MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

add: [restSearch] STIX 1 & 2 export for restSearch 

Features to be merged:
- Export of multiple MISP events
- Fetching events and writing them into files, each
  file containing at most a number of attributes
  defined by a limit
- Each file is then parsed instead of parsing each
  event individualy, which reduces the number of
  times the python scripts are called, reducing
  the execution time of the overall process
- The result is then returned as on single file
  read and displayed
pull/3766/head
chrisr3d 2018-10-04 22:11:30 +02:00
parent d492c96efa
commit 445bd0c84c
No known key found for this signature in database
GPG Key ID: 6BBED1B63A6D639F
4 changed files with 60 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/EventsController.php
View File

@ -3066,7 +3066,7 @@ class EventsController extends AppController
'suricata' => array('txt', 'NidsSuricataExport'),
'snort' => array('txt', 'NidsSnortExport'),
'rpz' => array('rpz', 'RPZExport'),
'stix' => array('xml', 'StixExport'),
'stix' => array('xml', 'Stix1Export'),
'stix2' => array('json', 'Stix2Export'),
'text' => array('text', 'TextExport')
);

25
app/Lib/Export/Stix1Export.php Normal file
View File

@ -0,0 +1,25 @@
<?php
App::uses('StixExport', 'Export');
class Stix1Export extends StixExport
{
protected $__attributes_limit = 15000;
private $__script_name = 'misp2stix.py ';
private $__baseurl = null;
private $__org = null;
protected function initiate_framing_params($return_type)
{
$this->__baseurl = escapeshellarg(Configure::read('MISP.baseurl'));
$this->__org = escapeshellarg(Configure::read('MISP.org'));
$framing_file = $this->__scripts_dir . 'misp_framing.py ';
return 'python3 ' . $framing_file . $return_type . ' ' . $this->__baseurl . ' ' . $this->__org . ' xml' . $this->__end_of_cmd;
}
protected function __parse_misp_events($filename)
{
$scriptFile = $this->__scripts_dir . $this->__script_name;
return shell_exec('python3 ' . $scriptFile . ' ' . $filename . ' xml ' . $this->__baseurl . ' ' . $this->__org . $this->__end_of_cmd);
}
}

60
app/Lib/Export/Stix2Export.php
View File

@ -1,56 +1,22 @@
<?php
class Stix2Export
App::uses('StixExport', 'Export');
class Stix2Export extends StixExport
{
private $end_of_cmd = ' 2>' . APP . 'tmp/logs/exec-errors.log';
private $__tmpDir = APP . 'files/scripts/';
public $non_restrictive_export = true;
public function handler($data, $options = array())
protected $__attributes_limit = 15000;
private $__script_name = 'stix2/misp2stix2.py ';
protected function initiate_framing_params($return_type)
{
$randomFileName = $this->generateRandomFileName();
$tmpDir = $this->__tmpDir . 'tmp/';
App::uses('JSONConverterTool', 'Tools');
$converter = new JSONConverterTool();
$event = $converter->convert($data);
$tempFile = new File($tmpDir . $randomFileName, true, 0644);
$tempFile->write($event);
unset($event);
$scriptFile = $this->__tmpDir . 'stix2/misp2stix2.py';
$stix_cmd = 'python3 ' . $scriptFile . ' ' . $tempFile->path . ' org' . $this->end_of_cmd;
$result = shell_exec($stix_cmd);
$decoded = json_decode($result, true);
$tempFile->close();
$tempFile->delete();
if (!isset($decoded['success']) || !$decoded['success']) {
return '';
}
$file = new File($tmpDir . $randomFileName . '.out');
$stix_event = $file->read();
$file->close();
$file->delete();
return $stix_event;
$framing_file = $this->__scripts_dir . 'misp_framing.py ';
return 'python3 ' . $framing_file . $return_type . ' ' . escapeshellarg(CakeText::uuid()) . $this->__end_of_cmd;
}
public function header()
protected function __parse_misp_events($filename)
{
$framing_file = $this->__tmpDir . 'misp_framing.py ';
$framing_cmd = 'python3 ' . $framing_file . 'stix2 ' . escapeshellarg(CakeText::uuid()) . $this->end_of_cmd;
$this->framing = json_decode(shell_exec($framing_cmd), true);
return $this->framing['header'];
}
public function footer()
{
return $this->framing['footer'];
}
public function separator()
{
return $this->framing['separator'];
}
public function generateRandomFileName()
{
return (new RandomTool())->random_str(false, 12);
$scriptFile = $this->__scripts_dir . $this->__script_name;
$filename = $this->__scripts_dir . 'tmp/' . $filename;
return shell_exec('python3 ' . $scriptFile . ' ' . $filename . $this->__end_of_cmd);
}
}

53
app/Lib/Export/StixExport.php
View File

@ -2,18 +2,16 @@
class StixExport
{
private $__attributes_limit = 10000;
private $__scripts_dir = APP . 'files/scripts/';
protected $__scripts_dir = APP . 'files/scripts/';
protected $__end_of_cmd = ' 2>' . APP . 'tmp/logs/exec-errors.log';
private $__tmp_dir = null;
private $__end_of_cmd = ' 2>' . APP . 'tmp/logs/exec-errors.log';
private $__randomFileName = null;
private $__baseurl = null;
private $__org = null;
private $__framing = null;
private $__stix_file = null;
private $__tmp_file = null;
private $__n_attributes = 0;
private $__filenames = array();
public $non_restrictive_export = true;
public function handler($data, $options = array())
@ -48,25 +46,33 @@ class StixExport
public function header($options = array())
{
$this->__randomFileName = $this->generateRandomFileName();
$framing_cmd = $this->initiate_framing_params($options['returnFormat']);
$randomFileName = $this->generateRandomFileName();
$this->__tmp_dir = $this->__scripts_dir . 'tmp/';
$this->__baseurl = escapeshellarg(Configure::read('MISP.baseurl'));
$this->__org = escapeshellarg(Configure::read('MISP.org'));
$framing_file = $this->__scripts_dir . 'misp_framing.py ';
$framing_cmd = 'python3 ' . $framing_file . 'stix ' . $this->__baseurl . ' ' . $this->__org . ' xml' . $this->__end_of_cmd;
$this->__framing = json_decode(shell_exec($framing_cmd), true);
$this->__stix_file = new File($this->__tmp_dir . $this->__randomFileName . '.stix');
$this->__stix_file = new File($this->__tmp_dir . $randomFileName . '.stix');
$this->__stix_file->write($this->__framing['header']);
$this->__initialize_misp_file();
return '';
}
public function footer($options = array())
public function footer()
{
$this->__tmp_file->append(']}');
$this->__tmp_file->close();
foreach ($this->__filenames as $filename) {
$this->__parse_misp_events($filename);
$result = $this->__parse_misp_events($filename);
$decoded = json_decode($result, true);
if (!isset($decoded['success']) || !$decoded['success']) {
return '';
}
$file = new File($this->__tmp_dir . $filename . '.out');
$stix_event = $file->read();
$file->close();
$file->delete();
unlink($this->__tmp_dir . $filename);
$this->__stix_file->append($stix_event . $this->__framing['separator']);
unset($stix_event);
}
$stix_event = $this->__stix_file->read();
$this->__stix_file->close();
@ -76,7 +82,7 @@ class StixExport
return $stix_event;
}
public function separator($options = array())
public function separator()
{
return '';
}
@ -89,23 +95,6 @@ class StixExport
array_push($this->__filenames, $randomFileName);
}
private function __parse_misp_events($filename)
{
$scriptFile = $this->__scripts_dir . 'misp2stix.py';
$result = shell_exec('python3 ' . $scriptFile . ' ' . $filename . ' xml ' . $this->__baseurl . ' ' . $this->__org . $this->__end_of_cmd);
$decoded = json_decode($result, true);
if (!isset($decoded['success']) || !$decoded['success']) {
return '';
}
$file = new File($this->__tmp_dir . $filename . '.out');
$stix_event = $file->read();
$file->close();
$file->delete();
unlink($this->__tmp_dir . $filename);
$this->__stix_file->append($stix_event . $this->__framing['separator']);
unset($stix_event);
}
public function generateRandomFileName()
{
return (new RandomTool())->random_str(false, 12);