More code modification regarding MISP integration

app/backend/src/views/iocs-misp.vue

@@ -1,6 +1,6 @@
 <template>
     <div class="backend-content" id="content">
-        <div class="column col-6 col-xs-12">
+        <div class="column col-8 col-xs-12">
             <h3 class="s-title">Manage MISP instances</h3>
             <ul class="tab tab-block">
                 <li class="tab-item">
@@ -17,7 +17,7 @@
                     <label class="misp-label">Instance URL</label><span></span>
                     <input class="form-input" type="text" ref="misp_url" placeholder="https://misp.cyberacme.com" v-model="mispinst.url" required>
                     <label class="misp-label">Authentication key</label><span></span>
-                    <input class="form-input" type="text" ref="misp_key" placeholder="OqHSMyAuth3ntic4t10nK3y3iiH" v-model="mispinst.key" required>
+                    <input class="form-input" type="text" ref="misp_key" placeholder="OqHSMyAuth3ntic4t10nK3y0MyAuth3ntic4t10nK3y3iiH" v-model="mispinst.key" required>
                     <label class="misp-label">Verify certificate? </label><span></span>
                     <div style="flex:50%"><label class="form-switch">
                     <input type="checkbox" @change="switch_config('frontend', 'kiosk_mode')" v-model="mispinst.ssl">

assets/scheme.sql

@@ -25,5 +25,6 @@ CREATE TABLE "misp" (
 	"apikey"	TEXT NOT NULL,
 	"verifycert" INTEGER NOT NULL DEFAULT 0,
 	"added_on" NUMERIC NOT NULL,
+	"last_sync" NUMERIC NOT NULL DEFAULT 0,
 	PRIMARY KEY("id" AUTOINCREMENT)
 );

server/backend/app/blueprints/misp.py

@@ -19,8 +19,7 @@ def add_instance():
         :return: status of the operation in JSON
     """
     data = json.loads(request.data)
-    instance = data["data"]["instance"]
-    res = misp.add_instance(instance)
+    res = misp.add_instance(data["data"]["instance"])
     return jsonify(res)
 
 @misp_bp.route('/delete/<misp_id>', methods=['GET'])

server/backend/app/classes/misp.py

@@ -27,6 +27,7 @@ class MISP(object):
         name = instance["name"]
         apikey = instance["key"]
         verify = instance["ssl"]
+        last_sync = int(time.time()-31536000) # One year
 
         sameinstances = db.session.query(MISPInst).filter(
             MISPInst.url == url, MISPInst.apikey == apikey)
@@ -36,14 +37,11 @@ class MISP(object):
         if name:
             if self.test_instance(url, apikey, verify):
                 added_on = int(time.time())
-                db.session.add(MISPInst(name, escape(url), apikey, verify, added_on))
+                db.session.add(MISPInst(name, escape(
+                    url), apikey, verify, added_on, last_sync))
                 db.session.commit()
                 return {"status": True,
-                        "message": "MISP instance added",
-                        "name": escape(name),
-                        "url": escape(url),
-                        "apikey": escape(apikey),
-                        "verifycert": escape(verify)}
+                        "message": "MISP instance added"}
             else:
                 return {"status": False,
                         "message": "Please verify the connection to the MISP instance"}
@@ -78,7 +76,8 @@ class MISP(object):
                    "url": misp["url"],
                    "apikey": misp["apikey"],
                    "verifycert": True if misp["verifycert"] else False,
-                   "connected": self.test_instance(misp["url"], misp["apikey"], misp["verifycert"]) }
+                   "connected": self.test_instance(misp["url"], misp["apikey"], misp["verifycert"]),
+                   "lastsync": misp["last_sync"]}
 
     @staticmethod
     def test_instance(url, apikey, verify):
@@ -92,11 +91,23 @@ class MISP(object):
         except:
             return False
 
+    def update_sync(misp_id):
+        """
+            Update the last synchronization date by the actual date.
+            :return: bool, True if updated.
+        """
+        try:
+            misp = MISPInst.query.get(int(misp_id))
+            misp.last_sync = int(time.time())
+            db.session.commit()
+            return True
+        except:
+            return False
+
     @staticmethod
     def get_iocs(misp_id):
         """
             Get all IOCs from specific MISP instance
-            /!\ Todo: NEED TO ADD LAST SYNCHRO DATE + page etc. stuff.
             :return: generator containing the IOCs.
         """
         misp = MISPInst.query.get(int(misp_id))
@@ -105,7 +116,7 @@ class MISP(object):
                 try:
                     # Connect to MISP instance and get network activity attributes.
                     m = PyMISP(misp.url, misp.apikey, misp.verifycert)
-                    r = m.search("attributes", category="Network activity")
+                    r = m.search("attributes", category="Network activity", date_from=misp.lastsync)
                 except:
                     print("Unable to connect to the MISP instance ({}/{}).".format(misp.url, misp.apikey))
                     return []

server/backend/app/db/models.py

@@ -20,12 +20,13 @@ class Whitelist(db.Model):
 
 
 class MISPInst(db.Model):
-    def __init__(self, name, url, key, ssl, added_on):
+    def __init__(self, name, url, key, ssl, added_on, last_sync):
         self.name = name
         self.url = url
         self.apikey = key
         self.verifycert = ssl
         self.added_on = added_on
+        self.last_sync = last_sync
 
 
 db.mapper(Whitelist, db.Table('whitelist', db.metadata, autoload=True))

server/backend/watchers.py

@@ -133,6 +133,7 @@ def watch_misp():
                 instances.pop(i)
         if instances: time.sleep(60)
 
+
 p1 = Process(target=watch_iocs)
 p2 = Process(target=watch_whitelists)
 p3 = Process(target=watch_misp)