MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

CSV exports have a new column: to_ids 

- event level exports from the event view now export all attributes regardless of to_ids value

- to_ids value now has its own column in the csv exports
pull/274/merge
iglocska 2014-03-13 15:23:29 +01:00
parent 72ec7cc3e1
commit 1a777901b2
5 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Console/Command/EventShell.php
View File

@ -146,11 +146,11 @@ class EventShell extends AppShell
}
}
$final = array();
$final[] = 'uuid,event_id,category,type,value';
$final[] = 'uuid,event_id,category,type,value,to_ids';
$attributes = $this->Whitelist->removeWhitelistedFromArray($attributes, true);
foreach ($attributes as $attribute) {
if (!empty($attribute)) {
$final[] = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'];
$final[] = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'] . ',' . intval($attribute['Attribute']['to_ids']);
}
}
$dir = new Folder(APP . DS . '/tmp/cached_exports/' . $extra);

5
app/Controller/EventsController.php
View File

@ -1335,6 +1335,7 @@ class EventsController extends AppController {
// csv function
// Usage: csv($key, $eventid) - key can be a valid auth key or the string 'download'. Download requires the user to be logged in interactively and will generate a .csv file
// $eventid can be one of 3 options: left empty it will get all the visible to_ids attributes,
// $ignore is a flag that allows the export tool to ignore the ids flag. 0 = only IDS signatures, 1 = everything.
public function csv($key, $eventid=0, $ignore=0, $tags = '', $category=null, $type=null) {
if ($category == 'null') $category = null;
if ($type == 'null') $type = null;
@ -1367,7 +1368,7 @@ class EventsController extends AppController {
$final = array();
$attributes = $this->Whitelist->removeWhitelistedFromArray($attributes, true);
foreach ($attributes as $attribute) {
$final[] = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'];
$final[] = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'] . ',' . intval($attribute['Attribute']['to_ids']);
}
$this->response->type('csv'); // set the content type
@ -1379,7 +1380,7 @@ class EventsController extends AppController {
$this->header('Content-Disposition: download; filename="misp.event_' . $eventid . '.csv"');
}
$this->layout = 'text/default';
$this->set('headers', array('uuid', 'event_id', 'category', 'type', 'value'));
$this->set('headers', array('uuid', 'event_id', 'category', 'type', 'value', 'to_ids'));
$this->set('final', $final);
}

2
app/Model/Event.php
View File

@ -1020,7 +1020,7 @@ class Event extends AppModel {
}
$params = array(
'conditions' => $conditions, //array of conditions
'fields' => array('Attribute.event_id', 'Attribute.distribution', 'Attribute.category', 'Attribute.type', 'Attribute.value', 'Attribute.uuid'),
'fields' => array('Attribute.event_id', 'Attribute.distribution', 'Attribute.category', 'Attribute.type', 'Attribute.value', 'Attribute.uuid', 'Attribute.to_ids'),
);
$attributes = $this->Attribute->find('all', $params);
foreach ($attributes as &$attribute) {

2
app/View/Elements/side_menu.ctp
View File

@ -37,7 +37,7 @@
<li><a href="/events/xml/download/<?php echo $event['Event']['id'];?>">Download as XML</a></li>
<?php if (isset($event['Event']['published']) && $event['Event']['published']): ?>
<li><a href="/events/downloadOpenIOCEvent/<?php echo $event['Event']['id'];?>">Download as IOC</a></li>
<li><a href="/events/csv/download/<?php echo $event['Event']['id'];?>">Download as CSV</a></li>
<li><a href="/events/csv/download/<?php echo $event['Event']['id'];?>/1">Download as CSV</a></li>
<?php endif; ?>
<li class="divider"></li>
<li><a href="/events/index">List Events</a></li>

6
app/View/Events/automation.ctp
View File

@ -25,9 +25,9 @@ You can <?php echo $this->Html->link('reset', array('controller' => 'users', 'ac
<p>You can configure your tools to automatically download the following file:</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/</pre>
<p>You can specify additional flags for CSV exports as follows::</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/[event_id]/[event_id_ignore]/[tags]/[type]</pre>
<p>For example, to only download a csv generated of the "domain" type and the "Network Activity" category attributes all events except for the one with ID 7 and further restricting it to events that are tagged "tag1" or "tag2" but not "tag3", use the following syntax:</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/0/7/tag1&&tag2&&!tag3/Network%20Activity/domain</pre>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/[event_id]/[ignore_ids_signatures_only_rule]/[tags]/[type]</pre>
<p>For example, to only download a csv generated of the "domain" type and the "Network Activity" category attributes all events except for the one and further restricting it to events that are tagged "tag1" or "tag2" but not "tag3", only allowing attributes that are IDS flagged use the following syntax:</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/0/0/tag1&&tag2&&!tag3/Network%20Activity/domain</pre>
<p>To export the attributes of all events that are of the type "domain", use the following syntax:</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/0/0/null/null/domain</pre>
<h3>NIDS rules export</h3>