mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-10 08:38:28 +00:00
change default submit tag, event-path map, publish events
This commit is contained in:
parent
aee1b50ef1
commit
704e6f0ad1
8 changed files with 95 additions and 25 deletions
|
@ -167,14 +167,14 @@ if __name__ == "__main__":
|
|||
if HiveApi != False:
|
||||
if int(r_serv_db.get('hive:auto-alerts')) == 1:
|
||||
whitelist_hive = r_serv_db.scard('whitelist_hive')
|
||||
if r_serv_db.scard('whitelist_hive') == 0 or r_serv_db.sismember('whitelist_hive', tag):
|
||||
if r_serv_db.sismember('whitelist_hive', tag):
|
||||
create_the_hive_alert(source, path, full_path, tag)
|
||||
|
||||
else:
|
||||
print('hive, auto alerts creation disable')
|
||||
if flag_misp:
|
||||
if int(r_serv_db.get('misp:auto-events')) == 1:
|
||||
if r_serv_db.scard('whitelist_misp') == 0 or r_serv_db.sismember('whitelist_misp', tag):
|
||||
if r_serv_db.sismember('whitelist_misp', tag):
|
||||
misp_wrapper.pushToMISP(uuid_ail, path, tag)
|
||||
else:
|
||||
print('misp, auto events creation disable')
|
||||
|
|
|
@ -121,7 +121,7 @@ class ObjectWrapper:
|
|||
analysis, info, date,
|
||||
published, orgc_id, org_id, sharing_group_id)
|
||||
eventUuid = event['Event']['uuid']
|
||||
self.pymisp.tag(eventUuid, 'infoleak:source="unknown"')
|
||||
self.pymisp.tag(eventUuid, 'infoleak:output-format="ail-daily"')
|
||||
return event
|
||||
|
||||
# Publish object to MISP
|
||||
|
|
|
@ -133,7 +133,7 @@ def addTagsVerification(tags, tagsgalaxies):
|
|||
def date_to_str(date):
|
||||
return "{0}-{1}-{2}".format(date.year, date.month, date.day)
|
||||
|
||||
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path):
|
||||
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path):
|
||||
|
||||
paste = Paste.Paste(path)
|
||||
source = path.split('/')[-6:]
|
||||
|
@ -165,6 +165,9 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
|
|||
|
||||
today = datetime.date.today()
|
||||
# [0-3]
|
||||
if publish == 'True':
|
||||
published = True
|
||||
else:
|
||||
published = False
|
||||
org_id = None
|
||||
orgc_id = None
|
||||
|
@ -176,6 +179,8 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
|
|||
eventUuid = event['Event']['uuid']
|
||||
eventid = event['Event']['id']
|
||||
|
||||
r_serv_metadata.set('misp_events:path', eventid)
|
||||
|
||||
# add tags
|
||||
for tag in l_tags:
|
||||
pymisp.tag(eventUuid, tag)
|
||||
|
@ -246,6 +251,8 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
|
|||
if res.status_code != 201:
|
||||
print('ko: {}/{}'.format(res.status_code, res.text))
|
||||
|
||||
r_serv_metadata.set('hive_cases:path', id)
|
||||
|
||||
return hive_case_url.replace('id_here', id)
|
||||
else:
|
||||
print('ko: {}/{}'.format(response.status_code, response.text))
|
||||
|
@ -275,15 +282,17 @@ def submit():
|
|||
ltagsgalaxies = request.form['tags_galaxies']
|
||||
paste_content = request.form['paste_content']
|
||||
|
||||
submitted_tag = 'infoleak:submission="manual"'
|
||||
|
||||
if ltags or ltagsgalaxies:
|
||||
if not addTagsVerification(ltags, ltagsgalaxies):
|
||||
return 'INVALID TAGS'
|
||||
|
||||
# add submitted tags
|
||||
if(ltags != ''):
|
||||
ltags = ltags + ',submitted'
|
||||
ltags = ltags + ',' + submitted_tag
|
||||
else:
|
||||
ltags ='submitted'
|
||||
ltags = submitted_tag
|
||||
|
||||
if 'file' in request.files:
|
||||
|
||||
|
@ -420,12 +429,13 @@ def create_misp_event():
|
|||
analysis = int(request.form['misp_data[Event][analysis]'])
|
||||
info = request.form['misp_data[Event][info]']
|
||||
path = request.form['paste']
|
||||
publish = request.form.get('misp_publish')
|
||||
|
||||
#verify input
|
||||
if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2):
|
||||
|
||||
l_tags = list(r_serv_metadata.smembers('tag:'+path))
|
||||
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path)
|
||||
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path)
|
||||
|
||||
if event != False:
|
||||
return redirect(event)
|
||||
|
@ -467,11 +477,7 @@ def edit_tag_export():
|
|||
status_misp = []
|
||||
status_hive = []
|
||||
|
||||
# empty whitelist
|
||||
if whitelist_misp == 0:
|
||||
for tag in list_export_tags:
|
||||
status_misp.append(True)
|
||||
else:
|
||||
|
||||
for tag in list_export_tags:
|
||||
if r_serv_db.sismember('whitelist_misp', tag):
|
||||
status_misp.append(True)
|
||||
|
@ -497,12 +503,19 @@ def edit_tag_export():
|
|||
hive_active = True
|
||||
else:
|
||||
hive_active = False
|
||||
|
||||
nb_tags = str(r_serv_db.scard('list_export_tags'))
|
||||
nb_tags_whitelist_misp = str(r_serv_db.scard('whitelist_misp')) + ' / ' + nb_tags
|
||||
nb_tags_whitelist_hive = str(r_serv_db.scard('whitelist_hive')) + ' / ' + nb_tags
|
||||
|
||||
return render_template("edit_tag_export.html",
|
||||
misp_active=misp_active,
|
||||
hive_active=hive_active,
|
||||
list_export_tags=list_export_tags,
|
||||
status_misp=status_misp,
|
||||
status_hive=status_hive)
|
||||
status_hive=status_hive,
|
||||
nb_tags_whitelist_misp=nb_tags_whitelist_misp,
|
||||
nb_tags_whitelist_hive=nb_tags_whitelist_hive)
|
||||
|
||||
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
|
||||
def tag_export_edited():
|
||||
|
@ -525,6 +538,7 @@ def tag_export_edited():
|
|||
r_serv_db.sadd('whitelist_hive', tag)
|
||||
else:
|
||||
return 'invalid input'
|
||||
|
||||
return redirect(url_for('PasteSubmit.edit_tag_export'))
|
||||
|
||||
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
|
||||
|
|
|
@ -90,8 +90,6 @@
|
|||
<div class="panel-heading">The hive auto export
|
||||
{% if hive_active %}
|
||||
<span class="label label-success pull-right"> Enabled</span>
|
||||
<span class="pull-right"> </span>
|
||||
<span class="badge badge-light pull-right">{{ badge }}</span>
|
||||
{% endif %}
|
||||
{% if not hive_active %}
|
||||
<span class="label label-danger pull-right"> Disabled</span>
|
||||
|
@ -131,6 +129,8 @@
|
|||
<div class="panel panel-info">
|
||||
<div class="panel-heading">
|
||||
Metadata :
|
||||
<span class="pull-right"> </span>
|
||||
<span class="badge pull-right">{{ nb_tags_whitelist_misp }}</span>
|
||||
<ul class="list-group"><li class="list-group-item">
|
||||
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
|
||||
<thead>
|
||||
|
@ -168,6 +168,8 @@
|
|||
<div class="panel panel-info">
|
||||
<div class="panel-heading">
|
||||
Metadata :
|
||||
<span class="pull-right"> </span>
|
||||
<span class="badge pull-right">{{ nb_tags_whitelist_hive }}</span>
|
||||
<ul class="list-group"><li class="list-group-item">
|
||||
|
||||
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">
|
||||
|
|
|
@ -65,6 +65,15 @@
|
|||
</a>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<br></br>
|
||||
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
|
||||
<i class="fa fa-cogs fa-2x"></i>
|
||||
<br></br>
|
||||
<span class="label-icon">MISP and Hive, auto push</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /#page-wrapper -->
|
||||
|
|
|
@ -144,6 +144,15 @@
|
|||
</a>
|
||||
</div>
|
||||
|
||||
<div>
|
||||
<br></br>
|
||||
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
|
||||
<i class="fa fa-cogs fa-2x"></i>
|
||||
<br></br>
|
||||
<span class="label-icon">MISP and Hive, auto push</span>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</body>
|
||||
|
|
|
@ -24,6 +24,8 @@ max_preview_char = Flask_config.max_preview_char
|
|||
max_preview_modal = Flask_config.max_preview_modal
|
||||
DiffMaxLineLength = Flask_config.DiffMaxLineLength
|
||||
bootstrap_label = Flask_config.bootstrap_label
|
||||
misp_event_url = Flask_config.misp_event_url
|
||||
hive_case_url = Flask_config.hive_case_url
|
||||
|
||||
showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
|
||||
|
||||
|
@ -124,8 +126,24 @@ def showpaste(content_range):
|
|||
else:
|
||||
hive = True
|
||||
|
||||
misp_event = r_serv_metadata.get('misp_events:path')
|
||||
if misp_event is None:
|
||||
misp_eventid = False
|
||||
misp_url = ''
|
||||
else:
|
||||
misp_eventid = True
|
||||
misp_url = misp_event_url + misp_event
|
||||
|
||||
hive_case = r_serv_metadata.get('hive_cases:path')
|
||||
if hive_case is None:
|
||||
hive_caseid = False
|
||||
hive_url = ''
|
||||
else:
|
||||
hive_caseid = True
|
||||
hive_url = hive_case_url.replace('id_here', hive_case)
|
||||
|
||||
return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
|
||||
misp=misp, hive=hive)
|
||||
misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url)
|
||||
|
||||
# ============ ROUTES ============
|
||||
|
||||
|
|
|
@ -201,8 +201,8 @@
|
|||
<div class="input clear required">
|
||||
<label for="EventThreatLevelId">Threat Level</label>
|
||||
<select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required">
|
||||
<option value="1" selected="selected">High</option>
|
||||
<option value="2">Medium</option>
|
||||
<option value="1">High</option>
|
||||
<option value="2" selected="selected">Medium</option>
|
||||
<option value="3">Low</option>
|
||||
<option value="4">Undefined</option>
|
||||
</select>
|
||||
|
@ -219,8 +219,19 @@
|
|||
<label for="EventInfo">Event Info</label>
|
||||
<input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/>
|
||||
</div>
|
||||
<div class="clear">
|
||||
<label for="EventInfo">Publish Event</label>
|
||||
<input type="checkbox" value="True" id="misp_publish" name="misp_publish" >
|
||||
</div>
|
||||
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
|
||||
|
||||
{% if misp_eventid %}
|
||||
<br>
|
||||
<div class="list-group" id="misp_event">
|
||||
<li class="list-group-item active">MISP Events already Created</li>
|
||||
<a target="_blank" href="{{ misp_url }}" class="list-group-item">{{ misp_url }}</a></div>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
<div class="modal-footer center">
|
||||
<button class="btn btn-primary">
|
||||
|
@ -283,6 +294,13 @@
|
|||
</div>
|
||||
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
|
||||
|
||||
{% if hive_caseid %}
|
||||
<br>
|
||||
<div class="list-group" id="misp_event">
|
||||
<li class="list-group-item active">The Hive Case already Created</li>
|
||||
<a target="_blank" href="{{ hive_url }}" class="list-group-item">{{ hive_url }}</a></div>
|
||||
{% endif %}
|
||||
|
||||
</div>
|
||||
<div class="modal-footer center">
|
||||
<button href="" class="btn btn-primary">
|
||||
|
|
Loading…
Reference in a new issue