MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [event block rule system] added 

- add simple tag filters to block events from being added.
- it will not stop a manual creation of an event with subsequent adding of the tag in a later stage
- it will however block synced events
pull/6078/head
iglocska 2020-06-30 10:45:36 +02:00
parent 54543eb866
commit 3ec5fcba0b
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
5 changed files with 118 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
app/Controller/ServersController.php
View File

@ -636,6 +636,49 @@ class ServersController extends AppController
}
}
public function eventBlockRule()
{
$this->AdminSetting = ClassRegistry::init('AdminSetting');
$setting = $this->AdminSetting->find('first', [
'conditions' => ['setting' => 'eventBlockRule'],
'recursive' => -1
]);
if (empty($setting)) {
$setting = ['setting' => 'eventBlockRule'];
if ($this->request->is('post')) {
$this->AdminSetting->create();
}
}
if ($this->request->is('post')) {
if (!empty($this->request->data['Server'])) {
$this->request->data = $this->request->data['Server'];
}
$setting['AdminSetting']['setting'] = 'eventBlockRule';
$setting['AdminSetting']['value'] = $this->request->data['value'];
$result = $this->AdminSetting->save($setting);
if ($result) {
$message = __('Settings saved');
} else {
$message = __('Could not save the settings. Invalid input.');
}
if ($this->_isRest()) {
if ($result) {
return $this->RestResponse->saveFailResponse('Servers', 'eventBlockRule', false, $message, $this->response->type());
} else {
return $this->RestResponse->saveSuccessResponse('Servers', 'eventBlockRule', $message, $this->response->type());
}
} else {
if ($result) {
$this->Flash->success($message);
$this->redirect('/');
} else {
$this->Flash->error($message);
}
}
}
$this->set('setting', $setting);
}
/**
* Pull one or more events with attributes from a remote instance.
* Set $technique to

38
app/Model/Event.php
View File

@ -3418,6 +3418,39 @@ class Event extends AppModel
return $attributes;
}
public function checkEventBlockRules($event)
{
$this->AdminSetting = ClassRegistry::init('AdminSetting');
$setting = $this->AdminSetting->find('first', [
'conditions' => ['setting' => 'eventBlockRule'],
'recursive' => -1
]);
if (empty($setting) || empty($setting['AdminSetting']['value'])) {
return true;
}
$rules = json_decode($setting['AdminSetting']['value'], true);
if (empty($rules)) {
return true;
}
if (!empty($rules['tags'])) {
if (!is_array($rules['tags'])) {
$rules['tags'] = [$rules['tags']];
}
$eventTags = Hash::extract($event, 'Event.Tag.{n}.name');
if (empty($eventTags)) {
$eventTags = Hash::extract($event, 'Event.EventTag.{n}.Tag.name');
}
if (!empty($eventTags)) {
foreach ($rules['tags'] as $blockTag) {
if (in_array($blockTag, $eventTags)) {
return false;
}
}
}
}
return true;
}
// Low level function to add an Event based on an Event $data array
public function _add(array &$data, $fromXml, array $user, $org_id = 0, $passAlong = null, $fromPull = false, $jobId = null, &$created_id = 0, &$validationErrors = array())
{
@ -3431,6 +3464,9 @@ class Event extends AppModel
return 'Blocked by blacklist';
}
}
if (!$this->checkEventBlockRules($data)) {
return 'Blocked by event block rules';
}
if (empty($data['Event']['Attribute']) && empty($data['Event']['Object']) && !empty($data['Event']['published'])) {
$this->Log = ClassRegistry::init('Log');
$this->Log->create();
@ -3686,7 +3722,7 @@ class Event extends AppModel
}
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
// do the necessary actions to publish the event (email, upload,...)
if (('true' != Configure::read('MISP.disablerestalert')) && (empty($server) || $server['Server']['publish_without_email'] == 0)) {
if (('true' != Configure::read('MISP.disablerestalert')) && (empty($server) || empty($server['Server']['publish_without_email']))) {
$this->sendAlertEmailRouter($this->getID(), $user);
}
$this->publish($this->getID(), $passAlong);

5
app/View/Elements/genericElements/SideMenu/side_menu.ctp
View File

@ -834,6 +834,11 @@
'text' => __('Scheduled Tasks')
));
}
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'eventBlockRule',
'url' => '/servers/eventBlockRule',
'text' => __('Event Block Rules')
));
if (Configure::read('MISP.enableEventBlacklisting') !== false) {
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
'element_id' => 'eventBlacklistsAdd',

5
app/View/Elements/global_menu.ctp
View File

@ -357,6 +357,11 @@
'url' => '/tasks',
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
),
array(
'text' => __('Event Block Rules'),
'url' => '/servers/eventBlockRule',
'requirement' => $isSiteAdmin
),
array(
'type' => 'separator',
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin

28
app/View/Servers/event_block_rule.ctp Normal file
View File

@ -0,0 +1,28 @@
<?php
$modelForForm = 'Server';
$action = 'eventBlockRule';
echo $this->element('genericElements/Form/genericForm', array(
'form' => $this->Form,
'data' => array(
'title' => __('Set event block rules'),
'model' => $modelForForm,
'fields' => array(
array(
'field' => 'value',
'label' => __('Rule set (json)'),
'class' => 'input span6',
'type' => 'textarea',
'placeholder' =>
'{
"tags": ["pandemic:covid-19=\"cyber\""]
}',
'default' => !empty($setting['AdminSetting']['value']) ? $setting['AdminSetting']['value'] : ''
)
),
'submit' => array(
'action' => $action
)
)
));
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'admin', 'menuItem' => 'eventBlockRule'));
?>