mirror of https://github.com/MISP/MISP
Merge branch 'develop' of github.com:MISP/MISP into develop
commit
b19e5e5d7a
|
@ -428,7 +428,7 @@ class Ls22Shell extends AppShell
|
|||
}
|
||||
$HttpSocket = $this->Server->setupHttpSocket($server, null);
|
||||
$request = $this->Server->setupSyncRequest($server);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:all', false, $request);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:local', false, $request);
|
||||
$orgs = json_decode($response->body(), true);
|
||||
$this->out(__('Organisations fetched. %d found.', count($orgs)), 1, Shell::VERBOSE);
|
||||
$org_mapping = [];
|
||||
|
@ -439,23 +439,31 @@ class Ls22Shell extends AppShell
|
|||
if ($org['Organisation']['name'] === 'YT') {
|
||||
continue;
|
||||
}
|
||||
if ($org['Organisation']['name'] === 'ORGNAME') {
|
||||
continue;
|
||||
}
|
||||
$org_mapping[$org['Organisation']['name']] = $org['Organisation']['id'];
|
||||
}
|
||||
if (!empty($this->param['from'])) {
|
||||
$time_range[] = $this->param['from'];
|
||||
$time_range = [];
|
||||
if (!empty($this->param('from'))) {
|
||||
$time_range[] = $this->param('from');
|
||||
}
|
||||
if (!empty($this->param['to'])) {
|
||||
if (!empty($this->param('to'))) {
|
||||
if (empty($time_range)) {
|
||||
$time_range[] = '365d';
|
||||
}
|
||||
$time_range[] = $this->param['to'];
|
||||
$time_range[] = $this->param('to');
|
||||
} else {
|
||||
if (!empty($time_range)) {
|
||||
$time_range[] = '0h';
|
||||
}
|
||||
}
|
||||
$event_extended_uuids = [];
|
||||
$event_uuid_per_org = [];
|
||||
foreach ($org_mapping as $org_name => $org_id) {
|
||||
$time_range = [];
|
||||
$params = [
|
||||
'org' => $org_id
|
||||
'org' => $org_id,
|
||||
'includeWarninglistHits' => true,
|
||||
];
|
||||
if (!empty($time_range)) {
|
||||
$params['publish_timestamp'] = $time_range;
|
||||
|
@ -480,9 +488,9 @@ class Ls22Shell extends AppShell
|
|||
'extending_events' => 0,
|
||||
];
|
||||
foreach ($events['response'] as $event) {
|
||||
$event_uuid_per_org[$event['Event']['uuid']] = $org_name;
|
||||
$event_uuid_per_org[$event['Event']['uuid']] = $event['Event']['Orgc']['name'];
|
||||
if (!empty($event['Event']['extends_uuid'])) {
|
||||
$event_extended_uuids[$org_name] = $event['Event']['extends_uuid'];
|
||||
$event_extended_uuids[$event['Event']['Orgc']['name']][] = $event['Event']['extends_uuid'];
|
||||
}
|
||||
|
||||
if (!empty($event['Event']['Tag'])) {
|
||||
|
@ -545,13 +553,17 @@ class Ls22Shell extends AppShell
|
|||
}
|
||||
}
|
||||
|
||||
foreach ($event_extended_uuids as $orgc => $uuid) {
|
||||
$org_name = $event_uuid_per_org[$uuid];
|
||||
if ($orgc != $org_name) {
|
||||
// Add point for org extending another event
|
||||
$results[$orgc]['extending_events'] += 1;
|
||||
// Add point for org getting their event extended
|
||||
$results[$org_name]['events_extended'] += 1;
|
||||
foreach ($event_extended_uuids as $orgc => $uuids) {
|
||||
foreach ($uuids as $uuid) {
|
||||
if (!empty($event_uuid_per_org[$uuid])) {
|
||||
$org_name = $event_uuid_per_org[$uuid];
|
||||
if ($orgc != $org_name) {
|
||||
// Add point for org extending another event
|
||||
$results[$orgc]['extending_events'] += 1;
|
||||
// Add point for org getting their event extended
|
||||
$results[$org_name]['events_extended'] += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -571,6 +583,7 @@ class Ls22Shell extends AppShell
|
|||
$results[$k]['metrics']['attack_weight'] = 100 * (2*($result['attack']) + $result['attribute_attack']) / ($result['attribute_count'] + $result['object_count']);
|
||||
$results[$k]['metrics']['other_weight'] = 100 * (2*($result['other']) + $result['attribute_other']) / ($result['attribute_count'] + $result['object_count']);
|
||||
$results[$k]['metrics']['collaboration'] = 100 * ((2*$result['events_extended'] + $result['extending_events']) / $result['event_count']);
|
||||
$results[$k]['metrics']['collaboration'] = 100 * (2*(2*$result['events_extended'] + $result['extending_events']) / $result['event_count']);
|
||||
}
|
||||
foreach (['connectedness', 'attack_weight', 'other_weight', 'warnings', 'collaboration'] as $metric) {
|
||||
if (empty($results[$k]['metrics'][$metric])) {
|
||||
|
|
|
@ -1491,7 +1491,7 @@ class AppController extends Controller
|
|||
protected function __setPagingParams(int $page, int $limit, int $current, string $type = 'named')
|
||||
{
|
||||
$this->request->params['paging'] = [
|
||||
'Correlation' => [
|
||||
$this->modelClass => [
|
||||
'page' => $page,
|
||||
'limit' => $limit,
|
||||
'current' => $current,
|
||||
|
|
|
@ -377,7 +377,7 @@ class LogsController extends AppController
|
|||
$this->set('list', $list);
|
||||
|
||||
// set the same view as the index page
|
||||
$this->render('admin_index');
|
||||
$this->render('index');
|
||||
}
|
||||
} else {
|
||||
// no search keyword is given, show the search form
|
||||
|
|
|
@ -57,6 +57,14 @@ class ServersController extends AppController
|
|||
unset($fields['authkey']);
|
||||
$fields = array_keys($fields);
|
||||
|
||||
$filters = $this->IndexFilter->harvestParameters(['search']);
|
||||
$conditions = [];
|
||||
if (!empty($filters['search'])) {
|
||||
$strSearch = '%' . trim(strtolower($filters['search'])) . '%';
|
||||
$conditions['OR'][]['LOWER(Server.name) LIKE'] = $strSearch;
|
||||
$conditions['OR'][]['LOWER(Server.url) LIKE'] = $strSearch;
|
||||
}
|
||||
|
||||
if ($this->_isRest()) {
|
||||
$params = array(
|
||||
'fields' => $fields,
|
||||
|
@ -72,12 +80,14 @@ class ServersController extends AppController
|
|||
'fields' => array('RemoteOrg.id', 'RemoteOrg.name', 'RemoteOrg.uuid', 'RemoteOrg.nationality', 'RemoteOrg.sector', 'RemoteOrg.type'),
|
||||
),
|
||||
),
|
||||
'conditions' => $conditions,
|
||||
);
|
||||
$servers = $this->Server->find('all', $params);
|
||||
$servers = $this->Server->attachServerCacheTimestamps($servers);
|
||||
return $this->RestResponse->viewData($servers, $this->response->type());
|
||||
} else {
|
||||
$this->paginate['fields'] = $fields;
|
||||
$this->paginate['conditions'] = $conditions;
|
||||
$servers = $this->paginate();
|
||||
$servers = $this->Server->attachServerCacheTimestamps($servers);
|
||||
$this->set('servers', $servers);
|
||||
|
|
|
@ -44,6 +44,13 @@ class WorkflowFormatConverterTool
|
|||
{
|
||||
$converted = [];
|
||||
$converted = JSONConverterTool::convert($event, false, true);
|
||||
$eventTags = $converted['Event']['Tag'];
|
||||
foreach ($converted['Event']['Attribute'] as $i => $attribute) {
|
||||
$converted['Event']['Attribute'][$i] = self::__propagateTagToAttributes($attribute, $eventTags);
|
||||
}
|
||||
foreach ($converted['Event']['Object'] as $i => $object) {
|
||||
$converted['Event']['Object'][$i] = self::__propagateTagToObjectAttributes($object, $eventTags);
|
||||
}
|
||||
return $converted;
|
||||
}
|
||||
|
||||
|
@ -101,6 +108,33 @@ class WorkflowFormatConverterTool
|
|||
return $converted;
|
||||
}
|
||||
|
||||
private static function __propagateTagToAttributes(array $attribute, array $eventTags): array
|
||||
{
|
||||
$allTags = [];
|
||||
if (!empty($eventTags)) {
|
||||
foreach ($eventTags as $eventTag) {
|
||||
$eventTag['inherited'] = true;
|
||||
$allTags[] = $eventTag;
|
||||
}
|
||||
}
|
||||
if (!empty($attribute['Tag'])) {
|
||||
foreach ($attribute['Tag'] as $tag) {
|
||||
$tag['inherited'] = false;
|
||||
$allTags[] = $tag;
|
||||
}
|
||||
}
|
||||
$attribute['_allTags'] = $allTags;
|
||||
return $attribute;
|
||||
}
|
||||
|
||||
private static function __propagateTagToObjectAttributes(array $object, array $eventTags): array
|
||||
{
|
||||
foreach ($object['Attribute'] as $i => $attribute) {
|
||||
$object['Attribute'][$i] = self::__propagateTagToAttributes($attribute, $eventTags);
|
||||
}
|
||||
return $object;
|
||||
}
|
||||
|
||||
private static function __encapsulateEntityWithEvent(array $data): array
|
||||
{
|
||||
$eventModel = ClassRegistry::init('Event');
|
||||
|
|
|
@ -3641,6 +3641,7 @@ class Event extends AppModel
|
|||
$this->OrgBlocklist = ClassRegistry::init('OrgBlocklist');
|
||||
}
|
||||
if ($this->OrgBlocklist->isBlocked($orgc)) {
|
||||
$this->OrgBlocklist->saveEventBlocked($orgc);
|
||||
return 'blocked';
|
||||
}
|
||||
}
|
||||
|
|
|
@ -43,6 +43,24 @@ class OrgBlocklist extends AppModel
|
|||
return true;
|
||||
}
|
||||
|
||||
public function afterDelete()
|
||||
{
|
||||
parent::afterDelete();
|
||||
if (!empty($this->data['OrgBlocklist']['org_uuid'])) {
|
||||
$this->cleanupBlockedCount($this->data['OrgBlocklist']['org_uuid']);
|
||||
}
|
||||
}
|
||||
|
||||
public function afterFind($results, $primary = false)
|
||||
{
|
||||
foreach ($results as $k => $result) {
|
||||
if (isset($result['OrgBlocklist']['org_uuid'])) {
|
||||
$results[$k]['OrgBlocklist']['blocked_data'] = $this->getBlockedData($result['OrgBlocklist']['org_uuid']);
|
||||
}
|
||||
}
|
||||
return $results;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $eventArray
|
||||
*/
|
||||
|
@ -74,16 +92,7 @@ class OrgBlocklist extends AppModel
|
|||
}
|
||||
|
||||
if (is_numeric($orgIdOrUuid)) {
|
||||
$this->Organisation = ClassRegistry::init('Organisation');
|
||||
$orgUuid = $this->Organisation->find('first', [
|
||||
'conditions' => ['Organisation.id' => $orgIdOrUuid],
|
||||
'fields' => ['Organisation.uuid'],
|
||||
'recursive' => -1,
|
||||
]);
|
||||
if (empty($orgUuid)) {
|
||||
return false; // org not found by ID, so it is not blocked
|
||||
}
|
||||
$orgUuid = $orgUuid['Organisation']['uuid'];
|
||||
$orgUuid = $this->getUUIDFromID($orgIdOrUuid);
|
||||
} else {
|
||||
$orgUuid = $orgIdOrUuid;
|
||||
}
|
||||
|
@ -92,4 +101,67 @@ class OrgBlocklist extends AppModel
|
|||
$this->blockedCache[$orgIdOrUuid] = $isBlocked;
|
||||
return $isBlocked;
|
||||
}
|
||||
|
||||
private function getUUIDFromID($orgID)
|
||||
{
|
||||
$this->Organisation = ClassRegistry::init('Organisation');
|
||||
$orgUuid = $this->Organisation->find('first', [
|
||||
'conditions' => ['Organisation.id' => $orgID],
|
||||
'fields' => ['Organisation.uuid'],
|
||||
'recursive' => -1,
|
||||
]);
|
||||
if (empty($orgUuid)) {
|
||||
return false; // org not found by ID, so it is not blocked
|
||||
}
|
||||
$orgUuid = $orgUuid['Organisation']['uuid'];
|
||||
return $orgUuid;
|
||||
}
|
||||
|
||||
public function saveEventBlocked($orgIdOrUUID)
|
||||
{
|
||||
if (is_numeric($orgIdOrUUID)) {
|
||||
$orgcUUID = $this->getUUIDFromID($orgIdOrUUID);
|
||||
} else {
|
||||
$orgcUUID = $orgIdOrUUID;
|
||||
}
|
||||
$lastBlockTime = time();
|
||||
$redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}";
|
||||
$redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}";
|
||||
$redis = RedisTool::init();
|
||||
if ($redis !== false) {
|
||||
$pipe = $redis->multi(Redis::PIPELINE)
|
||||
->incr($redisKeyBlockAmount)
|
||||
->set($redisKeyBlockLastTime, $lastBlockTime);
|
||||
$pipe->exec();
|
||||
}
|
||||
}
|
||||
|
||||
private function cleanupBlockedCount($orgcUUID)
|
||||
{
|
||||
$redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}";
|
||||
$redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}";
|
||||
$redis = RedisTool::init();
|
||||
if ($redis !== false) {
|
||||
$pipe = $redis->multi(Redis::PIPELINE)
|
||||
->del($redisKeyBlockAmount)
|
||||
->del($redisKeyBlockLastTime);
|
||||
$pipe->exec();
|
||||
}
|
||||
}
|
||||
|
||||
public function getBlockedData($orgcUUID)
|
||||
{
|
||||
$redisKeyBlockAmount = "misp:blocklist_blocked_amount:{$orgcUUID}";
|
||||
$redisKeyBlockLastTime = "misp:blocklist_blocked_last_time:{$orgcUUID}";
|
||||
$blockData = [
|
||||
'blocked_amount' => false,
|
||||
'blocked_last_time' => false,
|
||||
];
|
||||
$redis = RedisTool::init();
|
||||
if ($redis !== false) {
|
||||
$blockData['blocked_amount'] = $redis->get($redisKeyBlockAmount);
|
||||
$blockData['blocked_last_time'] = $redis->get($redisKeyBlockLastTime);
|
||||
}
|
||||
return $blockData;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ class Module_tag_if extends WorkflowBaseLogicModule
|
|||
{
|
||||
public $id = 'tag-if';
|
||||
public $name = 'IF :: Tag';
|
||||
public $version = '0.3';
|
||||
public $version = '0.4';
|
||||
public $description = 'Tag IF / ELSE condition block. The `then` output will be used if the encoded conditions is satisfied, otherwise the `else` output will be used.';
|
||||
public $icon = 'code-branch';
|
||||
public $inputs = 1;
|
||||
|
@ -93,8 +93,8 @@ class Module_tag_if extends WorkflowBaseLogicModule
|
|||
parent::exec($node, $roamingData, $errors);
|
||||
$params = $this->getParamsWithValues($node);
|
||||
|
||||
$selectedTags = $params['tags']['value'];
|
||||
$selectedClusters = $params['clusters']['value'];
|
||||
$selectedTags = !empty($params['tags']['value']) ? $params['tags']['value'] : [];
|
||||
$selectedClusters = !empty($params['clusters']['value']) ? $params['clusters']['value'] : [];
|
||||
$selectedClusters = array_map(function($tagName) {
|
||||
return "misp-galaxy:{$tagName}"; // restored stripped part for display purposes
|
||||
}, $selectedClusters);
|
||||
|
|
|
@ -22,6 +22,9 @@
|
|||
}
|
||||
}
|
||||
echo ":</h4>";
|
||||
$this->LightPaginator->options([
|
||||
'url' => ['search']
|
||||
]);
|
||||
}
|
||||
?>
|
||||
<div class="pagination">
|
||||
|
|
|
@ -32,6 +32,17 @@ echo $this->element('genericElements/IndexTable/scaffold', [
|
|||
'data_path' => 'OrgBlocklist.comment',
|
||||
'class' => 'bitwider'
|
||||
],
|
||||
[
|
||||
'name' => 'Blocked amount',
|
||||
'sort' => 'OrgBlocklist.blocked_data.blocked_amount',
|
||||
'data_path' => 'OrgBlocklist.blocked_data.blocked_amount',
|
||||
],
|
||||
[
|
||||
'name' => 'Blocked last time ',
|
||||
'sort' => 'OrgBlocklist.blocked_data.blocked_last_time',
|
||||
'data_path' => 'OrgBlocklist.blocked_data.blocked_last_time',
|
||||
'element' => 'datetime'
|
||||
],
|
||||
|
||||
],
|
||||
'title' => empty($ajax) ? __('Organisation Blocklists') : false,
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 5f9760923f665ee489ca9552207e32b0a25eed53
|
||||
Subproject commit 79b80b0869e57dc14861c0c30792f64a243ecb3b
|
|
@ -1 +1 @@
|
|||
Subproject commit 32b57c7e75509feed1b7507b5366a13885e68543
|
||||
Subproject commit a794fdf0d55aa9bdb15f778c826935ada52c6b39
|
Loading…
Reference in New Issue