mirror of https://github.com/MISP/MISP
Some modifications to category/attribute matrix. MISP database is now compatible for sync with CyDefSIG.
parent
2d8695732d
commit
50e3566f3a
|
@ -185,13 +185,6 @@ class AppController extends Controller {
|
|||
* Log in as admin user and
|
||||
* Then run this function by setting debug = 1 (or more) and call /events/migrate02to021
|
||||
*/
|
||||
function migrate02to021() {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
|
||||
// search for composite value1 fields and explode it to value1 and value2
|
||||
_explodeValueToValues();
|
||||
|
||||
}
|
||||
function _explodeValueToValues() {
|
||||
// search for composite value1 fields and explode it to value1 and value2
|
||||
$this->loadModel('Attribute');
|
||||
|
@ -219,6 +212,13 @@ class AppController extends Controller {
|
|||
echo "</ul> DONE.";
|
||||
}
|
||||
|
||||
function migrate02to021() {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
|
||||
// search for composite value1 fields and explode it to value1 and value2
|
||||
$this->_explodeValueToValues();
|
||||
|
||||
}
|
||||
|
||||
function migrate021to022() {
|
||||
if (!self::_isAdmin()) throw new NotFoundException();
|
||||
|
@ -227,25 +227,25 @@ class AppController extends Controller {
|
|||
|
||||
// replace empty category
|
||||
// not easy as we have to guess the category from the type
|
||||
// $this->loadModel('Attribute');
|
||||
// $params = array(
|
||||
// 'conditions' => array('Attribute.type' => ''),
|
||||
// 'recursive' => 0,
|
||||
// 'fields' => array('Attribute.id'),
|
||||
// );
|
||||
// $attributes = $this->Attribute->find('all', $params);
|
||||
// echo '<p>Replacing empty categories by OtherExploding composite fields in 2 columns: </p><ul>';
|
||||
// foreach ($attributes as $attribute) {
|
||||
// $pieces = explode('|', $attribute['Attribute']['value1']);
|
||||
// if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
|
||||
|
||||
// $this->Attribute->id = $attribute['Attribute']['id'];
|
||||
// echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';
|
||||
// $this->Attribute->saveField('value1', $pieces[0]);
|
||||
// $this->Attribute->id = $attribute['Attribute']['id'];
|
||||
// $this->Attribute->saveField('value2', $pieces[1]);
|
||||
// }
|
||||
// echo "</ul> DONE</p>";
|
||||
//$this->loadModel('Attribute');
|
||||
// $params = array(
|
||||
// 'conditions' => array('Attribute.type' => ''),
|
||||
// 'recursive' => 0,
|
||||
// 'fields' => array('Attribute.id'),
|
||||
// );
|
||||
// $attributes = $this->Attribute->find('all', $params);
|
||||
// echo '<p>Replacing empty categories by OtherExploding composite fields in 2 columns: </p><ul>';
|
||||
// foreach ($attributes as $attribute) {
|
||||
// $pieces = explode('|', $attribute['Attribute']['value1']);
|
||||
// if (2 != sizeof($pieces)) continue; // do nothing if not 2 pieces
|
||||
|
||||
// $this->Attribute->id = $attribute['Attribute']['id'];
|
||||
// echo '<li>'.$attribute['Attribute']['id'].' --> '.$attribute['Attribute']['value1'].' --> '.$pieces[0].' --> '.$pieces[1].'</li> ';
|
||||
// $this->Attribute->saveField('value1', $pieces[0]);
|
||||
// $this->Attribute->id = $attribute['Attribute']['id'];
|
||||
// $this->Attribute->saveField('value2', $pieces[1]);
|
||||
// }
|
||||
// echo "</ul> DONE</p>";
|
||||
|
||||
// search for incompatible combination of category / type
|
||||
|
||||
|
|
|
@ -77,12 +77,12 @@ class Attribute extends AppModel {
|
|||
'Antivirus detection' => array(
|
||||
'desc' => 'All the info about how the malware is detected by the antivirus products',
|
||||
'formdesc' => 'List of anti-virus vendors detecting the malware or information on detection performance (e.g. 13/43 or 67%).<br/>Attachment with list of detection or link to VirusTotal could be placed here as well.',
|
||||
'types' => array('link', 'comment', 'text', 'other')
|
||||
'types' => array('link', 'comment', 'text', 'attachment', 'other')
|
||||
),
|
||||
'Payload delivery' => array(
|
||||
'desc' => 'Information about how the malware is delivered',
|
||||
'formdesc' => 'Information about the way the malware payload is initially delivered, <br/>for example information about the email or web-site, vulnerability used, originating IP etc. <br/>Malware sample itself should be attached here.',
|
||||
'types' => array('md5', 'sha1', 'filename', 'filename|md5', 'filename|sha1', 'ip-src', 'ip-dst', 'hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'url', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'other')
|
||||
'types' => array('md5', 'sha1', 'filename', 'filename|md5', 'filename|sha1', 'ip-src', 'ip-dst', 'hostname', 'domain', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'url', 'ip-dst', 'user-agent', 'AS', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'malware-sample', 'link', 'comment', 'text', 'vulnerability', 'other')
|
||||
),
|
||||
'Artifacts dropped' => array(
|
||||
'desc' => 'Any artifact (files, registry keys etc.) dropped by the malware or other modifications to the system',
|
||||
|
@ -100,7 +100,7 @@ class Attribute extends AppModel {
|
|||
),
|
||||
'Network activity' => array(
|
||||
'desc' => 'Information about network traffic generated by the malware',
|
||||
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'comment', 'text', 'other')
|
||||
'types' => array('ip-src', 'ip-dst', 'hostname', 'domain', 'email-dst', 'url', 'user-agent', 'AS', 'snort', 'pattern-in-file', 'pattern-in-traffic', 'attachment', 'comment', 'text', 'other')
|
||||
),
|
||||
'Payload type' => array(
|
||||
'desc' => 'Information about the final payload(s)',
|
||||
|
|
Loading…
Reference in New Issue