From a221fc958d347a49925b98fe605b72c66b453a7b Mon Sep 17 00:00:00 2001
From: Zachary Priddy <github@zpriddy.com>
Date: Sun, 24 Mar 2019 21:30:44 -0700
Subject: [PATCH 01/58] Add Critical Status

---
 thehive-backend/app/models/Alert.scala           |  2 +-
 thehive-backend/app/models/AttributeFormat.scala |  6 +++---
 thehive-backend/app/models/Case.scala            |  2 +-
 thehive-backend/app/models/CaseTemplate.scala    |  2 +-
 ui/app/scripts/services/Constants.js             |  3 ++-
 ui/app/views/directives/severity.html            | 15 +++++++++------
 ui/app/views/partials/alert/list/filters.html    |  2 +-
 ui/app/views/partials/case/list/filters.html     |  2 +-
 8 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
index d2290749d3..26a3205bb9 100644
--- a/thehive-backend/app/models/Alert.scala
+++ b/thehive-backend/app/models/Alert.scala
@@ -55,7 +55,7 @@ trait AlertAttributes {
   val caze: A[Option[String]] = optionalAttribute("case", F.stringFmt, "Id of the case, if created")
   val title: A[String] = attribute("title", F.textFmt, "Title of the alert")
   val description: A[String] = attribute("description", F.textFmt, "Description of the alert")
-  val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the alert (0-3)", 2L)
+  val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the alert (1-4)", 2L)
   val tags: A[Seq[String]] = multiAttribute("tags", F.stringFmt, "Alert tags")
   val tlp: A[Long] = attribute("tlp", TlpAttributeFormat, "TLP level", 2L)
   val artifacts: A[Seq[JsObject]] = multiAttribute("artifacts", F.objectFmt(artifactAttributes), "Artifact of the alert", O.unaudited)
diff --git a/thehive-backend/app/models/AttributeFormat.scala b/thehive-backend/app/models/AttributeFormat.scala
index fd98a30140..a6d00d0df7 100644
--- a/thehive-backend/app/models/AttributeFormat.scala
+++ b/thehive-backend/app/models/AttributeFormat.scala
@@ -11,15 +11,15 @@ import org.elastic4play.{ AttributeError, InvalidFormatAttributeError }
 
 object SeverityAttributeFormat extends NumberAttributeFormat {
 
-  def isValidValue(value: Long): Boolean = 1 <= value && value <= 3
+  def isValidValue(value: Long): Boolean = 1 <= value && value <= 4
 
   override def definition(dblists: DBLists, attribute: Attribute[Long]): Seq[AttributeDefinition] =
     Seq(AttributeDefinition(
       attribute.attributeName,
       name,
       attribute.description,
-      Seq(JsNumber(1), JsNumber(2), JsNumber(3)),
-      Seq("low", "medium", "high")))
+      Seq(JsNumber(1), JsNumber(2), JsNumber(3), JsNumber(4)),
+      Seq("low", "medium", "high", "critical")))
 
   override def checkJson(subNames: Seq[String], value: JsValue): Or[JsValue, One[InvalidFormatAttributeError]] = {
     value match {
diff --git a/thehive-backend/app/models/Case.scala b/thehive-backend/app/models/Case.scala
index 2c2b4e3c01..5d58d4692a 100644
--- a/thehive-backend/app/models/Case.scala
+++ b/thehive-backend/app/models/Case.scala
@@ -37,7 +37,7 @@ trait CaseAttributes { _: AttributeDef ⇒
   val caseId: A[Long] = attribute("caseId", F.numberFmt, "Id of the case (auto-generated)", O.model)
   val title: A[String] = attribute("title", F.textFmt, "Title of the case")
   val description: A[String] = attribute("description", F.textFmt, "Description of the case")
-  val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (0-3)", 2L)
+  val severity: A[Long] = attribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (1-4)", 2L)
   val owner: A[String] = attribute("owner", F.userFmt, "Owner of the case")
   val startDate: A[Date] = attribute("startDate", F.dateFmt, "Creation date", new Date)
   val endDate: A[Option[Date]] = optionalAttribute("endDate", F.dateFmt, "Resolution date")
diff --git a/thehive-backend/app/models/CaseTemplate.scala b/thehive-backend/app/models/CaseTemplate.scala
index 144aa4fc61..ead7c77da7 100644
--- a/thehive-backend/app/models/CaseTemplate.scala
+++ b/thehive-backend/app/models/CaseTemplate.scala
@@ -19,7 +19,7 @@ trait CaseTemplateAttributes { _: AttributeDef ⇒
   val templateName: A[String] = attribute("name", F.stringFmt, "Name of the template")
   val titlePrefix: A[Option[String]] = optionalAttribute("titlePrefix", F.textFmt, "Title of the case")
   val description: A[Option[String]] = optionalAttribute("description", F.textFmt, "Description of the case")
-  val severity: A[Option[Long]] = optionalAttribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (0-5)")
+  val severity: A[Option[Long]] = optionalAttribute("severity", SeverityAttributeFormat, "Severity if the case is an incident (1-4)")
   val tags: A[Seq[String]] = multiAttribute("tags", F.stringFmt, "Case tags")
   val flag: A[Option[Boolean]] = optionalAttribute("flag", F.booleanFmt, "Flag of the case")
   val tlp: A[Option[Long]] = optionalAttribute("tlp", TlpAttributeFormat, "TLP level")
diff --git a/ui/app/scripts/services/Constants.js b/ui/app/scripts/services/Constants.js
index 0bae8587ac..9ae839dcb1 100644
--- a/ui/app/scripts/services/Constants.js
+++ b/ui/app/scripts/services/Constants.js
@@ -16,11 +16,12 @@
         })
         .value('Severity', {
             keys: {
+                Critical: 4,
                 High: 3,
                 Medium: 2,
                 Low: 1
             },
-            values: ['Unknown', 'Low', 'Medium', 'High']
+            values: ['Unknown', 'Low', 'Medium', 'High', 'Critical']
         })
         .value('AlertStatus', {
             values: ['New', 'Updated', 'Ignored', 'Imported']
diff --git a/ui/app/views/directives/severity.html b/ui/app/views/directives/severity.html
index 193495b93a..74f74b3bbb 100644
--- a/ui/app/views/directives/severity.html
+++ b/ui/app/views/directives/severity.html
@@ -1,11 +1,14 @@
 <div ng-if="active == true">
-	<span class="label" ng-class="{ true:'label-info', false:'label-default' }[value == 1]" ng-click="update(1)">L</span>
-	<span class="label" ng-class="{ true:'label-warning', false:'label-default' }[value == 2 || !value]" ng-click="update(2)">M</span>
-	<span class="label" ng-class="{ true:'label-danger', false:'label-default' }[value == 3]" ng-click="update(3)">H</span>
+    <span class="label" ng-class="{ true:'label-success', false:'label-default' }[value == 1]" ng-click="update(1)">L</span>
+    <span class="label" ng-class="{ true:'label-info', false:'label-default' }[value == 2 || !value]" ng-click="update(2)">M</span>
+    <span class="label" ng-class="{ true:'label-warning', false:'label-default' }[value == 3]" ng-click="update(3)">H</span>
+    <span class="label" ng-class="{ true:'label-danger', false:'label-default' }[value == 4]" ng-click="update(4)">!!</span>
+
 </div>
 <span ng-if="active != true" ng-switch="value">
-	<span ng-switch-when="1" class="label label-info">L</span>
-	<span ng-switch-when="2" class="label label-warning">M</span>
-	<span ng-switch-when="3" class="label label-danger">H</span>
+	<span ng-switch-when="1" class="label label-success">L</span>
+	<span ng-switch-when="2" class="label label-info">M</span>
+	<span ng-switch-when="3" class="label label-warning">H</span>
+  <span ng-switch-when="4" class="label label-danger">!!</span>
 	<span ng-switch-default class="label label-primary">?</span>
 </span>
diff --git a/ui/app/views/partials/alert/list/filters.html b/ui/app/views/partials/alert/list/filters.html
index 33c873611f..8f91ead91d 100644
--- a/ui/app/views/partials/alert/list/filters.html
+++ b/ui/app/views/partials/alert/list/filters.html
@@ -89,7 +89,7 @@ <h4>Filters</h4>
                             <tags-input class="form-control form-control-wrapper"
                                 min-length="2"
                                 ng-model="$vm.filtering.activeFilters.severity.value"
-                                placeholder="ex: High, Medium, Low"
+                                placeholder="ex: Critical, High, Medium, Low"
                                 replace-spaces-with-dashes="false"
                                 add-from-autocomplete-only="true">
                                     <auto-complete load-on-focus="true" load-on-down-arrow="true" min-length="1" source="$vm.getSeverities($query)"></auto-complete>
diff --git a/ui/app/views/partials/case/list/filters.html b/ui/app/views/partials/case/list/filters.html
index 9566871ff9..a7208c5fc6 100644
--- a/ui/app/views/partials/case/list/filters.html
+++ b/ui/app/views/partials/case/list/filters.html
@@ -71,7 +71,7 @@ <h4>Filters</h4>
                             <tags-input class="form-control form-control-wrapper"
                                 min-length="2"
                                 ng-model="$vm.uiSrv.activeFilters.severity.value"
-                                placeholder="ex: High, Medium, Low"
+                                placeholder="ex: Critical, High, Medium, Low"
                                 replace-spaces-with-dashes="false"
                                 add-from-autocomplete-only="true">
                                     <auto-complete load-on-focus="true" load-on-down-arrow="true" min-length="1" source="$vm.getSeverities($query)"></auto-complete>

From b559d10e12a154fe2d480c3e599d9fc7cbbb74a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Tue, 3 Sep 2019 10:34:18 +0200
Subject: [PATCH 02/58] Support for retreiving user groups directly

User groups are parsed directly from user infos. The config
parameter `auth.sso.groups.url` is useless in that case.

Note: an AuthenticationError is raised when no groups are
available for the user.
---
 .../services/mappers/GroupUserMapper.scala    | 73 +++++++++++++++++--
 1 file changed, 67 insertions(+), 6 deletions(-)

diff --git a/thehive-backend/app/services/mappers/GroupUserMapper.scala b/thehive-backend/app/services/mappers/GroupUserMapper.scala
index 6aafb08965..cb75a04c32 100644
--- a/thehive-backend/app/services/mappers/GroupUserMapper.scala
+++ b/thehive-backend/app/services/mappers/GroupUserMapper.scala
@@ -3,8 +3,9 @@ package services.mappers
 import javax.inject.Inject
 
 import scala.concurrent.{ExecutionContext, Future}
+import scala.util.parsing.combinator._
 
-import play.api.Configuration
+import play.api.{Configuration, Logger}
 import play.api.libs.json._
 import play.api.libs.ws.WSClient
 
@@ -38,13 +39,73 @@ class GroupUserMapper(
 
   override val name: String = "group"
 
+  private[GroupUserMapper] lazy val logger = Logger(getClass)
+
+  private class RoleListParser extends RegexParsers {
+    val str     = "[a-zA-Z0-9_]+".r
+    val strSpc  = "[a-zA-Z0-9_ ]+".r
+    val realStr = ("\""~>strSpc<~"\"" | "'"~>strSpc<~"'" | str)
+
+    def expr: Parser[Seq[String]] = {
+      "[" ~ opt(realStr ~ rep(("," | ",") ~ realStr)) ~ "]" ^^ {
+        case _ ~ Some(firstRole ~ list) ~ _ => list.foldLeft(Seq(firstRole)) {
+          case (queue, _ ~ role) => role +: queue
+        }
+        case _ ~ _      => Seq.empty[String]
+      } | opt(realStr) ^^ {
+        case Some(role) => Seq(role)
+        case None       => Seq.empty[String]
+      }
+    }
+
+    def apply(input: String, logger: Logger): Seq[String] = parseAll(expr, input) match {
+      case Success(result, _)  => result
+      case failure : NoSuccess => {
+        logger.error(failure.msg)
+        Seq.empty[String]
+      }
+    }
+  }
+
   override def getUserFields(jsValue: JsValue, authHeader: Option[(String, String)]): Future[Fields] = {
+    if (groupsUrl == "") {
+      logger.debug(s"No groups endpoint provided (auth.sso.groups.url). Assuming groups were already received.")
+
+      val jsonGroups: Seq[String] = {
+        val groups: JsValue = (jsValue \ groupAttrName).get
+        // Groups received as valid JSON array
+        if (groups.isInstanceOf[JsArray]) {
+          groups.as[Seq[String]]
+        // Group list received as string (invalid JSON, for example: "ROLE" or "['Role 1', ROLE2, 'Role_3']")
+        } else if (groups.isInstanceOf[JsString]) {
+          (new RoleListParser).apply(groups.as[String], logger)
+        // Invalid group list
+        } else {
+          logger.error(s"Invalid group list (${groupAttrName} attribute, value '${groups}', type ${groups.getClass})")
+          Seq.empty[String]
+        }
+      }
+
+      mapGroupsAndBuildUserFields(jsValue, jsonGroups)
+
+    } else {
+      val apiCall = authHeader.fold(ws.url(groupsUrl))(headers ⇒ ws.url(groupsUrl).addHttpHeaders(headers))
+      apiCall.get.flatMap { r ⇒
+        val jsonGroups = (r.json \ groupAttrName).as[Seq[String]]
+        mapGroupsAndBuildUserFields(jsValue, jsonGroups)
+      }
+    }
+  }
+
+  private def mapGroupsAndBuildUserFields(jsValue: JsValue, jsonGroups: Seq[String]): Future[Fields] = {
+    val mappedRoles = jsonGroups.flatMap(mappings.get).flatten.toSet
+    val roles       = if (mappedRoles.nonEmpty) mappedRoles else defaultRoles
+
+    if (roles.isEmpty) {
+      Future.failed(AuthenticationError(s"No matched roles for user."))
 
-    val apiCall = authHeader.fold(ws.url(groupsUrl))(headers ⇒ ws.url(groupsUrl).addHttpHeaders(headers))
-    apiCall.get.flatMap { r ⇒
-      val jsonGroups  = (r.json \ groupAttrName).as[Seq[String]]
-      val mappedRoles = jsonGroups.flatMap(mappings.get).maxBy(_.length)
-      val roles       = if (mappedRoles.nonEmpty) mappedRoles else defaultRoles
+    } else {
+      logger.debug(s"Computed roles : ${roles}")
 
       val fields = for {
         login ← (jsValue \ loginAttrName).validate[String]

From 93c2495d760b8be51f122546a5f1f24939089fa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Tue, 3 Sep 2019 10:40:31 +0200
Subject: [PATCH 03/58] Support for auto-updating SSO user

---
 thehive-backend/app/services/OAuth2Srv.scala | 21 +++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/thehive-backend/app/services/OAuth2Srv.scala b/thehive-backend/app/services/OAuth2Srv.scala
index ea6664f0ef..af8ad47163 100644
--- a/thehive-backend/app/services/OAuth2Srv.scala
+++ b/thehive-backend/app/services/OAuth2Srv.scala
@@ -24,7 +24,8 @@ case class OAuth2Config(
     tokenUrl: String,
     userUrl: String,
     scope: String,
-    autocreate: Boolean
+    autocreate: Boolean,
+    autoupdate: Boolean
 )
 
 object OAuth2Config {
@@ -41,7 +42,8 @@ object OAuth2Config {
       tokenUrl         ← configuration.getOptional[String]("auth.oauth2.tokenUrl")
       scope            ← configuration.getOptional[String]("auth.oauth2.scope")
       autocreate = configuration.getOptional[Boolean]("auth.sso.autocreate").getOrElse(false)
-    } yield OAuth2Config(clientId, clientSecret, redirectUri, responseType, grantType, authorizationUrl, tokenUrl, userUrl, scope, autocreate)
+      autoupdate = configuration.getOptional[Boolean]("auth.sso.autoupdate").getOrElse(false)
+    } yield OAuth2Config(clientId, clientSecret, redirectUri, responseType, grantType, authorizationUrl, tokenUrl, userUrl, scope, autocreate, autoupdate)
 }
 
 @Singleton
@@ -125,11 +127,24 @@ class OAuth2Srv(
         userSrv
           .get(userId)
           .flatMap(user ⇒ {
-            userSrv.getFromUser(request, user, name)
+            if (cfg.autoupdate) {
+              logger.debug(s"Updating OAuth/OIDC user")
+              userSrv.inInitAuthContext { implicit authContext ⇒
+                // Only update name and roles, not login (can't change it)
+                userSrv
+                  .update(user, userFields.unset("login"))
+                  .flatMap(user ⇒ {
+                    userSrv.getFromUser(request, user, name)
+                  })
+              }
+            } else {
+              userSrv.getFromUser(request, user, name)
+            }
           })
           .recoverWith {
             case authErr: AuthorizationError ⇒ Future.failed(authErr)
             case _ if cfg.autocreate ⇒
+              logger.debug(s"Creating OAuth/OIDC user")
               userSrv.inInitAuthContext { implicit authContext ⇒
                 userSrv
                   .create(userFields)

From 03f0137a3ee794f4e500916cf46d1823d7bb4df8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Tue, 3 Sep 2019 10:42:19 +0200
Subject: [PATCH 04/58] Updated example and default config

Default now respects OpenID Connect conventions.
---
 conf/application.sample                       | 146 ++++++++++++------
 .../services/mappers/GroupUserMapper.scala    |   6 +-
 .../services/mappers/SimpleUserMapper.scala   |   4 +-
 3 files changed, 103 insertions(+), 53 deletions(-)

diff --git a/conf/application.sample b/conf/application.sample
index b4c10083f9..64dd2303d5 100644
--- a/conf/application.sample
+++ b/conf/application.sample
@@ -45,57 +45,109 @@ search {
 
 # Authentication
 auth {
-	# "provider" parameter contains authentication provider. It can be multi-valued (useful for migration)
-	# available auth types are:
-	# services.LocalAuthSrv : passwords are stored in user entity (in Elasticsearch). No configuration is required.
-	# ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
-	# ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
-	provider = [local]
+  # "provider" parameter contains authentication provider. It can be multi-valued (useful for migration)
+  # available auth types are:
+  # services.LocalAuthSrv : passwords are stored in user entity (in Elasticsearch). No configuration is required.
+  # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
+  # ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
+  # oauth2 : use OAuth/OIDC to authenticate users. Configuration is under "auth.oauth2" and "auth.sso" keys
+  provider = [local]
 
   # By default, basic authentication is disabled. You can enable it by setting "method.basic" to true.
   #method.basic = true
 
-
-	ad {
-		# The Windows domain name in DNS format. This parameter is required if you do not use
-		# 'serverNames' below.
-		#domainFQDN = "mydomain.local"
-
-		# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
-		# above. If this parameter is not set, TheHive uses 'domainFQDN'.
-        #serverNames = [ad1.mydomain.local, ad2.mydomain.local]
-
-		# The Windows domain name using short format. This parameter is required.
-		#domainName = "MYDOMAIN"
-
-		# If 'true', use SSL to connect to the domain controller.
-		#useSSL = true
-	}
-
-	ldap {
-		# The LDAP server name or address. The port can be specified using the 'host:port'
-		# syntax. This parameter is required if you don't use 'serverNames' below.
-		#serverName = "ldap.mydomain.local:389"
-
-		# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
-        #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
-
-		# Account to use to bind to the LDAP server. This parameter is required.
-		#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
-
-		# Password of the binding account. This parameter is required.
-		#bindPW = "***secret*password***"
-
-		# Base DN to search users. This parameter is required.
-		#baseDN = "ou=users,dc=mydomain,dc=local"
-
-		# Filter to search user in the directory server. Please note that {0} is replaced
-		# by the actual user name. This parameter is required.
-		#filter = "(cn={0})"
-
-		# If 'true', use SSL to connect to the LDAP directory server.
-		#useSSL = true
-	}
+  ad {
+    # The Windows domain name in DNS format. This parameter is required if you do not use
+    # 'serverNames' below.
+    #domainFQDN = "mydomain.local"
+
+    # Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
+    # above. If this parameter is not set, TheHive uses 'domainFQDN'.
+    #serverNames = [ad1.mydomain.local, ad2.mydomain.local]
+
+    # The Windows domain name using short format. This parameter is required.
+    #domainName = "MYDOMAIN"
+
+    # If 'true', use SSL to connect to the domain controller.
+    #useSSL = true
+  }
+
+  ldap {
+    # The LDAP server name or address. The port can be specified using the 'host:port'
+    # syntax. This parameter is required if you don't use 'serverNames' below.
+    #serverName = "ldap.mydomain.local:389"
+
+    # If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
+    #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
+
+    # Account to use to bind to the LDAP server. This parameter is required.
+    #bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
+
+    # Password of the binding account. This parameter is required.
+    #bindPW = "***secret*password***"
+
+    # Base DN to search users. This parameter is required.
+    #baseDN = "ou=users,dc=mydomain,dc=local"
+
+    # Filter to search user in the directory server. Please note that {0} is replaced
+    # by the actual user name. This parameter is required.
+    #filter = "(cn={0})"
+
+    # If 'true', use SSL to connect to the LDAP directory server.
+    #useSSL = true
+  }
+
+  oauth2 {
+    # URL of the authorization server
+    #clientId = "client-id"
+    #clientSecret = "client-secret"
+    #redirectUri = "https://my-thehive-instance.example/index.html#!/login"
+    #responseType = "code"
+    #grantType = "authorization_code"
+
+    # URL from where to get the access token
+    #authorizationUrl = "https://auth-site.com/OAuth/Authorize"
+    #tokenUrl = "https://auth-site.com/OAuth/Token"
+
+    # The endpoint from which to obtain user details using the OAuth token, after successful login
+    #userUrl = "https://auth-site.com/api/User"
+    #scope = "openid profile"
+  }
+
+  # Single-Sign On
+  sso {
+    # Autocreate user in database?
+    #autocreate = false
+
+    # Autoupdate its profile and roles?
+    #autoupdate = false
+
+    # Autologin user using SSO?
+    #autologin = false
+    # Attributes mappings
+    #attributes {
+    #  login = "sub"
+    #  name = "name"
+    #  groups = "groups"
+    #  #roles = "roles"
+    #}
+
+    # Name of mapping class from user resource to backend user ('simple' or 'group')
+    #mapper = group
+    # Default roles for users with no groups mapped ("read", "write", "admin")
+    #defaultRoles = []
+
+    #groups {
+    #  # URL to retreive groups (leave empty if you are using OIDC)
+    #  #url = "https://auth-site.com/api/Groups"
+    #  # Group mappings, you can have multiple roles for each group: they are merged
+    #  mappings {
+    #    admin-profile-name = ["admin"]
+    #    editor-profile-name = ["write"]
+    #    reader-profile-name = ["read"]
+    #  }
+    #}
+  }
 }
 
 # Maximum time between two requests without requesting authentication
diff --git a/thehive-backend/app/services/mappers/GroupUserMapper.scala b/thehive-backend/app/services/mappers/GroupUserMapper.scala
index cb75a04c32..378e07ee2c 100644
--- a/thehive-backend/app/services/mappers/GroupUserMapper.scala
+++ b/thehive-backend/app/services/mappers/GroupUserMapper.scala
@@ -15,7 +15,6 @@ import org.elastic4play.controllers.Fields
 class GroupUserMapper(
     loginAttrName: String,
     nameAttrName: String,
-    rolesAttrName: Option[String],
     groupAttrName: String,
     defaultRoles: Seq[String],
     groupsUrl: String,
@@ -26,9 +25,8 @@ class GroupUserMapper(
 
   @Inject() def this(configuration: Configuration, ws: WSClient, ec: ExecutionContext) =
     this(
-      configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("name"),
-      configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("username"),
-      configuration.getOptional[String]("auth.sso.attributes.roles"),
+      configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("sub"),
+      configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("name"),
       configuration.getOptional[String]("auth.sso.attributes.groups").getOrElse(""),
       configuration.getOptional[Seq[String]]("auth.sso.defaultRoles").getOrElse(Seq()),
       configuration.getOptional[String]("auth.sso.groups.url").getOrElse(""),
diff --git a/thehive-backend/app/services/mappers/SimpleUserMapper.scala b/thehive-backend/app/services/mappers/SimpleUserMapper.scala
index b549c9b0ee..323d6f9715 100644
--- a/thehive-backend/app/services/mappers/SimpleUserMapper.scala
+++ b/thehive-backend/app/services/mappers/SimpleUserMapper.scala
@@ -20,8 +20,8 @@ class SimpleUserMapper(
 
   @Inject() def this(configuration: Configuration, ec: ExecutionContext) =
     this(
-      configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("name"),
-      configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("username"),
+      configuration.getOptional[String]("auth.sso.attributes.login").getOrElse("sub"),
+      configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("name"),
       configuration.getOptional[String]("auth.sso.attributes.roles"),
       configuration.getOptional[Seq[String]]("auth.sso.defaultRoles").getOrElse(Seq()),
       ec

From fa9c778dc063e8e24868a1d352ffc5e14359ff73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Tue, 3 Sep 2019 10:45:17 +0200
Subject: [PATCH 05/58] Improved SSO login & autologin

---
 ui/app/scripts/app.js                           |  2 +-
 .../scripts/controllers/AuthenticationCtrl.js   | 10 +++++++---
 ui/app/scripts/controllers/RootCtrl.js          |  4 ++--
 ui/app/scripts/services/UtilsSrv.js             | 17 -----------------
 ui/app/views/login.html                         | 10 +++++-----
 5 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
index e2873c001d..6fde274b02 100644
--- a/ui/app/scripts/app.js
+++ b/ui/app/scripts/app.js
@@ -58,7 +58,7 @@ angular.module('thehive', [
                     }
                 },
                 params: {
-                    autoLogin: false
+                    disableSsoAutoLogin: false
                 },
                 title: 'Login'
             })
diff --git a/ui/app/scripts/controllers/AuthenticationCtrl.js b/ui/app/scripts/controllers/AuthenticationCtrl.js
index 4ba859caff..a54abf1bc4 100644
--- a/ui/app/scripts/controllers/AuthenticationCtrl.js
+++ b/ui/app/scripts/controllers/AuthenticationCtrl.js
@@ -4,18 +4,21 @@
 (function() {
     'use strict';
     angular.module('theHiveControllers')
-        .controller('AuthenticationCtrl', function($scope, $state, $location, $uibModalStack, $stateParams, AuthenticationSrv, NotificationSrv, UtilsSrv, UrlParser, appConfig) {
+        .controller('AuthenticationCtrl', function($scope, $state, $location, $uibModalStack, $stateParams, AuthenticationSrv, NotificationSrv, appConfig) {
             $scope.params = {};
+            $scope.ssoLogingIn = false;
 
             $uibModalStack.dismissAll();
 
             $scope.ssoLogin = function (code) {
+                $scope.ssoLogingIn = true;
                 AuthenticationSrv.ssoLogin(code)
                     .then(function(response) {
                         var redirectLocation = response.headers().location;
                         if(angular.isDefined(redirectLocation)) {
                             window.location = redirectLocation;
                         } else {
+                            $location.search('code', null);
                             $state.go('app.cases');
                         }
                     })
@@ -25,6 +28,7 @@
                         } else {
                             NotificationSrv.log(err.data.message, 'error');
                         }
+                        $scope.ssoLogingIn = false;
                         $location.url($location.path());
                     });
             };
@@ -49,8 +53,8 @@
                 });
             };
 
-            var code = UtilsSrv.extractQueryParam('code', UrlParser('query', $location.absUrl()));
-            if(angular.isDefined(code) || $stateParams.autoLogin) {
+            var code = $location.search().code;
+            if(angular.isDefined(code) || (appConfig.config.ssoAutoLogin && !$stateParams.disableSsoAutoLogin)) {
                 $scope.ssoLogin(code);
             }
         });
diff --git a/ui/app/scripts/controllers/RootCtrl.js b/ui/app/scripts/controllers/RootCtrl.js
index acbd718b83..737f53231a 100644
--- a/ui/app/scripts/controllers/RootCtrl.js
+++ b/ui/app/scripts/controllers/RootCtrl.js
@@ -9,7 +9,7 @@ angular.module('theHiveControllers').controller('RootCtrl',
             $state.go('maintenance');
             return;
         }else if(!currentUser || !currentUser.id) {
-            $state.go('login', {autoLogin: appConfig.config.ssoAutoLogin });
+            $state.go('login');
             return;
         }
 
@@ -141,7 +141,7 @@ angular.module('theHiveControllers').controller('RootCtrl',
 
         $scope.logout = function() {
             AuthenticationSrv.logout(function() {
-                $state.go('login');
+                $state.go('login', {disableSsoAutoLogin: true});
             }, function(data, status) {
                 NotificationSrv.error('RootCtrl', data, status);
             });
diff --git a/ui/app/scripts/services/UtilsSrv.js b/ui/app/scripts/services/UtilsSrv.js
index 5a4fdb4288..6322ab2cb9 100644
--- a/ui/app/scripts/services/UtilsSrv.js
+++ b/ui/app/scripts/services/UtilsSrv.js
@@ -101,23 +101,6 @@
                         scope.value = scope.oldValue;
                         scope.updatable.updating = false;
                     };
-                },
-
-                extractQueryParam: function(paramName, queryString) {
-                    if (!queryString || !paramName) {
-                        return;
-                    }
-
-                    var param = $location.search()[paramName];
-
-                    if (param) {
-                        return param;
-                    } else {
-                        var parsedQuery = _.find(queryString.split('&'), function(str) {
-                            return str.startsWith(paramName + '=');
-                        });
-                        return parsedQuery ? parsedQuery.substr(paramName.length + 1) : undefined;
-                    }
                 }
             };
 
diff --git a/ui/app/views/login.html b/ui/app/views/login.html
index 0c30c09a84..18bc6d7729 100644
--- a/ui/app/views/login.html
+++ b/ui/app/views/login.html
@@ -6,25 +6,25 @@
         <p class="login-box-msg">Sign in to start your session</p>
         <form name="loginForm">
             <div class="form-group has-feedback has-feedback-left">
-                 <input type="text" class="form-control" placeholder="Login" ng-model="params.username" autocomplete="off" required>
+                 <input type="text" class="form-control" placeholder="Login" ng-model="params.username" autocomplete="off" required ng-disabled="ssoLogingIn">
                  <i class="form-control-feedback glyphicon glyphicon-user"></i>
             </div>
             <div class="form-group has-feedback has-feedback-left">
-                <input type="password" class="input form-control" placeholder="Password" ng-model="params.password" autocomplete="off" required>
+                <input type="password" class="input form-control" placeholder="Password" ng-model="params.password" autocomplete="off" required ng-disabled="ssoLogingIn">
                 <i class="form-control-feedback glyphicon glyphicon-lock "></i>
             </div>
 
             <div class="row">
                 <div class="col-xs-offset-8 col-xs-4">
-                    <button type="submit" ng-click="login()" class="btn btn-primary btn-sm btn-block btn-flat" ng-disabled="loginForm.$invalid">Sign In</button>
+                    <button type="submit" ng-click="login()" class="btn btn-primary btn-sm btn-block btn-flat" ng-disabled="loginForm.$invalid || ssoLogingIn">Sign In</button>
                 </div>
             </div>
         </form>
     </div>
     <div class="sso-login-box" ng-if="::ssoEnabled()">
         <div class="row">
-            <div class="col-xs-offset-4 col-xs-4">
-                <button type="submit" class="btn btn-success btn-sm btn-block btn-flat" ng-click="ssoLogin()">Sign In with SSO</button>
+            <div class="col-xs-6" style="margin: 0 auto; float: none;">
+		    <button type="submit" class="btn btn-sm btn-flat" ng-class="{'btn-warning': ssoLogingIn, 'btn-success': !ssoLogingIn}" ng-click="ssoLogin()" ng-disabled="ssoLogingIn">{{ ssoLogingIn ? "Signing in with SSO..." : "Sign in with SSO" }}</button>
             </div>
         </div>
     </div>

From 90ec8ffb04af0e225218f3f6cd34cdd2db52000e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Thu, 5 Sep 2019 13:35:54 +0200
Subject: [PATCH 06/58] Improved code after @To-om review

---
 .../services/mappers/GroupUserMapper.scala    | 78 ++++++++++---------
 1 file changed, 40 insertions(+), 38 deletions(-)

diff --git a/thehive-backend/app/services/mappers/GroupUserMapper.scala b/thehive-backend/app/services/mappers/GroupUserMapper.scala
index 378e07ee2c..d0b50c4bfd 100644
--- a/thehive-backend/app/services/mappers/GroupUserMapper.scala
+++ b/thehive-backend/app/services/mappers/GroupUserMapper.scala
@@ -9,15 +9,15 @@ import play.api.{Configuration, Logger}
 import play.api.libs.json._
 import play.api.libs.ws.WSClient
 
-import org.elastic4play.AuthenticationError
+import org.elastic4play.{AuthenticationError, AuthorizationError}
 import org.elastic4play.controllers.Fields
 
 class GroupUserMapper(
     loginAttrName: String,
     nameAttrName: String,
-    groupAttrName: String,
+    groupsAttrName: String,
     defaultRoles: Seq[String],
-    groupsUrl: String,
+    groupsUrl: Option[String],
     mappings: Map[String, Seq[String]],
     ws: WSClient,
     implicit val ec: ExecutionContext
@@ -29,7 +29,7 @@ class GroupUserMapper(
       configuration.getOptional[String]("auth.sso.attributes.name").getOrElse("name"),
       configuration.getOptional[String]("auth.sso.attributes.groups").getOrElse(""),
       configuration.getOptional[Seq[String]]("auth.sso.defaultRoles").getOrElse(Seq()),
-      configuration.getOptional[String]("auth.sso.groups.url").getOrElse(""),
+      configuration.getOptional[String]("auth.sso.groups.url"),
       configuration.getOptional[Map[String, Seq[String]]]("auth.sso.groups.mappings").getOrElse(Map()),
       ws,
       ec
@@ -45,51 +45,53 @@ class GroupUserMapper(
     val realStr = ("\""~>strSpc<~"\"" | "'"~>strSpc<~"'" | str)
 
     def expr: Parser[Seq[String]] = {
-      "[" ~ opt(realStr ~ rep(("," | ",") ~ realStr)) ~ "]" ^^ {
-        case _ ~ Some(firstRole ~ list) ~ _ => list.foldLeft(Seq(firstRole)) {
-          case (queue, _ ~ role) => role +: queue
+      "[" ~ opt(realStr ~ rep("," ~ realStr)) ~ "]" ^^ {
+        case _ ~ Some(firstRole ~ list) ~ _ ⇒ list.foldLeft(Seq(firstRole)) {
+          case (queue, _ ~ role) ⇒ role +: queue
         }
-        case _ ~ _      => Seq.empty[String]
+        case _ ~ _      ⇒ Seq.empty[String]
       } | opt(realStr) ^^ {
-        case Some(role) => Seq(role)
-        case None       => Seq.empty[String]
+        case Some(role) ⇒ Seq(role)
+        case None       ⇒ Seq.empty[String]
       }
     }
 
-    def apply(input: String, logger: Logger): Seq[String] = parseAll(expr, input) match {
-      case Success(result, _)  => result
-      case failure : NoSuccess => {
-        logger.error(failure.msg)
+    def apply(input: String): Seq[String] = parseAll(expr, input) match {
+      case Success(result, _)  ⇒ result
+      case failure : NoSuccess ⇒ {
+        logger.error(s"Can't parse groups list: ${failure.msg}")
         Seq.empty[String]
       }
     }
   }
 
   override def getUserFields(jsValue: JsValue, authHeader: Option[(String, String)]): Future[Fields] = {
-    if (groupsUrl == "") {
-      logger.debug(s"No groups endpoint provided (auth.sso.groups.url). Assuming groups were already received.")
-
-      val jsonGroups: Seq[String] = {
-        val groups: JsValue = (jsValue \ groupAttrName).get
-        // Groups received as valid JSON array
-        if (groups.isInstanceOf[JsArray]) {
-          groups.as[Seq[String]]
-        // Group list received as string (invalid JSON, for example: "ROLE" or "['Role 1', ROLE2, 'Role_3']")
-        } else if (groups.isInstanceOf[JsString]) {
-          (new RoleListParser).apply(groups.as[String], logger)
-        // Invalid group list
-        } else {
-          logger.error(s"Invalid group list (${groupAttrName} attribute, value '${groups}', type ${groups.getClass})")
-          Seq.empty[String]
+    groupsUrl match {
+      case Some(groupsEndpointUrl) ⇒ {
+        logger.debug(s"Retreiving groups from ${groupsEndpointUrl}")
+        val apiCall = authHeader.fold(ws.url(groupsEndpointUrl))(headers ⇒ ws.url(groupsEndpointUrl).addHttpHeaders(headers))
+        apiCall.get.flatMap { r ⇒
+          val jsonGroups = (r.json \ groupsAttrName).as[Seq[String]]
+          mapGroupsAndBuildUserFields(jsValue, jsonGroups)
         }
       }
-
-      mapGroupsAndBuildUserFields(jsValue, jsonGroups)
-
-    } else {
-      val apiCall = authHeader.fold(ws.url(groupsUrl))(headers ⇒ ws.url(groupsUrl).addHttpHeaders(headers))
-      apiCall.get.flatMap { r ⇒
-        val jsonGroups = (r.json \ groupAttrName).as[Seq[String]]
+      case None ⇒ {
+        val jsonGroups: Seq[String] = (jsValue \ groupsAttrName) match {
+          // Groups received as valid JSON array
+          case JsDefined(JsArray(groupsList)) ⇒ groupsList.map(_.as[String]).toList
+          // Groups list received as string (invalid JSON, for example: "ROLE" or "['Role 1', ROLE2, 'Role_3']")
+          case JsDefined(JsString(groupsStr)) ⇒ (new RoleListParser).apply(groupsStr)
+          // Invalid group list
+          case JsDefined(error) ⇒ {
+            logger.error(s"Invalid groups list received in user info: '${error}' of type ${error.getClass}")
+            Seq.empty[String]
+          }
+          // Groups field is undefined
+          case _: JsUndefined ⇒ {
+            logger.error(s"OAuth2 not configured properly: groups attribute ${groupsAttrName} doesn't exist in user info")
+            Seq.empty[String]
+          }
+        }
         mapGroupsAndBuildUserFields(jsValue, jsonGroups)
       }
     }
@@ -100,10 +102,10 @@ class GroupUserMapper(
     val roles       = if (mappedRoles.nonEmpty) mappedRoles else defaultRoles
 
     if (roles.isEmpty) {
-      Future.failed(AuthenticationError(s"No matched roles for user."))
+      Future.failed(AuthorizationError(s"No matched roles for user."))
 
     } else {
-      logger.debug(s"Computed roles : ${roles}")
+      logger.debug(s"Computed roles: ${roles}")
 
       val fields = for {
         login ← (jsValue \ loginAttrName).validate[String]

From 5616e38ed700cb566048ecdcb7813f5d9f762257 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Thu, 5 Sep 2019 15:55:59 +0200
Subject: [PATCH 07/58] Improved error and debugging messages

---
 thehive-backend/app/services/OAuth2Srv.scala  |  9 +--
 .../services/mappers/GroupUserMapper.scala    | 60 +++++++++----------
 .../services/mappers/SimpleUserMapper.scala   |  2 +-
 3 files changed, 35 insertions(+), 36 deletions(-)

diff --git a/thehive-backend/app/services/OAuth2Srv.scala b/thehive-backend/app/services/OAuth2Srv.scala
index af8ad47163..d52078d5b8 100644
--- a/thehive-backend/app/services/OAuth2Srv.scala
+++ b/thehive-backend/app/services/OAuth2Srv.scala
@@ -79,7 +79,7 @@ class OAuth2Srv(
     }
 
   private def getAuthTokenAndAuthenticate(clientId: String, code: String)(implicit request: RequestHeader): Future[AuthContext] = {
-    logger.debug("Getting user token with the code from the response!")
+    logger.debug("Getting user token with the code from the response")
     withOAuth2Config { cfg ⇒
       ws.url(cfg.tokenUrl)
         .post(
@@ -99,6 +99,7 @@ class OAuth2Srv(
         .flatMap { r ⇒
           r.status match {
             case Status.OK ⇒
+              logger.debug("Getting user info using access token")
               val accessToken = (r.json \ "access_token").asOpt[String].getOrElse("")
               val authHeader  = "Authorization" → s"bearer $accessToken"
               ws.url(cfg.userUrl)
@@ -106,15 +107,15 @@ class OAuth2Srv(
                 .get()
                 .flatMap { userResponse ⇒
                   if (userResponse.status != Status.OK) {
-                    Future.failed(AuthenticationError(s"unexpected response from server: ${userResponse.status} ${userResponse.body}"))
+                    Future.failed(AuthenticationError(s"Unexpected response from server: ${userResponse.status} ${userResponse.body}"))
                   } else {
                     val response = userResponse.json.asInstanceOf[JsObject]
                     getOrCreateUser(response, authHeader)
                   }
                 }
             case _ ⇒
-              logger.error(s"unexpected response from server: ${r.status} ${r.body}")
-              Future.failed(AuthenticationError("unexpected response from server"))
+              logger.error(s"Unexpected response from server: ${r.status} ${r.body}")
+              Future.failed(AuthenticationError("Unexpected response from server"))
           }
         }
     }
diff --git a/thehive-backend/app/services/mappers/GroupUserMapper.scala b/thehive-backend/app/services/mappers/GroupUserMapper.scala
index d0b50c4bfd..cf036ce379 100644
--- a/thehive-backend/app/services/mappers/GroupUserMapper.scala
+++ b/thehive-backend/app/services/mappers/GroupUserMapper.scala
@@ -55,14 +55,6 @@ class GroupUserMapper(
         case None       ⇒ Seq.empty[String]
       }
     }
-
-    def apply(input: String): Seq[String] = parseAll(expr, input) match {
-      case Success(result, _)  ⇒ result
-      case failure : NoSuccess ⇒ {
-        logger.error(s"Can't parse groups list: ${failure.msg}")
-        Seq.empty[String]
-      }
-    }
   }
 
   override def getUserFields(jsValue: JsValue, authHeader: Option[(String, String)]): Future[Fields] = {
@@ -70,30 +62,36 @@ class GroupUserMapper(
       case Some(groupsEndpointUrl) ⇒ {
         logger.debug(s"Retreiving groups from ${groupsEndpointUrl}")
         val apiCall = authHeader.fold(ws.url(groupsEndpointUrl))(headers ⇒ ws.url(groupsEndpointUrl).addHttpHeaders(headers))
-        apiCall.get.flatMap { r ⇒
-          val jsonGroups = (r.json \ groupsAttrName).as[Seq[String]]
-          mapGroupsAndBuildUserFields(jsValue, jsonGroups)
-        }
+        apiCall.get.flatMap { r ⇒ extractGroupsThenBuildUserFields(jsValue, r.json) }
       }
       case None ⇒ {
-        val jsonGroups: Seq[String] = (jsValue \ groupsAttrName) match {
-          // Groups received as valid JSON array
-          case JsDefined(JsArray(groupsList)) ⇒ groupsList.map(_.as[String]).toList
-          // Groups list received as string (invalid JSON, for example: "ROLE" or "['Role 1', ROLE2, 'Role_3']")
-          case JsDefined(JsString(groupsStr)) ⇒ (new RoleListParser).apply(groupsStr)
-          // Invalid group list
-          case JsDefined(error) ⇒ {
-            logger.error(s"Invalid groups list received in user info: '${error}' of type ${error.getClass}")
-            Seq.empty[String]
-          }
-          // Groups field is undefined
-          case _: JsUndefined ⇒ {
-            logger.error(s"OAuth2 not configured properly: groups attribute ${groupsAttrName} doesn't exist in user info")
-            Seq.empty[String]
-          }
+        logger.debug(s"Extracting groups from user info")
+        extractGroupsThenBuildUserFields(jsValue, jsValue)
+      }
+    }
+  }
+
+  private def extractGroupsThenBuildUserFields(jsValue: JsValue, groupsContainer: JsValue): Future[Fields] = {
+    (groupsContainer \ groupsAttrName) match {
+      // Groups received as valid JSON array
+      case JsDefined(JsArray(groupsList)) ⇒ mapGroupsAndBuildUserFields(jsValue, groupsList.map(_.as[String]).toList)
+
+      // Groups list received as string (invalid JSON, for example: "ROLE" or "['Role 1', ROLE2, 'Role_3']")
+      case JsDefined(JsString(groupsStr)) ⇒ {
+        val parser = new RoleListParser
+        parser.parseAll(parser.expr, groupsStr) match {
+          case parser.Success(result, _) ⇒ mapGroupsAndBuildUserFields(jsValue, result)
+          case err: parser.NoSuccess     ⇒ Future.failed(AuthenticationError(s"User info fails: can't parse groups list (${err.msg})"))
         }
-        mapGroupsAndBuildUserFields(jsValue, jsonGroups)
       }
+
+      // Invalid group list
+      case JsDefined(error) ⇒
+        Future.failed(AuthenticationError(s"User info fails: invalid groups list received in user info ('${error}' of type ${error.getClass})"))
+
+      // Groups field is undefined
+      case _: JsUndefined ⇒
+        Future.failed(AuthenticationError(s"User info fails: groups attribute ${groupsAttrName} doesn't exist in user info"))
     }
   }
 
@@ -102,10 +100,10 @@ class GroupUserMapper(
     val roles       = if (mappedRoles.nonEmpty) mappedRoles else defaultRoles
 
     if (roles.isEmpty) {
-      Future.failed(AuthorizationError(s"No matched roles for user."))
+      Future.failed(AuthorizationError(s"No matched roles for user"))
 
     } else {
-      logger.debug(s"Computed roles: ${roles}")
+      logger.debug(s"Computed roles: ${roles.mkString(", ")}")
 
       val fields = for {
         login ← (jsValue \ loginAttrName).validate[String]
@@ -113,7 +111,7 @@ class GroupUserMapper(
       } yield Fields(Json.obj("login" → login, "name" → name, "roles" → roles))
       fields match {
         case JsSuccess(f, _) ⇒ Future.successful(f)
-        case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._1).mkString}"))
+        case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._2).map(_.map(_.messages.mkString(", ")).mkString("; ")).mkString}"))
       }
     }
   }
diff --git a/thehive-backend/app/services/mappers/SimpleUserMapper.scala b/thehive-backend/app/services/mappers/SimpleUserMapper.scala
index 323d6f9715..598d9d2ece 100644
--- a/thehive-backend/app/services/mappers/SimpleUserMapper.scala
+++ b/thehive-backend/app/services/mappers/SimpleUserMapper.scala
@@ -37,7 +37,7 @@ class SimpleUserMapper(
     } yield Fields(Json.obj("login" → login, "name" → name, "roles" → roles))
     fields match {
       case JsSuccess(f, _) ⇒ Future.successful(f)
-      case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._1).mkString}"))
+      case JsError(errors) ⇒ Future.failed(AuthenticationError(s"User info fails: ${errors.map(_._2).map(_.map(_.messages.mkString(", ")).mkString("; ")).mkString}"))
     }
   }
 }

From a0da8e3ad58670f7f874547f5e9c8893b96d9af7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9arch?= <learch@firost.fr>
Date: Fri, 6 Sep 2019 11:07:33 +0200
Subject: [PATCH 08/58] Add log lines for debugging information

---
 conf/application.sample | 1 +
 conf/logback.xml        | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/conf/application.sample b/conf/application.sample
index 64dd2303d5..786a70df7a 100644
--- a/conf/application.sample
+++ b/conf/application.sample
@@ -124,6 +124,7 @@ auth {
 
     # Autologin user using SSO?
     #autologin = false
+
     # Attributes mappings
     #attributes {
     #  login = "sub"
diff --git a/conf/logback.xml b/conf/logback.xml
index 3d090db65d..6420ad405c 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -46,9 +46,14 @@
     <!--logger name="services.LocalStreamActor" level="DEBUG" /-->
     <!--logger name="services.StreamActor" level="DEBUG" /-->
 
+    <!-- Uncomment the next lines to log debug information for OAuth/OIDC login -->
+    <!--logger name="org.elastic4play.services.auth" level="DEBUG" /-->
+    <!--logger name="services.OAuth2Srv" level="DEBUG" /-->
+    <!--logger name="services.mappers" level="DEBUG" /-->
+
     <root level="INFO">
         <appender-ref ref="ASYNCFILE" />
         <appender-ref ref="ASYNCSTDOUT" />
     </root>
 
-</configuration>
\ No newline at end of file
+</configuration>

From 384110a492a3af66a6b9102648162d9ee97a7a89 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Tue, 1 Oct 2019 11:01:59 +0200
Subject: [PATCH 09/58] fix some typo

fix some typo
---
 CHANGELOG.md                                               | 2 +-
 thehive-backend/conf/reference.conf                        | 2 +-
 ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js | 2 +-
 ui/app/scripts/directives/entityLink.js                    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b504a828a5..1bea0e83d9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -474,7 +474,7 @@
 **Closed issues:**
 
 - The Hive - MISP SSL configuration: General SSLEngine problem [\#544](https://github.com/TheHive-Project/TheHive/issues/544)
-- Dropdown menu for case templates doesnt have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
+- Dropdown menu for case templates doesn't have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
 
 **Merged pull requests:**
 
diff --git a/thehive-backend/conf/reference.conf b/thehive-backend/conf/reference.conf
index 49fdb53b16..5ca2400d54 100644
--- a/thehive-backend/conf/reference.conf
+++ b/thehive-backend/conf/reference.conf
@@ -191,7 +191,7 @@ migration {
 //
 //    # Maximum number of sync messages that actor can process for stream to substream communication.
 //    # Parameter allows to interrupt synchronous processing to get upsteam/downstream messages.
-//    # Allows to accelerate message processing that happening withing same actor but keep system responsive.
+//    # Allows to accelerate message processing that happening within same actor but keep system responsive.
 //    sync-processing-limit = 1000
 //
 //    debug {
diff --git a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
index 26a0e3dc17..589ff7328d 100644
--- a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
@@ -155,7 +155,7 @@
                     }, 500);
 
                 }, function(/*err*/) {
-                    NotificationSrv.log('An expected error occured while fetching the job report');
+                    NotificationSrv.log('An expected error occurred while fetching the job report');
                 });
             };
 
diff --git a/ui/app/scripts/directives/entityLink.js b/ui/app/scripts/directives/entityLink.js
index 35dba95b0a..4d5134291a 100644
--- a/ui/app/scripts/directives/entityLink.js
+++ b/ui/app/scripts/directives/entityLink.js
@@ -19,7 +19,7 @@
 
                     if (angular.isDefined(scope.value)) {
                         if (!compiledContents) {
-                            // Get the link function with the contents frome top
+                            // Get the link function with the contents from top
                             // level template with
                             // the transclude
                             compiledContents = $compile(contents, transclude);

From 127e2b61a4420a3bc7cc28ec8ab5152279a8cde2 Mon Sep 17 00:00:00 2001
From: Adeel Ahmad <adeelahmad14@hotmail.com>
Date: Thu, 10 Oct 2019 15:17:33 +0200
Subject: [PATCH 10/58] Remove Elasticsearch cluster configuration option

The support for Elastichsearch cluster was dropped in
elastic4play: https://github.com/TheHive-Project/elastic4play/commit/61b536dba876dc1e4a2b55d496f5e8bc01c31db7
---
 docker/thehive/docker-compose.yml   | 1 -
 thehive-backend/conf/reference.conf | 2 --
 2 files changed, 3 deletions(-)

diff --git a/docker/thehive/docker-compose.yml b/docker/thehive/docker-compose.yml
index 801cd4f85d..8b952f6f6b 100644
--- a/docker/thehive/docker-compose.yml
+++ b/docker/thehive/docker-compose.yml
@@ -4,7 +4,6 @@ services:
     image: elasticsearch:6.8.0
     environment:
       - http.host=0.0.0.0
-      - cluster.name=hive
       - thread_pool.index.queue_size=100000
       - thread_pool.search.queue_size=100000
       - thread_pool.bulk.queue_size=100000
diff --git a/thehive-backend/conf/reference.conf b/thehive-backend/conf/reference.conf
index 49fdb53b16..88209572e2 100644
--- a/thehive-backend/conf/reference.conf
+++ b/thehive-backend/conf/reference.conf
@@ -28,8 +28,6 @@ play.http.session.cookieName = THE_HIVE_SESSION
 search {
   # Name of the index
   index = the_hive
-  # Name of the ElasticSearch cluster
-  cluster = hive
   # Address of the ElasticSearch instance
   host = ["127.0.0.1:9300"]
   # Scroll keepalive

From 84cf10b3867baefa96751a18cb3c0b0954127336 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 24 Feb 2020 13:48:58 +0100
Subject: [PATCH 11/58] #1233 Fix API heath status

---
 thehive-backend/app/controllers/StatusCtrl.scala | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/thehive-backend/app/controllers/StatusCtrl.scala b/thehive-backend/app/controllers/StatusCtrl.scala
index 08ee2f7145..7da4e47852 100644
--- a/thehive-backend/app/controllers/StatusCtrl.scala
+++ b/thehive-backend/app/controllers/StatusCtrl.scala
@@ -79,8 +79,7 @@ class StatusCtrl @Inject()(
         case 1 ⇒ HealthStatus.Warning
         case _ ⇒ HealthStatus.Error
       }
-      connectorStatus = connectors.map(c ⇒ c.health).toSeq
-      distinctStatus  = connectorStatus :+ dbStatus
+      distinctStatus = connectors.map(c ⇒ c.health) + dbStatus
       globalStatus = if (distinctStatus.contains(HealthStatus.Ok)) {
         if (distinctStatus.size > 1) HealthStatus.Warning else HealthStatus.Ok
       } else if (distinctStatus.contains(HealthStatus.Error)) HealthStatus.Error

From 944c4f061b7efb3ac45b5f4d425085dc9bb348fd Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Tue, 24 Mar 2020 10:49:45 +0100
Subject: [PATCH 12/58] Fix version of js-url library

---
 ui/bower.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/bower.json b/ui/bower.json
index c00deac64d..7338a0bee8 100644
--- a/ui/bower.json
+++ b/ui/bower.json
@@ -50,7 +50,7 @@
     "angular-drag-and-drop-lists": "^2.1.0",
     "angular-bootstrap-colorpicker": "^3.0.32",
     "file-saver": "1.3.4",
-    "js-url": "^2.5.3",
+    "js-url": "~2.5.3",
     "bootstrap-sass": "bootstrap-sass-official#^3.4.1"
   },
   "devDependencies": {

From a8fbcffb5d51a47d775cd95d9dbd34f7726eb0ce Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 27 Mar 2020 14:31:59 +0100
Subject: [PATCH 13/58] #1156 Fix analyzer timeout

---
 .../cortex/services/CortexAnalyzerSrv.scala       | 15 +++++++++++----
 .../connectors/cortex/services/CortexClient.scala |  6 +++++-
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
index 2f27e8592c..166f79b1e5 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
@@ -330,15 +330,22 @@ class CortexAnalyzerSrv @Inject()(
             .set("status", JobStatus.Failure.toString)
             .set("endDate", Json.toJson(new Date))
           update(jobId, jobFields)
-        case _ if maxRetryOnError > 0 ⇒
-          logger.debug(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails, restarting ...")
+        /* Workaround */
+        case CortexError(500, _, body) if Try((Json.parse(body) \ "type").as[String]) == Success("akka.pattern.AskTimeoutException") ⇒
+          logger.debug("Got a 500 Timeout, retry")
+          updateJobWithCortex(jobId, cortexJobId, cortex)
+        case e if maxRetryOnError > 0 ⇒
+          logger.debug(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails, restarting ...", e)
           val result = Promise[Job]
           system.scheduler.scheduleOnce(retryDelay) {
             updateJobWithCortex(jobId, cortexJobId, cortex, retryDelay, maxRetryOnError - 1).onComplete(result.complete)
           }
           result.future
-        case _ ⇒
-          logger.error(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails and the number of errors reaches the limit, aborting")
+        case e ⇒
+          logger.error(
+            s"Request of status of job $cortexJobId in cortex ${cortex.name} fails and the number of errors reaches the limit, aborting",
+            e
+          )
           update(
             jobId,
             Fields
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexClient.scala b/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
index db3e45b8a1..a5a5b7ed9e 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
@@ -165,7 +165,11 @@ class CortexClient(val name: String, baseUrl: String, authentication: Option[Cor
     request(s"api/analyzer/type/$dataType", _.get, _.json.as[Seq[Analyzer]]).map(_.map(_.copy(cortexIds = List(name))))
 
   def waitReport(jobId: String, atMost: Duration)(implicit ec: ExecutionContext): Future[JsObject] =
-    request(s"api/job/$jobId/waitreport", _.withQueryStringParameters("atMost" → atMost.toString).get, _.json.as[JsObject])
+    request(
+      s"api/job/$jobId/waitreport",
+      _.withQueryStringParameters("atMost" → atMost.toString).withRequestTimeout(atMost + 1.second).get,
+      _.json.as[JsObject]
+    )
 
   def getVersion()(implicit ec: ExecutionContext): Future[Option[String]] =
     request("api/status", _.get, identity)

From 39d8d2e96b9d2562a4d67c5d2e3ec45a1f812180 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 30 Mar 2020 09:31:37 +0200
Subject: [PATCH 14/58] #1210 Fix computed metrics

---
 thehive-backend/app/models/Alert.scala | 13 +++++++++----
 thehive-backend/app/models/Case.scala  |  6 +++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
index 2dcde4860f..ff17e1e859 100644
--- a/thehive-backend/app/models/Alert.scala
+++ b/thehive-backend/app/models/Alert.scala
@@ -83,10 +83,15 @@ trait AlertAttributes {
 @Singleton
 class AlertModel @Inject()(dblists: DBLists) extends ModelDef[AlertModel, Alert]("alert", "Alert", "/alert") with AlertAttributes with AuditedModel {
 
-  private[AlertModel] lazy val logger               = Logger(getClass)
-  override val defaultSortBy: Seq[String]           = Seq("-date")
-  override val removeAttribute: JsObject            = Json.obj("status" → AlertStatus.Ignored)
-  override val computedMetrics: Map[String, String] = Map("observableCount" → "_source['artifacts']?.size()")
+  private[AlertModel] lazy val logger     = Logger(getClass)
+  override val defaultSortBy: Seq[String] = Seq("-date")
+  override val removeAttribute: JsObject  = Json.obj("status" → AlertStatus.Ignored)
+  override val computedMetrics: Map[String, String] = Map(
+    "observableCount"           → "if (params._source.containsKey('artifacts')) { params._source['artifacts'].size() } else 0",
+    "handlingDurationInSeconds" → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / 1000",
+    "handlingDurationInHours"   → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / 3600000",
+    "handlingDurationInDays"    → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / (3600000 * 24)"
+  )
 
   override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] = {
     // check if data attribute is present on all artifacts
diff --git a/thehive-backend/app/models/Case.scala b/thehive-backend/app/models/Case.scala
index a6fe3984d5..86652a07e7 100644
--- a/thehive-backend/app/models/Case.scala
+++ b/thehive-backend/app/models/Case.scala
@@ -177,9 +177,9 @@ class CaseModel @Inject()(
     }
 
   override val computedMetrics = Map(
-    "handlingDurationInSeconds" → "(doc['endDate'].value - doc['startDate'].value) / 1000",
-    "handlingDurationInHours"   → "(doc['endDate'].value - doc['startDate'].value) / 3600000",
-    "handlingDurationInDays"    → "(doc['endDate'].value - doc['startDate'].value) / (3600000 * 24)"
+    "handlingDurationInSeconds" → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / 1000",
+    "handlingDurationInHours"   → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / 3600000",
+    "handlingDurationInDays"    → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / (3600000 * 24)"
   )
 }
 

From 86ad7c51bd5dcedaf61f94297e8a4de009d56dd7 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 30 Mar 2020 09:32:08 +0200
Subject: [PATCH 15/58] #1272 Fix multiple Cortex request

---
 .../cortex/services/CortexActionSrv.scala     | 20 ++++++++++++----
 .../cortex/services/CortexAnalyzerSrv.scala   | 24 ++++++++++++-------
 2 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
index 5f5ef8a71c..cc0a5e7db0 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
@@ -4,6 +4,7 @@ import java.util.Date
 
 import scala.concurrent.duration.FiniteDuration
 import scala.concurrent.{ExecutionContext, Future, Promise}
+import scala.util.Success
 import scala.util.control.NonFatal
 import scala.util.matching.Regex
 
@@ -42,7 +43,7 @@ class CortexActionSrv @Inject()(
     implicit val mat: Materializer
 ) {
 
-  lazy val logger                  = Logger(getClass)
+  lazy val logger: Logger          = Logger(getClass)
   lazy val responderIdRegex: Regex = "(.*)-(.*)".r
 
   def getResponderById(id: String): Future[Responder] =
@@ -221,9 +222,20 @@ class CortexActionSrv @Inject()(
             }
         }
         .getOrElse {
-          Future.firstCompletedOf {
-            cortexConfig.instances.map(c ⇒ getResponder(c).map(c → _))
-          }
+          Future
+            .traverse(cortexConfig.instances) { c ⇒
+              getResponder(c)
+                .transform {
+                  case Success(w) ⇒ Success(Some(c → w))
+                  case _          ⇒ Success(None)
+                }
+            }
+            .flatMap { responders ⇒
+              responders
+                .flatten
+                .headOption
+                .fold[Future[(CortexClient, Responder)]](Future.failed(NotFoundError(s"Responder not found")))(Future.successful)
+            }
         }
 
     for {
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
index 166f79b1e5..18cb243c54 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
@@ -5,13 +5,11 @@ import java.util.Date
 
 import scala.concurrent.duration.FiniteDuration
 import scala.concurrent.{ExecutionContext, Future, Promise}
-import scala.util.Try
+import scala.util.{Success, Try}
 import scala.util.control.NonFatal
-
 import play.api.Logger
 import play.api.libs.json._
 import play.api.libs.ws.WSClient
-
 import akka.NotUsed
 import akka.actor.{Actor, ActorSystem}
 import akka.stream.Materializer
@@ -21,7 +19,6 @@ import connectors.cortex.models._
 import javax.inject.{Inject, Singleton}
 import models.{Artifact, Case}
 import services.{UserSrv ⇒ _, _}
-
 import org.elastic4play.controllers.{Fields, FileInputValue}
 import org.elastic4play.database.{DBRemove, ModifyConfig}
 import org.elastic4play.services.JsonFormat.attachmentFormat
@@ -139,7 +136,7 @@ class CortexAnalyzerSrv @Inject()(
   def realDeleteJob(job: Job): Future[Unit] =
     dbRemove(job).map(_ ⇒ ())
 
-  def stats(query: QueryDef, aggs: Seq[Agg]) = findSrv(jobModel, query, aggs: _*)
+  def stats(query: QueryDef, aggs: Seq[Agg]): Future[JsObject] = findSrv(jobModel, query, aggs: _*)
 
   def getAnalyzer(analyzerId: String): Future[Analyzer] =
     Future
@@ -368,9 +365,20 @@ class CortexAnalyzerSrv @Inject()(
           }
 
       case None ⇒
-        Future.firstCompletedOf {
-          cortexConfig.instances.map(c ⇒ c.getAnalyzer(analyzerName).map(c → _))
-        }
+        Future
+          .traverse(cortexConfig.instances) { c ⇒
+            c.getAnalyzer(analyzerName)
+              .transform {
+                case Success(w) ⇒ Success(Some(c → w))
+                case _          ⇒ Success(None)
+              }
+          }
+          .flatMap { analyzers ⇒
+            analyzers
+              .flatten
+              .headOption
+              .fold[Future[(CortexClient, Analyzer)]](Future.failed(NotFoundError(s"Analyzer not found")))(Future.successful)
+          }
     }
 
     cortexClientAnalyzer.flatMap {

From 5cad4656d7e7b13c8846c7d1efa68818d25bc113 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 30 Mar 2020 09:32:53 +0200
Subject: [PATCH 16/58] #1273 MISP: map "to_ids" to "ioc"

---
 thehive-misp/app/connectors/misp/JsonFormat.scala    |  9 ++++++---
 thehive-misp/app/connectors/misp/MispConverter.scala |  6 ++++--
 thehive-misp/app/connectors/misp/MispExport.scala    | 11 ++++++-----
 thehive-misp/app/connectors/misp/MispModel.scala     |  4 ++--
 thehive-misp/app/connectors/misp/MispSrv.scala       |  6 +++---
 thehive-misp/app/connectors/misp/MispSynchro.scala   |  6 +++---
 6 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/thehive-misp/app/connectors/misp/JsonFormat.scala b/thehive-misp/app/connectors/misp/JsonFormat.scala
index e2a80c652b..ab45c69a81 100644
--- a/thehive-misp/app/connectors/misp/JsonFormat.scala
+++ b/thehive-misp/app/connectors/misp/JsonFormat.scala
@@ -65,7 +65,8 @@ object JsonFormat {
         value    ← (json \ "value").validate[String]
         category ← (json \ "category").validate[String]
         tags     ← JsArray(json \ "EventTag" \\ "name").validate[Seq[String]]
-      } yield MispAttribute(id, category, tpe, date, comment, value, tags)
+        toIds    ← (json \ "to_ids").validate[Boolean]
+      } yield MispAttribute(id, category, tpe, date, comment, value, tags, toIds)
   )
 
   val tlpWrites: Writes[Long] = Writes[Long] {
@@ -82,7 +83,8 @@ object JsonFormat {
       "type"     → attribute.tpe,
       "value"    → attribute.value.fold[String](identity, _.name),
       "comment"  → attribute.comment,
-      "Tag"      → Json.arr(Json.obj("name" → tlpWrites.writes(attribute.tlp)))
+      "Tag"      → Json.arr(Json.obj("name" → tlpWrites.writes(attribute.tlp))),
+      "to_ids"   → attribute.artifact.ioc()
     )
   }
 
@@ -92,7 +94,8 @@ object JsonFormat {
       "message"   → artifact.message,
       "tlp"       → artifact.tlp,
       "tags"      → artifact.tags,
-      "startDate" → artifact.startDate
+      "startDate" → artifact.startDate,
+      "ioc"       → artifact.ioc
     ) + (artifact.value match {
       case SimpleArtifactData(data) ⇒ "data" → JsString(data)
       case RemoteAttachmentArtifact(filename, reference, tpe) ⇒
diff --git a/thehive-misp/app/connectors/misp/MispConverter.scala b/thehive-misp/app/connectors/misp/MispConverter.scala
index 6498f4fa97..88d4e0e2cd 100644
--- a/thehive-misp/app/connectors/misp/MispConverter.scala
+++ b/thehive-misp/app/connectors/misp/MispConverter.scala
@@ -12,7 +12,8 @@ trait MispConverter {
           message = mispAttribute.comment,
           tlp = 0,
           tags = tags ++ mispAttribute.tags,
-          startDate = mispAttribute.date
+          startDate = mispAttribute.date,
+          ioc = mispAttribute.toIds
         )
       )
     } else {
@@ -24,7 +25,8 @@ trait MispConverter {
           message = mispAttribute.comment,
           tlp = 0,
           tags = tags ++ mispAttribute.tags,
-          startDate = mispAttribute.date
+          startDate = mispAttribute.date,
+          ioc = mispAttribute.toIds
         )
 
       val types = mispAttribute.tpe.split('|').toSeq
diff --git a/thehive-misp/app/connectors/misp/MispExport.scala b/thehive-misp/app/connectors/misp/MispExport.scala
index 3104c06f76..db7abf38a1 100644
--- a/thehive-misp/app/connectors/misp/MispExport.scala
+++ b/thehive-misp/app/connectors/misp/MispExport.scala
@@ -115,7 +115,7 @@ class MispExport @Inject()(
 
   def exportAttribute(mispConnection: MispConnection, eventId: String, attribute: ExportedMispAttribute): Future[Artifact] = {
     val mispResponse = attribute match {
-      case ExportedMispAttribute(_, _, _, _, Right(attachment), comment) ⇒
+      case ExportedMispAttribute(artifact, _, _, _, Right(attachment), comment) ⇒
         attachmentSrv
           .source(attachment.id)
           .runReduce(_ ++ _)
@@ -126,7 +126,8 @@ class MispExport @Inject()(
                 "category" → "Payload delivery",
                 "type"     → "malware-sample",
                 "comment"  → comment,
-                "files"    → Json.arr(Json.obj("filename" → attachment.name, "data" → b64data))
+                "files"    → Json.arr(Json.obj("filename" → attachment.name, "data" → b64data)),
+                "to_ids"   → artifact.ioc()
               )
             )
             mispConnection(s"events/upload_sample/$eventId").post(body)
@@ -205,9 +206,9 @@ class MispExport @Inject()(
           logger.debug(s"Updating MISP event $eventId")
           mispSrv.getAttributesFromMisp(mispConnection, eventId, None).map { attributes ⇒
             (eventId, Nil, attributes.map {
-              case MispArtifact(SimpleArtifactData(data), _, _, _, _, _)                             ⇒ Left(data)
-              case MispArtifact(RemoteAttachmentArtifact(filename, _, _), _, _, _, _, _)             ⇒ Right(filename)
-              case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _) ⇒ Right(filename)
+              case MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _)                             ⇒ Left(data)
+              case MispArtifact(RemoteAttachmentArtifact(filename, _, _), _, _, _, _, _, _)             ⇒ Right(filename)
+              case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _, _) ⇒ Right(filename)
             })
           }
         }
diff --git a/thehive-misp/app/connectors/misp/MispModel.scala b/thehive-misp/app/connectors/misp/MispModel.scala
index 05d42b4bb2..542d3db1fc 100644
--- a/thehive-misp/app/connectors/misp/MispModel.scala
+++ b/thehive-misp/app/connectors/misp/MispModel.scala
@@ -34,7 +34,7 @@ case class MispAlert(
     caseTemplate: String
 )
 
-case class MispAttribute(id: String, category: String, tpe: String, date: Date, comment: String, value: String, tags: Seq[String])
+case class MispAttribute(id: String, category: String, tpe: String, date: Date, comment: String, value: String, tags: Seq[String], toIds: Boolean)
 
 case class ExportedMispAttribute(
     artifact: Artifact,
@@ -45,6 +45,6 @@ case class ExportedMispAttribute(
     comment: Option[String]
 )
 
-case class MispArtifact(value: ArtifactData, dataType: String, message: String, tlp: Long, tags: Seq[String], startDate: Date)
+case class MispArtifact(value: ArtifactData, dataType: String, message: String, tlp: Long, tags: Seq[String], startDate: Date, ioc: Boolean)
 
 case class MispExportError(message: String, artifact: Artifact) extends ErrorWithObject(message, artifact.attributes)
diff --git a/thehive-misp/app/connectors/misp/MispSrv.scala b/thehive-misp/app/connectors/misp/MispSrv.scala
index 8e8da7c315..5c990b8aa4 100644
--- a/thehive-misp/app/connectors/misp/MispSrv.scala
+++ b/thehive-misp/app/connectors/misp/MispSrv.scala
@@ -137,9 +137,9 @@ class MispSrv @Inject()(
           .filter(_.date after refDate)
           .flatMap(convertAttribute)
           .groupBy {
-            case MispArtifact(SimpleArtifactData(data), dataType, _, _, _, _)                             ⇒ dataType → Right(data)
-            case MispArtifact(RemoteAttachmentArtifact(filename, _, _), dataType, _, _, _, _)             ⇒ dataType → Left(filename)
-            case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), dataType, _, _, _, _) ⇒ dataType → Left(filename)
+            case MispArtifact(SimpleArtifactData(data), dataType, _, _, _, _, _)                             ⇒ dataType → Right(data)
+            case MispArtifact(RemoteAttachmentArtifact(filename, _, _), dataType, _, _, _, _, _)             ⇒ dataType → Left(filename)
+            case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), dataType, _, _, _, _, _) ⇒ dataType → Left(filename)
           }
           .values
           .map { mispArtifact ⇒
diff --git a/thehive-misp/app/connectors/misp/MispSynchro.scala b/thehive-misp/app/connectors/misp/MispSynchro.scala
index 44148ed988..0638d705ac 100644
--- a/thehive-misp/app/connectors/misp/MispSynchro.scala
+++ b/thehive-misp/app/connectors/misp/MispSynchro.scala
@@ -114,12 +114,12 @@ class MispSynchro @Inject()(
         }
         .runWith(Sink.seq)
       newAttributes ← Future.traverse(mispArtifacts) {
-        case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒
+        case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒
           Future.successful(Fields(Json.toJson(artifact).as[JsObject]))
-        case artifact @ MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _)
+        case artifact @ MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _, _)
             if !existingArtifacts.contains(Left(filename)) ⇒
           Future.successful(Fields(Json.toJson(artifact).as[JsObject]))
-        case artifact @ MispArtifact(RemoteAttachmentArtifact(filename, reference, tpe), _, _, _, _, _)
+        case artifact @ MispArtifact(RemoteAttachmentArtifact(filename, reference, tpe), _, _, _, _, _, _)
             if !existingArtifacts.contains(Left(filename)) ⇒
           mispSrv
             .downloadAttachment(mispConnection, reference)

From 40bb7d3916d150f93eeb6a563323f908f8b06bfa Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Fri, 19 Jul 2019 16:09:48 +0200
Subject: [PATCH 17/58] #1062 Display all similar observables in observable
 details page

---
 .../scripts/controllers/case/CaseObservablesItemCtrl.js   | 4 +++-
 .../observables/details/artifact-details-information.html | 8 +++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
index 12955fe013..996488c566 100644
--- a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
@@ -155,7 +155,9 @@
             };
 
             $scope.similarArtifacts = CaseArtifactSrv.api().similar({
-                'artifactId': observableId
+                artifactId: observableId,
+                range: 'all',
+                sort: ['-startDate']
             });
 
 
diff --git a/ui/app/views/partials/observables/details/artifact-details-information.html b/ui/app/views/partials/observables/details/artifact-details-information.html
index cfe09c2830..9384a04a41 100644
--- a/ui/app/views/partials/observables/details/artifact-details-information.html
+++ b/ui/app/views/partials/observables/details/artifact-details-information.html
@@ -88,7 +88,7 @@ <h4 class="vpad10 text-primary">
     <div class="col-md-5">
         <h4 class="vpad10 text-primary">Links</h4>
         <strong>Observable seen in {{similarArtifacts.length}} other case(s)</strong>
-        <table ng-if="similarArtifacts.length > 0" class="table table-hover">
+        <table ng-if="similarArtifacts.length > 0" class="table table-striped">
             <thead>
                 <tr>
                     <th width="10">IOC</th>
@@ -108,9 +108,11 @@ <h4 class="vpad10 text-primary">Links</h4>
                     <td>
                         <tlp value="a.tlp"></tlp>
                     </td>
-                    <td>[{{a.dataType}}]: {{a.data || a.attachment.name}}<br> #{{a.case.caseId}} - {{a.case.title}}
+                    <td>
+                      <!-- [{{a.dataType}}]: {{a.data || a.attachment.name}}<br> -->
+                      #{{a.case.caseId}} - {{a.case.title}}
                     </td>
-                    <td>{{a.startDate | showDate}}</td>
+                    <td>{{a.startDate | shortDate}}</td>
                 </tr>
             </tbody>
         </table>

From 846567e10c9a25bb6ecffd1e5732c33e2fbea8d3 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Wed, 24 Jul 2019 17:33:50 +0200
Subject: [PATCH 18/58] #1051 cache ES status to make /api/status more
 responsive

---
 thehive-backend/app/controllers/StatusCtrl.scala | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/thehive-backend/app/controllers/StatusCtrl.scala b/thehive-backend/app/controllers/StatusCtrl.scala
index 2f9f698798..4466a847ec 100644
--- a/thehive-backend/app/controllers/StatusCtrl.scala
+++ b/thehive-backend/app/controllers/StatusCtrl.scala
@@ -1,40 +1,48 @@
 package controllers
 
+import akka.actor.ActorSystem
+
 import scala.collection.immutable
 import scala.concurrent.ExecutionContext
 import scala.util.Try
-
 import play.api.Configuration
 import play.api.libs.json.Json.toJsFieldJsValueWrapper
 import play.api.libs.json.{JsBoolean, JsObject, JsString, Json}
 import play.api.mvc.{AbstractController, Action, AnyContent, ControllerComponents}
-
 import com.sksamuel.elastic4s.http.ElasticDsl
 import connectors.Connector
 import javax.inject.{Inject, Singleton}
 import models.HealthStatus
 import org.elasticsearch.client.Node
-
 import org.elastic4play.Timed
 import org.elastic4play.database.DBIndex
 import org.elastic4play.services.AuthSrv
 import org.elastic4play.services.auth.MultiAuthSrv
 
+import scala.concurrent.duration.{DurationInt, FiniteDuration}
+
 @Singleton
 class StatusCtrl @Inject()(
     connectors: immutable.Set[Connector],
     configuration: Configuration,
     dbIndex: DBIndex,
     authSrv: AuthSrv,
+    system: ActorSystem,
     components: ControllerComponents,
     implicit val ec: ExecutionContext
 ) extends AbstractController(components) {
 
   private[controllers] def getVersion(c: Class[_]) = Option(c.getPackage.getImplementationVersion).getOrElse("SNAPSHOT")
+  private var clusterStatusName: String = "Init"
+  val checkStatusInterval: FiniteDuration = configuration.getOptional[FiniteDuration]("statusCheckInterval").getOrElse(1.minute)
+  private def updateStatus(): Unit = {
+    clusterStatusName = Try(dbIndex.clusterStatusName).getOrElse("ERROR")
+    system.scheduler.scheduleOnce(checkStatusInterval)(updateStatus())
+  }
+  updateStatus()
 
   @Timed("controllers.StatusCtrl.get")
   def get: Action[AnyContent] = Action {
-    val clusterStatusName = Try(dbIndex.clusterStatusName).getOrElse("ERROR")
     Ok(
       Json.obj(
         "versions" → Json.obj(

From e9fdd8e9ac75d7cb49d222a7b0bc4c37673b70db Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Tue, 20 Aug 2019 16:38:16 +0200
Subject: [PATCH 19/58] #1067 Fix the error where migration page is replaced by
 login page

---
 project/Dependencies.scala                    |  2 +-
 .../app/controllers/StreamCtrl.scala          |  7 +++++--
 ui/app/scripts/app.js                         | 21 +++++++++++--------
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index 59861dee38..c2ec9c232f 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -20,7 +20,7 @@ object Dependencies {
 
     val reflections = "org.reflections" % "reflections" % "0.9.11"
     val zip4j = "net.lingala.zip4j" % "zip4j" % "1.3.2"
-    val elastic4play = "org.thehive-project" %% "elastic4play" % "1.11.4"
+    val elastic4play = "org.thehive-project" %% "elastic4play" % "1.11.5-SNAPSHOT"
     val akkaCluster = "com.typesafe.akka" %% "akka-cluster" % "2.5.19"
     val akkaClusterTools = "com.typesafe.akka" %% "akka-cluster-tools" % "2.5.19"
   }
diff --git a/thehive-backend/app/controllers/StreamCtrl.scala b/thehive-backend/app/controllers/StreamCtrl.scala
index d37c55830d..ed4863b3cd 100644
--- a/thehive-backend/app/controllers/StreamCtrl.scala
+++ b/thehive-backend/app/controllers/StreamCtrl.scala
@@ -23,7 +23,7 @@ import services.StreamActor
 import services.StreamActor.StreamMessages
 
 import org.elastic4play.controllers._
-import org.elastic4play.services.{AuxSrv, EventSrv, MigrationSrv}
+import org.elastic4play.services.{ AuxSrv, EventSrv, MigrationSrv, UserSrv }
 import org.elastic4play.Timed
 
 @Singleton
@@ -33,6 +33,7 @@ class StreamCtrl(
     authenticated: Authenticated,
     renderer: Renderer,
     eventSrv: EventSrv,
+    userSrv: UserSrv,
     auxSrv: AuxSrv,
     migrationSrv: MigrationSrv,
     components: ControllerComponents,
@@ -46,6 +47,7 @@ class StreamCtrl(
       authenticated: Authenticated,
       renderer: Renderer,
       eventSrv: EventSrv,
+      userSrv: UserSrv,
       auxSrv: AuxSrv,
       migrationSrv: MigrationSrv,
       components: ControllerComponents,
@@ -58,6 +60,7 @@ class StreamCtrl(
       authenticated,
       renderer,
       eventSrv,
+      userSrv,
       auxSrv,
       migrationSrv,
       components,
@@ -96,7 +99,7 @@ class StreamCtrl(
       Future.successful(BadRequest("Invalid stream id"))
     } else {
       val futureStatus = authenticated.expirationStatus(request) match {
-        case ExpirationError if !migrationSrv.isMigrating ⇒ authenticated.getFromApiKey(request).map(_ ⇒ OK)
+        case ExpirationError if !migrationSrv.isMigrating ⇒ userSrv.getInitialUser(request).recoverWith { case _ => authenticated.getFromApiKey(request)}.map(_ ⇒ OK)
         case _: ExpirationWarning                         ⇒ Future.successful(220)
         case _                                            ⇒ Future.successful(OK)
       }
diff --git a/ui/app/scripts/app.js b/ui/app/scripts/app.js
index 6fde274b02..f53e43292d 100644
--- a/ui/app/scripts/app.js
+++ b/ui/app/scripts/app.js
@@ -40,7 +40,7 @@ angular.module('thehive', [
     })
     .config(function($compileProvider) {
         'use strict';
-        $compileProvider.debugInfoEnabled(false);        
+        $compileProvider.debugInfoEnabled(false);
     })
     .config(function($stateProvider, $urlRouterProvider) {
         'use strict';
@@ -80,7 +80,7 @@ angular.module('thehive', [
                 templateUrl: 'views/app.html',
                 controller: 'RootCtrl',
                 resolve: {
-                    currentUser: function($q, $state, AuthenticationSrv) {
+                    currentUser: function($q, $state, AuthenticationSrv, NotificationSrv) {
                         var deferred = $q.defer();
 
                         AuthenticationSrv.current()
@@ -88,7 +88,9 @@ angular.module('thehive', [
                             return deferred.resolve(userData);
                           })
                           .catch( function(err) {
-                            return deferred.resolve(err.status === 520 ? err.status : null);
+                            NotificationSrv.error('App', err.data, err.status);
+                            return deferred.reject(err);
+                            //return deferred.resolve(err.status === 520 ? err.status : null);
                           });
 
                         return deferred.promise;
@@ -148,19 +150,20 @@ angular.module('thehive', [
                 controller: 'SettingsCtrl',
                 title: 'Personal settings',
                 resolve: {
-                    currentUser: function($q, $state, $timeout, AuthenticationSrv) {
+                    currentUser: function($q, $state, $timeout, AuthenticationSrv, NotificationSrv) {
                         var deferred = $q.defer();
 
                         AuthenticationSrv.current()
                           .then(function(userData) {
                             return deferred.resolve(userData);
                           })
-                          .catch( function(/*err*/) {
-                            $timeout(function() {
-                                $state.go('login');
-                            });
+                          .catch( function(err) {
+                            NotificationSrv.error('SettingsCtrl', err.data, err.status);
+                            // $timeout(function() {
+                            //     $state.go('login');
+                            // });
 
-                            return deferred.reject();
+                            return deferred.reject(err);
                           });
 
                         return deferred.promise;

From 36047ab606be84bfc46992e7f2e356312e190897 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Tue, 20 Aug 2019 17:28:46 +0200
Subject: [PATCH 20/58] #1062 add pagination to observable similar items

---
 ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js   | 5 +++++
 .../observables/details/artifact-details-information.html    | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
index 996488c566..26a0e3dc17 100644
--- a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
@@ -23,6 +23,7 @@
             $scope.analysisEnabled = VersionSrv.hasCortex();
             $scope.cortexServers = $scope.analysisEnabled && appConfig.connectors.cortex.servers;
             $scope.protectDownloadsWith = appConfig.config.protectDownloadsWith;
+            $scope.similarArtifactsLimit = 10;
 
             $scope.editorOptions = {
                 lineNumbers: true,
@@ -125,6 +126,10 @@
                 }
             };
 
+            $scope.showMoreSimilar = function() {
+                $scope.similarArtifactsLimit = $scope.similarArtifactsLimit + 10;
+            };
+
             $scope.showReport = function (jobId) {
                 $scope.report = {};
 
diff --git a/ui/app/views/partials/observables/details/artifact-details-information.html b/ui/app/views/partials/observables/details/artifact-details-information.html
index 9384a04a41..8a8a43487d 100644
--- a/ui/app/views/partials/observables/details/artifact-details-information.html
+++ b/ui/app/views/partials/observables/details/artifact-details-information.html
@@ -98,7 +98,7 @@ <h4 class="vpad10 text-primary">Links</h4>
                 </tr>
             </thead>
             <tbody>
-                <tr ng-repeat="a in similarArtifacts" style="cursor: pointer;" ng-click="openArtifact(a)" uib-tooltip="{{a.message}}" tooltip-popup-delay="500" tooltip-placement="bottom">
+                <tr ng-repeat="a in similarArtifacts | limitTo:similarArtifactsLimit" style="cursor: pointer;" ng-click="openArtifact(a)" uib-tooltip="{{a.message}}" tooltip-popup-delay="500" tooltip-placement="bottom">
                     <td align="center">
                         <span class="clickable fa"
                           ng-class="{true: 'fa-star', false: 'fa-star-o'}[a.ioc]"
@@ -116,5 +116,8 @@ <h4 class="vpad10 text-primary">Links</h4>
                 </tr>
             </tbody>
         </table>
+        <div class="mt-xxs text-center" ng-if="similarArtifactsLimit < similarArtifacts.length">
+            <a href ng-click="showMoreSimilar()"><i class="fa fa-angle-down"></i> Show more</a>
+        </div>
     </div>
 </div>

From 57c989f79d04c4bfa93231f3757304506ca63692 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Fri, 30 Aug 2019 15:04:57 +0200
Subject: [PATCH 21/58] #1071 Fix the notification message when exporting cases
 to MISP

---
 ui/app/scripts/controllers/case/CaseExportDialogCtrl.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/app/scripts/controllers/case/CaseExportDialogCtrl.js b/ui/app/scripts/controllers/case/CaseExportDialogCtrl.js
index b86458f7f9..e6de0c147d 100644
--- a/ui/app/scripts/controllers/case/CaseExportDialogCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseExportDialogCtrl.js
@@ -66,7 +66,7 @@
 
                         NotificationSrv.log('The case has been successfully exported, but '+ failure +' observable(s) failed', 'warning');
                     } else {
-                        success = angular.isObject(response.data) ? 1 : response.data.length;
+                        success = angular.isArray(response.data) ? response.data.length : 1 ;
                         NotificationSrv.log('The case has been successfully exported with ' + success+ ' observable(s)', 'success');
                         $uibModalInstance.close();
                     }
@@ -85,6 +85,6 @@
                     }
                     self.loading = false;
                 });
-            }
+            };
         });
 })();

From ebf883c9dbd82bd5ff3d6cbea70a9b8c3e305236 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Fri, 30 Aug 2019 17:02:26 +0200
Subject: [PATCH 22/58] #1065 Add a Preview button to the case alerts list

