def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: url = request.fields['url'] except KeyError: url = request.value try: indicators = search_indicator(url) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: for indicator in indicators: if indicator.get('tcScore'): weight = int(indicator.get('tcScore')) else: weight = 1 indicator = indicator.get('resource') e = Indicator(encode_to_utf8(indicator.get('title')), weight=weight) e.title = encode_to_utf8(indicator.get('title')) # e.resourceId = indicator.get('resourceId') e.resourceId = indicator.get('resourceId') if indicator.get('severity'): e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e.severity = indicator.get('severity', dict()).get('displayName') if indicator.get('confidence'): e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e.confidence = indicator.get('confidence', dict()).get('displayName') if indicator.get('indicatorType'): e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: ttps = search_ttp(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: try: for ttp in ttps: if ttp.get('tcScore'): weight = int(ttp.get('tcScore')) else: weight = 1 e = TTP(encode_to_utf8(ttp.get('title')), weight=weight) e.title = encode_to_utf8(ttp.get('title')) e.resourceId = ttp.get('id') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show coursesOfAction if len(case.get('coursesOfAction', list())) is not 0: for coa in case.get('coursesOfAction'): if coa.get('tcScore'): weight = int(coa.get('tcScore')) else: weight = 1 e = CoursesOfAction(encode_to_utf8(coa.get('title')), weight=weight) e.title = encode_to_utf8(coa.get('title')) e.resourceId = coa.get('resourceId') if coa.get('text'): e += Label('Text', '<br/>'.join(encode_to_utf8(coa.get('text')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'REGISTRY_KEY': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 e = RegistryKey(observable.get('value'), weight=weight) # TODO : Verify this # e.name = observable.get('name') e.value = observable.get('value') # TODO : Verify this # e.action = observable.get('action', dict()).get('displayName') e.hive = observable.get('hive') e.key = observable.get('key') # TODO : Verify this # e.data = registryKeyValues # e.rtype = type e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: incident = get_incident(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked TTP's if len(incident.get('tacticsTechniquesAndProcedures', list())) is not 0: for ttp in incident.get('tacticsTechniquesAndProcedures'): if ttp.get('tcScore'): weight = int(ttp.get('tcScore')) else: weight = 1 e = TTP(encode_to_utf8(ttp.get('title')), weight=weight) e.title = encode_to_utf8(ttp.get('title')) e.resourceId = ttp.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked TTP's if len(case.get('tacticsTechniquesAndProcedures', list())) is not 0: for ttp in case.get('tacticsTechniquesAndProcedures'): if ttp.get('tcScore'): weight = int(ttp.get('tcScore')) else: weight = 1 e = TTP(encode_to_utf8(ttp.get('title')), weight=weight) e.title = encode_to_utf8(ttp.get('title')) e.resourceId = ttp.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'FILE_HASH': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 filehashes = observable.get('fileHashes', list()) for filehash in filehashes: e = FileHash(filehash.get('value'), weight=weight) e.name = observable.get('name') e.value = filehash.get('value') e.htype = filehash.get('type') e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'IP': e = IPv4Address(observable.get('value')) e += Label('IP Address', observable.get('value')) if observable.get('port'): e += Label('Port', observable.get('port')) if upper(observable.get('location', dict()).get('city')) != 'UNDEFINED_GEO_LOCATION_STRING': e += Label('Location', '<br/>'.join(['{}:{}'.format(encode_to_utf8(k), encode_to_utf8(v)) for k, v in observable.get('location', dict()).iteritems()])) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: cases = get_linked_cases(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response except KeyError: response += UIMessage("No resourceId!", type='PartialError') return response else: try: for case in cases: if case.get('tcScore'): weight = int(case.get('tcScore')) else: weight = 1 e = Case(encode_to_utf8(case.get('title')), weight=weight) e.title = encode_to_utf8(case.get('title')) # e.resourceId = indicator.get('resourceId') e.resourceId = case.get('resourceId') if case.get('importanceScore'): e.importanceScore = case.get('importanceScore') e += Label('Importance Score', case.get('importanceScore')) if case.get('importanceLevel'): e.importanceLevel = case.get('importanceLevel') e += Label('Importance Level', case.get('importanceLevel')) # Show comments if len(case.get('comments', list())) is not 0: e += Label('Comments', '<br/>'.join(['{}<br/>'.format(_.get('text')) for _ in encode_to_utf8(case.get('comments'))])) if case.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(case.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: url = request.fields['url'] except KeyError: url = request.value try: indicators = search_indicator(url) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: for indicator in indicators: if indicator.get('tcScore'): weight = int(indicator.get('tcScore')) else: weight = 1 indicator = indicator.get('resource') e = Indicator(encode_to_utf8(indicator.get('title')), weight=weight) e.title = encode_to_utf8(indicator.get('title')) # e.resourceId = indicator.get('resourceId') e.resourceId = indicator.get('resourceId') if indicator.get('severity'): e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e.severity = indicator.get('severity', dict()).get('displayName') if indicator.get('confidence'): e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e.confidence = indicator.get('confidence', dict()).get('displayName') if indicator.get('indicatorType'): e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'URI': e = URL(observable.get('value')) e.url = observable.get('value') e += Label('URI', observable.get('value')) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: incidents = get_linked_incidents(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response except KeyError: response += UIMessage("No resourceId!", type='PartialError') return response else: try: for incident in incidents: if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentCategory', list())])) if len(incident.get('affectedAsset', list())) is not 0: e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('affectedAsset', list())])) if len(incident.get('incidentEffect', list())) is not 0: e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentEffect', list())])) if len(incident.get('discoveryMethod', list())) is not 0: e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('discoveryMethod', list())])) if incident.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: coa = get_incident(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked Courses Of Actions if len(coa.get('coursesOfAction', list())) is not 0: for coa in coa.get('coursesOfAction'): if coa.get('tcScore'): weight = int(coa.get('tcScore')) else: weight = 1 e = CoursesOfAction(encode_to_utf8(coa.get('title')), weight=weight) e.title = encode_to_utf8(coa.get('title')) e += Label('Title', encode_to_utf8(coa.get('title'))) e.resourceId = coa.get('resourceId') if coa.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( coa.get('description')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: incidents = search_incident(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: try: for incident in incidents: if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 incident = incident.get('resource') if incident: e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') # e.resourceId = incident.get('id') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentCategory', list())])) if len(incident.get('affectedAsset', list())) is not 0: e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('affectedAsset', list())])) if len(incident.get('incidentEffect', list())) is not 0: e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentEffect', list())])) if len(incident.get('discoveryMethod', list())) is not 0: e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('discoveryMethod', list())])) if incident.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked Indicators if len(case.get('indicators', list())) is not 0: for indicator in case.get('indicators'): if indicator.get('tcScore'): weight = int(indicator.get('tcScore')) else: weight = 1 e = Indicator(encode_to_utf8(indicator.get('title')), weight=weight) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get( 'type', dict()).get('value')) == 'FILE_HASH': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 filehashes = observable.get('fileHashes', list()) for filehash in filehashes: e = FileHash(filehash.get('value'), weight=weight) #e.name = observable.get('name') e.value = filehash.get('value') e.htype = filehash.get('type') e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: incidents = get_incident(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked actors if len(incidents.get('actors', list())) is not 0: for actor in incidents.get('actors'): notes = list() if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 if actor.get('name'): e = Actor(encode_to_utf8(actor.get('name')), weight=weight) e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) elif actor.get('title'): e = Actor(encode_to_utf8(actor.get('title')), weight=weight) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8(actor.get('organization')) if actor.get('aliases'): e.aliases = actor.get('aliases') if actor.get('country'): e.country = encode_to_utf8(actor.get('country', dict()).get('displayName')) if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label('Links', '<br/>'.join(['<a href="{}">{}</a>'.format(_.get('href'), _.get('href')) for _ in actor.get('links')])) if actor.get('hyperlinks'): e += Label('Hyperlinks', '<br/>'.join(['<a href="{}">{}</a>'.format(_.get('url'), _.get('title')) for _ in actor.get('hyperlinks')])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label('Aliases', '<br/>'.join([encode_to_utf8(_) for _ in actor.get('aliases', '')])) if actor.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(actor.get('description', '') ).split('\n'))) if actor.get('country'): e += Label('Country', encode_to_utf8(actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label('Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label('Types', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('types')])) if actor.get('motivations'): e += Label('Motivations', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations')])) if actor.get('intendedEffects'): e += Label('Intended Effects', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects')])) if actor.get('sophistication'): e += Label('Sophistication', actor.get('sophistication', dict()).get('displayName')) if actor.get('socialMediaText'): e += Label('Social Media', '<br/>'.join(encode_to_utf8(actor.get('socialMediaText', '')).split('\n'))) if actor.get('moreInfo'): e += Label('More Info', '<br/>'.join(encode_to_utf8(actor.get('moreInfo', '') ).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: results = search(request.value) except ThreatCentralError as err: results = None response += UIMessage(err.value, type='PartialError') else: try: for result in results: rtype = lower(result.get('type')) if result.get('tcScore'): weight = int(result.get('tcScore')) else: weight = 1 # Title ID Description if rtype == 'actor': # Check Title, if no title get resource > name # Actor entity can have an empty title field if result.get('title'): e = Actor(encode_to_utf8(result.get('title')), weight=weight) else: e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight) e.name = encode_to_utf8(result.get('resource', dict()).get('name')) e.actor = encode_to_utf8(result.get('resource', dict()).get('name')) elif rtype == 'case': e = Case(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'coursesofactions': e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'indicator': e = Indicator(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'incident': e = Incident(encode_to_utf8(result.get('title')), weight=weight) # elif rtype == 'tacticstechniquesandprocedures': elif rtype == 'ttp': e = TTP(encode_to_utf8(result.get('title')), weight=weight) else: # To be safe e = Phrase(encode_to_utf8(result.get('title')), weight=weight) debug(rtype) e.title = encode_to_utf8(result.get('title')) e.resourceId = result.get('id') if result.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description', '')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked Indicators if len(case.get('indicators', list())) is not 0: for indicator in case.get('indicators'): if indicator.get('tcScore'): weight = int(indicator.get('tcScore')) else: weight = 1 e = Indicator(encode_to_utf8(indicator.get('title')), weight=weight) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType',
def dotransform(request, response, config): i = 0 for actor in search_actor(request.value): try: rtype = lower(actor.get('type')) if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 actor = actor.get('resource') # actor_name = actor.get('name', '').split('\n') if len(actor) is not 0: if rtype == 'actor': if actor.get('name'): e = Actor(encode_to_utf8(actor.get('name')), weight=weight) e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) elif actor.get('title'): e = Actor(encode_to_utf8(actor.get('title'))) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8(actor.get('organization')) if actor.get('aliases'): e.aliases = actor.get('aliases') if actor.get('country'): e.country = encode_to_utf8(actor.get('country', dict()).get('displayName')) if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label('Links', '<br/>'.join(['<a href="{}">{}</a>'.format(_.get('href'), _.get('href')) for _ in actor.get('links')])) if actor.get('hyperlinks'): e += Label('Hyperlinks', '<br/>'.join(['<a href="{}">{}</a>'.format(_.get('url'), _.get('title')) for _ in actor.get('hyperlinks')])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label('Aliases', '<br/>'.join([encode_to_utf8(_) for _ in actor.get('aliases', '')])) if actor.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(actor.get('description', '') ).split('\n'))) if actor.get('country'): e += Label('Country', encode_to_utf8(actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label('Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label('Types', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('types')])) if actor.get('motivations'): e += Label('Motivations', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations')])) if actor.get('intendedEffects'): e += Label('Intended Effects', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects')])) if actor.get('sophistication'): e += Label('Sophistication', actor.get('sophistication', dict()).get('displayName')) if actor.get('socialMediaText'): e += Label('Social Media', '<br/>'.join(encode_to_utf8(actor.get('socialMediaText', '')).split('\n'))) if actor.get('moreInfo'): e += Label('More Info', '<br/>'.join(encode_to_utf8(actor.get('moreInfo', '') ).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) if i < 1: i += 1 e.linkcolor = "0xf90000" response += e except AttributeError as err: response += UIMessage(err, type='PartialError') continue except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: results = search(request.value, size=10, pages=1) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: for result in results: rtype = lower(result.get('type')) if result.get('tcScore'): weight = int(result.get('tcScore')) else: weight = 1 # Title ID Description if rtype == 'actor': # Check Title, if no title get resource > name # Actor entity can have an empty title field if result.get('title'): e = Actor(encode_to_utf8(result.get('title')), weight=weight) else: e = Actor(encode_to_utf8( result.get('resource', dict()).get('name')), weight=weight) e.name = encode_to_utf8( result.get('resource', dict()).get('name')) e.actor = encode_to_utf8( result.get('resource', dict()).get('name')) elif rtype == 'case': e = Case(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'coursesofactions': e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'indicator': e = Indicator(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'incident': e = Incident(encode_to_utf8(result.get('title')), weight=weight) # elif rtype == 'tacticstechniquesandprocedures': elif rtype == 'ttp': e = TTP(encode_to_utf8(result.get('title')), weight=weight) else: # To be safe e = Phrase(encode_to_utf8(result.get('title')), weight=weight) debug(rtype) e.title = encode_to_utf8(result.get('title')) e.resourceId = result.get('id') if result.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8(result.get('description', '')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked TTP's if len(case.get('tacticsTechniquesAndProcedures', list())) is not 0: for ttp in case.get('tacticsTechniquesAndProcedures'): if ttp.get('tcScore'): weight = int(ttp.get('tcScore')) else: weight = 1 e = TTP(encode_to_utf8(ttp.get('title')), weight=weight) e.title = encode_to_utf8(ttp.get('title')) e.resourceId = ttp.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: actor = get_actor(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response except KeyError: try: actors = search_actor(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: i = 0 for actor in actors: try: rtype = lower(actor.get('type')) actor = actor.get('resource') if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 if len(actor) is not 0: if rtype == 'actor': if actor.get('name'): e = Actor(encode_to_utf8(actor.get('name')), weight=weight) e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) elif actor.get('title'): e = Actor(encode_to_utf8(actor.get('title'))) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8( actor.get('organization')) if actor.get('aliases'): e.aliases = ', '.join([ encode_to_utf8(_) for _ in actor.get('aliases') ]) if actor.get('country'): e.country = encode_to_utf8( actor.get('country', dict()).get('displayName')) if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label( 'Links', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('href'), _.get('href')) for _ in actor.get('links') ])) if actor.get('hyperlinks'): e += Label( 'Hyperlinks', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('url'), _.get('title')) for _ in actor.get('hyperlinks') ])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label( 'Aliases', '<br/>'.join([ encode_to_utf8(_) for _ in actor.get('aliases', '') ])) if actor.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( actor.get('description', '')).split('\n'))) if actor.get('country'): e += Label( 'Country', encode_to_utf8( actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label( 'Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label( 'Types', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('types') ])) if actor.get('motivations'): e += Label( 'Motivations', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations') ])) if actor.get('intendedEffects'): e += Label( 'Intended Effects', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects') ])) if actor.get('sophistication'): e += Label( 'Sophistication', actor.get('sophistication', dict()).get('displayName')) if actor.get('socialMediaText'): e += Label( 'Social Media', '<br/>'.join( encode_to_utf8( actor.get('socialMediaText', '')).split('\n'))) if actor.get('moreInfo'): e += Label( 'More Info', '<br/>'.join( encode_to_utf8( actor.get('moreInfo', '')).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) if i < 1: i += 1 e.linkcolor = "0xf90000" response += e except AttributeError as err: response += UIMessage(err, type='PartialError') continue except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response else: if actor: try: if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 # Update entity? e = Actor(request.value, weight=weight) if actor.get('name'): e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8(actor.get('organization')) if actor.get('aliases'): e.aliases = ', '.join( [encode_to_utf8(_) for _ in actor.get('aliases')]) if actor.get('country'): e.country = encode_to_utf8( actor.get('country', dict()).get('displayName')) # Add Location entitie l = Location( encode_to_utf8( actor.get('country', dict()).get('displayName'))) response += l if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label( 'Links', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('href'), _.get('href')) for _ in actor.get('links') ])) if actor.get('hyperlinks'): e += Label( 'Hyperlinks', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('url'), _.get('title')) for _ in actor.get('hyperlinks') ])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label( 'Aliases', '<br/>'.join([ encode_to_utf8(_) for _ in actor.get('aliases', '') ])) if actor.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8(actor.get('description', '')).split('\n'))) if actor.get('country'): e += Label( 'Country', encode_to_utf8( actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label('Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label( 'Types', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('types') ])) if actor.get('motivations'): e += Label( 'Motivations', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations') ])) if actor.get('intendedEffects'): e += Label( 'Intended Effects', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects') ])) if actor.get('sophistication'): e += Label( 'Sophistication', encode_to_utf8( actor.get('sophistication', dict()).get('displayName'))) if actor.get('socialMediaText'): e += Label( 'Social Media', '<br/>'.join( encode_to_utf8(actor.get('socialMediaText', '')).split('\n'))) if actor.get('moreInfo'): e += Label( 'More Info', '<br/>'.join( encode_to_utf8(actor.get('moreInfo', '')).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) response += e # Extract email addresses usable_info = search_for_usable_info('{} {} {}'.format( encode_to_utf8(actor.get('description')), encode_to_utf8(actor.get('socialMediaText')), encode_to_utf8(actor.get('moreInfo')))) if usable_info: debug(usable_info) try: urls = usable_info.get('url', dict()) for twitter in urls.get('twitter', list()): t = Twitter(twitter.get('name')) t.uid = twitter.get('name') t.set_field('affiliation.profile-url', twitter.get('url')) response += t for facebook in urls.get('facebook', list()): f = Facebook(facebook.get('name')) f.uid = facebook.get('name') f.set_field('affiliation.profile-url', facebook.get('url')) response += f for other in urls.get('other', list()): u = URL(other) u.url = other response += u emailaddr = usable_info.get('email', list()) for email in emailaddr: e = EmailAddress(email) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err)) except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show coursesOfAction if len(case.get('coursesOfAction', list())) is not 0: for coa in case.get('coursesOfAction'): if coa.get('tcScore'): weight = int(coa.get('tcScore')) else: weight = 1 e = CoursesOfAction(encode_to_utf8(coa.get('title')), weight=weight) e.title = encode_to_utf8(coa.get('title')) e.resourceId = coa.get('resourceId') if coa.get('text'): e += Label( 'Text', '<br/>'.join( encode_to_utf8( coa.get('text')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err:
e += Label('Importance Score', case.get('importanceScore')) if case.get('importanceLevel'): e.importanceLevel = case.get('importanceLevel') e += Label('Importance Level', case.get('importanceLevel')) # Show comments if len(case.get('comments', list())) is not 0: e += Label('Comments', '<br/>'.join(['{}<br/>'.format(_.get('text')) for _ in encode_to_utf8(case.get('comments'))])) response += e # Show Hyperlinks if len(case.get('hyperlinks', list())) is not 0: for hyperlink in case.get('hyperlinks'): e = Hyperlinks(encode_to_utf8(hyperlink.get('title'))) e.title = encode_to_utf8(hyperlink.get('title')) e.resourceId = hyperlink.get('resourceId') e.url = hyperlink.get('url') e += Label('Title', encode_to_utf8(hyperlink.get('title'))) e += Label('Resource ID', hyperlink.get('resourceId')) e += Label('url', hyperlink.get('url')) response += e # Show Attachments if len(case.get('attachments', list())) is not 0: for attachment in case.get('attachments'): e = Attachments(encode_to_utf8(attachment.get('name'))) e.name = encode_to_utf8(attachment.get('name')) e.resourceId = attachment.get('resourceId')
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: actor = get_actor(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update entity? e = Actor(request.value) if actor.get('name'): e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8(actor.get('organization')) if actor.get('aliases'): e.aliases = actor.get('aliases') if actor.get('country'): e.country = encode_to_utf8( actor.get('country', dict()).get('displayName')) if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label( 'Links', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('href'), _.get('href')) for _ in actor.get('links') ])) if actor.get('hyperlinks'): e += Label( 'Hyperlinks', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('url'), _.get('title')) for _ in actor.get('hyperlinks') ])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label( 'Aliases', '<br/>'.join([ encode_to_utf8(_) for _ in actor.get('aliases', '') ])) if actor.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8(actor.get('description', '')).split('\n'))) if actor.get('country'): e += Label( 'Country', encode_to_utf8( actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label('Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label( 'Types', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('types') ])) if actor.get('motivations'): e += Label( 'Motivations', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations') ])) if actor.get('intendedEffects'): e += Label( 'Intended Effects', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects') ])) if actor.get('sophistication'): e += Label( 'Sophistication', encode_to_utf8( actor.get('sophistication', dict()).get('displayName'))) if actor.get('socialMediaText'): e += Label( 'Social Media', '<br/>'.join( encode_to_utf8(actor.get('socialMediaText', '')).split('\n'))) if actor.get('moreInfo'): e += Label( 'More Info', '<br/>'.join( encode_to_utf8(actor.get('moreInfo', '')).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) response += e # Add entities # Show linked TTP's if len(actor.get('tacticsTechniquesAndProcedures', list())) is not 0: for ttp in actor.get('tacticsTechniquesAndProcedures'): if ttp.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 e = TTP(encode_to_utf8(ttp.get('title')), weight=weight) e.title = encode_to_utf8(ttp.get('title')) e.resourceId = ttp.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err)) except TypeError: return response return response
if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show incidents if len(case.get('incidents', list())) is not 0: for incident in case.get('incidents'): if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label( 'Incident Category', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in incident.get( 'incidentCategory', list()) ]))
def dotransform(request, response, config): try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response except KeyError: try: cases = search_case(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: try: for case in cases: if case.get('tcScore'): weight = int(case.get('tcScore')) else: weight = 1 case = case.get('resource') e = Case(encode_to_utf8(case.get('title')), weight=weight) e.title = encode_to_utf8(case.get('title')) e.resourceId = case.get('resourceId') if case.get('importanceScore'): e.importanceScore = case.get('importanceScore') e += Label('Importance Score', case.get('importanceScore')) if case.get('importanceLevel'): e.importanceLevel = case.get('importanceLevel') e += Label('Importance Level', case.get('importanceLevel')) # Show comments if len(case.get('comments', list())) is not 0: e += Label('Comments', '<br/>'.join(['{}<br/>'.format(_.get('text')) for _ in encode_to_utf8(case.get('comments'))])) if case.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(case.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response else: if case: try: # Update entity? e = Case(request.value) if case.get('title'): e.case = encode_to_utf8(case.get('title')) e.title = encode_to_utf8(case.get('title')) e += Label('Title', encode_to_utf8(case.get('title'))) if case.get('resourceId'): e += Label('ResourceID', case.get('resourceId')) if case.