Merge branch 'release/3.0.0'

.scalariform.conf

@@ -0,0 +1,30 @@
+#alignArguments=false
+#alignParameters=false
+alignSingleLineCaseStatements=true
+alignSingleLineCaseStatements.maxArrowIndent=60
+#allowParamGroupsOnNewlines=false
+compactControlReadability=true
+#compactStringConcatenation=false
+#danglingCloseParenthesis=Prevent
+doubleIndentClassDeclaration=false
+doubleIndentConstructorArguments=true
+doubleIndentMethodDeclaration=true
+#firstArgumentOnNewline=Force
+#firstParameterOnNewline=Force
+#formatXml=true
+#indentLocalDefs=false
+#indentPackageBlocks=true
+#indentSpaces=2
+#indentWithTabs=false
+#multilineScaladocCommentsStartOnFirstLine=false
+#newlineAtEndOfFile=false
+placeScaladocAsterisksBeneathSecondAsterisk=true
+#preserveSpaceBeforeArguments=false
+rewriteArrowSymbols=true
+#singleCasePatternOnNewline=true
+#spaceBeforeColon=false
+#spaceBeforeContextColon=false
+#spaceInsideBrackets=false
+#spaceInsideParentheses=false
+#spacesAroundMultiImports=true
+#spacesWithinPatternBinders=true

CHANGELOG.md

@@ -1,7 +1,55 @@
 # Change Log
 
-## [2.13.2](https://github.com/CERT-BDF/TheHive/tree/2.13.2) (2017-10-24)
+## [3.0.0](https://github.com/CERT-BDF/TheHive/tree/3.0.0) (2017-12-05)
+
+[Full Changelog](https://github.com/CERT-BDF/TheHive/compare/2.13.2...3.0.0)
+
+**Implemented enhancements:**
+
+- Assign default values to case templates' custom fields [\#375](https://github.com/CERT-BDF/TheHive/issues/375)
+- Add the Ability to Import and Export Case Templates [\#369](https://github.com/CERT-BDF/TheHive/issues/369)
+- Add a sighted flag for IOCs [\#365](https://github.com/CERT-BDF/TheHive/issues/365)
+- Alert id should not be used to build case title when using case templates [\#364](https://github.com/CERT-BDF/TheHive/issues/364)
+- Set task assignee in case template [\#362](https://github.com/CERT-BDF/TheHive/issues/362)
+- Add Autonomous Systems to the Default Datatype List [\#359](https://github.com/CERT-BDF/TheHive/issues/359)
+- Display more than 10 users per page and sort them by alphanumerical order [\#346](https://github.com/CERT-BDF/TheHive/issues/346)
+- \[Minor\] Add user dialog title issue [\#345](https://github.com/CERT-BDF/TheHive/issues/345)
+- Deleted cases showing in statistics [\#317](https://github.com/CERT-BDF/TheHive/issues/317)
+- Dynamic dashboard [\#312](https://github.com/CERT-BDF/TheHive/issues/312)
+- Add health check in status API [\#306](https://github.com/CERT-BDF/TheHive/issues/306)
+- Alerts in Statistics [\#274](https://github.com/CERT-BDF/TheHive/issues/274)
+- Statistics: Observables and IOC over time [\#215](https://github.com/CERT-BDF/TheHive/issues/215)
+- Export Statistics/Metrics [\#197](https://github.com/CERT-BDF/TheHive/issues/197)
+- Msg\_Parser analyser show for all files [\#184](https://github.com/CERT-BDF/TheHive/issues/184)
+- Assign default metric values [\#176](https://github.com/CERT-BDF/TheHive/issues/176)
+- Display Cortex Version, Instance Name, Status and Available Analyzers [\#130](https://github.com/CERT-BDF/TheHive/issues/130)
+- Feature Request: Webhooks [\#20](https://github.com/CERT-BDF/TheHive/issues/20)
+- Remove the From prefix and template suffix around a template name in the New Case menu [\#348](https://github.com/CERT-BDF/TheHive/issues/348)
+- Keep the alert date when creating a case from it [\#320](https://github.com/CERT-BDF/TheHive/issues/320)
+- Export to MISP: add TLP [\#314](https://github.com/CERT-BDF/TheHive/issues/314)
+- Show already known observables in Import MISP Events preview window [\#137](https://github.com/CERT-BDF/TheHive/issues/137)
+
+**Fixed bugs:**
+
+- The misp \> instance name \> tags parameter is not honored when importing MISP events [\#373](https://github.com/CERT-BDF/TheHive/issues/373)
+- \[Bug\] Merging an alert into case with duplicate artifacts does not merge descriptions [\#357](https://github.com/CERT-BDF/TheHive/issues/357)
+- Share a case if MISP is not enabled raise an error [\#349](https://github.com/CERT-BDF/TheHive/issues/349)
+- Validate alert's TLP and severity attributes values [\#326](https://github.com/CERT-BDF/TheHive/issues/326)
+- Merge of cases overrides task log owners [\#303](https://github.com/CERT-BDF/TheHive/issues/303)
 
+**Closed issues:**
+
+- MISP Connection Error with Cortex/HIVE [\#371](https://github.com/CERT-BDF/TheHive/issues/371)
+- Single Sign-On with X.509 certificates [\#297](https://github.com/CERT-BDF/TheHive/issues/297)
+- Remove the deprecated "user" property [\#316](https://github.com/CERT-BDF/TheHive/issues/316)
+- Run observable analyzers through API [\#308](https://github.com/CERT-BDF/TheHive/issues/308)
+
+**Merged pull requests:**
+
+- typos and improvements to text [\#355](https://github.com/CERT-BDF/TheHive/pull/355) ([steoleary](https://github.com/steoleary))
+- Correct typo [\#353](https://github.com/CERT-BDF/TheHive/pull/353) ([arnydo](https://github.com/arnydo))
+
+## [2.13.2](https://github.com/CERT-BDF/TheHive/tree/2.13.2) (2017-10-24)
 [Full Changelog](https://github.com/CERT-BDF/TheHive/compare/2.13.1...2.13.2)
 
 **Fixed bugs:**

build.sbt

@@ -18,21 +18,18 @@ lazy val thehiveCortex = (project in file("thehive-cortex"))
   .enablePlugins(PlayScala)
   .dependsOn(thehiveBackend)
   .settings(publish := {})
-  .settings(SbtScalariform.scalariformSettings: _*)
 
 lazy val thehive = (project in file("."))
   .enablePlugins(PlayScala)
+  .enablePlugins(PublishToBinTray)
   .dependsOn(thehiveBackend, thehiveMetrics, thehiveMisp, thehiveCortex)
   .aggregate(thehiveBackend, thehiveMetrics, thehiveMisp, thehiveCortex)
   .settings(aggregate in Debian := false)
   .settings(aggregate in Rpm := false)
   .settings(aggregate in Docker := false)
-  .settings(PublishToBinTray.settings: _*)
-  .settings(Release.settings: _*)
-
 
 // Redirect logs from ElasticSearch (which uses log4j2) to slf4j
-libraryDependencies += "org.apache.logging.log4j" % "log4j-to-slf4j" % "2.9.0"
+libraryDependencies += "org.apache.logging.log4j" % "log4j-to-slf4j" % "2.9.1"
 excludeDependencies += "org.apache.logging.log4j" % "log4j-core"
 
 lazy val rpmPackageRelease = (project in file("package/rpm-release"))
@@ -58,10 +55,6 @@ lazy val rpmPackageRelease = (project in file("package/rpm-release"))
     ))
   )
 
-
-Release.releaseVersionUIFile := baseDirectory.value / "ui" / "package.json"
-Release.changelogFile := baseDirectory.value / "CHANGELOG.md"
-
 // Front-end //
 run := {
   (run in Compile).evaluated
@@ -81,8 +74,8 @@ mappings in Universal ~= {
     file("package/thehive.service") -> "package/thehive.service",
     file("package/thehive.conf") -> "package/thehive.conf",
     file("package/thehive") -> "package/thehive",
-    file("package/logback.xml") -> "conf/logback.xml"
-  )
+    file("package/logback.xml") -> "conf/logback.xml",
+  ) ++ (file("migration").**(AllPassFilter) pair Path.rebase(file("migration"), "migration"))
 }
 
