def cybox_observable(request, pk): try: observable = Observable.objects.get(pk=pk) except Observable.DoesNotExist: return HttpResponseNotFound("Observable not found!") objects = get_object_for_observable(observable.observable_type, observable) cybox_xml = None if observable.observable_type == 'FileObjectType': cybox_xml = cybox_file(observable, observable.observable_type, objects) elif observable.observable_type == 'AddressObjectType': cybox_xml = cybox_address(observable, observable.observable_type, objects) elif observable.observable_type == 'URIObjectType': cybox_xml = cybox_uri(observable, observable.observable_type, objects) elif observable.observable_type == 'HTTPSessionObjectType': cybox_xml = cybox_http(observable, observable.observable_type, objects) ### MISSING # MutexObjectType # CodeObjectType # WindowsDriverObjectType # LinkObjectType # WindowsRegistryKeyObjectType # EmailMessageObjectType # DNSQueryObjectType if cybox_xml: return HttpResponse(cybox_xml.to_xml(), content_type="text/xml") return HttpResponseNotFound("Object %s not handled!" % (observable.observable_type))
def observable(request, observable_id="1"): """ details of a single observable """ context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []} try: observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related( Prefetch('indicators'), ) except Observable.DoesNotExist: messages.error(request, 'The requested observable does not exist!') return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request)) if len(observable)<=0: messages.warning(request, "No observable with the given ID exists in the system.") else: context['observable'] = observable[0] context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace.last().namespace) context['namespaces'] = Namespace.objects.all() context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0]) # get related objects for obj in context['objects']: context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type)) context['related_observables'].append(obj.observables.all()) if len(context['related_observables'])<=0: context['related_observables'].append(observable) # check if observable is in a composition for obs_comp in observable[0].observablecomposition_set.all(): context['related_observables'].append(obs_comp.observable_set.all()) # check object type specific settings if observable[0].observable_type == 'FileObjectType': context['custom'] = [] context['meta'] = [] context['hashes'] = [] context['active_tab'] = 'hashes' for obj in context['objects']: for custom in obj.file_custom.all(): context['custom'].append({'name': custom.property_name, 'value': custom.property_value}) context['active_tab'] = 'custom' for meta in obj.file_meta.all(): if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0: context['meta'].append({ 'name': meta.file_name, 'path': meta.file_path, 'extension': meta.file_extension, 'size': meta.file_size }) context['active_tab'] = 'meta' if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256': context['hashes'] = True context['active_tab'] = 'hashes' elif observable[0].observable_type == 'CompositionContainer': ### TODO: currently supports only single composition in observable for composition in observable[0].compositions.all(): context['composition_id'] = composition.id elif observable[0].observable_type == 'WindowsExecutableFileObjectType': context['active_tab'] = 'winexeobj' return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
def observable(request, observable_id="1"): """ details of a single observable """ context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []} try: observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related( Prefetch('indicators'), ) except Observable.DoesNotExist: messages.error(request, 'The requested observable does not exist!') return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request)) if len(observable)<=0: messages.warning(request, "No observable with the given ID exists in the system.") else: context['observable'] = observable[0] context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace) context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0]) # get related objects for obj in context['objects']: context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type)) context['related_observables'].append(obj.observables.all()) if len(context['related_observables'])<=0: context['related_observables'].append(observable) # check object type specific settings if observable[0].observable_type == 'FileObjectType': context['custom'] = [] context['meta'] = [] context['hashes'] = [] context['active_tab'] = 'hashes' for obj in context['objects']: for custom in obj.file_custom.all(): context['custom'].append({'name': custom.property_name, 'value': custom.property_value}) context['active_tab'] = 'custom' for meta in obj.file_meta.all(): if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0: context['meta'].append({ 'name': meta.file_name, 'path': meta.file_path, 'extension': meta.file_extension, 'size': meta.file_size }) context['active_tab'] = 'meta' if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256': context['hashes'] = True context['active_tab'] = 'hashes' return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))