assign('table-overview', ' '); * - `prepend-html` * - `table-overview` * - `detailed-summary-full` * - `detailed-summary-mitre-attack` * - `detailed-summary-type` * - `detailed-summary-tags` * - `detailed-summary-events` * - `detailed-summary-correlations` * - `aggregated-context` * * Additional variables: * - `event-table-include-basescore`: bool */ if (empty($this->__vars)) { $this->__vars = []; } $default_vars = [ 'event_table_include_basescore' => true, 'event_table_max_event_count' => 30, 'correlation_table_advanced_ui' => 10, 'correlation_table_max_count' => 50, 'additional_taxonomy_event_list' => [ 'PAP' => 'PAP:' ], ]; $vars = array_merge($default_vars, $this->__vars); $now = new DateTime(); $start_date = new DateTime($period_days . ' days ago'); $event_number = count($events); $attribute_number = 0; $object_number = 0; $event_report_number = 0; $proposal_number = 0; $attribute_types = []; $object_types = []; $all_event_report = []; $all_tag_amount = []; $unique_tag_number = 0; $tag_color_mapping = []; $mitre_attack_techniques = []; $mitre_galaxy_tag_prefix = 'misp-galaxy:mitre-attack-pattern="'; $reportLink = sprintf('%s/users/viewPeriodicSummary/%s', $baseurl, $period); $eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%s/searchPublishTimestamp:%s', $baseurl, h($start_date->format('Y-m-d H:i:s')), h($now->format('Y-m-d H:i:s'))); $processed_correlations = []; $new_correlations = []; foreach ($events as $event) { $unique_tag_per_event = []; $attribute_number += count($event['Attribute']); $object_number += count($event['Object']); $event_report_number += count($event['EventReport']); $proposal_number += count($event['ShadowAttribute']); foreach ($event['EventTag'] as $event_tag) { $tag = $event_tag['Tag']; if (isset($unique_tag_per_event[$tag['name']])) { continue; // Only one instance of tag per event } $unique_tag_per_event[$tag['name']] = true; if (empty($all_tag_amount[$tag['name']])) { $all_tag_amount[$tag['name']] = 0; $tag_color_mapping[$tag['name']] = $tag['colour']; } $all_tag_amount[$tag['name']]++; if ($tag['is_galaxy'] && substr($tag['name'], 0, strlen($mitre_galaxy_tag_prefix)) === $mitre_galaxy_tag_prefix) { $technique = substr($tag['name'], strlen($mitre_galaxy_tag_prefix), strlen($tag['name']) - strlen($mitre_galaxy_tag_prefix) - 1); $mitre_attack_techniques[$technique] = $event_tag; } } $attribute_light_by_id = []; foreach ($event['Attribute'] as $attribute) { $attribute_light_by_id[$attribute['id']] = [ 'timestamp' => $attribute['timestamp'], 'type' => $attribute['type'], ]; if (empty($attribute_types[$attribute['type']])) { $attribute_types[$attribute['type']] = 0; } $attribute_types[$attribute['type']]++; foreach ($attribute['AttributeTag'] as $attribute_tag) { $tag = $attribute_tag['Tag']; if (isset($unique_tag_per_event[$tag['name']])) { continue; // Only one instance of tag per event } $unique_tag_per_event[$tag['name']] = true; if (empty($all_tag_amount[$tag['name']])) { $all_tag_amount[$tag['name']] = 0; $tag_color_mapping[$tag['name']] = $tag['colour']; } $all_tag_amount[$tag['name']]++; if ($tag['is_galaxy'] && substr($tag['name'], 0, strlen($mitre_galaxy_tag_prefix)) === $mitre_galaxy_tag_prefix) { $technique = substr($tag['name'], strlen($mitre_galaxy_tag_prefix), strlen($tag['name']) - strlen($mitre_galaxy_tag_prefix) - 1); $mitre_attack_techniques[$technique] = $attribute_tag; } } } foreach ($event['Object'] as $object) { if (empty($object_types[$object['name']])) { $object_types[$object['name']] = 0; } $object_types[$object['name']]++; $attribute_number += count($object['Attribute']); foreach ($object['Attribute'] as $attribute) { $attribute_light_by_id[$attribute['id']] = [ 'timestamp' => $attribute['timestamp'], 'type' => $attribute['type'], ]; if (empty($attribute_types[$attribute['type']])) { $attribute_types[$attribute['type']] = 0; } $attribute_types[$attribute['type']]++; foreach ($attribute['AttributeTag'] as $attribute_tag) { $tag = $attribute_tag['Tag']; if (isset($unique_tag_per_event[$tag['name']])) { continue; // Only one instance of tag per event } $unique_tag_per_event[$tag['name']] = true; if (empty($all_tag_amount[$tag['name']])) { $all_tag_amount[$tag['name']] = 0; $tag_color_mapping[$tag['name']] = $tag['colour']; } $all_tag_amount[$tag['name']]++; if ($tag['is_galaxy'] && substr($tag['name'], 0, strlen($mitre_galaxy_tag_prefix)) === $mitre_galaxy_tag_prefix) { $technique = substr($tag['name'], strlen($mitre_galaxy_tag_prefix), strlen($tag['name']) - strlen($mitre_galaxy_tag_prefix) - 1); $mitre_attack_techniques[$technique] = $attribute_tag; } } } } foreach ($event['EventReport'] as $event_report) { $all_event_report[] = [ 'uuid' => $event_report['uuid'], 'name' => $event_report['name'], 'event_id' => $event_report['event_id'], 'event_info' => $event['Event']['info'], ]; } if (!empty($event['RelatedEvent'])) { $related_event_by_id = []; foreach ($event['RelatedEvent'] as $related_event) { $related_event_by_id[$related_event['Event']['id']] = $related_event['Event']; } foreach ($event['RelatedAttribute'] as $attribute_id => $related_attributes) { $has_attribute_been_modified_since_last_period = intval($attribute_light_by_id[$attribute_id]['timestamp']) >= intval($start_date->format('U')); foreach ($related_attributes as $related_attribute) { $correlation_id = sprintf('%s-%s', $related_attribute['attribute_id'], $attribute_id); $reversed_correlation_id = sprintf('%s-%s', $attribute_id, $related_attribute['attribute_id']); $has_correlation_been_processed = isset($processed_correlations[$correlation_id]); // We already added the correlation the other way around if ($has_attribute_been_modified_since_last_period && !$has_correlation_been_processed) { $source_event = $event['Event']; $source_event['Orgc'] = $event['Orgc']; $new_correlations[] = [ 'source_event' => $source_event, 'target_event' => $related_event_by_id[$related_attribute['id']], 'attribute_value' => $related_attribute['value'], 'attribute_type' => $attribute_light_by_id[$attribute_id]['type'], ]; $processed_correlations[$reversed_correlation_id] = true; } } } } } if (!function_exists('findAndBuildTag')) { function findAndBuildTag($tag_list, $tag_prefix, $that) { foreach ($tag_list as $tag) { if (substr($tag['Tag']['name'], 0, strlen($tag_prefix)) == $tag_prefix) { return $that->element('tag', ['tag' => $tag]); } } return ''; } } $unique_tag_number = count($all_tag_amount); arsort($attribute_types); arsort($object_types); arsort($all_tag_amount); uasort($mitre_attack_techniques, function($tag1, $tag2) use ($all_tag_amount) { return ($all_tag_amount[$tag1['Tag']['name']] < $all_tag_amount[$tag2['Tag']['name']]) ? 1 : -1; }); array_splice($attribute_types, 10); array_splice($object_types, 10); array_splice($all_tag_amount, 10); array_splice($mitre_attack_techniques, 10); ?> fetch('prepend-html')) : ?> fetch('prepend-html') ?> fetch('table-overview')) : ?> fetch('table-overview'); ?>
%s (Week %s) ➞ %s (Week %s)', $start_date->format('M d, o'), $start_date->format('W'), $now->format('M d, o'), $now->format('W') ) ?>
fetch('detailed-summary-full')) : ?> fetch('detailed-summary-full'); ?>
fetch('detailed-summary-mitre-attack')) : ?> fetch('detailed-summary-mitre-attack'); ?>

fetch('detailed-summary-type')) : ?> fetch('detailed-summary-type'); ?>

fetch('detailed-summary-tags')) : ?> fetch('detailed-summary-tags'); ?>

fetch('detailed-summary-events')) : ?> fetch('detailed-summary-events'); ?>

$taxonomy_prefix) : ?> $event) : ?> $vars['event_table_max_event_count']-1) { break; } $workflowTag = findAndBuildTag($event['EventTag'], 'workflow:', $this); $analysisHtml = !empty($workflowTag) ? $workflowTag : ''; $tlpTag = findAndBuildTag($event['EventTag'], 'tlp:', $this); $tlpHtml = !empty($tlpTag) ? $tlpTag : ''; ?> $taxonomy_prefix) : ?>
format('Y-m-d') ?> <>> <>>
:
 

$vars['event_table_max_event_count']) : ?> ⮞ %s', count($events) - $vars['event_table_max_event_count']) ) ?> fetch('detailed-summary-correlations')) : ?>

::
$vars['correlation_table_max_count']) { echo '⮞ ' . __n( '%s correlation not displayed.', '%s correlations not displayed.', count($new_correlations) - $vars['correlation_table_max_count'], sprintf('%s', count($new_correlations) - $vars['correlation_table_max_count']) ); } ?>
fetch('trending-summary')) : ?> fetch('trending-summary'); ?>
fetch('aggregated-context')) : ?> fetch('aggregated-context'); ?>
fetch('content'); ?>