Compare commits
2 commits
34a1242ed9
...
f0d079ea32
| Author | SHA1 | Date | |
|---|---|---|---|
|
f0d079ea32 | ||
|
|
9b0cb51643 |
5 changed files with 17 additions and 16 deletions
12
exercise.py
12
exercise.py
|
|
@ -10,7 +10,7 @@ from typing import Union
|
||||||
import jq
|
import jq
|
||||||
|
|
||||||
import db
|
import db
|
||||||
from inject_evaluator import eval_data_filtering, eval_query_comparison
|
from inject_evaluator import eval_data_filtering, eval_query_mirror
|
||||||
import misp_api
|
import misp_api
|
||||||
import config
|
import config
|
||||||
from config import logger
|
from config import logger
|
||||||
|
|
@ -352,10 +352,10 @@ def inject_checker_router(user_id: int, inject_evaluation: dict, data: dict, con
|
||||||
|
|
||||||
if inject_evaluation['evaluation_strategy'] == 'data_filtering':
|
if inject_evaluation['evaluation_strategy'] == 'data_filtering':
|
||||||
return eval_data_filtering(user_id, inject_evaluation, data_to_validate)
|
return eval_data_filtering(user_id, inject_evaluation, data_to_validate)
|
||||||
elif inject_evaluation['evaluation_strategy'] == 'query_comparison':
|
elif inject_evaluation['evaluation_strategy'] == 'query_mirror':
|
||||||
expected_data = data_to_validate['expected_data']
|
expected_data = data_to_validate['expected_data']
|
||||||
data_to_validate = data_to_validate['data_to_validate']
|
data_to_validate = data_to_validate['data_to_validate']
|
||||||
return eval_query_comparison(user_id, expected_data, data_to_validate)
|
return eval_query_mirror(user_id, expected_data, data_to_validate)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -364,9 +364,9 @@ def get_data_to_validate(user_id: int, inject_evaluation: dict, data: dict) -> U
|
||||||
if inject_evaluation['evaluation_strategy'] == 'data_filtering':
|
if inject_evaluation['evaluation_strategy'] == 'data_filtering':
|
||||||
event_id = parse_event_id_from_log(data)
|
event_id = parse_event_id_from_log(data)
|
||||||
data_to_validate = fetch_data_for_data_filtering(event_id=event_id)
|
data_to_validate = fetch_data_for_data_filtering(event_id=event_id)
|
||||||
elif inject_evaluation['evaluation_strategy'] == 'query_comparison':
|
elif inject_evaluation['evaluation_strategy'] == 'query_mirror':
|
||||||
perfomed_query = parse_performed_query_from_log(data)
|
perfomed_query = parse_performed_query_from_log(data)
|
||||||
data_to_validate = fetch_data_for_query_comparison(user_id, inject_evaluation, perfomed_query)
|
data_to_validate = fetch_data_for_query_mirror(user_id, inject_evaluation, perfomed_query)
|
||||||
return data_to_validate
|
return data_to_validate
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -419,7 +419,7 @@ def fetch_data_for_data_filtering(event_id=None) -> Union[None, dict]:
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
||||||
def fetch_data_for_query_comparison(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]:
|
def fetch_data_for_query_mirror(user_id: int, inject_evaluation: dict, perfomed_query: dict) -> Union[None, dict]:
|
||||||
data = None
|
data = None
|
||||||
authkey = db.USER_ID_TO_AUTHKEY_MAPPING[user_id]
|
authkey = db.USER_ID_TO_AUTHKEY_MAPPING[user_id]
|
||||||
if perfomed_query is not None:
|
if perfomed_query is not None:
|
||||||
|
|
|
||||||
|
|
@ -119,7 +119,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"result": "Published 48h retreived",
|
"result": "Published 48h retreived",
|
||||||
"evaluation_strategy": "query_comparison",
|
"evaluation_strategy": "query_mirror",
|
||||||
"evaluation_context": {
|
"evaluation_context": {
|
||||||
"request_is_rest": true,
|
"request_is_rest": true,
|
||||||
"query_context": {
|
"query_context": {
|
||||||
|
|
@ -134,7 +134,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "Get Published in the past 48h",
|
"name": "Get Published in the past 48h",
|
||||||
"target_tool": "MISP-query",
|
"target_tool": "MISP",
|
||||||
"uuid": "e2216993-6192-4e7c-ae30-97cfe9de61b4"
|
"uuid": "e2216993-6192-4e7c-ae30-97cfe9de61b4"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -150,7 +150,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"result": "IP CSV retrieved",
|
"result": "IP CSV retrieved",
|
||||||
"evaluation_strategy": "query_comparison",
|
"evaluation_strategy": "query_mirror",
|
||||||
"evaluation_context": {
|
"evaluation_context": {
|
||||||
"request_is_rest": true,
|
"request_is_rest": true,
|
||||||
"query_context": {
|
"query_context": {
|
||||||
|
|
@ -165,7 +165,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "IP IoCs changed in the past 48h in CSV",
|
"name": "IP IoCs changed in the past 48h in CSV",
|
||||||
"target_tool": "MISP-query",
|
"target_tool": "MISP",
|
||||||
"uuid": "caf68c86-65ed-4df3-99b8-7e346fa498ba"
|
"uuid": "caf68c86-65ed-4df3-99b8-7e346fa498ba"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -180,7 +180,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"result": "20 Attribute tagged retrieved",
|
"result": "20 Attribute tagged retrieved",
|
||||||
"evaluation_strategy": "query_comparison",
|
"evaluation_strategy": "query_mirror",
|
||||||
"evaluation_context": {
|
"evaluation_context": {
|
||||||
"request_is_rest": true,
|
"request_is_rest": true,
|
||||||
"query_context": {
|
"query_context": {
|
||||||
|
|
@ -195,7 +195,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "First 20 Attribute with TLP lower than `amber`",
|
"name": "First 20 Attribute with TLP lower than `amber`",
|
||||||
"target_tool": "MISP-query",
|
"target_tool": "MISP",
|
||||||
"uuid": "3e96fb13-4aba-448c-8d79-efb93392cc88"
|
"uuid": "3e96fb13-4aba-448c-8d79-efb93392cc88"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -209,7 +209,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"result": "Phising counted",
|
"result": "Phising counted",
|
||||||
"evaluation_strategy": "query_comparison",
|
"evaluation_strategy": "query_mirror",
|
||||||
"evaluation_context": {
|
"evaluation_context": {
|
||||||
"request_is_rest": true,
|
"request_is_rest": true,
|
||||||
"query_context": {
|
"query_context": {
|
||||||
|
|
@ -224,7 +224,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "Event count with `Phishing - T1566` involved",
|
"name": "Event count with `Phishing - T1566` involved",
|
||||||
"target_tool": "MISP-query",
|
"target_tool": "MISP",
|
||||||
"uuid": "1da0fdc8-9d0d-4618-a811-66491e196833"
|
"uuid": "1da0fdc8-9d0d-4618-a811-66491e196833"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -219,6 +219,7 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"name": "Event Creation",
|
"name": "Event Creation",
|
||||||
|
"description": "Create an Event containing `ransomware`",
|
||||||
"target_tool": "MISP",
|
"target_tool": "MISP",
|
||||||
"uuid": "8e8dbda2-0f5e-4101-83ff-63c1ddda2cae"
|
"uuid": "8e8dbda2-0f5e-4101-83ff-63c1ddda2cae"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -145,5 +145,5 @@ def eval_data_filtering(user_id: int, inject_evaluation: dict, data: dict) -> bo
|
||||||
## Query comparison
|
## Query comparison
|
||||||
##
|
##
|
||||||
|
|
||||||
def eval_query_comparison(user_id: int, expected_data, data_to_validate) -> bool:
|
def eval_query_mirror(user_id: int, expected_data, data_to_validate) -> bool:
|
||||||
return expected_data == data_to_validate
|
return expected_data == data_to_validate
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ onMounted(() => {
|
||||||
|
|
||||||
<template>
|
<template>
|
||||||
<main>
|
<main>
|
||||||
<h1 class="text-2xl text-center text-slate-500 dark:text-slate-400 absolute top-1 left-1">MISP Exercise Dashboard</h1>
|
<h1 class="text-2xl text-center text-slate-500 dark:text-slate-400 absolute top-1 left-1">Exercise Dashboard</h1>
|
||||||
<div class="absolute top-1 right-1">
|
<div class="absolute top-1 right-1">
|
||||||
<div class="flex gap-2">
|
<div class="flex gap-2">
|
||||||
<TheThemeButton></TheThemeButton>
|
<TheThemeButton></TheThemeButton>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue