MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [console:ls22shell] Improved collaboration with extended event check logic and slightly increased score budget

pull/9044/head
Sami Mokaddem 2023-04-20 15:21:28 +02:00
parent 8d244bc981
commit 1cf11dc96a
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/Console/Command/Ls22Shell.php
View File

@ -488,9 +488,9 @@ class Ls22Shell extends AppShell
'extending_events' => 0,
];
foreach ($events['response'] as $event) {
$event_uuid_per_org[$event['Event']['uuid']] = $org_name;
$event_uuid_per_org[$event['Event']['uuid']] = $event['Event']['Orgc']['name'];
if (!empty($event['Event']['extends_uuid'])) {
$event_extended_uuids[$org_name] = $event['Event']['extends_uuid'];
$event_extended_uuids[$event['Event']['Orgc']['name']][] = $event['Event']['extends_uuid'];
}
if (!empty($event['Event']['Tag'])) {
@ -553,14 +553,16 @@ class Ls22Shell extends AppShell
}
}
foreach ($event_extended_uuids as $orgc => $uuid) {
if (!empty($event_uuid_per_org[$uuid])) {
$org_name = $event_uuid_per_org[$uuid];
if ($orgc != $org_name) {
// Add point for org extending another event
$results[$orgc]['extending_events'] += 1;
// Add point for org getting their event extended
$results[$org_name]['events_extended'] += 1;
foreach ($event_extended_uuids as $orgc => $uuids) {
foreach ($uuids as $uuid) {
if (!empty($event_uuid_per_org[$uuid])) {
$org_name = $event_uuid_per_org[$uuid];
if ($orgc != $org_name) {
// Add point for org extending another event
$results[$orgc]['extending_events'] += 1;
// Add point for org getting their event extended
$results[$org_name]['events_extended'] += 1;
}
}
}
}
@ -581,6 +583,7 @@ class Ls22Shell extends AppShell
$results[$k]['metrics']['attack_weight'] = 100 * (2*($result['attack']) + $result['attribute_attack']) / ($result['attribute_count'] + $result['object_count']);
$results[$k]['metrics']['other_weight'] = 100 * (2*($result['other']) + $result['attribute_other']) / ($result['attribute_count'] + $result['object_count']);
$results[$k]['metrics']['collaboration'] = 100 * ((2*$result['events_extended'] + $result['extending_events']) / $result['event_count']);
$results[$k]['metrics']['collaboration'] = 100 * (2*(2*$result['events_extended'] + $result['extending_events']) / $result['event_count']);
}
foreach (['connectedness', 'attack_weight', 'other_weight', 'warnings', 'collaboration'] as $metric) {
if (empty($results[$k]['metrics'][$metric])) {