mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
0856bc5c04
|
@ -1678,6 +1678,31 @@ class AttributesController extends AppController
|
||||||
);
|
);
|
||||||
$exception = false;
|
$exception = false;
|
||||||
$filters = $this->_harvestParameters($filterData, $exception);
|
$filters = $this->_harvestParameters($filterData, $exception);
|
||||||
|
if (!empty($filters['uuid'])) {
|
||||||
|
if (!is_array($filters['uuid'])) {
|
||||||
|
$filters['uuid'] = array($filters['uuid']);
|
||||||
|
}
|
||||||
|
$uuid = array();
|
||||||
|
$ids = array();
|
||||||
|
foreach ($filters['uuid'] as $k => $filter) {
|
||||||
|
if ($filter[0] === '!') {
|
||||||
|
$filter = substr($filter, 1);
|
||||||
|
}
|
||||||
|
if (Validation::uuid($filter)) {
|
||||||
|
$uuid[] = $filters['uuid'][$k];
|
||||||
|
} else {
|
||||||
|
$ids[] = $filters['uuid'][$k];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (empty($uuid)) {
|
||||||
|
unset($filters['uuid']);
|
||||||
|
} else {
|
||||||
|
$filters['uuid'] = $uuid;
|
||||||
|
}
|
||||||
|
if (!empty($ids)) {
|
||||||
|
$filters['eventid'] = $ids;
|
||||||
|
}
|
||||||
|
}
|
||||||
unset($filterData);
|
unset($filterData);
|
||||||
if ($filters === false) {
|
if ($filters === false) {
|
||||||
return $exception;
|
return $exception;
|
||||||
|
|
|
@ -19,6 +19,8 @@ class Stix2Export extends StixExport
|
||||||
$scriptFile = $this->__scripts_dir . $this->__script_name;
|
$scriptFile = $this->__scripts_dir . $this->__script_name;
|
||||||
$filename = $this->__scripts_dir . 'tmp/' . $filename;
|
$filename = $this->__scripts_dir . 'tmp/' . $filename;
|
||||||
$my_server = ClassRegistry::init('Server');
|
$my_server = ClassRegistry::init('Server');
|
||||||
return shell_exec($my_server->getPythonVersion() . ' ' . $scriptFile . ' ' . $filename . $this->__end_of_cmd);
|
$result = shell_exec($my_server->getPythonVersion() . ' ' . $scriptFile . ' ' . $filename . $this->__end_of_cmd);
|
||||||
|
$result = end(preg_split("/\r\n|\n|\r/", trim($result)));
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4426,7 +4426,6 @@ class Attribute extends AppModel
|
||||||
'event_timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
|
'event_timestamp' => array('function' => 'set_filter_timestamp', 'pop' => true),
|
||||||
'publish_timestamp' => array('function' => 'set_filter_timestamp'),
|
'publish_timestamp' => array('function' => 'set_filter_timestamp'),
|
||||||
'org' => array('function' => 'set_filter_org'),
|
'org' => array('function' => 'set_filter_org'),
|
||||||
'uuid' => array('function' => 'set_filter_uuid'),
|
|
||||||
'published' => array('function' => 'set_filter_published')
|
'published' => array('function' => 'set_filter_published')
|
||||||
),
|
),
|
||||||
'Object' => array(
|
'Object' => array(
|
||||||
|
@ -4487,7 +4486,6 @@ class Attribute extends AppModel
|
||||||
|
|
||||||
$subqueryElements = $this->Event->harvestSubqueryElements($filters);
|
$subqueryElements = $this->Event->harvestSubqueryElements($filters);
|
||||||
$filters = $this->Event->addFiltersFromSubqueryElements($filters, $subqueryElements);
|
$filters = $this->Event->addFiltersFromSubqueryElements($filters, $subqueryElements);
|
||||||
|
|
||||||
$conditions = $this->buildFilterConditions($user, $filters);
|
$conditions = $this->buildFilterConditions($user, $filters);
|
||||||
$params = array(
|
$params = array(
|
||||||
'conditions' => $conditions,
|
'conditions' => $conditions,
|
||||||
|
@ -4617,4 +4615,28 @@ class Attribute extends AppModel
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function set_filter_uuid(&$params, $conditions, $options)
|
||||||
|
{
|
||||||
|
if (!empty($params['uuid'])) {
