change default submit tag, event-path map, publish events

This commit is contained in:
Terrtia 2018-06-18 13:58:31 +02:00
parent aee1b50ef1
commit 704e6f0ad1
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
8 changed files with 95 additions and 25 deletions

View file

@ -167,14 +167,14 @@ if __name__ == "__main__":
if HiveApi != False: if HiveApi != False:
if int(r_serv_db.get('hive:auto-alerts')) == 1: if int(r_serv_db.get('hive:auto-alerts')) == 1:
whitelist_hive = r_serv_db.scard('whitelist_hive') whitelist_hive = r_serv_db.scard('whitelist_hive')
if r_serv_db.scard('whitelist_hive') == 0 or r_serv_db.sismember('whitelist_hive', tag): if r_serv_db.sismember('whitelist_hive', tag):
create_the_hive_alert(source, path, full_path, tag) create_the_hive_alert(source, path, full_path, tag)
else: else:
print('hive, auto alerts creation disable') print('hive, auto alerts creation disable')
if flag_misp: if flag_misp:
if int(r_serv_db.get('misp:auto-events')) == 1: if int(r_serv_db.get('misp:auto-events')) == 1:
if r_serv_db.scard('whitelist_misp') == 0 or r_serv_db.sismember('whitelist_misp', tag): if r_serv_db.sismember('whitelist_misp', tag):
misp_wrapper.pushToMISP(uuid_ail, path, tag) misp_wrapper.pushToMISP(uuid_ail, path, tag)
else: else:
print('misp, auto events creation disable') print('misp, auto events creation disable')

View file

@ -121,7 +121,7 @@ class ObjectWrapper:
analysis, info, date, analysis, info, date,
published, orgc_id, org_id, sharing_group_id) published, orgc_id, org_id, sharing_group_id)
eventUuid = event['Event']['uuid'] eventUuid = event['Event']['uuid']
self.pymisp.tag(eventUuid, 'infoleak:source="unknown"') self.pymisp.tag(eventUuid, 'infoleak:output-format="ail-daily"')
return event return event
# Publish object to MISP # Publish object to MISP

