From 1d9fba49e85ccd64e9f19b5a194d133f886f859f Mon Sep 17 00:00:00 2001 From: Terrtia Date: Fri, 11 Mar 2022 09:29:48 +0100 Subject: [PATCH] fix: [Investigation] fix MISP Export + UI sidebar --- bin/export/MispExport.py | 22 ++++++++---- bin/lib/Investigations.py | 8 +++-- bin/lib/Tracker.py | 5 +++ bin/lib/objects/abstract_object.py | 11 ++++++ .../correlation/show_correlation.html | 2 +- .../crawler/crawler_splash/showDomain.html | 34 +++++++++++++------ .../templates/sidebars/sidebar_objects.html | 6 ++-- 7 files changed, 64 insertions(+), 24 deletions(-) diff --git a/bin/export/MispExport.py b/bin/export/MispExport.py index c42ed5cb..f038fbac 100755 --- a/bin/export/MispExport.py +++ b/bin/export/MispExport.py @@ -425,16 +425,17 @@ def create_investigation_event(investigation_uuid): event = MISPEvent() event.info = investigation.get_info() - event.uuid = investigation.get_uuid() + event.uuid = investigation.get_uuid(separator=True) event.date = investigation.get_date() event.analysis = investigation.get_analysis() event.threat_level_id = investigation.get_threat_level() - taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags()) - event.Tag = taxonomies_tags - event.Galaxy = galaxies_tags - #event.add_galaxy(galaxies_tags) + event.distribution = 0 + # tags + for tag in investigation.get_tags(): + event.add_tag(tag) + # objects investigation_objs = investigation.get_objects() for obj in investigation_objs: # if subtype -> obj_id = 'subtype:type' @@ -446,18 +447,25 @@ def create_investigation_event(investigation_uuid): if misp_obj: event.add_object(misp_obj) + #taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags()) + #event.Tag = taxonomies_tags + #event.Galaxy = galaxies_tags + #print(galaxies_tags) + #event.add_galaxy(galaxies_tags) + # if publish: # event.publish() # res = event.to_json() - # print(event.to_json()) + # print(event.to_json()) misp = PyMISP(misp_url, misp_key, misp_verifycert) misp_event = misp.add_event(event) - # print(misp_event) + #print(misp_event) # # TODO: handle error event_metadata = extract_event_metadata(misp_event) + print(event_metadata) return event_metadata # if __name__ == '__main__': diff --git a/bin/lib/Investigations.py b/bin/lib/Investigations.py index 733f938b..70fd6554 100755 --- a/bin/lib/Investigations.py +++ b/bin/lib/Investigations.py @@ -92,8 +92,12 @@ class Investigation(object): def __init__(self, investigation_uuid): self.uuid = investigation_uuid - def get_uuid(self): - return self.uuid + def get_uuid(self, separator=False): + if separator: + res = str(uuid.uuid4()) + return uuid.UUID(hex=res, version=4) + else: + return self.uuid # # TODO: Replace by title ?????? def get_name(self): diff --git a/bin/lib/Tracker.py b/bin/lib/Tracker.py index 4abfd805..2f8e8d42 100755 --- a/bin/lib/Tracker.py +++ b/bin/lib/Tracker.py @@ -261,6 +261,11 @@ def get_item_all_trackers_uuid(obj_id): #obj_type = 'item' return r_serv_tracker.smembers(f'obj:trackers:item:{obj_id}') +def is_obj_tracked(obj_type, subtype, id): + return r_serv_tracker.exists(f'obj:trackers:{obj_type}:{obj_id}') + +def get_obj_all_trackers(obj_type, subtype, id): + return r_serv_tracker.smembers(f'obj:trackers:{obj_type}:{obj_id}') def get_email_subject(tracker_uuid): tracker_description = get_tracker_description(tracker_uuid) diff --git a/bin/lib/objects/abstract_object.py b/bin/lib/objects/abstract_object.py index 5b9cfce2..660dff6a 100755 --- a/bin/lib/objects/abstract_object.py +++ b/bin/lib/objects/abstract_object.py @@ -18,6 +18,7 @@ sys.path.append(os.environ['AIL_BIN']) ################################## from packages import Tag from lib.Investigations import is_object_investigated, get_obj_investigations +from lib.Tracker import is_obj_tracked, get_obj_all_trackers # # TODO: ADD CORRELATION ENGINE @@ -91,6 +92,16 @@ class AbstractObject(ABC): return investigations #- Investigations -# + ## Trackers ## + + def is_tracked(self): + return is_obj_tracked(self.type, self.subtype, self.id) + + def get_trackers(self): + return get_obj_all_trackers(self.type, self.subtype, self.id) + + #- Investigations -# + def _delete(self): # DELETE TAGS Tag.delete_obj_all_tags(self.id, self.type) diff --git a/var/www/templates/correlation/show_correlation.html b/var/www/templates/correlation/show_correlation.html index 1ca33d9a..6a3355ed 100644 --- a/var/www/templates/correlation/show_correlation.html +++ b/var/www/templates/correlation/show_correlation.html @@ -87,7 +87,7 @@
- {% include 'decoded/menu_sidebar.html' %} + {% include 'sidebars/sidebar_objects.html' %}
diff --git a/var/www/templates/crawler/crawler_splash/showDomain.html b/var/www/templates/crawler/crawler_splash/showDomain.html index dc6ff373..f02a4aa7 100644 --- a/var/www/templates/crawler/crawler_splash/showDomain.html +++ b/var/www/templates/crawler/crawler_splash/showDomain.html @@ -131,18 +131,30 @@ - {% if 'correlation_nb' in dict_domain %} - {% if dict_domain["correlation_nb"] > 0 %} -
- +
+ {% if 'correlation_nb' in dict_domain %} + {% if dict_domain["correlation_nb"] > 0 %} +
+ + {%endif%} {%endif%} - {%endif%} + + {% with obj_type='domain', obj_id=dict_domain['domain'], obj_subtype=''%} + {% include 'modals/investigations_register_obj.html' %} + {% endwith %} +
+ +
+ +
{% with obj_type='domain', obj_id=dict_domain['domain'], obj_lvl=0%} diff --git a/var/www/templates/sidebars/sidebar_objects.html b/var/www/templates/sidebars/sidebar_objects.html index 3d8e69f2..3f7e2025 100644 --- a/var/www/templates/sidebars/sidebar_objects.html +++ b/var/www/templates/sidebars/sidebar_objects.html @@ -5,11 +5,11 @@ Toggle Sidebar -