mirror of https://github.com/MISP/MISP
Add: object structure
parent
e008b8c926
commit
1440a6389a
|
@ -1393,6 +1393,7 @@ class EventsController extends AppController {
|
||||||
// Distribution, reporter for the events pushed will be the owner of the authentication key
|
// Distribution, reporter for the events pushed will be the owner of the authentication key
|
||||||
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
|
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($this->data)) {
|
if (!empty($this->data)) {
|
||||||
if (!isset($this->request->data['Event']['distribution'])) {
|
if (!isset($this->request->data['Event']['distribution'])) {
|
||||||
$this->request->data['Event']['distribution'] = Configure::read('MISP.default_event_distribution') ? Configure::read('MISP.default_event_distribution') : 0;
|
$this->request->data['Event']['distribution'] = Configure::read('MISP.default_event_distribution') ? Configure::read('MISP.default_event_distribution') : 0;
|
||||||
|
@ -3949,7 +3950,12 @@ class EventsController extends AppController {
|
||||||
'url' => '/attributes/add_threatconnect/' . $id,
|
'url' => '/attributes/add_threatconnect/' . $id,
|
||||||
'text' => 'ThreatConnect Import',
|
'text' => 'ThreatConnect Import',
|
||||||
'ajax' => false
|
'ajax' => false
|
||||||
)
|
),
|
||||||
|
'Forensic analysis' => array(
|
||||||
|
'url' => '/events/upload_analysis_file/'.$id,
|
||||||
|
'text' => 'Forensic analysis upload',
|
||||||
|
'ajax' => false,
|
||||||
|
)
|
||||||
);
|
);
|
||||||
$this->loadModel('Module');
|
$this->loadModel('Module');
|
||||||
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
|
$modules = $this->Module->getEnabledModules($this->Auth->user(), false, 'Import');
|
||||||
|
@ -3979,11 +3985,6 @@ class EventsController extends AppController {
|
||||||
'url' => '/events/upload_stix/2',
|
'url' => '/events/upload_stix/2',
|
||||||
'text' => 'STIX 2.0 format (lossy)',
|
'text' => 'STIX 2.0 format (lossy)',
|
||||||
'ajax' => false,
|
'ajax' => false,
|
||||||
),
|
|
||||||
'Forensic analysis' => array(
|
|
||||||
'url' => '/events/upload_analysis_file',
|
|
||||||
'text' => 'Forensic analysis upload',
|
|
||||||
'ajax' => false,
|
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -4943,19 +4944,111 @@ class EventsController extends AppController {
|
||||||
}
|
}
|
||||||
return $this->RestResponse->viewData($response, $this->response->type());
|
return $this->RestResponse->viewData($response, $this->response->type());
|
||||||
}
|
}
|
||||||
public function upload_analysis_file()
|
public function upload_analysis_file($eventId)
|
||||||
{
|
{
|
||||||
|
$data = array();
|
||||||
|
$this->set('eventId', $eventId);
|
||||||
$this->set('file_uploaded',"0");
|
$this->set('file_uploaded',"0");
|
||||||
|
$this->set('file_name',"");
|
||||||
|
|
||||||
if (!$this->userRole['perm_modify']) {
|
if (!$this->userRole['perm_modify']) {
|
||||||
throw new UnauthorizedException('You do not have permission to do that.');
|
throw new UnauthorizedException('You do not have permission to do that.');
|
||||||
}
|
}
|
||||||
if ($this->request->is('post'))
|
|
||||||
|
if ($this->request->is('post') && $this->request['data']['Event']['analysis_file']['name'])
|
||||||
{
|
{
|
||||||
$this->set('file_uploaded',"1");
|
$this->set('file_uploaded',"1");
|
||||||
// if ($this->_isRest()) {
|
$this->set('file_name', $this->request['data']['Event']['analysis_file']['name']);
|
||||||
$this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name']));
|
$this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name']));
|
||||||
|
|
||||||
// }
|
//$result = $this->Event->upload_mactime($this->Auth->user(), );
|
||||||
}
|
}
|
||||||
|
else if ($this->request->is('post') && $this->request['data']['SelectedData']['mactime_data'])
|
||||||
|
{
|
||||||
|
$object = array();
|
||||||
|
$data = json_decode($this->request['data']['SelectedData']['mactime_data'],true);
|
||||||
|
foreach($data as $objectData) {
|
||||||
|
$object['Object'] = array(
|
||||||
|
'name' => 'mactime-analysis',
|
||||||
|
'meta-category' => 'file',
|
||||||
|
'description' => 'Mactime template, used in forensic investigations esscribe the timeline of a file activity',
|
||||||
|
'template_version' => 1,
|
||||||
|
'template_uuid' => '9297982e-be62-4772-a665-c91f5a8d639',
|
||||||
|
'Attribute'=> [
|
||||||
|
"filepath"=> [
|
||||||
|
"description" => "Location of the file on the disc",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "text",
|
||||||
|
"value" => $objectData['filepath']
|
||||||
|
],
|
||||||
|
"datetime"=> [
|
||||||
|
"description" => "Describes datetime of the activity conducted on the file",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "datetime",
|
||||||
|
"value" => $objectData['time_accessed']
|
||||||
|
],
|
||||||
|
"file_size" => [
|
||||||
|
"description" => "Determines the file size in bytes",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "number",
|
||||||
|
"value" => $objectData['file_size']
|
||||||
|
],
|
||||||
|
"file_activity"=> [
|
||||||
|
"description" => "Determines the type of activity for the given time",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "text",
|
||||||
|
"value" => $objectData['activity_type']
|
||||||
|
],
|
||||||
|
"file_permissions"=> [
|
||||||
|
"description" => "Describes permissions of the file",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" =>"text",
|
||||||
|
"value" => $objectData['permissions']
|
||||||
|
]
|
||||||
|
]
|
||||||
|
);
|
||||||
|
$object['Attribute'] = array(
|
||||||
|
'Attribute'=> [
|
||||||
|
"filepath"=> [
|
||||||
|
"description" => "Location of the file on the disc",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "text",
|
||||||
|
"value" => $objectData['filepath']
|
||||||
|
],
|
||||||
|
"datetime"=> [
|
||||||
|
"description" => "Describes datetime of the activity conducted on the file",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "datetime",
|
||||||
|
"value" => $objectData['time_accessed']
|
||||||
|
],
|
||||||
|
"file_size" => [
|
||||||
|
"description" => "Determines the file size in bytes",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "number",
|
||||||
|
"value" => $objectData['file_size']
|
||||||
|
],
|
||||||
|
"file_activity"=> [
|
||||||
|
"description" => "Determines the type of activity for the given time",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" => "text",
|
||||||
|
"value" => $objectData['activity_type']
|
||||||
|
],
|
||||||
|
"file_permissions"=> [
|
||||||
|
"description" => "Describes permissions of the file",
|
||||||
|
"ui-priority" => 0,
|
||||||
|
"misp-attribute" =>"text",
|
||||||
|
"value" => $objectData['permissions']
|
||||||
|
]
|
||||||
|
]
|
||||||
|
);
|
||||||
|
$this->loadModel('MispObject');
|
||||||
|
$result = $this->MispObject->saveObject($object,$eventId,"","");
|
||||||
|
$this->redirect('/events/view/' . $eventId);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,10 +23,34 @@
|
||||||
echo $this->Form->end();
|
echo $this->Form->end();
|
||||||
?>
|
?>
|
||||||
<div id="afterUpload" style="display:none;">
|
<div id="afterUpload" style="display:none;">
|
||||||
|
<div id="object_templates" style="display:none;">
|
||||||
|
<div class="">
|
||||||
|
<?php
|
||||||
|
echo $this->Form->create('SelectedData', array('enctype' => 'application/Json'));
|
||||||
|
?>
|
||||||
|
<div style="display:none;">
|
||||||
|
<fieldset>
|
||||||
|
<?php
|
||||||
|
echo $this->Form->input('mactime_data', array(
|
||||||
|
'type' => 'text'
|
||||||
|
));
|
||||||
|
?>
|
||||||
|
<div class="input clear"></div>
|
||||||
|
<?php
|
||||||
|
?>
|
||||||
|
</fieldset>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<?php
|
||||||
|
echo $this->Form->button(__('Create Objects'), array('class' => 'btn btn-primary'));
|
||||||
|
echo $this->Form->end();
|
||||||
|
?>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<div style="clear:both;"></div>
|
<div style="clear:both;"></div>
|
||||||
|
<input id="file_name" type="hidden" value="<?php if($file_uploaded == "1") { echo h($file_name); } ?>">
|
||||||
<div id="accordion1" style="">
|
<div id="accordion1" style="">
|
||||||
<h3>Select text for further analysis <button id="graspSelectedText" class="btn btn-primary" style="margin-left:5px;">Process Selected Entries</button></h3>
|
<h3>Select text for further analysis</h3>
|
||||||
<div id="textToSelect" class="raisedbox noselect">
|
<div id="textToSelect" class="raisedbox noselect">
|
||||||
<div id="fileContent" style="display:none;">
|
<div id="fileContent" style="display:none;">
|
||||||
<p>
|
<p>
|
||||||
|
@ -46,18 +70,21 @@
|
||||||
<th>Activity Type</th>
|
<th>Activity Type</th>
|
||||||
<th>Time Accessed</th>
|
<th>Time Accessed</th>
|
||||||
<th>Permissions</th>
|
<th>Permissions</th>
|
||||||
|
|
||||||
</thead>
|
</thead>
|
||||||
<tbody></tbody>
|
<tbody></tbody>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<div style="clear:both;"></div>
|
<div style="clear:both;"></div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'addSTIX'));
|
echo $eventId;
|
||||||
|
$event['Event']['id'] = $eventId;
|
||||||
|
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event));
|
||||||
?>
|
?>
|
||||||
<style>
|
<style>
|
||||||
.selectedLines td,
|
.selectedLines td,
|
||||||
|
@ -100,16 +127,38 @@ if(afterUpload == 1)
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
$("input[type='checkbox']").change(function (e) {
|
||||||
|
|
||||||
$('#graspSelectedText').on('click',function(){
|
var SelectedData = new Array();
|
||||||
|
var i = 0;
|
||||||
$('#individualLines').find('tr').each(function () {
|
$('#individualLines').find('tr').each(function () {
|
||||||
var row = $(this);
|
var row = $(this);
|
||||||
if (row.find('input[type="checkbox"]').is(':checked')) {
|
if (row.find('input[type="checkbox"]').is(':checked')) {
|
||||||
row.find("td:first").remove();
|
|
||||||
}
|
SelectedData[i]={
|
||||||
$(this).remove();
|
"filepath" : $(row).find('td:eq(1)').text(),
|
||||||
|
"file_size" :$(row).find('td:eq(2)').text(),
|
||||||
|
"activity_type" : $(row).find('td:eq(3)').text(),
|
||||||
|
"time_accessed" : $(row).find('td:eq(4)').text(),
|
||||||
|
"permissions" : $(row).find('td:eq(5)').text(),
|
||||||
|
"file_name" : $("#file_name").val()
|
||||||
|
}
|
||||||
|
i++;
|
||||||
|
}
|
||||||
|
|
||||||
});
|
});
|
||||||
})
|
if(i > 0)
|
||||||
|
{
|
||||||
|
$('#object_templates').show();
|
||||||
|
SelectedData =JSON.stringify(SelectedData);
|
||||||
|
$('#SelectedDataMactimeData').val(SelectedData);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
$('#object_templates').hide();
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
function processString(text)
|
function processString(text)
|
||||||
|
|
Loading…
Reference in New Issue