrong object's deletion buttons title - Merge pull request #3135 from StefanKelm/2.4. [Andras Iklody]

Update EventShell.php - Update EventShell.php. [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3125 from StefanKelm/2.4. [Alexandre Dulaunoy]

Removed trustedsec.com and openbl.org - Removed trustedsec.com and openbl.org. [StefanKelm]

Removed https://www.trustedsec.com/banlist.txt and http://www.openbl.org as per https://github.com/MISP/MISP/issues/2541 - Merge pull request #3119 from 3c7/bugfix/url_default_category. [Raphaël Vinot]

Different category in typeDefinition / defaultCategory - Assigned "Network activity" as default category for url in $typeDefiitions as defined in $defaultCategories. [Nils Kuhnert] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3123 from ldelavaissiere/patch-1. [Alexandre Dulaunoy]

Update INSTALL.ubuntu1604.txt to install pip3 - Update INSTALL.ubuntu1604.txt to install pip3. [Laurent de la V]

System complains about missing pip3 when attempting to install support for STIX 2.0 (cf. line 88):

ubuntu@misp:/var/www/MISP/app/files/scripts/mixbox$ pip3 install stix2 The program 'pip3' is currently not installed. You can install it by typing: sudo apt install python3-pip

Therefore suggest to include installation of python3-pip in previous instance of apt-get usage (line 69) - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3106 from ldelavaissiere/patch-1. [Andras Iklody]

Update default.ctp in order to fix issue #3105 - Update default.ctp in order to fix issue #3105. [Laurent de la V]

Re: https://github.com/MISP/MISP/issues/3105 Adding a viewport element giving the browser instructions to set the width of the page to follow the screen-width of the device fixes the issue - Merge pull request #3100 from StefanKelm/2.4. [Andras Iklody]

Use GnuPG consistently - Update default.pot. [StefanKelm] - Update user_management.ctp. [StefanKelm] - Update Server.php. [StefanKelm] - Update default.pot. [StefanKelm] - Update verify_g_p_g.ctp. [StefanKelm] - Update edit.ctp. [StefanKelm] - Update check_and_correct_pgps.ctp. [StefanKelm] - Update admin_email.ctp. [StefanKelm] - Update admin_edit.ctp. [StefanKelm] - Update admin_add.ctp. [StefanKelm] - Update user_management.ctp. [StefanKelm] - Update administration.ctp. [StefanKelm] - Update User.php. [StefanKelm] - Update Server.php. [StefanKelm] - Update ServersController.php. [StefanKelm] - Update EventsController.php. [StefanKelm] - Update AppController.php. [StefanKelm] - Update default.pot. [StefanKelm] - Update fetchpgpkey.ctp. [StefanKelm] - Update README.md. [StefanKelm] - Update CONTRIBUTING.md. [StefanKelm] - Update default.pot. [StefanKelm] - Update misp.js. [StefanKelm] - Update view.ctp. [StefanKelm] - Update edit.ctp. [StefanKelm] - Update admin_view.ctp. [StefanKelm] - Update admin_edit.ctp. [StefanKelm] - Update admin_add.ctp. [StefanKelm] - Update user_management.ctp. [StefanKelm] - Update administration.ctp. [StefanKelm] - Update diagnostics.ctp. [StefanKelm] - Update footer.ctp. [StefanKelm] - Update User.php. [StefanKelm] - Update Server.php. [StefanKelm] - Update Event.php. [StefanKelm] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3071 from AJohnDoe/pass-uuid. [Alexandre Dulaunoy]

Pass attribute UUID to enrichment modules - Pass attribute uuid to enrichment modules. [John Doe] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3064 from 3c7/urlhaus-feed. [Alexandre Dulaunoy]

Added URLhaus (http://urlhaus.abuse.ch) malware urls as feed. - Added URLhaus (http://urlhaus.abuse.ch) malware urls as feed. [Nils Kuhnert] - Removed variables copied/pasted from stix1 but unused in Stix2. [chrisr3d] - Changed imports & only kept only used pymisp functions. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]

v2.4.89 (2018-03-23)

New

  • Added STIX 2.x import to the GUI. [iglocska]
  • Purge all/completed jobs via the job index, fixes #3024. [iglocska]
  • Describe the new changes to the deleteAttributes API. [iglocska]
  • Added self-description of the deleteAttributes API to the api component. [iglocska]
  • Open up the attributes/deleteSelected action to the API. [iglocska]
  • Allow the searching of organisations by uuid on the event index (via the API) [iglocska]
  • Finished the first version of the recovery tool. [iglocska]
  • Object reconstruction after, resolving the ID bug, 🚧. [iglocska]
  • Temp diagnostic tool for orphaned object attributes. [iglocska]
  • RestResponse::describe() now uses generic URLs with optional url parameters instead of showing the currently accessed ID. [iglocska]
  • Include the attribute UUID in the attribute level restsearch. [iglocska]

  • simply pass the includeAttributeUuid flag and set it to 1 via the API

  • Allow requesting of misp standard format for the export modules. [iglocska]

  • just set the require_standard_format to true in the moduleinfo disctionary

Changes

  • Version bump. [iglocska]
  • Query string bumped. [iglocska]
  • Updates to the deleteAttributes API. [iglocska]

  • Allow passing the "all" wildcard value to the attribute id filter

  • Allow passing the "allow_hard_delete" flag to indicate that hard-deletion of soft-deleted attributes is allowed
  • Allow the passing of the event ID via the JSON object for the deleteSelected API. [iglocska]
  • Use <> as delimiters for the freetext import too, fixes #2978. [iglocska]
  • Allow GETing the /tags/edit API. [iglocska]

  • will describe itself

  • no ID needs to be passed for the description

Fix

  • Added annoying missing space between the password field's label and it's tooltip. [iglocska]
  • Handling case of stix events without timestamp. [chrisr3d]
  • Revert one part of timestamp conversion failing. [chrisr3d]
  • Quick fix on timestamps comversion. [chrisr3d]
  • Critical API integrity bug, potentially allowing users to delete attributes of other events. [iglocska]

  • a crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute

  • Get rid of keyboard shortcut footer tool when debug mode is enabled. [iglocska]
  • Handle edge case scenarios where orphaned correlations would throw notices in the event view. [iglocska]
  • PyMISP version is 2.4.89. [Alexandre Dulaunoy]
  • PyMISP recommended version fixed. [Alexandre Dulaunoy]
  • PyMISP updated to the latest revision. [Alexandre Dulaunoy]
  • Various cleanups of the event preview via feeds. [iglocska]
  • Support is isSiteAdmin + undeclared var + z-index. [Sami Mokaddem]
  • Collapse on object_reference + create object_reference close to the parent node when expanding. [Sami Mokaddem]
  • Fixed various potential XSS issues in the resolved attributes view. [iglocska]

  • potentially exposed XSS if a malicious MISP module was loaded on the instance

  • as reported by Christophe Vandeplas (@cvandeplas)

  • PyMISP updated to the latest version. [Alexandre Dulaunoy]
  • MISP taxonomies updated. [Alexandre Dulaunoy]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • MISP objects updated to the latest version. [Alexandre Dulaunoy]
  • Warning lists updated to the latest version. [Alexandre Dulaunoy]
  • Added test to check the presence of a timestamp before trying to assign it to a variable. [chrisr3d]
  • Fixed FileObjectType None values handling. [chrisr3d]
  • Added missing space between the password and the info icon. [iglocska]

  • my OCD demands it.

  • Fixed password complexity popover in the change password view. [iglocska]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Fixed error message if an attribute fails validation via the freetext import tool, fixes #3052. [iglocska]
  • Fixed PDFFileObjectType parsing. [chrisr3d]

(waiting for metadata attributes parsing) - Fixed misp object parsing for cases where there is only 1 attribute. [chrisr3d] - Changed recognition of stix from MISP files. [chrisr3d]

  • Fixed the problem of empty events (for stix from MISP) in the API
  • Also removed not used json event loader which would not have worked in this refactored version
  • Quick fix on object_relation field for port attributes. [chrisr3d]
  • Parsing composite attribute types. [chrisr3d]
  • Added email-attachment to parsed email properties types. [chrisr3d]
  • Fixed various issues with the template views, fixes #3050 among others. [iglocska]
  • Object values reset when set to a custom value from a sane default list, fixes #3049. [iglocska]
  • MISP objects updated to the latest version. [Alexandre Dulaunoy]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Fixed view bug causing object reference deletions to fail, fixes #3041. [iglocska]
  • Parsing pe sections. [chrisr3d]
  • Fixed pe filename value parsing. [chrisr3d]
  • Updated whois parsing function following recent update on whois Object. [chrisr3d]
  • Removed console debug output. [iglocska]
  • Fixed invalid removal of attributes based on blocked tags using the /attributes/restSearch API. [iglocska]
  • Tied the clearjobs function into the ACL and fixed a small text error. [iglocska]
  • Correctly fail validation for invalid composite attributes, instead of throwing an exception, fixes #3025. [iglocska]
  • Fix notice error when attribute is added with no correlation flag set either way. [iglocska]
  • MISP taxonomies updated. [Alexandre Dulaunoy]
  • MISP objects updated. [Alexandre Dulaunoy]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Fixed invalid object deletion text, fixes #3015. [iglocska]
  • Added uuid to organisations in the event index. [iglocska]

  • also unset empty sharing groups from the output

  • Fixes an issue where invalid offsets where inspected within the event add function, fixes #3006. [iglocska]
  • Empty events are created when pulling empty feeds, fixes #3008. [iglocska]

  • as described by Emanuele Acri (@crossbowerbt)

  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Added sightings to object attributes in the JSON output, fixes #3007. [iglocska]
  • Added menu option for object reconstruction in the diagnostics page. [iglocska]
  • Added missing view file for the new object reconstruction tool. [iglocska]
  • Add misp objects to log search filter. [iglocska]
  • Only check the server's publish email flag if the adding of an event comes from a remote server. [iglocska]
  • Emergency fix for objects getting overwritten on a pull in certain situations. [iglocska]

  • object IDs not purged on pull can lead to a local object being overwritten

  • the patch fixes the capture function to purge the object IDs

  • as discovered and reported by TS-WAY (@TS_WAY_SRL)

  • Fixed issue blocking the creation of tags, fixes #2989. [iglocska]

  • as described by @Res260

  • /attributes/text should allow more than one type to be downloaded. [iglocska]

  • simply pass something such as:

{ "type": ["ip-src", "ip-dst"] } - Object templates updated. [Alexandre Dulaunoy] - Warning lists updated to the latest version. [Alexandre Dulaunoy] - Allow parameters for the /attributs/text endpoint to be passed as a JSON object. [iglocska] - Reworked the way tags are attached to events on the index. [iglocska]

  • solves issues with the preview when an instance has an extremely high number of events
  • Fixed issues with to_json() not supporting datetime objects. [chrisr3d]
  • Fixed an issue with no disable_correlation key existing for an event in after save correlation. [iglocska]
  • Throw an exception of no ID is passed to /threads/viewEvent, fixes #2977. [iglocska]
  • Fixed missing index errors on attribute index. [iglocska]
  • Open up /attributes/index to the API, fixes #2975. [iglocska]
  • Handle the no modules enabled error more gracefully. [iglocska]
  • Made the name field required on tags - prevents the error to be thrown by the DB instead of the validation. [iglocska]
  • Fix tags/add on a GET request via the API. [iglocska]
  • Added /tags/add to restresponse. [iglocska]
  • Nicer error message when trying to add a tag to an event that doesn't exist. [iglocska]
  • Changed stupid parameter name to better reflec what it does. [iglocska]

