MISP/SkillAegis
MISP/SkillAegis
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chg: [app] Renamed query-comparison with query-mirror

Browse source
This commit is contained in:
Sami Mokaddem 2024-07-04 08:46:08 +02:00
parent 9b0cb51643
commit f0d079ea32
4 changed files with 16 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
exercise.py
View file

@ -10,7 +10,7 @@ from typing import Union
import jq import jq
import db import db
from inject_evaluator import eval_data_filtering, eval_query_comparison from inject_evaluator import eval_data_filtering, eval_query_mirror
import misp_api import misp_api
import config import config
from config import logger from config import logger
@ -352,10 +352,10 @@ def inject_checker_router(user_id: int, inject_evaluation: dict, data: dict, con
if inject_evaluation['evaluation_strategy'] == 'data_filtering': if inject_evaluation['evaluation_strategy'] == 'data_filtering':
return eval_data_filtering(user_id, inject_evaluation, data_to_validate) return eval_data_filtering(user_id, inject_evaluation, data_to_validate)
elif inject_evaluation['evaluation_strategy'] == 'query_comparison': elif inject_evaluation['evaluation_strategy'] == 'query_mirror':
expected_data = data_to_validate['expected_data'] expected_data = data_to_validate['expected_data']
data_to_validate = data_to_validate['data_to_validate'] data_to_validate = data_to_validate['data_to_validate']
return eval_query_comparison(user_id, expected_data, data_to_validate) return eval_query_mirror(user_id, expected_data, data_to_validate)
return False return False
@ -364,9 +364,9 @@ def get_data_to_validate(user_id: int, inject_evaluation: dict, data: dict) -> U
if inject_evaluation['evaluation_strategy'] == 'data_filtering': if inject_evaluation['evaluation_strategy'] == 'data_filtering':
event_id = parse_event_id_from_log(data) event_id = parse_event_id_from_log(data)
data_to_validate = fetch_data_for_data_filtering(event_id=event_id) data_to_validate = fetch_data_for_data_filtering(event_id=event_id)
elif inject_evaluation['evaluation_strategy'] == 'query_comparison': elif inject_evaluation['evaluation_strategy'] == 'query_mirror':
perfomed_query = parse_performed_query_from_log(data) perfomed_query = parse_performed_query_from_log(data)
data_to_validate = fetch_data_for_query_comparison(user_id, inject_evaluation, perfomed_query) data_to_validate = fetch_data_for_query_mirror(user_id, inject_evaluation, perfomed_query)
return data_to_validate return data_to_validate
@ -419,7 +419,7 @@ def fetch_data_for_data_filtering(event_id=None) -> Union[None, dict]:
return data return data
def fetch_data_for_query_comparison(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]: def fetch_data_for_query_mirror(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]:
data = None data = None
authkey = db.USER_ID_TO_AUTHKEY_MAPPING[user_id] authkey = db.USER_ID_TO_AUTHKEY_MAPPING[user_id]
if perfomed_query is not None: if perfomed_query is not None:

16
exercises/basic-filtering.json
View file

@ -119,7 +119,7 @@
} }
], ],
"result": "Published 48h retreived", "result": "Published 48h retreived",
"evaluation_strategy": "query_comparison", "evaluation_strategy": "query_mirror",
"evaluation_context": { "evaluation_context": {
"request_is_rest": true, "request_is_rest": true,
"query_context": { "query_context": {
@ -134,7 +134,7 @@
} }
], ],
"name": "Get Published in the past 48h", "name": "Get Published in the past 48h",
"target_tool": "MISP-query", "target_tool": "MISP",
"uuid": "e2216993-6192-4e7c-ae30-97cfe9de61b4" "uuid": "e2216993-6192-4e7c-ae30-97cfe9de61b4"
}, },
{ {
@ -150,7 +150,7 @@
} }
], ],
"result": "IP CSV retrieved", "result": "IP CSV retrieved",
"evaluation_strategy": "query_comparison", "evaluation_strategy": "query_mirror",
"evaluation_context": { "evaluation_context": {
"request_is_rest": true, "request_is_rest": true,
"query_context": { "query_context": {
@ -165,7 +165,7 @@
} }
], ],
"name": "IP IoCs changed in the past 48h in CSV", "name": "IP IoCs changed in the past 48h in CSV",
"target_tool": "MISP-query", "target_tool": "MISP",
"uuid": "caf68c86-65ed-4df3-99b8-7e346fa498ba" "uuid": "caf68c86-65ed-4df3-99b8-7e346fa498ba"
}, },
{ {
@ -180,7 +180,7 @@
} }
], ],
"result": "20 Attribute tagged retrieved", "result": "20 Attribute tagged retrieved",
"evaluation_strategy": "query_comparison", "evaluation_strategy": "query_mirror",
"evaluation_context": { "evaluation_context": {
"request_is_rest": true, "request_is_rest": true,
"query_context": { "query_context": {
@ -195,7 +195,7 @@
} }
], ],
"name": "First 20 Attribute with TLP lower than `amber`", "name": "First 20 Attribute with TLP lower than `amber`",
"target_tool": "MISP-query", "target_tool": "MISP",
"uuid": "3e96fb13-4aba-448c-8d79-efb93392cc88" "uuid": "3e96fb13-4aba-448c-8d79-efb93392cc88"
}, },
{ {
@ -209,7 +209,7 @@
} }
], ],
"result": "Phising counted", "result": "Phising counted",
"evaluation_strategy": "query_comparison", "evaluation_strategy": "query_mirror",
"evaluation_context": { "evaluation_context": {
"request_is_rest": true, "request_is_rest": true,
"query_context": { "query_context": {
@ -224,7 +224,7 @@
} }
], ],
"name": "Event count with `Phishing - T1566` involved", "name": "Event count with `Phishing - T1566` involved",
"target_tool": "MISP-query", "target_tool": "MISP",
"uuid": "1da0fdc8-9d0d-4618-a811-66491e196833" "uuid": "1da0fdc8-9d0d-4618-a811-66491e196833"
} }
] ]

1
exercises/ransomware-encoding.json
View file

@ -219,6 +219,7 @@
} }
], ],
"name": "Event Creation", "name": "Event Creation",
"description": "Create an Event containing `ransomware`",
"target_tool": "MISP", "target_tool": "MISP",
"uuid": "8e8dbda2-0f5e-4101-83ff-63c1ddda2cae" "uuid": "8e8dbda2-0f5e-4101-83ff-63c1ddda2cae"
}, },

2
inject_evaluator.py
View file

@ -145,5 +145,5 @@ def eval_data_filtering(user_id: int, inject_evaluation: dict, data: dict) -> bo
## Query comparison ## Query comparison
## ##
def eval_query_comparison(user_id: int, expected_data, data_to_validate) -> bool: def eval_query_mirror(user_id: int, expected_data, data_to_validate) -> bool:
return expected_data == data_to_validate return expected_data == data_to_validate