mirror of https://github.com/MISP/MISP
new: [eventFiltering] Added support of server and feed hits filtering
parent
accac185e1
commit
5516b4f603
|
@ -25,6 +25,10 @@ class EventsController extends AppController
|
|||
)
|
||||
);
|
||||
|
||||
private $acceptedFilteringNamedParams = array('sort', 'direction', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'attributeFilter', 'extended', 'page',
|
||||
'searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'feed', 'server',
|
||||
);
|
||||
|
||||
public $helpers = array('Js' => array('Jquery'));
|
||||
|
||||
public $paginationFunctions = array('index', 'proposalEventIndex');
|
||||
|
@ -1001,10 +1005,9 @@ class EventsController extends AppController
|
|||
|
||||
public function viewEventAttributes($id, $all = false)
|
||||
{
|
||||
$paramArray = array('searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite');
|
||||
$filterData = array(
|
||||
'request' => $this->request,
|
||||
'paramArray' => $paramArray,
|
||||
'paramArray' => $this->acceptedFilteringNamedParams,
|
||||
'named_params' => $this->params['named']
|
||||
);
|
||||
$exception = false;
|
||||
|
@ -1027,6 +1030,14 @@ class EventsController extends AppController
|
|||
$conditions['deleted'] = $filters['deleted'] == 2 ? 0 : 1;
|
||||
}
|
||||
$conditions['includeFeedCorrelations'] = true;
|
||||
if (!isset($filters['includeServerCorrelations'])) {
|
||||
$conditions['includeServerCorrelations'] = 1;
|
||||
if ($this->_isRest()) {
|
||||
$conditions['includeServerCorrelations'] = 0;
|
||||
}
|
||||
} else {
|
||||
$conditions['includeServerCorrelations'] = $filters['includeServerCorrelations'];
|
||||
}
|
||||
$conditions['includeAllTags'] = true;
|
||||
$conditions['includeGranularCorrelations'] = 1;
|
||||
if (!empty($filters['includeRelatedTags'])) {
|
||||
|
@ -1144,6 +1155,12 @@ class EventsController extends AppController
|
|||
$advancedFiltering = $this->__checkIfAdvancedFiltering($filters);
|
||||
$this->set('advancedFilteringActive', $advancedFiltering['active'] ? 1 : 0);
|
||||
$this->set('advancedFilteringActiveRules', $advancedFiltering['activeRules']);
|
||||
$attributeTags = $this->Event->Attribute->AttributeTag->getAttributesTags($this->Auth->user(), $event['Event']['id']);
|
||||
$attributeTags = array_column($attributeTags, 'name');
|
||||
$this->set('attributeTags', $attributeTags);
|
||||
$attributeClusters = $this->Event->Attribute->AttributeTag->getAttributesClusters($this->Auth->user(), $event['Event']['id']);
|
||||
$attributeClusters = array_column($attributeClusters, 'value');
|
||||
$this->set('attributeClusters', $attributeClusters);
|
||||
$this->disableCache();
|
||||
$this->layout = 'ajax';
|
||||
$this->loadModel('Sighting');
|
||||
|
@ -1165,10 +1182,9 @@ class EventsController extends AppController
|
|||
|
||||
private function __viewUI($event, $continue, $fromEvent)
|
||||
{
|
||||
$paramArray = array('searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite');
|
||||
$filterData = array(
|
||||
'request' => $this->request,
|
||||
'paramArray' => $paramArray,
|
||||
'paramArray' => $this->acceptedFilteringNamedParams,
|
||||
'named_params' => $this->params['named']
|
||||
);
|
||||
$exception = false;
|
||||
|
@ -1407,6 +1423,12 @@ class EventsController extends AppController
|
|||
$advancedFiltering = $this->__checkIfAdvancedFiltering($filters);
|
||||
$this->set('advancedFilteringActive', $advancedFiltering['active'] ? 1 : 0);
|
||||
$this->set('advancedFilteringActiveRules', $advancedFiltering['activeRules']);
|
||||
$attributeTags = $this->Event->Attribute->AttributeTag->getAttributesTags($this->Auth->user(), $event['Event']['id']);
|
||||
$attributeTags = array_column($attributeTags, 'name');
|
||||
$this->set('attributeTags', $attributeTags);
|
||||
$attributeClusters = $this->Event->Attribute->AttributeTag->getAttributesClusters($this->Auth->user(), $event['Event']['id']);
|
||||
$attributeClusters = array_column($attributeClusters, 'value');
|
||||
$this->set('attributeClusters', $attributeClusters);
|
||||
$this->set('mitreAttackGalaxyId', $this->Event->GalaxyCluster->Galaxy->getMitreAttackGalaxyId());
|
||||
$this->set('modificationMapCSV', $modificationMapCSV);
|
||||
}
|
||||
|
@ -1629,8 +1651,8 @@ class EventsController extends AppController
|
|||
|
||||
// look in the parameters if we are doing advanced filtering or not
|
||||
private function __checkIfAdvancedFiltering($filters) {
|
||||
$advancedFilteringActive = array_diff_key($filters, array('sort'=>0, 'direction'=>0, 'focus'=>0, 'extended'=>0, 'overrideLimit'=>0, 'filterColumnsOverwrite'=>0, 'attributeFilter'=>0, 'extended' => 0));
|
||||
debug($advancedFilteringActive);
|
||||
$advancedFilteringActive = array_diff_key($filters, array('sort'=>0, 'direction'=>0, 'focus'=>0, 'extended'=>0, 'overrideLimit'=>0, 'filterColumnsOverwrite'=>0, 'attributeFilter'=>0, 'extended' => 0, 'page' => 0));
|
||||
|
||||
if (count($advancedFilteringActive) > 0) {
|
||||
if (count(array_diff_key($advancedFilteringActive, array('deleted', 'includeRelatedTags'))) > 0) {
|
||||
$res = true;
|
||||
|
@ -1656,7 +1678,9 @@ class EventsController extends AppController
|
|||
'warning' => '0',
|
||||
'deleted' => '2',
|
||||
'includeRelatedTags' => '0',
|
||||
'distribution' => array('0', '1', '2', '3', '4', '5')
|
||||
'feed' => '0',
|
||||
'server' => '0',
|
||||
'distribution' => array('0', '1', '2', '3', '4', '5'),
|
||||
);
|
||||
$activeRules = 0;
|
||||
foreach ($filters as $k => $v) {
|
||||
|
@ -1664,7 +1688,7 @@ class EventsController extends AppController
|
|||
$activeRules++;
|
||||
}
|
||||
}
|
||||
return array('active' => $res, 'activeRules' => $activeRules);
|
||||
return array('active' => $activeRules > 0 ? $res : false, 'activeRules' => $activeRules);
|
||||
}
|
||||
|
||||
private function __removeChildren(&$pivot, $id)
|
||||
|
|
|
@ -4374,6 +4374,24 @@ class Event extends AppModel
|
|||
$include = $include && ($filterType['deleted'] == 2);
|
||||
}
|
||||
|
||||
/* feed */
|
||||
if ($filterType['feed'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
} else if (!empty($attribute['Feed'])) { // `include only`
|
||||
$include = $include && ($filterType['feed'] == 1);
|
||||
} else { // `exclude`
|
||||
$include = $include && ($filterType['feed'] == 2);
|
||||
}
|
||||
|
||||
/* server */
|
||||
if ($filterType['server'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
} else if (!empty($attribute['Server'])) { // `include only`
|
||||
$include = $include && ($filterType['server'] == 1);
|
||||
} else { // `exclude`
|
||||
$include = $include && ($filterType['server'] == 2);
|
||||
}
|
||||
|
||||
/* TypeGroupings */
|
||||
if (
|
||||
$filterType['attributeFilter'] != 'all'
|
||||
|
@ -4439,6 +4457,24 @@ class Event extends AppModel
|
|||
$include = $include && ($filterType['correlation'] == 2);
|
||||
}
|
||||
|
||||
/* feed */
|
||||
if ($filterType['feed'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
} else if (!empty($proposal['Feed'])) { // `include only`
|
||||
$include = $include && ($filterType['feed'] == 1);
|
||||
} else { // `exclude`
|
||||
$include = $include && ($filterType['feed'] == 2);
|
||||
}
|
||||
|
||||
/* server */
|
||||
if ($filterType['server'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
} else if (!empty($attribute['Server'])) { // `include only`
|
||||
$include = $include && ($filterType['server'] == 1);
|
||||
} else { // `exclude`
|
||||
$include = $include && ($filterType['server'] == 2);
|
||||
}
|
||||
|
||||
/* TypeGroupings */
|
||||
if (
|
||||
$filterType['attributeFilter'] != 'all'
|
||||
|
@ -4634,7 +4670,9 @@ class Event extends AppModel
|
|||
'proposal' => isset($passedArgs['proposal']) ? $passedArgs['proposal'] : 0,
|
||||
'correlation' => isset($passedArgs['correlation']) ? $passedArgs['correlation'] : 0,
|
||||
'warning' => isset($passedArgs['warning']) ? $passedArgs['warning'] : 0,
|
||||
'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0
|
||||
'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0,
|
||||
'feed' => isset($passedArgs['feed']) ? $passedArgs['feed'] : 0,
|
||||
'server' => isset($passedArgs['server']) ? $passedArgs['server'] : 0
|
||||
);
|
||||
// update proposal, correlation and warning accordingly
|
||||
if (in_array($filterType['attributeFilter'], array('proposal', 'correlation', 'warning'))) {
|
||||
|
@ -4704,7 +4742,7 @@ class Event extends AppModel
|
|||
'meta-category' => $object['meta-category'],
|
||||
'name' => $object['name'],
|
||||
'uuid' => $object['uuid'],
|
||||
'id' => $object['id'],
|
||||
'id' => isset($object['id']) ? $object['id'] : 0,
|
||||
'object_type' => $object['objectType']
|
||||
);
|
||||
}
|
||||
|
|
|
@ -118,6 +118,36 @@ function triggerEventFilteringTool(clicked) {
|
|||
1: "Yes"
|
||||
}
|
||||
},
|
||||
{
|
||||
"input": "radio",
|
||||
"type": "integer",
|
||||
"operators": [
|
||||
"equal",
|
||||
],
|
||||
"unique": true,
|
||||
"id": "feed",
|
||||
"label": "Feeds",
|
||||
"values": {
|
||||
0: "Both",
|
||||
1: "Feed hits only",
|
||||
2: "Exclude feed hits"
|
||||
}
|
||||
},
|
||||
{
|
||||
"input": "radio",
|
||||
"type": "integer",
|
||||
"operators": [
|
||||
"equal",
|
||||
],
|
||||
"unique": true,
|
||||
"id": "server",
|
||||
"label": "Servers",
|
||||
"values": {
|
||||
0: "Both",
|
||||
1: "Server hits only",
|
||||
2: "Exclude server hits"
|
||||
}
|
||||
},
|
||||
{
|
||||
"input": "checkbox",
|
||||
"type": "integer",
|
||||
|
@ -136,6 +166,7 @@ function triggerEventFilteringTool(clicked) {
|
|||
5: "Inherit",
|
||||
}
|
||||
},
|
||||
<?php if (!empty($attributeTags)): ?>
|
||||
{
|
||||
"input": "select",
|
||||
"type": "string",
|
||||
|
@ -145,8 +176,10 @@ function triggerEventFilteringTool(clicked) {
|
|||
"unique": true,
|
||||
"id": "taggedAttributes",
|
||||
"label": "Tags",
|
||||
"values": <?php echo json_encode(array()); ?>
|
||||
"values": <?php echo json_encode($attributeTags); ?>
|
||||
},
|
||||
<?php endif; ?>
|
||||
<?php if (!empty($attributeClusters)): ?>
|
||||
{
|
||||
"input": "select",
|
||||
"type": "string",
|
||||
|
@ -156,8 +189,9 @@ function triggerEventFilteringTool(clicked) {
|
|||
"unique": true,
|
||||
"id": "galaxyAttachedAttributes",
|
||||
"label": "Galaxies",
|
||||
"values": <?php echo json_encode(array()); ?>
|
||||
"values": <?php echo json_encode($attributeClusters); ?>
|
||||
},
|
||||
<?php endif; ?>
|
||||
// {
|
||||
// "input": "select",
|
||||
// "type": "string",
|
||||
|
@ -260,22 +294,36 @@ function triggerEventFilteringTool(clicked) {
|
|||
id: 'includeRelatedTags',
|
||||
value: <?php echo isset($filters['includeRelatedTags']) ? h($filters['includeRelatedTags']) : 0; ?>
|
||||
},
|
||||
{
|
||||
field: 'feed',
|
||||
id: 'feed',
|
||||
value: <?php echo isset($filters['feed']) ? h($filters['feed']) : 0; ?>
|
||||
},
|
||||
{
|
||||
field: 'server',
|
||||
id: 'server',
|
||||
value: <?php echo isset($filters['server']) ? h($filters['server']) : 0; ?>
|
||||
},
|
||||
{
|
||||
field: 'distribution',
|
||||
id: 'distribution',
|
||||
operator: 'in',
|
||||
value: <?php echo isset($filters['distribution']) ? json_encode($filters['distribution']) : json_encode(array(0, 1, 2, 3, 4, 5)); ?>
|
||||
},
|
||||
<?php if (!empty($attributeTags)): ?>
|
||||
{
|
||||
field: 'taggedAttributes',
|
||||
id: 'taggedAttributes',
|
||||
value: <?php echo isset($filters['taggedAttributes']) ? h($filters['taggedAttributes']) : 0; ?>
|
||||
},
|
||||
<?php endif; ?>
|
||||
<?php if (!empty($attributeClusters)): ?>
|
||||
{
|
||||
field: 'galaxyAttachedAttributes',
|
||||
id: 'galaxyAttachedAttributes',
|
||||
value: <?php echo isset($filters['galaxyAttachedAttributes']) ? h($filters['galaxyAttachedAttributes']) : 0; ?>
|
||||
},
|
||||
<?php endif; ?>
|
||||
// {
|
||||
// condition: 'OR',
|
||||
// not: false,
|
||||
|
|
Loading…
Reference in New Issue