  • affects /attributes/restSearch

  • includeAttributeUuid => includeEventUuid
  • GUI: Listing Attributes creates many debug.log entries fixes #2969. [iglocska]
  • Fixed an invalid translation in the attributeRestorationForm causing the confirmation to throw an exception, fixes #2967. [iglocska]
  • Fixes an issue where editing an object with an attachment contained within would soft-delete said attachment, fixes #2966. [iglocska]
  • Reverted PR with alternate way of starting scheduler worker. [iglocska]
  • Don't try to refang filepaths, fixes #2926. [iglocska]
  • Misleading failure message when failing to create Attributes partially fixes #2955. [iglocska]
  • Typo fixed for the previous commit. [iglocska]

  • apparently can't spell distribution

  • No distribution set on the server should default to inherit for object attributes. [iglocska]
  • MISP objects updated. [Alexandre Dulaunoy]
  • Attribute distribution defaults fixed for adding objects. [iglocska]
  • Disable_correlation now works correctly as expected. [iglocska]
  • Warning lists updated to the latest version. [Alexandre Dulaunoy]
  • Fixed annoying download list only having one side clickable. [iglocska]

  • it was annoying to brigadier general @adulau

  • Removed left in debug/thrown exception. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Update event-graph.js. [Sami Mokaddem]

Fixed typo in fa-mapping hex value - Merge pull request #3063 from mokaddem/ref_graph. [Alexandre Dulaunoy]

Event graph viewer editor - Registrered funciton in ACLComponent. [Sami Mokaddem] - Renamed script again. [Sami Mokaddem] - Renamed script from references-graph to event-graph. [Sami Mokaddem] - Directly call the callback function in edit_reference so that tha manipulation UI get back to normal directly (vis.js iiner behavior) [Sami Mokaddem] - Check if input-search has focus before executing global keyboard shortcut. [Sami Mokaddem] - Restaured stabilization on first load. [Sami Mokaddem] - Added possibility to edit references on the fly + edit objects on their dedicated webpage. [Sami Mokaddem] - Replaced on/off event function by the once function. [Sami Mokaddem] - Simplified condition checking on expanding and collapsing nodes. [Sami Mokaddem] - Removed useless progressbar and simplified loading popup information. [Sami Mokaddem] - Improved FIXME comment. [Sami Mokaddem] - First iteration of refactoring (reference_graph.js): moved functions into classes. [Sami Mokaddem] - Check if the reference is valid before performing the request. [Sami Mokaddem] - Added fullscreen + typeahead feature to network graph. [Sami Mokaddem] - Added characters limitation in nodes + edit shortcut. [Sami Mokaddem] - Iglocska's magic (Added kind of ajax support in attribute/edit) [Sami Mokaddem]

C (. ,/) |\ )/ //\ | \ /\\ (/ /\_#oo#_/\ \/ #### /\/ `##' Ojo - Improved UX (Generic popup callback + loading and progressbar) + Added shortcuts. [Sami Mokaddem] - Added generic popup callback + Support of item deletion in network graph. [Sami Mokaddem] - Added basic popover for item addition in relation_graph. [Sami Mokaddem] - Reset_view() fits network instead of moving to center only. [Sami Mokaddem] - Typos. [Sami Mokaddem] - Updated centralGravity so that all nodes are closer to the center. [Sami Mokaddem] - Camera fits the view after initial load. [Sami Mokaddem] - Added call back parameter in GenericPopup. [Sami Mokaddem] - Initial references graphs commit. [root] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3057 from jezkerwin/2.4. [Alexandre Dulaunoy]

Fixed spelling errors for mysql command and php version. - Fixed spelling errors for mysql command and php version. [jezkerwin]

Also changed git clone command for lief installation. - Typo. [chrisr3d] - Quick fix on filename / filepath parsing. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Quick fix with indicator's timestamp. [chrisr3d] - Quick variable fix. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Updated comments: removed commented unused code & added documentation. [chrisr3d] - Stix2misp refactor & update !! [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into stiximport. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: Parsing attachments. [chrisr3d] - 🚧 Starting parsing portable executables. [chrisr3d] - 🚧 Added description parsing for stix objects without properties. [chrisr3d] - 🚧 Whois parsing function improved. [chrisr3d]

Still need some tests with proper examples to finish this part - 🚧 Starting parsing Whois Objects. [chrisr3d]

But need some examples to parse properly !!!! - 🚧 Rebuilt hashes & files parsing functions. [chrisr3d]

Also handling more properly when to import a stix object as a MISP Object or as Attribute - Merge pull request #3029 from chrisr3d/stiximport. [Christian Studer]

Refactor stiximport - Merge branch 'stiximport' of github.com:MISP/MISP into stiximport. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #3017 from AJohnDoe/fix/module-select. [Andras Iklody]

Fixes display of (dropdown), closes #3005. [John Doe] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Display "event" instead of "organisation" - Org Blacklist, fixes #2473. [Andras Iklody] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Fixed key value that was not correct. [chrisr3d] - 🚧 More types supported & functions clarified. [chrisr3d] - 🚧 Starting to import external stix. [chrisr3d] - 🚧 Supporting more Object types. [chrisr3d] - 🚧 handling malware-sample in file objects. [chrisr3d] - 🚧 Supporting more attribute types. [chrisr3d] - 🚧 Parsing more attribute types & objects. [chrisr3d]

  • More attribute types and objects to come with events testing
  • First version parsing some attributes. [chrisr3d]

  • More attribute types to be added

  • Objects to be parsed as well
  • 🚧 Refactor of stix2misp - only a beginning atm. [chrisr3d]
  • Merge pull request #3012 from Res260/feature_keyboard_navigation. [Andras Iklody]

Add keyboard navigation when choosing tags for an event - Added a delay before doing the request when searching for tags in the taxonomy choice. This reduces the possibility of losing characters when typing fast. [Émilio Gonzalez] - - Added keyboard navigation with arrows/pageUp/pageDown/enter for tag selection ( Issue #3001 ) - The color when hovering over a modal element is now grey, to differentiate from blue when choosing tags using keyboard. [Émilio Gonzalez] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #3004 from RichieB2B/ncsc-nl/empty-stix. [Andras Iklody]

Allow empty STIX files to be returned, closes #2478 - Avoid 'Invalid argument supplied for foreach()' warning. [Richard van den Berg] - Allow empty STIX files to be returned, closes #2478. [Richard van den Berg] - Merge pull request #3002 from P4rs3R/patch-2. [Alexandre Dulaunoy]

pecl and phpenmod need root privileges - Pecl and phpenmod need root privileges. [x41\x43]

[line 329] According to stat -c "%U %G" /usr/share/php/.channels/pecl.php.net, the owner is root, so you can't edit this file as normal user, [line 333] As above, both directories (/etc/php/7.0/cli/conf.d/ and /var/lib/php/modules/7.0/cli/enabled_by_admin/) are "root root": "Permission denied" while creating symbolic link or touching file. Tested on Ubuntu server x64 16.04 LTS - Merge branch 'feature/objectreconstruction' into 2.4. [iglocska] - Merge branch '2.4' into feature/objectreconstruction. [iglocska] - Merge pull request #2997 from 0xmilkmix/validate_suricata_rules. [Andras Iklody]

Validate suricata rules - Removed tests from class. [milkmix] - Finished http validation function using sticky and modifiers. [milkmix] - Wrote dns validation func, checking modifier after dns_query keyword. [milkmix] - Added options extraction function. [milkmix] - Added validation function for global syntax. [milkmix] - Initial regexp to match rule pattern. [milkmix] - Merge pull request #2996 from Res260/fix_IE11. [Andras Iklody]

Fix IE11 final: remove arrow function (ecmascript6 stuff) - Fix IE11 final: remove arrow function (ecmascript6 stuff) [Émilio Gonzalez] - Merge pull request #2995 from Res260/fix_IE11. [Alexandre Dulaunoy]

Part 3: Fix IE11 by surrounding a new Promise call with try/catch - Part 3: Fix IE11 by surrounding a new Promise call with try/catch. [Émilio Gonzalez] - Merge pull request #2993 from Res260/fix_IE11. [Andras Iklody]

Actually remove keyboard shortcuts from MISP.js - Actually remove keyboard shortcuts from MISP.js. [Émilio Gonzalez] - Merge pull request #2992 from P4rs3R/patch-1. [Andras Iklody]

sudo issue while installing mixbox - Sudo issue while installing mixbox. [x41\x43]

sudo -u www-data [#83 and #85] sudo [#86] Tested on Ubuntu Server x64 16.04.4 LTS - Merge pull request #2991 from LDO-CERT/2.4. [Andras Iklody]

Fixed publish_without_email for server sync - Fixup if statemant for mail and log message cleanup. [lucamemini]

fixup if statemant for mail and log message cleanup - Delete Event.php. [lucamemini] - Fixup if statement for log message. [lucamemini]

Fixup if statement for log message - Fixed publish_without_email for remove server event. [lucamemini]

Fixed broken support for publish_without_email to block email notification when event is pulled from remote server and flag "Publish Without Email" is enabled. - Merge pull request #1 from MISP/2.4. [lucamemini]

Refresh from upstream - Merge pull request #2990 from Res260/fix_IE11. [Andras Iklody]

Move keyboard shortcuts from misp.js to its own file (to regain compatibility with IE11) - Move keyboard shortcuts from misp.js to its own file (to regain compatibility with IE11) [Émilio Gonzalez] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2985 from Res260/fix_filename_ssdeep_import. [Andras Iklody]

Fixed a bug regarding filename|ssdeep attributes importing using FreeTextImport - Fixed a bug regarding filename|ssdeep attributes importing using FreeTextImport. See Issue #2971. [Émilio Gonzalez] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2979 from SteveClement/2.4. [Alexandre Dulaunoy]

Added install step to make sure submodule permissions are ignored - - Added install step to make sure all the submodules ignore permissions. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge remote-tracking branch 'origin/i18n_prep' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2962 from Res260/add_pointer_triangle. [Andras Iklody]

Small keyboard shortcuts changes - Add attribute shortcut now triggers the popup instead of changing page + bottom right triangle now with pointer cursor. [Émilio Gonzalez] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]

v2.4.88 (2018-02-21)

New

  • Add API response for /sightings/listSightings. [Andras Iklody]
  • Reowkred organisation merge workflow, #fixes 2931. [iglocska]

  • Organisation merge is now offered to the user by the edit page if a UUID was used to edit an organisation that is already in use

  • Merging a local org with 1+ user(s) into an external organisation converts the target organisation into a local one
  • Merging a local organisation with a logo into an organisation without one will move the current logo to over
    • caveat: this will only happen for organisations already using the new logo naming ([id].png as opposed to [name].png)
  • ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - ModulesQueryAPI. [Juan C. Montes]

ModulesQuery controller to can communicate from MISP API to misp_modules - Added ssdeep threshold setting. [iglocska]

  • set the ssdeep value at which to consider two ssdeep hashes as correlating
  • First iteration of ssdeep correlation. [iglocska]
  • Added supporting structures for the new STIX API. [iglocska]
  • Added STIX import directly to the UI. [iglocska]
  • Add search shortcut for events and attributes + fix bug that triggered shortcuts when dropdown menus were focused. [Émilio Gonzalez]
  • Add keyboard shortcuts application-wide, managed using JSON files. [Émilio Gonzalez]
  • Add a "search all tags" input field on the taxonomy modal when adding a tag to an event. [Émilio Gonzalez]
  • Added returnMetaAttributes flag to the /events/freeTextImport API. [iglocska]

  • directly returns the raw parsing data instead of creating the attributes if set

  • 177 days, 23 hours 40 minutes faster implementation than expected by @ilmoka - #PMD
  • New APIs to add/remove orgs and servers from sharing groups, fixes #2888. [iglocska]

  • added functions to manage the additions/removals of objects from sharing groups

  • the following APIs are included:

    • /sharingGroups/addOrg/[sg_id]/[org_id]/[extend]
    • /sharingGroups/removeOrg/[sg_id]/[org_id]
    • /sharingGroups/addServer/[sg_id]/[server_id]/[all_orgs]
    • /sharingGroups/removeServer/[sg_id]/[server_id]
  • All parameters are optional and can instead be passed as JSON objects such as:

