Cerebrate version 1.25 released with improvements and various bugs.

Cerebrate v1.25 Release Notes (2024-09-25)

We are excited to announce the release of Cerebrate v1.25! This update includes several new features, enhancements, and bug fixes to improve the overall experience.

New Features:

• UI Enhancements: Country flags have been added in the following sections:
  • Organisations: /organisations/[index/view]
  • Users: /users/[index/view]
    Contributed by Sami Mokaddem

Changes:

• Docker README: Updated PHP version.
  Contributed by Sami Mokaddem
• User Permissions: Refined permission limitations for organisations on the /users/add page.
  Contributed by Sami Mokaddem
• Bookmarks: Improved the handling of malformed content, ensuring the system fails gracefully instead of throwing server errors (500s).
  Contributed by iglocska

Fixes:

• Permission Limitations: Corrected the display of the number of permission limitations for org_group_managers when an organisation they manage lacks users.
  Contributed by Sami Mokaddem
• User Filtering: Added ACL entries for the filtering modal on the users' index page.
  Contributed by Sami Mokaddem
• UI Fixes: Adjusted the search dropdown width to prevent overflow on large result sets, addressing issues raised by @gallypette and @adulau.
  Contributed by Sami Mokaddem
• Group Admin: Resolved a DatabaseException occurring when a group-admin condition included an empty list of values.
  Contributed by Sami Mokaddem
• Bookmarks: Added additional error handling for malformed bookmark entries.
  Contributed by iglocska

Other:

• Several merges from main and develop branches to keep the codebase up-to-date.
  Contributed by Sami Mokaddem, iglocska, Andras Iklody

This release strengthens the stability and functionality of Cerebrate. Thanks to all contributors for their valuable input!

Cerebrate version 1.24 released with API improvements

v1.24 (2024-08-29)

API improvements

Improvement of meta field usage via the API

Add/Edit endpoints have been updated to accept a simplified format of metafields for easier integration. Metafields are now passed as a list of objects with 4 required keys (field, value, template_uuid and template_version).

An example for adding a user, along with metafields set is as follows:

{
    "individual": {
        "email": "andras.iklody@circl.lu",
        "first_name": "Andras",
        "last_name": "Iklody"
    },
    "username": "andras.iklody@circl.lu",
    "organisation_id": "2",
    "role_id": "3",
    "meta_fields": [
      {
        "field": "perm_misp",
        "value": true,
        "template_uuid": "447ded8b-314b-41c7-a913-4ce32535b28d",
        "template_version": 2
      }
    ]
}

Better error handling

Passing malformed data or not setting the proper media type headers resulted in rather arcane messages, complaining about certain validation errors / missing fields in the provided content. This lead to a fair bit of confusion, so from v1.24 on, if for whatever reason Cerebrate cannot pick up on the contents of a POST/PUT request, it will return a 400 warning the user about malformed / missing post bodies.

Thanks to Paweł Pawliński for testing the API and providing feedback!

Alignments and authoring of individuals

In order to shed the frustrations that were up until now caused by org admins / group admins being able to create Individuals, but not to modify them after the fact, we have modified the behaviour altogether.

Having an alignment to the individual enabled org/group admins to modify individuals and as of v1.24, any individual created by one of them will automatically be aligned with their organisation. This should allow org/group admins to retain authoring right.

Version and links to the Cerebrate-project resources

We have added a link to both Cerebrate-project's website and the release notes of the current version to a small header text displayed at all times after login, also indicating the currently installed version for easier identification.

Cerebrate version 1.23 released with an ACL improvement

v1.23 (2024-08-27)

New

• [metafield editor permission] added. [iglocska]

  • users/org admins/group admins/community admins can now only modify metafield data on any object if the permission is set for their role
  • Since some communities use this for ACL to secondary tools, this will allow them to restrict who can modify them

Changes

• [version] bump. [iglocska]

Cerebrate version 1.22 released with various bugs fixed and improvements

v1.22 (2024-08-24)

New

• [administration] allow group/org admins to edit individuals aligned to their managed orgs. [iglocska]

  • based on alignment

• [permissions] split of admin and community admin. [iglocska]

Changes

• [migration] minor fix for rerunability. [iglocska]

• [version] bump. [iglocska]

• [cleanup] removed older revision of upgrade script. [iglocska]

Fix

• [metafield limitation] fixes. [iglocska]

  • correctly show error messages on user creation when limits are hit
  • fixed a bug that cause users from being uncreatable even due to a hit limitation, even if the current user wouldn't influence said limitation

• [community admin] fixes. [iglocska]

• [ACL component] fixes. [iglocska]

Other

• Merge branch 'develop' [iglocska]

Cerebrate version 1.21 released with various bugs fixed

v1.21 (2024-07-02)

New

• [extended logger] added. [iglocska]

  • Added more information about the request to the stack traces
  • logs user name / ID
  • logs request x-forwarded-for

Changes

• [tag] bumped. [iglocska]
• [permission limitations] free limitation count when user disabled. [iglocska]
  • Thanks to Elisabeth from BSI for reporting it
• [permission limitations] free limitation count when user disabled. [iglocska]

Fix

• [user add] fixed bug with metafields on new users causing an exception. [iglocska]

Cerebrate version 1.20 released with various bugs fixed

Release Notes for v1.20 (2024-06-07)

New Features

• Metafield Restrictions: Not enforced on an edit that doesn't change the state of the offending value.
  • If a user is already over the limit of a restriction, they should still be editable.

Changes

• Encryption Keys: Listed for organizations and individuals on their respective views. (Fixes #167)
• Dashboard Redirects: To individual models now sort by modified by default.
  • The dashboard shows new entries, making it logical to sort the list based on changes.
  • Small fix to avoid sanitizing index URLs, ensuring multiple query parameters work correctly.

Fixes

• Alignments: Rules relaxed. (Fixes #164)
  • Site admins can add alignments to anyone.
  • Organization admins can add alignments for their own organization members.
  • Group admins can add alignments for any of their managed organization's members.
• Authkeys: Allow for authkeys with no expiration set. (Fixes #169)
• Authkey Add: Ensure default to expiration=0 if not provided.
• Encryption Keys: Allow for large keys.
• Setting Cerebrate: Enforce debug setting to be true or false.

Cerebrate v1.19 released with several usability / functionality fixes

Cerebrate v1.19 released with several usability / functionality fixes

v1.19 is a maintenance release with fixes and improvements mostly based on the feedback of the CSIRT-Network and ENISA.

New

• Added session handling related settings

Fixes

• Keycloak metafield sync fixed
• Keycloak user modification/view issues when more than 100 users were enrolled due to a built in pagination limit in Keycloak
• User enrollment fixes
• Settings fixes
  • Correctly handle the boolean settings such as debug
  • Correctly display numeric settings
  • Ensure that the settings are loaded correctly
• Prevent the saving of an invalid key expiration (either for dates in the past or altogether invalid dates that were cast to indefinite expiration)
• Group admin fixes
  • Group admins can now properly enroll users for organisations other than their own that they manage
  • Group admins can now modify organisation metadata for all of their managed organisations
  • UI fixes to properly reflect what a group admin can do
  • Pagination issues fixed across the board
    • hard limit of 100 elements /page relaxed

Changes

• Encryption key improvements
  • Reworked UI
  • Fixes to the search interface (search by owner org or individual)
• Various search improvements
  • affected scopes include organisations, users, authentication keys
• Backport and alignment of the MISP3 CRUD component

Cerebrate version 1.18 released including new features, improvements and bugs fixed.

Cerebrate version 1.18 released including new features, improvements and bugs fixed. (2023-12-20)

New

• [settings:inbox.data_change_notify_for_all] Added setting to be more verbose for data changes. [Sami Mokaddem]

• [CRUD:Filtering] Added support of options in index filtering modal. [Sami Mokaddem]

Changes

• [version] bump. [iglocska]

• [inboxes:filtering] Populate username with eligible users in filtering modal. [Sami Mokaddem]

• [crud:index] Include all meta-fields regardless of user's preference when in REST context. [Sami Mokaddem]

• [MISP connector] added bulk org pull. [iglocska]

Fix

• [inboxes:index] Fixed pagination target key. [Sami Mokaddem]

• [component:CRUD] Make sure not to override table aliases when paginating. [Sami Mokaddem]

• [individual:validation] Enforce email format to be a valid email address. [Sami Mokaddem]

• [behavior:notifyAdmins] Fixed typo in date serialization. [Sami Mokaddem]

Other

• Merge branch 'develop' [iglocska]

• Merge branch 'develop' of github.com:cerebrate-project/cerebrate into develop. [Sami Mokaddem]

Cerebrate v1.17 released with new community management and orchestration features

Cerebrate v1.17 released with new community management and orchestration features

Cerebrate topology view

With the release of 1.17, we have added a new interface to view and interact with your Cerebrate and its connected local tools as well as syncing broods.

By bringing up the topology view, Cerebrate will draw a layout of your setup using mermaid.js, showing identified issues and giving you easy access to managing the individual tools.

Using the local tools diagnostic interface, you can tie your own tool into this diagram, giving you an easy overview over misconfigured or misbehaving tools. Simply pivot to any of the sync connections or local tools to modify settings, execute updates and more.

MISP connector updates

In tandem with the topology changes, the MISP connector has gone through a rework, allowing for more thorough diagnostics as well as easier exchange of contact items.

The diagnostics will now warn about worker issues, outdated versions, or misconfigured MySQL / PHP setups. Wherever possible, quick remediation will also be offered via specific actions (such as "update MISP" or "restart workers").

In order to make the exchange of organisations and sharing groups easier, the index interface has been reworked:

The new UI allows for comparing the data in Cerebrate to that in the connected MISP instance and pulling in a new / updated objects in a convenient multi-select function. In order to push organisation or sharing group data, you can use filter rules to define what will get pushed:

Multiple fixes and improvements based on feedback from the CSIRT Network and ENISA

Thanks to our close collaboration, we have received a long list of ideas improvements and fixes in the past few weeks, resulting in a long list of fixes. These include highly improved filtering options for the user index, allowing sub-filtering based on metafields, a new CSV output format.

This becomes increasingly interesting when using Cerebrate with an IAM platform such as keycloak, where we manage subscriptions to certain services via metafields in Cerebrate. Being able to quickly view and interact with users that are subscribed to certain services is now a breeze.

Various other fixes

A long list of fixes targeting our CI test suite as well as realigning the installed dependencies to newer versions (and resolving the issues they caused) were also included, for a full list of changes don't hesitate to check out our Changelog.

Cerebrate version 1.16 released including new features and improvements

Cerebrate version 1.16 released including new features and improvements

Organisation Group management added

With the release of 1.16, we have introduced the new concept organisation groups, an administrative layer sitting on top of organisations, allowing designated group administrators to manage a set of organisations.

Whilst this feature comes as a newly requested feature submitted by ENISA for managing the European CSIRT network, we already see a host of other possibilities for taking advantage of it, ranging from virtual organisation grouping to managing larger sharing communities with self-reliant sub-groups.

In essence, the new feature allows for the creation of sub communities with a degree of self-management, so if you would like to enroll say an ISAC or other sectorial / national group in your community, this can greatly ease the burden of user management on the site administrators by delegating the task to entrusted parties within the sub communities.

Our experience with both MISP and with Cerebrate has shown that contrary to the most common immediate observaions of a potential risk coming from diluting administrative responsibilities, it actually achieves the opposite, by allowing for a smoother, self-service management of not only user enrollment, but also rotating out user accounts and general auditing and life-cycle management of user accounts.

As a site administrator, simply create a new group:

Add administrator(s) to the group to allow for self-management:

Start adding organisations to the group:

Once done, the desginated group administrator can start managing the users of the listed organisations.

Changes

• [users:acl] Improved waterfall model for CRUD operation and updated UI to reflect them. [Sami Mokaddem]

• [ui] Improved reflection of ACL logic in the UI for OrgGroups, Organisations and individuals. [Sami Mokaddem]

• [VERSION] bump. [iglocska]

• [alignments:acl] Reflected ACL logic from individuals to alignments. [Sami Mokaddem]

• [users:edit] Allow users to self edit. [Sami Mokaddem]

• [user-settings:edit] Prevent assigning a setting to another user. [Sami Mokaddem]

• [command:summary] Added data about the modified entity. [Sami Mokaddem]

• [navigation:tags] Updated UI to reflect users' permissions. [Sami Mokaddem]

• [navigation:individuals] Only show edit and deletion buttons if users are allowed to do it. [Sami Mokaddem]

• [genericElements:numberOfElement] Added parameter to show or not the show all option. [Sami Mokaddem]

• [ACL:tags] Relaxed ACL on tags for index and view pages. [Sami Mokaddem]

• [ACL:individual/add] Allow org-admins to create new individuals. [Sami Mokaddem]

Fix

• [ACL] group admins can view users in their group. [iglocska]

• [internal] fixed the function checking if a user belongs to the current User's managed org group. [iglocska]

• [acl:canEditUser] Typo in table name. [Sami Mokaddem]

• [OrgGroups:checkIfGroupAdmin] Consider site_admins as group admin. [Sami Mokaddem]

• [strict typing] Made Sami's frankenstein setup happy. [iglocska]

• [temp] ACL function built up. [iglocska]

• [ACL] fixes. [iglocska]

• [org admins] should be able to edit the org. [iglocska]

• [individual:edit] Select individuals based on their id and not their user_id. [Sami Mokaddem]

• [navigation:CRUDAction-auditlogs] Make ordering by created field unambigous and hide audit button to non-admin users. [Sami Mokaddem]

• [userSettings:add] Aded check to avoid duplicated setting for the same user. [Sami Mokaddem]

• [mailinglist:ACL] Fixed bug in ACL check for access. [Sami Mokaddem]