fix: [Investigation] fix MISP Export + UI sidebar

2024-11-10 00:28:22 +00:00 · 2022-03-11 09:29:48 +01:00 · 2022-03-11 09:29:48 +01:00 · 1d9fba49e8
commit 1d9fba49e8
parent 0b426f2cfd
7 changed files with 64 additions and 24 deletions
--- a/bin/export/MispExport.py
+++ b/bin/export/MispExport.py
@ -425,16 +425,17 @@ def create_investigation_event(investigation_uuid):

    event = MISPEvent()
    event.info = investigation.get_info()
-    event.uuid = investigation.get_uuid()
+    event.uuid = investigation.get_uuid(separator=True)
    event.date = investigation.get_date()
    event.analysis = investigation.get_analysis()
    event.threat_level_id = investigation.get_threat_level()

-    taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags())
-    event.Tag = taxonomies_tags
-    event.Galaxy = galaxies_tags
-    #event.add_galaxy(galaxies_tags)
+    event.distribution = 0

+    # tags
+    for tag in investigation.get_tags():
+        event.add_tag(tag)
+    # objects
    investigation_objs = investigation.get_objects()
    for obj in investigation_objs:
        # if subtype -> obj_id = 'subtype:type'
@ -446,18 +447,25 @@ def create_investigation_event(investigation_uuid):
        if misp_obj:
            event.add_object(misp_obj)

+    #taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags())
+    #event.Tag = taxonomies_tags
+    #event.Galaxy = galaxies_tags
+    #print(galaxies_tags)
+    #event.add_galaxy(galaxies_tags)
+
    # if publish:
    #     event.publish()

    # res = event.to_json()
-    # print(event.to_json())

+    # print(event.to_json())
    misp = PyMISP(misp_url, misp_key, misp_verifycert)
    misp_event = misp.add_event(event)
-    # print(misp_event)
+    #print(misp_event)

    # # TODO: handle error
    event_metadata = extract_event_metadata(misp_event)
+    print(event_metadata)
    return event_metadata

 # if __name__ == '__main__':
--- a/bin/lib/Investigations.py
+++ b/bin/lib/Investigations.py
@ -92,8 +92,12 @@ class Investigation(object):
    def __init__(self, investigation_uuid):
        self.uuid = investigation_uuid

-    def get_uuid(self):
-        return self.uuid
+    def get_uuid(self, separator=False):
+        if separator:
+            res = str(uuid.uuid4())
+            return uuid.UUID(hex=res, version=4)
+        else:
+            return self.uuid

    # # TODO: Replace by title ??????
    def get_name(self):
--- a/bin/lib/Tracker.py
+++ b/bin/lib/Tracker.py
@ -261,6 +261,11 @@ def get_item_all_trackers_uuid(obj_id):
    #obj_type = 'item'
    return r_serv_tracker.smembers(f'obj:trackers:item:{obj_id}')

+def is_obj_tracked(obj_type, subtype, id):
+    return r_serv_tracker.exists(f'obj:trackers:{obj_type}:{obj_id}')
+
+def get_obj_all_trackers(obj_type, subtype, id):
+    return r_serv_tracker.smembers(f'obj:trackers:{obj_type}:{obj_id}')

 def get_email_subject(tracker_uuid):
    tracker_description = get_tracker_description(tracker_uuid)
--- a/bin/lib/objects/abstract_object.py
+++ b/bin/lib/objects/abstract_object.py
@ -18,6 +18,7 @@ sys.path.append(os.environ['AIL_BIN'])
 ##################################
 from packages import Tag
 from lib.Investigations import is_object_investigated, get_obj_investigations
+from lib.Tracker import is_obj_tracked, get_obj_all_trackers

 # # TODO: ADD CORRELATION ENGINE

@ -91,6 +92,16 @@ class AbstractObject(ABC):
        return investigations
    #- Investigations -#

+    ## Trackers ##
+
+    def is_tracked(self):
+        return is_obj_tracked(self.type, self.subtype, self.id)
+
+    def get_trackers(self):
+        return get_obj_all_trackers(self.type, self.subtype, self.id)
+
+    #- Investigations -#
+
    def _delete(self):
        # DELETE TAGS
        Tag.delete_obj_all_tags(self.id, self.type)
--- a/var/www/templates/correlation/show_correlation.html
+++ b/var/www/templates/correlation/show_correlation.html
@ -87,7 +87,7 @@
 		<div class="container-fluid">
 			<div class="row">

-				{% include 'decoded/menu_sidebar.html' %}
+				{% include 'sidebars/sidebar_objects.html' %}

 				<div class="col-12 col-lg-10" id="core_content">

--- a/var/www/templates/crawler/crawler_splash/showDomain.html
+++ b/var/www/templates/crawler/crawler_splash/showDomain.html
@ -131,18 +131,30 @@
                  </tbody>
                </table>

-                {% if 'correlation_nb' in dict_domain %}
-                  {% if dict_domain["correlation_nb"] > 0 %}
-                    <hr>
-                    <div class="mt-2">
-            					<a href="{{ url_for('correlation.show_correlation')}}?object_type=domain&correlation_id={{ dict_domain['domain'] }}&correlation_objects=domain" target="_blank" style="font-size: 15px">
-            						<button class="btn btn-info"><i class="fas fa-search"></i> Show Domain Correlations &nbsp;
-                          <div class="badge badge-warning">{{dict_domain['correlation_nb']}}</div>
-            						</button>
-            					</a>
-            				</div>
+                <div class="d-flex flex-row-reverse bd-highlight mt-2">
+                  {% if 'correlation_nb' in dict_domain %}
+                    {% if dict_domain["correlation_nb"] > 0 %}
+                      <hr>
+                      <div>
+              					<a href="{{ url_for('correlation.show_correlation')}}?object_type=domain&correlation_id={{ dict_domain['domain'] }}&correlation_objects=domain" target="_blank" style="font-size: 15px">
+              						<button class="btn btn-info"><i class="fas fa-search"></i> Show Domain Correlations &nbsp;
+                            <div class="badge badge-warning">{{dict_domain['correlation_nb']}}</div>
+              						</button>
+              					</a>
+              				</div>
+                    {%endif%}
                  {%endif%}
-                {%endif%}
+
+                  {% with obj_type='domain', obj_id=dict_domain['domain'], obj_subtype=''%}
+                    {% include 'modals/investigations_register_obj.html' %}
+                  {% endwith %}
+                  <div class="mr-2">
+                    <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
+                      <i class="fas fa-microscope"></i> Investigations
+                    </button>
+                  </div>
+
+                </div>

                <div class="mt-2">
                  {% with obj_type='domain', obj_id=dict_domain['domain'], obj_lvl=0%}
--- a/var/www/templates/sidebars/sidebar_objects.html
+++ b/var/www/templates/sidebars/sidebar_objects.html
@ -5,11 +5,11 @@
      	  <span>Toggle Sidebar</span>
      	</button>

-      	<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_investigation">
+      	<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_menu">
          <h5 class="d-flex text-muted w-100">
      		  <span>Investigations</span>
      		</h5>
-      	  <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
+          <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
      	    <li class="nav-item">
      	      <a class="nav-link" href="{{url_for('investigations_b.investigations_dashboard')}}" id="nav_investigation_dashboard">
                <i class="fas fa-microscope"></i>
@ -24,7 +24,6 @@
      	    </li>
          </ul>

-
          <h5 class="d-flex text-muted w-100">
      		  <span>Objects</span>
      		</h5>
@ -56,6 +55,7 @@
          </ul>


+
          <h5 class="d-flex text-muted w-100">
      		  <span>
              <img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP" style="width:80px;">