def remove_group(self, group): # Update file self.remove_from('groups', group) # Update previous analysis for analysis_id in self['analysis']: analysis = Analysis( store.analysis.find_one({'_id': ObjectId(analysis_id)})) analysis.remove_from('groups', group)
def add_groups(self, groups): # Update file for group in groups: self.append_to('groups', group) # Update previous analysis for analysis_id in self['analysis']: analysis = Analysis(store.analysis.find_one({'_id': ObjectId(analysis_id)})) for group in groups: analysis.append_to('groups', group)
def refresh_iocs(self, id): """Refresh IOCs with Threat Intel modules .. :quickref: Analysis; Refresh IOCs with Threat Intel modules. :param id: id of the analysis. """ analysis = Analysis(get_or_404(current_user.analyses, _id=id)) analysis.refresh_iocs() return redirect(analysis, url_for('AnalysesView:get', id=analysis["_id"]))
def get_file(self, id, filehash): analysis = Analysis(get_or_404(current_user.analyses, _id=id)) for file_type in analysis['generated_files']: for filepath in analysis['generated_files'][file_type]: filepath = filepath.encode('utf-8') if filehash == md5(filepath).hexdigest(): return file_download(filehash) filepath = analysis._file['filepath'].encode('utf-8') if filehash == md5(filepath).hexdigest(): return file_download(analysis.get_main_file()) return abort(404)
def analyze(self, groups, analyst, module_name=None, options={}): analysis = Analysis({ 'file': self['_id'], 'module': module_name, 'options': options, 'groups': list(set(groups + self['groups'])), 'analyst': analyst }) analysis.save() self.add_groups(groups) self.append_to('analysis', analysis['_id']) analysis.resume() return analysis
def _save_analysis_file(self, id, path): file = request.files['file'] analysis = Analysis(get_or_404(current_user.analyses, _id=id)) dirpath = os.path.join(path, str(analysis['_id'])) filepath = os.path.join(dirpath, secure_filename(file.filename)) # Create parent dirs if they don't exist try: os.makedirs(dirpath) except: pass with open(filepath, "wb") as fd: copyfileobj(file.stream, fd) return filepath
def submit_iocs(self, id, module): """Submit observables to a Threat Intelligence module. .. :quickref: Analysis; Submit observables to a threat intelligence module If succesful, the response will be ``"ok"``. :param id: id of the analysis. :param module: name of the module to submit the file to. :<jsonarr string value: the value of the observable. :<jsonarr list tags: a list of tags associated to it. """ analysis = Analysis(get_or_404(current_user.analyses, _id=id)) for ti_module in dispatcher.get_threat_intelligence_modules(): if ti_module.name == module: ti_module.iocs_submission(analysis, request.json) analysis.update_value(['threat_intelligence', module], True) return make_response("ok")
def resume(self, id): analysis = Analysis(get_or_404(Analysis.get_collection(), _id=id)) analysis.resume() flash("Resumed analysis {}".format(analysis['_id'])) return redirect({}, url_for('SystemView:index'))