chg: [cleanup] It's official - we are in the Maltego Hub

README.md

@@ -1,4 +1,5 @@
 
+
 ![logo](https://raw.githubusercontent.com/MISP/MISP-maltego/master/doc/logo.png)
 
 This is a [Maltego](https://www.paterva.com/web7/) [MISP](https://www.misp-project.org) integration tool allowing you to view (read-only) data from a MISP instance. 
@@ -17,11 +18,13 @@ The currently supported entities are: `AS`, `DNSName`, `Domain`, `EmailAddress`,
 For MITRE ATT&CK pivoting, feel free to start with an `Attack Technique`, `Software`, `Threat Actor`, or `MISPGalaxy`. Create your entity, enter a keyword such as `%gama%` and use the `Search in MISP` transform to get started. 
 
 ## Installation
-### Remote Transform Installation
+### Transform Hub
-This is coming soon. An entry will appear in the Transform Hub of Maltego, on which you can simply press the "install" button, and no local code needs to be installed. Your transforms will however go throught Paterva's servers and ours. See the [Transform Hub Disclaimer](https://github.com/MISP/MISP-maltego/blob/master/TRANSFORM_HUB_DISCLAIMER.md) for more information.
+Open the Transform Hub, locate **ATT&CK - MISP** and press the **Install** button. 
 
-**For MISP specific transforms this requires your MISP server to be reachable from the internet!
+Your transforms will go through Paterva's servers and ours. See the [Transform Hub Disclaimer](https://github.com/MISP/MISP-maltego/blob/master/TRANSFORM_HUB_DISCLAIMER.md) for more information.
-ATT&CK transforms do not require a MISP server or API key to be configured.**
+
+- ATT&CK transforms do not require a MISP server or API key to be configured.
+- MISP transforms requires your MISP server to be reachable from the internet! To enter your MISP server URL and key click **Details** on the Transform Hub item and then **Settings** at the bottom right. 
 
 ### Local Transform Installation
 If you trust nobody, or just want to connect to your local MISP server you can install everything as local transforms.

ansible/nginx.conf

@@ -21,6 +21,12 @@ server {
 	root /var/www/html;
 	server_name _;
 
+	location /munin {
+		alias /var/cache/munin/www/;
+		index index.html;
+		allow 127.0.0.1;
+		deny all;
+	}
 
 	location / {
 		proxy_set_header X-Real-IP $remote_addr;

ansible/plume.yaml

@@ -168,6 +168,29 @@
       name: plume
       state: started
 
+  # MONITORING
+  #############
+  - name: install munin
+    package:
+      name: ['munin', 'munin-node', 'munin-plugins-extra']
+
+  - name: munin - enabling plugins
+    file:
+      state: link
+      src: '/usr/share/munin/plugins/{{item}}'
+      dest: '/etc/munin/plugins/{{item}}'
+    loop:
+      - nginx_request
+      - nginx_status
+    notify: restart munin-node
+
+  - name: munin - service active and running
+    service:
+      name: munin-node
+      state: started
+      enabled: yes
+
+
   # FIREWALLING
   #############
   - name: firewall logging
@@ -225,3 +248,8 @@
       service:
         name: nginx
         state: restarted
+
+    - name: restart munin-node
+      service:
+        name: munin-node
+        state: restarted

ansible/redeploy.yaml

@@ -0,0 +1,59 @@
+---
+# Install MISP-maltego remote transform using ansible.
+
+- hosts: all
+  become: yes
+  vars:
+    misp_maltego_version: 1.4.5  # TODO change this !!!
+    host_locale: en_US.UTF-8
+    host_locale_dict: {
+      LANG: "{{ host_locale }}",
+      LC_COLLATE: "{{ host_locale }}",
+      LC_CTYPE: "{{ host_locale }}",
+      LC_MESSAGES: "{{ host_locale }}",
+      LC_MONETARY: "{{ host_locale }}",
+      LC_NUMERIC: "{{ host_locale }}",
+      LC_TIME: "{{ host_locale }}",
+      LC_ALL: "{{ host_locale }}",
+    }
+
+  tasks:
+  # use the public pip package
+  - name: install MISP-maltego
+    pip:
+      executable: pip3
+      name: ['MISP-maltego']
+      state: latest
+    notify: restart plume
+
+  # use local git repo instead, useful for development
+  # - name: bundle MISP-maltego
+  #   delegate_to: 127.0.0.1
+  #   command: 
+  #     cmd: python3 setup.py sdist
+  #     chdir: ../
+  #   become: no
+  # - name: copy MISP-maltego
+  #   copy:
+  #     src: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
+  #     dest: /usr/local/src/
+  # - name: install MISP-maltego
+  #   pip:
+  #     executable: /usr/bin/pip3
+  #     name: file:///usr/local/src/MISP_maltego-{{misp_maltego_version}}.tar.gz
+  #     state: forcereinstall
+  #   environment: "{{host_locale_dict}}"
+  #   notify: restart plume
+
+  # - name: remove local MISP-maltego bundle
+  #   delegate_to: 127.0.0.1
+  #   file:
+  #     path: ../dist/MISP_maltego-{{misp_maltego_version}}.tar.gz
+  #     state: absent
+  #   become: no
+
+  handlers:
+    - name: restart plume
+      service:
+        name: plume
+        state: restarted

src/MISP_maltego/transforms/attributetoevent.py

@@ -123,7 +123,7 @@ class SearchInMISP(Transform):
 
 class AttributeToEvent(Transform):
     input_type = Unknown
-    display_name = 'to MISP Events'
+    display_name = 'To MISP Events'
     remote = True
 
     def do_transform(self, request, response, config):

src/MISP_maltego/transforms/eventtoattributes.py

@@ -85,6 +85,7 @@ class EventToTransform(Transform):
 
 class EventToAll(EventToTransform):
     input_type = MISPEvent
+    display_name = 'To All'
     description = 'Expands an Event to Attributes, Objects, Tags, Galaxies'
     remote = True
 
@@ -100,7 +101,7 @@ class EventToAll(EventToTransform):
 
 class EventToAttributes(EventToTransform):
     input_type = MISPEvent
-    description = 'Expands an Event to Attributes'
+    display_name = 'To Attributes/Objects'
     remote = True
 
     def do_transform(self, request, response, config):
@@ -113,6 +114,7 @@ class EventToAttributes(EventToTransform):
 
 class EventToTags(EventToTransform):
     input_type = MISPEvent
+    display_name = 'To Tags'
     description = 'Expands an Event to Tags and Galaxies'
     remote = True
 
@@ -126,7 +128,7 @@ class EventToTags(EventToTransform):
 
 class EventToGalaxies(EventToTransform):
     input_type = MISPEvent
-    description = 'Expands an Event to Galaxies'
+    display_name = 'To Galaxies / ATT&CK'
     remote = True
 
     def do_transform(self, request, response, config):
@@ -138,7 +140,7 @@ class EventToGalaxies(EventToTransform):
 
 class EventToObjects(EventToTransform):
     input_type = MISPEvent
-    description = 'Expands an Event to Objects'
+    display_name = 'To Objects'
     remote = True
 
     def do_transform(self, request, response, config):
@@ -150,7 +152,7 @@ class EventToObjects(EventToTransform):
 
 class EventToRelations(EventToTransform):
     input_type = MISPEvent
-    description = 'Expands an Event to related Events'
+    display_name = 'To Related Events'
     remote = True
 
     def do_transform(self, request, response, config):
@@ -161,9 +163,8 @@ class EventToRelations(EventToTransform):
 
 
 class ObjectToAttributes(Transform):
-    """"Expands an object to its attributes"""
     input_type = MISPObject
-    description = 'Expands an Object to Attributes'
+    display_name = 'To Attributes'
     remote = True
 
     def do_transform(self, request, response, config):
@@ -184,9 +185,8 @@ class ObjectToAttributes(Transform):
 
 
 class ObjectToRelations(Transform):
-    """Expands an object to the relations of the object"""
     input_type = MISPObject
-    description = 'Expands an Object to Relations'
+    display_name = 'To Related Objects'
     remote = True
 
     def do_transform(self, request, response, config):

src/MISP_maltego/transforms/galaxytoevent.py

@@ -15,26 +15,6 @@ __email__ = 'christophe@vandeplas.com'
 __status__ = 'Development'
 
 
-class GalaxyToEvents(Transform):
-    """Expands a Galaxy to multiple MISP Events."""
-
-    # The transform input entity type.
-    input_type = MISPGalaxy
-    remote = True
-
-    def do_transform(self, request, response, config):
-        response += check_update(config)
-        conn = MISPConnection(config, request.parameters)
-        if request.entity.tag_name:
-            tag_name = request.entity.tag_name
-        else:
-            tag_name = request.entity.value
-        events_json = conn.misp.search(controller='events', tags=tag_name, with_attachments=False)
-        for e in events_json:
-            response += MISPEvent(e['Event']['id'], uuid=e['Event']['uuid'], info=e['Event']['info'], link_direction=LinkDirection.OutputToInput)
-        return response
-
-
 class GalaxyToTransform(Transform):
     input_type = None
 
@@ -106,8 +86,8 @@ class GalaxyToTransform(Transform):
 
 
 class GalaxyToRelations(GalaxyToTransform):
-    """Expands a Galaxy to related Galaxies and Clusters"""
     input_type = MISPGalaxy
+    display_name = 'To Related Galaxies'
     remote = True
 
     def do_transform(self, request, response, config, type_filter=MISPGalaxy):
@@ -115,8 +95,8 @@ class GalaxyToRelations(GalaxyToTransform):
 
 
 class GalaxyToSoftware(GalaxyToTransform):
-    """Expands a Galaxy to related Software/Tool Galaxies"""
     input_type = MISPGalaxy
+    display_name = 'To Malware/Software/Tools'
     remote = True
 
     def do_transform(self, request, response, config, type_filter=Software):
@@ -124,8 +104,8 @@ class GalaxyToSoftware(GalaxyToTransform):
 
 
 class GalaxyToThreatActor(GalaxyToTransform):
-    """Expands a Galaxy to related ThreatActor Galaxies"""
     input_type = MISPGalaxy
+    display_name = 'To Threat Actors'
     remote = True
 
     def do_transform(self, request, response, config, type_filter=ThreatActor):
@@ -133,8 +113,8 @@ class GalaxyToThreatActor(GalaxyToTransform):
 
 
 class GalaxyToAttackTechnique(GalaxyToTransform):
-    """Expands a Galaxy to related Attack Techniques Galaxies"""
     input_type = MISPGalaxy
+    display_name = 'To Attack Techniques'
     remote = True
 
     def do_transform(self, request, response, config, type_filter=AttackTechnique):