mirror of https://github.com/MISP/MISP
fix: [attribute:bro] Restored bro export
The broExport should probably be rewritten to sue the standard restSearch export later onpull/8777/merge
parent
edfdc5bfa2
commit
2c30e9af7e
|
@ -4320,8 +4320,8 @@ class EventsController extends AppController
|
|||
'checkbox' => false,
|
||||
),
|
||||
'bro' => array(
|
||||
// 'url' => $this->baseurl . '/attributes/bro/download/all/false/' . $id,
|
||||
'url' => $this->baseurl . '/attributes/restSearch/returnFormat:bro/published:1||0/eventid:' . $id,
|
||||
'url' => $this->baseurl . '/attributes/bro/download/all/false/' . $id,
|
||||
// 'url' => $this->baseurl . '/attributes/restSearch/returnFormat:bro/published:1||0/eventid:' . $id,
|
||||
'text' => __('Bro rules'),
|
||||
'requiresPublished' => false,
|
||||
'checkbox' => false,
|
||||
|
|
|
@ -3023,6 +3023,100 @@ class Attribute extends AppModel
|
|||
return $totalCount + $incrementTotalBy;
|
||||
}
|
||||
|
||||
public function bro($user, $type, $tags = false, $eventId = false, $from = false, $to = false, $last = false, $enforceWarninglist = false, $skipHeader = false)
|
||||
{
|
||||
App::uses('BroExport', 'Export');
|
||||
$export = new BroExport();
|
||||
if ($type == 'all') {
|
||||
$types = array_keys($export->mispTypes);
|
||||
} else {
|
||||
$types = array($type);
|
||||
}
|
||||
$intel = array();
|
||||
foreach ($types as $type) {
|
||||
//restricting to non-private or same org if the user is not a site-admin.
|
||||
$conditions['AND'] = array('Attribute.to_ids' => 1, 'Event.published' => 1);
|
||||
if ($from) {
|
||||
$conditions['AND']['Event.date >='] = $from;
|
||||
}
|
||||
if ($to) {
|
||||
$conditions['AND']['Event.date <='] = $to;
|
||||
}
|
||||
if ($last) {
|
||||
$conditions['AND']['Event.publish_timestamp >='] = $last;
|
||||
}
|
||||
if ($eventId !== false) {
|
||||
$temp = array();
|
||||
$args = $this->dissectArgs($eventId);
|
||||
foreach ($args[0] as $accepted) {
|
||||
$temp['OR'][] = array('Event.id' => $accepted);
|
||||
}
|
||||
$conditions['AND'][] = $temp;
|
||||
$temp = array();
|
||||
foreach ($args[1] as $rejected) {
|
||||
$temp['AND'][] = array('Event.id !=' => $rejected);
|
||||
}
|
||||
$conditions['AND'][] = $temp;
|
||||
}
|
||||
if ($tags !== false) {
|
||||
// If we sent any tags along, load the associated tag names for each attribute
|
||||
$tag = ClassRegistry::init('Tag');
|
||||
$args = $this->dissectArgs($tags);
|
||||
$tagArray = $tag->fetchEventTagIds($args[0], $args[1]);
|
||||
$temp = array();
|
||||
foreach ($tagArray[0] as $accepted) {
|
||||
$temp['OR'][] = array('Event.id' => $accepted);
|
||||
}
|
||||
$conditions['AND'][] = $temp;
|
||||
$temp = array();
|
||||
foreach ($tagArray[1] as $rejected) {
|
||||
$temp['AND'][] = array('Event.id !=' => $rejected);
|
||||
}
|
||||
$conditions['AND'][] = $temp;
|
||||
}
|
||||
$this->Allowedlist = ClassRegistry::init('Allowedlist');
|
||||
$this->allowedlist = $this->Allowedlist->getBlockedValues();
|
||||
$instanceString = 'MISP';
|
||||
if (Configure::read('MISP.host_org_id') && Configure::read('MISP.host_org_id') > 0) {
|
||||
$this->Event->Orgc->id = Configure::read('MISP.host_org_id');
|
||||
if ($this->Event->Orgc->exists()) {
|
||||
$instanceString = $this->Event->Orgc->field('name') . ' MISP';
|
||||
}
|
||||
}
|
||||
$mispTypes = $export->getMispTypes($type);
|
||||
foreach ($mispTypes as $mispType) {
|
||||
$conditions['AND']['Attribute.type'] = $mispType[0];
|
||||
$intel = array_merge($intel, $this->__bro($user, $conditions, $mispType[1], $export, $this->allowedlist, $instanceString, $enforceWarninglist));
|
||||
}
|
||||
}
|
||||
natsort($intel);
|
||||
$intel = array_unique($intel);
|
||||
if (empty($skipHeader)) {
|
||||
array_unshift($intel, $export->header);
|
||||
}
|
||||
return $intel;
|
||||
}
|
||||
|
||||
private function __bro($user, $conditions, $valueField, $export, $allowedlist, $instanceString, $enforceWarninglist)
|
||||
{
|
||||
$attributes = $this->fetchAttributes(
|
||||
$user,
|
||||
array(
|
||||
'conditions' => $conditions, // array of conditions
|
||||
'order' => 'Attribute.value' . $valueField . ' ASC',
|
||||
'recursive' => -1, // int
|
||||
'fields' => array('Attribute.id', 'Attribute.event_id', 'Attribute.type', 'Attribute.category', 'Attribute.comment', 'Attribute.to_ids', 'Attribute.value', 'Attribute.value' . $valueField),
|
||||
'contain' => array('Event' => array('fields' => array('Event.id', 'Event.threat_level_id', 'Event.orgc_id', 'Event.uuid'))),
|
||||
'enforceWarninglist' => $enforceWarninglist,
|
||||
'flatten' => 1
|
||||
)
|
||||
);
|
||||
$orgs = $this->Event->Orgc->find('list', array(
|
||||
'fields' => array('Orgc.id', 'Orgc.name')
|
||||
));
|
||||
return $export->export($attributes, $orgs, $valueField, $allowedlist, $instanceString);
|
||||
}
|
||||
|
||||
public function set_filter_uuid(&$params, $conditions, $options)
|
||||
{
|
||||
if (!empty($params['uuid'])) {
|
||||
|
|
Loading…
Reference in New Issue