mirror of https://github.com/MISP/MISP
Merge pull request #9440 from chrisr3d/develop
Handling clusters distribution and sharing group for content imported from STIX 2.xpull/9594/head
Christian Studer
GitHub
commit
54c15476c6
|
|
@ -2408,14 +2408,14 @@ class EventsController extends AppController
|
|||
}
|
||||
if (isset($this->params['named']['distribution'])) {
|
||||
$distribution = intval($this->params['named']['distribution']);
|
||||
if (array_key_exists($distribution, $distributionLevels)) {
|
||||
$initialDistribution = $distribution;
|
||||
} else {
|
||||
if (!array_key_exists($distribution, $distributionLevels)) {
|
||||
throw new MethodNotAllowedException(__('Wrong distribution level'));
|
||||
}
|
||||
} else {
|
||||
$distribution = $initialDistribution;
|
||||
}
|
||||
$sharingGroupId = null;
|
||||
if ($initialDistribution == 4) {
|
||||
if ($distribution == 4) {
|
||||
if (!isset($this->params['named']['sharing_group_id'])) {
|
||||
throw new MethodNotAllowedException(__('The sharing group id is needed when the distribution is set to 4 ("Sharing group").'));
|
||||
}
|
||||
|
|
@ -2424,8 +2424,25 @@ class EventsController extends AppController
|
|||
throw new MethodNotAllowedException(__('Please select a valid sharing group id.'));
|
||||
}
|
||||
}
|
||||
$clusterDistribution = $initialDistribution;
|
||||
$clusterSharingGroupId = null;
|
||||
if (isset($this->params['named']['galaxies_as_tags'])) {
|
||||
$galaxies_as_tags = $this->params['named']['galaxies_as_tags'];
|
||||
if (isset($this->params['name']['cluster_distribution'])) {
|
||||
$clusterDistribution = intval($this->params['named']['cluster_distribution']);
|
||||
if (!array_key_exists($clusterDistribution, $distributionLevels)) {
|
||||
throw new MethodNotAllowedException(__('Wrong cluster distribution level'));
|
||||
}
|
||||
if ($clusterDistribution == 4) {
|
||||
if (!isset($this->params['named']['cluster_sharing_group_id'])) {
|
||||
throw new MethodNotAllowedException(__('The cluster sharing group id is needed when the cluster distribution is set to 4 ("Sharing group").'));
|
||||
}
|
||||
$clusterSharingGroupId = intval($this->params['named']['cluster_sharing_group_id']);
|
||||
if (!array_key_exists($clusterSharingGroupId, $sgs)) {
|
||||
throw new MethodNotAllowedException(__('Please select a valid cluster sharing group id.'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (isset($this->params['named']['debugging'])) {
|
||||
$debug = $this->params['named']['debugging'];
|
||||
|
|
@ -2437,9 +2454,11 @@ class EventsController extends AppController
|
|||
$stix_version,
|
||||
'uploaded_stix_file.' . ($stix_version == '1' ? 'xml' : 'json'),
|
||||
$publish,
|
||||
$initialDistribution,
|
||||
$distribution,
|
||||
$sharingGroupId,
|
||||
$galaxies_as_tags,
|
||||
$clusterDistribution,
|
||||
$clusterSharingGroupId,
|
||||
$debug
|
||||
);
|
||||
if (is_numeric($result)) {
|
||||
|
|
@ -2471,6 +2490,8 @@ class EventsController extends AppController
|
|||
$this->data['Event']['distribution'],
|
||||
$this->data['Event']['sharing_group_id'] ?? null,
|
||||
$this->data['Event']['galaxies_handling'],
|
||||
$this->data['Event']['cluster_distribution'],
|
||||
$this->data['Event']['cluster_sharing_group_id'] ?? null,
|
||||
$debug
|
||||
);
|
||||
if (is_numeric($result)) {
|
||||
|
|
|
|||
|
|
@ -5995,15 +5995,17 @@ class Event extends AppModel
|
|||
* @param int $distribution
|
||||
* @param int|null $sharingGroupId
|
||||
* @param bool $galaxiesAsTags
|
||||
* @param int $clusterDistribution
|
||||
* @param int|null $clusterSharingGroupId
|
||||
* @param bool $debug
|
||||
* @return int|string|array
|
||||
* @throws JsonException
|
||||
* @throws InvalidArgumentException
|
||||
* @throws Exception
|
||||
*/
|
||||
public function upload_stix(array $user, $file, $stixVersion, $originalFile, $publish, $distribution, $sharingGroupId, $galaxiesAsTags, $debug = false)
|
||||
public function upload_stix(array $user, $file, $stixVersion, $originalFile, $publish, $distribution, $sharingGroupId, $galaxiesAsTags, $clusterDistribution, $clusterSharingGroupId, $debug = false)
|
||||
{
|
||||
$decoded = $this->convertStixToMisp($stixVersion, $file, $distribution, $sharingGroupId, $galaxiesAsTags, $debug);
|
||||
$decoded = $this->convertStixToMisp($stixVersion, $file, $distribution, $sharingGroupId, $galaxiesAsTags, $clusterDistribution, $clusterSharingGroupId, $user['Organisation']['uuid'], $debug);
|
||||
|
||||
if (!empty($decoded['success'])) {
|
||||
$data = JsonTool::decodeArray($decoded['converted']);
|
||||
|
|
@ -6067,11 +6069,14 @@ class Event extends AppModel
|
|||
* @param int $distribution
|
||||
* @param int|null $sharingGroupId
|
||||
* @param bool $galaxiesAsTags
|
||||
* @param int $clusterDistribution
|
||||
* @param int|null $clusterSharingGroupId
|
||||
* @param string $orgUuid
|
||||
* @param bool $debug
|
||||
* @return array
|
||||
* @throws Exception
|
||||
*/
|
||||
private function convertStixToMisp($stixVersion, $file, $distribution, $sharingGroupId, $galaxiesAsTags, $debug)
|
||||
private function convertStixToMisp($stixVersion, $file, $distribution, $sharingGroupId, $galaxiesAsTags, $clusterDistribution, $clusterSharingGroupId, $orgUuid, $debug)
|
||||
{
|
||||
$scriptDir = APP . 'files' . DS . 'scripts';
|
||||
if ($stixVersion === '2' || $stixVersion === '2.0' || $stixVersion === '2.1') {
|
||||
|
|
@ -6082,12 +6087,18 @@ class Event extends AppModel
|
|||
$scriptFile,
|
||||
'-i', $file,
|
||||
'--distribution', $distribution,
|
||||
'--org_uuid', $orgUuid
|
||||
];
|
||||
if ($distribution == 4) {
|
||||
array_push($shellCommand, '--sharing_group_id', $sharingGroupId);
|
||||
}
|
||||
if ($galaxiesAsTags) {
|
||||
$shellCommand[] = '--galaxies_as_tags';
|
||||
} else {
|
||||
array_push($shell_command, '--cluster_distribution', $clusterDistribution);
|
||||
if ($clusterDistribution == 4) {
|
||||
array_push($shell_command, '--cluster_sharing_group_id', $clusterSharingGroupId);
|
||||
}
|
||||
}
|
||||
if ($debug) {
|
||||
$shellCommand[] = '--debug';
|
||||
|
|
|
|||
|
|
@ -28,10 +28,13 @@
|
|||
'selected' => $initialDistribution,
|
||||
));
|
||||
if (!empty($sharingGroups)) {
|
||||
echo $this->Form->input('sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Sharing Group'),
|
||||
));
|
||||
$SGContainer = $this->Form->input(
|
||||
'sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Sharing Group'),
|
||||
)
|
||||
);
|
||||
echo '<div id="SGContainer" style="display:none;">' . $SGContainer . '</div>';
|
||||
}
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
|
|
@ -64,6 +67,36 @@
|
|||
'label' => __('How to handle Galaxies and Clusters') . $galaxiesFormInfo,
|
||||
'selected' => 0
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
$clusterDistributionFormInfo = $this->element(
|
||||
'genericElements/Form/formInfo',
|
||||
[
|
||||
'field' => [
|
||||
'field' => 'cluster_distribution'
|
||||
],
|
||||
'modelForForm' => 'Event',
|
||||
'fieldDesc' => $fieldDesc['distribution'],
|
||||
]
|
||||
);
|
||||
$clusterDistribution = $this->Form->input(
|
||||
'cluster_distribution', array(
|
||||
'options' => $distributionLevels,
|
||||
'label' => __('Cluster distribution ') . $clusterDistributionFormInfo,
|
||||
'selected' => $initialDistribution,
|
||||
)
|
||||
);
|
||||
echo '<div id="ClusterDistribution" style="display:none;">' . $clusterDistribution . '</div>';
|
||||
if (!empty($sharingGroups)) {
|
||||
$clusterSGContainer = $this->Form->input(
|
||||
'cluster_sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Cluster Sharing Group'),
|
||||
)
|
||||
);
|
||||
echo '<div id="ClusterSGContainer" style="display:none;">' . $clusterSGContainer . '</div>';
|
||||
}
|
||||
}
|
||||
if ($me['Role']['perm_site_admin'] && Configure::read('debug') > 0) {
|
||||
$debugFormInfo = $this->element(
|
||||
|
|
@ -101,4 +134,26 @@ $(function(){
|
|||
});
|
||||
checkSharingGroup('Event');
|
||||
});
|
||||
$(function(){
|
||||
$('#EventGalaxiesHandling').change(function() {
|
||||
if ($(this).val() == 0) {
|
||||
$('#ClusterDistribution').show();
|
||||
if ($('#EventClusterDistribution').val() == 4) {
|
||||
$('#ClusterSGContainer').show();
|
||||
}
|
||||
} else {
|
||||
$('#ClusterDistribution').hide();
|
||||
$('#ClusterSGContainer').hide();
|
||||
}
|
||||
}).change();
|
||||
});
|
||||
$(function(){
|
||||
$('#EventClusterDistribution').change(function() {
|
||||
if ($(this).val() == 4 && $('#EventGalaxiesHandling').val() == 0) {
|
||||
$('#ClusterSGContainer').show();
|
||||
} else {
|
||||
$('#ClusterSGContainer').hide();
|
||||
}
|
||||
}).change();
|
||||
});
|
||||
</script>
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit b8b8b7445754ea3cbc84e2d0b434ecd08740ef95
|
||||
Subproject commit dd3037ee7f31c1f43a3ad3aaaa6cccfa232dc530
|
||||
|
|
@ -29,10 +29,26 @@ sys.path.insert(2, str(_scripts_path / 'python-cybox'))
|
|||
sys.path.insert(3, str(_scripts_path / 'mixbox'))
|
||||
sys.path.insert(4, str(_scripts_path / 'misp-stix'))
|
||||
from misp_stix_converter import (
|
||||
ExternalSTIX2toMISPParser, InternalSTIX2toMISPParser, _from_misp)
|
||||
ExternalSTIX2toMISPParser, InternalSTIX2toMISPParser,
|
||||
MISP_org_uuid, _from_misp)
|
||||
from stix2.parsing import parse as stix2_parser
|
||||
|
||||
|
||||
def _get_stix_parser(from_misp, args):
|
||||
arguments = {
|
||||
'distribution': args.distribution,
|
||||
'galaxies_as_tags': args.galaxies_as_tags
|
||||
}
|
||||
if args.distribution == 4 and args.sharing_group_id is not None:
|
||||
arguments['sharing_group_id'] = args.sharing_group_id
|
||||
if from_misp:
|
||||
return 'InternalSTIX2toMISPParser', arguments
|
||||
arguments['cluster_distribution'] = args.cluster_distribution
|
||||
if args.cluster_distribution == 4 and args.cluster_sharing_group_id is not None:
|
||||
arguments['cluster_sharing_group_id'] = args.cluster_sharing_group_id
|
||||
return 'ExternalSTIX2toMISPParser', arguments
|
||||
|
||||
|
||||
def _handle_return_message(traceback):
|
||||
if isinstance(traceback, dict):
|
||||
messages = []
|
||||
|
|
@ -51,14 +67,8 @@ def _process_stix_file(args: argparse.Namespace):
|
|||
f.read(), allow_custom=True, interoperability=True
|
||||
)
|
||||
stix_version = getattr(bundle, 'version', '2.1')
|
||||
to_call = 'Internal' if _from_misp(bundle.objects) else 'External'
|
||||
arguments = {
|
||||
'distribution': args.distribution,
|
||||
'galaxies_as_tags': args.galaxies_as_tags
|
||||
}
|
||||
if args.distribution == 4 and args.sharing_group_id is not None:
|
||||
arguments['sharing_group_id'] = args.sharing_group_id
|
||||
parser = globals()[f'{to_call}STIX2toMISPParser'](**arguments)
|
||||
to_call, arguments = _get_stix_parser(_from_misp(bundle.objects), args)
|
||||
parser = globals()[to_call](**arguments)
|
||||
parser.load_stix_bundle(bundle)
|
||||
parser.parse_stix_bundle(single_event=True)
|
||||
with open(f'{args.input}.out', 'wt', encoding='utf-8') as f:
|
||||
|
|
@ -94,6 +104,10 @@ if __name__ == '__main__':
|
|||
'-i', '--input', required=True, type=Path,
|
||||
help='Input file containing STIX 2 content.'
|
||||
)
|
||||
argparser.add_argument(
|
||||
'--org_uuid', default=MISP_org_uuid,
|
||||
help='Organisation UUID to use when creating custom Galaxy clusters.'
|
||||
)
|
||||
argparser.add_argument(
|
||||
'--distribution', type=int, default=0,
|
||||
help='Distribution level for the resulting MISP Event.'
|
||||
|
|
@ -110,6 +124,14 @@ if __name__ == '__main__':
|
|||
'--galaxies_as_tags', action='store_true',
|
||||
help='Import MISP Galaxies as tag names.'
|
||||
)
|
||||
argparser.add_argument(
|
||||
'--cluster_distribution', type=int, default=0,
|
||||
help='Cluster distribution level for clusters generated from STIX 2.x objects'
|
||||
)
|
||||
argparser.add_argument(
|
||||
'--cluster_sharing_group_id', type=int,
|
||||
help='Cluster sharing group id when the cluster distribution level is 4.'
|
||||
)
|
||||
try:
|
||||
args = argparser.parse_args()
|
||||
except SystemExit as e:
|
||||
|
|
|
|||
Loading…
Reference in New Issue