AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-11-10 08:38:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

change default submit tag, event-path map, publish events

Browse source
This commit is contained in:
Terrtia 2018-06-18 13:58:31 +02:00
parent aee1b50ef1
commit 704e6f0ad1
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
8 changed files with 95 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/MISP_The_Hive_feeder.py
View file

@ -167,14 +167,14 @@ if __name__ == "__main__":
if HiveApi != False:
if int(r_serv_db.get('hive:auto-alerts')) == 1:
whitelist_hive = r_serv_db.scard('whitelist_hive')
if r_serv_db.scard('whitelist_hive') == 0 or r_serv_db.sismember('whitelist_hive', tag):
if r_serv_db.sismember('whitelist_hive', tag):
create_the_hive_alert(source, path, full_path, tag)
else:
print('hive, auto alerts creation disable')
if flag_misp:
if int(r_serv_db.get('misp:auto-events')) == 1:
if r_serv_db.scard('whitelist_misp') == 0 or r_serv_db.sismember('whitelist_misp', tag):
if r_serv_db.sismember('whitelist_misp', tag):
misp_wrapper.pushToMISP(uuid_ail, path, tag)
else:
print('misp, auto events creation disable')

2
bin/ailleakObject.py
View file

@ -121,7 +121,7 @@ class ObjectWrapper:
analysis, info, date,
published, orgc_id, org_id, sharing_group_id)
eventUuid = event['Event']['uuid']
self.pymisp.tag(eventUuid, 'infoleak:source="unknown"')
self.pymisp.tag(eventUuid, 'infoleak:output-format="ail-daily"')
return event
# Publish object to MISP

34
var/www/modules/PasteSubmit/Flask_PasteSubmit.py
View file

@ -133,7 +133,7 @@ def addTagsVerification(tags, tagsgalaxies):
def date_to_str(date):
return "{0}-{1}-{2}".format(date.year, date.month, date.day)
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path):
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path):
paste = Paste.Paste(path)
source = path.split('/')[-6:]
@ -165,6 +165,9 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
today = datetime.date.today()
# [0-3]
if publish == 'True':
published = True
else:
published = False
org_id = None
orgc_id = None
@ -176,6 +179,8 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
eventUuid = event['Event']['uuid']
eventid = event['Event']['id']
r_serv_metadata.set('misp_events:path', eventid)
# add tags
for tag in l_tags:
pymisp.tag(eventUuid, tag)
@ -246,6 +251,8 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
if res.status_code != 201:
print('ko: {}/{}'.format(res.status_code, res.text))
r_serv_metadata.set('hive_cases:path', id)
return hive_case_url.replace('id_here', id)
else:
print('ko: {}/{}'.format(response.status_code, response.text))
@ -275,15 +282,17 @@ def submit():
ltagsgalaxies = request.form['tags_galaxies']
paste_content = request.form['paste_content']
submitted_tag = 'infoleak:submission="manual"'
if ltags or ltagsgalaxies:
if not addTagsVerification(ltags, ltagsgalaxies):
return 'INVALID TAGS'
# add submitted tags
if(ltags != ''):
ltags = ltags + ',submitted'
ltags = ltags + ',' + submitted_tag
else:
ltags ='submitted'
ltags = submitted_tag
if 'file' in request.files:
@ -420,12 +429,13 @@ def create_misp_event():
analysis = int(request.form['misp_data[Event][analysis]'])
info = request.form['misp_data[Event][info]']
path = request.form['paste']
publish = request.form.get('misp_publish')
#verify input
if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2):
l_tags = list(r_serv_metadata.smembers('tag:'+path))
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path)
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path)
if event != False:
return redirect(event)
@ -467,11 +477,7 @@ def edit_tag_export():
status_misp = []
status_hive = []
# empty whitelist
if whitelist_misp == 0:
for tag in list_export_tags:
status_misp.append(True)
else:
for tag in list_export_tags:
if r_serv_db.sismember('whitelist_misp', tag):
status_misp.append(True)
@ -497,12 +503,19 @@ def edit_tag_export():
hive_active = True
else:
hive_active = False
nb_tags = str(r_serv_db.scard('list_export_tags'))
nb_tags_whitelist_misp = str(r_serv_db.scard('whitelist_misp')) + ' / ' + nb_tags
nb_tags_whitelist_hive = str(r_serv_db.scard('whitelist_hive')) + ' / ' + nb_tags
return render_template("edit_tag_export.html",
misp_active=misp_active,
hive_active=hive_active,
list_export_tags=list_export_tags,
status_misp=status_misp,
status_hive=status_hive)
status_hive=status_hive,
nb_tags_whitelist_misp=nb_tags_whitelist_misp,
nb_tags_whitelist_hive=nb_tags_whitelist_hive)
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
def tag_export_edited():
@ -525,6 +538,7 @@ def tag_export_edited():
r_serv_db.sadd('whitelist_hive', tag)
else:
return 'invalid input'
return redirect(url_for('PasteSubmit.edit_tag_export'))
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")

6
var/www/modules/PasteSubmit/templates/edit_tag_export.html
View file

@ -90,8 +90,6 @@
<div class="panel-heading">The hive auto export
{% if hive_active %}
<span class="label label-success pull-right"> Enabled</span>
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge badge-light pull-right">{{ badge }}</span>
{% endif %}
{% if not hive_active %}
<span class="label label-danger pull-right"> Disabled</span>
@ -131,6 +129,8 @@
<div class="panel panel-info">
<div class="panel-heading">
Metadata :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">{{ nb_tags_whitelist_misp }}</span>
<ul class="list-group"><li class="list-group-item">
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
<thead>
@ -168,6 +168,8 @@
<div class="panel panel-info">
<div class="panel-heading">
Metadata :
<span class="pull-right">&nbsp;&nbsp;&nbsp;</span>
<span class="badge pull-right">{{ nb_tags_whitelist_hive }}</span>
<ul class="list-group"><li class="list-group-item">
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">

9
var/www/modules/Tags/templates/Tags.html
View file

@ -65,6 +65,15 @@
</a>
</div>
<div>
<br></br>
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
<i class="fa fa-cogs fa-2x"></i>
<br></br>
<span class="label-icon">MISP and Hive, auto push</span>
</a>
</div>
</div>
<!-- /#page-wrapper -->

9
var/www/modules/Tags/templates/tagged.html
View file

@ -144,6 +144,15 @@
</a>
</div>
<div>
<br></br>
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
<i class="fa fa-cogs fa-2x"></i>
<br></br>
<span class="label-icon">MISP and Hive, auto push</span>
</a>
</div>
</div>
</body>

20
var/www/modules/showpaste/Flask_showpaste.py
View file

@ -24,6 +24,8 @@ max_preview_char = Flask_config.max_preview_char
max_preview_modal = Flask_config.max_preview_modal
DiffMaxLineLength = Flask_config.DiffMaxLineLength
bootstrap_label = Flask_config.bootstrap_label
misp_event_url = Flask_config.misp_event_url
hive_case_url = Flask_config.hive_case_url
showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
@ -124,8 +126,24 @@ def showpaste(content_range):
else:
hive = True
misp_event = r_serv_metadata.get('misp_events:path')
if misp_event is None:
misp_eventid = False
misp_url = ''
else:
misp_eventid = True
misp_url = misp_event_url + misp_event
hive_case = r_serv_metadata.get('hive_cases:path')
if hive_case is None:
hive_caseid = False
hive_url = ''
else:
hive_caseid = True
hive_url = hive_case_url.replace('id_here', hive_case)
return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
misp=misp, hive=hive)
misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url)
# ============ ROUTES ============

22
var/www/modules/showpaste/templates/show_saved_paste.html
View file

@ -201,8 +201,8 @@
<div class="input clear required">
<label for="EventThreatLevelId">Threat Level</label>
<select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required">
<option value="1" selected="selected">High</option>
<option value="2">Medium</option>
<option value="1">High</option>
<option value="2" selected="selected">Medium</option>
<option value="3">Low</option>
<option value="4">Undefined</option>
</select>
@ -219,8 +219,19 @@
<label for="EventInfo">Event Info</label>
<input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/>
</div>
<div class="clear">
<label for="EventInfo">Publish Event</label>
<input type="checkbox" value="True" id="misp_publish" name="misp_publish" >
</div>
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
{% if misp_eventid %}
<br>
<div class="list-group" id="misp_event">
<li class="list-group-item active">MISP Events already Created</li>
<a target="_blank" href="{{ misp_url }}" class="list-group-item">{{ misp_url }}</a></div>
{% endif %}
</div>
<div class="modal-footer center">
<button class="btn btn-primary">
@ -283,6 +294,13 @@
</div>
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
{% if hive_caseid %}
<br>
<div class="list-group" id="misp_event">
<li class="list-group-item active">The Hive Case already Created</li>
<a target="_blank" href="{{ hive_url }}" class="list-group-item">{{ hive_url }}</a></div>
{% endif %}
</div>
<div class="modal-footer center">
<button href="" class="btn btn-primary">