mirror of https://github.com/MISP/MISP
chg: [enrichment] New modules available from event enrichment
parent
978a970191
commit
cc39ae9398
|
@ -5179,6 +5179,46 @@ class Event extends AppModel
|
|||
return $conditions;
|
||||
}
|
||||
|
||||
public function fetchInitialObject($event_id, $object_id)
|
||||
{
|
||||
$initial_object = $this->Object->find('first', array(
|
||||
'conditions' => array('Object.id' => $object_id,
|
||||
'Object.event_id' => $event_id,
|
||||
'Object.deleted' => 0),
|
||||
'recursive' => -1,
|
||||
'fields' => array('Object.id', 'Object.uuid', 'Object.name')
|
||||
));
|
||||
if (!empty($initial_object)) {
|
||||
$initial_attributes = $this->Attribute->find('all', array(
|
||||
'conditions' => array('Attribute.object_id' => $object_id,
|
||||
'Attribute.deleted' => 0),
|
||||
'recursive' => -1,
|
||||
'fields' => array('Attribute.id', 'Attribute.uuid', 'Attribute.type',
|
||||
'Attribute.object_relation', 'Attribute.value')
|
||||
));
|
||||
if (!empty($initial_attributes)) {
|
||||
$initial_object['Attribute'] = array();
|
||||
foreach ($initial_attributes as $initial_attribute) {
|
||||
array_push($initial_object['Attribute'], $initial_attribute['Attribute']);
|
||||
}
|
||||
}
|
||||
$initial_references = $this->Object->ObjectReference->find('all', array(
|
||||
'conditions' => array('ObjectReference.object_id' => $object_id,
|
||||
'ObjectReference.event_id' => $event_id,
|
||||
'ObjectReference.deleted' => 0),
|
||||
'recursive' => -1,
|
||||
'fields' => array('ObjectReference.referenced_uuid', 'ObjectReference.relationship_type')
|
||||
));
|
||||
if (!empty($initial_references)) {
|
||||
$initial_object['ObjectReference'] = array();
|
||||
foreach ($initial_references as $initial_reference) {
|
||||
array_push($initial_object['ObjectReference'], $initial_reference['ObjectReference']);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $initial_object;
|
||||
}
|
||||
|
||||
public function handleModuleResult($result, $event_id)
|
||||
{
|
||||
$resultArray = array();
|
||||
|
@ -5806,15 +5846,25 @@ class Event extends AppModel
|
|||
throw new MethodNotAllowedException('Invalid event.');
|
||||
}
|
||||
$attributes_added = 0;
|
||||
$initial_objects = array();
|
||||
$event_id = $event[0]['Event']['id'];
|
||||
foreach ($event[0]['Attribute'] as $attribute) {
|
||||
$object_id = $attribute['object_id'];
|
||||
foreach ($enabledModules['modules'] as $module) {
|
||||
if (in_array($module['name'], $params['modules'])) {
|
||||
if (in_array($attribute['type'], $module['mispattributes']['input'])) {
|
||||
$data = array('module' => $module['name'], $attribute['type'] => $attribute['value'], 'event_id' => $attribute['event_id'], 'attribute_uuid' => $attribute['uuid']);
|
||||
$data = array('module' => $module['name'], 'event_id' => $event_id, 'attribute_uuid' => $attribute['uuid']);
|
||||
if (!empty($module['config'])) {
|
||||
$data['config'] = $module['config'];
|
||||
}
|
||||
$data['attribute'] = $attribute;
|
||||
if (!empty($module['mispattributes']['format']) && $module['mispattributes']['format'] == 'misp_standard') {
|
||||
$data['attribute'] = $attribute;
|
||||
if ($object_id != '0' && empty($initial_objects[$object_id])) {
|
||||
$initial_objects[$object_id] = $this->fetchInitialObject($event_id, $object_id);
|
||||
}
|
||||
} else {
|
||||
$data[$attribute['type']] = $attribute['value'];
|
||||
}
|
||||
$data = json_encode($data);
|
||||
$result = $this->Module->queryModuleServer('/query', $data, false, 'Enrichment');
|
||||
if (!$result) {
|
||||
|
@ -5824,21 +5874,29 @@ class Event extends AppModel
|
|||
if (!is_array($result)) {
|
||||
throw new Exception($result);
|
||||
}
|
||||
$attributes = $this->handleModuleResult($result, $attribute['event_id']);
|
||||
foreach ($attributes as $a) {
|
||||
$this->Attribute->create();
|
||||
$a['distribution'] = $attribute['distribution'];
|
||||
$a['sharing_group_id'] = $attribute['sharing_group_id'];
|
||||
$comment = 'Attribute #' . $attribute['id'] . ' enriched by ' . $module['name'] . '.';
|
||||
if (!empty($a['comment'])) {
|
||||
$a['comment'] .= PHP_EOL . $comment;
|
||||
} else {
|
||||
$a['comment'] = $comment;
|
||||
if (!empty($module['mispattributes']['format']) && $module['mispattributes']['format'] == 'misp_standard') {
|
||||
if ($object_id != '0' && !empty($initial_objects[$object_id])) {
|
||||
$result['initialObject'] = $initial_objects[$object_id];
|
||||
}
|
||||
$a['type'] = empty($a['default_type']) ? $a['types'][0] : $a['default_type'];
|
||||
$result = $this->Attribute->save($a);
|
||||
if ($result) {
|
||||
$attributes_added++;
|
||||
$default_comment = $attribute['value'] . ': enriched via the ' . $module['name'] . ' module.';
|
||||
$attributes_added += $this->processModuleResultsData($params['user'], $result['results'], $event_id, $default_comment, false, false, true);
|
||||
} else {
|
||||
$attributes = $this->handleModuleResult($result, $event_id);
|
||||
foreach ($attributes as $a) {
|
||||
$this->Attribute->create();
|
||||
$a['distribution'] = $attribute['distribution'];
|
||||
$a['sharing_group_id'] = $attribute['sharing_group_id'];
|
||||
$comment = 'Attribute #' . $attribute['id'] . ' enriched by ' . $module['name'] . '.';
|
||||
if (!empty($a['comment'])) {
|
||||
$a['comment'] .= PHP_EOL . $comment;
|
||||
} else {
|
||||
$a['comment'] = $comment;
|
||||
}
|
||||
$a['type'] = empty($a['default_type']) ? $a['types'][0] : $a['default_type'];
|
||||
$result = $this->Attribute->save($a);
|
||||
if ($result) {
|
||||
$attributes_added++;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -6065,11 +6123,12 @@ class Event extends AppModel
|
|||
return $message;
|
||||
}
|
||||
|
||||
public function processModuleResultsData($user, $resolved_data, $id, $default_comment = '', $jobId = false, $adhereToWarninglists = false)
|
||||
public function processModuleResultsData($user, $resolved_data, $id, $default_comment = '', $jobId = false, $adhereToWarninglists = false, $event_level = false)
|
||||
{
|
||||
if ($jobId) {
|
||||
$this->Job = ClassRegistry::init('Job');
|
||||
$this->Job->id = $jobId;
|
||||
|
||||
}
|
||||
$failed_attributes = $failed_objects = $failed_object_attributes = 0;
|
||||
$saved_attributes = $saved_objects = $saved_object_attributes = 0;
|
||||
|
@ -6292,6 +6351,9 @@ class Event extends AppModel
|
|||
$event['Event']['timestamp'] = $date->getTimestamp();
|
||||
$this->save($event);
|
||||
}
|
||||
if ($event_level) {
|
||||
return $saved_attributes + $saved_object_attributes;
|
||||
}
|
||||
$message = '';
|
||||
if ($saved_attributes > 0) {
|
||||
$message .= $saved_attributes . ' ' . $this->__apply_inflector($saved_attributes, 'attribute') . ' created. ';
|
||||
|
|
Loading…
Reference in New Issue