'SysLogLogable.SysLogLogable'=>array(// TODO Audit, logable
'userModel'=>'User',
'userKey'=>'user_id',
'change'=>'full'),
'Trim',
'Containable',
'Regexp'=>array('fields'=>array('info')),
'Blacklist'=>array('fields'=>array('info')),
);
/**
*Displayfield
*
*@varstring
*/
public$displayField='id';
public$virtualFields=array();
/**
*Descriptionfield
*
*@vararray
*/
public$fieldDescriptions=array(
'risk'=>array('desc'=>'Risk levels: *low* means mass-malware, *medium* means APT malware, *high* means sophisticated APT malware or 0-day attack','formdesc'=>'Risk levels:<br/>low: mass-malware<br/>medium: APT malware<br/>high: sophisticated APT malware or 0-day attack'),
'private'=>array('desc'=>'This field tells if the event should be shared with other CyDefSIG servers'),
'classification'=>array('desc'=>'Set the Traffic Light Protocol classification. <ol><li><em>TLP:AMBER</em>- Share only within the organization on a need-to-know basis</li><li><em>TLP:GREEN:NeedToKnow</em>- Share within your constituency on the need-to-know basis.</li><li><em>TLP:GREEN</em>- Share within your constituency.</li></ol>'),
'analysis'=>array('desc'=>'Analysis Levels: *Initial* means the event has just been created, *Ongoing* means that the event is being populated, *Complete* means that the event\'s creation is complete','formdesc'=>'Analysis levels:<br />Initial: event has been started<br />Ongoing: event population is in progress<br />Complete: event creation has finished')
);
public$riskDescriptions=array(
'Undefined'=>array('desc'=>'*undefined* no risk','formdesc'=>'No risk'),
'Low'=>array('desc'=>'*low* means mass-malware','formdesc'=>'Mass-malware'),
'Medium'=>array('desc'=>'*medium* means APT malware','formdesc'=>'APT malware'),
'High'=>array('desc'=>'*high* means sophisticated APT malware or 0-day attack','formdesc'=>'Sophisticated APT malware or 0-day attack')
);
public$analysisDescriptions=array(
0=>array('desc'=>'*Initial* means the event has just been created','formdesc'=>'Creation started'),
1=>array('desc'=>'*Ongoing* means that the event is being populated','formdesc'=>'Creation ongoing'),
2=>array('desc'=>'*Complete* means that the event\'s creation is complete','formdesc'=>'Creation complete')
);
public$distributionDescriptions=array(
'Your organization only'=>array('desc'=>'This field determines the current distribution of the even','formdesc'=>"This setting will only allow members of your organisation on this server to see it."),
'This server-only'=>array('desc'=>'This field determines the current distribution of the even','formdesc'=>"This setting will only allow members of any organisation on this server to see it."),
'This Community-only'=>array('desc'=>'This field determines the current distribution of the even','formdesc'=>"Users that are part of your MISP community will be able to see the event. This includes your own organisation, organisations on this MISP server and organisations running MISP servers that synchronise with this server. Any other organisations connected to such linked servers will be restricted from seeing the event. Use this option if you are on the central hub of this community."),// former Community
'Connected communities'=>array('desc'=>'This field determines the current distribution of the even','formdesc'=>"Users that are part of your MISP community will be able to see the event. This includes all organisations on this MISP server, all organisations on MISP servers synchronising with this server and the hosting organisations of servers that connect to those afore mentioned servers (so basically any server that is 2 hops away from this one). Any other organisations connected to linked servers that are 2 hops away from this will be restricted from seeing the event. Use this option if this server isn't the central MISP hub of the community but is connected to it."),
'All communities'=>array('desc'=>'This field determines the current distribution of the even','formdesc'=>"This will share the event with all MISP communities, allowing the event to be freely propagated from one server to the next."),
);
public$analysisLevels=array(
0=>'Initial',1=>'Ongoing',2=>'Completed'
);
/**
*Validationrules
*
*@vararray
*/
public$validate=array(
'org'=>array(
'notempty'=>array(
'rule'=>array('notempty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'orgc'=>array(
'notempty'=>array(
'rule'=>array('notempty'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
//'required' => false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'date'=>array(
'date'=>array(
'rule'=>array('date'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required'=>true,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
'distribution'=>'IF (Event.private=true AND Event.cluster=false, "Your organization only", IF (Event.private=true AND Event.cluster=true, "This server-only", IF (Event.private=false AND Event.cluster=true, "This Community-only", IF (Event.communitie=true, "Connected communities" , "All communities"))))',
'distribution'=>array('desc'=>'This field determines the current distribution of the event','formdesc'=>'This field determines the current distribution of the event:<br/>Org - only organization memebers will see the event<br/>Community - event visible to all on this CyDefSIG instance but will not be shared past it</br>All - to be distributed to other connected CyDefSIG servers'),
));
$this->validate=Set::merge($this->validate,array(
'cluster'=>array(
'boolean'=>array(
'rule'=>array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required'=>false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
),
),
'communitie'=>array(
'boolean'=>array(
'rule'=>array('boolean'),
//'message' => 'Your custom message here',
//'allowEmpty' => false,
'required'=>false,
//'last' => false, // Stop validation after this rule
//'on' => 'create', // Limit validation to 'create' or 'update' operations
if(true==$event['Event']['private']){// never upload private events
return"Event is private and non exportable";
}
$url=$server['Server']['url'];
$authkey=$server['Server']['authkey'];
if(null==$HttpSocket){
App::uses('HttpSocket','Network/Http');
$HttpSocket=newHttpSocket();
}
$request=array(
'header'=>array(
'Authorization'=>$authkey,
'Accept'=>'application/xml',
'Content-Type'=>'application/xml',
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri=isset($urlPath)?$urlPath:$url.'/events';
// LATER try to do this using a separate EventsController and renderAs() function
$xmlArray=array();
// rearrange things to be compatible with the Xml::fromArray()
$event['Event']['Attribute']=$event['Attribute'];
unset($event['Attribute']);
// cleanup the array from things we do not want to expose
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
//'Connection' => 'keep-alive' // LATER followup cakephp ticket 2854 about this problem http://cakephp.lighthouseapp.com/projects/42648-cakephp/tickets/2854
)
);
$uri=$url.'/events/index/sort:id/direction:desc/limit:999';// LATER verify if events are missing because we only selected the last 999