    { "org_uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "sg_id": "49", "extend": 1 }

  • The API is extremely flexible with how to name objects, the following parameters are allowed:

    • Organisations:
    • org_id (The organisation's local instance ID)
    • org_uuid (The organisation's global UUID)
    • org_name (The organisation's identifier as known to the curent instance)
    • Server:
    • server_id (The server's local instance ID)
    • server_url (The URL of the server)
    • server_name (The local name of the server as assigned when adding the server)

The sharing groups can also be addressed by ID or UUID. - Allow overriding the action names in the stringified restresponse messages. [iglocska]

  • for example: 'addOrg' => 'add Organisation to'

Changes

  • Version bump. [Alexandre Dulaunoy]
  • Bump PyMISP. [Raphaël Vinot]
  • Updated documentation. [iglocska]
  • Bump PyMISP to 2.4.87. [Raphaël Vinot]
  • Bump PyMISP recommended version. [Raphaël Vinot]
  • Bump PyMISP, again. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]

Fix

  • Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
  • PyMISP fixed to the latest version. [Alexandre Dulaunoy]
  • Ssdeep is now updated on PECL - installation updated. [Alexandre Dulaunoy]
  • Warning-lists updated to the latest version. [Alexandre Dulaunoy]
  • Typo in README. [Alexandre Dulaunoy]
  • Resolved a potentially breaking issue for feed fetches with malformed objects. [iglocska]
  • Keep the original org name if merging an org into a newer copy with a number appended (such as _1111) [iglocska]

  • no need to edit the resulting merge anymore

  • Add org with known remote UUID fails silently, fixes #2930. [iglocska]
  • Various fixes to the module api. [iglocska]

  • query function renamed to query enrichment

  • added check for disabled modules and for modules that the current user is not allowed to use
  • removed the module config from the index function to avoid exposing API keys / credentials to users
  • some formating fixes
  • ModulesController. [Juan C. Montes]
  • Searching for exact values not possible via the attribute search, fixes #2946. [iglocska]

  • Attribute search now returns only exact matches unless encapsulates between '%' characters

  • Now supporting stix objects with only description text. [chrisr3d]

  • These objects are indicators or observables

  • Description text in imported as misp attribute 'text'
  • Fixed an issue where events wouldn't get properly unpublished when accepting a proposal, fixes #2943. [iglocska]

  • only happened when a proposed new attribute was accepted, masking the issue

  • Fixed command execution for site admins. [iglocska]

  • a server setting allowing the override of the path variable for esoteric RHEL systems allowed site admins to inject arbitrary commands

  • impact was limited by the setting being only accessible to the site administrator

  • as reported by Michael Grolimund from Swiss Post (@grolinet)

  • CVE-2018-6926

  • Fixed invalid pgp url for fetching keys from the remote server. [iglocska]
  • Removed debug code, added cleanup for edits/deletes. [iglocska]
  • Fixed the attribute selection on the event view. [iglocska]

  • Correctly select sections even on sort or other effects changing the order of elements

  • Part of the keep @rommelfs happy package ;)
  • Do not try to decrement attribute count below 0. [iglocska]
  • Fixed mass delete for soft-deleted attributes. [iglocska]
  • Make soft vs hard deletes more obvious. [iglocska]
  • Hop over commented out functions in the queryACL tests. [iglocska]
  • Parsing more types. [chrisr3d]

  • ignoring whois atm

  • creating object "file" in case of multiple hashes in only one observable / indicator object

  • PyMISP latest version. [Alexandre Dulaunoy]
  • Changed the condition to recognize stix from misp. [chrisr3d]
  • Add a baseurl if none is set for the stix framing. [iglocska]

  • otherwise we end up with a namespace leading to an empty URL which apparently is the STIX library's kwqryptonite

  • Removed the truncating of output file names for the stix2misp script. [iglocska]
  • Fixes to several cases of handling blocked access incorrectly / non- gracefully. [iglocska]

  • As reported by Christophe Vandeplas

  • stix export: Ungraceful handling of attempted access of unauthorised event (no unauthorised data returned)

  • import module: Allows creation of proposals to unauthorised events (no unauthorised data returned, proposals are for new attributes only meaning no automatic override triggered)
  • saveFreetext: same as import module
  • Don't uppercase the shortcuts as the shortcuts are lowercase. [Alexandre Dulaunoy]
  • CVE en dash converted to '-' [iglocska]
  • Fixed extension name of imported files. [chrisr3d]
  • Fixed wrong dictionary key call causing empty import. [chrisr3d]
  • Updated to the latest version of PyMISP. [Alexandre Dulaunoy]
  • Removed object template element changes from logging system. [iglocska]

  • temporary fix for the model name being too long...

  • Escaping user controlled variable. [Andras Iklody]
  • Run the db update before trying to add users/orgs. [iglocska]
  • Added missing db field to users. [iglocska]

  • fixes a nasty issue with saving users failing when ZMQ is enabled on instances installed after 2.4.69

  • fixes a typo that caused invalid user changes being pushed to the ZMQ channel
  • PyMISP updated to the latest version. [Alexandre Dulaunoy]
  • Added new APIs to ACL component. [iglocska]

  • wooooops

  • Set the default PGP keyserver to pgp.circl.lu (faster than pgp.mit.edu) [Alexandre Dulaunoy]

TODO: A configuration for setting up the PGP keyserver at the MISP instance setting. - MISP objects latest version imported (fix ip-port issue with domain) [Alexandre Dulaunoy] - User_id in tag table was not included in MYSQL.sql. [iglocska]

  • added it to the initial db bootstrap along with an upgrade script for existing MISPs missing the field
  • Galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Fix adding tags via the API fails if not encapsulated in "Tag":{}, fixes #2897. [iglocska]

  • also, add proper response instead of a redirect to make testing a bit more friendly

  • Taxonomies updated. [Alexandre Dulaunoy]
  • MISP objects updated. [Alexandre Dulaunoy]
  • Fix an invalid call to saving a log entry without initialising the class first. [iglocska]
  • Graceful handling of gnupg not being set up on an instnace. [iglocska]

Other

  • Update list_sightings.ctp. [Andras Iklody]
  • Add: Updated to the latest version of taxonomies including new ones. [Alexandre Dulaunoy]
  • Merge branch 'galaxySearch' into 2.4. [iglocska]
  • Add filter on GalaxyCluster description too ^^ [truckydev]
  • Apply filter to pagination :) [root]
  • Add field filter for galaxy cluster. [root]
  • Merge pull request #2934 from cvandeplas/fix/modules-api. [Andras Iklody]

fix - allows upload of files using the misp-modules API - Fix - allows upload of files using the misp-modules API. [Christophe Vandeplas]

See also #2719 - Merge pull request #2950 from eCrimeLabs/2.4. [Andras Iklody]

Update start.sh - Update start.sh. [eCrimeLabs]

Fixed bug in scheduler line - Merge branch 'modulesQuery' into 2.4. [iglocska] - Merge branch 'ModulesQueryAPI' of https://github.com/juancmontes/MISP into ModulesQueryAPI. [Juan C. Montes] - Update ModulesQueryController. [Juan C. Montes]

Fix the format of the code - Update ModulesQueryController. [Juan C. Montes]

Support options (credentials) from config. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2944 from truckydev/patch-10. [Andras Iklody]

Add the value in the field when filled in. - Add the value in the field when filled in. [truckydev]

add the value in the field when filled in on event view. - Merge pull request #2945 from truckydev/patch-11. [Andras Iklody]

don't exlude attributes with non-exportable tag - Don't exlude attributes with non-exportable tag. [truckydev]

exclude filter on attributes when tag is non-exportable - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2941 from MattCarothers/fix_log_table_model_column_length. [Andras Iklody]

Update model column length to 80 characters in the MySQL install file - Updated model column length to 80 characters. [Matt Carothers] - Add: new feeds from CoinBlockerLists added. [Alexandre Dulaunoy] - Merge branch 'feature/ssdeep_correlations' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Add: mime-type attribute added. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2908 from Res260/fix_keyboard_shortcut_focus. [Andras Iklody]

new: Add search shortcut for events and attributes + small bugfix - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2906 from Res260/feature_keyboard_shortcuts. [Alexandre Dulaunoy]

new: Add keyboard shortcuts application-wide, managed using JSON files - Add: identity-card-number attribute type to better support goAML. [Alexandre Dulaunoy] - Merge pull request #2902 from Res260/feature_search_tags_on_taxonomy_modal. [Andras Iklody]

Make search bar available in the "Select Tag Source" modal - Added vendor and CakeResque folders to gitignore. [Émilio Gonzalez] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Add: a default category for GENE attribute type. [Alexandre Dulaunoy] - Add: GENE: Go Evtx sigNature Engine attribute type added. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2899 from RichieB2B/ncsc-nl/misp-wipe-update. [Andras Iklody]

Wipe objects & update lists after wipe - - wipe objects - update taxonomies, warninglists, galaxies and objectTemplates after wipe. [Richard van den Berg] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2886 from MISP/Bump-PyMISP. [Raphaël Vinot]

chg: Bump PyMISP recommended version - Merge pull request #2883 from Rafiot/travis. [Raphaël Vinot]

chg: Bump PyMISP

v2.4.87 (2018-01-28)

New

  • Mispzmq.py updated with new topic (tags) [iglocska]
  • Added boolean attribute type. [iglocska]
  • New upgrade system. [iglocska]

  • decouple db changes from version number

  • Tie tags into PubSub channel. [iglocska]

  • Reset the catastrophic @ilmoka enrage timer for another 5 days

  • Add restore script. [Jérôme Leonard]
  • Add regex type to warninglists. [iglocska]
  • New BasicAuth header generator for the feed add/edit views. [iglocska]
  • Use the new OrgImg helper for fetching org logos in a more consistent fashion. [iglocska]
  • OrgImgHelper - lookup org logoes in a similified helper, accounting for old and new style logo filenames. [iglocska]
  • Allow passing headers along with feeds. [iglocska]

  • add any arbitrary header to a feed

  • can be used for authentication via basic auth for example
  • Tell users about our lord and saviour, MISP-objects if they try to add a composite attribute. [iglocska]
  • Filter the event index on sharing group IDs, fixes #2845. [iglocska]
  • First export of pot files. [iglocska]
  • Automatic cateory switching based on currently selected types for the freetext import/module triage screen. [iglocska]

Changes

  • Version bump. [iglocska]
  • Rework of the event history view, no more crazy slow parsing of all strings in the log table. [iglocska]
  • Allow the "uuid" key to work as an alternate for "id" when adding sightings. [iglocska]
  • Various fixes to the way organisations are handled. [iglocska]

  • fix a bunch of issues with the org displays

  • hide organisation view from users if they haven't yet contributed data and Security.hide_organisation_index_from_users is enabled
  • Add MISP book phrase to Readme. [Andras Iklody]
  • Save org logos based on the org ID not the org Name. [iglocska]
  • Get rid of the weird http:// baseurls and set some helper variables for the views. [iglocska]

  • Also load the new OrgImg helper

  • @SteveClement wubs global view variables
  • Tuned the freetext import tool, fixes #2822. [iglocska]

  • refang e-mail addresses

  • add [@] refanging
  • Clarified feed action buttons. [iglocska]

Fix

  • Removed the crazy complex lookup for attribute tag counts from the tag index. [iglocska]

  • Users will see the total count without any context avoiding ACL - however, they are still limited to seeing the actual data tagged that they can see anyway.

