From 7470792902650f72a48864fb679eed11f1ed4dbe Mon Sep 17 00:00:00 2001 From: Terrtia Date: Fri, 11 Mar 2022 15:46:29 +0100 Subject: [PATCH] fix: [Investigation] edit misp event + add misp instance url --- bin/export/MispExport.py | 21 +++++++++---------- bin/lib/Investigations.py | 13 +++++++++--- .../investigations/view_investigation.html | 10 ++++++++- 3 files changed, 29 insertions(+), 15 deletions(-) diff --git a/bin/export/MispExport.py b/bin/export/MispExport.py index f038fbac..26b1f28a 100755 --- a/bin/export/MispExport.py +++ b/bin/export/MispExport.py @@ -447,25 +447,24 @@ def create_investigation_event(investigation_uuid): if misp_obj: event.add_object(misp_obj) - #taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags()) - #event.Tag = taxonomies_tags - #event.Galaxy = galaxies_tags - #print(galaxies_tags) - #event.add_galaxy(galaxies_tags) - # if publish: # event.publish() - # res = event.to_json() - # print(event.to_json()) misp = PyMISP(misp_url, misp_key, misp_verifycert) - misp_event = misp.add_event(event) - #print(misp_event) + if misp.event_exists(event.uuid): + misp_event = misp.update_event(event) + else: + misp_event = misp.add_event(event) # # TODO: handle error event_metadata = extract_event_metadata(misp_event) - print(event_metadata) + if event_metadata.get('uuid'): + if misp_url[-1] == '/': + url = misp_url[:-1] + else: + url = misp_url + investigation.add_misp_events(url) return event_metadata # if __name__ == '__main__': diff --git a/bin/lib/Investigations.py b/bin/lib/Investigations.py index 70fd6554..55775830 100755 --- a/bin/lib/Investigations.py +++ b/bin/lib/Investigations.py @@ -94,8 +94,7 @@ class Investigation(object): def get_uuid(self, separator=False): if separator: - res = str(uuid.uuid4()) - return uuid.UUID(hex=res, version=4) + return uuid.UUID(hex=self.uuid, version=4) else: return self.uuid @@ -146,6 +145,9 @@ class Investigation(object): last_change = datetime.datetime.fromtimestamp(float(last_change)).strftime('%Y-%m-%d %H:%M:%S') return last_change + def get_misp_events(self): + return r_tracking.smembers(f'investigations:misp:{self.uuid}') + # # TODO: DATE FORMAT def get_metadata(self, r_str=False): if r_str: @@ -164,7 +166,8 @@ class Investigation(object): 'timestamp': self.get_timestamp(r_str=r_str), 'last_change': self.get_last_change(r_str=r_str), 'info': self.get_info(), - 'nb_objects': self.get_nb_objects()} + 'nb_objects': self.get_nb_objects(), + 'misp_events': self.get_misp_events()} def set_name(self, name): r_tracking.hset(f'investigations:data:{self.uuid}', 'name', name) @@ -198,6 +201,9 @@ class Investigation(object): else: raise UpdateInvestigationError(f'Invalid analysis: {analysis}') + def add_misp_events(self, misp_url): + r_tracking.sadd(f'investigations:misp:{self.uuid}', misp_url) + def set_tags(self, tags): # delete previous tags r_tracking.delete(f'investigations:tags:{self.uuid}') @@ -252,6 +258,7 @@ class Investigation(object): # metadata r_tracking.delete(f'investigations:data:{self.uuid}') r_tracking.delete(f'investigations:tags:{self.uuid}') + r_tracking.delete(f'investigations:misp:{self.uuid}') ##-- Class --## diff --git a/var/www/templates/investigations/view_investigation.html b/var/www/templates/investigations/view_investigation.html index 9bfe824d..2cc7a776 100644 --- a/var/www/templates/investigations/view_investigation.html +++ b/var/www/templates/investigations/view_investigation.html @@ -99,12 +99,20 @@ Edit - + Export as Event + {% if metadata['misp_events'] %} + {% for misp_url in metadata['misp_events'] %} + + {{misp_url}}/events/view/{{metadata['uuid'][:8]}}-{{metadata['uuid'][8:12]}}-{{metadata['uuid'][12:16]}}-{{metadata['uuid'][16:20]}}-{{metadata['uuid'][20:]}}
+
+ {% endfor %} + {% endif %} +