fix: [exporter] thehive exporter, create case

bin/export/Export.py

@@ -28,20 +28,6 @@ import thehive4py.exceptions
 
 from pymisp import MISPEvent, MISPObject, PyMISP
 
-##################################
-#           THE HIVE
-##################################
-
-# TODO
-def get_item_hive_cases(item_id):
-    hive_case = r_serv_metadata.get('hive_cases:{}'.format(item_id))
-    if hive_case:
-        hive_case = the_hive_url + '/index.html#/case/{}/details'.format(hive_case)
-    return hive_case
-
-
-
-
 ###########################################################
 # # set default
 # if r_serv_db.get('hive:auto-alerts') is None:

bin/lib/Tag.py

@@ -538,6 +538,7 @@ def get_tag_first_seen(tag, object_type=None, r_int=False):
         else:
             first_seen = 99999999
     return first_seen
+
     # # TODO: LATER ADD object metadata
     # if not object_type:
     #     r_tags.hget(f'tag_metadata:{tag}', 'first_seen')
@@ -1147,33 +1148,68 @@ def get_enabled_tags_with_synonyms_ui():
 ###################################################################################
 ###################################################################################
 
+
+# TODO FORBID Collision CUSTOM TAG or force custom:tag
+
 # TYPE -> taxonomy/galaxy/custom
 
 class Tag:
 
-    def __int__(self, t_type, t_id, obj='item'):
-        self.type = t_type
-        self.id = t_id
-        self.obj = obj
+    def __int__(self, name: str, local=False):  # TODO Get first seen by object, obj='item
+        self.name = name
+        self.local = local
 
-    def get_first_seen(self):
-        pass
+    def is_local(self):
+        return self.local
 
-    def get_last_seen(self):
-        pass
+    # TODO custom / local
+    def get_type(self):
+        if self.name.startswith('misp-galaxy:'):
+            return 'galaxy'
+        else:
+            return 'taxonomy'
+
+
+
+    def get_first_seen(self, r_int=False):
+        first_seen = r_tags.hget(f'meta:tag:{self.name}', 'first_seen')
+        if r_int:
+            if first_seen:
+                first_seen = int(first_seen)
+            else:
+                first_seen = 99999999
+        return first_seen
+
+    def get_last_seen(self, r_int=False):
+        last_seen = r_tags.hget(f'meta:tag:{self.name}', 'last_seen')  # 'last_seen:object' -> only if date or daterange
+        if r_int:
+            if last_seen:
+                last_seen = int(last_seen)
+            else:
+                last_seen = 0
+        return last_seen
 
     def get_color(self):
-        pass
+        color = r_tags.hget(f'meta:tag:{self.name}', 'color')
+        if not color:
+            return '#ffffff'
+
+    def set_color(self, color):
+        r_tags.hget(f'meta:tag:{self.name}', 'color', color)
 
     def is_enabled(self):
-        pass
+        return r_tags.sismember(f'tags:enabled', self.name)
 
+    def get_synonyms(self):
+        return r_tags.smembers(f'synonyms:tag:{self.name}')
+
+    # color
     def get_meta(self):
         meta = {'first_seen': self.get_first_seen(),
                 'last_seen': self.get_last_seen(),
-                'obj': self.obj,
-                'tag': self.id,
-                'type': self.type}
+                'tag': self.name,
+                'local': self.is_local()}
+        return meta
 
 
 ###################################################################################

var/www/blueprints/import_export.py

@@ -22,12 +22,13 @@ sys.path.append(os.environ['AIL_BIN'])
 # Import Project packages
 ##################################
 from exporter import MISPExporter
+from exporter import TheHiveExporter
 from lib.objects import ail_objects
 from lib.Investigations import Investigation
 
 # TODO REMOVE ME
-from export import Export  # TODO REMOVE ME
 from export import MispImport  # TODO REMOVE ME
+
 # TODO REMOVE ME
 
 # ============ BLUEPRINT ============
@@ -38,6 +39,9 @@ import_export = Blueprint('import_export', __name__,
 misp_exporter_objects = MISPExporter.MISPExporterAILObjects()
 misp_exporter_investigation = MISPExporter.MISPExporterInvestigation()
 
+thehive_exporter_item = TheHiveExporter.TheHiveExporterItem()
+
+
 # ============ FUNCTIONS ============
 
 
@@ -205,7 +209,7 @@ def export_investigation():
     if not investigation.exists():
         abort(404)
     if misp_exporter_objects.ping_misp():
-        event = misp_exporter_objects.export({'type': 'investigation', 'data': {'investigation': investigation}})
+        event = misp_exporter_investigation.export(investigation)
         print(event)
     else:
         return Response(json.dumps({"error": "Can't reach MISP Instance"}, indent=2, sort_keys=True),
@@ -219,17 +223,17 @@ def export_investigation():
 def create_thehive_case():
     description = request.form['hive_description']
     title = request.form['hive_case_title']
-    threat_level = Export.sanitize_threat_level_hive(request.form['threat_level_hive'])
-    tlp = Export.sanitize_tlp_hive(request.form['hive_tlp'])
+    threat_level = request.form['threat_level_hive']
+    tlp = request.form['hive_tlp']
     item_id = request.form['obj_id']
 
     item = ail_objects.get_object('item', '', item_id)
     if not item.exists():
         abort(404)
 
-    case_id = Export.create_thehive_case(item_id, title=title, tlp=tlp, threat_level=threat_level,
-                                         description=description)
+    case_id = thehive_exporter_item.export(item.get_id(), description=description, title=title,
+                                           threat_level=threat_level, tlp=tlp)
     if case_id:
-        return redirect(Export.get_case_url(case_id))
+        return redirect(thehive_exporter_item.get_case_url(case_id))
     else:
         return 'error'