diff --git a/app/Controller/EventsController.php b/app/Controller/EventsController.php index 72cd9a8ef..d8b908cdf 100644 --- a/app/Controller/EventsController.php +++ b/app/Controller/EventsController.php @@ -1393,6 +1393,7 @@ class EventsController extends AppController { // Distribution, reporter for the events pushed will be the owner of the authentication key $this->request->data['Event']['user_id'] = $this->Auth->user('id'); } + if (!empty($this->data)) { if (!isset($this->request->data['Event']['distribution'])) { $this->request->data['Event']['distribution'] = Configure::read('MISP.default_event_distribution') ? Configure::read('MISP.default_event_distribution') : 0; @@ -3949,7 +3950,12 @@ class EventsController extends AppController { 'url' => '/attributes/add_threatconnect/' . $id, 'text' => 'ThreatConnect Import', 'ajax' => false - ) + ), + 'Forensic analysis' => array( + 'url' => '/events/upload_analysis_file/'.$id, + 'text' => 'Forensic analysis upload', + 'ajax' => false, + ) ); $this->loadModel('Module'); $modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import'); @@ -3979,11 +3985,6 @@ class EventsController extends AppController { 'url' => '/events/upload_stix/2', 'text' => 'STIX 2.0 format (lossy)', 'ajax' => false, - ), - 'Forensic analysis' => array( - 'url' => '/events/upload_analysis_file', - 'text' => 'Forensic analysis upload', - 'ajax' => false, ) ); } @@ -4943,19 +4944,111 @@ class EventsController extends AppController { } return $this->RestResponse->viewData($response, $this->response->type()); } - public function upload_analysis_file() + public function upload_analysis_file($eventId) { + $data = array(); + $this->set('eventId', $eventId); $this->set('file_uploaded',"0"); + $this->set('file_name',""); + if (!$this->userRole['perm_modify']) { throw new UnauthorizedException('You do not have permission to do that.'); } - if ($this->request->is('post')) + + if ($this->request->is('post') && $this->request['data']['Event']['analysis_file']['name']) { - $this->set('file_uploaded',"1"); - // if ($this->_isRest()) { - $this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name'])); - - // } + $this->set('file_uploaded',"1"); + $this->set('file_name', $this->request['data']['Event']['analysis_file']['name']); + $this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name'])); + + //$result = $this->Event->upload_mactime($this->Auth->user(), ); } + else if ($this->request->is('post') && $this->request['data']['SelectedData']['mactime_data']) + { + $object = array(); + $data = json_decode($this->request['data']['SelectedData']['mactime_data'],true); + foreach($data as $objectData) { + $object['Object'] = array( + 'name' => 'mactime-analysis', + 'meta-category' => 'file', + 'description' => 'Mactime template, used in forensic investigations esscribe the timeline of a file activity', + 'template_version' => 1, + 'template_uuid' => '9297982e-be62-4772-a665-c91f5a8d639', + 'Attribute'=> [ + "filepath"=> [ + "description" => "Location of the file on the disc", + "ui-priority" => 0, + "misp-attribute" => "text", + "value" => $objectData['filepath'] + ], + "datetime"=> [ + "description" => "Describes datetime of the activity conducted on the file", + "ui-priority" => 0, + "misp-attribute" => "datetime", + "value" => $objectData['time_accessed'] + ], + "file_size" => [ + "description" => "Determines the file size in bytes", + "ui-priority" => 0, + "misp-attribute" => "number", + "value" => $objectData['file_size'] + ], + "file_activity"=> [ + "description" => "Determines the type of activity for the given time", + "ui-priority" => 0, + "misp-attribute" => "text", + "value" => $objectData['activity_type'] + ], + "file_permissions"=> [ + "description" => "Describes permissions of the file", + "ui-priority" => 0, + "misp-attribute" =>"text", + "value" => $objectData['permissions'] + ] + ] + ); + $object['Attribute'] = array( + 'Attribute'=> [ + "filepath"=> [ + "description" => "Location of the file on the disc", + "ui-priority" => 0, + "misp-attribute" => "text", + "value" => $objectData['filepath'] + ], + "datetime"=> [ + "description" => "Describes datetime of the activity conducted on the file", + "ui-priority" => 0, + "misp-attribute" => "datetime", + "value" => $objectData['time_accessed'] + ], + "file_size" => [ + "description" => "Determines the file size in bytes", + "ui-priority" => 0, + "misp-attribute" => "number", + "value" => $objectData['file_size'] + ], + "file_activity"=> [ + "description" => "Determines the type of activity for the given time", + "ui-priority" => 0, + "misp-attribute" => "text", + "value" => $objectData['activity_type'] + ], + "file_permissions"=> [ + "description" => "Describes permissions of the file", + "ui-priority" => 0, + "misp-attribute" =>"text", + "value" => $objectData['permissions'] + ] + ] + ); + $this->loadModel('MispObject'); + $result = $this->MispObject->saveObject($object,$eventId,"",""); + $this->redirect('/events/view/' . $eventId); + } + + + + } + } } diff --git a/app/View/Events/upload_analysis_file.ctp b/app/View/Events/upload_analysis_file.ctp index 26519fbb1..9754defdc 100644 --- a/app/View/Events/upload_analysis_file.ctp +++ b/app/View/Events/upload_analysis_file.ctp @@ -23,10 +23,34 @@ echo $this->Form->end(); ?> element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'addSTIX')); +echo $eventId; + $event['Event']['id'] = $eventId; + echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event)); ?>