  • Fixed double json decoding due to recent changes to galaxy clusters. [iglocska]
  • View issue fixed caused by previous commit. [iglocska]
  • Fixed some galaxy cluster inconsistencies. [iglocska]
  • Latest version of MISP galaxy. [Alexandre Dulaunoy]
  • Resolved an issue where attaching tags to attributes via the generic attachToObject() function was throwing an error. [iglocska]
  • Reduced memory usage of tags index when requesting it via the API. [iglocska]
  • Load orgc data after attributes are loaded in search csv export. [iglocska]

  • functionality still needs further fixes, 🚧

  • Graceful handling of removed users in discussion boards. [iglocska]
  • Suricata export URL encodes an IPv6 between [], fixes #2872. [iglocska]
  • Fixed an issue where searching for a non-existing organisation in the attribute search returned any visible attributes no matter the org. [iglocska]
  • Fixed messed up org logos in attribute search. [iglocska]
  • Default sort order for id / date reversed on click for #2723. [iglocska]
  • Improved feedback when importing a blacklisted event, fixes #2859. [iglocska]
  • New mutex object, updated person object and improved registry-key object. [Alexandre Dulaunoy]
  • Fixed a TLP marking issue. [chrisr3d]

(related to github issue #2623) Marking is no longer influenced by distribution level whenever Tags are set: - in the current attribute - in the event - Object deletion view was bugged and non-functional. [iglocska] - Retain the distribution level / sharing group ID when doing advanced attachment extraction, fixes #2865. [iglocska] - Clarifies the scope of a BIC code in the financial sector. [Alexandre Dulaunoy]

The Business Identifier Codes (also known as SWIFT-BIC, BIC, SWIFT ID or SWIFT code)... - Added missing things for the new org image loader. [iglocska] - Make hover enrichments work again within objects, fixes #2793. [iglocska] - Fixes the object issues pointed out in #2543. [iglocska]

  • Shoutout to the debug hero finding them: @StefanKelm
  • Added missing switch to the new OrgImg helper for the proposal index. [iglocska]
  • Fix editing of an organisation that has domain restrictions set. [iglocska]
  • Fixed an issue with invalid termination for a php block in HTML. [iglocska]
  • Fixed an issue where mass accepting proposals didn't unpublish the event. [iglocska]

  • @rommelfs sees all

  • Don't listen to David and Andras together ;-) [Alexandre Dulaunoy]
  • Fixed a set of issues with sharing groups that lead to synced events not saving/updating. [iglocska]
  • Add timestamp to the CSV api. [iglocska]
  • Fixed invalid lookup when a non site admin searches for attributes, fixes #2849. [iglocska]
  • Clarify timestmap parameter for attributes. [iglocska]
  • Add flatten to advanced sightings add within objects. [iglocska]

  • without the flattening the advanced sighting add functionality couldn't be loaded

  • Don't block email headers from being added if they have a line break in them. [iglocska]
  • Superfluous > [iglocska]
  • Fixed invalid syntax. [iglocska]
  • Add alternative x509 fingerprint hashes to the freetext import tool, fixes #2821. [iglocska]
  • Aadmin settings version updated. [iglocska]
  • Fixed the inversed confirmation warning for enabling/disabling feeds. [iglocska]
  • PyMISP updated to latest version. [Alexandre Dulaunoy]
  • Missing action added to ACL system. [iglocska]

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Add: MISP galaxy updated. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Add: update to the latest version of MISP objects templates. [Alexandre Dulaunoy]
  • Some clarifications of unclear descriptions. [Andras Iklody]
  • Merge pull request #1969 from devnull-/GPG_sign_option. [Andras Iklody]

Add a option to sign GPG emails - Merge branch '2.4' into GPG_sign_option. [devnull-] - Implement 'sign' option. [devnull-] - Description of the option 'sign' [devnull-] - Add option 'sign' in GPG section. [devnull-] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2869 from jeromeleonard/backup_restore. [Andras Iklody]

Backup and restore MISP configuration and database - Update: add information for misp-restore.sh script. [Jérôme Leonard] - Update: add Config php files to backup. [Jérôme Leonard] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2850 from eurodude/patch-1. [Andras Iklody]

#2788 Corrected Dependencies in documentation - Corrected Dependencies. [Fabien Mathey]

Added additional information for installation (Python 3 for stix2, a2enmod headers)

Additionally, line 120 should not be needed as it should be covered by line 119 but I left it in for the time as it does no harm - Merge branch 'i18n' into 2.4. [iglocska] - Merge branch '2.4' into i18n. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2847 from Deventual/patch-13. [Andras Iklody]

fix permissions commands - Fix permissions commands. [Deventual] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2832 from treed593/patch-1. [Andras Iklody]

Update README.md - Update README.md. [Trevor Reed] - Merge pull request #2848 from SteveClement/i18n_prep. [Steve Clement]

I18n - re-Sync - Merge branch '2.4' into i18n_prep. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Update index.ctp. [Andras Iklody] - Merge pull request #2831 from MattCarothers/fix_null_job_input_field. [Andras Iklody]

Set job_input explicitly to an empty string for cache feed jobs - Set job_input explicitly to an empty string for cache feed jobs Older MISP deployments may interpret a missing field as a null value instead of an empty string, which causes the NOT NULL restriction on the jobs.job_input field to raise an error. Fixes issue #2804. [Matt Carothers] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2791 from SteveClement/i18n_prep. [Steve Clement]

Merging i18n preparations from fork to branch. - Merge remote-tracking branch 'origin/2.4' into i18n_prep. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - - Feeds/compare_feeds.ctp. [Steve Clement] - - Fixed various typos/omissions etc. [Steve Clement] - - Closing parenthesis mistake. [Steve Clement] - View/SharingGroups -> __(' [Steve Clement] - View/Sightings -> __(' [Steve Clement] - View/Taxonomies -> __(' [Steve Clement] - View/Tasks -> __(' [Steve Clement] - View/Templates -> __(' [Steve Clement] - View/ShadowAttributes -> __(' [Steve Clement] - View/Tags -> __(' [Steve Clement] - View/Events -> __(' [Steve Clement] - - View/TemplateElements -> __(' to be completed. [Steve Clement] - - View/Taxonomies -> __(' to be completed. [Steve Clement] - - View/Threads -> __(' to be completed. [Steve Clement] - - View/Users -> __(' to be completed. [Steve Clement] - - __(' round 1, done. [Steve Clement] - - View/Warninglists -> __(' to be completed. [Steve Clement] - - View/Whitelists -> __(' to be completed. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into i18n_prep. [Steve Clement] - - View/Pages -> __(' (Except using_the_system.ctp) [Steve Clement] - - This is another textual beast… [Steve Clement] - - Fixed automation.ctp parser errors. [Steve Clement] - View/Organisations -> __(' [Steve Clement] - - View/Pages -> __(' to be completed. [Steve Clement] - - View/OrgBlacklists -> __(' done. [Steve Clement] - - View/Objects -> __(' done. [Steve Clement] - - View/Regexp -> __(' done. [Steve Clement] - - View/Servers -> __(' done. [Steve Clement] - - View/Roles -> __(' done. [Steve Clement] - - View/Posts -> __(' done. [Steve Clement] - Merge branch 'i18n_prep' of github.com:SteveClement/MISP into i18n_prep. [Steve Clement] - - View/Objects -> __(' [Steve Clement] - - View/Layouts -> __(' [Steve Clement] - - Added remaining __(' - needs double checking. [Steve Clement] - - View/ObjectTemplateElements -> __(' done. [Steve Clement] - - View/Helper -> __(' done. [Steve Clement] - - View/News -> __(' done. [Steve Clement] - - View/Logs -> __(' done. [Steve Clement] - - View/Jobs -> __(' done. [Steve Clement] - - Some typo fixes and formatting amendments. [Steve Clement] - - View/Galaxies -> __(' done. [Steve Clement] - - View/ObjectReferences -> __(' done. [Steve Clement] - - View/ObjectTemplates -> __(' done. [Steve Clement] - - app/View/Elements/ → __(' [Steve Clement] - - Refactor format string. [Steve Clement] - - app/View/Events/ → __(' [Steve Clement] - - View/Events/automation.ctp -> Partially done, a lot needs to be __('-ized. [Steve Clement] - - View/Feeds -> __(' done. [Steve Clement] - - View/EventDelegations/ajax -> __(' done. [Steve Clement] - - View/Errors -> __(' done. [Steve Clement] - - View/EventBlacklists -> __(' done. [Steve Clement] - Merge branch 'i18n_prep' of github.com:SteveClement/MISP into i18n_prep. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into i18n_prep. [Steve Clement] - - Elements/templateElements/populateTemplateAttribute.ctp -> __(' [Steve Clement] - - Elements/Users/userIndexTable.ctp -> __(' [Steve Clement] - - Elements/ajaxAttributeTags.ctp Elements/ajaxTags.ctp Elements/ajaxTemplateTag.ctp -> __(' [Steve Clement] - - Events/view.ctp -> __(' [Steve Clement] - - Elements/side_menu.ctp -> __(' [Steve Clement] - - Elements/histogram.ctp -> __(' [Steve Clement] - - Elements/Servers -> __(' [Steve Clement] - - Fixed typo, added __(' where missing. [Steve Clement] - - Fixed typo and spacing. [Steve Clement] - - Elements/Events/eventIndexTable.ctp -> __(' [Steve Clement] - - Elements/healthElements -> __(' [Steve Clement] - - Elements/Events/View -> __(' [Steve Clement] - - Replaced random '.......' with '…' - __(' where neeeded. [Steve Clement] - - View/Events/index.ctp -> __(' [Steve Clement] - - View/Servers -> __(' done. [Steve Clement] - - View/Elements/Feeds -> __(' checked and added where needed. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into i18n_prep. [Steve Clement] - Merge remote-tracking branch 'origin' into i18n_prep. [Steve Clement] - Merge remote-tracking branch 'upstream/2.4' into 2.4. [Steve Clement] - Merge branch 'i18n_prep' of github.com:SteveClement/MISP into 2.4. [Steve Clement] - Merge remote-tracking branch 'origin' into i18n_prep. [Steve Clement] - - __(' -> Added where needed. [Steve Clement] - - Typo. [Steve Clement] - - __(' where needed - fixed Typo 'C' [Steve Clement] - - View/Elements/dashboard -> __(' -> Done! #i18n_prep. [Steve Clement] - - Removed Sublime fail :( [Steve Clement] - - Final files in View/Attributes … for now. - Most views tested and known working as expected. [Steve Clement] - - Removed some echo ('foo') / echo('bar') -> Coding rules want: echo foo - Added numerous __(' for i18n. [Steve Clement] - - __(' added where needed. [Steve Clement] - - Attributes folder scavenged for Translatables… [Steve Clement] - - __('')-ized labels, buttons, styles. [Steve Clement]

v2.4.86 (2018-01-16)

New

  • Mass enable/disable feeds. [iglocska]

  • protecting the sanity of MISP admins since 2012!

  • Disable the viewing of a full organisation list by normal users. [iglocska]

  • Only site admins and sharing group editors can see organisation lists

    • this includes the org index and various statistics
  • Keep in mind: Sharing group editors CAN see the full organisation list - otherwise they wouldn't be able to create sharing groups.
  • Also, users CAN enumerate organisations that have created ANY data on the instance by looking at the given data
    • this includes events, proposals, discussion entries, etc
  • Expose the Sharing Groups to the API, fixes #2767. [iglocska]

  • Add/Edit/Index/View now exposed to the API

  • rework of the sharing group capturing process
  • fix to an issue that could potentially block sharing groups from being synced (the creator org of the sharing group wasn't directly exposed and an edit to the organisation's UUID after creating the SG could make the SG non-syncable)

  • various fixes to edge cases

  • descriptors to the add/edit APIs via restresponse

  • Operation "Just relaxing and looking at stuff for the baby online" - the x-mas covert development patch™

  • Limit modules to a single organisation. [iglocska]

  • new settings in serverSettings

  • Add API description to sightings/add, fixes #2806. [iglocska]
  • Allow the collapsing of related events on the event view. [iglocska]

Changes

  • Version bumped. [iglocska]
  • Warninglists updated. [iglocska]
  • Performance tuning. [iglocska]

  • improved performance of inserting batch attributes / passing a large number of attributes to attributes/add

    • reworked algorithm to a two phase bulk insertion (validation -> mass insert) instead of looping through all attributes
    • removed the build in counter cache for incrementing attribute counts on events in favour of a more lightweight solution
    • performance gains on test data set: 50+ seconds -> 32 seconds
  • Greatly improved attribute index / attribute search performance

    • fixed an issue that caused the lookup to avoid using indeces
    • performance gains on test data when paginating: 11 seconds -> 1 second
  • Add hybrid analysis to the freetext import tool, fixes #2797. [Andras Iklody]
  • Bump PyMISP. [Raphaël Vinot]
  • Show x more attributes collapse toggle on the attribute correlations now in brackets so people don't accidentally mix the count up with event IDs. [iglocska]

Fix

  • Remove the option for disabling sightings - it's an integral feature of the MISP core. Fixes #2820. [iglocska]
  • Fixed image element. [iglocska]
  • Changed name of server settings -> server settings & maintenance, fixes #2817. [iglocska]
  • Fixed various visual feed issues, fixes #2818, fixes #2819. [iglocska]
  • Fixed a bug that caused sharing groups within objects to not be captured correctly, fixes #2816. [iglocska]
  • Added missing view. [iglocska]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Updated to the latest version of the taxonomies. [Alexandre Dulaunoy]
  • Latest version of the MISP galaxy updated. [Alexandre Dulaunoy]
  • Sharing group ID set to the correct value if set implicitly by setting the ID instead of passing a full sharing group object along, fixes #2814. [iglocska]

  • also, fail if no valid sharing group was found.

  • Added missing local field to fetched sharing groups, fixes #2812. [iglocska]
  • Parsing more stix doc structures. [chrisr3d]
  • Invalid algorithm used for warninglist. [iglocska]
  • Objects not purged correctly when deleting an event, fixes #2810. [iglocska]

  • correctly included objects now in the quick delete function

  • new upgrade script that purges existing orphaned objects
  • Removed debug. [iglocska]
  • Clarify scope for filter options in quick search. [iglocska]
  • Better attribute add feedback on validation fail and fix to a failing attribute index listing for normal users. [iglocska]
  • Fixed misaligned org view. [iglocska]
  • Fix to invalid role check preventing users from seeing the org index, even if they should have access. [iglocska]
  • Fixed weird eating of event titles on certain unicode characters. [iglocska]

  • substr choked on them and produced empty strings

  • Fixed typo. [iglocska]
  • Removed a small slice of stupidity. [iglocska]
  • Changed checks from isSiteAdmin to isAclSharingGroup for the org index anonymisation. [iglocska]
  • Better error handling when previewing csv/freetext feeds if no valid data is returned. [iglocska]
  • Better handling of something going wrong whilst fetching a MISP feed's manifest. [iglocska]
  • Removed loading of roboto font css - as it hasn't actually been used for years. [iglocska]
  • Fixed proposal add not setting valid types for each category automatically. [iglocska]
  • Rework of the restresponse URL generator. [iglocska]

  • correctly handle multi-word controllers

  • Fixed some UI wonkyness. [iglocska]
  • Don't render logo images if they don't exist. [iglocska]
  • FetchAttributes() now correctly adheres to object distributions. [iglocska]
  • Removed the https url rule for now. [iglocska]
  • Broken Suricata rules due to removed https branch. [iglocska]

  • possible fix, mimicing contents of https://[ip]

  • Correctly show advanced sightings for object attributes. [iglocska]
  • Sanitise the list of fields fetched for the admin user index. [iglocska]

  • as reported by @deralexxx

  • We are in 2018. [Alexandre Dulaunoy]
  • Taxonomies updated to the latest version. [Alexandre Dulaunoy]
  • MISP objects updated to the latest version. [Alexandre Dulaunoy]
  • Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Fixed xml stix files loading. [chrisr3d]

(our stix files at least) - Fixed object_relation for some specific types. [chrisr3d] - Supporting objects import. [chrisr3d]

More object types will be added progressively - Fixed event delete controller choice. [iglocska]

  • was using the current action's controller instead of locking in the events controller
  • Stix 1.X import is now supporting more types. [chrisr3d]

Still need to: - test some specific types - include 'object_relation' field to properly support objects import - Quickfilter should include attribute level tags too. [iglocska] - Fixed misaligned feed hits on the attribute list in the event view. [iglocska] - Pagination on event attributes didn't load the feed correlations. [iglocska] - Fixed image element sizes. [iglocska] - Updated to the latest version of MISP objects including annotation and vulnerability objects: [Alexandre Dulaunoy]

https://www.misp-project.org/objects.html#_annotation https://www.misp-project.org/objects.html#_vulnerability - Opcache_reset() doesn't always exist on our favourite distro - only execute it if the function exists, fixes #2792. [iglocska] - Fix to the previous issue with emptying the object_relation in attributes on fetch. [iglocska] - Cleaner handling of failed connections during checkVersionCompatibility, fixes #2786. [iglocska]

  • log the real reason why the connection test failed in case of an exception (such as invalid certificate)
  • Fixed null entry for object_relation, fixes #2773. [iglocska]
  • Fixed output of batch import errors not correctly showing the failed attribute positions, fixes #2779. [iglocska]
  • Changes following the recent PyMisp updates. [chrisr3d]
  • Recursively follow redirects for feeds, fixes #2774. [iglocska]
  • Fixed default to_ids setting for proposal edits (should reuse old setting) [iglocska]
  • Fixed additional : in type field. [iglocska]
  • Missing / in closing a tag. [iglocska]
  • Update to the latest version of the objects template. [Alexandre Dulaunoy]
  • Add a clarification if you have multiple MISP instances to not forget to change the default Redis port of CakeResque to avoid conflicts between different CakeResque. [Alexandre Dulaunoy]
  • Misp-modules optional installation added. [Alexandre Dulaunoy]
  • Sighting anonymisiation should properly remove the org names from the advanced sighting view. [iglocska]

  • as reported by @hel10world

  • Updated to the latest version of the taxonomies. [Alexandre Dulaunoy]
  • Travis link fixed. [Alexandre Dulaunoy]
  • Warning-lists updated to the latest version. [Alexandre Dulaunoy]
  • Naive fix for an issue with tab separated feeds being broken by the switch to str_getcsv. [iglocska]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]

Other

  • Merge pull request #2422 from panzertime/add-button-fetch-all-feeds. [Andras Iklody]

Added a button to fetch all enabled feeds - Added a "fetch all" button to the feeds page. [RT Hatfield] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - 1st version of TTPs parsing function. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch 'feature/sg_api' into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Starting to parse external xml stix files. [chrisr3d]

Will test and adapt with data from different sources - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2789 from MISP/pymisp_test2. [Raphaël Vinot]

chg: Bump PyMISP - 🚧 Some updates on pattern import. [chrisr3d]

Will work on pattern parser soon - Merge pull request #2785 from atluxity/patch-1. [Alexandre Dulaunoy]

Update INSTALL.rhel7.txt - Update INSTALL.rhel7.txt. [Hans-Petter Fjeld] - Merge pull request #2787 from dewiestr/2.4. [Andras Iklody]

Update NidsSuricataExport.php - Update NidsSuricataExport.php. [dewiestr]

Removed the ':' from the suricata msg as it removes the message after it in squert. - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2782 from SteveClement/i18n_prep. [Andras Iklody]

i18n prep - small commits… - - Attributes -> Search Template, __('')-ized. [Steve Clement] - - test entry. [Steve Clement] - Add: new default feeds added. [Alexandre Dulaunoy]

  • abuse.ch SSL IPBL
    • abuse.ch Dyre SSL IPBL
    • cybercrime-tracker.net hashlist
    • cybercrime-tracker.net gatelist
    • hpHosts - GRM only
    • blocklist.greensnow.co
    • conficker all domains generated
  • Merge pull request #2771 from SteveClement/2.4. [Alexandre Dulaunoy]

Updated FreeBSD install documentation - - Updated FreeBSD install to: [Steve Clement]

-- Do the entire install with binaries (no /usr/ports required) -- Fixed some Ubuntu remenants -- Fixed config typos -- Added all missing dependencies

v2.4.85 (2017-12-22)

New

  • Limit the max amount of time spent fetching the latest commit ID to 3 seconds max. [iglocska]

  • should help avoid the unresponsive diagnostic page issue

  • Update config.php template with the option whether to chase LDAP referrals. [Tomi Juntunen]
  • Add a way to filter out attributes from being added by enforcing the warninglists via /attributes/add. [iglocska]

  • either pass the url param /enforceWarninglist:1 or set the "enforceWarninglist":1 key on individual attributes to be checked

  • Allow configuring whether to chase LDAP referrals in ApacheAuthenticate module. [Tomi Juntunen]
  • Add console command to reset user's authkey. [iglocska]

/var/www/MISP/app/Console/cake Authkey [email@of.user]

  • sets a new random authkey and returns it in the output
  • Add tag restrictions for a single user. [iglocska]

Changes

  • PyMISP bump. [iglocska]
  • Version bumps for everyone! [iglocska]
  • Support the changes about registry-key for import as well. [chrisr3d]
  • Update following the last changes on registry-key objects. [chrisr3d]
  • Show connector tag on the cluster view. [iglocska]
  • Check if the stix2 file is from MISP export. [chrisr3d]
  • Display names are now fully exported as custom objects. [chrisr3d]
  • MISP objects updated to include registrant-org. [Alexandre Dulaunoy]
  • PyMISP updated to the latest version. [Alexandre Dulaunoy]
  • Changed output file name to .stix2. [Andras Iklody]
  • Added sane default org_id to users/add API. [iglocska]

  • takes current user's org_id as the default

  • Some cleanup of the event index. [iglocska]

  • removed threat level and analysis from the index as they're eclipsed by the taxonomies for most use-cases

  • Changed the behaviour when users click on org logoes (redirect to filtered index)
  • Added category field information into labels. [chrisr3d]

So we have categories while importing stix2 into MISP - Bump PyMISP. [Raphaël Vinot] - Add MISP (obj, attr, or galaxy) type in label. [chrisr3d]

This change avoid losing information about some MISP types during the export. For instance: - hostname and domain → domain-name in Stix2 - url and uri → url in Stix2 - Now able to distinguish src addr and dst addr. [chrisr3d]

This change includes ip and email addresses Also changed a bit Custom Objects

Fix

  • Fixed z-index of correlation popovers. [iglocska]
  • Fixed stupidly slow cluster selection list. [iglocska]

  • thanks to sort being inside the loop. If you do something expensive, make sure you do it as often as possible!

  • Latest version of misp warning-lists. [Alexandre Dulaunoy]
  • Collapse attribute correlations. [iglocska]
  • Feed quick sync added. [iglocska]
  • Warning-lists updated to the latest version. [Alexandre Dulaunoy]
  • Some fixes to the hostname parsing for warninglists. [iglocska]
  • Warninglists updated. [iglocska]
  • Warning-lists updated to the latest version. [Alexandre Dulaunoy]
  • Fixed various warninglist performance issues for updating. [iglocska]
  • Warninglist bump. [iglocska]
  • PyMISP updated to the latest version. [Alexandre Dulaunoy]
  • I ate too much chocolate ;-) [Alexandre Dulaunoy]
  • Tie warninglist delete into the ACL. [iglocska]
  • Fixed various warninglist issues. [iglocska]

  • no more mysql packet size issues on ingestion

  • much hfaster ingestion of warninglists
  • delete warninglists from the UI
  • MISP galaxy updated. [Alexandre Dulaunoy]
  • MISP objects updated to the latest version. [Alexandre Dulaunoy]
  • Fixed missing flatten for advanced sightings view. [iglocska]

  • attributes within objects couldn't generate the advanced sightings view

  • Fixed an issue where adding an attribute to an existing object isn't handled correctly via the API / sync, fixes #2760. [iglocska]
  • Cleanup of setting the local server url in sharing groups over and over in the same request. [iglocska]
  • Removed copy pasta fail. [iglocska]
  • Correctly attach sharing groups to objects / attributes within objects. [iglocska]
  • Fixed an abusive use of Identity SDO. [chrisr3d]

  • When the attribute category is not 'Person', it is not always justified to use Identity

  • Inverted check on filterwarninglistAttributes causing the warninglist not to be adhered to correctly. [iglocska]
  • Match the rate of the pulisher in the subscriber as default. [iglocska]
  • Remove trailing slash from MISP.baseurl. [Jan Skalny]
  • Fixed a tag lookup scope error in attributes/restSearch. [iglocska]

  • searching for an attribute tag returned all attributes contained within the event holding the located attributes

  • for example: Event with 3 attributes, one having the tag "test"

    • query /attributes/restSearch with "tags":["test"] returned 3 attributes instead of 1
  • Capture tags on an object-attribute level as expected, fixes #2752. [iglocska]

  • The tag capturing ignored object attributes prior to this patch

  • emergency patch before the wrath of @ilmoka reaches us

  • Add install of stix2 packages to support STIX 2.0 export. [Alexandre Dulaunoy]
  • Add install of stix2 packages to support STIX 2.0 export. [Alexandre Dulaunoy]
  • STIX2 export is no more experimental and can be safely used. [Alexandre Dulaunoy]
  • For the events with no tag. [Christian Studer]
  • Misp-object updated to the latest version. [Alexandre Dulaunoy]
  • Fixed issue for events with no attributes. [chrisr3d]
  • Dictionary key in registry key object. [chrisr3d]
  • Issue about ip|port observable objects. [chrisr3d]
  • Avoid using the original dictionary for types. [chrisr3d]

  • Deepcopy makes we use each time a fresh copy and modify only this copy instead of the original dict

  • Object attributes calls. [chrisr3d]

Matching with the last PyMISP release - Error with SDO's IDs (from Galaxy) [chrisr3d] - Fixed an issue where url parameters for restsearch didn't block attributes. [iglocska]

  • url parameters are bad
  • shame
  • SHAME
  • For tag filters, ignore capitalisation. [iglocska]
  • X-mailer variable that was wrong. [chrisr3d]
  • Some keys of hashes. [chrisr3d]

For instance shaXXX type is automatically changed in SHA-XXX by stix2 and needs to be identified with its new format - Fixed an issue with opcache not being used yet opcache_reset() being called, fixes #2727. [iglocska] - Fixed a condition where adding objects through /events/edit would fail. [iglocska] - Fixed an issue with the log model being referenced incorrectly in MispObject. [iglocska] - MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] - 'port' key of 'ip-src|port' attribute. [chrisr3d]

Was set to 'dst_port' but is actually 'src_port' - Added user restrictions for tags to the tag index. [iglocska] - Fixed the invalid default TLDs if no warninglist is loaded. [iglocska] - Fixed the disable correlation flags for the objec templates. [iglocska]

  • also added a force update for individual templates
  • Follow up to the previous patch on disable_correlations in object templates. [iglocska]
  • Fixed typo in field name for the object templates. [iglocska]

  • disable_correlation(s) - s was a mistake and it caused the feature in the templates not to work

  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]

Other

  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]
  • 🚧 parsing external Stix2 documents. [chrisr3d]

  • atm: read patterns and create a stix2-pattern Object with the pattern as attribute

  • will try to parser pattern & observable objects for the next updates
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Warninglists updated. [iglocska]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]
  • Add: stix2-pattern type added to support the STIX 2 patterning format. [Alexandre Dulaunoy]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]
  • Merge pull request #2644 from jonas-koeritz/2.4. [Andras Iklody]

Added an option to customize the page title - Removed ?? operator to support PHP < 7.0. [Jonas Köritz] - Added an option to customize the page title. [Jonas Köritz] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2754 from cvandeplas/2.4. [Andras Iklody]

fixes bug where Server model might not yet be loaded - Fixes bug where Server model might not yet be loaded. [Christophe Vandeplas] - Merge pull request #2753 from anerani/feature/ldap-referral-in-config- template. [Andras Iklody]

new: Update config.php with the option of chasing LDAP referrals - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Fix; Fixed the rate of the zmq publishing. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2750 from anerani/allow-ldap-referrals. [Andras Iklody]

new: Allow configuring whether to chase LDAP referrals - Merge pull request #2684 from JanSkalny/fix_baseurl_trailing_slash. [Andras Iklody]

fix: remove trailing slash from MISP.baseurl - Merge pull request #2719 from cvandeplas/2.4. [Andras Iklody]

basic support for misp-modules via API - Basic support for misp-modules via API. [Christophe Vandeplas]

  • mini cleanup of FileAccessTool that's not needed
  • basic support for misp-modules via API (malware-samples not supported yet)
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge pull request #2751 from jezkerwin/rhel_install_documentation. [Andras Iklody]

Creation of install documentation for Red Hat Enterprise Linux (RHEL) 7.x - Fixed centos7.txt file that was accidently modified. [Jeremy Kerwin] - Changed RHEL version in title from 7.4 > 7.x. [Jeremy Kerwin] - Note about issue surround lief compliation. [Jeremy Kerwin] - Added disclaimer about additional issues after completion of install. [Jeremy Kerwin] - Added install instruction for lief and known issues section. [Jeremy Kerwin] - Up to the log rotation section. [Jeremy Kerwin] - Completed the dependencies section. [Jeremy Kerwin] - Renamed the file to be more generic to RHEL 7. [Jeremy Kerwin] - More changes. [Jeremy Kerwin] - Changes around the format a little bit. [Jeremy Kerwin] - Spelling mistake. [Jeremy Kerwin] - More updates to the install. Added overview and assumptions. [Jeremy Kerwin] - Changes the inital commit to more of a Table of Contents format. [Jeremy Kerwin] - Initial Commit. [Jeremy Kerwin] - Add: parsing malware-sample from our stix2 files. [chrisr3d]

(Following the latest update on the export module) - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: label to recognize malware samples. [chrisr3d]

For SDOs generated from Objects - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Add: whois-registrant-org attribute type added. [Alexandre Dulaunoy]

As requested in https://github.com/MISP/misp-objects/issues/55 - Add: the last object types that missed before. [chrisr3d]

  • The documents generated by our Stix2 export should be imported without any problem (otherwise I'll fix it)
  • Random Stix2 documents may have problems to be imported at the moment (depending on the possible observable objects jungle in observed-data SDOs) - indicators should be ok
  • Removed 1 useless test on observable. [chrisr3d]
  • Removed a testing print. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]
  • 🚧 Includes category import. [chrisr3d]

Still need to include the missing types of object not supported yet. - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2739 from zachsis/patch-1. [Alexandre Dulaunoy]

Update xINSTALL.centos7.txt - Update xINSTALL.centos7.txt. [zachsis]

added rh-php56-php-opcache as part of the yum install for CentOS7 - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Add: new types added for X509 certificate fingerprint: [Alexandre Dulaunoy]

  • x509-fingerprint-md5
  • x509-fingerprint-sha256

This is required to ensure consistent export while hashes are used. The associated x509 object template has been fixed to reflect the 3 fingerprint types instead of the generic hash types. This would allow different export types.

https://github.com/MISP/misp-objects/commit/b85438fc45b212a21b72d6d2e0df619758fa1444 - Simplified generation of SDOs from Galaxy. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - 🚧 fixed bugs that appeared with Objects support. [chrisr3d] - Add: new feed VXvault - URL List added. [Alexandre Dulaunoy] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Parsing SDOs from 'email' Object. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2731 from SteveClement/2.4. [Andras Iklody]

  • Initial FreeBSD install document
    • Initial FreeBSD install document. [Steve Clement]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • 🚧 Parsing patterns for Objects. [chrisr3d]

Also little fixes & updates - Added label with the type for Identity object. [chrisr3d]

As well as it is done for all the other types - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - 🚧 Import module from STIX2. [chrisr3d]

Functional but improvements still needed. Not all the fields of Stix2 events supported - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2716 from cvandeplas/2.4. [Andras Iklody]

fixes issue #2698 - malware-sample fails with import modules - Fixes issue #2698 - malware-sample fails with import modules. [Christophe Vandeplas] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Added custom object for MISP Objects. [chrisr3d]

v2.4.84 (2017-12-06)

Fix

  • Fixed a critical issue introduced in 2.4.83 blocking the synchronisation of edits in certain situations. [iglocska]

  • events being edited didn't set the locked = 1 flag on push

  • as reported by SIEMENS

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Added label to recognize malware-sample attributes. [chrisr3d]

v2.4.83 (2017-12-06)

New

  • Various improvements to the CSV export. [iglocska]

  • The @FloatingCode and @ilmoka care package

  • Improved CSV performance for instances with large number of events
  • Added "value" filter for CSV (use-case: I want all indicators for this value with context)
  • Added attribute tags to the output of the CSV export
  • Add restrictions for e-mail addresses to certain domains. [iglocska]
  • Add attribute tag filters to the fetchEvents() functionality. [iglocska]

  • tag filters now filter on:

    • all events cotaining matching tags on event + attribute level (positive lookup)
    • all events not containing matching tags (negative lookup)
    • filter attributes within a matched event for blocked attributes (negative lookup)
  • moved tag filtering to subquery filtering - should improve performance massively on larger instances when filtering on tags

  • first round of implementations, more on the way

  • Various improvements. [iglocska]

  • use the feed uuid caches to link directly to affected MISP events

  • various UI improvements
  • Feed preview pagination / POSTed event ID filters added
  • Add the possibility to limit fields for the CSV export via POST requests. [iglocska]
  • Added mac-address and mac-eui-64 attribute types. [iglocska]
  • Added full audit logging to ZMQ and Syslog, fixes #2635. [iglocska]

  • syslog now includes all audit log entries and it's separated into proper severity levels

  • ZMQ logging and syslog logging are both optional features
  • Added phone number recognition to the freetext import tool. [iglocska]

  • also, changed the massaging of phone number type attributes to replace 00 with +

  • Include user action in zmq. [iglocska]
  • Added logging to galaxy attach/detach tasks. [iglocska]
  • Push the action for user updates/creations/logins along with the user object to the ZMQ channel. [iglocska]

Changes

  • Version strings updated. [iglocska]
  • Bump PyMISP, again. [Raphaël Vinot]
  • Bump PyMISP. [Raphaël Vinot]
  • Wip. [chrisr3d]
  • Make misp to stix export work with MISP json formatted. [chrisr3d]
  • Push MISP json formatted events to the stix exporter (pending rework) instead of the direct output of fetchEvents() [iglocska]
  • Push the full user object to the ZMQ feed. [iglocska]

Fix

  • Updated pyMISP recommended version. [iglocska]
  • PyMISP updated. [iglocska]
  • Removed the requirement for a comment from the import modules. [iglocska]

  • if the comment field is set don't override it

  • Fixed PyMISP version. [iglocska]
  • Removed unused variable. [iglocska]
  • Latest version of the MISP galaxy. [Alexandre Dulaunoy]
  • Latest version of MISP objects. [Alexandre Dulaunoy]
  • Documentation to enable cortex services. [Raphaël Vinot]
  • Don't cull the list of possible models based on existing data for the search logs view. [iglocska]

  • slow and useless

  • Fixed a bug with the resolved attributes list for freetext import / module imports. [iglocska]
  • Fixed CSV content type. [iglocska]
  • Changed name of export popup. [iglocska]
  • Moved attribute_tags in the CSV export to the includeContext flag instead of the toggle-able attributes. [iglocska]
  • Fixed some issues with the related feeds. [iglocska]
  • Fix epic snafu in Event->_add() thanks to last minute save by the Travis tests. [iglocska]
  • Some minor fixes to the attribute filtering. [iglocska]
  • Fixed an issue where sharing groups were not properly attached to events for sync users, potentially fixes #2653. [iglocska]
  • Added new field to MYSQL.sql. [iglocska]
  • Added db changes needed for the user domain restrictions along with restricting the user self edit action. [iglocska]
  • Fixed an issue where proposal quick edits didn't work for normal users, fixes #2685. [iglocska]
  • Fixed update warninglists button being available to non site admin users. [iglocska]

  • functionality was blocked by ACL, but button shouldn't be shown in the first place

  • Block the addition of same type/category/value attributes in one shot to the same event. [iglocska]

  • via the /events/add api

  • Enforce server push rules on a sync user when viewing the events. [iglocska]

  • user not seeing the data is a side-effect, not the intended effect

  • serves to enforce the synchronisation rules
  • sync user can still view the hidden attributes via attribute searches etc. Whether we want to remove this in the future is still to be decided, but for now the sync enforcement is the only intended effect.
  • Mac-eui-64 not accepted by stix validator. [chrisr3d]

By the way, it is accepted by the validator at creation.. . - Latest version of the MISP objects template imported. [Alexandre Dulaunoy] - MISP objects updated to the latest version. [Alexandre Dulaunoy] - MISP galaxy updated to the latest version. [Alexandre Dulaunoy] - MISP taxonomies updated to the latest version. [Alexandre Dulaunoy] - Dns-soa-email didn't have a category. [iglocska] - Fixed missing entries for mac-eui-64. [iglocska] - Made CSV parser for freetext import tool / feed ingestion compatible with escaped CSVs. [iglocska]

  • "" now handled correctly
  • Vulnerability (CVE) should correlate (CIRCL and NCSC-NL are supporting it) fix #2691. [Alexandre Dulaunoy]
  • Ambiguity removed from some sharing group related queries. [iglocska]
  • Graceful handling of no response during getVersion pre-sync test. [iglocska]
  • Fix an issue with a double quoted integer in the correlation update script during publishing, fixes #2540. [iglocska]
  • Trimp the org uuid upon entering it to avoid copy-pasta issues. [iglocska]
  • Updated the duplicate attribute removal tool to actually remove instead of trying to deduplicate. [iglocska]
  • Fixes notices of no SharingGroupOrg being set due to a bug in the sharing group cacher for normal users. [iglocska]
  • Fixes to various issues with adding proposals via the freetext import tool. [iglocska]

  • no feedback on whether the resulting dataset will be stored as attributes/proposals

  • unpublishing of the event when proposals get entered
  • alerting the event creator of new proposals if coming from the freetext import tool
  • Quotes issue fixed. [chrisr3d]
  • MISP objects updated. [Alexandre Dulaunoy]
  • Leaking of hashed passwords in the audit logs fixed. [iglocska]

  • Scope was limited due to the audit log access restrictions to site/org admins

  • Expose /users/view/me to the API, fixes #2679. [iglocska]
  • Don't verify peer name on self signed certs; don't verify self signed peer if cert is missing. [Milan Pikula]
  • Settings editor not working on touch devices. [Milan Pikula]
  • Refresh rows in settings editor. [Jan Skalny]
  • Relaxed email validation. [iglocska]

  • because unicode tlds / domains are such a great idea

  • Disabled pretty argument. [chrisr3d]

used while stringifying the final Bundle - Fixed invalid timestamp generation. [iglocska] - If no distribution level set, don't try to check if it's set to sharing group on the attribute level. [iglocska]

  • Attribute->editAttribute()
  • MISP object updated to the latest version to fix the unusable ASN template. [Alexandre Dulaunoy]
  • Attribute deletes are again synced correctly. [iglocska]
  • Fixes an issue where assigning sharing groups based on existing IDs didn't work for event creation via the API. [iglocska]

  • expected full sharing groups as provided by the sync, references didn't work

  • Fixed the broken feed preview. [iglocska]
  • Fixed the new path for the stix files. [iglocska]
  • Moved the conversion to JSON after the massage of the data for stix. [iglocska]
  • Add galaxy to valid log action list. [iglocska]
  • Shebang mixup. [Steffen Sauler]

/!bin/sh to !/bin/sh - 984732984th time is the charm... [iglocska] - Reduced the user data to just a partial user object and organisation object for the zmq push. [iglocska] - Fixed the pubsub user push if the user object is not contained within a User key. [iglocska] - Previous commit didn't trigger in all cases. [iglocska] - MISP objects updated to the latest version. [Alexandre Dulaunoy] - Fixed slow /tags/index calls using the API. [iglocska]

  • burned the stupid out of the API
  • Fixed the downloadSamples API. [iglocska]
  • Fixed silly lookup with injected event IDs on the export page for normal users. [iglocska]

  • broke instances with a few hundred k events

  • Fixed a reflected XSS in the sharing group creator tool. [iglocska]

  • Fixed a reflected XSS in the sharing group editor that requires malicious organisation names

  • Low impact due to the following requirements:

    • organisation names with malicious org names (JS in the orgname)
    • sharing group editor user has to manually add an organisation to the list that has javascript in the org name
    • only vulnerable view is the editor itself, so the impact is limited to users that manually add organisations with malicious names to the list themselves / edit such sharing groups
  • As reported by Dawid Czarnecki

Other

  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d]
  • Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska]
  • Merge pull request #2706 from Rafiot/cortex_doc. [Raphaël Vinot]

fix: documentation to enable cortex services - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch 'feature/tag_filter_rework' into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into feature/tag_filter_rework. [iglocska] - Merge branch '2.4' into feature/tag_filter_rework. [iglocska] - Little change about SDOs generated from Galaxy. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Add: a new set of logos for the MISP project. [Alexandre Dulaunoy]

There are 3 type of logos in the set:

  • core software
  • community
  • standard

The objective is not to replace the existing the logo but to provide a clear logo when this is referencing a specific sub-part of the MISP project. - Fixed vulnerability type. [chrisr3d]

Was generated as custom object because of a change in the attributes reading function - Fixed assignment issues for attributes from Object. [chrisr3d]

Multiple use of the same part of the dictionary caused assignment errors. Using the 'copy()' method avoid that error. - Added mac-eui-64 type. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2701 from RichieB2B/ncsc-nl/stixfix. [Andras Iklody]

Fix STIX export format - Use threat level name instead of id in STIX. [Richard van den Berg] - Use new MISP JSON format (no more AttributeTags) [Richard van den Berg] - Merge pull request #2700 from Rafiot/testdescribe2. [Raphaël Vinot]

chg: bump PyMISP, again - Add: MISP distributed overview in SVG format. [Alexandre Dulaunoy] - Merge pull request #2697 from Rafiot/testdescribe. [Raphaël Vinot]

chg: bump PyMISP - Little fix with 'info' field in Events. [chrisr3d] - Added a label to separate SDOs from Objects. [chrisr3d]

This distinction will probably be helpful for the Stix2 import module to separate Attributes from Objects - Fixed issues with dictionary keys and some objects. [chrisr3d] - Added Org & Orgc information for the import. [chrisr3d]

Also clarified a little part of the code - Added xml files parsing. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Added mac-address type. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Fixed issues about observable objects and patterns. [chrisr3d] - Parsing attachment attributes. [chrisr3d]

Also fixed some specific issues with single quotes - 🚧 Import of some of the most common attributes. [chrisr3d]

Work still in progress in order to: - Support as many attribute types as possible - Fix simple quotes (that are not json parsable) - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Merge pull request #2672 from CenturyLinkCIRT/freetext-target-email. [Andras Iklody]

added target-email to FreeText Import types - Added target-email to FreeText Import types. [Thomas Gardner] - Misp-object templates updated to latest version. [Alexandre Dulaunoy] - Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. [chrisr3d] - Merge pull request #2671 from milankowww/return-to-orig-url. [Andras Iklody]

change behavior of login page to return to original page after authen… - Change behavior of login page to return to original page after authentication. [Milan Pikula] - Merge pull request #2670 from milankowww/self-signed-certificate- verification. [Andras Iklody]

fix: self signed cert verification - Merge pull request #2669 from milankowww/support-touch-screens. [Andras Iklody]

fix: settings editor not working on touch devices - MISP objects updated to the latest version. [Alexandre Dulaunoy] - Merge pull request #2668 from JanSkalny/fix_settings_editor. [Andras Iklody]

fix: refresh rows in settings editor - Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - New relationships added. [Alexandre Dulaunoy] - Starting to parse info for a stix import. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [iglocska] - Merge pull request #2651 from ppanero/sso_org_fix. [Andras Iklody]

Added possibility to use always default org for new users - Added possibility to use always default org for new users. [Pablo Panero] - Merge branch 'feature/stixunclutter' into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2295 from norpol/patch-1. [Andras Iklody]

Fix gpgv2+ key generation - Fix gpgv2+ key generation. [Phi|eas |ebada]

This resolves failing of gpgv2 key generation with the following error message:

gpg: agent_genkey failed: Permission denied
Key generation failed: Permission denied

# Explanation gpgv2's pinentry-curses requires access to a current tty. If you su or sudo between users, your tty's permission will stay the same as the initial login user (see illustrating below). You could, in general, work around issues like this by: - old_perms=$(stat -c "%U:%G" $(tty)); chown "www-data:tty" "$(tty)" && { sudo -u www-data gpg --gen-key; chown "${old_perms}" "$(tty)"; } (uncertain security implications and won't probably work) - starting screen/tmux within the newuser and then running gpg --gen-key - starting a script session

But first point can't really be recommended, latter two will fail because www-data login shell is /usr/sbin/nologin.

Just for illustrating the problem better for you: `` ssh alice@somehost: stat -c "%U:%G $(tty)" $(tty) alice:tty /dev/pts/1 su - root stat -c "%U:%G $(tty)" $(tty) alice:tty /dev/pts/1 - Merge pull request #2640 from SHSauler/patch-4. [Alexandre Dulaunoy] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Added reg-key objects parsing for observed data. [chrisr3d]

Still not tested as registry-key objects seem to have an issue in MISP - Support email objects parsing into observed data. [chrisr3d]

Currently skipping display names in observed data email-addr objects - Merge pull request #2639 from truckydev/patch-4. [Alexandre Dulaunoy]

update args.sleep on typeError - Force int for --sleep. [truckydev]

^^ - Update args.sleep on typeError. [truckydev]

Convert string to int for time.sleep when sub.py use with -t - Merge pull request #2633 from dawid-czarnecki/patch-1. [Andras Iklody]

Download terms redirect fix - Download terms redirect fix. [dawid-czarnecki]

When server setting MISP.terms_download=true and MISP.terms_file exists under MISP/app/files/terms directory user wasn't able to download terms and conditions before accepting it. - Merge pull request #2632 from PaoloVecchi/2.4. [Alexandre Dulaunoy]

Create INSTALL.ubuntu1604.with.webmin.txt - Create INSTALL.ubuntu1604.with.webmin.txt. [Paolo Vecchi]

Some, maybe a friend, can't be asked to configure and manage all the services on an Ubuntu 16.04 so Webmin could be useful. Tested with: MISP 2.4.82 Webmin 1.860 - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2630 from treyka/2.4. [Andras Iklody]

add cti-python-stix2 to .gitmodules - Add cti-python-stix2. [Trey Darley] - Merge pull request #2629 from treyka/2.4. [Andras Iklody]

typo fixen - Typo fixen. [Trey Darley] - Merge pull request #2628 from Delta-Sierra/2.4. [Andras Iklody]

display "Fetch this event" button function in Servers and Feeds preview index - Uppercase to be consistent. [Deborah Servili] - Display "Fetch this event" button function in Servers and Feeds preview index. [Deborah Servili] - Some other object types supported in Observed Data. [chrisr3d]

Object types still not supported (not in 'objectsMapping' dictionary, from misp2stix2_dictionaries module) are set to a basic value until the next update, so they do not generate errors in Stix2 functions - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - 2017 even if it's not 2049 ;-) [Alexandre Dulaunoy] - Quick fixes. [chrisr3d]

v2.4.82 (2017-11-10)

New

  • Various features. [iglocska]

  • Added quickhashing to the feed generator

  • Objects added to feed preview for MISP feeds
  • Attribute tags added to MISP feeds
  • Sightings ingested on import/sync. [iglocska]
  • Added object references to ZMQ. [iglocska]
  • First version of the zmq reimplementation. [iglocska]
  • Rework of the feed correlation lookups for the event view. [iglocska]

  • massive performance boost by using redis pipelining

  • for events with 10k+ attributes, show truncated feed correlation lookups, informing the user about the number of correlating attributes and a boolean flag on attributes saying that they correlate
  • The overall feed correlation counter also allows users to pivot to a view that loads all correlations, though it should be used with some caution as it can be somewhat heavy

Changes

  • PyMISP version bump. [iglocska]
  • Pass event_id to import modules, fixes #2612. [Andras Iklody]

As described by @Vince147 - Version bump. [iglocska] - Added some sane default headers to the apache .conf files. [iglocska]

  • protection against clickjacking
  • nosniff

  • as reported by Or Hanuka (PALANTIR)

Fix

  • 3rd time is the charm (PyMISP updated) [iglocska]
  • PyMISP version. [iglocska]
  • Warning list updated to the latest version. [Alexandre Dulaunoy]
  • Taxonomy updated to the latest version. [Alexandre Dulaunoy]
  • MISP object updated to the latest version. [Alexandre Dulaunoy]
  • Latest version of the galaxy added. [Alexandre Dulaunoy]
  • Added sharing group data to the new ACL functions. [iglocska]
  • Rework of tags index / galaxy view. [iglocska]

  • performance tweaks

  • no more silly queries
  • added sharing group aware ACL to the event/attribute counters
  • Added context to the sightings zmq feed. [iglocska]
  • Fixed the tags/index performance snafu. [iglocska]
  • Ugly fix for the float issues. [iglocska]
  • Potential reflected XSS on older browsers in the histogram. [iglocska]

  • As reported by Dawid Czarnecki

  • Histogram rework. [iglocska]

  • removed junk debug

  • fixed group by issue
  • better performance
  • Enable auto select for new object rows when adding additional ones via the multiple expand. [iglocska]
  • Minor tuning of suricata rules. [iglocska]
  • MISP galaxy updated to the latest version. [Alexandre Dulaunoy]
  • MISP objects updated to the latest version. [Alexandre Dulaunoy]
  • MISP taxonomies updated to the latest version. [Alexandre Dulaunoy]
  • Changed relationship name of filesize in add attachments to size-in- byte. [iglocska]
  • Fixed default distribution for upload_sample(), fixes #2608. [iglocska]
  • Invalid redirect when viewing /roles/index as a normal user, fixes #2606. [iglocska]
  • Potential fix to sync issues with sharing groups and pushes, fixes #2601. [iglocska]
  • Convert - to _ in csv headers. [iglocska]

  • to match the previous output

  • Add the object fields by default to the CSV export. [iglocska]
  • Fixed tag names in the CSV export. [iglocska]
  • Fixed escaping of CSV. [iglocska]
  • Fixed the CSV field name for date. [iglocska]
  • Fixed an issue with the CVE export if no field parameters were passed. [iglocska]
  • Fixed an issue preventing attributes in objects from being edited. [iglocska]
  • Further fixes to the new zmq system. [iglocska]
  • Fixed a bug where sightings couldn't be added to objects. [iglocska]
  • Updated sub.py. [iglocska]
  • Org field not being hot potatoed to resolvAttributes() in the stix export. [iglocska]
  • Added missing parameter org to resolvAttributes() call in the stix exporter. [iglocska]
  • Misp-galaxy updated to the latest version. [Alexandre Dulaunoy]
  • Taxonomies updated to the latest version. [Alexandre Dulaunoy]
  • Fixed empty emails. [iglocska]
  • Added initialisation of Log model in the editAttribute() function if the save fails. [iglocska]
  • Change 2/2 for fixing the feed scheduler fixes #2503. [Andras Iklody]

As described by @lucamemini - Change ½ for fixing the feed scheduler fixes #2503. [Andras Iklody]

As described by @lucamemini - Allow proposing changes to object attributes. [iglocska] - Attribute type list when editing should be the category's one if already selected. [ppanero] - Added default category for gender. [iglocska] - Added missing IP field to logs. [iglocska] - Misp-objects updated to the latest version. [Alexandre Dulaunoy] - Added comment field to objects, fixes #2560. [iglocska] - Added email-message-id's default category. [iglocska] - Fixed an issue that caused an event edit to fail due to the invalid refresh of the correlations. [iglocska] - Fixed a bug with the restSearch API. [iglocska]

Other

  • Supporting Observed Data SDOs from event Objects. [chrisr3d]

Objects currently supported: - domain-ip - file - ip|port Currently working on the other ones - Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. [chrisr3d] - Fixed typo for custom objects' type. [chrisr3d]

In order to keep the initial type of the attribute - Previous version of the dictionary no longer used. [chrisr3d]

Double quotes seem to not be validated in stix2 patterns - Fixed an issue with patterns. [chrisr3d]

Caused by the previous dictionary format (double and simple quotes management) - Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into stix2experiments. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Alexandre Dulaunoy] - Patterning for Indicators from Objects. [chrisr3d] - First version with some objects parsed. [chrisr3d]

Will continue parsing some other ones - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2603 from wotschel/2.4. [Alexandre Dulaunoy]

Minor changes and additions to Deb 9 Inst. Guide - Merge pull request #1 from wotschel/wotschel-INSTALL.debian9. [wotschel]

Some minor changes and additions Deb 9 Inst. Guide - Some minor changes and additions. [wotschel] - Merge branch 'customcve' into 2.4. [iglocska] - Merge branch '2.4' into customcve. [iglocska] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch 'feature/zmq_rework' into 2.4. [iglocska] - The last useless coma. [Cédric Bonhomme] - Harmonizes arrays initializations. [Cédric Bonhomme] - Enables the user to select the attributes to be included in the CSV export (event and object attributes). [Cédric Bonhomme] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Added custom objects. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Parsing Identity SDOs for 'Person' category attributes. [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2589 from jurg/attrtypefix. [Andras Iklody]

bugfix for selecting type in adding / editing attribute - Bugfix for selecting type in adding / editing attribute. [Jorgen Bohnsdalen] - Using PyMISP attributes. [chrisr3d]

wip: Waiting for some PyMISP issues to be fixed - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [Raphaël Vinot] - Merge pull request #2585 from ppanero/2.4. [Andras Iklody]

Beautify edit object validation - Merge branch '2.4' into 2.4. [Andras Iklody] - Merge pull request #2588 from ppanero/bugfix. [Andras Iklody]

bugfix for listing types when editing non object attrs - Bugfix for listing types when editing non object attrs. [ppanero] - Bug fix for listing types when editing non object attr. [ppanero] - Beautify object edit validattion. [ppanero] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2587 from RichieB2B/ncsc-nl/stixorgs. [Andras Iklody]

Add Reporter and Producer fields to STIX - Add Reporter to STIX Indicent Add Producer to STIX Indicator. [Richard van den Berg] - Revert "Fix: Attribute type list when editing should be the category's one if already selected" [iglocska]

This reverts commit 27f30aae3bf6f30af1ecbf5dcf6d237aafa66b81. - Merge pull request #2584 from RichieB2B/ncsc-nl/searchtag. [Andras Iklody]

Speed up tag searches - Speed up tag searches, fixes #2407. [Richard van den Berg] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge pull request #2582 from ppanero/2.4. [Andras Iklody] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Using PyMISP MISPEvent class to parse events. [Raphaël Vinot] - Merge pull request #2576 from 98Giraffe/fix-type-o-in-diagnostics- settings. [Andras Iklody]

Fixed type-o in Server Settings -> Diagnostics -> Advanced attachmen… - Fixed type-o in Server Settings -> Diagnostics -> Advanced attachment handler, when referencing pymisp the message stated pydeep. [Joseph Dane] - Added exploit-kit as a Tool SDO. [chrisr3d] - Removed a nonexistent 'non_indicator_attribute' [chrisr3d] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2568 from bambenek/2.4. [Alexandre Dulaunoy]

Take 2: Changing which bambenek consulting DGA feeds are pulled in defaults.json - Typofix. [John Bambenek] - Making changes to feed file to point to different bambenek consulting DGA feeds. [John Bambenek] - Added Course of Action SDO. [chrisr3d] - Added some Galaxy objects that can be easily mapped. [chrisr3d] - Merge pull request #2565 from RichieB2B/ncsc-nl/fix-2561. [Andras Iklody]

Add file objects to STIX 1 export - Handle filename only attributes. [Richard van den Berg] - Skip non-observable indicator, fixes #2561. [Richard van den Berg] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska] - Added malware-sample case. [chrisr3d]

Also fixed some 'pattern' fields in the dictionary - Merge branch '2.4' of github.com:MISP/MISP into 2.4. [chrisr3d] - Merge pull request #2563 from RichieB2B/ncsc-nl/stix-tlp. [Andras Iklody]

Use MISP TLP tags to set STIX tlpMarking - Use MISP TLP tags to set STIX tlpMarking. [Richard van den Berg] - Added a dictionary to manage patterns and observable objects. [chrisr3d] - Merge branch '2.4' of https://github.com/MISP/MISP into 2.4. [iglocska]

v2.4.81 (2017-10-10)

New

  • Added first experimental STIX 2 export implementation. [iglocska]

  • kudos to @chrisr3d for digging into the deepest bowels of the scary beast that is STIX2

  • PoC, definitely needs further improvements/mapping. Let us know about issues you find!

  • First round of updates to the correlation engine ready. [iglocska]

  • node deletion temporarily disabled until a bug is resolved

  • Further progress on the graphing. [iglocska]

  • also, added new icon field to galaxies

  • Further work on the graphing engine. [iglocska]
  • First iteration of the graphing engine rework. [iglocska]
  • Rework of the attachment uploader. [iglocska]

  • add attachments and upload_sample now share code

  • allow the same features via upload_sample (object creation / use of advanced add attachments)
  • new flag: advanced

  • example:

    POST to mymisp/events/upload_sample BODY: {"request":{"files": [{"filename": "bla.exe", "data": "U3RhckNyYWZ0IElJIGZvcmV2ZXI="}], "distribution": 1, "advanced":1, "info":"bla"}}

  • this commit was brought to you by CEF and

MMH = -. . ,-,,-,. :H@H =;;++HH+XX%+X%+++=:=.XH@@@HMMMMMMMMH@@@@@@@HHX ,X@@@@@@@HHHHHHHHHHXXXXXXXXXXXXXX - -- ,,, --,. - , ,; +XHH@@@@HHH@@@HHHH++X+HH++ ; ;= . % + ,+X+++XXXXXXXXXXXXX++HH+++++++ ---==,,--,-,-., : . -,,:/ XHH@HMMMMMMMMMM@HHXH@MHHHHX+H%%%+H/:.%. . @,,,. XXXXXXXXXXXXXXXXXXXXXXXXXX+ = - --,, , -- .. =/ ++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X+ = ,,, - = ,,, - XXXXX+H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X++H@@HMMMMMMMMH+H+++HHHHHHHH@+++++H+X++X+ = ,,, - = ,,, - XXXXXXX :==-===-,. ,., == . :;; +++%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+%%%%%%%%%%%%%%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+%%%%%%%%%%%%%%%%+%%+%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+%%%%%%%%%%%%%%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/+%%%%%%%%%%%%%%%%+%%+%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@@+HH@MMMMMM@@@@HHH++H. .,,-,,--=/++H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%+H@HMMMMMMM%%%