mirror of https://github.com/MISP/MISP
add: [restSearch] STIX 1 & 2 export for restSearch
Features to be merged: - Export of multiple MISP events - Fetching events and writing them into files, each file containing at most a number of attributes defined by a limit - Each file is then parsed instead of parsing each event individualy, which reduces the number of times the python scripts are called, reducing the execution time of the overall process - The result is then returned as on single file read and displayedpull/3766/head
parent
d492c96efa
commit
445bd0c84c
|
@ -3066,7 +3066,7 @@ class EventsController extends AppController
|
|||
'suricata' => array('txt', 'NidsSuricataExport'),
|
||||
'snort' => array('txt', 'NidsSnortExport'),
|
||||
'rpz' => array('rpz', 'RPZExport'),
|
||||
'stix' => array('xml', 'StixExport'),
|
||||
'stix' => array('xml', 'Stix1Export'),
|
||||
'stix2' => array('json', 'Stix2Export'),
|
||||
'text' => array('text', 'TextExport')
|
||||
);
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
<?php
|
||||
|
||||
App::uses('StixExport', 'Export');
|
||||
|
||||
class Stix1Export extends StixExport
|
||||
{
|
||||
protected $__attributes_limit = 15000;
|
||||
private $__script_name = 'misp2stix.py ';
|
||||
private $__baseurl = null;
|
||||
private $__org = null;
|
||||
|
||||
protected function initiate_framing_params($return_type)
|
||||
{
|
||||
$this->__baseurl = escapeshellarg(Configure::read('MISP.baseurl'));
|
||||
$this->__org = escapeshellarg(Configure::read('MISP.org'));
|
||||
$framing_file = $this->__scripts_dir . 'misp_framing.py ';
|
||||
return 'python3 ' . $framing_file . $return_type . ' ' . $this->__baseurl . ' ' . $this->__org . ' xml' . $this->__end_of_cmd;
|
||||
}
|
||||
|
||||
protected function __parse_misp_events($filename)
|
||||
{
|
||||
$scriptFile = $this->__scripts_dir . $this->__script_name;
|
||||
return shell_exec('python3 ' . $scriptFile . ' ' . $filename . ' xml ' . $this->__baseurl . ' ' . $this->__org . $this->__end_of_cmd);
|
||||
}
|
||||
}
|
|
@ -1,56 +1,22 @@
|
|||
<?php
|
||||
|
||||
class Stix2Export
|
||||
App::uses('StixExport', 'Export');
|
||||
|
||||
class Stix2Export extends StixExport
|
||||
{
|
||||
private $end_of_cmd = ' 2>' . APP . 'tmp/logs/exec-errors.log';
|
||||
private $__tmpDir = APP . 'files/scripts/';
|
||||
public $non_restrictive_export = true;
|
||||
public function handler($data, $options = array())
|
||||
protected $__attributes_limit = 15000;
|
||||
private $__script_name = 'stix2/misp2stix2.py ';
|
||||
|
||||
protected function initiate_framing_params($return_type)
|
||||
{
|
||||
$randomFileName = $this->generateRandomFileName();
|
||||
$tmpDir = $this->__tmpDir . 'tmp/';
|
||||
App::uses('JSONConverterTool', 'Tools');
|
||||
$converter = new JSONConverterTool();
|
||||
$event = $converter->convert($data);
|
||||
$tempFile = new File($tmpDir . $randomFileName, true, 0644);
|
||||
$tempFile->write($event);
|
||||
unset($event);
|
||||
$scriptFile = $this->__tmpDir . 'stix2/misp2stix2.py';
|
||||
$stix_cmd = 'python3 ' . $scriptFile . ' ' . $tempFile->path . ' org' . $this->end_of_cmd;
|
||||
$result = shell_exec($stix_cmd);
|
||||
$decoded = json_decode($result, true);
|
||||
$tempFile->close();
|
||||
$tempFile->delete();
|
||||
if (!isset($decoded['success']) || !$decoded['success']) {
|
||||
return '';
|
||||
}
|
||||
$file = new File($tmpDir . $randomFileName . '.out');
|
||||
$stix_event = $file->read();
|
||||
$file->close();
|
||||
$file->delete();
|
||||
return $stix_event;
|
||||
$framing_file = $this->__scripts_dir . 'misp_framing.py ';
|
||||
return 'python3 ' . $framing_file . $return_type . ' ' . escapeshellarg(CakeText::uuid()) . $this->__end_of_cmd;
|
||||
}
|
||||
|
||||
public function header()
|
||||
protected function __parse_misp_events($filename)
|
||||
{
|
||||
$framing_file = $this->__tmpDir . 'misp_framing.py ';
|
||||
$framing_cmd = 'python3 ' . $framing_file . 'stix2 ' . escapeshellarg(CakeText::uuid()) . $this->end_of_cmd;
|
||||
$this->framing = json_decode(shell_exec($framing_cmd), true);
|
||||
return $this->framing['header'];
|
||||
}
|
||||
|
||||
public function footer()
|
||||
{
|
||||
return $this->framing['footer'];
|
||||
}
|
||||
|
||||
public function separator()
|
||||
{
|
||||
return $this->framing['separator'];
|
||||
}
|
