mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-29 17:27:17 +00:00
fix: [exporter] thehive exporter, create case
This commit is contained in:
parent
c2a4224375
commit
55d71e0a0b
3 changed files with 60 additions and 34 deletions
|
@ -28,20 +28,6 @@ import thehive4py.exceptions
|
|||
|
||||
from pymisp import MISPEvent, MISPObject, PyMISP
|
||||
|
||||
##################################
|
||||
# THE HIVE
|
||||
##################################
|
||||
|
||||
# TODO
|
||||
def get_item_hive_cases(item_id):
|
||||
hive_case = r_serv_metadata.get('hive_cases:{}'.format(item_id))
|
||||
if hive_case:
|
||||
hive_case = the_hive_url + '/index.html#/case/{}/details'.format(hive_case)
|
||||
return hive_case
|
||||
|
||||
|
||||
|
||||
|
||||
###########################################################
|
||||
# # set default
|
||||
# if r_serv_db.get('hive:auto-alerts') is None:
|
||||
|
|
|
@ -538,6 +538,7 @@ def get_tag_first_seen(tag, object_type=None, r_int=False):
|
|||
else:
|
||||
first_seen = 99999999
|
||||
return first_seen
|
||||
|
||||
# # TODO: LATER ADD object metadata
|
||||
# if not object_type:
|
||||
# r_tags.hget(f'tag_metadata:{tag}', 'first_seen')
|
||||
|
@ -1147,33 +1148,68 @@ def get_enabled_tags_with_synonyms_ui():
|
|||
###################################################################################
|
||||
###################################################################################
|
||||
|
||||
|
||||
# TODO FORBID Collision CUSTOM TAG or force custom:tag
|
||||
|
||||
# TYPE -> taxonomy/galaxy/custom
|
||||
|
||||
class Tag:
|
||||
|
||||
def __int__(self, t_type, t_id, obj='item'):
|
||||
self.type = t_type
|
||||
self.id = t_id
|
||||
self.obj = obj
|
||||
def __int__(self, name: str, local=False): # TODO Get first seen by object, obj='item
|
||||
self.name = name
|
||||
self.local = local
|
||||
|
||||
def get_first_seen(self):
|
||||
pass
|
||||
def is_local(self):
|
||||
return self.local
|
||||
|
||||
def get_last_seen(self):
|
||||
pass
|
||||
# TODO custom / local
|
||||
def get_type(self):
|
||||
if self.name.startswith('misp-galaxy:'):
|
||||
return 'galaxy'
|
||||
else:
|
||||
return 'taxonomy'
|
||||
|
||||
|
||||
|
||||
def get_first_seen(self, r_int=False):
|
||||
first_seen = r_tags.hget(f'meta:tag:{self.name}', 'first_seen')
|
||||
if r_int:
|
||||
if first_seen:
|
||||
first_seen = int(first_seen)
|
||||
else:
|
||||
first_seen = 99999999
|
||||
return first_seen
|
||||
|
||||
def get_last_seen(self, r_int=False):
|
||||
last_seen = r_tags.hget(f'meta:tag:{self.name}', 'last_seen') # 'last_seen:object' -> only if date or daterange
|
||||
if r_int:
|
||||
if last_seen:
|
||||
last_seen = int(last_seen)
|
||||
else:
|
||||
last_seen = 0
|
||||
return last_seen
|
||||
|
||||
def get_color(self):
|
||||
pass
|
||||
color = r_tags.hget(f'meta:tag:{self.name}', 'color')
|
||||
if not color:
|
||||
return '#ffffff'
|
||||
|
||||
def set_color(self, color):
|
||||
r_tags.hget(f'meta:tag:{self.name}', 'color', color)
|
||||
|
||||
def is_enabled(self):
|
||||
pass
|
||||
return r_tags.sismember(f'tags:enabled', self.name)
|
||||
|
||||
def get_synonyms(self):
|
||||
return r_tags.smembers(f'synonyms:tag:{self.name}')
|
||||
|
||||
# color
|
||||
def get_meta(self):
|
||||
meta = {'first_seen': self.get_first_seen(),
|
||||
'last_seen': self.get_last_seen(),
|
||||
'obj': self.obj,
|
||||
'tag': self.id,
|
||||
'type': self.type}
|
||||
'tag': self.name,
|
||||
'local': self.is_local()}
|
||||
return meta
|
||||
|
||||
|
||||
###################################################################################
|
||||
|
|
|
@ -22,12 +22,13 @@ sys.path.append(os.environ['AIL_BIN'])
|
|||
# Import Project packages
|
||||
##################################
|
||||
from exporter import MISPExporter
|
||||
from exporter import TheHiveExporter
|
||||
from lib.objects import ail_objects
|
||||
from lib.Investigations import Investigation
|
||||
|
||||
# TODO REMOVE ME
|
||||
from export import Export # TODO REMOVE ME
|
||||
from export import MispImport # TODO REMOVE ME
|
||||
|
||||
# TODO REMOVE ME
|
||||
|
||||
# ============ BLUEPRINT ============
|
||||
|
@ -38,6 +39,9 @@ import_export = Blueprint('import_export', __name__,
|
|||
misp_exporter_objects = MISPExporter.MISPExporterAILObjects()
|
||||
misp_exporter_investigation = MISPExporter.MISPExporterInvestigation()
|
||||
|
||||
thehive_exporter_item = TheHiveExporter.TheHiveExporterItem()
|
||||
|
||||
|
||||
# ============ FUNCTIONS ============
|
||||
|
||||
|
||||
|
@ -205,7 +209,7 @@ def export_investigation():
|
|||
if not investigation.exists():
|
||||
abort(404)
|
||||
if misp_exporter_objects.ping_misp():
|
||||
event = misp_exporter_objects.export({'type': 'investigation', 'data': {'investigation': investigation}})
|
||||
event = misp_exporter_investigation.export(investigation)
|
||||
print(event)
|
||||
else:
|
||||
return Response(json.dumps({"error": "Can't reach MISP Instance"}, indent=2, sort_keys=True),
|
||||
|
@ -219,17 +223,17 @@ def export_investigation():
|
|||
def create_thehive_case():
|
||||
description = request.form['hive_description']
|
||||
title = request.form['hive_case_title']
|
||||
threat_level = Export.sanitize_threat_level_hive(request.form['threat_level_hive'])
|
||||
tlp = Export.sanitize_tlp_hive(request.form['hive_tlp'])
|
||||
threat_level = request.form['threat_level_hive']
|
||||
tlp = request.form['hive_tlp']
|
||||
item_id = request.form['obj_id']
|
||||
|
||||
item = ail_objects.get_object('item', '', item_id)
|
||||
if not item.exists():
|
||||
abort(404)
|
||||
|
||||
case_id = Export.create_thehive_case(item_id, title=title, tlp=tlp, threat_level=threat_level,
|
||||
description=description)
|
||||
case_id = thehive_exporter_item.export(item.get_id(), description=description, title=title,
|
||||
threat_level=threat_level, tlp=tlp)
|
||||
if case_id:
|
||||
return redirect(Export.get_case_url(case_id))
|
||||
return redirect(thehive_exporter_item.get_case_url(case_id))
|
||||
else:
|
||||
return 'error'
|
||||
|
|
Loading…
Reference in a new issue