---
 ui/app/scripts/controllers/SearchCtrl.js       |  4 +++-
 .../controllers/alert/AlertEventCtrl.js        |  3 ++-
 .../scripts/controllers/alert/AlertListCtrl.js |  3 ++-
 .../scripts/controllers/case/CaseAlertsCtrl.js | 18 ++++++++++++++++++
 ui/app/views/partials/alert/event.dialog.html  | 12 ++++++------
 ui/app/views/partials/case/case.alerts.html    |  6 ++++++
 6 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/ui/app/scripts/controllers/SearchCtrl.js b/ui/app/scripts/controllers/SearchCtrl.js
index 4daf9305e7..27f760936b 100644
--- a/ui/app/scripts/controllers/SearchCtrl.js
+++ b/ui/app/scripts/controllers/SearchCtrl.js
@@ -51,7 +51,9 @@
                         event: event,
                         templates: function() {
                             return CaseTemplateSrv.list();
-                        }
+                        },
+                        readonly: true,
+                        isAdmin: false
                     }
                 }).result.then(function(/*response*/) {
                   $scope.searchResults.update();
diff --git a/ui/app/scripts/controllers/alert/AlertEventCtrl.js b/ui/app/scripts/controllers/alert/AlertEventCtrl.js
index cde6a84015..265440d64b 100644
--- a/ui/app/scripts/controllers/alert/AlertEventCtrl.js
+++ b/ui/app/scripts/controllers/alert/AlertEventCtrl.js
@@ -1,10 +1,11 @@
 (function() {
     'use strict';
     angular.module('theHiveControllers')
-        .controller('AlertEventCtrl', function($scope, $rootScope, $state, $uibModal, $uibModalInstance, ModalUtilsSrv, CustomFieldsCacheSrv, CaseResolutionStatus, AlertingSrv, NotificationSrv, UiSettingsSrv, clipboard, event, templates, isAdmin) {
+        .controller('AlertEventCtrl', function($scope, $rootScope, $state, $uibModal, $uibModalInstance, ModalUtilsSrv, CustomFieldsCacheSrv, CaseResolutionStatus, AlertingSrv, NotificationSrv, UiSettingsSrv, clipboard, event, templates, isAdmin, readonly) {
             var self = this;
             var eventId = event.id;
 
+            self.readonly = readonly;
             self.isAdmin = isAdmin;
             self.templates = _.pluck(templates, 'name');
             self.CaseResolutionStatus = CaseResolutionStatus;
diff --git a/ui/app/scripts/controllers/alert/AlertListCtrl.js b/ui/app/scripts/controllers/alert/AlertListCtrl.js
index 9d2e4836c3..83740c9e86 100755
--- a/ui/app/scripts/controllers/alert/AlertListCtrl.js
+++ b/ui/app/scripts/controllers/alert/AlertListCtrl.js
@@ -225,7 +225,8 @@
                         templates: function() {
                             return CaseTemplateSrv.list();
                         },
-                        isAdmin: self.isAdmin
+                        isAdmin: self.isAdmin,
+                        readonly: false
                     }
                 });
             };
diff --git a/ui/app/scripts/controllers/case/CaseAlertsCtrl.js b/ui/app/scripts/controllers/case/CaseAlertsCtrl.js
index c379fbfc43..12aa928dfe 100644
--- a/ui/app/scripts/controllers/case/CaseAlertsCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseAlertsCtrl.js
@@ -73,6 +73,24 @@
                 }
             };
 
+            $scope.previewEvent = function(event) {
+                $uibModal.open({
+                    templateUrl: 'views/partials/alert/event.dialog.html',
+                    controller: 'AlertEventCtrl',
+                    controllerAs: 'dialog',
+                    size: 'max',
+                    resolve: {
+                        event: event,
+                        templates: function() {
+                            //return CaseTemplateSrv.list();
+                            return [];
+                        },
+                        isAdmin: false,
+                        readonly: true
+                    }
+                });
+            };
+
             $scope.alertStats = $scope.initStats($scope.alerts);
         }
     );
diff --git a/ui/app/views/partials/alert/event.dialog.html b/ui/app/views/partials/alert/event.dialog.html
index 92dd5e8b3a..60425d7aa5 100644
--- a/ui/app/views/partials/alert/event.dialog.html
+++ b/ui/app/views/partials/alert/event.dialog.html
@@ -143,31 +143,31 @@ <h4 class="vpad10 text-primary">
 
 
     <button class="btn btn-default" type="button"
-        ng-if="dialog.canMarkAsRead(dialog.event)"
+        ng-if="dialog.canMarkAsRead(dialog.event) && !dialog.readonly"
         ng-disabled="dialog.loading"
         ng-click="dialog.markAsRead(dialog.event)">
         <i class="fa fa-envelope"></i> Mark as read
     </button>
     <button class="btn btn-default" type="button"
-        ng-if="dialog.canMarkAsUnread(dialog.event)"
+        ng-if="dialog.canMarkAsUnread(dialog.event) && !dialog.readonly"
         ng-disabled="dialog.loading"
         ng-click="dialog.markAsRead(dialog.event)">
         <i class="fa fa-envelope-open-o"></i> Mark as unread
     </button>
 
-    <button class="btn btn-default" type="button" ng-disabled="dialog.loading" ng-click="dialog.follow()">
+    <button class="btn btn-default" type="button" ng-if="!dialog.readonly" ng-disabled="dialog.loading" ng-click="dialog.follow()">
         <i class="fa" ng-class="{'fa-eye': dialog.event.follow, 'fa-eye-slash': !dialog.event.follow}"></i> {{dialog.event.follow ? 'Ignore new updates' : 'Track new updates'}}
     </button>
 
-    <button class="btn btn-default" type="button" ng-disabled="dialog.loading" ng-click="dialog.merge()">
+    <button class="btn btn-default" type="button" ng-if="!dialog.readonly" ng-disabled="dialog.loading" ng-click="dialog.merge()">
         <i class="fa fa-compress"></i> Merge into case
     </button>
 
-    <button ng-if="dialog.isAdmin" class="btn btn-danger" type="button" ng-disabled="dialog.loading" ng-click="dialog.delete()">
+    <button ng-if="dialog.isAdmin && !dialog.readonly" class="btn btn-danger" type="button" ng-disabled="dialog.loading" ng-click="dialog.delete()">
         <i class="fa fa-trash"></i> Delete
     </button>
 
-    <form name="eventForm" class="form-horizontal pull-right mr-xs" style="width:450px;" ng-submit="dialog.import()">
+    <form ng-if="!dialog.readonly" name="eventForm" class="form-horizontal pull-right mr-xs" style="width:450px;" ng-submit="dialog.import()">
         <div class="form-group">
             <label class="col-sm-4 control-label">Import alert as</label>
             <div class="col-sm-8 input-group">
diff --git a/ui/app/views/partials/case/case.alerts.html b/ui/app/views/partials/case/case.alerts.html
index 0c4c3b39d3..6ad492473f 100644
--- a/ui/app/views/partials/case/case.alerts.html
+++ b/ui/app/views/partials/case/case.alerts.html
@@ -91,6 +91,7 @@
                     <i ng-show="sorting.field === '-date'" class="fa fa-caret-down"></i>
                   </a>
                 </th>
+                <th style="width: 60px"></th>
             </tr>
         </thead>
         <tbody>
@@ -129,6 +130,11 @@
                 </td>
                 <td class="text-center">{{::event.artifacts.length || 0}}</td>
                 <td>{{event.date | showDate}}</td>
+                <td>
+                    <a class="btn btn-xs btn-icon btn-clear" href ng-click="previewEvent(event)" uib-tooltip="Preview">
+                        <i class="text-info text-20 fa fa-file-text-o"></i>
+                    </a>
+                </td>
             </tr>
         </tbody>
     </table>

From ed884dcb0b5f940eac6fcf41b7fd69c56cb89529 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Mon, 2 Sep 2019 16:50:55 +0200
Subject: [PATCH 23/58] #1061 Escape quotes from case list filters

---
 ui/app/scripts/controllers/case/CaseListCtrl.js | 4 ++--
 ui/app/scripts/services/CasesUISrv.js           | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ui/app/scripts/controllers/case/CaseListCtrl.js b/ui/app/scripts/controllers/case/CaseListCtrl.js
index 0997c18634..933bb964f0 100644
--- a/ui/app/scripts/controllers/case/CaseListCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseListCtrl.js
@@ -246,8 +246,8 @@
                   self.caseResponders = responders;
               })
               .catch(function(err) {
-                  NotificationSrv.error('CaseList', response.data, response.status);
-              })
+                  NotificationSrv.error('CaseList', err.data, err.status);
+              });
         };
 
         this.runResponder = function(responderId, responderName, caze) {
diff --git a/ui/app/scripts/services/CasesUISrv.js b/ui/app/scripts/services/CasesUISrv.js
index 20080a716f..cae968fdfc 100644
--- a/ui/app/scripts/services/CasesUISrv.js
+++ b/ui/app/scripts/services/CasesUISrv.js
@@ -165,10 +165,10 @@
 
                     // Prepare the filter value
                     if (field === 'keyword') {
-                        query = value;
+                        query = value.replace(/"/gi, '\\"');
                     } else if (angular.isArray(value) && value.length > 0) {
                         query = _.map(value, function(val) {
-                            return field + ':"' + convertFn(val.text) + '"';
+                            return field + ':"' + convertFn(val.text.replace(/"/gi, '\\"')) + '"';
                         }).join(' OR ');
                         query = '(' + query + ')';
                     } else if (filterDef.type === 'date') {
@@ -178,7 +178,7 @@
                         query = field + ':[ ' + fromDate + ' TO ' + toDate + ' ]';
 
                     } else {
-                        query = field + ':' + convertFn(value);
+                        query = field + ':' + convertFn(value.replace(/"/gi, '\\"'));
                     }
 
                     factory.filters[field] = {

From 34a6b5d51dd2602d6aeb2c73f3944956d688d41c Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 3 Sep 2019 11:35:10 +0200
Subject: [PATCH 24/58] #954 Add API to check if a custom field is used

---
 .../app/controllers/CustomFieldsCtrl.scala    |  56 ++++
 .../app/controllers/DBListCtrl.scala          |   6 +-
 thehive-backend/conf/routes                   | 252 +++++++++---------
 3 files changed, 185 insertions(+), 129 deletions(-)
 create mode 100644 thehive-backend/app/controllers/CustomFieldsCtrl.scala

diff --git a/thehive-backend/app/controllers/CustomFieldsCtrl.scala b/thehive-backend/app/controllers/CustomFieldsCtrl.scala
new file mode 100644
index 0000000000..abb51ad995
--- /dev/null
+++ b/thehive-backend/app/controllers/CustomFieldsCtrl.scala
@@ -0,0 +1,56 @@
+package controllers
+
+import scala.concurrent.{ ExecutionContext, Future }
+
+import play.api.http.Status
+import play.api.libs.json.{ JsNumber, JsObject }
+import play.api.mvc.{ AbstractController, Action, AnyContent, ControllerComponents }
+
+import akka.stream.Materializer
+import akka.stream.scaladsl.Sink
+import com.sksamuel.elastic4s.http.ElasticDsl.search
+import javax.inject.{ Inject, Singleton }
+import models.Roles
+
+import org.elastic4play.NotFoundError
+import org.elastic4play.controllers.Authenticated
+import org.elastic4play.database.DBFind
+import org.elastic4play.services.DBLists
+import org.elastic4play.services.QueryDSL._
+
+@Singleton
+class CustomFieldsCtrl @Inject()(
+    authenticated: Authenticated,
+    dbfind: DBFind,
+    dblists: DBLists,
+    components: ControllerComponents,
+    implicit val ec: ExecutionContext,
+    implicit val mat: Materializer
+) extends AbstractController(components)
+    with Status {
+
+  def useCount(customField: String): Action[AnyContent] =
+    authenticated(Roles.read)
+      .async {
+        dblists("custom_fields")
+          .getItems[JsObject]
+          ._1
+          .collect {
+            case (_, value) if (value \ "reference").asOpt[String].contains(customField) ⇒ (value \ "type").as[String]
+          }
+          .runWith(Sink.head)
+          .recoverWith { case _ ⇒ Future.failed(NotFoundError(s"CustomField $customField not found")) }
+          .flatMap { customFieldType ⇒
+            val filter = and("relations" in ("case", "alert", "caseTemplate"), contains(s"customFields.$customField.$customFieldType"))
+            dbfind(
+              indexName ⇒ search(indexName).query(filter.query).size(0)
+            ).map { searchResponse ⇒
+              Ok(JsNumber(searchResponse.totalHits))
+            }
+          }
+      }
+
+  /*
+{"query":{"_and":[{"_not":{"_field":"customFields.cf1.string","_value":"ss"}},{"_not":{"status":"Deleted"}}]}}
+ */
+}
diff --git a/thehive-backend/app/controllers/DBListCtrl.scala b/thehive-backend/app/controllers/DBListCtrl.scala
index f1b1dbbc03..d4c6a68df3 100644
--- a/thehive-backend/app/controllers/DBListCtrl.scala
+++ b/thehive-backend/app/controllers/DBListCtrl.scala
@@ -1,14 +1,14 @@
-package org.elastic4play.controllers
-
-import javax.inject.{Inject, Singleton}
+package controllers
 
 import scala.concurrent.{ExecutionContext, Future}
 
 import play.api.libs.json.{JsValue, Json}
 import play.api.mvc._
 
+import javax.inject.{Inject, Singleton}
 import models.Roles
 
+import org.elastic4play.controllers.{Authenticated, Fields, FieldsBodyParser, Renderer}
 import org.elastic4play.services.DBLists
 import org.elastic4play.{MissingAttributeError, Timed}
 
diff --git a/thehive-backend/conf/routes b/thehive-backend/conf/routes
index 6d7bae50d6..f0acbc4687 100644
--- a/thehive-backend/conf/routes
+++ b/thehive-backend/conf/routes
@@ -1,126 +1,126 @@
-# Routes
-# This file defines all application routes (Higher priority routes first)
-# ~~~~
-
-GET      /                                        controllers.Home.redirect
-GET      /api/status                              controllers.StatusCtrl.get
-GET      /api/health                              controllers.StatusCtrl.health
-GET      /api/logout                              controllers.AuthenticationCtrl.logout()
-POST     /api/login                               controllers.AuthenticationCtrl.login()
-POST     /api/ssoLogin                            controllers.AuthenticationCtrl.ssoLogin()
-
-POST     /api/_search                             controllers.SearchCtrl.find()
-POST     /api/_stats                              controllers.SearchCtrl.stats()
-
-GET      /api/case                                controllers.CaseCtrl.find()
-POST     /api/case/_search                        controllers.CaseCtrl.find()
-PATCH    /api/case/_bulk                          controllers.CaseCtrl.bulkUpdate()
-POST     /api/case/_stats                         controllers.CaseCtrl.stats()
-POST     /api/case                                controllers.CaseCtrl.create()
-GET      /api/case/:caseId                        controllers.CaseCtrl.get(caseId)
-PATCH    /api/case/:caseId                        controllers.CaseCtrl.update(caseId)
-DELETE   /api/case/:caseId                        controllers.CaseCtrl.delete(caseId)
-DELETE   /api/case/:caseId/force                  controllers.CaseCtrl.realDelete(caseId)
-GET      /api/case/:caseId/links                  controllers.CaseCtrl.linkedCases(caseId)
-POST     /api/case/:caseId1/_merge/:caseId2       controllers.CaseCtrl.merge(caseId1, caseId2)
-
-POST     /api/case/template/_search               controllers.CaseTemplateCtrl.find()
-POST     /api/case/template                       controllers.CaseTemplateCtrl.create()
-GET      /api/case/template/:caseTemplateId       controllers.CaseTemplateCtrl.get(caseTemplateId)
-PATCH    /api/case/template/:caseTemplateId       controllers.CaseTemplateCtrl.update(caseTemplateId)
-DELETE   /api/case/template/:caseTemplateId       controllers.CaseTemplateCtrl.delete(caseTemplateId)
-
-POST     /api/case/artifact/_search               controllers.ArtifactCtrl.find()
-POST     /api/case/:caseId/artifact/_search       controllers.ArtifactCtrl.findInCase(caseId)
-POST     /api/case/artifact/_stats                controllers.ArtifactCtrl.stats()
-POST     /api/case/:caseId/artifact               controllers.ArtifactCtrl.create(caseId)
-GET      /api/case/artifact/:artifactId           controllers.ArtifactCtrl.get(artifactId)
-DELETE   /api/case/artifact/:artifactId           controllers.ArtifactCtrl.delete(artifactId)
-PATCH    /api/case/artifact/_bulk                 controllers.ArtifactCtrl.bulkUpdate()
-PATCH    /api/case/artifact/:artifactId           controllers.ArtifactCtrl.update(artifactId)
-GET      /api/case/artifact/:artifactId/similar   controllers.ArtifactCtrl.findSimilar(artifactId)
-
-POST     /api/case/:caseId/task/_search           controllers.TaskCtrl.findInCase(caseId)
-POST     /api/case/task/_search                   controllers.TaskCtrl.find()
-POST     /api/case/task/_stats                    controllers.TaskCtrl.stats()
-GET      /api/case/task/:taskId                   controllers.TaskCtrl.get(taskId)
-PATCH    /api/case/task/:taskId                   controllers.TaskCtrl.update(taskId)
-POST     /api/case/:caseId/task                   controllers.TaskCtrl.create(caseId)
-
-GET      /api/case/task/:taskId/log               controllers.LogCtrl.findInTask(taskId)
-POST     /api/case/task/:taskId/log/_search       controllers.LogCtrl.findInTask(taskId)
-POST     /api/case/task/log/_search               controllers.LogCtrl.find()
-POST     /api/case/task/log/_stats                controllers.LogCtrl.stats()
-POST     /api/case/task/:taskId/log               controllers.LogCtrl.create(taskId)
-PATCH    /api/case/task/log/:logId                controllers.LogCtrl.update(logId)
-DELETE   /api/case/task/log/:logId                controllers.LogCtrl.delete(logId)
-GET      /api/case/task/log/:logId                controllers.LogCtrl.get(logId)
-
-GET      /api/alert                               controllers.AlertCtrl.find()
-POST     /api/alert/_search                       controllers.AlertCtrl.find()
-PATCH    /api/alert/_bulk                         controllers.AlertCtrl.bulkUpdate()
-POST     /api/alert/_stats                        controllers.AlertCtrl.stats()
-GET      /api/alert/_fixStatus                    controllers.AlertCtrl.fixStatus()
-POST     /api/alert                               controllers.AlertCtrl.create()
-GET      /api/alert/:alertId                      controllers.AlertCtrl.get(alertId)
-PATCH    /api/alert/:alertId                      controllers.AlertCtrl.update(alertId)
-DELETE   /api/alert/:alertId                      controllers.AlertCtrl.delete(alertId, force: Option[Boolean])
-POST     /api/alert/:alertId/markAsRead           controllers.AlertCtrl.markAsRead(alertId)
-POST     /api/alert/:alertId/markAsUnread         controllers.AlertCtrl.markAsUnread(alertId)
-POST     /api/alert/:alertId/createCase           controllers.AlertCtrl.createCase(alertId)
-POST     /api/alert/:alertId/follow               controllers.AlertCtrl.followAlert(alertId)
-POST     /api/alert/:alertId/unfollow             controllers.AlertCtrl.unfollowAlert(alertId)
-POST     /api/alert/:alertId/merge/:caseId        controllers.AlertCtrl.mergeWithCase(alertId, caseId)
-POST     /api/alert/merge/_bulk                   controllers.AlertCtrl.bulkMergeWithCase()
-POST     /api/alert/delete/_bulk                  controllers.AlertCtrl.bulkDelete()
-
-GET      /api/flow                                controllers.AuditCtrl.flow(rootId: Option[String], count: Option[Int])
-GET      /api/audit                               controllers.AuditCtrl.find()
-POST     /api/audit/_search                       controllers.AuditCtrl.find()
-POST     /api/audit/_stats                        controllers.AuditCtrl.stats()
-
-GET      /api/datastore/:hash                     controllers.AttachmentCtrl.download(hash, name: Option[String])
-GET      /api/datastorezip/:hash                  controllers.AttachmentCtrl.downloadZip(hash, name: Option[String])
-
-POST     /api/maintenance/migrate                 org.elastic4play.controllers.MigrationCtrl.migrate
-#POST          /api/maintenance/rehash                         controllers.MaintenanceCtrl.reHash
-
-GET      /api/list                                org.elastic4play.controllers.DBListCtrl.list()
-DELETE   /api/list/:itemId                        org.elastic4play.controllers.DBListCtrl.deleteItem(itemId)
-PATCH    /api/list/:itemId                        org.elastic4play.controllers.DBListCtrl.updateItem(itemId)
-POST     /api/list/:listName                      org.elastic4play.controllers.DBListCtrl.addItem(listName)
-GET      /api/list/:listName                      org.elastic4play.controllers.DBListCtrl.listItems(listName)
-POST     /api/list/:listName/_exists              org.elastic4play.controllers.DBListCtrl.itemExists(listName)
-
-
-GET      /api/user/current                        controllers.UserCtrl.currentUser()
-POST     /api/user/_search                        controllers.UserCtrl.find()
-POST     /api/user                                controllers.UserCtrl.create()
-GET      /api/user/:userId                        controllers.UserCtrl.get(userId)
-DELETE   /api/user/:userId                        controllers.UserCtrl.delete(userId)
-PATCH    /api/user/:userId                        controllers.UserCtrl.update(userId)
-POST     /api/user/:userId/password/set           controllers.UserCtrl.setPassword(userId)
-POST     /api/user/:userId/password/change        controllers.UserCtrl.changePassword(userId)
-GET      /api/user/:userId/key                    controllers.UserCtrl.getKey(userId)
-DELETE   /api/user/:userId/key                    controllers.UserCtrl.removeKey(userId)
-POST     /api/user/:userId/key/renew              controllers.UserCtrl.renewKey(userId)
-
-
-POST     /api/stream                              controllers.StreamCtrl.create()
-GET      /api/stream/status                       controllers.StreamCtrl.status
-GET      /api/stream/:streamId                    controllers.StreamCtrl.get(streamId)
-
-GET      /api/describe/_all                       controllers.DescribeCtrl.describeAll
-GET      /api/describe/:modelName                 controllers.DescribeCtrl.describe(modelName)
-
-GET      /api/dashboard                           controllers.DashboardCtrl.find()
-POST     /api/dashboard/_search                   controllers.DashboardCtrl.find()
-POST     /api/dashboard/_stats                    controllers.DashboardCtrl.stats()
-POST     /api/dashboard                           controllers.DashboardCtrl.create()
-GET      /api/dashboard/:dashboardId              controllers.DashboardCtrl.get(dashboardId)
-PATCH    /api/dashboard/:dashboardId              controllers.DashboardCtrl.update(dashboardId)
-DELETE   /api/dashboard/:dashboardId              controllers.DashboardCtrl.delete(dashboardId)
-
-->       /api/connector                           connectors.ConnectorRouter
-
-GET      /*file                                   controllers.AssetCtrl.get(file)
+# Routes
+# This file defines all application routes (Higher priority routes first)
+# ~~~~
+
+GET      /                                        controllers.Home.redirect
+GET      /api/status                              controllers.StatusCtrl.get
+GET      /api/health                              controllers.StatusCtrl.health
+GET      /api/logout                              controllers.AuthenticationCtrl.logout()
+POST     /api/login                               controllers.AuthenticationCtrl.login()
+POST     /api/ssoLogin                            controllers.AuthenticationCtrl.ssoLogin()
+
+POST     /api/_search                             controllers.SearchCtrl.find()
+POST     /api/_stats                              controllers.SearchCtrl.stats()
+
+GET      /api/case                                controllers.CaseCtrl.find()
+POST     /api/case/_search                        controllers.CaseCtrl.find()
+PATCH    /api/case/_bulk                          controllers.CaseCtrl.bulkUpdate()
+POST     /api/case/_stats                         controllers.CaseCtrl.stats()
+POST     /api/case                                controllers.CaseCtrl.create()
+GET      /api/case/:caseId                        controllers.CaseCtrl.get(caseId)
+PATCH    /api/case/:caseId                        controllers.CaseCtrl.update(caseId)
+DELETE   /api/case/:caseId                        controllers.CaseCtrl.delete(caseId)
+DELETE   /api/case/:caseId/force                  controllers.CaseCtrl.realDelete(caseId)
+GET      /api/case/:caseId/links                  controllers.CaseCtrl.linkedCases(caseId)
+POST     /api/case/:caseId1/_merge/:caseId2       controllers.CaseCtrl.merge(caseId1, caseId2)
+
+POST     /api/case/template/_search               controllers.CaseTemplateCtrl.find()
+POST     /api/case/template                       controllers.CaseTemplateCtrl.create()
+GET      /api/case/template/:caseTemplateId       controllers.CaseTemplateCtrl.get(caseTemplateId)
+PATCH    /api/case/template/:caseTemplateId       controllers.CaseTemplateCtrl.update(caseTemplateId)
+DELETE   /api/case/template/:caseTemplateId       controllers.CaseTemplateCtrl.delete(caseTemplateId)
+
+POST     /api/case/artifact/_search               controllers.ArtifactCtrl.find()
+POST     /api/case/:caseId/artifact/_search       controllers.ArtifactCtrl.findInCase(caseId)
+POST     /api/case/artifact/_stats                controllers.ArtifactCtrl.stats()
+POST     /api/case/:caseId/artifact               controllers.ArtifactCtrl.create(caseId)
+GET      /api/case/artifact/:artifactId           controllers.ArtifactCtrl.get(artifactId)
+DELETE   /api/case/artifact/:artifactId           controllers.ArtifactCtrl.delete(artifactId)
+PATCH    /api/case/artifact/_bulk                 controllers.ArtifactCtrl.bulkUpdate()
+PATCH    /api/case/artifact/:artifactId           controllers.ArtifactCtrl.update(artifactId)
+GET      /api/case/artifact/:artifactId/similar   controllers.ArtifactCtrl.findSimilar(artifactId)
+
+POST     /api/case/:caseId/task/_search           controllers.TaskCtrl.findInCase(caseId)
+POST     /api/case/task/_search                   controllers.TaskCtrl.find()
+POST     /api/case/task/_stats                    controllers.TaskCtrl.stats()
+GET      /api/case/task/:taskId                   controllers.TaskCtrl.get(taskId)
+PATCH    /api/case/task/:taskId                   controllers.TaskCtrl.update(taskId)
+POST     /api/case/:caseId/task                   controllers.TaskCtrl.create(caseId)
+
+GET      /api/case/task/:taskId/log               controllers.LogCtrl.findInTask(taskId)
+POST     /api/case/task/:taskId/log/_search       controllers.LogCtrl.findInTask(taskId)
+POST     /api/case/task/log/_search               controllers.LogCtrl.find()
+POST     /api/case/task/log/_stats                controllers.LogCtrl.stats()
+POST     /api/case/task/:taskId/log               controllers.LogCtrl.create(taskId)
+PATCH    /api/case/task/log/:logId                controllers.LogCtrl.update(logId)
+DELETE   /api/case/task/log/:logId                controllers.LogCtrl.delete(logId)
+GET      /api/case/task/log/:logId                controllers.LogCtrl.get(logId)
+
+GET      /api/alert                               controllers.AlertCtrl.find()
+POST     /api/alert/_search                       controllers.AlertCtrl.find()
+PATCH    /api/alert/_bulk                         controllers.AlertCtrl.bulkUpdate()
+POST     /api/alert/_stats                        controllers.AlertCtrl.stats()
+GET      /api/alert/_fixStatus                    controllers.AlertCtrl.fixStatus()
+POST     /api/alert                               controllers.AlertCtrl.create()
+GET      /api/alert/:alertId                      controllers.AlertCtrl.get(alertId)
+PATCH    /api/alert/:alertId                      controllers.AlertCtrl.update(alertId)
+DELETE   /api/alert/:alertId                      controllers.AlertCtrl.delete(alertId, force: Option[Boolean])
+POST     /api/alert/:alertId/markAsRead           controllers.AlertCtrl.markAsRead(alertId)
+POST     /api/alert/:alertId/markAsUnread         controllers.AlertCtrl.markAsUnread(alertId)
+POST     /api/alert/:alertId/createCase           controllers.AlertCtrl.createCase(alertId)
+POST     /api/alert/:alertId/follow               controllers.AlertCtrl.followAlert(alertId)
+POST     /api/alert/:alertId/unfollow             controllers.AlertCtrl.unfollowAlert(alertId)
+POST     /api/alert/:alertId/merge/:caseId        controllers.AlertCtrl.mergeWithCase(alertId, caseId)
+POST     /api/alert/merge/_bulk                   controllers.AlertCtrl.bulkMergeWithCase()
+POST     /api/alert/delete/_bulk                  controllers.AlertCtrl.bulkDelete()
+
+GET      /api/flow                                controllers.AuditCtrl.flow(rootId: Option[String], count: Option[Int])
+GET      /api/audit                               controllers.AuditCtrl.find()
+POST     /api/audit/_search                       controllers.AuditCtrl.find()
+POST     /api/audit/_stats                        controllers.AuditCtrl.stats()
+
+GET      /api/datastore/:hash                     controllers.AttachmentCtrl.download(hash, name: Option[String])
+GET      /api/datastorezip/:hash                  controllers.AttachmentCtrl.downloadZip(hash, name: Option[String])
+
+POST     /api/maintenance/migrate                 org.elastic4play.controllers.MigrationCtrl.migrate
+#POST          /api/maintenance/rehash                         controllers.MaintenanceCtrl.reHash
+
+GET      /api/list                                controllers.DBListCtrl.list()
+DELETE   /api/list/:itemId                        controllers.DBListCtrl.deleteItem(itemId)
+PATCH    /api/list/:itemId                        controllers.DBListCtrl.updateItem(itemId)
+POST     /api/list/:listName                      controllers.DBListCtrl.addItem(listName)
+GET      /api/list/:listName                      controllers.DBListCtrl.listItems(listName)
+POST     /api/list/:listName/_exists              controllers.DBListCtrl.itemExists(listName)
+GET      /api/customFields/:name                  controllers.CustomFieldsCtrl.useCount(name)
+
+GET      /api/user/current                        controllers.UserCtrl.currentUser()
+POST     /api/user/_search                        controllers.UserCtrl.find()
+POST     /api/user                                controllers.UserCtrl.create()
+GET      /api/user/:userId                        controllers.UserCtrl.get(userId)
+DELETE   /api/user/:userId                        controllers.UserCtrl.delete(userId)
+PATCH    /api/user/:userId                        controllers.UserCtrl.update(userId)
+POST     /api/user/:userId/password/set           controllers.UserCtrl.setPassword(userId)
+POST     /api/user/:userId/password/change        controllers.UserCtrl.changePassword(userId)
+GET      /api/user/:userId/key                    controllers.UserCtrl.getKey(userId)
+DELETE   /api/user/:userId/key                    controllers.UserCtrl.removeKey(userId)
+POST     /api/user/:userId/key/renew              controllers.UserCtrl.renewKey(userId)
+
+
+POST     /api/stream                              controllers.StreamCtrl.create()
+GET      /api/stream/status                       controllers.StreamCtrl.status
+GET      /api/stream/:streamId                    controllers.StreamCtrl.get(streamId)
+
+GET      /api/describe/_all                       controllers.DescribeCtrl.describeAll
+GET      /api/describe/:modelName                 controllers.DescribeCtrl.describe(modelName)
+
+GET      /api/dashboard                           controllers.DashboardCtrl.find()
+POST     /api/dashboard/_search                   controllers.DashboardCtrl.find()
+POST     /api/dashboard/_stats                    controllers.DashboardCtrl.stats()
+POST     /api/dashboard                           controllers.DashboardCtrl.create()
+GET      /api/dashboard/:dashboardId              controllers.DashboardCtrl.get(dashboardId)
+PATCH    /api/dashboard/:dashboardId              controllers.DashboardCtrl.update(dashboardId)
+DELETE   /api/dashboard/:dashboardId              controllers.DashboardCtrl.delete(dashboardId)
+
+->       /api/connector                           connectors.ConnectorRouter
+
+GET      /*file                                   controllers.AssetCtrl.get(file)

From 73b84bab75e5b8a19203d411b16529612711757a Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 3 Sep 2019 11:35:44 +0200
Subject: [PATCH 25/58] Update Play

---
 project/Dependencies.scala | 4 ++--
 project/plugins.sbt        | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index c2ec9c232f..b8ccb66f23 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -21,7 +21,7 @@ object Dependencies {
     val reflections = "org.reflections" % "reflections" % "0.9.11"
     val zip4j = "net.lingala.zip4j" % "zip4j" % "1.3.2"
     val elastic4play = "org.thehive-project" %% "elastic4play" % "1.11.5-SNAPSHOT"
-    val akkaCluster = "com.typesafe.akka" %% "akka-cluster" % "2.5.19"
-    val akkaClusterTools = "com.typesafe.akka" %% "akka-cluster-tools" % "2.5.19"
+    val akkaCluster = "com.typesafe.akka" %% "akka-cluster" % "2.5.21"
+    val akkaClusterTools = "com.typesafe.akka" %% "akka-cluster-tools" % "2.5.21"
   }
 }
diff --git a/project/plugins.sbt b/project/plugins.sbt
index c037cfab7e..c8ec87a869 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -1,6 +1,6 @@
 // Comment to get more information during initialization
 logLevel := Level.Info
 
-addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.22")
+addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.23")
 addSbtPlugin("org.foundweekends" % "sbt-bintray" % "0.5.1")
 addSbtPlugin("org.scalameta"     % "sbt-scalafmt" % "2.0.0")

From 04fd724fe511129dc1f23766a7d5e800ec72e095 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 3 Sep 2019 11:36:31 +0200
Subject: [PATCH 26/58] Fix MISP attribute deduplication when exporting a case

---
 .../app/connectors/misp/MispExport.scala      | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/thehive-misp/app/connectors/misp/MispExport.scala b/thehive-misp/app/connectors/misp/MispExport.scala
index 4e0fe2d44c..3104c06f76 100644
--- a/thehive-misp/app/connectors/misp/MispExport.scala
+++ b/thehive-misp/app/connectors/misp/MispExport.scala
@@ -51,17 +51,16 @@ class MispExport @Inject()(
   }
 
   def removeDuplicateAttributes(attributes: Seq[ExportedMispAttribute]): Seq[ExportedMispAttribute] = {
-    val attrIndex = attributes.zipWithIndex
-
-    attrIndex
-      .filter {
-        case (ExportedMispAttribute(_, category, tpe, _, value, _), index) ⇒
-          attrIndex.exists {
-            case (ExportedMispAttribute(_, `category`, `tpe`, _, `value`, _), otherIndex) ⇒ otherIndex >= index
-            case _                                                                        ⇒ true
-          }
+    var attrSet = Set.empty[(String, String, String)]
+    val builder = Seq.newBuilder[ExportedMispAttribute]
+    attributes.foreach { attr ⇒
+      val tuple = (attr.category, attr.tpe, attr.value.fold(identity, _.name))
+      if (!attrSet.contains(tuple)) {
+        builder += attr
+        attrSet += tuple
       }
-      .map(_._1)
+    }
+    builder.result()
   }
 
   def createEvent(

From 6aebecee4af4ed2ab1a5e0d98263b14c3ab9dd2f Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 3 Sep 2019 14:58:20 +0200
Subject: [PATCH 27/58] #954 Add more details on custom fields use

---
 .../app/controllers/CustomFieldsCtrl.scala       | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/thehive-backend/app/controllers/CustomFieldsCtrl.scala b/thehive-backend/app/controllers/CustomFieldsCtrl.scala
index abb51ad995..097b92800b 100644
--- a/thehive-backend/app/controllers/CustomFieldsCtrl.scala
+++ b/thehive-backend/app/controllers/CustomFieldsCtrl.scala
@@ -8,7 +8,7 @@ import play.api.mvc.{ AbstractController, Action, AnyContent, ControllerComponen
 
 import akka.stream.Materializer
 import akka.stream.scaladsl.Sink
-import com.sksamuel.elastic4s.http.ElasticDsl.search
+import com.sksamuel.elastic4s.http.ElasticDsl.{ search, termsAggregation }
 import javax.inject.{ Inject, Singleton }
 import models.Roles
 
@@ -43,14 +43,14 @@ class CustomFieldsCtrl @Inject()(
           .flatMap { customFieldType ⇒
             val filter = and("relations" in ("case", "alert", "caseTemplate"), contains(s"customFields.$customField.$customFieldType"))
             dbfind(
-              indexName ⇒ search(indexName).query(filter.query).size(0)
+              indexName ⇒ search(indexName).query(filter.query).aggregations(termsAggregation("t").field("relations"))
             ).map { searchResponse ⇒
-              Ok(JsNumber(searchResponse.totalHits))
-            }
+                val result = JsObject(searchResponse.aggregations.terms("t").buckets.map { b ⇒
+                  b.key → JsNumber(b.docCount)
+                })
+                Ok(result)
+              }
+              .recover { case _ ⇒ Ok(JsObject.empty) }
           }
       }
-
-  /*
-{"query":{"_and":[{"_not":{"_field":"customFields.cf1.string","_value":"ss"}},{"_not":{"status":"Deleted"}}]}}
- */
 }

From fb941c0481c94d3aac8d9a191d71a2974f38fdcc Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Wed, 4 Sep 2019 08:58:45 +0200
Subject: [PATCH 28/58] #954 Add total in custom field use count

---
 .../app/controllers/AlertCtrl.scala           |  9 ++++++---
 .../app/controllers/CustomFieldsCtrl.scala    | 20 +++++++++----------
 .../app/controllers/StatusCtrl.scala          |  4 ++--
 .../app/controllers/StreamCtrl.scala          |  9 +++++----
 thehive-backend/app/services/AlertSrv.scala   | 20 +++++++++----------
 5 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/thehive-backend/app/controllers/AlertCtrl.scala b/thehive-backend/app/controllers/AlertCtrl.scala
index 38a1ee4af6..9e87c3fb0e 100644
--- a/thehive-backend/app/controllers/AlertCtrl.scala
+++ b/thehive-backend/app/controllers/AlertCtrl.scala
@@ -128,8 +128,9 @@ class AlertCtrl @Inject()(
   @Timed
   def bulkDelete(): Action[Fields] = authenticated(Roles.admin).async(fieldsBodyParser) { implicit request ⇒
     request.body.getStrings("ids").fold(Future.successful(NoContent)) { ids ⇒
-      Future.traverse(ids)(alertSrv.delete(_, request.body.getBoolean("force").getOrElse(false)))
-        .map(_ => NoContent)
+      Future
+        .traverse(ids)(alertSrv.delete(_, request.body.getBoolean("force").getOrElse(false)))
+        .map(_ ⇒ NoContent)
     }
   }
 
@@ -180,7 +181,9 @@ class AlertCtrl @Inject()(
   def createCase(id: String): Action[Fields] = authenticated(Roles.write).async(fieldsBodyParser) { implicit request ⇒
     for {
       alert ← alertSrv.get(id)
-      customCaseTemplate = request.body.getString("caseTemplate")
+      customCaseTemplate = request
+        .body
+        .getString("caseTemplate")
         .orElse(alert.caseTemplate())
       caze ← alertSrv.createCase(alert, customCaseTemplate)
     } yield renderer.toOutput(CREATED, caze)
diff --git a/thehive-backend/app/controllers/CustomFieldsCtrl.scala b/thehive-backend/app/controllers/CustomFieldsCtrl.scala
index 097b92800b..a5a7b38b35 100644
--- a/thehive-backend/app/controllers/CustomFieldsCtrl.scala
+++ b/thehive-backend/app/controllers/CustomFieldsCtrl.scala
@@ -1,15 +1,15 @@
 package controllers
 
-import scala.concurrent.{ ExecutionContext, Future }
+import scala.concurrent.{ExecutionContext, Future}
 
 import play.api.http.Status
-import play.api.libs.json.{ JsNumber, JsObject }
-import play.api.mvc.{ AbstractController, Action, AnyContent, ControllerComponents }
+import play.api.libs.json.{JsNumber, JsObject, Json}
+import play.api.mvc.{AbstractController, Action, AnyContent, ControllerComponents}
 
 import akka.stream.Materializer
 import akka.stream.scaladsl.Sink
-import com.sksamuel.elastic4s.http.ElasticDsl.{ search, termsAggregation }
-import javax.inject.{ Inject, Singleton }
+import com.sksamuel.elastic4s.http.ElasticDsl.{search, termsAggregation}
+import javax.inject.{Inject, Singleton}
 import models.Roles
 
 import org.elastic4play.NotFoundError
@@ -45,12 +45,12 @@ class CustomFieldsCtrl @Inject()(
             dbfind(
               indexName ⇒ search(indexName).query(filter.query).aggregations(termsAggregation("t").field("relations"))
             ).map { searchResponse ⇒
-                val result = JsObject(searchResponse.aggregations.terms("t").buckets.map { b ⇒
-                  b.key → JsNumber(b.docCount)
-                })
-                Ok(result)
+                val buckets = searchResponse.aggregations.terms("t").buckets
+                val total   = buckets.map(_.docCount).sum
+                val result  = buckets.map(b ⇒ b.key → JsNumber(b.docCount)) :+ ("total" → JsNumber(total))
+                Ok(JsObject(result))
               }
-              .recover { case _ ⇒ Ok(JsObject.empty) }
+              .recover { case _ ⇒ Ok(Json.obj("total" → 0)) }
           }
       }
 }
diff --git a/thehive-backend/app/controllers/StatusCtrl.scala b/thehive-backend/app/controllers/StatusCtrl.scala
index 4466a847ec..08ee2f7145 100644
--- a/thehive-backend/app/controllers/StatusCtrl.scala
+++ b/thehive-backend/app/controllers/StatusCtrl.scala
@@ -33,8 +33,8 @@ class StatusCtrl @Inject()(
 ) extends AbstractController(components) {
 
   private[controllers] def getVersion(c: Class[_]) = Option(c.getPackage.getImplementationVersion).getOrElse("SNAPSHOT")
-  private var clusterStatusName: String = "Init"
-  val checkStatusInterval: FiniteDuration = configuration.getOptional[FiniteDuration]("statusCheckInterval").getOrElse(1.minute)
+  private var clusterStatusName: String            = "Init"
+  val checkStatusInterval: FiniteDuration          = configuration.getOptional[FiniteDuration]("statusCheckInterval").getOrElse(1.minute)
   private def updateStatus(): Unit = {
     clusterStatusName = Try(dbIndex.clusterStatusName).getOrElse("ERROR")
     system.scheduler.scheduleOnce(checkStatusInterval)(updateStatus())
diff --git a/thehive-backend/app/controllers/StreamCtrl.scala b/thehive-backend/app/controllers/StreamCtrl.scala
index ed4863b3cd..7f3ca03a27 100644
--- a/thehive-backend/app/controllers/StreamCtrl.scala
+++ b/thehive-backend/app/controllers/StreamCtrl.scala
@@ -23,7 +23,7 @@ import services.StreamActor
 import services.StreamActor.StreamMessages
 
 import org.elastic4play.controllers._
-import org.elastic4play.services.{ AuxSrv, EventSrv, MigrationSrv, UserSrv }
+import org.elastic4play.services.{AuxSrv, EventSrv, MigrationSrv, UserSrv}
 import org.elastic4play.Timed
 
 @Singleton
@@ -99,9 +99,10 @@ class StreamCtrl(
       Future.successful(BadRequest("Invalid stream id"))
     } else {
       val futureStatus = authenticated.expirationStatus(request) match {
-        case ExpirationError if !migrationSrv.isMigrating ⇒ userSrv.getInitialUser(request).recoverWith { case _ => authenticated.getFromApiKey(request)}.map(_ ⇒ OK)
-        case _: ExpirationWarning                         ⇒ Future.successful(220)
-        case _                                            ⇒ Future.successful(OK)
+        case ExpirationError if !migrationSrv.isMigrating ⇒
+          userSrv.getInitialUser(request).recoverWith { case _ ⇒ authenticated.getFromApiKey(request) }.map(_ ⇒ OK)
+        case _: ExpirationWarning ⇒ Future.successful(220)
+        case _                    ⇒ Future.successful(OK)
       }
 
       // Check if stream actor exists
diff --git a/thehive-backend/app/services/AlertSrv.scala b/thehive-backend/app/services/AlertSrv.scala
index 6a6ea09102..4b367c3ca0 100644
--- a/thehive-backend/app/services/AlertSrv.scala
+++ b/thehive-backend/app/services/AlertSrv.scala
@@ -3,27 +3,27 @@ package services
 import java.nio.file.Files
 
 import scala.collection.immutable
-import scala.concurrent.{ ExecutionContext, Future }
+import scala.concurrent.{ExecutionContext, Future}
 import scala.util.matching.Regex
-import scala.util.{ Failure, Success, Try }
+import scala.util.{Failure, Success, Try}
 
 import play.api.libs.json._
-import play.api.{ Configuration, Logger }
+import play.api.{Configuration, Logger}
 
 import akka.NotUsed
 import akka.stream.Materializer
-import akka.stream.scaladsl.{ Sink, Source }
+import akka.stream.scaladsl.{Sink, Source}
 import connectors.ConnectorRouter
-import javax.inject.{ Inject, Singleton }
+import javax.inject.{Inject, Singleton}
 import models._
 
-import org.elastic4play.controllers.{ Fields, FileInputValue }
+import org.elastic4play.controllers.{Fields, FileInputValue}
 import org.elastic4play.database.ModifyConfig
 import org.elastic4play.services.JsonFormat.attachmentFormat
-import org.elastic4play.services.QueryDSL.{ groupByField, parent, selectCount, withId }
+import org.elastic4play.services.QueryDSL.{groupByField, parent, selectCount, withId}
 import org.elastic4play.services._
 import org.elastic4play.utils.Collection
-import org.elastic4play.{ ConflictError, InternalError }
+import org.elastic4play.{ConflictError, InternalError}
 
 trait AlertTransformer {
   def createCase(alert: Alert, customCaseTemplate: Option[String])(implicit authContext: AuthContext): Future[Case]
@@ -312,7 +312,7 @@ class AlertSrv(
       .create(caze, artifactsFields)
       .flatMap { artifacts ⇒
         Future.traverse(artifacts) {
-          case Success(_) => Future.successful(())
+          case Success(_) ⇒ Future.successful(())
           case Failure(ConflictError(_, attributes)) ⇒ // if it already exists, add tags from alert
             import org.elastic4play.services.QueryDSL._
             (for {
@@ -340,7 +340,7 @@ class AlertSrv(
             Future.successful(())
         }
       }
-        .map(_ => caze)
+      .map(_ ⇒ caze)
     updatedCase.onComplete { _ ⇒
       // remove temporary files
       artifactsFields

From 0d026b1e15ceb81079f3d4813c53c0f4e5ed145d Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Wed, 4 Sep 2019 15:46:39 +0200
Subject: [PATCH 29/58] #954 Add the possibility to delete a custom field from
 the admin section

---
 ui/app/index.html                             |  1 +
 .../admin/AdminCustomFieldsCtrl.js            | 55 ++++++++++++++++++-
 .../controllers/case/CaseCloseModalCtrl.js    |  9 ++-
 ui/app/scripts/services/CustomFieldsSrv.js    | 17 ++++++
 .../admin/case-template/custom-fields.html    |  2 +-
 .../views/partials/admin/custom-fields.html   |  3 +-
 .../views/partials/utils/confirm.modal.html   |  3 +-
 7 files changed, 84 insertions(+), 6 deletions(-)
 create mode 100644 ui/app/scripts/services/CustomFieldsSrv.js

diff --git a/ui/app/index.html b/ui/app/index.html
index f4a81a5a5b..276ad53014 100644
--- a/ui/app/index.html
+++ b/ui/app/index.html
@@ -246,6 +246,7 @@
     <script src="scripts/services/Constants.js"></script>
     <script src="scripts/services/CortexSrv.js"></script>
     <script src="scripts/services/CustomFieldsCacheSrv.js"></script>
+    <script src="scripts/services/CustomFieldsSrv.js"></script>
     <script src="scripts/services/DashboardSrv.js"></script>
     <script src="scripts/services/EntitySrv.js"></script>
     <script src="scripts/services/FileResource.js"></script>
diff --git a/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js b/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
index 9b4a631bd3..021dedf731 100644
--- a/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
+++ b/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
@@ -2,7 +2,7 @@
     'use strict';
 
     angular.module('theHiveControllers').controller('AdminCustomFieldsCtrl',
-        function($scope, $uibModal, ListSrv, CustomFieldsCacheSrv, NotificationSrv) {
+        function($scope, $uibModal, ListSrv, CustomFieldsCacheSrv, NotificationSrv, ModalUtilsSrv, CustomFieldsSrv) {
             var self = this;
 
             self.reference = {
@@ -66,6 +66,59 @@
                 });
             };
 
+            self.deleteField = function(customField) {
+                CustomFieldsSrv.usage(customField)
+                    .then(function(response) {
+                        var usage = response.data,
+                            message,
+                            isHtml = false;
+
+
+                        if (usage.total === 0) {
+                            message = 'Are you sure you want to delete this custom field?';
+                        } else {
+                            var segs = [
+                                'Are you sure you want to delete this custom field?',
+                                '<br />',
+                                '<br />',
+                                'This custom field is used by:',
+                                '<ul>'
+                              ];
+
+                            if(usage.case) {
+                                segs.push('<li>' + usage.case + ' cases</li>');
+                            }
+
+                            if(usage.alert) {
+                                segs.push('<li>' + usage.alert + ' alerts</li>');
+                            }
+
+                            if(usage.caseTemplate) {
+                                segs.push('<li>' + usage.caseTemplate + ' case templates</li>');
+                            }
+
+                            segs.push('</ul>');
+
+                            message = segs.join('');
+                            isHtml = true;
+                        }
+
+                        return ModalUtilsSrv.confirm('Remove custom field', message, {
+                            okText: 'Yes, remove it',
+                            flavor: 'danger',
+                            isHtml: isHtml
+                        });
+                    })
+                    .then(function(response) {
+                        return CustomFieldsSrv.removeField(customField);
+                    })
+                    .then(function() {
+                        self.initCustomfields();
+                        CustomFieldsCacheSrv.clearCache();
+                        $scope.$emit('custom-fields:refresh');
+                    });
+            };
+
             self.initCustomfields();
         });
 })();
diff --git a/ui/app/scripts/controllers/case/CaseCloseModalCtrl.js b/ui/app/scripts/controllers/case/CaseCloseModalCtrl.js
index d52daf3d79..9d481674a7 100644
--- a/ui/app/scripts/controllers/case/CaseCloseModalCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseCloseModalCtrl.js
@@ -43,15 +43,20 @@
                 }), 'name');
 
                 return result;
-            }
+            };
 
             $scope.initialize = function() {
                 CustomFieldsCacheSrv.all().then(function(fields) {
                     $scope.orderedFields = getTemplateCustomFields($scope.caze.customFields);
-                    $scope.allCustomFields = fields;                    
+                    $scope.allCustomFields = fields;
 
                     $scope.mandatoryFields = _.without(_.map($scope.orderedFields, function(cf) {
                         var fieldDef = fields[cf];
+
+                        if(!fieldDef) {
+                            return;
+                        }
+
                         var fieldValue = $scope.caze.customFields[cf][cf.type];
 
                         if((fieldValue === undefined || fieldValue === null) && fieldDef.mandatory === true) {
diff --git a/ui/app/scripts/services/CustomFieldsSrv.js b/ui/app/scripts/services/CustomFieldsSrv.js
new file mode 100644
index 0000000000..e6ac051a2b
--- /dev/null
+++ b/ui/app/scripts/services/CustomFieldsSrv.js
@@ -0,0 +1,17 @@
+(function () {
+    'use strict';
+    angular.module('theHiveServices')
+        .factory('CustomFieldsSrv', function ($http) {
+
+            var factory = {
+                removeField: function (field) {
+                    return $http.delete('./api/list/' + field.id);
+                },
+                usage: function(field) {
+                    return $http.get('./api/customFields/' + field.reference);
+                }
+            };
+
+            return factory;
+        });
+})();
diff --git a/ui/app/views/partials/admin/case-template/custom-fields.html b/ui/app/views/partials/admin/case-template/custom-fields.html
index b1a0ef0531..d85d6440b0 100644
--- a/ui/app/views/partials/admin/case-template/custom-fields.html
+++ b/ui/app/views/partials/admin/case-template/custom-fields.html
@@ -20,7 +20,7 @@ <h4 class="vpad10 text-primary">
                     <a href ng-click="$vm.removeCustomField(cf)"><span class="pull-right text-danger"><i class="fa fa-trash"></i> Delete</span></a>
                 </div>
                 <div class="col-sm-6">
-                    <select class="form-control" ng-model="cf.name" ng-options="item.reference as item.name for (key, item) in $vm.fields" required></select>
+                    <select class="form-control" ng-model="cf.name" ng-options="item.reference as item.name for (key, item) in $vm.fields | orderObjectBy:'name'" required></select>
                 </div>
                 <div class="col-sm-6" ng-if="$vm.fields[cf.name].options.length > 0">
                     <select class="form-control" ng-model="cf.value" ng-options="v for v in $vm.fields[cf.name].options">
diff --git a/ui/app/views/partials/admin/custom-fields.html b/ui/app/views/partials/admin/custom-fields.html
index f018ff1488..d6f2689cc0 100644
--- a/ui/app/views/partials/admin/custom-fields.html
+++ b/ui/app/views/partials/admin/custom-fields.html
@@ -20,7 +20,7 @@ <h3 class="box-title">Case custom fields ({{$vm.customFields.length}})</h3>
                             <th>Description</th>
                             <th width="100" class="text-center">Mandatory</th>
                             <th width="200">Options</th>
-                            <th width="80" class="text-center">Actions</th>
+                            <th width="160" class="text-center">Actions</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -42,6 +42,7 @@ <h3 class="box-title">Case custom fields ({{$vm.customFields.length}})</h3>
                             </td>
                             <td align="center">
                                 <button class="btn btn-xs btn-primary" ng-click="$vm.showFieldDialog(field)"><i class="fa fa-pencil"></i> Edit</button>
+                                <button class="btn btn-xs btn-danger" ng-click="$vm.deleteField(field)"><i class="fa fa-trash"></i> Delete</button>
                             </td>
                         </tr>
                     </tbody>
diff --git a/ui/app/views/partials/utils/confirm.modal.html b/ui/app/views/partials/utils/confirm.modal.html
index 85c1c36275..d91a7a060b 100644
--- a/ui/app/views/partials/utils/confirm.modal.html
+++ b/ui/app/views/partials/utils/confirm.modal.html
@@ -3,7 +3,8 @@
       <h3 class="modal-title">{{$modal.title}}</h3>
   </div>
   <div class="modal-body">
-      <p>{{$modal.message}}</p>
+      <p ng-if="!$modal.config.isHtml">{{$modal.message}}</p>
+      <p ng-if="$modal.config.isHtml" ng-bind-html="$modal.message"></p>
   </div>
   <div class="modal-footer text-left">
       <button class="btn btn-default" ng-click="$modal.cancel()" type="button">Cancel</button>

From 447cdfa242b184bed346434cce33cf6f30e6cf72 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Wed, 4 Sep 2019 16:08:00 +0200
Subject: [PATCH 30/58] #954 Improve the confirmation dialog message

---
 .../controllers/admin/AdminCustomFieldsCtrl.js        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js b/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
index 021dedf731..fcf4945582 100644
--- a/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
+++ b/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
@@ -86,15 +86,15 @@
                               ];
 
                             if(usage.case) {
-                                segs.push('<li>' + usage.case + ' cases</li>');
+                                segs.push('<li>' + usage.case + ' ' + (usage.case > 1 ? 'cases' : 'case') + '</li>');
                             }
 
                             if(usage.alert) {
-                                segs.push('<li>' + usage.alert + ' alerts</li>');
+                                segs.push('<li>' + usage.alert + ' ' + (usage.alert > 1 ? 'alerts' : 'alert') + '</li>');
                             }
 
                             if(usage.caseTemplate) {
-                                segs.push('<li>' + usage.caseTemplate + ' case templates</li>');
+                                segs.push('<li>' + usage.caseTemplate + ' case ' + ' ' + (usage.caseTemplate > 1 ? 'templates' : 'template') + '</li>');
                             }
 
                             segs.push('</ul>');
@@ -109,13 +109,16 @@
                             isHtml: isHtml
                         });
                     })
-                    .then(function(response) {
+                    .then(function(/*response*/) {
                         return CustomFieldsSrv.removeField(customField);
                     })
                     .then(function() {
                         self.initCustomfields();
                         CustomFieldsCacheSrv.clearCache();
                         $scope.$emit('custom-fields:refresh');
+                    })
+                    .catch(function(err) {
+                        console.log(err);
                     });
             };
 

From 9f1c5625ba2ea87d7c3f0b37f631cd514ab501b3 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Wed, 4 Sep 2019 16:25:19 +0200
Subject: [PATCH 31/58] #954 Add notifications on success and failure when
 deleting a custom field

---
 ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js b/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
index fcf4945582..04b56cac48 100644
--- a/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
+++ b/ui/app/scripts/controllers/admin/AdminCustomFieldsCtrl.js
@@ -113,12 +113,16 @@
                         return CustomFieldsSrv.removeField(customField);
                     })
                     .then(function() {
+                        NotificationSrv.log('The custom field has been removed successfully', 'success');
+                        
                         self.initCustomfields();
                         CustomFieldsCacheSrv.clearCache();
                         $scope.$emit('custom-fields:refresh');
                     })
                     .catch(function(err) {
-                        console.log(err);
+                        if(err && !_.isString(err)) {
+                            NotificationSrv.error('AdminCustomFields', err.data, err.status);
+                        }
                     });
             };
 

From e6330c87010a8a15c4e87e4577f969b4e5443a34 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Thu, 5 Sep 2019 11:47:10 +0200
Subject: [PATCH 32/58] Update changelog and version

---
 CHANGELOG.md               | 22 ++++++++++++++++++++--
 project/Dependencies.scala |  2 +-
 version.sbt                |  2 +-
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d10cd01815..b504a828a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,25 @@
 # Change Log
 
-## [3.4.0-4C1](https://github.com/TheHive-Project/TheHive/tree/3.4.0-RC1) (2019-07-09)
+## [3.4.0](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-09-05)
 
+[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.4.0-RC2...3.4.0)
+
+**Implemented enhancements:**
+
+- Removing custom fields [\#954](https://github.com/TheHive-Project/TheHive/issues/954)
+
+**Fixed bugs:**
+
+- Cosmetic Bug: wrong number of exported observables displayed [\#1071](https://github.com/TheHive-Project/TheHive/issues/1071)
+- Update Database button does not appear in training appliance [\#1067](https://github.com/TheHive-Project/TheHive/issues/1067)
+- bulk merge alerts into case lose description's alert [\#1065](https://github.com/TheHive-Project/TheHive/issues/1065)
+- Incorrect number of related observables returned [\#1062](https://github.com/TheHive-Project/TheHive/issues/1062)
+- Incorrect tag filter results when observables with tags are added then deleted [\#1061](https://github.com/TheHive-Project/TheHive/issues/1061)
+- Cannot setup TheHive 3.4.0-RC2 using Docker [\#1051](https://github.com/TheHive-Project/TheHive/issues/1051)
+- Case statistics dashboard loads with an error message and the case over time panel fails to display any data [\#1050](https://github.com/TheHive-Project/TheHive/issues/1050)
+- Can't secure ElasticSearch connection [\#1046](https://github.com/TheHive-Project/TheHive/issues/1046)
+
+## [3.4.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.4.0-RC2) (2019-07-10)
 [Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.4.0-RC1...3.4.0-RC2)
 
 **Implemented enhancements:**
@@ -25,7 +43,7 @@
 - Cannot add custom fields to case template [\#1042](https://github.com/TheHive-Project/TheHive/issues/1042)
 - sample hive does not connect to cortex and prints no helpful error message [\#1028](https://github.com/TheHive-Project/TheHive/issues/1028)
 
-## [3.4.0-4C1](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-06-05)
+## [3.4.0-RC1](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-06-05)
 
 [Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.1...3.4.0-4C1)
 
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index b8ccb66f23..7be462cf0c 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -20,7 +20,7 @@ object Dependencies {
 
     val reflections = "org.reflections" % "reflections" % "0.9.11"
     val zip4j = "net.lingala.zip4j" % "zip4j" % "1.3.2"
-    val elastic4play = "org.thehive-project" %% "elastic4play" % "1.11.5-SNAPSHOT"
+    val elastic4play = "org.thehive-project" %% "elastic4play" % "1.11.5"
     val akkaCluster = "com.typesafe.akka" %% "akka-cluster" % "2.5.21"
     val akkaClusterTools = "com.typesafe.akka" %% "akka-cluster-tools" % "2.5.21"
   }
diff --git a/version.sbt b/version.sbt
index 337cb18c1b..4a9221edea 100644
--- a/version.sbt
+++ b/version.sbt
@@ -1 +1 @@
-version in ThisBuild := "3.4.0-RC2"
+version in ThisBuild := "3.4.0-1"

From 52e5be6a0a920cfee45d85ed051a53f65cd43aa2 Mon Sep 17 00:00:00 2001
From: garanews <puntogtg@tiscali.it>
Date: Tue, 1 Oct 2019 11:01:59 +0200
Subject: [PATCH 33/58] fix some typo

fix some typo
---
 CHANGELOG.md                                               | 2 +-
 thehive-backend/conf/reference.conf                        | 2 +-
 ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js | 2 +-
 ui/app/scripts/directives/entityLink.js                    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b504a828a5..1bea0e83d9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -474,7 +474,7 @@
 **Closed issues:**
 
 - The Hive - MISP SSL configuration: General SSLEngine problem [\#544](https://github.com/TheHive-Project/TheHive/issues/544)
-- Dropdown menu for case templates doesnt have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
+- Dropdown menu for case templates doesn't have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
 
 **Merged pull requests:**
 
diff --git a/thehive-backend/conf/reference.conf b/thehive-backend/conf/reference.conf
index 49fdb53b16..5ca2400d54 100644
--- a/thehive-backend/conf/reference.conf
+++ b/thehive-backend/conf/reference.conf
@@ -191,7 +191,7 @@ migration {
 //
 //    # Maximum number of sync messages that actor can process for stream to substream communication.
 //    # Parameter allows to interrupt synchronous processing to get upsteam/downstream messages.
-//    # Allows to accelerate message processing that happening withing same actor but keep system responsive.
+//    # Allows to accelerate message processing that happening within same actor but keep system responsive.
 //    sync-processing-limit = 1000
 //
 //    debug {
diff --git a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
index 26a0e3dc17..589ff7328d 100644
--- a/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
+++ b/ui/app/scripts/controllers/case/CaseObservablesItemCtrl.js
@@ -155,7 +155,7 @@
                     }, 500);
 
                 }, function(/*err*/) {
-                    NotificationSrv.log('An expected error occured while fetching the job report');
+                    NotificationSrv.log('An expected error occurred while fetching the job report');
                 });
             };
 
diff --git a/ui/app/scripts/directives/entityLink.js b/ui/app/scripts/directives/entityLink.js
index 35dba95b0a..4d5134291a 100644
--- a/ui/app/scripts/directives/entityLink.js
+++ b/ui/app/scripts/directives/entityLink.js
@@ -19,7 +19,7 @@
 
                     if (angular.isDefined(scope.value)) {
                         if (!compiledContents) {
-                            // Get the link function with the contents frome top
+                            // Get the link function with the contents from top
                             // level template with
                             // the transclude
                             compiledContents = $compile(contents, transclude);

From 6e079836788854106d92cab0b331dacf264c119c Mon Sep 17 00:00:00 2001
From: Adeel Ahmad <adeelahmad14@hotmail.com>
Date: Thu, 10 Oct 2019 15:17:33 +0200
Subject: [PATCH 34/58] Remove Elasticsearch cluster configuration option

The support for Elastichsearch cluster was dropped in
elastic4play: https://github.com/TheHive-Project/elastic4play/commit/61b536dba876dc1e4a2b55d496f5e8bc01c31db7
---
 docker/thehive/docker-compose.yml   | 1 -
 thehive-backend/conf/reference.conf | 2 --
 2 files changed, 3 deletions(-)

diff --git a/docker/thehive/docker-compose.yml b/docker/thehive/docker-compose.yml
index 801cd4f85d..8b952f6f6b 100644
--- a/docker/thehive/docker-compose.yml
+++ b/docker/thehive/docker-compose.yml
@@ -4,7 +4,6 @@ services:
     image: elasticsearch:6.8.0
     environment:
       - http.host=0.0.0.0
-      - cluster.name=hive
       - thread_pool.index.queue_size=100000
       - thread_pool.search.queue_size=100000
       - thread_pool.bulk.queue_size=100000
diff --git a/thehive-backend/conf/reference.conf b/thehive-backend/conf/reference.conf
index 5ca2400d54..344e3dba8f 100644
--- a/thehive-backend/conf/reference.conf
+++ b/thehive-backend/conf/reference.conf
@@ -28,8 +28,6 @@ play.http.session.cookieName = THE_HIVE_SESSION
 search {
   # Name of the index
   index = the_hive
-  # Name of the ElasticSearch cluster
-  cluster = hive
   # Address of the ElasticSearch instance
   host = ["127.0.0.1:9300"]
   # Scroll keepalive

From 809c6b5362707c75a41d6edcac554c406f5ec164 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 24 Feb 2020 13:48:58 +0100
Subject: [PATCH 35/58] #1233 Fix API heath status

---
 thehive-backend/app/controllers/StatusCtrl.scala | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/thehive-backend/app/controllers/StatusCtrl.scala b/thehive-backend/app/controllers/StatusCtrl.scala
index 08ee2f7145..7da4e47852 100644
--- a/thehive-backend/app/controllers/StatusCtrl.scala
+++ b/thehive-backend/app/controllers/StatusCtrl.scala
@@ -79,8 +79,7 @@ class StatusCtrl @Inject()(
         case 1 ⇒ HealthStatus.Warning
         case _ ⇒ HealthStatus.Error
       }
-      connectorStatus = connectors.map(c ⇒ c.health).toSeq
-      distinctStatus  = connectorStatus :+ dbStatus
+      distinctStatus = connectors.map(c ⇒ c.health) + dbStatus
       globalStatus = if (distinctStatus.contains(HealthStatus.Ok)) {
         if (distinctStatus.size > 1) HealthStatus.Warning else HealthStatus.Ok
       } else if (distinctStatus.contains(HealthStatus.Error)) HealthStatus.Error

From 2e28aa21d11981ec6a935b7cf2449766978d8cbc Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Tue, 24 Mar 2020 10:49:45 +0100
Subject: [PATCH 36/58] Fix version of js-url library

---
 ui/bower.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/bower.json b/ui/bower.json
index c00deac64d..7338a0bee8 100644
--- a/ui/bower.json
+++ b/ui/bower.json
@@ -50,7 +50,7 @@
     "angular-drag-and-drop-lists": "^2.1.0",
     "angular-bootstrap-colorpicker": "^3.0.32",
     "file-saver": "1.3.4",
-    "js-url": "^2.5.3",
+    "js-url": "~2.5.3",
     "bootstrap-sass": "bootstrap-sass-official#^3.4.1"
   },
   "devDependencies": {

From 9bc36093b5102f5d11475c297a4db9718be5b9a4 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 27 Mar 2020 14:31:59 +0100
Subject: [PATCH 37/58] #1156 Fix analyzer timeout

---
 .../cortex/services/CortexAnalyzerSrv.scala       | 15 +++++++++++----
 .../connectors/cortex/services/CortexClient.scala |  6 +++++-
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
index 2f27e8592c..166f79b1e5 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
@@ -330,15 +330,22 @@ class CortexAnalyzerSrv @Inject()(
             .set("status", JobStatus.Failure.toString)
             .set("endDate", Json.toJson(new Date))
           update(jobId, jobFields)
-        case _ if maxRetryOnError > 0 ⇒
-          logger.debug(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails, restarting ...")
+        /* Workaround */
+        case CortexError(500, _, body) if Try((Json.parse(body) \ "type").as[String]) == Success("akka.pattern.AskTimeoutException") ⇒
+          logger.debug("Got a 500 Timeout, retry")
+          updateJobWithCortex(jobId, cortexJobId, cortex)
+        case e if maxRetryOnError > 0 ⇒
+          logger.debug(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails, restarting ...", e)
           val result = Promise[Job]
           system.scheduler.scheduleOnce(retryDelay) {
             updateJobWithCortex(jobId, cortexJobId, cortex, retryDelay, maxRetryOnError - 1).onComplete(result.complete)
           }
           result.future
-        case _ ⇒
-          logger.error(s"Request of status of job $cortexJobId in cortex ${cortex.name} fails and the number of errors reaches the limit, aborting")
+        case e ⇒
+          logger.error(
+            s"Request of status of job $cortexJobId in cortex ${cortex.name} fails and the number of errors reaches the limit, aborting",
+            e
+          )
           update(
             jobId,
             Fields
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexClient.scala b/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
index db3e45b8a1..a5a5b7ed9e 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexClient.scala
@@ -165,7 +165,11 @@ class CortexClient(val name: String, baseUrl: String, authentication: Option[Cor
     request(s"api/analyzer/type/$dataType", _.get, _.json.as[Seq[Analyzer]]).map(_.map(_.copy(cortexIds = List(name))))
 
   def waitReport(jobId: String, atMost: Duration)(implicit ec: ExecutionContext): Future[JsObject] =
-    request(s"api/job/$jobId/waitreport", _.withQueryStringParameters("atMost" → atMost.toString).get, _.json.as[JsObject])
+    request(
+      s"api/job/$jobId/waitreport",
+      _.withQueryStringParameters("atMost" → atMost.toString).withRequestTimeout(atMost + 1.second).get,
+      _.json.as[JsObject]
+    )
 
   def getVersion()(implicit ec: ExecutionContext): Future[Option[String]] =
     request("api/status", _.get, identity)

From 8816561e4d6e59b03e30ac49636df5cd69291af9 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 30 Mar 2020 09:31:37 +0200
Subject: [PATCH 38/58] #1210 Fix computed metrics

---
 thehive-backend/app/models/Alert.scala | 13 +++++++++----
 thehive-backend/app/models/Case.scala  |  6 +++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
index 2dcde4860f..ff17e1e859 100644
--- a/thehive-backend/app/models/Alert.scala
+++ b/thehive-backend/app/models/Alert.scala
@@ -83,10 +83,15 @@ trait AlertAttributes {
 @Singleton
 class AlertModel @Inject()(dblists: DBLists) extends ModelDef[AlertModel, Alert]("alert", "Alert", "/alert") with AlertAttributes with AuditedModel {
 
-  private[AlertModel] lazy val logger               = Logger(getClass)
-  override val defaultSortBy: Seq[String]           = Seq("-date")
-  override val removeAttribute: JsObject            = Json.obj("status" → AlertStatus.Ignored)
-  override val computedMetrics: Map[String, String] = Map("observableCount" → "_source['artifacts']?.size()")
+  private[AlertModel] lazy val logger     = Logger(getClass)
+  override val defaultSortBy: Seq[String] = Seq("-date")
+  override val removeAttribute: JsObject  = Json.obj("status" → AlertStatus.Ignored)
+  override val computedMetrics: Map[String, String] = Map(
+    "observableCount"           → "if (params._source.containsKey('artifacts')) { params._source['artifacts'].size() } else 0",
+    "handlingDurationInSeconds" → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / 1000",
+    "handlingDurationInHours"   → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / 3600000",
+    "handlingDurationInDays"    → "(doc['updatedAt'].date.getMillis() - doc['createdAt'].date.getMillis()) / (3600000 * 24)"
+  )
 
   override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] = {
     // check if data attribute is present on all artifacts
diff --git a/thehive-backend/app/models/Case.scala b/thehive-backend/app/models/Case.scala
index a6fe3984d5..86652a07e7 100644
--- a/thehive-backend/app/models/Case.scala
+++ b/thehive-backend/app/models/Case.scala
@@ -177,9 +177,9 @@ class CaseModel @Inject()(
     }
 
   override val computedMetrics = Map(
-    "handlingDurationInSeconds" → "(doc['endDate'].value - doc['startDate'].value) / 1000",
-    "handlingDurationInHours"   → "(doc['endDate'].value - doc['startDate'].value) / 3600000",
-    "handlingDurationInDays"    → "(doc['endDate'].value - doc['startDate'].value) / (3600000 * 24)"
+    "handlingDurationInSeconds" → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / 1000",
+    "handlingDurationInHours"   → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / 3600000",
+    "handlingDurationInDays"    → "(doc['endDate'].date.getMillis() - doc['startDate'].date.getMillis()) / (3600000 * 24)"
   )
 }
 

From 32210eb5e16c4297517d36676d39023b3443a6db Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 30 Mar 2020 09:32:08 +0200
Subject: [PATCH 39/58] #1272 Fix multiple Cortex request

---
 .../cortex/services/CortexActionSrv.scala     | 20 ++++++++++++----
 .../cortex/services/CortexAnalyzerSrv.scala   | 24 ++++++++++++-------
 2 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
index 5f5ef8a71c..cc0a5e7db0 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexActionSrv.scala
@@ -4,6 +4,7 @@ import java.util.Date
 
 import scala.concurrent.duration.FiniteDuration
 import scala.concurrent.{ExecutionContext, Future, Promise}
+import scala.util.Success
 import scala.util.control.NonFatal
 import scala.util.matching.Regex
 
@@ -42,7 +43,7 @@ class CortexActionSrv @Inject()(
     implicit val mat: Materializer
 ) {
 
-  lazy val logger                  = Logger(getClass)
+  lazy val logger: Logger          = Logger(getClass)
   lazy val responderIdRegex: Regex = "(.*)-(.*)".r
 
   def getResponderById(id: String): Future[Responder] =
@@ -221,9 +222,20 @@ class CortexActionSrv @Inject()(
             }
         }
         .getOrElse {
-          Future.firstCompletedOf {
-            cortexConfig.instances.map(c ⇒ getResponder(c).map(c → _))
-          }
+          Future
+            .traverse(cortexConfig.instances) { c ⇒
+              getResponder(c)
+                .transform {
+                  case Success(w) ⇒ Success(Some(c → w))
+                  case _          ⇒ Success(None)
+                }
+            }
+            .flatMap { responders ⇒
+              responders
+                .flatten
+                .headOption
+                .fold[Future[(CortexClient, Responder)]](Future.failed(NotFoundError(s"Responder not found")))(Future.successful)
+            }
         }
 
     for {
diff --git a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
index 166f79b1e5..18cb243c54 100644
--- a/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
+++ b/thehive-cortex/app/connectors/cortex/services/CortexAnalyzerSrv.scala
@@ -5,13 +5,11 @@ import java.util.Date
 
 import scala.concurrent.duration.FiniteDuration
 import scala.concurrent.{ExecutionContext, Future, Promise}
-import scala.util.Try
+import scala.util.{Success, Try}
 import scala.util.control.NonFatal
-
 import play.api.Logger
 import play.api.libs.json._
 import play.api.libs.ws.WSClient
-
 import akka.NotUsed
 import akka.actor.{Actor, ActorSystem}
 import akka.stream.Materializer
@@ -21,7 +19,6 @@ import connectors.cortex.models._
 import javax.inject.{Inject, Singleton}
 import models.{Artifact, Case}
 import services.{UserSrv ⇒ _, _}
-
 import org.elastic4play.controllers.{Fields, FileInputValue}
 import org.elastic4play.database.{DBRemove, ModifyConfig}
 import org.elastic4play.services.JsonFormat.attachmentFormat
@@ -139,7 +136,7 @@ class CortexAnalyzerSrv @Inject()(
   def realDeleteJob(job: Job): Future[Unit] =
     dbRemove(job).map(_ ⇒ ())
 
-  def stats(query: QueryDef, aggs: Seq[Agg]) = findSrv(jobModel, query, aggs: _*)
+  def stats(query: QueryDef, aggs: Seq[Agg]): Future[JsObject] = findSrv(jobModel, query, aggs: _*)
 
   def getAnalyzer(analyzerId: String): Future[Analyzer] =
     Future
@@ -368,9 +365,20 @@ class CortexAnalyzerSrv @Inject()(
           }
 
       case None ⇒
-        Future.firstCompletedOf {
-          cortexConfig.instances.map(c ⇒ c.getAnalyzer(analyzerName).map(c → _))
-        }
+        Future
+          .traverse(cortexConfig.instances) { c ⇒
+            c.getAnalyzer(analyzerName)
+              .transform {
+                case Success(w) ⇒ Success(Some(c → w))
+                case _          ⇒ Success(None)
+              }
+          }
+          .flatMap { analyzers ⇒
+            analyzers
+              .flatten
+              .headOption
+              .fold[Future[(CortexClient, Analyzer)]](Future.failed(NotFoundError(s"Analyzer not found")))(Future.successful)
+          }
     }
 
     cortexClientAnalyzer.flatMap {

From 9ce3a18ab31a5a2a6ad960028681077c56130ac8 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Mon, 30 Mar 2020 09:32:53 +0200
Subject: [PATCH 40/58] #1273 MISP: map "to_ids" to "ioc"

---
 thehive-misp/app/connectors/misp/JsonFormat.scala    |  9 ++++++---
 thehive-misp/app/connectors/misp/MispConverter.scala |  6 ++++--
 thehive-misp/app/connectors/misp/MispExport.scala    | 11 ++++++-----
 thehive-misp/app/connectors/misp/MispModel.scala     |  4 ++--
 thehive-misp/app/connectors/misp/MispSrv.scala       |  6 +++---
 thehive-misp/app/connectors/misp/MispSynchro.scala   |  6 +++---
 6 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/thehive-misp/app/connectors/misp/JsonFormat.scala b/thehive-misp/app/connectors/misp/JsonFormat.scala
index e2a80c652b..ab45c69a81 100644
--- a/thehive-misp/app/connectors/misp/JsonFormat.scala
+++ b/thehive-misp/app/connectors/misp/JsonFormat.scala
@@ -65,7 +65,8 @@ object JsonFormat {
         value    ← (json \ "value").validate[String]
         category ← (json \ "category").validate[String]
         tags     ← JsArray(json \ "EventTag" \\ "name").validate[Seq[String]]
-      } yield MispAttribute(id, category, tpe, date, comment, value, tags)
+        toIds    ← (json \ "to_ids").validate[Boolean]
+      } yield MispAttribute(id, category, tpe, date, comment, value, tags, toIds)
   )
 
   val tlpWrites: Writes[Long] = Writes[Long] {
@@ -82,7 +83,8 @@ object JsonFormat {
       "type"     → attribute.tpe,
       "value"    → attribute.value.fold[String](identity, _.name),
       "comment"  → attribute.comment,
-      "Tag"      → Json.arr(Json.obj("name" → tlpWrites.writes(attribute.tlp)))
+      "Tag"      → Json.arr(Json.obj("name" → tlpWrites.writes(attribute.tlp))),
+      "to_ids"   → attribute.artifact.ioc()
     )
   }
 
@@ -92,7 +94,8 @@ object JsonFormat {
       "message"   → artifact.message,
       "tlp"       → artifact.tlp,
       "tags"      → artifact.tags,
-      "startDate" → artifact.startDate
+      "startDate" → artifact.startDate,
+      "ioc"       → artifact.ioc
     ) + (artifact.value match {
       case SimpleArtifactData(data) ⇒ "data" → JsString(data)
       case RemoteAttachmentArtifact(filename, reference, tpe) ⇒
diff --git a/thehive-misp/app/connectors/misp/MispConverter.scala b/thehive-misp/app/connectors/misp/MispConverter.scala
index 6498f4fa97..88d4e0e2cd 100644
--- a/thehive-misp/app/connectors/misp/MispConverter.scala
+++ b/thehive-misp/app/connectors/misp/MispConverter.scala
@@ -12,7 +12,8 @@ trait MispConverter {
           message = mispAttribute.comment,
           tlp = 0,
           tags = tags ++ mispAttribute.tags,
-          startDate = mispAttribute.date
+          startDate = mispAttribute.date,
+          ioc = mispAttribute.toIds
         )
       )
     } else {
@@ -24,7 +25,8 @@ trait MispConverter {
           message = mispAttribute.comment,
           tlp = 0,
           tags = tags ++ mispAttribute.tags,
-          startDate = mispAttribute.date
+          startDate = mispAttribute.date,
+          ioc = mispAttribute.toIds
         )
 
       val types = mispAttribute.tpe.split('|').toSeq
diff --git a/thehive-misp/app/connectors/misp/MispExport.scala b/thehive-misp/app/connectors/misp/MispExport.scala
index 3104c06f76..db7abf38a1 100644
--- a/thehive-misp/app/connectors/misp/MispExport.scala
+++ b/thehive-misp/app/connectors/misp/MispExport.scala
@@ -115,7 +115,7 @@ class MispExport @Inject()(
 
   def exportAttribute(mispConnection: MispConnection, eventId: String, attribute: ExportedMispAttribute): Future[Artifact] = {
     val mispResponse = attribute match {
-      case ExportedMispAttribute(_, _, _, _, Right(attachment), comment) ⇒
+      case ExportedMispAttribute(artifact, _, _, _, Right(attachment), comment) ⇒
         attachmentSrv
           .source(attachment.id)
           .runReduce(_ ++ _)
@@ -126,7 +126,8 @@ class MispExport @Inject()(
                 "category" → "Payload delivery",
                 "type"     → "malware-sample",
                 "comment"  → comment,
-                "files"    → Json.arr(Json.obj("filename" → attachment.name, "data" → b64data))
+                "files"    → Json.arr(Json.obj("filename" → attachment.name, "data" → b64data)),
+                "to_ids"   → artifact.ioc()
               )
             )
             mispConnection(s"events/upload_sample/$eventId").post(body)
@@ -205,9 +206,9 @@ class MispExport @Inject()(
           logger.debug(s"Updating MISP event $eventId")
           mispSrv.getAttributesFromMisp(mispConnection, eventId, None).map { attributes ⇒
             (eventId, Nil, attributes.map {
-              case MispArtifact(SimpleArtifactData(data), _, _, _, _, _)                             ⇒ Left(data)
-              case MispArtifact(RemoteAttachmentArtifact(filename, _, _), _, _, _, _, _)             ⇒ Right(filename)
-              case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _) ⇒ Right(filename)
+              case MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _)                             ⇒ Left(data)
+              case MispArtifact(RemoteAttachmentArtifact(filename, _, _), _, _, _, _, _, _)             ⇒ Right(filename)
+              case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _, _) ⇒ Right(filename)
             })
           }
         }
diff --git a/thehive-misp/app/connectors/misp/MispModel.scala b/thehive-misp/app/connectors/misp/MispModel.scala
index 05d42b4bb2..542d3db1fc 100644
--- a/thehive-misp/app/connectors/misp/MispModel.scala
+++ b/thehive-misp/app/connectors/misp/MispModel.scala
@@ -34,7 +34,7 @@ case class MispAlert(
     caseTemplate: String
 )
 
-case class MispAttribute(id: String, category: String, tpe: String, date: Date, comment: String, value: String, tags: Seq[String])
+case class MispAttribute(id: String, category: String, tpe: String, date: Date, comment: String, value: String, tags: Seq[String], toIds: Boolean)
 
 case class ExportedMispAttribute(
     artifact: Artifact,
@@ -45,6 +45,6 @@ case class ExportedMispAttribute(
     comment: Option[String]
 )
 
-case class MispArtifact(value: ArtifactData, dataType: String, message: String, tlp: Long, tags: Seq[String], startDate: Date)
+case class MispArtifact(value: ArtifactData, dataType: String, message: String, tlp: Long, tags: Seq[String], startDate: Date, ioc: Boolean)
 
 case class MispExportError(message: String, artifact: Artifact) extends ErrorWithObject(message, artifact.attributes)
diff --git a/thehive-misp/app/connectors/misp/MispSrv.scala b/thehive-misp/app/connectors/misp/MispSrv.scala
index 8e8da7c315..5c990b8aa4 100644
--- a/thehive-misp/app/connectors/misp/MispSrv.scala
+++ b/thehive-misp/app/connectors/misp/MispSrv.scala
@@ -137,9 +137,9 @@ class MispSrv @Inject()(
           .filter(_.date after refDate)
           .flatMap(convertAttribute)
           .groupBy {
-            case MispArtifact(SimpleArtifactData(data), dataType, _, _, _, _)                             ⇒ dataType → Right(data)
-            case MispArtifact(RemoteAttachmentArtifact(filename, _, _), dataType, _, _, _, _)             ⇒ dataType → Left(filename)
-            case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), dataType, _, _, _, _) ⇒ dataType → Left(filename)
+            case MispArtifact(SimpleArtifactData(data), dataType, _, _, _, _, _)                             ⇒ dataType → Right(data)
+            case MispArtifact(RemoteAttachmentArtifact(filename, _, _), dataType, _, _, _, _, _)             ⇒ dataType → Left(filename)
+            case MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), dataType, _, _, _, _, _) ⇒ dataType → Left(filename)
           }
           .values
           .map { mispArtifact ⇒
diff --git a/thehive-misp/app/connectors/misp/MispSynchro.scala b/thehive-misp/app/connectors/misp/MispSynchro.scala
index 44148ed988..0638d705ac 100644
--- a/thehive-misp/app/connectors/misp/MispSynchro.scala
+++ b/thehive-misp/app/connectors/misp/MispSynchro.scala
@@ -114,12 +114,12 @@ class MispSynchro @Inject()(
         }
         .runWith(Sink.seq)
       newAttributes ← Future.traverse(mispArtifacts) {
-        case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒
+        case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒
           Future.successful(Fields(Json.toJson(artifact).as[JsObject]))
-        case artifact @ MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _)
+        case artifact @ MispArtifact(AttachmentArtifact(Attachment(filename, _, _, _, _)), _, _, _, _, _, _)
             if !existingArtifacts.contains(Left(filename)) ⇒
           Future.successful(Fields(Json.toJson(artifact).as[JsObject]))
-        case artifact @ MispArtifact(RemoteAttachmentArtifact(filename, reference, tpe), _, _, _, _, _)
+        case artifact @ MispArtifact(RemoteAttachmentArtifact(filename, reference, tpe), _, _, _, _, _, _)
             if !existingArtifacts.contains(Left(filename)) ⇒
           mispSrv
             .downloadAttachment(mispConnection, reference)

From c1a2ff22409f11a0e6140508d26a3c87da58d48d Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 10:05:40 +0200
Subject: [PATCH 41/58] Small fixes

---
 thehive-backend/app/controllers/StatusCtrl.scala | 1 +
 thehive-backend/app/models/AttributeFormat.scala | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/thehive-backend/app/controllers/StatusCtrl.scala b/thehive-backend/app/controllers/StatusCtrl.scala
index 7da4e47852..936a029744 100644
--- a/thehive-backend/app/controllers/StatusCtrl.scala
+++ b/thehive-backend/app/controllers/StatusCtrl.scala
@@ -38,6 +38,7 @@ class StatusCtrl @Inject()(
   private def updateStatus(): Unit = {
     clusterStatusName = Try(dbIndex.clusterStatusName).getOrElse("ERROR")
     system.scheduler.scheduleOnce(checkStatusInterval)(updateStatus())
+    ()
   }
   updateStatus()
 
diff --git a/thehive-backend/app/models/AttributeFormat.scala b/thehive-backend/app/models/AttributeFormat.scala
index bbf8adf188..6bf2ad96ac 100644
--- a/thehive-backend/app/models/AttributeFormat.scala
+++ b/thehive-backend/app/models/AttributeFormat.scala
@@ -20,7 +20,7 @@ object SeverityAttributeFormat extends NumberAttributeFormat {
         name,
         attribute.description,
         Seq(JsNumber(1), JsNumber(2), JsNumber(3), JsNumber(4)),
-        Seq("low", "medium", "high", "critical")))
+        Seq("low", "medium", "high", "critical")
       )
     )
 

