mirror of https://github.com/MISP/MISP
Correlations on the event index, first implementation
Iglocska
parent
9c8719bf58
commit
12e32d4673
|
|
@ -36,6 +36,8 @@ class EventsController extends AppController {
|
|||
);
|
||||
|
||||
public $helpers = array('Js' => array('Jquery'));
|
||||
|
||||
public $paginationFunctions = array('index', 'proposalEventIndex');
|
||||
|
||||
public function beforeFilter() {
|
||||
parent::beforeFilter();
|
||||
|
|
@ -71,8 +73,9 @@ class EventsController extends AppController {
|
|||
}
|
||||
|
||||
// if not admin or own org, check private as well..
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
if (!$this->_isSiteAdmin() && in_array($this->action, $this->paginationFunctions)) {
|
||||
$sgids = $this->Event->SharingGroup->fetchAllAuthorised($this->Auth->user());
|
||||
if (empty($sgids)) $sgids = array(-1);
|
||||
$conditions = array(
|
||||
'AND' => array(
|
||||
array(
|
||||
|
|
@ -508,7 +511,9 @@ class EventsController extends AppController {
|
|||
}
|
||||
$this->set('events', $events);
|
||||
} else {
|
||||
$this->set('events', $this->paginate());
|
||||
$events = $this->paginate();
|
||||
if (Configure::read('MISP.showCorrelationsOnIndex')) $this->Event->attachCorrelationCountToEvents($this->Auth->user(), $events);
|
||||
$this->set('events', $events);
|
||||
}
|
||||
|
||||
if (!$this->Event->User->getPGP($this->Auth->user('id')) && Configure::read('GnuPG.onlyencrypted')) {
|
||||
|
|
|
|||
|
|
@ -416,6 +416,77 @@ class Event extends AppModel {
|
|||
public function isOwnedByOrg($eventid, $org) {
|
||||
return $this->field('id', array('id' => $eventid, 'org_id' => $org)) === $eventid;
|
||||
}
|
||||
|
||||
// gets the logged in user + an array of events, attaches the correlation count to each
|
||||
public function attachCorrelationCountToEvents($user, &$events) {
|
||||
$sgids = $this->SharingGroup->fetchAllAuthorised($user);
|
||||
if (!isset($sgids) || empty($sgids)) $sgids = array(-1);
|
||||
$this->Correlation = ClassRegistry::init('Correlation');
|
||||
$eventIds = Set::extract('/Event/id', $events);
|
||||
$conditionsCorrelation = $this->__buildEventConditionsCorrelation($user, $eventIds, $sgids);
|
||||
$correlations = $this->Correlation->find('all',array(
|
||||
'fields' => array('Correlation.event_id', 'count(distinct(Correlation.1_event_id)) as count'),
|
||||
'conditions' => $conditionsCorrelation,
|
||||
'recursive' => -1,
|
||||
'group' => array('Correlation.event_id'),
|
||||
));
|
||||
$correlations = Hash::combine($correlations, '{n}.Correlation.event_id', '{n}.0.count');
|
||||
foreach ($events as &$event) $event['Event']['correlation_count'] = (isset($correlations[$event['Event']['id']])) ? $correlations[$event['Event']['id']] : 0;
|
||||
}
|
||||
|
||||
private function __buildEventConditionsCorrelation($user, $eventIds, $sgids) {
|
||||
if (!is_array($eventIds)) $eventIds = array($eventIds);
|
||||
if (!$user['Role']['perm_site_admin']) {
|
||||
$conditionsCorrelation = array(
|
||||
'AND' => array(
|
||||
'Correlation.1_event_id' => $eventIds,
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.org_id' => $user['org_id'],
|
||||
'AND' => array(
|
||||
array(
|
||||
'OR' => array(
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution >' => 0,
|
||||
'Correlation.distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution' => 4,
|
||||
'Correlation.sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.a_distribution' => 5,
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution >' => 0,
|
||||
'Correlation.a_distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution' => 4,
|
||||
'Correlation.a_sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
} else {
|
||||
$conditionsCorrelation = array('Correlation.1_event_id' => $eventIds);
|
||||
}
|
||||
return $conditionsCorrelation;
|
||||
}
|
||||
|
||||
public function getRelatedEvents($user, $eventId = null, $sgids) {
|
||||
if ($eventId == null) $eventId = $this->data['Event']['id'];
|
||||
|
|
@ -432,55 +503,7 @@ class Event extends AppModel {
|
|||
// i. Attribute has a distribution of 5 (inheritance of the event, for this the event check has to pass anyway)
|
||||
// ii. Atttibute has a distribution between 1-3 (community only, connected communities, all orgs)
|
||||
// iii. Attribute has a sharing group that the user is accessible to view
|
||||
if (!$user['Role']['perm_site_admin']) {
|
||||
$conditionsCorrelation = array(
|
||||
'AND' => array(
|
||||
'Correlation.1_event_id' => $eventId,
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.org_id' => $user['org_id'],
|
||||
'AND' => array(
|
||||
array(
|
||||
'OR' => array(
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution >' => 0,
|
||||
'Correlation.distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.distribution' => 4,
|
||||
'Correlation.sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
array(
|
||||
'OR' => array(
|
||||
'Correlation.a_distribution' => 5,
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution >' => 0,
|
||||
'Correlation.a_distribution <' => 4,
|
||||
),
|
||||
),
|
||||
array(
|
||||
'AND' => array(
|
||||
'Correlation.a_distribution' => 4,
|
||||
'Correlation.a_sharing_group_id' => $sgids
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
} else {
|
||||
$conditionsCorrelation = array('Correlation.1_event_id' => $eventId);
|
||||
}
|
||||
$conditionsCorrelation = $this->__buildEventConditionsCorrelation($user, $eventId, $sgids);
|
||||
$correlations = $this->Correlation->find('all',array(
|
||||
'fields' => 'Correlation.event_id',
|
||||
'conditions' => $conditionsCorrelation,
|
||||
|
|
|
|||
|
|
@ -511,6 +511,15 @@ class Server extends AppModel {
|
|||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'showCorrelationsOnIndex' => array(
|
||||
'level' => 1,
|
||||
'description' => 'When enabled, the number of correlations visible to the currently logged in user will be visible on the event index UI. This comes at a performance cost but can be very useful to see correlating events at a glance.',
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
),
|
||||
'GnuPG' => array(
|
||||
'branch' => 1,
|
||||
|
|
|
|||
|
|
@ -71,6 +71,9 @@
|
|||
<th class="filter">Tags</th>
|
||||
<?php endif; ?>
|
||||
<th><?php echo $this->Paginator->sort('attribute_count', '#Attr.');?></th>
|
||||
<?php if (Configure::read('MISP.showCorrelationsOnIndex')):?>
|
||||
<th><?php echo $this->Paginator->sort('correlation_count', '#Corr.');?></th>
|
||||
<?php endif; ?>
|
||||
<?php if ($isSiteAdmin): ?>
|
||||
<th><?php echo $this->Paginator->sort('user_id', 'Email');?></th>
|
||||
<?php endif; ?>
|
||||
|
|
@ -138,6 +141,11 @@
|
|||
<td style="width:30px;" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'">
|
||||
<?php echo $event['Event']['attribute_count']; ?>
|
||||
</td>
|
||||
<?php if (Configure::read('MISP.showCorrelationsOnIndex')):?>
|
||||
<td class = "bold" style="width:30px;" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'">
|
||||
<?php echo !empty($event['Event']['correlation_count']) ? h($event['Event']['correlation_count']) : ''; ?>
|
||||
</td>
|
||||
<?php endif; ?>
|
||||
<?php if ('true' == $isSiteAdmin): ?>
|
||||
<td class="short" ondblclick="location.href ='<?php echo $baseurl."/events/view/".$event['Event']['id'];?>'">
|
||||
<?php echo h($event['User']['email']); ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue