mirror of https://github.com/MISP/MISP
new: [attackMatrix] Also consider attack galaxy at event level in the
heatmap fix: [attackMatrix] Typo in ATT&CK + division by 0 in gradiendToolpull/3350/head
Sami Mokaddem
parent
0a5d21e473
commit
e3988c73ad
|
|
@ -4576,9 +4576,14 @@ class EventsController extends AppController {
|
|||
$killChainOrders = $attackTacticData['killChain'];
|
||||
$instanceUUID = $attackTacticData['instance-uuid'];
|
||||
|
||||
$scoresData = $this->Event->Attribute->AttributeTag->getTagScores($eventId, $attackTags);
|
||||
$maxScore = $scoresData['maxScore'];
|
||||
$scores = $scoresData['scores'];
|
||||
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores($eventId, $attackTags);
|
||||
$scoresDataEvent = $this->Event->EventTag->getTagScores($eventId, $attackTags);
|
||||
$scoresData = array();
|
||||
foreach(array_keys($scoresDataAttr['scores'] + $scoresDataEvent['scores']) as $key) {
|
||||
$scoresData[$key] = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
|
||||
}
|
||||
$maxScore = max($scoresDataAttr['maxScore'], $scoresDataEvent['maxScore']);
|
||||
$scores = $scoresData;
|
||||
|
||||
if ($this->_isRest()) {
|
||||
$json = array('matrix' => $attackTactic, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
|
||||
|
|
|
|||
|
|
@ -1371,7 +1371,7 @@ class UsersController extends AppController {
|
|||
// shows some statistics about the instance
|
||||
public function statistics($page = 'data') {
|
||||
$this->set('page', $page);
|
||||
$pages = array('data' => 'Usage data', 'orgs' => 'Organisations', 'tags' => 'Tags', 'attributehistogram' => 'Attribute histogram', 'sightings' => 'Sightings toplists', 'attackMatrix' => 'Attack Matrix');
|
||||
$pages = array('data' => 'Usage data', 'orgs' => 'Organisations', 'tags' => 'Tags', 'attributehistogram' => 'Attribute histogram', 'sightings' => 'Sightings toplists', 'attackMatrix' => 'ATT&CK Matrix');
|
||||
if (!$this->_isSiteAdmin() && !empty(Configure::read('Security.hide_organisation_index_from_users'))) {
|
||||
unset($pages['orgs']);
|
||||
}
|
||||
|
|
@ -1641,9 +1641,14 @@ class UsersController extends AppController {
|
|||
$killChainOrders = $attackTacticData['killChain'];
|
||||
$instanceUUID = $attackTacticData['instance-uuid'];
|
||||
|
||||
$scoresData = $this->Event->Attribute->AttributeTag->getTagScores(0, $attackTags);
|
||||
$maxScore = $scoresData['maxScore'];
|
||||
$scores = $scoresData['scores'];
|
||||
$scoresDataAttr = $this->Event->Attribute->AttributeTag->getTagScores(0, $attackTags);
|
||||
$scoresDataEvent = $this->Event->EventTag->getTagScores(0, $attackTags);
|
||||
$scoresData = array();
|
||||
foreach(array_keys($scoresDataAttr['scores'] + $scoresDataEvent['scores']) as $key) {
|
||||
$scoresData[$key] = (isset($scoresDataAttr['scores'][$key]) ? $scoresDataAttr['scores'][$key] : 0) + (isset($scoresDataEvent['scores'][$key]) ? $scoresDataEvent['scores'][$key] : 0);
|
||||
}
|
||||
$maxScore = max($scoresDataAttr['maxScore'], $scoresDataEvent['maxScore']);
|
||||
$scores = $scoresData;
|
||||
|
||||
if ($this->_isRest()) {
|
||||
$json = array('matrix' => $attackTactic, 'scores' => $scores, 'instance-uuid' => $instanceUUID);
|
||||
|
|
|
|||
|
|
@ -25,11 +25,17 @@ class ColourGradientTool {
|
|||
$vals = array_values($items);
|
||||
$maxDec = max($vals);
|
||||
$minDec = min($vals);
|
||||
$intervalHex = ($maxColorHex - $minColorHex)/($maxDec-$minDec);