From 005d41dd03b7e6fddc8e256f36bbe329dfa4a59e Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 10:07:17 +0200
Subject: [PATCH 42/58] #1202 Fix dashboard format

---
 .../12/dashboards/Observable_statistics .json |   1 -
 .../12/dashboards/Observable_statistics.json  | 101 ++++++++++++++++++
 2 files changed, 101 insertions(+), 1 deletion(-)
 delete mode 100644 migration/12/dashboards/Observable_statistics .json
 create mode 100644 migration/12/dashboards/Observable_statistics.json

diff --git a/migration/12/dashboards/Observable_statistics .json b/migration/12/dashboards/Observable_statistics .json
deleted file mode 100644
index 467bf0d517..0000000000
--- a/migration/12/dashboards/Observable_statistics .json	
+++ /dev/null
@@ -1 +0,0 @@
-{"_routing":"AWu4YZXHg8tFuebkSwcG","description":"Observable statistics","title":"Observable statistics","_parent":null,"definition":{"period":"last3Months","items":[{"type":"container","items":[{"type":"donut","options":{"title":"Observables by type","entity":"case_artifact","field":"dataType","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{"fqdn":"fqdn","url":"url","regexp":"regexp","mail":"mail","hash":"hash","registry":"registry","uri_path":"uri_path","truc":"truc","ip":"ip","user-agent":"user-agent","autonomous-system":"autonomous-system","file":"file","mail_subject":"mail_subject","filename":"filename","other":"other","domain":"domain"},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"6ee86a99-3f40-1960-fd4d-398a1da5b76e"},{"type":"donut","options":{"title":"Observables by attachment content type","entity":"case_artifact","field":"attachment.contentType","query":{"_and":[{"_field":"dataType","_value":"file"},{"_not":{"_field":"status","_value":"Deleted"}}]},"names":{},"filters":[{"field":"dataType","type":"enumeration","value":{"list":[{"text":"file","label":"file"}]}},{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"b6110238-3074-4e85-674f-4bc56829e68a"}]},{"type":"container","items":[{"type":"donut","options":{"title":"Observable tags","entity":"case_artifact","field":"tags","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"70bbc0a5-1692-4e46-ebac-8769952ad9c0"},{"type":"donut","options":{"title":"Observables by TLP","entity":"case_artifact","field":"tlp","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{"0":"white","1":"green","2":"amber","3":"red"},"colors":{"0":"#bdf0ea","1":"#48e80f","2":"#e0a91a","3":"#f02626"},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"633fbe97-805e-6123-3330-29f5c8f45f13"}]},{"type":"container","items":[{"type":"donut","options":{"title":"Observables by IOC flag","entity":"case_artifact","field":"ioc","query":{"_not":{"_field":"status","_value":"Deleted"}},"names":{},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"771a3bdf-e437-ac3a-384d-23be91a25b07"},{"type":"line","options":{"title":"Observables over time","entity":"case_artifact","field":"createdAt","interval":"1w","series":[{"agg":"count","field":null,"type":"area-spline","filters":[{"field":"ioc","type":"boolean","value":true}],"label":"IOC","query":{"_field":"ioc","_value":true}},{"agg":"count","field":null,"type":"area-spline","label":"non-IOC","filters":[{"field":"ioc","type":"boolean","value":false}],"query":{"_field":"ioc","_value":false}}],"stacked":true,"query":{"_not":{"_field":"status","_value":"Deleted"}},"filters":[{"field":"status","type":"enumeration","value":{"operator":"none","list":[{"text":"Deleted","label":"Deleted"}]}}]},"id":"e5ed24a6-51ed-ecc4-9db0-ce837fd84214"}]}],"customPeriod":{"fromDate":null,"toDate":null}},"_id":"AWu4YZXHg8tFuebkSwcG","_version":3,"status":"Shared"}
diff --git a/migration/12/dashboards/Observable_statistics.json b/migration/12/dashboards/Observable_statistics.json
new file mode 100644
index 0000000000..2be434a943
--- /dev/null
+++ b/migration/12/dashboards/Observable_statistics.json
@@ -0,0 +1,101 @@
+{
+  "description": "Observable statistics",
+  "title": "Observable statistics",
+  "definition": {
+    "period": "last3Months", "items": [
+      {
+        "type": "container", "items": [
+        {
+          "type": "donut", "options": {
+          "title": "Observables by type", "entity": "case_artifact", "field": "dataType",
+          "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {
+            "fqdn": "fqdn", "url": "url", "regexp": "regexp", "mail": "mail", "hash": "hash", "registry": "registry",
+            "uri_path": "uri_path", "truc": "truc", "ip": "ip", "user-agent": "user-agent",
+            "autonomous-system": "autonomous-system", "file": "file", "mail_subject": "mail_subject",
+            "filename": "filename", "other": "other", "domain": "domain"
+          }, "filters": [
+            {
+              "field": "status", "type": "enumeration",
+              "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+            }
+          ]
+        }, "id": "6ee86a99-3f40-1960-fd4d-398a1da5b76e"
+        }, {
+          "type": "donut", "options": {
+            "title": "Observables by attachment content type", "entity": "case_artifact",
+            "field": "attachment.contentType", "query": {
+              "_and": [{"_field": "dataType", "_value": "file"}, {"_not": {"_field": "status", "_value": "Deleted"}}]
+            }, "names": {}, "filters": [
+              {"field": "dataType", "type": "enumeration", "value": {"list": [{"text": "file", "label": "file"}]}}, {
+                "field": "status", "type": "enumeration",
+                "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+              }
+            ]
+          }, "id": "b6110238-3074-4e85-674f-4bc56829e68a"
+        }
+      ]
+      }, {
+        "type": "container", "items": [
+          {
+            "type": "donut", "options": {
+            "title": "Observable tags", "entity": "case_artifact", "field": "tags",
+            "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {}, "filters": [
+              {
+                "field": "status", "type": "enumeration",
+                "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+              }
+            ]
+          }, "id": "70bbc0a5-1692-4e46-ebac-8769952ad9c0"
+          }, {
+            "type": "donut", "options": {
+              "title": "Observables by TLP", "entity": "case_artifact", "field": "tlp",
+              "query": {"_not": {"_field": "status", "_value": "Deleted"}},
+              "names": {"0": "white", "1": "green", "2": "amber", "3": "red"},
+              "colors": {"0": "#bdf0ea", "1": "#48e80f", "2": "#e0a91a", "3": "#f02626"}, "filters": [
+                {
+                  "field": "status", "type": "enumeration",
+                  "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+                }
+              ]
+            }, "id": "633fbe97-805e-6123-3330-29f5c8f45f13"
+          }
+        ]
+      }, {
+        "type": "container", "items": [
+          {
+            "type": "donut", "options": {
+            "title": "Observables by IOC flag", "entity": "case_artifact", "field": "ioc",
+            "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "names": {}, "filters": [
+              {
+                "field": "status", "type": "enumeration",
+                "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+              }
+            ]
+          }, "id": "771a3bdf-e437-ac3a-384d-23be91a25b07"
+          }, {
+            "type": "line", "options": {
+              "title": "Observables over time", "entity": "case_artifact", "field": "createdAt", "interval": "1w",
+              "series": [
+                {
+                  "agg": "count", "field": null, "type": "area-spline",
+                  "filters": [{"field": "ioc", "type": "boolean", "value": true}], "label": "IOC",
+                  "query": {"_field": "ioc", "_value": true}
+                }, {
+                  "agg": "count", "field": null, "type": "area-spline", "label": "non-IOC",
+                  "filters": [{"field": "ioc", "type": "boolean", "value": false}],
+                  "query": {"_field": "ioc", "_value": false}
+                }
+              ], "stacked": true, "query": {"_not": {"_field": "status", "_value": "Deleted"}}, "filters": [
+                {
+                  "field": "status", "type": "enumeration",
+                  "value": {"operator": "none", "list": [{"text": "Deleted", "label": "Deleted"}]}
+                }
+              ]
+            }, "id": "e5ed24a6-51ed-ecc4-9db0-ce837fd84214"
+          }
+        ]
+      }
+    ], "customPeriod": {"fromDate": null, "toDate": null}
+  },
+  "status": "Shared"
+}

From 0b6129125089e5656823753ca19ae6746c4bd0b5 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 10:09:14 +0200
Subject: [PATCH 43/58] #1204 #1177 Docker entrypoint refactoring

---
 package/docker/entrypoint | 315 ++++++++++++++++++++++++--------------
 1 file changed, 202 insertions(+), 113 deletions(-)

diff --git a/package/docker/entrypoint b/package/docker/entrypoint
index 8a2e2fdda7..fcef16cf1c 100755
--- a/package/docker/entrypoint
+++ b/package/docker/entrypoint
@@ -1,131 +1,220 @@
 #!/bin/bash
 
-ES_HOSTNAME=elasticsearch
-CONFIG_SECRET=1
-CONFIG_ES=1
-CONFIG_CORTEX=1
-CORTEX_HOSTNAME=cortex
-CORTEX_PROTO=http
-CORTEX_PORT=9001
-CORTEX_URLS=()
-CONFIG=1
-CONFIG_FILE=/etc/thehive/application.conf
-CORTEX_KEYS=()
+ES_HOSTNAME=${TH_ES_HOSTNAME:-elasticsearch}
+test "${TH_NO_CONFIG_SECRET}" == 1
+CONFIG_SECRET=$?
+SECRET=${TH_SECRET}
+SHOW_SECRET=${TH_SHOW_SECRET:-0}
+test "${TH_NO_CONFIG_ES}" == 1
+CONFIG_ES=$?
+test "${TH_NO_CONFIG_CORTEX}" == 1
+CONFIG_CORTEX=$?
+CORTEX_HOSTNAME=${TH_CORTEX_HOSTNAME:-cortex}
+CORTEX_PROTO=${TH_CORTEX_PROTO:-http}
+CORTEX_PORT=${TH_CORTEX_PORT:9001}
+IFS=',' read -r -a CORTEX_URLS <<< "${TH_CORTEX_URLS}"
+test "${TH_NO_CONFIG}" == 1
+CONFIG=$?
+CONFIG_FILE=${TH_CONFIG_FILE:-/etc/thehive/application.conf}
+IFS=',' read -r -a CORTEX_KEYS <<< "${TH_CORTEX_KEYS}"
+AUTO_MIGRATION=${TH_AUTO_MIGRATION:-0}
+CREATE_ADMIN_LOGIN=${TH_CREATE_ADMIN_LOGIN}
+CREATE_ADMIN_PASSWORD=${TH_CREATE_ADMIN_PASSWORD}
+CREATE_USER_LOGIN=${TH_CREATE_USER_LOGIN}
+IFS=',' read -r -a CREATE_USER_ROLE <<< "${TH_CREATE_USER_ROLE}"
+CREATE_USER_PASSWORD=${TH_CREATE_USER_PASSWORD}
 
 function usage {
-	cat <<- _EOF_
-		Available options:
-		--no-config		| do not try to configure TheHive (add secret and elasticsearch)
-		--no-config-secret	| do not add random secret to configuration
-		--no-config-es		| do not add elasticsearch hosts to configuration
-		--es-uri <uri>		| use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
-		--es-hostname <host>	| resolve this hostname to find elasticseach instances
-		--secret <secret>	| secret to secure sessions
-		--cortex-proto <proto>	| define protocol to connect to Cortex (default: http)
-		--cortex-port <port>	| define port to connect to Cortex (default: 9000)
-		--cortex-url <url>	| add Cortex connection
-		--cortex-hostname <host>| resolve this hostname to find Cortex instances
-		--cortex-key <key>      | define Cortex key 
-	_EOF_
-	exit 1
+  cat <<- _EOF_
+    Available options:
+    --no-config                           | do not try to configure TheHive (add secret and elasticsearch)
+    --no-config-secret                    | do not add random secret to configuration
+    --no-config-es                        | do not add elasticsearch hosts to configuration
+    --es-uri <uri>                        | use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
+    --es-hostname <host>                  | resolve this hostname to find elasticsearch instances
+    --secret <secret>                     | secret to secure sessions
+    --show-secret                         | show the generated secret
+    --cortex-proto <proto>                | define protocol to connect to Cortex (default: http)
+    --cortex-port <port>                  | define port to connect to Cortex (default: 9000)
+    --cortex-url <url>                    | add Cortex connection
+    --cortex-hostname <host>              | resolve this hostname to find Cortex instances
+    --cortex-key <key>                    | define Cortex key
+    --auto-migration                      | migrate the database, if needed
+    --create-admin <user> <password>      | create the first admin user, if not exist yet
+    --create-user <user> <role> <password>| create a user, only in conjunction with admin creation
+_EOF_
+  exit 1
 }
 
+
 STOP=0
-while test $# -gt 0 -o $STOP = 1
+while test $# -gt 0 -o "${STOP}" = 1
 do
-	case "$1" in
-		"--no-config")		CONFIG=0;;
-		"--no-config-secret")	CONFIG_SECRET=0;;
-		"--secret")		shift; SECRET=$1;;
-		"--no-config-es")	CONFIG_ES=0;;
-		"--es-hosts")		echo "--es-hosts is deprecated, please use --es-uri"
-					usage;;
-		"--es-uri")		shift; ES_URI=$1;;
-		"--es-hostname")	shift; ES_HOSTNAME=$1;;
-		"--no-config-cortex")	CONFIG_CORTEX=0;;
-		"--cortex-proto")	shift; CORTEX_PROTO=$1;;
-		"--cortex-port")	shift; CORTEX_PORT=$1;;
-		"--cortex-url")		shift; CORTEX_URLS+=($1);;
-		"--cortex-hostname")	shift; CORTEX_HOSTNAME=$1;;
-		"--cortex-key")  	shift; CORTEX_KEYS=($1);;
-		"--")			STOP=1;;
-		*)			usage
-	esac
-	shift
+  case "$1" in
+    "--no-config")         CONFIG=0 ;;
+    "--no-config-secret")  CONFIG_SECRET=0 ;;
+    "--secret")            shift; SECRET=$1 ;;
+    "--show-secret")       SHOW_SECRET=1 ;;
+    "--no-config-es")      CONFIG_ES=0 ;;
+    "--es-hosts")          echo "--es-hosts is deprecated, please use --es-uri"
+                           usage ;;
+    "--es-uri")            shift; ES_URI=$1 ;;
+    "--es-hostname")       shift; ES_HOSTNAME=$1 ;;
+    "--no-config-cortex")  CONFIG_CORTEX=0 ;;
+    "--cortex-proto")      shift; CORTEX_PROTO=$1 ;;
+    "--cortex-port")       shift; CORTEX_PORT=$1 ;;
+    "--cortex-url")        shift; CORTEX_URLS+=($1) ;;
+    "--cortex-hostname")   shift; CORTEX_HOSTNAME=$1 ;;
+    "--cortex-key")        shift; CORTEX_KEYS=($1) ;;
+    "--auto-migration")    AUTO_MIGRATION=1 ;;
+    "--create-admin")      shift; CREATE_ADMIN_LOGIN=$1
+                           shift; CREATE_ADMIN_PASSWORD=$1 ;;
+    "--create-user")       shift; CREATE_USER_LOGIN=$1
+                           shift; IFS=',' read -r -a CREATE_USER_ROLE <<< "$1"
+                           shift; CREATE_USER_PASSWORD=$1 ;;
+    "--")                  STOP=1;;
+    *)                     usage
+  esac
+  shift
 done
 
-if test $CONFIG = 1
+if test "${CONFIG}" = 1
 then
-	CONFIG_FILE=$(mktemp).conf
-	if test $CONFIG_SECRET = 1
-	then
-		if test -z "$SECRET"
-		then
-			SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
-		fi
-		echo Using secret: $SECRET
-		echo play.http.secret.key=\"$SECRET\" >> $CONFIG_FILE
-	fi
+  CONFIG_FILE=$(mktemp).conf
+  if test "${CONFIG_SECRET}" = 1
+  then
+    if test -z "${SECRET}"
+    then
+      SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
+      test "${SHOW_SECRET}" = 1 && echo Using secret: ${SECRET}
+    fi
+    echo "play.http.secret.key=\"${SECRET}\"" >> ${CONFIG_FILE}
+  fi
 
-	if test $CONFIG_ES = 1
-	then
-		if test -z "$ES_URI"
-		then
-			function join_es_hosts {
-				echo -n $1:9200
-				shift
-				printf "%s," "${@/#/:9200}"
-			}
+  if test "${CONFIG_ES}" = 1
+  then
+    if test -z "${ES_URI}"
+    then
+      ES=$(getent ahostsv4 "${ES_HOSTNAME}" | awk '{ print $1 }' | sort -u)
+      if test -z "${ES}"
+      then
+        echo "Warning automatic elasticsearch host config fails"
+      else
+        JOIN_ES_HOST=$(printf "%s:9200," "${ES}")
+        ES_URI=http://${JOIN_ES_HOST::-1}
+      fi
+    fi
+    if test -n "${ES_URI}"
+    then
+      echo "Using elasticsearch uri: ${ES_URI}"
+      echo "search.uri=\"${ES_URI}\"" >> ${CONFIG_FILE}
+    else
+      echo "elasticsearch uri not configured"
+    fi
+  fi
 
-			ES=$(getent ahostsv4 $ES_HOSTNAME | awk '{ print $1 }' | sort -u)
-			if test -z "$ES"
-			then
-				echo "Warning automatic elasticsearch host config fails"
-			else
-				ES_URI=http://$(join_es_hosts $ES)
-			fi
-		fi
-		if test -n "$ES_URI"
-		then
-			echo Using elasticsearch uri: $ES_URI
-			echo search.uri=\"$ES_URI\" >> $CONFIG_FILE
-		else
-			echo elasticsearch host not configured
-		fi
-	fi
+  if test -n "${CREATE_USER_LOGIN}"; then
+    echo "Enable basic authentication method to permit user creation"
+    echo "auth.method.basic=true" >> ${CONFIG_FILE}
+  fi
 
-	if test $CONFIG_CORTEX = 1
-	then
-		if test -n "$CORTEX_HOSTNAME"
-		then
-			CORTEX_URLS+=($(getent ahostsv4 $CORTEX_HOSTNAME | awk "{ print \"$CORTEX_PROTO://\"\$1\":$CORTEX_PORT\" }" | sort -u))
-		fi
+  if test "${CONFIG_CORTEX}" = 1
+  then
+    if test -n "${CORTEX_HOSTNAME}"
+    then
+      CORTEX_URLS+=($(getent ahostsv4 "${CORTEX_HOSTNAME}" | awk "{ print \"${CORTEX_PROTO}://\"\$1\":${CORTEX_PORT}\" }" | sort -u))
+    fi
 
-		if test ${#CORTEX_URLS[@]} -gt 0
-		then
-			echo "play.modules.enabled += connectors.cortex.CortexConnector" >> $CONFIG_FILE
-		fi
-		I=1
-		for C in ${CORTEX_URLS[@]}
-		do
-			echo Add Cortex cortex$I: $C
-			echo cortex.cortex$I.url=\"$C\" >> $CONFIG_FILE
-			I=$(($I+1))
-		done
-		I=1
-		for K in ${CORTEX_KEYS[@]}
-		do
-			echo Add Cortex cortex$I key: $K
-			echo cortex.cortex$I.key=\"$K\" >> $CONFIG_FILE
-			I=$(($I+1))
-		done
-	fi
+    if test ${#CORTEX_URLS[@]} -gt 0
+    then
+      echo "play.modules.enabled += connectors.cortex.CortexConnector" >> ${CONFIG_FILE}
+    fi
+    I=1
+    for C in ${CORTEX_URLS[@]}
+    do
+      echo "Add Cortex cortex${I}: ${C}"
+      echo "cortex.cortex${I}.url=\"${C}\"" >> ${CONFIG_FILE}
+      I=$((${I}+1))
+    done
+    I=1
+    for K in ${CORTEX_KEYS[@]}
+    do
+      echo "Add Cortex cortex${I} key: ${K}"
+      echo "cortex.cortex${I}.key=\"${K}\"" >> ${CONFIG_FILE}
+      I=$((${I}+1))
+    done
+  fi
 
-	echo 'include file("/etc/thehive/application.conf")' >> $CONFIG_FILE
+  echo 'include file("/etc/thehive/application.conf")' >> ${CONFIG_FILE}
 fi
 
-exec bin/thehive \
-	-Dconfig.file=$CONFIG_FILE \
-	-Dlogger.file=/etc/thehive/logback.xml \
-	-Dpidfile.path=/dev/null \
-	$@
+
+bin/thehive \
+  -Dconfig.file=${CONFIG_FILE} \
+  -Dlogger.file=/etc/thehive/logback.xml \
+  -Dpidfile.path=/dev/null \
+  $@ &
+PID=$!
+trap 'kill -SIGTERM "${PID}"; wait "${PID}"; exit 143' SIGTERM SIGINT
+
+if test "${AUTO_MIGRATION}" = 1 -o -n "${CREATE_ADMIN_LOGIN}"; then
+  echo -n "Wait until TheHive starts"
+  MAX_WAIT=15
+  IS_STARTED=0
+  while test "${MAX_WAIT}" -gt 0 -a "${IS_STARTED}" = 0; do
+    sleep 3
+    echo -n .
+    HTTP_CODE=$(curl -s -w '%{http_code}' -m 2 -o /dev/null http://127.0.0.1:9000/api/status)
+    test "${HTTP_CODE}" != 200
+    IS_STARTED=$?
+    MAX_WAIT=$(("${MAX_WAIT}"-1))
+  done
+  echo
+  if test "${IS_STARTED}" = 0; then
+    echo "Thehive fails to start"
+  else
+    HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null http://127.0.0.1:9000/api/user/current)
+    if test "${HTTP_CODE}" = 520 -a "${AUTO_MIGRATION}" = 1; then
+      echo -n "Migrating database ..."
+      HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null -XPOST http://127.0.0.1:9000/api/maintenance/migrate)
+      if test "${HTTP_CODE}" != 204; then
+        echo "fails! ${HTTP_CODE}"
+      else
+        echo "ok"
+        if test -n "${CREATE_ADMIN_LOGIN}"; then
+          echo -n "Create admin user ..."
+          HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null http://127.0.0.1:9000/api/user \
+            -H "Content-type: application/json" \
+            -d '{
+              "login": "'${CREATE_ADMIN_LOGIN}'",
+              "name": "'${CREATE_ADMIN_LOGIN}'",
+              "roles": ["ADMIN","READ","WRITE","ALERT"],
+              "password":"'${CREATE_ADMIN_PASSWORD}'"}')
+          if test ${HTTP_CODE} != 201; then
+            echo "fails"
+          else
+            echo "ok"
+            if test -n "${CREATE_USER_LOGIN}"; then
+              echo -n "Create user ${CREATE_USER_LOGIN} ..."
+              ROLE=$(printf '"%s",' ${CREATE_USER_ROLE[@]})
+              HTTP_CODE=$(curl -s -w '%{http_code}' -o /dev/null http://127.0.0.1:9000/api/user \
+                -u ${CREATE_ADMIN_LOGIN}:${CREATE_ADMIN_PASSWORD} \
+                -H "Content-type: application/json" \
+                -d '{
+                  "login": "'${CREATE_USER_LOGIN}'",
+                  "name": "'${CREATE_USER_LOGIN}'",
+                  "roles": ['${ROLE::-1}'],
+                  "password": "'${CREATE_USER_PASSWORD}'"}')
+              if test ${HTTP_CODE} = 201; then
+                echo "ok"
+              else
+                echo "fails"
+              fi
+            fi
+          fi
+        fi
+      fi
+    fi
+  fi
+fi
+wait ${PID}
\ No newline at end of file

From 03b2ce5dbd3eb8b51c26ab8e204db7e9bcd27ae9 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 10:14:15 +0200
Subject: [PATCH 44/58] #1227 Docker: run service with user "thehive" (uid:
 1000)

---
 docker.sbt | 64 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 41 insertions(+), 23 deletions(-)

diff --git a/docker.sbt b/docker.sbt
index 148c59a24c..9ac702f0f4 100644
--- a/docker.sbt
+++ b/docker.sbt
@@ -3,10 +3,10 @@ import com.typesafe.sbt.packager.docker.{Cmd, ExecCmd}
 
 version in Docker := {
   version.value match {
-    case stableVersion(_, _) => version.value
-    case betaVersion(v1, v2) => v1 + "-0.1RC" + v2
-    case snapshotVersion(_, _) => version.value + "-SNAPSHOT"
-    case _ => sys.error("Invalid version: " + version.value)
+    case stableVersion(_, _)   ⇒ version.value
+    case betaVersion(v1, v2)   ⇒ v1 + "-0.1RC" + v2
+    case snapshotVersion(_, _) ⇒ version.value + "-SNAPSHOT"
+    case _                     ⇒ sys.error("Invalid version: " + version.value)
   }
 }
 defaultLinuxInstallLocation in Docker := "/opt/thehive"
@@ -14,25 +14,43 @@ dockerRepository := Some("thehiveproject")
 dockerUpdateLatest := !version.value.toUpperCase.contains("RC") && !version.value.contains("SNAPSHOT")
 dockerEntrypoint := Seq("/opt/thehive/entrypoint")
 dockerExposedPorts := Seq(9000)
+daemonUser in Docker := "thehive"
+daemonGroup in Docker := "thehive"
 mappings in Docker ++= Seq(
-  file("package/docker/entrypoint") -> "/opt/thehive/entrypoint",
-  file("package/logback.xml") -> "/etc/thehive/logback.xml",
-  file("package/empty") -> "/var/log/thehive/application.log")
+  file("package/docker/entrypoint") → "/opt/thehive/entrypoint",
+  file("package/logback.xml")       → "/etc/thehive/logback.xml",
+  file("package/empty")             → "/var/log/thehive/application.log"
+)
 mappings in Docker ~= (_.filterNot {
-  case (_, filepath) => filepath == "/opt/thehive/conf/application.conf"
+  case (_, filepath) ⇒ filepath == "/opt/thehive/conf/application.conf"
 })
-dockerCommands ~= { dc =>
-  val (dockerInitCmds, dockerTailCmds) = dc
-    .collect {
-      case ExecCmd("RUN", "chown", _*) => ExecCmd("RUN", "chown", "-R", "daemon:root", ".")
-      case other => other
-    }
-    .splitAt(4)
-  dockerInitCmds ++
-    Seq(
-      Cmd("ADD", "var", "/var"),
-      Cmd("ADD", "etc", "/etc"),
-      ExecCmd("RUN", "chown", "-R", "daemon:root", "/var/log/thehive"),
-      ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint")) ++
-    dockerTailCmds
-}
\ No newline at end of file
+dockerCommands := Seq(
+  Cmd("FROM", "openjdk:8"),
+  Cmd("LABEL", "MAINTAINER=\"TheHive Project <support@thehive-project.org>\""),
+  Cmd("WORKDIR", "/opt/thehive"),
+  // format: off
+  Cmd("RUN",
+    "apt", "update", "&&",
+    "apt", "upgrade", "-y", "&&",
+    "apt", "autoclean", "-y", "-q",  "&&",
+    "apt", "autoremove", "-y", "-q",  "&&",
+    "rm", "-rf", "/var/lib/apt/lists/*", "&&",
+    "(", "type", "groupadd", "1>/dev/null", "2>&1", "&&",
+    "groupadd", "-g", "1000", "thehive", "||",
+    "addgroup", "-g", "1000", "-S", "thehive",
+    ")",
+    "&&",
+    "(", "type", "useradd", "1>/dev/null", "2>&1", "&&",
+    "useradd", "--system", "--uid", "1000", "--gid", "1000", "thehive", "||",
+    "adduser", "-S", "-u", "1000", "-G", "thehive", "thehive",
+    ")"),
+  //format: on
+  Cmd("ADD", "--chown=root:root", "opt", "/opt"),
+  Cmd("ADD", "--chown=thehive:thehive", "var", "/var"),
+  Cmd("ADD", "--chown=thehive:thehive", "etc", "/etc"),
+  ExecCmd("RUN", "chmod", "+x", "/opt/thehive/bin/thehive", "/opt/thehive/entrypoint"),
+  Cmd("EXPOSE", "9000"),
+  Cmd("USER", "thehive"),
+  ExecCmd("ENTRYPOINT", "/opt/thehive/entrypoint"),
+  ExecCmd("CMD")
+)

From 26d22b6659847e05d1b7605a9a030bb6d61b8ff0 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 16:57:33 +0200
Subject: [PATCH 45/58] #1140 Update docker compose file

---
 docker/thehive/docker-compose.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/docker/thehive/docker-compose.yml b/docker/thehive/docker-compose.yml
index 8b952f6f6b..c6f9294e68 100644
--- a/docker/thehive/docker-compose.yml
+++ b/docker/thehive/docker-compose.yml
@@ -1,26 +1,24 @@
 version: "2"
 services:
   elasticsearch:
-    image: elasticsearch:6.8.0
+    image: elasticsearch:6.8.8
     environment:
       - http.host=0.0.0.0
-      - thread_pool.index.queue_size=100000
-      - thread_pool.search.queue_size=100000
-      - thread_pool.bulk.queue_size=100000
     ulimits:
       nofile:
         soft: 65536
         hard: 65536
   cortex:
-    image: thehiveproject/cortex:3.0.0-RC4
+    image: thehiveproject/cortex:latest
     depends_on:
       - elasticsearch
     ports:
       - "0.0.0.0:9001:9001"
   thehive:
-    image: thehiveproject/thehive:3.4.0-RC2
+    image: thehiveproject/thehive:latest
     depends_on:
       - elasticsearch
       - cortex
     ports:
       - "0.0.0.0:9000:9000"
+    command: --cortex-port 9001
\ No newline at end of file

From 87484485e21171419fb71e56fefaeb01007d0cf2 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 17:10:53 +0200
Subject: [PATCH 46/58] #854 set discovery.type for Elasticsearch in docker
 compose

---
 docker/thehive/docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/thehive/docker-compose.yml b/docker/thehive/docker-compose.yml
index c6f9294e68..0a9969c6ac 100644
--- a/docker/thehive/docker-compose.yml
+++ b/docker/thehive/docker-compose.yml
@@ -4,6 +4,7 @@ services:
     image: elasticsearch:6.8.8
     environment:
       - http.host=0.0.0.0
+      - discovery.type=single-node
     ulimits:
       nofile:
         soft: 65536

From cb5dd479024611316a6a6dd2313bdb7a20e0c9ac Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 17:19:03 +0200
Subject: [PATCH 47/58] #1228 Capitalize "bearer"

---
 thehive-backend/app/services/OAuth2Srv.scala | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/thehive-backend/app/services/OAuth2Srv.scala b/thehive-backend/app/services/OAuth2Srv.scala
index d52078d5b8..936a6ad678 100644
--- a/thehive-backend/app/services/OAuth2Srv.scala
+++ b/thehive-backend/app/services/OAuth2Srv.scala
@@ -43,7 +43,19 @@ object OAuth2Config {
       scope            ← configuration.getOptional[String]("auth.oauth2.scope")
       autocreate = configuration.getOptional[Boolean]("auth.sso.autocreate").getOrElse(false)
       autoupdate = configuration.getOptional[Boolean]("auth.sso.autoupdate").getOrElse(false)
-    } yield OAuth2Config(clientId, clientSecret, redirectUri, responseType, grantType, authorizationUrl, tokenUrl, userUrl, scope, autocreate, autoupdate)
+    } yield OAuth2Config(
+      clientId,
+      clientSecret,
+      redirectUri,
+      responseType,
+      grantType,
+      authorizationUrl,
+      tokenUrl,
+      userUrl,
+      scope,
+      autocreate,
+      autoupdate
+    )
 }
 
 @Singleton
@@ -101,7 +113,7 @@ class OAuth2Srv(
             case Status.OK ⇒
               logger.debug("Getting user info using access token")
               val accessToken = (r.json \ "access_token").asOpt[String].getOrElse("")
-              val authHeader  = "Authorization" → s"bearer $accessToken"
+              val authHeader  = "Authorization" → s"Bearer $accessToken"
               ws.url(cfg.userUrl)
                 .addHttpHeaders(authHeader)
                 .get()

From bd76208f837577d2ee01b5081e8c22d792f10ca4 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 7 Apr 2020 17:57:26 +0200
Subject: [PATCH 48/58] #928 make case owner case insensitive

---
 thehive-backend/app/models/Case.scala | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/thehive-backend/app/models/Case.scala b/thehive-backend/app/models/Case.scala
index f42a91d70c..450d471d3d 100644
--- a/thehive-backend/app/models/Case.scala
+++ b/thehive-backend/app/models/Case.scala
@@ -81,10 +81,12 @@ class CaseModel @Inject()(
 
   override def creationHook(parent: Option[BaseEntity], attrs: JsObject): Future[JsObject] =
     sequenceSrv("case").map { caseId ⇒
-      attrs + ("caseId" → JsNumber(caseId))
+      attrs +
+        ("caseId" → JsNumber(caseId)) +
+        ("owner"  → (attrs \ "owner").asOpt[String].fold[JsValue](JsNull)(o ⇒ JsString(o.toLowerCase())))
     }
 
-  override def updateHook(entity: BaseEntity, updateAttrs: JsObject): Future[JsObject] = Future.successful {
+  private def updateStatus(updateAttrs: JsObject): JsObject =
     (updateAttrs \ "status").asOpt[CaseStatus.Type] match {
       case Some(CaseStatus.Resolved) if !updateAttrs.keys.contains("endDate") ⇒
         updateAttrs +
@@ -95,7 +97,12 @@ class CaseModel @Inject()(
       case _ ⇒
         updateAttrs
     }
-  }
+
+  private def lowercaseOwner(updateAttrs: JsObject): JsObject =
+    (updateAttrs \ "owner").asOpt[String].fold(updateAttrs)(o ⇒ updateAttrs + ("owner" → JsString(o.toLowerCase)))
+
+  override def updateHook(entity: BaseEntity, updateAttrs: JsObject): Future[JsObject] =
+    Future.successful(lowercaseOwner(updateStatus(updateAttrs)))
 
   private[models] def buildArtifactStats(caze: Case): Future[JsObject] = {
     import org.elastic4play.services.QueryDSL._

From 0eb6dafdf7cfa028302b29d88767c8cc32b6d1d3 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Thu, 9 Apr 2020 10:54:30 +0200
Subject: [PATCH 49/58] #1227 Reformat and add repository URL

---
 docker.sbt | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/docker.sbt b/docker.sbt
index 9ac702f0f4..e96488b4cf 100644
--- a/docker.sbt
+++ b/docker.sbt
@@ -26,7 +26,7 @@ mappings in Docker ~= (_.filterNot {
 })
 dockerCommands := Seq(
   Cmd("FROM", "openjdk:8"),
-  Cmd("LABEL", "MAINTAINER=\"TheHive Project <support@thehive-project.org>\""),
+  Cmd("LABEL", "MAINTAINER=\"TheHive Project <support@thehive-project.org>\"", "repository=\"https://github.com/TheHive-Project/TheHive\""),
   Cmd("WORKDIR", "/opt/thehive"),
   // format: off
   Cmd("RUN",
@@ -36,13 +36,12 @@ dockerCommands := Seq(
     "apt", "autoremove", "-y", "-q",  "&&",
     "rm", "-rf", "/var/lib/apt/lists/*", "&&",
     "(", "type", "groupadd", "1>/dev/null", "2>&1", "&&",
-    "groupadd", "-g", "1000", "thehive", "||",
-    "addgroup", "-g", "1000", "-S", "thehive",
-    ")",
-    "&&",
+      "groupadd", "-g", "1000", "thehive", "||",
+      "addgroup", "-g", "1000", "-S", "thehive",
+    ")", "&&",
     "(", "type", "useradd", "1>/dev/null", "2>&1", "&&",
-    "useradd", "--system", "--uid", "1000", "--gid", "1000", "thehive", "||",
-    "adduser", "-S", "-u", "1000", "-G", "thehive", "thehive",
+      "useradd", "--system", "--uid", "1000", "--gid", "1000", "thehive", "||",
+      "adduser", "-S", "-u", "1000", "-G", "thehive", "thehive",
     ")"),
   //format: on
   Cmd("ADD", "--chown=root:root", "opt", "/opt"),

From 41f1c9b71bf69825fdef8842a59016fe11040eb7 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Thu, 9 Apr 2020 11:04:18 +0200
Subject: [PATCH 50/58] #1222 include Dockerfile

---
 package/docker/Dockerfile | 67 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 package/docker/Dockerfile

diff --git a/package/docker/Dockerfile b/package/docker/Dockerfile
new file mode 100644
index 0000000000..6c25d72119
--- /dev/null
+++ b/package/docker/Dockerfile
@@ -0,0 +1,67 @@
+# This Dockerfile is not the one used for official Docker image of TheHive but the result image should be identical
+# Official image are generated by sbt (with the command sbt docker:publishLocal)
+# This Dockerfile is largely inspired by https://github.com/ilyaglow/dockerfiles/blob/master/thehive/Dockerfile
+
+FROM openjdk:8 as build-env
+
+LABEL MAINTAINER="TheHive Project <support@thehive-project.org>"
+
+ARG THEHIVE_VERSION=develop
+
+RUN apt update && \
+  apt install -y apt-transport-https && \
+  curl -sL https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash - && \
+  export NVM_DIR="${HOME}/.nvm" && \
+  . "$NVM_DIR/nvm.sh" && \
+  nvm install --lts && \
+  apt-get install -y git && \
+  npm install -g grunt-cli \
+                 bower && \
+  git -c advice.detachedHead=false \
+      clone \
+      --branch=$THEHIVE_VERSION \
+      --depth=1 \
+      https://github.com/TheHive-Project/TheHive.git && \
+  echo '{"allow_root": true}' > /root/.bowerrc && \
+  cd TheHive && \
+  ./sbt clean stage && \
+  mv /TheHive/target/universal/stage /opt/thehive && \
+  mv /TheHive/package/docker/entrypoint /opt/thehive/entrypoint && \
+  mkdir /var/log/thehive && \
+  apt-get purge -y git && \
+  rm -rf /TheHive \
+         /root/* \
+         /root/.nvm \
+         /root/.m2 \
+         /root/.ivy2 \
+         /root/.sbt \
+         /var/lib/apt/lists/*
+
+FROM openjdk:8
+COPY --from=build-env /opt/thehive /opt/thehive
+COPY --from=build-env /var/log/thehive /var/log/thehive
+
+RUN apt update && \
+  apt upgrade -y && \
+  apt autoclean -y -q && \
+  apt autoremove -y -q && \
+  rm -rf /var/lib/apt/lists/* && \
+  ( type groupadd 1>/dev/null 2>&1 && \
+    groupadd -g 1000 thehive || \
+    addgroup -g 1000 -S thehive ) && \
+  ( type useradd 1>/dev/null 2>&1 && \
+    useradd --system --uid 1000 --gid 1000 thehive || \
+    adduser -S -u 1000 -G thehive thehive ) && \
+  mkdir /etc/thehive && \
+  cp /opt/thehive/conf/logback.xml /etc/thehive/logback.xml && \
+  chown -R root:root /opt/thehive && \
+  chown -R thehive:thehive /var/log/thehive /etc/thehive && \
+  chmod +x /opt/thehive/entrypoint
+
+USER thehive
+
+EXPOSE 9000
+
+WORKDIR /opt/thehive
+
+ENTRYPOINT ["/opt/thehive/entrypoint"]

From 4103b71820855e215d8dd9fb8a334152b6f7fe30 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Tue, 14 Apr 2020 16:41:22 +0200
Subject: [PATCH 51/58] #1080 check alert observable validity

---
 thehive-backend/app/services/AlertSrv.scala | 59 ++++++++++++++-------
 1 file changed, 40 insertions(+), 19 deletions(-)

diff --git a/thehive-backend/app/services/AlertSrv.scala b/thehive-backend/app/services/AlertSrv.scala
index 4b367c3ca0..962c9b2e88 100644
--- a/thehive-backend/app/services/AlertSrv.scala
+++ b/thehive-backend/app/services/AlertSrv.scala
@@ -109,8 +109,27 @@ class AlertSrv(
         case a ⇒ Future.successful(a)
       }
     artifactsFields.flatMap { af ⇒
+      val validArtifacts = af.filter { a ⇒
+        val hasAttachment = (a \ "attachment").asOpt[JsObject].isDefined
+        val hasData       = (a \ "data").asOpt[String].isDefined
+        val dataType      = (a \ "dataType").asOpt[String]
+        val isValid = dataType match {
+          case None         ⇒ false
+          case Some("file") ⇒ hasAttachment && !hasData
+          case _            ⇒ !hasAttachment && hasData
+        }
+        if (!isValid) {
+          val dataTypeStr   = dataType.fold("DataType is not set!")(d ⇒ s"DataType is $d")
+          val dataStr       = if (hasData) "data is set" else "data is not set"
+          val attachmentStr = if (hasAttachment) "attachment is set" else "attachment is not set"
+          logger.warn(
+            s"The alert contains an invalid artifact: $dataTypeStr, $dataStr, $attachmentStr"
+          )
+        }
+        isValid
+      }
       /* remove duplicate artifacts */
-      val distinctArtifacts = Collection.distinctBy(af) { a ⇒
+      val distinctArtifacts = Collection.distinctBy(validArtifacts) { a ⇒
         val data       = (a \ "data").asOpt[String]
         val attachment = (a \ "attachment" \ "id").asOpt[String]
         val dataType   = (a \ "dataType").asOpt[String]
@@ -280,31 +299,33 @@ class AlertSrv(
   def importArtifacts(alert: Alert, caze: Case)(implicit authContext: AuthContext): Future[Case] = {
     val artifactsFields = alert
       .artifacts()
-      .map { artifact ⇒
+      .flatMap { artifact ⇒
         val tags    = (artifact \ "tags").asOpt[Seq[JsString]].getOrElse(Nil) :+ JsString("src:" + alert.tpe())
         val message = (artifact \ "message").asOpt[JsString].getOrElse(JsString(""))
-        val artifactFields = Fields(
-          artifact +
-            ("tags"    → JsArray(tags)) +
-            ("message" → message)
-        )
-        if (artifactFields.getString("dataType").contains("file")) {
-          artifactFields
-            .getString("data")
-            .map {
+        (artifact \ "dataType").asOpt[String].flatMap {
+          case "file" ⇒
+            (artifact \ "data").asOpt[String].collect {
               case dataExtractor(filename, contentType, data) ⇒
                 val f = Files.createTempFile("alert-", "-attachment")
                 Files.write(f, java.util.Base64.getDecoder.decode(data))
-                artifactFields
-                  .set("attachment", FileInputValue(filename, f, contentType))
+                Fields(
+                  artifact +
+                    ("tags"    → JsArray(tags)) +
+                    ("message" → message)
+                ).set("attachment", FileInputValue(filename, f, contentType))
                   .unset("data")
-              case data ⇒
-                logger.warn(s"Invalid data format for file artifact: $data")
-                artifactFields
             }
-            .getOrElse(artifactFields)
-        } else {
-          artifactFields
+          case _ if artifact.value.contains("data") ⇒
+            Some(
+              Fields(
+                artifact +
+                  ("tags"    → JsArray(tags)) +
+                  ("message" → message)
+              )
+            )
+          case _ ⇒
+            logger.warn(s"Invalid artifact format: $artifact")
+            None
         }
       }
 

From e832f7ba9b666de4a87b0bcc4ed7ebcf0375bb2f Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Wed, 15 Apr 2020 14:51:09 +0200
Subject: [PATCH 52/58] Add missing parameter in docker entrypoint help

---
 package/docker/entrypoint | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/package/docker/entrypoint b/package/docker/entrypoint
index fcef16cf1c..39d2827375 100755
--- a/package/docker/entrypoint
+++ b/package/docker/entrypoint
@@ -29,11 +29,12 @@ function usage {
     Available options:
     --no-config                           | do not try to configure TheHive (add secret and elasticsearch)
     --no-config-secret                    | do not add random secret to configuration
+    --secret <secret>                     | secret to secure sessions
+    --show-secret                         | show the generated secret
     --no-config-es                        | do not add elasticsearch hosts to configuration
     --es-uri <uri>                        | use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
     --es-hostname <host>                  | resolve this hostname to find elasticsearch instances
-    --secret <secret>                     | secret to secure sessions
-    --show-secret                         | show the generated secret
+    --no-config-cortex                    | do not add Cortex configuration
     --cortex-proto <proto>                | define protocol to connect to Cortex (default: http)
     --cortex-port <port>                  | define port to connect to Cortex (default: 9000)
     --cortex-url <url>                    | add Cortex connection

From aab73ad4b2ba4a25557e4055babceb7ac4904b99 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Thu, 16 Apr 2020 10:53:14 +0200
Subject: [PATCH 53/58] #866 Prevent global failure on MISP synchronisation

---
 .../app/connectors/misp/MispSrv.scala         | 23 ++++++++++---------
 .../app/connectors/misp/MispSynchro.scala     |  9 ++++----
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/thehive-misp/app/connectors/misp/MispSrv.scala b/thehive-misp/app/connectors/misp/MispSrv.scala
index 5c990b8aa4..d2254fea26 100644
--- a/thehive-misp/app/connectors/misp/MispSrv.scala
+++ b/thehive-misp/app/connectors/misp/MispSrv.scala
@@ -1,17 +1,16 @@
 package connectors.misp
 
 import java.util.Date
+
 import javax.inject.{Inject, Provider, Singleton}
 
 import scala.concurrent.{ExecutionContext, Future}
-
 import play.api.Logger
 import play.api.libs.json.JsLookupResult.jsLookupResultToJsLookup
 import play.api.libs.json.JsValue.jsValueToJsLookup
 import play.api.libs.json.Json.toJsFieldJsValueWrapper
 import play.api.libs.json._
 import play.api.libs.ws.WSBodyWritables.writeableOf_JsValue
-
 import akka.NotUsed
 import akka.stream.Materializer
 import akka.stream.scaladsl.{FileIO, Sink, Source}
@@ -21,11 +20,12 @@ import net.lingala.zip4j.core.ZipFile
 import net.lingala.zip4j.exception.ZipException
 import net.lingala.zip4j.model.FileHeader
 import services._
-
 import org.elastic4play.controllers.{Fields, FileInputValue}
 import org.elastic4play.services.{Attachment, AuthContext, TempSrv}
 import org.elastic4play.{InternalError, NotFoundError}
 
+import scala.util.Try
+
 @Singleton
 class MispSrv @Inject()(
     mispConfig: MispConfig,
@@ -69,13 +69,14 @@ class MispSrv @Inject()(
           .post(Json.obj("searchpublish_timestamp" → date))
       }
       .mapConcat { response ⇒
-        val eventJson = Json
-          .parse(response.body)
-          .asOpt[Seq[JsValue]]
-          .getOrElse {
-            logger.warn(s"Invalid MISP event format:\n${response.body}")
-            Nil
-          }
+        val eventJson = Try {
+          response
+            .body[JsValue]
+            .as[Seq[JsValue]]
+        }.getOrElse {
+          logger.warn(s"Invalid MISP event format:\n${response.body}")
+          Nil
+        }
         val events = eventJson
           .flatMap { j ⇒
             j.asOpt[MispAlert]
@@ -192,7 +193,7 @@ class MispSrv @Inject()(
           )
         )
         .set("tlp", tlp)
-      if attachment.isDefined != data.isDefined
+      if (attachment.isDefined && data.isEmpty) || (dataType != "file" && data.isDefined)
     } yield attachment.fold(Future.successful(fields.set("data", data.get)))(_.map { fiv ⇒
       fields.set("attachment", fiv)
     })) match {
diff --git a/thehive-misp/app/connectors/misp/MispSynchro.scala b/thehive-misp/app/connectors/misp/MispSynchro.scala
index 0638d705ac..95cda14517 100644
--- a/thehive-misp/app/connectors/misp/MispSynchro.scala
+++ b/thehive-misp/app/connectors/misp/MispSynchro.scala
@@ -3,24 +3,22 @@ package connectors.misp
 import java.util.Date
 
 import javax.inject.{Inject, Provider, Singleton}
+
 import scala.collection.immutable
 import scala.concurrent.{ExecutionContext, Future}
 import scala.concurrent.duration._
 import scala.util.{Failure, Success, Try}
-
 import play.api.Logger
 import play.api.inject.ApplicationLifecycle
 import play.api.libs.json._
-
 import akka.NotUsed
 import akka.actor.ActorSystem
-import akka.stream.Materializer
+import akka.stream.{ActorAttributes, Materializer, Supervision}
 import akka.stream.scaladsl.{Sink, Source}
 import connectors.misp.JsonFormat.mispArtifactWrites
 import models.{Alert, AlertStatus, Artifact, CaseStatus}
 import services.{AlertSrv, ArtifactSrv, CaseSrv, UserSrv}
 import JsonFormat.mispAlertWrites
-
 import org.elastic4play.controllers.Fields
 import org.elastic4play.services.{Attachment, AuthContext, MigrationSrv, TempSrv}
 import org.elastic4play.utils.Collection
@@ -91,12 +89,14 @@ class MispSynchro @Inject()(
         case (mispConnection, lastSyncDate) ⇒
           synchronize(mispConnection, Some(lastSyncDate))
       }
+      .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
       .runWith(Sink.seq)
   }
 
   def fullSynchronize()(implicit authContext: AuthContext): Future[immutable.Seq[Try[Alert]]] =
     Source(mispConfig.connections.filter(_.canImport).toList)
       .flatMapConcat(mispConnection ⇒ synchronize(mispConnection, None))
+      .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
       .runWith(Sink.seq)
 
   def updateArtifacts(mispConnection: MispConnection, caseId: String, mispArtifacts: Seq[MispArtifact])(
@@ -112,6 +112,7 @@ class MispSynchro @Inject()(
         .map { artifact ⇒
           artifact.data().map(Left.apply).getOrElse(Right(artifact.attachment().get.name))
         }
+        .withAttributes(ActorAttributes.supervisionStrategy(_ ⇒ Supervision.Resume))
         .runWith(Sink.seq)
       newAttributes ← Future.traverse(mispArtifacts) {
         case artifact @ MispArtifact(SimpleArtifactData(data), _, _, _, _, _, _) if !existingArtifacts.contains(Right(data)) ⇒

From fd07b82a792ea931fa8dd9da963c0e025b804090 Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Fri, 17 Apr 2020 11:13:39 +0200
Subject: [PATCH 54/58] Fix a flex grid css value

---
 ui/app/styles/dashboard.css | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ui/app/styles/dashboard.css b/ui/app/styles/dashboard.css
index 426a299d64..3b5c249161 100644
--- a/ui/app/styles/dashboard.css
+++ b/ui/app/styles/dashboard.css
@@ -139,7 +139,7 @@ dashboard-item .box {
 
 .dashboard-serie > .form-inline {
     display: flex;
-    justify-content: start;
+    justify-content: flex-start;
     align-items: stretch;
 }
 
@@ -157,9 +157,9 @@ dashboard-item .box {
 
 .dashboard-period > div{
     height: 34px;
-    display:flex;
-    justify-content:start;
-    align-items:stretch;
+    display: flex;
+    justify-content: flex-start;
+    align-items: stretch;
 }
 
 .dashboard-period .label{

From 335734a3e04917c443ede41770bedb7b788ea9ec Mon Sep 17 00:00:00 2001
From: Nabil Adouani <nabil.adouani@gmail.com>
Date: Fri, 17 Apr 2020 11:36:39 +0200
Subject: [PATCH 55/58] Update npm packages and fix browserlist configuration

---
 ui/Gruntfile.js |  2 +-
 ui/package.json | 28 ++++++++++++++++------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/ui/Gruntfile.js b/ui/Gruntfile.js
index 48419d9e92..d8364a1b5d 100644
--- a/ui/Gruntfile.js
+++ b/ui/Gruntfile.js
@@ -182,7 +182,7 @@ module.exports = function(grunt) {
         postcss: {
             options: {
                 processors: [
-                  require('autoprefixer')({browsers: ['last 1 version']})
+                  //require('autoprefixer')({browsers: ['last 1 version']})
                 ]
             },
             server: {
diff --git a/ui/package.json b/ui/package.json
index 160c4a7531..cbe2c7d71e 100644
--- a/ui/package.json
+++ b/ui/package.json
@@ -12,26 +12,26 @@
     "homepage": "https://thehive-project.org/",
     "dependencies": {},
     "devDependencies": {
-        "autoprefixer": "^9.5.1",
-        "grunt": "^1.0.4",
-        "grunt-angular-templates": "^1.1.0",
-        "grunt-concurrent": "^2.3.1",
+        "autoprefixer": "^9.7.6",
+        "grunt": "^1.1.0",
+        "grunt-angular-templates": "^1.2.0",
+        "grunt-concurrent": "^3.0.0",
         "grunt-connect-proxy": "^0.2.0",
         "grunt-contrib-clean": "^2.0.0",
         "grunt-contrib-concat": "^1.0.1",
-        "grunt-contrib-connect": "^2.0.0",
+        "grunt-contrib-connect": "^2.1.0",
         "grunt-contrib-copy": "^1.0.0",
         "grunt-contrib-cssmin": "^3.0.0",
         "grunt-contrib-htmlmin": "^3.1.0",
-        "grunt-contrib-imagemin": "^3.1.0",
+        "grunt-contrib-imagemin": "^4.0.0",
         "grunt-contrib-jshint": "^2.1.0",
         "grunt-contrib-uglify": "^4.0.1",
         "grunt-contrib-watch": "^1.1.0",
         "grunt-filerev": "^2.3.1",
         "grunt-injector": "^1.1.0",
-        "grunt-karma": "3.0.2",
+        "grunt-karma": "4.0.0",
         "grunt-newer": "^1.3.0",
-        "grunt-ng-annotate": "^3.0.0",
+        "grunt-ng-annotate": "^4.0.0",
         "grunt-npm-bower": "0.0.4",
         "grunt-postcss": "^0.9.0",
         "grunt-svgmin": "^6.0.0",
@@ -39,10 +39,11 @@
         "grunt-wiredep": "^3.0.1",
         "jit-grunt": "^0.10.0",
         "jshint-stylish": "^2.2.1",
-        "karma-jasmine": "2.0.1",
+        "karma": "^5.0.2",
+        "karma-jasmine": "3.1.1",
         "karma-phantomjs-launcher": "1.0.4",
-        "lodash": "^4.17.11",
-        "serve-static": "^1.14.0",
+        "lodash": "^4.17.15",
+        "serve-static": "^1.14.1",
         "time-grunt": "^2.0.0"
     },
     "engines": {
@@ -50,5 +51,8 @@
     },
     "scripts": {
         "test": "grunt test"
-    }
+    },
+    "browserslist": [
+        "last 1 version"
+    ]
 }

From 4de3b760c60b214d8af53e0eaa844f668ca55850 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 17 Apr 2020 11:55:09 +0200
Subject: [PATCH 56/58] Convert job to json only once (reuse val)

---
 .../app/connectors/cortex/controllers/CortexCtrl.scala          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala b/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala
index efe5818dc9..64591954ed 100644
--- a/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala
+++ b/thehive-cortex/app/connectors/cortex/controllers/CortexCtrl.scala
@@ -162,7 +162,7 @@ class CortexCtrl(
     for {
       job ← cortexAnalyzerSrv.getJob(jobId)
       jobJson = job.toJson
-      jobWithStats ← if (withStats) cortexAnalyzerSrv.addImportFieldInArtifacts(jobJson) else Future.successful(Json.toJson(job))
+      jobWithStats ← if (withStats) cortexAnalyzerSrv.addImportFieldInArtifacts(jobJson) else Future.successful(jobJson)
     } yield Ok(jobWithStats)
   }
 

From 9a3680ae03de775294d1d5bcf37e08b5ca978f0c Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 17 Apr 2020 15:57:34 +0200
Subject: [PATCH 57/58] Use sbt-github-changelog to generate changelog

---
 build.sbt                | 34 +++++++++++++++++++---------------
 project/build.properties |  2 +-
 project/plugins.sbt      |  7 ++++---
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/build.sbt b/build.sbt
index 467a6ff192..82efa88501 100644
--- a/build.sbt
+++ b/build.sbt
@@ -53,7 +53,7 @@ lazy val thehiveCortex = (project in file("thehive-cortex"))
   )
 
 lazy val thehive = (project in file("."))
-  .enablePlugins(PlayScala/*, PlayAkkaHttp2Support*/)
+  .enablePlugins(PlayScala /*, PlayAkkaHttp2Support*/ )
   .enablePlugins(Bintray)
   .dependsOn(thehiveBackend, thehiveMisp, thehiveCortex)
   .aggregate(thehiveBackend, thehiveMisp, thehiveCortex)
@@ -61,9 +61,9 @@ lazy val thehive = (project in file("."))
   .settings(
     aggregate in Debian := false,
     aggregate in Rpm := false,
-    aggregate in Docker := false
+    aggregate in Docker := false,
+    aggregate in changeLog := false
   )
-
 lazy val rpmPackageRelease = (project in file("package/rpm-release"))
   .enablePlugins(RpmPlugin)
   .settings(projectSettings)
@@ -81,23 +81,27 @@ lazy val rpmPackageRelease = (project in file("package/rpm-release"))
     packageDescription :=
       """This package contains the TheHive-Project packages repository
         |GPG key as well as configuration for yum.""".stripMargin,
-    linuxPackageMappings in Rpm := Seq(packageMapping(
-      file("PGP-PUBLIC-KEY") -> "etc/pki/rpm-gpg/GPG-TheHive-Project",
-      file("package/rpm-release/thehive-rpm.repo") -> "/etc/yum.repos.d/thehive-rpm.repo",
-      file("LICENSE") -> "/usr/share/doc/thehive-project-release/LICENSE"
-    ))
+    linuxPackageMappings in Rpm := Seq(
+      packageMapping(
+        file("PGP-PUBLIC-KEY")                       → "etc/pki/rpm-gpg/GPG-TheHive-Project",
+        file("package/rpm-release/thehive-rpm.repo") → "/etc/yum.repos.d/thehive-rpm.repo",
+        file("LICENSE")                              → "/usr/share/doc/thehive-project-release/LICENSE"
+      )
+    )
   )
 
 rpmReleaseFile := {
   import scala.sys.process._
   val rpmFile = (packageBin in Rpm in rpmPackageRelease).value
-  Process("rpm" ::
-    "--define" :: "_gpg_name TheHive Project" ::
-    "--define" :: "_signature gpg" ::
-    "--define" :: "__gpg_check_password_cmd /bin/true" ::
-    "--define" :: "__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --use-agent --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}" ::
-    "--addsign" :: rpmFile.toString ::
-    Nil).!!
+  Process(
+    "rpm" ::
+      "--define" :: "_gpg_name TheHive Project" ::
+      "--define" :: "_signature gpg" ::
+      "--define" :: "__gpg_check_password_cmd /bin/true" ::
+      "--define" :: "__gpg_sign_cmd %{__gpg} gpg --batch --no-verbose --no-armor --use-agent --no-secmem-warning -u \"%{_gpg_name}\" -sbo %{__signature_filename} %{__plaintext_filename}" ::
+      "--addsign" :: rpmFile.toString ::
+      Nil
+  ).!!
   rpmFile
 }
 
diff --git a/project/build.properties b/project/build.properties
index c0bab04941..080a737edb 100644
--- a/project/build.properties
+++ b/project/build.properties
@@ -1 +1 @@
-sbt.version=1.2.8
+sbt.version=1.3.0
diff --git a/project/plugins.sbt b/project/plugins.sbt
index c8ec87a869..5af970f6ad 100644
--- a/project/plugins.sbt
+++ b/project/plugins.sbt
@@ -1,6 +1,7 @@
 // Comment to get more information during initialization
 logLevel := Level.Info
 
-addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.6.23")
-addSbtPlugin("org.foundweekends" % "sbt-bintray" % "0.5.1")
-addSbtPlugin("org.scalameta"     % "sbt-scalafmt" % "2.0.0")
+addSbtPlugin("com.typesafe.play"   % "sbt-plugin"           % "2.6.23")
+addSbtPlugin("org.foundweekends"   % "sbt-bintray"          % "0.5.1")
+addSbtPlugin("org.scalameta"       % "sbt-scalafmt"         % "2.0.0")
+addSbtPlugin("org.thehive-project" % "sbt-github-changelog" % "0.2.0")

From e15bdb24a3133fb7fa166b7a916d74069c5d7f4d Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Fri, 17 Apr 2020 16:00:03 +0200
Subject: [PATCH 58/58] Update changelog and version

---
 CHANGELOG.md | 1059 +++++++++++++++++++++-----------------------------
 version.sbt  |    2 +-
 2 files changed, 443 insertions(+), 618 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1bea0e83d9..0951807e57 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,35 @@
 # Change Log
 
-## [3.4.0](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-09-05)
+## [3.4.1](https://github.com/TheHive-Project/TheHive/milestone/53) (2020-04-17)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.4.0-RC2...3.4.0)
+**Implemented enhancements:**
+
+- docker: TheHive fails to connect to elasticsearch (NoNodeAvailableException) [\#854](https://github.com/TheHive-Project/TheHive/issues/854)
+- Improved support for OpenID connect and OAuth2 [\#1110](https://github.com/TheHive-Project/TheHive/issues/1110)
+- TheHive's Docker entrypoint logs the Play secret key at startup [\#1177](https://github.com/TheHive-Project/TheHive/issues/1177)
+- [Q] Configure TheHive's first run using Docker Compose [\#1199](https://github.com/TheHive-Project/TheHive/issues/1199)
+- TheHive's docker containers should be orchestration-ready [\#1204](https://github.com/TheHive-Project/TheHive/issues/1204)
+- MISP synchronisation: map to_ids to ioc [\#1273](https://github.com/TheHive-Project/TheHive/issues/1273)
+
+**Closed issues:**
+
+- Include Dockerfile in root of project [\#1222](https://github.com/TheHive-Project/TheHive/issues/1222)
+- Docker user daemon with id 1 causes permission issues with local [\#1227](https://github.com/TheHive-Project/TheHive/issues/1227)
+
+**Fixed bugs:**
+
+- MISP & TheHive out of sync? [\#866](https://github.com/TheHive-Project/TheHive/issues/866)
+- Owner is case-sensitive on api calls [\#928](https://github.com/TheHive-Project/TheHive/issues/928)
+- Bug: Observable without data breaks display of observables [\#1080](https://github.com/TheHive-Project/TheHive/issues/1080)
+- Docker-Compose ElasticSearch incompatibility [\#1140](https://github.com/TheHive-Project/TheHive/issues/1140)
+- [Bug] Analyzers that take more than 10 Minutes run into timeout [\#1156](https://github.com/TheHive-Project/TheHive/issues/1156)
+- TheHive 3.4.0 migration logs errors ([error] m.Migration - Failed to create dashboard) [\#1202](https://github.com/TheHive-Project/TheHive/issues/1202)
+- Computed metrics is not compatible with painless scripting language [\#1210](https://github.com/TheHive-Project/TheHive/issues/1210)
+- OAuth2 Bearer header should be of the format "Authorization Bearer" ? [\#1228](https://github.com/TheHive-Project/TheHive/issues/1228)
+- Health API endpoint returns warning when everything is OK [\#1233](https://github.com/TheHive-Project/TheHive/issues/1233)
+- [Bug] Job submission sometimes fails when multiple Cortex servers  [\#1272](https://github.com/TheHive-Project/TheHive/issues/1272)
+
+## [3.4.0](https://github.com/TheHive-Project/TheHive/milestone/52) (2019-09-09)
 
 **Implemented enhancements:**
 
@@ -10,107 +37,84 @@
 
 **Fixed bugs:**
 
-- Cosmetic Bug: wrong number of exported observables displayed [\#1071](https://github.com/TheHive-Project/TheHive/issues/1071)
-- Update Database button does not appear in training appliance [\#1067](https://github.com/TheHive-Project/TheHive/issues/1067)
-- bulk merge alerts into case lose description's alert [\#1065](https://github.com/TheHive-Project/TheHive/issues/1065)
-- Incorrect number of related observables returned [\#1062](https://github.com/TheHive-Project/TheHive/issues/1062)
-- Incorrect tag filter results when observables with tags are added then deleted [\#1061](https://github.com/TheHive-Project/TheHive/issues/1061)
-- Cannot setup TheHive 3.4.0-RC2 using Docker [\#1051](https://github.com/TheHive-Project/TheHive/issues/1051)
-- Case statistics dashboard loads with an error message and the case over time panel fails to display any data [\#1050](https://github.com/TheHive-Project/TheHive/issues/1050)
 - Can't secure ElasticSearch connection [\#1046](https://github.com/TheHive-Project/TheHive/issues/1046)
+- Case statistics dashboard loads with an error message and the case over time panel fails to display any data [\#1050](https://github.com/TheHive-Project/TheHive/issues/1050)
+- Cannot setup TheHive 3.4.0-RC2 using Docker [\#1051](https://github.com/TheHive-Project/TheHive/issues/1051)
+- Incorrect tag filter results when observables with tags are added then deleted [\#1061](https://github.com/TheHive-Project/TheHive/issues/1061)
+- Incorrect number of related observables returned [\#1062](https://github.com/TheHive-Project/TheHive/issues/1062)
+- bulk merge alerts into case lose description's alert [\#1065](https://github.com/TheHive-Project/TheHive/issues/1065)
+- Update Database button does not appear in training appliance [\#1067](https://github.com/TheHive-Project/TheHive/issues/1067)
+- Cosmetic Bug: wrong number of exported observables displayed [\#1071](https://github.com/TheHive-Project/TheHive/issues/1071)
+- 3.4 RC2 doesn't prompt to update/create the database when one doesn't exist [\#1107](https://github.com/TheHive-Project/TheHive/issues/1107)
 
-## [3.4.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.4.0-RC2) (2019-07-10)
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.4.0-RC1...3.4.0-RC2)
+## [3.4.0-RC2](https://github.com/TheHive-Project/TheHive/milestone/51) (2019-07-11)
 
 **Implemented enhancements:**
 
-- Display ioc and sighted attributes in Alert artifact list [\#1035](https://github.com/TheHive-Project/TheHive/issues/1035)
-- Merge Observable tags with existing observables during importing alerts into case [\#1014](https://github.com/TheHive-Project/TheHive/issues/1014)
-- API not recognizing the attribute 'sighted' of artifacts on alert creation [\#1003](https://github.com/TheHive-Project/TheHive/issues/1003)
 - Alerts are not getting deleted as expected [\#974](https://github.com/TheHive-Project/TheHive/issues/974)
-
-**Fixed bugs:**
-
-- Update case owner field validation to handle null value [\#1036](https://github.com/TheHive-Project/TheHive/issues/1036)
-- thehive prints error messages on first run \("Authentication failure" / "user init not found"\) [\#1027](https://github.com/TheHive-Project/TheHive/issues/1027)
-- TLP:WHITE for observable not shown, not editable [\#1025](https://github.com/TheHive-Project/TheHive/issues/1025)
-- Dashboard based on observables not refreshing correctly [\#996](https://github.com/TheHive-Project/TheHive/issues/996)
-- javascript error in tasks [\#979](https://github.com/TheHive-Project/TheHive/issues/979)
-- /api/alert/{}/createCase does not use caseTemplate [\#929](https://github.com/TheHive-Project/TheHive/issues/929)
+- API not recognizing the attribute 'sighted' of artifacts on alert creation [\#1003](https://github.com/TheHive-Project/TheHive/issues/1003)
+- Merge Observable tags with existing observables during importing alerts into case [\#1014](https://github.com/TheHive-Project/TheHive/issues/1014)
+- Display ioc and sighted attributes in Alert artifact list [\#1035](https://github.com/TheHive-Project/TheHive/issues/1035)
 
 **Closed issues:**
 
-- Cannot add custom fields to case template [\#1042](https://github.com/TheHive-Project/TheHive/issues/1042)
+- can't add custom fields to case in 3.4.0-RC1 [\#1026](https://github.com/TheHive-Project/TheHive/issues/1026)
 - sample hive does not connect to cortex and prints no helpful error message [\#1028](https://github.com/TheHive-Project/TheHive/issues/1028)
 
-## [3.4.0-RC1](https://github.com/TheHive-Project/TheHive/tree/HEAD) (2019-06-05)
+**Fixed bugs:**
+
+- /api/alert/{}/createCase does not use caseTemplate [\#929](https://github.com/TheHive-Project/TheHive/issues/929)
+- javascript error in tasks [\#979](https://github.com/TheHive-Project/TheHive/issues/979)
+- Dashboard based on observables not refreshing correctly [\#996](https://github.com/TheHive-Project/TheHive/issues/996)
+- TLP:WHITE for observable not shown, not editable [\#1025](https://github.com/TheHive-Project/TheHive/issues/1025)
+- thehive prints error messages on first run ("Authentication failure" / "user init not found") [\#1027](https://github.com/TheHive-Project/TheHive/issues/1027)
+- Update case owner field validation to handle null value [\#1036](https://github.com/TheHive-Project/TheHive/issues/1036)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.1...3.4.0-4C1)
+## [3.4.0-RC1](https://github.com/TheHive-Project/TheHive/milestone/49) (2019-06-05)
 
 **Implemented enhancements:**
 
-- Allow to import file from Cortex report [\#982](https://github.com/TheHive-Project/TheHive/issues/982)
-- Remove metrics module [\#975](https://github.com/TheHive-Project/TheHive/issues/975)
-- Upgrade frontend libraries [\#966](https://github.com/TheHive-Project/TheHive/issues/966)
-- Cortex AddArtifactToCase AssignCase [\#922](https://github.com/TheHive-Project/TheHive/issues/922)
-- Communication to ElasticSearch via HTTP API 9200 [\#913](https://github.com/TheHive-Project/TheHive/issues/913)
-- Add Cortex AssignCase [\#924](https://github.com/TheHive-Project/TheHive/pull/924) ([zpriddy](https://github.com/zpriddy))
 - Support Elasticsearch 6.x clusters [\#623](https://github.com/TheHive-Project/TheHive/issues/623)
-
-**Fixed bugs:**
-
-- Donut dashboard metric values are not transformed to searches [\#972](https://github.com/TheHive-Project/TheHive/issues/972)
-- Bulk merge of alerts does not merge the tags [\#994](https://github.com/TheHive-Project/TheHive/issues/994)
-- Java 11 build crash [\#990](https://github.com/TheHive-Project/TheHive/issues/990)
-- Failure to load datatypes [\#988](https://github.com/TheHive-Project/TheHive/issues/988)
-- Fix search page base filter [\#983](https://github.com/TheHive-Project/TheHive/issues/983)
-- Authentication Error when using Hive API \(Patch\) [\#951](https://github.com/TheHive-Project/TheHive/issues/951)
+- Communication to ElasticSearch via HTTP API 9200 [\#913](https://github.com/TheHive-Project/TheHive/issues/913)
+- Cortex AddArtifactToCase AssignCase [\#922](https://github.com/TheHive-Project/TheHive/issues/922)
+- Upgrade frontend libraries [\#966](https://github.com/TheHive-Project/TheHive/issues/966)
+- Remove metrics module [\#975](https://github.com/TheHive-Project/TheHive/issues/975)
+- Allow to import file from Cortex report [\#982](https://github.com/TheHive-Project/TheHive/issues/982)
 
 **Closed issues:**
 
-- bintray repo for deb packages not signed [\#976](https://github.com/TheHive-Project/TheHive/issues/976)
-- Set alert to status "Ignored" via API does not work [\#955](https://github.com/TheHive-Project/TheHive/issues/955)
+- Have AlertFilter for "New&Updated" [\#952](https://github.com/TheHive-Project/TheHive/issues/952)
 
-**Merged pull requests:**
-
-- Add 'My open cases' and 'New & Updated alerts' to quick filters [\#925](https://github.com/TheHive-Project/TheHive/pull/925) ([zpriddy](https://github.com/zpriddy))
+**Fixed bugs:**
 
-## [3.3.1](https://github.com/TheHive-Project/TheHive/tree/3.3.1) (2019-05-22)
+- Donut dashboard metric values are not transformed to searches [\#972](https://github.com/TheHive-Project/TheHive/issues/972)
+- Fix search page base filter [\#983](https://github.com/TheHive-Project/TheHive/issues/983)
+- Failure to load datatypes [\#988](https://github.com/TheHive-Project/TheHive/issues/988)
+- Java 11 build crash [\#990](https://github.com/TheHive-Project/TheHive/issues/990)
+- Bulk merge of alerts does not merge the tags [\#994](https://github.com/TheHive-Project/TheHive/issues/994)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0...3.3.1)
+## [3.3.1](https://github.com/TheHive-Project/TheHive/milestone/50) (2019-05-22)
 
 **Fixed bugs:**
 
 - THP-SEC-ADV-2017-001: Privilege Escalation in all Versions of TheHive [\#408](https://github.com/TheHive-Project/TheHive/issues/408)
 
-## [3.3.0](https://github.com/TheHive-Project/TheHive/tree/3.3.0) (2019-03-19)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC6...3.3.0)
+## [3.3.0](https://github.com/TheHive-Project/TheHive/milestone/48) (2019-03-19)
 
 **Fixed bugs:**
 
 - Merge case by CaseID Broken [\#930](https://github.com/TheHive-Project/TheHive/issues/930)
 
-## [3.3.0-RC6](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC6) (2019-03-07)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC5...3.3.0-RC6)
+## [3.3.0-RC6](https://github.com/TheHive-Project/TheHive/milestone/47) (2019-03-19)
 
 **Implemented enhancements:**
 
-- Add Tags to an Alert with Responder [\#912](https://github.com/TheHive-Project/TheHive/issues/912)
-- Dashboards - Add text widget [\#908](https://github.com/TheHive-Project/TheHive/issues/908)
+- Support for filtering Tags by prefix (using asterisk, % or something) in search dialog [\#666](https://github.com/TheHive-Project/TheHive/issues/666)
 - Empty case still available when disabled [\#901](https://github.com/TheHive-Project/TheHive/issues/901)
-- Support for filtering Tags by prefix \(using asterisk, % or something\) in search dialog [\#666](https://github.com/TheHive-Project/TheHive/issues/666)
-
-**Closed issues:**
-
-- Dynamic \(auto-refresh\) of cases is break in 3.3.0-RC5 [\#907](https://github.com/TheHive-Project/TheHive/issues/907)
-- Hostname Artifact [\#900](https://github.com/TheHive-Project/TheHive/issues/900)
-- DOS issue: Firefox crashing TheHive [\#899](https://github.com/TheHive-Project/TheHive/issues/899)
-
-## [3.3.0-RC5](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC5) (2019-02-23)
+- Dashboards - Add text widget [\#908](https://github.com/TheHive-Project/TheHive/issues/908)
+- Add Tags to an Alert with Responder [\#912](https://github.com/TheHive-Project/TheHive/issues/912)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC4...3.3.0-RC5)
+## [3.3.0-RC5](https://github.com/TheHive-Project/TheHive/milestone/46) (2019-02-23)
 
 **Implemented enhancements:**
 
@@ -118,12 +122,10 @@
 
 **Fixed bugs:**
 
-- dashboard clicks are not correctly translated to tag filters [\#896](https://github.com/TheHive-Project/TheHive/issues/896)
 - Search results not visible [\#895](https://github.com/TheHive-Project/TheHive/issues/895)
+- dashboard clicks are not correctly translated to tag filters [\#896](https://github.com/TheHive-Project/TheHive/issues/896)
 
-## [3.3.0-RC4](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC4) (2019-02-22)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC3...3.3.0-RC4)
+## [3.3.0-RC4](https://github.com/TheHive-Project/TheHive/milestone/45) (2019-02-22)
 
 **Implemented enhancements:**
 
@@ -131,88 +133,67 @@
 
 **Fixed bugs:**
 
-- Issue with navigation from dashboard clickable donuts to search page [\#894](https://github.com/TheHive-Project/TheHive/issues/894)
 - Hide Empty Case Button Broken [\#890](https://github.com/TheHive-Project/TheHive/issues/890)
+- Issue with navigation from dashboard clickable donuts to search page [\#894](https://github.com/TheHive-Project/TheHive/issues/894)
 
-## [3.3.0-RC3](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC3) (2019-02-21)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC2...3.3.0-RC3)
+## [3.3.0 RC3](https://github.com/TheHive-Project/TheHive/milestone/43) (2019-02-21)
 
 **Implemented enhancements:**
 
-- Add a UI configuration admin section [\#888](https://github.com/TheHive-Project/TheHive/issues/888)
-- Add a Related Alerts link to case details view [\#884](https://github.com/TheHive-Project/TheHive/issues/884)
-- Update Copyright with year 2019 [\#879](https://github.com/TheHive-Project/TheHive/issues/879)
-- Provide a quick link to copy alert id [\#870](https://github.com/TheHive-Project/TheHive/issues/870)
-- \[BUG\] Audit trail for alert ignore [\#863](https://github.com/TheHive-Project/TheHive/issues/863)
-- Related artifacts: IOC/not IOC [\#838](https://github.com/TheHive-Project/TheHive/issues/838)
-- Feature: Add "auto-completion" to the UI [\#831](https://github.com/TheHive-Project/TheHive/issues/831)
-- Improvement: Upload of observables seem to fail "silently" [\#829](https://github.com/TheHive-Project/TheHive/issues/829)
-- Feature Request: link to and from Hive to MISP [\#820](https://github.com/TheHive-Project/TheHive/issues/820)
+- Ability to disable "New Case" -> "Empty case" [\#449](https://github.com/TheHive-Project/TheHive/issues/449)
 - Disable clickable widgets in dashboard edit mode [\#485](https://github.com/TheHive-Project/TheHive/issues/485)
-- Ability to disable "New Case" -\> "Empty case" [\#449](https://github.com/TheHive-Project/TheHive/issues/449)
+- Feature Request: link to and from Hive to MISP [\#820](https://github.com/TheHive-Project/TheHive/issues/820)
+- Improvement: Upload of observables seem to fail "silently" [\#829](https://github.com/TheHive-Project/TheHive/issues/829)
+- Feature: Add "auto-completion" to the UI [\#831](https://github.com/TheHive-Project/TheHive/issues/831)
+- Related artifacts: IOC/not IOC [\#838](https://github.com/TheHive-Project/TheHive/issues/838)
+- [BUG] Audit trail for alert ignore [\#863](https://github.com/TheHive-Project/TheHive/issues/863)
+- Provide a quick link to copy alert id [\#870](https://github.com/TheHive-Project/TheHive/issues/870)
+- Update Copyright with year 2019 [\#879](https://github.com/TheHive-Project/TheHive/issues/879)
+- Add a Related Alerts link to case details view [\#884](https://github.com/TheHive-Project/TheHive/issues/884)
+- Add a UI configuration admin section [\#888](https://github.com/TheHive-Project/TheHive/issues/888)
 
 **Fixed bugs:**
 
-- Drone build fails on pull-requests [\#882](https://github.com/TheHive-Project/TheHive/issues/882)
-- AKKA version missmatch [\#877](https://github.com/TheHive-Project/TheHive/issues/877)
-- Label Typo in Updated Alerts [\#874](https://github.com/TheHive-Project/TheHive/issues/874)
+- Alert updates and tracking (follow) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
+- Cortex responders with DataType `thehive:case_artifact` do not show up within thehive when attempting to run them for observables. [\#869](https://github.com/TheHive-Project/TheHive/issues/869)
 - Log message related to MISP synchronization is confusing [\#871](https://github.com/TheHive-Project/TheHive/issues/871)
-- Cortex responders with DataType `thehive:case\_artifact` do not show up within thehive when attempting to run them for observables. [\#869](https://github.com/TheHive-Project/TheHive/issues/869)
-- Alert updates and tracking \(follow\) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
-
-**Merged pull requests:**
-
-- Update akka version [\#878](https://github.com/TheHive-Project/TheHive/pull/878) ([zpriddy](https://github.com/zpriddy))
-- Fix Update Label to Warning [\#873](https://github.com/TheHive-Project/TheHive/pull/873) ([zpriddy](https://github.com/zpriddy))
-
-## [3.3.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC2) (2019-02-07)
+- Label Typo in Updated Alerts [\#874](https://github.com/TheHive-Project/TheHive/issues/874)
+- AKKA version missmatch [\#877](https://github.com/TheHive-Project/TheHive/issues/877)
+- Drone build fails on pull-requests [\#882](https://github.com/TheHive-Project/TheHive/issues/882)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.3.0-RC1...3.3.0-RC2)
+## [3.3.0 RC2](https://github.com/TheHive-Project/TheHive/milestone/42) (2019-02-12)
 
 **Fixed bugs:**
 
 - Java dependency of DEB package is broken [\#867](https://github.com/TheHive-Project/TheHive/issues/867)
 
-## [3.3.0-RC1](https://github.com/TheHive-Project/TheHive/tree/3.3.0-RC1) (2019-02-06)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.2.1...3.3.0-RC1)
+## [3.3.0 RC1](https://github.com/TheHive-Project/TheHive/milestone/41) (2019-02-06)
 
 **Implemented enhancements:**
 
-- \[BUG\] Session cookie received with API token [\#864](https://github.com/TheHive-Project/TheHive/issues/864)
-- Add support to Java versions, higher than 8 [\#861](https://github.com/TheHive-Project/TheHive/issues/861)
-- MISP - Add an Event Tag instead of/additionnally to Attribute Tag [\#836](https://github.com/TheHive-Project/TheHive/issues/836)
-- sorting in alerts [\#824](https://github.com/TheHive-Project/TheHive/issues/824)
-- Improve case template selection for case creation [\#769](https://github.com/TheHive-Project/TheHive/issues/769)
 - Bulk Merge Alerts into Case [\#271](https://github.com/TheHive-Project/TheHive/issues/271)
+- Improve case template selection for case creation [\#769](https://github.com/TheHive-Project/TheHive/issues/769)
+- sorting in alerts [\#824](https://github.com/TheHive-Project/TheHive/issues/824)
 - Merge alerts directly to a case [\#826](https://github.com/TheHive-Project/TheHive/issues/826)
-- Tag normalization [\#657](https://github.com/TheHive-Project/TheHive/pull/657) ([Viltaria](https://github.com/Viltaria))
+- MISP - Add an Event Tag instead of/additionnally to Attribute Tag [\#836](https://github.com/TheHive-Project/TheHive/issues/836)
+- Add support to Java versions, higher than 8 [\#861](https://github.com/TheHive-Project/TheHive/issues/861)
+- [BUG] Session cookie received with API token  [\#864](https://github.com/TheHive-Project/TheHive/issues/864)
 
 **Fixed bugs:**
 
-- Alert updates and tracking \(follow\) [\#856](https://github.com/TheHive-Project/TheHive/issues/856)
+- Delete user from Thehive:   DELETE /api/user/user1 returned 500 org.elastic4play.InternalError: user can't be removed [\#844](https://github.com/TheHive-Project/TheHive/issues/844)
 - Assigned Tasks do not show up in 'My Tasks' before they are started [\#845](https://github.com/TheHive-Project/TheHive/issues/845)
-- Delete user from Thehive: DELETE /api/user/user1 returned 500 org.elastic4play.InternalError: user can't be removed [\#844](https://github.com/TheHive-Project/TheHive/issues/844)
-
-## [3.2.1](https://github.com/TheHive-Project/TheHive/tree/3.2.1) (2018-12-20)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.2.0...3.2.1)
+## [3.2.1](https://github.com/TheHive-Project/TheHive/milestone/40) (2019-01-02)
 
 **Fixed bugs:**
 
-- Bug UI "Tooltip" / Hint is cropped by window borders [\#832](https://github.com/TheHive-Project/TheHive/issues/832)
-- Can't unset case template when alert is imported [\#825](https://github.com/TheHive-Project/TheHive/issues/825)
-- Potential Regression: Case templates cannot be exported in 3.2.0 [\#823](https://github.com/TheHive-Project/TheHive/issues/823)
 - Tag order is reversed if a case is created from an alert [\#810](https://github.com/TheHive-Project/TheHive/issues/810)
+- Potential Regression: Case templates cannot be exported in 3.2.0 [\#823](https://github.com/TheHive-Project/TheHive/issues/823)
+- Can't unset case template when alert is imported [\#825](https://github.com/TheHive-Project/TheHive/issues/825)
+- Bug UI "Tooltip" / Hint is cropped by window borders [\#832](https://github.com/TheHive-Project/TheHive/issues/832)
 
-**Merged pull requests:**
-
-- Make improvements to configuration file [\#828](https://github.com/TheHive-Project/TheHive/pull/828) ([adl1995](https://github.com/adl1995))
-
-## [3.2.0](https://github.com/TheHive-Project/TheHive/tree/3.2.0) (2018-11-29)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.2.0-RC1...3.2.0)
+## [3.2.0](https://github.com/TheHive-Project/TheHive/milestone/39) (2018-12-11)
 
 **Implemented enhancements:**
 
@@ -222,283 +203,203 @@
 
 - Error when uploading password protected zips as observables [\#805](https://github.com/TheHive-Project/TheHive/issues/805)
 - Lowercase user ID coming from HTTP header [\#808](https://github.com/TheHive-Project/TheHive/issues/808)
-- Error when uploading password protected zips as observables [\#805](https://github.com/TheHive-Project/TheHive/issues/805)
 
-## [3.2.0-RC1](https://github.com/TheHive-Project/TheHive/tree/3.2.0-RC1) (2018-11-16)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.2...3.2.0-RC1)
+## [3.2.0-RC1](https://github.com/TheHive-Project/TheHive/milestone/16) (2018-11-21)
 
 **Implemented enhancements:**
 
-- Add ability to add a log in responder operation [\#795](https://github.com/TheHive-Project/TheHive/issues/795)
-- Add responder actions in dashboard [\#794](https://github.com/TheHive-Project/TheHive/issues/794)
-- Show observable description on mouseover observables [\#793](https://github.com/TheHive-Project/TheHive/issues/793)
-- Update Play [\#791](https://github.com/TheHive-Project/TheHive/issues/791)
-- Show tags of observables in Alert preview [\#778](https://github.com/TheHive-Project/TheHive/issues/778)
-- Observable Value gets cleared when changing its type \(importing it from an analyser result\) [\#763](https://github.com/TheHive-Project/TheHive/issues/763)
-- Add confirmation dialogs when running a responder [\#762](https://github.com/TheHive-Project/TheHive/issues/762)
-- Support header variable authentication [\#554](https://github.com/TheHive-Project/TheHive/issues/554)
 - Whitelist of tags for MISP alerts [\#481](https://github.com/TheHive-Project/TheHive/issues/481)
+- Support header variable authentication [\#554](https://github.com/TheHive-Project/TheHive/issues/554)
+- Add confirmation dialogs when running a responder [\#762](https://github.com/TheHive-Project/TheHive/issues/762)
+- Observable Value gets cleared when changing its type (importing it from an analyser result) [\#763](https://github.com/TheHive-Project/TheHive/issues/763)
+- Show tags of observables in Alert preview [\#778](https://github.com/TheHive-Project/TheHive/issues/778)
+- Update Play [\#791](https://github.com/TheHive-Project/TheHive/issues/791)
+- Show observable description on mouseover observables [\#793](https://github.com/TheHive-Project/TheHive/issues/793)
+- Add responder actions in dashboard [\#794](https://github.com/TheHive-Project/TheHive/issues/794)
+- Add ability to add a log in responder operation [\#795](https://github.com/TheHive-Project/TheHive/issues/795)
 
 **Fixed bugs:**
 
-- MISP synchronization fails if event contains attachment with invalid name [\#801](https://github.com/TheHive-Project/TheHive/issues/801)
-- Observable creation doesn't allow multiline observables [\#790](https://github.com/TheHive-Project/TheHive/issues/790)
-- A user with "write" permission can delete a case using API [\#773](https://github.com/TheHive-Project/TheHive/issues/773)
-- Basic authentication method should be disabled by default [\#772](https://github.com/TheHive-Project/TheHive/issues/772)
-- Case search from dashboard clic "invalid filters error" [\#761](https://github.com/TheHive-Project/TheHive/issues/761)
 - Intermittently losing Cortex [\#739](https://github.com/TheHive-Project/TheHive/issues/739)
+- Case search from dashboard clic "invalid filters error" [\#761](https://github.com/TheHive-Project/TheHive/issues/761)
+- Basic authentication method should be disabled by default [\#772](https://github.com/TheHive-Project/TheHive/issues/772)
+- A user with "write" permission can delete a case using API [\#773](https://github.com/TheHive-Project/TheHive/issues/773)
+- Observable creation doesn't allow multiline observables [\#790](https://github.com/TheHive-Project/TheHive/issues/790)
+- MISP synchronization fails if event contains attachment with invalid name [\#801](https://github.com/TheHive-Project/TheHive/issues/801)
 
-**Merged pull requests:**
-
-- Added Integration with FireEye iSIGHT [\#755](https://github.com/TheHive-Project/TheHive/pull/755) ([garanews](https://github.com/garanews))
-
-## [3.1.2](https://github.com/TheHive-Project/TheHive/tree/3.1.2) (2018-10-12)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.1...3.1.2)
+## [3.1.2](https://github.com/TheHive-Project/TheHive/milestone/38) (2018-10-12)
 
 **Fixed bugs:**
 
 - Cortex polling settings break startup [\#754](https://github.com/TheHive-Project/TheHive/issues/754)
 
-## [3.1.1](https://github.com/TheHive-Project/TheHive/tree/3.1.1) (2018-10-09)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0...3.1.1)
+## [3.1.1](https://github.com/TheHive-Project/TheHive/milestone/37) (2018-10-12)
 
 **Implemented enhancements:**
 
-- Allow TheHive to use a custom root context [\#752](https://github.com/TheHive-Project/TheHive/issues/752)
-- Change Debian dependencies [\#751](https://github.com/TheHive-Project/TheHive/issues/751)
-- Publish stable versions in beta package channels [\#733](https://github.com/TheHive-Project/TheHive/issues/733)
 - url category to MISP: poll for default [\#732](https://github.com/TheHive-Project/TheHive/issues/732)
+- Publish stable versions in beta package channels [\#733](https://github.com/TheHive-Project/TheHive/issues/733)
+- Change Debian dependencies [\#751](https://github.com/TheHive-Project/TheHive/issues/751)
+- Allow TheHive to use a custom root context [\#752](https://github.com/TheHive-Project/TheHive/issues/752)
 
 **Fixed bugs:**
 
-- Console output should not be logged in syslog [\#749](https://github.com/TheHive-Project/TheHive/issues/749)
-- Update breaks RHEL [\#743](https://github.com/TheHive-Project/TheHive/issues/743)
-- Observable Result Icons Not Displaying [\#738](https://github.com/TheHive-Project/TheHive/issues/738)
 - UPN attribute is not correctly lowercased [\#736](https://github.com/TheHive-Project/TheHive/issues/736)
+- Observable Result Icons Not Displaying [\#738](https://github.com/TheHive-Project/TheHive/issues/738)
+- Update breaks RHEL [\#743](https://github.com/TheHive-Project/TheHive/issues/743)
+- Console output should not be logged in syslog [\#749](https://github.com/TheHive-Project/TheHive/issues/749)
 
-**Closed issues:**
-
-- Artifact tags are overwritten by alert sourceRef during import to case [\#734](https://github.com/TheHive-Project/TheHive/issues/734)
-
-## [3.1.0](https://github.com/TheHive-Project/TheHive/tree/3.1.0) (2018-09-25)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0-RC3...3.1.0)
+## [3.1.0](https://github.com/TheHive-Project/TheHive/milestone/36) (2018-09-25)
 
 **Implemented enhancements:**
 
-- Add MarkAlertAsRead action to responders [\#729](https://github.com/TheHive-Project/TheHive/issues/729)
-- AddCustomField responder operation [\#724](https://github.com/TheHive-Project/TheHive/issues/724)
 - 3.1.0RC3: Browsing to negative case ids is possible [\#713](https://github.com/TheHive-Project/TheHive/issues/713)
-
-**Fixed bugs:**
-
-- RPM Updates not available \(404\) [\#719](https://github.com/TheHive-Project/TheHive/issues/719)
-- Observables not being displayed [\#655](https://github.com/TheHive-Project/TheHive/issues/655)
-- TheHive Hyperlinking [\#723](https://github.com/TheHive-Project/TheHive/issues/723)
-- Multiple responder actions does not seem to be handled [\#722](https://github.com/TheHive-Project/TheHive/issues/722)
-- API allows alert creation with duplicate artifacts [\#720](https://github.com/TheHive-Project/TheHive/issues/720)
-- 3.0.1RC3: certificate based authentication failes as attributes are not correctly lowercased [\#714](https://github.com/TheHive-Project/TheHive/issues/714)
-- Fix PAP labels [\#711](https://github.com/TheHive-Project/TheHive/issues/711)
+- AddCustomField responder operation [\#724](https://github.com/TheHive-Project/TheHive/issues/724)
+- Add MarkAlertAsRead action to responders [\#729](https://github.com/TheHive-Project/TheHive/issues/729)
 
 **Closed issues:**
 
-- Cortex Connector [\#721](https://github.com/TheHive-Project/TheHive/issues/721)
-- Markdown syntex not rendered correctly [\#718](https://github.com/TheHive-Project/TheHive/issues/718)
-- 3.1.0RC3: Search produces errors on screen [\#712](https://github.com/TheHive-Project/TheHive/issues/712)
 - TheHive:Alerts don't send observables to Responders [\#725](https://github.com/TheHive-Project/TheHive/issues/725)
 
-**Merged pull requests:**
-
-- CloseTask responder operation [\#728](https://github.com/TheHive-Project/TheHive/pull/728) ([srilumpa](https://github.com/srilumpa))
-- Add AddTagToArtifact action to responders [\#717](https://github.com/TheHive-Project/TheHive/pull/717) ([srilumpa](https://github.com/srilumpa))
+**Fixed bugs:**
 
-## [3.1.0-RC3](https://github.com/TheHive-Project/TheHive/tree/3.1.0-RC3) (2018-09-06)
+- Fix PAP labels [\#711](https://github.com/TheHive-Project/TheHive/issues/711)
+- 3.0.1RC3: certificate based authentication failes as attributes are not correctly lowercased [\#714](https://github.com/TheHive-Project/TheHive/issues/714)
+- API allows alert creation with duplicate artifacts [\#720](https://github.com/TheHive-Project/TheHive/issues/720)
+- Multiple responder actions does not seem to be handled [\#722](https://github.com/TheHive-Project/TheHive/issues/722)
+- TheHive Hyperlinking  [\#723](https://github.com/TheHive-Project/TheHive/issues/723)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0-RC2...3.1.0-RC3)
+## [3.1.0-RC3](https://github.com/TheHive-Project/TheHive/milestone/35) (2018-09-06)
 
 **Implemented enhancements:**
 
-- Extend Case Description Field [\#81](https://github.com/TheHive-Project/TheHive/issues/81)
-- Display task description via a collapsible row [\#709](https://github.com/TheHive-Project/TheHive/issues/709)
-- Allow task group auto complete in case template admin section [\#707](https://github.com/TheHive-Project/TheHive/issues/707)
-- Display task group in global task lists [\#705](https://github.com/TheHive-Project/TheHive/issues/705)
-- Make task group input optional [\#696](https://github.com/TheHive-Project/TheHive/issues/696)
-- Related Cases: See \(x\) more links [\#690](https://github.com/TheHive-Project/TheHive/issues/690)
-- Search section: Search for a string over all types of objects [\#689](https://github.com/TheHive-Project/TheHive/issues/689)
 - Filter on computedHandlingDuration in SearchDialog fails [\#688](https://github.com/TheHive-Project/TheHive/issues/688)
-- Change layout of observable creation form [\#706](https://github.com/TheHive-Project/TheHive/pull/706) ([srilumpa](https://github.com/srilumpa))
+- Search section: Search for a string over all types of objects [\#689](https://github.com/TheHive-Project/TheHive/issues/689)
+- Related Cases: See (x) more links [\#690](https://github.com/TheHive-Project/TheHive/issues/690)
+- Make task group input optional [\#696](https://github.com/TheHive-Project/TheHive/issues/696)
+- Display task group in global task lists [\#705](https://github.com/TheHive-Project/TheHive/issues/705)
+- Allow task group auto complete in case template admin section [\#707](https://github.com/TheHive-Project/TheHive/issues/707)
+- Display task description via a collapsible row [\#709](https://github.com/TheHive-Project/TheHive/issues/709)
 
 **Fixed bugs:**
 
-- Adding new observables to an alert retrospectively is impossible [\#511](https://github.com/TheHive-Project/TheHive/issues/511)
-- .sbt build of current git version fails with x-pack-transport error [\#710](https://github.com/TheHive-Project/TheHive/issues/710)
-- PKI authentication fails if user name in certificate has the wrong case [\#700](https://github.com/TheHive-Project/TheHive/issues/700)
-- Error handling deletion and re creation of file observables [\#699](https://github.com/TheHive-Project/TheHive/issues/699)
 - Start waiting tasks when adding task logs [\#695](https://github.com/TheHive-Project/TheHive/issues/695)
+- Error handling deletion and re creation of file observables [\#699](https://github.com/TheHive-Project/TheHive/issues/699)
+- PKI authentication fails if user name in certificate has the wrong case [\#700](https://github.com/TheHive-Project/TheHive/issues/700)
+- .sbt build of current git version fails with x-pack-transport error [\#710](https://github.com/TheHive-Project/TheHive/issues/710)
 
-## [3.1.0-RC2](https://github.com/TheHive-Project/TheHive/tree/3.1.0-RC2) (2018-08-27)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.1.0-RC1...3.1.0-RC2)
+## [3.1.0-RC2](https://github.com/TheHive-Project/TheHive/milestone/34) (2018-08-30)
 
 **Implemented enhancements:**
 
-- Add a search box to quickly search for case by caseId [\#685](https://github.com/TheHive-Project/TheHive/issues/685)
-- MISP Exports in livestream miss hyperlink to caseid [\#684](https://github.com/TheHive-Project/TheHive/issues/684)
-- Remember task list configuration \(grouped/list\) [\#681](https://github.com/TheHive-Project/TheHive/issues/681)
-- x509 certificate authentication option 'wantClientAuth' [\#667](https://github.com/TheHive-Project/TheHive/issues/667)
-- TheHive 3.1RC1: Slow reaction if Cortex is \(unclear\) unreachable [\#664](https://github.com/TheHive-Project/TheHive/issues/664)
-- TheHive 3.1RC1: Add status to cases and tasks in new search page [\#663](https://github.com/TheHive-Project/TheHive/issues/663)
-- TheHive 3.1RC1: Add Username that executes an active response to json data field of responder [\#662](https://github.com/TheHive-Project/TheHive/issues/662)
-- Ability to set custom fields as mandatory [\#652](https://github.com/TheHive-Project/TheHive/issues/652)
-- Application.conf needs clarifications [\#606](https://github.com/TheHive-Project/TheHive/issues/606)
 - Observable type boxes doesn't line break on alert preview pane [\#593](https://github.com/TheHive-Project/TheHive/issues/593)
-- On branch betterDescriptions [\#660](https://github.com/TheHive-Project/TheHive/pull/660) ([secdecompiled](https://github.com/secdecompiled))
+- Application.conf needs clarifications [\#606](https://github.com/TheHive-Project/TheHive/issues/606)
+- Ability to set custom fields as mandatory [\#652](https://github.com/TheHive-Project/TheHive/issues/652)
+- TheHive 3.1RC1: Add Username that executes an active response to json data field of responder [\#662](https://github.com/TheHive-Project/TheHive/issues/662)
+- TheHive 3.1RC1: Add status to cases and tasks in new search page [\#663](https://github.com/TheHive-Project/TheHive/issues/663)
+- TheHive 3.1RC1: Slow reaction if Cortex is (unclear) unreachable [\#664](https://github.com/TheHive-Project/TheHive/issues/664)
+- x509 certificate authentication option 'wantClientAuth' [\#667](https://github.com/TheHive-Project/TheHive/issues/667)
+- Remember task list configuration (grouped/list) [\#681](https://github.com/TheHive-Project/TheHive/issues/681)
+- MISP Exports in livestream miss hyperlink to caseid [\#684](https://github.com/TheHive-Project/TheHive/issues/684)
+- Add a search box to quickly search for case by caseId [\#685](https://github.com/TheHive-Project/TheHive/issues/685)
 
 **Fixed bugs:**
 
-- The hive docker image has no latest tag [\#670](https://github.com/TheHive-Project/TheHive/issues/670)
-- case metrics unordered in cases [\#419](https://github.com/TheHive-Project/TheHive/issues/419)
-- 3.1.0-RC1- Tasks list is limited to 10 items. [\#679](https://github.com/TheHive-Project/TheHive/issues/679)
-- WebUI inaccessible after upgrading to 3.1.0-0-RC1 \(elastic4play and Play exceptions\) [\#674](https://github.com/TheHive-Project/TheHive/issues/674)
-- play.crypto.secret is depecrated [\#671](https://github.com/TheHive-Project/TheHive/issues/671)
-- 'Tagged as' displayed in Related Cases even if cases are untagged [\#594](https://github.com/TheHive-Project/TheHive/issues/594)
-- Horizontal Scrolling and Word-Wrap options for Logs [\#573](https://github.com/TheHive-Project/TheHive/issues/573)
 - Dashboard visualizations do not work with custom fields [\#478](https://github.com/TheHive-Project/TheHive/issues/478)
+- Horizontal Scrolling and Word-Wrap options for Logs [\#573](https://github.com/TheHive-Project/TheHive/issues/573)
+- 'Tagged as' displayed in Related Cases even if cases are untagged [\#594](https://github.com/TheHive-Project/TheHive/issues/594)
+- play.crypto.secret is depecrated [\#671](https://github.com/TheHive-Project/TheHive/issues/671)
+- WebUI inaccessible after upgrading to 3.1.0-0-RC1 (elastic4play and Play exceptions) [\#674](https://github.com/TheHive-Project/TheHive/issues/674)
+- 3.1.0-RC1- Tasks list is limited to 10 items. [\#679](https://github.com/TheHive-Project/TheHive/issues/679)
 
-**Closed issues:**
-
-- ES Mapping bug [\#680](https://github.com/TheHive-Project/TheHive/issues/680)
-- ignore - delete me [\#675](https://github.com/TheHive-Project/TheHive/issues/675)
-- HTTPS not working with Keystore [\#669](https://github.com/TheHive-Project/TheHive/issues/669)
+## [3.1.0-RC1 (Cerana 1)](https://github.com/TheHive-Project/TheHive/milestone/7) (2018-08-20)
 
-**Merged pull requests:**
+**Implemented enhancements:**
 
-- Update Cortex reference.conf [\#668](https://github.com/TheHive-Project/TheHive/pull/668) ([ErnHem](https://github.com/ErnHem))
-- Fix some minor typos [\#658](https://github.com/TheHive-Project/TheHive/pull/658) ([srilumpa](https://github.com/srilumpa))
-- Move input group addons from right to left for better usage [\#672](https://github.com/TheHive-Project/TheHive/pull/672) ([srilumpa](https://github.com/srilumpa))
+- Ability to have nested tasks [\#148](https://github.com/TheHive-Project/TheHive/issues/148)
+- Output of analyzer as new observable [\#246](https://github.com/TheHive-Project/TheHive/issues/246)
+- Single-Sign On support [\#354](https://github.com/TheHive-Project/TheHive/issues/354)
+- MISP Sharing Improvements [\#366](https://github.com/TheHive-Project/TheHive/issues/366)
+- Make The Hive MISP integration sharing vs pull configurable [\#374](https://github.com/TheHive-Project/TheHive/issues/374)
+- StreamSrv: Unexpected message : StreamNotFound [\#414](https://github.com/TheHive-Project/TheHive/issues/414)
+- Assign Tasks to users from the Tasks tab [\#426](https://github.com/TheHive-Project/TheHive/issues/426)
+- Auto-refresh for Dashboards [\#476](https://github.com/TheHive-Project/TheHive/issues/476)
+- Handling malware as zip protected file [\#538](https://github.com/TheHive-Project/TheHive/issues/538)
+- Start Task  - Button [\#540](https://github.com/TheHive-Project/TheHive/issues/540)
+- Consider providing checksums for the release files [\#590](https://github.com/TheHive-Project/TheHive/issues/590)
+- Ability to execute active response on any element of TheHive [\#609](https://github.com/TheHive-Project/TheHive/issues/609)
+- Add PAP to case to indicate which kind of action is allowed [\#616](https://github.com/TheHive-Project/TheHive/issues/616)
+- New TheHive-Project repository [\#618](https://github.com/TheHive-Project/TheHive/issues/618)
+- Revamp the search section capabilities [\#620](https://github.com/TheHive-Project/TheHive/issues/620)
+- Check Cortex authentication in status page [\#625](https://github.com/TheHive-Project/TheHive/issues/625)
+- Custom fields in Alerts? [\#635](https://github.com/TheHive-Project/TheHive/issues/635)
+- Display drop-down for custom fields sorted alphabetically [\#653](https://github.com/TheHive-Project/TheHive/issues/653)
 
-## [3.1.0-RC1](https://github.com/TheHive-Project/TheHive/tree/3.1.0-RC1) (2018-07-31)
+**Closed issues:**
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.10...3.1.0-RC1)
+- Is X-Pack enabled TLS for elasticsearch supported? [\#611](https://github.com/TheHive-Project/TheHive/issues/611)
+- add double quotes in mini reports [\#634](https://github.com/TheHive-Project/TheHive/issues/634)
 
-**Implemented enhancements:**
+**Fixed bugs:**
 
-- Display drop-down for custom fields sorted alphabetically [\#653](https://github.com/TheHive-Project/TheHive/issues/653)
-- Custom fields in Alerts? [\#635](https://github.com/TheHive-Project/TheHive/issues/635)
-- Check Cortex authentication in status page [\#625](https://github.com/TheHive-Project/TheHive/issues/625)
-- Revamp the search section capabilities [\#620](https://github.com/TheHive-Project/TheHive/issues/620)
-- New TheHive-Project repository [\#618](https://github.com/TheHive-Project/TheHive/issues/618)
-- Add PAP to case to indicate which kind of action is allowed [\#616](https://github.com/TheHive-Project/TheHive/issues/616)
-- Ability to execute active response on any element of TheHive [\#609](https://github.com/TheHive-Project/TheHive/issues/609)
-- Consider providing checksums for the release files [\#590](https://github.com/TheHive-Project/TheHive/issues/590)
-- Start Task - Button [\#540](https://github.com/TheHive-Project/TheHive/issues/540)
-- Handling malware as zip protected file [\#538](https://github.com/TheHive-Project/TheHive/issues/538)
-- Auto-refresh for Dashboards [\#476](https://github.com/TheHive-Project/TheHive/issues/476)
-- Assign Tasks to users from the Tasks tab [\#426](https://github.com/TheHive-Project/TheHive/issues/426)
-- Make The Hive MISP integration sharing vs pull configurable [\#374](https://github.com/TheHive-Project/TheHive/issues/374)
-- MISP Sharing Improvements [\#366](https://github.com/TheHive-Project/TheHive/issues/366)
-- Output of analyzer as new observable [\#246](https://github.com/TheHive-Project/TheHive/issues/246)
-- Ability to have nested tasks [\#148](https://github.com/TheHive-Project/TheHive/issues/148)
-- Single-Sign On support [\#354](https://github.com/TheHive-Project/TheHive/issues/354)
-
-**Fixed bugs:**
-
-- Default value of custom fields are not saved [\#649](https://github.com/TheHive-Project/TheHive/issues/649)
-- Attachments with character "\#" in the filename are wrongly proceesed [\#645](https://github.com/TheHive-Project/TheHive/issues/645)
-- Session does not expire correctly [\#640](https://github.com/TheHive-Project/TheHive/issues/640)
-- Dashboards contain analyzer IDs instead of correct names [\#608](https://github.com/TheHive-Project/TheHive/issues/608)
-- Error with Single Sign-On on TheHive with X.509 Certificates [\#600](https://github.com/TheHive-Project/TheHive/issues/600)
-- Entity case XXXXXXXXXX not found - After deleting case [\#534](https://github.com/TheHive-Project/TheHive/issues/534)
-- Artifacts reports are not merged when merging cases [\#446](https://github.com/TheHive-Project/TheHive/issues/446)
-- If cortex modules fails in some way, it is permanently repolled by TheHive [\#324](https://github.com/TheHive-Project/TheHive/issues/324)
 - Previewing alerts fails with "too many substreams open" due to case similarity process [\#280](https://github.com/TheHive-Project/TheHive/issues/280)
+- File upload when /tmp is full [\#321](https://github.com/TheHive-Project/TheHive/issues/321)
+- If cortex modules fails in some way, it is permanently repolled by TheHive [\#324](https://github.com/TheHive-Project/TheHive/issues/324)
+- Artifacts reports are not merged when merging cases [\#446](https://github.com/TheHive-Project/TheHive/issues/446)
+- Error with Single Sign-On on TheHive with X.509 Certificates [\#600](https://github.com/TheHive-Project/TheHive/issues/600)
+- Dashboards contain analyzer IDs instead of correct names [\#608](https://github.com/TheHive-Project/TheHive/issues/608)
+- Session does not expire correctly [\#640](https://github.com/TheHive-Project/TheHive/issues/640)
+- Attachments with character "#" in the filename are wrongly proceesed [\#645](https://github.com/TheHive-Project/TheHive/issues/645)
+- Default value of custom fields are not saved [\#649](https://github.com/TheHive-Project/TheHive/issues/649)
 
-**Closed issues:**
-
-- add double quotes in mini reports [\#634](https://github.com/TheHive-Project/TheHive/issues/634)
-
-**Merged pull requests:**
-
-- fix bug in AlertListCtrl [\#642](https://github.com/TheHive-Project/TheHive/pull/642) ([billmurrin](https://github.com/billmurrin))
-- flag for Windows env [\#641](https://github.com/TheHive-Project/TheHive/pull/641) ([billmurrin](https://github.com/billmurrin))
-- 426 - assign tasks to users from tasks tab [\#628](https://github.com/TheHive-Project/TheHive/pull/628) ([billmurrin](https://github.com/billmurrin))
-- Fix installation links [\#603](https://github.com/TheHive-Project/TheHive/pull/603) ([Viltaria](https://github.com/Viltaria))
-
-## [3.0.10](https://github.com/TheHive-Project/TheHive/tree/3.0.10) (2018-05-29)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.9...3.0.10)
+## [3.0.10](https://github.com/TheHive-Project/TheHive/milestone/33) (2018-06-09)
 
 **Implemented enhancements:**
 
-- Rotate logs [\#579](https://github.com/TheHive-Project/TheHive/issues/579)
-- Send caseId to Cortex analyzer [\#564](https://github.com/TheHive-Project/TheHive/issues/564)
-- Poll for connectors status and display [\#563](https://github.com/TheHive-Project/TheHive/issues/563)
-- Sort related cases by related artifacts amount [\#548](https://github.com/TheHive-Project/TheHive/issues/548)
 - Time Calculation for individual tasks [\#546](https://github.com/TheHive-Project/TheHive/issues/546)
+- Sort related cases by related artifacts amount [\#548](https://github.com/TheHive-Project/TheHive/issues/548)
+- Poll for connectors status and display  [\#563](https://github.com/TheHive-Project/TheHive/issues/563)
+- Send caseId to Cortex analyzer [\#564](https://github.com/TheHive-Project/TheHive/issues/564)
+- Rotate logs [\#579](https://github.com/TheHive-Project/TheHive/issues/579)
 
 **Fixed bugs:**
 
-- Wrong error message when creating a observable with invalid data [\#592](https://github.com/TheHive-Project/TheHive/issues/592)
-- Analyzer name not reflected in modal view of mini-reports [\#586](https://github.com/TheHive-Project/TheHive/issues/586)
-- Invalid searches lead to read error messages [\#584](https://github.com/TheHive-Project/TheHive/issues/584)
-- Merge case by ID brings red error message if not a number in textfield [\#583](https://github.com/TheHive-Project/TheHive/issues/583)
-- Open cases not listed after deletion of merged case in UI [\#557](https://github.com/TheHive-Project/TheHive/issues/557)
-- Making dashboards private makes them "invisible" [\#555](https://github.com/TheHive-Project/TheHive/issues/555)
+- Short Report is not shown on observables (3.0.8) [\#512](https://github.com/TheHive-Project/TheHive/issues/512)
 - MISP Synchronisation error [\#522](https://github.com/TheHive-Project/TheHive/issues/522)
-- Short Report is not shown on observables \(3.0.8\) [\#512](https://github.com/TheHive-Project/TheHive/issues/512)
-
-**Closed issues:**
+- Making dashboards private makes them "invisible" [\#555](https://github.com/TheHive-Project/TheHive/issues/555)
+- Open cases not listed after deletion of merged case in UI [\#557](https://github.com/TheHive-Project/TheHive/issues/557)
+- Merge case by ID brings red error message if not a number in textfield [\#583](https://github.com/TheHive-Project/TheHive/issues/583)
+- Invalid searches lead to read error messages [\#584](https://github.com/TheHive-Project/TheHive/issues/584)
+- Analyzer name not reflected in modal view of mini-reports [\#586](https://github.com/TheHive-Project/TheHive/issues/586)
+- Wrong error message when creating a observable with invalid data [\#592](https://github.com/TheHive-Project/TheHive/issues/592)
 
-- Max Age Filter Not Working? [\#577](https://github.com/TheHive-Project/TheHive/issues/577)
-- Support X-Pack authentication/encryption for elastic [\#570](https://github.com/TheHive-Project/TheHive/issues/570)
-- Order the cases list by custom field \[Feature Request\] [\#567](https://github.com/TheHive-Project/TheHive/issues/567)
-- Using Postman to test the API, getting "No CSRF token found in headers" [\#549](https://github.com/TheHive-Project/TheHive/issues/549)
+## [3.0.9](https://github.com/TheHive-Project/TheHive/milestone/32) (2018-04-13)
 
-## [3.0.9](https://github.com/TheHive-Project/TheHive/tree/3.0.9) (2018-04-13)
+**Closed issues:**
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.8...3.0.9)
+- Dropdown menu for case templates doesnt have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
 
 **Fixed bugs:**
 
-- Cortex connection can fail without any error log [\#543](https://github.com/TheHive-Project/TheHive/issues/543)
-- PhishTank Cortex Tag is transparent [\#535](https://github.com/TheHive-Project/TheHive/issues/535)
-- Naming inconsistencies in Live-Channel [\#531](https://github.com/TheHive-Project/TheHive/issues/531)
-- Error when trying to analyze a filename with the Hybrid Analysis analyzer [\#530](https://github.com/TheHive-Project/TheHive/issues/530)
-- Long Report isn't shown [\#527](https://github.com/TheHive-Project/TheHive/issues/527)
-- Artifacts' sighted flags are not merged when merging cases [\#518](https://github.com/TheHive-Project/TheHive/issues/518)
 - TheHive MISP cert validation, the trustAnchors parameter must be non-empty [\#452](https://github.com/TheHive-Project/TheHive/issues/452)
+- Artifacts' sighted flags are not merged when merging cases [\#518](https://github.com/TheHive-Project/TheHive/issues/518)
+- Long Report isn't shown [\#527](https://github.com/TheHive-Project/TheHive/issues/527)
+- Error when trying to analyze a filename with the Hybrid Analysis analyzer [\#530](https://github.com/TheHive-Project/TheHive/issues/530)
+- Naming inconsistencies in Live-Channel [\#531](https://github.com/TheHive-Project/TheHive/issues/531)
+- PhishTank Cortex Tag is transparent [\#535](https://github.com/TheHive-Project/TheHive/issues/535)
+- Cortex connection can fail without any error log [\#543](https://github.com/TheHive-Project/TheHive/issues/543)
 
-**Closed issues:**
-
-- The Hive - MISP SSL configuration: General SSLEngine problem [\#544](https://github.com/TheHive-Project/TheHive/issues/544)
-- Dropdown menu for case templates doesn't have scroll [\#541](https://github.com/TheHive-Project/TheHive/issues/541)
-
-**Merged pull requests:**
-
-- Update spacing for elasticsearch section in docker-compose yml file [\#539](https://github.com/TheHive-Project/TheHive/pull/539) ([jbarlow-mcafee](https://github.com/jbarlow-mcafee))
-
-## [3.0.8](https://github.com/TheHive-Project/TheHive/tree/3.0.8) (2018-04-04)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.7...3.0.8)
+## [3.0.8](https://github.com/TheHive-Project/TheHive/milestone/31) (2018-04-04)
 
 **Fixed bugs:**
 
-- Mini reports is not shown when Cortex 2 is used [\#526](https://github.com/TheHive-Project/TheHive/issues/526)
-- Session collision when TheHive & Cortex 2 share the same URL [\#525](https://github.com/TheHive-Project/TheHive/issues/525)
-- "Run all" in single observable context does not work [\#524](https://github.com/TheHive-Project/TheHive/issues/524)
-- Error on displaying analyzers name in report template admin page [\#523](https://github.com/TheHive-Project/TheHive/issues/523)
 - Job Analyzer is no longer named in 3.0.7 with Cortex2 [\#521](https://github.com/TheHive-Project/TheHive/issues/521)
+- Error on displaying analyzers name in report template admin page [\#523](https://github.com/TheHive-Project/TheHive/issues/523)
+- "Run all" in single observable context does not work [\#524](https://github.com/TheHive-Project/TheHive/issues/524)
+- Session collision when TheHive & Cortex 2 share the same URL [\#525](https://github.com/TheHive-Project/TheHive/issues/525)
+- Mini reports is not shown when Cortex 2 is used [\#526](https://github.com/TheHive-Project/TheHive/issues/526)
 
-**Merged pull requests:**
-
-- Add ElasticSearch file descriptor limit to docker-compose.yml [\#505](https://github.com/TheHive-Project/TheHive/pull/505) ([flmsc](https://github.com/flmsc))
-
-## [3.0.7](https://github.com/TheHive-Project/TheHive/tree/3.0.7) (2018-04-03)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.6...3.0.7)
+## [3.0.7](https://github.com/TheHive-Project/TheHive/milestone/30) (2018-03-29)
 
 **Implemented enhancements:**
 
@@ -506,12 +407,10 @@
 
 **Fixed bugs:**
 
-- Display only cortex servers available for each analyzer, in observable details page [\#513](https://github.com/TheHive-Project/TheHive/issues/513)
 - Can't save case template in 3.0.6 [\#502](https://github.com/TheHive-Project/TheHive/issues/502)
+- Display only cortex servers available for each analyzer, in observable details page [\#513](https://github.com/TheHive-Project/TheHive/issues/513)
 
-## [3.0.6](https://github.com/TheHive-Project/TheHive/tree/3.0.6) (2018-03-08)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.5...3.0.6)
+## [3.0.6](https://github.com/TheHive-Project/TheHive/milestone/29) (2018-03-02)
 
 **Implemented enhancements:**
 
@@ -521,460 +420,386 @@
 
 - Tasks are stripped when merging cases [\#489](https://github.com/TheHive-Project/TheHive/issues/489)
 
-## [3.0.5](https://github.com/TheHive-Project/TheHive/tree/3.0.5) (2018-02-08)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.4...3.0.5)
+## [3.0.5](https://github.com/TheHive-Project/TheHive/milestone/28) (2018-02-08)
 
 **Fixed bugs:**
 
-- No reports available for "domain" type [\#469](https://github.com/TheHive-Project/TheHive/issues/469)
 - Importing Template Button Non-Functional [\#404](https://github.com/TheHive-Project/TheHive/issues/404)
+- No reports available for "domain" type [\#469](https://github.com/TheHive-Project/TheHive/issues/469)
 
-## [3.0.4](https://github.com/TheHive-Project/TheHive/tree/3.0.4) (2018-02-06)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.3...3.0.4)
+## [3.0.4](https://github.com/TheHive-Project/TheHive/milestone/27) (2018-02-08)
 
 **Implemented enhancements:**
 
-- Make alerts searchable through the global search field [\#456](https://github.com/TheHive-Project/TheHive/issues/456)
-- Make counts on Counter dashboard's widget clickable [\#455](https://github.com/TheHive-Project/TheHive/issues/455)
-- MISP feeds cause the growing of ES audit docs [\#450](https://github.com/TheHive-Project/TheHive/issues/450)
-- Case metrics sort [\#418](https://github.com/TheHive-Project/TheHive/issues/418)
 - Filter MISP Events Using MISP Tags & More Before Creating Alerts [\#370](https://github.com/TheHive-Project/TheHive/issues/370)
-- OAuth2 single sign-on implementation \(BE + FE\) [\#430](https://github.com/TheHive-Project/TheHive/pull/430) ([saibot94](https://github.com/saibot94))
+- Case metrics sort  [\#418](https://github.com/TheHive-Project/TheHive/issues/418)
+- MISP feeds cause the growing of ES audit docs [\#450](https://github.com/TheHive-Project/TheHive/issues/450)
+- Make counts on Counter dashboard's widget clickable [\#455](https://github.com/TheHive-Project/TheHive/issues/455)
+- Make alerts searchable through the global search field [\#456](https://github.com/TheHive-Project/TheHive/issues/456)
+
+**Closed issues:**
+
+- Add query capability to visualization elements [\#395](https://github.com/TheHive-Project/TheHive/issues/395)
 
 **Fixed bugs:**
 
-- Remove uppercase filter on template name [\#464](https://github.com/TheHive-Project/TheHive/issues/464)
-- Fix the alert bulk update timeline message [\#463](https://github.com/TheHive-Project/TheHive/issues/463)
-- "too many substreams open" on alerts [\#462](https://github.com/TheHive-Project/TheHive/issues/462)
-- Fix MISP export error dialog column's wrap [\#460](https://github.com/TheHive-Project/TheHive/issues/460)
-- More than 20 users prevents assignment in tasks [\#459](https://github.com/TheHive-Project/TheHive/issues/459)
-- Type is not used when generating alert id [\#457](https://github.com/TheHive-Project/TheHive/issues/457)
-- Fix link to default report templates [\#454](https://github.com/TheHive-Project/TheHive/issues/454)
-- Make dashboard donuts clickable [\#453](https://github.com/TheHive-Project/TheHive/issues/453)
-- Refresh custom fields on open cases by background changes [\#440](https://github.com/TheHive-Project/TheHive/issues/440)
-- Bug: Case metrics not shown when creating case from template [\#417](https://github.com/TheHive-Project/TheHive/issues/417)
 - Observable report taxonomies bug [\#409](https://github.com/TheHive-Project/TheHive/issues/409)
+- Bug: Case metrics not shown when creating case from template [\#417](https://github.com/TheHive-Project/TheHive/issues/417)
+- Refresh custom fields on open cases by background changes [\#440](https://github.com/TheHive-Project/TheHive/issues/440)
+- Make dashboard donuts clickable [\#453](https://github.com/TheHive-Project/TheHive/issues/453)
+- Fix link to default report templates [\#454](https://github.com/TheHive-Project/TheHive/issues/454)
+- Type is not used when generating alert id [\#457](https://github.com/TheHive-Project/TheHive/issues/457)
+- More than 20 users prevents assignment in tasks [\#459](https://github.com/TheHive-Project/TheHive/issues/459)
+- Fix MISP export error dialog column's wrap [\#460](https://github.com/TheHive-Project/TheHive/issues/460)
+- "too many substreams open" on alerts [\#462](https://github.com/TheHive-Project/TheHive/issues/462)
+- Fix the alert bulk update timeline message [\#463](https://github.com/TheHive-Project/TheHive/issues/463)
+- Remove uppercase filter on template name [\#464](https://github.com/TheHive-Project/TheHive/issues/464)
 
-**Closed issues:**
-
-- GET request with Content-Type ends up in HTTP 400 [\#438](https://github.com/TheHive-Project/TheHive/issues/438)
-- Feature Request: Ability to bulk upload files as observables. [\#435](https://github.com/TheHive-Project/TheHive/issues/435)
-- Add metadata to MISP event when exporting case from TheHive [\#433](https://github.com/TheHive-Project/TheHive/issues/433)
-- How to limit by date amount of events pulled from MISP initially? [\#432](https://github.com/TheHive-Project/TheHive/issues/432)
+## [2.13.3](https://github.com/TheHive-Project/TheHive/milestone/26) (2018-01-19)
 
-## [3.0.3](https://github.com/TheHive-Project/TheHive/tree/3.0.3) (2018-01-10)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.2...3.0.3)
 
-**Fixed bugs:**
+## [3.0.3](https://github.com/TheHive-Project/TheHive/milestone/25) (2018-01-04)
 
-- THP-SEC-ADV-2017-001: Privilege Escalation in all Versions of TheHive [\#408](https://github.com/TheHive-Project/TheHive/issues/408)
 
-## [3.0.2](https://github.com/TheHive-Project/TheHive/tree/3.0.2) (2017-12-20)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.1...3.0.2)
+## [3.0.2](https://github.com/TheHive-Project/TheHive/milestone/24) (2018-01-04)
 
 **Implemented enhancements:**
 
-- Add multiline/multi entity graph to dashboards [\#399](https://github.com/TheHive-Project/TheHive/issues/399)
 - Can not configure ElasticSearch authentication [\#384](https://github.com/TheHive-Project/TheHive/issues/384)
+- Add multiline/multi entity graph to dashboards [\#399](https://github.com/TheHive-Project/TheHive/issues/399)
 
 **Fixed bugs:**
 
 - "Mark as Sighted" Option not available for "File" observable type [\#400](https://github.com/TheHive-Project/TheHive/issues/400)
 
-## [3.0.1](https://github.com/TheHive-Project/TheHive/tree/3.0.1) (2017-12-07)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/3.0.0...3.0.1)
+## [3.0.1](https://github.com/TheHive-Project/TheHive/milestone/23) (2017-12-13)
 
 **Fixed bugs:**
 
-- MISP Event Export Error [\#387](https://github.com/TheHive-Project/TheHive/issues/387)
-- During migration, dashboards are not created [\#386](https://github.com/TheHive-Project/TheHive/issues/386)
 - Error when configuring multiple ElasticSearch nodes [\#383](https://github.com/TheHive-Project/TheHive/issues/383)
+- During migration, dashboards are not created [\#386](https://github.com/TheHive-Project/TheHive/issues/386)
+- MISP Event Export Error [\#387](https://github.com/TheHive-Project/TheHive/issues/387)
 
-## [3.0.0](https://github.com/TheHive-Project/TheHive/tree/3.0.0) (2017-12-05)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.13.2...3.0.0)
+## [3.0.0 (Cerana)](https://github.com/TheHive-Project/TheHive/milestone/6) (2017-12-06)
 
 **Implemented enhancements:**
 
-- Assign default values to case templates' custom fields [\#375](https://github.com/TheHive-Project/TheHive/issues/375)
-- Add the Ability to Import and Export Case Templates [\#369](https://github.com/TheHive-Project/TheHive/issues/369)
-- Add a sighted flag for IOCs [\#365](https://github.com/TheHive-Project/TheHive/issues/365)
-- Alert id should not be used to build case title when using case templates [\#364](https://github.com/TheHive-Project/TheHive/issues/364)
-- Set task assignee in case template [\#362](https://github.com/TheHive-Project/TheHive/issues/362)
-- Add Autonomous Systems to the Default Datatype List [\#359](https://github.com/TheHive-Project/TheHive/issues/359)
-- Display more than 10 users per page and sort them by alphanumerical order [\#346](https://github.com/TheHive-Project/TheHive/issues/346)
-- \[Minor\] Add user dialog title issue [\#345](https://github.com/TheHive-Project/TheHive/issues/345)
-- Deleted cases showing in statistics [\#317](https://github.com/TheHive-Project/TheHive/issues/317)
-- Dynamic dashboard [\#312](https://github.com/TheHive-Project/TheHive/issues/312)
-- Add health check in status API [\#306](https://github.com/TheHive-Project/TheHive/issues/306)
-- Alerts in Statistics [\#274](https://github.com/TheHive-Project/TheHive/issues/274)
-- Statistics: Observables and IOC over time [\#215](https://github.com/TheHive-Project/TheHive/issues/215)
-- Export Statistics/Metrics [\#197](https://github.com/TheHive-Project/TheHive/issues/197)
-- Msg_Parser analyser show for all files [\#184](https://github.com/TheHive-Project/TheHive/issues/184)
-- Assign default metric values [\#176](https://github.com/TheHive-Project/TheHive/issues/176)
-- Display Cortex Version, Instance Name, Status and Available Analyzers [\#130](https://github.com/TheHive-Project/TheHive/issues/130)
 - Feature Request: Webhooks [\#20](https://github.com/TheHive-Project/TheHive/issues/20)
-- Remove the From prefix and template suffix around a template name in the New Case menu [\#348](https://github.com/TheHive-Project/TheHive/issues/348)
-- Keep the alert date when creating a case from it [\#320](https://github.com/TheHive-Project/TheHive/issues/320)
-- Export to MISP: add TLP [\#314](https://github.com/TheHive-Project/TheHive/issues/314)
+- Display Cortex Version, Instance Name, Status and Available Analyzers [\#130](https://github.com/TheHive-Project/TheHive/issues/130)
 - Show already known observables in Import MISP Events preview window [\#137](https://github.com/TheHive-Project/TheHive/issues/137)
-
-**Fixed bugs:**
-
-- The misp \> instance name \> tags parameter is not honored when importing MISP events [\#373](https://github.com/TheHive-Project/TheHive/issues/373)
-- \[Bug\] Merging an alert into case with duplicate artifacts does not merge descriptions [\#357](https://github.com/TheHive-Project/TheHive/issues/357)
-- Share a case if MISP is not enabled raise an error [\#349](https://github.com/TheHive-Project/TheHive/issues/349)
-- Validate alert's TLP and severity attributes values [\#326](https://github.com/TheHive-Project/TheHive/issues/326)
-- Merge of cases overrides task log owners [\#303](https://github.com/TheHive-Project/TheHive/issues/303)
+- Assign default metric values [\#176](https://github.com/TheHive-Project/TheHive/issues/176)
+- Export Statistics/Metrics [\#197](https://github.com/TheHive-Project/TheHive/issues/197)
+- Statistics: Observables and IOC over time [\#215](https://github.com/TheHive-Project/TheHive/issues/215)
+- Templates can not be cloned [\#226](https://github.com/TheHive-Project/TheHive/issues/226)
+- Alerts in Statistics [\#274](https://github.com/TheHive-Project/TheHive/issues/274)
+- Statistics - Saved Filters [\#279](https://github.com/TheHive-Project/TheHive/issues/279)
+- Add health check in status API [\#306](https://github.com/TheHive-Project/TheHive/issues/306)
+- Export and Import Case Templates [\#310](https://github.com/TheHive-Project/TheHive/issues/310)
+- Dynamic dashboard [\#312](https://github.com/TheHive-Project/TheHive/issues/312)
+- Export to MISP: add TLP [\#314](https://github.com/TheHive-Project/TheHive/issues/314)
+- Deleted cases showing in statistics [\#317](https://github.com/TheHive-Project/TheHive/issues/317)
+- Keep the alert date when creating a case from it [\#320](https://github.com/TheHive-Project/TheHive/issues/320)
+- [Minor] Add user dialog title issue [\#345](https://github.com/TheHive-Project/TheHive/issues/345)
+- Display more than 10 users per page and sort them by alphanumerical order [\#346](https://github.com/TheHive-Project/TheHive/issues/346)
+- Remove the From prefix and template suffix around a template name in the New Case menu [\#348](https://github.com/TheHive-Project/TheHive/issues/348)
+- Add Autonomous Systems to the Default Datatype List [\#359](https://github.com/TheHive-Project/TheHive/issues/359)
+- Set task assignee in case template [\#362](https://github.com/TheHive-Project/TheHive/issues/362)
+- Alert id should not be used to build case title when using case templates [\#364](https://github.com/TheHive-Project/TheHive/issues/364)
+- Add a sighted flag for IOCs [\#365](https://github.com/TheHive-Project/TheHive/issues/365)
+- Add the Ability to Import and Export Case Templates [\#369](https://github.com/TheHive-Project/TheHive/issues/369)
+- Assign default values to case templates' custom fields [\#375](https://github.com/TheHive-Project/TheHive/issues/375)
 
 **Closed issues:**
 
-- MISP Connection Error with Cortex/HIVE [\#371](https://github.com/TheHive-Project/TheHive/issues/371)
 - Single Sign-On with X.509 certificates [\#297](https://github.com/TheHive-Project/TheHive/issues/297)
 - Remove the deprecated "user" property [\#316](https://github.com/TheHive-Project/TheHive/issues/316)
-- Run observable analyzers through API [\#308](https://github.com/TheHive-Project/TheHive/issues/308)
+- caseTemplate should be kept when creating a case from a template [\#325](https://github.com/TheHive-Project/TheHive/issues/325)
 
-**Merged pull requests:**
-
-- typos and improvements to text [\#355](https://github.com/TheHive-Project/TheHive/pull/355) ([steoleary](https://github.com/steoleary))
-- Correct typo [\#353](https://github.com/TheHive-Project/TheHive/pull/353) ([arnydo](https://github.com/arnydo))
+**Fixed bugs:**
 
-## [2.13.2](https://github.com/TheHive-Project/TheHive/tree/2.13.2) (2017-10-24)
+- Merge of cases overrides task log owners [\#303](https://github.com/TheHive-Project/TheHive/issues/303)
+- Validate alert's TLP and severity attributes values [\#326](https://github.com/TheHive-Project/TheHive/issues/326)
+- Share a case if MISP is not enabled raise an error [\#349](https://github.com/TheHive-Project/TheHive/issues/349)
+- [Bug] Merging an alert into case with duplicate artifacts does not merge descriptions [\#357](https://github.com/TheHive-Project/TheHive/issues/357)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.13.1...2.13.2)
+## [2.13.2](https://github.com/TheHive-Project/TheHive/milestone/22) (2017-11-08)
 
 **Fixed bugs:**
 
-- Security issue on Play 2.6.5 [\#356](https://github.com/TheHive-Project/TheHive/issues/356)
-- Incorrect stats: non-IOC observables counted as IOC and IOC word displayed twice [\#347](https://github.com/TheHive-Project/TheHive/issues/347)
-- Deleted Observables, Show up on the statistics tab under Observables by Type [\#343](https://github.com/TheHive-Project/TheHive/issues/343)
-- Statistics on metrics doesn't work [\#342](https://github.com/TheHive-Project/TheHive/issues/342)
 - Error on custom fields format when merging cases [\#331](https://github.com/TheHive-Project/TheHive/issues/331)
+- Statistics on metrics doesn't work [\#342](https://github.com/TheHive-Project/TheHive/issues/342)
+- Deleted Observables, Show up on the statistics tab under Observables by Type [\#343](https://github.com/TheHive-Project/TheHive/issues/343)
+- Incorrect stats: non-IOC observables counted as IOC and IOC word displayed twice [\#347](https://github.com/TheHive-Project/TheHive/issues/347)
+- Security issue on Play 2.6.5 [\#356](https://github.com/TheHive-Project/TheHive/issues/356)
 
-## [2.13.1](https://github.com/TheHive-Project/TheHive/tree/2.13.1) (2017-09-18)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.13.0...2.13.1)
+## [2.13.1](https://github.com/TheHive-Project/TheHive/milestone/21) (2017-09-18)
 
 **Fixed bugs:**
 
-- Tasks Tab Elasticsearch exception: Fielddata is disabled on text fields by default. Set fielddata=true on \[title\] [\#311](https://github.com/TheHive-Project/TheHive/issues/311)
-
-## [2.13.0](https://github.com/TheHive-Project/TheHive/tree/2.13.0) (2017-09-15)
+- Tasks Tab Elasticsearch exception: Fielddata is disabled on text fields by default. Set fielddata=true on [title] [\#311](https://github.com/TheHive-Project/TheHive/issues/311)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.12.1...2.13.0)
+## [2.13.0](https://github.com/TheHive-Project/TheHive/milestone/13) (2017-09-15)
 
 **Implemented enhancements:**
 
-- Group ownership in Docker image prevents running on OpenShift [\#307](https://github.com/TheHive-Project/TheHive/issues/307)
-- Improve the content of alert flow items [\#304](https://github.com/TheHive-Project/TheHive/issues/304)
-- Add a basic support for webhooks [\#293](https://github.com/TheHive-Project/TheHive/issues/293)
-- Add basic authentication to Stream API [\#291](https://github.com/TheHive-Project/TheHive/issues/291)
-- Add Support for Play 2.6.x and Elasticsearch 5.x [\#275](https://github.com/TheHive-Project/TheHive/issues/275)
-- Fine grained user permissions for API access [\#263](https://github.com/TheHive-Project/TheHive/issues/263)
-- Alert Pane: Catch Incorrect Keywords [\#241](https://github.com/TheHive-Project/TheHive/issues/241)
-- Specify multiple AD servers in TheHive configuration [\#231](https://github.com/TheHive-Project/TheHive/issues/231)
 - Export cases in MISP events [\#52](https://github.com/TheHive-Project/TheHive/issues/52)
-
-**Fixed bugs:**
-
-- Download attachment with non-latin filename [\#302](https://github.com/TheHive-Project/TheHive/issues/302)
-- Undefined threat level from MISP events becomes severity "4" [\#300](https://github.com/TheHive-Project/TheHive/issues/300)
-- File name is not displayed in observable conflict dialog [\#295](https://github.com/TheHive-Project/TheHive/issues/295)
-- A colon punctuation mark in a search query results in 500 [\#285](https://github.com/TheHive-Project/TheHive/issues/285)
+- Specify multiple AD servers in TheHive configuration [\#231](https://github.com/TheHive-Project/TheHive/issues/231)
+- Alert Pane: Catch Incorrect Keywords [\#241](https://github.com/TheHive-Project/TheHive/issues/241)
+- Fine grained user permissions for API access [\#263](https://github.com/TheHive-Project/TheHive/issues/263)
+- Add Support for Play 2.6.x and Elasticsearch 5.x [\#275](https://github.com/TheHive-Project/TheHive/issues/275)
+- Add basic authentication to Stream API [\#291](https://github.com/TheHive-Project/TheHive/issues/291)
+- Add a basic support for webhooks [\#293](https://github.com/TheHive-Project/TheHive/issues/293)
+- Improve the content of alert flow items [\#304](https://github.com/TheHive-Project/TheHive/issues/304)
+- Group ownership in Docker image prevents running on OpenShift [\#307](https://github.com/TheHive-Project/TheHive/issues/307)
 
 **Closed issues:**
 
+- Elasticsearch 5.x roadmap? [\#82](https://github.com/TheHive-Project/TheHive/issues/82)
 - Threat level/severity code inverted between The Hive and MISP [\#292](https://github.com/TheHive-Project/TheHive/issues/292)
 
-## [2.12.1](https://github.com/TheHive-Project/TheHive/tree/2.12.1) (2017-08-01)
+**Fixed bugs:**
+
+- A colon punctuation mark in a search query results in 500 [\#285](https://github.com/TheHive-Project/TheHive/issues/285)
+- File name is not displayed in observable conflict dialog [\#295](https://github.com/TheHive-Project/TheHive/issues/295)
+- Undefined threat level from MISP events becomes severity "4" [\#300](https://github.com/TheHive-Project/TheHive/issues/300)
+- Download attachment with non-latin filename [\#302](https://github.com/TheHive-Project/TheHive/issues/302)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.12.0...2.12.1)
+## [2.12.1](https://github.com/TheHive-Project/TheHive/milestone/15) (2017-08-24)
 
 **Implemented enhancements:**
 
-- Fix warnings in debian package [\#267](https://github.com/TheHive-Project/TheHive/issues/267)
 - Merging alert into existing case does not merge alert description into case description [\#255](https://github.com/TheHive-Project/TheHive/issues/255)
+- Fix warnings in debian package [\#267](https://github.com/TheHive-Project/TheHive/issues/267)
 
 **Fixed bugs:**
 
-- Cortex Connector Not Found [\#256](https://github.com/TheHive-Project/TheHive/issues/256)
-- Case similarity reports merged cases [\#272](https://github.com/TheHive-Project/TheHive/issues/272)
-- Closing a case with an open task does not dismiss task in "My tasks" [\#269](https://github.com/TheHive-Project/TheHive/issues/269)
-- API: cannot create alert if one alert artifact contains the IOC field set [\#268](https://github.com/TheHive-Project/TheHive/issues/268)
-- Can't get logs of a task via API [\#259](https://github.com/TheHive-Project/TheHive/issues/259)
-- Add multiple attachments in a single task log doesn't work [\#257](https://github.com/TheHive-Project/TheHive/issues/257)
-- TheHive doesn't send the file name to Cortex [\#254](https://github.com/TheHive-Project/TheHive/issues/254)
 - Renaming of users does not work [\#249](https://github.com/TheHive-Project/TheHive/issues/249)
+- TheHive doesn't send the file name to Cortex [\#254](https://github.com/TheHive-Project/TheHive/issues/254)
+- Add multiple attachments in a single task log doesn't work [\#257](https://github.com/TheHive-Project/TheHive/issues/257)
+- Can't get logs of a task via API [\#259](https://github.com/TheHive-Project/TheHive/issues/259)
+- API: cannot create alert if one alert artifact contains the IOC field set [\#268](https://github.com/TheHive-Project/TheHive/issues/268)
+- Closing a case with an open task does not dismiss task in "My tasks" [\#269](https://github.com/TheHive-Project/TheHive/issues/269)
+- Case similarity reports merged cases [\#272](https://github.com/TheHive-Project/TheHive/issues/272)
 
-## [2.12.0](https://github.com/TheHive-Project/TheHive/tree/2.12.0) (2017-07-04)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.11.3...2.12.0)
+## [2.12.0](https://github.com/TheHive-Project/TheHive/milestone/11) (2017-07-06)
 
 **Implemented enhancements:**
 
-- Use local font files [\#250](https://github.com/TheHive-Project/TheHive/issues/250)
-- Sort the analyzers list in observable details page [\#245](https://github.com/TheHive-Project/TheHive/issues/245)
-- More options to sort cases [\#243](https://github.com/TheHive-Project/TheHive/issues/243)
-- Alert Preview and management improvements [\#232](https://github.com/TheHive-Project/TheHive/issues/232)
-- Show case status and category \(FP, TP, IND\) in related cases [\#229](https://github.com/TheHive-Project/TheHive/issues/229)
-- Open External Links in New Tab [\#228](https://github.com/TheHive-Project/TheHive/issues/228)
-- Observable analyzers view reports. [\#191](https://github.com/TheHive-Project/TheHive/issues/191)
-- Specifying tags on statistics page or performing a search [\#186](https://github.com/TheHive-Project/TheHive/issues/186)
-- Choose case template while importing events from MISP [\#175](https://github.com/TheHive-Project/TheHive/issues/175)
-- Ability to Reopen Tasks [\#156](https://github.com/TheHive-Project/TheHive/issues/156)
-- Display short reports on the Observables tab [\#131](https://github.com/TheHive-Project/TheHive/issues/131)
 - Custom fields for case template [\#12](https://github.com/TheHive-Project/TheHive/issues/12)
+- Display short reports on the Observables tab [\#131](https://github.com/TheHive-Project/TheHive/issues/131)
+- Ability to Reopen Tasks [\#156](https://github.com/TheHive-Project/TheHive/issues/156)
+- Choose case template while importing events from MISP [\#175](https://github.com/TheHive-Project/TheHive/issues/175)
+- Specifying tags on statistics page or performing a search [\#186](https://github.com/TheHive-Project/TheHive/issues/186)
+- Observable analyzers view reports. [\#191](https://github.com/TheHive-Project/TheHive/issues/191)
+- Open External Links in New Tab [\#228](https://github.com/TheHive-Project/TheHive/issues/228)
+- Show case status and category (FP, TP, IND) in related cases  [\#229](https://github.com/TheHive-Project/TheHive/issues/229)
+- Alert Preview and management improvements [\#232](https://github.com/TheHive-Project/TheHive/issues/232)
+- More options to sort cases [\#243](https://github.com/TheHive-Project/TheHive/issues/243)
+- Sort the analyzers list in observable details page [\#245](https://github.com/TheHive-Project/TheHive/issues/245)
+- Use local font files [\#250](https://github.com/TheHive-Project/TheHive/issues/250)
 
 **Fixed bugs:**
 
-- A locked user can use the API to create / delete / list cases \(and more\) [\#251](https://github.com/TheHive-Project/TheHive/issues/251)
-- Fix case metrics malformed definitions [\#248](https://github.com/TheHive-Project/TheHive/issues/248)
-- Sorting alerts by severity fails [\#242](https://github.com/TheHive-Project/TheHive/issues/242)
-- Alerting Panel: Typo Correction [\#240](https://github.com/TheHive-Project/TheHive/issues/240)
-- files in alerts are limited to 32kB [\#237](https://github.com/TheHive-Project/TheHive/issues/237)
-- Alert can contain inconsistent data [\#234](https://github.com/TheHive-Project/TheHive/issues/234)
-- Search do not work with non-latin characters [\#223](https://github.com/TheHive-Project/TheHive/issues/223)
 - report status not updated after finish [\#212](https://github.com/TheHive-Project/TheHive/issues/212)
+- Search do not work with non-latin characters [\#223](https://github.com/TheHive-Project/TheHive/issues/223)
+- Alert can contain inconsistent data [\#234](https://github.com/TheHive-Project/TheHive/issues/234)
+- files in alerts are limited to 32kB [\#237](https://github.com/TheHive-Project/TheHive/issues/237)
+- Alerting Panel: Typo Correction [\#240](https://github.com/TheHive-Project/TheHive/issues/240)
+- Sorting alerts by severity fails [\#242](https://github.com/TheHive-Project/TheHive/issues/242)
+- Fix case metrics malformed definitions [\#248](https://github.com/TheHive-Project/TheHive/issues/248)
+- A locked user can use the API to create / delete / list cases (and more) [\#251](https://github.com/TheHive-Project/TheHive/issues/251)
 
-## [2.11.3](https://github.com/TheHive-Project/TheHive/tree/2.11.3) (2017-06-14)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/debian/2.11.2...2.11.3)
+## [2.11.3](https://github.com/TheHive-Project/TheHive/milestone/14) (2017-06-14)
 
 **Fixed bugs:**
 
-- Unable to add tasks to case template [\#239](https://github.com/TheHive-Project/TheHive/issues/239)
-- Problem Start TheHive on Ubuntu 16.04 [\#238](https://github.com/TheHive-Project/TheHive/issues/238)
 - MISP synchronization doesn't retrieve all events [\#236](https://github.com/TheHive-Project/TheHive/issues/236)
+- Problem Start TheHive on Ubuntu 16.04 [\#238](https://github.com/TheHive-Project/TheHive/issues/238)
+- Unable to add tasks to case template [\#239](https://github.com/TheHive-Project/TheHive/issues/239)
 
-## [2.11.2](https://github.com/TheHive-Project/TheHive/tree/2.11.2) (2017-05-24)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.11.1...2.11.2)
+## [2.11.2](https://github.com/TheHive-Project/TheHive/milestone/12) (2017-05-31)
 
 **Implemented enhancements:**
 
-- Visually distinguish between analyzed and non analyzer observables [\#224](https://github.com/TheHive-Project/TheHive/issues/224)
-- Add Description Field to Alert Preview Modal [\#218](https://github.com/TheHive-Project/TheHive/issues/218)
 - Show case severity in lists [\#188](https://github.com/TheHive-Project/TheHive/issues/188)
+- Add Description Field to Alert Preview Modal [\#218](https://github.com/TheHive-Project/TheHive/issues/218)
+- Visually distinguish between analyzed and non analyzer observables [\#224](https://github.com/TheHive-Project/TheHive/issues/224)
 
 **Fixed bugs:**
 
-- MISP synchronization - attributes are not retrieve [\#221](https://github.com/TheHive-Project/TheHive/issues/221)
-- MISP synchronization - Alerts are wrongly updated [\#220](https://github.com/TheHive-Project/TheHive/issues/220)
 - Cortex jobs from thehive fail silently [\#219](https://github.com/TheHive-Project/TheHive/issues/219)
+- MISP synchronization - Alerts are wrongly updated [\#220](https://github.com/TheHive-Project/TheHive/issues/220)
+- MISP synchronization - attributes are not retrieve [\#221](https://github.com/TheHive-Project/TheHive/issues/221)
 
-**Merged pull requests:**
-
-- Fixing links to docu repo [\#213](https://github.com/TheHive-Project/TheHive/pull/213) ([SHSauler](https://github.com/SHSauler))
-
-## [2.11.1](https://github.com/TheHive-Project/TheHive/tree/2.11.1) (2017-05-17)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.11.0...2.11.1)
+## [2.11.1](https://github.com/TheHive-Project/TheHive/milestone/10) (2017-05-17)
 
 **Implemented enhancements:**
 
-- Show available reports number for each observable [\#211](https://github.com/TheHive-Project/TheHive/issues/211)
 - Merge Duplicate Tasks during Case Merge [\#180](https://github.com/TheHive-Project/TheHive/issues/180)
+- Show available reports number for each observable [\#211](https://github.com/TheHive-Project/TheHive/issues/211)
+
+**Closed issues:**
+
+- No API Alert documentation [\#203](https://github.com/TheHive-Project/TheHive/issues/203)
 
 **Fixed bugs:**
 
-- Case templates not applied when converting an alert to a case [\#206](https://github.com/TheHive-Project/TheHive/issues/206)
-- Observable of merged cased might have duplicate tags [\#205](https://github.com/TheHive-Project/TheHive/issues/205)
 - Error updating case templates [\#204](https://github.com/TheHive-Project/TheHive/issues/204)
+- Observable of merged cased might have duplicate tags [\#205](https://github.com/TheHive-Project/TheHive/issues/205)
+- Case templates not applied when converting an alert to a case [\#206](https://github.com/TheHive-Project/TheHive/issues/206)
 
-## [2.11.0](https://github.com/TheHive-Project/TheHive/tree/2.11.0) (2017-05-14)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.10.2...2.11.0)
+## [2.11.0](https://github.com/TheHive-Project/TheHive/milestone/4) (2017-05-12)
 
 **Implemented enhancements:**
 
-- Display the logos of the integrated external services [\#198](https://github.com/TheHive-Project/TheHive/issues/198)
-- TheHive send to many information to Cortex when an analyze is requested [\#196](https://github.com/TheHive-Project/TheHive/issues/196)
-- Sort the list of report templates [\#195](https://github.com/TheHive-Project/TheHive/issues/195)
-- Add support to .deb and .rpm package generation [\#193](https://github.com/TheHive-Project/TheHive/issues/193)
-- Cannot distinguish which analysers run on which cortex instance [\#179](https://github.com/TheHive-Project/TheHive/issues/179)
-- Connect to Cortex protected by Basic Auth [\#173](https://github.com/TheHive-Project/TheHive/issues/173)
-- Implement the alerting framework feature [\#170](https://github.com/TheHive-Project/TheHive/issues/170)
-- Make the flow collapsible, in case details page [\#167](https://github.com/TheHive-Project/TheHive/issues/167)
-- Update the datalist filter previews to display meaningful values [\#166](https://github.com/TheHive-Project/TheHive/issues/166)
-- Show severity on the "Cases Page" [\#165](https://github.com/TheHive-Project/TheHive/issues/165)
-- Add pagination component at the top of all the data lists [\#151](https://github.com/TheHive-Project/TheHive/issues/151)
-- Connect to Cortex instance via proxy [\#147](https://github.com/TheHive-Project/TheHive/issues/147)
-- Disable field autocomplete on the login form [\#146](https://github.com/TheHive-Project/TheHive/issues/146)
-- Refresh the UI's skin [\#145](https://github.com/TheHive-Project/TheHive/issues/145)
-- Add support of case template in back-end API [\#144](https://github.com/TheHive-Project/TheHive/issues/144)
-- Proxy authentication [\#143](https://github.com/TheHive-Project/TheHive/issues/143)
-- Improve logs browsing [\#128](https://github.com/TheHive-Project/TheHive/issues/128)
-- Improve logs browsing [\#128](https://github.com/TheHive-Project/TheHive/issues/128)
-- Feature request: Autocomplete tags [\#119](https://github.com/TheHive-Project/TheHive/issues/119)
-- Ignored MISP events are no longer visible and cannot be imported [\#107](https://github.com/TheHive-Project/TheHive/issues/107)
-- MISP import filter / filtering of events [\#86](https://github.com/TheHive-Project/TheHive/issues/86)
 - Reordering Tasks [\#21](https://github.com/TheHive-Project/TheHive/issues/21)
-
-**Fixed bugs:**
-
-- Authentication fails with wrong message if database migration is needed [\#200](https://github.com/TheHive-Project/TheHive/issues/200)
-- Fix the success message when running a set of analyzers [\#199](https://github.com/TheHive-Project/TheHive/issues/199)
-- Duplicate HTTP calls in case page [\#187](https://github.com/TheHive-Project/TheHive/issues/187)
-- Job status refresh [\#171](https://github.com/TheHive-Project/TheHive/issues/171)
+- MISP import filter / filtering of events [\#86](https://github.com/TheHive-Project/TheHive/issues/86)
+- Ignored MISP events are no longer visible and cannot be imported [\#107](https://github.com/TheHive-Project/TheHive/issues/107)
+- Feature request: Autocomplete tags [\#119](https://github.com/TheHive-Project/TheHive/issues/119)
+- Improve logs browsing [\#128](https://github.com/TheHive-Project/TheHive/issues/128)
+- Proxy authentication [\#143](https://github.com/TheHive-Project/TheHive/issues/143)
+- Add support of case template in back-end API [\#144](https://github.com/TheHive-Project/TheHive/issues/144)
+- Refresh the UI's skin [\#145](https://github.com/TheHive-Project/TheHive/issues/145)
+- Disable field autocomplete on the login form [\#146](https://github.com/TheHive-Project/TheHive/issues/146)
+- Connect to Cortex instance via proxy [\#147](https://github.com/TheHive-Project/TheHive/issues/147)
+- Add pagination component at the top of all the data lists [\#151](https://github.com/TheHive-Project/TheHive/issues/151)
+- Show severity on the "Cases Page" [\#165](https://github.com/TheHive-Project/TheHive/issues/165)
+- Update the datalist filter previews to display meaningful values [\#166](https://github.com/TheHive-Project/TheHive/issues/166)
+- Make the flow collapsible, in case details page [\#167](https://github.com/TheHive-Project/TheHive/issues/167)
+- Implement the alerting framework feature [\#170](https://github.com/TheHive-Project/TheHive/issues/170)
+- Connect to Cortex protected by Basic Auth [\#173](https://github.com/TheHive-Project/TheHive/issues/173)
+- Cannot distinguish which analysers run on which cortex instance [\#179](https://github.com/TheHive-Project/TheHive/issues/179)
+- Add support to .deb and .rpm package generation [\#193](https://github.com/TheHive-Project/TheHive/issues/193)
+- Sort the list of report templates [\#195](https://github.com/TheHive-Project/TheHive/issues/195)
+- TheHive send to many information to Cortex when an analyze is requested [\#196](https://github.com/TheHive-Project/TheHive/issues/196)
+- Display the logos of the integrated external services [\#198](https://github.com/TheHive-Project/TheHive/issues/198)
 
 **Closed issues:**
 
-- Support for cuckoo malware analysis plattform \(link analysis\) [\#181](https://github.com/TheHive-Project/TheHive/issues/181)
+- MISP event filter require manual escapes [\#87](https://github.com/TheHive-Project/TheHive/issues/87)
 - Scala code cleanup [\#153](https://github.com/TheHive-Project/TheHive/issues/153)
 
-**Merged pull requests:**
-
-- Fixed minor typo in template creation and update notifications. [\#194](https://github.com/TheHive-Project/TheHive/pull/194) ([dewoodruff](https://github.com/dewoodruff))
+**Fixed bugs:**
 
-## [2.10.2](https://github.com/TheHive-Project/TheHive/tree/2.10.2) (2017-04-19)
+- Job status refresh [\#171](https://github.com/TheHive-Project/TheHive/issues/171)
+- Duplicate HTTP calls in case page [\#187](https://github.com/TheHive-Project/TheHive/issues/187)
+- Fix the success message when running a set of analyzers [\#199](https://github.com/TheHive-Project/TheHive/issues/199)
+- Authentication fails with wrong message if database migration is needed [\#200](https://github.com/TheHive-Project/TheHive/issues/200)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.10.1...2.10.2)
+## [2.10.2](https://github.com/TheHive-Project/TheHive/milestone/8) (2017-04-18)
 
 **Implemented enhancements:**
 
-- Run all analyzers on multiple observables from observables view [\#174](https://github.com/TheHive-Project/TheHive/issues/174)
-- Add CSRF protection [\#158](https://github.com/TheHive-Project/TheHive/issues/158)
 - Persistence for task viewing options [\#157](https://github.com/TheHive-Project/TheHive/issues/157)
-
-**Fixed bugs:**
-
-- MISP import fails [\#169](https://github.com/TheHive-Project/TheHive/issues/169)
-- Unauthenticated access to some pages doesn't redirect to login page [\#161](https://github.com/TheHive-Project/TheHive/issues/161)
-- Disable readonly access to admin pages, for users without 'admin' role [\#160](https://github.com/TheHive-Project/TheHive/issues/160)
-- Secure the usage of angular-ui-notification library [\#159](https://github.com/TheHive-Project/TheHive/issues/159)
-- Pagination does not work with 100 results per page [\#152](https://github.com/TheHive-Project/TheHive/issues/152)
+- Add CSRF protection [\#158](https://github.com/TheHive-Project/TheHive/issues/158)
+- Run all analyzers on multiple observables from observables view [\#174](https://github.com/TheHive-Project/TheHive/issues/174)
 
 **Closed issues:**
 
 - Observable Tags not displayed in 2.10.1 [\#155](https://github.com/TheHive-Project/TheHive/issues/155)
 
-## [2.10.1](https://github.com/TheHive-Project/TheHive/tree/2.10.1) (2017-03-08)
+**Fixed bugs:**
+
+- Pagination does not work with 100 results per page [\#152](https://github.com/TheHive-Project/TheHive/issues/152)
+- Secure the usage of angular-ui-notification library [\#159](https://github.com/TheHive-Project/TheHive/issues/159)
+- Disable readonly access to admin pages, for users without 'admin' role [\#160](https://github.com/TheHive-Project/TheHive/issues/160)
+- Unauthenticated access to some pages doesn't redirect to login page [\#161](https://github.com/TheHive-Project/TheHive/issues/161)
+- MISP import fails [\#169](https://github.com/TheHive-Project/TheHive/issues/169)
 
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.10.0...2.10.1)
+## [2.10.1](https://github.com/TheHive-Project/TheHive/milestone/3) (2017-03-08)
 
 **Implemented enhancements:**
 
-- Feature Request: Ansible build scripts [\#124](https://github.com/TheHive-Project/TheHive/issues/124)
-- Remove the "Run all analyzers" option from observables list [\#141](https://github.com/TheHive-Project/TheHive/issues/141)
-- Remove duplicate stream callbacks registration [\#138](https://github.com/TheHive-Project/TheHive/issues/138)
-- Typo in quick filters [\#134](https://github.com/TheHive-Project/TheHive/issues/134)
-- Display a warning when trying to merge an already merged case [\#129](https://github.com/TheHive-Project/TheHive/issues/129)
-- Restyle avatar's upload button [\#126](https://github.com/TheHive-Project/TheHive/issues/126)
-- Add pagination component at the top of the task log [\#116](https://github.com/TheHive-Project/TheHive/issues/116)
-- Disable buttons in MISP event's preview dialog [\#115](https://github.com/TheHive-Project/TheHive/issues/115)
-- Make The Hive working on any URL path and not only / [\#114](https://github.com/TheHive-Project/TheHive/issues/114)
-- Misleading MISP Event Date and Time [\#101](https://github.com/TheHive-Project/TheHive/issues/101)
 - Upgrade to the last version of UI-Bootstrap UI library [\#79](https://github.com/TheHive-Project/TheHive/issues/79)
+- Misleading MISP Event Date and Time [\#101](https://github.com/TheHive-Project/TheHive/issues/101)
+- Make The Hive working on any URL path and not only / [\#114](https://github.com/TheHive-Project/TheHive/issues/114)
+- Disable buttons in MISP event's preview dialog [\#115](https://github.com/TheHive-Project/TheHive/issues/115)
+- Add pagination component at the top of the task log [\#116](https://github.com/TheHive-Project/TheHive/issues/116)
+- Restyle avatar's upload button [\#126](https://github.com/TheHive-Project/TheHive/issues/126)
+- Display a warning when trying to merge an already merged case [\#129](https://github.com/TheHive-Project/TheHive/issues/129)
+- Typo in quick filters [\#134](https://github.com/TheHive-Project/TheHive/issues/134)
+- Remove duplicate stream callbacks registration [\#138](https://github.com/TheHive-Project/TheHive/issues/138)
+- Remove the "Run all analyzers" option from observables list [\#141](https://github.com/TheHive-Project/TheHive/issues/141)
 
 **Fixed bugs:**
 
-- Fix OTXQuery report template [\#142](https://github.com/TheHive-Project/TheHive/issues/142)
-- 401 HTTP responses don't trigger redirection to login page [\#140](https://github.com/TheHive-Project/TheHive/issues/140)
-- Fix a JS issue related to inactivity dialog [\#139](https://github.com/TheHive-Project/TheHive/issues/139)
-- Flow is not shown [\#127](https://github.com/TheHive-Project/TheHive/issues/127)
-- Case merge does not close tasks in merged cases [\#118](https://github.com/TheHive-Project/TheHive/issues/118)
-- Web UI doesn't refresh once a report template is deleted [\#113](https://github.com/TheHive-Project/TheHive/issues/113)
-- Open log in new windows [\#108](https://github.com/TheHive-Project/TheHive/issues/108)
-- Cannot add an observable which datatype has been added by an admin [\#106](https://github.com/TheHive-Project/TheHive/issues/106)
 - Observables password hint does not reflect backend change [\#83](https://github.com/TheHive-Project/TheHive/issues/83)
+- Cannot add an observable which datatype has been added by an admin [\#106](https://github.com/TheHive-Project/TheHive/issues/106)
+- Open log in new windows [\#108](https://github.com/TheHive-Project/TheHive/issues/108)
+- Web UI doesn't refresh once a report template is deleted [\#113](https://github.com/TheHive-Project/TheHive/issues/113)
+- Case merge does not close tasks in merged cases [\#118](https://github.com/TheHive-Project/TheHive/issues/118)
+- Flow is not shown [\#127](https://github.com/TheHive-Project/TheHive/issues/127)
+- Fix a JS issue related to inactivity dialog [\#139](https://github.com/TheHive-Project/TheHive/issues/139)
+- 401 HTTP responses don't trigger redirection to login page [\#140](https://github.com/TheHive-Project/TheHive/issues/140)
+- Fix OTXQuery report template [\#142](https://github.com/TheHive-Project/TheHive/issues/142)
 
-## [2.10.0](https://github.com/TheHive-Project/TheHive/tree/2.10.0) (2017-02-01)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.9.2...2.10.0)
+## [2.10.0](https://github.com/TheHive-Project/TheHive/milestone/2) (2017-02-03)
 
 **Implemented enhancements:**
 
-- Improve cases listing page [\#76](https://github.com/TheHive-Project/TheHive/issues/76)
-- Feature Request - Add Case Statistics by Severity [\#70](https://github.com/TheHive-Project/TheHive/issues/70)
-- Use avatars in user profiles [\#69](https://github.com/TheHive-Project/TheHive/issues/69)
-- Allow \(un\)set observable as IOC from the observable's page [\#68](https://github.com/TheHive-Project/TheHive/issues/68)
-- When closing a task, close the associated tab as well [\#66](https://github.com/TheHive-Project/TheHive/issues/66)
-- Load the Current Cases View when Closing a Case [\#61](https://github.com/TheHive-Project/TheHive/issues/61)
-- Externalize observable analysis [\#53](https://github.com/TheHive-Project/TheHive/issues/53)
-- Changeable case owner [\#30](https://github.com/TheHive-Project/TheHive/issues/30)
-- Make release process easier [\#28](https://github.com/TheHive-Project/TheHive/issues/28)
 - Newly created case template not visible in NEW case until logout/login [\#26](https://github.com/TheHive-Project/TheHive/issues/26)
-
-**Fixed bugs:**
-
-- Template Limit Bug [\#105](https://github.com/TheHive-Project/TheHive/issues/105)
-- Bug related case [\#97](https://github.com/TheHive-Project/TheHive/issues/97)
-- Case TLP should be set to AMBER by default [\#96](https://github.com/TheHive-Project/TheHive/issues/96)
-- User is not notified on MISP error [\#88](https://github.com/TheHive-Project/TheHive/issues/88)
-- Locked users cannot be assignee of cases [\#77](https://github.com/TheHive-Project/TheHive/issues/77)
-- Task descriptions from case templates are not applied [\#65](https://github.com/TheHive-Project/TheHive/issues/65)
-- Add an already exist observable returns an unexpected error [\#63](https://github.com/TheHive-Project/TheHive/issues/63)
-- Don't use deleted obserables to link cases [\#62](https://github.com/TheHive-Project/TheHive/issues/62)
-- Assign a default role to new users and remove the ability to assign empty roles [\#60](https://github.com/TheHive-Project/TheHive/issues/60)
-- Locked users are still able to log in [\#59](https://github.com/TheHive-Project/TheHive/issues/59)
-- MISP events counter is not refreshed [\#58](https://github.com/TheHive-Project/TheHive/issues/58)
-- Make sure to clear new task log editor [\#57](https://github.com/TheHive-Project/TheHive/issues/57)
-- Missing markdown editor in case close dialog [\#42](https://github.com/TheHive-Project/TheHive/issues/42)
+- Make release process easier [\#28](https://github.com/TheHive-Project/TheHive/issues/28)
+- Changeable case owner [\#30](https://github.com/TheHive-Project/TheHive/issues/30)
+- Externalize observable analysis [\#53](https://github.com/TheHive-Project/TheHive/issues/53)
+- Load the Current Cases View when Closing a Case [\#61](https://github.com/TheHive-Project/TheHive/issues/61)
+- When closing a task, close the associated tab as well [\#66](https://github.com/TheHive-Project/TheHive/issues/66)
+- Allow (un)set observable as IOC from the observable's page [\#68](https://github.com/TheHive-Project/TheHive/issues/68)
+- Use avatars in user profiles [\#69](https://github.com/TheHive-Project/TheHive/issues/69)
+- Feature Request - Add Case Statistics by Severity [\#70](https://github.com/TheHive-Project/TheHive/issues/70)
+- Improve cases listing page [\#76](https://github.com/TheHive-Project/TheHive/issues/76)
 
 **Closed issues:**
 
-- Database schema update \(v8\) [\#67](https://github.com/TheHive-Project/TheHive/issues/67)
-- Add support for more filetypes to PE_info analyser [\#54](https://github.com/TheHive-Project/TheHive/issues/54)
-- Create an analyzer to get information about PE file [\#51](https://github.com/TheHive-Project/TheHive/issues/51)
-- PhishTank Analyzer [\#40](https://github.com/TheHive-Project/TheHive/issues/40)
 - OTX Analyzer [\#32](https://github.com/TheHive-Project/TheHive/issues/32)
+- PhishTank Analyzer [\#40](https://github.com/TheHive-Project/TheHive/issues/40)
+- Unable to use SSL on AD auth [\#50](https://github.com/TheHive-Project/TheHive/issues/50)
+- Create an analyzer to get information about PE file [\#51](https://github.com/TheHive-Project/TheHive/issues/51)
+- Add support for more filetypes to PE_info analyser [\#54](https://github.com/TheHive-Project/TheHive/issues/54)
+- Database schema update (v8) [\#67](https://github.com/TheHive-Project/TheHive/issues/67)
 
-**Merged pull requests:**
-
-- AlienVault OTX Analyzer [\#39](https://github.com/TheHive-Project/TheHive/pull/39) ([ecapuano](https://github.com/ecapuano))
-
-## [2.9.2](https://github.com/TheHive-Project/TheHive/tree/2.9.2) (2017-01-19)
-
-[Full Changelog](https://github.com/TheHive-Project/TheHive/compare/2.9.1...2.9.2)
+**Fixed bugs:**
 
-**Implemented enhancements:**
+- Missing markdown editor in case close dialog [\#42](https://github.com/TheHive-Project/TheHive/issues/42)
+- Make sure to clear new task log editor [\#57](https://github.com/TheHive-Project/TheHive/issues/57)
+- MISP events counter is not refreshed [\#58](https://github.com/TheHive-Project/TheHive/issues/58)
+- Locked users are still able to log in [\#59](https://github.com/TheHive-Project/TheHive/issues/59)
+- Assign a default role to new users and remove the ability to assign empty roles [\#60](https://github.com/TheHive-Project/TheHive/issues/60)
+- Don't use deleted obserables to link cases [\#62](https://github.com/TheHive-Project/TheHive/issues/62)
+- Add an already exist observable returns an unexpected error [\#63](https://github.com/TheHive-Project/TheHive/issues/63)
+- Task descriptions from case templates are not applied [\#65](https://github.com/TheHive-Project/TheHive/issues/65)
+- Locked users cannot be assignee of cases [\#77](https://github.com/TheHive-Project/TheHive/issues/77)
+- User is not notified on MISP error [\#88](https://github.com/TheHive-Project/TheHive/issues/88)
+- Case TLP should be set to AMBER by default [\#96](https://github.com/TheHive-Project/TheHive/issues/96)
+- Bug related case [\#97](https://github.com/TheHive-Project/TheHive/issues/97)
+- Hippocampe Analyzer [\#104](https://github.com/TheHive-Project/TheHive/issues/104)
+- Template Limit Bug [\#105](https://github.com/TheHive-Project/TheHive/issues/105)
 
-- Feature Request - Add observable statistics [\#71](https://github.com/TheHive-Project/TheHive/issues/71)
+## [2.9.2](https://github.com/TheHive-Project/TheHive/milestone/5) (2017-01-19)
 
 **Fixed bugs:**
 
-- docker image: \$.post\(...\).success is not a function [\#95](https://github.com/TheHive-Project/TheHive/issues/95)
+- docker image: $.post(...).success is not a function [\#95](https://github.com/TheHive-Project/TheHive/issues/95)
 
-## [2.9.1](https://github.com/TheHive-Project/TheHive/tree/2.9.1) (2016-11-28)
+## [2.9.1](https://github.com/TheHive-Project/TheHive/milestone/1) (2016-11-28)
 
 **Implemented enhancements:**
 
-- Statistics on a per case template name / prefix basis [\#31](https://github.com/TheHive-Project/TheHive/issues/31)
-- Observable Viewing Page [\#17](https://github.com/TheHive-Project/TheHive/issues/17)
-- Update logo and favicon [\#45](https://github.com/TheHive-Project/TheHive/issues/45)
-- Inconsistent wording between the login and user management pages [\#44](https://github.com/TheHive-Project/TheHive/issues/44)
-- MaxMind Analyzer 'Short Report' has hard-coded language [\#23](https://github.com/TheHive-Project/TheHive/issues/23)
-- Don't update imported case from MISP if it is deleted or merged [\#22](https://github.com/TheHive-Project/TheHive/issues/22)
 - Case merging [\#14](https://github.com/TheHive-Project/TheHive/issues/14)
-- New analyzer to check URL categories [\#24](https://github.com/TheHive-Project/TheHive/pull/24) ([ecapuano](https://github.com/ecapuano))
+- Don't update imported case from MISP if it is deleted or merged [\#22](https://github.com/TheHive-Project/TheHive/issues/22)
+- MaxMind Analyzer 'Short Report' has hard-coded language [\#23](https://github.com/TheHive-Project/TheHive/issues/23)
+- Inconsistent wording between the login and user management pages [\#44](https://github.com/TheHive-Project/TheHive/issues/44)
+- Update logo and favicon [\#45](https://github.com/TheHive-Project/TheHive/issues/45)
 
 **Fixed bugs:**
 
-- Resource not found by Assets controller [\#38](https://github.com/TheHive-Project/TheHive/issues/38)
-- NPE occurs at startup if conf directory doesn't exists [\#41](https://github.com/TheHive-Project/TheHive/issues/41)
-- Systemd startup script does not work [\#29](https://github.com/TheHive-Project/TheHive/issues/29)
-- MISP event parsing error when it doesn't contain any attribute [\#25](https://github.com/TheHive-Project/TheHive/issues/25)
-- Phantom tabs [\#18](https://github.com/TheHive-Project/TheHive/issues/18)
-- The Action button of observables list is blank [\#15](https://github.com/TheHive-Project/TheHive/issues/15)
-- Description becomes empty when you cancel an edition [\#13](https://github.com/TheHive-Project/TheHive/issues/13)
-- Metric Labels Not Showing in Case View [\#10](https://github.com/TheHive-Project/TheHive/issues/10)
-- chrome on os x - header alignment [\#5](https://github.com/TheHive-Project/TheHive/issues/5)
 - Tags not saving when creating observable. [\#4](https://github.com/TheHive-Project/TheHive/issues/4)
-
-**Closed issues:**
-
-- Statistics based on Tags [\#37](https://github.com/TheHive-Project/TheHive/issues/37)
-- Give us something to work with! [\#2](https://github.com/TheHive-Project/TheHive/issues/2)
-
-**Merged pull requests:**
-
-- Fix "Run from Docker" [\#9](https://github.com/TheHive-Project/TheHive/pull/9) ([2xyo](https://github.com/2xyo))
-- Fixing a Simple Typo [\#6](https://github.com/TheHive-Project/TheHive/pull/6) ([swannysec](https://github.com/swannysec))
-- Fixed broken link to Wiki [\#1](https://github.com/TheHive-Project/TheHive/pull/1) ([Neo23x0](https://github.com/Neo23x0))
-
-\* _This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)_
+- chrome on os x - header alignment [\#5](https://github.com/TheHive-Project/TheHive/issues/5)
+- Metric Labels Not Showing in Case View [\#10](https://github.com/TheHive-Project/TheHive/issues/10)
+- Description becomes empty when you cancel an edition [\#13](https://github.com/TheHive-Project/TheHive/issues/13)
+- The Action button of observables list is blank [\#15](https://github.com/TheHive-Project/TheHive/issues/15)
+- Phantom tabs [\#18](https://github.com/TheHive-Project/TheHive/issues/18)
+- MISP event parsing error when it doesn't contain any attribute [\#25](https://github.com/TheHive-Project/TheHive/issues/25)
+- Systemd startup script does not work [\#29](https://github.com/TheHive-Project/TheHive/issues/29)
+- NPE occurs at startup if conf directory doesn't exists [\#41](https://github.com/TheHive-Project/TheHive/issues/41)
diff --git a/version.sbt b/version.sbt
index 4a9221edea..cd1276f56c 100644
--- a/version.sbt
+++ b/version.sbt
@@ -1 +1 @@
-version in ThisBuild := "3.4.0-1"
+version in ThisBuild := "3.4.1-1"