def dotransform(request, response, config):

    try:
        incidents = get_linked_incidents(request.fields['ThreatCentral.resourceId'])
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')
        return response
    except KeyError:
        response += UIMessage("No resourceId!", type='PartialError')
        return response
    else:
        try:
            for incident in incidents:

                if incident.get('tcScore'):
                    weight = int(incident.get('tcScore'))
                else:
                    weight = 1

                e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
                e.title = encode_to_utf8(incident.get('title'))
                e.resourceId = incident.get('resourceId')
                e.reportedOn = incident.get('reportedOn')
                e += Label('Reported On', incident.get('reportedOn'))

                if len(incident.get('incidentCategory', list())) is not 0:
                    e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                 for _ in incident.get('incidentCategory',
                                                                                       list())]))

                if len(incident.get('affectedAsset', list())) is not 0:
                    e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                              for _ in incident.get('affectedAsset', list())]))

                if len(incident.get('incidentEffect', list())) is not 0:
                    e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                               for _ in incident.get('incidentEffect', list())]))

                if len(incident.get('discoveryMethod', list())) is not 0:
                    e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                for _ in incident.get('discoveryMethod', list())]))

                if incident.get('description'):
                    e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
                                                                          ).split('\n')))

                response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response
def dotransform(request, response, config):

    try:
        incidents = search_incident(request.value)
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')
        return response
    else:
        try:
            for incident in incidents:
                if incident.get('tcScore'):
                    weight = int(incident.get('tcScore'))
                else:
                    weight = 1
                incident = incident.get('resource')
                if incident:
                    e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
                    e.title = encode_to_utf8(incident.get('title'))
                    e.resourceId = incident.get('resourceId')
                    # e.resourceId = incident.get('id')
                    e.reportedOn = incident.get('reportedOn')
                    e += Label('Reported On', incident.get('reportedOn'))

                    if len(incident.get('incidentCategory', list())) is not 0:
                        e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                     for _ in incident.get('incidentCategory',
                                                                                           list())]))

                    if len(incident.get('affectedAsset', list())) is not 0:
                        e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                  for _ in incident.get('affectedAsset', list())]))

                    if len(incident.get('incidentEffect', list())) is not 0:
                        e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                   for _ in incident.get('incidentEffect', list())]))

                    if len(incident.get('discoveryMethod', list())) is not 0:
                        e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
                                                                    for _ in incident.get('discoveryMethod', list())]))

                    if incident.get('description'):
                        e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
                                                                              ).split('\n')))

                    response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response
def dotransform(request, response, config):

    try:
        results = search(request.value, size=10, pages=1)
    except ThreatCentralError as err:
        response += UIMessage(err.value, type='PartialError')

    else:
        try:
            for result in results:
                rtype = lower(result.get('type'))
                if result.get('tcScore'):
                    weight = int(result.get('tcScore'))
                else:
                    weight = 1
                # Title ID Description
                if rtype == 'actor':
                    # Check Title, if no title get resource > name
                    # Actor entity can have an empty title field
                    if result.get('title'):
                        e = Actor(encode_to_utf8(result.get('title')), weight=weight)
                    else:
                        e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight)
                        e.name = encode_to_utf8(result.get('resource', dict()).get('name'))
                        e.actor = encode_to_utf8(result.get('resource', dict()).get('name'))
                elif rtype == 'case':
                    e = Case(encode_to_utf8(result.get('title')), weight=weight)
                elif rtype == 'coursesofactions':
                    e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight)
                elif rtype == 'indicator':
                    e = Indicator(encode_to_utf8(result.get('title')), weight=weight)
                elif rtype == 'incident':
                    e = Incident(encode_to_utf8(result.get('title')), weight=weight)
                # elif rtype == 'tacticstechniquesandprocedures':
                elif rtype == 'ttp':
                    e = TTP(encode_to_utf8(result.get('title')), weight=weight)
                else:
                    # To be safe
                    e = Phrase(encode_to_utf8(result.get('title')), weight=weight)
                    debug(rtype)

                e.title = encode_to_utf8(result.get('title'))
                e.resourceId = result.get('id')

                if result.get('description'):
                    e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description',
                                                                                     '')).split('\n')))

                response += e

        except AttributeError as err:
            response += UIMessage('Error: {}'.format(err), type='PartialError')
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')
        except TypeError:
            return response

    return response
Beispiel #4
0
    if 'ThreatCentral.resourceId' in request.fields:
        try:
            case = get_case(request.fields['ThreatCentral.resourceId'])
        except ThreatCentralError as err:
            response += UIMessage(err.value, type='PartialError')

        else:
            try:
                # Show incidents
                if len(case.get('incidents', list())) is not 0:
                    for incident in case.get('incidents'):
                        if incident.get('tcScore'):
                            weight = int(incident.get('tcScore'))
                        else:
                            weight = 1
                        e = Incident(encode_to_utf8(incident.get('title')),
                                     weight=weight)
                        e.title = encode_to_utf8(incident.get('title'))
                        e.resourceId = incident.get('resourceId')
                        e.reportedOn = incident.get('reportedOn')
                        e += Label('Reported On', incident.get('reportedOn'))

                        if len(incident.get('incidentCategory',
                                            list())) is not 0:
                            e += Label(
                                'Incident Category', '<br/>'.join([
                                    encode_to_utf8(_.get('displayName'))
                                    for _ in incident.get(
                                        'incidentCategory', list())
                                ]))

                        if len(incident.get('affectedAsset', list())) is not 0: