mirror of https://github.com/MISP/MISP
chg: [sightingdb] Added support for bulk lookups and namespacing
- aligned with the latest version of the sightingdb (support for the /rb endpoint) - added namespacing as an option / sightingdb connection, defaults to "all" if left emptypull/5390/head
parent
f9e4569e17
commit
5f25f451df
|
@ -74,7 +74,7 @@ class SightingdbController extends AppController
|
||||||
if (empty($this->request->data['Sightingdb'])) {
|
if (empty($this->request->data['Sightingdb'])) {
|
||||||
$this->request->data = array('Sightingdb' => $this->request->data);
|
$this->request->data = array('Sightingdb' => $this->request->data);
|
||||||
}
|
}
|
||||||
$keys = array('host', 'port', 'description', 'name', 'owner', 'enabled', 'skip_proxy', 'ssl_skip_verification');
|
$keys = array('host', 'port', 'description', 'name', 'owner', 'enabled', 'skip_proxy', 'ssl_skip_verification', 'namespace');
|
||||||
foreach ($keys as $key) {
|
foreach ($keys as $key) {
|
||||||
if (!empty($this->request->data['Sightingdb'][$key])) {
|
if (!empty($this->request->data['Sightingdb'][$key])) {
|
||||||
$existingEntry['Sightingdb'][$key] = $this->request->data['Sightingdb'][$key];
|
$existingEntry['Sightingdb'][$key] = $this->request->data['Sightingdb'][$key];
|
||||||
|
|
|
@ -76,7 +76,7 @@ class AppModel extends Model
|
||||||
21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
|
21 => false, 22 => false, 23 => false, 24 => false, 25 => false, 26 => false,
|
||||||
27 => false, 28 => false, 29 => false, 30 => false, 31 => false, 32 => false,
|
27 => false, 28 => false, 29 => false, 30 => false, 31 => false, 32 => false,
|
||||||
33 => false, 34 => false, 35 => false, 36 => false, 37 => false, 38 => false,
|
33 => false, 34 => false, 35 => false, 36 => false, 37 => false, 38 => false,
|
||||||
39 => false, 40 => false, 41 => false, 42 => false
|
39 => false, 40 => false, 41 => false, 42 => false, 43 => false
|
||||||
);
|
);
|
||||||
|
|
||||||
public $advanced_updates_description = array(
|
public $advanced_updates_description = array(
|
||||||
|
@ -1295,6 +1295,9 @@ class AppModel extends Model
|
||||||
INDEX `org_id` (`org_id`)
|
INDEX `org_id` (`org_id`)
|
||||||
) ENGINE=InnoDB;";
|
) ENGINE=InnoDB;";
|
||||||
break;
|
break;
|
||||||
|
case 43:
|
||||||
|
$sqlArray[] = "ALTER TABLE sightingdbs ADD namespace varchar(255) DEFAULT '';";
|
||||||
|
break;
|
||||||
case 'fixNonEmptySharingGroupID':
|
case 'fixNonEmptySharingGroupID':
|
||||||
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
$sqlArray[] = 'UPDATE `events` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||||
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
$sqlArray[] = 'UPDATE `attributes` SET `sharing_group_id` = 0 WHERE `distribution` != 4;';
|
||||||
|
|
|
@ -237,28 +237,48 @@ class Sightingdb extends AppModel
|
||||||
'skip_proxy' => !empty($sightingdb['Sightingdb']['skip_proxy'])
|
'skip_proxy' => !empty($sightingdb['Sightingdb']['skip_proxy'])
|
||||||
);
|
);
|
||||||
$HttpSocket = $syncTool->createHttpSocket($params);
|
$HttpSocket = $syncTool->createHttpSocket($params);
|
||||||
|
$payload = array('items' => array());
|
||||||
|
$namespace = empty($sightingdb['Sightingdb']['namespace']) ? 'all' : $sightingdb['Sightingdb']['namespace'];
|
||||||
|
$valueLookup = array();
|
||||||
foreach ($values as $k => $value) {
|
foreach ($values as $k => $value) {
|
||||||
try {
|
$hashedValue = hash('sha256', $k);
|
||||||
$response = $HttpSocket->get(
|
$payload['items'][] = array(
|
||||||
sprintf(
|
'namespace' => $namespace,
|
||||||
'%s:%s/r/all?val=%s',
|
'value' => $hashedValue
|
||||||
$host,
|
);
|
||||||
$port,
|
$valueLookup[$hashedValue] = $k;
|
||||||
hash('sha256', $k)
|
}
|
||||||
)
|
$request = array(
|
||||||
);
|
'header' => array(
|
||||||
} catch (Exception $e) {
|
'Accept' => 'application/json',
|
||||||
return $values;
|
'Content-Type' => 'application/json'
|
||||||
}
|
)
|
||||||
if ($response->code == 200) {
|
);
|
||||||
$responseData = json_decode($response->body, true);
|
try {
|
||||||
if ($responseData !== false && empty($responseData['error'])) {
|
$response = $HttpSocket->post(
|
||||||
$values[$k][$sightingdb['Sightingdb']['id']] = array(
|
sprintf(
|
||||||
'first_seen' => $responseData['first_seen'],
|
'%s:%s/rb',
|
||||||
'last_seen' => $responseData['last_seen'],
|
$host,
|
||||||
'count' => $responseData['count'],
|
$port
|
||||||
'sightingdb_id' => $sightingdb['Sightingdb']['id']
|
),
|
||||||
);
|
json_encode($payload),
|
||||||
|
$request
|
||||||
|
);
|
||||||
|
} catch (Exception $e) {
|
||||||
|
return $values;
|
||||||
|
}
|
||||||
|
if ($response->code == 200) {
|
||||||
|
$responseData = json_decode($response->body, true);
|
||||||
|
if ($responseData !== false && empty($responseData['error'])) {
|
||||||
|
foreach ($responseData['items'] as $k => $item) {
|
||||||
|
if (empty($item['error'])) {
|
||||||
|
$values[$valueLookup[$item['value']]][$sightingdb['Sightingdb']['id']] = array(
|
||||||
|
'first_seen' => $item['first_seen'],
|
||||||
|
'last_seen' => $item['last_seen'],
|
||||||
|
'count' => $item['count'],
|
||||||
|
'sightingdb_id' => $sightingdb['Sightingdb']['id']
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,6 +24,10 @@
|
||||||
'field' => 'port',
|
'field' => 'port',
|
||||||
'class' => 'input'
|
'class' => 'input'
|
||||||
),
|
),
|
||||||
|
array(
|
||||||
|
'field' => 'namespace',
|
||||||
|
'class' => 'input-xxlarge'
|
||||||
|
),
|
||||||
array(
|
array(
|
||||||
'field' => 'owner',
|
'field' => 'owner',
|
||||||
'class' => 'input-xxlarge'
|
'class' => 'input-xxlarge'
|
||||||
|
|
|
@ -67,6 +67,11 @@
|
||||||
'class' => 'short',
|
'class' => 'short',
|
||||||
'data_path' => 'Sightingdb.port'
|
'data_path' => 'Sightingdb.port'
|
||||||
),
|
),
|
||||||
|
array(
|
||||||
|
'name' => __('Namespace'),
|
||||||
|
'sort' => 'namespace',
|
||||||
|
'data_path' => 'Sightingdb.namespace'
|
||||||
|
),
|
||||||
array(
|
array(
|
||||||
'name' => __('Skip Proxy'),
|
'name' => __('Skip Proxy'),
|
||||||
'class' => 'short',
|
'class' => 'short',
|
||||||
|
|
Loading…
Reference in New Issue