fix: [Investigation] fix MISP Export + UI sidebar

pull/586/head
Terrtia 2022-03-11 09:29:48 +01:00
parent 0b426f2cfd
commit 1d9fba49e8
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
7 changed files with 64 additions and 24 deletions

View File

@ -425,16 +425,17 @@ def create_investigation_event(investigation_uuid):
event = MISPEvent() event = MISPEvent()
event.info = investigation.get_info() event.info = investigation.get_info()
event.uuid = investigation.get_uuid() event.uuid = investigation.get_uuid(separator=True)
event.date = investigation.get_date() event.date = investigation.get_date()
event.analysis = investigation.get_analysis() event.analysis = investigation.get_analysis()
event.threat_level_id = investigation.get_threat_level() event.threat_level_id = investigation.get_threat_level()
taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags()) event.distribution = 0
event.Tag = taxonomies_tags
event.Galaxy = galaxies_tags
#event.add_galaxy(galaxies_tags)
# tags
for tag in investigation.get_tags():
event.add_tag(tag)
# objects
investigation_objs = investigation.get_objects() investigation_objs = investigation.get_objects()
for obj in investigation_objs: for obj in investigation_objs:
# if subtype -> obj_id = 'subtype:type' # if subtype -> obj_id = 'subtype:type'
@ -446,18 +447,25 @@ def create_investigation_event(investigation_uuid):
if misp_obj: if misp_obj:
event.add_object(misp_obj) event.add_object(misp_obj)
#taxonomies_tags, galaxies_tags = Tag.sort_tags_taxonomies_galaxies(investigation.get_tags())
#event.Tag = taxonomies_tags
#event.Galaxy = galaxies_tags
#print(galaxies_tags)
#event.add_galaxy(galaxies_tags)
# if publish: # if publish:
# event.publish() # event.publish()
# res = event.to_json() # res = event.to_json()
# print(event.to_json())
# print(event.to_json())
misp = PyMISP(misp_url, misp_key, misp_verifycert) misp = PyMISP(misp_url, misp_key, misp_verifycert)
misp_event = misp.add_event(event) misp_event = misp.add_event(event)
# print(misp_event) #print(misp_event)
# # TODO: handle error # # TODO: handle error
event_metadata = extract_event_metadata(misp_event) event_metadata = extract_event_metadata(misp_event)
print(event_metadata)
return event_metadata return event_metadata
# if __name__ == '__main__': # if __name__ == '__main__':

View File

@ -92,8 +92,12 @@ class Investigation(object):
def __init__(self, investigation_uuid): def __init__(self, investigation_uuid):
self.uuid = investigation_uuid self.uuid = investigation_uuid
def get_uuid(self): def get_uuid(self, separator=False):
return self.uuid if separator:
res = str(uuid.uuid4())
return uuid.UUID(hex=res, version=4)
else:
return self.uuid
# # TODO: Replace by title ?????? # # TODO: Replace by title ??????
def get_name(self): def get_name(self):

View File

@ -261,6 +261,11 @@ def get_item_all_trackers_uuid(obj_id):
#obj_type = 'item' #obj_type = 'item'
return r_serv_tracker.smembers(f'obj:trackers:item:{obj_id}') return r_serv_tracker.smembers(f'obj:trackers:item:{obj_id}')
def is_obj_tracked(obj_type, subtype, id):
return r_serv_tracker.exists(f'obj:trackers:{obj_type}:{obj_id}')
def get_obj_all_trackers(obj_type, subtype, id):
return r_serv_tracker.smembers(f'obj:trackers:{obj_type}:{obj_id}')
def get_email_subject(tracker_uuid): def get_email_subject(tracker_uuid):
tracker_description = get_tracker_description(tracker_uuid) tracker_description = get_tracker_description(tracker_uuid)

View File

@ -18,6 +18,7 @@ sys.path.append(os.environ['AIL_BIN'])
################################## ##################################
from packages import Tag from packages import Tag
from lib.Investigations import is_object_investigated, get_obj_investigations from lib.Investigations import is_object_investigated, get_obj_investigations
from lib.Tracker import is_obj_tracked, get_obj_all_trackers
# # TODO: ADD CORRELATION ENGINE # # TODO: ADD CORRELATION ENGINE
@ -91,6 +92,16 @@ class AbstractObject(ABC):
return investigations return investigations
#- Investigations -# #- Investigations -#
## Trackers ##
def is_tracked(self):
return is_obj_tracked(self.type, self.subtype, self.id)
def get_trackers(self):
return get_obj_all_trackers(self.type, self.subtype, self.id)
#- Investigations -#
def _delete(self): def _delete(self):
# DELETE TAGS # DELETE TAGS
Tag.delete_obj_all_tags(self.id, self.type) Tag.delete_obj_all_tags(self.id, self.type)

View File

@ -87,7 +87,7 @@
<div class="container-fluid"> <div class="container-fluid">
<div class="row"> <div class="row">
{% include 'decoded/menu_sidebar.html' %} {% include 'sidebars/sidebar_objects.html' %}
<div class="col-12 col-lg-10" id="core_content"> <div class="col-12 col-lg-10" id="core_content">

View File

@ -131,18 +131,30 @@
</tbody> </tbody>
</table> </table>
{% if 'correlation_nb' in dict_domain %} <div class="d-flex flex-row-reverse bd-highlight mt-2">
{% if dict_domain["correlation_nb"] > 0 %} {% if 'correlation_nb' in dict_domain %}
<hr> {% if dict_domain["correlation_nb"] > 0 %}
<div class="mt-2"> <hr>
<a href="{{ url_for('correlation.show_correlation')}}?object_type=domain&correlation_id={{ dict_domain['domain'] }}&correlation_objects=domain" target="_blank" style="font-size: 15px"> <div>
<button class="btn btn-info"><i class="fas fa-search"></i> Show Domain Correlations &nbsp; <a href="{{ url_for('correlation.show_correlation')}}?object_type=domain&correlation_id={{ dict_domain['domain'] }}&correlation_objects=domain" target="_blank" style="font-size: 15px">
<div class="badge badge-warning">{{dict_domain['correlation_nb']}}</div> <button class="btn btn-info"><i class="fas fa-search"></i> Show Domain Correlations &nbsp;
</button> <div class="badge badge-warning">{{dict_domain['correlation_nb']}}</div>
</a> </button>
</div> </a>
</div>
{%endif%}
{%endif%} {%endif%}
{%endif%}
{% with obj_type='domain', obj_id=dict_domain['domain'], obj_subtype=''%}
{% include 'modals/investigations_register_obj.html' %}
{% endwith %}
<div class="mr-2">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#investigations_register_obj_modal">
<i class="fas fa-microscope"></i> Investigations
</button>
</div>
</div>
<div class="mt-2"> <div class="mt-2">
{% with obj_type='domain', obj_id=dict_domain['domain'], obj_lvl=0%} {% with obj_type='domain', obj_id=dict_domain['domain'], obj_lvl=0%}

View File

@ -5,11 +5,11 @@
<span>Toggle Sidebar</span> <span>Toggle Sidebar</span>
</button> </button>
<nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_investigation"> <nav class="navbar navbar-expand navbar-light bg-light flex-md-column flex-row align-items-start py-2" id="nav_menu">
<h5 class="d-flex text-muted w-100"> <h5 class="d-flex text-muted w-100">
<span>Investigations</span> <span>Investigations</span>
</h5> </h5>
<ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4"> <ul class="nav flex-md-column flex-row navbar-nav justify-content-between w-100 mb-4">
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="{{url_for('investigations_b.investigations_dashboard')}}" id="nav_investigation_dashboard"> <a class="nav-link" href="{{url_for('investigations_b.investigations_dashboard')}}" id="nav_investigation_dashboard">
<i class="fas fa-microscope"></i> <i class="fas fa-microscope"></i>
@ -24,7 +24,6 @@
</li> </li>
</ul> </ul>
<h5 class="d-flex text-muted w-100"> <h5 class="d-flex text-muted w-100">
<span>Objects</span> <span>Objects</span>
</h5> </h5>
@ -56,6 +55,7 @@
</ul> </ul>
<h5 class="d-flex text-muted w-100"> <h5 class="d-flex text-muted w-100">
<span> <span>
<img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP" style="width:80px;"> <img src="{{ url_for('static', filename='image/misp-logo.png')}}" alt="MISP" style="width:80px;">