From 704e6f0ad189273eac5566f926545c1bb2601d98 Mon Sep 17 00:00:00 2001
From: Terrtia <or1994@hotmail.fr>
Date: Mon, 18 Jun 2018 13:58:31 +0200
Subject: [PATCH] change default submit tag, event-path map, publish events

---
 bin/MISP_The_Hive_feeder.py                   |  4 +-
 bin/ailleakObject.py                          |  2 +-
 .../modules/PasteSubmit/Flask_PasteSubmit.py  | 44 ++++++++++++-------
 .../templates/edit_tag_export.html            | 10 +++--
 var/www/modules/Tags/templates/Tags.html      |  9 ++++
 var/www/modules/Tags/templates/tagged.html    |  9 ++++
 var/www/modules/showpaste/Flask_showpaste.py  | 20 ++++++++-
 .../showpaste/templates/show_saved_paste.html | 22 +++++++++-
 8 files changed, 95 insertions(+), 25 deletions(-)

diff --git a/bin/MISP_The_Hive_feeder.py b/bin/MISP_The_Hive_feeder.py
index 38b1e8c4..62053436 100755
--- a/bin/MISP_The_Hive_feeder.py
+++ b/bin/MISP_The_Hive_feeder.py
@@ -167,14 +167,14 @@ if __name__ == "__main__":
                 if HiveApi != False:
                     if int(r_serv_db.get('hive:auto-alerts')) == 1:
                         whitelist_hive = r_serv_db.scard('whitelist_hive')
-                        if r_serv_db.scard('whitelist_hive') == 0 or r_serv_db.sismember('whitelist_hive', tag):
+                        if r_serv_db.sismember('whitelist_hive', tag):
                             create_the_hive_alert(source, path, full_path, tag)
 
                     else:
                         print('hive, auto alerts creation disable')
                 if flag_misp:
                     if int(r_serv_db.get('misp:auto-events')) == 1:
-                        if r_serv_db.scard('whitelist_misp') == 0 or r_serv_db.sismember('whitelist_misp', tag):
+                        if r_serv_db.sismember('whitelist_misp', tag):
                             misp_wrapper.pushToMISP(uuid_ail, path, tag)
                     else:
                         print('misp, auto events creation disable')
diff --git a/bin/ailleakObject.py b/bin/ailleakObject.py
index e2ff2850..f44a49dd 100755
--- a/bin/ailleakObject.py
+++ b/bin/ailleakObject.py
@@ -121,7 +121,7 @@ class ObjectWrapper:
                 analysis, info, date,
                 published, orgc_id, org_id, sharing_group_id)
         eventUuid = event['Event']['uuid']
-        self.pymisp.tag(eventUuid, 'infoleak:source="unknown"')
+        self.pymisp.tag(eventUuid, 'infoleak:output-format="ail-daily"')
         return event
 
     # Publish object to MISP
diff --git a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py
index dab642ac..ae530aeb 100644
--- a/var/www/modules/PasteSubmit/Flask_PasteSubmit.py
+++ b/var/www/modules/PasteSubmit/Flask_PasteSubmit.py
@@ -133,7 +133,7 @@ def addTagsVerification(tags, tagsgalaxies):
 def date_to_str(date):
     return "{0}-{1}-{2}".format(date.year, date.month, date.day)
 
-def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path):
+def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path):
 
     paste = Paste.Paste(path)
     source = path.split('/')[-6:]
@@ -165,7 +165,10 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
 
     today = datetime.date.today()
     # [0-3]
-    published = False
+    if publish == 'True':
+        published = True
+    else:
+        published = False
     org_id = None
     orgc_id = None
     sharing_group_id = None
@@ -176,6 +179,8 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
     eventUuid = event['Event']['uuid']
     eventid = event['Event']['id']
 
+    r_serv_metadata.set('misp_events:path', eventid)
+
     # add tags
     for tag in l_tags:
         pymisp.tag(eventUuid, tag)
@@ -246,6 +251,8 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
         if res.status_code != 201:
             print('ko: {}/{}'.format(res.status_code, res.text))
 
+        r_serv_metadata.set('hive_cases:path', id)
+
         return hive_case_url.replace('id_here', id)
     else:
         print('ko: {}/{}'.format(response.status_code, response.text))
@@ -275,15 +282,17 @@ def submit():
     ltagsgalaxies = request.form['tags_galaxies']
     paste_content = request.form['paste_content']
 
+    submitted_tag = 'infoleak:submission="manual"'
+
     if ltags or ltagsgalaxies:
         if not addTagsVerification(ltags, ltagsgalaxies):
             return 'INVALID TAGS'
 
     # add submitted tags
     if(ltags != ''):
-        ltags = ltags + ',submitted'
+        ltags = ltags + ',' + submitted_tag
     else:
-        ltags ='submitted'
+        ltags = submitted_tag
 
     if 'file' in request.files:
 
@@ -420,12 +429,13 @@ def create_misp_event():
     analysis = int(request.form['misp_data[Event][analysis]'])
     info = request.form['misp_data[Event][info]']
     path = request.form['paste']
+    publish = request.form.get('misp_publish')
 
     #verify input
     if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2):
 
         l_tags = list(r_serv_metadata.smembers('tag:'+path))
-        event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path)
+        event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path)
 
         if event != False:
             return redirect(event)
@@ -467,16 +477,12 @@ def edit_tag_export():
     status_misp = []
     status_hive = []
 
-    # empty whitelist
-    if whitelist_misp == 0:
-        for tag in list_export_tags:
+
+    for tag in list_export_tags:
+        if r_serv_db.sismember('whitelist_misp', tag):
             status_misp.append(True)
-    else:
-        for tag in list_export_tags:
-            if r_serv_db.sismember('whitelist_misp', tag):
-                status_misp.append(True)
-            else:
-                status_misp.append(False)
+        else:
+            status_misp.append(False)
 
     # empty whitelist
     if whitelist_hive == 0:
@@ -497,12 +503,19 @@ def edit_tag_export():
         hive_active = True
     else:
         hive_active = False
+
+    nb_tags = str(r_serv_db.scard('list_export_tags'))
+    nb_tags_whitelist_misp = str(r_serv_db.scard('whitelist_misp')) + ' / ' + nb_tags
+    nb_tags_whitelist_hive = str(r_serv_db.scard('whitelist_hive')) + ' / ' + nb_tags
+
     return render_template("edit_tag_export.html",
                             misp_active=misp_active,
                             hive_active=hive_active,
                             list_export_tags=list_export_tags,
                             status_misp=status_misp,
-                            status_hive=status_hive)
+                            status_hive=status_hive,
+                            nb_tags_whitelist_misp=nb_tags_whitelist_misp,
+                            nb_tags_whitelist_hive=nb_tags_whitelist_hive)
 
 @PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
 def tag_export_edited():
@@ -525,6 +538,7 @@ def tag_export_edited():
             r_serv_db.sadd('whitelist_hive', tag)
         else:
             return 'invalid input'
+
     return redirect(url_for('PasteSubmit.edit_tag_export'))
 
 @PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
diff --git a/var/www/modules/PasteSubmit/templates/edit_tag_export.html b/var/www/modules/PasteSubmit/templates/edit_tag_export.html
index 8f0ddb35..17cba8be 100644
--- a/var/www/modules/PasteSubmit/templates/edit_tag_export.html
+++ b/var/www/modules/PasteSubmit/templates/edit_tag_export.html
@@ -90,8 +90,6 @@
 				      <div class="panel-heading">The hive auto export
 				        {% if hive_active %}
 				          <span class="label label-success pull-right"> Enabled</span>
-									<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
-									<span class="badge badge-light pull-right">{{ badge }}</span>
 				        {% endif %}
 				        {% if not hive_active %}
 				          <span class="label label-danger pull-right"> Disabled</span>
@@ -130,7 +128,9 @@
 
 								<div class="panel panel-info">
 									<div class="panel-heading">
-								Metadata :
+										Metadata :
+										<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
+										<span class="badge pull-right">{{ nb_tags_whitelist_misp }}</span>
 							 	<ul class="list-group"><li class="list-group-item">
 									<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
 										<thead>
@@ -167,7 +167,9 @@
 
 								<div class="panel panel-info">
 									<div class="panel-heading">
-								Metadata :
+										Metadata :
+										<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
+										<span class="badge pull-right">{{ nb_tags_whitelist_hive }}</span>
 							 	<ul class="list-group"><li class="list-group-item">
 
 									<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">
diff --git a/var/www/modules/Tags/templates/Tags.html b/var/www/modules/Tags/templates/Tags.html
index 06100796..c9ecb06d 100644
--- a/var/www/modules/Tags/templates/Tags.html
+++ b/var/www/modules/Tags/templates/Tags.html
@@ -65,6 +65,15 @@
 				</a>
 			</div>
 
+			<div>
+				<br></br>
+				<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
+						<i class="fa fa-cogs fa-2x"></i>
+						<br></br>
+						<span class="label-icon">MISP and Hive, auto push</span>
+				</a>
+			</div>
+
     </div>
 
             <!-- /#page-wrapper -->
diff --git a/var/www/modules/Tags/templates/tagged.html b/var/www/modules/Tags/templates/tagged.html
index 284323fd..1053041f 100644
--- a/var/www/modules/Tags/templates/tagged.html
+++ b/var/www/modules/Tags/templates/tagged.html
@@ -144,6 +144,15 @@
 				</a>
 			</div>
 
+      <div>
+				<br></br>
+				<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
+						<i class="fa fa-cogs fa-2x"></i>
+						<br></br>
+						<span class="label-icon">MISP and Hive, auto push</span>
+				</a>
+			</div>
+
   </div>
 
 </body>
diff --git a/var/www/modules/showpaste/Flask_showpaste.py b/var/www/modules/showpaste/Flask_showpaste.py
index 4a6e87d3..ee6751bb 100644
--- a/var/www/modules/showpaste/Flask_showpaste.py
+++ b/var/www/modules/showpaste/Flask_showpaste.py
@@ -24,6 +24,8 @@ max_preview_char = Flask_config.max_preview_char
 max_preview_modal = Flask_config.max_preview_modal
 DiffMaxLineLength = Flask_config.DiffMaxLineLength
 bootstrap_label = Flask_config.bootstrap_label
+misp_event_url = Flask_config.misp_event_url
+hive_case_url = Flask_config.hive_case_url
 
 showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
 
@@ -124,8 +126,24 @@ def showpaste(content_range):
     else:
         hive = True
 
+    misp_event = r_serv_metadata.get('misp_events:path')
+    if misp_event is None:
+        misp_eventid = False
+        misp_url = ''
+    else:
+        misp_eventid = True
+        misp_url = misp_event_url + misp_event
+
+    hive_case = r_serv_metadata.get('hive_cases:path')
+    if hive_case is None:
+        hive_caseid = False
+        hive_url = ''
+    else:
+        hive_caseid = True
+        hive_url = hive_case_url.replace('id_here', hive_case)
+
     return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
-                            misp=misp, hive=hive)
+                            misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url)
 
 # ============ ROUTES ============
 
diff --git a/var/www/modules/showpaste/templates/show_saved_paste.html b/var/www/modules/showpaste/templates/show_saved_paste.html
index 85d7c7aa..8209ba4b 100644
--- a/var/www/modules/showpaste/templates/show_saved_paste.html
+++ b/var/www/modules/showpaste/templates/show_saved_paste.html
@@ -201,8 +201,8 @@
                   <div class="input clear required">
                     <label for="EventThreatLevelId">Threat Level</label>
                     <select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required">
-                      <option value="1" selected="selected">High</option>
-                      <option value="2">Medium</option>
+                      <option value="1">High</option>
+                      <option value="2" selected="selected">Medium</option>
                       <option value="3">Low</option>
                       <option value="4">Undefined</option>
                     </select>
@@ -219,8 +219,19 @@
                     <label for="EventInfo">Event Info</label>
                     <input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/>
                   </div>
+                  <div class="clear">
+                    <label for="EventInfo">Publish Event</label>
+                    <input type="checkbox" value="True" id="misp_publish" name="misp_publish" >
+                  </div>
                   <input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
 
+                  {% if misp_eventid %}
+                  <br>
+                  <div class="list-group" id="misp_event">
+                    <li class="list-group-item active">MISP Events already Created</li>
+                      <a target="_blank" href="{{ misp_url }}" class="list-group-item">{{ misp_url }}</a></div>
+                  {% endif %}
+
                 </div>
                 <div class="modal-footer center">
                   <button class="btn btn-primary">
@@ -283,6 +294,13 @@
                   </div>
                   <input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
 
+                  {% if hive_caseid %}
+                  <br>
+                  <div class="list-group" id="misp_event">
+                    <li class="list-group-item active">The Hive Case already Created</li>
+                      <a target="_blank" href="{{ hive_url }}" class="list-group-item">{{ hive_url }}</a></div>
+                  {% endif %}
+
                 </div>
                 <div class="modal-footer center">
                   <button href="" class="btn btn-primary">