diff --git a/bin/packages/Tag.py b/bin/packages/Tag.py index 3665451f..37a43423 100755 --- a/bin/packages/Tag.py +++ b/bin/packages/Tag.py @@ -65,6 +65,20 @@ def is_valid_tags_taxonomies_galaxy(list_tags, list_tags_galaxy): return False return True +def get_tag_metadata(tag): + first_seen = r_serv_tags.hget('tag_metadata:{}'.format(tag), 'first_seen') + last_seen = r_serv_tags.hget('tag_metadata:{}'.format(tag), 'last_seen') + return {'tag': tag, 'first_seen': first_seen, 'last_seen': last_seen} + +def is_tag_in_all_tag(tag): + if r_serv_tags.sismember('list_tags', tag): + return True + else: + return False + +def get_all_tags(): + return list(r_serv_tags.smembers('list_tags')) + def get_item_tags(item_id): tags = r_serv_metadata.smembers('tag:'+item_id) if tags: diff --git a/doc/README.md b/doc/README.md index 07aa8e22..3c047e6e 100644 --- a/doc/README.md +++ b/doc/README.md @@ -449,6 +449,111 @@ curl https://127.0.0.1:7000/api/delete/item/tag --header "Authorization: iHc1_Ch +## Tag management + + +### Get all AIL tags: `api/get/tag/all` + +#### Description +Get all tags used in AIL. + +**Method** : `GET` + +#### JSON response +- `tags` + - list of tag + - *list* +#### Example +``` +curl https://127.0.0.1:7000/api/get/tag/all --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" +``` + +#### Expected Success Response +**HTTP Status Code** : `200` +```json + { + "tags": [ + "misp-galaxy:backdoor=\"Rosenbridge\"", + "infoleak:automatic-detection=\"pgp-private-key\"", + "infoleak:automatic-detection=\"pgp-signature\"", + "infoleak:automatic-detection=\"base64\"", + "infoleak:automatic-detection=\"encrypted-private-key\"", + "infoleak:submission=\"crawler\"", + "infoleak:automatic-detection=\"binary\"", + "infoleak:automatic-detection=\"pgp-public-key-block\"", + "infoleak:automatic-detection=\"hexadecimal\"", + "infoleak:analyst-detection=\"private-key\"", + "infoleak:submission=\"manual\"", + "infoleak:automatic-detection=\"private-ssh-key\"", + "infoleak:automatic-detection=\"iban\"", + "infoleak:automatic-detection=\"pgp-message\"", + "infoleak:automatic-detection=\"certificate\"", + "infoleak:automatic-detection=\"credential\"", + "infoleak:automatic-detection=\"cve\"", + "infoleak:automatic-detection=\"google-api-key\"", + "infoleak:automatic-detection=\"phone-number\"", + "infoleak:automatic-detection=\"rsa-private-key\"", + "misp-galaxy:backdoor=\"SLUB\"", + "infoleak:automatic-detection=\"credit-card\"", + "misp-galaxy:stealer=\"Vidar\"", + "infoleak:automatic-detection=\"private-key\"", + "infoleak:automatic-detection=\"api-key\"", + "infoleak:automatic-detection=\"mail\"" + ] + } +``` + + + + +### Get tag metadata: `api/get/tag/metadata/` + +#### Description +Get tag metadata. + +**Method** : `GET` + +#### Parameters +- `tag` + - tag name + - *str* + - mandatory + +#### JSON response +- `tag` + - tag name + - *str* +- `first_seen` + - date: first seen + - *str - YYMMDD* +- `last_seen` + - date: first seen + - *str - YYMMDD* +#### Example +``` +curl https://127.0.0.1:7000/api/get/tag/metadata/infoleak:submission=\"manual\" --header "Authorization: iHc1_ChZxj1aXmiFiF1mkxxQkzawwriEaZpPqyTQj " -H "Content-Type: application/json" +``` + +#### Expected Success Response +**HTTP Status Code** : `200` +```json + { + "first_seen": "20190605", + "last_seen": "20190726", + "tag": "infoleak:submission=\"manual\"" + } +``` + +#### Expected Fail Response +**HTTP Status Code** : `404` +```json + {"status": "error", "reason": "Tag not found"} +``` + + + + + ## Import management @@ -593,9 +698,6 @@ curl -k https://127.0.0.1:7000/api/import/item/b20a69f1-99ad-4cb3-b212-7ce24b763 ### Text search by daterange ##### ``api/search/textIndexer/item`` POST -### Get all tags list -##### ``api/get/tag/all`` - ### Get tagged items by daterange ##### ``api/search/tag/item`` POST diff --git a/var/www/modules/restApi/Flask_restApi.py b/var/www/modules/restApi/Flask_restApi.py index 3f363555..f2c6f64a 100644 --- a/var/www/modules/restApi/Flask_restApi.py +++ b/var/www/modules/restApi/Flask_restApi.py @@ -485,6 +485,31 @@ def get_item_content(item_id): res = Item.get_item(data) return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1] +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# # # # # # # # # # # # # # TAGS # # # # # # # # # # # # # # # # # +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + +@restApi.route("api/get/tag/metadata/", methods=['GET']) +@token_required('admin') +def get_tag_metadata(tag): + if not Tag.is_tag_in_all_tag(tag): + return Response(json.dumps({'status': 'error', 'reason':'Tag not found'}, indent=2, sort_keys=True), mimetype='application/json'), 404 + metadata = Tag.get_tag_metadata(tag) + return Response(json.dumps(metadata, indent=2, sort_keys=True), mimetype='application/json'), 200 + +@restApi.route("api/get/tag/all", methods=['GET']) +@token_required('admin') +def get_all_tags(): + res = {'tags': Tag.get_all_tags()} + return Response(json.dumps(res, indent=2, sort_keys=True), mimetype='application/json'), 200 + +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # +# # # # # # # # # # # # # IMPORT # # # # # # # # # # # # # # # # # # +# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # + + + + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # POST JSON FORMAT