mirror of https://github.com/MISP/MISP
new: [eventFiltering] Added support of sighting filtering
parent
a40d42cbce
commit
823078f834
|
@ -26,7 +26,7 @@ class EventsController extends AppController
|
|||
);
|
||||
|
||||
private $acceptedFilteringNamedParams = array('sort', 'direction', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'attributeFilter', 'extended', 'page',
|
||||
'searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'feed', 'server', 'toIDS'
|
||||
'searchFor', 'attributeFilter', 'proposal', 'correlation', 'warning', 'deleted', 'includeRelatedTags', 'distribution', 'taggedAttributes', 'galaxyAttachedAttributes', 'objectType', 'attributeType', 'focus', 'extended', 'overrideLimit', 'filterColumnsOverwrite', 'feed', 'server', 'toIDS', 'sighting'
|
||||
);
|
||||
|
||||
public $defaultFilteringRules = array(
|
||||
|
@ -41,6 +41,7 @@ class EventsController extends AppController
|
|||
'feed' => 0,
|
||||
'server' => 0,
|
||||
'distribution' => array(0, 1, 2, 3, 4, 5),
|
||||
'sighting' => 0,
|
||||
'taggedAttributes' => '',
|
||||
'galaxyAttachedAttributes' => ''
|
||||
);
|
||||
|
@ -1121,7 +1122,9 @@ class EventsController extends AppController
|
|||
$filters['sort'] = 'timestamp';
|
||||
$filters['direction'] = 'desc';
|
||||
}
|
||||
$params = $this->Event->rearrangeEventForView($event, $filters, $all);
|
||||
$sightingsData = $this->Event->getSightingData($event);
|
||||
$this->set('sightingsData', $sightingsData);
|
||||
$params = $this->Event->rearrangeEventForView($event, $filters, $all, $sightingsData);
|
||||
$this->params->params['paging'] = array($this->modelClass => $params);
|
||||
// workaround to get the event dates in to the attribute relations
|
||||
$relatedDates = array();
|
||||
|
@ -1152,8 +1155,6 @@ class EventsController extends AppController
|
|||
$this->set($variable, $currentModel->{$variable});
|
||||
}
|
||||
}
|
||||
$sightingsData = $this->Event->getSightingData($event);
|
||||
$this->set('sightingsData', $sightingsData);
|
||||
if (Configure::read('Plugin.Enrichment_services_enable')) {
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user());
|
||||
|
@ -1367,7 +1368,9 @@ class EventsController extends AppController
|
|||
}
|
||||
}
|
||||
unset($modificationMap);
|
||||
$params = $this->Event->rearrangeEventForView($event, $filters);
|
||||
$sightingsData = $this->Event->getSightingData($event);
|
||||
$this->set('sightingsData', $sightingsData);
|
||||
$params = $this->Event->rearrangeEventForView($event, $filters, false, $sightingsData);
|
||||
|
||||
$this->params->params['paging'] = array($this->modelClass => $params);
|
||||
$this->set('event', $event);
|
||||
|
@ -1410,8 +1413,6 @@ class EventsController extends AppController
|
|||
'recursive' => -1,
|
||||
'contain' => array('Org', 'RequesterOrg'))));
|
||||
}
|
||||
$sightingsData = $this->Event->getSightingData($event);
|
||||
$this->set('sightingsData', $sightingsData);
|
||||
if (Configure::read('Plugin.Enrichment_services_enable')) {
|
||||
$this->loadModel('Module');
|
||||
$modules = $this->Module->getEnabledModules($this->Auth->user());
|
||||
|
|
|
@ -4369,7 +4369,8 @@ class Event extends AppModel
|
|||
$correlatedShadowAttributes,
|
||||
$filterType = false,
|
||||
&$eventWarnings,
|
||||
$warningLists
|
||||
$warningLists,
|
||||
$sightingsData
|
||||
) {
|
||||
$attribute['objectType'] = 'attribute';
|
||||
$include = true;
|
||||
|
@ -4419,6 +4420,15 @@ class Event extends AppModel
|
|||
$include = $include && ($filterType['server'] == 2);
|
||||
}
|
||||
|
||||
/* sightings */
|
||||
if ($filterType['sighting'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
} else if (isset($sightingsData['data'][$attribute['id']])) { // `include only`
|
||||
$include = $include && ($filterType['sighting'] == 1);
|
||||
} else { // `exclude`
|
||||
$include = $include && ($filterType['sighting'] == 2);
|
||||
}
|
||||
|
||||
/* TypeGroupings */
|
||||
if (
|
||||
$filterType['attributeFilter'] != 'all'
|
||||
|
@ -4531,7 +4541,8 @@ class Event extends AppModel
|
|||
$correlatedShadowAttributes,
|
||||
$filterType = false,
|
||||
&$eventWarnings,
|
||||
$warningLists
|
||||
$warningLists,
|
||||
$sightingsData
|
||||
) {
|
||||
$object['category'] = $object['meta-category'];
|
||||
$proposal['objectType'] = 'object';
|
||||
|
@ -4547,7 +4558,8 @@ class Event extends AppModel
|
|||
$correlatedShadowAttributes,
|
||||
false,
|
||||
$eventWarnings,
|
||||
$warningLists
|
||||
$warningLists,
|
||||
$sightingsData
|
||||
);
|
||||
if ($result['include']) {
|
||||
$temp[] = $result['data'];
|
||||
|
@ -4561,16 +4573,17 @@ class Event extends AppModel
|
|||
|| $filterType['correlation'] != 0
|
||||
|| $filterType['proposal'] != 0
|
||||
|| $filterType['warning'] != 0
|
||||
|| $filterType['sighting'] != 0
|
||||
|| $filterType['feed'] != 0
|
||||
|| $filterType['server'] != 0
|
||||
) {
|
||||
$include = $this->__checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes);
|
||||
$include = $this->__checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes, $sightingsData);
|
||||
}
|
||||
|
||||
return array('include' => $include, 'data' => $object);
|
||||
}
|
||||
|
||||
private function __checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes)
|
||||
private function __checkObjectByFilter($object, $filterType, $correlatedAttributes, $correlatedShadowAttributes, $sightingsData)
|
||||
{
|
||||
$include = true;
|
||||
|
||||
|
@ -4654,6 +4667,35 @@ class Event extends AppModel
|
|||
}
|
||||
}
|
||||
|
||||
/* sighting */
|
||||
if ($filterType['sighting'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
} else if ($filterType['sighting'] == 1 || $filterType['sighting'] == 2) {
|
||||
$flagKeep = false;
|
||||
foreach ($object['Attribute'] as $k => $attribute) { // check if object contains at least 1 warning
|
||||
if (isset($sightingsData['data'][$attribute['id']])) {
|
||||
$flagKeep = ($filterType['sighting'] == 1); // keep if server are included
|
||||
} else {
|
||||
$flagKeep = ($filterType['sighting'] == 2); // keep if server are excluded
|
||||
}
|
||||
if (!$flagKeep && !empty($attribute['ShadowAttribute'])) {
|
||||
foreach ($attribute['ShadowAttribute'] as $shadowAttribute) {
|
||||
if (isset($sightingsData['data'][$attribute['id']])) {
|
||||
$flagKeep = ($filterType['sighting'] == 1); // do not keep if server are excluded
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($flagKeep) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$flagKeep) {
|
||||
$include = false;
|
||||
return $include;
|
||||
}
|
||||
}
|
||||
|
||||
/* feed */
|
||||
if ($filterType['feed'] == 0) { // `both`
|
||||
// pass, do not consider as `both` is selected
|
||||
|
@ -4747,7 +4789,7 @@ class Event extends AppModel
|
|||
return $object;
|
||||
}
|
||||
|
||||
public function rearrangeEventForView(&$event, $passedArgs = array(), $all = false)
|
||||
public function rearrangeEventForView(&$event, $passedArgs = array(), $all = false, $sightingsData=array())
|
||||
{
|
||||
$this->Warninglist = ClassRegistry::init('Warninglist');
|
||||
$warningLists = $this->Warninglist->fetchForEventView();
|
||||
|
@ -4764,6 +4806,7 @@ class Event extends AppModel
|
|||
'warning' => isset($passedArgs['warning']) ? $passedArgs['warning'] : 0,
|
||||
'deleted' => isset($passedArgs['deleted']) ? $passedArgs['deleted'] : 0,
|
||||
'toIDS' => isset($passedArgs['toIDS']) ? $passedArgs['toIDS'] : 0,
|
||||
'sighting' => isset($passedArgs['sighting']) ? $passedArgs['sighting'] : 0,
|
||||
'feed' => isset($passedArgs['feed']) ? $passedArgs['feed'] : 0,
|
||||
'server' => isset($passedArgs['server']) ? $passedArgs['server'] : 0
|
||||
);
|
||||
|
@ -4784,7 +4827,8 @@ class Event extends AppModel
|
|||
$correlatedShadowAttributes,
|
||||
$filterType,
|
||||
$eventWarnings,
|
||||
$warningLists
|
||||
$warningLists,
|
||||
$sightingsData
|
||||
);
|
||||
if ($result['include']) {
|
||||
$event['objects'][] = $result['data'];
|
||||
|
@ -4812,7 +4856,8 @@ class Event extends AppModel
|
|||
$correlatedShadowAttributes,
|
||||
$filterType,
|
||||
$eventWarnings,
|
||||
$warningLists
|
||||
$warningLists,
|
||||
$sightingsData
|
||||
);
|
||||
if ($result['include']) {
|
||||
$event['objects'][] = $result['data'];
|
||||
|
|
|
@ -182,6 +182,21 @@ function triggerEventFilteringTool(clicked) {
|
|||
5: "Inherit",
|
||||
}
|
||||
},
|
||||
{
|
||||
"input": "radio",
|
||||
"type": "integer",
|
||||
"operators": [
|
||||
"equal",
|
||||
],
|
||||
"unique": true,
|
||||
"id": "sighting",
|
||||
"label": "Sightings",
|
||||
"values": {
|
||||
0: "Both",
|
||||
1: "Have sighting(s) only",
|
||||
2: "Doesn\'t have sighting(s)"
|
||||
}
|
||||
},
|
||||
<?php if (!empty($attributeTags)): ?>
|
||||
{
|
||||
"input": "select",
|
||||
|
@ -305,6 +320,13 @@ function triggerEventFilteringTool(clicked) {
|
|||
value: <?php echo isset($filters['server']) ? h($filters['server']) : 0; ?>
|
||||
},
|
||||
<?php endif; ?>
|
||||
<?php if (count($advancedFilteringActiveRules) == 0 || isset($advancedFilteringActiveRules['sighting'])): ?>
|
||||
{
|
||||
field: 'sighting',
|
||||
id: 'sighting',
|
||||
value: <?php echo isset($filters['sighting']) ? h($filters['sighting']) : 0; ?>
|
||||
},
|
||||
<?php endif; ?>
|
||||
<?php if (count($advancedFilteringActiveRules) == 0 || isset($advancedFilteringActiveRules['distribution'])): ?>
|
||||
{
|
||||
field: 'distribution',
|
||||
|
|
Loading…
Reference in New Issue