mirror of https://github.com/MISP/MISP
Add: object structure
parent
e008b8c926
commit
1440a6389a
|
@ -1393,6 +1393,7 @@ class EventsController extends AppController {
|
|||
// Distribution, reporter for the events pushed will be the owner of the authentication key
|
||||
$this->request->data['Event']['user_id'] = $this->Auth->user('id');
|
||||
}
|
||||
|
||||
if (!empty($this->data)) {
|
||||
if (!isset($this->request->data['Event']['distribution'])) {
|
||||
$this->request->data['Event']['distribution'] = Configure::read('MISP.default_event_distribution') ? Configure::read('MISP.default_event_distribution') : 0;
|
||||
|
@ -3949,6 +3950,11 @@ class EventsController extends AppController {
|
|||
'url' => '/attributes/add_threatconnect/' . $id,
|
||||
'text' => 'ThreatConnect Import',
|
||||
'ajax' => false
|
||||
),
|
||||
'Forensic analysis' => array(
|
||||
'url' => '/events/upload_analysis_file/'.$id,
|
||||
'text' => 'Forensic analysis upload',
|
||||
'ajax' => false,
|
||||
)
|
||||
);
|
||||
$this->loadModel('Module');
|
||||
|
@ -3979,11 +3985,6 @@ class EventsController extends AppController {
|
|||
'url' => '/events/upload_stix/2',
|
||||
'text' => 'STIX 2.0 format (lossy)',
|
||||
'ajax' => false,
|
||||
),
|
||||
'Forensic analysis' => array(
|
||||
'url' => '/events/upload_analysis_file',
|
||||
'text' => 'Forensic analysis upload',
|
||||
'ajax' => false,
|
||||
)
|
||||
);
|
||||
}
|
||||
|
@ -4943,19 +4944,111 @@ class EventsController extends AppController {
|
|||
}
|
||||
return $this->RestResponse->viewData($response, $this->response->type());
|
||||
}
|
||||
public function upload_analysis_file()
|
||||
public function upload_analysis_file($eventId)
|
||||
{
|
||||
$data = array();
|
||||
$this->set('eventId', $eventId);
|
||||
$this->set('file_uploaded',"0");
|
||||
$this->set('file_name',"");
|
||||
|
||||
if (!$this->userRole['perm_modify']) {
|
||||
throw new UnauthorizedException('You do not have permission to do that.');
|
||||
}
|
||||
if ($this->request->is('post'))
|
||||
|
||||
if ($this->request->is('post') && $this->request['data']['Event']['analysis_file']['name'])
|
||||
{
|
||||
$this->set('file_uploaded',"1");
|
||||
// if ($this->_isRest()) {
|
||||
$this->set('file_name', $this->request['data']['Event']['analysis_file']['name']);
|
||||
$this->set('file_content',file_get_contents($this->request['data']['Event']['analysis_file']['tmp_name']));
|
||||
|
||||
// }
|
||||
}
|
||||
//$result = $this->Event->upload_mactime($this->Auth->user(), );
|
||||
}
|
||||
else if ($this->request->is('post') && $this->request['data']['SelectedData']['mactime_data'])
|
||||
{
|
||||
$object = array();
|
||||
$data = json_decode($this->request['data']['SelectedData']['mactime_data'],true);
|
||||
foreach($data as $objectData) {
|
||||
$object['Object'] = array(
|
||||
'name' => 'mactime-analysis',
|
||||
'meta-category' => 'file',
|
||||
'description' => 'Mactime template, used in forensic investigations esscribe the timeline of a file activity',
|
||||
'template_version' => 1,
|
||||
'template_uuid' => '9297982e-be62-4772-a665-c91f5a8d639',
|
||||
'Attribute'=> [
|
||||
"filepath"=> [
|
||||
"description" => "Location of the file on the disc",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "text",
|
||||
"value" => $objectData['filepath']
|
||||
],
|
||||
"datetime"=> [
|
||||
"description" => "Describes datetime of the activity conducted on the file",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "datetime",
|
||||
"value" => $objectData['time_accessed']
|
||||
],
|
||||
"file_size" => [
|
||||
"description" => "Determines the file size in bytes",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "number",
|
||||
"value" => $objectData['file_size']
|
||||
],
|
||||
"file_activity"=> [
|
||||
"description" => "Determines the type of activity for the given time",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "text",
|
||||
"value" => $objectData['activity_type']
|
||||
],
|
||||
"file_permissions"=> [
|
||||
"description" => "Describes permissions of the file",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" =>"text",
|
||||
"value" => $objectData['permissions']
|
||||
]
|
||||
]
|
||||
);
|
||||
$object['Attribute'] = array(
|
||||
'Attribute'=> [
|
||||
"filepath"=> [
|
||||
"description" => "Location of the file on the disc",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "text",
|
||||
"value" => $objectData['filepath']
|
||||
],
|
||||
"datetime"=> [
|
||||
"description" => "Describes datetime of the activity conducted on the file",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "datetime",
|
||||
"value" => $objectData['time_accessed']
|
||||
],
|
||||
"file_size" => [
|
||||
"description" => "Determines the file size in bytes",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "number",
|
||||
"value" => $objectData['file_size']
|
||||
],
|
||||
"file_activity"=> [
|
||||
"description" => "Determines the type of activity for the given time",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" => "text",
|
||||
"value" => $objectData['activity_type']
|
||||
],
|
||||
"file_permissions"=> [
|
||||
"description" => "Describes permissions of the file",
|
||||
"ui-priority" => 0,
|
||||
"misp-attribute" =>"text",
|
||||
"value" => $objectData['permissions']
|
||||
]
|
||||
]
|
||||
);
|
||||
$this->loadModel('MispObject');
|
||||
$result = $this->MispObject->saveObject($object,$eventId,"","");
|
||||
$this->redirect('/events/view/' . $eventId);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,10 +23,34 @@
|
|||
echo $this->Form->end();
|
||||
?>
|
||||
<div id="afterUpload" style="display:none;">
|
||||
<div id="object_templates" style="display:none;">
|
||||
<div class="">
|
||||
<?php
|
||||
echo $this->Form->create('SelectedData', array('enctype' => 'application/Json'));
|
||||
?>
|
||||
<div style="display:none;">
|
||||
<fieldset>
|
||||
<?php
|
||||
echo $this->Form->input('mactime_data', array(
|
||||
'type' => 'text'
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
?>
|
||||
</fieldset>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
echo $this->Form->button(__('Create Objects'), array('class' => 'btn btn-primary'));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<div style="clear:both;"></div>
|
||||
<input id="file_name" type="hidden" value="<?php if($file_uploaded == "1") { echo h($file_name); } ?>">
|
||||
<div id="accordion1" style="">
|
||||
<h3>Select text for further analysis <button id="graspSelectedText" class="btn btn-primary" style="margin-left:5px;">Process Selected Entries</button></h3>
|
||||
<h3>Select text for further analysis</h3>
|
||||
<div id="textToSelect" class="raisedbox noselect">
|
||||
<div id="fileContent" style="display:none;">
|
||||
<p>
|
||||
|
@ -46,18 +70,21 @@
|
|||
<th>Activity Type</th>
|
||||
<th>Time Accessed</th>
|
||||
<th>Permissions</th>
|
||||
|
||||
</thead>
|
||||
<tbody></tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<div style="clear:both;"></div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'event-collection', 'menuItem' => 'addSTIX'));
|
||||
echo $eventId;
|
||||
$event['Event']['id'] = $eventId;
|
||||
echo $this->element('side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event));
|
||||
?>
|
||||
<style>
|
||||
.selectedLines td,
|
||||
|
@ -100,16 +127,38 @@ if(afterUpload == 1)
|
|||
|
||||
}
|
||||
}
|
||||
$("input[type='checkbox']").change(function (e) {
|
||||
|
||||
$('#graspSelectedText').on('click',function(){
|
||||
var SelectedData = new Array();
|
||||
var i = 0;
|
||||
$('#individualLines').find('tr').each(function () {
|
||||
var row = $(this);
|
||||
if (row.find('input[type="checkbox"]').is(':checked')) {
|
||||
row.find("td:first").remove();
|
||||
|
||||
SelectedData[i]={
|
||||
"filepath" : $(row).find('td:eq(1)').text(),
|
||||
"file_size" :$(row).find('td:eq(2)').text(),
|
||||
"activity_type" : $(row).find('td:eq(3)').text(),
|
||||
"time_accessed" : $(row).find('td:eq(4)').text(),
|
||||
"permissions" : $(row).find('td:eq(5)').text(),
|
||||
"file_name" : $("#file_name").val()
|
||||
}
|
||||
$(this).remove();
|
||||
i++;
|
||||
}
|
||||
|
||||
});
|
||||
if(i > 0)
|
||||
{
|
||||
$('#object_templates').show();
|
||||
SelectedData =JSON.stringify(SelectedData);
|
||||
$('#SelectedDataMactimeData').val(SelectedData);
|
||||
}
|
||||
else
|
||||
$('#object_templates').hide();
|
||||
|
||||
|
||||
|
||||
});
|
||||
})
|
||||
|
||||
|
||||
function processString(text)
|
||||
|
|
Loading…
Reference in New Issue