mirror of https://github.com/MISP/MISP
Export MISP tags as STIX journal entries
Richard van den Berg
parent
cbfcd0b883
commit
2eddbb5dcc
|
|
@ -1776,6 +1776,11 @@ class Event extends AppModel {
|
|||
}
|
||||
}
|
||||
}
|
||||
if (Configure::read('MISP.tagging')) {
|
||||
foreach ($events as &$event) {
|
||||
$event['Tag'] = $this->EventTag->Tag->findEventTags($event['Event']['id']);
|
||||
}
|
||||
}
|
||||
// generate a randomised filename for the temporary file that will be passed to the python script
|
||||
$randomFileName = $this->generateRandomFileName();
|
||||
$tempFile = new File (APP . "files" . DS . "scripts" . DS . "tmp" . DS . $randomFileName, true, 0644);
|
||||
|
|
|
|||
|
|
@ -84,6 +84,7 @@ class Tag extends AppModel {
|
|||
return array($acceptIds, $rejectIds);
|
||||
}
|
||||
|
||||
// find all of the event Ids that belong to tags with certain names
|
||||
public function findTags($array) {
|
||||
$ids = array();
|
||||
foreach ($array as $a) {
|
||||
|
|
@ -103,4 +104,22 @@ class Tag extends AppModel {
|
|||
}
|
||||
return $ids;
|
||||
}
|
||||
}
|
||||
|
||||
// find all tags that belong to a given eventId
|
||||
public function findEventTags($eventId) {
|
||||
$tags = array();
|
||||
$params = array(
|
||||
'recursive' => 1,
|
||||
'contain' => 'EventTag',
|
||||
);
|
||||
$result = $this->find('all', $params);
|
||||
foreach ($result as $tag) {
|
||||
foreach ($tag['EventTag'] as $eventTag) {
|
||||
if ($eventTag['event_id'] == $eventId) {
|
||||
$tags[] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
}
|
||||
return $tags;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -157,6 +157,7 @@ def generateSTIXObjects(event):
|
|||
incident.status = IncidentStatus(incident_status_name)
|
||||
setTLP(incident, event["Event"]["distribution"])
|
||||
setOrg(incident, event["Event"]["org"])
|
||||
setTag(incident, event["Tag"])
|
||||
resolveAttributes(incident, ttps, event["Attribute"])
|
||||
return [incident, ttps]
|
||||
|
||||
|
|
@ -307,6 +308,11 @@ def setOrg(target, org):
|
|||
information_source = InformationSource(identity = ident)
|
||||
target.information_source = information_source
|
||||
|
||||
# takes an object and adds the passed tags as journal entries to it.
|
||||
def setTag(target, tags):
|
||||
for tag in tags:
|
||||
addJournalEntry(target, "MISP Tag: " + tag["name"])
|
||||
|
||||
def addReference(target, reference):
|
||||
if hasattr(target.information_source, "references"):
|
||||
target.information_source.add_reference(reference)
|
||||
|
|
|
|||
Loading…
Reference in New Issue