From 11781dd0a07e918b113e7f6e6c11cc79bf2c18e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Aime?= <felix.aime@kaspersky.com>
Date: Mon, 14 Jun 2021 17:17:09 +0200
Subject: [PATCH] New changes regarding OpenCTI implementation

---
 app/backend/src/App.vue                |   3 +
 app/backend/src/router/index.js        |   6 +
 app/backend/src/views/iocs-opencti.vue | 170 +++++++++++++++++++++++++
 server/backend/app/blueprints/octi.py  |  45 +++++++
 server/backend/main.py                 |   2 +
 5 files changed, 226 insertions(+)
 create mode 100644 app/backend/src/views/iocs-opencti.vue
 create mode 100644 server/backend/app/blueprints/octi.py

diff --git a/app/backend/src/App.vue b/app/backend/src/App.vue
index d556d5b..9f6d491 100644
--- a/app/backend/src/App.vue
+++ b/app/backend/src/App.vue
@@ -42,6 +42,9 @@
                 <li class="menu-item">
                   <span @click="$router.push('/iocs/misp')">MISP Instances</span>
                 </li>
+                <li class="menu-item">
+                  <span @click="$router.push('/iocs/opencti')">OpenCTI Instances</span>
+                </li>
               </ul>
             </div>
           </div>
diff --git a/app/backend/src/router/index.js b/app/backend/src/router/index.js
index e554d1d..32bd83a 100644
--- a/app/backend/src/router/index.js
+++ b/app/backend/src/router/index.js
@@ -40,6 +40,12 @@ const routes = [
     component: () => import('../views/iocs-misp.vue'),
     props: true
   },
+  {
+    path: '/iocs/opencti',
+    name: 'iocs-opencti',
+    component: () => import('../views/iocs-opencti.vue'),
+    props: true
+  },
   {
     path: '/iocs/search',
     name: 'iocs-search',
diff --git a/app/backend/src/views/iocs-opencti.vue b/app/backend/src/views/iocs-opencti.vue
new file mode 100644
index 0000000..4914598
--- /dev/null
+++ b/app/backend/src/views/iocs-opencti.vue
@@ -0,0 +1,170 @@
+<template>
+    <div class="backend-content" id="content">
+        <div class="column col-8 col-xs-12">
+            <h3 class="s-title">Manage OpenCTI instances</h3>
+            <ul class="tab tab-block">
+                <li class="tab-item">
+                    <a href="#" v-on:click="switch_tab('addopencti')" v-bind:class="{ active: tabs.addopencti }">Add instance</a>
+                </li>
+                <li class="tab-item">
+                    <a href="#" v-on:click="switch_tab('instances')" v-bind:class="{ active: tabs.instances }">Existing instances</a>
+                </li>
+            </ul>
+            <div v-if="tabs.addopencti">
+                <div class="misp-form">
+                    <label class="misp-label">Instance name</label><span></span>
+                    <input class="form-input" type="text" placeholder="CYBERACME OpenCTI" v-model="openctiinst.name" required>
+                    <label class="misp-label">Instance URL</label><span></span>
+                    <input class="form-input" type="text" placeholder="https://opencti.cyberacme.com" v-model="openctinst.url" required>
+                    <label class="misp-label">Authentication key</label><span></span>
+                    <input class="form-input" type="text" placeholder="83114ab2-3570-493b-8caa-14ef1bcf8e9a" v-model="openctiinst.key" required>
+                    <label class="misp-label">Verify certificate? </label><span></span>
+                    <div style="flex:50%"><label class="form-switch">
+                    <input type="checkbox" v-model="openctiinst.ssl">
+                    <i class="form-icon"></i>
+                    </label></div>
+                </div>
+                <button class="btn-primary btn col-12" v-on:click="add_instance()">Add OpenCTI instance</button>
+                <div class="form-group" v-if="added">
+                    <div class="toast toast-success">
+                        ✓ OpenCTI instance added successfully.
+                    </div>
+                </div>
+                <div class="form-group" v-if="error">
+                    <div class="toast toast-error">
+                        ✗ OpenCTI instance not added. {{error}}
+                    </div>
+                </div>
+            </div>
+            <div class="form-group" v-if="tabs.instances">
+                <div v-if="instances.length">
+                    <table class="table table-striped table-hover">
+                        <thead>
+                            <tr>
+                                <th>Name</th>
+                                <th>Server</th>
+                                <th>Authkey</th>
+                                <th>Status</th>
+                                <th>Action</th>
+                            </tr>
+                        </thead>
+                        <tbody>
+                            <tr v-for="i in instances" v-bind:key="i.id">
+                                <td>{{ i.name }}</td>
+                                <td>{{ i.url.replace('https://', '') .replace('http://', '') }}</td>
+                                <td>{{ i.apikey.slice(0,5) }} [...] {{ i.apikey.slice(35,40) }}</td>
+                                <td>
+                                    <span v-if="i.connected" class="misp-online tooltip" :data-tooltip="i.lastsync">✓ ONLINE</span>
+                                    <span v-else class="misp-offline tooltip" :data-tooltip="i.lastsync">⚠ OFFLINE</span>
+                                </td>
+                                <td><button class="btn btn-sm" v-on:click="delete_instance(i)">Delete</button></td>
+                            </tr>
+                        </tbody>
+                    </table>
+                </div>
+                <div v-else>
+                    <div class="empty">
+                        <div v-if="loading">
+                            <p class="empty-title h5">
+                                <span class="loading loading-lg"></span>
+                            </p>
+                            <p class="empty-subtitle">Testing and loading your OpenCTI instances.</p>
+                        </div>
+                        <div v-else>
+                            <p class="empty-title h5">No OpenCTI instance found.</p>
+                            <p class="empty-subtitle">Do not hesitate to add a OpenCTI instance.</p>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</template>
+<script>
+
+import axios from 'axios'
+
+export default {
+    name: 'manageopencti',   
+    data() {
+        return { 
+            error:false,
+            loading:false,
+            added:false,
+            openctiinst:{ name:'', url:'',key:'', ssl:false },
+            instances:[],
+            tabs: { "addopencti" : true, "instances" : false },
+            jwt:""
+        }
+    },
+    props: { },
+    methods: {
+        add_instance: function()
+        {  
+            this.added = false;
+            this.error = false;
+            if (this.openctiinst.name && this.openctiinst.url && this.openctiinst.key)
+            {
+                axios.post(`/api/opencti/add`, { data: { instance: this.openctiinst } }, { headers: {'X-Token': this.jwt} }).then(response => {
+                    if(response.data.status){
+                        this.added = true;
+                    } else {
+                        this.error = response.data.message;
+                    }
+                })
+                .catch(err => (console.log(err)))
+            }
+        },
+        delete_instance(elem)
+        {
+            axios.get(`/api/opencti/delete/${elem.id}`, { timeout: 10000, headers: {'X-Token': this.jwt} })
+            .then(response => {
+                if(response.data.status){
+                    this.instances = this.instances.filter(function(el) { return el != elem; }); 
+                }
+            })
+            .catch(err => (console.log(err)))
+        },
+        get_opencti_instances()
+        {
+            this.loading = true;
+            this.instances = []
+            axios.get(`/api/opencti/get_all`, { timeout: 10000, headers: {'X-Token': this.jwt} })
+            .then(response => {
+                if(response.data.results){
+                    this.instances = response.data.results;
+                    this.instances.forEach(e => { 
+                        var lastsync = parseInt((Date.now()/1000 - e.lastsync) / 86400)
+                        e.lastsync = (!lastsync)? "Synchronized today" : `Synchronized ${lastsync} day(s) ago`
+                        } )
+                }
+                this.loading = false
+            })
+            .catch(err => (console.log(err)))
+        },
+        switch_tab: function(tab) {
+
+            Object.keys(this.tabs).forEach(key => {
+                if( key == tab ){
+                    this.tabs[key] = true
+                    if (key == "instances") this.get_opencti_instances();
+                } else {
+                    this.tabs[key] = false
+                }
+            });
+        },
+        get_jwt(){
+            axios.get(`/api/get-token`, { timeout: 10000 })
+                .then(response => {
+                    if(response.data.token){
+                        this.jwt = response.data.token
+                    }
+                })
+            .catch(err => (console.log(err)))
+        }
+    },
+    created: function() {
+        this.get_jwt();
+    }
+}
+</script>
diff --git a/server/backend/app/blueprints/octi.py b/server/backend/app/blueprints/octi.py
new file mode 100644
index 0000000..36f1bc4
--- /dev/null
+++ b/server/backend/app/blueprints/octi.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+from flask import Blueprint, jsonify, Response, request
+from app.decorators import require_header_token, require_get_token
+from app.classes.octi import OCTI
+
+import json
+
+octi_bp = Blueprint("octi", __name__)
+octi = OCTI()
+
+
+@octi_bp.route('/add', methods=['POST'])
+@require_header_token
+def add_instance():
+    """
+        Parse and add a OpenCTI instance to the database.
+        :return: status of the operation in JSON
+    """
+    data = json.loads(request.data)
+    res = octi.add_instance(data["data"]["instance"])
+    return jsonify(res)
+
+
+@octi_bp.route('/delete/<octi_id>', methods=['GET'])
+@require_header_token
+def delete_instance(octi_id):
+    """
+        Delete a OpenCTI instance by its id to the database.
+        :return: status of the operation in JSON
+    """
+    res = octi.delete_instance(octi_id)
+    return jsonify(res)
+
+
+@octi_bp.route('/get_all', methods=['GET'])
+@require_header_token
+def get_all():
+    """
+        Retreive a list of all OpenCTI instances.
+        :return: list of OpenCTI instances in JSON.
+    """
+    res = octi.get_instances()
+    return jsonify({"results": [i for i in res]})
diff --git a/server/backend/main.py b/server/backend/main.py
index eedf327..4f6bf07 100644
--- a/server/backend/main.py
+++ b/server/backend/main.py
@@ -7,6 +7,7 @@ from app.blueprints.ioc import ioc_bp
 from app.blueprints.whitelist import whitelist_bp
 from app.blueprints.config import config_bp
 from app.blueprints.misp import misp_bp
+from app.blueprints.octi import octi_bp
 import datetime
 import secrets
 import jwt
@@ -58,6 +59,7 @@ app.register_blueprint(ioc_bp, url_prefix='/api/ioc')
 app.register_blueprint(whitelist_bp, url_prefix='/api/whitelist')
 app.register_blueprint(config_bp, url_prefix='/api/config')
 app.register_blueprint(misp_bp, url_prefix='/api/misp')
+app.register_blueprint(octi_bp, url_prefix='/api/octi')
 
 if __name__ == '__main__':
     ssl_cert = "{}/{}".format(path[0], 'cert.pem')