Merge branch '2.4' of https://github.com/MISP/MISP into misp-stix

pull/7815/head
chrisr3d 2021-10-04 13:45:46 +02:00
commit 9f4fe71a55
13 changed files with 424 additions and 68 deletions

2
.gitmodules vendored
View File

@ -1,6 +1,6 @@
[submodule "app/Lib/cakephp"]
path = app/Lib/cakephp
url = https://github.com/cakephp/cakephp.git
url = https://github.com/MISP/cakephp.git
branch = 2.x
[submodule "PyMISP"]
path = PyMISP

View File

@ -13,6 +13,10 @@ class AdminShell extends AppShell
public function jobGenerateCorrelation()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Generate correlation'] . PHP_EOL);
}
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
@ -26,6 +30,10 @@ class AdminShell extends AppShell
public function jobPurgeCorrelation()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Purge correlation'] . PHP_EOL);
}
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
@ -39,6 +47,10 @@ class AdminShell extends AppShell
public function jobGenerateShadowAttributeCorrelation()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Generate shadow attribute correlation'] . PHP_EOL);
}
$jobId = $this->args[0];
$this->loadModel('Job');
$this->Job->id = $jobId;
@ -63,6 +75,10 @@ class AdminShell extends AppShell
public function updateAfterPull()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Update after pull'] . PHP_EOL);
}
$this->loadModel('Job');
$this->loadModel('Server');
$submodule_name = $this->args[0];
@ -83,8 +99,9 @@ class AdminShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || !is_numeric($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin restartWorker [PID]' . PHP_EOL;
die('Usage: ' . $this->Server->command_line_functions['worker_management_tasks']['data']['Restart a worker'] . PHP_EOL);
}
$pid = $this->args[0];
$result = $this->Server->restartWorker($pid);
if ($result === true) {
@ -104,9 +121,9 @@ class AdminShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || !is_numeric($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin killWorker [PID]' . PHP_EOL;
die();
die('Usage: ' . $this->Server->command_line_functions['worker_management_tasks']['data']['Kill a worker'] . PHP_EOL);
}
$pid = $this->args[0];
$result = $this->Server->killWorker($pid, false);
echo sprintf(
@ -121,9 +138,9 @@ class AdminShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin startWorker [queue]' . PHP_EOL;
die();
die('Usage: ' . $this->Server->command_line_functions['worker_management_tasks']['data']['Start a worker'] . PHP_EOL);
}
$queue = $this->args[0];
$this->Server->startWorker($queue);
echo sprintf(
@ -232,7 +249,7 @@ class AdminShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
echo 'Usage: ' . APP . '/cake ' . 'Admin updateObjectTemplates [user_id]' . PHP_EOL;
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Update object templates'] . PHP_EOL);
} else {
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
@ -264,6 +281,10 @@ class AdminShell extends AppShell
public function jobUpgrade24()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Job upgrade'] . PHP_EOL);
}
$jobId = $this->args[0];
$user_id = $this->args[1];
$this->loadModel('Job');
@ -278,6 +299,10 @@ class AdminShell extends AppShell
public function prune_update_logs()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Prune update logs'] . PHP_EOL);
}
$jobId = $this->args[0];
$user_id = $this->args[1];
$user = $this->User->getAuthUser($user_id);
@ -346,7 +371,7 @@ class AdminShell extends AppShell
}
$cli_user = array('id' => 0, 'email' => 'SYSTEM', 'Organisation' => array('name' => 'SYSTEM'));
if (empty($setting_name) || $value === null) {
echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setSetting [setting_name] [setting_value]' . PHP_EOL;
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Set setting'] . PHP_EOL);
} else {
$setting = $this->Server->getSettingData($setting_name);
if (empty($setting)) {
@ -360,15 +385,16 @@ class AdminShell extends AppShell
$message = __("The setting change was rejected. MISP considers the requested setting value as invalid and would lead to the following error:\n\n\"%s\"\n\nIf you still want to force this change, please supply the --force argument.\n", $result);
$this->error(__('Setting change rejected.'), $message);
}
echo PHP_EOL;
}
echo PHP_EOL;
}
public function setDatabaseVersion()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin setDatabaseVersion [db_version]' . PHP_EOL;
else {
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Set database version'] . PHP_EOL);
} else {
$db_version = $this->AdminSetting->find('first', array(
'conditions' => array('setting' => 'db_version')
));
@ -401,7 +427,7 @@ class AdminShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
echo 'Invalid parameters. Usage: ' . APP . 'Console/cake Admin getAuthkey [user_email]' . PHP_EOL;
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Get authkey'] . PHP_EOL);
} else {
$user = $this->User->find('first', array(
'recursive' => -1,
@ -444,7 +470,7 @@ class AdminShell extends AppShell
}
$roles = implode(PHP_EOL, $roles);
echo "Roles:\n" . $roles . $this->separator();
echo 'Usage: ' . APP . 'cake ' . 'Admin setDefaultRole [role_id]' . PHP_EOL;
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Set default role'] . PHP_EOL);
} else {
$role = $this->Role->find('first', array(
'recursive' => -1,
@ -468,9 +494,10 @@ class AdminShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
echo 'MISP apikey command line tool.' . PHP_EOL . 'To assign a new random API key for a user: ' . APP . 'Console/cake change_authkey [email]' . PHP_EOL . 'To assign a fixed API key: ' . APP . 'Console/cake change_authkey [email] [authkey]' . PHP_EOL;
echo 'MISP apikey command line tool' . PHP_EOL . 'To assign a new random API key for a user: ' . APP . 'Console/cake Admin change_authkey [user_email]' . PHP_EOL . 'To assign a fixed API key: ' . APP . 'Console/cake Admin change_authkey [user_email] [authkey]' . PHP_EOL;
die();
}
if (!empty($this->args[1])) {
$authKey = $this->args[1];
} else {
@ -497,8 +524,8 @@ class AdminShell extends AppShell
public function getOptionParser()
{
$this->ConfigLoad->execute();
$parser = parent::getOptionParser();
$parser = parent::getOptionParser();
$parser->addSubcommand('updateJSON', array(
'help' => __('Update the JSON definitions of MISP.'),
'parser' => array(
@ -570,8 +597,7 @@ class AdminShell extends AppShell
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
echo sprintf(
__("MISP mass sync authkey reset command line tool.\n\nUsage: %sConsole/cake resetSyncAuthkeys [user_id]") . "\n\n",
APP
__("MISP mass sync authkey reset command line tool" . PHP_EOL . "Usage: %sConsole/cake Admin resetSyncAuthkeys [user_id]" . PHP_EOL), APP
);
die();
} else {
@ -599,7 +625,7 @@ class AdminShell extends AppShell
(empty($this->args[0]) || !is_numeric($this->args[0])) ||
(empty($this->args[1]) || !is_numeric($this->args[1]))
) {
echo 'Usage: ' . APP . '/cake ' . 'Admin purgeFeedEvents [user_id] [feed_id]' . PHP_EOL;
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Purge feed events'] . PHP_EOL);
} else {
$user_id = $this->args[0];
$feed_id = $this->args[1];
@ -640,8 +666,8 @@ class AdminShell extends AppShell
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Get IPs for user ID'] . PHP_EOL);
die();
}
$user_id = trim($this->args[0]);
$redis = $this->Server->setupRedis();
$user = $this->User->find('first', array(
@ -649,7 +675,7 @@ class AdminShell extends AppShell
'conditions' => array('User.id' => $user_id)
));
if (empty($user)) {
echo PHP_EOL . 'Invalid user ID.';
echo PHP_EOL . 'Invalid user ID.' . PHP_EOL;
die();
}
$ips = $redis->smembers('misp:user_ip:' . $user_id);
@ -665,8 +691,8 @@ class AdminShell extends AppShell
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_admin_tasks']['data']['Get user ID for user IP'] . PHP_EOL);
die();
}
$ip = trim($this->args[0]);
$redis = $this->Server->setupRedis();
$user_id = $redis->get('misp:ip_user:' . $ip);

View File

@ -84,6 +84,10 @@ class EventShell extends AppShell
public function doPublish()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Do publish'] . PHP_EOL);
}
$id = $this->args[0];
$this->Event->id = $id;
if (!$this->Event->exists()) {
@ -134,6 +138,10 @@ class EventShell extends AppShell
public function cache()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Cache event'] . PHP_EOL);
}
$timeStart = time();
$userId = $this->args[0];
$id = $this->args[1];
@ -187,6 +195,10 @@ class EventShell extends AppShell
public function cachebro()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Cache bro'] . PHP_EOL);
}
$timeStart = time();
$userId = $this->args[0];
$user = $this->getUser($userId);
@ -224,6 +236,10 @@ class EventShell extends AppShell
public function alertemail()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Alert email'] . PHP_EOL);
}
$userId = $this->args[0];
$jobId = $this->args[1];
$eventId = $this->args[2];
@ -235,6 +251,11 @@ class EventShell extends AppShell
public function contactemail()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2]) ||
empty($this->args[3]) || empty($this->args[4])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Contact email'] . PHP_EOL);
}
$id = $this->args[0];
$message = $this->args[1];
$all = $this->args[2];
@ -249,6 +270,11 @@ class EventShell extends AppShell
public function postsemail()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2]) ||
empty($this->args[3]) || empty($this->args[4]) || empty($this->args[5])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Posts email'] . PHP_EOL);
}
$userId = $this->args[0];
$postId = $this->args[1];
$eventId = $this->args[2];
@ -266,6 +292,10 @@ class EventShell extends AppShell
public function enqueueCaching()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Enqueue caching'] . PHP_EOL);
}
$timestamp = $this->args[0];
$task = $this->Task->findByType('cache_exports');
@ -319,6 +349,10 @@ class EventShell extends AppShell
public function publish()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[2]) || empty($this->args[3])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Publish event'] . PHP_EOL);
}
$id = $this->args[0];
$passAlong = $this->args[1];
$jobId = $this->args[2];
@ -342,6 +376,10 @@ class EventShell extends AppShell
public function publish_sightings()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[2]) || empty($this->args[3])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Publish sightings'] . PHP_EOL);
}
list($id, $passAlong, $jobId, $userId) = $this->args;
$user = $this->getUser($userId);
@ -377,6 +415,10 @@ class EventShell extends AppShell
public function publish_galaxy_clusters()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2]) || empty($this->args[3])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Publish Galaxy clusters'] . PHP_EOL);
}
$clusterId = $this->args[0];
$jobId = $this->args[1];
$userId = $this->args[2];
@ -401,8 +443,9 @@ class EventShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['enrichment'] . PHP_EOL);
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Run enrichment'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->getUser($userId);
$eventId = $this->args[1];
@ -451,6 +494,10 @@ class EventShell extends AppShell
public function processfreetext()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Process free text'] . PHP_EOL);
}
$inputFile = $this->args[0];
$tempdir = new Folder(APP . 'tmp/cache/ingest', true, 0750);
$tempFile = new File(APP . 'tmp/cache/ingest' . DS . $inputFile);
@ -473,6 +520,10 @@ class EventShell extends AppShell
public function processmoduleresult()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Process module result'] . PHP_EOL);
}
$inputFile = $this->args[0];
$tempDir = new Folder(APP . 'tmp/cache/ingest', true, 0750);
$tempFile = new File(APP . 'tmp/cache/ingest' . DS . $inputFile);
@ -492,6 +543,10 @@ class EventShell extends AppShell
public function recoverEvent()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['event_management_tasks']['data']['Recover event'] . PHP_EOL);
}
$jobId = $this->args[0];
$id = $this->args[1];
$job = $this->Job->read(null, $jobId);

View File

@ -71,6 +71,9 @@ class ServerShell extends AppShell
public function pullAll()
{
$this->ConfigLoad->execute();
if (empty($this->args[0])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['PullAll'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
@ -105,8 +108,9 @@ class ServerShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['pull'] . PHP_EOL);
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Pull'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
if (empty($user)) {
@ -163,8 +167,9 @@ class ServerShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['push'] . PHP_EOL);
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Push'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
if (empty($user)) die('Invalid user.' . PHP_EOL);
@ -245,6 +250,7 @@ class ServerShell extends AppShell
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Fetch feeds as local data'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
if (empty($user)) {
@ -314,8 +320,9 @@ class ServerShell extends AppShell
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['cacheServer'] . PHP_EOL);
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Cache server'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
if (empty($user)) die('Invalid user.' . PHP_EOL);
@ -381,6 +388,7 @@ class ServerShell extends AppShell
if (empty($this->args[0]) || empty($this->args[1])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Cache feeds for quick lookups'] . PHP_EOL);
}
$userId = $this->args[0];
$user = $this->User->getAuthUser($userId);
if (empty($user)) die('Invalid user.' . PHP_EOL);
@ -431,6 +439,10 @@ class ServerShell extends AppShell
public function enqueuePull()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Enqueue pull'] . PHP_EOL);
}
$timestamp = $this->args[0];
$userId = $this->args[1];
$taskId = $this->args[2];
@ -490,6 +502,10 @@ class ServerShell extends AppShell
public function enqueueFeedFetch()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Enqueue feed fetch'] . PHP_EOL);
}
$timestamp = $this->args[0];
$userId = $this->args[1];
$taskId = $this->args[2];
@ -536,6 +552,10 @@ class ServerShell extends AppShell
public function enqueueFeedCache()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Enqueue feed cache'] . PHP_EOL);
}
$timestamp = $this->args[0];
$userId = $this->args[1];
$taskId = $this->args[2];
@ -589,6 +609,10 @@ class ServerShell extends AppShell
public function enqueuePush()
{
$this->ConfigLoad->execute();
if (empty($this->args[0]) || empty($this->args[1]) || empty($this->args[2])) {
die('Usage: ' . $this->Server->command_line_functions['console_automation_tasks']['data']['Enqueue push'] . PHP_EOL);
}
$timestamp = $this->args[0];
$taskId = $this->args[1];
$userId = $this->args[2];

View File

@ -811,24 +811,26 @@ class EventReport extends AppModel
}
foreach ($clusters as $cluster) {
$cluster['GalaxyCluster']['colour'] = '#0088cc';
$tagName = $cluster['GalaxyCluster']['tag_name'];
$found = $this->isValidReplacementTag($content, $tagName);
if ($found) {
$replacedContext[$tagName][$tagName] = $cluster['GalaxyCluster'];
}
$toSearch = ' ' . $cluster['GalaxyCluster']['value'] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$cluster['GalaxyCluster']['value']][$tagName] = $cluster['GalaxyCluster'];
}
if ($options['synonyms']) {
foreach ($cluster['GalaxyElement'] as $element) {
if (strlen($element['value']) >= $options['synonyms_min_characters']) {
$toSearch = ' ' . $element['value'] . ' ';
$found = strpos($content, $toSearch) !== false;
if ($found) {
$replacedContext[$element['value']][$tagName] = $cluster['GalaxyCluster'];
if (strlen($cluster['GalaxyCluster']['value']) > 2) {
$cluster['GalaxyCluster']['colour'] = '#0088cc';
$tagName = $cluster['GalaxyCluster']['tag_name'];
$found = $this->isValidReplacementTag($content, $tagName);
if ($found) {
$replacedContext[$tagName][$tagName] = $cluster['GalaxyCluster'];
}
$toSearch = ' ' . $cluster['GalaxyCluster']['value'] . ' ';
$found = strpos($originalContent, $toSearch) !== false;
if ($found) {
$replacedContext[$cluster['GalaxyCluster']['value']][$tagName] = $cluster['GalaxyCluster'];
}
if ($options['synonyms']) {
foreach ($cluster['GalaxyElement'] as $element) {
if (strlen($element['value']) >= $options['synonyms_min_characters']) {
$toSearch = ' ' . $element['value'] . ' ';
$found = strpos($content, $toSearch) !== false;
if ($found) {
$replacedContext[$element['value']][$tagName] = $cluster['GalaxyCluster'];
}
}
}
}
@ -842,23 +844,25 @@ class EventReport extends AppModel
'contain' => $clusterContain
]);
foreach ($attackClusters as $cluster) {
$cluster['GalaxyCluster']['colour'] = '#0088cc';
$tagName = $cluster['GalaxyCluster']['tag_name'];
$toSearch = ' ' . $cluster['GalaxyCluster']['value'] . ' ';
$found = strpos($content, $toSearch) !== false;
if ($found) {
$replacedContext[$cluster['GalaxyCluster']['value']][$tagName] = $cluster['GalaxyCluster'];
} else {
$clusterParts = explode(' - ', $cluster['GalaxyCluster']['value'], 2);
$toSearch = ' ' . $clusterParts[0] . ' ';
if (strlen($cluster['GalaxyCluster']['value']) > 2) {
$cluster['GalaxyCluster']['colour'] = '#0088cc';
$tagName = $cluster['GalaxyCluster']['tag_name'];
$toSearch = ' ' . $cluster['GalaxyCluster']['value'] . ' ';
$found = strpos($content, $toSearch) !== false;
if ($found) {
$replacedContext[$clusterParts[0]][$tagName] = $cluster['GalaxyCluster'];
} else if (isset($clusterParts[1])) {
$toSearch = ' ' . $clusterParts[1] . ' ';
$replacedContext[$cluster['GalaxyCluster']['value']][$tagName] = $cluster['GalaxyCluster'];
} else {
$clusterParts = explode(' - ', $cluster['GalaxyCluster']['value'], 2);
$toSearch = ' ' . $clusterParts[0] . ' ';
$found = strpos($content, $toSearch) !== false;
if ($found) {
$replacedContext[$clusterParts[1]][$tagName] = $cluster['GalaxyCluster'];
$replacedContext[$clusterParts[0]][$tagName] = $cluster['GalaxyCluster'];
} elseif (isset($clusterParts[1])) {
$toSearch = ' ' . $clusterParts[1] . ' ';
$found = strpos($content, $toSearch) !== false;
if ($found) {
$replacedContext[$clusterParts[1]][$tagName] = $cluster['GalaxyCluster'];
}
}
}
}

View File

@ -142,22 +142,39 @@ class Server extends AppModel
$this->command_line_functions = array(
'console_admin_tasks' => array(
'data' => array(
'Get setting' => 'MISP/app/Console/cake Admin getSetting [setting]',
'Get setting' => 'MISP/app/Console/cake Admin getSetting [setting|all]',
'Set setting' => 'MISP/app/Console/cake Admin setSetting [setting] [value]',
'Get authkey' => 'MISP/app/Console/cake Admin getAuthkey [email]',
'Get authkey' => 'MISP/app/Console/cake Admin getAuthkey [user_email]',
'Change authkey' => 'MISP/app/Console/cake Admin change_authkey [user_email] [authkey]',
'Set baseurl' => 'MISP/app/Console/cake Baseurl [baseurl]',
'Change password' => 'MISP/app/Console/cake Password [email] [new_password] [--override_password_change]',
'Clear Bruteforce Entries' => 'MISP/app/Console/cake Admin clearBruteforce [user_email]',
'Clear Bruteforce entries' => 'MISP/app/Console/cake Admin clearBruteforce [user_email]',
'Clean caches' => 'MISP/app/Console/cake Admin cleanCaches',
'Set database version' => 'MISP/app/Console/cake Admin setDatabaseVersion [version]',
'Run database update' => 'MISP/app/Console/cake Admin updateDatabase',
'Run updates' => 'MISP/app/Console/cake Admin runUpdates',
'Update all JSON structures' => 'MISP/app/Console/cake Admin updateJSON',
'Update Galaxy definitions' => 'MISP/app/Console/cake Admin updateGalaxies',
'Update taxonomy definitions' => 'MISP/app/Console/cake Admin updateTaxonomies',
'Update object templates' => 'MISP/app/Console/cake Admin updateObjectTemplates',
'Update object templates' => 'MISP/app/Console/cake Admin updateObjectTemplates [user_id]',
'Update Warninglists' => 'MISP/app/Console/cake Admin updateWarningLists',
'Update Noticelists' => 'MISP/app/Console/cake Admin updateNoticeLists',
'Set default role' => 'MISP/app/Console/cake Admin setDefaultRole [role_id]',
'Get IPs for user ID' => 'MISP/app/Console/cake Admin UserIP [user_id]',
'Get user ID for user IP' => 'MISP/app/Console/cake Admin IPUser [ip]',
'Generate correlation' => 'MISP/app/Console/cake Admin jobGenerateCorrelation [job_id]',
'Purge correlation' => 'MISP/app/Console/cake Admin jobPurgeCorrelation [job_id]',
'Generate shadow attribute correlation' => 'MISP/app/Console/cake Admin jobGenerateShadowAttributeCorrelation [job_id]',
'Update MISP' => 'MISP/app/Console/cake Admin updateMISP',
'Update after pull' => 'MISP/app/Console/cake Admin updateAfterPull [submodule_name] [job_id] [user_id]',
'Job upgrade' => 'MISP/app/Console/cake Admin jobUpgrade24 [job_id] [user_id]',
'Prune update logs' => 'MISP/app/Console/cake Admin prune_update_logs [job_id] [user_id]',
'Recover since last successful update' => 'MISP/app/Console/cake Admin recoverSinceLastSuccessfulUpdate',
'Reset sync authkeys' => 'MISP/app/Console/cake Admin resetSyncAuthkeys [user_id]',
'Purge feed events' => 'MISP/app/Console/cake Admin purgeFeedEvents [user_id] [feed_id]',
'Dump current database schema' => 'MISP/app/Console/cake Admin dumpCurrentDatabaseSchema',
'Scan attachment' => 'MISP/app/Console/cake Admin scanAttachment [input] [attribute_id] [job_id]',
'Clean excluded correlations' => 'MISP/app/Console/cake Admin cleanExcludedCorrelations [job_id]',
),
'description' => __('Certain administrative tasks are exposed to the API, these help with maintaining and configuring MISP in an automated way / via external tools.'),
'header' => __('Administering MISP via the CLI')
@ -174,16 +191,41 @@ class Server extends AppModel
'Fetch feeds as local data' => 'MISP/app/Console/cake Server fetchFeed [user_id] [feed_id|all|csv|text|misp]',
'Run enrichment' => 'MISP/app/Console/cake Event enrichment [user_id] [event_id] [json_encoded_module_list]',
'Test' => 'MISP/app/Console/cake Server test [server_id]',
'List' => 'MISP/app/Console/cake Server list'
'List' => 'MISP/app/Console/cake Server list',
'Enqueue pull' => 'MISP/app/Console/cake Server enqueuePull [timestamp] [user_id] [task_id]',
'Enqueue push' => 'MISP/app/Console/cake Server enqueuePush [timestamp] [task_id] [user_id]',
'Enqueue feed fetch' => 'MISP/app/Console/cake Server enqueueFeedFetch [timestamp] [user_id] [task_id]',
'Enqueue feed cache' => 'MISP/app/Console/cake Server enqueueFeedCache [timestamp] [user_id] [task_id]',
),
'description' => __('If you would like to automate tasks such as caching feeds or pulling from server instances, you can do it using the following command line tools. Simply execute the given commands via the command line / create cron jobs easily out of them.'),
'header' => __('Automating certain console tasks')
),
'event_management_tasks' => array(
'data' => array(
'Publish event' => 'MISP/app/Console/cake Event publish [event_id] [pass_along] [job_id] [user_id]',
'Publish sightings' => 'MISP/app/Console/cake Event publish_sightings [event_id] [pass_along] [job_id] [user_id]',
'Publish Galaxy clusters' => 'MISP/app/Console/cake Event publish_galaxy_clusters [cluster_id] [job_id] [user_id] [pass_along]',
'Cache event' => 'MISP/app/Console/cake Event cache [user_id] [event_id] [export_type]',
'Cache bro' => 'MISP/app/Console/cake Event cachebro [user_id] [event_id]',
'Recover event' => 'MISP/app/Console/cake Event recoverEvent [job_id] [event_id]',
'Alert email' => 'MISP/app/Console/cake Event alertemail [user_id] [job_id] [event_id] [old_publish]',
'Contact email' => 'MISP/app/Console/cake Event contactemail [event_id] [message] [all] [user_id] [process_id]',
'Posts email' => 'MISP/app/Console/cake Event postsemail [user_id] [post_id] [event_id] [title] [message] [process_id]',
'Enqueue caching' => 'MISP/app/Console/cake Event enqueueCaching [timestamp]',
'Do publish' => 'MISP/app/Console/cake Event doPublish [event_id]',
'Run enrichment' => 'MISP/app/Console/cake Event enrichment [user_id] [event_id] [json_encoded_module_list]',
'Process free text' => 'MISP/app/Console/cake Event processfreetext [input]',
'Process module result' => 'MISP/app/Console/cake Event processmoduleresult [input]',
),
'description' => __('The events can be managed via the CLI in addition to the UI / API management tools'),
'header' => __('Managing the events')
),
'worker_management_tasks' => array(
'data' => array(
'Get list of workers' => 'MISP/app/Console/cake Admin getWorkers [all|dead]',
'Start a worker' => 'MISP/app/Console/cake Admin startWorker [queue_name]',
'Restart a worker' => 'MISP/app/Console/cake Admin restartWorker [worker_pid]',
'Restart all workers' => 'MISP/app/Console/cake Admin restartWorkers',
'Kill a worker' => 'MISP/app/Console/cake Admin killWorker [worker_pid]',
),
'description' => __('The background workers can be managed via the CLI in addition to the UI / API management tools'),

@ -1 +1 @@
Subproject commit 388b57e3428e1850c3195b8176827e1f53b9a4ec
Subproject commit c8cd002a3be424531ef9ceadf00742f98820733b

View File

@ -1524,7 +1524,7 @@ def generate_event(filename, tries=0):
def is_from_misp(event):
try:
title = event.header.title
title = event.stix_header.title
except AttributeError:
return False
return ('Export from ' in title and 'MISP' in title)

@ -1 +1 @@
Subproject commit 14d3509616aa43b8703b79c4c549590c25112e40
Subproject commit 9198e5f022dcad03ecdae7cc72689176a1590f52

@ -1 +1 @@
Subproject commit e0cfdf97b9d4426c43ea659592da87ff7d5de900
Subproject commit 477531af062ff2e29aa3091cc045d6d41cf692ea

View File

@ -2103,7 +2103,193 @@ components:
AttributeType:
type: string
maxLength: 100
example: "ip-src"
enum:
- "md5"
- "sha1"
- "sha256"
- "filename"
- "pdb"
- "filename|md5"
- "filename|sha1"
- "filename|sha256"
- "ip-src"
- "ip-dst"
- "hostname"
- "domain"
- "domain|ip"
- "email"
- "email-src"
- "eppn"
- "email-dst"
- "email-subject"
- "email-attachment"
- "email-body"
- "float"
- "git-commit-id"
- "url"
- "http-method"
- "user-agent"
- "ja3-fingerprint-md5"
- "jarm-fingerprint"
- "favicon-mmh3"
- "hassh-md5"
- "hasshserver-md5"
- "regkey"
- "regkey|value"
- "AS"
- "snort"
- "bro"
- "zeek"
- "community-id"
- "pattern-in-file"
- "pattern-in-traffic"
- "pattern-in-memory"
- "pattern-filename"
- "pgp-public-key"
- "pgp-private-key"
- "yara"
- "stix2-pattern"
- "sigma"
- "gene"
- "kusto-query"
- "mime-type"
- "identity-card-number"
- "cookie"
- "vulnerability"
- "cpe"
- "weakness"
- "attachment"
- "malware-sample"
- "link"
- "comment"
- "text"
- "hex"
- "other"
- "named pipe"
- "mutex"
- "process-state"
- "target-user"
- "target-email"
- "target-machine"
- "target-org"
- "target-location"
- "target-external"
- "btc"
- "dash"
- "xmr"
- "iban"
- "bic"
- "bank-account-nr"
- "aba-rtn"
- "bin"
- "cc-number"
- "prtn"
- "phone-number"
- "threat-actor"
- "campaign-name"
- "campaign-id"
- "malware-type"
- "uri"
- "authentihash"
- "vhash"
- "ssdeep"
- "imphash"
- "telfhash"
- "pehash"
- "impfuzzy"
- "sha224"
- "sha384"
- "sha512"
- "sha512/224"
- "sha512/256"
- "sha3-224"
- "sha3-256"
- "sha3-384"
- "sha3-512"
- "tlsh"
- "cdhash"
- "filename|authentihash"
- "filename|vhash"
- "filename|ssdeep"
- "filename|imphash"
- "filename|impfuzzy"
- "filename|pehash"
- "filename|sha224"
- "filename|sha384"
- "filename|sha512"
- "filename|sha512/224"
- "filename|sha512/256"
- "filename|sha3-224"
- "filename|sha3-256"
- "filename|sha3-384"
- "filename|sha3-512"
- "filename|tlsh"
- "windows-scheduled-task"
- "windows-service-name"
- "windows-service-displayname"
- "whois-registrant-email"
- "whois-registrant-phone"
- "whois-registrant-name"
- "whois-registrant-org"
- "whois-registrar"
- "whois-creation-date"
- "x509-fingerprint-sha1"
- "x509-fingerprint-md5"
- "x509-fingerprint-sha256"
- "dns-soa-email"
- "size-in-bytes"
- "counter"
- "datetime"
- "port"
- "ip-dst|port"
- "ip-src|port"
- "hostname|port"
- "mac-address"
- "mac-eui-64"
- "email-dst-display-name"
- "email-src-display-name"
- "email-header"
- "email-reply-to"
- "email-x-mailer"
- "email-mime-boundary"
- "email-thread-index"
- "email-message-id"
- "github-username"
- "github-repository"
- "github-organisation"
- "jabber-id"
- "twitter-id"
- "dkim"
- "dkim-signature"
- "first-name"
- "middle-name"
- "last-name"
- "full-name"
- "date-of-birth"
- "place-of-birth"
- "gender"
- "passport-number"
- "passport-country"
- "passport-expiration"
- "redress-number"
- "nationality"
- "visa-number"
- "issue-date-of-the-visa"
- "primary-residence"
- "country-of-residence"
- "special-service-request"
- "frequent-flyer-number"
- "travel-details"
- "payment-details"
- "place-port-of-original-embarkation"
- "place-port-of-clearance"
- "place-port-of-onward-foreign-destination"
- "passenger-name-record-locator-number"
- "mobile-application-id"
- "chrome-extension-id"
- "cortex"
- "boolean"
- "anonymised"
AttributeValue:
type: string
@ -2113,7 +2299,23 @@ components:
AttributeCategory:
type: string
maxLength: 255
example: "Payload delivery"
enum:
- "Internal reference"
- "Targeting data"
- "Antivirus detection"
- "Payload delivery"
- "Artifacts dropped"
- "Payload installation"
- "Persistence mechanism"
- "Network activity"
- "Payload type"
- "Attribution"
- "External analysis"
- "Financial fraud"
- "Support Tool"
- "Social network"
- "Person"
- "Other"
AttributeComment:
type: string

View File

@ -83,5 +83,7 @@ TRUNCATE `template_element_texts`;
-- Remove entries from tables and reset index
DELETE FROM `users` WHERE id > 1;
ALTER TABLE `users` AUTO_INCREMENT = 2;
DELETE FROM `auth_keys` WHERE id > 1;
ALTER TABLE `auth_keys` AUTO_INCREMENT = 2;
DELETE FROM `organisations` WHERE id > 1;
ALTER TABLE `organisations` AUTO_INCREMENT = 2;

View File

@ -87,7 +87,8 @@ class misphelper(object):
# set expiredTag to hidden if it was accidentally enabled by "enable all"
if tag["tag"] == self.expiredTag:
if tag["existing_tag"]["Tag"]["hide_tag"] is False:
self.misp.edit_tag(tag["existing_tag"]["Tag"]["id"], hide_tag=True)
tag["existing_tag"]["Tag"]["hide_tag"] = True
self.misp.update_tag(tag["existing_tag"]["Tag"])
else:
raise Exception("Could not parse retention time/unit from tag: '{}'.".format(tag["tag"]))