MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Add: object structure

pull/3742/head
aksha 2018-08-10 14:11:51 +01:00
parent e008b8c926
commit 1440a6389a
2 changed files with 165 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
app/Controller/EventsController.php
View File

@ -1393,6 +1393,7 @@ class EventsController extends AppController {
// Distribution, reporter for the events pushed will be the owner of the authentication key
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
}
if (!empty($this->data)) {
if (!isset($this->request->data['Event']['distribution'])) {
$this->request->data['Event']['distribution'] = Configure::read('MISP.default_event_distribution') ? Configure::read('MISP.default_event_distribution') : 0;
@ -3949,7 +3950,12 @@ class EventsController extends AppController {
'url' => '/attributes/add_threatconnect/' . $id,
'text' => 'ThreatConnect Import',
'ajax' => false
)
),
'Forensic analysis' => array(
'url' => '/events/upload_analysis_file/'.$id,
'text' => 'Forensic analysis upload',
'ajax' => false,
)
);
$this->loadModel('Module');
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
@ -3979,11 +3985,6 @@ class EventsController extends AppController {
'url' => '/events/upload_stix/2',
'text' => 'STIX 2.0 format (lossy)',
'ajax' => false,
),
'Forensic analysis' => array(
'url' => '/events/upload_analysis_file',
'text' => 'Forensic analysis upload',
'ajax' => false,
)
);
}
@ -4943,19 +4944,111 @@ class EventsController extends AppController {
}
return $this->RestResponse->viewData($response, $this->response->type());
}
public function upload_analysis_file()
public function upload_analysis_file($eventId)
{
$data = array();
$this->set('eventId', $eventId);
$this->set('file_uploaded',"0");
$this->set('file_name',"");
if (!$this->userRole['perm_modify']) {
throw new UnauthorizedException('You do not have permission to do that.');
}
if ($this->request->is('post'))
if ($this->request->is('post') && $this->request['data']['Event']['analysis_file']['name'])
{
$this->set('file_uploaded',"1");
// if ($this->_isRest()) {
$this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name']));
// }
$this->set('file_uploaded',"1");
$this->set('file_name', $this->request['data']['Event']['analysis_file']['name']);
$this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name']));
//$result = $this->Event->upload_mactime($this->Auth->user(), );
}
else if ($this->request->is('post') && $this->request['data']['SelectedData']['mactime_data'])
{
$object = array();
$data = json_decode($this->request['data']['SelectedData']['mactime_data'],true);
foreach($data as $objectData) {
$object['Object'] = array(
'name' => 'mactime-analysis',
'meta-category' => 'file',
'description' => 'Mactime template, used in forensic investigations esscribe the timeline of a file activity',
'template_version' => 1,
'template_uuid' => '9297982e-be62-4772-a665-c91f5a8d639',
'Attribute'=> [
"filepath"=> [
"description" => "Location of the file on the disc",
"ui-priority" => 0,
"misp-attribute" => "text",
"value" => $objectData['filepath']
],
"datetime"=> [
"description" => "Describes datetime of the activity conducted on the file",
"ui-priority" => 0,
"misp-attribute" => "datetime",
"value" => $objectData['time_accessed']
],
"file_size" => [
"description" => "Determines the file size in bytes",
"ui-priority" => 0,
"misp-attribute" => "number",
"value" => $objectData['file_size']
],
"file_activity"=> [
"description" => "Determines the type of activity for the given time",
"ui-priority" => 0,
"misp-attribute" => "text",
"value" => $objectData['activity_type']
],
"file_permissions"=> [
"description" => "Describes permissions of the file",
"ui-priority" => 0,
"misp-attribute" =>"text",
"value" => $objectData['permissions']
]
]
);
$object['Attribute'] = array(
'Attribute'=> [
"filepath"=> [
"description" => "Location of the file on the disc",
"ui-priority" => 0,
"misp-attribute" => "text",
"value" => $objectData['filepath']
],
"datetime"=> [
"description" => "Describes datetime of the activity conducted on the file",
"ui-priority" => 0,
"misp-attribute" => "datetime",
"value" => $objectData['time_accessed']
],
"file_size" => [
"description" => "Determines the file size in bytes",
"ui-priority" => 0,
"misp-attribute" => "number",
"value" => $objectData['file_size']
],
"file_activity"=> [
"description" => "Determines the type of activity for the given time",
"ui-priority" => 0,
"misp-attribute" => "text",
"value" => $objectData['activity_type']
],
"file_permissions"=> [
"description" => "Describes permissions of the file",
"ui-priority" => 0,
"misp-attribute" =>"text",
"value" => $objectData['permissions']
]
]
);
$this->loadModel('MispObject');
$result = $this->MispObject->saveObject($object,$eventId,"","");
$this->redirect('/events/view/' . $eventId);
}
}
}
}

69
app/View/Events/upload_analysis_file.ctp
View File

@ -23,10 +23,34 @@
echo $this->Form->end();
?>
<div id="afterUpload" style="display:none;">
<div id="object_templates" style="display:none;">
<div class="">
<?php
echo $this->Form->create('SelectedData', array('enctype' => 'application/Json'));
?>
<div style="display:none;">
<fieldset>
<?php
echo $this->Form->input('mactime_data', array(
'type' => 'text'
));
?>
<div class="input clear"></div>
<?php
?>
</fieldset>
</div>
<?php
echo $this->Form->button(__('Create Objects'), array('class' => 'btn btn-primary'));
echo $this->Form->end();
?>
</div>
</div>
<div style="clear:both;"></div>
<input id="file_name" type="hidden" value="<?php if($file_uploaded == "1") { echo h($file_name); } ?>">
<div id="accordion1" style="">
<h3>Select text for further analysis <button id="graspSelectedText" class="btn btn-primary" style="margin-left:5px;">Process Selected Entries</button></h3>
<h3>Select text for further analysis</h3>
<div id="textToSelect" class="raisedbox noselect">
<div id="fileContent" style="display:none;">
<p>
@ -46,18 +70,21 @@
<th>Activity Type</th>
<th>Time Accessed</th>
<th>Permissions</th>
</thead>
<tbody></tbody>
</table>
</div>
</div>
<div style="clear:both;"></div>
</div>
</div>
<?php
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'addSTIX'));
echo $eventId;
$event['Event']['id'] = $eventId;
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event));
?>
<style>
.selectedLines td,
@ -100,16 +127,38 @@ if(afterUpload == 1)
}
}
$("input[type='checkbox']").change(function (e) {
$('#graspSelectedText').on('click',function(){
var SelectedData = new Array();
var i = 0;
$('#individualLines').find('tr').each(function () {
var row = $(this);
if (row.find('input[type="checkbox"]').is(':checked')) {
row.find("td:first").remove();
}
$(this).remove();
if (row.find('input[type="checkbox"]').is(':checked')) {
SelectedData[i]={
"filepath" : $(row).find('td:eq(1)').text(),
"file_size" :$(row).find('td:eq(2)').text(),
"activity_type" : $(row).find('td:eq(3)').text(),
"time_accessed" : $(row).find('td:eq(4)').text(),
"permissions" : $(row).find('td:eq(5)').text(),
"file_name" : $("#file_name").val()
}
i++;
}
});
})
if(i > 0)
{
$('#object_templates').show();
SelectedData =JSON.stringify(SelectedData);
$('#SelectedDataMactimeData').val(SelectedData);
}
else
$('#object_templates').hide();
});
function processString(text)