mirror of https://github.com/MISP/MISP
new: [event block rule system] added
- add simple tag filters to block events from being added. - it will not stop a manual creation of an event with subsequent adding of the tag in a later stage - it will however block synced eventspull/6078/head
parent
54543eb866
commit
3ec5fcba0b
|
@ -636,6 +636,49 @@ class ServersController extends AppController
|
|||
}
|
||||
}
|
||||
|
||||
public function eventBlockRule()
|
||||
{
|
||||
$this->AdminSetting = ClassRegistry::init('AdminSetting');
|
||||
$setting = $this->AdminSetting->find('first', [
|
||||
'conditions' => ['setting' => 'eventBlockRule'],
|
||||
'recursive' => -1
|
||||
]);
|
||||
if (empty($setting)) {
|
||||
$setting = ['setting' => 'eventBlockRule'];
|
||||
if ($this->request->is('post')) {
|
||||
$this->AdminSetting->create();
|
||||
}
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if (!empty($this->request->data['Server'])) {
|
||||
$this->request->data = $this->request->data['Server'];
|
||||
}
|
||||
$setting['AdminSetting']['setting'] = 'eventBlockRule';
|
||||
$setting['AdminSetting']['value'] = $this->request->data['value'];
|
||||
$result = $this->AdminSetting->save($setting);
|
||||
if ($result) {
|
||||
$message = __('Settings saved');
|
||||
} else {
|
||||
$message = __('Could not save the settings. Invalid input.');
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
if ($result) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'eventBlockRule', false, $message, $this->response->type());
|
||||
} else {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'eventBlockRule', $message, $this->response->type());
|
||||
}
|
||||
} else {
|
||||
if ($result) {
|
||||
$this->Flash->success($message);
|
||||
$this->redirect('/');
|
||||
} else {
|
||||
$this->Flash->error($message);
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->set('setting', $setting);
|
||||
}
|
||||
|
||||
/**
|
||||
* Pull one or more events with attributes from a remote instance.
|
||||
* Set $technique to
|
||||
|
|
|
@ -3418,6 +3418,39 @@ class Event extends AppModel
|
|||
return $attributes;
|
||||
}
|
||||
|
||||
public function checkEventBlockRules($event)
|
||||
{
|
||||
$this->AdminSetting = ClassRegistry::init('AdminSetting');
|
||||
$setting = $this->AdminSetting->find('first', [
|
||||
'conditions' => ['setting' => 'eventBlockRule'],
|
||||
'recursive' => -1
|
||||
]);
|
||||
if (empty($setting) || empty($setting['AdminSetting']['value'])) {
|
||||
return true;
|
||||
}
|
||||
$rules = json_decode($setting['AdminSetting']['value'], true);
|
||||
if (empty($rules)) {
|
||||
return true;
|
||||
}
|
||||
if (!empty($rules['tags'])) {
|
||||
if (!is_array($rules['tags'])) {
|
||||
$rules['tags'] = [$rules['tags']];
|
||||
}
|
||||
$eventTags = Hash::extract($event, 'Event.Tag.{n}.name');
|
||||
if (empty($eventTags)) {
|
||||
$eventTags = Hash::extract($event, 'Event.EventTag.{n}.Tag.name');
|
||||
}
|
||||
if (!empty($eventTags)) {
|
||||
foreach ($rules['tags'] as $blockTag) {
|
||||
if (in_array($blockTag, $eventTags)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// Low level function to add an Event based on an Event $data array
|
||||
public function _add(array &$data, $fromXml, array $user, $org_id = 0, $passAlong = null, $fromPull = false, $jobId = null, &$created_id = 0, &$validationErrors = array())
|
||||
{
|
||||
|
@ -3431,6 +3464,9 @@ class Event extends AppModel
|
|||
return 'Blocked by blacklist';
|
||||
}
|
||||
}
|
||||
if (!$this->checkEventBlockRules($data)) {
|
||||
return 'Blocked by event block rules';
|
||||
}
|
||||
if (empty($data['Event']['Attribute']) && empty($data['Event']['Object']) && !empty($data['Event']['published'])) {
|
||||
$this->Log = ClassRegistry::init('Log');
|
||||
$this->Log->create();
|
||||
|
@ -3686,7 +3722,7 @@ class Event extends AppModel
|
|||
}
|
||||
if (!empty($data['Event']['published']) && 1 == $data['Event']['published']) {
|
||||
// do the necessary actions to publish the event (email, upload,...)
|
||||
if (('true' != Configure::read('MISP.disablerestalert')) && (empty($server) || $server['Server']['publish_without_email'] == 0)) {
|
||||
if (('true' != Configure::read('MISP.disablerestalert')) && (empty($server) || empty($server['Server']['publish_without_email']))) {
|
||||
$this->sendAlertEmailRouter($this->getID(), $user);
|
||||
}
|
||||
$this->publish($this->getID(), $passAlong);
|
||||
|
|
|
@ -834,6 +834,11 @@
|
|||
'text' => __('Scheduled Tasks')
|
||||
));
|
||||
}
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'element_id' => 'eventBlockRule',
|
||||
'url' => '/servers/eventBlockRule',
|
||||
'text' => __('Event Block Rules')
|
||||
));
|
||||
if (Configure::read('MISP.enableEventBlacklisting') !== false) {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu_link', array(
|
||||
'element_id' => 'eventBlacklistsAdd',
|
||||
|
|
|
@ -357,6 +357,11 @@
|
|||
'url' => '/tasks',
|
||||
'requirement' => Configure::read('MISP.background_jobs') && $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'text' => __('Event Block Rules'),
|
||||
'url' => '/servers/eventBlockRule',
|
||||
'requirement' => $isSiteAdmin
|
||||
),
|
||||
array(
|
||||
'type' => 'separator',
|
||||
'requirement' => Configure::read('MISP.enableEventBlacklisting') !== false && $isSiteAdmin
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
$modelForForm = 'Server';
|
||||
$action = 'eventBlockRule';
|
||||
echo $this->element('genericElements/Form/genericForm', array(
|
||||
'form' => $this->Form,
|
||||
'data' => array(
|
||||
'title' => __('Set event block rules'),
|
||||
'model' => $modelForForm,
|
||||
'fields' => array(
|
||||
array(
|
||||
'field' => 'value',
|
||||
'label' => __('Rule set (json)'),
|
||||
'class' => 'input span6',
|
||||
'type' => 'textarea',
|
||||
'placeholder' =>
|
||||
'{
|
||||
"tags": ["pandemic:covid-19=\"cyber\""]
|
||||
}',
|
||||
'default' => !empty($setting['AdminSetting']['value']) ? $setting['AdminSetting']['value'] : ''
|
||||
)
|
||||
),
|
||||
'submit' => array(
|
||||
'action' => $action
|
||||
)
|
||||
)
|
||||
));
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'admin', 'menuItem' => 'eventBlockRule'));
|
||||
?>
|
Loading…
Reference in New Issue