AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-09-19 23:48:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

chg: [MISP] refactor MISP thehive auto push

Browse source
This commit is contained in:
Terrtia 2023-05-16 16:34:22 +02:00
parent 5d84b347bc
commit 5ef29d8abb
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
15 changed files with 575 additions and 937 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bin/DB_KVROCKS_MIGRATION.py
View file

@ -292,14 +292,17 @@ def trackers_migration():
print('RETRO HUNT MIGRATION...') print('RETRO HUNT MIGRATION...')
for task_uuid in old_Tracker.get_all_retro_hunt_tasks(): for task_uuid in old_Tracker.get_all_retro_hunt_tasks():
meta = old_Tracker.get_retro_hunt_task_metadata(task_uuid, date=True, progress=True, creator=True, sources=True, tags=True, description=True, nb_match=True) retro_hunt = Tracker.RetroHunt(retro_hunt)
# TODO Create filters
# TODO GET OLD META
meta = retro_hunt.get_meta(options={'creator', 'date', 'description', 'filter', 'progress', 'tags'})
last_id = old_Tracker.get_retro_hunt_last_analyzed(task_uuid) last_id = old_Tracker.get_retro_hunt_last_analyzed(task_uuid)
timeout = old_Tracker.get_retro_hunt_task_timeout(task_uuid) timeout = old_Tracker.get_retro_hunt_task_timeout(task_uuid)
Tracker._re_create_retro_hunt_task(meta['name'], meta['rule'], meta['date'], meta['date_from'], meta['date_to'], meta['creator'], meta['sources'], meta['tags'], [], timeout, meta['description'], task_uuid, state=meta['state'], nb_match=meta['nb_match'], last_id=last_id) Tracker._re_create_retro_hunt_task(meta['name'], meta['rule'], meta['date'], meta['date_from'], meta['date_to'], meta['creator'], meta['sources'], meta['tags'], [], timeout, meta['description'], task_uuid, state=meta['state'], nb_match=meta['nb_match'], last_id=last_id)
# # TODO: IN background ? # # TODO: IN background ?
for id in old_Tracker.get_retro_hunt_items_by_daterange(task_uuid, meta['date_from'], meta['date_to']): for obj_id in old_Tracker.get_retro_hunt_items_by_daterange(task_uuid, meta['date_from'], meta['date_to']):
Tracker.save_retro_hunt_match(task_uuid, id) retro_hunt.add('item', '', obj_id)
Tracker._fix_db_custom_tags() Tracker._fix_db_custom_tags()

7
bin/LAUNCH.sh
View file

@ -268,6 +268,9 @@ function launching_scripts {
screen -S "Script_AIL" -X screen -t "Zerobins" bash -c "cd ${AIL_BIN}/modules; ${ENV_PY} ./Zerobins.py; read x" screen -S "Script_AIL" -X screen -t "Zerobins" bash -c "cd ${AIL_BIN}/modules; ${ENV_PY} ./Zerobins.py; read x"
sleep 0.1 sleep 0.1
screen -S "Script_AIL" -X screen -t "MISP_Thehive_Auto_Push" bash -c "cd ${AIL_BIN}/modules; ${ENV_PY} ./MISP_Thehive_Auto_Push.py; read x"
sleep 0.1
################################## ##################################
# TRACKERS MODULES # # TRACKERS MODULES #
################################## ##################################
@ -299,9 +302,7 @@ function launching_scripts {
################################## ##################################
# TO MIGRATE # # TO MIGRATE #
################################## ##################################
screen -S "Script_AIL" -X screen -t "ModuleInformation" bash -c "cd ${AIL_BIN}; ${ENV_PY} ./ModulesInformationV2.py -k 0 -c 1; read x" # screen -S "Script_AIL" -X screen -t "ModuleInformation" bash -c "cd ${AIL_BIN}; ${ENV_PY} ./ModulesInformationV2.py -k 0 -c 1; read x"
sleep 0.1
# screen -S "Script_AIL" -X screen -t "MISPtheHIVEfeeder" bash -c "cd ${AIL_BIN}; ${ENV_PY} ./MISP_The_Hive_feeder.py; read x"
# sleep 0.1 # sleep 0.1

248
bin/MISP_The_Hive_feeder.py
View file

@ -1,248 +0,0 @@
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
module
====================
This module send tagged pastes to MISP or THE HIVE Project
"""
import os
import sys
import uuid
import redis
import time
import json
import binascii
import gzip
from pubsublogger import publisher
from Helper import Process
import ailleakObject
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages'))
import Tag
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib'))
import ConfigLoader
import item_basic
from pymisp import PyMISP
sys.path.append('../configs/keys')
# import MISP KEYS
try:
from mispKEYS import misp_url, misp_key, misp_verifycert
flag_misp = True
except:
print('Misp keys not present')
flag_misp = False
# import The Hive Keys
try:
from theHiveKEYS import the_hive_url, the_hive_key, the_hive_verifycert
if the_hive_url == '':
flag_the_hive = False
else:
flag_the_hive = True
except:
print('The HIVE keys not present')
flag_the_hive = False
HiveApi = False
from thehive4py.api import TheHiveApi
import thehive4py.exceptions
from thehive4py.models import Alert, AlertArtifact
from thehive4py.models import Case, CaseTask, CustomFieldHelper
def is_gzip_file(magic_nuber):
return binascii.hexlify(magic_nuber) == b'1f8b'
def create_the_hive_alert(source, item_id, tag):
# # TODO: check items status (processed by all modules)
# # TODO: add item metadata: decoded content, link to auto crawled content, pgp correlation, cryptocurrency correlation...
# # # TODO: description, add AIL link:show items ?
tags = list( r_serv_metadata.smembers('tag:{}'.format(item_id)) )
path = item_basic.get_item_filepath(item_id)
paste_handle = open(path, 'rb')
paste_data = paste_handle.read()
tmp_path = None
if is_gzip_file(paste_data[0:2]): # if gzip, create a new file to supply to TheHive
paste_handle.close() # TheHive expects a file handle, that's why we create a new file
tmp_data = gzip.decompress(paste_data)
tmp_path = path + '.unzip'
with open(tmp_path, 'wb+') as f:
f.write(tmp_data)
paste_handle = open(tmp_path, 'rb')
if path.endswith(".gz"): # remove .gz from submitted path to TheHive beause we've decompressed it
path = path[:-3]
path = os.path.basename(os.path.normpath(path)) + ".txt" # get last part of path, add .txt so it's easier to open when downloaded from TheHive
artifacts = [
AlertArtifact( dataType='uuid-ail', data=r_serv_db.get('ail:uuid') ),
AlertArtifact( dataType='file', data=(paste_handle, path), tags=tags )
]
# Prepare the sample Alert
sourceRef = str(uuid.uuid4())[0:6]
alert = Alert(title='AIL Leak',
tlp=3,
tags=tags,
description='AIL Leak, triggered by {}'.format(tag),
type='ail',
source=source,
sourceRef=sourceRef,
artifacts=artifacts)
# Create the Alert
id = None
try:
response = HiveApi.create_alert(alert)
if response.status_code == 201:
#print(json.dumps(response.json(), indent=4, sort_keys=True))
print('Alert Created')
print('')
id = response.json()['id']
else:
print('ko: {}/{}'.format(response.status_code, response.text))
return 0
except:
print('hive connection error')
paste_handle.close()
if tmp_path is not None: # this file has been send to TheHive, we won't ever need it again
os.remove(tmp_path)
def feeder(message, count=0):
if flag_the_hive or flag_misp:
tag, item_id = message.split(';')
## FIXME: remove it
if not item_basic.exist_item(item_id):
if count < 10:
r_serv_db.zincrby('mess_not_saved_export', 1, message)
return 0
else:
r_serv_db.zrem('mess_not_saved_export', message)
print('Error: {} do not exist, tag= {}'.format(item_id, tag))
return 0
source = item_basic.get_source(item_id)
if HiveApi != False:
if int(r_serv_db.get('hive:auto-alerts')) == 1:
if r_serv_db.sismember('whitelist_hive', tag):
create_the_hive_alert(source, item_id, tag)
else:
print('hive, auto alerts creation disable')
if flag_misp:
if int(r_serv_db.get('misp:auto-events')) == 1:
if r_serv_db.sismember('whitelist_misp', tag):
misp_wrapper.pushToMISP(uuid_ail, item_id, tag)
else:
print('misp, auto events creation disable')
if __name__ == "__main__":
publisher.port = 6380
publisher.channel = "Script"
config_section = 'MISP_The_hive_feeder'
config_loader = ConfigLoader.ConfigLoader()
r_serv_db = config_loader.get_redis_conn("ARDB_DB")
r_serv_metadata = config_loader.get_redis_conn("ARDB_Metadata")
# set sensor uuid
uuid_ail = r_serv_db.get('ail:uuid')
if uuid_ail is None:
uuid_ail = r_serv_db.set('ail:uuid', uuid.uuid4() )
# set default
if r_serv_db.get('hive:auto-alerts') is None:
r_serv_db.set('hive:auto-alerts', 0)
if r_serv_db.get('misp:auto-events') is None:
r_serv_db.set('misp:auto-events', 0)
p = Process(config_section)
# create MISP connection
if flag_misp:
try:
pymisp = PyMISP(misp_url, misp_key, misp_verifycert)
except:
flag_misp = False
r_serv_db.set('ail:misp', False)
print('Not connected to MISP')
if flag_misp:
#try:
misp_wrapper = ailleakObject.ObjectWrapper(pymisp)
r_serv_db.set('ail:misp', True)
print('Connected to MISP:', misp_url)
#except Exception as e:
# flag_misp = False
# r_serv_db.set('ail:misp', False)
# print(e)
# print('Not connected to MISP')
# create The HIVE connection
if flag_the_hive:
try:
HiveApi = TheHiveApi(the_hive_url, the_hive_key, cert = the_hive_verifycert)
except:
HiveApi = False
flag_the_hive = False
r_serv_db.set('ail:thehive', False)
print('Not connected to The HIVE')
else:
HiveApi = False
if HiveApi != False and flag_the_hive:
try:
HiveApi.get_alert(0)
r_serv_db.set('ail:thehive', True)
print('Connected to The HIVE:', the_hive_url)
except thehive4py.exceptions.AlertException:
HiveApi = False
flag_the_hive = False
r_serv_db.set('ail:thehive', False)
print('Not connected to The HIVE')
refresh_time = 3
## FIXME: remove it
PASTES_FOLDER = os.path.join(os.environ['AIL_HOME'], config_loader.get_config_str("Directories", "pastes"))
config_loader = None
time_1 = time.time()
while True:
# Get one message from the input queue
message = p.get_from_set()
if message is None:
# handle not saved pastes
if int(time.time() - time_1) > refresh_time:
num_queu = r_serv_db.zcard('mess_not_saved_export')
list_queu = r_serv_db.zrange('mess_not_saved_export', 0, -1, withscores=True)
if num_queu and list_queu:
for i in range(0, num_queu):
feeder(list_queu[i][0],list_queu[i][1])
time_1 = time.time()
else:
publisher.debug("{} queue is empty, waiting 1s".format(config_section))
time.sleep(1)
else:
feeder(message)

127
bin/ailleakObject.py
View file

@ -1,127 +0,0 @@
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
import os
import sys
from pymisp import MISPEvent, MISPObject
from pymisp.tools.abstractgenerator import AbstractMISPObjectGenerator
import datetime
from lib.objects.Items import Item
from lib import ConfigLoader
class ObjectWrapper:
def __init__(self, pymisp):
self.pymisp = pymisp
self.currentID_date = None
self.eventID_to_push = self.get_daily_event_id()
config_loader = ConfigLoader.ConfigLoader()
self.maxDuplicateToPushToMISP = config_loader.get_config_int("ailleakObject", "maxDuplicateToPushToMISP")
config_loader = None
self.attribute_to_tag = None
def add_new_object(self, uuid_ail, item_id):
self.uuid_ail = uuid_ail
item = Item(item_id)
return item.get_misp_object()
def date_to_str(self, date):
return "{0}-{1}-{2}".format(date.year, date.month, date.day)
def get_all_related_events(self, to_search):
result = self.pymisp.search(controller='events', eventinfo=to_search, metadata=False)
events = []
if result:
for e in result:
events.append({'id': e['Event']['id'], 'org_id': e['Event']['org_id'], 'info': e['Event']['info']})
return events
def get_daily_event_id(self):
to_match = "Daily AIL-leaks {}".format(datetime.date.today())
events = self.get_all_related_events(to_match)
for dic in events:
info = dic['info']
e_id = dic['id']
if info == to_match:
print('Found: ', info, '->', e_id)
self.currentID_date = datetime.date.today()
return e_id
created_event = self.create_daily_event()
new_id = created_event['Event']['id']
print('New event created:', new_id)
self.currentID_date = datetime.date.today()
return new_id
def create_daily_event(self):
today = datetime.date.today()
# [0-3]
distribution = 0
info = "Daily AIL-leaks {}".format(today)
# [0-2]
analysis = 0
# [1-4]
threat = 3
published = False
org_id = None
orgc_id = None
sharing_group_id = None
date = None
event = MISPEvent()
event.distribution = distribution
event.info = info
event.analysis = analysis
event.threat = threat
event.published = published
event.add_tag('infoleak:output-format="ail-daily"')
existing_event = self.pymisp.add_event(event)
return existing_event
# Publish object to MISP
def pushToMISP(self, uuid_ail, item_id, tag):
if self.currentID_date != datetime.date.today(): #refresh id
self.eventID_to_push = self.get_daily_event_id()
mispTYPE = 'ail-leak'
# paste object already exist
if self.paste_object_exist(self.eventID_to_push, item_id):
# add new tag
self.tag(self.attribute_to_tag, tag)
print(item_id + ' tagged: ' + tag)
# create object
else:
misp_obj = self.add_new_object(uuid_ail, item_id)
# deprecated
# try:
# templateID = [x['ObjectTemplate']['id'] for x in self.pymisp.get_object_templates_list() if x['ObjectTemplate']['name'] == mispTYPE][0]
# except IndexError:
# valid_types = ", ".join([x['ObjectTemplate']['name'] for x in self.pymisp.get_object_templates_list()])
# print ("Template for type %s not found! Valid types are: %s" % (mispTYPE, valid_types))
r = self.pymisp.add_object(self.eventID_to_push, misp_obj, pythonify=True)
if 'errors' in r:
print(r)
else:
print('Pushed:', tag, '->', item_id)
def paste_object_exist(self, eventId, item_id):
res = self.pymisp.search(controller='attributes', eventid=eventId, value=item_id)
# object already exist
if res.get('Attribute', []):
self.attribute_to_tag = res['Attribute'][0]['uuid']
return True
# new object
else:
return False
def tag(self, uuid, tag):
self.pymisp.tag(uuid, tag)

84
bin/exporter/MISPExporter.py
View file

@ -8,6 +8,7 @@ Import Content
""" """
import os import os
import datetime
import sys import sys
import uuid import uuid
@ -154,6 +155,36 @@ class MISPExporter(AbstractExporter, ABC):
except (TypeError, ValueError): except (TypeError, ValueError):
return 0 return 0
def get_event_object_id(self, event_id, obj):
misp = self.get_misp()
resp = misp.search(controller='attributes', eventid=event_id, value=obj.get_id())
attribute = resp.get('Attribute', [])
if attribute:
return attribute[0]['object_id']
def add_event_object_tag(self, obj_id, tag):
misp = self.get_misp()
misp_obj = misp.get_object(obj_id, pythonify=True)
for attribute in misp_obj.attributes:
attribute.add_tag(tag)
misp.update_attribute(attribute)
def add_event_object(self, event_id, obj):
misp_object = obj.get_misp_object()
misp = self.get_misp()
misp.add_object(event_id, misp_object)
def get_daily_event_id(self):
misp = self.get_misp()
event_info = f'Daily AIL-leaks {datetime.date.today()}'
resp = misp.search(controller='events', eventinfo=event_info, metadata=True)
if resp:
return resp[0]['Event']['id']
else:
misp_event = self.create_event([], info=event_info, threat_level=3, export=True)
return misp_event['Event']['id']
# TODO EVENT REPORT ??????? # TODO EVENT REPORT ???????
def create_event(self, objs, export=False, event_uuid=None, date=None, publish=False, info=None, tags=None, def create_event(self, objs, export=False, event_uuid=None, date=None, publish=False, info=None, tags=None,
analysis=0, distribution=0, threat_level=4): analysis=0, distribution=0, threat_level=4):
@ -277,18 +308,57 @@ class MISPExporterTrackerMatch(MISPExporter):
pass pass
if __name__ == '__main__': class MISPExporterAutoDaily(MISPExporter):
exporter = MISPExporterAILObjects() """MISPExporter AILObjects
:param url: URL of the MISP instance you want to connect to :param key: API key of the user you want to use
:param ssl: can be True or False (to check or to not check the validity of the certificate. Or a CA_BUNDLE in
case of self signed or other certificate (the concatenation of all the crt of the chain)
"""
def __init__(self, url='', key='', ssl=False):
super().__init__(url=url, key=key, ssl=ssl)
# create event if don't exists
try:
self.event_id = self.get_daily_event_id()
except MISPConnectionError:
self.event_id = - 1
self.date = datetime.date.today()
def export(self, obj, tag):
"""Export a list of AILObjects as a MISP event
:param obj: AIL Object to export
:type obj: AbstractObject
"""
try:
if self.date != datetime.date.today() or int(self.event_id) < 0:
self.date = datetime.date.today()
self.event_id = self.get_daily_event_id()
obj_id = self.get_event_object_id(self.event_id, obj)
# Object already in event
if obj_id:
self.add_event_object_tag(obj_id, tag)
else:
self.add_event_object(self.event_id, obj)
except MISPConnectionError:
return -1
if __name__ == '__main__':
# exporter = MISPExporterAILObjects()
# from lib.objects.Cves import Cve # from lib.objects.Cves import Cve
# from lib.objects.Items import Item from lib.objects.Items import Item
# objs_t = [Item('crawled/2020/09/14/circl.lu0f4976a4-dda4-4189-ba11-6618c4a8c951'), # objs_t = [Item('crawled/2020/09/14/circl.lu0f4976a4-dda4-4189-ba11-6618c4a8c951'),
# Cve('CVE-2020-16856'), Cve('CVE-2014-6585'), Cve('CVE-2015-0383'), # Cve('CVE-2020-16856'), Cve('CVE-2014-6585'), Cve('CVE-2015-0383'),
# Cve('CVE-2015-0410')] # Cve('CVE-2015-0410')]
# r = exporter.export(objs_t, export=False) # r = exporter.export(objs_t, export=False)
# print(r) # print(r)
r = exporter.get_misp_uuid() # r = exporter.get_misp_uuid()
# r = misp.server_settings() # r = misp.server_settings()
# for item in r['finalSettings']: # for item in r['finalSettings']:
# print() # print()
@ -297,4 +367,8 @@ if __name__ == '__main__':
# # print() # # print()
# print() # print()
print(r) obj = Item('submitted/2023/05/15/submitted_aed90c6f-c620-4437-93d7-5ff17d1a8eef.gz')
obj = Item('submitted/2023/05/15/submitted_8a6136c2-c7f2-4c9e-8f29-e1a62315b482.gz')
tag = 'infoleak:automatic-detection="credit-card"'
exporter = MISPExporterAutoDaily()
exporter.export(obj, tag)

18
bin/exporter/TheHiveExporter.py
View file

@ -143,14 +143,16 @@ class TheHiveExporter(AbstractExporter, ABC):
if req.status_code == 201: if req.status_code == 201:
# print(json.dumps(req.json(), indent=4, sort_keys=True)) # print(json.dumps(req.json(), indent=4, sort_keys=True))
print('Alert Created') print('Alert Created')
print(req.json()) # print(req.json())
alert_id = req.json()['id'] alert_id = req.json()['id']
else: else:
# TODO LOGS # TODO LOGS
print(f'ko: {req.status_code}/{req.text}') print(f'ko: {req.status_code}/{req.text}')
return 0 return -2
except: except Exception as e:
print(e)
print('hive connection error') print('hive connection error')
return -1
return alert_id return alert_id
def create_case(self, observables, description=None, tags=None, title=None, threat_level=2, tlp=2): def create_case(self, observables, description=None, tags=None, title=None, threat_level=2, tlp=2):
@ -187,8 +189,8 @@ class TheHiveExporter(AbstractExporter, ABC):
return f'<{self.__class__.__name__}(url={self.url})' return f'<{self.__class__.__name__}(url={self.url})'
class TheHiveExporterTagTrigger(TheHiveExporter): class TheHiveExporterAlertTag(TheHiveExporter):
"""TheHiveExporter TagTrigger """TheHiveExporterAlertTag TagTrigger
:param url: URL of the Hive instance you want to connect to :param url: URL of the Hive instance you want to connect to
:param key: API key of the user you want to use :param key: API key of the user you want to use
@ -198,9 +200,9 @@ class TheHiveExporterTagTrigger(TheHiveExporter):
def __init__(self, url='', key='', ssl=False): def __init__(self, url='', key='', ssl=False):
super().__init__(url=url, key=key, ssl=ssl) super().__init__(url=url, key=key, ssl=ssl)
def export(self, item_id, tag): def export(self, item, tag):
item = Item(item_id) item_id = item.get_id()
tags = item.get_tags() tags = list(item.get_tags())
# remove .gz from submitted path to TheHive because content is decompressed # remove .gz from submitted path to TheHive because content is decompressed
if item_id.endswith(".gz"): if item_id.endswith(".gz"):

85
bin/lib/Tag.py
View file

@ -1,5 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*-coding:UTF-8 -* # -*-coding:UTF-8 -*
import time
import redis import redis
import datetime import datetime
@ -24,6 +25,7 @@ from pymispgalaxies import Galaxies, Clusters
config_loader = ConfigLoader() config_loader = ConfigLoader()
r_tags = config_loader.get_db_conn("Kvrocks_Tags") r_tags = config_loader.get_db_conn("Kvrocks_Tags")
r_cache = config_loader.get_redis_conn("Redis_Cache")
config_loader = None config_loader = None
#### CORE FUNCTIONS #### #### CORE FUNCTIONS ####
@ -1240,6 +1242,89 @@ class Tag:
return meta return meta
#### TAG AUTO PUSH ####
def get_auto_push_status():
meta = {}
for name in ['misp', 'thehive']:
meta[name] = r_cache.hget('auto:push:status', name)
return meta
def set_auto_push_status(name, status):
return r_cache.hset('auto:push:status', name, status)
def get_last_auto_push_refreshed():
last = r_cache.get('auto:push:refreshed')
if not last:
return -1
else:
return int(last)
def _set_last_auto_push_refreshed():
return r_cache.set('auto:push:refreshed', int(time.time()))
def is_auto_push_enabled(name):
enabled = r_tags.hget('auto:push', name)
if enabled:
return int(enabled) == 1
else:
disable_auto_push(name)
return False
def enable_auto_push(name):
r_tags.hset('auto:push', name, 1)
def disable_auto_push(name):
r_tags.hset('auto:push', name, 0)
def get_auto_push_enabled_tags(name):
return r_tags.smembers(f'auto:push:tags:{name}')
def _add_auto_push_enabled_tags(name, tag):
return r_tags.sadd(f'auto:push:tags:{name}', tag)
def _del_auto_push_enabled_tags(name):
return r_tags.delete(f'auto:push:tags:{name}')
def api_add_auto_push_enabled_tags(data):
misp_tags = data.get('misp_tags', [])
thehive_tags = data.get('thehive_tags', [])
for tag in misp_tags:
if not is_taxonomie_tag(tag, 'infoleak') and not is_custom_tag(tag):
return {'error': f'Invalid Tag: {tag}'}, 400
for tag in thehive_tags:
if not is_taxonomie_tag(tag, 'infoleak') and not is_custom_tag(tag):
return {'error': f'Invalid Tag: {tag}'}, 400
_del_auto_push_enabled_tags('misp')
for tag in misp_tags:
_add_auto_push_enabled_tags('misp', tag)
_del_auto_push_enabled_tags('thehive')
for tag in thehive_tags:
_add_auto_push_enabled_tags('thehive', tag)
def get_auto_push_tags():
tags = get_taxonomie_enabled_tags('infoleak', r_list=True)
tags[0:0] = list(get_all_custom_tags())
return tags
def get_auto_push_enabled_meta():
meta = {}
for name in ['misp', 'thehive']:
meta[name] = {'enabled': is_auto_push_enabled(name)}
meta[name]['tags'] = get_auto_push_enabled_tags(name)
return meta
def refresh_auto_push():
meta = {}
for name in ['misp', 'thehive']:
if is_auto_push_enabled(name):
meta[name] = get_auto_push_enabled_tags(name)
_set_last_auto_push_refreshed()
return meta
# --- TAG AUTO PUSH --- #
################################################################################### ###################################################################################
################################################################################### ###################################################################################
################################################################################### ###################################################################################

2
bin/modules/IPAddress.py
View file

@ -31,7 +31,7 @@ from lib import regex_helper
# TODO REWRITE ME -> PERF + IPV6 + Tracker ? # TODO REWRITE ME -> PERF + IPV6 + Tracker ?
class IPAddress(AbstractModule): class IPAddress(AbstractModule):
"""Telegram module for AIL framework""" """IPAddress module for AIL framework"""
def __init__(self): def __init__(self):
super(IPAddress, self).__init__() super(IPAddress, self).__init__()

75
bin/modules/MISP_Thehive_Auto_Push.py Executable file
View file

@ -0,0 +1,75 @@
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
module
====================
This module send tagged pastes to MISP or THE HIVE Project
"""
import os
import sys
import time
sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from modules.abstract_module import AbstractModule
from lib.exceptions import MISPConnectionError
from lib.objects.Items import Item
from lib import Tag
from exporter.MISPExporter import MISPExporterAutoDaily
from exporter.TheHiveExporter import TheHiveExporterAlertTag
class MISP_Thehive_Auto_Push(AbstractModule):
"""MISP_Hive_Feeder module for AIL framework"""
def __init__(self):
super(MISP_Thehive_Auto_Push, self).__init__()
# refresh Tracked Regex
self.tags = Tag.refresh_auto_push()
self.last_refresh = time.time()
self.misp_exporter = MISPExporterAutoDaily()
self.the_hive_exporter = TheHiveExporterAlertTag()
# Send module state to logs
self.logger.info(f"Module {self.module_name} initialized")
def compute(self, message):
if self.last_refresh < Tag.get_last_auto_push_refreshed() < 0:
self.tags = Tag.refresh_auto_push()
self.last_refresh = time.time()
self.redis_logger.info('Tags Auto Push refreshed')
item_id, tag = message.split(' ', 1)
item = Item(item_id)
# enabled
if 'misp' in self.tags:
if tag in self.tags['misp']:
r = self.misp_exporter.export(item, tag)
if r == -1:
Tag.set_auto_push_status('misp', 'ConnectionError')
else:
Tag.set_auto_push_status('misp', '')
self.logger.info('MISP Pushed:', tag, '->', item_id)
if 'thehive' in self.tags:
if tag in self.tags['thehive']:
r = self.the_hive_exporter.export(item, tag)
if r == -1:
Tag.set_auto_push_status('thehive', 'ConnectionError')
elif r == -2:
Tag.set_auto_push_status('thehive', 'Request Entity Too Large')
else:
Tag.set_auto_push_status('thehive', '')
self.logger.info('thehive Pushed:', tag, '->', item_id)
if __name__ == "__main__":
module = MISP_Thehive_Auto_Push()
module.run()

2
configs/modules.cfg
View file

@ -111,7 +111,7 @@ publish = Tag_feed,Sync
[Sync_module] [Sync_module]
subscribe = Sync subscribe = Sync
[MISP_The_hive_feeder] [MISP_Thehive_Auto_Push]
subscribe = Tag_feed subscribe = Tag_feed
#[SentimentAnalysis] #[SentimentAnalysis]

53
var/www/blueprints/tags_ui.py
View file

@ -366,3 +366,56 @@ def get_obj_by_tags():
dict_tagged['date'] = dict_obj['date'] dict_tagged['date'] = dict_obj['date']
return render_template("tags/search_obj_by_tags.html", bootstrap_label=bootstrap_label, dict_tagged=dict_tagged) return render_template("tags/search_obj_by_tags.html", bootstrap_label=bootstrap_label, dict_tagged=dict_tagged)
@tags_ui.route("/tags/auto_push")
@login_required
@login_analyst
def auto_push():
# TODO CHECK if misp or the hive connected
meta = Tag.get_auto_push_enabled_meta()
auto_push_tags = Tag.get_auto_push_tags()
return render_template("tags_auto_push.html",
auto_push_tags=auto_push_tags,
meta=meta,
auto_push_status=Tag.get_auto_push_status())
@tags_ui.route("/tags/auto_push_post", methods=['POST'])
@login_required
@login_analyst
def auto_push_post():
tag_enabled_misp = request.form.getlist('tag_enabled_misp')
tag_enabled_hive = request.form.getlist('tag_enabled_hive')
Tag.api_add_auto_push_enabled_tags({'misp_tags': tag_enabled_misp, 'thehive_tags': tag_enabled_hive})
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/misp/enable")
@login_required
@login_analyst
def enable_misp_auto_push():
Tag.enable_auto_push('misp')
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/misp/disable")
@login_required
@login_analyst
def disable_misp_auto_push():
Tag.disable_auto_push('misp')
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/thehive/enable")
@login_required
@login_analyst
def enable_hive_auto_push():
Tag.enable_auto_push('thehive')
return redirect(url_for('tags_ui.auto_push'))
@tags_ui.route("/tags/auto_push/thehive/disable")
@login_required
@login_analyst
def disable_hive_auto_push():
Tag.disable_auto_push('thehive')
return redirect(url_for('tags_ui.auto_push'))

186
var/www/modules/PasteSubmit/Flask_PasteSubmit.py
View file

@ -29,8 +29,6 @@ from lib import Tag
from packages import Import_helper from packages import Import_helper
from pytaxonomies import Taxonomies # TODO REMOVE ME
# ============ VARIABLES ============ # ============ VARIABLES ============
import Flask_config import Flask_config
@ -299,189 +297,5 @@ def submit_status():
return 'INVALID UUID' return 'INVALID UUID'
######################################################################################################
######################################################################################################
######################################################################################################
######################################################################################################
# TODO MIGRATE TAGS PUSH
# TEMPORARY: 2 SET OF CUSTOM + infoleak tags ?????????
@PasteSubmit.route("/PasteSubmit/edit_tag_export")
@login_required
@login_analyst
def edit_tag_export():
return abort(404)
misp_auto_events = r_serv_db.get('misp:auto-events')
hive_auto_alerts = r_serv_db.get('hive:auto-alerts')
whitelist_misp = r_serv_db.scard('whitelist_misp')
whitelist_hive = r_serv_db.scard('whitelist_hive')
list_export_tags = list(r_serv_db.smembers('list_export_tags'))
status_misp = []
status_hive = []
infoleak_tags = Taxonomies().get('infoleak').machinetags()
is_infoleak_tag = []
for tag in list_export_tags:
if r_serv_db.sismember('whitelist_misp', tag):
status_misp.append(True)
else:
status_misp.append(False)
for tag in list_export_tags:
if r_serv_db.sismember('whitelist_hive', tag):
status_hive.append(True)
else:
status_hive.append(False)
if tag in infoleak_tags:
is_infoleak_tag.append(True)
else:
is_infoleak_tag.append(False)
if misp_auto_events is not None:
if int(misp_auto_events) == 1:
misp_active = True
else:
misp_active = False
else:
misp_active = False
if hive_auto_alerts is not None:
if int(hive_auto_alerts) == 1:
hive_active = True
else:
hive_active = False
else:
hive_active = False
nb_tags = str(r_serv_db.scard('list_export_tags'))
nb_tags_whitelist_misp = str(r_serv_db.scard('whitelist_misp')) + ' / ' + nb_tags
nb_tags_whitelist_hive = str(r_serv_db.scard('whitelist_hive')) + ' / ' + nb_tags
return render_template("edit_tag_export.html",
misp_active=misp_active,
hive_active=hive_active,
list_export_tags=list_export_tags,
is_infoleak_tag=is_infoleak_tag,
status_misp=status_misp,
status_hive=status_hive,
nb_tags_whitelist_misp=nb_tags_whitelist_misp,
nb_tags_whitelist_hive=nb_tags_whitelist_hive,
flag_misp=True,
flag_hive=True)
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
@login_required
@login_analyst
def tag_export_edited():
return abort(404)
tag_enabled_misp = request.form.getlist('tag_enabled_misp')
tag_enabled_hive = request.form.getlist('tag_enabled_hive')
list_export_tags = list(r_serv_db.smembers('list_export_tags'))
r_serv_db.delete('whitelist_misp')
r_serv_db.delete('whitelist_hive')
for tag in tag_enabled_misp:
if r_serv_db.sismember('list_export_tags', tag):
r_serv_db.sadd('whitelist_misp', tag)
else:
return 'invalid input'
for tag in tag_enabled_hive:
if r_serv_db.sismember('list_export_tags', tag):
r_serv_db.sadd('whitelist_hive', tag)
else:
return 'invalid input'
return redirect(url_for('PasteSubmit.edit_tag_export'))
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
@login_required
@login_analyst
def enable_misp_auto_event():
return abort(404)
r_serv_db.set('misp:auto-events', 1)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/disable_misp_auto_event")
@login_required
@login_analyst
def disable_misp_auto_event():
return abort(404)
r_serv_db.set('misp:auto-events', 0)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/enable_hive_auto_alert")
@login_required
@login_analyst
def enable_hive_auto_alert():
return abort(404)
r_serv_db.set('hive:auto-alerts', 1)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/disable_hive_auto_alert")
@login_required
@login_analyst
def disable_hive_auto_alert():
return abort(404)
r_serv_db.set('hive:auto-alerts', 0)
return edit_tag_export()
@PasteSubmit.route("/PasteSubmit/add_push_tag")
@login_required
@login_analyst
def add_push_tag():
return abort(404)
tag = request.args.get('tag')
if tag is not None:
#limit tag length
if len(tag) > 49:
tag = tag[0:48]
r_serv_db.sadd('list_export_tags', tag)
to_return = {}
to_return["tag"] = tag
return jsonify(to_return)
else:
return 'None args', 400
@PasteSubmit.route("/PasteSubmit/delete_push_tag")
@login_required
@login_analyst
def delete_push_tag():
return abort(404)
tag = request.args.get('tag')
infoleak_tags = Taxonomies().get('infoleak').machinetags()
if tag not in infoleak_tags and r_serv_db.sismember('list_export_tags', tag):
r_serv_db.srem('list_export_tags', tag)
r_serv_db.srem('whitelist_misp', tag)
r_serv_db.srem('whitelist_hive', tag)
to_return = {}
to_return["tag"] = tag
return jsonify(to_return)
else:
return 'this tag can\'t be removed', 400
# ========= REGISTRATION ========= # ========= REGISTRATION =========
app.register_blueprint(PasteSubmit, url_prefix=baseUrl) app.register_blueprint(PasteSubmit, url_prefix=baseUrl)

354
var/www/modules/PasteSubmit/templates/edit_tag_export.html
View file

@ -1,354 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Tags Export - AIL</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='font-awesome/css/font-awesome.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/sb-admin-2.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.css') }}" rel="stylesheet" type="text/css" />
<!-- JS -->
<script type="text/javascript" src="{{ url_for('static', filename='js/dygraph-combined.js') }}"></script>
<script language="javascript" src="{{ url_for('static', filename='js/jquery.js') }}"></script>
<script src="{{ url_for('static', filename='js/bootstrap.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.js') }}"></script>
<style>
.tooltip-inner {
text-align: left;
height: 200%;
width: 200%;
max-width: 500px;
max-height: 500px;
font-size: 13px;
}
xmp {
white-space:pre-wrap;
word-wrap:break-word;
}
.test thead{
background: #d91f2d;
color: #fff;
}
.mouse_pointer{
cursor: pointer;
}
</style>
</head>
<body>
{% include 'navbar.html' %}
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
</div>
<!-- /.col-lg-12 -->
</div>
<!-- /.row -->
<div class="container">
<div class="row">
<div class="col-md-6">
<div class="panel panel-primary">
<div class="panel-heading"> MISP Auto Event Creation
{% if misp_active %}
<span class="label label-success pull-right"> Enabled</span>
{% endif %}
{% if not misp_active %}
<span class="label label-danger pull-right"> Disabled</span>
{% endif %}
</div>
<div class="panel-body">
<div class="text-center">
<img id="misp-logo" src="{{url_for('static', filename='image/misp-logo.png') }}" class="text-center" >
</div>
<br>
{% if flag_misp %}
{% if misp_active %}
<a href="{{ url_for('PasteSubmit.disable_misp_auto_event') }}" class="btn btn-danger pull-right">
<i class="fa fa-times fa"></i> Disable Event Creation
</a>
{% endif %}
{% if not misp_active %}
<a href="{{ url_for('PasteSubmit.enable_misp_auto_event') }}" class="btn btn-success pull-right">
<i class="fa fa-check-square-o fa"></i> Enable Event Creation
</a>
{% endif %}
{% endif %}
{% if not flag_misp %}
<button class="btn btn-danger pull-right disabled">
<i class="fa fa-times fa"></i> MISP is not connected
</button>
{% endif %}
</div>
</div>
</div>
<div class="col-md-6">
<div class="panel panel-primary" style="min-width: 500px;">
<div class="panel-heading">The hive auto export
{% if hive_active %}
<span class="label label-success pull-right"> Enabled</span>
{% endif %}
{% if not hive_active %}
<span class="label label-danger pull-right"> Disabled</span>
{% endif %}
</div>
<div class="panel-body">
<div class="text-center">
<img id="misp-logo" src="{{url_for('static', filename='image/thehive-logo.png') }}" width="500">
</div>
{% if flag_hive %}
{% if hive_active %}
<a href="{{ url_for('PasteSubmit.disable_hive_auto_alert') }}" class="btn btn-danger pull-right">
<i class="fa fa-times fa"></i> Disable Alert Creation
</a>
{% endif %}
{% if not hive_active %}
<a href="{{ url_for('PasteSubmit.enable_hive_auto_alert') }}" class="btn btn-success pull-right">
<i class="fa fa-check-square-o fa"></i> Enable Alert Creation
</a>
{% endif %}
{% endif %}
{% if not flag_hive %}
<button class="btn btn-danger pull-right disabled">
<i class="fa fa-times fa"></i> The Hive is not connected
</button>
{% endif %}
</div>
</div>
</div>
</div>
</div>
<form action="{{ url_for('PasteSubmit.tag_export_edited') }}" id="checkboxForm" method='post'>
<div class="container">
<div class="row">
<div class="col-md-6">
<div class="panel panel-info">
<div class="panel-heading">
Metadata :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">{{ nb_tags_whitelist_misp }}</span>
<ul class="list-group"><li class="list-group-item">
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
<thead>
<tr>
<th>Whitelist</th>
<th>Tag</th>
</tr>
</thead>
<tbody>
{% for tag in list_export_tags %}
<tr>
<td>
{% if status_misp[loop.index0] %}
<div style="display:none;">Enabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_misp" checked>
{% endif %}
{% if not status_misp[loop.index0] %}
<div style="display:none;">Disabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_misp" >
{% endif %}
</td>
<td>
{{ tag }}
{% if not is_infoleak_tag[loop.index0] %}
<div class="btn-link btn-interaction pull-right mouse_pointer" data-toggle="tooltip" title="Delete this tag" onclick="delete_push_tag('{{ tag }}')">
<span class="glyphicon glyphicon-trash"></span>
</div>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</li></ul>
</div></div>
</div>
<div class="col-md-6">
<div class="panel panel-info">
<div class="panel-heading">
Metadata :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">{{ nb_tags_whitelist_hive }}</span>
<ul class="list-group"><li class="list-group-item">
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">
<thead>
<tr>
<th>Whitelist</th>
<th>Tag</th>
</tr>
</thead>
<tbody>
{% for tag in list_export_tags %}
<tr>
<td>
{% if status_hive[loop.index0] %}
<div style="display:none;">Enabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_hive" checked>
{% endif %}
{% if not status_hive[loop.index0] %}
<div style="display:none;">Disabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_hive" >
{% endif %}
</td>
<td>
{{ tag }}
{% if not is_infoleak_tag[loop.index0] %}
<div class="btn-link btn-interaction pull-right mouse_pointer" data-toggle="tooltip" title="Delete this tag" onclick="delete_push_tag('{{ tag }}')">
<span class="glyphicon glyphicon-trash"></span>
</div>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</li></ul>
</div></div>
</div>
</div>
</div>
<div class="input-group-btn text-center">
<button class="btn btn-primary btn-lg" onclick="submitActiveTags()">
<i class="fa fa-check-square-o fa"></i>
Update Tags
</button>
</div>
</form>
<div>
<div id="add_custom_tag_modal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div id="mymodalcontent" class="modal-content">
<div class="modal-header" style="border-bottom: 4px solid #48c9b0; background-color: #48c9b0; color: #ffffff;">
<h2 class="text-center">Add Custom Tag</h2>
</div>
<div class="modal-body">
<div class="form-group input-group" style="margin-bottom: 0px;">
<span class="input-group-addon"><i class="fa fa-tag fa"></i></span>
<input id="new_custom_tag" class="form-control" placeholder="Add a new custom tag to the tag export" type="text">
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary btn-tags" onclick="add_custom_tag()">
<span class="glyphicon glyphicon-plus"></span>
<span class="label-icon">Add Custom Tag</span>
</button>
<button type="button" class="btn btn-default" data-dismiss="modal" >Close</button>
</div>
</div>
</div>
</div>
<button type="button" class="btn btn-primary pull-right" data-toggle="modal" data-target="#add_custom_tag_modal" data-url="{{ url_for('tags_ui.tags_taxonomies') }}">
<span class="glyphicon glyphicon-plus "></span> Add Custom Tag
</button>
</div>
</div>
<!-- /#page-wrapper -->
</body>
<script>
var table_misp
var table_hive
$(document).ready(function(){
table_misp = $('#myTable_misp').DataTable(
{
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10,
"order": [[ 1, "asc" ]]
}
);
table_hive = $('#myTable_hive').DataTable(
{
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10,
"order": [[ 1, "asc" ]]
}
);
});
</script>
<script>
function submitActiveTags(){
table_misp.destroy()
table_misp = $('#myTable_misp').DataTable(
{
"iDisplayLength": -1,
}
);
table_hive.destroy()
table_hive = $('#myTable_hive').DataTable(
{
"iDisplayLength": -1,
}
);
}
function delete_push_tag(tag){
//var row_tr = $(this).closest("tr");
$.get("{{ url_for('PasteSubmit.delete_push_tag') }}", { tag: tag }, function(data, status){
if(status == "success") {
//row_tr.remove();
window.location.reload(false);
}
});
}
function add_custom_tag(){
$.get("{{ url_for('PasteSubmit.add_push_tag') }}", { tag: document.getElementById('new_custom_tag').value }, function(data, status){
if(status == "success") {
//row_tr.remove();
window.location.reload(false);
}
});
}
</script>
</html>

2
var/www/templates/tags/menu_sidebar.html
View file

@ -57,7 +57,7 @@
</h5> </h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100">
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="{{url_for('PasteSubmit.edit_tag_export')}}" id="nav_regular_edit_tag_export"> <a class="nav-link" href="{{url_for('tags_ui.auto_push')}}" id="nav_regular_edit_tag_export">
<i class="fas fa-cogs"></i> <i class="fas fa-cogs"></i>
MISP and Hive, auto push MISP and Hive, auto push
</a> </a>

260
var/www/templates/tags/tags_auto_push.html Normal file
View file

@ -0,0 +1,260 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Tags Export - AIL</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/font-awesome.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.min.css') }}" rel="stylesheet">
<!-- JS -->
<script src="{{ url_for('static', filename='js/jquery.js') }}"></script>
<script src="{{ url_for('static', filename='js/bootstrap4.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js') }}"></script>
</head>
<body>
{% include 'nav_bar.html' %}
<div class="container-fluid">
<div class="row">
{% include 'hunter/menu_sidebar.html' %}
<div class="col-12 col-lg-10" id="core_content">
<div class="row">
<div class="col-md-6">
<div class="card my-2">
<div class="card-header bg-dark text-white">
<div class="row">
<div class="col-9">
<span class="card-title">MISP Auto Event Creation</span>
</div>
<div class="col-3">
{% if meta['misp']['enabled'] %}
<span class="badge badge-success pull-right"> Enabled</span>
{% else %}
<span class="badge badge-danger pull-right"> Disabled</span>
{% endif %}
</div>
</div>
</div>
<div class="card-body">
<div class="text-center">
<img id="misp-logo" src="{{url_for('static', filename='image/misp-logo.png') }}" class="text-center" >
<br><br>
{% if meta['misp']['enabled'] %}
<a href="{{ url_for('tags_ui.disable_misp_auto_push') }}" class="btn btn-danger pull-right">
<i class="fas fa-times"></i> Disable Event Creation
</a>
{% else %}
<a href="{{ url_for('tags_ui.enable_misp_auto_push') }}" class="btn btn-success pull-right">
<i class="fas fa-check-square-o"></i> Enable Event Creation
</a>
{% endif %}
</div>
{% if auto_push_status['misp'] %}
<button class="btn btn-danger pull-right disabled">
Error: <i class="fa fa-times fa"></i> {{ auto_push_status['misp'] }}
</button>
{% endif %}
</div>
</div>
</div>
<div class="col-md-6">
<div class="card my-2">
<div class="card-header bg-dark text-white">
<div class="row">
<div class="col-9">
<span class="card-title">The hive Auto Alert Creation</span>
</div>
<div class="col-3">
{% if meta['thehive']['enabled'] %}
<span class="badge badge-success pull-right"> Enabled</span>
{% else %}
<span class="badge badge-danger pull-right"> Disabled</span>
{% endif %}
</div>
</div>
</div>
<div class="card-body">
<div class="text-center">
<img id="misp-logo" src="{{url_for('static', filename='image/thehive-logo.png') }}" width="500">
<br>
{% if meta['thehive']['enabled'] %}
<a href="{{ url_for('tags_ui.disable_hive_auto_push') }}" class="btn btn-danger pull-right">
<i class="fas fa-times"></i> Disable Alert Creation
</a>
{% else %}
<a href="{{ url_for('tags_ui.enable_hive_auto_push') }}" class="btn btn-success mr-right">
<i class="fas fa-check-square-o"></i> Enable Alert Creation
</a>
{% endif %}
</div>
{% if auto_push_status['thehive'] %}
<button class="btn btn-danger pull-right disabled">
Error: <i class="fa fa-times fa"></i> {{ auto_push_status['thehive'] }}
</button>
{% endif %}
</div>
</div>
</div>
</div>
<form action="{{ url_for('tags_ui.auto_push_post') }}" id="checkboxForm" method='post'>
<div class="row">
<div class="col-md-6">
<div class="card bg-light">
<div class="card-header">
MISP Tags To Push :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge badge-secondary">{{ meta['misp']['tags']|length }} / {{ auto_push_tags|length }}</span>
<ul class="list-group">
<li class="list-group-item">
<table class="table table-striped table-bordered table-hover" id="myTable_misp">
<thead>
<tr>
<th>Enabled</th>
<th>Tag</th>
</tr>
</thead>
<tbody>
{% for tag in auto_push_tags %}
<tr>
<td class="text-center">
{% if tag in meta['misp']['tags'] %}
<div style="display:none;">Enabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_misp" checked>
{% else %}
<div style="display:none;">Disabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_misp" >
{% endif %}
</td>
<td>
{{ tag }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</li>
</ul>
</div>
</div>
</div>
<div class="col-md-6">
<div class="card bg-light">
<div class="card-header">
The Hive Tags To Push :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge badge-secondary">{{ meta['thehive']['tags']|length }} / {{ auto_push_tags|length }}</span>
<ul class="list-group">
<li class="list-group-item">
<table class="table table-striped table-bordered table-hover" id="myTable_hive">
<thead>
<tr>
<th>Enabled</th>
<th>Tag</th>
</tr>
</thead>
<tbody>
{% for tag in auto_push_tags %}
<tr>
<td class="text-center">
{% if tag in meta['thehive']['tags'] %}
<div style="display:none;">Enabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_hive" checked>
{% else %}
<div style="display:none;">Disabled</div>
<input type="checkbox" value="{{ tag }}" name="tag_enabled_hive" >
{% endif %}
</td>
<td>
{{ tag }}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</li>
</ul>
</div>
</div>
</div>
</div>
<div class="text-center my-4">
<button class="btn btn-primary btn-lg" onclick="submitActiveTags()">
<i class="fas fa-check-square"></i> Update Tags
</button>
</div>
</form>
</div>
</div>
</div>
</body>
<script>
var table_misp
var table_hive
$(document).ready(function(){
table_misp = $('#myTable_misp').DataTable(
{
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10,
"order": [[ 1, "asc" ]]
}
);
table_hive = $('#myTable_hive').DataTable(
{
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10,
"order": [[ 1, "asc" ]]
}
);
});
function submitActiveTags(){
table_misp.destroy()
table_misp = $('#myTable_misp').DataTable(
{
"iDisplayLength": -1,
}
);
table_hive.destroy()
table_hive = $('#myTable_hive').DataTable(
{
"iDisplayLength": -1,
}
);
}
</script>
</html>