Compare commits
2 commits
34a1242ed9
...
f0d079ea32
| Author | SHA1 | Date | |
|---|---|---|---|
|
f0d079ea32 | ||
|
|
9b0cb51643 |
5 changed files with 17 additions and 16 deletions
12
exercise.py
12
exercise.py
|
|
@ -10,7 +10,7 @@ from typing import Union
|
|||
import jq
|
||||
|
||||
import db
|
||||
from inject_evaluator import eval_data_filtering, eval_query_comparison
|
||||
from inject_evaluator import eval_data_filtering, eval_query_mirror
|
||||
import misp_api
|
||||
import config
|
||||
from config import logger
|
||||
|
|
@ -352,10 +352,10 @@ def inject_checker_router(user_id: int, inject_evaluation: dict, data: dict, con
|
|||
|
||||
if inject_evaluation['evaluation_strategy'] == 'data_filtering':
|
||||
return eval_data_filtering(user_id, inject_evaluation, data_to_validate)
|
||||
elif inject_evaluation['evaluation_strategy'] == 'query_comparison':
|
||||
elif inject_evaluation['evaluation_strategy'] == 'query_mirror':
|
||||
expected_data = data_to_validate['expected_data']
|
||||
data_to_validate = data_to_validate['data_to_validate']
|
||||
return eval_query_comparison(user_id, expected_data, data_to_validate)
|
||||
return eval_query_mirror(user_id, expected_data, data_to_validate)
|
||||
return False
|
||||
|
||||
|
||||
|
|
@ -364,9 +364,9 @@ def get_data_to_validate(user_id: int, inject_evaluation: dict, data: dict) -> U
|
|||
if inject_evaluation['evaluation_strategy'] == 'data_filtering':
|
||||
event_id = parse_event_id_from_log(data)
|
||||
data_to_validate = fetch_data_for_data_filtering(event_id=event_id)
|
||||
elif inject_evaluation['evaluation_strategy'] == 'query_comparison':
|
||||
elif inject_evaluation['evaluation_strategy'] == 'query_mirror':
|
||||
perfomed_query = parse_performed_query_from_log(data)
|
||||
data_to_validate = fetch_data_for_query_comparison(user_id, inject_evaluation, perfomed_query)
|
||||
data_to_validate = fetch_data_for_query_mirror(user_id, inject_evaluation, perfomed_query)
|
||||
return data_to_validate
|
||||
|
||||
|
||||
|
|
@ -419,7 +419,7 @@ def fetch_data_for_data_filtering(event_id=None) -> Union[None, dict]:
|
|||
return data
|
||||
|
||||
|
||||
def fetch_data_for_query_comparison(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]:
|
||||
def fetch_data_for_query_mirror(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]:
|
||||
data = None
|
||||
authkey = db.USER_ID_TO_AUTHKEY_MAPPING[user_id]
|
||||
if perfomed_query is not None:
|
||||
|
|
|
|||
|
|
@ -119,7 +119,7 @@
|
|||
}
|
||||
],
|
||||
"result": "Published 48h retreived",
|
||||
"evaluation_strategy": "query_comparison",
|
||||
"evaluation_strategy": "query_mirror",
|
||||
"evaluation_context": {
|
||||
"request_is_rest": true,
|
||||
"query_context": {
|
||||
|
|
@ -134,7 +134,7 @@
|
|||
}
|
||||
],
|
||||
"name": "Get Published in the past 48h",
|
||||
"target_tool": "MISP-query",
|
||||
"target_tool": "MISP",
|
||||
"uuid": "e2216993-6192-4e7c-ae30-97cfe9de61b4"
|
||||
},
|
||||
{
|
||||
|
|
@ -150,7 +150,7 @@
|
|||
}
|
||||
],
|
||||
"result": "IP CSV retrieved",
|
||||
"evaluation_strategy": "query_comparison",
|
||||
"evaluation_strategy": "query_mirror",
|
||||
"evaluation_context": {
|
||||
"request_is_rest": true,
|
||||
"query_context": {
|
||||
|
|
@ -165,7 +165,7 @@
|
|||
}
|
||||
],
|
||||
"name": "IP IoCs changed in the past 48h in CSV",
|
||||
"target_tool": "MISP-query",
|
||||
"target_tool": "MISP",
|
||||
"uuid": "caf68c86-65ed-4df3-99b8-7e346fa498ba"
|
||||
},
|
||||
{
|
||||
|
|
@ -180,7 +180,7 @@
|
|||
}
|
||||
],
|
||||
"result": "20 Attribute tagged retrieved",
|
||||
"evaluation_strategy": "query_comparison",
|
||||
"evaluation_strategy": "query_mirror",
|
||||
"evaluation_context": {
|
||||
"request_is_rest": true,
|
||||
"query_context": {
|
||||
|
|
@ -195,7 +195,7 @@
|
|||
}
|
||||
],
|
||||
"name": "First 20 Attribute with TLP lower than `amber`",
|
||||
"target_tool": "MISP-query",
|
||||
"target_tool": "MISP",
|
||||
"uuid": "3e96fb13-4aba-448c-8d79-efb93392cc88"
|
||||
},
|
||||
{
|
||||
|
|
@ -209,7 +209,7 @@
|
|||
}
|
||||
],
|
||||
"result": "Phising counted",
|
||||
"evaluation_strategy": "query_comparison",
|
||||
"evaluation_strategy": "query_mirror",
|
||||
"evaluation_context": {
|
||||
"request_is_rest": true,
|
||||
"query_context": {
|
||||
|
|
@ -224,7 +224,7 @@
|
|||
}
|
||||
],
|
||||
"name": "Event count with `Phishing - T1566` involved",
|
||||
"target_tool": "MISP-query",
|
||||
"target_tool": "MISP",
|
||||
"uuid": "1da0fdc8-9d0d-4618-a811-66491e196833"
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -219,6 +219,7 @@
|
|||
}
|
||||
],
|
||||
"name": "Event Creation",
|
||||
"description": "Create an Event containing `ransomware`",
|
||||
"target_tool": "MISP",
|
||||
"uuid": "8e8dbda2-0f5e-4101-83ff-63c1ddda2cae"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -145,5 +145,5 @@ def eval_data_filtering(user_id: int, inject_evaluation: dict, data: dict) -> bo
|
|||
## Query comparison
|
||||
##
|
||||
|
||||
def eval_query_comparison(user_id: int, expected_data, data_to_validate) -> bool:
|
||||
def eval_query_mirror(user_id: int, expected_data, data_to_validate) -> bool:
|
||||
return expected_data == data_to_validate
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ onMounted(() => {
|
|||
|
||||
<template>
|
||||
<main>
|
||||
<h1 class="text-2xl text-center text-slate-500 dark:text-slate-400 absolute top-1 left-1">MISP Exercise Dashboard</h1>
|
||||
<h1 class="text-2xl text-center text-slate-500 dark:text-slate-400 absolute top-1 left-1">Exercise Dashboard</h1>
|
||||
<div class="absolute top-1 right-1">
|
||||
<div class="flex gap-2">
|
||||
<TheThemeButton></TheThemeButton>
|
||||
|
|
|
|||
Loading…
Reference in a new issue