|
||||||
|
$params['uuid'] = $this->convert_filters($params['uuid']);
|
||||||
|
if (!empty($params['uuid']['OR'])) {
|
||||||
|
$conditions['AND'][] = array(
|
||||||
|
'OR' => array(
|
||||||
|
'Event.uuid' => $params['uuid']['OR'],
|
||||||
|
'Attribute.uuid' => $params['uuid']['OR']
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
if (!empty($params['uuid']['NOT'])) {
|
||||||
|
$conditions['AND'][] = array(
|
||||||
|
'NOT' => array(
|
||||||
|
'Event.uuid' => $params['uuid']['NOT'],
|
||||||
|
'Attribute.uuid' => $params['uuid']['NOT']
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $conditions;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1667,7 +1667,6 @@ class Event extends AppModel
|
||||||
'object_relation' => array('function' => 'set_filter_simple_attribute'),
|
'object_relation' => array('function' => 'set_filter_simple_attribute'),
|
||||||
'tags' => array('function' => 'set_filter_tags', 'pop' => true),
|
'tags' => array('function' => 'set_filter_tags', 'pop' => true),
|
||||||
'ignore' => array('function' => 'set_filter_ignore'),
|
'ignore' => array('function' => 'set_filter_ignore'),
|
||||||
'uuid' => array('function' => 'set_filter_uuid'),
|
|
||||||
'deleted' => array('function' => 'set_filter_deleted'),
|
'deleted' => array('function' => 'set_filter_deleted'),
|
||||||
'to_ids' => array('function' => 'set_filter_to_ids'),
|
'to_ids' => array('function' => 'set_filter_to_ids'),
|
||||||
'comment' => array('function' => 'set_filter_comment')
|
'comment' => array('function' => 'set_filter_comment')
|
||||||
|
@ -1707,7 +1706,6 @@ class Event extends AppModel
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$fields = array('Event.id');
|
$fields = array('Event.id');
|
||||||
if (!empty($params['include_attribute_count'])) {
|
if (!empty($params['include_attribute_count'])) {
|
||||||
$fields[] = 'Event.attribute_count';
|
$fields[] = 'Event.attribute_count';
|
||||||
|
@ -2585,15 +2583,39 @@ class Event extends AppModel
|
||||||
|
|
||||||
public function set_filter_uuid(&$params, $conditions, $options)
|
public function set_filter_uuid(&$params, $conditions, $options)
|
||||||
{
|
{
|
||||||
|
if ($options['scope'] === 'Event') {
|
||||||
if (!empty($params['uuid'])) {
|
if (!empty($params['uuid'])) {
|
||||||
$params['uuid'] = $this->convert_filters($params['uuid']);
|
$params['uuid'] = $this->convert_filters($params['uuid']);
|
||||||
if (!empty($options['scope']) && $options['scope'] === 'Event') {
|
if (!empty($params['uuid']['OR'])) {
|
||||||
$conditions = $this->generic_add_filter($conditions, $params['uuid'], 'Event.uuid');
|
$subQueryOptions = array(
|
||||||
|
'conditions' => array('Attribute.uuid' => $params['uuid']['OR']),
|
||||||
|
'fields' => array('event_id')
|
||||||
|
);
|
||||||
|
$attributeSubquery = $this->subQueryGenerator($this->Attribute, $subQueryOptions, 'Event.id');
|
||||||
|
$conditions['AND'][] = array(
|
||||||
|
'OR' => array(
|
||||||
|
'Event.uuid' => $params['uuid']['OR'],
|
||||||
|
$attributeSubquery
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
if (!empty($options['scope']) && $options['scope'] === 'Attribute') {
|
if (!empty($params['uuid']['NOT'])) {
|
||||||
$conditions = $this->generic_add_filter($conditions, $params['uuid'], 'Attribute.uuid');
|
$subQueryOptions = array(
|
||||||
|
'conditions' => array('Attribute.uuid' => $params['uuid']['NOT']),
|
||||||
|
'fields' => array('event_id')
|
||||||
|
);
|
||||||
|
$attributeSubquery = $this->subQueryGenerator($this->Attribute, $subQueryOptions, 'Event.id');
|
||||||
|
$conditions['AND'][] = array(
|
||||||
|
'NOT' => array(
|
||||||
|
