mirror of https://github.com/MISP/MISP
chg: [LS22] shell updated with the final version used for the exercise
parent
da00e543df
commit
c93818f180
|
@ -52,6 +52,55 @@ class Ls22Shell extends AppShell
|
|||
),
|
||||
),
|
||||
]);
|
||||
$parser->addSubcommand('checkSyncConnections', [
|
||||
'help' => __('Check the given sync connection(s) for the given server(s).'),
|
||||
'parser' => array(
|
||||
'options' => array(
|
||||
'instances' => [
|
||||
'help' => 'Path to the instance file, by default "instances.csv" from the local directory',
|
||||
'short' => 'i',
|
||||
'required' => true
|
||||
],
|
||||
'misp_url_filter' => [
|
||||
'help' => 'The url of the instance to execute changes on. If not set, all are updated.',
|
||||
'short' => 'm',
|
||||
'required' => false
|
||||
],
|
||||
'synced_misp_url_filter' => [
|
||||
'help' => 'The sync connection to modify on each valid instance (as selected by the misp_url_filter). If not set, all sync connections on the selected instances will be updated.',
|
||||
'short' => 's',
|
||||
'required' => false
|
||||
]
|
||||
),
|
||||
),
|
||||
]);
|
||||
$parser->addSubcommand('modifySyncConnection', [
|
||||
'help' => __('Modify sync connection(s).'),
|
||||
'parser' => array(
|
||||
'options' => array(
|
||||
'instances' => [
|
||||
'help' => 'Path to the instance file, by default "instances.csv" from the local directory',
|
||||
'short' => 'i',
|
||||
'required' => true
|
||||
],
|
||||
'misp_url_filter' => [
|
||||
'help' => 'The url of the instance to execute changes on. If not set, all are updated.',
|
||||
'short' => 'm',
|
||||
'required' => false
|
||||
],
|
||||
'synced_misp_url_filter' => [
|
||||
'help' => 'The sync connection to modify on each valid instance (as selected by the misp_url_filter). If not set, all sync connections on the selected instances will be updated.',
|
||||
'short' => 's',
|
||||
'required' => false
|
||||
],
|
||||
'json' => [
|
||||
'help' => 'JSON delta to push (such as \'{"push": 1}\').',
|
||||
'short' => 'j',
|
||||
'required' => true
|
||||
]
|
||||
),
|
||||
),
|
||||
]);
|
||||
$parser->addSubcommand('addWarninglist', [
|
||||
'help' => __('Inject warninglist'),
|
||||
'parser' => array(
|
||||
|
@ -104,6 +153,11 @@ class Ls22Shell extends AppShell
|
|||
'help' => 'Upper bound of the date. Accepts timestamp or date distance (such as 1d or 5h). Defaults to unbounded.',
|
||||
'short' => 't',
|
||||
'required' => false
|
||||
],
|
||||
'org' => [
|
||||
'help' => 'Name the org that should be evaluated. If not set, all will be included.',
|
||||
'short' => 'o',
|
||||
'required' => false
|
||||
]
|
||||
),
|
||||
),
|
||||
|
@ -111,6 +165,103 @@ class Ls22Shell extends AppShell
|
|||
return $parser;
|
||||
}
|
||||
|
||||
public function checkSyncConnections()
|
||||
{
|
||||
$this->__getInstances($this->param('instances'));
|
||||
$results = [];
|
||||
$instanceFilter = $this->param('misp_url_filter');
|
||||
$syncedInstanceFilter = $this->param('synced_misp_url_filter');
|
||||
foreach ($this->__servers as $server) {
|
||||
if (!empty($instanceFilter) && strtolower(trim($server['Server']['url'])) !== strtolower(trim($instanceFilter))) {
|
||||
continue;
|
||||
}
|
||||
$HttpSocket = $this->Server->setupHttpSocket($server, null);
|
||||
$request = $this->Server->setupSyncRequest($server, 'Server');
|
||||
$start_time = microtime(true);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/servers/index', false, $request);
|
||||
$baseline = round((microtime(true) - $start_time) * 1000);
|
||||
if (!$response->isOk()) {
|
||||
$this->out($server['Server']['url'] . ': ' . '<error>Connection or auth failed</error>', 1, Shell::NORMAL);
|
||||
continue;
|
||||
}
|
||||
$synced_servers = json_decode($response->body, true);
|
||||
foreach ($synced_servers as $synced_server) {
|
||||
$success = false;
|
||||
if (empty($syncedInstanceFilter) || strtolower($synced_server['Server']['url']) === strtolower($syncedInstanceFilter)) {
|
||||
$start_time = microtime(true);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/servers/testConnection/' . $synced_server['Server']['id'], '{}', $request);
|
||||
$execution_time = round((microtime(true) - $start_time) * 1000) - $baseline;
|
||||
if ($response->isOk()) {
|
||||
$success = true;
|
||||
}
|
||||
$this->out(
|
||||
sprintf(
|
||||
'%s connection to %s: %s (%sms)',
|
||||
$server['Server']['url'],
|
||||
$synced_server['Server']['url'],
|
||||
sprintf(
|
||||
'<%s>%s</%s>',
|
||||
$success ? 'info' : 'error',
|
||||
$success ? 'Success' : 'Failed',
|
||||
$success ? 'info' : 'error'
|
||||
),
|
||||
$execution_time
|
||||
),
|
||||
1,
|
||||
Shell::NORMAL
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function modifySyncConnection()
|
||||
{
|
||||
$this->__getInstances($this->param('instances'));
|
||||
$results = [];
|
||||
$instanceFilter = $this->param('misp_url_filter');
|
||||
$syncedInstanceFilter = $this->param('synced_misp_url_filter');
|
||||
$json = $this->param('json');
|
||||
foreach ($this->__servers as $server) {
|
||||
if (!empty($instanceFilter) && strtolower(trim($server['Server']['url'])) !== strtolower(trim($instanceFilter))) {
|
||||
continue;
|
||||
}
|
||||
$HttpSocket = $this->Server->setupHttpSocket($server, null);
|
||||
$request = $this->Server->setupSyncRequest($server, 'Server');
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/servers/index', false, $request);
|
||||
if (!$response->isOk()) {
|
||||
$this->out($server['Server']['url'] . ': ' . '<error>Connection or auth failed</error>', 1, Shell::NORMAL);
|
||||
}
|
||||
$synced_servers = json_decode($response->body, true);
|
||||
$success = false;
|
||||
foreach ($synced_servers as $synced_server) {
|
||||
if (empty($syncedInstanceFilter) || strtolower($synced_server['Server']['url']) === strtolower($syncedInstanceFilter)) {
|
||||
debug($json);
|
||||
$response = $HttpSocket->post($server['Server']['url'] . '/servers/edit/' . $synced_server['Server']['id'], $json, $request);
|
||||
debug($response->body);
|
||||
if ($response->isOk()) {
|
||||
$success = true;
|
||||
}
|
||||
$this->out(
|
||||
sprintf(
|
||||
'%s connection to %s: %s',
|
||||
$server['Server']['url'],
|
||||
$synced_server['Server']['url'],
|
||||
sprintf(
|
||||
'<%s>%s</%s>',
|
||||
$success ? 'info' : 'error',
|
||||
$success ? 'Success' : 'Failed',
|
||||
$success ? 'info' : 'error'
|
||||
)
|
||||
),
|
||||
1,
|
||||
Shell::NORMAL
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function enableTaxonomy()
|
||||
{
|
||||
$taxonomyToEnable = $this->param('taxonomy');
|
||||
|
@ -162,16 +313,29 @@ class Ls22Shell extends AppShell
|
|||
$HttpSocket = $this->Server->setupHttpSocket($server, null);
|
||||
$request = $this->Server->setupSyncRequest($server, 'Server');
|
||||
$start_time = microtime(true);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/users/view/me', false, $request);
|
||||
$execution_time = round((microtime(true) - $start_time) * 1000);
|
||||
$statusWrapped = sprintf(
|
||||
'<%s>%s</%s>',
|
||||
$response->isOk() ? 'info' : 'error',
|
||||
$response->isOk() ? 'OK (' . $execution_time . 'ms)' : 'Failed. (' . $response->code . ')',
|
||||
$response->isOk() ? 'info' : 'error'
|
||||
);
|
||||
$fatal_error = false;
|
||||
try {
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/users/view/me', false, $request);
|
||||
} catch (Exception $e) {
|
||||
$fatal_error = true;
|
||||
echo "\x07";
|
||||
$statusWrapped = sprintf(
|
||||
'<error>%s %s: %s</error>',
|
||||
'Something went wrong while trying to reach',
|
||||
$server['Server']['url'],
|
||||
$e->getMessage()
|
||||
);
|
||||
}
|
||||
if (!$fatal_error) {
|
||||
$execution_time = round((microtime(true) - $start_time) * 1000);
|
||||
$statusWrapped = sprintf(
|
||||
'<%s>%s</%s>',
|
||||
$response->isOk() ? 'info' : 'error',
|
||||
$response->isOk() ? 'OK (' . $execution_time . 'ms)' : 'Failed. (' . $response->code . ')',
|
||||
$response->isOk() ? 'info' : 'error'
|
||||
);
|
||||
}
|
||||
$this->out($server['Server']['url'] . ': ' . $statusWrapped, 1, Shell::NORMAL);
|
||||
$results[$server['Server']['url']] = $response->isOk() ? $execution_time : false;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -215,28 +379,30 @@ class Ls22Shell extends AppShell
|
|||
}
|
||||
$HttpSocket = $this->Server->setupHttpSocket($server, null);
|
||||
$request = $this->Server->setupSyncRequest($server);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/organisations/index', false, $request);
|
||||
$response = $HttpSocket->get($server['Server']['url'] . '/organisations/index/scope:all', false, $request);
|
||||
$orgs = json_decode($response->body(), true);
|
||||
$this->out(__('Organisations fetched. %d found.', count($orgs)), 1, Shell::VERBOSE);
|
||||
$org_mapping = [];
|
||||
foreach ($orgs as $org) {
|
||||
$name = explode(' ', $org['Organisation']['name']);
|
||||
if ($name[0] !== 'BT') {
|
||||
if (!empty($this->param('org')) && $org['Organisation']['name'] !== $this->param('org')) {
|
||||
continue;
|
||||
}
|
||||
if ($org['Organisation']['name'] === 'YT') {
|
||||
continue;
|
||||
}
|
||||
$org_mapping[$org['Organisation']['name']] = $org['Organisation']['id'];
|
||||
}
|
||||
if (!empty($this->param['from'])) {
|
||||
$time_range[] = $this->param['from'];
|
||||
}
|
||||
if (!empty($this->param['to'])) {
|
||||
if (empty($time_range)) {
|
||||
$time_range[] = '365d';
|
||||
}
|
||||
$time_range[] = $this->param['to'];
|
||||
}
|
||||
foreach ($org_mapping as $org_name => $org_id) {
|
||||
$time_range = [];
|
||||
if (!empty($this->param['from'])) {
|
||||
$time_range[] = $this->param['from'];
|
||||
}
|
||||
if (!empty($this->param['to'])) {
|
||||
if (empty($time_range)) {
|
||||
$time_range[] = '365d';
|
||||
}
|
||||
$time_range[] = $this->param['to'];
|
||||
}
|
||||
$params = [
|
||||
'org' => $org_id
|
||||
];
|
||||
|
@ -256,7 +422,8 @@ class Ls22Shell extends AppShell
|
|||
'other' => 0,
|
||||
'attribute_attack' => 0,
|
||||
'attribute_other' => 0,
|
||||
'score' => 0
|
||||
'score' => 0,
|
||||
'warnings' => 0
|
||||
];
|
||||
foreach ($events['response'] as $event) {
|
||||
if (!empty($event['Event']['Tag'])) {
|
||||
|
@ -290,6 +457,9 @@ class Ls22Shell extends AppShell
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!empty($attribute['warnings'])) {
|
||||
$result[$org_name]['warnings'] += 1;
|
||||
}
|
||||
}
|
||||
$results[$org_name]['attribute_count'] += count($event['Event']['Attribute']);
|
||||
if (!empty($event['Event']['Object'])) {
|
||||
|
@ -319,11 +489,18 @@ class Ls22Shell extends AppShell
|
|||
foreach ($results as $k => $result) {
|
||||
$totalCount = $result['attribute_count'] + $result['object_count'];
|
||||
if ($totalCount) {
|
||||
if (empty($result['warnings'])) {
|
||||
$results[$k]['metrics']['warnings'] = 100;
|
||||
} else if (100 * $result['warnings'] < $result['attribute_count']) {
|
||||
$results[$k]['metrics']['warnings'] = 50;
|
||||
} else {
|
||||
$results[$k]['metrics']['warnings'] = 0;
|
||||
}
|
||||
$results[$k]['metrics']['connectedness'] = 100 * ($result['connected_elements'] / ($result['attribute_count'] + $result['object_count']));
|
||||
$results[$k]['metrics']['attack_weight'] = 100 * (2*($result['attack']) + $result['attribute_attack']) / ($result['attribute_count'] + $result['object_count']);
|
||||
$results[$k]['metrics']['other_weight'] = 100 * (2*($result['other']) + $result['attribute_other']) / ($result['attribute_count'] + $result['object_count']);
|
||||
}
|
||||
foreach (['connectedness', 'attack_weight', 'other_weight'] as $metric) {
|
||||
foreach (['connectedness', 'attack_weight', 'other_weight', 'warnings'] as $metric) {
|
||||
if (empty($results[$k]['metrics'][$metric])) {
|
||||
$results[$k]['metrics'][$metric] = 0;
|
||||
}
|
||||
|
@ -331,8 +508,17 @@ class Ls22Shell extends AppShell
|
|||
$results[$k]['metrics'][$metric] = 100;
|
||||
}
|
||||
}
|
||||
$results[$k]['score'] = round(40 * $results[$k]['metrics']['connectedness'] + 40 * $results[$k]['metrics']['attack_weight'] + 20 * $results[$k]['metrics']['other_weight']) / 100;
|
||||
$scores[$k] = $results[$k]['score'];
|
||||
$results[$k]['score'] = round(
|
||||
20 * $results[$k]['metrics']['warnings'] +
|
||||
20 * $results[$k]['metrics']['connectedness'] +
|
||||
40 * $results[$k]['metrics']['attack_weight'] +
|
||||
20 * $results[$k]['metrics']['other_weight']
|
||||
) / 100;
|
||||
$scores[$k]['total'] = $results[$k]['score'];
|
||||
$scores[$k]['warnings'] = round(20 * $results[$k]['metrics']['warnings']);
|
||||
$scores[$k]['connectedness'] = round(20 * $results[$k]['metrics']['connectedness']);
|
||||
$scores[$k]['attack_weight'] = round(40 * $results[$k]['metrics']['attack_weight']);
|
||||
$scores[$k]['other_weight'] = round(20 * $results[$k]['metrics']['other_weight']);
|
||||
}
|
||||
arsort($scores, SORT_DESC);
|
||||
$this->out(str_repeat('=', 128), 1, Shell::NORMAL);
|
||||
|
@ -344,18 +530,34 @@ class Ls22Shell extends AppShell
|
|||
), 1, Shell::NORMAL);
|
||||
$this->out(str_repeat('=', 128), 1, Shell::NORMAL);
|
||||
foreach ($scores as $org => $score) {
|
||||
$score_string = str_repeat('█', round($score));
|
||||
$score_string[0] = str_repeat('█', round($score['warnings']/100));
|
||||
$score_string[1] = str_repeat('█', round($score['connectedness']/100));
|
||||
$score_string[2] = str_repeat('█', round($score['attack_weight']/100));
|
||||
$score_string[3] = str_repeat('█', round($score['other_weight']/100));
|
||||
$this->out(sprintf(
|
||||
'| %s | %s | %s |',
|
||||
str_pad($org, 10, ' ', STR_PAD_RIGHT),
|
||||
sprintf(
|
||||
'<info>%s</info>%s',
|
||||
$score_string,
|
||||
str_repeat(' ', 100 - mb_strlen($score_string))
|
||||
'<error>%s</error><warning>%s</warning><question>%s</question><info>%s</info>%s',
|
||||
$score_string[0],
|
||||
$score_string[1],
|
||||
$score_string[2],
|
||||
$score_string[3],
|
||||
str_repeat(' ', 100 - mb_strlen(implode('', $score_string)))
|
||||
),
|
||||
str_pad($score . '%', 8, ' ', STR_PAD_RIGHT)
|
||||
str_pad($score['total'] . '%', 8, ' ', STR_PAD_RIGHT)
|
||||
), 1, Shell::NORMAL);
|
||||
}
|
||||
$this->out(str_repeat('=', 128), 1, Shell::NORMAL);
|
||||
$this->out(sprintf(
|
||||
'| Legend: %s %s %s %s %s |',
|
||||
'<error>█: Warnings</error>',
|
||||
'<warning>█: Connectedness</warning>',
|
||||
'<question>█: ATT&CK context</question>',
|
||||
'<info>█: Other Context</info>',
|
||||
str_repeat(' ', 52)
|
||||
), 1, Shell::NORMAL);
|
||||
$this->out(str_repeat('=', 128), 1, Shell::NORMAL);
|
||||
file_put_contents(APP . 'tmp/report.json', json_encode($results, JSON_PRETTY_PRINT));
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue