Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.
[settings:inbox.data_change_notify_for_all] Added setting to be more verbose for data changes. [Sami Mokaddem]
[CRUD:Filtering] Added support of options in index filtering modal. [Sami Mokaddem]
[version] bump. [iglocska]
[inboxes:filtering] Populate username with eligible users in filtering modal. [Sami Mokaddem]
[crud:index] Include all meta-fields regardless of user's preference when in REST context. [Sami Mokaddem]
[MISP connector] added bulk org pull. [iglocska]
[inboxes:index] Fixed pagination target key. [Sami Mokaddem]
[component:CRUD] Make sure not to override table aliases when paginating. [Sami Mokaddem]
[individual:validation] Enforce email format to be a valid email address. [Sami Mokaddem]
[behavior:notifyAdmins] Fixed typo in date serialization. [Sami Mokaddem]
Merge branch 'develop' [iglocska]
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [Sami Mokaddem]
With the release of 1.17, we have added a new interface to view and interact with your Cerebrate and its connected local tools as well as syncing broods.
By bringing up the topology view, Cerebrate will draw a layout of your setup using mermaid.js, showing identified issues and giving you easy access to managing the individual tools.
Using the local tools diagnostic interface, you can tie your own tool into this diagram, giving you an easy overview over misconfigured or misbehaving tools. Simply pivot to any of the sync connections or local tools to modify settings, execute updates and more.
In tandem with the topology changes, the MISP connector has gone through a rework, allowing for more thorough diagnostics as well as easier exchange of contact items.
The diagnostics will now warn about worker issues, outdated versions, or misconfigured MySQL / PHP setups. Wherever possible, quick remediation will also be offered via specific actions (such as "update MISP" or "restart workers").
In order to make the exchange of organisations and sharing groups easier, the index interface has been reworked:
The new UI allows for comparing the data in Cerebrate to that in the connected MISP instance and pulling in a new / updated objects in a convenient multi-select function. In order to push organisation or sharing group data, you can use filter rules to define what will get pushed:
Thanks to our close collaboration, we have received a long list of ideas improvements and fixes in the past few weeks, resulting in a long list of fixes. These include highly improved filtering options for the user index, allowing sub-filtering based on metafields, a new CSV output format.
This becomes increasingly interesting when using Cerebrate with an IAM platform such as keycloak, where we manage subscriptions to certain services via metafields in Cerebrate. Being able to quickly view and interact with users that are subscribed to certain services is now a breeze.
A long list of fixes targeting our CI test suite as well as realigning the installed dependencies to newer versions (and resolving the issues they caused) were also included, for a full list of changes don't hesitate to check out our Changelog.
With the release of 1.16, we have introduced the new concept organisation groups, an administrative layer sitting on top of organisations, allowing designated group administrators to manage a set of organisations.
Whilst this feature comes as a newly requested feature submitted by ENISA for managing the European CSIRT network, we already see a host of other possibilities for taking advantage of it, ranging from virtual organisation grouping to managing larger sharing communities with self-reliant sub-groups.
In essence, the new feature allows for the creation of sub communities with a degree of self-management, so if you would like to enroll say an ISAC or other sectorial / national group in your community, this can greatly ease the burden of user management on the site administrators by delegating the task to entrusted parties within the sub communities.
Our experience with both MISP and with Cerebrate has shown that contrary to the most common immediate observaions of a potential risk coming from diluting administrative responsibilities, it actually achieves the opposite, by allowing for a smoother, self-service management of not only user enrollment, but also rotating out user accounts and general auditing and life-cycle management of user accounts.
As a site administrator, simply create a new group:
Add administrator(s) to the group to allow for self-management:
Start adding organisations to the group:
Once done, the desginated group administrator can start managing the users of the listed organisations.
