mirror of https://github.com/MISP/MISP
add: [stix import] Supporting the STIX 2 objects import as Galaxies 2.0
- Extracting the Galaxies & Clusters - Using the `importGalaxyAndClusters` endpoint to handle the creation of new Galaxies & Clusters - Passing the related tag names to have the clusters attached to the right data structurespull/9044/head
Christian Studer
parent
0de2eea029
commit
532284fdb1
|
|
@ -5837,7 +5837,7 @@ class Event extends AppModel
|
|||
* @throws InvalidArgumentException
|
||||
* @throws Exception
|
||||
*/
|
||||
public function upload_stix(array $user, $file, $stix_version, $original_file, $publish, $galaxies_as_tags, $debug = false)
|
||||
public function upload_stix(array $user, $file, $stix_version, $original_file, $publish, $galaxiesAsTags, $debug = false)
|
||||
{
|
||||
$scriptDir = APP . 'files' . DS . 'scripts';
|
||||
if ($stix_version == '2' || $stix_version == '2.0' || $stix_version == '2.1') {
|
||||
|
|
@ -5848,7 +5848,7 @@ class Event extends AppModel
|
|||
$scriptFile,
|
||||
'-i', $file
|
||||
];
|
||||
if ($galaxies_as_tags) {
|
||||
if ($galaxiesAsTags) {
|
||||
$shell_command[] = '--galaxies_as_tags';
|
||||
}
|
||||
if ($debug) {
|
||||
|
|
@ -5883,6 +5883,26 @@ class Event extends AppModel
|
|||
if (empty($data['Event'])) {
|
||||
$data = array('Event' => $data);
|
||||
}
|
||||
if (!$galaxiesAsTags) {
|
||||
if (!isset($this->GalaxyCluster)) {
|
||||
$this->GalaxyCluster = ClassRegistry::init('GalaxyCluster');
|
||||
}
|
||||
$this->__handleGalaxiesAndClusters($user, $data['Event']);
|
||||
if (!empty($data['Event']['Attribute'])) {
|
||||
foreach ($data['Event']['Attribute'] as &$attribute) {
|
||||
$this->__handleGalaxiesAndClusters($user, $attribute);
|
||||
}
|
||||
}
|
||||
if (!empty($data['Event']['Object'])) {
|
||||
foreach ($data['Event']['Object'] as &$misp_object) {
|
||||
if (!empty($misp_object['Attribute'])) {
|
||||
foreach ($misp_object['Attribute'] as &$attribute) {
|
||||
$this->__handleGalaxiesAndClusters($user, $attribute);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!empty($decoded['stix_version'])) {
|
||||
$stix_version = 'STIX ' . $decoded['stix_version'];
|
||||
}
|
||||
|
|
@ -5914,6 +5934,19 @@ class Event extends AppModel
|
|||
return $response;
|
||||
}
|
||||
|
||||
private function __handleGalaxiesAndClusters($user, &$data)
|
||||
{
|
||||
if (!empty($data['Galaxy'])) {
|
||||
$tag_names = $this->GalaxyCluster->convertGalaxyClustersToTags($user, $data['Galaxy']);
|
||||
if (empty($data['Tag'])) {
|
||||
$data['Tag'] = [];
|
||||
}
|
||||
foreach ($tag_names as $tag_name) {
|
||||
$data['Tag'][] = array('name' => $tag_name);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $scriptDir
|
||||
* @return string
|
||||
|
|
|
|||
|
|
@ -2071,4 +2071,31 @@ class GalaxyCluster extends AppModel
|
|||
}
|
||||
return $CyCatRelations;
|
||||
}
|
||||
|
||||
/**
|
||||
* convertGalaxyClustersToTags
|
||||
*
|
||||
* @param array $user
|
||||
* @param array $galaxies
|
||||
* @return array The tag names extracted from galaxy clusters
|
||||
*/
|
||||
public function convertGalaxyClustersToTags($user, $galaxies)
|
||||
{
|
||||
$galaxyClusters = [];
|
||||
$tag_names = [];
|
||||
foreach ($galaxies as $galaxy) {
|
||||
if (empty($galaxy['GalaxyCluster'])) {
|
||||
continue;
|
||||
}
|
||||
$clusters = $galaxy['GalaxyCluster'];
|
||||
unset($galaxy['GalaxyCluster']);
|
||||
foreach ($clusters as $cluster) {
|
||||
$cluster['Galaxy'] = $galaxy;
|
||||
$galaxyClusters[] = array('GalaxyCluster' => $cluster);
|
||||
$tag_names[] = !empty($cluster['tag_name']) ? $cluster['tag_name'] : 'misp-galaxy:' . $cluster['type'] . '="' . $cluster['uuid'] . '"';
|
||||
}
|
||||
}
|
||||
$this->Galaxy->importGalaxyAndClusters($user, $galaxyClusters);
|
||||
return $tag_names;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue