assign('table-overview', ' ');
* - `prepend-html`
* - `table-overview`
* - `detailed-summary-full`
* - `detailed-summary-mitre-attack`
* - `detailed-summary-type`
* - `detailed-summary-tags`
* - `detailed-summary-events`
* - `detailed-summary-correlations`
* - `aggregated-context`
*
* Additional variables:
* - `event-table-include-basescore`: bool
*/
if (empty($this->__vars)) {
$this->__vars = [];
}
$default_vars = [
'event_table_include_basescore' => true,
'event_table_max_event_count' => 30,
'additional_taxonomy_event_list' => [
'PAP' => 'PAP:'
],
];
$vars = array_merge($default_vars, $this->__vars);
$now = new DateTime();
$start_date = new DateTime('7 days ago');
$event_number = count($events);
$attribute_number = 0;
$object_number = 0;
$event_report_number = 0;
$proposal_number = 0;
$attribute_types = [];
$object_types = [];
$all_event_report = [];
$all_tag_amount = [];
$unique_tag_number = 0;
$tag_color_mapping = [];
$mitre_attack_techniques = [];
$mitre_galaxy_tag_prefix = 'misp-galaxy:mitre-attack-pattern="';
$reportLink = sprintf('%s/users/viewPeriodicSummary/%s', $baseurl, $period);
$eventLink = sprintf('%s/events/index/searchpublished:1/searchPublishTimestamp:%s/searchPublishTimestamp:%s', $baseurl, h($start_date->format('Y-m-d H:i:s')), h($now->format('Y-m-d H:i:s')));
$processed_correlations = [];
$new_correlations = [];
foreach ($events as $event) {
$unique_tag_per_event = [];
$attribute_number += count($event['Attribute']);
$object_number += count($event['Object']);
$event_report_number += count($event['EventReport']);
$proposal_number += count($event['ShadowAttribute']);
foreach ($event['EventTag'] as $event_tag) {
$tag = $event_tag['Tag'];
if (!empty($unique_tag_per_event[$tag['name']])) {
continue; // Only one instance of tag per event
}
$unique_tag_per_event[$tag['name']] = true;
if (empty($all_tag_amount[$tag['name']])) {
$all_tag_amount[$tag['name']] = 0;
$tag_color_mapping[$tag['name']] = $tag['colour'];
}
$all_tag_amount[$tag['name']] += 1;
if (!empty($tag['is_galaxy']) && substr($tag['name'], 0, strlen($mitre_galaxy_tag_prefix)) === $mitre_galaxy_tag_prefix) {
$technique = substr($tag['name'], strlen($mitre_galaxy_tag_prefix), strlen($tag['name']) - strlen($mitre_galaxy_tag_prefix) - 1);
$mitre_attack_techniques[$technique] = $event_tag;
}
}
$attribute_light_by_id = [];
foreach ($event['Attribute'] as $attribute) {
$attribute_light_by_id[$attribute['id']] = [
'timestamp' => $attribute['timestamp'],
'type' => $attribute['type'],
];
if (empty($attribute_types[$attribute['type']])) {
$attribute_types[$attribute['type']] = 0;
}
$attribute_types[$attribute['type']] += 1;
foreach ($attribute['AttributeTag'] as $attribute_tag) {
$tag = $attribute_tag['Tag'];
if (!empty($unique_tag_per_event[$tag['name']])) {
continue; // Only one instance of tag per event
}
$unique_tag_per_event[$tag['name']] = true;
if (empty($all_tag_amount[$tag['name']])) {
$all_tag_amount[$tag['name']] = 0;
$tag_color_mapping[$tag['name']] = $tag['colour'];
}
$all_tag_amount[$tag['name']] += 1;
if (!empty($tag['is_galaxy']) && substr($tag['name'], 0, strlen($mitre_galaxy_tag_prefix)) === $mitre_galaxy_tag_prefix) {
$technique = substr($tag['name'], strlen($mitre_galaxy_tag_prefix), strlen($tag['name']) - strlen($mitre_galaxy_tag_prefix) - 1);
$mitre_attack_techniques[$technique] = $attribute_tag;
}
}
}
foreach ($event['Object'] as $object) {
if (empty($object_types[$object['name']])) {
