From 55d71e0a0b4a2e092b65908460b1ad81b5f420ea Mon Sep 17 00:00:00 2001 From: Terrtia Date: Thu, 16 Mar 2023 14:51:53 +0100 Subject: [PATCH] fix: [exporter] thehive exporter, create case --- bin/export/Export.py | 14 ------- bin/lib/Tag.py | 62 +++++++++++++++++++++++------ var/www/blueprints/import_export.py | 18 +++++---- 3 files changed, 60 insertions(+), 34 deletions(-) diff --git a/bin/export/Export.py b/bin/export/Export.py index 7b39acd4..b974aabf 100755 --- a/bin/export/Export.py +++ b/bin/export/Export.py @@ -28,20 +28,6 @@ import thehive4py.exceptions from pymisp import MISPEvent, MISPObject, PyMISP -################################## -# THE HIVE -################################## - -# TODO -def get_item_hive_cases(item_id): - hive_case = r_serv_metadata.get('hive_cases:{}'.format(item_id)) - if hive_case: - hive_case = the_hive_url + '/index.html#/case/{}/details'.format(hive_case) - return hive_case - - - - ########################################################### # # set default # if r_serv_db.get('hive:auto-alerts') is None: diff --git a/bin/lib/Tag.py b/bin/lib/Tag.py index 210bf94c..43d233ce 100755 --- a/bin/lib/Tag.py +++ b/bin/lib/Tag.py @@ -538,6 +538,7 @@ def get_tag_first_seen(tag, object_type=None, r_int=False): else: first_seen = 99999999 return first_seen + # # TODO: LATER ADD object metadata # if not object_type: # r_tags.hget(f'tag_metadata:{tag}', 'first_seen') @@ -1147,33 +1148,68 @@ def get_enabled_tags_with_synonyms_ui(): ################################################################################### ################################################################################### + +# TODO FORBID Collision CUSTOM TAG or force custom:tag + # TYPE -> taxonomy/galaxy/custom class Tag: - def __int__(self, t_type, t_id, obj='item'): - self.type = t_type - self.id = t_id - self.obj = obj + def __int__(self, name: str, local=False): # TODO Get first seen by object, obj='item + self.name = name + self.local = local - def get_first_seen(self): - pass + def is_local(self): + return self.local - def get_last_seen(self): - pass + # TODO custom / local + def get_type(self): + if self.name.startswith('misp-galaxy:'): + return 'galaxy' + else: + return 'taxonomy' + + + + def get_first_seen(self, r_int=False): + first_seen = r_tags.hget(f'meta:tag:{self.name}', 'first_seen') + if r_int: + if first_seen: + first_seen = int(first_seen) + else: + first_seen = 99999999 + return first_seen + + def get_last_seen(self, r_int=False): + last_seen = r_tags.hget(f'meta:tag:{self.name}', 'last_seen') # 'last_seen:object' -> only if date or daterange + if r_int: + if last_seen: + last_seen = int(last_seen) + else: + last_seen = 0 + return last_seen def get_color(self): - pass + color = r_tags.hget(f'meta:tag:{self.name}', 'color') + if not color: + return '#ffffff' + + def set_color(self, color): + r_tags.hget(f'meta:tag:{self.name}', 'color', color) def is_enabled(self): - pass + return r_tags.sismember(f'tags:enabled', self.name) + def get_synonyms(self): + return r_tags.smembers(f'synonyms:tag:{self.name}') + + # color def get_meta(self): meta = {'first_seen': self.get_first_seen(), 'last_seen': self.get_last_seen(), - 'obj': self.obj, - 'tag': self.id, - 'type': self.type} + 'tag': self.name, + 'local': self.is_local()} + return meta ################################################################################### diff --git a/var/www/blueprints/import_export.py b/var/www/blueprints/import_export.py index 635c07e0..3214ee32 100644 --- a/var/www/blueprints/import_export.py +++ b/var/www/blueprints/import_export.py @@ -22,12 +22,13 @@ sys.path.append(os.environ['AIL_BIN']) # Import Project packages ################################## from exporter import MISPExporter +from exporter import TheHiveExporter from lib.objects import ail_objects from lib.Investigations import Investigation # TODO REMOVE ME -from export import Export # TODO REMOVE ME from export import MispImport # TODO REMOVE ME + # TODO REMOVE ME # ============ BLUEPRINT ============ @@ -38,6 +39,9 @@ import_export = Blueprint('import_export', __name__, misp_exporter_objects = MISPExporter.MISPExporterAILObjects() misp_exporter_investigation = MISPExporter.MISPExporterInvestigation() +thehive_exporter_item = TheHiveExporter.TheHiveExporterItem() + + # ============ FUNCTIONS ============ @@ -205,7 +209,7 @@ def export_investigation(): if not investigation.exists(): abort(404) if misp_exporter_objects.ping_misp(): - event = misp_exporter_objects.export({'type': 'investigation', 'data': {'investigation': investigation}}) + event = misp_exporter_investigation.export(investigation) print(event) else: return Response(json.dumps({"error": "Can't reach MISP Instance"}, indent=2, sort_keys=True), @@ -219,17 +223,17 @@ def export_investigation(): def create_thehive_case(): description = request.form['hive_description'] title = request.form['hive_case_title'] - threat_level = Export.sanitize_threat_level_hive(request.form['threat_level_hive']) - tlp = Export.sanitize_tlp_hive(request.form['hive_tlp']) + threat_level = request.form['threat_level_hive'] + tlp = request.form['hive_tlp'] item_id = request.form['obj_id'] item = ail_objects.get_object('item', '', item_id) if not item.exists(): abort(404) - case_id = Export.create_thehive_case(item_id, title=title, tlp=tlp, threat_level=threat_level, - description=description) + case_id = thehive_exporter_item.export(item.get_id(), description=description, title=title, + threat_level=threat_level, tlp=tlp) if case_id: - return redirect(Export.get_case_url(case_id)) + return redirect(thehive_exporter_item.get_case_url(case_id)) else: return 'error'