Cerebrate Versions Save

Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.

v1.4

2 years ago

v1.4 (2022-01-27)

We are happy to announce the 1.4 release of Cerebrate, a stability and bug-fix release resolving a long list of issues that have plagued Cerebrate so far.

Integration test

This release adds the first revision of the CI suite developed by @righel, allowing us to catch and remediate regressions before they would get merged to the main branch. Expect further tuning and improvements to this suite with most releases going forward from this point on.

API documentation

OpenAPI integration and descriptions directly available via the UI.

Fixes

A long list of fixes, affecting most subsystems, from API, through local tools all the way to the configuration settings. Massive thank you to Dawid Czarnecki from Zigrin Security, who is conducting a penetration test of Cerebrate and was kind enough to report any bugs that he ran into during his extensive testing. We would also like to thank The Luxembourg Armed Forces (LAF) for funding the testing and helping us ensure the reliability and security of our tooling.

Cerebrate is the core software component of the MeliCERTes project, aiming to support the pan-european information exchange and collaboration of the CSIRT community. The project is co-funded by the European Commission under Connecting Europe Facility.

v1.3

2 years ago

v1.3 (2021-12-22)

Changes

  • [keycloak] added screw to loosen timing issues. [iglocska]

  • Misp connector index changes. [iglocska]

  • [themes] Recompiled themes using dart-sass. [Sami Mokaddem]

  • [themes:packages] Replaced node-sass by dart-sass. [Sami Mokaddem]

Fix

  • [local_tool:batchApiAction] Various UI and backend fixes. [Sami Mokaddem]

  • [main] Prevent setting listeners if dependencies are not loaded. [Sami Mokaddem]

Other

  • Merge branch 'main' of github.com:cerebrate-project/cerebrate into main. [iglocska]

  • Don't ignore platform reqs in dockerfile. [Andras Iklody]

  • Merge branch 'develop' into main. [iglocska]

  • Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [iglocska]

v1.2

2 years ago

v1.2 (2021-12-15)

Cerebrate v1.2 released with a host of bugs resolved and some slight modifications to the handling of the user objects.

User objects are now tied to organisations

Prior to this versions, the only way to bind a user to an organisation was via the related individual object. This caused issues with users belonging to multiple or no organisations in practice, both of which are valid for individuals, but make access control difficult.

With the current release, users are now tied to organisations and the access control is restricted accordingly. If the intent is to allow a user to act on behalf of multiple organisations, simply add multiple users to an existing individual, one for each organisation, to achieve the expected result.

Changelog

New

  • [ACL Helper] check access for controller / action pair for given user. [iglocska]

    • accesible everywhere in the UI

  • [ACL component] new functionalities. [iglocska]

    • getRoleAccess now returns either URLs or arrays
    • array format allows for easy checking of controller + action pairs

  • [ACL] getRoleAccess endpoint added. [iglocska]

    • prints all valid URLs for the current user's role

Changes

  • [sharing group index] add button now has the new checkaccess conditions applied. [iglocska]

  • [appcontroller] minor changes. [iglocska]

    • getRoleAccess now returns array format
    • moved setting of view variables behind a rest check, to avoid additional unused actions for API queries
    • current user's role access matrix passed to view via "roleAccess"

Fix

  • [sharing group index] fixed members link. [iglocska]

  • [sharing groups] index members column fixed. [iglocska]

  • [encryptions] fixed adding encryption keys. [iglocska]

  • [ACL] added missing entries. [iglocska]

  • [ACL] fix wildcard controller checks failing. [iglocska]

  • [encryption keys] only show valid options when creating keys as a user. [iglocska]

  • [keycloak] enrollment org_id issues fixed. [iglocska]

  • [user add] form fixes. [iglocska]

  • [forms] added missing password form field. [iglocska]

  • [forms] dropdowns overriding values from request. [iglocska]

Other

  • Merge branch 'develop' into main. [iglocska]

  • Merge branch 'main' into develop. [iglocska]

v1.1

2 years ago

Cerebrate 1.1 released - the open source companion to ISACs, CSIRTs and SOCs

Screenshot from 2021-10-19 16-31-56 Screenshot from 2021-10-19 16-32-35

In the scope of the Open platform and tools to facilitate the collaboration among Computer Security Incident Response Teams project funded by the EU commission, CIRCL is pleased to announce the 1.1 release of Cerebrate, an open source security orchestration tool for CSIRTs and SOCs.

New features and fixes

  • A new audit logging system has been added to Cerebrate. The audit system is based on the MISP new audit logging functionality.
  • [security] The ACL systems have been tightened up for several controllers and organisation administrator privileges have been implemented.
  • [keycloak improvement] when enrolling users in keycloak, the user organisation_id is used instead of the individual's first alias.
  • Multiple improvements and bugs fixed in the API and user-interface.

For more details of changes in the Cerebrate changelog.

For more information, you can visit the cerebrate project website. You can also follow the MISP and Cerebrate Twitter account. Contact CIRCL for partnerships, ideas and feedback.

v1.0

2 years ago

Cerebrate 1.0 released

We are pleased to announce the first official release of Cerebrate. Whilst it is still early days for the project, our hope is that the platform in its current state already brings a notable improvement.

Screenshot from 2021-10-19 16-31-56 Screenshot from 2021-10-19 16-32-35

What is Cerebrate?

Cerebrate is a new open source tool, aiming to address several deficiencies in our tool chains, including having a central contact database for communities as well as community interconnection orchestration and security tool fleet management.

This first release of Cerebrate acts as a basis for future developments in the above areas, with functionalities to cover a host of different tasks.

Main features

  • Contact database containing information on organisations and individuals
  • Public key store for the above for information validation and secure communications
  • Centralised sharing group management
  • Cerebrate to Cerebrate synchronisation
  • Local integration module system
    • Currently with a MISP module included
  • Cerebrate to Cerebrate local tool interconnection
  • Local tool fleet management features
  • Ingestion tools for community specific contact database mappings
  • Integration with Keycloak

We welcome any ideas for improvement, pull requests and bug reports from the community. Additionally, we are also looking for tool developers / vendors that would like to work with us on integration modules for their respective tools.

Acknowledgement

Cerebrate's development is co-financed by the Melicertes 2 project CEF, funded by the EU.