mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
47538a9a98
|
|
@ -439,7 +439,7 @@ CREATE TABLE IF NOT EXISTS objects (
|
|||
`distribution` tinyint(4) NOT NULL DEFAULT 0,
|
||||
`sharing_group_id` int(11),
|
||||
`comment` text COLLATE utf8_bin NOT NULL,
|
||||
`deleted` TINYINT NOT NULL DEFAULT 0,
|
||||
`deleted` tinyint(1) NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (id),
|
||||
INDEX `name` (`name`),
|
||||
INDEX `template_uuid` (`template_uuid`),
|
||||
|
|
|
|||
2
PyMISP
2
PyMISP
|
|
@ -1 +1 @@
|
|||
Subproject commit 6eb807381dfa3d2a9dd2a42fdd219d6f3cdfd1ff
|
||||
Subproject commit 7e797e5f6f2263a467fccf550575118a6d4848e9
|
||||
|
|
@ -33,7 +33,7 @@ MISP - Malware Information Sharing Platform and Threat Sharing
|
|||
|
||||
MISP, Malware Information Sharing Platform and Threat Sharing, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.
|
||||
|
||||
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Detection Intrusion System (NIDS), LIDS but also log analysis tools, SIEMs.
|
||||
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
|
||||
|
||||
MISP, Malware Information Sharing Platform and Threat Sharing, core functionalities are:
|
||||
|
||||
|
|
|
|||
|
|
@ -209,7 +209,7 @@ class EventShell extends AppShell
|
|||
App::uses('RPZExport', 'Export');
|
||||
$rpzExport = new RPZExport();
|
||||
$rpzSettings = array();
|
||||
$lookupData = array('policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl');
|
||||
$lookupData = array('policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl', 'ns_alt');
|
||||
foreach ($lookupData as $v) {
|
||||
$tempSetting = Configure::read('Plugin.RPZ_' . $v);
|
||||
if (isset($tempSetting)) $rpzSettings[$v] = Configure::read('Plugin.RPZ_' . $v);
|
||||
|
|
|
|||
|
|
@ -46,8 +46,8 @@ class AppController extends Controller {
|
|||
|
||||
public $helpers = array('Utility');
|
||||
|
||||
private $__queryVersion = '18';
|
||||
public $pyMispVersion = '2.4.79';
|
||||
private $__queryVersion = '19';
|
||||
public $pyMispVersion = '2.4.80';
|
||||
public $phpmin = '5.6.5';
|
||||
public $phprec = '7.0.16';
|
||||
|
||||
|
|
|
|||
|
|
@ -361,16 +361,18 @@ class AttributesController extends AppController {
|
|||
|
||||
if ($this->request->data['Attribute']['malware']) {
|
||||
if ($this->request->data['Attribute']['advanced']) {
|
||||
$result = $this->Attribute->advancedAddMalwareSample($tmpfile);
|
||||
$result = $this->Attribute->advancedAddMalwareSample(
|
||||
$eventId,
|
||||
$this->request->data['Attribute'],
|
||||
$filename,
|
||||
$tmpfile
|
||||
);
|
||||
if ($result) $success++;
|
||||
else $fails[] = $filename;
|
||||
} else {
|
||||
$result = $this->Attribute->simpleAddMalwareSample(
|
||||
$eventId,
|
||||
$this->request->data['Attribute']['category'],
|
||||
$this->request->data['Attribute']['distribution'],
|
||||
$this->request->data['Attribute']['distribution'] == 4 ? $this->request->data['Attribute']['sharing_group_id'] : 0,
|
||||
$this->request->data['Attribute']['comment'],
|
||||
$this->request->data['Attribute'],
|
||||
$filename,
|
||||
$tmpfile
|
||||
);
|
||||
|
|
@ -379,13 +381,6 @@ class AttributesController extends AppController {
|
|||
}
|
||||
if (!empty($result)) {
|
||||
foreach ($result['Object'] as $object) {
|
||||
$object['distribution'] = $this->request->data['Attribute']['distribution'];
|
||||
$object['sharing_group_id'] = isset($this->request->data['Attribute']['distribution']) ? $this->request->data['Attribute']['distribution'] : 0;
|
||||
if (!empty($object['Attribute'])) {
|
||||
foreach ($object['Attribute'] as $k => $attribute) {
|
||||
if ($attribute['value'] == $tmpfile->name) $object['Attribute'][$k]['value'] = $value['name'];
|
||||
}
|
||||
}
|
||||
$this->loadModel('MispObject');
|
||||
$this->MispObject->captureObject(array('Object' => $object), $eventId, $this->Auth->user());
|
||||
}
|
||||
|
|
@ -1820,7 +1815,9 @@ class AttributesController extends AppController {
|
|||
'conditions' => $conditions,
|
||||
'fields' => array('Attribute.*', 'Event.org_id', 'Event.distribution'),
|
||||
'withAttachments' => $withAttachments,
|
||||
'enforceWarninglist' => $enforceWarninglist
|
||||
'enforceWarninglist' => $enforceWarninglist,
|
||||
'includeAllTags' => true,
|
||||
'flatten' => 1
|
||||
);
|
||||
if ($deleted) {
|
||||
$params['deleted'] = 1;
|
||||
|
|
@ -1839,6 +1836,11 @@ class AttributesController extends AppController {
|
|||
if (!empty($results)) {
|
||||
$results = array('response' => array('Attribute' => $results));
|
||||
foreach ($results['response']['Attribute'] as $k => $v) {
|
||||
if (isset($results['response']['Attribute'][$k]['AttributeTag'])) {
|
||||
foreach ($results['response']['Attribute'][$k]['AttributeTag'] as $tk => $tag) {
|
||||
$results['response']['Attribute'][$k]['Attribute']['Tag'][$tk] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
$results['response']['Attribute'][$k] = $results['response']['Attribute'][$k]['Attribute'];
|
||||
unset(
|
||||
$results['response']['Attribute'][$k]['value1'],
|
||||
|
|
@ -2017,7 +2019,7 @@ class AttributesController extends AppController {
|
|||
$this->render('/Attributes/text');
|
||||
}
|
||||
|
||||
public function rpz($key='download', $tags=false, $eventId=false, $from=false, $to=false, $policy=false, $walled_garden = false, $ns = false, $email = false, $serial = false, $refresh = false, $retry = false, $expiry = false, $minimum_ttl = false, $ttl = false, $enforceWarninglist = false) {
|
||||
public function rpz($key='download', $tags=false, $eventId=false, $from=false, $to=false, $policy=false, $walled_garden = false, $ns = false, $email = false, $serial = false, $refresh = false, $retry = false, $expiry = false, $minimum_ttl = false, $ttl = false, $enforceWarninglist = false, $ns_alt = false) {
|
||||
// request handler for POSTed queries. If the request is a post, the parameters (apart from the key) will be ignored and replaced by the terms defined in the posted json or xml object.
|
||||
// The correct format for both is a "request" root element, as shown by the examples below:
|
||||
// For Json: {"request":{"policy": "walled-garden","garden":"garden.example.com"}}
|
||||
|
|
@ -2030,14 +2032,14 @@ class AttributesController extends AppController {
|
|||
$data = $this->request->data;
|
||||
}
|
||||
if (empty($data)) throw new BadRequestException('Either specify the search terms in the url, or POST a json array / xml (with the root element being "request" and specify the correct headers based on content type.');
|
||||
$paramArray = array('eventId', 'tags', 'from', 'to', 'policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl', 'enforceWarninglist');
|
||||
$paramArray = array('eventId', 'tags', 'from', 'to', 'policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl', 'enforceWarninglist', 'ns_alt');
|
||||
foreach ($paramArray as $p) {
|
||||
if (isset($data['request'][$p])) ${$p} = $data['request'][$p];
|
||||
else ${$p} = null;
|
||||
}
|
||||
}
|
||||
|
||||
$simpleFalse = array('eventId', 'tags', 'from', 'to', 'policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl', 'enforceWarninglist');
|
||||
$simpleFalse = array('eventId', 'tags', 'from', 'to', 'policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl', 'enforceWarninglist', 'ns_alt');
|
||||
foreach ($simpleFalse as $sF) {
|
||||
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) ${$sF} = false;
|
||||
}
|
||||
|
|
@ -2048,7 +2050,7 @@ class AttributesController extends AppController {
|
|||
|
||||
$this->loadModel('Server');
|
||||
$rpzSettings = array();
|
||||
$lookupData = array('policy', 'walled_garden', 'ns', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl');
|
||||
$lookupData = array('policy', 'walled_garden', 'ns', 'ns_alt', 'email', 'serial', 'refresh', 'retry', 'expiry', 'minimum_ttl', 'ttl');
|
||||
foreach ($lookupData as $v) {
|
||||
if (${$v} !== false) $rpzSettings[$v] = ${$v};
|
||||
else {
|
||||
|
|
|
|||
|
|
@ -2154,7 +2154,7 @@ class EventsController extends AppController {
|
|||
$attributes = $this->Event->csv($user, $eventid, $ignore, $list, false, $category, $type, $includeContext, $enforceWarninglist);
|
||||
$attributes = $this->Whitelist->removeWhitelistedFromArray($attributes, true);
|
||||
foreach ($attributes as $attribute) {
|
||||
$line = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'] . ',' . $attribute['Attribute']['comment'] . ',' . intval($attribute['Attribute']['to_ids']) . ',' . $attribute['Attribute']['timestamp'];
|
||||
$line = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'] . ',' . $attribute['Attribute']['comment'] . ',' . intval($attribute['Attribute']['to_ids']) . ',' . $attribute['Attribute']['timestamp'] . ',' . $attribute['Object']['uuid'] . ',' . $attribute['Object']['name'] . ',' . $attribute['Object']['meta-category'];
|
||||
if ($includeContext) {
|
||||
foreach ($this->Event->csv_event_context_fields_to_fetch as $header => $field) {
|
||||
if ($field['object']) $line .= ',' . $attribute['Event'][$field['object']][$field['var']];
|
||||
|
|
@ -2174,7 +2174,7 @@ class EventsController extends AppController {
|
|||
$filename = "misp.event_" . $exportType . ".csv";
|
||||
}
|
||||
$this->layout = 'text/default';
|
||||
$headers = array('uuid', 'event_id', 'category', 'type', 'value', 'comment', 'to_ids', 'date');
|
||||
$headers = array('uuid', 'event_id', 'category', 'type', 'value', 'comment', 'to_ids', 'date', 'object_uuid', 'object_name', 'object_meta_category');
|
||||
if ($includeContext) $headers = array_merge($headers, array_keys($this->Event->csv_event_context_fields_to_fetch));
|
||||
$headers = implode(',', $headers);
|
||||
$final = array_merge(array($headers), $final);
|
||||
|
|
@ -2684,7 +2684,8 @@ class EventsController extends AppController {
|
|||
'contain' => array(),
|
||||
'recursive' => -1,
|
||||
'list' => true,
|
||||
'event_ids' => true
|
||||
'event_ids' => true,
|
||||
'flatten' => 1
|
||||
);
|
||||
$attributes = $this->Event->Attribute->fetchAttributes($this->Auth->user(), $params);
|
||||
$eventIds = array();
|
||||
|
|
@ -3662,7 +3663,7 @@ class EventsController extends AppController {
|
|||
|
||||
// API for pushing samples to MISP
|
||||
// Either send it to an existing event, or let MISP create a new one automatically
|
||||
public function upload_sample($event_id = null) {
|
||||
public function upload_sample($event_id = null, $advanced = false) {
|
||||
$this->loadModel('Log');
|
||||
$hashes = array('md5' => 'malware-sample', 'sha1' => 'filename|sha1', 'sha256' => 'filename|sha256');
|
||||
$categoryDefinitions = $this->Event->Attribute->categoryDefinitions;
|
||||
|
|
@ -3697,13 +3698,15 @@ class EventsController extends AppController {
|
|||
foreach ($parameter_options as $k => $v) {
|
||||
if (isset($data[$k])) {
|
||||
if (isset($v['valid_options']) && !in_array($data[$k], $v['valid_options'])) {
|
||||
$data[$k] = $v['default'];
|
||||
$data['settings'][$k] = $v['default'];
|
||||
} else {
|
||||
$data['settings'][$k] = $data[$k];
|
||||
}
|
||||
unset($data[$k]);
|
||||
} else {
|
||||
$data[$k] = $v['default'];
|
||||
$data['settings'][$k] = $v['default'];
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($data['files'])) {
|
||||
foreach ($data['files'] as $k => $file) {
|
||||
if (!isset($file['filename']) || !isset($file['data'])) {
|
||||
|
|
@ -3717,16 +3720,17 @@ class EventsController extends AppController {
|
|||
if (empty($data['files'])) {
|
||||
throw new BadRequestException('No samples received, or samples not in the correct format. Please refer to the API documentation on the automation page.');
|
||||
}
|
||||
if (isset($event_id)) $data['event_id'] = $event_id;
|
||||
if (isset($data['event_id'])) {
|
||||
$this->Event->id = $data['event_id'];
|
||||
if (isset($event_id)) $data['settings']['event_id'] = $event_id;
|
||||
if (isset($data['settings']['event_id'])) {
|
||||
$this->Event->id = $data['settings']['event_id'];
|
||||
if (!$this->Event->exists()) throw new NotFoundException('Event not found');
|
||||
}
|
||||
if (isset($data['advanced'])) $advanced = $data['advanced'];
|
||||
|
||||
// check if the user has permission to create attributes for an event, if the event ID has been passed
|
||||
// If not, create an event
|
||||
if (isset($data['event_id']) && !empty($data['event_id']) && is_numeric($data['event_id'])) {
|
||||
$conditions = array('Event.id' => $data['event_id']);
|
||||
if (isset($data['settings']['event_id']) && !empty($data['settings']['event_id']) && is_numeric($data['settings']['event_id'])) {
|
||||
$conditions = array('Event.id' => $data['settings']['event_id']);
|
||||
if (!$this->_isSiteAdmin()) {
|
||||
$conditions[] = array('Event.orgc_id' => $this->Auth->user('org_id'));
|
||||
if (!$this->userRole['perm_modify_org']) {
|
||||
|
|
@ -3739,19 +3743,19 @@ class EventsController extends AppController {
|
|||
'fields' => array('id'),
|
||||
));
|
||||
if (empty($event)) throw new NotFoundException('Event not found.');
|
||||
$this->Event->id = $data['event_id'];
|
||||
$this->Event->id = $data['settings']['event_id'];
|
||||
$date = new DateTime();
|
||||
$this->Event->saveField('timestamp', $date->getTimestamp());
|
||||
$this->Event->saveField('published', 0);
|
||||
} else {
|
||||
$this->Event->create();
|
||||
if ($data['distribution'] == 5) throw new BadRequestException('Distribution level 5 is not supported when uploading a sample without passing an event ID. Distribution level 5 is meant to take on the distribution level of an existing event.');
|
||||
if ($data['settings']['distribution'] == 5) throw new BadRequestException('Distribution level 5 is not supported when uploading a sample without passing an event ID. Distribution level 5 is meant to take on the distribution level of an existing event.');
|
||||
$result = $this->Event->save(
|
||||
array(
|
||||
'info' => $data['info'],
|
||||
'analysis' => $data['analysis'],
|
||||
'threat_level_id' => $data['threat_level_id'],
|
||||
'distribution' => $data['distribution'],
|
||||
'info' => $data['settings']['info'],
|
||||
'analysis' => $data['settings']['analysis'],
|
||||
'threat_level_id' => $data['settings']['threat_level_id'],
|
||||
'distribution' => $data['settings']['distribution'],
|
||||
'date' => date('Y-m-d'),
|
||||
'orgc_id' => $this->Auth->user('org_id'),
|
||||
'org_id' => $this->Auth->user('org_id'),
|
||||
|
|
@ -3767,64 +3771,72 @@ class EventsController extends AppController {
|
|||
'action' => 'upload_sample',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Error: Failed to create event using the upload sample functionality',
|
||||
'change' => 'There was an issue creating an event (' . $data['info'] . '). The validation errors were: ' . json_encode($this->Event->validationErrors),
|
||||
'change' => 'There was an issue creating an event (' . $data['settings']['info'] . '). The validation errors were: ' . json_encode($this->Event->validationErrors),
|
||||
));
|
||||
throw new BadRequestException('The creation of a new event with the supplied information has failed.');
|
||||
}
|
||||
$data['event_id'] = $this->Event->id;
|
||||
$data['settings']['event_id'] = $this->Event->id;
|
||||
$event_id = $this->Event->id;
|
||||
}
|
||||
|
||||
if (!isset($data['to_ids']) || !in_array($data['to_ids'], array('0', '1', 0, 1))) $data['to_ids'] = 1;
|
||||
if (!isset($data['settings']['to_ids']) || !in_array($data['settings']['to_ids'], array('0', '1', 0, 1))) $data['settings']['to_ids'] = 1;
|
||||
$successCount = 0;
|
||||
$errors = array();
|
||||
App::uses('FileAccessTool', 'Tools');
|
||||
$fileAccessTool = new FileAccessTool();
|
||||
foreach ($data['files'] as $file) {
|
||||
$temp = $this->Event->Attribute->handleMaliciousBase64($data['event_id'], $file['filename'], $file['data'], array_keys($hashes));
|
||||
if ($temp['success']) {
|
||||
foreach ($hashes as $hash => $typeName) {
|
||||
if ($temp[$hash] == false) continue;
|
||||
$file[$hash] = $temp[$hash];
|
||||
$file['data'] = $temp['data'];
|
||||
$this->Event->Attribute->create();
|
||||
$attribute = array(
|
||||
'value' => $file['filename'] . '|' . $file[$hash],
|
||||
'distribution' => $data['distribution'],
|
||||
'category' => $data['category'],
|
||||
'type' => $typeName,
|
||||
'event_id' => $data['event_id'],
|
||||
'to_ids' => $data['to_ids'],
|
||||
'comment' => $data['comment']
|
||||
);
|
||||
if ($hash == 'md5') $attribute['data'] = $file['data'];
|
||||
$result = $this->Event->Attribute->save($attribute);
|
||||
if (!$result) {
|
||||
$this->Log->save(array(
|
||||
'org' => $this->Auth->user('Organisation')['name'],
|
||||
'model' => 'Event',
|
||||
'model_id' => $data['event_id'],
|
||||
'email' => $this->Auth->user('email'),
|
||||
'action' => 'upload_sample',
|
||||
'user_id' => $this->Auth->user('id'),
|
||||
'title' => 'Error: Failed to create attribute using the upload sample functionality',
|
||||
'change' => 'There was an issue creating an attribute (' . $typeName . ': ' . $file['filename'] . '|' . $file[$hash] . '). ' . 'The validation errors were: ' . json_encode($this->Event->Attribute->validationErrors),
|
||||
));
|
||||
if ($typeName == 'malware-sample') {
|
||||
$errors[] = array('filename' => $file['filename'], 'hash' => $file[$hash], 'error' => $this->Event->Attribute->validationErrors);
|
||||
$tmpdir = Configure::read('MISP.tmpdir') ? Configure::read('MISP.tmpdir') : '/var/www/MISP/app/tmp';
|
||||
$tmpfile = $fileAccessTool->createTempFile($tmpdir, $prefix = 'MISP_upload');
|
||||
$fileAccessTool->writeToFile($tmpfile, base64_decode($file['data']));
|
||||
$tmpfile = new File($tmpfile);
|
||||
if ($advanced) {
|
||||
$result = $this->Event->Attribute->advancedAddMalwareSample(
|
||||
$event_id,
|
||||
$data['settings'],
|
||||
$file['filename'],
|
||||
$tmpfile
|
||||
);
|
||||
if ($result) $successCount++;
|
||||
else $errors[] = $file['filename'];
|
||||
} else {
|
||||
$result = $this->Event->Attribute->simpleAddMalwareSample(
|
||||
$event_id,
|
||||
$data['settings'],
|
||||
$file['filename'],
|
||||
$tmpfile
|
||||
);
|
||||
if ($result) $successCount++;
|
||||
else $errors[] = $file['filename'];
|
||||
}
|
||||
if (!empty($result)) {
|
||||
foreach ($result['Object'] as $object) {
|
||||
$object['distribution'] = $data['settings']['distribution'];
|
||||
$object['sharing_group_id'] = isset($data['settings']['distribution']) ? $data['settings']['distribution'] : 0;
|
||||
if (!empty($object['Attribute'])) {
|
||||
foreach ($object['Attribute'] as $k => $attribute) {
|
||||
if ($attribute['value'] == $tmpfile->name) {
|
||||
$object['Attribute'][$k]['value'] = $file['filename'];
|
||||
}
|
||||
}
|
||||
} else if ($typeName == 'malware-sample') {
|
||||
$successCount++;
|
||||
}
|
||||
$this->loadModel('MispObject');
|
||||
$this->MispObject->captureObject(array('Object' => $object), $event_id, $this->Auth->user());
|
||||
}
|
||||
if (!empty($result['ObjectReference'])) {
|
||||
foreach ($result['ObjectReference'] as $reference) {
|
||||
$this->MispObject->ObjectReference->smartSave($reference, $event_id);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$errors[] = array('filename' => $file['filename'], 'hash' => $file['hash'], 'error' => 'Failed to encrypt and compress the file.');
|
||||
}
|
||||
$fileAccessTool->deleteFile($tmpfile->path);
|
||||
}
|
||||
if (!empty($errors)) {
|
||||
$this->set('errors', $errors);
|
||||
if ($successCount > 0) {
|
||||
$this->set('name', 'Partial success');
|
||||
$this->set('message', 'Successfuly saved ' . $successCount . ' sample(s), but some samples could not be saved.');
|
||||
$this->set('url', '/events/view/' . $data['event_id']);
|
||||
$this->set('id', $data['event_id']);
|
||||
$this->set('url', '/events/view/' . $data['settings']['event_id']);
|
||||
$this->set('id', $data['settings']['event_id']);
|
||||
$this->set('_serialize', array('name', 'message', 'url', 'id', 'errors'));
|
||||
} else {
|
||||
$this->set('name', 'Failed');
|
||||
|
|
@ -3834,11 +3846,11 @@ class EventsController extends AppController {
|
|||
} else {
|
||||
$this->set('name', 'Success');
|
||||
$this->set('message', 'Success, saved all attributes.');
|
||||
$this->set('url', '/events/view/' . $data['event_id']);
|
||||
$this->set('id', $data['event_id']);
|
||||
$this->set('url', '/events/view/' . $data['settings']['event_id']);
|
||||
$this->set('id', $data['settings']['event_id']);
|
||||
$this->set('_serialize', array('name', 'message', 'url', 'id'));
|
||||
}
|
||||
$this->view($data['event_id']);
|
||||
$this->view($data['settings']['event_id']);
|
||||
$this->render('view');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -34,10 +34,7 @@ class ObjectReferencesController extends AppController {
|
|||
)
|
||||
)
|
||||
));
|
||||
if (!$this->userRole['perm_add']) {
|
||||
throw new MethodNotAllowedException('You don\'t have the required permissions to add object reference.');
|
||||
}
|
||||
if (empty($object) || (!$this->_isSiteAdmin() && $object['Event']['orgc_id'] != $this->Auth->user('orgc_id'))) {
|
||||
if (empty($object) || (!$this->_isSiteAdmin() && $object['Event']['orgc_id'] != $this->Auth->user('org_id'))) {
|
||||
throw new MethodNotAllowedException('Invalid object.');
|
||||
}
|
||||
$this->set('objectId', $objectId);
|
||||
|
|
|
|||
|
|
@ -51,6 +51,9 @@ class ObjectTemplatesController extends AppController {
|
|||
),
|
||||
'conditions' => array('ObjectTemplate.id' => $id)
|
||||
);
|
||||
if ($this->_isRest()) {
|
||||
$params['contain'][] = 'ObjectTemplateElement';
|
||||
}
|
||||
if ($this->_isSiteAdmin()) {
|
||||
$params['contain']['User']= array('fields' => array('User.id', 'User.email'));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -938,7 +938,7 @@ class ServersController extends AppController {
|
|||
}
|
||||
}
|
||||
|
||||
public function serverSettingsEdit($setting, $id, $forceSave = false) {
|
||||
public function serverSettingsEdit($setting, $id = false, $forceSave = false) {
|
||||
if (!$this->_isSiteAdmin()) throw new MethodNotAllowedException();
|
||||
if (!isset($setting) || !isset($id)) throw new MethodNotAllowedException();
|
||||
$this->set('id', $id);
|
||||
|
|
@ -981,13 +981,28 @@ class ServersController extends AppController {
|
|||
} else {
|
||||
$subGroup = 'general';
|
||||
}
|
||||
$this->set('subGroup', $subGroup);
|
||||
$this->set('setting', $found);
|
||||
$this->render('ajax/server_settings_edit');
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->viewData(array($setting => $found['value']));
|
||||
} else {
|
||||
$this->set('subGroup', $subGroup);
|
||||
$this->set('setting', $found);
|
||||
$this->render('ajax/server_settings_edit');
|
||||
}
|
||||
|
||||
}
|
||||
if ($this->request->is('post')) {
|
||||
if (!isset($this->request->data['Server'])) $this->request->data = array('Server' => $this->request->data);
|
||||
if (!isset($this->request->data['Server']['value'])) {
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, 'Invalid input. Expected: {"value": "new_setting"}', $this->response->type());
|
||||
}
|
||||
}
|
||||
if (trim($this->request->data['Server']['value']) === '*****') {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'No change.')), 'status'=>200, 'type' => 'json'));
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, 'No change.', $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'No change.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
$this->autoRender = false;
|
||||
$this->loadModel('Log');
|
||||
|
|
@ -1003,7 +1018,11 @@ class ServersController extends AppController {
|
|||
'title' => 'Server setting issue',
|
||||
'change' => 'There was an issue witch changing ' . $setting . ' to ' . $this->request->data['Server']['value'] . '. The error message returned is: app/Config.config.php is not writeable to the apache user. No changes were made.',
|
||||
));
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'app/Config.config.php is not writeable to the apache user.')), 'status'=>200, 'type' => 'json'));
|
||||
if ($this->_isRest()) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, 'app/Config.config.php is not writeable to the apache user.', $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => 'app/Config.config.php is not writeable to the apache user.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($found['beforeHook'])) {
|
||||
|
|
@ -1020,7 +1039,11 @@ class ServersController extends AppController {
|
|||
'title' => 'Server setting issue',
|
||||
'change' => 'There was an issue witch changing ' . $setting . ' to ' . $this->request->data['Server']['value'] . '. The error message returned is: ' . $beforeResult . 'No changes were made.',
|
||||
));
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $beforeResult)), 'status'=>200, 'type' => 'json'));
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $beforeResult, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $beforeResult)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->request->data['Server']['value'] = trim($this->request->data['Server']['value']);
|
||||
|
|
@ -1038,7 +1061,11 @@ class ServersController extends AppController {
|
|||
if (!$forceSave && $testResult !== true) {
|
||||
if ($testResult === false) $errorMessage = $found['errorMessage'];
|
||||
else $errorMessage = $testResult;
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $errorMessage)), 'status'=>200, 'type' => 'json'));
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $errorMessage, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $errorMessage)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
} else {
|
||||
$oldValue = Configure::read($setting);
|
||||
$this->Server->serverSettingsSaveValue($setting, $this->request->data['Server']['value']);
|
||||
|
|
@ -1068,10 +1095,18 @@ class ServersController extends AppController {
|
|||
'title' => 'Server setting issue',
|
||||
'change' => 'There was an issue after setting a new setting. The error message returned is: ' . $afterResult,
|
||||
));
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $afterResult)), 'status'=>200, 'type' => 'json'));
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveFailResponse('Servers', 'serverSettingsEdit', false, $afterResult, $this->response->type());
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => false, 'errors' => $afterResult)), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Field updated.')), 'status'=>200, 'type' => 'json'));
|
||||
if ($this->_isRest) {
|
||||
return $this->RestResponse->saveSuccessResponse('Servers', 'serverSettingsEdit', false, $this->response->type(), 'Field updated');
|
||||
} else {
|
||||
return new CakeResponse(array('body'=> json_encode(array('saved' => true, 'success' => 'Field updated.')), 'status'=>200, 'type' => 'json'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,8 +45,18 @@ class TagsController extends AppController {
|
|||
$this->paginate['conditions']['AND']['Tag.id'] = $tag_id_list;
|
||||
}
|
||||
if (isset($this->params['named']['searchall'])) {
|
||||
$this->paginate['conditions']['AND']['LOWER(Tag.name) LIKE'] = '%' . $this->params['named']['searchall'] . '%';
|
||||
$passedArgsArray['all'] = $this->params['named']['searchall'];
|
||||
} else if ($this->request->is('post')) {
|
||||
$validNames = array('filter', 'searchall', 'name', 'search');
|
||||
foreach ($validNames as $vn) {
|
||||
if (!empty($this->request->data[$vn])) {
|
||||
$passedArgsArray['all'] = $this->request->data[$vn];
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($passedArgsArray['all'])) {
|
||||
$this->paginate['conditions']['AND']['LOWER(Tag.name) LIKE'] = '%' . strtolower($passedArgsArray['all']) . '%';
|
||||
}
|
||||
if ($this->_isRest()) {
|
||||
unset($this->paginate['limit']);
|
||||
|
|
|
|||
|
|
@ -55,7 +55,14 @@ class RPZExport {
|
|||
$header = '';
|
||||
$header .= '$TTL ' . $rpzSettings['ttl'] . ';' . PHP_EOL;
|
||||
$header .= '@ SOA ' . $rpzSettings['ns'] . ' ' . $rpzSettings['email'] . ' (' . $rpzSettings['serial'] . ' ' . $rpzSettings['refresh'] . ' ' . $rpzSettings['retry'] . ' ' . $rpzSettings['expiry'] . ' ' . $rpzSettings['minimum_ttl'] . ')' . PHP_EOL;
|
||||
$header .= ' NS ' . $rpzSettings['ns'] . PHP_EOL . PHP_EOL;
|
||||
|
||||
if (!empty($rpzSettings['ns_alt'])){
|
||||
$header .= ' NS ' . $rpzSettings['ns'] . PHP_EOL;
|
||||
$header .= ' NS ' . $rpzSettings['ns_alt'] . PHP_EOL . PHP_EOL;
|
||||
} else {
|
||||
$header .= ' NS ' . $rpzSettings['ns'] . PHP_EOL . PHP_EOL;
|
||||
}
|
||||
|
||||
return $header;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -38,4 +38,9 @@ class FileAccessTool {
|
|||
throw new MethodNotAllowedException($this->__fileErrorMsgPrefix . $errorMsgPart . '".');
|
||||
}
|
||||
}
|
||||
|
||||
public function deleteFile($file) {
|
||||
unlink($file);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -126,12 +126,7 @@ class XMLConverterTool {
|
|||
$event['Event']['Tag'][$k] = $tag['Tag'];
|
||||
}
|
||||
}
|
||||
foreach ($event['Event']['RelatedAttribute'] as &$attribute_w_relation) {
|
||||
foreach ($attribute_w_relation as &$relation) {
|
||||
$this->__sanitizeField($relation['info']);
|
||||
$this->__sanitizeField($relation['value']);
|
||||
}
|
||||
}
|
||||
unset($event['Event']['RelatedAttribute']);
|
||||
//
|
||||
// cleanup the array from things we do not want to expose
|
||||
//
|
||||
|
|
@ -167,6 +162,12 @@ class XMLConverterTool {
|
|||
$event['Event']['RelatedEvent'][$key]['Event'][0] = $temp;
|
||||
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['user_id']);
|
||||
$this->__sanitizeField($event['Event']['RelatedEvent'][$key]['Event'][0]['info']);
|
||||
if (isset($event['Event']['RelatedEvent'][$key]['Event'][0]['Org'])) {
|
||||
$event['Event']['RelatedEvent'][$key]['Event'][0]['Org'] = array(0 => $event['Event']['RelatedEvent'][$key]['Event'][0]['Org']);
|
||||
}
|
||||
if (isset($event['Event']['RelatedEvent'][$key]['Event'][0]['Orgc'])) {
|
||||
$event['Event']['RelatedEvent'][$key]['Event'][0]['Orgc'] = array(0 => $event['Event']['RelatedEvent'][$key]['Event'][0]['Orgc']);
|
||||
}
|
||||
unset($temp);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit c3a612aa94d30a4c51653f40f55ce07177300307
|
||||
Subproject commit bfd2d21d782a69626bcf1ae2d22aad6e565fb29c
|
||||
|
|
@ -269,7 +269,7 @@ class Attribute extends AppModel {
|
|||
'Payload delivery' => array(
|
||||
'desc' => 'Information about how the malware is delivered',
|
||||
'formdesc' => 'Information about the way the malware payload is initially delivered, for example information about the email or web-site, vulnerability used, originating IP etc. Malware sample itself should be attached here.',
|
||||
'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy','authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'yara', 'sigma', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'x509-fingerprint-sha1', 'other', 'ip-dst|port', 'ip-src|port', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'mobile-application-id')
|
||||
'types' => array('md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512', 'sha512/224', 'sha512/256', 'ssdeep', 'imphash', 'impfuzzy','authentihash', 'pehash', 'tlsh', 'filename', 'filename|md5', 'filename|sha1', 'filename|sha224', 'filename|sha256', 'filename|sha384', 'filename|sha512', 'filename|sha512/224', 'filename|sha512/256', 'filename|authentihash', 'filename|ssdeep', 'filename|tlsh', 'filename|imphash','filename|impfuzzy', 'filename|pehash', 'ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'email-body', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'yara', 'sigma', 'attachment', 'malware-sample', 'link', 'malware-type', 'comment', 'text', 'hex', 'vulnerability', 'x509-fingerprint-sha1', 'other', 'ip-dst|port', 'ip-src|port', 'hostname|port', 'email-dst-display-name', 'email-src-display-name', 'email-header', 'email-reply-to', 'email-x-mailer', 'email-mime-boundary', 'email-thread-index', 'email-message-id', 'mobile-application-id', 'whois-registrant-email')
|
||||
),
|
||||
'Artifacts dropped' => array(
|
||||
'desc' => 'Any artifact (files, registry keys etc.) dropped by the malware or other modifications to the system',
|
||||
|
|
@ -287,7 +287,7 @@ class Attribute extends AppModel {
|
|||
),
|
||||
'Network activity' => array(
|
||||
'desc' => 'Information about network traffic generated by the malware',
|
||||
'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'hostname', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-sha1', 'other', 'hex', 'cookie')
|
||||
'types' => array('ip-src', 'ip-dst', 'ip-dst|port', 'ip-src|port', 'port', 'hostname', 'domain', 'domain|ip', 'email-dst', 'url', 'uri', 'user-agent', 'http-method', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'x509-fingerprint-sha1', 'other', 'hex', 'cookie')
|
||||
),
|
||||
'Payload type' => array(
|
||||
'desc' => 'Information about the final payload(s)',
|
||||
|
|
@ -315,7 +315,7 @@ class Attribute extends AppModel {
|
|||
'Social network' => array(
|
||||
'desc' => 'Social networks and platforms',
|
||||
// email-src and email-dst or should we go with a new email type that is neither / both?
|
||||
'types' => array('github-username', 'github-repository', 'github-organisation', 'jabber-id', 'twitter-id', 'email-src', 'email-dst', 'comment', 'text', 'other')
|
||||
'types' => array('github-username', 'github-repository', 'github-organisation', 'jabber-id', 'twitter-id', 'email-src', 'email-dst', 'comment', 'text', 'other', 'whois-registrant-email')
|
||||
),
|
||||
'Person' => array(
|
||||
'desc' => 'A human being - natural person',
|
||||
|
|
@ -2690,7 +2690,7 @@ class Attribute extends AppModel {
|
|||
return array('sgs' => $sgs, 'levels' => $distributionLevels, 'initial' => $initialDistribution);
|
||||
}
|
||||
|
||||
public function simpleAddMalwareSample($event_id, $category, $distribution, $sharing_group_id, $comment, $filename, $tmpfile) {
|
||||
public function simpleAddMalwareSample($event_id, $attribute_settings, $filename, $tmpfile) {
|
||||
$attributes = array(
|
||||
'malware-sample' => array('type' => 'malware-sample', 'data' => 1, 'category' => '', 'to_ids' => 1, 'disable_correlation' => 0, 'object_relation' => 'malware-sample'),
|
||||
'filename' => array('type' => 'filename', 'category' => '', 'to_ids' => 0, 'disable_correlation' => 0, 'object_relation' => 'filename'),
|
||||
|
|
@ -2702,39 +2702,48 @@ class Attribute extends AppModel {
|
|||
$hashes = array('md5', 'sha1', 'sha256');
|
||||
$this->Object = ClassRegistry::init('Object');
|
||||
$this->ObjectTemplate = ClassRegistry::init('ObjectTemplate');
|
||||
$object_template = $this->ObjectTemplate->find('first', array(
|
||||
'conditions' => array(
|
||||
'ObjectTemplate.uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215'
|
||||
),
|
||||
'recursive' => -1
|
||||
$current = $this->ObjectTemplate->find('first', array(
|
||||
'fields' => array('MAX(version) AS version', 'uuid'),
|
||||
'conditions' => array('uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215'),
|
||||
'recursive' => -1,
|
||||
'group' => array('uuid')
|
||||
));
|
||||
if (!empty($current)) {
|
||||
$object_template = $this->ObjectTemplate->find('first', array(
|
||||
'conditions' => array(
|
||||
'ObjectTemplate.uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215',
|
||||
'ObjectTemplate.version' => $current[0]['version']
|
||||
),
|
||||
'recursive' => -1
|
||||
));
|
||||
}
|
||||
if (empty($object_template)) {
|
||||
$object_template = array(
|
||||
'ObjectTemplate' => array(
|
||||
'meta-category' => 'file',
|
||||
'name' => 'file',
|
||||
'template_uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215',
|
||||
'uuid' => '688c46fb-5edb-40a3-8273-1af7923e2215',
|
||||
'version' => 1,
|
||||
'description' => 'File object describing a file with meta-information'
|
||||
)
|
||||
);
|
||||
}
|
||||
$object = array(
|
||||
'distribution' => $distribution,
|
||||
'sharing_group_id' => $sharing_group_id,
|
||||
'distribution' => $attribute_settings['distribution'],
|
||||
'sharing_group_id' => isset($attribute_settings['sharing_group_id']) ? $attribute_settings['sharing_group_id'] : 0,
|
||||
'meta-category' => $object_template['ObjectTemplate']['meta-category'],
|
||||
'name' => $object_template['ObjectTemplate']['name'],
|
||||
'template_version' => $object_template['ObjectTemplate']['version'],
|
||||
'description' => $object_template['ObjectTemplate']['description'],
|
||||
'template_uuid' => $object_template['ObjectTemplate']['uuid'],
|
||||
'event_id' => $event_id,
|
||||
'comment' => $comment
|
||||
'comment' => !empty($attribute_settings['comment']) ? $attribute_settings['comment'] : ''
|
||||
);
|
||||
$result = $this->Event->Attribute->handleMaliciousBase64($event_id, $filename, base64_encode($tmpfile->read()), $hashes);
|
||||
foreach ($attributes as $k => $v) {
|
||||
$attribute = array(
|
||||
'distribution' => 5,
|
||||
'category' => empty($v['category']) ? $category : $v['category'],
|
||||
'category' => empty($v['category']) ? $attribute_settings['category'] : $v['category'],
|
||||
'type' => $v['type'],
|
||||
'to_ids' => $v['to_ids'],
|
||||
'disable_correlation' => $v['disable_correlation'],
|
||||
|
|
@ -2759,7 +2768,7 @@ class Attribute extends AppModel {
|
|||
return array('Object' => array($object));
|
||||
}
|
||||
|
||||
public function advancedAddMalwareSample($tmpfile) {
|
||||
public function advancedAddMalwareSample($event_id, $attribute_settings, $filename, $tmpfile) {
|
||||
$execRetval = '';
|
||||
$execOutput = array();
|
||||
$result = shell_exec('python ' . APP . 'files/scripts/generate_file_objects.py -p ' . $tmpfile->path);
|
||||
|
|
@ -2773,6 +2782,26 @@ class Attribute extends AppModel {
|
|||
$result['ObjectReference'] = $result['references'];
|
||||
unset($result['references']);
|
||||
}
|
||||
foreach ($result['Object'] as $k => $object) {
|
||||
$result['Object'][$k]['distribution'] = $attribute_settings['distribution'];
|
||||
$result['Object'][$k]['sharing_group_id'] = isset($attribute_settings['distribution']) ? $attribute_settings['distribution'] : 0;
|
||||
if (!empty($result['Object'][$k]['Attribute'])) {
|
||||
foreach ($result['Object'][$k]['Attribute'] as $k2 => $attribute) {
|
||||
if ($attribute['value'] == $tmpfile->name) {
|
||||
$result['Object'][$k]['Attribute'][$k2]['value'] = $filename;
|
||||
}
|
||||
if (!empty($attribute['encrypt'])) {
|
||||
if (!empty($attribute['encrypt']) && $attribute['encrypt']) {
|
||||
$encrypted = $this->handleMaliciousBase64($event_id, $filename, $attribute['data'], array('md5'));
|
||||
$result['Object'][$k]['Attribute'][$k2]['data'] = $encrypted['data'];
|
||||
$result['Object'][$k]['Attribute'][$k2]['value'] = $filename . '|' . $encrypted['md5'];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$result = $this->simpleAddMalwareSample($event_id, $attribute_settings, $filename, $tmpfile);
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1761,7 +1761,8 @@ class Event extends AppModel {
|
|||
'conditions' => $conditions, //array of conditions
|
||||
'fields' => array('Attribute.event_id', 'Attribute.distribution', 'Attribute.category', 'Attribute.type', 'Attribute.value', 'Attribute.comment', 'Attribute.uuid', 'Attribute.to_ids', 'Attribute.timestamp', 'Attribute.id'),
|
||||
'order' => array('Attribute.uuid ASC'),
|
||||
'enforceWarninglist' => $enforceWarninglist
|
||||
'enforceWarninglist' => $enforceWarninglist,
|
||||
'flatten' => true
|
||||
);
|
||||
|
||||
if ($includeContext) {
|
||||
|
|
@ -1782,6 +1783,7 @@ class Event extends AppModel {
|
|||
),
|
||||
);
|
||||
}
|
||||
$params['contain']['Object'] = array('fields' => array('id', 'uuid', 'name', 'meta-category'));
|
||||
$attributes = $this->Attribute->fetchAttributes($user, $params);
|
||||
if (empty($attributes)) return array();
|
||||
foreach ($attributes as &$attribute) {
|
||||
|
|
@ -1790,6 +1792,15 @@ class Event extends AppModel {
|
|||
$attribute['Attribute']['comment'] = str_replace(array('"'), '""', $attribute['Attribute']['comment']);
|
||||
$attribute['Attribute']['comment'] = '"' . $attribute['Attribute']['comment'] . '"';
|
||||
$attribute['Attribute']['timestamp'] = date('Ymd', $attribute['Attribute']['timestamp']);
|
||||
if (empty($attribute['Object'])) {
|
||||
$attribute['Object']['uuid'] = '""';
|
||||
$attribute['Object']['name'] = '';
|
||||
$attribute['Object']['meta-category'] = '';
|
||||
}
|
||||
$attribute['Object']['name'] = str_replace(array('"'), '""', $attribute['Object']['name']);
|
||||
$attribute['Object']['name'] = '"' . $attribute['Object']['name'] . '"';
|
||||
$attribute['Object']['meta-category'] = str_replace(array('"'), '""', $attribute['Object']['meta-category']);
|
||||
$attribute['Object']['meta-category'] = '"' . $attribute['Object']['meta-category'] . '"';
|
||||
if ($includeContext) {
|
||||
$attribute['Event']['info'] = str_replace(array('"'), '""', $attribute['Event']['info']);
|
||||
$attribute['Event']['info'] = '"' . $attribute['Event']['info'] . '"';
|
||||
|
|
|
|||
|
|
@ -1101,6 +1101,14 @@ class Server extends AppModel {
|
|||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
'RPZ_ns_alt' => array(
|
||||
'level' => 2,
|
||||
'description' => 'Alternate nameserver',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
'RPZ_email' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The e-mail address specified in the SOA portion of the zone file.',
|
||||
|
|
|
|||
|
|
@ -20,9 +20,12 @@
|
|||
}
|
||||
} else if (strpos($object['type'], '|') !== false) {
|
||||
$separator = in_array($object['type'], array('ip-dst|port', 'ip-src|port')) ? ':' : '<br />';
|
||||
$separator_pos = strpos('|', $object['value']);
|
||||
$final_value = h($object['value']);
|
||||
echo substr_replace(h($object['value']), $separator, $separator_pos, strlen($separator));
|
||||
$value_pieces = explode('|', $object['value']);
|
||||
foreach ($value_pieces as $k => $v) {
|
||||
$value_pieces[$k] = h($v);
|
||||
}
|
||||
$object['value'] = implode($separator, $value_pieces);
|
||||
echo ($object['value']);
|
||||
} else if ('vulnerability' == $object['type']) {
|
||||
$cveUrl = (is_null(Configure::read('MISP.cveurl'))) ? "http://www.google.com/search?q=" : Configure::read('MISP.cveurl');
|
||||
echo $this->Html->link($sigDisplay, $cveUrl . $sigDisplay, array('target' => '_blank', 'class' => $linkClass));
|
||||
|
|
|
|||
|
|
@ -52,8 +52,7 @@ and attachments and finally publishing it.<br /><br />
|
|||
This includes all organisations on this MISP server, all organisations on MISP servers synchronising
|
||||
with this server and the hosting organisations of servers that connect to those afore mentioned servers
|
||||
(so basically any server that is 2 hops away from this one). Any other organisations connected to linked
|
||||
servers that are 2 hops away from this own will be restricted from seeing the event. For more information
|
||||
on community-related distribution levels, click here.<br/>
|
||||
servers that are 2 hops away from this own will be restricted from seeing the event.<br/>
|
||||
Upon push: downgrade to This Community only and push. Upon pull: pull and downgrade to This Community only.
|
||||
</li>
|
||||
<li><i>All communities:</i> This will share the event with all MISP communities, allowing the event to be
|
||||
|
|
|
|||
|
|
@ -103,18 +103,18 @@ def main(args):
|
|||
NS_DICT[namespace[0]]=namespace[1]
|
||||
|
||||
try:
|
||||
idgen.set_id_namespace({baseURL: orgname})
|
||||
idgen.set_id_namespace({baseURL: namespace[1]})
|
||||
except ValueError:
|
||||
# Some weird stix error that sometimes occurs if the stars
|
||||
# align and Mixbox is being mean to us
|
||||
# Glory to STIX, peace and good xmlns be upon it
|
||||
try:
|
||||
idgen.set_id_namespace(Namespace(baseURL, orgname))
|
||||
idgen.set_id_namespace(Namespace(baseURL, namespace[1]))
|
||||
except TypeError:
|
||||
# Ok this only occurs if the script is being run under py3
|
||||
# and if we're running a REALLY weird version of stix
|
||||
# May as well catch it
|
||||
idgen.set_id_namespace(Namespace(baseURL, orgname, "MISP"))
|
||||
idgen.set_id_namespace(Namespace(baseURL, namespace[1], "MISP"))
|
||||
|
||||
|
||||
stix_package = STIXPackage()
|
||||
|
|
|
|||
|
|
@ -1,31 +1,31 @@
|
|||
uuid,event_id,category,type,value,comment,to_ids,date
|
||||
548847d8-01e0-4231-a739-15bb950d210b,750,Payload installation,md5,"744c07e886497f7b68f6f7fe57b7ab54","Regin samples collected.",1,20141210
|
||||
548847d8-05f8-49e7-af79-15bb950d210b,750,Payload installation,md5,"47d0e8f9d7a6429920329207a32ecc2e","Regin samples collected.",1,20141210
|
||||
548847d8-3fbc-4a06-ba82-15bb950d210b,750,Payload installation,md5,"2c8b9d2885543d7ade3cae98225e263b","Regin samples collected.",1,20141210
|
||||
548847d8-9db0-4df6-8206-15bb950d210b,750,Payload installation,md5,"26297dc3cd0b688de3b846983c5385e5","Regin samples collected.",1,20141210
|
||||
548847d8-a33c-41f3-9f7a-15bb950d210b,750,Payload installation,md5,"01c2f321b6bfdb9473c079b0797567ba","Regin samples collected.",1,20141210
|
||||
548847d8-c950-48eb-b960-15bb950d210b,750,Payload installation,md5,"4b6b86c7fec1c574706cecedf44abded","Regin samples collected.",1,20141210
|
||||
548847d9-1404-4331-ae3c-15bb950d210b,750,Payload installation,md5,"90fecc6a89b2e22d82d58878d93477d4","Regin samples collected.",1,20141210
|
||||
548847d9-39dc-4247-b23d-15bb950d210b,750,Payload installation,md5,"06665b96e293b23acc80451abb413e50","Regin samples collected.",1,20141210
|
||||
548847d9-3b28-449e-b527-15bb950d210b,750,Payload installation,md5,"e94393561901895cb0783edc34740fd4","Regin samples collected.",1,20141210
|
||||
548847d9-4020-41da-b5f3-15bb950d210b,750,Payload installation,md5,"db405ad775ac887a337b02ea8b07fddc","Regin samples collected.",1,20141210
|
||||
548847d9-6340-44a0-8f33-15bb950d210b,750,Payload installation,md5,"ffb0b9b5b610191051a7bdf0806e1e47","Regin samples collected.",1,20141210
|
||||
548847d9-8b18-4654-9766-15bb950d210b,750,Payload installation,md5,"f3ffc2aaaa1e2ab55ec26ff098653347","Regin samples collected.",1,20141210
|
||||
548847d9-a564-4178-b8e6-15bb950d210b,750,Payload installation,md5,"6662c390b2bbbd291ec7987388fc75d7","Regin samples collected.",1,20141210
|
||||
548847d9-afe0-4531-a4b0-15bb950d210b,750,Payload installation,md5,"187044596bc1328efa0ed636d8aa4a5c","Regin samples collected.",1,20141210
|
||||
548847d9-b63c-4c95-a2bd-15bb950d210b,750,Payload installation,md5,"1800def71006ca6790767e202fae9b9a","Regin samples collected.",1,20141210
|
||||
548847d9-e6fc-4b93-a773-15bb950d210b,750,Payload installation,md5,"bfbe8c3ee78750c3a520480700e440f8","Regin samples collected.",1,20141210
|
||||
548847d9-fd54-4e49-909b-15bb950d210b,750,Payload installation,md5,"89003e9a1ae635c97ebad07aebc67f00","Regin samples collected.",1,20141210
|
||||
548847da-1660-4562-a1f8-15bb950d210b,750,Payload installation,md5,"b505d65721bb2453d5039a389113b566","Regin samples collected.",1,20141210
|
||||
548847da-2134-43d7-ba22-15bb950d210b,750,Payload installation,md5,"8fcf4e53ece6111758a1dd3139dc7cad","Regin samples collected.",1,20141210
|
||||
548847da-3e40-4ab2-a5eb-15bb950d210b,750,Payload installation,md5,"1c024e599ac055312a4ab75b3950040a","Regin samples collected.",1,20141210
|
||||
548847da-49c0-404d-ae42-15bb950d210b,750,Payload installation,md5,"d240f06e98c8d3e647cbf4d442d79475","Regin samples collected.",1,20141210
|
||||
548847da-71ec-4b2b-bae5-15bb950d210b,750,Payload installation,md5,"148c1bb9d405d717252c77593aff4bd8","Regin samples collected.",1,20141210
|
||||
548847da-9798-4b6d-b422-15bb950d210b,750,Payload installation,md5,"ba7bb65634ce1e30c1e5415be3d1db1d","Regin samples collected.",1,20141210
|
||||
548847da-ac78-474c-86fe-15bb950d210b,750,Payload installation,md5,"b29ca4f22ae7b7b25f79c1d4a421139d","Regin samples collected.",1,20141210
|
||||
548847da-c2d0-4d24-821e-15bb950d210b,750,Payload installation,md5,"b269894f434657db2b15949641a67532","Regin samples collected.",1,20141210
|
||||
548847da-ffe4-4a90-9f2a-15bb950d210b,750,Payload installation,md5,"22bfc970f707fd775d49e875b63c2f0c","Regin samples collected.",1,20141210
|
||||
548847db-060c-4275-a0c7-15bb950d210b,750,Payload installation,md5,"049436bb90f71cf38549817d9b90e2da","Regin samples collected.",1,20141210
|
||||
5488486c-1418-4624-b87c-15ba950d210b,750,Artifacts dropped,regkey,"Class\{4F20E605-9452-4787-B793-D0204917CA58}","",1,20141210
|
||||
5488486c-47ec-4952-8e60-15ba950d210b,750,Artifacts dropped,regkey,"Class\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}","",1,20141210
|
||||
5488486c-a044-4c31-830c-15ba950d210b,750,Artifacts dropped,regkey,"HKLM\System\CurrentControlSet\Control\","",1,20141210
|
||||
uuid,event_id,category,type,value,comment,to_ids,date,object_uuid,object_name,object_meta_category
|
||||
548847d8-01e0-4231-a739-15bb950d210b,750,Payload installation,md5,"744c07e886497f7b68f6f7fe57b7ab54","Regin samples collected.",1,20141210,,"",""
|
||||
548847d8-05f8-49e7-af79-15bb950d210b,750,Payload installation,md5,"47d0e8f9d7a6429920329207a32ecc2e","Regin samples collected.",1,20141210,,"",""
|
||||
548847d8-3fbc-4a06-ba82-15bb950d210b,750,Payload installation,md5,"2c8b9d2885543d7ade3cae98225e263b","Regin samples collected.",1,20141210,,"",""
|
||||
548847d8-9db0-4df6-8206-15bb950d210b,750,Payload installation,md5,"26297dc3cd0b688de3b846983c5385e5","Regin samples collected.",1,20141210,,"",""
|
||||
548847d8-a33c-41f3-9f7a-15bb950d210b,750,Payload installation,md5,"01c2f321b6bfdb9473c079b0797567ba","Regin samples collected.",1,20141210,,"",""
|
||||
548847d8-c950-48eb-b960-15bb950d210b,750,Payload installation,md5,"4b6b86c7fec1c574706cecedf44abded","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-1404-4331-ae3c-15bb950d210b,750,Payload installation,md5,"90fecc6a89b2e22d82d58878d93477d4","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-39dc-4247-b23d-15bb950d210b,750,Payload installation,md5,"06665b96e293b23acc80451abb413e50","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-3b28-449e-b527-15bb950d210b,750,Payload installation,md5,"e94393561901895cb0783edc34740fd4","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-4020-41da-b5f3-15bb950d210b,750,Payload installation,md5,"db405ad775ac887a337b02ea8b07fddc","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-6340-44a0-8f33-15bb950d210b,750,Payload installation,md5,"ffb0b9b5b610191051a7bdf0806e1e47","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-8b18-4654-9766-15bb950d210b,750,Payload installation,md5,"f3ffc2aaaa1e2ab55ec26ff098653347","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-a564-4178-b8e6-15bb950d210b,750,Payload installation,md5,"6662c390b2bbbd291ec7987388fc75d7","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-afe0-4531-a4b0-15bb950d210b,750,Payload installation,md5,"187044596bc1328efa0ed636d8aa4a5c","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-b63c-4c95-a2bd-15bb950d210b,750,Payload installation,md5,"1800def71006ca6790767e202fae9b9a","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-e6fc-4b93-a773-15bb950d210b,750,Payload installation,md5,"bfbe8c3ee78750c3a520480700e440f8","Regin samples collected.",1,20141210,,"",""
|
||||
548847d9-fd54-4e49-909b-15bb950d210b,750,Payload installation,md5,"89003e9a1ae635c97ebad07aebc67f00","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-1660-4562-a1f8-15bb950d210b,750,Payload installation,md5,"b505d65721bb2453d5039a389113b566","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-2134-43d7-ba22-15bb950d210b,750,Payload installation,md5,"8fcf4e53ece6111758a1dd3139dc7cad","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-3e40-4ab2-a5eb-15bb950d210b,750,Payload installation,md5,"1c024e599ac055312a4ab75b3950040a","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-49c0-404d-ae42-15bb950d210b,750,Payload installation,md5,"d240f06e98c8d3e647cbf4d442d79475","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-71ec-4b2b-bae5-15bb950d210b,750,Payload installation,md5,"148c1bb9d405d717252c77593aff4bd8","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-9798-4b6d-b422-15bb950d210b,750,Payload installation,md5,"ba7bb65634ce1e30c1e5415be3d1db1d","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-ac78-474c-86fe-15bb950d210b,750,Payload installation,md5,"b29ca4f22ae7b7b25f79c1d4a421139d","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-c2d0-4d24-821e-15bb950d210b,750,Payload installation,md5,"b269894f434657db2b15949641a67532","Regin samples collected.",1,20141210,,"",""
|
||||
548847da-ffe4-4a90-9f2a-15bb950d210b,750,Payload installation,md5,"22bfc970f707fd775d49e875b63c2f0c","Regin samples collected.",1,20141210,,"",""
|
||||
548847db-060c-4275-a0c7-15bb950d210b,750,Payload installation,md5,"049436bb90f71cf38549817d9b90e2da","Regin samples collected.",1,20141210,,"",""
|
||||
5488486c-1418-4624-b87c-15ba950d210b,750,Artifacts dropped,regkey,"Class\{4F20E605-9452-4787-B793-D0204917CA58}","",1,20141210,,"",""
|
||||
5488486c-47ec-4952-8e60-15ba950d210b,750,Artifacts dropped,regkey,"Class\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}","",1,20141210,,"",""
|
||||
5488486c-a044-4c31-830c-15ba950d210b,750,Artifacts dropped,regkey,"HKLM\System\CurrentControlSet\Control\","",1,20141210,,"",""
|
||||
|
|
|
|||
|
Loading…
Reference in New Issue