mirror of https://github.com/MISP/MISP
Merge branch '2.4' of github.com:MISP/MISP into 2.4
commit
a940e943d5
|
@ -83,27 +83,33 @@ MISPvars () {
|
|||
# RHEL/CentOS
|
||||
if [[ -f "/etc/redhat-release" ]]; then
|
||||
WWW_USER='apache'
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
# Debian flavoured
|
||||
elif [[ -f "/etc/debian_version" ]]; then
|
||||
WWW_USER="www-data"
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
# OpenBSD
|
||||
elif [[ "$(uname -s)" == "OpenBSD" ]]; then
|
||||
WWW_USER="www"
|
||||
PATH_TO_MISP="/var/www/htdocs/MISP"
|
||||
SUDO_WWW="doas -u www "
|
||||
SUDO_CMD="doas "
|
||||
# NetBSD
|
||||
elif [[ "$(uname -s)" == "NetBSD" ]]; then
|
||||
WWW_USER="www"
|
||||
PATH_TO_MISP="/usr/pkg/share/httpd/htdocs/MISP"
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
else
|
||||
# I am feeling lucky
|
||||
WWW_USER="www-data"
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
fi
|
||||
|
||||
if [ -z "$FQDN" ]; then
|
||||
if [ -z "${FQDN}" ]; then
|
||||
FQDN="misp.local"
|
||||
fi
|
||||
|
||||
if [ -z "$MISP_BASEURL" ]; then
|
||||
if [ -z "${MISP_BASEURL}" ]; then
|
||||
MISP_BASEURL='""'
|
||||
fi
|
||||
|
||||
|
@ -118,13 +124,13 @@ MISPvars () {
|
|||
DBPASSWORD_MISP="$(openssl rand -hex 32)"
|
||||
|
||||
# OpenSSL configuration
|
||||
OPENSSL_CN=$FQDN
|
||||
OPENSSL_CN=${FQDN}
|
||||
OPENSSL_C='LU'
|
||||
OPENSSL_ST='State'
|
||||
OPENSSL_L='Location'
|
||||
OPENSSL_O='Organization'
|
||||
OPENSSL_OU='Organizational Unit'
|
||||
OPENSSL_EMAILADDRESS="info@$FQDN"
|
||||
OPENSSL_EMAILADDRESS="info@${FQDN}"
|
||||
|
||||
# GPG configuration
|
||||
GPG_REAL_NAME='Autogenerated Key'
|
||||
|
@ -147,7 +153,7 @@ MISPvars () {
|
|||
max_execution_time=300
|
||||
memory_limit=2048M
|
||||
|
||||
CAKE="$PATH_TO_MISP/app/Console/cake"
|
||||
CAKE="${PATH_TO_MISP}/app/Console/cake"
|
||||
|
||||
# sudo config to run $LUSER commands
|
||||
if [[ "$(groups ${MISP_USER} |grep -o 'staff')" == "staff" ]]; then
|
||||
|
@ -155,8 +161,7 @@ MISPvars () {
|
|||
else
|
||||
SUDO_CMD="sudo -H -u ${MISP_USER}"
|
||||
fi
|
||||
SUDO_WWW="sudo -H -u ${WWW_USER} "
|
||||
|
||||
|
||||
echo "The following DB Passwords were generated..."
|
||||
echo "Admin (${DBUSER_ADMIN}) DB Password: ${DBPASSWORD_ADMIN}"
|
||||
echo "User (${DBUSER_MISP}) DB Password: ${DBPASSWORD_MISP}"
|
||||
|
@ -1718,9 +1723,9 @@ mispmodules () {
|
|||
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
||||
## TODO: checkUsrLocalSrc in main doc
|
||||
debug "Cloning misp-modules"
|
||||
$SUDO_CMD git clone https://github.com/MISP/misp-modules.git
|
||||
$SUDO_CMD git clone git://github.com/stricaud/gtcaca.git
|
||||
$SUDO_CMD git clone git://github.com/stricaud/faup.git
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/misp-modules.git; done
|
||||
[[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/faup.git faup; done
|
||||
[[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca; done
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup gtcaca
|
||||
# Install gtcaca
|
||||
cd gtcaca
|
||||
|
@ -1805,7 +1810,7 @@ mispDashboard () {
|
|||
sudo mkdir misp-dashboard
|
||||
sudo chown $WWW_USER:$WWW_USER misp-dashboard
|
||||
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-dashboard.git; done
|
||||
cd misp-dashboard
|
||||
sudo -H /var/www/misp-dashboard/install_dependencies.sh
|
||||
sudo sed -i "s/^host\ =\ localhost/host\ =\ 0.0.0.0/g" /var/www/misp-dashboard/config/config.cfg
|
||||
|
@ -1889,9 +1894,9 @@ mail2misp () {
|
|||
debug "Installing Mail2${LBLUE}MISP${NC}"
|
||||
cd /usr/local/src/
|
||||
sudo apt-get install cmake libcaca-dev liblua5.3-dev -y
|
||||
$SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git
|
||||
[[ ! -d "faup" ]] && $SUDO_CMD git clone git://github.com/stricaud/faup.git faup
|
||||
[[ ! -d "gtcaca" ]] && $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/MISP/mail_to_misp.git; done
|
||||
[[ ! -d "faup" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/faup.git faup; done
|
||||
[[ ! -d "gtcaca" ]] && false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone git://github.com/stricaud/gtcaca.git gtcaca; done
|
||||
sudo chown -R ${MISP_USER}:${MISP_USER} faup mail_to_misp gtcaca
|
||||
cd gtcaca
|
||||
$SUDO_CMD mkdir -p build
|
||||
|
@ -1949,8 +1954,8 @@ viper () {
|
|||
fi
|
||||
fi
|
||||
echo "Cloning Viper"
|
||||
$SUDO_CMD git clone https://github.com/viper-framework/viper.git
|
||||
$SUDO_CMD git clone https://github.com/viper-framework/viper-web.git
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper.git; done
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_CMD git clone https://github.com/viper-framework/viper-web.git; done
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper
|
||||
sudo chown -R $MISP_USER:$MISP_USER viper-web
|
||||
cd viper
|
||||
|
@ -2506,7 +2511,7 @@ mispmodulesRHEL () {
|
|||
sudo chmod 2777 /usr/local/src
|
||||
sudo chown root:users /usr/local/src
|
||||
cd /usr/local/src/
|
||||
$SUDO_WWW git clone https://github.com/MISP/misp-modules.git
|
||||
false; while [[ $? -ne 0 ]]; do $SUDO_WWW git clone https://github.com/MISP/misp-modules.git; done
|
||||
cd misp-modules
|
||||
# pip install
|
||||
$SUDO_WWW $PATH_TO_MISP/venv/bin/pip install -U -I -r REQUIREMENTS
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
; Generated by RHash v1.3.9 on 2020-05-22 at 16:25.08
|
||||
; Generated by RHash v1.3.8 on 2020-07-14 at 00:16.53
|
||||
; Written by Kravchenko Aleksey (Akademgorodok) - http://rhash.sf.net/
|
||||
;
|
||||
; 133066 16:25.07 2020-05-22 INSTALL.sh
|
||||
INSTALL.sh 79EF825B019669270DBCA0DD922C1E3DE6DA3D89 22A82CD073DA3312DF51089884DE4F3AF88ECD0E359D4C048915178C366327EC 4DA7D94FB036B2CC02120C1AC5AEBA9B57E4200FFC2940CB5BF8D9FE8C8600C72888DD2093590E7E77BB3A9F38D7F656 AA0CFD458A4B5CD84103EB641F59FFBBBB740890CB433108C6E0B8912F795DC521E3C75BD563496088862798D90A5C4D20B862ABA5152A84F62C037E889C3ED3
|
||||
; 133682 00:16.53 2020-07-14 INSTALL.sh
|
||||
INSTALL.sh 21C8C020434D4EE255FE6D036D06FA560F1C796F DF9FB13E430BC62D6DD59DC41C1DD500FC2D9ABB1E3D2566CD3C39C4FFA39495 919B195713BFBAB7194CB96AE74FF0B1A0A15CFF74A6F10E6B58FBDD100E9B2B8205F66D12E6CB3C68CF2154A9E3DBF9 8182EB20BF5C842A7B7BC9C345A5E92CDDDA6AD9FB806AF1D3FC64475CF89648547019FF486FF6668794AB1EAEFAA2B242CE9E3346BDED73E38787C3CBBC67C0
|
||||
|
|
|
@ -1 +1 @@
|
|||
79ef825b019669270dbca0dd922c1e3de6da3d89 INSTALL.sh
|
||||
21c8c020434d4ee255fe6d036d06fa560f1c796f INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
22a82cd073da3312df51089884de4f3af88ecd0e359d4c048915178c366327ec INSTALL.sh
|
||||
df9fb13e430bc62d6dd59dc41c1dd500fc2d9abb1e3d2566cd3c39c4ffa39495 INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
4da7d94fb036b2cc02120c1ac5aeba9b57e4200ffc2940cb5bf8d9fe8c8600c72888dd2093590e7e77bb3a9f38d7f656 INSTALL.sh
|
||||
919b195713bfbab7194cb96ae74ff0b1a0a15cff74a6f10e6b58fbdd100e9b2b8205f66d12e6cb3c68cf2154a9e3dbf9 INSTALL.sh
|
||||
|
|
|
@ -1 +1 @@
|
|||
aa0cfd458a4b5cd84103eb641f59ffbbbb740890cb433108c6e0b8912f795dc521e3c75bd563496088862798d90a5c4d20b862aba5152a84f62c037e889c3ed3 INSTALL.sh
|
||||
8182eb20bf5c842a7b7bc9c345a5e92cddda6ad9fb806af1d3fc64475cf89648547019ff486ff6668794ab1eaefaa2b242ce9e3346bded73e38787c3cbbc67c0 INSTALL.sh
|
||||
|
|
|
@ -97,7 +97,7 @@ class StixExport
|
|||
$stix_event = ($this->__return_type == 'stix') ? $file->read() : substr($file->read(), 1, -1);
|
||||
$file->close();
|
||||
$file->delete();
|
||||
unlink($this->__tmp_dir . $filename);
|
||||
@unlink($this->__tmp_dir . $filename);
|
||||
$this->__stix_file->append($stix_event . $this->__framing['separator']);
|
||||
unset($stix_event);
|
||||
}
|
||||
|
@ -131,7 +131,7 @@ class StixExport
|
|||
{
|
||||
foreach ($this->__filenames as $f => $filename) {
|
||||
if ($index >= $f) {
|
||||
unlink($this->__tmp_dir . $filename);
|
||||
@unlink($this->__tmp_dir . $filename);
|
||||
}
|
||||
}
|
||||
$this->__stix_file->close();
|
||||
|
|
|
@ -936,13 +936,15 @@ class Attribute extends AppModel
|
|||
|
||||
public function validCategory($fields)
|
||||
{
|
||||
$validCategories = array_keys($this->categoryDefinitions);
|
||||
if (in_array($fields['category'], $validCategories)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
return isset($this->categoryDefinitions[$fields['category']]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the attribute already exists in the same event.
|
||||
*
|
||||
* @param array $fields
|
||||
* @return bool
|
||||
*/
|
||||
public function valueIsUnique($fields)
|
||||
{
|
||||
if (isset($this->data['Attribute']['deleted']) && $this->data['Attribute']['deleted']) {
|
||||
|
@ -952,31 +954,28 @@ class Attribute extends AppModel
|
|||
if (!empty($this->data['Attribute']['object_relation'])) {
|
||||
return true;
|
||||
}
|
||||
$value = $fields['value'];
|
||||
if (strpos($value, '|')) {
|
||||
$value = explode('|', $value);
|
||||
$value = array(
|
||||
'Attribute.value1' => $value[0],
|
||||
'Attribute.value2' => $value[1]
|
||||
);
|
||||
} else {
|
||||
$value = array(
|
||||
'Attribute.value1' => $value,
|
||||
);
|
||||
}
|
||||
$eventId = $this->data['Attribute']['event_id'];
|
||||
$type = $this->data['Attribute']['type'];
|
||||
$category = $this->data['Attribute']['category'];
|
||||
|
||||
// check if the attribute already exists in the same event
|
||||
$eventId = $this->data['Attribute']['event_id'];
|
||||
$category = $this->data['Attribute']['category'];
|
||||
$type = $this->data['Attribute']['type'];
|
||||
|
||||
$conditions = array(
|
||||
'Attribute.event_id' => $eventId,
|
||||
'Attribute.type' => $type,
|
||||
'Attribute.category' => $category,
|
||||
'Attribute.deleted' => 0,
|
||||
'Attribute.object_id' => 0
|
||||
'Attribute.object_id' => 0,
|
||||
);
|
||||
$conditions = array_merge($conditions, $value);
|
||||
|
||||
$value = $fields['value'];
|
||||
if (in_array($type, $this->getCompositeTypes())) {
|
||||
$value = explode('|', $value);
|
||||
$conditions['Attribute.value1'] = $value[0];
|
||||
$conditions['Attribute.value2'] = $value[1];
|
||||
} else {
|
||||
$conditions['Attribute.value1'] = $value;
|
||||
}
|
||||
|
||||
if (isset($this->data['Attribute']['id'])) {
|
||||
$conditions['Attribute.id !='] = $this->data['Attribute']['id'];
|
||||
}
|
||||
|
@ -1626,14 +1625,17 @@ class Attribute extends AppModel
|
|||
|
||||
public function getCompositeTypes()
|
||||
{
|
||||
// build the list of composite Attribute.type dynamically by checking if type contains a |
|
||||
// default composite types
|
||||
$compositeTypes = array('malware-sample'); // TODO hardcoded composite
|
||||
// dynamically generated list
|
||||
foreach (array_keys($this->typeDefinitions) as $type) {
|
||||
$pieces = explode('|', $type);
|
||||
if (2 == count($pieces)) {
|
||||
$compositeTypes[] = $type;
|
||||
static $compositeTypes;
|
||||
|
||||
if ($compositeTypes === null) {
|
||||
// build the list of composite Attribute.type dynamically by checking if type contains a |
|
||||
// default composite types
|
||||
$compositeTypes = array('malware-sample'); // TODO hardcoded composite
|
||||
// dynamically generated list
|
||||
foreach ($this->typeDefinitions as $type => $foo) {
|
||||
if (strpos($type, '|') !== false) {
|
||||
$compositeTypes[] = $type;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $compositeTypes;
|
||||
|
|
|
@ -3652,7 +3652,7 @@ class Event extends AppModel
|
|||
'conditions' => array('Event.id' => $this->id),
|
||||
'recursive' => -1
|
||||
));
|
||||
if (isset($data['Event']['Attribute']) && !empty($data['Event']['Attribute'])) {
|
||||
if (!empty($data['Event']['Attribute'])) {
|
||||
foreach ($data['Event']['Attribute'] as $k => $attribute) {
|
||||
$block = false;
|
||||
for ($i = 0; $i < $k; $i++) {
|
||||
|
@ -3779,7 +3779,8 @@ class Event extends AppModel
|
|||
'Server.name',
|
||||
'Server.id',
|
||||
'Server.unpublish_event',
|
||||
'Server.publish_without_email'
|
||||
'Server.publish_without_email',
|
||||
'Server.internal',
|
||||
)
|
||||
));
|
||||
} else {
|
||||
|
@ -5825,7 +5826,7 @@ class Event extends AppModel
|
|||
$validationIssues = false;
|
||||
$result = $this->_add($data, true, $user, '', null, false, null, $created_id, $validationIssues);
|
||||
if ($result) {
|
||||
if ($original_file) {
|
||||
if ($original_file && !is_numeric($result)) {
|
||||
$this->add_original_file($tempFile, $original_file, $created_id, $stix_version);
|
||||
}
|
||||
if ($publish && $user['Role']['perm_publish']) {
|
||||
|
|
|
@ -91,30 +91,17 @@
|
|||
)
|
||||
));
|
||||
if (!$ajax) {
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event-collection', 'menuItem' => $this->action === 'add' ? 'add' : 'editEvent'));
|
||||
$event = ['Event' => ['id' => $event_id, 'published' => $published ]];
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event));
|
||||
}
|
||||
?>
|
||||
|
||||
<script type="text/javascript">
|
||||
var notice_list_triggers = <?php echo $notice_list_triggers; ?>;
|
||||
var composite_types = <?php echo json_encode($compositeTypes); ?>;
|
||||
var category_type_mapping = new Array();
|
||||
|
||||
<?php
|
||||
foreach ($categoryDefinitions as $category => $def) {
|
||||
echo "category_type_mapping['" . addslashes($category) . "'] = {";
|
||||
$first = true;
|
||||
foreach ($def['types'] as $type) {
|
||||
if ($first) {
|
||||
$first = false;
|
||||
} else {
|
||||
echo ', ';
|
||||
}
|
||||
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
|
||||
}
|
||||
echo "}; \n";
|
||||
}
|
||||
?>
|
||||
var category_type_mapping = <?php echo json_encode(array_map(function($value) {
|
||||
return array_combine($value['types'], $value['types']);
|
||||
}, $categoryDefinitions)); ?>;
|
||||
|
||||
$('#AttributeDistribution').change(function() {
|
||||
checkSharingGroup('Attribute');
|
||||
|
@ -133,7 +120,7 @@
|
|||
checkNoticeList('attribute');
|
||||
});
|
||||
|
||||
$(document).ready(function() {
|
||||
$(function() {
|
||||
<?php
|
||||
if ($action == 'edit'):
|
||||
?>
|
||||
|
@ -143,7 +130,7 @@
|
|||
?>
|
||||
checkSharingGroup('Attribute');
|
||||
|
||||
var $form = $('#AttributeType').closest('form').submit(function( event ) {
|
||||
$('#AttributeType').closest('form').submit(function( event ) {
|
||||
if ($('#AttributeType').val() === 'datetime') {
|
||||
// add timezone of the browser if not set
|
||||
var allowLocalTZ = true;
|
||||
|
@ -153,7 +140,7 @@
|
|||
if (dateValue.creationData().format !== "YYYY-MM-DDTHH:mm:ssZ" && dateValue.creationData().format !== "YYYY-MM-DDTHH:mm:ss.SSSSZ") {
|
||||
// Missing timezone data
|
||||
var confirm_message = '<?php echo __('Timezone missing, auto-detected as: ') ?>' + dateValue.format('Z')
|
||||
confirm_message += '<?php echo '\r\n' . __('The following value will be submited instead: '); ?>' + dateValue.toISOString(allowLocalTZ)
|
||||
confirm_message += '<?php echo '\r\n' . __('The following value will be submitted instead: '); ?>' + dateValue.toISOString(allowLocalTZ)
|
||||
if (confirm(confirm_message)) {
|
||||
$valueInput.val(dateValue.toISOString(allowLocalTZ));
|
||||
} else {
|
||||
|
@ -161,7 +148,7 @@
|
|||
}
|
||||
}
|
||||
} else {
|
||||
textStatus = '<?php echo __('Value is not a valid datetime. Excpected format YYYY-MM-DDTHH:mm:ssZ') ?>'
|
||||
textStatus = '<?php echo __('Value is not a valid datetime. Expected format YYYY-MM-DDTHH:mm:ssZ') ?>'
|
||||
showMessage('fail', textStatus);
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -1,147 +0,0 @@
|
|||
<div class="attributes <?php if (!isset($ajax) || !$ajax) echo 'form';?>">
|
||||
<?php echo $this->Form->create('Attribute');?>
|
||||
<fieldset>
|
||||
<legend><?php echo __('Edit Attribute'); ?></legend>
|
||||
<?php
|
||||
echo $this->Form->hidden('event_id');
|
||||
echo $this->Form->input('category', array(
|
||||
'empty' => __('(choose one)'),
|
||||
'label' => __('Category ') . $this->element('formInfo', array('type' => 'category'))
|
||||
));
|
||||
$typeInputData = array(
|
||||
'empty' => __('(first choose category)'),
|
||||
'label' => __('Type ') . $this->element('formInfo', array('type' => 'type')),
|
||||
);
|
||||
if ($objectAttribute) {
|
||||
$typeInputData[] = __('disabled');
|
||||
}
|
||||
echo $this->Form->input('type', $typeInputData);
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('distribution', array(
|
||||
'options' => array($distributionLevels),
|
||||
'label' => __('Distribution ') . $this->element('formInfo', array('type' => 'distribution'))
|
||||
));
|
||||
?>
|
||||
<div id="SGContainer" style="display:none;">
|
||||
<?php
|
||||
if (!empty($sharingGroups)) {
|
||||
echo $this->Form->input('sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Sharing Group'),
|
||||
));
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
echo $this->Form->input('value', array(
|
||||
'type' => 'textarea',
|
||||
'error' => array('escape' => false),
|
||||
'div' => 'input clear',
|
||||
'class' => 'input-xxlarge'
|
||||
));
|
||||
echo $this->Form->input('comment', array(
|
||||
'type' => 'text',
|
||||
'label' => __('Contextual Comment'),
|
||||
'error' => array('escape' => false),
|
||||
'div' => 'input clear',
|
||||
'class' => 'input-xxlarge'
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('to_ids', array(
|
||||
'label' => __('for Intrusion Detection System'),
|
||||
));
|
||||
if (!$objectAttribute) {
|
||||
echo $this->Form->input('batch_import', array(
|
||||
'type' => 'checkbox',
|
||||
));
|
||||
}
|
||||
echo '<div class="input clear"></div>';
|
||||
echo $this->Form->input('disable_correlation', array(
|
||||
'type' => 'checkbox'
|
||||
));
|
||||
?>
|
||||
</fieldset>
|
||||
<p style="color:red;font-weight:bold;display:none;<?php if (isset($ajax) && $ajax) echo "text-align:center;";?> " id="warning-message"><?php echo __('Warning: You are about to share data that is of a sensitive nature (Attribution / targeting data). Make sure that you are authorised to share this.'); ?></p>
|
||||
<?php
|
||||
echo $this->Form->button('Submit', array('class' => 'btn btn-primary'));
|
||||
echo $this->Form->end();
|
||||
?>
|
||||
</div>
|
||||
<?php
|
||||
if (!$ajax) {
|
||||
$event['Event']['id'] = $this->request->data['Attribute']['event_id'];
|
||||
$event['Event']['published'] = $published;
|
||||
echo $this->element('/genericElements/SideMenu/side_menu', array('menuList' => 'event', 'menuItem' => 'addAttribute', 'event' => $event));
|
||||
}
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
var fieldsArray = new Array('AttributeCategory', 'AttributeType', 'AttributeValue', 'AttributeDistribution', 'AttributeComment', 'AttributeToIds', 'AttributeBatchImport', 'AttributeSharingGroupId');
|
||||
<?php
|
||||
$formInfoTypes = array('distribution' => 'Distribution', 'category' => 'Category', 'type' => 'Type');
|
||||
echo 'var formInfoFields = ' . json_encode($formInfoTypes) . PHP_EOL;
|
||||
foreach ($formInfoTypes as $formInfoType => $humanisedName) {
|
||||
echo 'var ' . $formInfoType . 'FormInfoValues = {' . PHP_EOL;
|
||||
foreach ($info[$formInfoType] as $key => $formInfoData) {
|
||||
echo '"' . $key . '": "<span class=\"blue bold\">' . h($formInfoData['key']) . '</span>: ' . h($formInfoData['desc']) . '<br />",' . PHP_EOL;
|
||||
}
|
||||
echo '}' . PHP_EOL;
|
||||
}
|
||||
?>
|
||||
//
|
||||
//Generate Category / Type filtering array
|
||||
//
|
||||
var category_type_mapping = new Array();
|
||||
<?php
|
||||
foreach ($categoryDefinitions as $category => $def) {
|
||||
echo "category_type_mapping['" . addslashes($category) . "'] = {";
|
||||
$first = true;
|
||||
foreach ($def['types'] as $type) {
|
||||
if ($first) $first = false;
|
||||
else echo ', ';
|
||||
echo "'" . addslashes($type) . "' : '" . addslashes($type) . "'";
|
||||
}
|
||||
echo "}; \n";
|
||||
}
|
||||
?>
|
||||
|
||||
$(document).ready(function() {
|
||||
initPopoverContent('Attribute');
|
||||
$('#AttributeDistribution').change(function() {
|
||||
if ($('#AttributeDistribution').val() == 4) $('#SGContainer').show();
|
||||
else $('#SGContainer').hide();
|
||||
});
|
||||
|
||||
<?php
|
||||
if (!$objectAttribute):
|
||||
?>
|
||||
$("#AttributeCategory").on('change', function(e) {
|
||||
formCategoryChanged('Attribute');
|
||||
if ($(this).val() === 'Attribution' || $(this).val() === 'Targeting data') {
|
||||
$("#warning-message").show();
|
||||
} else {
|
||||
$("#warning-message").hide();
|
||||
}
|
||||
if ($(this).val() === 'Internal reference') {
|
||||
$("#AttributeDistribution").val('0');
|
||||
$('#SGContainer').hide();
|
||||
}
|
||||
});
|
||||
var start = $("#AttributeType").val();
|
||||
formCategoryChanged('Attribute');
|
||||
$("#AttributeType").val(start);
|
||||
<?php
|
||||
endif;
|
||||
?>
|
||||
|
||||
$("#AttributeCategory, #AttributeType, #AttributeDistribution").change(function() {
|
||||
var start = $("#AttributeType").val();
|
||||
initPopoverContent('Attribute');
|
||||
$("#AttributeType").val(start);
|
||||
});
|
||||
});
|
||||
</script>
|
||||
<?php echo $this->Js->writeBuffer(); // Write cached scripts
|
|
@ -7,6 +7,7 @@ import datetime
|
|||
import re
|
||||
import ntpath
|
||||
import socket
|
||||
import traceback
|
||||
from misp2stix_mapping import *
|
||||
from collections import defaultdict
|
||||
from copy import deepcopy
|
||||
|
@ -156,6 +157,7 @@ class StixBuilder(object):
|
|||
print(json.dumps({'success': 1}))
|
||||
except Exception as e:
|
||||
print(json.dumps({'error': e.__str__()}))
|
||||
traceback.print_tb()
|
||||
|
||||
def generate_package(self, event):
|
||||
self.objects_to_parse = defaultdict(dict)
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# mappings
|
||||
status_mapping = {'0' : 'New', '1' : 'Open', '2' : 'Closed'}
|
||||
threat_level_mapping = {'1' : 'High', '2' : 'Medium', '3' : 'Low', '4' : 'Undefined'}
|
||||
TLP_order = {'RED' : 4, 'AMBER' : 3, 'GREEN' : 2, 'WHITE' : 1}
|
||||
TLP_order = {'RED' : 4, 'AMBER' : 3, 'AMBER NATO ALLIANCE': 3, 'GREEN' : 2, 'WHITE' : 1}
|
||||
confidence_mapping = {False : 'None', True : 'High'}
|
||||
|
||||
not_implemented_attributes = ('yara', 'snort', 'pattern-in-traffic', 'pattern-in-memory')
|
||||
|
|
|
@ -142,7 +142,7 @@ class StixParser():
|
|||
else:
|
||||
print(f'Unknown content disposition in the following email body: {body_multipart}', file=sys.stderr)
|
||||
continue
|
||||
if isinstance(reference, stix2.Artifact):
|
||||
if isinstance(reference, stix2.v20.observables.Artifact):
|
||||
attribute.update({
|
||||
'value': body_multipart['content_disposition'].split('=')[-1].strip("'"),
|
||||
'data': reference.payload_bin,
|
||||
|
@ -216,9 +216,9 @@ class StixParser():
|
|||
self.fill_misp_object(section_object, section, 'pe_section_mapping')
|
||||
if hasattr(section, 'hashes'):
|
||||
self.fill_misp_object(section_object, section.hashes, 'pe_section_mapping')
|
||||
self.misp_event.add_object(section_object)
|
||||
pe_object.add_reference(section_object.uuid, 'includes')
|
||||
self.misp_event.add_object(**section_object)
|
||||
self.misp_event.add_object(**pe_object)
|
||||
self.misp_event.add_object(pe_object)
|
||||
return pe_object.uuid
|
||||
|
||||
def parse_relationships(self):
|
||||
|
@ -338,11 +338,11 @@ class StixParser():
|
|||
@staticmethod
|
||||
def _process_test_filter(value, main_type):
|
||||
_is_main_process = any(feature in value for feature in ('parent_ref', 'child_refs'))
|
||||
return isinstance(value, getattr(stix2, main_type)) and _is_main_process
|
||||
return isinstance(value, getattr(stix2.v20.observables, main_type)) and _is_main_process
|
||||
|
||||
@staticmethod
|
||||
def _standard_test_filter(value, main_type):
|
||||
return isinstance(value, getattr(stix2, main_type))
|
||||
return isinstance(value, getattr(stix2.v20.observables, main_type))
|
||||
|
||||
def update_marking_refs(self, attribute_uuid, marking_refs):
|
||||
try:
|
||||
|
@ -515,7 +515,7 @@ class StixFromMISPParser(StixParser):
|
|||
misp_object.add_reference(target_uuid, 'includes')
|
||||
for attribute in attributes:
|
||||
misp_object.add_attribute(**attribute)
|
||||
self.misp_event.add_object(**misp_object)
|
||||
self.misp_event.add_object(misp_object)
|
||||
|
||||
def parse_observable_attribute(self, observable):
|
||||
attribute = self.create_attribute_dict(observable)
|
||||
|
@ -541,7 +541,7 @@ class StixFromMISPParser(StixParser):
|
|||
misp_object.add_reference(target_uuid, 'includes')
|
||||
for attribute in attributes:
|
||||
misp_object.add_attribute(**attribute)
|
||||
self.misp_event.add_object(**misp_object)
|
||||
self.misp_event.add_object(misp_object)
|
||||
|
||||
def parse_vulnerability(self, vulnerability):
|
||||
attributes = self.fill_observable_attributes(vulnerability, 'vulnerability_mapping')
|
||||
|
@ -617,7 +617,7 @@ class StixFromMISPParser(StixParser):
|
|||
attributes = []
|
||||
mapping = 'asn_mapping'
|
||||
for observable_object in observable.values():
|
||||
if isinstance(observable_object, stix2.AutonomousSystem):
|
||||
if isinstance(observable_object, stix2.v20.observables.AutonomousSystem):
|
||||
attributes.extend(self.fill_observable_attributes(observable_object, mapping))
|
||||
else:
|
||||
attributes.append(self._parse_observable_reference(observable_object, mapping))
|
||||
|
@ -855,7 +855,7 @@ class StixFromMISPParser(StixParser):
|
|||
def parse_url_observable(observable):
|
||||
attributes = []
|
||||
for object in observable.values():
|
||||
feature = 'dst_port' if isinstance(object, stix2.NetworkTraffic) else 'value'
|
||||
feature = 'dst_port' if isinstance(object, stix2.v20.observables.NetworkTraffic) else 'value'
|
||||
attribute = deepcopy(stix2misp_mapping.url_mapping[object._type])
|
||||
attribute.update({'value': getattr(object, feature), 'to_ids': False})
|
||||
attributes.append(attribute)
|
||||
|
@ -1066,9 +1066,9 @@ class StixFromMISPParser(StixParser):
|
|||
attribute = deepcopy(stix2misp_mapping.pe_section_mapping[feature])
|
||||
attribute['value'] = value
|
||||
pe_section.add_attribute(**attribute)
|
||||
self.misp_event.add_object(pe_section)
|
||||
pe.add_reference(pe_section.uuid, 'includes')
|
||||
self.misp_event.add_object(**pe_section)
|
||||
self.misp_event.add_object(**pe)
|
||||
self.misp_event.add_object(pe)
|
||||
return attributes, pe.uuid
|
||||
|
||||
def parse_process_pattern(self, pattern):
|
||||
|
@ -1299,7 +1299,7 @@ class ExternalStixParser(StixParser):
|
|||
@staticmethod
|
||||
def _fetch_reference_type(references, object_type):
|
||||
for key, reference in references.items():
|
||||
if isinstance(reference, getattr(stix2, object_type)):
|
||||
if isinstance(reference, getattr(stix2.v20.observables, object_type)):
|
||||
return key
|
||||
return None
|
||||
|
||||
|
@ -1342,7 +1342,7 @@ class ExternalStixParser(StixParser):
|
|||
file.add_reference(pe_uuid, 'includes')
|
||||
for attribute in attributes:
|
||||
file.add_attribute(**attribute)
|
||||
self.misp_event.add_object(**file)
|
||||
self.misp_event.add_object(file)
|
||||
|
||||
@staticmethod
|
||||
def _is_reference(network_traffic, reference):
|
||||
|
@ -1422,7 +1422,7 @@ class ExternalStixParser(StixParser):
|
|||
if references:
|
||||
filename = file_object.name if hasattr(file_object, 'name') else 'unknown_filename'
|
||||
for key, reference in references.items():
|
||||
if isinstance(reference, stix2.Artifact):
|
||||
if isinstance(reference, stix2.v20.observables.Artifact):
|
||||
_is_content_ref = 'content_ref' in file_object and file_object.content_ref == key
|
||||
attribute_type, value = self._handle_attachment_type(reference, _is_content_ref, filename)
|
||||
attribute = {
|
||||
|
@ -1434,7 +1434,7 @@ class ExternalStixParser(StixParser):
|
|||
if hasattr(reference, 'payload_bin'):
|
||||
attribute['data'] = reference.payload_bin
|
||||
attributes.append(attribute)
|
||||
elif isinstance(reference, stix2.Directory):
|
||||
elif isinstance(reference, stix2.v20.observables.Directory):
|
||||
attribute = {
|
||||
'type': 'text',
|
||||
'object_relation': 'path',
|
||||
|
@ -1757,15 +1757,15 @@ class ExternalStixParser(StixParser):
|
|||
pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path)
|
||||
sections = self._get_sections(pe_extension)
|
||||
self.fill_misp_object_from_dict(pe_object, pe_extension, 'pe_mapping')
|
||||
file_object.add_reference(pe_object.uuid, 'includes')
|
||||
if sections:
|
||||
for section in sections:
|
||||
section_object = MISPObject('pe-section')
|
||||
self.fill_misp_object_from_dict(section_object, section, 'pe_section_mapping')
|
||||
self.misp_event.add_object(section_object)
|
||||
pe_object.add_reference(section_object.uuid, 'includes')
|
||||
self.misp_event.add_object(**section_object)
|
||||
self.misp_event.add_object(**pe_object)
|
||||
self.misp_event.add_object(**file_object)
|
||||
self.misp_event.add_object(pe_object)
|
||||
file_object.add_reference(pe_object.uuid, 'includes')
|
||||
self.misp_event.add_object(file_object)
|
||||
|
||||
def parse_ip_address_pattern(self, indicator, separator):
|
||||
self.add_attributes_from_indicator(indicator, 'ip-dst', separator)
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 808dd94f676243e2f1932878d511de6d74557918
|
||||
Subproject commit 0d6db44c80afd81976f54f58c8cb02e4d33acc16
|
|
@ -42,10 +42,19 @@ class misphelper(object):
|
|||
print("Removing IDS flag in event '{}' on attr '{}'".format(mevent.id, attr["value"]))
|
||||
changed = True
|
||||
attr["to_ids"] = False
|
||||
self.misp.update_attribute(attr)
|
||||
for obj in mevent.objects:
|
||||
for attr in obj.Attribute:
|
||||
if (attr["type"] == "ip-dst" or attr["type"] == "ip-src") and attr["to_ids"]:
|
||||
print("Removing IDS flag in event '{}' on attr '{}'".format(mevent.id, attr["value"]))
|
||||
changed = True
|
||||
attr["to_ids"] = False
|
||||
self.misp.update_attribute(attr)
|
||||
|
||||
self.misp.tag(mevent, self.expiredTag, True)
|
||||
if changed:
|
||||
res = self.misp.update_event(mevent.id, mevent)
|
||||
self.misp.update_event(mevent.id, mevent)
|
||||
self.misp.publish(mevent)
|
||||
|
||||
def findEventsAfterRetention(self, events, retention):
|
||||
for event in events:
|
||||
|
@ -70,7 +79,7 @@ class misphelper(object):
|
|||
for tag in res['entries']:
|
||||
m = re.match(r"^retention:([0-9]+)([d,w,m,y])$", tag["tag"])
|
||||
if m:
|
||||
tagSearch = self.misp.build_complex_query(and_parameters = tag["tag"], not_parameters = self.expiredTag)
|
||||
tagSearch = self.misp.build_complex_query(and_parameters = [tag["tag"]], not_parameters = [self.expiredTag])
|
||||
events = self.misp.search(published=True, tags=tagSearch)
|
||||
self.findEventsAfterRetention(events, (m.group(1), m.group(2)))
|
||||
|
||||
|
|
Loading…
Reference in New Issue