View file

@ -133,7 +133,7 @@ def addTagsVerification(tags, tagsgalaxies):
def date_to_str(date): def date_to_str(date):
return "{0}-{1}-{2}".format(date.year, date.month, date.day) return "{0}-{1}-{2}".format(date.year, date.month, date.day)
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path): def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path):
paste = Paste.Paste(path) paste = Paste.Paste(path)
source = path.split('/')[-6:] source = path.split('/')[-6:]
@ -165,7 +165,10 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
today = datetime.date.today() today = datetime.date.today()
# [0-3] # [0-3]
published = False if publish == 'True':
published = True
else:
published = False
org_id = None org_id = None
orgc_id = None orgc_id = None
sharing_group_id = None sharing_group_id = None
@ -176,6 +179,8 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
eventUuid = event['Event']['uuid'] eventUuid = event['Event']['uuid']
eventid = event['Event']['id'] eventid = event['Event']['id']
r_serv_metadata.set('misp_events:path', eventid)
# add tags # add tags
for tag in l_tags: for tag in l_tags:
pymisp.tag(eventUuid, tag) pymisp.tag(eventUuid, tag)
@ -246,6 +251,8 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
if res.status_code != 201: if res.status_code != 201:
print('ko: {}/{}'.format(res.status_code, res.text)) print('ko: {}/{}'.format(res.status_code, res.text))
r_serv_metadata.set('hive_cases:path', id)
return hive_case_url.replace('id_here', id) return hive_case_url.replace('id_here', id)
else: else:
print('ko: {}/{}'.format(response.status_code, response.text)) print('ko: {}/{}'.format(response.status_code, response.text))
@ -275,15 +282,17 @@ def submit():
ltagsgalaxies = request.form['tags_galaxies'] ltagsgalaxies = request.form['tags_galaxies']
paste_content = request.form['paste_content'] paste_content = request.form['paste_content']
submitted_tag = 'infoleak:submission="manual"'
if ltags or ltagsgalaxies: if ltags or ltagsgalaxies:
if not addTagsVerification(ltags, ltagsgalaxies): if not addTagsVerification(ltags, ltagsgalaxies):
return 'INVALID TAGS' return 'INVALID TAGS'
# add submitted tags # add submitted tags
if(ltags != ''): if(ltags != ''):
ltags = ltags + ',submitted' ltags = ltags + ',' + submitted_tag
else: else:
ltags ='submitted' ltags = submitted_tag
if 'file' in request.files: if 'file' in request.files:
@ -420,12 +429,13 @@ def create_misp_event():
analysis = int(request.form['misp_data[Event][analysis]']) analysis = int(request.form['misp_data[Event][analysis]'])
info = request.form['misp_data[Event][info]'] info = request.form['misp_data[Event][info]']
path = request.form['paste'] path = request.form['paste']
publish = request.form.get('misp_publish')
#verify input #verify input
if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2): if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2):
l_tags = list(r_serv_metadata.smembers('tag:'+path)) l_tags = list(r_serv_metadata.smembers('tag:'+path))
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path) event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path)
if event != False: if event != False:
return redirect(event) return redirect(event)
@ -467,16 +477,12 @@ def edit_tag_export():
status_misp = [] status_misp = []
status_hive = [] status_hive = []
# empty whitelist
if whitelist_misp == 0: for tag in list_export_tags:
for tag in list_export_tags: if r_serv_db.sismember('whitelist_misp', tag):
status_misp.append(True) status_misp.append(True)
else: else:
for tag in list_export_tags: status_misp.append(False)
if r_serv_db.sismember('whitelist_misp', tag):
status_misp.append(True)
else:
status_misp.append(False)
# empty whitelist # empty whitelist
if whitelist_hive == 0: if whitelist_hive == 0:
@ -497,12 +503,19 @@ def edit_tag_export():
hive_active = True hive_active = True
else: else:
hive_active = False hive_active = False
nb_tags = str(r_serv_db.scard('list_export_tags'))
nb_tags_whitelist_misp = str(r_serv_db.scard('whitelist_misp')) + ' / ' + nb_tags
nb_tags_whitelist_hive = str(r_serv_db.scard('whitelist_hive')) + ' / ' + nb_tags
return render_template("edit_tag_export.html", return render_template("edit_tag_export.html",
misp_active=misp_active, misp_active=misp_active,
hive_active=hive_active, hive_active=hive_active,
list_export_tags=list_export_tags, list_export_tags=list_export_tags,
status_misp=status_misp, status_misp=status_misp,
status_hive=status_hive) status_hive=status_hive,
nb_tags_whitelist_misp=nb_tags_whitelist_misp,
nb_tags_whitelist_hive=nb_tags_whitelist_hive)
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST']) @PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
def tag_export_edited(): def tag_export_edited():
@ -525,6 +538,7 @@ def tag_export_edited():
r_serv_db.sadd('whitelist_hive', tag) r_serv_db.sadd('whitelist_hive', tag)
else: else:
return 'invalid input' return 'invalid input'
return redirect(url_for('PasteSubmit.edit_tag_export')) return redirect(url_for('PasteSubmit.edit_tag_export'))
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event") @PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")

View file

@ -90,8 +90,6 @@
<div class="panel-heading">The hive auto export <div class="panel-heading">The hive auto export
{% if hive_active %} {% if hive_active %}
<span class="label label-success pull-right"> Enabled</span> <span class="label label-success pull-right"> Enabled</span>
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge badge-light pull-right">{{ badge }}</span>
{% endif %} {% endif %}
{% if not hive_active %} {% if not hive_active %}
<span class="label label-danger pull-right"> Disabled</span> <span class="label label-danger pull-right"> Disabled</span>
@ -130,7 +128,9 @@
<div class="panel panel-info"> <div class="panel panel-info">
<div class="panel-heading"> <div class="panel-heading">
Metadata : Metadata :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">{{ nb_tags_whitelist_misp }}</span>
<ul class="list-group"><li class="list-group-item"> <ul class="list-group"><li class="list-group-item">
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp"> <table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
<thead> <thead>
@ -167,7 +167,9 @@
<div class="panel panel-info"> <div class="panel panel-info">
<div class="panel-heading"> <div class="panel-heading">
Metadata : Metadata :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">{{ nb_tags_whitelist_hive }}</span>
<ul class="list-group"><li class="list-group-item"> <ul class="list-group"><li class="list-group-item">
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive"> <table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">

View file

@ -65,6 +65,15 @@
</a> </a>
</div> </div>
<div>
<br></br>
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
<i class="fa fa-cogs fa-2x"></i>
<br></br>
<span class="label-icon">MISP and Hive, auto push</span>
</a>
</div>
</div> </div>
<!-- /#page-wrapper --> <!-- /#page-wrapper -->

View file

@ -144,6 +144,15 @@
</a> </a>
</div> </div>
<div>
<br></br>
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
<i class="fa fa-cogs fa-2x"></i>
<br></br>
<span class="label-icon">MISP and Hive, auto push</span>
</a>
</div>
</div> </div>
</body> </body>

View file

@ -24,6 +24,8 @@ max_preview_char = Flask_config.max_preview_char
max_preview_modal = Flask_config.max_preview_modal max_preview_modal = Flask_config.max_preview_modal
DiffMaxLineLength = Flask_config.DiffMaxLineLength DiffMaxLineLength = Flask_config.DiffMaxLineLength
bootstrap_label = Flask_config.bootstrap_label bootstrap_label = Flask_config.bootstrap_label
misp_event_url = Flask_config.misp_event_url
hive_case_url = Flask_config.hive_case_url
showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates') showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
@ -124,8 +126,24 @@ def showpaste(content_range):
else: else:
hive = True hive = True
misp_event = r_serv_metadata.get('misp_events:path')
if misp_event is None:
misp_eventid = False
misp_url = ''
else:
misp_eventid = True
misp_url = misp_event_url + misp_event
hive_case = r_serv_metadata.get('hive_cases:path')
if hive_case is None:
hive_caseid = False
hive_url = ''
else:
hive_caseid = True
hive_url = hive_case_url.replace('id_here', hive_case)
return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list, return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
misp=misp, hive=hive) misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url)
# ============ ROUTES ============ # ============ ROUTES ============

View file

@ -201,8 +201,8 @@
<div class="input clear required"> <div class="input clear required">
<label for="EventThreatLevelId">Threat Level</label> <label for="EventThreatLevelId">Threat Level</label>
<select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required"> <select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required">
<option value="1" selected="selected">High</option> <option value="1">High</option>
<option value="2">Medium</option> <option value="2" selected="selected">Medium</option>
<option value="3">Low</option> <option value="3">Low</option>
<option value="4">Undefined</option> <option value="4">Undefined</option>
</select> </select>
@ -219,8 +219,19 @@
<label for="EventInfo">Event Info</label> <label for="EventInfo">Event Info</label>
<input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/> <input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/>
</div> </div>
<div class="clear">
<label for="EventInfo">Publish Event</label>
<input type="checkbox" value="True" id="misp_publish" name="misp_publish" >
</div>
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}"> <input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
{% if misp_eventid %}
<br>
<div class="list-group" id="misp_event">
<li class="list-group-item active">MISP Events already Created</li>
<a target="_blank" href="{{ misp_url }}" class="list-group-item">{{ misp_url }}</a></div>
{% endif %}
</div> </div>
<div class="modal-footer center"> <div class="modal-footer center">
<button class="btn btn-primary"> <button class="btn btn-primary">
@ -283,6 +294,13 @@
</div> </div>
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}"> <input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
{% if hive_caseid %}
<br>
<div class="list-group" id="misp_event">
<li class="list-group-item active">The Hive Case already Created</li>
<a target="_blank" href="{{ hive_url }}" class="list-group-item">{{ hive_url }}</a></div>
{% endif %}
</div> </div>
<div class="modal-footer center"> <div class="modal-footer center">
<button href="" class="btn btn-primary"> <button href="" class="btn btn-primary">