More code modification regarding MISP integration

2021-06-10 18:37:40 +02:00
parent f189f2e100
commit 8e09d4e1c8
6 changed files with 27 additions and 14 deletions
--- a/app/backend/src/views/iocs-misp.vue
+++ b/app/backend/src/views/iocs-misp.vue
@@ -1,6 +1,6 @@
 <template>
    <div class="backend-content" id="content">
-        <div class="column col-6 col-xs-12">
+        <div class="column col-8 col-xs-12">
            <h3 class="s-title">Manage MISP instances</h3>
            <ul class="tab tab-block">
                <li class="tab-item">
@@ -17,7 +17,7 @@
                    <label class="misp-label">Instance URL</label><span></span>
                    <input class="form-input" type="text" ref="misp_url" placeholder="https://misp.cyberacme.com" v-model="mispinst.url" required>
                    <label class="misp-label">Authentication key</label><span></span>
-                    <input class="form-input" type="text" ref="misp_key" placeholder="OqHSMyAuth3ntic4t10nK3y3iiH" v-model="mispinst.key" required>
+                    <input class="form-input" type="text" ref="misp_key" placeholder="OqHSMyAuth3ntic4t10nK3y0MyAuth3ntic4t10nK3y3iiH" v-model="mispinst.key" required>
                    <label class="misp-label">Verify certificate? </label><span></span>
                    <div style="flex:50%"><label class="form-switch">
                    <input type="checkbox" @change="switch_config('frontend', 'kiosk_mode')" v-model="mispinst.ssl">
--- a/assets/scheme.sql
+++ b/assets/scheme.sql
@@ -25,5 +25,6 @@ CREATE TABLE "misp" (
 	"apikey"	TEXT NOT NULL,
 	"verifycert" INTEGER NOT NULL DEFAULT 0,
 	"added_on" NUMERIC NOT NULL,
+	"last_sync" NUMERIC NOT NULL DEFAULT 0,
 	PRIMARY KEY("id" AUTOINCREMENT)
 );
--- a/server/backend/app/blueprints/misp.py
+++ b/server/backend/app/blueprints/misp.py
@@ -19,8 +19,7 @@ def add_instance():
        :return: status of the operation in JSON
    """
    data = json.loads(request.data)
-    instance = data["data"]["instance"]
-    res = misp.add_instance(instance)
+    res = misp.add_instance(data["data"]["instance"])
    return jsonify(res)

@misp_bp.route('/delete/<misp_id>', methods=['GET'])
--- a/server/backend/app/classes/misp.py
+++ b/server/backend/app/classes/misp.py
@@ -27,6 +27,7 @@ class MISP(object):
        name = instance["name"]
        apikey = instance["key"]
        verify = instance["ssl"]
+        last_sync = int(time.time()-31536000) # One year

        sameinstances = db.session.query(MISPInst).filter(
            MISPInst.url == url, MISPInst.apikey == apikey)
@@ -36,14 +37,11 @@ class MISP(object):
        if name:
            if self.test_instance(url, apikey, verify):
                added_on = int(time.time())
-                db.session.add(MISPInst(name, escape(url), apikey, verify, added_on))
+                db.session.add(MISPInst(name, escape(
+                    url), apikey, verify, added_on, last_sync))
                db.session.commit()
                return {"status": True,
-                        "message": "MISP instance added",
-                        "name": escape(name),
-                        "url": escape(url),
-                        "apikey": escape(apikey),
-                        "verifycert": escape(verify)}
+                        "message": "MISP instance added"}
            else:
                return {"status": False,
                        "message": "Please verify the connection to the MISP instance"}
@@ -78,7 +76,8 @@ class MISP(object):
                   "url": misp["url"],
                   "apikey": misp["apikey"],
                   "verifycert": True if misp["verifycert"] else False,
-                   "connected": self.test_instance(misp["url"], misp["apikey"], misp["verifycert"]) }
+                   "connected": self.test_instance(misp["url"], misp["apikey"], misp["verifycert"]),
+                   "lastsync": misp["last_sync"]}

    @staticmethod
    def test_instance(url, apikey, verify):
@@ -92,11 +91,23 @@ class MISP(object):
        except:
            return False

+    def update_sync(misp_id):
+        """
+            Update the last synchronization date by the actual date.
+            :return: bool, True if updated.
+        """
+        try:
+            misp = MISPInst.query.get(int(misp_id))
+            misp.last_sync = int(time.time())
+            db.session.commit()
+            return True
+        except:
+            return False
+
    @staticmethod
    def get_iocs(misp_id):
        """
            Get all IOCs from specific MISP instance
-            /!\ Todo: NEED TO ADD LAST SYNCHRO DATE + page etc. stuff.
            :return: generator containing the IOCs.
        """
        misp = MISPInst.query.get(int(misp_id))
@@ -105,7 +116,7 @@ class MISP(object):
                try:
                    # Connect to MISP instance and get network activity attributes.
                    m = PyMISP(misp.url, misp.apikey, misp.verifycert)
-                    r = m.search("attributes", category="Network activity")
+                    r = m.search("attributes", category="Network activity", date_from=misp.lastsync)
                except:
                    print("Unable to connect to the MISP instance ({}/{}).".format(misp.url, misp.apikey))
                    return []
--- a/server/backend/app/db/models.py
+++ b/server/backend/app/db/models.py
@@ -20,12 +20,13 @@ class Whitelist(db.Model):


 class MISPInst(db.Model):
-    def __init__(self, name, url, key, ssl, added_on):
+    def __init__(self, name, url, key, ssl, added_on, last_sync):
        self.name = name
        self.url = url
        self.apikey = key
        self.verifycert = ssl
        self.added_on = added_on
+        self.last_sync = last_sync


 db.mapper(Whitelist, db.Table('whitelist', db.metadata, autoload=True))
--- a/server/backend/watchers.py
+++ b/server/backend/watchers.py
@@ -133,6 +133,7 @@ def watch_misp():
                instances.pop(i)
        if instances: time.sleep(60)

+
 p1 = Process(target=watch_iocs)
 p2 = Process(target=watch_whitelists)
 p3 = Process(target=watch_misp)