mirror of https://github.com/MISP/MISP
chg: Updated the NIDS exports
- allow posting JSON/XML payloads with filter options - Added the type field to be able to restrict / attribute typepull/1655/head
parent
852d9c101d
commit
95e0da7208
|
@ -1838,14 +1838,30 @@ class EventsController extends AppController {
|
|||
return $results;
|
||||
}
|
||||
|
||||
public function nids($format = 'suricata', $key = 'download', $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false) {
|
||||
$simpleFalse = array('id', 'continue', 'tags', 'from', 'to', 'last');
|
||||
public function nids($format = 'suricata', $key = 'download', $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false, $type = false) {
|
||||
if ($this->request->is('post')) {
|
||||
if (empty($this->request->data)) {
|
||||
throw new BadRequestException('Either specify the search terms in the url, or POST a json or xml with the filter parameters. Valid filters: id (event ID), tags (list of tags), from (from date in YYYY-MM-DD format), to (to date in YYYY-MM-DD format), last (events with a published timestamp newer than - valid options are in time + unit format such as 6d or 2w, etc)');
|
||||
} else {
|
||||
$data = $this->request->data;
|
||||
}
|
||||
$paramArray = array('id', 'continue', 'tags', 'from', 'to', 'last', 'type');
|
||||
if (!isset($data['request'])) {
|
||||
$data = array('request' => $data);
|
||||
}
|
||||
foreach ($paramArray as $p) {
|
||||
if (isset($data['request'][$p])) ${$p} = $data['request'][$p];
|
||||
else ${$p} = null;
|
||||
}
|
||||
}
|
||||
|
||||
$simpleFalse = array('id', 'continue', 'tags', 'from', 'to', 'last', 'type');
|
||||
foreach ($simpleFalse as $sF) {
|
||||
if (!is_array(${$sF}) && (${$sF} === 'null' || ${$sF} == '0' || ${$sF} === false || strtolower(${$sF}) === 'false')) {
|
||||
${$sF} = false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ($from) $from = $this->Event->dateFieldCheck($from);
|
||||
if ($to) $to = $this->Event->dateFieldCheck($to);
|
||||
if ($tags) $tags = str_replace(';', ':', $tags);
|
||||
|
@ -1875,8 +1891,9 @@ class EventsController extends AppController {
|
|||
|
||||
// display the full snort rulebase
|
||||
$this->loadModel('Attribute');
|
||||
$rules = $this->Attribute->nids($user, $format, $id, $continue, $tags, $from, $to, $last);
|
||||
$rules = $this->Attribute->nids($user, $format, $id, $continue, $tags, $from, $to, $last, $type);
|
||||
$this->set('rules', $rules);
|
||||
$this->render('/Events/nids');
|
||||
}
|
||||
|
||||
public function hids($type, $key = 'download', $tags = false, $from = false, $to = false, $last = false) {
|
||||
|
|
|
@ -1253,7 +1253,7 @@ class Attribute extends AppModel {
|
|||
}
|
||||
|
||||
|
||||
public function nids($user, $format, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false) {
|
||||
public function nids($user, $format, $id = false, $continue = false, $tags = false, $from = false, $to = false, $last = false, $type = false) {
|
||||
if (empty($user)) throw new MethodNotAllowedException('Could not read user.');
|
||||
$eventIds = $this->Event->fetchEventIds($user, $from, $to, $last);
|
||||
|
||||
|
@ -1288,6 +1288,9 @@ class Attribute extends AppModel {
|
|||
$conditions['AND'] = array('Attribute.to_ids' => 1, "Event.published" => 1, 'Attribute.event_id' => $event['Event']['id']);
|
||||
$valid_types = array('ip-dst', 'ip-src', 'email-src', 'email-dst', 'email-subject', 'email-attachment', 'domain', 'hostname', 'url', 'user-agent', 'snort');
|
||||
$conditions['AND']['Attribute.type'] = $valid_types;
|
||||
if (!empty($type)) {
|
||||
$conditions['AND'][] = array('Attribute.type' => $type);
|
||||
}
|
||||
|
||||
$params = array(
|
||||
'conditions' => $conditions, // array of conditions
|
||||
|
|
Loading…
Reference in New Issue