MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

chg: Updated the NIDS exports 

- allow posting JSON/XML payloads with filter options
- Added the type field to be able to restrict / attribute type
pull/1655/head
Iglocska 2016-11-08 17:26:02 +01:00
parent 852d9c101d
commit 95e0da7208
2 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app/Controller/EventsController.php
View File

@ -1838,14 +1838,30 @@ class EventsController extends AppController {
return $results;
}
public function nids($format = 'suricata', $key = 'download', $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false) {
$simpleFalse = array('id', 'continue', 'tags', 'from', 'to', 'last');
public function nids($format = 'suricata', $key = 'download', $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false, $type = false) {
if ($this->request->is('post')) {
if (empty($this->request->data)) {
throw new BadRequestException('Either specify the search terms in the url, or POST a json or xml with the filter parameters. Valid filters: id (event ID), tags (list of tags), from (from date in YYYY-MM-DD format), to (to date in YYYY-MM-DD format), last (events with a published timestamp newer than - valid options are in time + unit format such as 6d or 2w, etc)');
} else {
$data = $this->request->data;
}
$paramArray = array('id', 'continue', 'tags', 'from', 'to', 'last', 'type');
if (!isset($data['request'])) {
$data = array('request' => $data);
}
foreach ($paramArray as $p) {
if (isset($data['request'][$p])) ${$p} = $data['request'][$p];
else ${$p} = null;
}
}
$simpleFalse = array('id', 'continue', 'tags', 'from', 'to', 'last', 'type');
foreach ($simpleFalse as $sF) {
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) {
${$sF} = false;
}
}
if ($from) $from = $this->Event->dateFieldCheck($from);
if ($to) $to = $this->Event->dateFieldCheck($to);
if ($tags) $tags = str_replace(';', ':', $tags);
@ -1875,8 +1891,9 @@ class EventsController extends AppController {
// display the full snort rulebase
$this->loadModel('Attribute');
$rules = $this->Attribute->nids($user, $format, $id, $continue, $tags, $from, $to, $last);
$rules = $this->Attribute->nids($user, $format, $id, $continue, $tags, $from, $to, $last, $type);
$this->set('rules', $rules);
$this->render('/Events/nids');
}
public function hids($type, $key = 'download', $tags = false, $from = false, $to = false, $last = false) {

5
app/Model/Attribute.php
View File

@ -1253,7 +1253,7 @@ class Attribute extends AppModel {
}
public function nids($user, $format, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false) {
public function nids($user, $format, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false, $type = false) {
if (empty($user)) throw new MethodNotAllowedException('Could not read user.');
$eventIds = $this->Event->fetchEventIds($user, $from, $to, $last);
@ -1288,6 +1288,9 @@ class Attribute extends AppModel {
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1, 'Attribute.event_id' => $event['Event']['id']);
$valid_types = array('ip-dst', 'ip-src', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'domain', 'hostname', 'url', 'user-agent', 'snort');
$conditions['AND']['Attribute.type'] = $valid_types;
if (!empty($type)) {
$conditions['AND'][] = array('Attribute.type' => $type);
}
$params = array(
'conditions' => $conditions, // array of conditions