 // Package //
@@ -122,7 +115,7 @@ packageBin := {
 }
 // DEB //
 linuxPackageMappings in Debian += packageMapping(file("LICENSE") -> "/usr/share/doc/thehive/copyright").withPerms("644")
-version in Debian := version.value + "-1"
+version in Debian := version.value + "-0"
 debianPackageRecommends := Seq("elasticsearch")
 debianPackageDependencies += "openjdk-8-jre-headless"
 maintainerScripts in Debian := maintainerScriptsFromDirectory(
@@ -146,11 +139,13 @@ linuxPackageSymlinks in Rpm := Nil
 rpmPrefix := Some(defaultLinuxInstallLocation.value)
 linuxEtcDefaultTemplate in Rpm := (baseDirectory.value / "package" / "etc_default_thehive").asURL
 rpmReleaseFile := {
+  import scala.sys.process._
   val rpmFile = (packageBin in Rpm in rpmPackageRelease).value
   s"rpm --addsign $rpmFile".!!
   rpmFile
 }
 packageBin in Rpm := {
+  import scala.sys.process._
   val rpmFile = (packageBin in Rpm).value
   s"rpm --addsign $rpmFile".!!
   rpmFile
@@ -192,42 +187,8 @@ bintrayOrganization := Some("cert-bdf")
 bintrayRepository := "thehive"
 publish := {
   (publish in Docker).value
-  PublishToBinTray.publishRelease.value
-  PublishToBinTray.publishLatest.value
-  PublishToBinTray.publishRpm.value
-  PublishToBinTray.publishDebian.value
+  publishRelease.value
+  publishLatest.value
+  publishRpm.value
+  publishDebian.value
 }
-
-// Scalariform //
-import scalariform.formatter.preferences._
-import com.typesafe.sbt.SbtScalariform.ScalariformKeys
-
-ScalariformKeys.preferences in ThisBuild := ScalariformKeys.preferences.value
-  .setPreference(AlignParameters, false)
-  //  .setPreference(FirstParameterOnNewline, Force)
-  .setPreference(AlignArguments, true)
-  //  .setPreference(FirstArgumentOnNewline, true)
-  .setPreference(AlignSingleLineCaseStatements, true)
-  .setPreference(AlignSingleLineCaseStatements.MaxArrowIndent, 60)
-  .setPreference(CompactControlReadability, true)
-  .setPreference(CompactStringConcatenation, false)
-  .setPreference(DoubleIndentClassDeclaration, true)
-  //  .setPreference(DoubleIndentMethodDeclaration, true)
-  .setPreference(FormatXml, true)
-  .setPreference(IndentLocalDefs, false)
-  .setPreference(IndentPackageBlocks, false)
-  .setPreference(IndentSpaces, 2)
-  .setPreference(IndentWithTabs, false)
-  .setPreference(MultilineScaladocCommentsStartOnFirstLine, false)
-  //  .setPreference(NewlineAtEndOfFile, true)
-  .setPreference(PlaceScaladocAsterisksBeneathSecondAsterisk, false)
-  .setPreference(PreserveSpaceBeforeArguments, false)
-  //  .setPreference(PreserveDanglingCloseParenthesis, false)
-  .setPreference(DanglingCloseParenthesis, Prevent)
-  .setPreference(RewriteArrowSymbols, true)
-  .setPreference(SpaceBeforeColon, false)
-  //  .setPreference(SpaceBeforeContextColon, false)
-  .setPreference(SpaceInsideBrackets, false)
-  .setPreference(SpaceInsideParentheses, false)
-  .setPreference(SpacesWithinPatternBinders, true)
-  .setPreference(SpacesAroundMultiImports, true)

conf/application.sample

@@ -1,52 +1,60 @@
-# Secret key
-# ~~~~~
-# The secret key is used to secure cryptographics functions.
-# If you deploy your application to several instances be sure to use the same key!
+# Secret Key
+# The secret key is used to secure cryptographic functions.
+# WARNING: If you deploy your application on several servers, make sure to use the same key.
 #play.crypto.secret="***changeme***"
 
-
-# ElasticSearch
+# Elasticsearch
 search {
-  # Name of the index
+  # Index name.
   index = the_hive
-  # Name of the ElasticSearch cluster
+  # ElasticSearch cluster name.
   cluster = hive
-  # Address of the ElasticSearch instance
+  # ElasticSearch instance address.
   host = ["127.0.0.1:9300"]
-  # Scroll keepalive
+  # Scroll keepalive.
   keepalive = 1m
-  # Size of the page for scroll
+  # Scroll page size.
   pagesize = 50
 }
 
 # Authentication
 auth {
-	# "type" parameter contains authentication provider. It can be multi-valued (useful for migration)
-	# available auth types are:
-	# services.LocalAuthSrv : passwords are stored in user entity (in ElasticSearch). No configuration are required.
-	# ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
-	# ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
+	# "type" parameter contains the authentication provider(s). It can be multi-valued, which is useful
+	# for migration.
+	# The available auth types are:
+	# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
+	#   configuration are required.
+	# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
+	#   the "ad" section below.
+	# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
+	#   "ldap" section below.
 	type = [local]
 
 	ad {
-		# Domain Windows name using DNS format. This parameter is required.
+		# The Windows domain name in DNS format. This parameter is required if you do not use
+		# 'serverNames' below.
 		#domainFQDN = "mydomain.local"
 
-		# Domain Windows name using short format. This parameter is required.
+		# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
+		# above. If this parameter is not set, TheHive uses 'domainFQDN'.
+        #serverNames = [ad1.mydomain.local, ad2.mydomain.local]
+
+		# The Windows domain name using short format. This parameter is required.
 		#domainName = "MYDOMAIN"
 
-		# Use SSL to connect to domain controller
+		# If 'true', use SSL to connect to the domain controller.
 		#useSSL = true
 	}
 
 	ldap {
-		# LDAP server name or address. Port can be specified (host:port). This parameter is required.
+		# The LDAP server name or address. The port can be specified using the 'host:port'
+		# syntax. This parameter is required if you don't use 'serverNames' below.
 		#serverName = "ldap.mydomain.local:389"
 
-		# Use SSL to connect to directory server
-		#useSSL = true
+		# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
+        #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
 
-		# Account to use to bind on LDAP server. This parameter is required.
+		# Account to use to bind to the LDAP server. This parameter is required.
 		#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
 
 		# Password of the binding account. This parameter is required.
@@ -55,33 +63,66 @@ auth {
 		# Base DN to search users. This parameter is required.
 		#baseDN = "ou=users,dc=mydomain,dc=local"
 
-		# Filter to search user {0} is replaced by user name. This parameter is required.
+		# Filter to search user in the directory server. Please note that {0} is replaced
+		# by the actual user name. This parameter is required.
 		#filter = "(cn={0})"
+
+		# If 'true', use SSL to connect to the LDAP directory server.
+		#useSSL = true
 	}
 }
 
 # Cortex
+# TheHive can connect to one or multiple  Cortex  instances.  Give  each
+# Cortex instance a name and specify the associated URL.
+
 cortex {
   #"CORTEX-SERVER-ID" {
-  #  # URL of MISP server
-  #  url = ""
+    # URL of the Cortex server.
+    #url = ""
   #}
 }
 
 # MISP
+# TheHive can connect to one or multiple MISP instances. Give each  MISP
+# instance a name and specify the associated Authkey that must  be  used
+# to poll events, the case template that should be used by default  when
+# importing events as well as the tags that must be added to cases  upon
+# import.
+
+# Prior to configuring the integration with a MISP  instance,  you  must
+# enable the MISP connector. This will allow you  to  import  events  to
+# and/or export cases to the MISP instance(s).
+#play.modules.enabled += connectors.misp.MispConnector
+
 misp {
   #"MISP-SERVER-ID" {
-  #  # URL of MISP server
-  #  url = ""
-  #  # authentication key
-  #  key = ""
-  #  #tags to be added to imported artifact
-  #  tags = ["misp"]
-  #}
+    # URL of the MISP instance.
+    #url = ""
+
+    # Authentication key.
+    #key = ""
+
+    # Name of the case template in TheHive that shall be used to import
+    # MISP events as cases by default.
+    # caseTemplate = "<Template_Name_goes_here>"
 
-  # truststore to used to validate MISP certificate (if default truststore is not suffisient)
-  #cert = /path/to/truststore.jsk
+    # Tags to add to each observable imported from an event available on
+    # this instance.
+    #tags = ["misp-server-id"]
+
+    # Truststore to use to validate the X.509 certificate  of  the  MISP
+    # instance if the default truststore is not sufficient.
+
+    #ws.ssl.trustManager.stores =  [
+    #{
+    #  type: "JKS"
+    #  path: "/path/to/truststore.jks"
+    #}
+    #]
+  #}
 
-  # Interval between two MISP event import
+  # Interval between consecutive MISP event  imports  in  hours  (h)  or
+  # minutes (m).
   interval = 1h
 }