$object_types[$object['name']] = 0;
}
$object_types[$object['name']] += 1;
$attribute_number += count($object['Attribute']);
foreach ($object['Attribute'] as $attribute) {
if (empty($attribute_types[$attribute['type']])) {
$attribute_types[$attribute['type']] = 0;
}
$attribute_types[$attribute['type']] += 1;
foreach ($attribute['AttributeTag'] as $attribute_tag) {
$tag = $attribute_tag['Tag'];
if (!empty($unique_tag_per_event[$tag['name']])) {
continue; // Only one instance of tag per event
}
$unique_tag_per_event[$tag['name']] = true;
if (empty($all_tag_amount[$tag['name']])) {
$all_tag_amount[$tag['name']] = 0;
$tag_color_mapping[$tag['name']] = $tag['colour'];
}
$all_tag_amount[$tag['name']] += 1;
if (!empty($tag['is_galaxy']) && substr($tag['name'], 0, strlen($mitre_galaxy_tag_prefix)) === $mitre_galaxy_tag_prefix) {
$technique = substr($tag['name'], strlen($mitre_galaxy_tag_prefix), strlen($tag['name']) - strlen($mitre_galaxy_tag_prefix) - 1);
$mitre_attack_techniques[$technique] = $attribute_tag;
}
}
}
}
foreach ($event['EventReport'] as $event_report) {
$all_event_report[] = [
'uuid' => $event_report['uuid'],
'name' => $event_report['name'],
'event_id' => $event_report['event_id'],
'event_info' => $event['Event']['info'],
];
}
if (!empty($event['RelatedEvent'])) {
$related_event_by_id = [];
foreach ($event['RelatedEvent'] as $related_event) {
$related_event_by_id[$related_event['Event']['id']] = $related_event['Event'];
}
foreach ($event['RelatedAttribute'] as $attribute_id => $related_attributes) {
$has_attribute_been_modified_since_last_period = intval($attribute_light_by_id[$attribute_id]['timestamp']) >= intval($start_date->format('U'));
foreach ($related_attributes as $related_attribute) {
$correlation_id = sprintf('%s-%s', $related_attribute['attribute_id'], $attribute_id);
$reversed_correlation_id = sprintf('%s-%s', $attribute_id, $related_attribute['attribute_id']);
$has_correlation_been_processed = !empty($processed_correlations[$correlation_id]); // We already added the correlation the other way around
if ($has_attribute_been_modified_since_last_period && !$has_correlation_been_processed) {
$source_event = $event['Event'];
$source_event['Orgc'] = $event['Orgc'];
$new_correlations[] = [
'source_event' => $source_event,
'target_event' => $related_event_by_id[$related_attribute['id']],
'attribute_value' => $related_attribute['value'],
'attribute_type' => $attribute_light_by_id[$attribute_id]['type'],
];
$processed_correlations[$reversed_correlation_id] = true;
}
}
}
}
}
if (!function_exists('findAndBuildTag')) {
function findAndBuildTag($tag_list, $tag_prefix, $that)
{
foreach ($tag_list as $tag) {
if (substr($tag['Tag']['name'], 0, strlen($tag_prefix)) == $tag_prefix) {
return $that->element('tag', ['tag' => $tag]);
}
}
return '';
}
}
$unique_tag_number = count(array_keys($all_tag_amount));
arsort($attribute_types);
arsort($object_types);
arsort($all_tag_amount);
arsort($mitre_attack_techniques);
array_splice($attribute_types, 10);
array_splice($object_types, 10);
array_splice($all_tag_amount, 10);
array_splice($mitre_attack_techniques, 10);
?>
fetch('prepend-html')) : ?>
= $this->fetch('prepend-html') ?>
fetch('table-overview')) : ?>
= $this->fetch('table-overview'); ?>
= __('Summary period') ?> |
= h($period) ?> |
= __('Summary for dates') ?> |
=
sprintf('%s (Week %s) ➞ %s (Week %s)',
$start_date->format('M d, o'),
$start_date->format('W'),
$now->format('M d, o'),
$now->format('W'),
$start_date->format('M d, o')
)
?>
|
= __('Generation date') ?> |
= date("c"); ?> |
= __('Events #') ?> |
= $event_number ?> |
= __('Attributes #') ?> |
= $attribute_number ?> |
= __('Objects #') ?> |
= $object_number ?> |
= __('Event Report #') ?> |
= $event_report_number ?> |
= __('Proposals #') ?> |
= $proposal_number ?> |
= __('Unique tags #') ?> |
= $unique_tag_number ?> |
= __('New correlation #') ?> |
= count($new_correlations) ?> |
⮞
= __('View this report in MISP') ?>
fetch('detailed-summary-full')) : ?>
= $this->fetch('detailed-summary-full'); ?>
fetch('detailed-summary-mitre-attack')) : ?>
= $this->fetch('detailed-summary-mitre-attack'); ?>
= __('Top 10 Mitre Att&ck techniques') ?>
$tag) : ?>
-
= $all_tag_amount[$tag['Tag']['name']] ?>
element('tag', ['tag' => $tag])
?>
fetch('detailed-summary-type')) : ?>
= $this->fetch('detailed-summary-type'); ?>
= __('Top 10 Attribute types') ?>
$amount) : ?>
- = h($type) ?>: = $amount ?>
= __('Top 10 MISP Object names') ?>
$amount) : ?>
- = h($name) ?>: = $amount ?>
= __('All Event Reports') ?>
fetch('detailed-summary-tags')) : ?>
= $this->fetch('detailed-summary-tags'); ?>
= __('Top 10 Tags') ?>
$amount) : ?>
-
= $amount ?>
= $this->element('tag', ['tag' => ['Tag' => ['name' => $tag_name, 'colour' => $tag_color_mapping[$tag_name]]]]) ?>
fetch('detailed-summary-events')) : ?>
= $this->fetch('detailed-summary-events'); ?>
= __('Event list') ?> = sprintf(' (%s)', count($events)) ?>
= __('Publish date') ?> |
= __('Creator Org.') ?> |
= __('Distribution') ?> |
= __('State') ?> |
= __('Threat Level') ?> |
$taxonomy_prefix) : ?>
= h($taxonomy_name) ?> |
= __('Decaying Event Score') ?> |
= __('Event Info') ?> |
$event) : ?>
$vars['event_table_max_event_count']-1) {
break;
}
$workflowTag = findAndBuildTag($event['EventTag'], 'workflow:', $this);
$analysisHtml = !empty($workflowTag) ? $workflowTag : '';
$tlpTag = findAndBuildTag($event['EventTag'], 'tlp:', $this);
$tlpHtml = !empty($tlpTag) ? $tlpTag : '';
?>
= DateTime::createFromFormat('U', h($event['Event']['publish_timestamp']))->format('Y-m-d') ?> |
= h($event['Orgc']['name']) ?> |
<= !empty($tlpHtml) ? 'small' : 'span' ?>>= h($distributionLevels[$event['Event']['distribution']]) ?>= !empty($tlpHtml) ? 'small' : 'span' ?>>
= $tlpHtml ?>
|
<= !empty($analysisHtml) ? 'small' : 'span' ?>>= h($analysisLevels[$event['Event']['analysis']]) ?>= !empty($analysisHtml) ? 'small' : 'span' ?>>
= $analysisHtml ?>
|
= h($event['ThreatLevel']['name']); ?> |
$taxonomy_prefix) : ?>
= findAndBuildTag($event['EventTag'], $taxonomy_prefix, $this) ?> |
= h($score['DecayingModel']['name']); ?>: |
= round($score['score'], 2) ?> |
|
= h($event['Event']['info']) ?> |
= __('No events.') ?>
$vars['event_table_max_event_count']) : ?>
⮞ =
__n(
'%s event not displayed.',
'%s events not displayed.',
count($events) - $vars['event_table_max_event_count'],
sprintf('
%s', count($events) - $vars['event_table_max_event_count'])
)
?>
= __('View all events in MISP') ?>
fetch('detailed-summary-correlations')) : ?>
= $this->fetch('detailed-summary-correlations'); ?>
= __('New correlations') ?>= sprintf(' (%s)', count($new_correlations)) ?>
fetch('trending-summary')) : ?>
= $this->fetch('trending-summary'); ?>
fetch('aggregated-context')) : ?>
= $this->fetch('aggregated-context'); ?>
= $aggregated_context; ?>
= $this->fetch('content'); ?>