MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge remote-tracking branch 'upstream/2.4' into 2.4

pull/3483/head
Steve Clement 2018-07-13 15:26:56 +02:00
parent ecaf6cdeae da7eac50ba
commit 112323f49a
4 changed files with 84 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
app/Controller/UsersController.php
View File

@ -1353,7 +1353,7 @@ class UsersController extends AppController {
// shows some statistics about the instance
public function statistics($page = 'data') {
$this->set('page', $page);
$pages = array('data' => 'Usage data', 'orgs' => 'Organisations', 'tags' => 'Tags', 'attributehistogram' => 'Attribute histogram', 'sightings' => 'Sightings toplists', 'attackMatrix' => 'ATT&CK Matrix');
$pages = array('data' => 'Usage data', 'orgs' => 'Organisations', 'users' => 'User and Organisation statistics', 'tags' => 'Tags', 'attributehistogram' => 'Attribute histogram', 'sightings' => 'Sightings toplists', 'attackMatrix' => 'ATT&CK Matrix');
if (!$this->_isSiteAdmin() && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
unset($pages['orgs']);
}
@ -1366,6 +1366,8 @@ class UsersController extends AppController {
throw new MethodNotAllowedException('This feature is currently disabled.');
}
$result = $this->__statisticsOrgs($this->params['named']);
} else if ($page == 'users') {
$result = $this->__statisticsUsers($this->params['named']);
} else if ($page == 'tags') {
$result = $this->__statisticsTags($this->params['named']);
} else if ($page == 'attributehistogram') {
@ -1549,6 +1551,52 @@ class UsersController extends AppController {
}
}
private function __statisticsUsers($params = array()) {
$this->loadModel('Organisation');
$this->loadModel('User');
$this_month = strtotime(date('Y/m') . '/01');
$this_year = strtotime(date('Y') . '/01/01');
$ranges = array(
'total' => null,
'month' => $this_month,
'year' => $this_year
);
$scopes = array(
'user' => array(
'conditions' => null,
'model' => 'User',
'date_created' => 'timestamp'
),
'org_local' => array(
'conditions' => array('Organisation.local' => 1),
'model' => 'Organisation',
'date_created' => 'datetime'
),
'org_external' => array(
'conditions' => array('Organisation.local' => 0),
'model' => 'Organisation',
'date_created' => 'datetime'
)
);
$statistics = array();
foreach ($scopes as $scope => $scope_data) {
foreach ($ranges as $range => $condition) {
$params = array(
'recursive' => -1
);
if (!empty($condition)) {
if ($scope_data['date_created'] === 'datetime') {
$condition = date('Y-m-d H:i:s', $condition);
}
$params['conditions'] = array($scope_data['model'] . '.date_created >=' => $condition);
}
$statistics[$scope]['data'][$range] = $this->{$scope_data['model']}->find('count', $params);
}
}
$this->set('statistics', $statistics);
$this->render('statistics_users');
}
public function tagStatisticsGraph() {
$this->loadModel('EventTag');
$tags = $this->EventTag->getSortedTagList();

1
app/View/Users/statistics_orgs.ctp
View File

@ -14,6 +14,7 @@
);
$types[$scope]['selected'] = true;
?>
<h4><?php echo __('Organisation list');?></h4>
<p><?php echo __('Quick overview over the organisations residing on or known by this instance.');?></p>
<div class="tabMenuFixedContainer" style="display:inline-block;">
<?php

28
app/View/Users/statistics_users.ctp Normal file
View File

@ -0,0 +1,28 @@
<div class = "index">
<h2><?php echo __('Statistics');?></h2>
<?php
echo $this->element('Users/statisticsMenu');
?>
<h4><?php echo __('User and Organisation Statistics');?></h4>
<div style="width:250px;">
<dl>
<?php
foreach ($statistics as $type => $data) {
foreach ($data['data'] as $time_frame => $count) {
$extra = '';
$icon = '';
if ($count && $time_frame !== 'total') {
$extra = 'green';
$icon = '<span class="fa fa-angle-up"></span>';
}
echo sprintf('<dt>%s (%s)</dt>', Inflector::humanize(h($type)), Inflector::humanize(h($time_frame)));
echo sprintf('<dd class="bold %s">%s %s</dd>', $extra, h($count), $icon);
}
}
?>
</dl>
</div>
</div>
<?php
echo $this->element('side_menu', array('menuList' => 'globalActions', 'menuItem' => 'statistics'));
?>

8
app/files/scripts/misp2stix.py
View File

@ -73,7 +73,11 @@ not_implemented_attributes = ['yara', 'snort', 'pattern-in-traffic', 'pattern-in
non_indicator_attributes = ['text', 'comment', 'other', 'link', 'target-user', 'target-email', 'target-machine', 'target-org', 'target-location', 'target-external', 'vulnerability']
hash_type_attributes = {"single":["md5", "sha1", "sha224", "sha256", "sha384", "sha512", "sha512/224", "sha512/256", "ssdeep", "imphash", "authentihash", "pehash", "tlsh", "x509-fingerprint-sha1"], "composite": ["filename|md5", "filename|sha1", "filename|sha224", "filename|sha256", "filename|sha384", "filename|sha512", "filename|sha512/224", "filename|sha512/256", "filename|authentihash", "filename|ssdeep", "filename|tlsh", "filename|imphash", "filename|pehash"]}
hash_type_attributes = {"single": ["md5", "sha1", "sha224", "sha256", "sha384", "sha512", "sha512/224", "sha512/256", "ssdeep",
"imphash", "authentihash", "pehash", "tlsh", "x509-fingerprint-sha1"],
"composite": ["filename|md5", "filename|sha1", "filename|sha224", "filename|sha256", "filename|sha384",
"filename|sha512", "filename|sha512/224", "filename|sha512/256", "filename|authentihash",
"filename|ssdeep", "filename|tlsh", "filename|imphash", "filename|pehash"]}
# mapping for the attributes that can go through the simpleobservable script
misp_cybox_name = {"domain" : "DomainName", "hostname" : "Hostname", "url" : "URI", "AS" : "AutonomousSystem", "mutex" : "Mutex",
@ -1108,7 +1112,7 @@ class StixBuilder(object):
fuzzy = False
f, h = [""] * 2
attribute_type = attribute.type
if attribute_type in (hash_type_attributes['composite'], "malware-sample"):
if attribute_type in hash_type_attributes['composite'] or attribute_type == "malware-sample":
f, h = attribute.value.split('|')
composite = attribute_type.split('|')
if len(composite) > 1 and composite[1] == "ssdeep":