MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/Console/Command/EventShell.php

600 lines
22 KiB
PHP
Raw Normal View History

remove whitespace at end of line
2016-06-04 01:10:45 +02:00
<?php
More work on the background jobs - Started work on the exports
2013-11-07 15:58:29 +01:00
App::uses('Folder', 'Utility');
App::uses('File', 'Utility');
:q
2013-11-06 10:52:18 +01:00
require_once 'AppShell.php';
class EventShell extends AppShell
{
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
public $uses = array('Event', 'Post', 'Attribute', 'Job', 'User', 'Task', 'Whitelist', 'Server', 'Organisation');
Merge branch 'feature/rpz' into hotfix-2.3.86 Conflicts: app/Console/Command/EventShell.php app/Model/Server.php
2015-06-23 17:19:08 +02:00
:q
2013-11-06 10:52:18 +01:00
public function doPublish() {
$id = $this->args[0];
$this->Event->id = $id;
if (!$this->Event->exists()) {
throw new NotFoundException(__('Invalid event'));
}
$this->Job->create();
$data = array(
'worker' => 'default',
'job_type' => 'doPublish',
'job_input' => $id,
'status' => 0,
'retries' => 0,
More work on the background jobs - Started work on the exports
2013-11-07 15:58:29 +01:00
//'org' => $jobOrg,
:q
2013-11-06 10:52:18 +01:00
'message' => 'Job created.',
);
$this->Job->save($data);
// update the event and set the from field to the current instance's organisation from the bootstrap. We also need to save id and info for the logs.
$this->Event->recursive = -1;
$event = $this->Event->read(null, $id);
$event['Event']['published'] = 1;
$fieldList = array('published', 'id', 'info');
$this->Event->save($event, array('fieldList' => $fieldList));
// only allow form submit CSRF protection.
$this->Job->saveField('status', 1);
$this->Job->saveField('message', 'Job done.');
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
new: [exports] New export system using restsearch
2018-10-05 14:48:02 +02:00
public function cache() {
$timeStart = time();
$userId = $this->args[0];
$id = $this->args[1];
$user = $this->User->getAuthUser($userId);
$this->Job->id = $id;
$export_type = $this->args[2];
file_put_contents('/tmp/test', $export_type);
$typeData = $this->Event->export_types[$export_type];
if (!in_array($export_type, array_keys($this->Event->export_types))) {
$this->Job->saveField('progress', 100);
$timeDelta = (time()-$timeStart);
$this->Job->saveField('message', 'Job Failed due to invalid export format. (in '.$timeDelta.'s)');
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
return false;
}
if ($export_type == 'text') {
$types = array_keys($this->Attribute->typeDefinitions);
$typeCount = count($types);
foreach ($types as $k => $type) {
$typeData['params']['type'] = $type;
$this->__runCaching($user, $typeData, false, $export_type, '_' . $type);
$this->Job->saveField('message', 'Processing all attributes of type '. $type . '.');
$this->Job->saveField('progress', intval($k / $typeCount));
}
} else {
$this->__runCaching($user, $typeData, $id, $export_type);
}
$this->Job->saveField('progress', 100);
$timeDelta = (time()-$timeStart);
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
}
private function __runCaching($user, $typeData, $id, $export_type, $subType = '') {
$export_type = strtolower($typeData['type']);
$final = $this->{$typeData['scope']}->restSearch($user, $typeData['params']['returnFormat'], $typeData['params'], false, $id);
$dir = new Folder(APP . 'tmp/cached_exports/' . $export_type, true, 0750);
//echo PHP_EOL . $dir->pwd() . DS . 'misp.' . $export_type . $subType . '.ADMIN' . $typeData['extension'] . PHP_EOL;
if ($user['Role']['perm_site_admin']) {
$file = new File($dir->pwd() . DS . 'misp.' . $export_type . $subType . '.ADMIN' . $typeData['extension']);
} else {
$file = new File($dir->pwd() . DS . 'misp.' . $export_type . $subType . '.' . $user['Organisation']['name'] . $typeData['extension']);
}
$file->write($final);
$file->close();
return true;
}
More work on the background jobs - Started work on the exports
2013-11-07 15:58:29 +01:00
public function cachexml() {
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeStart = time();
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$id = $this->args[1];
misc cleanup
2016-05-20 19:00:03 +02:00
$user = $this->User->getAuthUser($userId);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->id = $id;
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
// TEMP: change to passing an options array with the user!!
$eventIds = $this->Event->fetchEventIds($user);
More work on the background jobs - Started work on the exports
2013-11-07 15:58:29 +01:00
$eventCount = count($eventIds);
Create cached export dirs if they don't exist, fixes #791 - until now it was assumed that the dirs are already created - just create them if they don't exist
2015-12-28 00:03:52 +01:00
$dir = new Folder(APP . 'tmp/cached_exports/xml', true, 0750);
Further progress
2015-04-18 07:53:18 +02:00
if ($user['Role']['perm_site_admin']) {
Update to the way xml files are cached
2014-06-24 13:19:40 +02:00
$file = new File($dir->pwd() . DS . 'misp.xml' . '.ADMIN.xml');
} else {
Further progress
2015-04-18 07:53:18 +02:00
$file = new File($dir->pwd() . DS . 'misp.xml' . '.' . $user['Organisation']['name'] . '.xml');
Update to the way xml files are cached
2014-06-24 13:19:40 +02:00
}
Further progress
2015-04-18 07:53:18 +02:00
App::uses('XMLConverterTool', 'Tools');
$converter = new XMLConverterTool();
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
$file->write('<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . '<response>');
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
if (!empty($eventIds)) {
foreach ($eventIds as $k => $eventId) {
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
$temp = $this->Event->fetchEvent($user, array('eventid' => $eventId['Event']['id'], 'includeAttachments' => Configure::read('MISP.cached_attachments')));
new: Rework of the restsearch APIs - allows for alternate download types (supported for now: openioc) - major refactor of the openioc export - refactor of the CIDR tool
2017-03-31 19:27:34 +02:00
$file->append($converter->convert($temp[0], $user['Role']['perm_site_admin']) . PHP_EOL);
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
$this->Job->saveField('progress', ($k+1) / $eventCount *100);
}
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
}
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
$file->append('<xml_version>' . $this->Event->mispVersion . '</xml_version>');
$file->append('</response>' . PHP_EOL);
More work on the background jobs - Started work on the exports
2013-11-07 15:58:29 +01:00
$file->close();
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeDelta = (time()-$timeStart);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
}
Fix: cleaner input for caching jobs
2016-08-17 09:43:57 +02:00
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
public function cachejson() {
$timeStart = time();
$userId = $this->args[0];
$id = $this->args[1];
$user = $this->User->getAuthUser($userId);
$this->Job->id = $id;
// TEMP: change to passing an options array with the user!!
$eventIds = $this->Event->fetchEventIds($user);
$eventCount = count($eventIds);
$dir = new Folder(APP . 'tmp/cached_exports/json', true, 0750);
if ($user['Role']['perm_site_admin']) {
$file = new File($dir->pwd() . DS . 'misp.json' . '.ADMIN.json');
} else {
$file = new File($dir->pwd() . DS . 'misp.json' . '.' . $user['Organisation']['name'] . '.json');
}
App::uses('JSONConverterTool', 'Tools');
$converter = new JSONConverterTool();
fix: overwrite cached json exports, fixes #1439
2016-08-16 14:49:52 +02:00
$file->write('{"response":[');
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
foreach ($eventIds as $k => $eventId) {
$result = $this->Event->fetchEvent($user, array('eventid' => $eventId['Event']['id'], 'includeAttachments' => Configure::read('MISP.cached_attachments')));
new: Rework of the restsearch APIs - allows for alternate download types (supported for now: openioc) - major refactor of the openioc export - refactor of the CIDR tool
2017-03-31 19:27:34 +02:00
$file->append($converter->convert($result[0]));
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
if ($k < count($eventIds) -1 ) $file->append(',');
fix: Added progress bar to JSON cache generation
2016-07-30 19:00:02 +02:00
$this->Job->saveField('progress', ($k+1) / $eventCount *100);
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
}
$file->append(']}');
$file->close();
$timeDelta = (time()-$timeStart);
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
fix: Refactoring of the STIX export - Also adding it to the caching mechanism - still WIP
2016-08-21 22:57:11 +02:00
public function cachestix() {
$timeStart = time();
$userId = $this->args[0];
$id = $this->args[1];
$user = $this->User->getAuthUser($userId);
$this->Job->id = $id;
$dir = new Folder(APP . 'tmp/cached_exports/stix', true, 0750);
if ($user['Role']['perm_site_admin']) {
fix: Attempted fix for an issue with large stix exports getting truncated
2016-11-01 17:57:56 +01:00
$stixFilePath = $dir->pwd() . DS . 'misp.stix' . '.ADMIN.xml';
fix: Refactoring of the STIX export - Also adding it to the caching mechanism - still WIP
2016-08-21 22:57:11 +02:00
} else {
fix: Attempted fix for an issue with large stix exports getting truncated
2016-11-01 17:57:56 +01:00
$stixFilePath = $dir->pwd() . DS . 'misp.stix' . '.' . $user['Organisation']['name'] . '.xml';
fix: Refactoring of the STIX export - Also adding it to the caching mechanism - still WIP
2016-08-21 22:57:11 +02:00
}
fix: Attempted fix for an issue with large stix exports getting truncated
2016-11-01 17:57:56 +01:00
$result = $this->Event->stix(false, false, Configure::read('MISP.cached_attachments'), $user, 'xml', false, false, false, $id, true);
fix: Refactoring of the STIX export - Also adding it to the caching mechanism - still WIP
2016-08-21 22:57:11 +02:00
$timeDelta = (time()-$timeStart);
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
new: New piece by piece stix export allowing large datasets to be exported
2016-08-23 00:24:54 +02:00
if ($result['success']) {
fix: Attempted fix for an issue with large stix exports getting truncated
2016-11-01 17:57:56 +01:00
rename($result['data'], $stixFilePath);
unlink($result['data']);
new: New piece by piece stix export allowing large datasets to be exported
2016-08-23 00:24:54 +02:00
$this->Job->saveField('progress', 100);
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
} else {
$log = ClassRegistry::init('Log');
$log->create();
$log->createLogEntry($user, 'export', 'STIX export failed', $result['message']);
throw new InternalErrorException();
}
fix: Refactoring of the STIX export - Also adding it to the caching mechanism - still WIP
2016-08-21 22:57:11 +02:00
}
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
private function __recursiveEcho($array) {
$text = "";
foreach ($array as $k => $v) {
if (is_array($v)) {
if (empty($v)) $text .= '<' . $k . '/>';
else {
foreach ($v as $element) {
$text .= '<' . $k . '>';
$text .= $this->__recursiveEcho($element);
$text .= '</' . $k . '>';
}
}
} else {
if ($v === false) $v = 0;
if ($v === "" || $v === null) $text .= '<' . $k . '/>';
else {
$text .= '<' . $k . '>' . $v . '</' . $k . '>';
}
}
}
return $text;
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
public function cachehids() {
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeStart = time();
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$id = $this->args[1];
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->id = $id;
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$extra = $this->args[2];
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->saveField('progress', 1);
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
$rules = $this->Attribute->hids($user, $extra, '', false, false, false, $id);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->saveField('progress', 80);
Create cached export dirs if they don't exist, fixes #791 - until now it was assumed that the dirs are already created - just create them if they don't exist
2015-12-28 00:03:52 +01:00
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $extra, true, 0750);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
if ($user['Role']['perm_site_admin']) {
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.ADMIN.txt');
} else {
Lots of progress - further work on implementing the SG changes everywhere - reworked the alert e-mails - reworked a lot of the logging - several convenience methods
2015-04-20 11:46:55 +02:00
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.' . $user['Organisation']['name'] . '.txt');
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
}
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$file->write('');
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
if (!empty($rules)) {
foreach ($rules as $rule) {
fix: Some fixes to the caching - invalid linebreaks used for the hids caching - added sha256 to the hids caches
2016-07-31 22:56:19 +02:00
$file->append($rule . PHP_EOL);
fix: Various fixes to the cached exports - Tightened the rules for export generation when no valid published events exist - Corrected various issues with the progress bars - Added the missing JSON export to the caches - XML/JSON caches now correctly take into account the cached attachent inclusion setting - MISP will now show the users browsing the export page whether attachments will be cached with the current settings or not - Added correct progress bar to the HIDS export
2016-07-30 18:08:19 +02:00
}
} else {
fix: Some fixes to the caching - invalid linebreaks used for the hids caching - added sha256 to the hids caches
2016-07-31 22:56:19 +02:00
$file->append("No exportable " . $type . "s found. " . PHP_EOL);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
}
$file->close();
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeDelta = (time()-$timeStart);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->saveField('progress', '100');
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
issue 1289 - Cache jobs do not update the date modified once completed. I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
2016-06-29 22:46:48 +02:00
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
public function cacherpz() {
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeStart = time();
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
some left over merging issues among other things
2015-11-17 22:01:22 +01:00
$id = $this->args[1];
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
$this->Job->id = $id;
some left over merging issues among other things
2015-11-17 22:01:22 +01:00
$extra = $this->args[2];
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
$this->Job->saveField('progress', 1);
Several fixes to the exports, fixes #790 - New generic fetch attribute method was mistakenly using the order field as a condition, resulting in some exports only displaying a subset of the data - the fix to this fixes the issue described in #790 for text exports - Fix to the RPZ exports not working correctly - Fix to the horrible performance of RPZ exports - Fix to several background worker issues with exports
2015-12-26 02:50:50 +01:00
$eventIds = $this->Attribute->Event->fetchEventIds($user, false, false, false, true);
$values = array();
$eventCount = count($eventIds);
if ($eventCount) {
foreach ($eventIds as $k => $eventId) {
$values = array_merge_recursive($values, $this->Attribute->rpz($user, false, $eventId));
if ($k % 10 == 0) $this->Job->saveField('progress', $k * 80 / $eventCount);
}
}
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
$this->Job->saveField('progress', 80);
Create cached export dirs if they don't exist, fixes #791 - until now it was assumed that the dirs are already created - just create them if they don't exist
2015-12-28 00:03:52 +01:00
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $extra, true, 0750);
Fixed some background worker issues - scheduled pulls would fail because of invalid user object passed - invalid permissions checks / org checks would cause the RPZ export to fail when using background workers
2015-12-26 01:35:34 +01:00
if ($user['Role']['perm_site_admin']) {
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
$file = new File($dir->pwd() . DS . 'misp.rpz.ADMIN.txt');
} else {
Fixed some background worker issues - scheduled pulls would fail because of invalid user object passed - invalid permissions checks / org checks would cause the RPZ export to fail when using background workers
2015-12-26 01:35:34 +01:00
$file = new File($dir->pwd() . DS . 'misp.rpz.' . $user['Organisation']['name'] . '.txt');
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
}
App::uses('RPZExport', 'Export');
$rpzExport = new RPZExport();
$rpzSettings = array();
move ns_alt parameter to end of api list
2017-09-21 17:11:30 +02:00
$lookupData = array('policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl', 'ns_alt');
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
foreach ($lookupData as $v) {
$tempSetting = Configure::read('Plugin.RPZ_' . $v);
if (isset($tempSetting)) $rpzSettings[$v] = Configure::read('Plugin.RPZ_' . $v);
else $rpzSettings[$v] = $this->Server->serverSettings['Plugin']['RPZ_' . $v]['value'];
}
$file->write($rpzExport->export($values, $rpzSettings));
$file->close();
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeDelta = (time()-$timeStart);
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
$this->Job->saveField('progress', '100');
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
issue 1289 - Cache jobs do not update the date modified once completed. I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
2016-06-29 22:46:48 +02:00
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
Added the missing ways to exploit the rpz functionality - rpz added to exports, both old-style and with background workers - per event rpz functionality added
2015-05-20 16:23:42 +02:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
public function cachecsv() {
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeStart = time();
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$id = $this->args[1];
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->id = $id;
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$extra = $this->args[2];
First commit of the event view ajaxification - pagination of the attribute index within the event view - add attributes in a pop-up window - instantly refresh attributes
2014-03-24 16:33:40 +01:00
if ($extra == 'csv_all') $ignore = 1;
else $ignore = 0;
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
// TEMP: change to passing an options array with the user!!
$eventIds = $this->Event->fetchEventIds($user);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$eventCount = count($eventIds);
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
$attributes = array();
Create cached export dirs if they don't exist, fixes #791 - until now it was assumed that the dirs are already created - just create them if they don't exist
2015-12-28 00:03:52 +01:00
$dir = new Folder(APP . 'tmp/cached_exports/' . $extra, true, 0750);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
if ($user['Role']['perm_site_admin']) {
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.ADMIN.csv');
} else {
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$file = new File($dir->pwd() . DS . 'misp.' . $extra . '.' . $user['Organisation']['name'] . '.csv');
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
}
Fix to an issue with the CSV export - missing linebreak after header row added - fixed an issue with quotes in the value field not being escaped properly
2014-11-12 15:36:07 +01:00
$file->write('uuid,event_id,category,type,value,to_ids,date' . PHP_EOL);
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
foreach ($eventIds as $k => $eventId) {
Fix to an issue with the caching - CSV caching was saving to file on each attribute, creating extremely high amounts of I/O - reduced it to saving to file / event - fixed incorrect pathing
2015-04-08 22:47:28 +02:00
$chunk = "";
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$attributes = $this->Event->csv($user, $eventId['Event']['id'], $ignore);
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
$attributes = $this->Whitelist->removeWhitelistedFromArray($attributes, true);
foreach ($attributes as $attribute) {
Fix to an issue with the caching - CSV caching was saving to file on each attribute, creating extremely high amounts of I/O - reduced it to saving to file / event - fixed incorrect pathing
2015-04-08 22:47:28 +02:00
$chunk .= $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'] . ',' . intval($attribute['Attribute']['to_ids']) . ',' . $attribute['Attribute']['timestamp'] . PHP_EOL;
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
}
Fix to an issue with the caching - CSV caching was saving to file on each attribute, creating extremely high amounts of I/O - reduced it to saving to file / event - fixed incorrect pathing
2015-04-08 22:47:28 +02:00
$file->append($chunk);
Changes to the exports, fixes #285 - XML export was slow, replaced SimpleXML with a simple script that outputs XML for massive performance gains - New option in bootstrap to allow the cached XML export to also include the attachments - CSV caching slightly rearranged, it's much more memory efficient now - Some fixes to relatedevent orgs being shown even if showorg is disabled - Added a new site admin action to generate several 3k events for load testing (slow)
2014-09-02 15:56:28 +02:00
if ($k % 10 == 0) {
$this->Job->saveField('progress', $k / $eventCount * 80);
}
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
}
$file->close();
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeDelta = (time()-$timeStart);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->saveField('progress', '100');
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
issue 1289 - Cache jobs do not update the date modified once completed. I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
2016-06-29 22:46:48 +02:00
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
public function cachetext() {
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeStart = time();
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$id = $this->args[1];
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->id = $id;
$types = array_keys($this->Attribute->typeDefinitions);
$typeCount = count($types);
Create cached export dirs if they don't exist, fixes #791 - until now it was assumed that the dirs are already created - just create them if they don't exist
2015-12-28 00:03:52 +01:00
$dir = new Folder(APP . DS . '/tmp/cached_exports/text', true, 0750);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
foreach ($types as $k => $type) {
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$final = $this->Attribute->text($user, $type);
if ($user['Role']['perm_site_admin']) {
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
$file = new File($dir->pwd() . DS . 'misp.text_' . $type . '.ADMIN.txt');
} else {
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$file = new File($dir->pwd() . DS . 'misp.text_' . $type . '.' . $user['Organisation']['name'] . '.txt');
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
}
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$file->write('');
foreach ($final as $attribute) {
$file->append($attribute['Attribute']['value'] . PHP_EOL);
}
$file->close();
Next version of exports done
2013-11-19 11:03:30 +01:00
$this->Job->saveField('progress', $k / $typeCount * 100);
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
}
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeDelta = (time()-$timeStart);
Next version of exports done
2013-11-19 11:03:30 +01:00
$this->Job->saveField('progress', 100);
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
issue 1289 - Cache jobs do not update the date modified once completed. I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
2016-06-29 22:46:48 +02:00
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
Next version of exports done
2013-11-19 11:03:30 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Next version of exports done
2013-11-19 11:03:30 +01:00
public function cachenids() {
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeStart = time();
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$id = $this->args[1];
Next version of exports done
2013-11-19 11:03:30 +01:00
$this->Job->id = $id;
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$format = $this->args[2];
Fixed a serious issue with the snort/suricata export which would keep appending all eligible attributes over and over to the file instead of properly fetching them event by event resulting in a massive export file
2015-12-23 00:51:57 +01:00
$eventIds = array_values($this->Event->fetchEventIds($user, false, false, false, true));
Next version of exports done
2013-11-19 11:03:30 +01:00
$eventCount = count($eventIds);
Create cached export dirs if they don't exist, fixes #791 - until now it was assumed that the dirs are already created - just create them if they don't exist
2015-12-28 00:03:52 +01:00
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $format, true, 0750);
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
if ($user['Role']['perm_site_admin']) {
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
$file = new File($dir->pwd() . DS . 'misp.' . $format . '.ADMIN.rules');
} else {
Progress in moving all exports to the new distribution system
2015-04-13 12:42:26 +02:00
$file = new File($dir->pwd() . DS . 'misp.' . $format . '.' . $user['Organisation']['name'] . '.rules');
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
}
Next version of exports done
2013-11-19 11:03:30 +01:00
$file->write('');
foreach ($eventIds as $k => $eventId) {
if ($k == 0) {
Fixed a serious issue with the snort/suricata export which would keep appending all eligible attributes over and over to the file instead of properly fetching them event by event resulting in a massive export file
2015-12-23 00:51:57 +01:00
$temp = $this->Attribute->nids($user, $format, $eventId);
Next version of exports done
2013-11-19 11:03:30 +01:00
} else {
Fixed a serious issue with the snort/suricata export which would keep appending all eligible attributes over and over to the file instead of properly fetching them event by event resulting in a massive export file
2015-12-23 00:51:57 +01:00
$temp = $this->Attribute->nids($user, $format, $eventId, true);
Next version of exports done
2013-11-19 11:03:30 +01:00
}
foreach ($temp as $line) {
$file->append($line . PHP_EOL);
}
if ($k % 10 == 0) {
$this->Job->saveField('progress', $k / $eventCount * 80);
}
}
$file->close();
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$timeDelta = time()-$timeStart;
Most of the export caching done - also a fair bit of refactoring of the code, fatter models, thinner controllers, component moved to Lib
2013-11-15 15:39:34 +01:00
$this->Job->saveField('progress', '100');
chg: adding job duration to the "Job done." text.
2016-07-01 14:52:02 +02:00
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
issue 1289 - Cache jobs do not update the date modified once completed. I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
2016-06-29 22:46:48 +02:00
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
More work on the background jobs - Started work on the exports
2013-11-07 15:58:29 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
bro export funtionality
2016-08-23 14:06:06 +02:00
public function cachebro()
{
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
$timeStart = time();
$broHeader = "#fields\tindicator\tindicator_type\tmeta.source\tmeta.desc\tmeta.url\tmeta.do_notice\tmeta.if_in\n";
bro export funtionality
2016-08-23 14:06:06 +02:00
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
$id = $this->args[1];
$this->Job->id = $id;
$this->Job->saveField('progress', 1);
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
App::uses('BroExport', 'Export');
$export = new BroExport();
$types = array_keys($export->mispTypes);
bro export funtionality
2016-08-23 14:06:06 +02:00
$typeCount = count($types);
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
$dir = new Folder(APP . DS . '/tmp/cached_exports/bro', true, 0750);
bro export funtionality
2016-08-23 14:06:06 +02:00
if ($user['Role']['perm_site_admin']) {
fix: Changed bro cached export to the .intel extension
2016-12-21 19:10:55 +01:00
$file = new File($dir->pwd() . DS . 'misp.bro.ADMIN.intel');
bro export funtionality
2016-08-23 14:06:06 +02:00
} else {
fix: Changed bro cached export to the .intel extension
2016-12-21 19:10:55 +01:00
$file = new File($dir->pwd() . DS . 'misp.bro.' . $user['Organisation']['name'] . '.intel');
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
}
Truncate bro cached export files
2017-01-23 13:32:06 +01:00
$file->write('');
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
foreach ($types as $k => $type) {
$final = $this->Attribute->bro($user, $type);
foreach ($final as $attribute) {
$file->append($attribute . PHP_EOL);
}
$this->Job->saveField('progress', $k / $typeCount * 100);
bro export funtionality
2016-08-23 14:06:06 +02:00
}
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
$file->close();
$timeDelta = (time()-$timeStart);
bro export funtionality
2016-08-23 14:06:06 +02:00
$this->Job->saveField('progress', 100);
- Performance improvements when exporting a large number of attributes into Bro format. - Fixed file header formatting for the export to Bro format (tabs used consistently). - Computing the time needed for generating the export to Bro format when done using a background job. - When generating the Bro export from the UI all the attributes are generated in one single text file similar to the CSV export instead of a zip file with different files inside. - Changed the file extension of Bro export files from ".intel" to ".txt". - Removed the allowNonIDS option from the Bro export as it doesn’t make sense to have it (Bro is an IDS). - Fixed some of the API endpoints which were not accepted (ACL issues). - Added support for a list of events that should be / should not be included in the export. - Added a new "meta.desc" column (added in Bro 2.5, see https://www.bro.org/sphinx/frameworks/intel.html) containing the description of the event and of the attribute. - Sanitized the exported data for Bro. - Fixed a number of value substitutions which were imported from Snort/Suricata and which were not working for Bro. Did instead substitutions needed for Bro.
2016-12-07 16:33:17 +01:00
$this->Job->saveField('message', 'Job done. (in '.$timeDelta.'s)');
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
bro export funtionality
2016-08-23 14:06:06 +02:00
}
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
public function alertemail() {
Lots of progress - further work on implementing the SG changes everywhere - reworked the alert e-mails - reworked a lot of the logging - several convenience methods
2015-04-20 11:46:55 +02:00
$userId = $this->args[0];
Several features - Sync for background jobs (pull + push) - more e-mailing delegated to background jobs - A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
$processId = $this->args[1];
Fixed various things - logging of event publishing enabled for background jobs - disabled a gpg debug mode that was enabled by accident - better feedback for publishing
2014-02-10 00:29:46 +01:00
$job = $this->Job->read(null, $processId);
Several features - Sync for background jobs (pull + push) - more e-mailing delegated to background jobs - A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
$eventId = $this->args[2];
Fix indication of new attributes in E-mail alerts, fixes #1521
2016-10-02 14:46:51 +02:00
$oldpublish = $this->args[3];
Lots of progress - further work on implementing the SG changes everywhere - reworked the alert e-mails - reworked a lot of the logging - several convenience methods
2015-04-20 11:46:55 +02:00
$user = $this->User->getAuthUser($userId);
Fix indication of new attributes in E-mail alerts, fixes #1521
2016-10-02 14:46:51 +02:00
$result = $this->Event->sendAlertEmail($eventId, $user, $oldpublish, $processId);
Fixed various things - logging of event publishing enabled for background jobs - disabled a gpg debug mode that was enabled by accident - better feedback for publishing
2014-02-10 00:29:46 +01:00
$job['Job']['progress'] = 100;
$job['Job']['message'] = 'Emails sent.';
issue 1289 - Cache jobs do not update the date modified once completed. I also added this to the contactemail(), publish(), postsemail() and alertemail(). But it's commented out as it's not part of the issue. I can commit it again w/ the lines uncommented.
2016-06-29 22:46:48 +02:00
//$job['Job']['date_modified'] = date("y-m-d H:i:s");
Fixed various things - logging of event publishing enabled for background jobs - disabled a gpg debug mode that was enabled by accident - better feedback for publishing
2014-02-10 00:29:46 +01:00
$this->Job->save($job);
Several features - Sync for background jobs (pull + push) - more e-mailing delegated to background jobs - A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Several features - Sync for background jobs (pull + push) - more e-mailing delegated to background jobs - A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
public function contactemail() {
$id = $this->args[0];
$message = $this->args[1];
$all = $this->args[2];
$userId = $this->args[3];
$isSiteAdmin = $this->args[4];
$processId = $this->args[5];
Bug fixes - issues with the way users were passed to the related event finder during a publish
2014-02-14 13:32:19 +01:00
$this->Job->id = $processId;
Some fixes to the background workers - also added date tracking on jobs
2015-04-20 13:32:34 +02:00
$user = $this->User->getAuthUser($userId);
Further fixes to the contact e-mail
2016-02-02 18:19:09 +01:00
$result = $this->Event->sendContactEmail($id, $message, $all, array('User' => $user), $isSiteAdmin);
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
$this->Job->saveField('progress', '100');
Email jobs do not update the date modified once completed.
2016-06-30 16:16:16 +02:00
$this->Job->saveField('date_modified', date("y-m-d H:i:s"));
Merge branch 'develop' into feature/CakeResque Also, more work on the background jobs - started work on publishing - started making the background jobs an optional setting in bootstrap Conflicts: app/Controller/AppController.php app/Controller/EventsController.php
2013-12-04 11:58:01 +01:00
if ($result != true) $this->Job->saveField('message', 'Job done.');
}
Send E-mail notifications for new posts in discussion and event threads
2015-01-27 17:56:50 +01:00
public function postsemail() {
misc cleanup
2016-05-20 19:00:03 +02:00
$userId = $this->args[0];
$postId = $this->args[1];
$eventId = $this->args[2];
Send E-mail notifications for new posts in discussion and event threads
2015-01-27 17:56:50 +01:00
$title = $this->args[3];
$message = $this->args[4];
$processId = $this->args[5];
$this->Job->id = $processId;
misc cleanup
2016-05-20 19:00:03 +02:00
$result = $this->Post->sendPostsEmail($userId, $postId, $eventId, $title, $message);
Fix posts alerts
2015-01-28 12:45:16 +01:00
$job['Job']['progress'] = 100;
$job['Job']['message'] = 'Emails sent.';
Email jobs do not update the date modified once completed.
2016-06-30 16:16:16 +02:00
$job['Job']['date_modified'] = date("y-m-d H:i:s");
Fix posts alerts
2015-01-28 12:45:16 +01:00
$this->Job->save($job);
Send E-mail notifications for new posts in discussion and event threads
2015-01-27 17:56:50 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
More work on the background jobs - added scheduler to the export caching - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
public function enqueueCaching() {
$timestamp = $this->args[0];
$task = $this->Task->findByType('cache_exports');
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
More work on the background jobs - added scheduler to the export caching - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
// If the next execution time and the timestamp don't match, it means that this task is no longer valid as the time for the execution has since being scheduled
remove whitespace at end of line
2016-06-04 01:10:45 +02:00
// been updated.
More work on the background jobs - added scheduler to the export caching - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
if ($task['Task']['next_execution_time'] != $timestamp) return;
Timing for rescheduling of tasks changed slightly - The rescheduling now happens before the task is executed - this way a failed job will not prevent the rescheduling of the next execution time
2015-06-03 23:49:37 +02:00
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
$users = $this->User->find('all', array(
'recursive' => -1,
'conditions' => array(
'Role.perm_site_admin' => 0,
'User.disabled' => 0,
),
'contain' => array(
'Organisation' => array('fields' => array('name')),
remove whitespace at end of line
2016-06-04 01:10:45 +02:00
'Role' => array('fields' => array('perm_site_admin'))
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
),
'fields' => array('User.org_id', 'User.id'),
'group' => array('User.org_id')
));
$site_admin = $this->User->find('first', array(
'recursive' => -1,
'conditions' => array(
'Role.perm_site_admin' => 1,
'User.disabled' => 0
),
'contain' => array(
'Organisation' => array('fields' => array('name')),
remove whitespace at end of line
2016-06-04 01:10:45 +02:00
'Role' => array('fields' => array('perm_site_admin'))
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
),
'fields' => array('User.org_id', 'User.id')
));
$users[] = $site_admin;
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Timing for rescheduling of tasks changed slightly - The rescheduling now happens before the task is executed - this way a failed job will not prevent the rescheduling of the next execution time
2015-06-03 23:49:37 +02:00
if ($task['Task']['timer'] > 0) $this->Task->reQueue($task, 'cache', 'EventShell', 'enqueueCaching', false, false);
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
More work on the background jobs - added scheduler to the export caching - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
// Queue a set of exports for admins. This "ADMIN" organisation. The organisation of the admin users doesn't actually matter, it is only used to indentify
// the special cache files containing all events
$i = 0;
Rework of the scheduled caching jobs - fixed a series of issues with the exports
2016-01-10 19:45:33 +01:00
foreach ($users as $user) {
add space after keywords if/for/foreach/while/switch/catch
2016-06-04 15:45:39 +02:00
foreach ($this->Event->export_types as $k => $type) {
new: New piece by piece stix export allowing large datasets to be exported
2016-08-23 00:24:54 +02:00
if ($k == 'stix') continue;
Fix: cleaner input for caching jobs
2016-08-17 09:43:57 +02:00
$this->Job->cache($k, $user['User']);
More work on the background jobs - added scheduler to the export caching - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
$i++;
}
}
Timing for rescheduling of tasks changed slightly - The rescheduling now happens before the task is executed - this way a failed job will not prevent the rescheduling of the next execution time
2015-06-03 23:49:37 +02:00
$this->Task->id = $task['Task']['id'];
$this->Task->saveField('message', $i . ' job(s) started at ' . date('d/m/Y - H:i:s') . '.');
More work on the background jobs - added scheduler to the export caching - site admins can set up the intervals of the automated caches, and the exact times at which they should be executed.
2014-01-03 15:26:35 +01:00
}
remove whitespace (space/tab) from empty lines
2016-06-04 01:08:16 +02:00
Several features - Sync for background jobs (pull + push) - more e-mailing delegated to background jobs - A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
public function publish() {
$id = $this->args[0];
$passAlong = $this->args[1];
Various changes - regexp structural changes added to the upgrade script (type) - Added publish / alert to the background jobs - fixed a misalignment with the statistics
2014-02-09 22:09:29 +01:00
$jobId = $this->args[2];
Lots of progress - further work on implementing the SG changes everywhere - reworked the alert e-mails - reworked a lot of the logging - several convenience methods
2015-04-20 11:46:55 +02:00
$userId = $this->args[3];
Some fixes to the background workers - also added date tracking on jobs
2015-04-20 13:32:34 +02:00
$user = $this->User->getAuthUser($userId);
Fixed various things - logging of event publishing enabled for background jobs - disabled a gpg debug mode that was enabled by accident - better feedback for publishing
2014-02-10 00:29:46 +01:00
$job = $this->Job->read(null, $jobId);
$this->Event->Behaviors->unload('SysLogLogable.SysLogLogable');
$result = $this->Event->publish($id, $passAlong);
$job['Job']['progress'] = 100;
Email jobs do not update the date modified once completed.
2016-06-30 16:16:16 +02:00
$job['Job']['date_modified'] = date("y-m-d H:i:s");
Fixed various things - logging of event publishing enabled for background jobs - disabled a gpg debug mode that was enabled by accident - better feedback for publishing
2014-02-10 00:29:46 +01:00
if ($result) {
$job['Job']['message'] = 'Event published.';
} else {
$job['Job']['message'] = 'Event published, but the upload to other instances may have failed.';
}
$this->Job->save($job);
$log = ClassRegistry::init('Log');
$log->create();
Update EventShell.php
2018-04-04 12:26:12 +02:00
$log->createLogEntry($user, 'publish', 'Event', $id, 'Event (' . $id . '): published.', 'published () => (1)');
Several features - Sync for background jobs (pull + push) - more e-mailing delegated to background jobs - A bunch of bug fixes and minor changes
2014-01-06 05:15:47 +01:00
}
Fixed various things - logging of event publishing enabled for background jobs - disabled a gpg debug mode that was enabled by accident - better feedback for publishing
2014-02-10 00:29:46 +01:00
new: Added event enrichment functionality - select and run a set of enrichments on all applicable attributes of the event - exposed to the API - exposed to the command line tool - adheres to attribute distributions
2018-04-24 16:41:09 +02:00
public function enrichment() {
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['enrichment'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
if (empty($user)) die('Invalid user.');
$eventId = $this->args[1];
$modules = $this->args[2];
try {
$modules = json_decode($modules);
} catch (Exception $e) {
die('Invalid module JSON');
}
if (!empty($this->args[3])) {
$jobId = $this->args[3];
} else {
$this->Job->create();
$data = array(
'worker' => 'default',
'job_type' => 'enrichment',
'job_input' => 'Event: ' . $eventId . ' modules: ' . $modules,
'status' => 0,
'retries' => 0,
'org' => $user['Organisation']['name'],
'message' => 'Enriching event.',
);
$this->Job->save($data);
$jobId = $this->Job->id;
}
fix: [publishing] Fixed several bugs in the background job responsible for publishing events
2018-12-19 15:55:06 +01:00
$job = $this->Job->read(null, $jobId);
new: Added event enrichment functionality - select and run a set of enrichments on all applicable attributes of the event - exposed to the API - exposed to the command line tool - adheres to attribute distributions
2018-04-24 16:41:09 +02:00
$options = array(
'user' => $user,
'event_id' => $eventId,
'modules' => $modules
);
$result = $this->Event->enrichment($options);
Fixes #3907, enrich event job not marked as completed. The enrichment background process did not do anything to update the job after completing its task. I used the same logic as the adjcacent 'publish' function to record progress, update the message and create a log entry.
2018-12-17 19:55:59 +01:00
$job['Job']['progress'] = 100;
$job['Job']['date_modified'] = date("y-m-d H:i:s");
if ($result) {
fix: [publishing] Fixed several bugs in the background job responsible for publishing events
2018-12-19 15:55:06 +01:00
$job['Job']['message'] = 'Added ' . $result . ' attribute' . ($result > 1 ? 's.' : '.');
Fixes #3907, enrich event job not marked as completed. The enrichment background process did not do anything to update the job after completing its task. I used the same logic as the adjcacent 'publish' function to record progress, update the message and create a log entry.
2018-12-17 19:55:59 +01:00
} else {
$job['Job']['message'] = 'Enrichment finished, but no attributes added.';
}
$this->Job->save($job);
$log = ClassRegistry::init('Log');
$log->create();
$log->createLogEntry($user, 'enrichment', 'Event', $eventId, 'Event (' . $eventId . '): enriched.', 'enriched () => (1)');
new: Added event enrichment functionality - select and run a set of enrichments on all applicable attributes of the event - exposed to the API - exposed to the command line tool - adheres to attribute distributions
2018-04-24 16:41:09 +02:00
}
new: [freetext] Freetext ingestion is now delegated to the background processing - no setup needed - data to be ingested dropped to file, background worker ingests and processes the file
2018-09-23 17:44:23 +02:00
public function processfreetext() {
$inputFile = $this->args[0];
$tempdir = new Folder(APP . 'tmp/cache/ingest', true, 0750);
$tempFile = new File(APP . 'tmp/cache/ingest' . DS . $inputFile);
$inputData = $tempFile->read();
$inputData = json_decode($inputData, true);
$tempFile->delete();
$this->Event->processFreeTextData(
$inputData['user'],
$inputData['attributes'],
$inputData['id'],
$inputData['default_comment'],
$inputData['force'],
$inputData['adhereToWarninglists'],
$inputData['jobId']
);
return true;
}
:q
2013-11-06 10:52:18 +01:00
}