Some modifications, still need tests and debug
This commit is contained in:
Félix Aime
@@ -18,13 +18,12 @@ CREATE TABLE "whitelist" (
|
||||
PRIMARY KEY("id" AUTOINCREMENT)
|
||||
);
|
||||
|
||||
CREATE TABLE "mispinstance" (
|
||||
CREATE TABLE "misp" (
|
||||
"id" INTEGER UNIQUE,
|
||||
"name" TEXT,
|
||||
"url" TEXT NOT NULL,
|
||||
"apikey" TEXT NOT NULL,
|
||||
"verifycert" INTEGER NOT NULL DEFAULT 0,
|
||||
"source" TEXT NOT NULL,
|
||||
"added_on" NUMERIC NOT NULL,
|
||||
PRIMARY KEY("id" AUTOINCREMENT)
|
||||
);
|
||||
|
||||
@@ -13,7 +13,7 @@ misp = MISP()
|
||||
|
||||
@misp_bp.route('/add', methods=['POST'])
|
||||
@require_header_token
|
||||
def add():
|
||||
def add_instance():
|
||||
"""
|
||||
Parse and add a MISP instance to the database.
|
||||
:return: status of the operation in JSON
|
||||
@@ -21,31 +21,30 @@ def add():
|
||||
data = json.loads(request.data)
|
||||
instance = data["data"]["instance"]
|
||||
|
||||
source = "backend"
|
||||
res = MISP.add(instance["name"], instance["url"],
|
||||
instance["key"], instance["ssl"], source)
|
||||
res = MISP.add_instance(instance["name"], instance["url"],
|
||||
instance["key"], instance["ssl"])
|
||||
return jsonify(res)
|
||||
|
||||
|
||||
@misp_bp.route('/delete/<misp_id>', methods=['GET'])
|
||||
@require_header_token
|
||||
def delete(misp_id):
|
||||
def delete_instance(misp_id):
|
||||
"""
|
||||
Delete a MISP instance by its id to the database.
|
||||
:return: status of the operation in JSON
|
||||
"""
|
||||
res = MISP.delete(misp_id)
|
||||
res = MISP.delete_instance(misp_id)
|
||||
return jsonify(res)
|
||||
|
||||
|
||||
@misp_bp.route('/get_all', methods=['GET'])
|
||||
@require_header_token
|
||||
# @require_header_token
|
||||
def get_all():
|
||||
"""
|
||||
Retreive a list of all MISP instances.
|
||||
:return: list of MISP instances in JSON.
|
||||
"""
|
||||
res = MISP.get_all()
|
||||
res = MISP.get_instances()
|
||||
return jsonify({"results": [i for i in res]})
|
||||
|
||||
|
||||
@@ -68,14 +67,14 @@ def get_iocs():
|
||||
|
||||
@misp_bp.route('/edit', methods=['POST'])
|
||||
@require_header_token
|
||||
def edit():
|
||||
def edit_instance():
|
||||
"""
|
||||
Parse and edit the desired MISP instance.
|
||||
:return: status of the operation in JSON
|
||||
"""
|
||||
data = json.loads(request.data)
|
||||
instance = data["data"]["instance"]
|
||||
res = MISP.edit(instance["id"],
|
||||
res = MISP.edit_instance(instance["id"],
|
||||
instance["name"],
|
||||
instance["url"],
|
||||
instance["apikey"],
|
||||
|
||||
@@ -18,7 +18,7 @@ class MISP(object):
|
||||
return None
|
||||
|
||||
@staticmethod
|
||||
def add(misp_name, misp_url, misp_key, misp_verifycert):
|
||||
def add_instance(misp_name, misp_url, misp_key, misp_verifycert):
|
||||
"""
|
||||
Parse and add a MISP instance to the database.
|
||||
:return: status of the operation in JSON
|
||||
@@ -57,7 +57,7 @@ class MISP(object):
|
||||
"message": "The MISP instance name can't be empty"}
|
||||
|
||||
@staticmethod
|
||||
def edit(misp_id, misp_name, misp_url, misp_key, misp_verifycert):
|
||||
def edit_instance(misp_id, misp_name, misp_url, misp_key, misp_verifycert):
|
||||
"""
|
||||
Parse and edit the desired MISP instance.
|
||||
:return: status of the operation in JSON
|
||||
@@ -134,13 +134,12 @@ class MISP(object):
|
||||
misp = MISPInst.query.get(int(misp_id))
|
||||
if misp is not None:
|
||||
if misp.url and misp.apikey:
|
||||
try:
|
||||
# Connect to MISP instance and get network activity attributes.
|
||||
m = PyMISP(misp.url, misp.apikey, misp.verifycert)
|
||||
r = m.search("attributes", category="Network activity")
|
||||
|
||||
for attr in r["Attribute"]:
|
||||
if attr["type"] in ["ip_dst", "domain", "snort", "x509-fingerprint-sha1"]:
|
||||
if attr["type"] in ["ip-dst", "domain", "snort", "x509-fingerprint-sha1"]:
|
||||
|
||||
ioc = {"value": attr["value"],
|
||||
"type": None,
|
||||
@@ -156,26 +155,18 @@ class MISP(object):
|
||||
ioc["type"] = "domain"
|
||||
elif re.match(defs["iocs_types"][4]["regex"], attr["value"]):
|
||||
ioc["type"] = "sha1cert"
|
||||
elif "alert " in attr["value"][0:5]:
|
||||
elif "alert " in attr["value"][0:6]:
|
||||
ioc["type"] = "snort"
|
||||
else:
|
||||
continue
|
||||
|
||||
if "Tag" in attr:
|
||||
for tag in attribute['Tag']:
|
||||
for tag in attr["Tag"]:
|
||||
# Add the TLP of the IOC.
|
||||
tlp = re.search(r"^(?:tlp:)(red|green|amber|white)", tag['name'])
|
||||
tlp = re.search(r"^(?:tlp:)(red|green|amber|white)", tag['name'].lower())
|
||||
if tlp: ioc["tlp"] = tlp.group(1)
|
||||
|
||||
# Add possible tag.
|
||||
if lower(tag["name"]) in [t["tag"] for t in defs["iocs_tags"]]:
|
||||
ioc["tag"] = lower(tag["name"])
|
||||
if tag["name"].lower() in [t["tag"] for t in defs["iocs_tags"]]:
|
||||
ioc["tag"] = tag["name"].lower()
|
||||
yield ioc
|
||||
except:
|
||||
return {"status": False,
|
||||
"message": "An exception has been raised: ", sys.exc_info()[0])}
|
||||
pass
|
||||
else:
|
||||
return {"status": False,
|
||||
"message": "The URL or API key is empty."}
|
||||
else:
|
||||
return {"status": False,
|
||||
"message": "Unknown MISP instance."}
|
||||
|
||||
@@ -23,11 +23,11 @@ class MISPInst(db.Model):
|
||||
def __init__(self, name, url, key, ssl, added_on):
|
||||
self.name = name
|
||||
self.url = url
|
||||
self.authkey = key
|
||||
self.apikey = key
|
||||
self.verifycert = ssl
|
||||
self.added_on = added_on
|
||||
|
||||
|
||||
db.mapper(Whitelist, db.Table('whitelist', db.metadata, autoload=True))
|
||||
db.mapper(Ioc, db.Table('iocs', db.metadata, autoload=True))
|
||||
db.mapper(MISP, db.Table('misp', db.metadata, autoload=True))
|
||||
db.mapper(MISPInst, db.Table('misp', db.metadata, autoload=True))
|
||||
|
||||
Reference in New Issue
Block a user