AIL/ail-framework
7
1
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2025-09-07 23:52:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chg: [v4.1] add Investigation with MISP Export + v4.1 update

Browse source
This commit is contained in:
Terrtia 2022-03-07 15:12:01 +01:00
parent 303c8001e5
commit f40d8f47c2
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
41 changed files with 3140 additions and 488 deletions
Download patch file Download diff file Expand all files Collapse all files

2
var/www/Flask_server.py
View file

@ -42,6 +42,7 @@ from blueprints.crawler_splash import crawler_splash
from blueprints.correlation import correlation
from blueprints.tags_ui import tags_ui
from blueprints.import_export import import_export
from blueprints.investigations_b import investigations_b
from blueprints.objects_item import objects_item
from blueprints.hunters import hunters
from blueprints.old_endpoints import old_endpoints
@ -101,6 +102,7 @@ app.register_blueprint(crawler_splash, url_prefix=baseUrl)
app.register_blueprint(correlation, url_prefix=baseUrl)
app.register_blueprint(tags_ui, url_prefix=baseUrl)
app.register_blueprint(import_export, url_prefix=baseUrl)
app.register_blueprint(investigations_b, url_prefix=baseUrl)
app.register_blueprint(objects_item, url_prefix=baseUrl)
app.register_blueprint(hunters, url_prefix=baseUrl)
app.register_blueprint(old_endpoints, url_prefix=baseUrl)

27
var/www/blueprints/crawler_splash.py
View file

@ -28,7 +28,7 @@ import crawlers
import Domain
import Language
import Config_DB
#import Config_DB
r_cache = Flask_config.r_cache
r_serv_db = Flask_config.r_serv_db
@ -295,6 +295,15 @@ def domains_search_name():
l_dict_domains=l_dict_domains, bootstrap_label=bootstrap_label,
domains_types=domains_types)
@crawler_splash.route('/domains/TODO', methods=['GET'])
@login_required
@login_analyst
def domains_todo():
domain_type = request.args.get('type')
last_domains = Domain.get_last_crawled_domains(domain_type)
##-- --##
@ -349,8 +358,8 @@ def crawler_cookiejar_add_post():
return redirect(url_for('crawler_splash.crawler_cookiejar_show', cookiejar_uuid=cookiejar_uuid))
@crawler_splash.route('/crawler/cookiejar/all', methods=['GET'])
#@login_required
#@login_read_only
@login_required
@login_read_only
def crawler_cookiejar_all():
user_id = current_user.get_id()
user_cookiejar = crawlers.get_cookiejar_metadata_by_iterator(crawlers.get_user_cookiejar(user_id))
@ -358,8 +367,8 @@ def crawler_cookiejar_all():
return render_template("all_cookiejar.html", user_cookiejar=user_cookiejar, global_cookiejar=global_cookiejar)
@crawler_splash.route('/crawler/cookiejar/show', methods=['GET'])
#@login_required
#@login_read_only
@login_required
@login_read_only
def crawler_cookiejar_show():
user_id = current_user.get_id()
cookiejar_uuid = request.args.get('cookiejar_uuid')
@ -379,8 +388,8 @@ def crawler_cookiejar_show():
l_cookies=l_cookies, l_cookie_uuid=l_cookie_uuid)
@crawler_splash.route('/crawler/cookiejar/cookie/delete', methods=['GET'])
#@login_required
#@login_read_only
@login_required
@login_read_only
def crawler_cookiejar_cookie_delete():
user_id = current_user.get_id()
cookiejar_uuid = request.args.get('cookiejar_uuid')
@ -392,8 +401,8 @@ def crawler_cookiejar_cookie_delete():
return redirect(url_for('crawler_splash.crawler_cookiejar_show', cookiejar_uuid=cookiejar_uuid))
@crawler_splash.route('/crawler/cookiejar/delete', methods=['GET'])
#@login_required
#@login_read_only
@login_required
@login_read_only
def crawler_cookiejar_delete():
user_id = current_user.get_id()
cookiejar_uuid = request.args.get('cookiejar_uuid')

14
var/www/blueprints/import_export.py
View file

@ -182,6 +182,20 @@ def add_object_id_to_export():
# redirect
return redirect(url_for('import_export.export_object'))
@import_export.route("/import_export/investigation", methods=['GET'])
@login_required
@login_analyst
def export_investigation():
investigation_uuid = request.args.get("uuid")
if MispExport.ping_misp():
event_metadata = MispExport.create_investigation_event(investigation_uuid)
else:
return Response(json.dumps({"error": "Can't reach MISP Instance"}, indent=2, sort_keys=True), mimetype='application/json'), 400
return redirect(url_for('investigations_b.show_investigation', uuid=investigation_uuid))
# @import_export.route("/import_export/delete_object_id_to_export", methods=['GET'])
# @login_required
# @login_analyst

212
var/www/blueprints/investigations_b.py Normal file
View file

@ -0,0 +1,212 @@
#!/usr/bin/env python3
# -*-coding:UTF-8 -*
'''
Blueprint Flask: ail_investigations
'''
import os
import sys
import json
from flask import Flask, render_template, jsonify, request, Blueprint, redirect, url_for, Response, abort, send_file
from flask_login import login_required, current_user
# Import Role_Manager
from Role_Manager import login_admin, login_analyst, login_read_only
sys.path.append('modules')
import Flask_config
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'lib'))
import Investigations
from lib.objects import ail_objects
sys.path.append(os.path.join(os.environ['AIL_BIN'], 'packages'))
import Tag
# ============ BLUEPRINT ============
investigations_b = Blueprint('investigations_b', __name__, template_folder=os.path.join(os.environ['AIL_FLASK'], 'templates/investigations'))
# ============ VARIABLES ============
bootstrap_label = Flask_config.bootstrap_label
# ============ FUNCTIONS ============
def create_json_response(data, status_code):
return Response(json.dumps(data, indent=2, sort_keys=True), mimetype='application/json'), status_code
# ============= ROUTES ==============
@investigations_b.route("/investigations", methods=['GET'])
@login_required
@login_read_only
def investigations_dashboard():
investigations = Investigations.get_all_investigations_meta(r_str=True)
return render_template("investigations.html", bootstrap_label=bootstrap_label,
investigations=investigations)
@investigations_b.route("/investigation", methods=['GET']) ## FIXME: add /view ????
@login_required
@login_read_only
def show_investigation():
investigation_uuid = request.args.get("uuid")
investigation = Investigations.Investigation(investigation_uuid)
metadata = investigation.get_metadata(r_str=True)
objs = ail_objects.get_objects_meta(investigation.get_objects(), icon=True)
return render_template("view_investigation.html", bootstrap_label=bootstrap_label,
metadata=metadata, investigation_objs=objs)
@investigations_b.route("/investigation/add", methods=['GET', 'POST'])
@login_required
@login_read_only
def add_investigation():
if request.method == 'POST':
user_id = current_user.get_id()
name = request.form.get("investigation_name")
date = request.form.get("investigation_date")
threat_level = request.form.get("threat_level")
analysis = request.form.get("analysis")
info = request.form.get("investigation_info")
# tags
taxonomies_tags = request.form.get('taxonomies_tags')
if taxonomies_tags:
try:
taxonomies_tags = json.loads(taxonomies_tags)
except Exception:
taxonomies_tags = []
else:
taxonomies_tags = []
galaxies_tags = request.form.get('galaxies_tags')
if galaxies_tags:
try:
galaxies_tags = json.loads(galaxies_tags)
except Exception:
galaxies_tags = []
tags = taxonomies_tags + galaxies_tags
input_dict = {"user_id": user_id, "name": name,
"threat_level": threat_level, "date": date,
"analysis": analysis, "info": info, "tags": tags}
res = Investigations.api_add_investigation(input_dict)
if res[1] != 200:
return create_json_response(res[0], res[1])
return redirect(url_for('investigations_b.show_investigation', uuid=res[0]))
else:
return render_template("add_investigation.html", tags_selector_data=Tag.get_tags_selector_data())
@investigations_b.route("/investigation/edit", methods=['GET', 'POST'])
@login_required
@login_read_only
def edit_investigation():
if request.method == 'POST':
user_id = current_user.get_id()
investigation_uuid = request.form.get("investigation_uuid")
name = request.form.get("investigation_name")
date = request.form.get("investigation_date")
threat_level = request.form.get("threat_level")
analysis = request.form.get("analysis")
info = request.form.get("investigation_info")
# tags
taxonomies_tags = request.form.get('taxonomies_tags')
if taxonomies_tags:
try:
taxonomies_tags = json.loads(taxonomies_tags)
except Exception:
taxonomies_tags = []
else:
taxonomies_tags = []
galaxies_tags = request.form.get('galaxies_tags')
if galaxies_tags:
try:
galaxies_tags = json.loads(galaxies_tags)
except Exception:
galaxies_tags = []
tags = taxonomies_tags + galaxies_tags
input_dict = {"user_id": user_id, "uuid": investigation_uuid,
"name": name, "threat_level": threat_level,
"analysis": analysis, "info": info, "tags": tags}
res = Investigations.api_edit_investigation(input_dict)
if res[1] != 200:
return create_json_response(res[0], res[1])
return redirect(url_for('investigations_b.show_investigation', uuid=res[0]))
else:
investigation_uuid = request.args.get('uuid')
investigation = Investigations.Investigation(investigation_uuid)
metadata = investigation.get_metadata(r_str=False)
taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(metadata['tags'])
tags_selector_data = Tag.get_tags_selector_data()
tags_selector_data['taxonomies_tags'] = taxonomies_tags
tags_selector_data['galaxies_tags'] = galaxies_tags
return render_template("add_investigation.html", edit=True,
tags_selector_data=tags_selector_data, metadata=metadata)
@investigations_b.route("/investigation/delete", methods=['GET'])
@login_required
@login_read_only
def delete_investigation():
investigation_uuid = request.args.get('uuid')
input_dict = {"uuid": investigation_uuid}
res = Investigations.api_delete_investigation(input_dict)
if res[1] != 200:
return create_json_response(res[0], res[1])
return redirect(url_for('investigations_b.investigations_dashboard'))
@investigations_b.route("/investigation/object/register", methods=['GET'])
@login_required
@login_read_only
def register_investigation():
investigations_uuid = request.args.get('uuids')
investigations_uuid = investigations_uuid.split(',')
object_type = request.args.get('type')
object_subtype = request.args.get('subtype')
object_id = request.args.get('id')
for investigation_uuid in investigations_uuid:
input_dict = {"uuid": investigation_uuid, "id": object_id,
"type": object_type, "subtype": object_subtype}
res = Investigations.api_register_object(input_dict)
if res[1] != 200:
return create_json_response(res[0], res[1])
return redirect(url_for('investigations_b.investigations_dashboard', uuid=investigation_uuid))
@investigations_b.route("/investigation/object/unregister", methods=['GET'])
@login_required
@login_read_only
def unregister_investigation():
investigation_uuid = request.args.get('uuid')
object_type = request.args.get('type')
object_subtype = request.args.get('subtype')
object_id = request.args.get('id')
input_dict = {"uuid": investigation_uuid, "id": object_id,
"type": object_type, "subtype": object_subtype}
res = Investigations.api_unregister_object(input_dict)
if res[1] != 200:
return create_json_response(res[0], res[1])
return redirect(url_for('investigations_b.show_investigation', uuid=investigation_uuid))
@investigations_b.route("/investigation/all/selector_json")
@login_required
@login_read_only
def get_investigations_selector_json():
return jsonify(Investigations.get_investigations_selector())
#
# @investigations_b.route("/object/item") #completely shows the paste in a new tab
# @login_required
# @login_analyst
# def showItem(): # # TODO: support post
# item_id = request.args.get('id')
# if not item_id or not Item.exist_item(item_id):
# abort(404)
#
# return render_template("show_item.html", bootstrap_label=bootstrap_label)