'Event.uuid' => $params['uuid']['NOT'],
|
||||||
|
$attributeSubquery
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$conditions = $this->{$options['scope']}->set_filter_uuid($params, $conditions, $options);
|
||||||
|
}
|
||||||
return $conditions;
|
return $conditions;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -323,7 +323,6 @@ class Log extends AppModel
|
||||||
$elasticSearchClient = $this->getElasticSearchTool();
|
$elasticSearchClient = $this->getElasticSearchTool();
|
||||||
$elasticSearchClient->pushDocument($logIndex, "log", $data);
|
$elasticSearchClient->pushDocument($logIndex, "log", $data);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Configure::read('Security.syslog')) {
|
if (Configure::read('Security.syslog')) {
|
||||||
// write to syslogd as well
|
// write to syslogd as well
|
||||||
$syslog = new SysLog();
|
$syslog = new SysLog();
|
||||||
|
@ -338,8 +337,17 @@ class Log extends AppModel
|
||||||
}
|
}
|
||||||
|
|
||||||
$entry = $data['Log']['action'];
|
$entry = $data['Log']['action'];
|
||||||
|
if (!empty($data['Log']['title'])) {
|
||||||
|
$entry .= sprintf(
|
||||||
|
' -- %s',
|
||||||
|
$data['Log']['title']
|
||||||
|
);
|
||||||
|
}
|
||||||
if (!empty($data['Log']['description'])) {
|
if (!empty($data['Log']['description'])) {
|
||||||
$entry .= sprintf(' -- %s', $data['Log']['description']);
|
$entry .= sprintf(
|
||||||
|
' -- %s',
|
||||||
|
$data['Log']['description']
|
||||||
|
);
|
||||||
}
|
}
|
||||||
$syslog->write($action, $entry);
|
$syslog->write($action, $entry);
|
||||||
}
|
}
|
||||||
|
|
|
@ -512,7 +512,7 @@ class Server extends AppModel
|
||||||
'description' => __('Enables the use of MISP\'s background processing.'),
|
'description' => __('Enables the use of MISP\'s background processing.'),
|
||||||
'value' => '',
|
'value' => '',
|
||||||
'errorMessage' => '',
|
'errorMessage' => '',
|
||||||
'test' => 'testBool',
|
'test' => 'testBoolTrue',
|
||||||
'type' => 'boolean',
|
'type' => 'boolean',
|
||||||
),
|
),
|
||||||
'attachments_dir' => array(
|
'attachments_dir' => array(
|
||||||
|
@ -3528,6 +3528,21 @@ class Server extends AppModel
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testBoolTrue($value, $errorMessage = false)
|
||||||
|
{
|
||||||
|
if ($this->testBool($value, $errorMessage) !== true) {
|
||||||
|
return $this->testBool($value, $errorMessage);
|
||||||
|
}
|
||||||
|
if ($value === false) {
|
||||||
|
if ($errorMessage) {
|
||||||
|
return $errorMessage;
|
||||||
|
}
|
||||||
|
return 'It is highly recommended that this setting is enabled. Make sure you understand the impact of having this setting turned off.';
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public function testBoolFalse($value, $errorMessage = false)
|
public function testBoolFalse($value, $errorMessage = false)
|
||||||
{
|
{
|
||||||
if ($this->testBool($value, $errorMessage) !== true) {
|
if ($this->testBool($value, $errorMessage) !== true) {
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 777c3188db6fd1f04fc81106a6c2eb293bb19d12
|
Subproject commit c7104e8819d6b789b24a45655aa28625a8c4c346
|
|
@ -39,6 +39,8 @@ threat_actor_galaxies_list = ('threat-actor', 'microsoft-activity-group')
|
||||||
tool_galaxies_list = ('botnet', 'rat', 'exploit-kit', 'tds', 'tool', 'mitre-tool',
|
tool_galaxies_list = ('botnet', 'rat', 'exploit-kit', 'tds', 'tool', 'mitre-tool',
|
||||||
'mitre-enterprise-attack-tool', 'mitre-mobile-attack-tool')
|
'mitre-enterprise-attack-tool', 'mitre-mobile-attack-tool')
|
||||||
_MISP_event_tags = ['Threat-Report', 'misp:tool="misp2stix2"']
|
_MISP_event_tags = ['Threat-Report', 'misp:tool="misp2stix2"']
|
||||||
|
_time_fields = {'indicator': ('valid_from', 'valid_until'),
|
||||||
|
'observed-data': ('first_observed', 'last_observed')}
|
||||||
|
|
||||||
class StixBuilder():
|
class StixBuilder():
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
|
@ -73,6 +75,7 @@ class StixBuilder():
|
||||||
report_args = {'type': 'report', 'id': self.report_id, 'name': self.misp_event['info'],
|
report_args = {'type': 'report', 'id': self.report_id, 'name': self.misp_event['info'],
|
||||||
'created_by_ref': self.identity_id, 'created': self.misp_event['date'],
|
'created_by_ref': self.identity_id, 'created': self.misp_event['date'],
|
||||||
'published': self.get_datetime_from_timestamp(self.misp_event['publish_timestamp']),
|
'published': self.get_datetime_from_timestamp(self.misp_event['publish_timestamp']),
|
||||||
|
'modified': self.get_datetime_from_timestamp(self.misp_event['timestamp']),
|
||||||
'interoperability': True}
|
'interoperability': True}
|
||||||
labels = [tag for tag in _MISP_event_tags]
|
labels = [tag for tag in _MISP_event_tags]
|
||||||
if self.misp_event.get('Tag'):
|
if self.misp_event.get('Tag'):
|
||||||
|
@ -377,8 +380,7 @@ class StixBuilder():
|
||||||
self.galaxies.append(galaxy_uuid)
|
self.galaxies.append(galaxy_uuid)
|
||||||
self.relationships['defined'][source_id].append("{}--{}".format(stix_type, galaxy_uuid))
|
self.relationships['defined'][source_id].append("{}--{}".format(stix_type, galaxy_uuid))
|
||||||
|
|
||||||
@staticmethod
|
def generate_galaxy_args(self, galaxy, b_killchain, b_alias, sdo_type):
|
||||||
def generate_galaxy_args(galaxy, b_killchain, b_alias, sdo_type):
|
|
||||||
cluster = galaxy['GalaxyCluster'][0]
|
cluster = galaxy['GalaxyCluster'][0]
|
||||||
try:
|
try:
|
||||||
cluster_uuid = cluster['collection_uuid']
|
cluster_uuid = cluster['collection_uuid']
|
||||||
|
@ -387,8 +389,9 @@ class StixBuilder():
|
||||||
sdo_id = "{}--{}".format(sdo_type, cluster_uuid)
|
sdo_id = "{}--{}".format(sdo_type, cluster_uuid)
|
||||||
description = "{} | {}".format(galaxy['description'], cluster['description'])
|
description = "{} | {}".format(galaxy['description'], cluster['description'])
|
||||||
labels = ['misp:name=\"{}\"'.format(galaxy['name'])]
|
labels = ['misp:name=\"{}\"'.format(galaxy['name'])]
|
||||||
sdo_args = {'id': sdo_id, 'type': sdo_type, 'name': cluster['value'],
|
sdo_args = {'id': sdo_id, 'type': sdo_type, 'created': self.misp_event['date'],
|
||||||
'description': description, 'interoperability': True}
|
'modified': self.get_datetime_from_timestamp(self.misp_event['timestamp']),
|
||||||
|
'name': cluster['value'], 'description': description, 'interoperability': True}
|
||||||
if b_killchain:
|
if b_killchain:
|
||||||
killchain = [{'kill_chain_name': 'misp-category',
|
killchain = [{'kill_chain_name': 'misp-category',
|
||||||
'phase_name': galaxy['type']}]
|
'phase_name': galaxy['type']}]
|
||||||
|
@ -452,8 +455,9 @@ class StixBuilder():
|
||||||
custom_object_id = "x-misp-object-{}--{}".format(attribute_type, attribute['uuid'])
|
custom_object_id = "x-misp-object-{}--{}".format(attribute_type, attribute['uuid'])
|
||||||
custom_object_type = "x-misp-object-{}".format(attribute_type)
|
custom_object_type = "x-misp-object-{}".format(attribute_type)
|
||||||
labels, markings = self.create_labels(attribute)
|
labels, markings = self.create_labels(attribute)
|
||||||
custom_object_args = {'id': custom_object_id, 'x_misp_category': attribute['category'], 'labels': labels,
|
timestamp = self.get_datetime_from_timestamp(attribute['timestamp'])
|
||||||
'x_misp_timestamp': self.get_datetime_from_timestamp(attribute['timestamp']),
|
custom_object_args = {'id': custom_object_id, 'x_misp_category': attribute['category'],
|
||||||
|
'created': timestamp, 'modified': timestamp, 'labels': labels,
|
||||||
'x_misp_value': attribute['value'], 'created_by_ref': self.identity_id}
|
'x_misp_value': attribute['value'], 'created_by_ref': self.identity_id}
|
||||||
if attribute.get('comment'):
|
if attribute.get('comment'):
|
||||||
custom_object_args['x_misp_comment'] = attribute['comment']
|
custom_object_args['x_misp_comment'] = attribute['comment']
|
||||||
|
@ -461,9 +465,10 @@ class StixBuilder():
|
||||||
markings = self.handle_tags(markings)
|
markings = self.handle_tags(markings)
|
||||||
custom_object_args['object_marking_refs'] = markings
|
custom_object_args['object_marking_refs'] = markings
|
||||||
@CustomObject(custom_object_type, [('id', properties.StringProperty(required=True)),
|
@CustomObject(custom_object_type, [('id', properties.StringProperty(required=True)),
|
||||||
('x_misp_timestamp', properties.StringProperty(required=True)),
|
|
||||||
('labels', properties.ListProperty(labels, required=True)),
|
('labels', properties.ListProperty(labels, required=True)),
|
||||||
('x_misp_value', properties.StringProperty(required=True)),
|
('x_misp_value', properties.StringProperty(required=True)),
|
||||||
|
('created', properties.TimestampProperty(required=True, precision='millisecond')),
|
||||||
|
('modified', properties.TimestampProperty(required=True, precision='millisecond')),
|
||||||
('created_by_ref', properties.StringProperty(required=True)),
|
('created_by_ref', properties.StringProperty(required=True)),
|
||||||
('object_marking_refs', properties.ListProperty(markings)),
|
('object_marking_refs', properties.ListProperty(markings)),
|
||||||
('x_misp_comment', properties.StringProperty()),
|
('x_misp_comment', properties.StringProperty()),
|
||||||
|
@ -498,14 +503,11 @@ class StixBuilder():
|
||||||
labels, markings = self.create_labels(attribute)
|
labels, markings = self.create_labels(attribute)
|
||||||
attribute_value = attribute['value'] if attribute_type != "AS" else self.define_attribute_value(attribute['value'], attribute['comment'])
|
attribute_value = attribute['value'] if attribute_type != "AS" else self.define_attribute_value(attribute['value'], attribute['comment'])
|
||||||
pattern = mispTypesMapping[attribute_type]['pattern'](attribute_type, attribute_value, attribute['data']) if attribute.get('data') else self.define_pattern(attribute_type, attribute_value)
|
pattern = mispTypesMapping[attribute_type]['pattern'](attribute_type, attribute_value, attribute['data']) if attribute.get('data') else self.define_pattern(attribute_type, attribute_value)
|
||||||
indicator_args = {'id': indicator_id, 'type': 'indicator', 'labels': labels, 'kill_chain_phases': killchain,
|
timestamp = self.get_datetime_from_timestamp(attribute['timestamp'])
|
||||||
'valid_from': self.misp_event['date'], 'created_by_ref': self.identity_id,
|
indicator_args = {'id': indicator_id, 'type': 'indicator', 'labels': labels,
|
||||||
|
'kill_chain_phases': killchain, 'created_by_ref': self.identity_id,
|
||||||
'pattern': pattern, 'interoperability': True}
|
'pattern': pattern, 'interoperability': True}
|
||||||
if hasattr(attribute, 'Sighting'):
|
indicator_args.update(self.handle_time_fields(attribute, timestamp, 'indicator'))
|
||||||
for sighting in attribute['Sighting']:
|
|
||||||
if sighting['Organisation']['name'] == self.misp_event['Orgc']['name'] and sighting['type'] == "2":
|
|
||||||
indicator_args['valid_until'] = self.get_datetime_from_timestamp(sighting['date_sighting'])
|
|
||||||
break
|
|
||||||
if attribute.get('comment'):
|
if attribute.get('comment'):
|
||||||
indicator_args['description'] = attribute['comment']
|
indicator_args['description'] = attribute['comment']
|
||||||
if markings:
|
if markings:
|
||||||
|
@ -534,8 +536,9 @@ class StixBuilder():
|
||||||
attribute_value = attribute['value'] if attribute_type != "AS" else self.define_attribute_value(attribute['value'], attribute['comment'])
|
attribute_value = attribute['value'] if attribute_type != "AS" else self.define_attribute_value(attribute['value'], attribute['comment'])
|
||||||
observable = mispTypesMapping[attribute_type]['observable'](attribute_type, attribute_value, attribute['data']) if attribute.get('data') else self.define_observable(attribute_type, attribute_value)
|
observable = mispTypesMapping[attribute_type]['observable'](attribute_type, attribute_value, attribute['data']) if attribute.get('data') else self.define_observable(attribute_type, attribute_value)
|
||||||
observed_data_args = {'id': observed_data_id, 'type': 'observed-data', 'number_observed': 1,
|
observed_data_args = {'id': observed_data_id, 'type': 'observed-data', 'number_observed': 1,
|
||||||
'first_observed': timestamp, 'last_observed': timestamp, 'labels': labels,
|
'objects': observable, 'created_by_ref': self.identity_id,
|
||||||
'created_by_ref': self.identity_id, 'objects': observable, 'interoperability': True}
|
'labels': labels, 'interoperability': True}
|
||||||
|
observed_data_args.update(self.handle_time_fields(attribute, timestamp, 'observed-data'))
|
||||||
if markings:
|
if markings:
|
||||||
observed_data_args['object_marking_refs'] = self.handle_tags(markings)
|
observed_data_args['object_marking_refs'] = self.handle_tags(markings)
|
||||||
observed_data = ObservedData(**observed_data_args)
|
observed_data = ObservedData(**observed_data_args)
|
||||||
|
@ -593,15 +596,17 @@ class StixBuilder():
|
||||||
category = misp_object.get('meta-category')
|
category = misp_object.get('meta-category')
|
||||||
labels = self.create_object_labels(name, category, to_ids)
|
labels = self.create_object_labels(name, category, to_ids)
|
||||||
values = self.fetch_custom_values(misp_object['Attribute'], custom_object_id)
|
values = self.fetch_custom_values(misp_object['Attribute'], custom_object_id)
|
||||||
custom_object_args = {'id': custom_object_id, 'x_misp_values': values, 'labels': labels,
|
timestamp = self.get_datetime_from_timestamp(misp_object['timestamp'])
|
||||||
'x_misp_category': category, 'created_by_ref': self.identity_id,
|
custom_object_args = {'id': custom_object_id, 'x_misp_values': values,
|
||||||
'x_misp_timestamp': self.get_datetime_from_timestamp(misp_object['timestamp'])}
|
'created': timestamp, 'modified': timestamp, 'labels': labels,
|
||||||
|
'x_misp_category': category, 'created_by_ref': self.identity_id}
|
||||||
if hasattr(misp_object, 'comment') and misp_object.get('comment'):
|
if hasattr(misp_object, 'comment') and misp_object.get('comment'):
|
||||||
custom_object_args['x_misp_comment'] = misp_object['comment']
|
custom_object_args['x_misp_comment'] = misp_object['comment']
|
||||||
@CustomObject(custom_object_type, [('id', properties.StringProperty(required=True)),
|
@CustomObject(custom_object_type, [('id', properties.StringProperty(required=True)),
|
||||||
('x_misp_timestamp', properties.StringProperty(required=True)),
|
|
||||||
('labels', properties.ListProperty(labels, required=True)),
|
('labels', properties.ListProperty(labels, required=True)),
|
||||||
('x_misp_values', properties.DictionaryProperty(required=True)),
|
('x_misp_values', properties.DictionaryProperty(required=True)),
|
||||||
|
('created', properties.TimestampProperty(required=True, precision='millisecond')),
|
||||||
|
('modified', properties.TimestampProperty(required=True, precision='millisecond')),
|
||||||
('created_by_ref', properties.StringProperty(required=True)),
|
('created_by_ref', properties.StringProperty(required=True)),
|
||||||
('x_misp_comment', properties.StringProperty()),
|
('x_misp_comment', properties.StringProperty()),
|
||||||
('x_misp_category', properties.StringProperty())
|
('x_misp_category', properties.StringProperty())
|
||||||
|
@ -623,11 +628,13 @@ class StixBuilder():
|
||||||
category = misp_object.get('meta-category')
|
category = misp_object.get('meta-category')
|
||||||
killchain = self.create_killchain(category)
|
killchain = self.create_killchain(category)
|
||||||
labels = self.create_object_labels(name, category, True)
|
labels = self.create_object_labels(name, category, True)
|
||||||
indicator_args = {'id': indicator_id, 'valid_from': self.misp_event['date'],
|
timestamp = self.get_datetime_from_timestamp(misp_object['timestamp'])
|
||||||
'type': 'indicator', 'labels': labels, 'pattern': pattern,
|
indicator_args = {'id': indicator_id, 'type': 'indicator',
|
||||||
|
'labels': labels, 'pattern': pattern,
|
||||||
'description': misp_object['description'], 'allow_custom': True,
|
'description': misp_object['description'], 'allow_custom': True,
|
||||||
'kill_chain_phases': killchain, 'interoperability': True,
|
'kill_chain_phases': killchain, 'interoperability': True,
|
||||||
'created_by_ref': self.identity_id}
|
'created_by_ref': self.identity_id}
|
||||||
|
indicator_args.update(self.handle_time_fields(misp_object, timestamp, 'indicator'))
|
||||||
indicator = Indicator(**indicator_args)
|
indicator = Indicator(**indicator_args)
|
||||||
self.append_object(indicator)
|
self.append_object(indicator)
|
||||||
|
|
||||||
|
@ -644,8 +651,8 @@ class StixBuilder():
|
||||||
timestamp = self.get_datetime_from_timestamp(misp_object['timestamp'])
|
timestamp = self.get_datetime_from_timestamp(misp_object['timestamp'])
|
||||||
observed_data_args = {'id': observed_data_id, 'type': 'observed-data', 'labels': labels,
|
observed_data_args = {'id': observed_data_id, 'type': 'observed-data', 'labels': labels,
|
||||||
'number_observed': 1, 'objects': observable_objects, 'allow_custom': True,
|
'number_observed': 1, 'objects': observable_objects, 'allow_custom': True,
|
||||||
'first_observed': timestamp, 'last_observed': timestamp,
|
|
||||||
'created_by_ref': self.identity_id, 'interoperability': True}
|
'created_by_ref': self.identity_id, 'interoperability': True}
|
||||||
|
observed_data_args.update(self.handle_time_fields(misp_object, timestamp, 'observed-data'))
|
||||||
try:
|
try:
|
||||||
observed_data = ObservedData(**observed_data_args)
|
observed_data = ObservedData(**observed_data_args)
|
||||||
except exceptions.InvalidValueError:
|
except exceptions.InvalidValueError:
|
||||||
|
@ -1417,6 +1424,13 @@ class StixBuilder():
|
||||||
def get_datetime_from_timestamp(timestamp):
|
def get_datetime_from_timestamp(timestamp):
|
||||||
return datetime.datetime.utcfromtimestamp(int(timestamp))
|
return datetime.datetime.utcfromtimestamp(int(timestamp))
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def handle_time_fields(attribute, timestamp, stix_type):
|
||||||
|
to_return = {'created': timestamp, 'modified': timestamp}
|
||||||
|
for misp_field, stix_field in zip(('first_seen', 'last_seen'), _time_fields[stix_type]):
|
||||||
|
to_return[stix_field] = attribute[misp_field] if attribute[misp_field] else timestamp
|
||||||
|
return to_return
|
||||||
|
|
||||||
def main(args):
|
def main(args):
|
||||||
