diff --git a/CHANGELOG.md b/CHANGELOG.md
index b504a828a5..0951807e57 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,35 @@
# Change Log
-## [3.4.0](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-09-05)
+## [3.4.1](https://github.com/TheHive-Project/TheHive/milestone/53) (2020-04-17)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.4.0-RC2...3.4.0)
+**Implemented enhancements:**
+
+- docker: TheHive fails to connect to elasticsearch (NoNodeAvailableException) [\#854](https://github.com/TheHive-Project/TheHive/issues/854)
+- Improved support for OpenID connect and OAuth2 [\#1110](https://github.com/TheHive-Project/TheHive/issues/1110)
+- TheHive's Docker entrypoint logs the Play secret key at startup [\#1177](https://github.com/TheHive-Project/TheHive/issues/1177)
+- [Q] Configure TheHive's first run using Docker Compose [\#1199](https://github.com/TheHive-Project/TheHive/issues/1199)
+- TheHive's docker containers should be orchestration-ready [\#1204](https://github.com/TheHive-Project/TheHive/issues/1204)
+- MISP synchronisation: map to_ids to ioc [\#1273](https://github.com/TheHive-Project/TheHive/issues/1273)
+
+**Closed issues:**
+
+- Include Dockerfile in root of project [\#1222](https://github.com/TheHive-Project/TheHive/issues/1222)
+- Docker user daemon with id 1 causes permission issues with local [\#1227](https://github.com/TheHive-Project/TheHive/issues/1227)
+
+**Fixed bugs:**
+
+- MISP & TheHive out of sync? [\#866](https://github.com/TheHive-Project/TheHive/issues/866)
+- Owner is case-sensitive on api calls [\#928](https://github.com/TheHive-Project/TheHive/issues/928)
+- Bug: Observable without data breaks display of observables [\#1080](https://github.com/TheHive-Project/TheHive/issues/1080)
+- Docker-Compose ElasticSearch incompatibility [\#1140](https://github.com/TheHive-Project/TheHive/issues/1140)
+- [Bug] Analyzers that take more than 10 Minutes run into timeout [\#1156](https://github.com/TheHive-Project/TheHive/issues/1156)
+- TheHive 3.4.0 migration logs errors ([error] m.Migration - Failed to create dashboard) [\#1202](https://github.com/TheHive-Project/TheHive/issues/1202)
+- Computed metrics is not compatible with painless scripting language [\#1210](https://github.com/TheHive-Project/TheHive/issues/1210)
+- OAuth2 Bearer header should be of the format "Authorization Bearer" ? [\#1228](https://github.com/TheHive-Project/TheHive/issues/1228)
+- Health API endpoint returns warning when everything is OK [\#1233](https://github.com/TheHive-Project/TheHive/issues/1233)
+- [Bug] Job submission sometimes fails when multiple Cortex servers [\#1272](https://github.com/TheHive-Project/TheHive/issues/1272)
+
+## [3.4.0](https://github.com/TheHive-Project/TheHive/milestone/52) (2019-09-09)
**Implemented enhancements:**
@@ -10,107 +37,84 @@
**Fixed bugs:**
-- Cosmetic Bug: wrong number of exported observables displayed [\#1071](https://github.com/TheHive-Project/TheHive/issues/1071)
-- Update Database button does not appear in training appliance [\#1067](https://github.com/TheHive-Project/TheHive/issues/1067)
-- bulk merge alerts into case lose description's alert [\#1065](https://github.com/TheHive-Project/TheHive/issues/1065)
-- Incorrect number of related observables returned [\#1062](https://github.com/TheHive-Project/TheHive/issues/1062)
-- Incorrect tag filter results when observables with tags are added then deleted [\#1061](https://github.com/TheHive-Project/TheHive/issues/1061)
-- Cannot setup TheHive 3.4.0-RC2 using Docker [\#1051](https://github.com/TheHive-Project/TheHive/issues/1051)
-- Case statistics dashboard loads with an error message and the case over time panel fails to display any data [\#1050](https://github.com/TheHive-Project/TheHive/issues/1050)
- Can't secure ElasticSearch connection [\#1046](https://github.com/TheHive-Project/TheHive/issues/1046)
+- Case statistics dashboard loads with an error message and the case over time panel fails to display any data [\#1050](https://github.com/TheHive-Project/TheHive/issues/1050)
+- Cannot setup TheHive 3.4.0-RC2 using Docker [\#1051](https://github.com/TheHive-Project/TheHive/issues/1051)
+- Incorrect tag filter results when observables with tags are added then deleted [\#1061](https://github.com/TheHive-Project/TheHive/issues/1061)
+- Incorrect number of related observables returned [\#1062](https://github.com/TheHive-Project/TheHive/issues/1062)
+- bulk merge alerts into case lose description's alert [\#1065](https://github.com/TheHive-Project/TheHive/issues/1065)
+- Update Database button does not appear in training appliance [\#1067](https://github.com/TheHive-Project/TheHive/issues/1067)
+- Cosmetic Bug: wrong number of exported observables displayed [\#1071](https://github.com/TheHive-Project/TheHive/issues/1071)
+- 3.4 RC2 doesn't prompt to update/create the database when one doesn't exist [\#1107](https://github.com/TheHive-Project/TheHive/issues/1107)
-## [3.4.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.4.0-RC2) (2019-07-10)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.4.0-RC1...3.4.0-RC2)
+## [3.4.0-RC2](https://github.com/TheHive-Project/TheHive/milestone/51) (2019-07-11)
**Implemented enhancements:**
-- Display ioc and sighted attributes in Alert artifact list [\#1035](https://github.com/TheHive-Project/TheHive/issues/1035)
-- Merge Observable tags with existing observables during importing alerts into case [\#1014](https://github.com/TheHive-Project/TheHive/issues/1014)
-- API not recognizing the attribute 'sighted' of artifacts on alert creation [\#1003](https://github.com/TheHive-Project/TheHive/issues/1003)
- Alerts are not getting deleted as expected [\#974](https://github.com/TheHive-Project/TheHive/issues/974)
-
-**Fixed bugs:**
-
-- Update case owner field validation to handle null value [\#1036](https://github.com/TheHive-Project/TheHive/issues/1036)
-- thehive prints error messages on first run \("Authentication failure" / "user init not found"\) [\#1027](https://github.com/TheHive-Project/TheHive/issues/1027)
-- TLP:WHITE for observable not shown, not editable [\#1025](https://github.com/TheHive-Project/TheHive/issues/1025)
-- Dashboard based on observables not refreshing correctly [\#996](https://github.com/TheHive-Project/TheHive/issues/996)
-- javascript error in tasks [\#979](https://github.com/TheHive-Project/TheHive/issues/979)
-- /api/alert/{}/createCase does not use caseTemplate [\#929](https://github.com/TheHive-Project/TheHive/issues/929)
+- API not recognizing the attribute 'sighted' of artifacts on alert creation [\#1003](https://github.com/TheHive-Project/TheHive/issues/1003)
+- Merge Observable tags with existing observables during importing alerts into case [\#1014](https://github.com/TheHive-Project/TheHive/issues/1014)
+- Display ioc and sighted attributes in Alert artifact list [\#1035](https://github.com/TheHive-Project/TheHive/issues/1035)
**Closed issues:**
-- Cannot add custom fields to case template [\#1042](https://github.com/TheHive-Project/TheHive/issues/1042)
+- can't add custom fields to case in 3.4.0-RC1 [\#1026](https://github.com/TheHive-Project/TheHive/issues/1026)
- sample hive does not connect to cortex and prints no helpful error message [\#1028](https://github.com/TheHive-Project/TheHive/issues/1028)
-## [3.4.0-RC1](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-06-05)
+**Fixed bugs:**
+
+- /api/alert/{}/createCase does not use caseTemplate [\#929](https://github.com/TheHive-Project/TheHive/issues/929)
+- javascript error in tasks [\#979](https://github.com/TheHive-Project/TheHive/issues/979)
+- Dashboard based on observables not refreshing correctly [\#996](https://github.com/TheHive-Project/TheHive/issues/996)
+- TLP:WHITE for observable not shown, not editable [\#1025](https://github.com/TheHive-Project/TheHive/issues/1025)
+- thehive prints error messages on first run ("Authentication failure" / "user init not found") [\#1027](https://github.com/TheHive-Project/TheHive/issues/1027)
+- Update case owner field validation to handle null value [\#1036](https://github.com/TheHive-Project/TheHive/issues/1036)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.1...3.4.0-4C1)
+## [3.4.0-RC1](https://github.com/TheHive-Project/TheHive/milestone/49) (2019-06-05)
**Implemented enhancements:**
-- Allow to import file from Cortex report [\#982](https://github.com/TheHive-Project/TheHive/issues/982)
-- Remove metrics module [\#975](https://github.com/TheHive-Project/TheHive/issues/975)
-- Upgrade frontend libraries [\#966](https://github.com/TheHive-Project/TheHive/issues/966)
-- Cortex AddArtifactToCase AssignCase [\#922](https://github.com/TheHive-Project/TheHive/issues/922)
-- Communication to ElasticSearch via HTTP API 9200 [\#913](https://github.com/TheHive-Project/TheHive/issues/913)
-- Add Cortex AssignCase [\#924](https://github.com/TheHive-Project/TheHive/pull/924) ([zpriddy](https://github.com/zpriddy))
- Support Elasticsearch 6.x clusters [\#623](https://github.com/TheHive-Project/TheHive/issues/623)
-
-**Fixed bugs:**
-
-- Donut dashboard metric values are not transformed to searches [\#972](https://github.com/TheHive-Project/TheHive/issues/972)
-- Bulk merge of alerts does not merge the tags [\#994](https://github.com/TheHive-Project/TheHive/issues/994)
-- Java 11 build crash [\#990](https://github.com/TheHive-Project/TheHive/issues/990)
-- Failure to load datatypes [\#988](https://github.com/TheHive-Project/TheHive/issues/988)
-- Fix search page base filter [\#983](https://github.com/TheHive-Project/TheHive/issues/983)
-- Authentication Error when using Hive API \(Patch\) [\#951](https://github.com/TheHive-Project/TheHive/issues/951)
+- Communication to ElasticSearch via HTTP API 9200 [\#913](https://github.com/TheHive-Project/TheHive/issues/913)
+- Cortex AddArtifactToCase AssignCase [\#922](https://github.com/TheHive-Project/TheHive/issues/922)
+- Upgrade frontend libraries [\#966](https://github.com/TheHive-Project/TheHive/issues/966)
+- Remove metrics module [\#975](https://github.com/TheHive-Project/TheHive/issues/975)
+- Allow to import file from Cortex report [\#982](https://github.com/TheHive-Project/TheHive/issues/982)
**Closed issues:**
-- bintray repo for deb packages not signed [\#976](https://github.com/TheHive-Project/TheHive/issues/976)
-- Set alert to status "Ignored" via API does not work [\#955](https://github.com/TheHive-Project/TheHive/issues/955)
+- Have AlertFilter for "New&Updated" [\#952](https://github.com/TheHive-Project/TheHive/issues/952)
-**Merged pull requests:**
-
-- Add 'My open cases' and 'New & Updated alerts' to quick filters [\#925](https://github.com/TheHive-Project/TheHive/pull/925) ([zpriddy](https://github.com/zpriddy))
+**Fixed bugs:**
-## [3.3.1](https://github.com/TheHive-Project/TheHive/tree/3.3.1) (2019-05-22)
+- Donut dashboard metric values are not transformed to searches [\#972](https://github.com/TheHive-Project/TheHive/issues/972)
+- Fix search page base filter [\#983](https://github.com/TheHive-Project/TheHive/issues/983)
+- Failure to load datatypes [\#988](https://github.com/TheHive-Project/TheHive/issues/988)
+- Java 11 build crash [\#990](https://github.com/TheHive-Project/TheHive/issues/990)
+- Bulk merge of alerts does not merge the tags [\#994](https://github.com/TheHive-Project/TheHive/issues/994)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0...3.3.1)
+## [3.3.1](https://github.com/TheHive-Project/TheHive/milestone/50) (2019-05-22)
**Fixed bugs:**
- THP-SEC-ADV-2017-001: Privilege Escalation in all Versions of TheHive [\#408](https://github.com/TheHive-Project/TheHive/issues/408)
-## [3.3.0](https://github.com/TheHive-Project/TheHive/tree/3.3.0) (2019-03-19)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC6...3.3.0)
+## [3.3.0](https://github.com/TheHive-Project/TheHive/milestone/48) (2019-03-19)
**Fixed bugs:**
- Merge case by CaseID Broken [\#930](https://github.com/TheHive-Project/TheHive/issues/930)
-## [3.3.0-RC6](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC6) (2019-03-07)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC5...3.3.0-RC6)
+## [3.3.0-RC6](https://github.com/TheHive-Project/TheHive/milestone/47) (2019-03-19)
**Implemented enhancements:**
-- Add Tags to an Alert with Responder [\#912](https://github.com/TheHive-Project/TheHive/issues/912)
-- Dashboards - Add text widget [\#908](https://github.com/TheHive-Project/TheHive/issues/908)
+- Support for filtering Tags by prefix (using asterisk, % or something) in search dialog [\#666](https://github.com/TheHive-Project/TheHive/issues/666)
- Empty case still available when disabled [\#901](https://github.com/TheHive-Project/TheHive/issues/901)
-- Support for filtering Tags by prefix \(using asterisk, % or something\) in search dialog [\#666](https://github.com/TheHive-Project/TheHive/issues/666)
-
-**Closed issues:**
-
-- Dynamic \(auto-refresh\) of cases is break in 3.3.0-RC5 [\#907](https://github.com/TheHive-Project/TheHive/issues/907)
-- Hostname Artifact [\#900](https://github.com/TheHive-Project/TheHive/issues/900)
-- DOS issue: Firefox crashing TheHive [\#899](https://github.com/TheHive-Project/TheHive/issues/899)
-
-## [3.3.0-RC5](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC5) (2019-02-23)
+- Dashboards - Add text widget [\#908](https://github.com/TheHive-Project/TheHive/issues/908)
+- Add Tags to an Alert with Responder [\#912](https://github.com/TheHive-Project/TheHive/issues/912)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC4...3.3.0-RC5)
+## [3.3.0-RC5](https://github.com/TheHive-Project/TheHive/milestone/46) (2019-02-23)
**Implemented enhancements:**
@@ -118,12 +122,10 @@
**Fixed bugs:**
-- dashboard clicks are not correctly translated to tag filters [\#896](https://github.com/TheHive-Project/TheHive/issues/896)
- Search results not visible [\#895](https://github.com/TheHive-Project/TheHive/issues/895)
+- dashboard clicks are not correctly translated to tag filters [\#896](https://github.com/TheHive-Project/TheHive/issues/896)
-## [3.3.0-RC4](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC4) (2019-02-22)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC3...3.3.0-RC4)
+## [3.3.0-RC4](https://github.com/TheHive-Project/TheHive/milestone/45) (2019-02-22)
**Implemented enhancements:**
@@ -131,88 +133,67 @@
**Fixed bugs:**
-- Issue with navigation from dashboard clickable donuts to search page [\#894](https://github.com/TheHive-Project/TheHive/issues/894)
- Hide Empty Case Button Broken [\#890](https://github.com/TheHive-Project/TheHive/issues/890)
+- Issue with navigation from dashboard clickable donuts to search page [\#894](https://github.com/TheHive-Project/TheHive/issues/894)
-## [3.3.0-RC3](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC3) (2019-02-21)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC2...3.3.0-RC3)
+## [3.3.0 RC3](https://github.com/TheHive-Project/TheHive/milestone/43) (2019-02-21)
**Implemented enhancements:**
-- Add a UI configuration admin section [\#888](https://github.com/TheHive-Project/TheHive/issues/888)
-- Add a Related Alerts link to case details view [\#884](https://github.com/TheHive-Project/TheHive/issues/884)
-- Update Copyright with year 2019 [\#879](https://github.com/TheHive-Project/TheHive/issues/879)
-- Provide a quick link to copy alert id [\#870](https://github.com/TheHive-Project/TheHive/issues/870)
-- \[BUG\] Audit trail for alert ignore [\#863](https://github.com/TheHive-Project/TheHive/issues/863)
-- Related artifacts: IOC/not IOC [\#838](https://github.com/TheHive-Project/TheHive/issues/838)
-- Feature: Add "auto-completion" to the UI [\#831](https://github.com/TheHive-Project/TheHive/issues/831)
-- Improvement: Upload of observables seem to fail "silently" [\#829](https://github.com/TheHive-Project/TheHive/issues/829)
-- Feature Request: link to and from Hive to MISP [\#820](https://github.com/TheHive-Project/TheHive/issues/820)
+- Ability to disable "New Case" -> "Empty case" [\#449](https://github.com/TheHive-Project/TheHive/issues/449)
- Disable clickable widgets in dashboard edit mode [\#485](https://github.com/TheHive-Project/TheHive/issues/485)
-- Ability to disable "New Case" -\> "Empty case" [\#449](https://github.com/TheHive-Project/TheHive/issues/449)
+- Feature Request: link to and from Hive to MISP [\#820](https://github.com/TheHive-Project/TheHive/issues/820)
+- Improvement: Upload of observables seem to fail "silently" [\#829](https://github.com/TheHive-Project/TheHive/issues/829)
+- Feature: Add "auto-completion" to the UI [\#831](https://github.com/TheHive-Project/TheHive/issues/831)
+- Related artifacts: IOC/not IOC [\#838](https://github.com/TheHive-Project/TheHive/issues/838)
+- [BUG] Audit trail for alert ignore [\#863](https://github.com/TheHive-Project/TheHive/issues/863)
+- Provide a quick link to copy alert id [\#870](https://github.com/TheHive-Project/TheHive/issues/870)
+- Update Copyright with year 2019 [\#879](https://github.com/TheHive-Project/TheHive/issues/879)
+- Add a Related Alerts link to case details view [\#884](https://github.com/TheHive-Project/TheHive/issues/884)
+- Add a UI configuration admin section [\#888](https://github.com/TheHive-Project/TheHive/issues/888)
**Fixed bugs:**
-- Drone build fails on pull-requests [\#882](https://github.com/TheHive-Project/TheHive/issues/882)
-- AKKA version missmatch [\#877](https://github.com/TheHive-Project/TheHive/issues/877)
-- Label Typo in Updated Alerts [\#874](https://github.com/TheHive-Project/TheHive/issues/874)
+- Alert updates and tracking (follow) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
+- Cortex responders with DataType `thehive:case_artifact` do not show up within thehive when attempting to run them for observables. [\#869](https://github.com/TheHive-Project/TheHive/issues/869)
- Log message related to MISP synchronization is confusing [\#871](https://github.com/TheHive-Project/TheHive/issues/871)
-- Cortex responders with DataType `thehive:case\_artifact` do not show up within thehive when attempting to run them for observables. [\#869](https://github.com/TheHive-Project/TheHive/issues/869)
-- Alert updates and tracking \(follow\) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
-
-**Merged pull requests:**
-
-- Update akka version [\#878](https://github.com/TheHive-Project/TheHive/pull/878) ([zpriddy](https://github.com/zpriddy))
-- Fix Update Label to Warning [\#873](https://github.com/TheHive-Project/TheHive/pull/873) ([zpriddy](https://github.com/zpriddy))
-
-## [3.3.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC2) (2019-02-07)
+- Label Typo in Updated Alerts [\#874](https://github.com/TheHive-Project/TheHive/issues/874)
+- AKKA version missmatch [\#877](https://github.com/TheHive-Project/TheHive/issues/877)
+- Drone build fails on pull-requests [\#882](https://github.com/TheHive-Project/TheHive/issues/882)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC1...3.3.0-RC2)
+## [3.3.0 RC2](https://github.com/TheHive-Project/TheHive/milestone/42) (2019-02-12)
**Fixed bugs:**
- Java dependency of DEB package is broken [\#867](https://github.com/TheHive-Project/TheHive/issues/867)
-## [3.3.0-RC1](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC1) (2019-02-06)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.2.1...3.3.0-RC1)
+## [3.3.0 RC1](https://github.com/TheHive-Project/TheHive/milestone/41) (2019-02-06)
**Implemented enhancements:**
-- \[BUG\] Session cookie received with API token [\#864](https://github.com/TheHive-Project/TheHive/issues/864)
-- Add support to Java versions, higher than 8 [\#861](https://github.com/TheHive-Project/TheHive/issues/861)
-- MISP - Add an Event Tag instead of/additionnally to Attribute Tag [\#836](https://github.com/TheHive-Project/TheHive/issues/836)
-- sorting in alerts [\#824](https://github.com/TheHive-Project/TheHive/issues/824)
-- Improve case template selection for case creation [\#769](https://github.com/TheHive-Project/TheHive/issues/769)
- Bulk Merge Alerts into Case [\#271](https://github.com/TheHive-Project/TheHive/issues/271)
+- Improve case template selection for case creation [\#769](https://github.com/TheHive-Project/TheHive/issues/769)
+- sorting in alerts [\#824](https://github.com/TheHive-Project/TheHive/issues/824)
- Merge alerts directly to a case [\#826](https://github.com/TheHive-Project/TheHive/issues/826)
-- Tag normalization [\#657](https://github.com/TheHive-Project/TheHive/pull/657) ([Viltaria](https://github.com/Viltaria))
+- MISP - Add an Event Tag instead of/additionnally to Attribute Tag [\#836](https://github.com/TheHive-Project/TheHive/issues/836)
+- Add support to Java versions, higher than 8 [\#861](https://github.com/TheHive-Project/TheHive/issues/861)
+- [BUG] Session cookie received with API token [\#864](https://github.com/TheHive-Project/TheHive/issues/864)
**Fixed bugs:**
-- Alert updates and tracking \(follow\) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
+- Delete user from Thehive: DELETE /api/user/user1 returned 500 org.elastic4play.InternalError: user can't be removed [\#844](https://github.com/TheHive-Project/TheHive/issues/844)
- Assigned Tasks do not show up in 'My Tasks' before they are started [\#845](https://github.com/TheHive-Project/TheHive/issues/845)
-- Delete user from Thehive: DELETE /api/user/user1 returned 500 org.elastic4play.InternalError: user can't be removed [\#844](https://github.com/TheHive-Project/TheHive/issues/844)
-
-## [3.2.1](https://github.com/TheHive-Project/TheHive/tree/3.2.1) (2018-12-20)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.2.0...3.2.1)
+## [3.2.1](https://github.com/TheHive-Project/TheHive/milestone/40) (2019-01-02)
**Fixed bugs:**
-- Bug UI "Tooltip" / Hint is cropped by window borders [\#832](https://github.com/TheHive-Project/TheHive/issues/832)
-- Can't unset case template when alert is imported [\#825](https://github.com/TheHive-Project/TheHive/issues/825)
-- Potential Regression: Case templates cannot be exported in 3.2.0 [\#823](https://github.com/TheHive-Project/TheHive/issues/823)
- Tag order is reversed if a case is created from an alert [\#810](https://github.com/TheHive-Project/TheHive/issues/810)
+- Potential Regression: Case templates cannot be exported in 3.2.0 [\#823](https://github.com/TheHive-Project/TheHive/issues/823)
+- Can't unset case template when alert is imported [\#825](https://github.com/TheHive-Project/TheHive/issues/825)
+- Bug UI "Tooltip" / Hint is cropped by window borders [\#832](https://github.com/TheHive-Project/TheHive/issues/832)
-**Merged pull requests:**
-
-- Make improvements to configuration file [\#828](https://github.com/TheHive-Project/TheHive/pull/828) ([adl1995](https://github.com/adl1995))
-
-## [3.2.0](https://github.com/TheHive-Project/TheHive/tree/3.2.0) (2018-11-29)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.2.0-RC1...3.2.0)
+## [3.2.0](https://github.com/TheHive-Project/TheHive/milestone/39) (2018-12-11)
**Implemented enhancements:**
@@ -222,283 +203,203 @@
- Error when uploading password protected zips as observables [\#805](https://github.com/TheHive-Project/TheHive/issues/805)
- Lowercase user ID coming from HTTP header [\#808](https://github.com/TheHive-Project/TheHive/issues/808)
-- Error when uploading password protected zips as observables [\#805](https://github.com/TheHive-Project/TheHive/issues/805)
-## [3.2.0-RC1](https://github.com/TheHive-Project/TheHive/tree/3.2.0-RC1) (2018-11-16)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.2...3.2.0-RC1)
+## [3.2.0-RC1](https://github.com/TheHive-Project/TheHive/milestone/16) (2018-11-21)
**Implemented enhancements:**
-- Add ability to add a log in responder operation [\#795](https://github.com/TheHive-Project/TheHive/issues/795)
-- Add responder actions in dashboard [\#794](https://github.com/TheHive-Project/TheHive/issues/794)
-- Show observable description on mouseover observables [\#793](https://github.com/TheHive-Project/TheHive/issues/793)
-- Update Play [\#791](https://github.com/TheHive-Project/TheHive/issues/791)
-- Show tags of observables in Alert preview [\#778](https://github.com/TheHive-Project/TheHive/issues/778)
-- Observable Value gets cleared when changing its type \(importing it from an analyser result\) [\#763](https://github.com/TheHive-Project/TheHive/issues/763)
-- Add confirmation dialogs when running a responder [\#762](https://github.com/TheHive-Project/TheHive/issues/762)
-- Support header variable authentication [\#554](https://github.com/TheHive-Project/TheHive/issues/554)
- Whitelist of tags for MISP alerts [\#481](https://github.com/TheHive-Project/TheHive/issues/481)
+- Support header variable authentication [\#554](https://github.com/TheHive-Project/TheHive/issues/554)
+- Add confirmation dialogs when running a responder [\#762](https://github.com/TheHive-Project/TheHive/issues/762)
+- Observable Value gets cleared when changing its type (importing it from an analyser result) [\#763](https://github.com/TheHive-Project/TheHive/issues/763)
+- Show tags of observables in Alert preview [\#778](https://github.com/TheHive-Project/TheHive/issues/778)
+- Update Play [\#791](https://github.com/TheHive-Project/TheHive/issues/791)
+- Show observable description on mouseover observables [\#793](https://github.com/TheHive-Project/TheHive/issues/793)
+- Add responder actions in dashboard [\#794](https://github.com/TheHive-Project/TheHive/issues/794)
+- Add ability to add a log in responder operation [\#795](https://github.com/TheHive-Project/TheHive/issues/795)
**Fixed bugs:**
-- MISP synchronization fails if event contains attachment with invalid name [\#801](https://github.com/TheHive-Project/TheHive/issues/801)
-- Observable creation doesn't allow multiline observables [\#790](https://github.com/TheHive-Project/TheHive/issues/790)
-- A user with "write" permission can delete a case using API [\#773](https://github.com/TheHive-Project/TheHive/issues/773)
-- Basic authentication method should be disabled by default [\#772](https://github.com/TheHive-Project/TheHive/issues/772)
-- Case search from dashboard clic "invalid filters error" [\#761](https://github.com/TheHive-Project/TheHive/issues/761)
- Intermittently losing Cortex [\#739](https://github.com/TheHive-Project/TheHive/issues/739)
+- Case search from dashboard clic "invalid filters error" [\#761](https://github.com/TheHive-Project/TheHive/issues/761)
+- Basic authentication method should be disabled by default [\#772](https://github.com/TheHive-Project/TheHive/issues/772)
+- A user with "write" permission can delete a case using API [\#773](https://github.com/TheHive-Project/TheHive/issues/773)
+- Observable creation doesn't allow multiline observables [\#790](https://github.com/TheHive-Project/TheHive/issues/790)
+- MISP synchronization fails if event contains attachment with invalid name [\#801](https://github.com/TheHive-Project/TheHive/issues/801)
-**Merged pull requests:**
-
-- Added Integration with FireEye iSIGHT [\#755](https://github.com/TheHive-Project/TheHive/pull/755) ([garanews](https://github.com/garanews))
-
-## [3.1.2](https://github.com/TheHive-Project/TheHive/tree/3.1.2) (2018-10-12)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.1...3.1.2)
+## [3.1.2](https://github.com/TheHive-Project/TheHive/milestone/38) (2018-10-12)
**Fixed bugs:**
- Cortex polling settings break startup [\#754](https://github.com/TheHive-Project/TheHive/issues/754)
-## [3.1.1](https://github.com/TheHive-Project/TheHive/tree/3.1.1) (2018-10-09)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0...3.1.1)
+## [3.1.1](https://github.com/TheHive-Project/TheHive/milestone/37) (2018-10-12)
**Implemented enhancements:**
-- Allow TheHive to use a custom root context [\#752](https://github.com/TheHive-Project/TheHive/issues/752)
-- Change Debian dependencies [\#751](https://github.com/TheHive-Project/TheHive/issues/751)
-- Publish stable versions in beta package channels [\#733](https://github.com/TheHive-Project/TheHive/issues/733)
- url category to MISP: poll for default [\#732](https://github.com/TheHive-Project/TheHive/issues/732)
+- Publish stable versions in beta package channels [\#733](https://github.com/TheHive-Project/TheHive/issues/733)
+- Change Debian dependencies [\#751](https://github.com/TheHive-Project/TheHive/issues/751)
+- Allow TheHive to use a custom root context [\#752](https://github.com/TheHive-Project/TheHive/issues/752)
**Fixed bugs:**
-- Console output should not be logged in syslog [\#749](https://github.com/TheHive-Project/TheHive/issues/749)
-- Update breaks RHEL [\#743](https://github.com/TheHive-Project/TheHive/issues/743)
-- Observable Result Icons Not Displaying [\#738](https://github.com/TheHive-Project/TheHive/issues/738)
- UPN attribute is not correctly lowercased [\#736](https://github.com/TheHive-Project/TheHive/issues/736)
+- Observable Result Icons Not Displaying [\#738](https://github.com/TheHive-Project/TheHive/issues/738)
+- Update breaks RHEL [\#743](https://github.com/TheHive-Project/TheHive/issues/743)
+- Console output should not be logged in syslog [\#749](https://github.com/TheHive-Project/TheHive/issues/749)
-**Closed issues:**
-
-- Artifact tags are overwritten by alert sourceRef during import to case [\#734](https://github.com/TheHive-Project/TheHive/issues/734)
-
-## [3.1.0](https://github.com/TheHive-Project/TheHive/tree/3.1.0) (2018-09-25)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0-RC3...3.1.0)
+## [3.1.0](https://github.com/TheHive-Project/TheHive/milestone/36) (2018-09-25)
**Implemented enhancements:**
-- Add MarkAlertAsRead action to responders [\#729](https://github.com/TheHive-Project/TheHive/issues/729)
-- AddCustomField responder operation [\#724](https://github.com/TheHive-Project/TheHive/issues/724)
- 3.1.0RC3: Browsing to negative case ids is possible [\#713](https://github.com/TheHive-Project/TheHive/issues/713)
-
-**Fixed bugs:**
-
-- RPM Updates not available \(404\) [\#719](https://github.com/TheHive-Project/TheHive/issues/719)
-- Observables not being displayed [\#655](https://github.com/TheHive-Project/TheHive/issues/655)
-- TheHive Hyperlinking [\#723](https://github.com/TheHive-Project/TheHive/issues/723)
-- Multiple responder actions does not seem to be handled [\#722](https://github.com/TheHive-Project/TheHive/issues/722)
-- API allows alert creation with duplicate artifacts [\#720](https://github.com/TheHive-Project/TheHive/issues/720)
-- 3.0.1RC3: certificate based authentication failes as attributes are not correctly lowercased [\#714](https://github.com/TheHive-Project/TheHive/issues/714)
-- Fix PAP labels [\#711](https://github.com/TheHive-Project/TheHive/issues/711)
+- AddCustomField responder operation [\#724](https://github.com/TheHive-Project/TheHive/issues/724)
+- Add MarkAlertAsRead action to responders [\#729](https://github.com/TheHive-Project/TheHive/issues/729)
**Closed issues:**
-- Cortex Connector [\#721](https://github.com/TheHive-Project/TheHive/issues/721)
-- Markdown syntex not rendered correctly [\#718](https://github.com/TheHive-Project/TheHive/issues/718)
-- 3.1.0RC3: Search produces errors on screen [\#712](https://github.com/TheHive-Project/TheHive/issues/712)
- TheHive:Alerts don't send observables to Responders [\#725](https://github.com/TheHive-Project/TheHive/issues/725)
-**Merged pull requests:**
-
-- CloseTask responder operation [\#728](https://github.com/TheHive-Project/TheHive/pull/728) ([srilumpa](https://github.com/srilumpa))
-- Add AddTagToArtifact action to responders [\#717](https://github.com/TheHive-Project/TheHive/pull/717) ([srilumpa](https://github.com/srilumpa))
+**Fixed bugs:**
-## [3.1.0-RC3](https://github.com/TheHive-Project/TheHive/tree/3.1.0-RC3) (2018-09-06)
+- Fix PAP labels [\#711](https://github.com/TheHive-Project/TheHive/issues/711)
+- 3.0.1RC3: certificate based authentication failes as attributes are not correctly lowercased [\#714](https://github.com/TheHive-Project/TheHive/issues/714)
+- API allows alert creation with duplicate artifacts [\#720](https://github.com/TheHive-Project/TheHive/issues/720)
+- Multiple responder actions does not seem to be handled [\#722](https://github.com/TheHive-Project/TheHive/issues/722)
+- TheHive Hyperlinking [\#723](https://github.com/TheHive-Project/TheHive/issues/723)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0-RC2...3.1.0-RC3)
+## [3.1.0-RC3](https://github.com/TheHive-Project/TheHive/milestone/35) (2018-09-06)
**Implemented enhancements:**
-- Extend Case Description Field [\#81](https://github.com/TheHive-Project/TheHive/issues/81)
-- Display task description via a collapsible row [\#709](https://github.com/TheHive-Project/TheHive/issues/709)
-- Allow task group auto complete in case template admin section [\#707](https://github.com/TheHive-Project/TheHive/issues/707)
-- Display task group in global task lists [\#705](https://github.com/TheHive-Project/TheHive/issues/705)
-- Make task group input optional [\#696](https://github.com/TheHive-Project/TheHive/issues/696)
-- Related Cases: See \(x\) more links [\#690](https://github.com/TheHive-Project/TheHive/issues/690)
-- Search section: Search for a string over all types of objects [\#689](https://github.com/TheHive-Project/TheHive/issues/689)
- Filter on computedHandlingDuration in SearchDialog fails [\#688](https://github.com/TheHive-Project/TheHive/issues/688)
-- Change layout of observable creation form [\#706](https://github.com/TheHive-Project/TheHive/pull/706) ([srilumpa](https://github.com/srilumpa))
+- Search section: Search for a string over all types of objects [\#689](https://github.com/TheHive-Project/TheHive/issues/689)
+- Related Cases: See (x) more links [\#690](https://github.com/TheHive-Project/TheHive/issues/690)
+- Make task group input optional [\#696](https://github.com/TheHive-Project/TheHive/issues/696)
+- Display task group in global task lists [\#705](https://github.com/TheHive-Project/TheHive/issues/705)
+- Allow task group auto complete in case template admin section [\#707](https://github.com/TheHive-Project/TheHive/issues/707)
+- Display task description via a collapsible row [\#709](https://github.com/TheHive-Project/TheHive/issues/709)
**Fixed bugs:**
-- Adding new observables to an alert retrospectively is impossible [\#511](https://github.com/TheHive-Project/TheHive/issues/511)
-- .sbt build of current git version fails with x-pack-transport error [\#710](https://github.com/TheHive-Project/TheHive/issues/710)
-- PKI authentication fails if user name in certificate has the wrong case [\#700](https://github.com/TheHive-Project/TheHive/issues/700)
-- Error handling deletion and re creation of file observables [\#699](https://github.com/TheHive-Project/TheHive/issues/699)
- Start waiting tasks when adding task logs [\#695](https://github.com/TheHive-Project/TheHive/issues/695)
+- Error handling deletion and re creation of file observables [\#699](https://github.com/TheHive-Project/TheHive/issues/699)
+- PKI authentication fails if user name in certificate has the wrong case [\#700](https://github.com/TheHive-Project/TheHive/issues/700)
+- .sbt build of current git version fails with x-pack-transport error [\#710](https://github.com/TheHive-Project/TheHive/issues/710)
-## [3.1.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.1.0-RC2) (2018-08-27)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0-RC1...3.1.0-RC2)
+## [3.1.0-RC2](https://github.com/TheHive-Project/TheHive/milestone/34) (2018-08-30)
**Implemented enhancements:**
-- Add a search box to quickly search for case by caseId [\#685](https://github.com/TheHive-Project/TheHive/issues/685)
-- MISP Exports in livestream miss hyperlink to caseid [\#684](https://github.com/TheHive-Project/TheHive/issues/684)
-- Remember task list configuration \(grouped/list\) [\#681](https://github.com/TheHive-Project/TheHive/issues/681)
-- x509 certificate authentication option 'wantClientAuth' [\#667](https://github.com/TheHive-Project/TheHive/issues/667)
-- TheHive 3.1RC1: Slow reaction if Cortex is \(unclear\) unreachable [\#664](https://github.com/TheHive-Project/TheHive/issues/664)
-- TheHive 3.1RC1: Add status to cases and tasks in new search page [\#663](https://github.com/TheHive-Project/TheHive/issues/663)
-- TheHive 3.1RC1: Add Username that executes an active response to json data field of responder [\#662](https://github.com/TheHive-Project/TheHive/issues/662)
-- Ability to set custom fields as mandatory [\#652](https://github.com/TheHive-Project/TheHive/issues/652)
-- Application.conf needs clarifications [\#606](https://github.com/TheHive-Project/TheHive/issues/606)
- Observable type boxes doesn't line break on alert preview pane [\#593](https://github.com/TheHive-Project/TheHive/issues/593)
-- On branch betterDescriptions [\#660](https://github.com/TheHive-Project/TheHive/pull/660) ([secdecompiled](https://github.com/secdecompiled))
+- Application.conf needs clarifications [\#606](https://github.com/TheHive-Project/TheHive/issues/606)
+- Ability to set custom fields as mandatory [\#652](https://github.com/TheHive-Project/TheHive/issues/652)
+- TheHive 3.1RC1: Add Username that executes an active response to json data field of responder [\#662](https://github.com/TheHive-Project/TheHive/issues/662)
+- TheHive 3.1RC1: Add status to cases and tasks in new search page [\#663](https://github.com/TheHive-Project/TheHive/issues/663)
+- TheHive 3.1RC1: Slow reaction if Cortex is (unclear) unreachable [\#664](https://github.com/TheHive-Project/TheHive/issues/664)
+- x509 certificate authentication option 'wantClientAuth' [\#667](https://github.com/TheHive-Project/TheHive/issues/667)
+- Remember task list configuration (grouped/list) [\#681](https://github.com/TheHive-Project/TheHive/issues/681)
+- MISP Exports in livestream miss hyperlink to caseid [\#684](https://github.com/TheHive-Project/TheHive/issues/684)
+- Add a search box to quickly search for case by caseId [\#685](https://github.com/TheHive-Project/TheHive/issues/685)
**Fixed bugs:**
-- The hive docker image has no latest tag [\#670](https://github.com/TheHive-Project/TheHive/issues/670)
-- case metrics unordered in cases [\#419](https://github.com/TheHive-Project/TheHive/issues/419)
-- 3.1.0-RC1- Tasks list is limited to 10 items. [\#679](https://github.com/TheHive-Project/TheHive/issues/679)
-- WebUI inaccessible after upgrading to 3.1.0-0-RC1 \(elastic4play and Play exceptions\) [\#674](https://github.com/TheHive-Project/TheHive/issues/674)
-- play.crypto.secret is depecrated [\#671](https://github.com/TheHive-Project/TheHive/issues/671)
-- 'Tagged as' displayed in Related Cases even if cases are untagged [\#594](https://github.com/TheHive-Project/TheHive/issues/594)
-- Horizontal Scrolling and Word-Wrap options for Logs [\#573](https://github.com/TheHive-Project/TheHive/issues/573)
- Dashboard visualizations do not work with custom fields [\#478](https://github.com/TheHive-Project/TheHive/issues/478)
+- Horizontal Scrolling and Word-Wrap options for Logs [\#573](https://github.com/TheHive-Project/TheHive/issues/573)
+- 'Tagged as' displayed in Related Cases even if cases are untagged [\#594](https://github.com/TheHive-Project/TheHive/issues/594)
+- play.crypto.secret is depecrated [\#671](https://github.com/TheHive-Project/TheHive/issues/671)
+- WebUI inaccessible after upgrading to 3.1.0-0-RC1 (elastic4play and Play exceptions) [\#674](https://github.com/TheHive-Project/TheHive/issues/674)
+- 3.1.0-RC1- Tasks list is limited to 10 items. [\#679](https://github.com/TheHive-Project/TheHive/issues/679)
-**Closed issues:**
-
-- ES Mapping bug [\#680](https://github.com/TheHive-Project/TheHive/issues/680)
-- ignore - delete me [\#675](https://github.com/TheHive-Project/TheHive/issues/675)
-- HTTPS not working with Keystore [\#669](https://github.com/TheHive-Project/TheHive/issues/669)
+## [3.1.0-RC1 (Cerana 1)](https://github.com/TheHive-Project/TheHive/milestone/7) (2018-08-20)
-**Merged pull requests:**
+**Implemented enhancements:**
-- Update Cortex reference.conf [\#668](https://github.com/TheHive-Project/TheHive/pull/668) ([ErnHem](https://github.com/ErnHem))
-- Fix some minor typos [\#658](https://github.com/TheHive-Project/TheHive/pull/658) ([srilumpa](https://github.com/srilumpa))
-- Move input group addons from right to left for better usage [\#672](https://github.com/TheHive-Project/TheHive/pull/672) ([srilumpa](https://github.com/srilumpa))
+- Ability to have nested tasks [\#148](https://github.com/TheHive-Project/TheHive/issues/148)
+- Output of analyzer as new observable [\#246](https://github.com/TheHive-Project/TheHive/issues/246)
+- Single-Sign On support [\#354](https://github.com/TheHive-Project/TheHive/issues/354)
+- MISP Sharing Improvements [\#366](https://github.com/TheHive-Project/TheHive/issues/366)
+- Make The Hive MISP integration sharing vs pull configurable [\#374](https://github.com/TheHive-Project/TheHive/issues/374)
+- StreamSrv: Unexpected message : StreamNotFound [\#414](https://github.com/TheHive-Project/TheHive/issues/414)
+- Assign Tasks to users from the Tasks tab [\#426](https://github.com/TheHive-Project/TheHive/issues/426)
+- Auto-refresh for Dashboards [\#476](https://github.com/TheHive-Project/TheHive/issues/476)
+- Handling malware as zip protected file [\#538](https://github.com/TheHive-Project/TheHive/issues/538)
+- Start Task - Button [\#540](https://github.com/TheHive-Project/TheHive/issues/540)
+- Consider providing checksums for the release files [\#590](https://github.com/TheHive-Project/TheHive/issues/590)
+- Ability to execute active response on any element of TheHive [\#609](https://github.com/TheHive-Project/TheHive/issues/609)
+- Add PAP to case to indicate which kind of action is allowed [\#616](https://github.com/TheHive-Project/TheHive/issues/616)
+- New TheHive-Project repository [\#618](https://github.com/TheHive-Project/TheHive/issues/618)
+- Revamp the search section capabilities [\#620](https://github.com/TheHive-Project/TheHive/issues/620)
+- Check Cortex authentication in status page [\#625](https://github.com/TheHive-Project/TheHive/issues/625)
+- Custom fields in Alerts? [\#635](https://github.com/TheHive-Project/TheHive/issues/635)
+- Display drop-down for custom fields sorted alphabetically [\#653](https://github.com/TheHive-Project/TheHive/issues/653)
-## [3.1.0-RC1](https://github.com/TheHive-Project/TheHive/tree/3.1.0-RC1) (2018-07-31)
+**Closed issues:**
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.10...3.1.0-RC1)
+- Is X-Pack enabled TLS for elasticsearch supported? [\#611](https://github.com/TheHive-Project/TheHive/issues/611)
+- add double quotes in mini reports [\#634](https://github.com/TheHive-Project/TheHive/issues/634)
-**Implemented enhancements:**
+**Fixed bugs:**
-- Display drop-down for custom fields sorted alphabetically [\#653](https://github.com/TheHive-Project/TheHive/issues/653)
-- Custom fields in Alerts? [\#635](https://github.com/TheHive-Project/TheHive/issues/635)
-- Check Cortex authentication in status page [\#625](https://github.com/TheHive-Project/TheHive/issues/625)
-- Revamp the search section capabilities [\#620](https://github.com/TheHive-Project/TheHive/issues/620)
-- New TheHive-Project repository [\#618](https://github.com/TheHive-Project/TheHive/issues/618)
-- Add PAP to case to indicate which kind of action is allowed [\#616](https://github.com/TheHive-Project/TheHive/issues/616)
-- Ability to execute active response on any element of TheHive [\#609](https://github.com/TheHive-Project/TheHive/issues/609)
-- Consider providing checksums for the release files [\#590](https://github.com/TheHive-Project/TheHive/issues/590)
-- Start Task - Button [\#540](https://github.com/TheHive-Project/TheHive/issues/540)
-- Handling malware as zip protected file [\#538](https://github.com/TheHive-Project/TheHive/issues/538)
-- Auto-refresh for Dashboards [\#476](https://github.com/TheHive-Project/TheHive/issues/476)
-- Assign Tasks to users from the Tasks tab [\#426](https://github.com/TheHive-Project/TheHive/issues/426)
-- Make The Hive MISP integration sharing vs pull configurable [\#374](https://github.com/TheHive-Project/TheHive/issues/374)
-- MISP Sharing Improvements [\#366](https://github.com/TheHive-Project/TheHive/issues/366)
-- Output of analyzer as new observable [\#246](https://github.com/TheHive-Project/TheHive/issues/246)
-- Ability to have nested tasks [\#148](https://github.com/TheHive-Project/TheHive/issues/148)
-- Single-Sign On support [\#354](https://github.com/TheHive-Project/TheHive/issues/354)
-
-**Fixed bugs:**
-
-- Default value of custom fields are not saved [\#649](https://github.com/TheHive-Project/TheHive/issues/649)
-- Attachments with character "\#" in the filename are wrongly proceesed [\#645](https://github.com/TheHive-Project/TheHive/issues/645)
-- Session does not expire correctly [\#640](https://github.com/TheHive-Project/TheHive/issues/640)
-- Dashboards contain analyzer IDs instead of correct names [\#608](https://github.com/TheHive-Project/TheHive/issues/608)
-- Error with Single Sign-On on TheHive with X.509 Certificates [\#600](https://github.com/TheHive-Project/TheHive/issues/600)
-- Entity case XXXXXXXXXX not found - After deleting case [\#534](https://github.com/TheHive-Project/TheHive/issues/534)
-- Artifacts reports are not merged when merging cases [\#446](https://github.com/TheHive-Project/TheHive/issues/446)
-- If cortex modules fails in some way, it is permanently repolled by TheHive [\#324](https://github.com/TheHive-Project/TheHive/issues/324)
- Previewing alerts fails with "too many substreams open" due to case similarity process [\#280](https://github.com/TheHive-Project/TheHive/issues/280)
+- File upload when /tmp is full [\#321](https://github.com/TheHive-Project/TheHive/issues/321)
+- If cortex modules fails in some way, it is permanently repolled by TheHive [\#324](https://github.com/TheHive-Project/TheHive/issues/324)
+- Artifacts reports are not merged when merging cases [\#446](https://github.com/TheHive-Project/TheHive/issues/446)
+- Error with Single Sign-On on TheHive with X.509 Certificates [\#600](https://github.com/TheHive-Project/TheHive/issues/600)
+- Dashboards contain analyzer IDs instead of correct names [\#608](https://github.com/TheHive-Project/TheHive/issues/608)
+- Session does not expire correctly [\#640](https://github.com/TheHive-Project/TheHive/issues/640)
+- Attachments with character "#" in the filename are wrongly proceesed [\#645](https://github.com/TheHive-Project/TheHive/issues/645)
+- Default value of custom fields are not saved [\#649](https://github.com/TheHive-Project/TheHive/issues/649)
-**Closed issues:**
-
-- add double quotes in mini reports [\#634](https://github.com/TheHive-Project/TheHive/issues/634)
-
-**Merged pull requests:**
-
-- fix bug in AlertListCtrl [\#642](https://github.com/TheHive-Project/TheHive/pull/642) ([billmurrin](https://github.com/billmurrin))
-- flag for Windows env [\#641](https://github.com/TheHive-Project/TheHive/pull/641) ([billmurrin](https://github.com/billmurrin))
-- 426 - assign tasks to users from tasks tab [\#628](https://github.com/TheHive-Project/TheHive/pull/628) ([billmurrin](https://github.com/billmurrin))
-- Fix installation links [\#603](https://github.com/TheHive-Project/TheHive/pull/603) ([Viltaria](https://github.com/Viltaria))
-
-## [3.0.10](https://github.com/TheHive-Project/TheHive/tree/3.0.10) (2018-05-29)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.9...3.0.10)
+## [3.0.10](https://github.com/TheHive-Project/TheHive/milestone/33) (2018-06-09)
**Implemented enhancements:**
-- Rotate logs [\#579](https://github.com/TheHive-Project/TheHive/issues/579)
-- Send caseId to Cortex analyzer [\#564](https://github.com/TheHive-Project/TheHive/issues/564)
-- Poll for connectors status and display [\#563](https://github.com/TheHive-Project/TheHive/issues/563)
-- Sort related cases by related artifacts amount [\#548](https://github.com/TheHive-Project/TheHive/issues/548)
- Time Calculation for individual tasks [\#546](https://github.com/TheHive-Project/TheHive/issues/546)
+- Sort related cases by related artifacts amount [\#548](https://github.com/TheHive-Project/TheHive/issues/548)
+- Poll for connectors status and display [\#563](https://github.com/TheHive-Project/TheHive/issues/563)
+- Send caseId to Cortex analyzer [\#564](https://github.com/TheHive-Project/TheHive/issues/564)
+- Rotate logs [\#579](https://github.com/TheHive-Project/TheHive/issues/579)
**Fixed bugs:**
-- Wrong error message when creating a observable with invalid data [\#592](https://github.com/TheHive-Project/TheHive/issues/592)
-- Analyzer name not reflected in modal view of mini-reports [\#586](https://github.com/TheHive-Project/TheHive/issues/586)
-- Invalid searches lead to read error messages [\#584](https://github.com/TheHive-Project/TheHive/issues/584)
-- Merge case by ID brings red error message if not a number in textfield [\#583](https://github.com/TheHive-Project/TheHive/issues/583)
-- Open cases not listed after deletion of merged case in UI [\#557](https://github.com/TheHive-Project/TheHive/issues/557)
-- Making dashboards private makes them "invisible" [\#555](https://github.com/TheHive-Project/TheHive/issues/555)
+- Short Report is not shown on observables (3.0.8) [\#512](https://github.com/TheHive-Project/TheHive/issues/512)
- MISP Synchronisation error [\#522](https://github.com/TheHive-Project/TheHive/issues/522)
-- Short Report is not shown on observables \(3.0.8\) [\#512](https://github.com/TheHive-Project/TheHive/issues/512)
-
-**Closed issues:**
-
-- Max Age Filter Not Working? [\#577](https://github.com/TheHive-Project/TheHive/issues/577)
-- Support X-Pack authentication/encryption for elastic [\#570](https://github.com/TheHive-Project/TheHive/issues/570)
-- Order the cases list by custom field \[Feature Request\] [\#567](https://github.com/TheHive-Project/TheHive/issues/567)
-- Using Postman to test the API, getting "No CSRF token found in headers" [\#549](https://github.com/TheHive-Project/TheHive/issues/549)
-
-## [3.0.9](https://github.com/TheHive-Project/TheHive/tree/3.0.9) (2018-04-13)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.8...3.0.9)
+- Making dashboards private makes them "invisible" [\#555](https://github.com/TheHive-Project/TheHive/issues/555)
+- Open cases not listed after deletion of merged case in UI [\#557](https://github.com/TheHive-Project/TheHive/issues/557)
+- Merge case by ID brings red error message if not a number in textfield [\#583](https://github.com/TheHive-Project/TheHive/issues/583)
+- Invalid searches lead to read error messages [\#584](https://github.com/TheHive-Project/TheHive/issues/584)
+- Analyzer name not reflected in modal view of mini-reports [\#586](https://github.com/TheHive-Project/TheHive/issues/586)
+- Wrong error message when creating a observable with invalid data [\#592](https://github.com/TheHive-Project/TheHive/issues/592)
-**Fixed bugs:**
-
-- Cortex connection can fail without any error log [\#543](https://github.com/TheHive-Project/TheHive/issues/543)
-- PhishTank Cortex Tag is transparent [\#535](https://github.com/TheHive-Project/TheHive/issues/535)
-- Naming inconsistencies in Live-Channel [\#531](https://github.com/TheHive-Project/TheHive/issues/531)
-- Error when trying to analyze a filename with the Hybrid Analysis analyzer [\#530](https://github.com/TheHive-Project/TheHive/issues/530)
-- Long Report isn't shown [\#527](https://github.com/TheHive-Project/TheHive/issues/527)
-- Artifacts' sighted flags are not merged when merging cases [\#518](https://github.com/TheHive-Project/TheHive/issues/518)
-- TheHive MISP cert validation, the trustAnchors parameter must be non-empty [\#452](https://github.com/TheHive-Project/TheHive/issues/452)
+## [3.0.9](https://github.com/TheHive-Project/TheHive/milestone/32) (2018-04-13)
**Closed issues:**
-- The Hive - MISP SSL configuration: General SSLEngine problem [\#544](https://github.com/TheHive-Project/TheHive/issues/544)
- Dropdown menu for case templates doesnt have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
-**Merged pull requests:**
-
-- Update spacing for elasticsearch section in docker-compose yml file [\#539](https://github.com/TheHive-Project/TheHive/pull/539) ([jbarlow-mcafee](https://github.com/jbarlow-mcafee))
+**Fixed bugs:**
-## [3.0.8](https://github.com/TheHive-Project/TheHive/tree/3.0.8) (2018-04-04)
+- TheHive MISP cert validation, the trustAnchors parameter must be non-empty [\#452](https://github.com/TheHive-Project/TheHive/issues/452)
+- Artifacts' sighted flags are not merged when merging cases [\#518](https://github.com/TheHive-Project/TheHive/issues/518)
+- Long Report isn't shown [\#527](https://github.com/TheHive-Project/TheHive/issues/527)
+- Error when trying to analyze a filename with the Hybrid Analysis analyzer [\#530](https://github.com/TheHive-Project/TheHive/issues/530)
+- Naming inconsistencies in Live-Channel [\#531](https://github.com/TheHive-Project/TheHive/issues/531)
+- PhishTank Cortex Tag is transparent [\#535](https://github.com/TheHive-Project/TheHive/issues/535)
+- Cortex connection can fail without any error log [\#543](https://github.com/TheHive-Project/TheHive/issues/543)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.7...3.0.8)
+## [3.0.8](https://github.com/TheHive-Project/TheHive/milestone/31) (2018-04-04)
**Fixed bugs:**
-- Mini reports is not shown when Cortex 2 is used [\#526](https://github.com/TheHive-Project/TheHive/issues/526)
-- Session collision when TheHive & Cortex 2 share the same URL [\#525](https://github.com/TheHive-Project/TheHive/issues/525)
-- "Run all" in single observable context does not work [\#524](https://github.com/TheHive-Project/TheHive/issues/524)
-- Error on displaying analyzers name in report template admin page [\#523](https://github.com/TheHive-Project/TheHive/issues/523)
- Job Analyzer is no longer named in 3.0.7 with Cortex2 [\#521](https://github.com/TheHive-Project/TheHive/issues/521)
+- Error on displaying analyzers name in report template admin page [\#523](https://github.com/TheHive-Project/TheHive/issues/523)
+- "Run all" in single observable context does not work [\#524](https://github.com/TheHive-Project/TheHive/issues/524)
+- Session collision when TheHive & Cortex 2 share the same URL [\#525](https://github.com/TheHive-Project/TheHive/issues/525)
+- Mini reports is not shown when Cortex 2 is used [\#526](https://github.com/TheHive-Project/TheHive/issues/526)
-**Merged pull requests:**
-
-- Add ElasticSearch file descriptor limit to docker-compose.yml [\#505](https://github.com/TheHive-Project/TheHive/pull/505) ([flmsc](https://github.com/flmsc))
-
-## [3.0.7](https://github.com/TheHive-Project/TheHive/tree/3.0.7) (2018-04-03)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.6...3.0.7)
+## [3.0.7](https://github.com/TheHive-Project/TheHive/milestone/30) (2018-03-29)
**Implemented enhancements:**
@@ -506,12 +407,10 @@
**Fixed bugs:**
-- Display only cortex servers available for each analyzer, in observable details page [\#513](https://github.com/TheHive-Project/TheHive/issues/513)
- Can't save case template in 3.0.6 [\#502](https://github.com/TheHive-Project/TheHive/issues/502)
+- Display only cortex servers available for each analyzer, in observable details page [\#513](https://github.com/TheHive-Project/TheHive/issues/513)
-## [3.0.6](https://github.com/TheHive-Project/TheHive/tree/3.0.6) (2018-03-08)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.5...3.0.6)
+## [3.0.6](https://github.com/TheHive-Project/TheHive/milestone/29) (2018-03-02)
**Implemented enhancements:**
@@ -521,460 +420,386 @@
- Tasks are stripped when merging cases [\#489](https://github.com/TheHive-Project/TheHive/issues/489)
-## [3.0.5](https://github.com/TheHive-Project/TheHive/tree/3.0.5) (2018-02-08)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.4...3.0.5)
+## [3.0.5](https://github.com/TheHive-Project/TheHive/milestone/28) (2018-02-08)
**Fixed bugs:**
-- No reports available for "domain" type [\#469](https://github.com/TheHive-Project/TheHive/issues/469)
- Importing Template Button Non-Functional [\#404](https://github.com/TheHive-Project/TheHive/issues/404)
+- No reports available for "domain" type [\#469](https://github.com/TheHive-Project/TheHive/issues/469)
-## [3.0.4](https://github.com/TheHive-Project/TheHive/tree/3.0.4) (2018-02-06)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.3...3.0.4)
+## [3.0.4](https://github.com/TheHive-Project/TheHive/milestone/27) (2018-02-08)
**Implemented enhancements:**
-- Make alerts searchable through the global search field [\#456](https://github.com/TheHive-Project/TheHive/issues/456)
-- Make counts on Counter dashboard's widget clickable [\#455](https://github.com/TheHive-Project/TheHive/issues/455)
-- MISP feeds cause the growing of ES audit docs [\#450](https://github.com/TheHive-Project/TheHive/issues/450)
-- Case metrics sort [\#418](https://github.com/TheHive-Project/TheHive/issues/418)
- Filter MISP Events Using MISP Tags & More Before Creating Alerts [\#370](https://github.com/TheHive-Project/TheHive/issues/370)
-- OAuth2 single sign-on implementation \(BE + FE\) [\#430](https://github.com/TheHive-Project/TheHive/pull/430) ([saibot94](https://github.com/saibot94))
+- Case metrics sort [\#418](https://github.com/TheHive-Project/TheHive/issues/418)
+- MISP feeds cause the growing of ES audit docs [\#450](https://github.com/TheHive-Project/TheHive/issues/450)
+- Make counts on Counter dashboard's widget clickable [\#455](https://github.com/TheHive-Project/TheHive/issues/455)
+- Make alerts searchable through the global search field [\#456](https://github.com/TheHive-Project/TheHive/issues/456)
+
+**Closed issues:**
+
+- Add query capability to visualization elements [\#395](https://github.com/TheHive-Project/TheHive/issues/395)
**Fixed bugs:**
-- Remove uppercase filter on template name [\#464](https://github.com/TheHive-Project/TheHive/issues/464)
-- Fix the alert bulk update timeline message [\#463](https://github.com/TheHive-Project/TheHive/issues/463)
-- "too many substreams open" on alerts [\#462](https://github.com/TheHive-Project/TheHive/issues/462)
-- Fix MISP export error dialog column's wrap [\#460](https://github.com/TheHive-Project/TheHive/issues/460)
-- More than 20 users prevents assignment in tasks [\#459](https://github.com/TheHive-Project/TheHive/issues/459)
-- Type is not used when generating alert id [\#457](https://github.com/TheHive-Project/TheHive/issues/457)
-- Fix link to default report templates [\#454](https://github.com/TheHive-Project/TheHive/issues/454)
-- Make dashboard donuts clickable [\#453](https://github.com/TheHive-Project/TheHive/issues/453)
-- Refresh custom fields on open cases by background changes [\#440](https://github.com/TheHive-Project/TheHive/issues/440)
-- Bug: Case metrics not shown when creating case from template [\#417](https://github.com/TheHive-Project/TheHive/issues/417)
- Observable report taxonomies bug [\#409](https://github.com/TheHive-Project/TheHive/issues/409)
+- Bug: Case metrics not shown when creating case from template [\#417](https://github.com/TheHive-Project/TheHive/issues/417)
+- Refresh custom fields on open cases by background changes [\#440](https://github.com/TheHive-Project/TheHive/issues/440)
+- Make dashboard donuts clickable [\#453](https://github.com/TheHive-Project/TheHive/issues/453)
+- Fix link to default report templates [\#454](https://github.com/TheHive-Project/TheHive/issues/454)
+- Type is not used when generating alert id [\#457](https://github.com/TheHive-Project/TheHive/issues/457)
+- More than 20 users prevents assignment in tasks [\#459](https://github.com/TheHive-Project/TheHive/issues/459)
+- Fix MISP export error dialog column's wrap [\#460](https://github.com/TheHive-Project/TheHive/issues/460)
+- "too many substreams open" on alerts [\#462](https://github.com/TheHive-Project/TheHive/issues/462)
+- Fix the alert bulk update timeline message [\#463](https://github.com/TheHive-Project/TheHive/issues/463)
+- Remove uppercase filter on template name [\#464](https://github.com/TheHive-Project/TheHive/issues/464)
-**Closed issues:**
-
-- GET request with Content-Type ends up in HTTP 400 [\#438](https://github.com/TheHive-Project/TheHive/issues/438)
-- Feature Request: Ability to bulk upload files as observables. [\#435](https://github.com/TheHive-Project/TheHive/issues/435)
-- Add metadata to MISP event when exporting case from TheHive [\#433](https://github.com/TheHive-Project/TheHive/issues/433)
-- How to limit by date amount of events pulled from MISP initially? [\#432](https://github.com/TheHive-Project/TheHive/issues/432)
+## [2.13.3](https://github.com/TheHive-Project/TheHive/milestone/26) (2018-01-19)
-## [3.0.3](https://github.com/TheHive-Project/TheHive/tree/3.0.3) (2018-01-10)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.2...3.0.3)
-**Fixed bugs:**
+## [3.0.3](https://github.com/TheHive-Project/TheHive/milestone/25) (2018-01-04)
-- THP-SEC-ADV-2017-001: Privilege Escalation in all Versions of TheHive [\#408](https://github.com/TheHive-Project/TheHive/issues/408)
-## [3.0.2](https://github.com/TheHive-Project/TheHive/tree/3.0.2) (2017-12-20)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.1...3.0.2)
+## [3.0.2](https://github.com/TheHive-Project/TheHive/milestone/24) (2018-01-04)
**Implemented enhancements:**
-- Add multiline/multi entity graph to dashboards [\#399](https://github.com/TheHive-Project/TheHive/issues/399)
- Can not configure ElasticSearch authentication [\#384](https://github.com/TheHive-Project/TheHive/issues/384)
+- Add multiline/multi entity graph to dashboards [\#399](https://github.com/TheHive-Project/TheHive/issues/399)
**Fixed bugs:**
- "Mark as Sighted" Option not available for "File" observable type [\#400](https://github.com/TheHive-Project/TheHive/issues/400)
-## [3.0.1](https://github.com/TheHive-Project/TheHive/tree/3.0.1) (2017-12-07)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.0...3.0.1)
+## [3.0.1](https://github.com/TheHive-Project/TheHive/milestone/23) (2017-12-13)
**Fixed bugs:**
-- MISP Event Export Error [\#387](https://github.com/TheHive-Project/TheHive/issues/387)
-- During migration, dashboards are not created [\#386](https://github.com/TheHive-Project/TheHive/issues/386)
- Error when configuring multiple ElasticSearch nodes [\#383](https://github.com/TheHive-Project/TheHive/issues/383)
+- During migration, dashboards are not created [\#386](https://github.com/TheHive-Project/TheHive/issues/386)
+- MISP Event Export Error [\#387](https://github.com/TheHive-Project/TheHive/issues/387)
-## [3.0.0](https://github.com/TheHive-Project/TheHive/tree/3.0.0) (2017-12-05)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.13.2...3.0.0)
+## [3.0.0 (Cerana)](https://github.com/TheHive-Project/TheHive/milestone/6) (2017-12-06)
**Implemented enhancements:**
-- Assign default values to case templates' custom fields [\#375](https://github.com/TheHive-Project/TheHive/issues/375)
-- Add the Ability to Import and Export Case Templates [\#369](https://github.com/TheHive-Project/TheHive/issues/369)
-- Add a sighted flag for IOCs [\#365](https://github.com/TheHive-Project/TheHive/issues/365)
-- Alert id should not be used to build case title when using case templates [\#364](https://github.com/TheHive-Project/TheHive/issues/364)
-- Set task assignee in case template [\#362](https://github.com/TheHive-Project/TheHive/issues/362)
-- Add Autonomous Systems to the Default Datatype List [\#359](https://github.com/TheHive-Project/TheHive/issues/359)
-- Display more than 10 users per page and sort them by alphanumerical order [\#346](https://github.com/TheHive-Project/TheHive/issues/346)
-- \[Minor\] Add user dialog title issue [\#345](https://github.com/TheHive-Project/TheHive/issues/345)
-- Deleted cases showing in statistics [\#317](https://github.com/TheHive-Project/TheHive/issues/317)
-- Dynamic dashboard [\#312](https://github.com/TheHive-Project/TheHive/issues/312)
-- Add health check in status API [\#306](https://github.com/TheHive-Project/TheHive/issues/306)
-- Alerts in Statistics [\#274](https://github.com/TheHive-Project/TheHive/issues/274)
-- Statistics: Observables and IOC over time [\#215](https://github.com/TheHive-Project/TheHive/issues/215)
-- Export Statistics/Metrics [\#197](https://github.com/TheHive-Project/TheHive/issues/197)
-- Msg_Parser analyser show for all files [\#184](https://github.com/TheHive-Project/TheHive/issues/184)
-- Assign default metric values [\#176](https://github.com/TheHive-Project/TheHive/issues/176)
-- Display Cortex Version, Instance Name, Status and Available Analyzers [\#130](https://github.com/TheHive-Project/TheHive/issues/130)
- Feature Request: Webhooks [\#20](https://github.com/TheHive-Project/TheHive/issues/20)
-- Remove the From prefix and template suffix around a template name in the New Case menu [\#348](https://github.com/TheHive-Project/TheHive/issues/348)
-- Keep the alert date when creating a case from it [\#320](https://github.com/TheHive-Project/TheHive/issues/320)
-- Export to MISP: add TLP [\#314](https://github.com/TheHive-Project/TheHive/issues/314)
+- Display Cortex Version, Instance Name, Status and Available Analyzers [\#130](https://github.com/TheHive-Project/TheHive/issues/130)
- Show already known observables in Import MISP Events preview window [\#137](https://github.com/TheHive-Project/TheHive/issues/137)
-
-**Fixed bugs:**
-
-- The misp \> instance name \> tags parameter is not honored when importing MISP events [\#373](https://github.com/TheHive-Project/TheHive/issues/373)
-- \[Bug\] Merging an alert into case with duplicate artifacts does not merge descriptions [\#357](https://github.com/TheHive-Project/TheHive/issues/357)
-- Share a case if MISP is not enabled raise an error [\#349](https://github.com/TheHive-Project/TheHive/issues/349)
-- Validate alert's TLP and severity attributes values [\#326](https://github.com/TheHive-Project/TheHive/issues/326)
-- Merge of cases overrides task log owners [\#303](https://github.com/TheHive-Project/TheHive/issues/303)
+- Assign default metric values [\#176](https://github.com/TheHive-Project/TheHive/issues/176)
+- Export Statistics/Metrics [\#197](https://github.com/TheHive-Project/TheHive/issues/197)
+- Statistics: Observables and IOC over time [\#215](https://github.com/TheHive-Project/TheHive/issues/215)
+- Templates can not be cloned [\#226](https://github.com/TheHive-Project/TheHive/issues/226)
+- Alerts in Statistics [\#274](https://github.com/TheHive-Project/TheHive/issues/274)
+- Statistics - Saved Filters [\#279](https://github.com/TheHive-Project/TheHive/issues/279)
+- Add health check in status API [\#306](https://github.com/TheHive-Project/TheHive/issues/306)
+- Export and Import Case Templates [\#310](https://github.com/TheHive-Project/TheHive/issues/310)
+- Dynamic dashboard [\#312](https://github.com/TheHive-Project/TheHive/issues/312)
+- Export to MISP: add TLP [\#314](https://github.com/TheHive-Project/TheHive/issues/314)
+- Deleted cases showing in statistics [\#317](https://github.com/TheHive-Project/TheHive/issues/317)
+- Keep the alert date when creating a case from it [\#320](https://github.com/TheHive-Project/TheHive/issues/320)
+- [Minor] Add user dialog title issue [\#345](https://github.com/TheHive-Project/TheHive/issues/345)
+- Display more than 10 users per page and sort them by alphanumerical order [\#346](https://github.com/TheHive-Project/TheHive/issues/346)
+- Remove the From prefix and template suffix around a template name in the New Case menu [\#348](https://github.com/TheHive-Project/TheHive/issues/348)
+- Add Autonomous Systems to the Default Datatype List [\#359](https://github.com/TheHive-Project/TheHive/issues/359)
+- Set task assignee in case template [\#362](https://github.com/TheHive-Project/TheHive/issues/362)
+- Alert id should not be used to build case title when using case templates [\#364](https://github.com/TheHive-Project/TheHive/issues/364)
+- Add a sighted flag for IOCs [\#365](https://github.com/TheHive-Project/TheHive/issues/365)
+- Add the Ability to Import and Export Case Templates [\#369](https://github.com/TheHive-Project/TheHive/issues/369)
+- Assign default values to case templates' custom fields [\#375](https://github.com/TheHive-Project/TheHive/issues/375)
**Closed issues:**
-- MISP Connection Error with Cortex/HIVE [\#371](https://github.com/TheHive-Project/TheHive/issues/371)
- Single Sign-On with X.509 certificates [\#297](https://github.com/TheHive-Project/TheHive/issues/297)
- Remove the deprecated "user" property [\#316](https://github.com/TheHive-Project/TheHive/issues/316)
-- Run observable analyzers through API [\#308](https://github.com/TheHive-Project/TheHive/issues/308)
-
-**Merged pull requests:**
+- caseTemplate should be kept when creating a case from a template [\#325](https://github.com/TheHive-Project/TheHive/issues/325)
-- typos and improvements to text [\#355](https://github.com/TheHive-Project/TheHive/pull/355) ([steoleary](https://github.com/steoleary))
-- Correct typo [\#353](https://github.com/TheHive-Project/TheHive/pull/353) ([arnydo](https://github.com/arnydo))
+**Fixed bugs:**
-## [2.13.2](https://github.com/TheHive-Project/TheHive/tree/2.13.2) (2017-10-24)
+- Merge of cases overrides task log owners [\#303](https://github.com/TheHive-Project/TheHive/issues/303)
+- Validate alert's TLP and severity attributes values [\#326](https://github.com/TheHive-Project/TheHive/issues/326)
+- Share a case if MISP is not enabled raise an error [\#349](https://github.com/TheHive-Project/TheHive/issues/349)
+- [Bug] Merging an alert into case with duplicate artifacts does not merge descriptions [\#357](https://github.com/TheHive-Project/TheHive/issues/357)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.13.1...2.13.2)
+## [2.13.2](https://github.com/TheHive-Project/TheHive/milestone/22) (2017-11-08)
**Fixed bugs:**
-- Security issue on Play 2.6.5 [\#356](https://github.com/TheHive-Project/TheHive/issues/356)
-- Incorrect stats: non-IOC observables counted as IOC and IOC word displayed twice [\#347](https://github.com/TheHive-Project/TheHive/issues/347)
-- Deleted Observables, Show up on the statistics tab under Observables by Type [\#343](https://github.com/TheHive-Project/TheHive/issues/343)
-- Statistics on metrics doesn't work [\#342](https://github.com/TheHive-Project/TheHive/issues/342)
- Error on custom fields format when merging cases [\#331](https://github.com/TheHive-Project/TheHive/issues/331)
+- Statistics on metrics doesn't work [\#342](https://github.com/TheHive-Project/TheHive/issues/342)
+- Deleted Observables, Show up on the statistics tab under Observables by Type [\#343](https://github.com/TheHive-Project/TheHive/issues/343)
+- Incorrect stats: non-IOC observables counted as IOC and IOC word displayed twice [\#347](https://github.com/TheHive-Project/TheHive/issues/347)
+- Security issue on Play 2.6.5 [\#356](https://github.com/TheHive-Project/TheHive/issues/356)
-## [2.13.1](https://github.com/TheHive-Project/TheHive/tree/2.13.1) (2017-09-18)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.13.0...2.13.1)
+## [2.13.1](https://github.com/TheHive-Project/TheHive/milestone/21) (2017-09-18)
**Fixed bugs:**
-- Tasks Tab Elasticsearch exception: Fielddata is disabled on text fields by default. Set fielddata=true on \[title\] [\#311](https://github.com/TheHive-Project/TheHive/issues/311)
+- Tasks Tab Elasticsearch exception: Fielddata is disabled on text fields by default. Set fielddata=true on [title] [\#311](https://github.com/TheHive-Project/TheHive/issues/311)
-## [2.13.0](https://github.com/TheHive-Project/TheHive/tree/2.13.0) (2017-09-15)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.12.1...2.13.0)
+## [2.13.0](https://github.com/TheHive-Project/TheHive/milestone/13) (2017-09-15)
**Implemented enhancements:**
-- Group ownership in Docker image prevents running on OpenShift [\#307](https://github.com/TheHive-Project/TheHive/issues/307)
-- Improve the content of alert flow items [\#304](https://github.com/TheHive-Project/TheHive/issues/304)
-- Add a basic support for webhooks [\#293](https://github.com/TheHive-Project/TheHive/issues/293)
-- Add basic authentication to Stream API [\#291](https://github.com/TheHive-Project/TheHive/issues/291)
-- Add Support for Play 2.6.x and Elasticsearch 5.x [\#275](https://github.com/TheHive-Project/TheHive/issues/275)
-- Fine grained user permissions for API access [\#263](https://github.com/TheHive-Project/TheHive/issues/263)
-- Alert Pane: Catch Incorrect Keywords [\#241](https://github.com/TheHive-Project/TheHive/issues/241)
-- Specify multiple AD servers in TheHive configuration [\#231](https://github.com/TheHive-Project/TheHive/issues/231)
- Export cases in MISP events [\#52](https://github.com/TheHive-Project/TheHive/issues/52)
-
-**Fixed bugs:**
-
-- Download attachment with non-latin filename [\#302](https://github.com/TheHive-Project/TheHive/issues/302)
-- Undefined threat level from MISP events becomes severity "4" [\#300](https://github.com/TheHive-Project/TheHive/issues/300)
-- File name is not displayed in observable conflict dialog [\#295](https://github.com/TheHive-Project/TheHive/issues/295)
-- A colon punctuation mark in a search query results in 500 [\#285](https://github.com/TheHive-Project/TheHive/issues/285)
+- Specify multiple AD servers in TheHive configuration [\#231](https://github.com/TheHive-Project/TheHive/issues/231)
+- Alert Pane: Catch Incorrect Keywords [\#241](https://github.com/TheHive-Project/TheHive/issues/241)
+- Fine grained user permissions for API access [\#263](https://github.com/TheHive-Project/TheHive/issues/263)
+- Add Support for Play 2.6.x and Elasticsearch 5.x [\#275](https://github.com/TheHive-Project/TheHive/issues/275)
+- Add basic authentication to Stream API [\#291](https://github.com/TheHive-Project/TheHive/issues/291)
+- Add a basic support for webhooks [\#293](https://github.com/TheHive-Project/TheHive/issues/293)
+- Improve the content of alert flow items [\#304](https://github.com/TheHive-Project/TheHive/issues/304)
+- Group ownership in Docker image prevents running on OpenShift [\#307](https://github.com/TheHive-Project/TheHive/issues/307)
**Closed issues:**
+- Elasticsearch 5.x roadmap? [\#82](https://github.com/TheHive-Project/TheHive/issues/82)
- Threat level/severity code inverted between The Hive and MISP [\#292](https://github.com/TheHive-Project/TheHive/issues/292)
-## [2.12.1](https://github.com/TheHive-Project/TheHive/tree/2.12.1) (2017-08-01)
+**Fixed bugs:**
+
+- A colon punctuation mark in a search query results in 500 [\#285](https://github.com/TheHive-Project/TheHive/issues/285)
+- File name is not displayed in observable conflict dialog [\#295](https://github.com/TheHive-Project/TheHive/issues/295)
+- Undefined threat level from MISP events becomes severity "4" [\#300](https://github.com/TheHive-Project/TheHive/issues/300)
+- Download attachment with non-latin filename [\#302](https://github.com/TheHive-Project/TheHive/issues/302)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.12.0...2.12.1)
+## [2.12.1](https://github.com/TheHive-Project/TheHive/milestone/15) (2017-08-24)
**Implemented enhancements:**
-- Fix warnings in debian package [\#267](https://github.com/TheHive-Project/TheHive/issues/267)
- Merging alert into existing case does not merge alert description into case description [\#255](https://github.com/TheHive-Project/TheHive/issues/255)
+- Fix warnings in debian package [\#267](https://github.com/TheHive-Project/TheHive/issues/267)
**Fixed bugs:**
-- Cortex Connector Not Found [\#256](https://github.com/TheHive-Project/TheHive/issues/256)
-- Case similarity reports merged cases [\#272](https://github.com/TheHive-Project/TheHive/issues/272)
-- Closing a case with an open task does not dismiss task in "My tasks" [\#269](https://github.com/TheHive-Project/TheHive/issues/269)
-- API: cannot create alert if one alert artifact contains the IOC field set [\#268](https://github.com/TheHive-Project/TheHive/issues/268)
-- Can't get logs of a task via API [\#259](https://github.com/TheHive-Project/TheHive/issues/259)
-- Add multiple attachments in a single task log doesn't work [\#257](https://github.com/TheHive-Project/TheHive/issues/257)
-- TheHive doesn't send the file name to Cortex [\#254](https://github.com/TheHive-Project/TheHive/issues/254)
- Renaming of users does not work [\#249](https://github.com/TheHive-Project/TheHive/issues/249)
+- TheHive doesn't send the file name to Cortex [\#254](https://github.com/TheHive-Project/TheHive/issues/254)
+- Add multiple attachments in a single task log doesn't work [\#257](https://github.com/TheHive-Project/TheHive/issues/257)
+- Can't get logs of a task via API [\#259](https://github.com/TheHive-Project/TheHive/issues/259)
+- API: cannot create alert if one alert artifact contains the IOC field set [\#268](https://github.com/TheHive-Project/TheHive/issues/268)
+- Closing a case with an open task does not dismiss task in "My tasks" [\#269](https://github.com/TheHive-Project/TheHive/issues/269)
+- Case similarity reports merged cases [\#272](https://github.com/TheHive-Project/TheHive/issues/272)
-## [2.12.0](https://github.com/TheHive-Project/TheHive/tree/2.12.0) (2017-07-04)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.11.3...2.12.0)
+## [2.12.0](https://github.com/TheHive-Project/TheHive/milestone/11) (2017-07-06)
**Implemented enhancements:**
-- Use local font files [\#250](https://github.com/TheHive-Project/TheHive/issues/250)
-- Sort the analyzers list in observable details page [\#245](https://github.com/TheHive-Project/TheHive/issues/245)
-- More options to sort cases [\#243](https://github.com/TheHive-Project/TheHive/issues/243)
-- Alert Preview and management improvements [\#232](https://github.com/TheHive-Project/TheHive/issues/232)
-- Show case status and category \(FP, TP, IND\) in related cases [\#229](https://github.com/TheHive-Project/TheHive/issues/229)
-- Open External Links in New Tab [\#228](https://github.com/TheHive-Project/TheHive/issues/228)
-- Observable analyzers view reports. [\#191](https://github.com/TheHive-Project/TheHive/issues/191)
-- Specifying tags on statistics page or performing a search [\#186](https://github.com/TheHive-Project/TheHive/issues/186)
-- Choose case template while importing events from MISP [\#175](https://github.com/TheHive-Project/TheHive/issues/175)
-- Ability to Reopen Tasks [\#156](https://github.com/TheHive-Project/TheHive/issues/156)
-- Display short reports on the Observables tab [\#131](https://github.com/TheHive-Project/TheHive/issues/131)
- Custom fields for case template [\#12](https://github.com/TheHive-Project/TheHive/issues/12)
+- Display short reports on the Observables tab [\#131](https://github.com/TheHive-Project/TheHive/issues/131)
+- Ability to Reopen Tasks [\#156](https://github.com/TheHive-Project/TheHive/issues/156)
+- Choose case template while importing events from MISP [\#175](https://github.com/TheHive-Project/TheHive/issues/175)
+- Specifying tags on statistics page or performing a search [\#186](https://github.com/TheHive-Project/TheHive/issues/186)
+- Observable analyzers view reports. [\#191](https://github.com/TheHive-Project/TheHive/issues/191)
+- Open External Links in New Tab [\#228](https://github.com/TheHive-Project/TheHive/issues/228)
+- Show case status and category (FP, TP, IND) in related cases [\#229](https://github.com/TheHive-Project/TheHive/issues/229)
+- Alert Preview and management improvements [\#232](https://github.com/TheHive-Project/TheHive/issues/232)
+- More options to sort cases [\#243](https://github.com/TheHive-Project/TheHive/issues/243)
+- Sort the analyzers list in observable details page [\#245](https://github.com/TheHive-Project/TheHive/issues/245)
+- Use local font files [\#250](https://github.com/TheHive-Project/TheHive/issues/250)
**Fixed bugs:**
-- A locked user can use the API to create / delete / list cases \(and more\) [\#251](https://github.com/TheHive-Project/TheHive/issues/251)
-- Fix case metrics malformed definitions [\#248](https://github.com/TheHive-Project/TheHive/issues/248)
-- Sorting alerts by severity fails [\#242](https://github.com/TheHive-Project/TheHive/issues/242)
-- Alerting Panel: Typo Correction [\#240](https://github.com/TheHive-Project/TheHive/issues/240)
-- files in alerts are limited to 32kB [\#237](https://github.com/TheHive-Project/TheHive/issues/237)
-- Alert can contain inconsistent data [\#234](https://github.com/TheHive-Project/TheHive/issues/234)
-- Search do not work with non-latin characters [\#223](https://github.com/TheHive-Project/TheHive/issues/223)
- report status not updated after finish [\#212](https://github.com/TheHive-Project/TheHive/issues/212)
+- Search do not work with non-latin characters [\#223](https://github.com/TheHive-Project/TheHive/issues/223)
+- Alert can contain inconsistent data [\#234](https://github.com/TheHive-Project/TheHive/issues/234)
+- files in alerts are limited to 32kB [\#237](https://github.com/TheHive-Project/TheHive/issues/237)
+- Alerting Panel: Typo Correction [\#240](https://github.com/TheHive-Project/TheHive/issues/240)
+- Sorting alerts by severity fails [\#242](https://github.com/TheHive-Project/TheHive/issues/242)
+- Fix case metrics malformed definitions [\#248](https://github.com/TheHive-Project/TheHive/issues/248)
+- A locked user can use the API to create / delete / list cases (and more) [\#251](https://github.com/TheHive-Project/TheHive/issues/251)
-## [2.11.3](https://github.com/TheHive-Project/TheHive/tree/2.11.3) (2017-06-14)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/debian/2.11.2...2.11.3)
+## [2.11.3](https://github.com/TheHive-Project/TheHive/milestone/14) (2017-06-14)
**Fixed bugs:**
-- Unable to add tasks to case template [\#239](https://github.com/TheHive-Project/TheHive/issues/239)
-- Problem Start TheHive on Ubuntu 16.04 [\#238](https://github.com/TheHive-Project/TheHive/issues/238)
- MISP synchronization doesn't retrieve all events [\#236](https://github.com/TheHive-Project/TheHive/issues/236)
+- Problem Start TheHive on Ubuntu 16.04 [\#238](https://github.com/TheHive-Project/TheHive/issues/238)
+- Unable to add tasks to case template [\#239](https://github.com/TheHive-Project/TheHive/issues/239)
-## [2.11.2](https://github.com/TheHive-Project/TheHive/tree/2.11.2) (2017-05-24)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.11.1...2.11.2)
+## [2.11.2](https://github.com/TheHive-Project/TheHive/milestone/12) (2017-05-31)
**Implemented enhancements:**
-- Visually distinguish between analyzed and non analyzer observables [\#224](https://github.com/TheHive-Project/TheHive/issues/224)
-- Add Description Field to Alert Preview Modal [\#218](https://github.com/TheHive-Project/TheHive/issues/218)
- Show case severity in lists [\#188](https://github.com/TheHive-Project/TheHive/issues/188)
+- Add Description Field to Alert Preview Modal [\#218](https://github.com/TheHive-Project/TheHive/issues/218)
+- Visually distinguish between analyzed and non analyzer observables [\#224](https://github.com/TheHive-Project/TheHive/issues/224)
**Fixed bugs:**
-- MISP synchronization - attributes are not retrieve [\#221](https://github.com/TheHive-Project/TheHive/issues/221)
-- MISP synchronization - Alerts are wrongly updated [\#220](https://github.com/TheHive-Project/TheHive/issues/220)
- Cortex jobs from thehive fail silently [\#219](https://github.com/TheHive-Project/TheHive/issues/219)
+- MISP synchronization - Alerts are wrongly updated [\#220](https://github.com/TheHive-Project/TheHive/issues/220)
+- MISP synchronization - attributes are not retrieve [\#221](https://github.com/TheHive-Project/TheHive/issues/221)
-**Merged pull requests:**
-
-- Fixing links to docu repo [\#213](https://github.com/TheHive-Project/TheHive/pull/213) ([SHSauler](https://github.com/SHSauler))
-
-## [2.11.1](https://github.com/TheHive-Project/TheHive/tree/2.11.1) (2017-05-17)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.11.0...2.11.1)
+## [2.11.1](https://github.com/TheHive-Project/TheHive/milestone/10) (2017-05-17)
**Implemented enhancements:**
-- Show available reports number for each observable [\#211](https://github.com/TheHive-Project/TheHive/issues/211)
- Merge Duplicate Tasks during Case Merge [\#180](https://github.com/TheHive-Project/TheHive/issues/180)
+- Show available reports number for each observable [\#211](https://github.com/TheHive-Project/TheHive/issues/211)
+
+**Closed issues:**
+
+- No API Alert documentation [\#203](https://github.com/TheHive-Project/TheHive/issues/203)
**Fixed bugs:**
-- Case templates not applied when converting an alert to a case [\#206](https://github.com/TheHive-Project/TheHive/issues/206)
-- Observable of merged cased might have duplicate tags [\#205](https://github.com/TheHive-Project/TheHive/issues/205)
- Error updating case templates [\#204](https://github.com/TheHive-Project/TheHive/issues/204)
+- Observable of merged cased might have duplicate tags [\#205](https://github.com/TheHive-Project/TheHive/issues/205)
+- Case templates not applied when converting an alert to a case [\#206](https://github.com/TheHive-Project/TheHive/issues/206)
-## [2.11.0](https://github.com/TheHive-Project/TheHive/tree/2.11.0) (2017-05-14)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.10.2...2.11.0)
+## [2.11.0](https://github.com/TheHive-Project/TheHive/milestone/4) (2017-05-12)
**Implemented enhancements:**
-- Display the logos of the integrated external services [\#198](https://github.com/TheHive-Project/TheHive/issues/198)
-- TheHive send to many information to Cortex when an analyze is requested [\#196](https://github.com/TheHive-Project/TheHive/issues/196)
-- Sort the list of report templates [\#195](https://github.com/TheHive-Project/TheHive/issues/195)
-- Add support to .deb and .rpm package generation [\#193](https://github.com/TheHive-Project/TheHive/issues/193)
-- Cannot distinguish which analysers run on which cortex instance [\#179](https://github.com/TheHive-Project/TheHive/issues/179)
-- Connect to Cortex protected by Basic Auth [\#173](https://github.com/TheHive-Project/TheHive/issues/173)
-- Implement the alerting framework feature [\#170](https://github.com/TheHive-Project/TheHive/issues/170)
-- Make the flow collapsible, in case details page [\#167](https://github.com/TheHive-Project/TheHive/issues/167)
-- Update the datalist filter previews to display meaningful values [\#166](https://github.com/TheHive-Project/TheHive/issues/166)
-- Show severity on the "Cases Page" [\#165](https://github.com/TheHive-Project/TheHive/issues/165)
-- Add pagination component at the top of all the data lists [\#151](https://github.com/TheHive-Project/TheHive/issues/151)
-- Connect to Cortex instance via proxy [\#147](https://github.com/TheHive-Project/TheHive/issues/147)
-- Disable field autocomplete on the login form [\#146](https://github.com/TheHive-Project/TheHive/issues/146)
-- Refresh the UI's skin [\#145](https://github.com/TheHive-Project/TheHive/issues/145)
-- Add support of case template in back-end API [\#144](https://github.com/TheHive-Project/TheHive/issues/144)
-- Proxy authentication [\#143](https://github.com/TheHive-Project/TheHive/issues/143)
-- Improve logs browsing [\#128](https://github.com/TheHive-Project/TheHive/issues/128)
-- Improve logs browsing [\#128](https://github.com/TheHive-Project/TheHive/issues/128)
-- Feature request: Autocomplete tags [\#119](https://github.com/TheHive-Project/TheHive/issues/119)
-- Ignored MISP events are no longer visible and cannot be imported [\#107](https://github.com/TheHive-Project/TheHive/issues/107)
-- MISP import filter / filtering of events [\#86](https://github.com/TheHive-Project/TheHive/issues/86)
- Reordering Tasks [\#21](https://github.com/TheHive-Project/TheHive/issues/21)
-
-**Fixed bugs:**
-
-- Authentication fails with wrong message if database migration is needed [\#200](https://github.com/TheHive-Project/TheHive/issues/200)
-- Fix the success message when running a set of analyzers [\#199](https://github.com/TheHive-Project/TheHive/issues/199)
-- Duplicate HTTP calls in case page [\#187](https://github.com/TheHive-Project/TheHive/issues/187)
-- Job status refresh [\#171](https://github.com/TheHive-Project/TheHive/issues/171)
+- MISP import filter / filtering of events [\#86](https://github.com/TheHive-Project/TheHive/issues/86)
+- Ignored MISP events are no longer visible and cannot be imported [\#107](https://github.com/TheHive-Project/TheHive/issues/107)
+- Feature request: Autocomplete tags [\#119](https://github.com/TheHive-Project/TheHive/issues/119)
+- Improve logs browsing [\#128](https://github.com/TheHive-Project/TheHive/issues/128)
+- Proxy authentication [\#143](https://github.com/TheHive-Project/TheHive/issues/143)
+- Add support of case template in back-end API [\#144](https://github.com/TheHive-Project/TheHive/issues/144)
+- Refresh the UI's skin [\#145](https://github.com/TheHive-Project/TheHive/issues/145)
+- Disable field autocomplete on the login form [\#146](https://github.com/TheHive-Project/TheHive/issues/146)
+- Connect to Cortex instance via proxy [\#147](https://github.com/TheHive-Project/TheHive/issues/147)
+- Add pagination component at the top of all the data lists [\#151](https://github.com/TheHive-Project/TheHive/issues/151)
+- Show severity on the "Cases Page" [\#165](https://github.com/TheHive-Project/TheHive/issues/165)
+- Update the datalist filter previews to display meaningful values [\#166](https://github.com/TheHive-Project/TheHive/issues/166)
+- Make the flow collapsible, in case details page [\#167](https://github.com/TheHive-Project/TheHive/issues/167)
+- Implement the alerting framework feature [\#170](https://github.com/TheHive-Project/TheHive/issues/170)
+- Connect to Cortex protected by Basic Auth [\#173](https://github.com/TheHive-Project/TheHive/issues/173)
+- Cannot distinguish which analysers run on which cortex instance [\#179](https://github.com/TheHive-Project/TheHive/issues/179)
+- Add support to .deb and .rpm package generation [\#193](https://github.com/TheHive-Project/TheHive/issues/193)
+- Sort the list of report templates [\#195](https://github.com/TheHive-Project/TheHive/issues/195)
+- TheHive send to many information to Cortex when an analyze is requested [\#196](https://github.com/TheHive-Project/TheHive/issues/196)
+- Display the logos of the integrated external services [\#198](https://github.com/TheHive-Project/TheHive/issues/198)
**Closed issues:**
-- Support for cuckoo malware analysis plattform \(link analysis\) [\#181](https://github.com/TheHive-Project/TheHive/issues/181)
+- MISP event filter require manual escapes [\#87](https://github.com/TheHive-Project/TheHive/issues/87)
- Scala code cleanup [\#153](https://github.com/TheHive-Project/TheHive/issues/153)
-**Merged pull requests:**
-
-- Fixed minor typo in template creation and update notifications. [\#194](https://github.com/TheHive-Project/TheHive/pull/194) ([dewoodruff](https://github.com/dewoodruff))
+**Fixed bugs:**
-## [2.10.2](https://github.com/TheHive-Project/TheHive/tree/2.10.2) (2017-04-19)
+- Job status refresh [\#171](https://github.com/TheHive-Project/TheHive/issues/171)
+- Duplicate HTTP calls in case page [\#187](https://github.com/TheHive-Project/TheHive/issues/187)
+- Fix the success message when running a set of analyzers [\#199](https://github.com/TheHive-Project/TheHive/issues/199)
+- Authentication fails with wrong message if database migration is needed [\#200](https://github.com/TheHive-Project/TheHive/issues/200)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.10.1...2.10.2)
+## [2.10.2](https://github.com/TheHive-Project/TheHive/milestone/8) (2017-04-18)
**Implemented enhancements:**
-- Run all analyzers on multiple observables from observables view [\#174](https://github.com/TheHive-Project/TheHive/issues/174)
-- Add CSRF protection [\#158](https://github.com/TheHive-Project/TheHive/issues/158)
- Persistence for task viewing options [\#157](https://github.com/TheHive-Project/TheHive/issues/157)
-
-**Fixed bugs:**
-
-- MISP import fails [\#169](https://github.com/TheHive-Project/TheHive/issues/169)
-- Unauthenticated access to some pages doesn't redirect to login page [\#161](https://github.com/TheHive-Project/TheHive/issues/161)
-- Disable readonly access to admin pages, for users without 'admin' role [\#160](https://github.com/TheHive-Project/TheHive/issues/160)
-- Secure the usage of angular-ui-notification library [\#159](https://github.com/TheHive-Project/TheHive/issues/159)
-- Pagination does not work with 100 results per page [\#152](https://github.com/TheHive-Project/TheHive/issues/152)
+- Add CSRF protection [\#158](https://github.com/TheHive-Project/TheHive/issues/158)
+- Run all analyzers on multiple observables from observables view [\#174](https://github.com/TheHive-Project/TheHive/issues/174)
**Closed issues:**
- Observable Tags not displayed in 2.10.1 [\#155](https://github.com/TheHive-Project/TheHive/issues/155)
-## [2.10.1](https://github.com/TheHive-Project/TheHive/tree/2.10.1) (2017-03-08)
+**Fixed bugs:**
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.10.0...2.10.1)
+- Pagination does not work with 100 results per page [\#152](https://github.com/TheHive-Project/TheHive/issues/152)
+- Secure the usage of angular-ui-notification library [\#159](https://github.com/TheHive-Project/TheHive/issues/159)
+- Disable readonly access to admin pages, for users without 'admin' role [\#160](https://github.com/TheHive-Project/TheHive/issues/160)
+- Unauthenticated access to some pages doesn't redirect to login page [\#161](https://github.com/TheHive-Project/TheHive/issues/161)
+- MISP import fails [\#169](https://github.com/TheHive-Project/TheHive/issues/169)
+
+## [2.10.1](https://github.com/TheHive-Project/TheHive/milestone/3) (2017-03-08)
**Implemented enhancements:**
-- Feature Request: Ansible build scripts [\#124](https://github.com/TheHive-Project/TheHive/issues/124)
-- Remove the "Run all analyzers" option from observables list [\#141](https://github.com/TheHive-Project/TheHive/issues/141)
-- Remove duplicate stream callbacks registration [\#138](https://github.com/TheHive-Project/TheHive/issues/138)
-- Typo in quick filters [\#134](https://github.com/TheHive-Project/TheHive/issues/134)
-- Display a warning when trying to merge an already merged case [\#129](https://github.com/TheHive-Project/TheHive/issues/129)
-- Restyle avatar's upload button [\#126](https://github.com/TheHive-Project/TheHive/issues/126)
-- Add pagination component at the top of the task log [\#116](https://github.com/TheHive-Project/TheHive/issues/116)
-- Disable buttons in MISP event's preview dialog [\#115](https://github.com/TheHive-Project/TheHive/issues/115)
-- Make The Hive working on any URL path and not only / [\#114](https://github.com/TheHive-Project/TheHive/issues/114)
-- Misleading MISP Event Date and Time [\#101](https://github.com/TheHive-Project/TheHive/issues/101)
- Upgrade to the last version of UI-Bootstrap UI library [\#79](https://github.com/TheHive-Project/TheHive/issues/79)
+- Misleading MISP Event Date and Time [\#101](https://github.com/TheHive-Project/TheHive/issues/101)
+- Make The Hive working on any URL path and not only / [\#114](https://github.com/TheHive-Project/TheHive/issues/114)
+- Disable buttons in MISP event's preview dialog [\#115](https://github.com/TheHive-Project/TheHive/issues/115)
+- Add pagination component at the top of the task log [\#116](https://github.com/TheHive-Project/TheHive/issues/116)
+- Restyle avatar's upload button [\#126](https://github.com/TheHive-Project/TheHive/issues/126)
+- Display a warning when trying to merge an already merged case [\#129](https://github.com/TheHive-Project/TheHive/issues/129)
+- Typo in quick filters [\#134](https://github.com/TheHive-Project/TheHive/issues/134)
+- Remove duplicate stream callbacks registration [\#138](https://github.com/TheHive-Project/TheHive/issues/138)
+- Remove the "Run all analyzers" option from observables list [\#141](https://github.com/TheHive-Project/TheHive/issues/141)
**Fixed bugs:**
-- Fix OTXQuery report template [\#142](https://github.com/TheHive-Project/TheHive/issues/142)
-- 401 HTTP responses don't trigger redirection to login page [\#140](https://github.com/TheHive-Project/TheHive/issues/140)
-- Fix a JS issue related to inactivity dialog [\#139](https://github.com/TheHive-Project/TheHive/issues/139)
-- Flow is not shown [\#127](https://github.com/TheHive-Project/TheHive/issues/127)
-- Case merge does not close tasks in merged cases [\#118](https://github.com/TheHive-Project/TheHive/issues/118)
-- Web UI doesn't refresh once a report template is deleted [\#113](https://github.com/TheHive-Project/TheHive/issues/113)
-- Open log in new windows [\#108](https://github.com/TheHive-Project/TheHive/issues/108)
-- Cannot add an observable which datatype has been added by an admin [\#106](https://github.com/TheHive-Project/TheHive/issues/106)
- Observables password hint does not reflect backend change [\#83](https://github.com/TheHive-Project/TheHive/issues/83)
+- Cannot add an observable which datatype has been added by an admin [\#106](https://github.com/TheHive-Project/TheHive/issues/106)
+- Open log in new windows [\#108](https://github.com/TheHive-Project/TheHive/issues/108)
+- Web UI doesn't refresh once a report template is deleted [\#113](https://github.com/TheHive-Project/TheHive/issues/113)
+- Case merge does not close tasks in merged cases [\#118](https://github.com/TheHive-Project/TheHive/issues/118)
+- Flow is not shown [\#127](https://github.com/TheHive-Project/TheHive/issues/127)
+- Fix a JS issue related to inactivity dialog [\#139](https://github.com/TheHive-Project/TheHive/issues/139)
+- 401 HTTP responses don't trigger redirection to login page [\#140](https://github.com/TheHive-Project/TheHive/issues/140)
+- Fix OTXQuery report template [\#142](https://github.com/TheHive-Project/TheHive/issues/142)
-## [2.10.0](https://github.com/TheHive-Project/TheHive/tree/2.10.0) (2017-02-01)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.9.2...2.10.0)
+## [2.10.0](https://github.com/TheHive-Project/TheHive/milestone/2) (2017-02-03)
**Implemented enhancements:**
-- Improve cases listing page [\#76](https://github.com/TheHive-Project/TheHive/issues/76)
-- Feature Request - Add Case Statistics by Severity [\#70](https://github.com/TheHive-Project/TheHive/issues/70)
-- Use avatars in user profiles [\#69](https://github.com/TheHive-Project/TheHive/issues/69)
-- Allow \(un\)set observable as IOC from the observable's page [\#68](https://github.com/TheHive-Project/TheHive/issues/68)
-- When closing a task, close the associated tab as well [\#66](https://github.com/TheHive-Project/TheHive/issues/66)
-- Load the Current Cases View when Closing a Case [\#61](https://github.com/TheHive-Project/TheHive/issues/61)
-- Externalize observable analysis [\#53](https://github.com/TheHive-Project/TheHive/issues/53)
-- Changeable case owner [\#30](https://github.com/TheHive-Project/TheHive/issues/30)
-- Make release process easier [\#28](https://github.com/TheHive-Project/TheHive/issues/28)
- Newly created case template not visible in NEW case until logout/login [\#26](https://github.com/TheHive-Project/TheHive/issues/26)
-
-**Fixed bugs:**
-
-- Template Limit Bug [\#105](https://github.com/TheHive-Project/TheHive/issues/105)
-- Bug related case [\#97](https://github.com/TheHive-Project/TheHive/issues/97)
-- Case TLP should be set to AMBER by default [\#96](https://github.com/TheHive-Project/TheHive/issues/96)
-- User is not notified on MISP error [\#88](https://github.com/TheHive-Project/TheHive/issues/88)
-- Locked users cannot be assignee of cases [\#77](https://github.com/TheHive-Project/TheHive/issues/77)
-- Task descriptions from case templates are not applied [\#65](https://github.com/TheHive-Project/TheHive/issues/65)
-- Add an already exist observable returns an unexpected error [\#63](https://github.com/TheHive-Project/TheHive/issues/63)
-- Don't use deleted obserables to link cases [\#62](https://github.com/TheHive-Project/TheHive/issues/62)
-- Assign a default role to new users and remove the ability to assign empty roles [\#60](https://github.com/TheHive-Project/TheHive/issues/60)
-- Locked users are still able to log in [\#59](https://github.com/TheHive-Project/TheHive/issues/59)
-- MISP events counter is not refreshed [\#58](https://github.com/TheHive-Project/TheHive/issues/58)
-- Make sure to clear new task log editor [\#57](https://github.com/TheHive-Project/TheHive/issues/57)
-- Missing markdown editor in case close dialog [\#42](https://github.com/TheHive-Project/TheHive/issues/42)
+- Make release process easier [\#28](https://github.com/TheHive-Project/TheHive/issues/28)
+- Changeable case owner [\#30](https://github.com/TheHive-Project/TheHive/issues/30)
+- Externalize observable analysis [\#53](https://github.com/TheHive-Project/TheHive/issues/53)
+- Load the Current Cases View when Closing a Case [\#61](https://github.com/TheHive-Project/TheHive/issues/61)
+- When closing a task, close the associated tab as well [\#66](https://github.com/TheHive-Project/TheHive/issues/66)
+- Allow (un)set observable as IOC from the observable's page [\#68](https://github.com/TheHive-Project/TheHive/issues/68)
+- Use avatars in user profiles [\#69](https://github.com/TheHive-Project/TheHive/issues/69)
+- Feature Request - Add Case Statistics by Severity [\#70](https://github.com/TheHive-Project/TheHive/issues/70)
+- Improve cases listing page [\#76](https://github.com/TheHive-Project/TheHive/issues/76)
**Closed issues:**
-- Database schema update \(v8\) [\#67](https://github.com/TheHive-Project/TheHive/issues/67)
-- Add support for more filetypes to PE_info analyser [\#54](https://github.com/TheHive-Project/TheHive/issues/54)
-- Create an analyzer to get information about PE file [\#51](https://github.com/TheHive-Project/TheHive/issues/51)
-- PhishTank Analyzer [\#40](https://github.com/TheHive-Project/TheHive/issues/40)
- OTX Analyzer [\#32](https://github.com/TheHive-Project/TheHive/issues/32)
+- PhishTank Analyzer [\#40](https://github.com/TheHive-Project/TheHive/issues/40)
+- Unable to use SSL on AD auth [\#50](https://github.com/TheHive-Project/TheHive/issues/50)
+- Create an analyzer to get information about PE file [\#51](https://github.com/TheHive-Project/TheHive/issues/51)
+- Add support for more filetypes to PE_info analyser [\#54](https://github.com/TheHive-Project/TheHive/issues/54)
+- Database schema update (v8) [\#67](https://github.com/TheHive-Project/TheHive/issues/67)
-**Merged pull requests:**
-
-- AlienVault OTX Analyzer [\#39](https://github.com/TheHive-Project/TheHive/pull/39) ([ecapuano](https://github.com/ecapuano))
-
-## [2.9.2](https://github.com/TheHive-Project/TheHive/tree/2.9.2) (2017-01-19)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.9.1...2.9.2)
+**Fixed bugs:**
-**Implemented enhancements:**
+- Missing markdown editor in case close dialog [\#42](https://github.com/TheHive-Project/TheHive/issues/42)
+- Make sure to clear new task log editor [\#57](https://github.com/TheHive-Project/TheHive/issues/57)
+- MISP events counter is not refreshed [\#58](https://github.com/TheHive-Project/TheHive/issues/58)
+- Locked users are still able to log in [\#59](https://github.com/TheHive-Project/TheHive/issues/59)
+- Assign a default role to new users and remove the ability to assign empty roles [\#60](https://github.com/TheHive-Project/TheHive/issues/60)
+- Don't use deleted obserables to link cases [\#62](https://github.com/TheHive-Project/TheHive/issues/62)
+- Add an already exist observable returns an unexpected error [\#63](https://github.com/TheHive-Project/TheHive/issues/63)
+- Task descriptions from case templates are not applied [\#65](https://github.com/TheHive-Project/TheHive/issues/65)
+- Locked users cannot be assignee of cases [\#77](https://github.com/TheHive-Project/TheHive/issues/77)
+- User is not notified on MISP error [\#88](https://github.com/TheHive-Project/TheHive/issues/88)
+- Case TLP should be set to AMBER by default [\#96](https://github.com/TheHive-Project/TheHive/issues/96)
+- Bug related case [\#97](https://github.com/TheHive-Project/TheHive/issues/97)
+- Hippocampe Analyzer [\#104](https://github.com/TheHive-Project/TheHive/issues/104)
+- Template Limit Bug [\#105](https://github.com/TheHive-Project/TheHive/issues/105)
-- Feature Request - Add observable statistics [\#71](https://github.com/TheHive-Project/TheHive/issues/71)
+## [2.9.2](https://github.com/TheHive-Project/TheHive/milestone/5) (2017-01-19)
**Fixed bugs:**
-- docker image: \$.post\(...\).success is not a function [\#95](https://github.com/TheHive-Project/TheHive/issues/95)
+- docker image: $.post(...).success is not a function [\#95](https://github.com/TheHive-Project/TheHive/issues/95)
-## [2.9.1](https://github.com/TheHive-Project/TheHive/tree/2.9.1) (2016-11-28)
+## [2.9.1](https://github.com/TheHive-Project/TheHive/milestone/1) (2016-11-28)
**Implemented enhancements:**
-- Statistics on a per case template name / prefix basis [\#31](https://github.com/TheHive-Project/TheHive/issues/31)
-- Observable Viewing Page [\#17](https://github.com/TheHive-Project/TheHive/issues/17)
-- Update logo and favicon [\#45](https://github.com/TheHive-Project/TheHive/issues/45)
-- Inconsistent wording between the login and user management pages [\#44](https://github.com/TheHive-Project/TheHive/issues/44)
-- MaxMind Analyzer 'Short Report' has hard-coded language [\#23](https://github.com/TheHive-Project/TheHive/issues/23)
-- Don't update imported case from MISP if it is deleted or merged [\#22](https://github.com/TheHive-Project/TheHive/issues/22)
- Case merging [\#14](https://github.com/TheHive-Project/TheHive/issues/14)
-- New analyzer to check URL categories [\#24](https://github.com/TheHive-Project/TheHive/pull/24) ([ecapuano](https://github.com/ecapuano))
+- Don't update imported case from MISP if it is deleted or merged [\#22](https://github.com/TheHive-Project/TheHive/issues/22)
+- MaxMind Analyzer 'Short Report' has hard-coded language [\#23](https://github.com/TheHive-Project/TheHive/issues/23)
+- Inconsistent wording between the login and user management pages [\#44](https://github.com/TheHive-Project/TheHive/issues/44)
+- Update logo and favicon [\#45](https://github.com/TheHive-Project/TheHive/issues/45)
**Fixed bugs:**
-- Resource not found by Assets controller [\#38](https://github.com/TheHive-Project/TheHive/issues/38)
-- NPE occurs at startup if conf directory doesn't exists [\#41](https://github.com/TheHive-Project/TheHive/issues/41)
-- Systemd startup script does not work [\#29](https://github.com/TheHive-Project/TheHive/issues/29)
-- MISP event parsing error when it doesn't contain any attribute [\#25](https://github.com/TheHive-Project/TheHive/issues/25)
-- Phantom tabs [\#18](https://github.com/TheHive-Project/TheHive/issues/18)
-- The Action button of observables list is blank [\#15](https://github.com/TheHive-Project/TheHive/issues/15)
-- Description becomes empty when you cancel an edition [\#13](https://github.com/TheHive-Project/TheHive/issues/13)
-- Metric Labels Not Showing in Case View [\#10](https://github.com/TheHive-Project/TheHive/issues/10)
-- chrome on os x - header alignment [\#5](https://github.com/TheHive-Project/TheHive/issues/5)
- Tags not saving when creating observable. [\#4](https://github.com/TheHive-Project/TheHive/issues/4)
-
-**Closed issues:**
-
-- Statistics based on Tags [\#37](https://github.com/TheHive-Project/TheHive/issues/37)
-- Give us something to work with! [\#2](https://github.com/TheHive-Project/TheHive/issues/2)
-
-**Merged pull requests:**
-
-- Fix "Run from Docker" [\#9](https://github.com/TheHive-Project/TheHive/pull/9) ([2xyo](https://github.com/2xyo))
-- Fixing a Simple Typo [\#6](https://github.com/TheHive-Project/TheHive/pull/6) ([swannysec](https://github.com/swannysec))
-- Fixed broken link to Wiki [\#1](https://github.com/TheHive-Project/TheHive/pull/1) ([Neo23x0](https://github.com/Neo23x0))
-
-\* _This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)_
+- chrome on os x - header alignment [\#5](https://github.com/TheHive-Project/TheHive/issues/5)
+- Metric Labels Not Showing in Case View [\#10](https://github.com/TheHive-Project/TheHive/issues/10)
+- Description becomes empty when you cancel an edition [\#13](https://github.com/TheHive-Project/TheHive/issues/13)
+- The Action button of observables list is blank [\#15](https://github.com/TheHive-Project/TheHive/issues/15)
+- Phantom tabs [\#18](https://github.com/TheHive-Project/TheHive/issues/18)
+- MISP event parsing error when it doesn't contain any attribute [\#25](https://github.com/TheHive-Project/TheHive/issues/25)
+- Systemd startup script does not work [\#29](https://github.com/TheHive-Project/TheHive/issues/29)
+- NPE occurs at startup if conf directory doesn't exists [\#41](https://github.com/TheHive-Project/TheHive/issues/41)
diff --git a/build.sbt b/build.sbt
index 467a6ff192..82efa88501 100644
--- a/build.sbt
+++ b/build.sbt
@@ -53,7 +53,7 @@ lazy val thehiveCortex = (project in file("thehive-cortex"))
)
lazy val thehive = (project in file("."))
- .enablePlugins(PlayScala/*, PlayAkkaHttp2Support*/)
+ .enablePlugins(PlayScala /*, PlayAkkaHttp2Support*/ )
.enablePlugins(Bintray)
.dependsOn(thehiveBackend, thehiveMisp, thehiveCortex)
.aggregate(thehiveBackend, thehiveMisp, thehiveCortex)
@@ -61,9 +61,9 @@ lazy val thehive = (project in file("."))
.settings(
aggregate in Debian := false,
aggregate in Rpm := false,
- aggregate in Docker := false
+ aggregate in Docker := false,
+ aggregate in changeLog := false
)
-
lazy val rpmPackageRelease = (project in file("package/rpm-release"))
.enablePlugins(RpmPlugin)
.settings(projectSettings)
@@ -81,23 +81,27 @@ lazy val rpmPackageRelease = (project in file("package/rpm-release"))
packageDescription :=
"""This package contains the TheHive-Project packages repository
|GPG key as well as configuration for yum.""".stripMargin,
- linuxPackageMappings in Rpm := Seq(packageMapping(
- file("PGP-PUBLIC-KEY") -> "etc/pki/rpm-gpg/GPG-TheHive-Project",
- file("package/rpm-release/thehive-rpm.repo") -> "/etc/yum.repos.d/thehive-rpm.repo",
- file("LICENSE") -> "/usr/share/doc/thehive-project-release/LICENSE"
- ))
+ linuxPackageMappings in Rpm := Seq(
+ packageMapping(
+ file("PGP-PUBLIC-KEY") → "etc/pki/rpm-gpg/GPG-TheHive-Project",
+ file("package/rpm-release/thehive-rpm.repo") → "/etc/yum.repos.d/thehive-rpm.repo",
+ file("LICENSE") → "/usr/share/doc/thehive-project-release/LICENSE"
+ )
+ )
)
rpmReleaseFile := {
import scala.sys.process._
val rpmFile = (packageBin in Rpm in rpmPackageRelease).value
- Process("rpm" ::
- "--define" :: "_gpg_name TheHive Project" ::
- "--define" :: "_signature gpg" ::
- "--define" :: "__gpg_check_password_cmd /bin/true" ::
- "--define" :: "__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --use-agent --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}" ::
- "--addsign" :: rpmFile.toString ::
- Nil).!!
+ Process(
+ "rpm" ::
+ "--define" :: "_gpg_name TheHive Project" ::
+ "--define" :: "_signature gpg" ::
+ "--define" :: "__gpg_check_password_cmd /bin/true" ::
+ "--define" :: "__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --use-agent --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}" ::
+ "--addsign" :: rpmFile.toString ::
+ Nil
+ ).!!
rpmFile
}
diff --git a/conf/application.sample b/conf/application.sample
index b4c10083f9..786a70df7a 100644
--- a/conf/application.sample
+++ b/conf/application.sample
@@ -45,57 +45,110 @@ search {
# Authentication
auth {
- # "provider" parameter contains authentication provider. It can be multi-valued (useful for migration)
- # available auth types are:
- # services.LocalAuthSrv : passwords are stored in user entity (in Elasticsearch). No configuration is required.
- # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
- # ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
- provider = [local]
+ # "provider" parameter contains authentication provider. It can be multi-valued (useful for migration)
+ # available auth types are:
+ # services.LocalAuthSrv : passwords are stored in user entity (in Elasticsearch). No configuration is required.
+ # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
+ # ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
+ # oauth2 : use OAuth/OIDC to authenticate users. Configuration is under "auth.oauth2" and "auth.sso" keys
+ provider = [local]
# By default, basic authentication is disabled. You can enable it by setting "method.basic" to true.
#method.basic = true
-
- ad {
- # The Windows domain name in DNS format. This parameter is required if you do not use
- # 'serverNames' below.
- #domainFQDN = "mydomain.local"
-
- # Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
- # above. If this parameter is not set, TheHive uses 'domainFQDN'.
- #serverNames = [ad1.mydomain.local, ad2.mydomain.local]
-
- # The Windows domain name using short format. This parameter is required.
- #domainName = "MYDOMAIN"
-
- # If 'true', use SSL to connect to the domain controller.
- #useSSL = true
- }
-
- ldap {
- # The LDAP server name or address. The port can be specified using the 'host:port'
- # syntax. This parameter is required if you don't use 'serverNames' below.
- #serverName = "ldap.mydomain.local:389"
-
- # If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
- #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
-
- # Account to use to bind to the LDAP server. This parameter is required.
- #bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
-
- # Password of the binding account. This parameter is required.
- #bindPW = "***secret*password***"
-
- # Base DN to search users. This parameter is required.
- #baseDN = "ou=users,dc=mydomain,dc=local"
-
- # Filter to search user in the directory server. Please note that {0} is replaced
- # by the actual user name. This parameter is required.
- #filter = "(cn={0})"
-
- # If 'true', use SSL to connect to the LDAP directory server.
- #useSSL = true
- }
+ ad {
+ # The Windows domain name in DNS format. This parameter is required if you do not use
+ # 'serverNames' below.
+ #domainFQDN = "mydomain.local"
+
+ # Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
+ # above. If this parameter is not set, TheHive uses 'domainFQDN'.
+ #serverNames = [ad1.mydomain.local, ad2.mydomain.local]
+
+ # The Windows domain name using short format. This parameter is required.
+ #domainName = "MYDOMAIN"
+
+ # If 'true', use SSL to connect to the domain controller.
+ #useSSL = true
+ }
+
+ ldap {
+ # The LDAP server name or address. The port can be specified using the 'host:port'
+ # syntax. This parameter is required if you don't use 'serverNames' below.
+ #serverName = "ldap.mydomain.local:389"
+
+ # If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
+ #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
+
+ # Account to use to bind to the LDAP server. This parameter is required.
+ #bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
+
+ # Password of the binding account. This parameter is required.
+ #bindPW = "***secret*password***"
+
+ # Base DN to search users. This parameter is required.
+ #baseDN = "ou=users,dc=mydomain,dc=local"
+
+ # Filter to search user in the directory server. Please note that {0} is replaced
+ # by the actual user name. This parameter is required.
+ #filter = "(cn={0})"
+
+ # If 'true', use SSL to connect to the LDAP directory server.
+ #useSSL = true
+ }
+
+ oauth2 {
+ # URL of the authorization server
+ #clientId = "client-id"
+ #clientSecret = "client-secret"
+ #redirectUri = "https://my-thehive-instance.example/index.html#!/login"
+ #responseType = "code"
+ #grantType = "authorization_code"
+
+ # URL from where to get the access token
+ #authorizationUrl = "https://auth-site.com/OAuth/Authorize"
+ #tokenUrl = "https://auth-site.com/OAuth/Token"
+
+ # The endpoint from which to obtain user details using the OAuth token, after successful login
+ #userUrl = "https://auth-site.com/api/User"
+ #scope = "openid profile"
+ }
+
+ # Single-Sign On
+ sso {
+ # Autocreate user in database?
+ #autocreate = false
+
+ # Autoupdate its profile and roles?
+ #autoupdate = false
+
+ # Autologin user using SSO?
+ #autologin = false
+
+ # Attributes mappings
+ #attributes {
+ # login = "sub"
+ # name = "name"
+ # groups = "groups"
+ # #roles = "roles"
+ #}
+
+ # Name of mapping class from user resource to backend user ('simple' or 'group')
+ #mapper = group
+ # Default roles for users with no groups mapped ("read", "write", "admin")
+ #defaultRoles = []
+
+ #groups {
+ # # URL to retreive groups (leave empty if you are using OIDC)
+ # #url = "https://auth-site.com/api/Groups"
+ # # Group mappings, you can have multiple roles for each group: they are merged
+ # mappings {
+ # admin-profile-name = ["admin"]
+ # editor-profile-name = ["write"]
+ # reader-profile-name = ["read"]
+ # }
+ #}
+ }
}
# Maximum time between two requests without requesting authentication
diff --git a/conf/logback.xml b/conf/logback.xml
index 3d090db65d..6420ad405c 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -46,9 +46,14 @@
+
+
+
+
+
-
\ No newline at end of file
+
diff --git a/docker.sbt b/docker.sbt
index 148c59a24c..e96488b4cf 100644
--- a/docker.sbt
+++ b/docker.sbt
@@ -3,10 +3,10 @@ import com.typesafe.sbt.packager.docker.{Cmd, ExecCmd}
version in Docker := {
version.value match {
- case stableVersion(_, _) => version.value
- case betaVersion(v1, v2) => v1 + "-0.1RC" + v2
- case snapshotVersion(_, _) => version.value + "-SNAPSHOT"
- case _ => sys.error("Invalid version: " + version.value)
+ case stableVersion(_, _) ⇒ version.value
+ case betaVersion(v1, v2) ⇒ v1 + "-0.1RC" + v2
+ case snapshotVersion(_, _) ⇒ version.value + "-SNAPSHOT"
+ case _ ⇒ sys.error("Invalid version: " + version.value)
}
}
defaultLinuxInstallLocation in Docker := "/opt/thehive"
@@ -14,25 +14,42 @@ dockerRepository := Some("thehiveproject")
dockerUpdateLatest := !version.value.toUpperCase.contains("RC") && !version.value.contains("SNAPSHOT")
dockerEntrypoint := Seq("/opt/thehive/entrypoint")
dockerExposedPorts := Seq(9000)
+daemonUser in Docker := "thehive"
+daemonGroup in Docker := "thehive"
mappings in Docker ++= Seq(
- file("package/docker/entrypoint") -> "/opt/thehive/entrypoint",
- file("package/logback.xml") -> "/etc/thehive/logback.xml",
- file("package/empty") -> "/var/log/thehive/application.log")
+ file("package/docker/entrypoint") → "/opt/thehive/entrypoint",
+ file("package/logback.xml") → "/etc/thehive/logback.xml",
+ file("package/empty") → "/var/log/thehive/application.log"
+)
mappings in Docker ~= (_.filterNot {
- case (_, filepath) => filepath == "/opt/thehive/conf/application.conf"
+ case (_, filepath) ⇒ filepath == "/opt/thehive/conf/application.conf"
})
-dockerCommands ~= { dc =>
- val (dockerInitCmds, dockerTailCmds) = dc
- .collect {
- case ExecCmd("RUN", "chown", _*) => ExecCmd("RUN", "chown", "-R", "daemon:root", ".")
- case other => other
- }
- .splitAt(4)
- dockerInitCmds ++
- Seq(
- Cmd("ADD", "var", "/var"),
- Cmd("ADD", "etc", "/etc"),
- ExecCmd("RUN", "chown", "-R", "daemon:root", "/var/log/thehive"),
- ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint")) ++
- dockerTailCmds
-}
\ No newline at end of file
+dockerCommands := Seq(
+ Cmd("FROM", "openjdk:8"),
+ Cmd("LABEL", "MAINTAINER=\"TheHive Project \"", "repository=\"https://github.com/TheHive-Project/TheHive\""),
+ Cmd("WORKDIR", "/opt/thehive"),
+ // format: off
+ Cmd("RUN",
+ "apt", "update", "&&",
+ "apt", "upgrade", "-y", "&&",
+ "apt", "autoclean", "-y", "-q", "&&",
+ "apt", "autoremove", "-y", "-q", "&&",
+ "rm", "-rf", "/var/lib/apt/lists/*", "&&",
+ "(", "type", "groupadd", "1>/dev/null", "2>&1", "&&",
+ "groupadd", "-g", "1000", "thehive", "||",
+ "addgroup", "-g", "1000", "-S", "thehive",
+ ")", "&&",
+ "(", "type", "useradd", "1>/dev/null", "2>&1", "&&",
+ "useradd", "--system", "--uid", "1000", "--gid", "1000", "thehive", "||",
+ "adduser", "-S", "-u", "1000", "-G", "thehive", "thehive",
+ ")"),
+ //format: on
+ Cmd("ADD", "--chown=root:root", "opt", "/opt"),
+ Cmd("ADD", "--chown=thehive:thehive", "var", "/var"),
+ Cmd("ADD", "--chown=thehive:thehive", "etc", "/etc"),
+ ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint"),
+ Cmd("EXPOSE", "9000"),
+ Cmd("USER", "thehive"),
+ ExecCmd("ENTRYPOINT", "/opt/thehive/entrypoint"),
+ ExecCmd("CMD")
+)
diff --git a/docker/thehive/docker-compose.yml b/docker/thehive/docker-compose.yml
index 5ca4e1cb12..0a9969c6ac 100644
--- a/docker/thehive/docker-compose.yml
+++ b/docker/thehive/docker-compose.yml
@@ -1,27 +1,25 @@
version: "2"
services:
elasticsearch:
- image: elasticsearch:6.8.0
+ image: elasticsearch:6.8.8
environment:
- http.host=0.0.0.0
- - cluster.name=hive
- - thread_pool.index.queue_size=100000
- - thread_pool.search.queue_size=100000
- - thread_pool.bulk.queue_size=100000
+ - discovery.type=single-node
ulimits:
nofile:
soft: 65536
hard: 65536
cortex:
- image: thehiveproject/cortex:3.0.1
+ image: thehiveproject/cortex:latest
depends_on:
- elasticsearch
ports:
- "0.0.0.0:9001:9001"
thehive:
- image: thehiveproject/thehive:3.4.0
+ image: thehiveproject/thehive:latest
depends_on:
- elasticsearch
- cortex
ports:
- "0.0.0.0:9000:9000"
+ command: --cortex-port 9001
\ No newline at end of file
diff --git a/migration/12/dashboards/Observable_statistics .json b/migration/12/dashboards/Observable_statistics .json
deleted file mode 100644
index 467bf0d517..0000000000
--- a/migration/12/dashboards/Observable_statistics .json
+++ /dev/null
@@ -1 +0,0 @@
-{"_routing":"AWu4YZXHg8tFuebkSwcG","description":"Observable statistics","title":"Observable statistics","_parent":null,"definition":{"period":"last3Months","items":[{"type":"container","items":[{"type":"donut","options":{"title":"Observables by type","entity":"case_artifact","field":"dataType","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{"fqdn":"fqdn","url":"url","regexp":"regexp","mail":"mail","hash":"hash","registry":"registry","uri_path":"uri_path","truc":"truc","ip":"ip","user-agent":"user-agent","autonomous-system":"autonomous-system","file":"file","mail_subject":"mail_subject","filename":"filename","other":"other","domain":"domain"},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"6ee86a99-3f40-1960-fd4d-398a1da5b76e"},{"type":"donut","options":{"title":"Observables by attachment content type","entity":"case_artifact","field":"attachment.contentType","query":{"_and":[{"_field":"dataType","_value":"file"},{"_not":{"_field":"status","_value":"Deleted"}}]},"names":{},"filters":[{"field":"dataType","type":"enumeration","value":{"list":[{"text":"file","label":"file"}]}},{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"b6110238-3074-4e85-674f-4bc56829e68a"}]},{"type":"container","items":[{"type":"donut","options":{"title":"Observable tags","entity":"case_artifact","field":"tags","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"70bbc0a5-1692-4e46-ebac-8769952ad9c0"},{"type":"donut","options":{"title":"Observables by TLP","entity":"case_artifact","field":"tlp","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{"0":"white","1":"green","2":"amber","3":"red"},"colors":{"0":"#bdf0ea","1":"#48e80f","2":"#e0a91a","3":"#f02626"},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"633fbe97-805e-6123-3330-29f5c8f45f13"}]},{"type":"container","items":[{"type":"donut","options":{"title":"Observables by IOC flag","entity":"case_artifact","field":"ioc","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"771a3bdf-e437-ac3a-384d-23be91a25b07"},{"type":"line","options":{"title":"Observables over time","entity":"case_artifact","field":"createdAt","interval":"1w","series":[{"agg":"count","field":null,"type":"area-spline","filters":[{"field":"ioc","type":"boolean","value":true}],"label":"IOC","query":{"_field":"ioc","_value":true}},{"agg":"count","field":null,"type":"area-spline","label":"non-IOC","filters":[{"field":"ioc","type":"boolean","value":false}],"query":{"_field":"ioc","_value":false}}],"stacked":true,"query":{"_not":{"_field":"status","_value":"Deleted"}},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"e5ed24a6-51ed-ecc4-9db0-ce837fd84214"}]}],"customPeriod":{"fromDate":null,"toDate":null}},"_id":"AWu4YZXHg8tFuebkSwcG","_version":3,"status":"Shared"}
diff --git a/migration/12/dashboards/Observable_statistics.json b/migration/12/dashboards/Observable_statistics.json
new file mode 100644
index 0000000000..2be434a943
--- /dev/null
+++ b/migration/12/dashboards/Observable_statistics.json
@@ -0,0 +1,101 @@
+{
+ "description": "Observable statistics",
+ "title": "Observable statistics",
+ "definition": {
+ "period": "last3Months", "items": [
+ {
+ "type": "container", "items": [
+ {
+ "type": "donut", "options": {
+ "title": "Observables by type", "entity": "case_artifact", "field": "dataType",
+ "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {
+ "fqdn": "fqdn", "url": "url", "regexp": "regexp", "mail": "mail", "hash": "hash", "registry": "registry",
+ "uri_path": "uri_path", "truc": "truc", "ip": "ip", "user-agent": "user-agent",
+ "autonomous-system": "autonomous-system", "file": "file", "mail_subject": "mail_subject",
+ "filename": "filename", "other": "other", "domain": "domain"
+ }, "filters": [
+ {
+ "field": "status", "type": "enumeration",
+ "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+ }
+ ]
+ }, "id": "6ee86a99-3f40-1960-fd4d-398a1da5b76e"
+ }, {
+ "type": "donut", "options": {
+ "title": "Observables by attachment content type", "entity": "case_artifact",
+ "field": "attachment.contentType", "query": {
+ "_and": [{"_field": "dataType", "_value": "file"}, {"_not": {"_field": "status", "_value": "Deleted"}}]
+ }, "names": {}, "filters": [
+ {"field": "dataType", "type": "enumeration", "value": {"list": [{"text": "file", "label": "file"}]}}, {
+ "field": "status", "type": "enumeration",
+ "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+ }
+ ]
+ }, "id": "b6110238-3074-4e85-674f-4bc56829e68a"
+ }
+ ]
+ }, {
+ "type": "container", "items": [
+ {
+ "type": "donut", "options": {
+ "title": "Observable tags", "entity": "case_artifact", "field": "tags",
+ "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {}, "filters": [
+ {
+ "field": "status", "type": "enumeration",
+ "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+ }
+ ]
+ }, "id": "70bbc0a5-1692-4e46-ebac-8769952ad9c0"
+ }, {
+ "type": "donut", "options": {
+ "title": "Observables by TLP", "entity": "case_artifact", "field": "tlp",
+ "query": {"_not": {"_field": "status", "_value": "Deleted"}},
+ "names": {"0": "white", "1": "green", "2": "amber", "3": "red"},
+ "colors": {"0": "#bdf0ea", "1": "#48e80f", "2": "#e0a91a", "3": "#f02626"}, "filters": [
+ {
+ "field": "status", "type": "enumeration",
+ "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+ }
+ ]
+ }, "id": "633fbe97-805e-6123-3330-29f5c8f45f13"
+ }
+ ]
+ }, {
+ "type": "container", "items": [
+ {
+ "type": "donut", "options": {
+ "title": "Observables by IOC flag", "entity": "case_artifact", "field": "ioc",
+ "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {}, "filters": [
+ {
+ "field": "status", "type": "enumeration",
+ "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+ }
+ ]
+ }, "id": "771a3bdf-e437-ac3a-384d-23be91a25b07"
+ }, {
+ "type": "line", "options": {
+ "title": "Observables over time", "entity": "case_artifact", "field": "createdAt", "interval": "1w",
+ "series": [
+ {
+ "agg": "count", "field": null, "type": "area-spline",
+ "filters": [{"field": "ioc", "type": "boolean", "value": true}], "label": "IOC",
+ "query": {"_field": "ioc", "_value": true}
+ }, {
+ "agg": "count", "field": null, "type": "area-spline", "label": "non-IOC",
+ "filters": [{"field": "ioc", "type": "boolean", "value": false}],
+ "query": {"_field": "ioc", "_value": false}
+ }
+ ], "stacked": true, "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "filters": [
+ {
+ "field": "status", "type": "enumeration",
+ "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+ }
+ ]
+ }, "id": "e5ed24a6-51ed-ecc4-9db0-ce837fd84214"
+ }
+ ]
+ }
+ ], "customPeriod": {"fromDate": null, "toDate": null}
+ },
+ "status": "Shared"
+}
diff --git a/package/docker/Dockerfile b/package/docker/Dockerfile
new file mode 100644
index 0000000000..6c25d72119
--- /dev/null
+++ b/package/docker/Dockerfile
@@ -0,0 +1,67 @@
+# This Dockerfile is not the one used for official Docker image of TheHive but the result image should be identical
+# Official image are generated by sbt (with the command sbt docker:publishLocal)
+# This Dockerfile is largely inspired by https://github.com/ilyaglow/dockerfiles/blob/master/thehive/Dockerfile
+
+FROM openjdk:8 as build-env
+
+LABEL MAINTAINER="TheHive Project "
+
+ARG THEHIVE_VERSION=develop
+
+RUN apt update && \
+ apt install -y apt-transport-https && \
+ curl -sL https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash - && \
+ export NVM_DIR="${HOME}/.nvm" && \
+ . "$NVM_DIR/nvm.sh" && \
+ nvm install --lts && \
+ apt-get install -y git && \
+ npm install -g grunt-cli \
+ bower && \
+ git -c advice.detachedHead=false \
+ clone \
+ --branch=$THEHIVE_VERSION \
+ --depth=1 \
+ https://github.com/TheHive-Project/TheHive.git && \
+ echo '{"allow_root": true}' > /root/.bowerrc && \
+ cd TheHive && \
+ ./sbt clean stage && \
+ mv /TheHive/target/universal/stage /opt/thehive && \
+ mv /TheHive/package/docker/entrypoint /opt/thehive/entrypoint && \
+ mkdir /var/log/thehive && \
+ apt-get purge -y git && \
+ rm -rf /TheHive \
+ /root/* \
+ /root/.nvm \
+ /root/.m2 \
+ /root/.ivy2 \
+ /root/.sbt \
+ /var/lib/apt/lists/*
+
+FROM openjdk:8
+COPY --from=build-env /opt/thehive /opt/thehive
+COPY --from=build-env /var/log/thehive /var/log/thehive
+
+RUN apt update && \
+ apt upgrade -y && \
+ apt autoclean -y -q && \
+ apt autoremove -y -q && \
+ rm -rf /var/lib/apt/lists/* && \
+ ( type groupadd 1>/dev/null 2>&1 && \
+ groupadd -g 1000 thehive || \
+ addgroup -g 1000 -S thehive ) && \
+ ( type useradd 1>/dev/null 2>&1 && \
+ useradd --system --uid 1000 --gid 1000 thehive || \
+ adduser -S -u 1000 -G thehive thehive ) && \
+ mkdir /etc/thehive && \
+ cp /opt/thehive/conf/logback.xml /etc/thehive/logback.xml && \
+ chown -R root:root /opt/thehive && \
+ chown -R thehive:thehive /var/log/thehive /etc/thehive && \
+ chmod +x /opt/thehive/entrypoint
+
+USER thehive
+
+EXPOSE 9000
+
+WORKDIR /opt/thehive
+
+ENTRYPOINT ["/opt/thehive/entrypoint"]
diff --git a/package/docker/entrypoint b/package/docker/entrypoint
index 8a2e2fdda7..39d2827375 100755
--- a/package/docker/entrypoint
+++ b/package/docker/entrypoint
@@ -1,131 +1,221 @@
#!/bin/bash
-ES_HOSTNAME=elasticsearch
-CONFIG_SECRET=1
-CONFIG_ES=1
-CONFIG_CORTEX=1
-CORTEX_HOSTNAME=cortex
-CORTEX_PROTO=http
-CORTEX_PORT=9001
-CORTEX_URLS=()
-CONFIG=1
-CONFIG_FILE=/etc/thehive/application.conf
-CORTEX_KEYS=()
+ES_HOSTNAME=${TH_ES_HOSTNAME:-elasticsearch}
+test "${TH_NO_CONFIG_SECRET}" == 1
+CONFIG_SECRET=$?
+SECRET=${TH_SECRET}
+SHOW_SECRET=${TH_SHOW_SECRET:-0}
+test "${TH_NO_CONFIG_ES}" == 1
+CONFIG_ES=$?
+test "${TH_NO_CONFIG_CORTEX}" == 1
+CONFIG_CORTEX=$?
+CORTEX_HOSTNAME=${TH_CORTEX_HOSTNAME:-cortex}
+CORTEX_PROTO=${TH_CORTEX_PROTO:-http}
+CORTEX_PORT=${TH_CORTEX_PORT:9001}
+IFS=',' read -r -a CORTEX_URLS <<< "${TH_CORTEX_URLS}"
+test "${TH_NO_CONFIG}" == 1
+CONFIG=$?
+CONFIG_FILE=${TH_CONFIG_FILE:-/etc/thehive/application.conf}
+IFS=',' read -r -a CORTEX_KEYS <<< "${TH_CORTEX_KEYS}"
+AUTO_MIGRATION=${TH_AUTO_MIGRATION:-0}
+CREATE_ADMIN_LOGIN=${TH_CREATE_ADMIN_LOGIN}
+CREATE_ADMIN_PASSWORD=${TH_CREATE_ADMIN_PASSWORD}
+CREATE_USER_LOGIN=${TH_CREATE_USER_LOGIN}
+IFS=',' read -r -a CREATE_USER_ROLE <<< "${TH_CREATE_USER_ROLE}"
+CREATE_USER_PASSWORD=${TH_CREATE_USER_PASSWORD}
function usage {
- cat <<- _EOF_
- Available options:
- --no-config | do not try to configure TheHive (add secret and elasticsearch)
- --no-config-secret | do not add random secret to configuration
- --no-config-es | do not add elasticsearch hosts to configuration
- --es-uri | use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
- --es-hostname | resolve this hostname to find elasticseach instances
- --secret | secret to secure sessions
- --cortex-proto | define protocol to connect to Cortex (default: http)
- --cortex-port | define port to connect to Cortex (default: 9000)
- --cortex-url | add Cortex connection
- --cortex-hostname | resolve this hostname to find Cortex instances
- --cortex-key | define Cortex key
- _EOF_
- exit 1
+ cat <<- _EOF_
+ Available options:
+ --no-config | do not try to configure TheHive (add secret and elasticsearch)
+ --no-config-secret | do not add random secret to configuration
+ --secret | secret to secure sessions
+ --show-secret | show the generated secret
+ --no-config-es | do not add elasticsearch hosts to configuration
+ --es-uri | use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
+ --es-hostname | resolve this hostname to find elasticsearch instances
+ --no-config-cortex | do not add Cortex configuration
+ --cortex-proto | define protocol to connect to Cortex (default: http)
+ --cortex-port | define port to connect to Cortex (default: 9000)
+ --cortex-url | add Cortex connection
+ --cortex-hostname | resolve this hostname to find Cortex instances
+ --cortex-key | define Cortex key
+ --auto-migration | migrate the database, if needed
+ --create-admin | create the first admin user, if not exist yet
+ --create-user | create a user, only in conjunction with admin creation
+_EOF_
+ exit 1
}
+
STOP=0
-while test $# -gt 0 -o $STOP = 1
+while test $# -gt 0 -o "${STOP}" = 1
do
- case "$1" in
- "--no-config") CONFIG=0;;
- "--no-config-secret") CONFIG_SECRET=0;;
- "--secret") shift; SECRET=$1;;
- "--no-config-es") CONFIG_ES=0;;
- "--es-hosts") echo "--es-hosts is deprecated, please use --es-uri"
- usage;;
- "--es-uri") shift; ES_URI=$1;;
- "--es-hostname") shift; ES_HOSTNAME=$1;;
- "--no-config-cortex") CONFIG_CORTEX=0;;
- "--cortex-proto") shift; CORTEX_PROTO=$1;;
- "--cortex-port") shift; CORTEX_PORT=$1;;
- "--cortex-url") shift; CORTEX_URLS+=($1);;
- "--cortex-hostname") shift; CORTEX_HOSTNAME=$1;;
- "--cortex-key") shift; CORTEX_KEYS=($1);;
- "--") STOP=1;;
- *) usage
- esac
- shift
+ case "$1" in
+ "--no-config") CONFIG=0 ;;
+ "--no-config-secret") CONFIG_SECRET=0 ;;
+ "--secret") shift; SECRET=$1 ;;
+ "--show-secret") SHOW_SECRET=1 ;;
+ "--no-config-es") CONFIG_ES=0 ;;
+ "--es-hosts") echo "--es-hosts is deprecated, please use --es-uri"
+ usage ;;
+ "--es-uri") shift; ES_URI=$1 ;;
+ "--es-hostname") shift; ES_HOSTNAME=$1 ;;
+ "--no-config-cortex") CONFIG_CORTEX=0 ;;
+ "--cortex-proto") shift; CORTEX_PROTO=$1 ;;
+ "--cortex-port") shift; CORTEX_PORT=$1 ;;
+ "--cortex-url") shift; CORTEX_URLS+=($1) ;;
+ "--cortex-hostname") shift; CORTEX_HOSTNAME=$1 ;;
+ "--cortex-key") shift; CORTEX_KEYS=($1) ;;
+ "--auto-migration") AUTO_MIGRATION=1 ;;
+ "--create-admin") shift; CREATE_ADMIN_LOGIN=$1
+ shift; CREATE_ADMIN_PASSWORD=$1 ;;
+ "--create-user") shift; CREATE_USER_LOGIN=$1
+ shift; IFS=',' read -r -a CREATE_USER_ROLE <<< "$1"
+ shift; CREATE_USER_PASSWORD=$1 ;;
+ "--") STOP=1;;
+ *) usage
+ esac
+ shift
done
-if test $CONFIG = 1
+if test "${CONFIG}" = 1
then
- CONFIG_FILE=$(mktemp).conf
- if test $CONFIG_SECRET = 1
- then
- if test -z "$SECRET"
- then
- SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
- fi
- echo Using secret: $SECRET
- echo play.http.secret.key=\"$SECRET\" >> $CONFIG_FILE
- fi
+ CONFIG_FILE=$(mktemp).conf
+ if test "${CONFIG_SECRET}" = 1
+ then
+ if test -z "${SECRET}"
+ then
+ SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
+ test "${SHOW_SECRET}" = 1 && echo Using secret: ${SECRET}
+ fi
+ echo "play.http.secret.key=\"${SECRET}\"" >> ${CONFIG_FILE}
+ fi
- if test $CONFIG_ES = 1
- then
- if test -z "$ES_URI"
- then
- function join_es_hosts {
- echo -n $1:9200
- shift
- printf "%s," "${@/#/:9200}"
- }
+ if test "${CONFIG_ES}" = 1
+ then
+ if test -z "${ES_URI}"
+ then
+ ES=$(getent ahostsv4 "${ES_HOSTNAME}" | awk '{ print $1 }' | sort -u)
+ if test -z "${ES}"
+ then
+ echo "Warning automatic elasticsearch host config fails"
+ else
+ JOIN_ES_HOST=$(printf "%s:9200," "${ES}")
+ ES_URI=http://${JOIN_ES_HOST::-1}
+ fi
+ fi
+ if test -n "${ES_URI}"
+ then
+ echo "Using elasticsearch uri: ${ES_URI}"
+ echo "search.uri=\"${ES_URI}\"" >> ${CONFIG_FILE}
+ else
+ echo "elasticsearch uri not configured"
+ fi
+ fi
- ES=$(getent ahostsv4 $ES_HOSTNAME | awk '{ print $1 }' | sort -u)
- if test -z "$ES"
- then
- echo "Warning automatic elasticsearch host config fails"
- else
- ES_URI=http://$(join_es_hosts $ES)
- fi
- fi
- if test -n "$ES_URI"
- then
- echo Using elasticsearch uri: $ES_URI
- echo search.uri=\"$ES_URI\" >> $CONFIG_FILE
- else
- echo elasticsearch host not configured
- fi
- fi
+ if test -n "${CREATE_USER_LOGIN}"; then
+ echo "Enable basic authentication method to permit user creation"
+ echo "auth.method.basic=true" >> ${CONFIG_FILE}
+ fi
- if test $CONFIG_CORTEX = 1
- then
- if test -n "$CORTEX_HOSTNAME"
- then
- CORTEX_URLS+=($(getent ahostsv4 $CORTEX_HOSTNAME | awk "{ print \"$CORTEX_PROTO://\"\$1\":$CORTEX_PORT\" }" | sort -u))
- fi
+ if test "${CONFIG_CORTEX}" = 1
+ then
+ if test -n "${CORTEX_HOSTNAME}"
+ then
+ CORTEX_URLS+=($(getent ahostsv4 "${CORTEX_HOSTNAME}" | awk "{ print \"${CORTEX_PROTO}://\"\$1\":${CORTEX_PORT}\" }" | sort -u))
+ fi
- if test ${#CORTEX_URLS[@]} -gt 0
- then
- echo "play.modules.enabled += connectors.cortex.CortexConnector" >> $CONFIG_FILE
- fi
- I=1
- for C in ${CORTEX_URLS[@]}
- do
- echo Add Cortex cortex$I: $C
- echo cortex.cortex$I.url=\"$C\" >> $CONFIG_FILE
- I=$(($I+1))
- done
- I=1
- for K in ${CORTEX_KEYS[@]}
- do
- echo Add Cortex cortex$I key: $K
- echo cortex.cortex$I.key=\"$K\" >> $CONFIG_FILE
- I=$(($I+1))
- done
- fi
+ if test ${#CORTEX_URLS[@]} -gt 0
+ then
+ echo "play.modules.enabled += connectors.cortex.CortexConnector" >> ${CONFIG_FILE}
+ fi
+ I=1
+ for C in ${CORTEX_URLS[@]}
+ do
+ echo "Add Cortex cortex${I}: ${C}"
+ echo "cortex.cortex${I}.url=\"${C}\"" >> ${CONFIG_FILE}
+ I=$((${I}+1))
+ done
+ I=1
+ for K in ${CORTEX_KEYS[@]}
+ do
+ echo "Add Cortex cortex${I} key: ${K}"
+ echo "cortex.cortex${I}.key=\"${K}\"" >> ${CONFIG_FILE}
+ I=$((${I}+1))
+ done
+ fi
- echo 'include file("/etc/thehive/application.conf")' >> $CONFIG_FILE
+ echo 'include file("/etc/thehive/application.conf")' >> ${CONFIG_FILE}
fi
-exec bin/thehive \
- -Dconfig.file=$CONFIG_FILE \
- -Dlogger.file=/etc/thehive/logback.xml \
- -Dpidfile.path=/dev/null \
- $@
+
+bin/thehive \
+ -Dconfig.file=${CONFIG_FILE} \
+ -Dlogger.file=/etc/thehive/logback.xml \
+ -Dpidfile.path=/dev/null \
+ $@ &
+PID=$!
+trap 'kill -SIGTERM "${PID}"; wait "${PID}"; exit 143' SIGTERM SIGINT
+
+if test "${AUTO_MIGRATION}" = 1 -o -n "${CREATE_ADMIN_LOGIN}"; then
+ echo -n "Wait until TheHive starts"
+ MAX_WAIT=15
+ IS_STARTED=0
+ while test "${MAX_WAIT}" -gt 0 -a "${IS_STARTED}" = 0; do
+ sleep 3
+ echo -n .
+ HTTP_CODE=$(curl -s -w '%{http_code}' -m 2 -o /dev/null http://127.0.0.1:9000/api/status)
+ test "${HTTP_CODE}" != 200
+ IS_STARTED=$?
+ MAX_WAIT=$(("${MAX_WAIT}"-1))
+ done
+ echo
+ if test "${IS_STARTED}" = 0; then
+ echo "Thehive fails to start"
+ else
+ HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null http://127.0.0.1:9000/api/user/current)
+ if test "${HTTP_CODE}" = 520 -a "${AUTO_MIGRATION}" = 1; then
+ echo -n "Migrating database ..."
+ HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null -XPOST http://127.0.0.1:9000/api/maintenance/migrate)
+ if test "${HTTP_CODE}" != 204; then
+ echo "fails! ${HTTP_CODE}"
+ else
+ echo "ok"
+ if test -n "${CREATE_ADMIN_LOGIN}"; then
+ echo -n "Create admin user ..."
+ HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null http://127.0.0.1:9000/api/user \
+ -H "Content-type: application/json" \
+ -d '{
+ "login": "'${CREATE_ADMIN_LOGIN}'",
+ "name": "'${CREATE_ADMIN_LOGIN}'",
+ "roles": ["ADMIN","READ","WRITE","ALERT"],
+ "password":"'${CREATE_ADMIN_PASSWORD}'"}')
+ if test ${HTTP_CODE} != 201; then
+ echo "fails"
+ else
+ echo "ok"
+ if test -n "${CREATE_USER_LOGIN}"; then
+ echo -n "Create user ${CREATE_USER_LOGIN} ..."
+ ROLE=$(printf '"%s",' ${CREATE_USER_ROLE[@]})
+ HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null http://127.0.0.1:9000/api/user \
+ -u ${CREATE_ADMIN_LOGIN}:${CREATE_ADMIN_PASSWORD} \
+ -H "Content-type: application/json" \
+ -d '{
+ "login": "'${CREATE_USER_LOGIN}'",
+ "name": "'${CREATE_USER_LOGIN}'",
+ "roles": ['${ROLE::-1}'],
+ "password": "'${CREATE_USER_PASSWORD}'"}')
+ if test ${HTTP_CODE} = 201; then
+ echo "ok"
+ else
+ echo "fails"
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+wait ${PID}
\ No newline at end of file
diff --git a/project/build.properties b/project/build.properties
index c0bab04941..080a737edb 100644
--- a/project/build.properties
+++ b/project/build.properties
@@ -1 +1 @@
-sbt.version=1.2.8
+sbt.version=1.3.0
diff --git a/project/plugins.sbt b/project/plugins.sbt
index c8ec87a869..5af970f6ad 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -1,6 +1,7 @@
// Comment to get more information during initialization
logLevel := Level.Info
-addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.23")
-addSbtPlugin("org.foundweekends" % "sbt-bintray" % "0.5.1")
-addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.0.0")
+addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.23")
+addSbtPlugin("org.foundweekends" % "sbt-bintray" % "0.5.1")
+addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.0.0")
+addSbtPlugin("org.thehive-project" % "sbt-github-changelog" % "0.2.0")
diff --git a/thehive-backend/app/controllers/StatusCtrl.scala b/thehive-backend/app/controllers/StatusCtrl.scala
index 08ee2f7145..936a029744 100644
--- a/thehive-backend/app/controllers/StatusCtrl.scala
+++ b/thehive-backend/app/controllers/StatusCtrl.scala
@@ -38,6 +38,7 @@ class StatusCtrl @Inject()(
private def updateStatus(): Unit = {
clusterStatusName = Try(dbIndex.clusterStatusName).getOrElse("ERROR")
system.scheduler.scheduleOnce(checkStatusInterval)(updateStatus())
+ ()
}
updateStatus()
@@ -79,8 +80,7 @@ class StatusCtrl @Inject()(
case 1 ⇒ HealthStatus.Warning
case _ ⇒ HealthStatus.Error
}
- connectorStatus = connectors.map(c ⇒ c.health).toSeq
- distinctStatus = connectorStatus :+ dbStatus
+ distinctStatus = connectors.map(c ⇒ c.health) + dbStatus
globalStatus = if (distinctStatus.contains(HealthStatus.Ok)) {
if (distinctStatus.size > 1) HealthStatus.Warning else HealthStatus.Ok
} else if (distinctStatus.contains(HealthStatus.Error)) HealthStatus.Error
diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
index 2dcde4860f..b9afab587f 100644
--- a/thehive-backend/app/models/Alert.scala
+++ b/thehive-backend/app/models/Alert.scala
@@ -60,7 +60,7 @@ trait AlertAttributes {
Attribute("alert", "ioc", OptionalAttributeFormat(F.booleanFmt), Nil, None, "")
)
}
-
+
val alertId: A[String] = attribute("_id", F.stringFmt, "Alert id", O.readonly)
val tpe: A[String] = attribute("type", F.stringFmt, "Type of the alert", O.readonly)
val source: A[String] = attribute("source", F.stringFmt, "Source of the alert", O.readonly)
@@ -70,7 +70,7 @@ trait AlertAttributes {
val caze: A[Option[String]] = optionalAttribute("case", F.stringFmt, "Id of the case, if created")
val title: A[String] = attribute("title", F.textFmt, "Title of the alert")
val description: A[String] = attribute("description", F.textFmt, "Description of the alert")
- val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the alert (0-3)", 2L)
+ val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the alert (1-4)", 2L)
val tags: A[Seq[String]] = multiAttribute("tags", F.stringFmt, "Alert tags")
val tlp: A[Long] = attribute("tlp", TlpAttributeFormat, "TLP level", 2L)
val artifacts: A[Seq[JsObject]] = multiAttribute("artifacts", F.objectFmt(artifactAttributes), "Artifact of the alert", O.unaudited)
@@ -83,10 +83,15 @@ trait AlertAttributes {
@Singleton
class AlertModel @Inject()(dblists: DBLists) extends ModelDef[AlertModel, Alert]("alert", "Alert", "/alert") with AlertAttributes with AuditedModel {
- private[AlertModel] lazy val logger = Logger(getClass)
- override val defaultSortBy: Seq[String] = Seq("-date")
- override val removeAttribute: JsObject = Json.obj("status" → AlertStatus.Ignored)
- override val computedMetrics: Map[String, String] = Map("observableCount" → "_source['artifacts']?.size()")
+ private[AlertModel] lazy val logger = Logger(getClass)
+ override val defaultSortBy: Seq[String] = Seq("-date")
+ override val removeAttribute: JsObject = Json.obj("status" → AlertStatus.Ignored)
+ override val computedMetrics: Map[String, String] = Map(
+ "observableCount" → "if (params._source.containsKey('artifacts')) { params._source['artifacts'].size() } else 0",
+ "handlingDurationInSeconds" → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / 1000",
+ "handlingDurationInHours" → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / 3600000",
+ "handlingDurationInDays" → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / (3600000 * 24)"
+ )
override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] = {
// check if data attribute is present on all artifacts
diff --git a/thehive-backend/app/models/AttributeFormat.scala b/thehive-backend/app/models/AttributeFormat.scala
index debadb278e..6bf2ad96ac 100644
--- a/thehive-backend/app/models/AttributeFormat.scala
+++ b/thehive-backend/app/models/AttributeFormat.scala
@@ -11,7 +11,7 @@ import org.elastic4play.{AttributeError, InvalidFormatAttributeError}
object SeverityAttributeFormat extends NumberAttributeFormat {
- def isValidValue(value: Long): Boolean = 1 <= value && value <= 3
+ def isValidValue(value: Long): Boolean = 1 <= value && value <= 4
override def definition(dblists: DBLists, attribute: Attribute[Long]): Seq[AttributeDefinition] =
Seq(
@@ -19,8 +19,8 @@ object SeverityAttributeFormat extends NumberAttributeFormat {
attribute.attributeName,
name,
attribute.description,
- Seq(JsNumber(1), JsNumber(2), JsNumber(3)),
- Seq("low", "medium", "high")
+ Seq(JsNumber(1), JsNumber(2), JsNumber(3), JsNumber(4)),
+ Seq("low", "medium", "high", "critical")
)
)
diff --git a/thehive-backend/app/models/Case.scala b/thehive-backend/app/models/Case.scala
index a6fe3984d5..450d471d3d 100644
--- a/thehive-backend/app/models/Case.scala
+++ b/thehive-backend/app/models/Case.scala
@@ -37,7 +37,7 @@ trait CaseAttributes { _: AttributeDef ⇒
val caseId: A[Long] = attribute("caseId", F.numberFmt, "Id of the case (auto-generated)", O.model)
val title: A[String] = attribute("title", F.textFmt, "Title of the case")
val description: A[String] = attribute("description", F.textFmt, "Description of the case")
- val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (0-3)", 2L)
+ val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (1-4)", 2L)
val owner: A[String] = attribute("owner", F.userFmt, "Owner of the case")
val startDate: A[Date] = attribute("startDate", F.dateFmt, "Creation date", new Date)
val endDate: A[Option[Date]] = optionalAttribute("endDate", F.dateFmt, "Resolution date")
@@ -81,10 +81,12 @@ class CaseModel @Inject()(
override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] =
sequenceSrv("case").map { caseId ⇒
- attrs + ("caseId" → JsNumber(caseId))
+ attrs +
+ ("caseId" → JsNumber(caseId)) +
+ ("owner" → (attrs \ "owner").asOpt[String].fold[JsValue](JsNull)(o ⇒ JsString(o.toLowerCase())))
}
- override def updateHook(entity: BaseEntity, updateAttrs: JsObject): Future[JsObject] = Future.successful {
+ private def updateStatus(updateAttrs: JsObject): JsObject =
(updateAttrs \ "status").asOpt[CaseStatus.Type] match {
case Some(CaseStatus.Resolved) if !updateAttrs.keys.contains("endDate") ⇒
updateAttrs +
@@ -95,7 +97,12 @@ class CaseModel @Inject()(
case _ ⇒
updateAttrs
}
- }
+
+ private def lowercaseOwner(updateAttrs: JsObject): JsObject =
+ (updateAttrs \ "owner").asOpt[String].fold(updateAttrs)(o ⇒ updateAttrs + ("owner" → JsString(o.toLowerCase)))
+
+ override def updateHook(entity: BaseEntity, updateAttrs: JsObject): Future[JsObject] =
+ Future.successful(lowercaseOwner(updateStatus(updateAttrs)))
private[models] def buildArtifactStats(caze: Case): Future[JsObject] = {
import org.elastic4play.services.QueryDSL._
@@ -177,9 +184,9 @@ class CaseModel @Inject()(
}
override val computedMetrics = Map(
- "handlingDurationInSeconds" → "(doc['endDate'].value - doc['startDate'].value) / 1000",
- "handlingDurationInHours" → "(doc['endDate'].value - doc['startDate'].value) / 3600000",
- "handlingDurationInDays" → "(doc['endDate'].value - doc['startDate'].value) / (3600000 * 24)"
+ "handlingDurationInSeconds" → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / 1000",
+ "handlingDurationInHours" → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / 3600000",
+ "handlingDurationInDays" → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / (3600000 * 24)"
)
}
diff --git a/thehive-backend/app/models/CaseTemplate.scala b/thehive-backend/app/models/CaseTemplate.scala
index 83ef3a8f81..dc3f607298 100644
--- a/thehive-backend/app/models/CaseTemplate.scala
+++ b/thehive-backend/app/models/CaseTemplate.scala
@@ -19,7 +19,7 @@ trait CaseTemplateAttributes { _: AttributeDef ⇒
val templateName: A[String] = attribute("name", F.stringFmt, "Name of the template")
val titlePrefix: A[Option[String]] = optionalAttribute("titlePrefix", F.textFmt, "Title of the case")
val description: A[Option[String]] = optionalAttribute("description", F.textFmt, "Description of the case")
- val severity: A[Option[Long]] = optionalAttribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (0-5)")
+ val severity: A[Option[Long]] = optionalAttribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (1-4)")
val tags: A[Seq[String]] = multiAttribute("tags", F.stringFmt, "Case tags")
val flag: A[Option[Boolean]] = optionalAttribute("flag", F.booleanFmt, "Flag of the case")
val tlp: A[Option[Long]] = optionalAttribute("tlp", TlpAttributeFormat, "TLP level")
diff --git a/thehive-backend/app/services/AlertSrv.scala b/thehive-backend/app/services/AlertSrv.scala
index 4b367c3ca0..962c9b2e88 100644
--- a/thehive-backend/app/services/AlertSrv.scala
+++ b/thehive-backend/app/services/AlertSrv.scala
@@ -109,8 +109,27 @@ class AlertSrv(
case a ⇒ Future.successful(a)
}
artifactsFields.flatMap { af ⇒
+ val validArtifacts = af.filter { a ⇒
+ val hasAttachment = (a \ "attachment").asOpt[JsObject].isDefined
+ val hasData = (a \ "data").asOpt[String].isDefined
+ val dataType = (a \ "dataType").asOpt[String]
+ val isValid = dataType match {
+ case None ⇒ false
+ case Some("file") ⇒ hasAttachment && !hasData
+ case _ ⇒ !hasAttachment && hasData
+ }
+ if (!isValid) {
+ val dataTypeStr = dataType.fold("DataType is not set!")(d ⇒ s"DataType is $d")
+ val dataStr = if (hasData) "data is set" else "data is not set"
+ val attachmentStr = if (hasAttachment) "attachment is set" else "attachment is not set"
+ logger.warn(
+ s"The alert contains an invalid artifact: $dataTypeStr, $dataStr, $attachmentStr"
+ )
+ }
+ isValid
+ }
/* remove duplicate artifacts */
- val distinctArtifacts = Collection.distinctBy(af) { a ⇒
+ val distinctArtifacts = Collection.distinctBy(validArtifacts) { a ⇒
val data = (a \ "data").asOpt[String]
val attachment = (a \ "attachment" \ "id").asOpt[String]
val dataType = (a \ "dataType").asOpt[String]
@@ -280,31 +299,33 @@ class AlertSrv(
def importArtifacts(alert: Alert, caze: Case)(implicit authContext: AuthContext): Future[Case] = {
val artifactsFields = alert
.artifacts()
- .map { artifact ⇒
+ .flatMap { artifact ⇒
val tags = (artifact \ "tags").asOpt[Seq[JsString]].getOrElse(Nil) :+ JsString("src:" + alert.tpe())
val message = (artifact \ "message").asOpt[JsString].getOrElse(JsString(""))
- val artifactFields = Fields(
- artifact +
- ("tags" → JsArray(tags)) +
- ("message" → message)
- )
- if (artifactFields.getString("dataType").contains("file")) {
- artifactFields
- .getString("data")
- .map {
+ (artifact \ "dataType").asOpt[String].flatMap {
+ case "file" ⇒
+ (artifact \ "data").asOpt[String].collect {
case dataExtractor(filename, contentType, data) ⇒
val f = Files.createTempFile("alert-", "-attachment")
Files.write(f, java.util.Base64.getDecoder.decode(data))
- artifactFields
- .set("attachment", FileInputValue(filename, f, contentType))
+ Fields(
+ artifact +
+ ("tags" → JsArray(tags)) +
+ ("message" → message)
+ ).set("attachment", FileInputValue(filename, f, contentType))
.unset("data")
- case data ⇒
- logger.warn(s"Invalid data format for file artifact: $data")
- artifactFields
}
- .getOrElse(artifactFields)
- } else {
- artifactFields
+ case _ if artifact.value.contains("data") ⇒
+ Some(
+ Fields(
+ artifact +
+ ("tags" → JsArray(tags)) +
+ ("message" → message)
+ )
+ )
+ case _ ⇒
+ logger.warn(s"Invalid artifact format: $artifact")
+ None
}
}
diff --git a/thehive-backend/app/services/OAuth2Srv.scala b/thehive-backend/app/services/OAuth2Srv.scala
index ea6664f0ef..936a6ad678 100644
--- a/thehive-backend/app/services/OAuth2Srv.scala
+++ b/thehive-backend/app/services/OAuth2Srv.scala
@@ -24,7 +24,8 @@ case class OAuth2Config(
tokenUrl: String,
userUrl: String,
scope: String,
- autocreate: Boolean
+ autocreate: Boolean,
+ autoupdate: Boolean
)
object OAuth2Config {
@@ -41,7 +42,20 @@ object OAuth2Config {
tokenUrl ← configuration.getOptional[String]("auth.oauth2.tokenUrl")
scope ← configuration.getOptional[String]("auth.oauth2.scope")
autocreate = configuration.getOptional[Boolean]("auth.sso.autocreate").getOrElse(false)
- } yield OAuth2Config(clientId, clientSecret, redirectUri, responseType, grantType, authorizationUrl, tokenUrl, userUrl, scope, autocreate)
+ autoupdate = configuration.getOptional[Boolean]("auth.sso.autoupdate").getOrElse(false)
+ } yield OAuth2Config(
+ clientId,
+ clientSecret,
+ redirectUri,
+ responseType,
+ grantType,
+ authorizationUrl,
+ tokenUrl,
+ userUrl,
+ scope,
+ autocreate,
+ autoupdate
+ )
}
@Singleton
@@ -77,7 +91,7 @@ class OAuth2Srv(
}
private def getAuthTokenAndAuthenticate(clientId: String, code: String)(implicit request: RequestHeader): Future[AuthContext] = {
- logger.debug("Getting user token with the code from the response!")
+ logger.debug("Getting user token with the code from the response")
withOAuth2Config { cfg ⇒
ws.url(cfg.tokenUrl)
.post(
@@ -97,22 +111,23 @@ class OAuth2Srv(
.flatMap { r ⇒
r.status match {
case Status.OK ⇒
+ logger.debug("Getting user info using access token")
val accessToken = (r.json \ "access_token").asOpt[String].getOrElse("")
- val authHeader = "Authorization" → s"bearer $accessToken"
+ val authHeader = "Authorization" → s"Bearer $accessToken"
ws.url(cfg.userUrl)
.addHttpHeaders(authHeader)
.get()
.flatMap { userResponse ⇒
if (userResponse.status != Status.OK) {
- Future.failed(AuthenticationError(s"unexpected response from server: ${userResponse.status} ${userResponse.body}"))
+ Future.failed(AuthenticationError(s"Unexpected response from server: ${userResponse.status} ${userResponse.body}"))
} else {
val response = userResponse.json.asInstanceOf[JsObject]
getOrCreateUser(response, authHeader)
}
}
case _ ⇒
- logger.error(s"unexpected response from server: ${r.status} ${r.body}")
- Future.failed(AuthenticationError("unexpected response from server"))
+ logger.error(s"Unexpected response from server: ${r.status} ${r.body}")
+ Future.failed(AuthenticationError("Unexpected response from server"))
}
}
}
@@ -125,11 +140,24 @@ class OAuth2Srv(
userSrv
.get(userId)
.flatMap(user ⇒ {
- userSrv.getFromUser(request, user, name)
+ if (cfg.autoupdate) {
+ logger.debug(s"Updating OAuth/OIDC user")
+ userSrv.inInitAuthContext { implicit authContext ⇒
+ // Only update name and roles, not login (can't change it)
+ userSrv
+ .update(user, userFields.unset("login"))
+ .flatMap(user ⇒ {
+ userSrv.getFromUser(request, user, name)
+ })
+ }
+ } else {
+ userSrv.getFromUser(request, user, name)
+ }
})
.recoverWith {
case authErr: AuthorizationError ⇒ Future.failed(authErr)
case _ if cfg.autocreate ⇒
+ logger.debug(s"Creating OAuth/OIDC user")
userSrv.inInitAuthContext { implicit authContext ⇒
userSrv
.create(userFields)
diff --git a/thehive-backend/app/services/mappers/GroupUserMapper.scala b/thehive-backend/app/services/mappers/GroupUserMapper.scala
index 6aafb08965..cf036ce379 100644
--- a/thehive-backend/app/services/mappers/GroupUserMapper.scala
+++ b/thehive-backend/app/services/mappers/GroupUserMapper.scala
@@ -3,21 +3,21 @@ package services.mappers
import javax.inject.Inject
import scala.concurrent.{ExecutionContext, Future}
+import scala.util.parsing.combinator._
-import play.api.Configuration
+import play.api.{Configuration, Logger}
import play.api.libs.json._
import play.api.libs.ws.WSClient
-import org.elastic4play.AuthenticationError
+import org.elastic4play.{AuthenticationError, AuthorizationError}
import org.elastic4play.controllers.Fields
class GroupUserMapper(
loginAttrName: String,
nameAttrName: String,
- rolesAttrName: Option[String],
- groupAttrName: String,
+ groupsAttrName: String,
defaultRoles: Seq[String],
- groupsUrl: String,
+ groupsUrl: Option[String],
mappings: Map[String, Seq[String]],
ws: WSClient,
implicit val ec: ExecutionContext
@@ -25,12 +25,11 @@ class GroupUserMapper(
@Inject() def this(configuration: Configuration, ws: WSClient, ec: ExecutionContext) =
this(
- configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("name"),
- configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("username"),
- configuration.getOptional[String]("auth.sso.attributes.roles"),
+ configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("sub"),
+ configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("name"),
configuration.getOptional[String]("auth.sso.attributes.groups").getOrElse(""),
configuration.getOptional[Seq[String]]("auth.sso.defaultRoles").getOrElse(Seq()),
- configuration.getOptional[String]("auth.sso.groups.url").getOrElse(""),
+ configuration.getOptional[String]("auth.sso.groups.url"),
configuration.getOptional[Map[String, Seq[String]]]("auth.sso.groups.mappings").getOrElse(Map()),
ws,
ec
@@ -38,13 +37,73 @@ class GroupUserMapper(
override val name: String = "group"
+ private[GroupUserMapper] lazy val logger = Logger(getClass)
+
+ private class RoleListParser extends RegexParsers {
+ val str = "[a-zA-Z0-9_]+".r
+ val strSpc = "[a-zA-Z0-9_ ]+".r
+ val realStr = ("\""~>strSpc<~"\"" | "'"~>strSpc<~"'" | str)
+
+ def expr: Parser[Seq[String]] = {
+ "[" ~ opt(realStr ~ rep("," ~ realStr)) ~ "]" ^^ {
+ case _ ~ Some(firstRole ~ list) ~ _ ⇒ list.foldLeft(Seq(firstRole)) {
+ case (queue, _ ~ role) ⇒ role +: queue
+ }
+ case _ ~ _ ⇒ Seq.empty[String]
+ } | opt(realStr) ^^ {
+ case Some(role) ⇒ Seq(role)
+ case None ⇒ Seq.empty[String]
+ }
+ }
+ }
+
override def getUserFields(jsValue: JsValue, authHeader: Option[(String, String)]): Future[Fields] = {
+ groupsUrl match {
+ case Some(groupsEndpointUrl) ⇒ {
+ logger.debug(s"Retreiving groups from ${groupsEndpointUrl}")
+ val apiCall = authHeader.fold(ws.url(groupsEndpointUrl))(headers ⇒ ws.url(groupsEndpointUrl).addHttpHeaders(headers))
+ apiCall.get.flatMap { r ⇒ extractGroupsThenBuildUserFields(jsValue, r.json) }
+ }
+ case None ⇒ {
+ logger.debug(s"Extracting groups from user info")
+ extractGroupsThenBuildUserFields(jsValue, jsValue)
+ }
+ }
+ }
+
+ private def extractGroupsThenBuildUserFields(jsValue: JsValue, groupsContainer: JsValue): Future[Fields] = {
+ (groupsContainer \ groupsAttrName) match {
+ // Groups received as valid JSON array
+ case JsDefined(JsArray(groupsList)) ⇒ mapGroupsAndBuildUserFields(jsValue, groupsList.map(_.as[String]).toList)
+
+ // Groups list received as string (invalid JSON, for example: "ROLE" or "['Role 1', ROLE2, 'Role_3']")
+ case JsDefined(JsString(groupsStr)) ⇒ {
+ val parser = new RoleListParser
+ parser.parseAll(parser.expr, groupsStr) match {
+ case parser.Success(result, _) ⇒ mapGroupsAndBuildUserFields(jsValue, result)
+ case err: parser.NoSuccess ⇒ Future.failed(AuthenticationError(s"User info fails: can't parse groups list (${err.msg})"))
+ }
+ }
+
+ // Invalid group list
+ case JsDefined(error) ⇒
+ Future.failed(AuthenticationError(s"User info fails: invalid groups list received in user info ('${error}' of type ${error.getClass})"))
+
+ // Groups field is undefined
+ case _: JsUndefined ⇒
+ Future.failed(AuthenticationError(s"User info fails: groups attribute ${groupsAttrName} doesn't exist in user info"))
+ }
+ }
+
+ private def mapGroupsAndBuildUserFields(jsValue: JsValue, jsonGroups: Seq[String]): Future[Fields] = {
+ val mappedRoles = jsonGroups.flatMap(mappings.get).flatten.toSet
+ val roles = if (mappedRoles.nonEmpty) mappedRoles else defaultRoles
+
+ if (roles.isEmpty) {
+ Future.failed(AuthorizationError(s"No matched roles for user"))
- val apiCall = authHeader.fold(ws.url(groupsUrl))(headers ⇒ ws.url(groupsUrl).addHttpHeaders(headers))
- apiCall.get.flatMap { r ⇒
- val jsonGroups = (r.json \ groupAttrName).as[Seq[String]]
- val mappedRoles = jsonGroups.flatMap(mappings.get).maxBy(_.length)
- val roles = if (mappedRoles.nonEmpty) mappedRoles else defaultRoles
+ } else {
+ logger.debug(s"Computed roles: ${roles.mkString(", ")}")
val fields = for {
login ← (jsValue \ loginAttrName).validate[String]
@@ -52,7 +111,7 @@ class GroupUserMapper(
} yield Fields(Json.obj("login" → login, "name" → name, "roles" → roles))
fields match {
case JsSuccess(f, _) ⇒ Future.successful(f)
- case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._1).mkString}"))
+ case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._2).map(_.map(_.messages.mkString(", ")).mkString("; ")).mkString}"))
}
}
}
diff --git a/thehive-backend/app/services/mappers/SimpleUserMapper.scala b/thehive-backend/app/services/mappers/SimpleUserMapper.scala
index b549c9b0ee..598d9d2ece 100644
--- a/thehive-backend/app/services/mappers/SimpleUserMapper.scala
+++ b/thehive-backend/app/services/mappers/SimpleUserMapper.scala
@@ -20,8 +20,8 @@ class SimpleUserMapper(
@Inject() def this(configuration: Configuration, ec: ExecutionContext) =
this(
- configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("name"),
- configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("username"),
+ configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("sub"),
+ configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("name"),
configuration.getOptional[String]("auth.sso.attributes.roles"),
configuration.getOptional[Seq[String]]("auth.sso.defaultRoles").getOrElse(Seq()),
ec
@@ -37,7 +37,7 @@ class SimpleUserMapper(
} yield Fields(Json.obj("login" → login, "name" → name, "roles" → roles))
fields match {
case JsSuccess(f, _) ⇒ Future.successful(f)
- case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._1).mkString}"))
+ case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._2).map(_.map(_.messages.mkString(", ")).mkString("; ")).mkString}"))
}
}
}
diff --git a/thehive-backend/conf/reference.conf b/thehive-backend/conf/reference.conf
index 49fdb53b16..344e3dba8f 100644
--- a/thehive-backend/conf/reference.conf
+++ b/thehive-backend/conf/reference.conf
@@ -28,8 +28,6 @@ play.http.session.cookieName = THE_HIVE_SESSION
search {
# Name of the index
index = the_hive
- # Name of the ElasticSearch cluster
- cluster = hive
# Address of the ElasticSearch instance
host = ["127.0.0.1:9300"]
# Scroll keepalive
@@ -191,7 +189,7 @@ migration {
//
// # Maximum number of sync messages that actor can process for stream to substream communication.
// # Parameter allows to interrupt synchronous processing to get upsteam/downstream messages.
-// # Allows to accelerate message processing that happening withing same actor but keep system responsive.
+// # Allows to accelerate message processing that happening within same actor but keep system responsive.
// sync-processing-limit = 1000
//
// debug {
diff --git a/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala b/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala
index efe5818dc9..64591954ed 100644
--- a/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala
+++ b/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala
@@ -162,7 +162,7 @@ class CortexCtrl(
for {
job ← cortexAnalyzerSrv.getJob(jobId)
jobJson = job.toJson
- jobWithStats ← if (withStats) cortexAnalyzerSrv.addImportFieldInArtifacts(jobJson) else Future.successful(Json.toJson(job))
+ jobWithStats ← if (withStats) cortexAnalyzerSrv.addImportFieldInArtifacts(jobJson) else Future.successful(jobJson)
} yield Ok(jobWithStats)
}
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
index 5f5ef8a71c..cc0a5e7db0 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
@@ -4,6 +4,7 @@ import java.util.Date
import scala.concurrent.duration.FiniteDuration
import scala.concurrent.{ExecutionContext, Future, Promise}
+import scala.util.Success
import scala.util.control.NonFatal
import scala.util.matching.Regex
@@ -42,7 +43,7 @@ class CortexActionSrv @Inject()(
implicit val mat: Materializer
) {
- lazy val logger = Logger(getClass)
+ lazy val logger: Logger = Logger(getClass)
lazy val responderIdRegex: Regex = "(.*)-(.*)".r
def getResponderById(id: String): Future[Responder] =
@@ -221,9 +222,20 @@ class CortexActionSrv @Inject()(
}
}
.getOrElse {
- Future.firstCompletedOf {
- cortexConfig.instances.map(c ⇒ getResponder(c).map(c → _))
- }
+ Future
+ .traverse(cortexConfig.instances) { c ⇒
+ getResponder(c)
+ .transform {
+ case Success(w) ⇒ Success(Some(c → w))
+ case _ ⇒ Success(None)
+ }
+ }
+ .flatMap { responders ⇒
+ responders
+ .flatten
+ .headOption
+ .fold[Future[(CortexClient, Responder)]](Future.failed(NotFoundError(s"Responder not found")))(Future.successful)
+ }
}
for {
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
index 2f27e8592c..18cb243c54 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
@@ -5,13 +5,11 @@ import java.util.Date
import scala.concurrent.duration.FiniteDuration
import scala.concurrent.{ExecutionContext, Future, Promise}
-import scala.util.Try
+import scala.util.{Success, Try}
import scala.util.control.NonFatal
-
import play.api.Logger
import play.api.libs.json._
import play.api.libs.ws.WSClient
-
import akka.NotUsed
import akka.actor.{Actor, ActorSystem}
import akka.stream.Materializer
@@ -21,7 +19,6 @@ import connectors.cortex.models._
import javax.inject.{Inject, Singleton}
import models.{Artifact, Case}
import services.{UserSrv ⇒ _, _}
-
import org.elastic4play.controllers.{Fields, FileInputValue}
import org.elastic4play.database.{DBRemove, ModifyConfig}
import org.elastic4play.services.JsonFormat.attachmentFormat
@@ -139,7 +136,7 @@ class CortexAnalyzerSrv @Inject()(
def realDeleteJob(job: Job): Future[Unit] =
dbRemove(job).map(_ ⇒ ())
- def stats(query: QueryDef, aggs: Seq[Agg]) = findSrv(jobModel, query, aggs: _*)
+ def stats(query: QueryDef, aggs: Seq[Agg]): Future[JsObject] = findSrv(jobModel, query, aggs: _*)
def getAnalyzer(analyzerId: String): Future[Analyzer] =
Future
@@ -330,15 +327,22 @@ class CortexAnalyzerSrv @Inject()(
.set("status", JobStatus.Failure.toString)
.set("endDate", Json.toJson(new Date))
update(jobId, jobFields)
- case _ if maxRetryOnError > 0 ⇒
- logger.debug(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails, restarting ...")
+ /* Workaround */
+ case CortexError(500, _, body) if Try((Json.parse(body) \ "type").as[String]) == Success("akka.pattern.AskTimeoutException") ⇒
+ logger.debug("Got a 500 Timeout, retry")
+ updateJobWithCortex(jobId, cortexJobId, cortex)
+ case e if maxRetryOnError > 0 ⇒
+ logger.debug(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails, restarting ...", e)
val result = Promise[Job]
system.scheduler.scheduleOnce(retryDelay) {
updateJobWithCortex(jobId, cortexJobId, cortex, retryDelay, maxRetryOnError - 1).onComplete(result.complete)
}
result.future
- case _ ⇒
- logger.error(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails and the number of errors reaches the limit, aborting")
+ case e ⇒
+ logger.error(
+ s"Request of status of job $cortexJobId in cortex ${cortex.name} fails and the number of errors reaches the limit, aborting",
+ e
+ )
update(
jobId,
Fields
@@ -361,9 +365,20 @@ class CortexAnalyzerSrv @Inject()(
}
case None ⇒
- Future.firstCompletedOf {
- cortexConfig.instances.map(c ⇒ c.getAnalyzer(analyzerName).map(c → _))
- }
+ Future
+ .traverse(cortexConfig.instances) { c ⇒
+ c.getAnalyzer(analyzerName)
+ .transform {
+ case Success(w) ⇒ Success(Some(c → w))
+ case _ ⇒ Success(None)
+ }
+ }
+ .flatMap { analyzers ⇒
+ analyzers
+ .flatten
+ .headOption
+ .fold[Future[(CortexClient, Analyzer)]](Future.failed(NotFoundError(s"Analyzer not found")))(Future.successful)
+ }
}
cortexClientAnalyzer.flatMap {
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexClient.scala b/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
index db3e45b8a1..a5a5b7ed9e 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
@@ -165,7 +165,11 @@ class CortexClient(val name: String, baseUrl: String, authentication: Option[Cor
request(s"api/analyzer/type/$dataType", _.get, _.json.as[Seq[Analyzer]]).map(_.map(_.copy(cortexIds = List(name))))
def waitReport(jobId: String, atMost: Duration)(implicit ec: ExecutionContext): Future[JsObject] =
- request(s"api/job/$jobId/waitreport", _.withQueryStringParameters("atMost" → atMost.toString).get, _.json.as[JsObject])
+ request(
+ s"api/job/$jobId/waitreport",
+ _.withQueryStringParameters("atMost" → atMost.toString).withRequestTimeout(atMost + 1.second).get,
+ _.json.as[JsObject]
+ )
def getVersion()(implicit ec: ExecutionContext): Future[Option[String]] =
request("api/status", _.get, identity)
diff --git a/thehive-misp/app/connectors/misp/JsonFormat.scala b/thehive-misp/app/connectors/misp/JsonFormat.scala
index e2a80c652b..ab45c69a81 100644
--- a/thehive-misp/app/connectors/misp/JsonFormat.scala
+++ b/thehive-misp/app/connectors/misp/JsonFormat.scala
@@ -65,7 +65,8 @@ object JsonFormat {
value ← (json \ "value").validate[String]
category ← (json \ "category").validate[String]
tags ← JsArray(json \ "EventTag" \\ "name").validate[Seq[String]]
- } yield MispAttribute(id, category, tpe, date, comment, value, tags)
+ toIds ← (json \ "to_ids").validate[Boolean]
+ } yield MispAttribute(id, category, tpe, date, comment, value, tags, toIds)
)
val tlpWrites: Writes[Long] = Writes[Long] {
@@ -82,7 +83,8 @@ object JsonFormat {
"type" → attribute.tpe,
"value" → attribute.value.fold[String](identity, _.name),
"comment" → attribute.comment,
- "Tag" → Json.arr(Json.obj("name" → tlpWrites.writes(attribute.tlp)))
+ "Tag" → Json.arr(Json.obj("name" → tlpWrites.writes(attribute.tlp))),
+ "to_ids" → attribute.artifact.ioc()
)
}
@@ -92,7 +94,8 @@ object JsonFormat {
"message" → artifact.message,
"tlp" → artifact.tlp,
"tags" → artifact.tags,
- "startDate" → artifact.startDate
+ "startDate" → artifact.startDate,
+ "ioc" → artifact.ioc
) + (artifact.value match {
case SimpleArtifactData(data) ⇒ "data" → JsString(data)
case RemoteAttachmentArtifact(filename, reference, tpe) ⇒
diff --git a/thehive-misp/app/connectors/misp/MispConverter.scala b/thehive-misp/app/connectors/misp/MispConverter.scala
index 6498f4fa97..88d4e0e2cd 100644
--- a/thehive-misp/app/connectors/misp/MispConverter.scala
+++ b/thehive-misp/app/connectors/misp/MispConverter.scala
@@ -12,7 +12,8 @@ trait MispConverter {
message = mispAttribute.comment,
tlp = 0,
tags = tags ++ mispAttribute.tags,
- startDate = mispAttribute.date
+ startDate = mispAttribute.date,
+ ioc = mispAttribute.toIds
)
)
} else {
@@ -24,7 +25,8 @@ trait MispConverter {
message = mispAttribute.comment,
tlp = 0,
tags = tags ++ mispAttribute.tags,
- startDate = mispAttribute.date
+ startDate = mispAttribute.date,
+ ioc = mispAttribute.toIds
)
val types = mispAttribute.tpe.split('|').toSeq
diff --git a/thehive-misp/app/connectors/misp/MispExport.scala b/thehive-misp/app/connectors/misp/MispExport.scala
index 3104c06f76..db7abf38a1 100644
--- a/thehive-misp/app/connectors/misp/MispExport.scala
+++ b/thehive-misp/app/connectors/misp/MispExport.scala
@@ -115,7 +115,7 @@ class MispExport @Inject()(
def exportAttribute(mispConnection: MispConnection, eventId: String, attribute: ExportedMispAttribute): Future[Artifact] = {
val mispResponse = attribute match {
- case ExportedMispAttribute(_, _, _, _, Right(attachment), comment) ⇒
+ case ExportedMispAttribute(artifact, _, _, _, Right(attachment), comment) ⇒
attachmentSrv
.source(attachment.id)
.runReduce(_ ++ _)
@@ -126,7 +126,8 @@ class MispExport @Inject()(
"category" → "Payload delivery",
"type" → "malware-sample",
"comment" → comment,
- "files" → Json.arr(Json.obj("filename" → attachment.name, "data" → b64data))
+ "files" → Json.arr(Json.obj("filename" → attachment.name, "data" → b64data)),
+ "to_ids" → artifact.ioc()
)
)
mispConnection(s"events/upload_sample/$eventId").post(body)
@@ -205,9 +206,9 @@ class MispExport @Inject()(
logger.debug(s"Updating MISP event $eventId")
mispSrv.getAttributesFromMisp(mispConnection, eventId, None).map { attributes ⇒
(eventId, Nil, attributes.map {
- case MispArtifact(SimpleArtifactData(data), _, _, _, _, _) ⇒ Left(data)
- case MispArtifact(RemoteAttachmentArtifact(filename, _, _), _, _, _, _, _) ⇒ Right(filename)
- case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _) ⇒ Right(filename)
+ case MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _) ⇒ Left(data)
+ case MispArtifact(RemoteAttachmentArtifact(filename, _, _), _, _, _, _, _, _) ⇒ Right(filename)
+ case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _, _) ⇒ Right(filename)
})
}
}
diff --git a/thehive-misp/app/connectors/misp/MispModel.scala b/thehive-misp/app/connectors/misp/MispModel.scala
index 05d42b4bb2..542d3db1fc 100644
--- a/thehive-misp/app/connectors/misp/MispModel.scala
+++ b/thehive-misp/app/connectors/misp/MispModel.scala
@@ -34,7 +34,7 @@ case class MispAlert(
caseTemplate: String
)
-case class MispAttribute(id: String, category: String, tpe: String, date: Date, comment: String, value: String, tags: Seq[String])
+case class MispAttribute(id: String, category: String, tpe: String, date: Date, comment: String, value: String, tags: Seq[String], toIds: Boolean)
case class ExportedMispAttribute(
artifact: Artifact,
@@ -45,6 +45,6 @@ case class ExportedMispAttribute(
comment: Option[String]
)
-case class MispArtifact(value: ArtifactData, dataType: String, message: String, tlp: Long, tags: Seq[String], startDate: Date)
+case class MispArtifact(value: ArtifactData, dataType: String, message: String, tlp: Long, tags: Seq[String], startDate: Date, ioc: Boolean)
case class MispExportError(message: String, artifact: Artifact) extends ErrorWithObject(message, artifact.attributes)
diff --git a/thehive-misp/app/connectors/misp/MispSrv.scala b/thehive-misp/app/connectors/misp/MispSrv.scala
index 8e8da7c315..d2254fea26 100644
--- a/thehive-misp/app/connectors/misp/MispSrv.scala
+++ b/thehive-misp/app/connectors/misp/MispSrv.scala
@@ -1,17 +1,16 @@
package connectors.misp
import java.util.Date
+
import javax.inject.{Inject, Provider, Singleton}
import scala.concurrent.{ExecutionContext, Future}
-
import play.api.Logger
import play.api.libs.json.JsLookupResult.jsLookupResultToJsLookup
import play.api.libs.json.JsValue.jsValueToJsLookup
import play.api.libs.json.Json.toJsFieldJsValueWrapper
import play.api.libs.json._
import play.api.libs.ws.WSBodyWritables.writeableOf_JsValue
-
import akka.NotUsed
import akka.stream.Materializer
import akka.stream.scaladsl.{FileIO, Sink, Source}
@@ -21,11 +20,12 @@ import net.lingala.zip4j.core.ZipFile
import net.lingala.zip4j.exception.ZipException
import net.lingala.zip4j.model.FileHeader
import services._
-
import org.elastic4play.controllers.{Fields, FileInputValue}
import org.elastic4play.services.{Attachment, AuthContext, TempSrv}
import org.elastic4play.{InternalError, NotFoundError}
+import scala.util.Try
+
@Singleton
class MispSrv @Inject()(
mispConfig: MispConfig,
@@ -69,13 +69,14 @@ class MispSrv @Inject()(
.post(Json.obj("searchpublish_timestamp" → date))
}
.mapConcat { response ⇒
- val eventJson = Json
- .parse(response.body)
- .asOpt[Seq[JsValue]]
- .getOrElse {
- logger.warn(s"Invalid MISP event format:\n${response.body}")
- Nil
- }
+ val eventJson = Try {
+ response
+ .body[JsValue]
+ .as[Seq[JsValue]]
+ }.getOrElse {
+ logger.warn(s"Invalid MISP event format:\n${response.body}")
+ Nil
+ }
val events = eventJson
.flatMap { j ⇒
j.asOpt[MispAlert]
@@ -137,9 +138,9 @@ class MispSrv @Inject()(
.filter(_.date after refDate)
.flatMap(convertAttribute)
.groupBy {
- case MispArtifact(SimpleArtifactData(data), dataType, _, _, _, _) ⇒ dataType → Right(data)
- case MispArtifact(RemoteAttachmentArtifact(filename, _, _), dataType, _, _, _, _) ⇒ dataType → Left(filename)
- case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), dataType, _, _, _, _) ⇒ dataType → Left(filename)
+ case MispArtifact(SimpleArtifactData(data), dataType, _, _, _, _, _) ⇒ dataType → Right(data)
+ case MispArtifact(RemoteAttachmentArtifact(filename, _, _), dataType, _, _, _, _, _) ⇒ dataType → Left(filename)
+ case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), dataType, _, _, _, _, _) ⇒ dataType → Left(filename)
}
.values
.map { mispArtifact ⇒
@@ -192,7 +193,7 @@ class MispSrv @Inject()(
)
)
.set("tlp", tlp)
- if attachment.isDefined != data.isDefined
+ if (attachment.isDefined && data.isEmpty) || (dataType != "file" && data.isDefined)
} yield attachment.fold(Future.successful(fields.set("data", data.get)))(_.map { fiv ⇒
fields.set("attachment", fiv)
})) match {
diff --git a/thehive-misp/app/connectors/misp/MispSynchro.scala b/thehive-misp/app/connectors/misp/MispSynchro.scala
index 44148ed988..95cda14517 100644
--- a/thehive-misp/app/connectors/misp/MispSynchro.scala
+++ b/thehive-misp/app/connectors/misp/MispSynchro.scala
@@ -3,24 +3,22 @@ package connectors.misp
import java.util.Date
import javax.inject.{Inject, Provider, Singleton}
+
import scala.collection.immutable
import scala.concurrent.{ExecutionContext, Future}
import scala.concurrent.duration._
import scala.util.{Failure, Success, Try}
-
import play.api.Logger
import play.api.inject.ApplicationLifecycle
import play.api.libs.json._
-
import akka.NotUsed
import akka.actor.ActorSystem
-import akka.stream.Materializer
+import akka.stream.{ActorAttributes, Materializer, Supervision}
import akka.stream.scaladsl.{Sink, Source}
import connectors.misp.JsonFormat.mispArtifactWrites
import models.{Alert, AlertStatus, Artifact, CaseStatus}
import services.{AlertSrv, ArtifactSrv, CaseSrv, UserSrv}
import JsonFormat.mispAlertWrites
-
import org.elastic4play.controllers.Fields
import org.elastic4play.services.{Attachment, AuthContext, MigrationSrv, TempSrv}
import org.elastic4play.utils.Collection
@@ -91,12 +89,14 @@ class MispSynchro @Inject()(
case (mispConnection, lastSyncDate) ⇒
synchronize(mispConnection, Some(lastSyncDate))
}
+ .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
.runWith(Sink.seq)
}
def fullSynchronize()(implicit authContext: AuthContext): Future[immutable.Seq[Try[Alert]]] =
Source(mispConfig.connections.filter(_.canImport).toList)
.flatMapConcat(mispConnection ⇒ synchronize(mispConnection, None))
+ .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
.runWith(Sink.seq)
def updateArtifacts(mispConnection: MispConnection, caseId: String, mispArtifacts: Seq[MispArtifact])(
@@ -112,14 +112,15 @@ class MispSynchro @Inject()(
.map { artifact ⇒
artifact.data().map(Left.apply).getOrElse(Right(artifact.attachment().get.name))
}
+ .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
.runWith(Sink.seq)
newAttributes ← Future.traverse(mispArtifacts) {
- case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒
+ case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒
Future.successful(Fields(Json.toJson(artifact).as[JsObject]))
- case artifact @ MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _)
+ case artifact @ MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _, _)
if !existingArtifacts.contains(Left(filename)) ⇒
Future.successful(Fields(Json.toJson(artifact).as[JsObject]))
- case artifact @ MispArtifact(RemoteAttachmentArtifact(filename, reference, tpe), _, _, _, _, _)
+ case artifact @ MispArtifact(RemoteAttachmentArtifact(filename, reference, tpe), _, _, _, _, _, _)
if !existingArtifacts.contains(Left(filename)) ⇒
mispSrv
.downloadAttachment(mispConnection, reference)
diff --git a/ui/Gruntfile.js b/ui/Gruntfile.js
index 48419d9e92..d8364a1b5d 100644
--- a/ui/Gruntfile.js
+++ b/ui/Gruntfile.js
@@ -182,7 +182,7 @@ module.exports = function(grunt) {
postcss: {
options: {
processors: [
- require('autoprefixer')({browsers: ['last 1 version']})
+ //require('autoprefixer')({browsers: ['last 1 version']})
]
},
server: {
diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
index 5628903a9c..f53e43292d 100644
--- a/ui/app/scripts/app.js
+++ b/ui/app/scripts/app.js
@@ -58,7 +58,7 @@ angular.module('thehive', [
}
},
params: {
- autoLogin: false
+ disableSsoAutoLogin: false
},
title: 'Login'
})
diff --git a/ui/app/scripts/controllers/AuthenticationCtrl.js b/ui/app/scripts/controllers/AuthenticationCtrl.js
index 4ba859caff..a54abf1bc4 100644
--- a/ui/app/scripts/controllers/AuthenticationCtrl.js
+++ b/ui/app/scripts/controllers/AuthenticationCtrl.js
@@ -4,18 +4,21 @@
(function() {
'use strict';
angular.module('theHiveControllers')
- .controller('AuthenticationCtrl', function($scope, $state, $location, $uibModalStack, $stateParams, AuthenticationSrv, NotificationSrv, UtilsSrv, UrlParser, appConfig) {
+ .controller('AuthenticationCtrl', function($scope, $state, $location, $uibModalStack, $stateParams, AuthenticationSrv, NotificationSrv, appConfig) {
$scope.params = {};
+ $scope.ssoLogingIn = false;
$uibModalStack.dismissAll();
$scope.ssoLogin = function (code) {
+ $scope.ssoLogingIn = true;
AuthenticationSrv.ssoLogin(code)
.then(function(response) {
var redirectLocation = response.headers().location;
if(angular.isDefined(redirectLocation)) {
window.location = redirectLocation;
} else {
+ $location.search('code', null);
$state.go('app.cases');
}
})
@@ -25,6 +28,7 @@
} else {
NotificationSrv.log(err.data.message, 'error');
}
+ $scope.ssoLogingIn = false;
$location.url($location.path());
});
};
@@ -49,8 +53,8 @@
});
};
- var code = UtilsSrv.extractQueryParam('code', UrlParser('query', $location.absUrl()));
- if(angular.isDefined(code) || $stateParams.autoLogin) {
+ var code = $location.search().code;
+ if(angular.isDefined(code) || (appConfig.config.ssoAutoLogin && !$stateParams.disableSsoAutoLogin)) {
$scope.ssoLogin(code);
}
});
diff --git a/ui/app/scripts/controllers/RootCtrl.js b/ui/app/scripts/controllers/RootCtrl.js
index acbd718b83..737f53231a 100644
--- a/ui/app/scripts/controllers/RootCtrl.js
+++ b/ui/app/scripts/controllers/RootCtrl.js
@@ -9,7 +9,7 @@ angular.module('theHiveControllers').controller('RootCtrl',
$state.go('maintenance');
return;
}else if(!currentUser || !currentUser.id) {
- $state.go('login', {autoLogin: appConfig.config.ssoAutoLogin });
+ $state.go('login');
return;
}
@@ -141,7 +141,7 @@ angular.module('theHiveControllers').controller('RootCtrl',
$scope.logout = function() {
AuthenticationSrv.logout(function() {
- $state.go('login');
+ $state.go('login', {disableSsoAutoLogin: true});
}, function(data, status) {
NotificationSrv.error('RootCtrl', data, status);
});
diff --git a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
index 26a0e3dc17..589ff7328d 100644
--- a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
@@ -155,7 +155,7 @@
}, 500);
}, function(/*err*/) {
- NotificationSrv.log('An expected error occured while fetching the job report');
+ NotificationSrv.log('An expected error occurred while fetching the job report');
});
};
diff --git a/ui/app/scripts/directives/entityLink.js b/ui/app/scripts/directives/entityLink.js
index 35dba95b0a..4d5134291a 100644
--- a/ui/app/scripts/directives/entityLink.js
+++ b/ui/app/scripts/directives/entityLink.js
@@ -19,7 +19,7 @@
if (angular.isDefined(scope.value)) {
if (!compiledContents) {
- // Get the link function with the contents frome top
+ // Get the link function with the contents from top
// level template with
// the transclude
compiledContents = $compile(contents, transclude);
diff --git a/ui/app/scripts/services/Constants.js b/ui/app/scripts/services/Constants.js
index 0bae8587ac..9ae839dcb1 100644
--- a/ui/app/scripts/services/Constants.js
+++ b/ui/app/scripts/services/Constants.js
@@ -16,11 +16,12 @@
})
.value('Severity', {
keys: {
+ Critical: 4,
High: 3,
Medium: 2,
Low: 1
},
- values: ['Unknown', 'Low', 'Medium', 'High']
+ values: ['Unknown', 'Low', 'Medium', 'High', 'Critical']
})
.value('AlertStatus', {
values: ['New', 'Updated', 'Ignored', 'Imported']
diff --git a/ui/app/scripts/services/UtilsSrv.js b/ui/app/scripts/services/UtilsSrv.js
index 5a4fdb4288..6322ab2cb9 100644
--- a/ui/app/scripts/services/UtilsSrv.js
+++ b/ui/app/scripts/services/UtilsSrv.js
@@ -101,23 +101,6 @@
scope.value = scope.oldValue;
scope.updatable.updating = false;
};
- },
-
- extractQueryParam: function(paramName, queryString) {
- if (!queryString || !paramName) {
- return;
- }
-
- var param = $location.search()[paramName];
-
- if (param) {
- return param;
- } else {
- var parsedQuery = _.find(queryString.split('&'), function(str) {
- return str.startsWith(paramName + '=');
- });
- return parsedQuery ? parsedQuery.substr(paramName.length + 1) : undefined;
- }
}
};
diff --git a/ui/app/styles/dashboard.css b/ui/app/styles/dashboard.css
index 426a299d64..3b5c249161 100644
--- a/ui/app/styles/dashboard.css
+++ b/ui/app/styles/dashboard.css
@@ -139,7 +139,7 @@ dashboard-item .box {
.dashboard-serie > .form-inline {
display: flex;
- justify-content: start;
+ justify-content: flex-start;
align-items: stretch;
}
@@ -157,9 +157,9 @@ dashboard-item .box {
.dashboard-period > div{
height: 34px;
- display:flex;
- justify-content:start;
- align-items:stretch;
+ display: flex;
+ justify-content: flex-start;
+ align-items: stretch;
}
.dashboard-period .label{
diff --git a/ui/app/views/directives/severity.html b/ui/app/views/directives/severity.html
index 193495b93a..74f74b3bbb 100644
--- a/ui/app/views/directives/severity.html
+++ b/ui/app/views/directives/severity.html
@@ -1,11 +1,14 @@
- L
- M
- H
+ L
+ M
+ H
+ !!
+
- L
- M
- H
+ L
+ M
+ H
+ !!?
diff --git a/ui/app/views/login.html b/ui/app/views/login.html
index 0c30c09a84..18bc6d7729 100644
--- a/ui/app/views/login.html
+++ b/ui/app/views/login.html
@@ -6,25 +6,25 @@