MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: [eventFiltering] Added support of server and feed hits filtering

pull/4076/head
mokaddem 2019-02-13 11:30:05 +01:00
parent accac185e1
commit 5516b4f603
3 changed files with 122 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
app/Controller/EventsController.php
View File

@ -25,6 +25,10 @@ class EventsController extends AppController
)
);
private $acceptedFilteringNamedParams = array('sort', 'direction', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'attributeFilter', 'extended', 'page',
'searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'feed', 'server',
);
public $helpers = array('Js' => array('Jquery'));
public $paginationFunctions = array('index', 'proposalEventIndex');
@ -1001,10 +1005,9 @@ class EventsController extends AppController
public function viewEventAttributes($id, $all = false)
{
$paramArray = array('searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite');
$filterData = array(
'request' => $this->request,
'paramArray' => $paramArray,
'paramArray' => $this->acceptedFilteringNamedParams,
'named_params' => $this->params['named']
);
$exception = false;
@ -1027,6 +1030,14 @@ class EventsController extends AppController
$conditions['deleted'] = $filters['deleted'] == 2 ? 0 : 1;
}
$conditions['includeFeedCorrelations'] = true;
if (!isset($filters['includeServerCorrelations'])) {
$conditions['includeServerCorrelations'] = 1;
if ($this->_isRest()) {
$conditions['includeServerCorrelations'] = 0;
}
} else {
$conditions['includeServerCorrelations'] = $filters['includeServerCorrelations'];
}
$conditions['includeAllTags'] = true;
$conditions['includeGranularCorrelations'] = 1;
if (!empty($filters['includeRelatedTags'])) {
@ -1144,6 +1155,12 @@ class EventsController extends AppController
$advancedFiltering = $this->__checkIfAdvancedFiltering($filters);
$this->set('advancedFilteringActive', $advancedFiltering['active'] ? 1 : 0);
$this->set('advancedFilteringActiveRules', $advancedFiltering['activeRules']);
$attributeTags = $this->Event->Attribute->AttributeTag->getAttributesTags($this->Auth->user(), $event['Event']['id']);
$attributeTags = array_column($attributeTags, 'name');
$this->set('attributeTags', $attributeTags);
$attributeClusters = $this->Event->Attribute->AttributeTag->getAttributesClusters($this->Auth->user(), $event['Event']['id']);
$attributeClusters = array_column($attributeClusters, 'value');
$this->set('attributeClusters', $attributeClusters);
$this->disableCache();
$this->layout = 'ajax';
$this->loadModel('Sighting');
@ -1165,10 +1182,9 @@ class EventsController extends AppController
private function __viewUI($event, $continue, $fromEvent)
{
$paramArray = array('searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite');
$filterData = array(
'request' => $this->request,
'paramArray' => $paramArray,
'paramArray' => $this->acceptedFilteringNamedParams,
'named_params' => $this->params['named']
);
$exception = false;
@ -1407,6 +1423,12 @@ class EventsController extends AppController
$advancedFiltering = $this->__checkIfAdvancedFiltering($filters);
$this->set('advancedFilteringActive', $advancedFiltering['active'] ? 1 : 0);
$this->set('advancedFilteringActiveRules', $advancedFiltering['activeRules']);
$attributeTags = $this->Event->Attribute->AttributeTag->getAttributesTags($this->Auth->user(), $event['Event']['id']);
$attributeTags = array_column($attributeTags, 'name');
$this->set('attributeTags', $attributeTags);
$attributeClusters = $this->Event->Attribute->AttributeTag->getAttributesClusters($this->Auth->user(), $event['Event']['id']);
$attributeClusters = array_column($attributeClusters, 'value');
$this->set('attributeClusters', $attributeClusters);
$this->set('mitreAttackGalaxyId', $this->Event->GalaxyCluster->Galaxy->getMitreAttackGalaxyId());
$this->set('modificationMapCSV', $modificationMapCSV);
}
@ -1629,8 +1651,8 @@ class EventsController extends AppController
// look in the parameters if we are doing advanced filtering or not
private function __checkIfAdvancedFiltering($filters) {
$advancedFilteringActive = array_diff_key($filters, array('sort'=>0, 'direction'=>0, 'focus'=>0, 'extended'=>0, 'overrideLimit'=>0, 'filterColumnsOverwrite'=>0, 'attributeFilter'=>0, 'extended' => 0));
debug($advancedFilteringActive);
$advancedFilteringActive = array_diff_key($filters, array('sort'=>0, 'direction'=>0, 'focus'=>0, 'extended'=>0, 'overrideLimit'=>0, 'filterColumnsOverwrite'=>0, 'attributeFilter'=>0, 'extended' => 0, 'page' => 0));
if (count($advancedFilteringActive) > 0) {
if (count(array_diff_key($advancedFilteringActive, array('deleted', 'includeRelatedTags'))) > 0) {
$res = true;
@ -1656,7 +1678,9 @@ class EventsController extends AppController
'warning' => '0',
'deleted' => '2',
'includeRelatedTags' => '0',
'distribution' => array('0', '1', '2', '3', '4', '5')
'feed' => '0',
'server' => '0',
'distribution' => array('0', '1', '2', '3', '4', '5'),
);
$activeRules = 0;
foreach ($filters as $k => $v) {
@ -1664,7 +1688,7 @@ class EventsController extends AppController
$activeRules++;
}
}
return array('active' => $res, 'activeRules' => $activeRules);
return array('active' => $activeRules > 0 ? $res : false, 'activeRules' => $activeRules);
}
private function __removeChildren(&$pivot, $id)

42
app/Model/Event.php
View File

@ -4374,6 +4374,24 @@ class Event extends AppModel
$include = $include && ($filterType['deleted'] == 2);
}
/* feed */
if ($filterType['feed'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($attribute['Feed'])) { // `include only`
$include = $include && ($filterType['feed'] == 1);
} else { // `exclude`
$include = $include && ($filterType['feed'] == 2);
}
/* server */
if ($filterType['server'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($attribute['Server'])) { // `include only`
$include = $include && ($filterType['server'] == 1);
} else { // `exclude`
$include = $include && ($filterType['server'] == 2);
}
/* TypeGroupings */
if (
$filterType['attributeFilter'] != 'all'
@ -4439,6 +4457,24 @@ class Event extends AppModel
$include = $include && ($filterType['correlation'] == 2);
}
/* feed */
if ($filterType['feed'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($proposal['Feed'])) { // `include only`
$include = $include && ($filterType['feed'] == 1);
} else { // `exclude`
$include = $include && ($filterType['feed'] == 2);
}
/* server */
if ($filterType['server'] == 0) { // `both`
// pass, do not consider as `both` is selected
} else if (!empty($attribute['Server'])) { // `include only`
$include = $include && ($filterType['server'] == 1);
} else { // `exclude`
$include = $include && ($filterType['server'] == 2);
}
/* TypeGroupings */
if (
$filterType['attributeFilter'] != 'all'
@ -4634,7 +4670,9 @@ class Event extends AppModel
'proposal' => isset($passedArgs['proposal']) ? $passedArgs['proposal'] : 0,
'correlation' => isset($passedArgs['correlation']) ? $passedArgs['correlation'] : 0,
'warning' => isset($passedArgs['warning']) ? $passedArgs['warning'] : 0,
'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0
'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0,
'feed' => isset($passedArgs['feed']) ? $passedArgs['feed'] : 0,
'server' => isset($passedArgs['server']) ? $passedArgs['server'] : 0
);
// update proposal, correlation and warning accordingly
if (in_array($filterType['attributeFilter'], array('proposal', 'correlation', 'warning'))) {
@ -4704,7 +4742,7 @@ class Event extends AppModel
'meta-category' => $object['meta-category'],
'name' => $object['name'],
'uuid' => $object['uuid'],
'id' => $object['id'],
'id' => isset($object['id']) ? $object['id'] : 0,
'object_type' => $object['objectType']
);
}

52
app/View/Elements/Events/View/eventFilteringQueryBuilder.ctp
View File

@ -118,6 +118,36 @@ function triggerEventFilteringTool(clicked) {
1: "Yes"
}
},
{
"input": "radio",
"type": "integer",
"operators": [
"equal",
],
"unique": true,
"id": "feed",
"label": "Feeds",
"values": {
0: "Both",
1: "Feed hits only",
2: "Exclude feed hits"
}
},
{
"input": "radio",
"type": "integer",
"operators": [
"equal",
],
"unique": true,
"id": "server",
"label": "Servers",
"values": {
0: "Both",
1: "Server hits only",
2: "Exclude server hits"
}
},
{
"input": "checkbox",
"type": "integer",
@ -136,6 +166,7 @@ function triggerEventFilteringTool(clicked) {
5: "Inherit",
}
},
<?php if (!empty($attributeTags)): ?>
{
"input": "select",
"type": "string",
@ -145,8 +176,10 @@ function triggerEventFilteringTool(clicked) {
"unique": true,
"id": "taggedAttributes",
"label": "Tags",
"values": <?php echo json_encode(array()); ?>
"values": <?php echo json_encode($attributeTags); ?>
},
<?php endif; ?>
<?php if (!empty($attributeClusters)): ?>
{
"input": "select",
"type": "string",
@ -156,8 +189,9 @@ function triggerEventFilteringTool(clicked) {
"unique": true,
"id": "galaxyAttachedAttributes",
"label": "Galaxies",
"values": <?php echo json_encode(array()); ?>
"values": <?php echo json_encode($attributeClusters); ?>
},
<?php endif; ?>
// {
// "input": "select",
// "type": "string",
@ -260,22 +294,36 @@ function triggerEventFilteringTool(clicked) {
id: 'includeRelatedTags',
value: <?php echo isset($filters['includeRelatedTags']) ? h($filters['includeRelatedTags']) : 0; ?>
},
{
field: 'feed',
id: 'feed',
value: <?php echo isset($filters['feed']) ? h($filters['feed']) : 0; ?>
},
{
field: 'server',
id: 'server',
value: <?php echo isset($filters['server']) ? h($filters['server']) : 0; ?>
},
{
field: 'distribution',
id: 'distribution',
operator: 'in',
value: <?php echo isset($filters['distribution']) ? json_encode($filters['distribution']) : json_encode(array(0, 1, 2, 3, 4, 5)); ?>
},
<?php if (!empty($attributeTags)): ?>
{
field: 'taggedAttributes',
id: 'taggedAttributes',
value: <?php echo isset($filters['taggedAttributes']) ? h($filters['taggedAttributes']) : 0; ?>
},
<?php endif; ?>
<?php if (!empty($attributeClusters)): ?>
{
field: 'galaxyAttachedAttributes',
id: 'galaxyAttachedAttributes',
value: <?php echo isset($filters['galaxyAttachedAttributes']) ? h($filters['galaxyAttachedAttributes']) : 0; ?>
},
<?php endif; ?>
// {
// condition: 'OR',
// not: false,