2016-12-05 00:47:34 +01:00
|
|
|
<?php
|
|
|
|
App::uses('AppModel', 'Model');
|
2018-07-19 11:48:22 +02:00
|
|
|
class Galaxy extends AppModel
|
|
|
|
{
|
|
|
|
public $useTable = 'galaxies';
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public $recursive = -1;
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public $actsAs = array(
|
|
|
|
'Containable',
|
|
|
|
);
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public $validate = array(
|
|
|
|
);
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public $hasMany = array(
|
|
|
|
'GalaxyCluster' => array('dependent' => true)
|
|
|
|
);
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public function beforeValidate($options = array())
|
|
|
|
{
|
|
|
|
parent::beforeValidate();
|
2019-02-15 09:54:39 +01:00
|
|
|
if (isset($this->data['Galaxy']['kill_chain_order'])) {
|
|
|
|
$json = json_encode($this->data['Galaxy']['kill_chain_order']);
|
|
|
|
if ($json !== null) {
|
|
|
|
$this->data['Galaxy']['kill_chain_order'] = $json;
|
|
|
|
} else {
|
|
|
|
unset($this->data['Galaxy']['kill_chain_order']);
|
|
|
|
}
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
return true;
|
|
|
|
}
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public function beforeDelete($cascade = true)
|
|
|
|
{
|
|
|
|
$this->GalaxyCluster->deleteAll(array('GalaxyCluster.galaxy_id' => $this->id));
|
|
|
|
}
|
2017-08-16 22:18:32 +02:00
|
|
|
|
2019-02-14 10:24:42 +01:00
|
|
|
public function afterFind($results, $primary = false)
|
|
|
|
{
|
|
|
|
foreach ($results as $k => $v) {
|
|
|
|
if (isset($v['Galaxy']['kill_chain_order']) && $v['Galaxy']['kill_chain_order'] !== '') {
|
|
|
|
$results[$k]['Galaxy']['kill_chain_order'] = json_decode($v['Galaxy']['kill_chain_order'], true);
|
|
|
|
} else {
|
|
|
|
unset($results[$k]['Galaxy']['kill_chain_order']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $results;
|
|
|
|
}
|
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
private function __load_galaxies($force = false)
|
|
|
|
{
|
|
|
|
$dir = new Folder(APP . 'files' . DS . 'misp-galaxy' . DS . 'galaxies');
|
|
|
|
$files = $dir->find('.*\.json');
|
|
|
|
$galaxies = array();
|
|
|
|
foreach ($files as $file) {
|
|
|
|
$file = new File($dir->pwd() . DS . $file);
|
|
|
|
$galaxies[] = json_decode($file->read(), true);
|
|
|
|
$file->close();
|
|
|
|
}
|
|
|
|
$galaxyTypes = array();
|
2019-02-14 10:24:42 +01:00
|
|
|
foreach ($galaxies as $i => $galaxy) {
|
2018-07-19 11:48:22 +02:00
|
|
|
$galaxyTypes[$galaxy['type']] = $galaxy['type'];
|
|
|
|
}
|
|
|
|
$temp = $this->find('all', array(
|
|
|
|
'fields' => array('uuid', 'version', 'id', 'icon'),
|
|
|
|
'recursive' => -1
|
|
|
|
));
|
|
|
|
$existingGalaxies = array();
|
|
|
|
foreach ($temp as $k => $v) {
|
|
|
|
$existingGalaxies[$v['Galaxy']['uuid']] = $v['Galaxy'];
|
|
|
|
}
|
|
|
|
foreach ($galaxies as $k => $galaxy) {
|
|
|
|
if (isset($existingGalaxies[$galaxy['uuid']])) {
|
|
|
|
if (
|
|
|
|
$force ||
|
|
|
|
$existingGalaxies[$galaxy['uuid']]['version'] < $galaxy['version'] ||
|
|
|
|
(!empty($galaxy['icon']) && ($existingGalaxies[$galaxy['uuid']]['icon'] != $galaxy['icon']))
|
|
|
|
) {
|
|
|
|
$galaxy['id'] = $existingGalaxies[$galaxy['uuid']]['id'];
|
|
|
|
$this->save($galaxy);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$this->create();
|
|
|
|
$this->save($galaxy);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $this->find('list', array('recursive' => -1, 'fields' => array('type', 'id')));
|
|
|
|
}
|
2016-12-05 00:47:34 +01:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public function update($force = false)
|
|
|
|
{
|
|
|
|
$galaxies = $this->__load_galaxies($force);
|
|
|
|
$dir = new Folder(APP . 'files' . DS . 'misp-galaxy' . DS . 'clusters');
|
|
|
|
$files = $dir->find('.*\.json');
|
|
|
|
$cluster_packages = array();
|
|
|
|
foreach ($files as $file) {
|
|
|
|
$file = new File($dir->pwd() . DS . $file);
|
|
|
|
$cluster_package = json_decode($file->read(), true);
|
|
|
|
$file->close();
|
|
|
|
if (!isset($galaxies[$cluster_package['type']])) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$template = array(
|
|
|
|
'source' => isset($cluster_package['source']) ? $cluster_package['source'] : '',
|
|
|
|
'authors' => json_encode(isset($cluster_package['authors']) ? $cluster_package['authors'] : array(), true),
|
2018-10-22 10:36:13 +02:00
|
|
|
'collection_uuid' => isset($cluster_package['uuid']) ? $cluster_package['uuid'] : '',
|
2018-07-19 11:48:22 +02:00
|
|
|
'galaxy_id' => $galaxies[$cluster_package['type']],
|
|
|
|
'type' => $cluster_package['type'],
|
|
|
|
'tag_name' => 'misp-galaxy:' . $cluster_package['type'] . '="'
|
|
|
|
);
|
|
|
|
$elements = array();
|
|
|
|
$temp = $this->GalaxyCluster->find('all', array(
|
|
|
|
'conditions' => array(
|
|
|
|
'GalaxyCluster.galaxy_id' => $galaxies[$cluster_package['type']]
|
|
|
|
),
|
|
|
|
'recursive' => -1,
|
|
|
|
'fields' => array('version', 'id', 'value', 'uuid')
|
|
|
|
));
|
|
|
|
$existingClusters = array();
|
|
|
|
foreach ($temp as $k => $v) {
|
|
|
|
$existingClusters[$v['GalaxyCluster']['value']] = $v;
|
|
|
|
}
|
|
|
|
$clusters_to_delete = array();
|
2017-08-16 22:18:32 +02:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
// Delete all existing outdated clusters
|
|
|
|
foreach ($cluster_package['values'] as $k => $cluster) {
|
|
|
|
if (empty($cluster['value'])) {
|
2018-10-17 20:59:51 +02:00
|
|
|
continue;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
if (isset($cluster['version'])) {
|
|
|
|
} elseif (!empty($cluster_package['version'])) {
|
|
|
|
$cluster_package['values'][$k]['version'] = $cluster_package['version'];
|
|
|
|
} else {
|
|
|
|
$cluster_package['values'][$k]['version'] = 0;
|
|
|
|
}
|
|
|
|
if (!empty($existingClusters[$cluster['value']])) {
|
|
|
|
if ($force || $existingClusters[$cluster['value']]['GalaxyCluster']['version'] < $cluster_package['values'][$k]['version']) {
|
|
|
|
$clusters_to_delete[] = $existingClusters[$cluster['value']]['GalaxyCluster']['id'];
|
|
|
|
} else {
|
|
|
|
unset($cluster_package['values'][$k]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!empty($clusters_to_delete)) {
|
|
|
|
$this->GalaxyCluster->GalaxyElement->deleteAll(array('GalaxyElement.galaxy_cluster_id' => $clusters_to_delete), false, false);
|
|
|
|
$this->GalaxyCluster->delete($clusters_to_delete, false, false);
|
|
|
|
}
|
2018-07-04 13:08:47 +02:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
// create all clusters
|
|
|
|
foreach ($cluster_package['values'] as $cluster) {
|
2018-11-23 14:11:33 +01:00
|
|
|
if (empty($cluster['version'])) {
|
|
|
|
$cluster['version'] = 1;
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
$template['version'] = $cluster['version'];
|
|
|
|
$this->GalaxyCluster->create();
|
|
|
|
$cluster_to_save = $template;
|
|
|
|
if (isset($cluster['description'])) {
|
|
|
|
$cluster_to_save['description'] = $cluster['description'];
|
|
|
|
unset($cluster['description']);
|
|
|
|
}
|
|
|
|
$cluster_to_save['value'] = $cluster['value'];
|
|
|
|
$cluster_to_save['tag_name'] = $cluster_to_save['tag_name'] . $cluster['value'] . '"';
|
2018-11-23 14:11:33 +01:00
|
|
|
if (!empty($cluster['uuid'])) {
|
|
|
|
$cluster_to_save['uuid'] = $cluster['uuid'];
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
unset($cluster['value']);
|
|
|
|
if (empty($cluster_to_save['description'])) {
|
|
|
|
$cluster_to_save['description'] = '';
|
|
|
|
}
|
|
|
|
$result = $this->GalaxyCluster->save($cluster_to_save, false);
|
|
|
|
$galaxyClusterId = $this->GalaxyCluster->id;
|
|
|
|
if (isset($cluster['meta'])) {
|
|
|
|
foreach ($cluster['meta'] as $key => $value) {
|
|
|
|
if (is_array($value)) {
|
|
|
|
foreach ($value as $v) {
|
|
|
|
$elements[] = array(
|
|
|
|
$galaxyClusterId,
|
|
|
|
$key,
|
|
|
|
$v
|
|
|
|
);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$elements[] = array(
|
|
|
|
$this->GalaxyCluster->id,
|
|
|
|
$key,
|
|
|
|
$value
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$db = $this->getDataSource();
|
|
|
|
$fields = array('galaxy_cluster_id', 'key', 'value');
|
|
|
|
if (!empty($elements)) {
|
|
|
|
$db->insertMulti('galaxy_elements', $fields, $elements);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
2018-07-04 13:08:47 +02:00
|
|
|
|
2018-12-28 12:54:22 +01:00
|
|
|
private function __attachClusterToEvent($user, $target_id, $cluster_id) {
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
public function attachCluster($user, $target_type, $target_id, $cluster_id)
|
|
|
|
{
|
2018-12-28 12:54:22 +01:00
|
|
|
$connectorModel = Inflector::camelize($target_type) . 'Tag';
|
2018-07-19 11:48:22 +02:00
|
|
|
$cluster = $this->GalaxyCluster->find('first', array('recursive' => -1, 'conditions' => array('id' => $cluster_id), 'fields' => array('tag_name', 'id', 'value')));
|
|
|
|
$this->Tag = ClassRegistry::init('Tag');
|
2018-12-28 12:54:22 +01:00
|
|
|
if ($target_type === 'event') {
|
|
|
|
$target = $this->Tag->EventTag->Event->fetchEvent($user, array('eventid' => $target_id, 'metadata' => 1));
|
|
|
|
} elseif ($target_type === 'attribute') {
|
|
|
|
$target = $this->Tag->AttributeTag->Attribute->fetchAttributes($user, array('conditions' => array('Attribute.id' => $target_id), 'flatten' => 1));
|
|
|
|
} elseif ($target_type === 'tag_collection') {
|
|
|
|
$target = $this->Tag->TagCollectionTag->TagCollection->fetchTagCollection($user, array('conditions' => array('TagCollection.id' => $target_id)));
|
|
|
|
}
|
|
|
|
if (empty($target)) {
|
|
|
|
throw new NotFoundException(__('Invalid %s.', $target_type));
|
|
|
|
}
|
|
|
|
$target = $target[0];
|
|
|
|
$tag_id = $this->Tag->captureTag(array('name' => $cluster['GalaxyCluster']['tag_name'], 'colour' => '#0088cc', 'exportable' => 1), $user);
|
|
|
|
$existingTag = $this->Tag->$connectorModel->find('first', array('conditions' => array($target_type . '_id' => $target_id, 'tag_id' => $tag_id)));
|
|
|
|
if (!empty($existingTag)) {
|
|
|
|
return 'Cluster already attached.';
|
|
|
|
}
|
|
|
|
$this->Tag->$connectorModel->create();
|
|
|
|
$toSave = array($target_type . '_id' => $target_id, 'tag_id' => $tag_id);
|
|
|
|
if ($target_type === 'attribute') {
|
2018-07-19 11:48:22 +02:00
|
|
|
$event = $this->Tag->EventTag->Event->find('first', array(
|
|
|
|
'conditions' => array(
|
2018-12-28 12:54:22 +01:00
|
|
|
'Event.id' => $target['Attribute']['event_id']
|
2018-07-19 11:48:22 +02:00
|
|
|
),
|
|
|
|
'recursive' => -1
|
|
|
|
));
|
2018-12-28 12:54:22 +01:00
|
|
|
$toSave['event_id'] = $target['Attribute']['event_id'];
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2018-12-28 12:54:22 +01:00
|
|
|
$result = $this->Tag->$connectorModel->save($toSave);
|
2018-07-19 11:48:22 +02:00
|
|
|
if ($result) {
|
2018-12-28 12:54:22 +01:00
|
|
|
if ($target_type !== 'tag_collection') {
|
|
|
|
if ($target_type === 'event') {
|
|
|
|
$event = $target;
|
|
|
|
}
|
|
|
|
$this->Tag->EventTag->Event->insertLock($user, $event['Event']['id']);
|
|
|
|
$event['Event']['published'] = 0;
|
|
|
|
$date = new DateTime();
|
|
|
|
$event['Event']['timestamp'] = $date->getTimestamp();
|
|
|
|
$this->Tag->EventTag->Event->save($event);
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
$this->Log = ClassRegistry::init('Log');
|
|
|
|
$this->Log->create();
|
|
|
|
$this->Log->save(array(
|
|
|
|
'org' => $user['Organisation']['name'],
|
|
|
|
'model' => ucfirst($target_type),
|
|
|
|
'model_id' => $target_id,
|
|
|
|
'email' => $user['email'],
|
|
|
|
'action' => 'galaxy',
|
|
|
|
'title' => 'Attached ' . $cluster['GalaxyCluster']['value'] . ' (' . $cluster['GalaxyCluster']['id'] . ') to ' . $target_type . ' (' . $target_id . ')',
|
|
|
|
'change' => ''
|
|
|
|
));
|
|
|
|
return 'Cluster attached.';
|
|
|
|
}
|
|
|
|
return 'Could not attach the cluster';
|
|
|
|
}
|
2018-07-04 13:08:47 +02:00
|
|
|
|
2019-01-16 15:59:49 +01:00
|
|
|
public function detachCluster($user, $target_type, $target_id, $cluster_id) {
|
|
|
|
$cluster = $this->GalaxyCluster->find('first', array(
|
|
|
|
'recursive' => -1,
|
|
|
|
'conditions' => array('id' => $cluster_id),
|
|
|
|
'fields' => array('tag_name', 'id', 'value')
|
|
|
|
));
|
|
|
|
$this->Tag = ClassRegistry::init('Tag');
|
|
|
|
if ($target_type === 'event') {
|
|
|
|
$target = $this->Tag->EventTag->Event->fetchEvent($user, array('eventid' => $target_id, 'metadata' => 1));
|
|
|
|
if (empty($target)) {
|
|
|
|
throw new NotFoundException(__('Invalid %s.', $target_type));
|
|
|
|
}
|
|
|
|
$target = $target[0];
|
|
|
|
$event = $target;
|
|
|
|
$event_id = $target['Event']['id'];
|
|
|
|
$org_id = $event['Event']['org_id'];
|
|
|
|
$orgc_id = $event['Event']['orgc_id'];
|
|
|
|
} elseif ($target_type === 'attribute') {
|
|
|
|
$target = $this->Tag->AttributeTag->Attribute->fetchAttributes($user, array('conditions' => array('Attribute.id' => $target_id), 'flatten' => 1));
|
|
|
|
if (empty($target)) {
|
|
|
|
throw new NotFoundException(__('Invalid %s.', $target_type));
|
|
|
|
}
|
|
|
|
$target = $target[0];
|
|
|
|
$event_id = $target['Attribute']['event_id'];
|
|
|
|
$event = $this->Tag->EventTag->Event->fetchEvent($user, array('eventid' => $event_id, 'metadata' => 1));
|
|
|
|
if (empty($event)) {
|
|
|
|
throw new NotFoundException(__('Invalid event'));
|
|
|
|
}
|
|
|
|
$event = $event[0];
|
|
|
|
$org_id = $event['Event']['org_id'];
|
|
|
|
$orgc_id = $event['Event']['org_id'];
|
|
|
|
} elseif ($target_type === 'tag_collection') {
|
|
|
|
$target = $this->Tag->TagCollectionTag->TagCollection->fetchTagCollection($user, array('conditions' => array('TagCollection.id' => $target_id)));
|
|
|
|
if (empty($target)) {
|
|
|
|
throw new NotFoundException(__('Invalid %s.', $target_type));
|
|
|
|
}
|
|
|
|
$target = $target[0];
|
|
|
|
$org_id = $target['org_id'];
|
|
|
|
$orgc_id = $org_id;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!$user['Role']['perm_site_admin'] && !$user['Role']['perm_sync']) {
|
2019-01-18 11:59:24 +01:00
|
|
|
if (
|
|
|
|
($scope === 'tag_collection' && !$user['Role']['perm_tag_editor']) ||
|
|
|
|
($scope !== 'tag_collection' && !$user['Role']['perm_tagger']) ||
|
|
|
|
($user['org_id'] !== $org_id && $user['org_id'] !== $orgc_id)
|
|
|
|
) {
|
|
|
|
throw new MethodNotAllowedException('Invalid ' . Inflector::humanize($targe_type) . '.');
|
2019-01-16 15:59:49 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$tag_id = $this->Tag->captureTag(array('name' => $cluster['GalaxyCluster']['tag_name'], 'colour' => '#0088cc', 'exportable' => 1), $user);
|
|
|
|
|
|
|
|
if ($target_type == 'attribute') {
|
|
|
|
$existingTargetTag = $this->Tag->AttributeTag->find('first', array(
|
|
|
|
'conditions' => array('AttributeTag.tag_id' => $tag_id, 'AttributeTag.attribute_id' => $target_id),
|
|
|
|
'recursive' => -1,
|
|
|
|
'contain' => array('Tag')
|
|
|
|
));
|
|
|
|
} elseif ($target_type == 'event') {
|
|
|
|
$existingTargetTag = $this->Tag->EventTag->find('first', array(
|
|
|
|
'conditions' => array('EventTag.tag_id' => $tag_id, 'EventTag.event_id' => $target_id),
|
|
|
|
'recursive' => -1,
|
|
|
|
'contain' => array('Tag')
|
|
|
|
));
|
|
|
|
} elseif ($target_type == 'tag_collection') {
|
|
|
|
$existingTargetTag = $this->Tag->TagCollectionTag->TagCollection->find('first', array(
|
|
|
|
'conditions' => array('tag_id' => $tag_id, 'tag_collection_id' => $target_id),
|
|
|
|
'recursive' => -1,
|
|
|
|
'contain' => array('Tag')
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (empty($existingTargetTag)) {
|
|
|
|
return 'Cluster not attached.';
|
|
|
|
} else {
|
|
|
|
if ($target_type == 'event') {
|
|
|
|
$result = $this->Tag->EventTag->delete($existingTargetTag['EventTag']['id']);
|
|
|
|
} elseif ($target_type == 'attribute') {
|
|
|
|
$result = $this->Tag->AttributeTag->delete($existingTargetTag['AttributeTag']['id']);
|
|
|
|
} elseif ($target_type == 'tag_collection') {
|
|
|
|
$result = $this->Tag->TagCollectionTag->delete($existingTargetTag['TagCollectionTag']['id']);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($result) {
|
|
|
|
if ($target_type !== 'tag_collection') {
|
|
|
|
$this->Tag->EventTag->Event->insertLock($user, $event['Event']['id']);
|
|
|
|
$event['Event']['published'] = 0;
|
|
|
|
$date = new DateTime();
|
|
|
|
$event['Event']['timestamp'] = $date->getTimestamp();
|
|
|
|
$this->Tag->EventTag->Event->save($event);
|
|
|
|
}
|
|
|
|
$this->Log = ClassRegistry::init('Log');
|
|
|
|
$this->Log->create();
|
|
|
|
$this->Log->save(array(
|
|
|
|
'org' => $user['Organisation']['name'],
|
|
|
|
'model' => ucfirst($target_type),
|
|
|
|
'model_id' => $target_id,
|
|
|
|
'email' => $user['email'],
|
|
|
|
'action' => 'galaxy',
|
2019-01-18 11:59:24 +01:00
|
|
|
'title' => 'Detached ' . $cluster['GalaxyCluster']['value'] . ' (' . $cluster['GalaxyCluster']['id'] . ') to ' . $target_type . ' (' . $target_id . ')',
|
2019-01-16 15:59:49 +01:00
|
|
|
'change' => ''
|
|
|
|
));
|
|
|
|
return 'Cluster detached';
|
|
|
|
} else {
|
|
|
|
return 'Could not detach cluster';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-15 09:24:52 +01:00
|
|
|
public function getMitreAttackGalaxyId($type="mitre-attack-pattern", $namespace="mitre-attack")
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
|
|
|
$galaxy = $this->find('first', array(
|
|
|
|
'recursive' => -1,
|
|
|
|
'fields' => 'id',
|
2019-02-15 09:24:52 +01:00
|
|
|
'conditions' => array('Galaxy.type' => $type, 'Galaxy.namespace' => $namespace),
|
2018-07-19 11:48:22 +02:00
|
|
|
));
|
|
|
|
return empty($galaxy) ? 0 : $galaxy['Galaxy']['id'];
|
|
|
|
}
|
2018-05-14 23:20:09 +02:00
|
|
|
|
2019-02-15 09:24:52 +01:00
|
|
|
public function getMatrix($galaxy_id)
|
2018-07-19 11:48:22 +02:00
|
|
|
{
|
2019-02-15 09:24:52 +01:00
|
|
|
$conditions = array('Galaxy.id' => $galaxy_id);
|
2018-07-19 11:48:22 +02:00
|
|
|
$contains = array(
|
|
|
|
'GalaxyCluster' => array('GalaxyElement'),
|
|
|
|
);
|
2018-06-18 11:58:20 +02:00
|
|
|
|
2019-02-15 09:24:52 +01:00
|
|
|
$galaxy = $this->find('first', array(
|
2018-07-19 11:48:22 +02:00
|
|
|
'recursive' => -1,
|
|
|
|
'contain' => $contains,
|
|
|
|
'conditions' => $conditions,
|
|
|
|
));
|
2018-06-18 11:58:20 +02:00
|
|
|
|
2018-07-19 11:48:22 +02:00
|
|
|
$mispUUID = Configure::read('MISP')['uuid'];
|
2018-06-07 16:43:04 +02:00
|
|
|
|
2019-02-15 09:24:52 +01:00
|
|
|
if (!isset($galaxy['Galaxy']['kill_chain_order'])) {
|
|
|
|
throw new Exception(__("Galaxy cannot be represented as a matrix"));
|
|
|
|
|
2019-02-11 16:15:52 +01:00
|
|
|
}
|
2019-02-15 09:24:52 +01:00
|
|
|
$matrixData = array(
|
2019-02-14 10:24:42 +01:00
|
|
|
'killChain' => $galaxy['Galaxy']['kill_chain_order'],
|
2019-02-15 09:24:52 +01:00
|
|
|
'tabs' => array(),
|
|
|
|
'matrixTags' => array(),
|
|
|
|
'instance-uuid' => $mispUUID,
|
|
|
|
'galaxy' => $galaxy['Galaxy']
|
2019-02-14 10:24:42 +01:00
|
|
|
);
|
2019-02-11 16:15:52 +01:00
|
|
|
|
|
|
|
$clusters = $galaxy['GalaxyCluster'];
|
2019-02-15 09:24:52 +01:00
|
|
|
$cols = array();
|
2019-02-11 16:15:52 +01:00
|
|
|
|
|
|
|
foreach ($clusters as $cluster) {
|
|
|
|
if (empty($cluster['GalaxyElement'])) {
|
|
|
|
continue;
|
|
|
|
}
|
2019-02-15 09:24:52 +01:00
|
|
|
|
2019-02-11 16:15:52 +01:00
|
|
|
$toBeAdded = false;
|
|
|
|
$clusterType = $cluster['type'];
|
|
|
|
$galaxyElements = $cluster['GalaxyElement'];
|
|
|
|
foreach ($galaxyElements as $element) {
|
|
|
|
// add cluster if kill_chain is present
|
|
|
|
if ($element['key'] == 'kill_chain') {
|
|
|
|
$kc = explode(":", $element['value']);
|
|
|
|
$galaxyType = $kc[0];
|
|
|
|
$kc = $kc[1];
|
2019-02-15 09:24:52 +01:00
|
|
|
$cols[$galaxyType][$kc][] = $cluster;
|
2019-02-11 16:15:52 +01:00
|
|
|
$toBeAdded = true;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2019-02-11 16:15:52 +01:00
|
|
|
if ($element['key'] == 'external_id') {
|
|
|
|
$cluster['external_id'] = $element['value'];
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
if ($toBeAdded) {
|
2019-02-15 14:41:55 +01:00
|
|
|
$matrixData['matrixTags'][$cluster['tag_name']] = 1;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
|
|
|
}
|
2019-02-11 16:15:52 +01:00
|
|
|
}
|
2019-02-15 09:24:52 +01:00
|
|
|
$matrixData['tabs'] = $cols;
|
2019-02-11 16:15:52 +01:00
|
|
|
|
2019-02-15 09:24:52 +01:00
|
|
|
foreach ($matrixData['tabs'] as $k => $v) {
|
|
|
|
foreach ($matrixData['tabs'][$k] as $kc => $v2) {
|
2019-02-11 16:15:52 +01:00
|
|
|
// sort clusters in the kill chains
|
|
|
|
usort(
|
2019-02-15 09:24:52 +01:00
|
|
|
$matrixData['tabs'][$k][$kc],
|
2019-02-11 16:15:52 +01:00
|
|
|
function($a, $b) {
|
|
|
|
return strcmp($a['value'], $b['value']);
|
|
|
|
}
|
|
|
|
);
|
|
|
|
}
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2018-06-18 14:04:38 +02:00
|
|
|
|
2019-02-15 14:41:55 +01:00
|
|
|
// #FIXME temporary fix: retreive tag name of deprecated mitre galaxies (for the stats)
|
|
|
|
if ($galaxy['Galaxy']['id'] == $this->getMitreAttackGalaxyId()) {
|
|
|
|
$names = array('Enterprise Attack - Attack Pattern', 'Pre Attack - Attack Pattern', 'Mobile Attack - Attack Pattern');
|
|
|
|
$tag_names = array();
|
|
|
|
$gals = $this->find('all', array(
|
|
|
|
'recursive' => -1,
|
|
|
|
'contain' => array('GalaxyCluster.tag_name'),
|
|
|
|
'conditions' => array('Galaxy.name' => $names)
|
|
|
|
));
|
|
|
|
foreach ($gals as $gal => $temp) {
|
|
|
|
foreach ($temp['GalaxyCluster'] as $value) {
|
|
|
|
$matrixData['matrixTags'][$value['tag_name']] = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2019-02-15 14:48:15 +01:00
|
|
|
// end FIXME
|
2019-02-15 14:41:55 +01:00
|
|
|
|
2019-02-15 14:48:15 +01:00
|
|
|
$matrixData['matrixTags'] = array_keys($matrixData['matrixTags']);
|
2019-02-15 09:24:52 +01:00
|
|
|
return $matrixData;
|
2018-07-19 11:48:22 +02:00
|
|
|
}
|
2016-12-05 00:47:34 +01:00
|
|
|
}
|