6
var/www/modules/settings/Flask_settings.py
View file

@ -288,5 +288,11 @@ def passive_dns_change_state():
passivedns_enabled = d4.change_passive_dns_state(new_state)
return redirect(url_for('settings.passive_dns'))
@settings.route("/settings/ail", methods=['GET'])
@login_required
@login_admin
def ail_configs():
return render_template("ail_configs.html", passivedns_enabled=None)
# ========= REGISTRATION =========
app.register_blueprint(settings, url_prefix=baseUrl)

93
var/www/modules/settings/templates/ail_configs.html Normal file
View file

@ -0,0 +1,93 @@
<!DOCTYPE html>
<html>
<head>
<title>Passive DNS - AIL</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png') }}">
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/font-awesome.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap4.min.css') }}" rel="stylesheet">
<!-- JS -->
<script src="{{ url_for('static', filename='js/jquery.js')}}"></script>
<script src="{{ url_for('static', filename='js/popper.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/bootstrap4.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
</head>
<body>
{% include 'nav_bar.html' %}
<div class="container-fluid">
<div class="row">
{% include 'settings/menu_sidebar.html' %}
<div class="col-12 col-lg-10" id="core_content">
<div class="card my-3">
<div class="card-body">
<div class="container-fluid">
<div class="row">
<div class="col-12 col-lg-4">
<a href="https://www.misp-project.org/">
<img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP project">
</a>
</div>
<div class="col-12 col-lg-8">
<form>
<div class="form-group">
<label for="misp_url">Url</label>
<input class="form-control" type="text" id="misp_url" name="misp_url" placeholder="URL of the MISP instance">
</div>
<div class="form-group">
<label for="misp_key">Key</label>
<input class="form-control" type="text" id="misp_key" name="misp_key" placeholder="API key of the user you want to use">
</div>
<div class="form-group">
<label for="misp_key">Org UUID</label>
<input class="form-control" type="text" id="org_uuid" name="org_uuid" placeholder="Org UUID">
</div>
<button type="submit" class="btn btn-primary">Update</button>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
<script>
$(document).ready(function(){
$("#nav_settings").removeClass("text-muted");
$("#nav_ail_configs").addClass("active");
} );
function toggle_sidebar(){
if($('#nav_menu').is(':visible')){
$('#nav_menu').hide();
$('#side_menu').removeClass('border-right')
$('#side_menu').removeClass('col-lg-2')
$('#core_content').removeClass('col-lg-10')
}else{
$('#nav_menu').show();
$('#side_menu').addClass('border-right')
$('#side_menu').addClass('col-lg-2')
$('#core_content').addClass('col-lg-10')
}
}
</script>
</html>

13
var/www/static/css/ail-project.css
View file

@ -5,3 +5,16 @@
padding-left: 0.15em;
background-color: #2e5;
}
.blue {
color: #0088cc !important;
}
.bold {
font-weight: bold;
}
.object_node_icon {
font-size: 16px;
pointer-events: none;
}

8
var/www/templates/correlation/metadata_card_cryptocurrency.html
View file

@ -78,6 +78,14 @@
<a class="btn btn-secondary" href="{{ url_for('correlation.show_correlation') }}?object_type=cryptocurrency&type_id=bitcoin&correlation_id={{ dict_object['correlation_id'] }}&expand_card=True&correlation_objects=paste">Expand Bitcoin address</a>
{% endif %}
{% endif %}
{% with obj_type='cryptocurrency', obj_id=dict_object['correlation_id'], obj_subtype=dict_object["metadata"]["type_id"] %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

8
var/www/templates/correlation/metadata_card_decoded.html
View file

@ -88,6 +88,14 @@
<button class='btn btn-info'><i class="fas fa-download"></i> Download Decoded file
</button>
</a>
{% with obj_type='decoded', obj_id=dict_object['correlation_id'], obj_subtype='' %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

8
var/www/templates/correlation/metadata_card_domain.html
View file

@ -64,5 +64,13 @@
</li>
</ul>
{% with obj_type='domain', obj_id=dict_object['correlation_id'], obj_subtype='' %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

8
var/www/templates/correlation/metadata_card_paste.html
View file

@ -46,5 +46,13 @@
</li>
</ul>
{% with obj_type='item', obj_id=dict_object['correlation_id'], obj_subtype='' %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

8
var/www/templates/correlation/metadata_card_pgp.html
View file

@ -40,6 +40,14 @@
</div>
</li>
</ul>
{% with obj_type='pgp', obj_id=dict_object['correlation_id'], obj_subtype=dict_object["metadata"]["type_id"] %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

8
var/www/templates/correlation/metadata_card_screenshot.html
View file

@ -78,6 +78,14 @@
</div>
</li>
</ul>
{% with obj_type='screenshot', obj_id=dict_object['correlation_id'], obj_subtype='' %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

8
var/www/templates/correlation/metadata_card_username.html
View file

@ -40,6 +40,14 @@
</div>
</li>
</ul>
{% with obj_type='username', obj_id=dict_object['correlation_id'], obj_subtype=dict_object["metadata"]["type_id"] %}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>

214
var/www/templates/investigations/add_investigation.html Normal file
View file

@ -0,0 +1,214 @@
<!DOCTYPE html>
<html>
<head>
<title>AIL-Framework</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png')}}">
<!-- Core CSS -->
<link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='css/ail-project.css') }}" />
<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/font-awesome.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/daterangepicker.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/tags.css') }}" rel="stylesheet" type="text/css" />
<!-- JS -->
<script src="{{ url_for('static', filename='js/jquery.js')}}"></script>
<script src="{{ url_for('static', filename='js/popper.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/bootstrap4.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/moment.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/jquery.daterangepicker.min.js') }}"></script>
<script src="{{ url_for('static', filename='js/tags.js') }}"></script>
</head>
<body>
{% include 'nav_bar.html' %}
<div class="container-fluid">
<div class="row">
{% include 'sidebars/sidebar_objects.html' %}
<div class="col-12 col-lg-10" id="core_content">
<div class="card my-3">
<div class="card-header bg-dark text-white">
<h5 class="card-title">
{% if edit %}
Edit Investigation
{% else %}
Create Investigation
{% endif %}
</h5>
</div>
<div class="card-body">
<form action="{% if edit %}{{ url_for('investigations_b.edit_investigation') }}{% else %}{{ url_for('investigations_b.add_investigation') }}{% endif %}" method='post' onsubmit="SubmitCreateInvestigation();">
{% if edit %}
<input id="investigation_uuid" name="investigation_uuid" type="text" value="{{ metadata['uuid'] }}" hidden>
{% endif %}
<div class="row">
<div class="col-12 col-xl-9">
<div class="input-group mb-2 mr-sm-2">
<div class="input-group-prepend">
<div class="input-group-text bg-dark text-white"><i class="fas fa-quote-right"></i></div>
</div>
<input id="investigation_info" name="investigation_info" class="form-control" placeholder="Quick Investigation Info" type="text" {% if edit %}value="{{metadata['info']}}"{% endif %} required>
</div>
<div class="row">
<div class="col-12 col-xl-6">
<div class="form-group">
<label for="threat_level">Threat Level:
<span id="threat_level_idInfoPopover" class="fas fa-info-circle" data-toggle="popover" data-trigger="hover"></span>
<script type="text/javascript">
$(function() {
$('#threat_level_idInfoPopover').popover({
html: true,
content: function() {
var tempSelector = '#threat_level';
return $('<div>').append(
$('<span>').attr('class', 'blue bold').text($(tempSelector +" option:selected").text())
).append(
$('<span>').text(': ' + fieldDesc[$(tempSelector).val()])
);
}
});
var fieldDesc = {"1":"*high* means sophisticated APT malware or 0-day attack","2":"*medium* means APT malware","3":"*low* means mass-malware","4":"*undefined* no risk"};
});
</script>
</label>
<select class="form-control" id="threat_level" name="threat_level" required>
<option value="1">High</option>
<option value="2">Medium</option>
<option value="3">Low</option>
<option value="4">Undefined</option>
</select>
</div>
</div>
<div class="col-12 col-xl-6">
<div class="form-group">
<label for="analysis">Analysis:
<span id="analysis_idInfoPopover" class="fas fa-info-circle" data-toggle="popover" data-trigger="hover"></span>
<script type="text/javascript">
$(function() {
$('#analysis_idInfoPopover').popover({
html: true,
content: function() {
var tempSelector = '#analysis';
return $('<div>').append(
$('<span>').attr('class', 'blue bold').text($(tempSelector +" option:selected").text())
).append(
$('<span>').text(': ' + fieldDesc[$(tempSelector).val()])
);
}
});
var fieldDesc = {"0":"Investigation has just been created and is in an initial state","1":"The analysis is still ongoing","2":"The Investigation creator considers the analysis complete"};
});
</script>
</label>
<select class="form-control" id="analysis" name="analysis" required>
<option value="0">Initial</option>
<option value="1">Ongoing</option>
<option value="2">Completed</option>
</select>
</div>
</div>
</div>
<div class="input-group" id="ivestigation-date">
<div class="input-group-prepend"><span class="input-group-text bg-secondary text-white"><i class="far fa-calendar-alt" aria-hidden="true"></i></span></div>
<input class="form-control" id="ivestigation-date-input" placeholder="yyyy-mm-dd" name="investigation_date" autocomplete="off" required>
</div>
<div class="card my-4">
<div class="card-header bg-secondary text-white">
<b>Tags</b>
</div>
<div class="card-body">
{% include 'tags/block_tags_selector.html' %}
</div>
</div>
</div>
<div class="col-12 col-xl-3">
{% if edit %}
Edit Investigation
{% else %}
Create a new Investigation
{% endif %}
</div>
</div>
<br>
<button class="btn btn-primary mt-2">
{% if edit %}
<i class="fas fa-pencil-alt"></i> Edit Investigation
{% else %}
<i class="fas fa-plus"></i> Create Investigation
{% endif %}
</button>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
<script>
$(document).ready(function(){
$('#nav_investigation').removeClass("text-muted");
$("#nav_add_investigation").addClass("active");
{% if edit %}
var investigation_date = "{{metadata['date']}}";
{% else %}
var investigation_date = getTodayDate();
{% endif %}
$('#ivestigation-date-input').val(investigation_date);
$('#ivestigation-date-input').dateRangePicker({
autoClose: true,
singleDate : true,
showShortcuts: false,
startDate: false,
});
{% if edit %}
$('#threat_level').val({{metadata['threat_level']}});
$('#analysis').val({{metadata['analysis']}});
{% endif %}
});
function SubmitCreateInvestigation() {
var tags = ltags.getValue();
var tagsgalaxy = ltagsgalaxies.getValue();
$('#ltags').val(tags);
$('#ltagsgalaxies').val(tagsgalaxy);
return true;
}
function getTodayDate() {
var date = new Date();
var month = date.getMonth()+1;
var day = date.getDate();
return date.getFullYear() +'-'+ (month<10 ? '0' : '') + month +'-'+ (day<10 ? '0' : '') + day;
}
</script>

90
var/www/templates/investigations/investigations.html Normal file
View file

@ -0,0 +1,90 @@
<!DOCTYPE html>
<html>
<head>
<title>Investigations</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png')}}">
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/font-awesome.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.min.css') }}" rel="stylesheet">
<!-- JS -->
<script src="{{ url_for('static', filename='js/jquery.js')}}"></script>
<script src="{{ url_for('static', filename='js/bootstrap4.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/popper.min.js')}}"></script>
</head>
<body>
{% include 'nav_bar.html' %}
<div class="container-fluid">
<div class="row">
{% include 'sidebars/sidebar_objects.html' %}
<div class="col-12 col-lg-10" id="core_content">
<h3 class="mt-2 text-secondary">
<i class="fas fa-microscope"></i> Investigations:
</h3>
<table id="table_investigation" class="table table-striped border-primary">
<thead class="bg-dark text-white">
<tr>
<th>Name</th>
<th>Date</th>
<th>last modified</th>
<td>Info</td>
<th>Nb Objects</th>
</tr>
</thead>
<tbody style="font-size: 15px;">
{% for dict_investigation in investigations %}
<tr class="border-color: blue;">
<td>
<a href="{{ url_for('investigations_b.show_investigation') }}?uuid={{ dict_investigation['uuid'] }}">
{{ dict_investigation['info']}}
<div>
{% for tag in dict_investigation['tags'] %}
<span class="badge badge-{{ bootstrap_label[loop.index0 % 5] }} pull-left">{{ tag }}</span>
{% endfor %}
</div>
</a>
</td>
<td>{{ dict_investigation['date']}}</td>
<td>{{ dict_investigation['last_change']}}</td>
<td>{{ dict_investigation['info']}}</td>
<td>{{ dict_investigation['nb_objects']}}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</body>
<script>
$(document).ready(function(){
$('#nav_sync').removeClass("text-muted");
$("#navsync_queues").addClass("active");
$('#table_investigation').DataTable({
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10,
"order": [[ 2, "desc" ]]
});
});
</script>

178
var/www/templates/investigations/view_investigation.html Normal file
View file

@ -0,0 +1,178 @@
<!DOCTYPE html>
<html>
<head>
<title>AIL-Framework</title>
<link rel="icon" href="{{ url_for('static', filename='image/ail-icon.png')}}">
<!-- Core CSS -->
<link href="{{ url_for('static', filename='css/bootstrap4.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/font-awesome.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/dataTables.bootstrap.min.css') }}" rel="stylesheet">
<link href="{{ url_for('static', filename='css/ail-project.css') }}" rel="stylesheet">
<!-- JS -->
<script src="{{ url_for('static', filename='js/jquery.js')}}"></script>
<script src="{{ url_for('static', filename='js/bootstrap4.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/jquery.dataTables.min.js')}}"></script>
<script src="{{ url_for('static', filename='js/dataTables.bootstrap.min.js')}}"></script>
</head>
<body>
{% include 'nav_bar.html' %}
<div class="container-fluid">
<div class="row">
{% include 'sidebars/sidebar_objects.html' %}
<div class="col-12 col-lg-10" id="core_content">
<div class="card my-1">
<div class="card-header bg-dark text-white">
<h4 class="card-title">{{metadata['info']}}</h4>
</div>
<div class="card-body">
<div class="container-fluid">
<div class="row">
<div class="col-12 col-lg-6">
<table class="table table-hover">
<tr>
<th style="width:30%">UUID</th>
<td>{{metadata['uuid']}}</td>
</tr>
<tr>
<th>Creator</th>
<td>{{metadata['user_creator']}}</td>
</tr>
<tr>
<th>Tags</th>
<td>
{% for tag in metadata['tags'] %}
<span class="badge badge-{{ bootstrap_label[loop.index0 % 5] }} pull-left">{{ tag }}</span>
{% endfor %}
</td>
</tr>
<tr>
<th>Date</th>
<td>{{metadata['date']}}</td>
</tr>
<tr>
<th>Threat Level</th>
<td>{{metadata['threat_level']}}</td>
</tr>
<tr>
<th>Analysis</th>
<td>{{metadata['analysis']}}</td>
</tr>
<tr>
<th>Info</th>
<td>{{metadata['info']}}</td>
</tr>
<tr>
<th># Objects</th>
<td>{{metadata['nb_objects']}}</td>
</tr>
<tr>
<th>Timestamp</th>
<td>{{metadata['timestamp']}}</td>
</tr>
<tr>
<th>Last change</th>
<td>{{metadata['last_change']}}</td>
</tr>
</table>
</div>
<div class="col-12 col-lg-6">
<div class="my-4">
<a href="{{ url_for('investigations_b.delete_investigation') }}?uuid={{metadata['uuid']}}">
<button type="button" class="btn btn-danger">
<i class="fas fa-trash-alt"></i> <b>Delete</b>
</button>
</a>
<a href="{{ url_for('investigations_b.edit_investigation') }}?uuid={{metadata['uuid']}}">
<button type="button" class="btn btn-info">
<i class="fas fa-pencil-alt"></i> <b>Edit</b>
</button>
</a>
<a class="btn btn-outline-dark" target="_blank" href="{{ url_for('import_export.export_investigation')}}?uuid={{metadata['uuid']}}">
<img id="misp-logo" src="{{ url_for('static', filename='image/misp-logo.png')}}" height="25">
Export as Event
</a>
</div>
</div>
</div>
</div>
</div>
</div>
<h3>Objects</h3>
<table id="table_sync_queues" class="table table-striped border-primary">
<thead class="bg-dark text-white">
<tr>
<th>Type</th>
<th></th>
<th>Id</th>
<th>Tags</th>
<th></th>
</tr>
</thead>
<tbody style="font-size: 15px;">
{% for object in investigation_objs %}
<tr class="border-color: blue;">
<td>
{% with style=object['icon']['style'], icon=object['icon']['icon'] , color=object['icon']['color'] %}
{% include 'objects/obj_svg_block.html' %}
{% endwith %}
{{ object['type']}}
</td>
<td>
{% if object['subtype'] %}
{{ object['subtype']}}
{% endif %}
</td>
<td>{{ object['id']}}</td>
<td>
{% for tag in object['tags'] %}
<span class="badge badge-{{ bootstrap_label[loop.index0 % 5] }} pull-left">{{ tag }}</span>
{% endfor %}
</td>
<td class="text-right">
<a href="{{ url_for('investigations_b.unregister_investigation') }}?uuid={{ metadata['uuid']}}&type={{ object['type'] }}&subtype={{ object['subtype']}}&id={{ object['id']}}">
<button type="button" class="btn btn-danger"><i class="fas fa-trash-alt"></i></button>
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</body>
<script>
$(document).ready(function(){
$('#nav_sync').removeClass("text-muted");
$('#table_sync_queues').DataTable({
"aLengthMenu": [[5, 10, 15, -1], [5, 10, 15, "All"]],
"iDisplayLength": 10,
"order": [[ 0, "asc" ]]
});
});
</script>

62
var/www/templates/modals/investigations_register_obj.html Normal file
View file

@ -0,0 +1,62 @@
<link href="{{ url_for('static', filename='css/tags.css') }}" rel="stylesheet" type="text/css" />
<script src="{{ url_for('static', filename='js/tags.js') }}"></script>
<div id="investigations_register_obj_modal" class="modal fade" role="dialog">
<div class="modal-dialog modal-lg">
<div id="investigations_register_obj_content" class="modal-content">
<div class="modal-header" style="border-bottom: 4px solid #cccccc; background-color: #cccccc; color: #ffffff;">
<h4>Add to Investigations</h4>
</div>
<div class="modal-body">
<div class="input-group" >
<input id="linvestigations" type="text" class="form-control" autocomplete="off" style="width: 760px">
</div>
</div>
<div class="modal-footer">
<a class="btn btn-info" href="{{ url_for('investigations_b.add_investigation') }}" target="_blank">
<i class="fas fa-microscope"></i>
<span class="label-icon">Create Investigation </span>
</a>
<button class="btn btn-primary" onclick="Register_Obj()">
<i class="fas fa-plus"></i>
Add to Investigations
</button>
<button type="button" class="btn btn-outline-dark" data-dismiss="modal" >Close</button>
</div>
</div>
</div>
</div>
<script>
var linvestigations;
$('#investigations_register_obj_modal').on('shown.bs.modal', function () {
$.getJSON("{{ url_for('investigations_b.get_investigations_selector_json') }}",
function(data) {
console.log(data);
linvestigations = $('#linvestigations').tagSuggest({
data: data,
maxDropHeight: 200,
name: 'linvestigations',
emptyText: 'Select Investigations'
});
}
);
});
function Register_Obj() {
var uuids = linvestigations.getValue();
// TODO: REQUEST
window.location.replace("{{ url_for('investigations_b.register_investigation') }}?uuids=" + uuids + "&type={{ obj_type }}&subtype={{ obj_subtype }}&id={{ obj_id }}");
}
</script>

10
var/www/templates/objects/item/show_item.html
View file

@ -97,6 +97,16 @@
</button>
</a>
</div>
<div>
{% with obj_type='item', obj_id=dict_item['id'], obj_subtype=''%}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<div class="mr-2">
<button type="button" class="btn btn-lg btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>
<div class="mx-2">
{% with obj_type='item', obj_id=dict_item['id'], obj_lvl=0%}
{% include 'import_export/block_add_user_object_to_export.html' %}

6
var/www/templates/objects/obj_svg_block.html Normal file
View file

@ -0,0 +1,6 @@
<svg height="26" width="26">
<g class="nodes">
<circle cx="13" cy="13" r="13" fill="{{ color }}"></circle>
<text x="13" y="13" text-anchor="middle" dominant-baseline="central" class="object_node_icon {{ style }}">{{ icon }}</text>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 249 B

8
var/www/templates/settings/menu_sidebar.html
View file

@ -44,7 +44,13 @@
<span>Settings</span>
</h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100"> <!--nav-pills-->
<li class="nav-item">
<!-- <li class="nav-item">
<a class="nav-link" href="{{url_for('settings.ail_configs')}}" id="nav_ail_configs">
<img src="{{ url_for('static', filename='image/ail.png')}}" alt="AIL servers" style="width:25px;">
<span>AIL Configs</span>
</a>
</li> -->
<li class="nav-item">
<a class="nav-link" href="{{url_for('settings.passive_dns')}}" id="passive_dns">
<img src="{{ url_for('static', filename='image/d4-logo.png')}}" alt="D4 project" style="width:25px;">
<span>Passive DNS</span>

94
var/www/templates/sidebars/sidebar_objects.html Normal file
View file

@ -0,0 +1,94 @@
<div class="col-12 col-lg-2 p-0 bg-light border-right" id="side_menu">
<button type="button" class="btn btn-outline-secondary mt-1 ml-3" onclick="toggle_sidebar()">
<i class="fas fa-align-left"></i>
<span>Toggle Sidebar</span>
</button>
<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_investigation">
<h5 class="d-flex text-muted w-100">
<span>Investigations</span>
</h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
<li class="nav-item">
<a class="nav-link" href="{{url_for('investigations_b.investigations_dashboard')}}" id="nav_investigation_dashboard">
<i class="fas fa-microscope"></i>
<span>Investigations</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{{url_for('investigations_b.add_investigation')}}" id="nav_add_investigation">
<i class="fas fa-plus"></i>
<span>Add Investigation</span>
</a>
</li>
</ul>
<h5 class="d-flex text-muted w-100">
<span>Objects</span>
</h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
<li class="nav-item">
<a class="nav-link" href="{{url_for('hashDecoded.hashDecoded_page')}}" id="nav_dashboard">
<i class="fas fa-lock-open"></i>
<span>Decoded</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{{url_for('hashDecoded.pgpdump_page')}}" id="nav_dashboard_pgpdump">
<i class="fas fa-key"></i>
<span>PGP Dumps</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{{url_for('hashDecoded.cryptocurrency_page')}}" id="nav_dashboard_cryptocurrency">
<i class="fas fa-coins"></i>
<span>Cryptocurrency</span>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{{url_for('hashDecoded.username_page')}}" id="nav_dashboard_username">
<i class="fas fa-user"></i>
<span>Username</span>
</a>
</li>
</ul>
<h5 class="d-flex text-muted w-100">
<span>
<img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP" style="width:80px;">
Format
</span>
</h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100">
<li class="nav-item">
<a class="nav-link" href="{{url_for('import_export.import_object')}}" id="nav_misp_import">
<b>Import</b>
</a>
</li>
<li class="nav-item">
<a class="nav-link" href="{{url_for('import_export.export_object')}}" id="nav_misp_export">
<b>Export</b>
</a>
</li>
</ul>
</nav>
</div>
<script>
function toggle_sidebar(){
if($('#nav_menu').is(':visible')){
$('#nav_menu').hide();
$('#side_menu').removeClass('border-right')
$('#side_menu').removeClass('col-lg-2')
$('#core_content').removeClass('col-lg-10')
}else{
$('#nav_menu').show();
$('#side_menu').addClass('border-right')
$('#side_menu').addClass('col-lg-2')
$('#core_content').addClass('col-lg-10')
}
}
</script>