def indicator_from_header_field(request, email_id):
"""
Create an indicator from a header field. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param email_id: The ObjectId of the email to get the header from.
:type email_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
if 'type' in request.POST:
header_field = request.POST.get('field')
header_type = request.POST.get('type')
analyst = request.user.username
sources = user_sources(analyst)
email = Email.objects(id=email_id,
source__name__in=sources).first()
if not email:
result = {'success': False, 'message': "Could not find email."}
else:
result = create_indicator_from_header_field(
email, header_field, header_type, analyst, request)
else:
result = {'success': False, 'message': "Type is a required value."}
return HttpResponse(json.dumps(result), mimetype="application/json")
else:
return render_to_response('error.html',
{'error': "Expected AJAX POST"},
RequestContext(request))
def indicator_from_header_field(request, email_id):
"""
Create an indicator from a header field. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param email_id: The ObjectId of the email to get the header from.
:type email_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
if "type" in request.POST:
header_field = request.POST["type"]
analyst = request.user.username
sources = user_sources(analyst)
email = Email.objects(id=email_id, source__name__in=sources).first()
if not email:
result = {"success": False, "message": "Could not find email."}
else:
if header_field in ("from_address, sender, reply_to"):
ind_type = "Address - e-mail"
elif header_field in ("originating_ip", "x_originating_ip"):
ind_type = "Address - ipv4-addr"
else:
ind_type = "String"
result = create_indicator_from_header_field(email, header_field, ind_type, analyst, request)
else:
result = {"success": False, "message": "Type is a required value."}
return HttpResponse(json.dumps(result), mimetype="application/json")
else:
return render_to_response("error.html", {"error": "Expected AJAX POST"}, RequestContext(request))
def indicator_from_header_field(request, email_id):
"""
Create an indicator from a header field. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param email_id: The ObjectId of the email to get the header from.
:type email_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
if 'type' in request.POST:
header_field = request.POST.get('field')
header_type = request.POST.get('type')
analyst = request.user.username
sources = user_sources(analyst)
email = Email.objects(id=email_id,
source__name__in=sources).first()
if not email:
result = {
'success': False,
'message': "Could not find email."
}
else:
result = create_indicator_from_header_field(email,
header_field,
header_type,
analyst,
request)
else:
result = {
'success': False,
'message': "Type is a required value."
}
return HttpResponse(json.dumps(result),
content_type="application/json")
else:
return render_to_response('error.html',
{'error': "Expected AJAX POST"},
RequestContext(request))