|
||||
|
||||
if ($maxDec == $minDec) {
|
||||
$intervalHex = 0x0;
|
||||
} else {
|
||||
$intervalHex = ($maxColorHex - $minColorHex)/($maxDec-$minDec);
|
||||
}
|
||||
|
||||
$coloursMapping = array();
|
||||
foreach($items as $name => $val) {
|
||||
$colour = ($val-$minDec)*($intervalHex) + $minColorHex;
|
||||
$ratio = ($val-$minDec)*($intervalHex);
|
||||
$colour = $maxDec == $minDec ? $maxColorHex : $ratio + $minColorHex;
|
||||
$coloursMapping[$name] = '#' . str_pad(dechex($colour), 6 ,'0', STR_PAD_LEFT);
|
||||
}
|
||||
return $coloursMapping;
|
||||
|
|
|
|||
|
|
@ -127,4 +127,39 @@ class EventTag extends AppModel {
|
|||
'conditions' => array('EventTag.tag_id' => $tag_id)
|
||||
));
|
||||
}
|
||||
|
||||
public function getTagScores($eventId=0, $allowedTags=array()) {
|
||||
// get score of galaxy
|
||||
$db = $this->getDataSource();
|
||||
$statementArray = array(
|
||||
'fields' => array('event_tag.tag_id as id', 'count(event_tag.tag_id) as value'),
|
||||
'table' => $db->fullTableName($this),
|
||||
'alias' => 'event_tag',
|
||||
'group' => 'tag_id'
|
||||
);
|
||||
if ($eventId != 0) {
|
||||
$statementArray['conditions'] = array('event_id' => $eventId);
|
||||
}
|
||||
// tag along with its occurence in the event
|
||||
$subQuery = $db->buildStatement(
|
||||
$statementArray,
|
||||
$this
|
||||
);
|
||||
$subQueryExpression = $db->expression($subQuery)->value;
|
||||
// get related galaxies
|
||||
$attributeTagScores = $this->query("SELECT name, value FROM (" . $subQueryExpression . ") AS score, tags WHERE tags.id=score.id;");
|
||||
|
||||
// arrange data
|
||||
$scores = array();
|
||||
$maxScore = 0;
|
||||
foreach($attributeTagScores as $item) {
|
||||
$score = $item['score']['value'];
|
||||
$name = $item['tags']['name'];
|
||||
if (in_array($name, $allowedTags)) {
|
||||
$maxScore = $score > $maxScore ? $score : $maxScore;
|
||||
$scores[$name] = $score;
|
||||
}
|
||||
}
|
||||
return array('scores' => $scores, 'maxScore' => $maxScore);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -369,7 +369,7 @@
|
|||
<span class="icon-plus icon-white" title="<?php echo __('Toggle Correlation graph');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle Correlation graph');?>" style="vertical-align:top;"></span><?php echo __('Correlation graph');?>
|
||||
</button>
|
||||
<button class="btn btn-inverse toggle qet galaxy-toggle-button" id="attackmatrix_toggle" data-toggle-type="attackmatrix" onclick="enable_attack_matrix();">
|
||||
<span class="icon-plus icon-white" title="<?php echo __('Toggle Att&ck matrix');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle Att&ck matrix');?>" style="vertical-align:top;"></span><?php echo __('Att&ck matrix');?>
|
||||
<span class="icon-plus icon-white" title="<?php echo __('Toggle ATT&CK matrix');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle ATT&CK matrix');?>" style="vertical-align:top;"></span><?php echo __('ATT&CK matrix');?>
|
||||
</button>
|
||||
<button class="btn btn-inverse toggle qet galaxy-toggle-button" id="attributes_toggle" data-toggle-type="attributes">
|
||||
<span class="icon-minus icon-white" title="<?php echo __('Toggle attributes');?>" role="button" tabindex="0" aria-label="<?php echo __('Toggle attributes');?>" style="vertical-align:top;"></span><?php echo __('Attributes');?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue