mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-26 15:57:16 +00:00
fix: [Investigation] fix MISP Export + UI sidebar
This commit is contained in:
parent
0b426f2cfd
commit
1d9fba49e8
7 changed files with 64 additions and 24 deletions
|
@ -425,16 +425,17 @@ def create_investigation_event(investigation_uuid):
|
||||||
|
|
||||||
event = MISPEvent()
|
event = MISPEvent()
|
||||||
event.info = investigation.get_info()
|
event.info = investigation.get_info()
|
||||||
event.uuid = investigation.get_uuid()
|
event.uuid = investigation.get_uuid(separator=True)
|
||||||
event.date = investigation.get_date()
|
event.date = investigation.get_date()
|
||||||
event.analysis = investigation.get_analysis()
|
event.analysis = investigation.get_analysis()
|
||||||
event.threat_level_id = investigation.get_threat_level()
|
event.threat_level_id = investigation.get_threat_level()
|
||||||
|
|
||||||
taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags())
|
event.distribution = 0
|
||||||
event.Tag = taxonomies_tags
|
|
||||||
event.Galaxy = galaxies_tags
|
|
||||||
#event.add_galaxy(galaxies_tags)
|
|
||||||
|
|
||||||
|
# tags
|
||||||
|
for tag in investigation.get_tags():
|
||||||
|
event.add_tag(tag)
|
||||||
|
# objects
|
||||||
investigation_objs = investigation.get_objects()
|
investigation_objs = investigation.get_objects()
|
||||||
for obj in investigation_objs:
|
for obj in investigation_objs:
|
||||||
# if subtype -> obj_id = 'subtype:type'
|
# if subtype -> obj_id = 'subtype:type'
|
||||||
|
@ -446,18 +447,25 @@ def create_investigation_event(investigation_uuid):
|
||||||
if misp_obj:
|
if misp_obj:
|
||||||
event.add_object(misp_obj)
|
event.add_object(misp_obj)
|
||||||
|
|
||||||
|
#taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags())
|
||||||
|
#event.Tag = taxonomies_tags
|
||||||
|
#event.Galaxy = galaxies_tags
|
||||||
|
#print(galaxies_tags)
|
||||||
|
#event.add_galaxy(galaxies_tags)
|
||||||
|
|
||||||
# if publish:
|
# if publish:
|
||||||
# event.publish()
|
# event.publish()
|
||||||
|
|
||||||
# res = event.to_json()
|
# res = event.to_json()
|
||||||
# print(event.to_json())
|
|
||||||
|
|
||||||
|
# print(event.to_json())
|
||||||
misp = PyMISP(misp_url, misp_key, misp_verifycert)
|
misp = PyMISP(misp_url, misp_key, misp_verifycert)
|
||||||
misp_event = misp.add_event(event)
|
misp_event = misp.add_event(event)
|
||||||
# print(misp_event)
|
#print(misp_event)
|
||||||
|
|
||||||
# # TODO: handle error
|
# # TODO: handle error
|
||||||
event_metadata = extract_event_metadata(misp_event)
|
event_metadata = extract_event_metadata(misp_event)
|
||||||
|
print(event_metadata)
|
||||||
return event_metadata
|
return event_metadata
|
||||||
|
|
||||||
# if __name__ == '__main__':
|
# if __name__ == '__main__':
|
||||||
|
|
|
@ -92,8 +92,12 @@ class Investigation(object):
|
||||||
def __init__(self, investigation_uuid):
|
def __init__(self, investigation_uuid):
|
||||||
self.uuid = investigation_uuid
|
self.uuid = investigation_uuid
|
||||||
|
|
||||||
def get_uuid(self):
|
def get_uuid(self, separator=False):
|
||||||
return self.uuid
|
if separator:
|
||||||
|
res = str(uuid.uuid4())
|
||||||
|
return uuid.UUID(hex=res, version=4)
|
||||||
|
else:
|
||||||
|
return self.uuid
|
||||||
|
|
||||||
# # TODO: Replace by title ??????
|
# # TODO: Replace by title ??????
|
||||||
def get_name(self):
|
def get_name(self):
|
||||||
|
|
|
@ -261,6 +261,11 @@ def get_item_all_trackers_uuid(obj_id):
|
||||||
#obj_type = 'item'
|
#obj_type = 'item'
|
||||||
return r_serv_tracker.smembers(f'obj:trackers:item:{obj_id}')
|
return r_serv_tracker.smembers(f'obj:trackers:item:{obj_id}')
|
||||||
|
|
||||||
|
def is_obj_tracked(obj_type, subtype, id):
|
||||||
|
return r_serv_tracker.exists(f'obj:trackers:{obj_type}:{obj_id}')
|
||||||
|
|
||||||
|
def get_obj_all_trackers(obj_type, subtype, id):
|
||||||
|
return r_serv_tracker.smembers(f'obj:trackers:{obj_type}:{obj_id}')
|
||||||
|
|
||||||
def get_email_subject(tracker_uuid):
|
def get_email_subject(tracker_uuid):
|
||||||
tracker_description = get_tracker_description(tracker_uuid)
|
tracker_description = get_tracker_description(tracker_uuid)
|
||||||
|
|
|
@ -18,6 +18,7 @@ sys.path.append(os.environ['AIL_BIN'])
|
||||||
##################################
|
##################################
|
||||||
from packages import Tag
|
from packages import Tag
|
||||||
from lib.Investigations import is_object_investigated, get_obj_investigations
|
from lib.Investigations import is_object_investigated, get_obj_investigations
|
||||||
|
from lib.Tracker import is_obj_tracked, get_obj_all_trackers
|
||||||
|
|
||||||
# # TODO: ADD CORRELATION ENGINE
|
# # TODO: ADD CORRELATION ENGINE
|
||||||
|
|
||||||
|
@ -91,6 +92,16 @@ class AbstractObject(ABC):
|
||||||
return investigations
|
return investigations
|
||||||
#- Investigations -#
|
#- Investigations -#
|
||||||
|
|
||||||
|
## Trackers ##
|
||||||
|
|
||||||
|
def is_tracked(self):
|
||||||
|
return is_obj_tracked(self.type, self.subtype, self.id)
|
||||||
|
|
||||||
|
def get_trackers(self):
|
||||||
|
return get_obj_all_trackers(self.type, self.subtype, self.id)
|
||||||
|
|
||||||
|
#- Investigations -#
|
||||||
|
|
||||||
def _delete(self):
|
def _delete(self):
|
||||||
# DELETE TAGS
|
# DELETE TAGS
|
||||||
Tag.delete_obj_all_tags(self.id, self.type)
|
Tag.delete_obj_all_tags(self.id, self.type)
|
||||||
|
|
|
@ -87,7 +87,7 @@
|
||||||
<div class="container-fluid">
|
<div class="container-fluid">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
|
||||||
{% include 'decoded/menu_sidebar.html' %}
|
{% include 'sidebars/sidebar_objects.html' %}
|
||||||
|
|
||||||
<div class="col-12 col-lg-10" id="core_content">
|
<div class="col-12 col-lg-10" id="core_content">
|
||||||
|
|
||||||
|
|
|
@ -131,18 +131,30 @@
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
{% if 'correlation_nb' in dict_domain %}
|
<div class="d-flex flex-row-reverse bd-highlight mt-2">
|
||||||
{% if dict_domain["correlation_nb"] > 0 %}
|
{% if 'correlation_nb' in dict_domain %}
|
||||||
<hr>
|
{% if dict_domain["correlation_nb"] > 0 %}
|
||||||
<div class="mt-2">
|
<hr>
|
||||||
<a href="{{ url_for('correlation.show_correlation')}}?object_type=domain&correlation_id={{ dict_domain['domain'] }}&correlation_objects=domain" target="_blank" style="font-size: 15px">
|
<div>
|
||||||
<button class="btn btn-info"><i class="fas fa-search"></i> Show Domain Correlations
|
<a href="{{ url_for('correlation.show_correlation')}}?object_type=domain&correlation_id={{ dict_domain['domain'] }}&correlation_objects=domain" target="_blank" style="font-size: 15px">
|
||||||
<div class="badge badge-warning">{{dict_domain['correlation_nb']}}</div>
|
<button class="btn btn-info"><i class="fas fa-search"></i> Show Domain Correlations
|
||||||
</button>
|
<div class="badge badge-warning">{{dict_domain['correlation_nb']}}</div>
|
||||||
</a>
|
</button>
|
||||||
</div>
|
</a>
|
||||||
|
</div>
|
||||||
|
{%endif%}
|
||||||
{%endif%}
|
{%endif%}
|
||||||
{%endif%}
|
|
||||||
|
{% with obj_type='domain', obj_id=dict_domain['domain'], obj_subtype=''%}
|
||||||
|
{% include 'modals/investigations_register_obj.html' %}
|
||||||
|
{% endwith %}
|
||||||
|
<div class="mr-2">
|
||||||
|
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
|
||||||
|
<i class="fas fa-microscope"></i> Investigations
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="mt-2">
|
<div class="mt-2">
|
||||||
{% with obj_type='domain', obj_id=dict_domain['domain'], obj_lvl=0%}
|
{% with obj_type='domain', obj_id=dict_domain['domain'], obj_lvl=0%}
|
||||||
|
|
|
@ -5,11 +5,11 @@
|
||||||
<span>Toggle Sidebar</span>
|
<span>Toggle Sidebar</span>
|
||||||
</button>
|
</button>
|
||||||
|
|
||||||
<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_investigation">
|
<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_menu">
|
||||||
<h5 class="d-flex text-muted w-100">
|
<h5 class="d-flex text-muted w-100">
|
||||||
<span>Investigations</span>
|
<span>Investigations</span>
|
||||||
</h5>
|
</h5>
|
||||||
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
|
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
|
||||||
<li class="nav-item">
|
<li class="nav-item">
|
||||||
<a class="nav-link" href="{{url_for('investigations_b.investigations_dashboard')}}" id="nav_investigation_dashboard">
|
<a class="nav-link" href="{{url_for('investigations_b.investigations_dashboard')}}" id="nav_investigation_dashboard">
|
||||||
<i class="fas fa-microscope"></i>
|
<i class="fas fa-microscope"></i>
|
||||||
|
@ -24,7 +24,6 @@
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
<h5 class="d-flex text-muted w-100">
|
<h5 class="d-flex text-muted w-100">
|
||||||
<span>Objects</span>
|
<span>Objects</span>
|
||||||
</h5>
|
</h5>
|
||||||
|
@ -56,6 +55,7 @@
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<h5 class="d-flex text-muted w-100">
|
<h5 class="d-flex text-muted w-100">
|
||||||
<span>
|
<span>
|
||||||
<img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP" style="width:80px;">
|
<img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP" style="width:80px;">
|
||||||
|
|
Loading…
Reference in a new issue