[users:acl] Improved waterfall model for CRUD operation and updated UI to reflect them. [Sami Mokaddem]
[ui] Improved reflection of ACL logic in the UI for OrgGroups, Organisations and individuals. [Sami Mokaddem]
[VERSION] bump. [iglocska]
[alignments:acl] Reflected ACL logic from individuals to alignments. [Sami Mokaddem]
[users:edit] Allow users to self edit. [Sami Mokaddem]
[user-settings:edit] Prevent assigning a setting to another user. [Sami Mokaddem]
[command:summary] Added data about the modified entity. [Sami Mokaddem]
[navigation:tags] Updated UI to reflect users' permissions. [Sami Mokaddem]
[navigation:individuals] Only show edit and deletion buttons if users are allowed to do it. [Sami Mokaddem]
[genericElements:numberOfElement] Added parameter to show or not the show all
option. [Sami Mokaddem]
[ACL:tags] Relaxed ACL on tags for index and view pages. [Sami Mokaddem]
[ACL:individual/add] Allow org-admin
s to create new individuals. [Sami Mokaddem]
[ACL] group admins can view users in their group. [iglocska]
[internal] fixed the function checking if a user belongs to the current User's managed org group. [iglocska]
[acl:canEditUser] Typo in table name. [Sami Mokaddem]
[OrgGroups:checkIfGroupAdmin] Consider site_admins as group admin. [Sami Mokaddem]
[strict typing] Made Sami's frankenstein setup happy. [iglocska]
[temp] ACL function built up. [iglocska]
[ACL] fixes. [iglocska]
[org admins] should be able to edit the org. [iglocska]
[individual:edit] Select individuals based on their id and not their user_id. [Sami Mokaddem]
[navigation:CRUDAction-auditlogs] Make ordering by created field unambigous and hide audit button to non-admin users. [Sami Mokaddem]
[userSettings:add] Aded check to avoid duplicated setting for the same user. [Sami Mokaddem]
[mailinglist:ACL] Fixed bug in ACL check for access. [Sami Mokaddem]
[version] bump. [iglocska]
[misisng] change. [iglocska]
[internal] fetch first role if no default is set. [iglocska]
[command:summary] Consider perm meta-fields addition/deletion as uesr edit. [Sami Mokaddem]
[config] Force usage of secure cookie for session and csrf protection. [Sami Mokaddem]
[component:CRUD] Include meta-fields in REST queries and clever pagination support for REST queries. [Sami Mokaddem]
[command:summary] Added support of user MetaFields. [Sami Mokaddem]
Allow to show addition and deletion of user metafields such as the ones used for permissions
[security] user settings editable by arbitrary user fixed. [iglocska]
[internal] user add fix attempt #2. [iglocska]
[userSettings:edit] Correctly pre-select user to be edited. [Sami Mokaddem]
Merge branch 'develop' [iglocska]
Merge branch 'main' into develop. [iglocska]
Update INSTALL.md. [Andras Iklody]
Update INSTALL.md. [Andras Iklody]
some minor fixes
[enumerations] added enumerations system. [iglocska]
[enumerations] schema update added. [iglocska]
[version] bump. [iglocska]
[CRUD] allow for sorting on related model fields. [iglocska]
[command:importer] Make sure to use the latest known version of the template. [Sami Mokaddem]
[command:importer] Make sure to use the latest known version of the template. [Sami Mokaddem]
[UI:saas] Clean-up css files and improved sidebar behavior and rendering for all themes. [Sami Mokaddem]
[users] added the country information to the index / view. [iglocska]
[genericElements:formInfo] Removed unused portion of code. [Sami Mokaddem]
[security] blind SQL injection in searchAll. [Sami Mokaddem]
[meta-template-name-directory] Do not access property from null object. [Sami Mokaddem]
[meta-template-direcotry:index] Pass baseurl to the anonymous function. [Sami Mokaddem]
[metaTemplateDirectory:index] No static call anymore. [Sami Mokaddem]
[template:registration] Correct usage of modal parameters. [Sami Mokaddem]
[template:update_all] Correct usage of modal parameters. [Sami Mokaddem]
[helper:formFieldMassage] Correctly check for key to avoid debug output. [Sami Mokaddem]
[app:js] Removed log forgotten console log output. [Sami Mokaddem]
Merge branch 'develop' [iglocska]
Merge branch 'main' into develop. [iglocska]
Merge branch 'main' into develop. [Sami Mokaddem]
Merge branch 'develop' into main. [Sami Mokaddem]
We are pleased to announce the immediate availability of Cerebrate 1.13, including new features, improvements bug and security fixes.
We strongly recommend Cerebrate users to update to this latest version.
[metaTemplateNameDirectory] Added index to see the known template and their associated saved meta-templates. [Sami Mokaddem]
[user:permissionLimitation] Added current permission status while in add
or edit
context. [Sami Mokaddem]
Also moved the notification key from meta-fields to meta-template-fields
[element:tagsField] Added support of editable based on passed configuration. [Sami Mokaddem]
[ui:formInfo] Rafactored formInfo and added support of field description. [Sami Mokaddem]
Can be done by using the tooltip
key on the field configuration
[crud:filter] Added support of IN searches using dropdown. [Sami Mokaddem]
[component:CRUD] Added support of IN condition when filtering index. [Sami Mokaddem]
[version] bump. [iglocska]
[meta-template:index] Added link to metaTemplateNameDirectory. [Sami Mokaddem]
[metaTemplate:update] Gracefully handle case when template on disk is not readable. [Sami Mokaddem]
[ui:select2] Added CSS file relying on BS variables instead of default theme hardcoded values. [Sami Mokaddem]
[helper:bootstrap] Make sure to output the value even if it's a 0
[Sami Mokaddem]
[settings:cerebrate] Improved check before saving debug level. [Sami Mokaddem]
[component:CRUD] Added afterFind
support in add. [Sami Mokaddem]
[user:permissionRestriction] Move check from beforeSave to ApplicationRule. [Sami Mokaddem]
[component:CRUD] Include meta-template before calling afterFind
[Sami Mokaddem]
[tags:org/individual] Relaxed ACL on tagging. [Sami Mokaddem]
site_admin
could add tags.org_admins
can add tags for their orgs and individuals[encryptionKeys:beforeSave] Updated ACL to disable management of keys for regular orgs. [Sami Mokaddem]
[encryptionKey] Made key searchable with substring strategy. [Sami Mokaddem]
[organisations:add] Added notice about UUID reuse. [Sami Mokaddem]
[helper:bootstrap] Added support of ID option. [Sami Mokaddem]
[organisations] nationality field renamed to country. [iglocska]
[roles:index] Only show add role
button for users having ACL access. [Sami Mokaddem]
[authkeys:add] Select logged-in user by default. [Sami Mokaddem]
[audit:filter] Made request_action a multiple search. [Sami Mokaddem]
[meta-template:update] Typo in variable name. [Sami Mokaddem]
[elements:dropdownField] Always attach select2 to the body. [Sami Mokaddem]
[individuals:delete] Gracefully catches deletion of individuals associated to a user. [Sami Mokaddem]
[acl:metaTemplate] Added missing entry. [Sami Mokaddem]
[individuals:canEdit] Changed function from public to private. [Sami Mokaddem]
[elements:bootstrapTabs] Removed unused options. [Sami Mokaddem]
[elements:metaTemplateForm] Restored error container in the form. [Sami Mokaddem]
[element:metafields_panel] Correct usage of notices for bootstrap/listTable. [Sami Mokaddem]
[individual:getValidToEdit] Restricted ACL to prevent one org_admin to edit another from the same org. [Sami Mokaddem]
[authkey:add] Forced expiration
field to use datetime UI component. [Sami Mokaddem]
Fix #145
Merge branch 'develop' [iglocska]
Merge branch 'develop' into main. [Sami Mokaddem]
Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [Sami Mokaddem]
Merge branch 'main' into develop. [iglocska]
Security: [authkey:add] Restrict creation of API keys for users in the same org and for other org_admins. [Sami Mokaddem]
Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do.
A huge thank to the EC for the co-funding for the development of Cerebrate under "Connecting Europe Facility – Cybersecurity Digital Service Infrastructure Maintenance and Evolution of Core Service Platform Cooperation Mechanism for CSIRTs – MeliCERTes Facility” (SMART 2018/1024) contract.
We are pleased to announce the immediate availability of Cerebrate 1.12, including new features, improvements and bug fixes.
{controller}/view
scopeupdate_existing
, delete_all
, update_existing
update_existing
has been set as the default strategy; replacing create_new
fastEnrolment
CLI tool to quickly enroll users, organisations and individualNotification/DataChange
Inbox processormeta_template_directory_id
Several annoying issues have been resolved, especially in regards to meta-template updates and meta-fields migration. For a full list of changes, refer to the changelog
Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do.
A huge thank to the EC for the co-funding for the development of Cerebrate under "Connecting Europe Facility – Cybersecurity Digital Service Infrastructure Maintenance and Evolution of Core Service Platform Cooperation Mechanism for CSIRTs – MeliCERTes Facility” (SMART 2018/1024) contract.
We are pleased to announce the availability of Cerebrate 1.6, a bugfix release resolving several issues identified as a follow up of the 1.5 release.
Several annoying issues have been resolved, especially in regards to older instances being brought up to date with the current state of Cerebrate.
Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do. For a full list of changes, refer to the changelog
We are happy to announce the 1.5 release of Cerebrate, a security, feature and usability release focusing on the various CSIRT use-cases and a user management revamp.
As of the 1.5 release, meta templates have received a host of new functionalities, including advanced search functionalities and special meta fields. The main objective was to enable organisations to capture constituency information for organisation, including CIDR blocks and AS numbers whilst also enabling users to find the correct PoC when searching for responsible parties by for example IP address.
The strategy used to enroll and update users in keycloak has been reworked. Cerebrate is now the authoritative identity provider in our current vision, pushing changes to keycloak. We have also added recurring synchronisation mechanisms to the exchange.
We have had a large penetration test conducted by Zigrin Security as a follow up of the rework of key aspects of Cerebrate such as user management. We have fixed a series of identified vulnerabilities and weaknesses along with identified usability bugs as part of this release. Besides just fixes, this also resulted in some additional security features such as a registration flood protection. For a full run-down of all fixes refer to the changelog and the security page for identified CVEs.
A massive thank you to the Luxembourgish army for funding the penetration test and thereby helping us ensure that our open-source toolchains remain secure and reliable.
A number of views have received overhauls and usability reworks - this is a continuous effort and we are looking for any feedback on how we can further ensure that Cerebrate doesn't get in your way of achieving your community management objectives.
Thanks to all contributors as well as all users that have let us know about issues, improvement ideas and generally sanity checking what we do. For a full list of changes, refer to the changelog
We are happy to announce the 1.4 release of Cerebrate, a stability and bug-fix release resolving a long list of issues that have plagued Cerebrate so far.
This release adds the first revision of the CI suite developed by @righel, allowing us to catch and remediate regressions before they would get merged to the main branch. Expect further tuning and improvements to this suite with most releases going forward from this point on.
OpenAPI integration and descriptions directly available via the UI.
A long list of fixes, affecting most subsystems, from API, through local tools all the way to the configuration settings. Massive thank you to Dawid Czarnecki from Zigrin Security, who is conducting a penetration test of Cerebrate and was kind enough to report any bugs that he ran into during his extensive testing. We would also like to thank The Luxembourg Armed Forces (LAF) for funding the testing and helping us ensure the reliability and security of our tooling.
Cerebrate is the core software component of the MeliCERTes project, aiming to support the pan-european information exchange and collaboration of the CSIRT community. The project is co-funded by the European Commission under Connecting Europe Facility.