mirror of https://github.com/CIRCL/AIL-framework
change default submit tag, event-path map, publish events
parent
aee1b50ef1
commit
704e6f0ad1
|
@ -167,14 +167,14 @@ if __name__ == "__main__":
|
||||||
if HiveApi != False:
|
if HiveApi != False:
|
||||||
if int(r_serv_db.get('hive:auto-alerts')) == 1:
|
if int(r_serv_db.get('hive:auto-alerts')) == 1:
|
||||||
whitelist_hive = r_serv_db.scard('whitelist_hive')
|
whitelist_hive = r_serv_db.scard('whitelist_hive')
|
||||||
if r_serv_db.scard('whitelist_hive') == 0 or r_serv_db.sismember('whitelist_hive', tag):
|
if r_serv_db.sismember('whitelist_hive', tag):
|
||||||
create_the_hive_alert(source, path, full_path, tag)
|
create_the_hive_alert(source, path, full_path, tag)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
print('hive, auto alerts creation disable')
|
print('hive, auto alerts creation disable')
|
||||||
if flag_misp:
|
if flag_misp:
|
||||||
if int(r_serv_db.get('misp:auto-events')) == 1:
|
if int(r_serv_db.get('misp:auto-events')) == 1:
|
||||||
if r_serv_db.scard('whitelist_misp') == 0 or r_serv_db.sismember('whitelist_misp', tag):
|
if r_serv_db.sismember('whitelist_misp', tag):
|
||||||
misp_wrapper.pushToMISP(uuid_ail, path, tag)
|
misp_wrapper.pushToMISP(uuid_ail, path, tag)
|
||||||
else:
|
else:
|
||||||
print('misp, auto events creation disable')
|
print('misp, auto events creation disable')
|
||||||
|
|
|
@ -121,7 +121,7 @@ class ObjectWrapper:
|
||||||
analysis, info, date,
|
analysis, info, date,
|
||||||
published, orgc_id, org_id, sharing_group_id)
|
published, orgc_id, org_id, sharing_group_id)
|
||||||
eventUuid = event['Event']['uuid']
|
eventUuid = event['Event']['uuid']
|
||||||
self.pymisp.tag(eventUuid, 'infoleak:source="unknown"')
|
self.pymisp.tag(eventUuid, 'infoleak:output-format="ail-daily"')
|
||||||
return event
|
return event
|
||||||
|
|
||||||
# Publish object to MISP
|
# Publish object to MISP
|
||||||
|
|
|
@ -133,7 +133,7 @@ def addTagsVerification(tags, tagsgalaxies):
|
||||||
def date_to_str(date):
|
def date_to_str(date):
|
||||||
return "{0}-{1}-{2}".format(date.year, date.month, date.day)
|
return "{0}-{1}-{2}".format(date.year, date.month, date.day)
|
||||||
|
|
||||||
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path):
|
def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path):
|
||||||
|
|
||||||
paste = Paste.Paste(path)
|
paste = Paste.Paste(path)
|
||||||
source = path.split('/')[-6:]
|
source = path.split('/')[-6:]
|
||||||
|
@ -165,7 +165,10 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
|
||||||
|
|
||||||
today = datetime.date.today()
|
today = datetime.date.today()
|
||||||
# [0-3]
|
# [0-3]
|
||||||
published = False
|
if publish == 'True':
|
||||||
|
published = True
|
||||||
|
else:
|
||||||
|
published = False
|
||||||
org_id = None
|
org_id = None
|
||||||
orgc_id = None
|
orgc_id = None
|
||||||
sharing_group_id = None
|
sharing_group_id = None
|
||||||
|
@ -176,6 +179,8 @@ def misp_create_event(distribution, threat_level_id, analysis, info, l_tags, pat
|
||||||
eventUuid = event['Event']['uuid']
|
eventUuid = event['Event']['uuid']
|
||||||
eventid = event['Event']['id']
|
eventid = event['Event']['id']
|
||||||
|
|
||||||
|
r_serv_metadata.set('misp_events:path', eventid)
|
||||||
|
|
||||||
# add tags
|
# add tags
|
||||||
for tag in l_tags:
|
for tag in l_tags:
|
||||||
pymisp.tag(eventUuid, tag)
|
pymisp.tag(eventUuid, tag)
|
||||||
|
@ -246,6 +251,8 @@ def hive_create_case(hive_tlp, threat_level, hive_description, hive_case_title,
|
||||||
if res.status_code != 201:
|
if res.status_code != 201:
|
||||||
print('ko: {}/{}'.format(res.status_code, res.text))
|
print('ko: {}/{}'.format(res.status_code, res.text))
|
||||||
|
|
||||||
|
r_serv_metadata.set('hive_cases:path', id)
|
||||||
|
|
||||||
return hive_case_url.replace('id_here', id)
|
return hive_case_url.replace('id_here', id)
|
||||||
else:
|
else:
|
||||||
print('ko: {}/{}'.format(response.status_code, response.text))
|
print('ko: {}/{}'.format(response.status_code, response.text))
|
||||||
|
@ -275,15 +282,17 @@ def submit():
|
||||||
ltagsgalaxies = request.form['tags_galaxies']
|
ltagsgalaxies = request.form['tags_galaxies']
|
||||||
paste_content = request.form['paste_content']
|
paste_content = request.form['paste_content']
|
||||||
|
|
||||||
|
submitted_tag = 'infoleak:submission="manual"'
|
||||||
|
|
||||||
if ltags or ltagsgalaxies:
|
if ltags or ltagsgalaxies:
|
||||||
if not addTagsVerification(ltags, ltagsgalaxies):
|
if not addTagsVerification(ltags, ltagsgalaxies):
|
||||||
return 'INVALID TAGS'
|
return 'INVALID TAGS'
|
||||||
|
|
||||||
# add submitted tags
|
# add submitted tags
|
||||||
if(ltags != ''):
|
if(ltags != ''):
|
||||||
ltags = ltags + ',submitted'
|
ltags = ltags + ',' + submitted_tag
|
||||||
else:
|
else:
|
||||||
ltags ='submitted'
|
ltags = submitted_tag
|
||||||
|
|
||||||
if 'file' in request.files:
|
if 'file' in request.files:
|
||||||
|
|
||||||
|
@ -420,12 +429,13 @@ def create_misp_event():
|
||||||
analysis = int(request.form['misp_data[Event][analysis]'])
|
analysis = int(request.form['misp_data[Event][analysis]'])
|
||||||
info = request.form['misp_data[Event][info]']
|
info = request.form['misp_data[Event][info]']
|
||||||
path = request.form['paste']
|
path = request.form['paste']
|
||||||
|
publish = request.form.get('misp_publish')
|
||||||
|
|
||||||
#verify input
|
#verify input
|
||||||
if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2):
|
if (0 <= distribution <= 3) and (1 <= threat_level_id <= 4) and (0 <= analysis <= 2):
|
||||||
|
|
||||||
l_tags = list(r_serv_metadata.smembers('tag:'+path))
|
l_tags = list(r_serv_metadata.smembers('tag:'+path))
|
||||||
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, path)
|
event = misp_create_event(distribution, threat_level_id, analysis, info, l_tags, publish, path)
|
||||||
|
|
||||||
if event != False:
|
if event != False:
|
||||||
return redirect(event)
|
return redirect(event)
|
||||||
|
@ -467,16 +477,12 @@ def edit_tag_export():
|
||||||
status_misp = []
|
status_misp = []
|
||||||
status_hive = []
|
status_hive = []
|
||||||
|
|
||||||
# empty whitelist
|
|
||||||
if whitelist_misp == 0:
|
for tag in list_export_tags:
|
||||||
for tag in list_export_tags:
|
if r_serv_db.sismember('whitelist_misp', tag):
|
||||||
status_misp.append(True)
|
status_misp.append(True)
|
||||||
else:
|
else:
|
||||||
for tag in list_export_tags:
|
status_misp.append(False)
|
||||||
if r_serv_db.sismember('whitelist_misp', tag):
|
|
||||||
status_misp.append(True)
|
|
||||||
else:
|
|
||||||
status_misp.append(False)
|
|
||||||
|
|
||||||
# empty whitelist
|
# empty whitelist
|
||||||
if whitelist_hive == 0:
|
if whitelist_hive == 0:
|
||||||
|
@ -497,12 +503,19 @@ def edit_tag_export():
|
||||||
hive_active = True
|
hive_active = True
|
||||||
else:
|
else:
|
||||||
hive_active = False
|
hive_active = False
|
||||||
|
|
||||||
|
nb_tags = str(r_serv_db.scard('list_export_tags'))
|
||||||
|
nb_tags_whitelist_misp = str(r_serv_db.scard('whitelist_misp')) + ' / ' + nb_tags
|
||||||
|
nb_tags_whitelist_hive = str(r_serv_db.scard('whitelist_hive')) + ' / ' + nb_tags
|
||||||
|
|
||||||
return render_template("edit_tag_export.html",
|
return render_template("edit_tag_export.html",
|
||||||
misp_active=misp_active,
|
misp_active=misp_active,
|
||||||
hive_active=hive_active,
|
hive_active=hive_active,
|
||||||
list_export_tags=list_export_tags,
|
list_export_tags=list_export_tags,
|
||||||
status_misp=status_misp,
|
status_misp=status_misp,
|
||||||
status_hive=status_hive)
|
status_hive=status_hive,
|
||||||
|
nb_tags_whitelist_misp=nb_tags_whitelist_misp,
|
||||||
|
nb_tags_whitelist_hive=nb_tags_whitelist_hive)
|
||||||
|
|
||||||
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
|
@PasteSubmit.route("/PasteSubmit/tag_export_edited", methods=['POST'])
|
||||||
def tag_export_edited():
|
def tag_export_edited():
|
||||||
|
@ -525,6 +538,7 @@ def tag_export_edited():
|
||||||
r_serv_db.sadd('whitelist_hive', tag)
|
r_serv_db.sadd('whitelist_hive', tag)
|
||||||
else:
|
else:
|
||||||
return 'invalid input'
|
return 'invalid input'
|
||||||
|
|
||||||
return redirect(url_for('PasteSubmit.edit_tag_export'))
|
return redirect(url_for('PasteSubmit.edit_tag_export'))
|
||||||
|
|
||||||
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
|
@PasteSubmit.route("/PasteSubmit/enable_misp_auto_event")
|
||||||
|
|
|
@ -90,8 +90,6 @@
|
||||||
<div class="panel-heading">The hive auto export
|
<div class="panel-heading">The hive auto export
|
||||||
{% if hive_active %}
|
{% if hive_active %}
|
||||||
<span class="label label-success pull-right"> Enabled</span>
|
<span class="label label-success pull-right"> Enabled</span>
|
||||||
<span class="pull-right"> </span>
|
|
||||||
<span class="badge badge-light pull-right">{{ badge }}</span>
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if not hive_active %}
|
{% if not hive_active %}
|
||||||
<span class="label label-danger pull-right"> Disabled</span>
|
<span class="label label-danger pull-right"> Disabled</span>
|
||||||
|
@ -130,7 +128,9 @@
|
||||||
|
|
||||||
<div class="panel panel-info">
|
<div class="panel panel-info">
|
||||||
<div class="panel-heading">
|
<div class="panel-heading">
|
||||||
Metadata :
|
Metadata :
|
||||||
|
<span class="pull-right"> </span>
|
||||||
|
<span class="badge pull-right">{{ nb_tags_whitelist_misp }}</span>
|
||||||
<ul class="list-group"><li class="list-group-item">
|
<ul class="list-group"><li class="list-group-item">
|
||||||
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
|
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_misp">
|
||||||
<thead>
|
<thead>
|
||||||
|
@ -167,7 +167,9 @@
|
||||||
|
|
||||||
<div class="panel panel-info">
|
<div class="panel panel-info">
|
||||||
<div class="panel-heading">
|
<div class="panel-heading">
|
||||||
Metadata :
|
Metadata :
|
||||||
|
<span class="pull-right"> </span>
|
||||||
|
<span class="badge pull-right">{{ nb_tags_whitelist_hive }}</span>
|
||||||
<ul class="list-group"><li class="list-group-item">
|
<ul class="list-group"><li class="list-group-item">
|
||||||
|
|
||||||
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">
|
<table class="test table table-striped table-bordered table-hover table-responsive " id="myTable_hive">
|
||||||
|
|
|
@ -65,6 +65,15 @@
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<br></br>
|
||||||
|
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
|
||||||
|
<i class="fa fa-cogs fa-2x"></i>
|
||||||
|
<br></br>
|
||||||
|
<span class="label-icon">MISP and Hive, auto push</span>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<!-- /#page-wrapper -->
|
<!-- /#page-wrapper -->
|
||||||
|
|
|
@ -144,6 +144,15 @@
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div>
|
||||||
|
<br></br>
|
||||||
|
<a class="btn btn-tags" href="{{ url_for('PasteSubmit.edit_tag_export') }}" target="_blank">
|
||||||
|
<i class="fa fa-cogs fa-2x"></i>
|
||||||
|
<br></br>
|
||||||
|
<span class="label-icon">MISP and Hive, auto push</span>
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -24,6 +24,8 @@ max_preview_char = Flask_config.max_preview_char
|
||||||
max_preview_modal = Flask_config.max_preview_modal
|
max_preview_modal = Flask_config.max_preview_modal
|
||||||
DiffMaxLineLength = Flask_config.DiffMaxLineLength
|
DiffMaxLineLength = Flask_config.DiffMaxLineLength
|
||||||
bootstrap_label = Flask_config.bootstrap_label
|
bootstrap_label = Flask_config.bootstrap_label
|
||||||
|
misp_event_url = Flask_config.misp_event_url
|
||||||
|
hive_case_url = Flask_config.hive_case_url
|
||||||
|
|
||||||
showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
|
showsavedpastes = Blueprint('showsavedpastes', __name__, template_folder='templates')
|
||||||
|
|
||||||
|
@ -124,8 +126,24 @@ def showpaste(content_range):
|
||||||
else:
|
else:
|
||||||
hive = True
|
hive = True
|
||||||
|
|
||||||
|
misp_event = r_serv_metadata.get('misp_events:path')
|
||||||
|
if misp_event is None:
|
||||||
|
misp_eventid = False
|
||||||
|
misp_url = ''
|
||||||
|
else:
|
||||||
|
misp_eventid = True
|
||||||
|
misp_url = misp_event_url + misp_event
|
||||||
|
|
||||||
|
hive_case = r_serv_metadata.get('hive_cases:path')
|
||||||
|
if hive_case is None:
|
||||||
|
hive_caseid = False
|
||||||
|
hive_url = ''
|
||||||
|
else:
|
||||||
|
hive_caseid = True
|
||||||
|
hive_url = hive_case_url.replace('id_here', hive_case)
|
||||||
|
|
||||||
return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
|
return render_template("show_saved_paste.html", date=p_date, bootstrap_label=bootstrap_label, active_taxonomies=active_taxonomies, active_galaxies=active_galaxies, list_tags=list_tags, source=p_source, encoding=p_encoding, language=p_language, size=p_size, mime=p_mime, lineinfo=p_lineinfo, content=p_content, initsize=len(p_content), duplicate_list = p_duplicate_list, simil_list = p_simil_list, hashtype_list = p_hashtype_list, date_list=p_date_list,
|
||||||
misp=misp, hive=hive)
|
misp=misp, hive=hive, misp_eventid=misp_eventid, misp_url=misp_url, hive_caseid=hive_caseid, hive_url=hive_url)
|
||||||
|
|
||||||
# ============ ROUTES ============
|
# ============ ROUTES ============
|
||||||
|
|
||||||
|
|
|
@ -201,8 +201,8 @@
|
||||||
<div class="input clear required">
|
<div class="input clear required">
|
||||||
<label for="EventThreatLevelId">Threat Level</label>
|
<label for="EventThreatLevelId">Threat Level</label>
|
||||||
<select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required">
|
<select name="misp_data[Event][threat_level_id]" id="EventThreatLevelId" required="required">
|
||||||
<option value="1" selected="selected">High</option>
|
<option value="1">High</option>
|
||||||
<option value="2">Medium</option>
|
<option value="2" selected="selected">Medium</option>
|
||||||
<option value="3">Low</option>
|
<option value="3">Low</option>
|
||||||
<option value="4">Undefined</option>
|
<option value="4">Undefined</option>
|
||||||
</select>
|
</select>
|
||||||
|
@ -219,8 +219,19 @@
|
||||||
<label for="EventInfo">Event Info</label>
|
<label for="EventInfo">Event Info</label>
|
||||||
<input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/>
|
<input name="misp_data[Event][info]" class="form-control span6" placeholder="Quick Event Description or Tracking Info" type="text" id="EventInfo" required="required"/>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="clear">
|
||||||
|
<label for="EventInfo">Publish Event</label>
|
||||||
|
<input type="checkbox" value="True" id="misp_publish" name="misp_publish" >
|
||||||
|
</div>
|
||||||
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
|
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
|
||||||
|
|
||||||
|
{% if misp_eventid %}
|
||||||
|
<br>
|
||||||
|
<div class="list-group" id="misp_event">
|
||||||
|
<li class="list-group-item active">MISP Events already Created</li>
|
||||||
|
<a target="_blank" href="{{ misp_url }}" class="list-group-item">{{ misp_url }}</a></div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-footer center">
|
<div class="modal-footer center">
|
||||||
<button class="btn btn-primary">
|
<button class="btn btn-primary">
|
||||||
|
@ -283,6 +294,13 @@
|
||||||
</div>
|
</div>
|
||||||
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
|
<input type="hidden" id="paste" name="paste" value="{{ request.args.get('paste') }}">
|
||||||
|
|
||||||
|
{% if hive_caseid %}
|
||||||
|
<br>
|
||||||
|
<div class="list-group" id="misp_event">
|
||||||
|
<li class="list-group-item active">The Hive Case already Created</li>
|
||||||
|
<a target="_blank" href="{{ hive_url }}" class="list-group-item">{{ hive_url }}</a></div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-footer center">
|
<div class="modal-footer center">
|
||||||
<button href="" class="btn btn-primary">
|
<button href="" class="btn btn-primary">
|
||||||
|
|
Loading…
Reference in New Issue