||||
|
||||
public function generateRandomFileName()
|
||||
{
|
||||
return (new RandomTool())->random_str(false, 12);
|
||||
$scriptFile = $this->__scripts_dir . $this->__script_name;
|
||||
$filename = $this->__scripts_dir . 'tmp/' . $filename;
|
||||
return shell_exec('python3 ' . $scriptFile . ' ' . $filename . $this->__end_of_cmd);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,18 +2,16 @@
|
|||
|
||||
class StixExport
|
||||
{
|
||||
private $__attributes_limit = 10000;
|
||||
private $__scripts_dir = APP . 'files/scripts/';
|
||||
protected $__scripts_dir = APP . 'files/scripts/';
|
||||
protected $__end_of_cmd = ' 2>' . APP . 'tmp/logs/exec-errors.log';
|
||||
|
||||
private $__tmp_dir = null;
|
||||
private $__end_of_cmd = ' 2>' . APP . 'tmp/logs/exec-errors.log';
|
||||
private $__randomFileName = null;
|
||||
private $__baseurl = null;
|
||||
private $__org = null;
|
||||
private $__framing = null;
|
||||
private $__stix_file = null;
|
||||
private $__tmp_file = null;
|
||||
private $__n_attributes = 0;
|
||||
private $__filenames = array();
|
||||
|
||||
public $non_restrictive_export = true;
|
||||
|
||||
public function handler($data, $options = array())
|
||||
|
@ -48,25 +46,33 @@ class StixExport
|
|||
|
||||
public function header($options = array())
|
||||
{
|
||||
$this->__randomFileName = $this->generateRandomFileName();
|
||||
$framing_cmd = $this->initiate_framing_params($options['returnFormat']);
|
||||
$randomFileName = $this->generateRandomFileName();
|
||||
$this->__tmp_dir = $this->__scripts_dir . 'tmp/';
|
||||
$this->__baseurl = escapeshellarg(Configure::read('MISP.baseurl'));
|
||||
$this->__org = escapeshellarg(Configure::read('MISP.org'));
|
||||
$framing_file = $this->__scripts_dir . 'misp_framing.py ';
|
||||
$framing_cmd = 'python3 ' . $framing_file . 'stix ' . $this->__baseurl . ' ' . $this->__org . ' xml' . $this->__end_of_cmd;
|
||||
$this->__framing = json_decode(shell_exec($framing_cmd), true);
|
||||
$this->__stix_file = new File($this->__tmp_dir . $this->__randomFileName . '.stix');
|
||||
$this->__stix_file = new File($this->__tmp_dir . $randomFileName . '.stix');
|
||||
$this->__stix_file->write($this->__framing['header']);
|
||||
$this->__initialize_misp_file();
|
||||
return '';
|
||||
}
|
||||
|
||||
public function footer($options = array())
|
||||
public function footer()
|
||||
{
|
||||
$this->__tmp_file->append(']}');
|
||||
$this->__tmp_file->close();
|
||||
foreach ($this->__filenames as $filename) {
|
||||
$this->__parse_misp_events($filename);
|
||||
$result = $this->__parse_misp_events($filename);
|
||||
$decoded = json_decode($result, true);
|
||||
if (!isset($decoded['success']) || !$decoded['success']) {
|
||||
return '';
|
||||
}
|
||||
$file = new File($this->__tmp_dir . $filename . '.out');
|
||||
$stix_event = $file->read();
|
||||
$file->close();
|
||||
$file->delete();
|
||||
unlink($this->__tmp_dir . $filename);
|
||||
$this->__stix_file->append($stix_event . $this->__framing['separator']);
|
||||
unset($stix_event);
|
||||
}
|
||||
$stix_event = $this->__stix_file->read();
|
||||
$this->__stix_file->close();
|
||||
|
@ -76,7 +82,7 @@ class StixExport
|
|||
return $stix_event;
|
||||
}
|
||||
|
||||
public function separator($options = array())
|
||||
public function separator()
|
||||
{
|
||||
return '';
|
||||
}
|
||||
|
@ -89,23 +95,6 @@ class StixExport
|
|||
array_push($this->__filenames, $randomFileName);
|
||||
}
|
||||
|
||||
private function __parse_misp_events($filename)
|
||||
{
|
||||
$scriptFile = $this->__scripts_dir . 'misp2stix.py';
|
||||
$result = shell_exec('python3 ' . $scriptFile . ' ' . $filename . ' xml ' . $this->__baseurl . ' ' . $this->__org . $this->__end_of_cmd);
|
||||
$decoded = json_decode($result, true);
|
||||
if (!isset($decoded['success']) || !$decoded['success']) {
|
||||
return '';
|
||||
}
|
||||
$file = new File($this->__tmp_dir . $filename . '.out');
|
||||
$stix_event = $file->read();
|
||||
$file->close();
|
||||
$file->delete();
|
||||
unlink($this->__tmp_dir . $filename);
|
||||
$this->__stix_file->append($stix_event . $this->__framing['separator']);
|
||||
unset($stix_event);
|
||||
}
|
||||
|
||||
public function generateRandomFileName()
|
||||
{
|
||||
return (new RandomTool())->random_str(false, 12);
|
||||
|
|
Loading…
Reference in New Issue