stix_builder = StixBuilder()
|
stix_builder = StixBuilder()
|
||||||
stix_builder.loadEvent(args)
|
stix_builder.loadEvent(args)
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 10bcc1496dce382665b04f760b7b0ce99b8ae3e7
|
Subproject commit bad8b17fffd059f8fd739ce16fc885d79e749022
|
|
@ -1 +1 @@
|
||||||
Subproject commit 77ca5ae2f9742652cd90a53f1b83308a8343f2cc
|
Subproject commit 65a943d8929c578041f789665b05810ea68986cb
|
|
@ -29,6 +29,7 @@ if [ "$1" = "configure" ] ; then
|
||||||
|
|
||||||
cd /usr/share/misp/app
|
cd /usr/share/misp/app
|
||||||
sudo -u www-data composer dump-autoload
|
sudo -u www-data composer dump-autoload
|
||||||
|
sudo -u www-data composer install --ignore-platform-reqs
|
||||||
|
|
||||||
phpenmod redis
|
phpenmod redis
|
||||||
phpenmod gnupg
|
phpenmod gnupg
|
||||||
|
@ -55,9 +56,8 @@ if [ "$1" = "configure" ] ; then
|
||||||
mysql -h$HOST -uroot -p$ROOTPWD -e "CREATE USER IF NOT EXISTS '$MISPDBUSER'@'localhost' IDENTIFIED BY '$MISPDBUSERPWD';"
|
mysql -h$HOST -uroot -p$ROOTPWD -e "CREATE USER IF NOT EXISTS '$MISPDBUSER'@'localhost' IDENTIFIED BY '$MISPDBUSERPWD';"
|
||||||
mysql -h$HOST -uroot -p$ROOTPWD -e "GRANT ALL PRIVILEGES ON misp.* TO '$MISPDBUSER'@'localhost';"
|
mysql -h$HOST -uroot -p$ROOTPWD -e "GRANT ALL PRIVILEGES ON misp.* TO '$MISPDBUSER'@'localhost';"
|
||||||
mysql -h$HOST -uroot -p$ROOTPWD -e "FLUSH PRIVILEGES;"
|
mysql -h$HOST -uroot -p$ROOTPWD -e "FLUSH PRIVILEGES;"
|
||||||
mysql -h$HOST -uroot -p$ROOTPWD -e "CREATE DATABASE $MISPDB;"
|
|
||||||
echo "Creating MISP Database..."
|
echo "Creating MISP Database..."
|
||||||
gunzip < /usr/share/doc/misp/MYSQL.sql.gz | mysql -h$HOST -u$MISPDBUSER -p$MISPDBUSERPWD $MISPDB
|
mysql -h$HOST -uroot -p$ROOTPWD -e "CREATE DATABASE $MISPDB;" && gunzip < /usr/share/doc/misp/MYSQL.sql.gz | mysql -h$HOST -u$MISPDBUSER -p$MISPDBUSERPWD $MISPDB || true
|
||||||
|
|
||||||
# /usr/share/misp/app/Config/database.php
|
# /usr/share/misp/app/Config/database.php
|
||||||
echo "Updating salt..."
|
echo "Updating salt..."
|
||||||
|
@ -69,11 +69,18 @@ if [ "$1" = "configure" ] ; then
|
||||||
sed -i -E "s/'password'\s=>\s'db password'/'password' => '$MISPDBUSERPWD'/" /usr/share/misp/app/Config/database.php
|
sed -i -E "s/'password'\s=>\s'db password'/'password' => '$MISPDBUSERPWD'/" /usr/share/misp/app/Config/database.php
|
||||||
sed -i -E "s/'database'\s=>\s'misp'/'database' => '$MISPDB'/" /usr/share/misp/app/Config/database.php
|
sed -i -E "s/'database'\s=>\s'misp'/'database' => '$MISPDB'/" /usr/share/misp/app/Config/database.php
|
||||||
|
|
||||||
composer require resque/php-resque || true
|
# composer require resque/php-resque || true
|
||||||
# No composer.json in current directory, do you want to use the one at /usr/share/misp/app? [Y,n]? Y
|
# No composer.json in current directory, do you want to use the one at /usr/share/misp/app? [Y,n]? Y
|
||||||
|
|
||||||
|
|
||||||
sudo -u www-data /usr/share/misp/app/Console/cake admin setSetting MISP.baseurl "$BASEURL"
|
sudo -u www-data /usr/share/misp/app/Console/cake admin setSetting MISP.baseurl "$BASEURL"
|
||||||
|
|
||||||
echo "{\"major\":2, \"minor\":4, \"hotfix\":221}" > /usr/share/misp/VERSION.json
|
#
|
||||||
|
# Starting MISP Workers at every boot
|
||||||
|
#
|
||||||
|
chmod +x /usr/share/misp/app/Console/worker/start.sh
|
||||||
|
cat /usr/share/doc/misp/misp-workers.service > /etc/systemd/system/misp-workers.service
|
||||||
|
sed -i -E "s/\/var\/www\/MISP/\/usr\/share\/misp/" /etc/systemd/system/misp-workers.service
|
||||||
|
# systemctl daemon-reload
|
||||||
|
# systemctl enable --now misp-workers
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue