mirror of https://github.com/MISP/MISP
add: [upload_stix] Handling cluster distribution and sharing group for content imported from STIX 2.x
Christian Studer
parent
ad613ca435
commit
bdcfe06cf3
|
|
@ -2408,14 +2408,14 @@ class EventsController extends AppController
|
|||
}
|
||||
if (isset($this->params['named']['distribution'])) {
|
||||
$distribution = intval($this->params['named']['distribution']);
|
||||
if (array_key_exists($distribution, $distributionLevels)) {
|
||||
$initialDistribution = $distribution;
|
||||
} else {
|
||||
if (!array_key_exists($distribution, $distributionLevels)) {
|
||||
throw new MethodNotAllowedException(__('Wrong distribution level'));
|
||||
}
|
||||
} else {
|
||||
$distribution = $initialDistribution;
|
||||
}
|
||||
$sharingGroupId = null;
|
||||
if ($initialDistribution == 4) {
|
||||
if ($distribution == 4) {
|
||||
if (!isset($this->params['named']['sharing_group_id'])) {
|
||||
throw new MethodNotAllowedException(__('The sharing group id is needed when the distribution is set to 4 ("Sharing group").'));
|
||||
}
|
||||
|
|
@ -2424,8 +2424,25 @@ class EventsController extends AppController
|
|||
throw new MethodNotAllowedException(__('Please select a valid sharing group id.'));
|
||||
}
|
||||
}
|
||||
$clusterDistribution = $initialDistribution;
|
||||
$clusterSharingGroupId = null;
|
||||
if (isset($this->params['named']['galaxies_as_tags'])) {
|
||||
$galaxies_as_tags = $this->params['named']['galaxies_as_tags'];
|
||||
if (isset($this->params['name']['cluster_distribution'])) {
|
||||
$clusterDistribution = intval($this->params['named']['cluster_distribution']);
|
||||
if (!array_key_exists($clusterDistribution, $distributionLevels)) {
|
||||
throw new MethodNotAllowedException(__('Wrong cluster distribution level'));
|
||||
}
|
||||
if ($clusterDistribution == 4) {
|
||||
if (!isset($this->params['named']['cluster_sharing_group_id'])) {
|
||||
throw new MethodNotAllowedException(__('The cluster sharing group id is needed when the cluster distribution is set to 4 ("Sharing group").'));
|
||||
}
|
||||
$clusterSharingGroupId = intval($this->params['named']['cluster_sharing_group_id']);
|
||||
if (!array_key_exists($clusterSharingGroupId, $sgs)) {
|
||||
throw new MethodNotAllowedException(__('Please select a valid cluster sharing group id.'));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if (isset($this->params['named']['debugging'])) {
|
||||
$debug = $this->params['named']['debugging'];
|
||||
|
|
@ -2437,9 +2454,11 @@ class EventsController extends AppController
|
|||
$stix_version,
|
||||
'uploaded_stix_file.' . ($stix_version == '1' ? 'xml' : 'json'),
|
||||
$publish,
|
||||
$initialDistribution,
|
||||
$distribution,
|
||||
$sharingGroupId,
|
||||
$galaxies_as_tags,
|
||||
$clusterDistribution,
|
||||
$clusterSharingGroupId,
|
||||
$debug
|
||||
);
|
||||
if (is_numeric($result)) {
|
||||
|
|
@ -2471,6 +2490,8 @@ class EventsController extends AppController
|
|||
$this->data['Event']['distribution'],
|
||||
$this->data['Event']['sharing_group_id'],
|
||||
$this->data['Event']['galaxies_handling'],
|
||||
$this->data['Event']['cluster_distribution'],
|
||||
$this->data['Event']['cluster_sharing_group_id'],
|
||||
$debug
|
||||
);
|
||||
if (is_numeric($result)) {
|
||||
|
|
|
|||
|
|
@ -5925,12 +5925,18 @@ class Event extends AppModel
|
|||
* @param string $stix_version
|
||||
* @param string $original_file
|
||||
* @param bool $publish
|
||||
* @param int $distribution
|
||||
* @param int $sharingGroupId
|
||||
* @param bool $galaxiesAsTags
|
||||
* @param int $clusterDistribution
|
||||
* @param int $clusterSharingGroupId
|
||||
* @param bool $debug
|
||||
* @return int|string|array
|
||||
* @throws JsonException
|
||||
* @throws InvalidArgumentException
|
||||
* @throws Exception
|
||||
*/
|
||||
public function upload_stix(array $user, $file, $stix_version, $original_file, $publish, $distribution, $sharingGroupId, $galaxiesAsTags, $debug = false)
|
||||
public function upload_stix(array $user, $file, $stix_version, $original_file, $publish, $distribution, $sharingGroupId, $galaxiesAsTags, $clusterDistribution, $clusterSharingGroupId, $debug = false)
|
||||
{
|
||||
$scriptDir = APP . 'files' . DS . 'scripts';
|
||||
if ($stix_version == '2' || $stix_version == '2.0' || $stix_version == '2.1') {
|
||||
|
|
@ -5947,6 +5953,11 @@ class Event extends AppModel
|
|||
}
|
||||
if ($galaxiesAsTags) {
|
||||
$shell_command[] = '--galaxies_as_tags';
|
||||
} else {
|
||||
array_push($shell_command, '--cluster_distribution', $clusterDistribution);
|
||||
if ($clusterDistribution == 4) {
|
||||
array_push($shell_command, '--cluster_sharing_group_id', $clusterSharingGroupId);
|
||||
}
|
||||
}
|
||||
if ($debug) {
|
||||
$shell_command[] = '--debug';
|
||||
|
|
|
|||
|
|
@ -27,17 +27,16 @@
|
|||
'label' => __('Distribution ') . $distributionFormInfo,
|
||||
'selected' => $initialDistribution,
|
||||
));
|
||||
?>
|
||||
<div id="SGContainer" style="display:none;">
|
||||
<?php
|
||||
if (!empty($sharingGroups)) {
|
||||
echo $this->Form->input('sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Sharing Group'),
|
||||
));
|
||||
$SGContainer = $this->Form->input(
|
||||
'sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Sharing Group'),
|
||||
)
|
||||
);
|
||||
echo '<div id="SGContainer" style="display:none;">' . $SGContainer . '</div>';
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('publish', array(
|
||||
|
|
@ -68,6 +67,36 @@
|
|||
'label' => __('How to handle Galaxies and Clusters') . $galaxiesFormInfo,
|
||||
'selected' => 0
|
||||
));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
$clusterDistributionFormInfo = $this->element(
|
||||
'genericElements/Form/formInfo',
|
||||
[
|
||||
'field' => [
|
||||
'field' => 'cluster_distribution'
|
||||
],
|
||||
'modelForForm' => 'Event',
|
||||
'fieldDesc' => $fieldDesc['distribution'],
|
||||
]
|
||||
);
|
||||
$clusterDistribution = $this->Form->input(
|
||||
'cluster_distribution', array(
|
||||
'options' => $distributionLevels,
|
||||
'label' => __('Cluster distribution ') . $clusterDistributionFormInfo,
|
||||
'selected' => $initialDistribution,
|
||||
)
|
||||
);
|
||||
echo '<div id="ClusterDistribution" style="display:none;">' . $clusterDistribution . '</div>';
|
||||
if (!empty($sharingGroups)) {
|
||||
$clusterSGContainer = $this->Form->input(
|
||||
'cluster_sharing_group_id', array(
|
||||
'options' => array($sharingGroups),
|
||||
'label' => __('Cluster Sharing Group'),
|
||||
)
|
||||
);
|
||||
echo '<div id="ClusterSGContainer" style="display:none;">' . $clusterSGContainer . '</div>';
|
||||
}
|
||||
}
|
||||
if ($me['Role']['perm_site_admin'] && Configure::read('debug') > 0) {
|
||||
$debugFormInfo = $this->element(
|
||||
|
|
@ -108,4 +137,26 @@ $(function(){
|
|||
}
|
||||
}).change();
|
||||
});
|
||||
$(function(){
|
||||
$('#EventGalaxiesHandling').change(function() {
|
||||
if ($(this).val() == 0) {
|
||||
$('#ClusterDistribution').show();
|
||||
if ($('#EventClusterDistribution').val() == 4) {
|
||||
$('#ClusterSGContainer').show();
|
||||
}
|
||||
} else {
|
||||
$('#ClusterDistribution').hide();
|
||||
$('#ClusterSGContainer').hide();
|
||||
}
|
||||
}).change();
|
||||
});
|
||||
$(function(){
|
||||
$('#EventClusterDistribution').change(function() {
|
||||
if ($(this).val() == 4 && $('#EventGalaxiesHandling').val() == 0) {
|
||||
$('#ClusterSGContainer').show();
|
||||
} else {
|
||||
$('#ClusterSGContainer').hide();
|
||||
}
|
||||
}).change();
|
||||
});
|
||||
</script>
|
||||
|
|
@ -33,6 +33,21 @@ from misp_stix_converter import (
|
|||
from stix2.parsing import parse as stix2_parser
|
||||
|
||||
|
||||
def _get_stix_parser(from_misp, args):
|
||||
arguments = {
|
||||
'distribution': args.distribution,
|
||||
'galaxies_as_tags': args.galaxies_as_tags
|
||||
}
|
||||
if args.distribution == 4 and args.sharing_group_id is not None:
|
||||
arguments['sharing_group_id'] = args.sharing_group_id
|
||||
if from_misp:
|
||||
return 'InternalSTIX2toMISPParser', arguments
|
||||
arguments['cluster_distribution'] = args.cluster_distribution
|
||||
if args.cluster_distribution == 4 and args.cluster_sharing_group_id is not None:
|
||||
arguments['cluster_sharing_group_id'] = args.cluster_sharing_group_id
|
||||
return 'ExternalSTIX2toMISPParser', arguments
|
||||
|
||||
|
||||
def _handle_return_message(traceback):
|
||||
if isinstance(traceback, dict):
|
||||
messages = []
|
||||
|
|
@ -51,13 +66,7 @@ def _process_stix_file(args: argparse.ArgumentParser):
|
|||
f.read(), allow_custom=True, interoperability=True
|
||||
)
|
||||
stix_version = getattr(bundle, 'version', '2.1')
|
||||
to_call = 'Internal' if _from_misp(bundle.objects) else 'External'
|
||||
arguments = {
|
||||
'distribution': args.distribution,
|
||||
'galaxies_as_tags': args.galaxies_as_tags
|
||||
}
|
||||
if args.distribution == 4 and args.sharing_group_id is not None:
|
||||
arguments['sharing_group_id'] = args.sharing_group_id
|
||||
to_call, arguments = _get_stix_parser(_from_misp(bundle.objects), args)
|
||||
parser = globals()[f'{to_call}STIX2toMISPParser'](**arguments)
|
||||
parser.load_stix_bundle(bundle)
|
||||
parser.parse_stix_bundle()
|
||||
|
|
@ -107,6 +116,14 @@ if __name__ == '__main__':
|
|||
'--galaxies_as_tags', action='store_true',
|
||||
help='Import MISP Galaxies as tag names.'
|
||||
)
|
||||
argparser.add_argument(
|
||||
'--cluster_distribution', type=int, default=0,
|
||||
help='Cluster distribution level for clusters generated from STIX 2.x objects'
|
||||
)
|
||||
argparser.add_argument(
|
||||
'--cluster_sharing_group_id', type=int,
|
||||
help='Cluster sharing group id when the cluster distribution level is 4.'
|
||||
)
|
||||
try:
|
||||
args = argparser.parse_args()
|
||||
_process_stix_file(args)
|
||||
|
|
|
|||
Loading…
Reference in New Issue