MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' of github.com:MISP/MISP into ncsc-nl/install-centos

pull/392/head
Richard van den Berg 2015-02-19 14:47:36 +01:00
parent 4eca9d72b6 c770347828
commit 667ce41eca
18 changed files with 562 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
INSTALL/INSTALL.ubuntu1404.txt
View File

@ -29,7 +29,7 @@ Once the system is installed you can perform the following steps as root:
apt-get install vim
# Install the dependencies:
apt-get install zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev php5-dev
apt-get install zip php-pear git redis-server make python-dev python-pip libxml2-dev libxslt-dev zlib1g-dev php5-dev libapache2-mod-php5
pear install Crypt_GPG # we need version >1.3.0
pear install Net_GeoIP

BIN
INSTALL/logos/misp-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
INSTALL/logos/misp.pdf Normal file
View File

Binary file not shown.

277
INSTALL/logos/misp.svg Normal file
View File

@ -0,0 +1,277 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="744.09448819"
height="1052.3622047"
id="svg4883"
version="1.1"
inkscape:version="0.48.0 r9654"
sodipodi:docname="New document 5">
<defs
id="defs4885">
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath312">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path314" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath1086">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path1088" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath844">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path846" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath820">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path822" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath536">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path538" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath516">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path518" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath1064">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path1066" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath312-3">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path314-8" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath312-3-6">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path314-8-6" />
</clipPath>
<clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath312-7">
<path
inkscape:connector-curvature="0"
d="m 0,0 595.276,0 0,841.89 L 0,841.89 0,0 z"
id="path314-0" />
</clipPath>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="1.0729879"
inkscape:cx="275.3537"
inkscape:cy="548.23392"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="false"
inkscape:window-width="1106"
inkscape:window-height="1267"
inkscape:window-x="1280"
inkscape:window-y="22"
inkscape:window-maximized="0" />
<metadata
id="metadata4888">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<g
id="g1076"
transform="matrix(1.25,0,0,-1.25,138.79848,305.37465)"
inkscape:export-filename="/home/adulau/misp.png"
inkscape:export-xdpi="100"
inkscape:export-ydpi="100">
<path
d="M 0,0 14.014,0 22.629,-14.129 31.245,0 l 14.013,0 0,-40.204 -13.383,0 0,19.93 -9.246,-14.302 -0.23,0 -9.247,14.302 0,-19.93 L 0,-40.204 0,0 z"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path1078"
inkscape:connector-curvature="0" />
</g>
<path
d="m 203.68939,305.37465 16.8,0 0,50.255 -16.8,0 0,-50.255 z"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path1080"
inkscape:connector-curvature="0"
inkscape:export-filename="/home/adulau/misp.png"
inkscape:export-xdpi="100"
inkscape:export-ydpi="100" />
<g
id="g1082"
transform="matrix(1.25,0,0,-1.25,-147.17662,827.47954)"
inkscape:export-filename="/home/adulau/misp.png"
inkscape:export-xdpi="100"
inkscape:export-ydpi="100">
<g
id="g1084"
clip-path="url(#clipPath1086)">
<g
id="g1090"
transform="translate(297.5875,384.2569)">
<path
d="m 0,0 7.18,8.558 c 4.365,-3.332 9.361,-4.71 14.071,-4.71 2.412,0 3.446,0.631 3.446,1.723 l 0,0.115 c 0,1.148 -1.263,1.78 -5.571,2.642 C 10.108,10.166 2.183,12.75 2.183,21.25 l 0,0.115 c 0,7.639 5.973,13.555 17.058,13.555 7.753,0 13.497,-1.838 18.149,-5.514 l -6.547,-9.074 c -3.791,2.756 -8.328,3.962 -12.062,3.962 -2.009,0 -2.928,-0.689 -2.928,-1.665 l 0,-0.115 c 0,-1.091 1.09,-1.781 5.34,-2.585 10.282,-1.895 17.173,-4.882 17.173,-12.98 l 0,-0.115 C 38.366,-1.608 31.417,-6.777 20.619,-6.777 12.464,-6.777 5.112,-4.48 0,0"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path1092"
inkscape:connector-curvature="0" />
</g>
<g
id="g1094"
transform="translate(340.0289,418.4302)">
<path
d="m 0,0 18.091,0 c 10.683,0 17.977,-4.767 17.977,-14.301 l 0,-0.115 c 0,-9.707 -7.409,-14.876 -18.264,-14.876 l -4.365,0 0,-10.912 L 0,-40.204 0,0 z m 17.058,-19.7 c 3.446,0 5.743,1.551 5.743,4.422 l 0,0.115 c 0,2.929 -2.125,4.423 -5.686,4.423 l -3.676,0 0,-8.96 3.619,0 z"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path1096"
inkscape:connector-curvature="0" />
</g>
</g>
</g>
<text
xml:space="preserve"
style="font-size:28px;font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;text-align:start;line-height:125%;letter-spacing:0px;word-spacing:0px;writing-mode:lr-tb;text-anchor:start;fill:#5f6062;fill-opacity:1;stroke:none;font-family:Sans;-inkscape-font-specification:Sans Bold"
x="144.31558"
y="381.55212"
id="text4094"
sodipodi:linespacing="125%"
inkscape:export-filename="/home/adulau/misp.png"
inkscape:export-xdpi="100"
inkscape:export-ydpi="100"><tspan
sodipodi:role="line"
id="tspan4096"
x="144.31558"
y="381.55212">Threat Sharing</tspan></text>
<g
style="fill:#5f6062;fill-opacity:1"
clip-path="url(#clipPath312-3)"
id="g310-6"
transform="matrix(0.82342066,0,0,-0.82342066,115.76578,1231.1964)">
<g
style="fill:#5f6062;fill-opacity:1"
transform="translate(385.579,529.5928)"
id="g316-3">
<path
inkscape:connector-curvature="0"
id="path318-4"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
d="m 0,0 -5.184,0 0,-56.985 c 0,-8.879 -5.16,-16.902 -15.523,-16.902 l -101.465,0 0,-2.709 c 0,-7.851 8.922,-15.763 18.084,-15.763 l 77.581,0 29.678,-17.449 -4.31,17.449 1.139,0 c 9.156,0 13.287,7.906 13.287,15.763 l 0,63.068 C 13.287,-5.683 9.156,0 0,0" />
</g>
<g
style="fill:#5f6062;fill-opacity:1"
transform="translate(349.7253,569.1839)"
id="g320-9">
<path
inkscape:connector-curvature="0"
id="path322-7"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
d="m 0,0 -117.85,0 c -10.369,0 -22.301,-9.211 -22.301,-18.09 l 0,-71.424 c 0,-8.177 10.11,-14.082 19.807,-14.987 l -6.311,-23.958 40.441,23.786 86.214,0 c 10.363,0 19.937,6.286 19.937,15.159 l 0,57.786 0,13.638 C 19.937,-9.211 10.363,0 0,0 m -99.871,-60.292 c -5.88,0 -10.645,4.766 -10.645,10.646 0,5.88 4.765,10.646 10.645,10.646 5.874,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.772,-10.646 -10.646,-10.646 m 39.764,0 c -5.88,0 -10.646,4.766 -10.646,10.646 0,5.88 4.766,10.646 10.646,10.646 5.88,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.766,-10.646 -10.646,-10.646 m 39.77,0 c -5.881,0 -10.652,4.766 -10.652,10.646 0,5.88 4.771,10.646 10.652,10.646 5.868,0 10.645,-4.766 10.645,-10.646 0,-5.88 -4.777,-10.646 -10.645,-10.646" />
</g>
</g>
<g
style="fill:#5f6062;fill-opacity:1"
clip-path="url(#clipPath312-3-6)"
id="g310-6-1"
transform="matrix(0.48862293,0,0,-0.48862293,41.474353,1067.6624)">
<g
style="fill:#5f6062;fill-opacity:1"
transform="translate(385.579,529.5928)"
id="g316-3-5">
<path
inkscape:connector-curvature="0"
id="path318-4-6"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
d="m 0,0 -5.184,0 0,-56.985 c 0,-8.879 -5.16,-16.902 -15.523,-16.902 l -101.465,0 0,-2.709 c 0,-7.851 8.922,-15.763 18.084,-15.763 l 77.581,0 29.678,-17.449 -4.31,17.449 1.139,0 c 9.156,0 13.287,7.906 13.287,15.763 l 0,63.068 C 13.287,-5.683 9.156,0 0,0" />
</g>
<g
style="fill:#5f6062;fill-opacity:1"
transform="translate(349.7253,569.1839)"
id="g320-9-9">
<path
inkscape:connector-curvature="0"
id="path322-7-1"
style="fill:#5f6062;fill-opacity:1;fill-rule:nonzero;stroke:none"
d="m 0,0 -117.85,0 c -10.369,0 -22.301,-9.211 -22.301,-18.09 l 0,-71.424 c 0,-8.177 10.11,-14.082 19.807,-14.987 l -6.311,-23.958 40.441,23.786 86.214,0 c 10.363,0 19.937,6.286 19.937,15.159 l 0,57.786 0,13.638 C 19.937,-9.211 10.363,0 0,0 m -99.871,-60.292 c -5.88,0 -10.645,4.766 -10.645,10.646 0,5.88 4.765,10.646 10.645,10.646 5.874,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.772,-10.646 -10.646,-10.646 m 39.764,0 c -5.88,0 -10.646,4.766 -10.646,10.646 0,5.88 4.766,10.646 10.646,10.646 5.88,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.766,-10.646 -10.646,-10.646 m 39.77,0 c -5.881,0 -10.652,4.766 -10.652,10.646 0,5.88 4.771,10.646 10.652,10.646 5.868,0 10.645,-4.766 10.645,-10.646 0,-5.88 -4.777,-10.646 -10.645,-10.646" />
</g>
</g>
<g
id="g308"
transform="matrix(0.62542299,0,0,-0.62542299,101.24703,567.9731)">
<g
id="g310-5"
clip-path="url(#clipPath312-7)">
<g
id="g316"
transform="translate(385.579,529.5928)">
<path
d="m 0,0 -5.184,0 0,-56.985 c 0,-8.879 -5.16,-16.902 -15.523,-16.902 l -101.465,0 0,-2.709 c 0,-7.851 8.922,-15.763 18.084,-15.763 l 77.581,0 29.678,-17.449 -4.31,17.449 1.139,0 c 9.156,0 13.287,7.906 13.287,15.763 l 0,63.068 C 13.287,-5.683 9.156,0 0,0"
style="fill:#2fa1db;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path318"
inkscape:connector-curvature="0" />
</g>
<g
id="g320-4"
transform="translate(349.7253,569.1839)">
<path
d="m 0,0 -117.85,0 c -10.369,0 -22.301,-9.211 -22.301,-18.09 l 0,-71.424 c 0,-8.177 10.11,-14.082 19.807,-14.987 l -6.311,-23.958 40.441,23.786 86.214,0 c 10.363,0 19.937,6.286 19.937,15.159 l 0,57.786 0,13.638 C 19.937,-9.211 10.363,0 0,0 m -99.871,-60.292 c -5.88,0 -10.645,4.766 -10.645,10.646 0,5.88 4.765,10.646 10.645,10.646 5.874,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.772,-10.646 -10.646,-10.646 m 39.764,0 c -5.88,0 -10.646,4.766 -10.646,10.646 0,5.88 4.766,10.646 10.646,10.646 5.88,0 10.646,-4.766 10.646,-10.646 0,-5.88 -4.766,-10.646 -10.646,-10.646 m 39.77,0 c -5.881,0 -10.652,4.766 -10.652,10.646 0,5.88 4.771,10.646 10.652,10.646 5.868,0 10.645,-4.766 10.645,-10.646 0,-5.88 -4.777,-10.646 -10.645,-10.646"
style="fill:#2fa1db;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path322-8"
inkscape:connector-curvature="0" />
</g>
</g>
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

5
README.md
View File

@ -1,5 +1,8 @@
MISP - Malware Information Sharing Platform
--------------------------------------------
-------------------------------------------
![logo](./INSTALL/logos/misp-logo.png?raw=true "MISP")
The problem that we experienced in the past was the difficulty to exchange information about (targeted) malwares and attacks within a group of trusted partners, or a bilateral agreement.
Even today much of the information exchange happens in unstructured reports where you have to copy-paste the information in your own text-files that you then have to parse to export to (N)IDS and systems like log-searches, etc...

2
VERSION.json
View File

@ -1 +1 @@
{"major":2, "minor":3, "hotfix":47}
{"major":2, "minor":3, "hotfix":52}

108
app/Controller/EventsController.php
View File

@ -1814,8 +1814,6 @@ class EventsController extends AppController {
if (!$this->Auth->user('id')) {
throw new UnauthorizedException('You have to be logged in to do that.');
}
$user = $this->checkAuthUser($this->Auth->user('authkey'));
if (!$user) throw new UnauthorizedException('This authentication key is not authorized to be used for exports. Contact your administrator.');
$user = array('User' => $this->Auth->user());
$user['User']['siteAdmin'] = $this->_isSiteAdmin();
}
@ -1858,8 +1856,8 @@ class EventsController extends AppController {
// Usage: csv($key, $eventid) - key can be a valid auth key or the string 'download'. Download requires the user to be logged in interactively and will generate a .csv file
// $eventid can be one of 3 options: left empty it will get all the visible to_ids attributes,
// $ignore is a flag that allows the export tool to ignore the ids flag. 0 = only IDS signatures, 1 = everything.
public function csv($key, $eventid=false, $ignore=false, $tags = false, $category=false, $type=false, $includeInfo=false, $from=false, $to=false) {
$simpleFalse = array('eventid', 'ignore', 'tags', 'category', 'type', 'includeInfo', 'from', 'to');
public function csv($key, $eventid=false, $ignore=false, $tags = false, $category=false, $type=false, $includeContext=false, $from=false, $to=false) {
$simpleFalse = array('eventid', 'ignore', 'tags', 'category', 'type', 'includeContext', 'from', 'to');
foreach ($simpleFalse as $sF) {
if (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false') ${$sF} = false;
}
@ -1900,13 +1898,17 @@ class EventsController extends AppController {
$list[] = $attribute['Attribute']['id'];
}
}
$attributes = $this->Event->csv($org, $isSiteAdmin, $eventid, $ignore, $list, $tags, $category, $type, $includeInfo, $from, $to);
$attributes = $this->Event->csv($org, $isSiteAdmin, $eventid, $ignore, $list, $tags, $category, $type, $includeContext, $from, $to);
$this->loadModel('Whitelist');
$final = array();
$attributes = $this->Whitelist->removeWhitelistedFromArray($attributes, true);
foreach ($attributes as $attribute) {
$line = $attribute['Attribute']['uuid'] . ',' . $attribute['Attribute']['event_id'] . ',' . $attribute['Attribute']['category'] . ',' . $attribute['Attribute']['type'] . ',' . $attribute['Attribute']['value'] . ',' . intval($attribute['Attribute']['to_ids']) . ',' . $attribute['Attribute']['timestamp'];
if ($includeInfo) $line .= ',' . $attribute['Attribute']['event_info'];
if ($includeContext) {
foreach($this->Event->csv_event_context_fields_to_fetch as $field => $header) {
$line .= ',' . $attribute['Attribute'][$header];
}
}
$final[] = $line;
}
@ -1920,7 +1922,7 @@ class EventsController extends AppController {
}
$this->layout = 'text/default';
$headers = array('uuid', 'event_id', 'category', 'type', 'value', 'to_ids', 'date');
if ($includeInfo) $headers[] = 'event_info';
if ($includeContext) $headers = array_merge($headers, array_values($this->Event->csv_event_context_fields_to_fetch));
$this->set('headers', $headers);
$this->set('final', $final);
}
@ -2365,7 +2367,6 @@ class EventsController extends AppController {
throw new UnauthorizedException('This authentication key is not authorized to be used for exports. Contact your administrator.');
}
$value = str_replace('|', '/', $value);
// request handler for POSTed queries. If the request is a post, the parameters (apart from the key) will be ignored and replaced by the terms defined in the posted json or xml object.
// The correct format for both is a "request" root element, as shown by the examples below:
// For Json: {"request":{"value": "7.7.7.7&&1.1.1.1","type":"ip-src"}}
@ -2392,16 +2393,7 @@ class EventsController extends AppController {
}
if ($tags) $tags = str_replace(';', ':', $tags);
if ($searchall === 'true') $searchall = "1";
if (!isset($this->request->params['ext']) || $this->request->params['ext'] !== 'json') {
$this->response->type('xml'); // set the content type
$this->layout = 'xml/default';
$this->header('Content-Disposition: download; filename="misp.search.events.results.xml"');
} else {
$this->response->type('json'); // set the content type
$this->layout = 'json/default';
$this->header('Content-Disposition: download; filename="misp.search.events.results.json"');
}
$conditions['AND'] = array();
$subcondition = array();
$this->loadModel('Attribute');
@ -2474,13 +2466,14 @@ class EventsController extends AppController {
}
$conditions['AND'][] = $temp;
}
$params = array(
'conditions' => $conditions,
'fields' => array('Attribute.event_id'),
);
if ($from) $conditions['AND'][] = array('Event.date >=' => $from);
if ($to) $conditions['AND'][] = array('Event.date <=' => $to);
$params = array(
'conditions' => $conditions,
'fields' => array('DISTINCT(Attribute.event_id)'),
);
$attributes = $this->Attribute->find('all', $params);
$eventIds = array();
foreach ($attributes as $attribute) {
@ -2488,14 +2481,42 @@ class EventsController extends AppController {
}
}
if (!empty($eventIds)) {
$results = $this->__fetchEvent(null, $eventIds, $user['User']['org'], true);
$this->loadModel('Whitelist');
if ((!isset($this->request->params['ext']) || $this->request->params['ext'] !== 'json') && $this->response->type() !== 'application/json') {
App::uses('XMLConverterTool', 'Tools');
$converter = new XMLConverterTool();
$final = "";
$final .= '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . '<response>' . PHP_EOL;
foreach ($eventIds as $currentEventId) {
$result = $this->__fetchEvent($currentEventId, null, $user['User']['org'], true);
$result = $this->Whitelist->removeWhitelistedFromArray($result, false);
$final .= $converter->event2XML($result[0]) . PHP_EOL;
}
$final .= '</response>' . PHP_EOL;
$final_filename="misp.search.events.results.xml";
$this->response->body($final);
$this->response->type('xml');
$this->response->download($final_filename);
} else {
App::uses('JSONConverterTool', 'Tools');
$converter = new JSONConverterTool();
$temp = array();
$final = '{"response":[';
foreach ($eventIds as $k => $currentEventId) {
$result = $this->__fetchEvent($currentEventId, null, $user['User']['org'], true);
$final .= $converter->event2JSON($result[0]);
if ($k < count($eventIds) -1 ) $final .= ',';
}
$final .= ']}';
$final_filename="misp.search.events.results.json";
$this->response->body($final);
$this->response->type('json');
$this->response->download($final_filename);
}
} else {
throw new NotFoundException('No matches.');
}
$this->loadModel('Whitelist');
$results = $this->Whitelist->removeWhitelistedFromArray($results, false);
$this->response->type('xml');
$this->set('results', $results);
return $this->response;
}
public function downloadOpenIOCEvent($eventid) {
@ -2860,24 +2881,23 @@ class EventsController extends AppController {
if (!$this->_isSiteAdmin() && !empty($event) && $event['Event']['orgc'] != $this->Auth->user('org')) throw new MethodNotAllowedException('Event not found or you don\'t have permissions to create attributes');
$saved = 0;
$failed = 0;
foreach ($this->request->data['Attribute'] as $k => $attribute) {
if ($attribute['save'] == '1') {
if ($attribute['type'] == 'ip-src/ip-dst') {
$types = array('ip-src', 'ip-dst');
$attributes = json_decode($this->request->data['Attribute']['JsonObject'], true);
foreach ($attributes as $k => $attribute) {
if ($attribute['type'] == 'ip-src/ip-dst') {
$types = array('ip-src', 'ip-dst');
} else {
$types = array($attribute['type']);
}
foreach ($types as $type) {
$this->Event->Attribute->create();
$attribute['type'] = $type;
$attribute['distribution'] = $event['Event']['distribution'];
if (empty($attribute['comment'])) $attribute['comment'] = 'Imported via the freetext import.';
$attribute['event_id'] = $id;
if ($this->Event->Attribute->save($attribute)) {
$saved++;
} else {
$types = array($attribute['type']);
}
foreach ($types as $type) {
$this->Event->Attribute->create();
$attribute['type'] = $type;
$attribute['distribution'] = $event['Event']['distribution'];
if (empty($attribute['comment'])) $attribute['comment'] = 'Imported via the freetext import.';
$attribute['event_id'] = $id;
if ($this->Event->Attribute->save($attribute)) {
$saved++;
} else {
$failed++;
}
$failed++;
}
}
}

44
app/Lib/Tools/JSONConverterTool.php Normal file
View File

@ -0,0 +1,44 @@
<?php
class JSONConverterTool {
public function event2JSON($event, $isSiteAdmin=false) {
$event['Event']['Attribute'] = $event['Attribute'];
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
$event['Event']['RelatedEvent'] = $event['RelatedEvent'];
//
// cleanup the array from things we do not want to expose
//
unset($event['Event']['user_id']);
// hide the org field is we are not in showorg mode
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
unset($event['Event']['org']);
unset($event['Event']['orgc']);
unset($event['Event']['from']);
}
if (isset($event['Event']['Attribute'])) {
// remove value1 and value2 from the output and remove invalid utf8 characters for the xml parser
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
unset($event['Event']['Attribute'][$key]['category_order']);
}
}
if (isset($event['Event']['RelatedEvent'])) {
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
$temp = $value['Event'];
unset($event['Event']['RelatedEvent'][$key]['Event']);
$event['Event']['RelatedEvent'][$key]['Event'][0] = $temp;
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['user_id']);
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['org']);
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['orgc']);
}
unset($temp);
}
}
$result = array('Event' => $event['Event']);
return json_encode($result);
}
}

9
app/Lib/Tools/XMLConverterTool.php
View File

@ -1,5 +1,4 @@
<?php
class XMLConverterTool {
public function recursiveEcho($array) {
$text = "";
@ -24,7 +23,7 @@ class XMLConverterTool {
return $text;
}
public function event2xmlArray($event) {
public function event2xmlArray($event, $isSiteAdmin=false) {
$toEscape = array("&", "<", ">", "\"", "'");
$escapeWith = array('&amp;', '&lt;', '&gt;', '&quot;', '&apos;');
$event['Event']['Attribute'] = $event['Attribute'];
@ -81,7 +80,7 @@ class XMLConverterTool {
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['user_id']);
$event['Event']['RelatedEvent'][$key]['Event'][0]['info'] = preg_replace ('/[^\x{0009}\x{000a}\x{000d}\x{0020}-\x{D7FF}\x{E000}-\x{FFFD}]+/u', ' ', $event['Event']['RelatedEvent'][$key]['Event'][0]['info']);
$event['Event']['RelatedEvent'][$key]['Event'][0]['info'] = str_replace($toEscape, $escapeWith, $event['Event']['RelatedEvent'][$key]['Event'][0]['info']);
if (!Configure::read('MISP.showorg') && !$isAdmin) {
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['org']);
unset($event['Event']['RelatedEvent'][$key]['Event'][0]['orgc']);
}
@ -91,8 +90,8 @@ class XMLConverterTool {
return array('Event' => $event['Event']);
}
public function event2XML($event) {
$xmlArray = $this->event2xmlArray($event);
public function event2XML($event, $isSiteAdmin=false) {
$xmlArray = $this->event2xmlArray($event, $isSiteAdmin);
return $this->recursiveEcho(array('Event' => array(0 => $xmlArray['Event'])));
}
}

14
app/Model/Attribute.php
View File

@ -90,6 +90,13 @@ class Attribute extends AppModel {
public $uploadDefinitions = array(
'attachment'
);
// skip Correlation for the following types
public $nonCorrelatingTypes = array(
'vulnerability',
'comment',
'http-method'
);
public $typeDefinitions = array(
'md5' => array('desc' => 'A checksum in md5 format', 'formdesc' => "You are encouraged to use filename|md5 instead. A checksum in md5 format, only use this if you don't know the correct filename"),
@ -946,8 +953,8 @@ class Attribute extends AppModel {
}
public function __afterSaveCorrelation($a) {
// Don't do any correlation if the type is vulnerability or comment
if ($a['type'] !== 'vulnerability' && $a['type'] !== 'comment') {
// Don't do any correlation if the type is a non correlating type
if (!in_array($a['type'], $this->nonCorrelatingTypes)) {
$this->Correlation = ClassRegistry::init('Correlation');
// When we add/update an attribute we need to
// - (beforeSave) (update-only) clean up the relation of the old value: remove the existing relations related to that attribute, we DO have a reference, the id
@ -970,8 +977,7 @@ class Attribute extends AppModel {
'Attribute.value2' => $a[$value_name]
),
'AND' => array(
'Attribute.type !=' => 'vulnerability',
'Attribute.type !=' => 'comment',
'Attribute.type !=' => $this->nonCorrelatingTypes,
)),
'recursive' => 0,
//'contain' => 'Event',

49
app/Model/Event.php
View File

@ -115,6 +115,16 @@ class Event extends AppModel {
)
);
public $csv_event_context_fields_to_fetch = array(
'info' => 'event_info',
'org' => 'event_member_org',
'orgc' => 'event_source_org',
'distribution' => 'event_distribution',
'threat_level_id' => 'event_threat_level_id',
'analysis' => 'event_analysis',
'date' => 'event_date',
);
/**
* Validation rules
*
@ -920,7 +930,7 @@ class Event extends AppModel {
}
return $results;
}
public function csv($org, $isSiteAdmin, $eventid=false, $ignore=false, $attributeIDList = array(), $tags = false, $category = false, $type = false, $includeInfo = false, $from = false, $to = false) {
public function csv($org, $isSiteAdmin, $eventid=false, $ignore=false, $attributeIDList = array(), $tags = false, $category = false, $type = false, $includeContext = false, $from = false, $to = false) {
$final = array();
$attributeList = array();
$conditions = array();
@ -996,26 +1006,51 @@ class Event extends AppModel {
$attribute['Attribute']['value'] = '"' . $attribute['Attribute']['value'] . '"';
$attribute['Attribute']['timestamp'] = date('Ymd', $attribute['Attribute']['timestamp']);
}
if ($includeInfo) $attributes = $this->attachEventInfoToAttributes($attributes);
if ($includeContext) $attributes = $this->attachEventInfoToAttributes($attributes, $isSiteAdmin);
return $attributes;
}
private function attachEventInfoToAttributes($attributes) {
private function attachEventInfoToAttributes($attributes, $isSiteAdmin) {
$TLs = $this->ThreatLevel->find('all', array(
'recursive' => -1,
));
$event_ids = array();
foreach ($attributes as &$attribute) {
if (!in_array($attribute['Attribute']['event_id'], $event_ids)) $event_ids[] = $attribute['Attribute']['event_id'];
}
$context_fields = array('id' => null);
$context_fields = array_merge($context_fields, $this->csv_event_context_fields_to_fetch);
if (!Configure::read('MISP.showorg') && !$isSiteAdmin) {
unset($context_fields['orgc']);
unset($context_fields['org']);
} else if (!Configure::read('MISP.showorgalternate') && !$isSiteAdmin) {
$context_fields['orgc'] = 'event_org';
$context_fields['org'] = 'event_owner_org';
unset($context_fields['orgc']);
}
$events = $this->find('all', array(
'recursive' => -1,
'fields' => array('id', 'info'),
'fields' => array_keys($context_fields),
'conditions' => array('id' => $event_ids),
));
$event_id_info = array();
$event_id_data = array();
unset($context_fields['id']);
foreach ($events as $event) {
$event_id_info[$event['Event']['id']] = $event['Event']['info'];
foreach ($context_fields as $field => $header_name) $event_id_data[$event['Event']['id']][$header_name] = $event['Event'][$field];
}
foreach ($attributes as &$attribute) {
$attribute['Attribute']['event_info'] = $event_id_info[$attribute['Attribute']['event_id']];
foreach ($context_fields as $field => $header_name) {
if ($header_name == 'event_threat_level_id') {
$attribute['Attribute'][$header_name] = $TLs[$event_id_data[$attribute['Attribute']['event_id']][$header_name]]['ThreatLevel']['name'];
} else if ($header_name == 'event_distribution') {
$attribute['Attribute'][$header_name] = $this->distributionLevels[$event_id_data[$attribute['Attribute']['event_id']][$header_name]];
} else if ($header_name == 'event_analysis') {
$attribute['Attribute'][$header_name] = $this->analysisLevels[$event_id_data[$attribute['Attribute']['event_id']][$header_name]];
} else {
$attribute['Attribute'][$header_name] = $event_id_data[$attribute['Attribute']['event_id']][$header_name];
}
}
}
return $attributes;
}

11
app/View/Attributes/json/return_attributes.ctp Normal file
View File

@ -0,0 +1,11 @@
<?php
$jsonArray = array();
foreach ($results as $k => $v) {
unset (
$results[$k]['value1'],
$results[$k]['value2'],
$results[$k]['category_order']
);
$jsonArray['response']['Attribute'][] = $results[$k];
}
echo json_encode($jsonArray);

7
app/View/Events/automation.ctp
View File

@ -43,13 +43,16 @@ Use semicolons instead (the search will automatically search for colons instead)
<p>You can configure your tools to automatically download the following file:</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/</pre>
<p>You can specify additional flags for CSV exports as follows::</p>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/[eventid]/[ignore]/[tags]/[category]/[type]/[includeInfo]/[from]/[to]</pre>
<pre><?php echo Configure::read('MISP.baseurl');?>/events/csv/download/[eventid]/[ignore]/[tags]/[category]/[type]/[includeContext]/[from]/[to]</pre>
<p>
<b>eventid</b>: Restrict the download to a single event<br />
<b>ignore</b>: Setting this flag to true will include attributes that are not marked "to_ids".<br />
<b>tags</b>: To include a tag in the results just write its names into this parameter. To exclude a tag prepend it with a '!'.
You can also chain several tag commands together with the '&amp;&amp;' operator. Please be aware the colons (:) cannot be used in the tag search.
Use semicolons instead (the search will automatically search for colons instead). For example, to include tag1 and tag2 but exclude tag3 you would use:<br />
<b>ignore</b>: Setting this flag to true will include attributes that are not marked "to_ids".<br />
<b>category</b>: The attribute category, any valid MISP attribute category is accepted.<br />
<b>type</b>: The attribute type, any valid MISP attribute type is accepted.<br />
<b>includeContext</b>: Include the event data with each attribute.<br />
<b>from</b>: Events with the date set to a date after the one specified in the from field (format: 2015-02-03)<br />
<b>to</b>: Events with the date set to a date before the one specified in the to field (format: 2015-02-03)<br />
</p>

83
app/View/Events/free_text_results.ctp
View File

@ -1,6 +1,16 @@
<div class="index">
<h2>Freetext Import Results</h2>
<p>Below you can see the attributes that are to be created based on the results of the free-text import. Make sure that the categories and the types are correct, often several options will be offered based on an inconclusive automatic resolution. </p>
<?php
echo $this->Form->create('Attribute', array('url' => '/events/saveFreeText/' . $event_id));
echo $this->Form->input('JsonObject', array(
'label' => false,
'type' => 'text',
'style' => 'display:none;',
'value' => '',
));
echo $this->Form->end();
?>
<table class="table table-striped table-hover table-condensed">
<tr>
<th>Value</th>
@ -12,23 +22,25 @@
</tr>
<?php
$options = array();
echo $this->Form->create('Attribute', array('url' => '/events/saveFreeText/' . $event_id));
foreach ($resultArray as $k => $item):
?>
<tr id="row_<?php echo $k; ?>" class="freetext_row">
<?php
echo $this->Form->input('Attribute.' . $k . '.save', array(
echo $this->Form->input('Attribute' . $k . 'Save', array(
'label' => false,
'style' => 'display:none;',
'value' => 1,
));
echo $this->Form->input('Attribute.' . $k . '.value', array(
echo $this->Form->input('Attribute' . $k . 'Value', array(
'label' => false,
'type' => 'hidden',
'value' => h($item['value']),
));
?>
<td><?php echo h($item['value']); ?></td>
<td>
<input type="hidden" id="<?php echo 'Attribute' . $k . 'Save'; ?>" value=1 >
<div id="<?php echo 'Attribute' . $k . 'Value'; ?>"><?php echo h($item['value']); ?></div>
</td>
<td class="short">
<?php
if (!isset($item['category'])) {
@ -36,53 +48,43 @@
} else {
$default = array_search($item['category'], $typeCategoryMapping[$item['default_type']]);
}
echo $this->Form->input('Attribute.' . $k . '.category', array(
'label' => false,
'style' => 'padding:0px;height:20px;margin-bottom:0px;',
'options' => $typeCategoryMapping[$item['default_type']],
'value' => $default,
));
?>
<select id="<?php echo 'Attribute' . $k . 'Category'; ?>" style='padding:0px;height:20px;margin-bottom:0px;'>
<?php
foreach ($typeCategoryMapping[$item['default_type']] as $type) {
echo '<option value="' . $type . '" ';
if ($type == $default) echo 'selected="selected"';
echo '>' . $type . '</option>';
}
?>
</select>
</td>
<td class="short">
<?php
$divVisibility = '';
$selectVisibility = '';
if (count($item['types']) == 1) {
echo h($item['default_type']);
echo $this->Form->input('Attribute.' . $k . '.type', array(
'label' => false,
'type' => 'hidden',
'value' => $item['default_type'],
));
$selectVisibility = 'display:none;';
} else {
echo $this->Form->input('Attribute.' . $k . '.type', array(
'label' => false,
'style' => 'padding:0px;height:20px;margin-bottom:0px;',
'options' => $item['types'],
'value' => $item['default_type'],
'class' => 'typeToggle',
));
if (!in_array(array_keys($item['types']), $options)) $options[] = array_keys($item['types']);
$divVisibility = 'style="display:none;"';
if (!in_array(array_keys($item['types']), $options)) $options[] = array_keys($item['types']);
}
?>
<div id = "<?php echo 'Attribute' . $k . 'TypeStatic'; ?>" <?php echo $divVisibility; ?> ><?php echo h($item['default_type']); ?></div>
<select id = "<?php echo 'Attribute' . $k . 'Type'; ?>" class='typeToggle' style='padding:0px;height:20px;margin-bottom:0px;<?php echo $selectVisibility; ?>'>
<?php
foreach ($item['types'] as $type) {
echo '<option value="' . $type . '" ';
echo ($type == $item['default_type'] ? 'selected="selected"' : '') . '>' . $type . '</option>';
}
?>
</select>
</td>
<td class="short" style="width:30px;">
<?php
echo $this->Form->input('Attribute.' . $k . '.to_ids', array(
'label' => false,
'type' => 'checkbox',
'checked' => $item['to_ids'],
));
?>
<input type="checkbox" id="<?php echo 'Attribute' . $k . 'To_ids'; ?>" <?php if ($item['to_ids']) echo 'checked'; ?>/>
</td>
<td class="short">
<?php
echo $this->Form->input('Attribute.' . $k . '.comment', array(
'label' => false,
'style' => 'padding:0px;height:20px;margin-bottom:0px;',
'type' => 'text',
'placeholder' => 'Imported via the freetext import.',
));
?>
<input type="text" id="<?php echo 'Attribute' . $k . 'Comment'; ?>" style="padding:0px;height:20px;margin-bottom:0px;" placeholder="Imported via the freetext import." />
</td>
<td class="action short">
<span class="icon-remove pointer" onClick="freetextRemoveRow('<?php echo $k; ?>', '<?php echo $event_id; ?>');"></span>
@ -101,9 +103,8 @@
}
?>
</table>
<button class="btn btn-primary" onClick="freetextImportResultsSubmit('<?php echo h($event_id); ?>', '<?php echo count($resultArray); ?>');">Submit</button>
<?php
echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
echo $this->Form->end();
if (!empty($optionsRearranged)):
?>
<span style="float:right">

2
app/View/Events/index.ctp
View File

@ -167,7 +167,7 @@
if ($isSiteAdmin || ($isAclModify && $event['Event']['user_id'] == $me['id']) || ($isAclModifyOrg && $event['Event']['org'] == $me['org'])) {
?>
<a href='/events/view/<?php echo $event['Event']['id'];?>' class = "icon-edit" title = "Edit"></a>
<a href='/events/edit/<?php echo $event['Event']['id'];?>' class = "icon-edit" title = "Edit"></a>
<?php
echo $this->Form->postLink('', array('action' => 'delete', $event['Event']['id']), array('class' => 'icon-trash', 'title' => 'Delete'), __('Are you sure you want to delete # %s?', $event['Event']['id']));
}

39
app/View/Events/json/view.ctp
View File

@ -1,37 +1,4 @@
<?php
$event['Event']['Attribute'] = $event['Attribute'];
unset($event['Attribute']);
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
unset($event['ShadowAttribute']);
unset($event['Event']['user_id']);
// hide the org field is we are not in showorg mode
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($event['Event']['org']);
unset($event['Event']['orgc']);
unset($event['Event']['from']);
}
// remove value1 and value2 from the output
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
unset($event['Event']['Attribute'][$key]['category_order']);
}
if (isset($event['Event']['RelatedEvent'])) {
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
unset($event['Event']['RelatedEvent'][$key]['user_id']);
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($event['Event']['RelatedEvent'][$key]['org']);
unset($event['Event']['RelatedEvent'][$key]['orgc']);
}
}
}
if (isset($relatedEvents)) {
foreach ($relatedEvents as $relatedEvent) {
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
}
}
$result['Event'] = $event['Event'];
echo json_encode($result);
App::uses('JSONConverterTool', 'Tools');
$converter = new JSONConverterTool();
echo json_encode($converter->event2JSON($event));

52
app/View/Events/xml/view.ctp
View File

@ -1,47 +1,7 @@
<?php
$xmlArray = array();
// rearrange things to be compatible with the Xml::fromArray()
$event['Event']['Attribute'] = $event['Attribute'];
unset($event['Attribute']);
$event['Event']['ShadowAttribute'] = $event['ShadowAttribute'];
unset($event['ShadowAttribute']);
// build up a list of the related events
if (isset($relatedEvents)) {
foreach ($relatedEvents as $relatedEvent) {
$event['Event']['RelatedEvent'][] = $relatedEvent['Event'];
}
}
//
// cleanup the array from things we do not want to expose
//
unset($event['Event']['user_id']);
// hide the org field is we are not in showorg mode
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($event['Event']['org']);
unset($event['Event']['orgc']);
unset($event['Event']['from']);
}
// remove value1 and value2 from the output
foreach ($event['Event']['Attribute'] as $key => $value) {
unset($event['Event']['Attribute'][$key]['value1']);
unset($event['Event']['Attribute'][$key]['value2']);
unset($event['Event']['Attribute'][$key]['category_order']);
}
if (isset($event['Event']['RelatedEvent'])) {
foreach ($event['Event']['RelatedEvent'] as $key => $value) {
unset($event['Event']['RelatedEvent'][$key]['user_id']);
if (!Configure::read('MISP.showorg') && !$isAdmin) {
unset($event['Event']['RelatedEvent'][$key]['org']);
unset($event['Event']['RelatedEvent'][$key]['orgc']);
}
}
}
// display the XML to the user
$xmlArray['response']['Event'][] = $event['Event'];
$xmlArray['response']['xml_version'] = $mispVersion;
$xmlObject = Xml::fromArray($xmlArray, array('format' => 'tags'));
echo $xmlObject->asXML();
App::uses('XMLConverterTool', 'Tools');
$converter = new XMLConverterTool();
echo '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL . '<response>' . PHP_EOL;
echo $converter->event2XML($event) . PHP_EOL;
echo '<xml_version>' . $mispVersion . '</xml_version>';
echo '</response>' . PHP_EOL;

51
app/webroot/js/ajaxification.js
View File

@ -1292,13 +1292,22 @@ function changeFreetextImportExecute() {
var to = $('#changeTo').val();
$('.typeToggle').each(function() {
if ($( this ).val() == from) {
if ($('#' + $(this).attr('id') + " option[value='" + from + "']").length > 0) {
$( this ).val(to);
}
if (selectContainsOption("#" + $(this).attr('id'), to)) $( this ).val(to);
}
});
}
function selectContainsOption(selectid, value) {
var exists = false;
$(selectid + ' option').each(function(){
if (this.value == value) {
exists = true;
return false;
}
});
return exists;
}
function exportChoiceSelect(url, elementId, checkbox) {
if (checkbox == 1) {
if ($('#' + elementId + '_toggle').prop('checked')) {
@ -1306,4 +1315,38 @@ function exportChoiceSelect(url, elementId, checkbox) {
}
}
document.location.href = url;
}
}
function freetextImportResultsSubmit(id, count) {
var attributeArray = [];
var temp;
for (i = 0; i < count; i++) {
if ($('#Attribute' + i + 'Save').val() == 1) {
temp = {
value:$('#Attribute' + i + 'Value').val(),
category:$('#Attribute' + i + 'Category').val(),
type:$('#Attribute' + i + 'Type').val(),
to_ids:$('#Attribute' + i + 'To_ids')[0].checked,
comment:$('#Attribute' + i + 'Comment').val(),
}
attributeArray[attributeArray.length] = temp;
}
}
$("#AttributeJsonObject").val(JSON.stringify(attributeArray));
var formData = $("#AttributeFreeTextImportForm").serialize();
$.ajax({
type: "post",
cache: false,
url: "/events/saveFreeText/" + id,
data: formData,
beforeSend: function (XMLHttpRequest) {
$(".loading").show();
},
success:function (data, textStatus) {
window.location = '/events/view/' + id;
},
complete:function() {
$(".loading").hide();
},
});
}