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(case.get('description', '')).split('\n'))) if case.get('importanceScore'): e.importanceScore = case.get('importanceScore') e += Label('Importance Score', case.get('importanceScore')) if case.get('importanceLevel'): e.importanceLevel = case.get('importanceLevel') e += Label('Importance Level', case.get('importanceLevel')) # Show comments if len(case.get('comments', list())) is not 0: e += Label('Comments', '<br/>'.join(['{}<br/>'.format(_.get('text')) for _ in encode_to_utf8(case.get('comments'))])) response += e # Show Hyperlinks if len(case.get('hyperlinks', list())) is not 0: for hyperlink in case.get('hyperlinks'): e = Hyperlinks(encode_to_utf8(hyperlink.get('title'))) e.title = encode_to_utf8(hyperlink.get('title')) e.resourceId = hyperlink.get('resourceId') e.url = hyperlink.get('url') e += Label('Title', encode_to_utf8(hyperlink.get('title'))) e += Label('Resource ID', hyperlink.get('resourceId')) e += Label('url', hyperlink.get('url')) response += e # Show Attachments if len(case.get('attachments', list())) is not 0: for attachment in case.get('attachments'): e = Attachments(encode_to_utf8(attachment.get('name'))) e.name = encode_to_utf8(attachment.get('name')) e.resourceId = attachment.get('resourceId') e.atype = attachment.get('type') e.size = attachment.get('size') e.checksum = attachment.get('checksum') e.createDate = attachment.get('createDate') if attachment.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(attachment.get('description') ).split('\n'))) if len(attachment.get('links', list())) is not 0: for att in attachment.get('links', list()): e += Label('Links', '<a href="{}">{}</a><br/>'.format(att.get('href'), att.get('href'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: indicator = None response += UIMessage(err.value, type='PartialError') if indicator: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get( 'type', dict()).get('value')) == 'REGISTRY_KEY': # Use sighting if observable.get('sighting'): weight = int(observable.get('sighting')) else: weight = 1 e = RegistryKey(observable.get('value'), weight=weight) # TODO : Verify this # e.name = observable.get('name') e.value = observable.get('value') # TODO : Verify this # e.action = observable.get('action', dict()).get('displayName') e.hive = observable.get('hive') e.key = observable.get('key') # TODO : Verify this # e.data = registryKeyValues # e.rtype = type e.resourceId = observable.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: indicator = get_indicator( request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Update Indicator entity ? e = Indicator(request.value) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e.severity = indicator.get('severity', dict()).get('displayName') e.confidence = indicator.get('confidence', dict()).get('displayName') e.indicatorType = indicator.get('indicatorType', dict()).get('displayName') e += Label( 'Severity', indicator.get('severity', dict()).get('displayName')) e += Label( 'Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label( 'Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8( indicator.get('description')).split('\n'))) response += e if len(indicator.get('observables', list())) is not 0: for observable in indicator.get('observables'): if upper(observable.get('type', dict()).get('value')) == 'IP': e = IPv4Address(observable.get('value')) e += Label('IP Address', observable.get('value')) if observable.get('port'): e += Label('Port', observable.get('port')) if upper( observable.get('location', dict()).get('city') ) != 'UNDEFINED_GEO_LOCATION_STRING': e += Label( 'Location', '<br/>'.join([ '{}:{}'.format(encode_to_utf8(k), encode_to_utf8(v)) for k, v in observable.get( 'location', dict()).iteritems() ])) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): i = 0 for actor in search_actor(request.value): try: rtype = lower(actor.get('type')) if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 actor = actor.get('resource') # actor_name = actor.get('name', '').split('\n') if len(actor) is not 0: if rtype == 'actor': if actor.get('name'): e = Actor(encode_to_utf8(actor.get('name')), weight=weight) e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) elif actor.get('title'): e = Actor(encode_to_utf8(actor.get('title'))) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8( actor.get('organization')) if actor.get('aliases'): e.aliases = actor.get('aliases') if actor.get('country'): e.country = encode_to_utf8( actor.get('country', dict()).get('displayName')) if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label( 'Links', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('href'), _.get('href')) for _ in actor.get('links') ])) if actor.get('hyperlinks'): e += Label( 'Hyperlinks', '<br/>'.join([ '<a href="{}">{}</a>'.format( _.get('url'), _.get('title')) for _ in actor.get('hyperlinks') ])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label( 'Aliases', '<br/>'.join([ encode_to_utf8(_) for _ in actor.get('aliases', '') ])) if actor.get('description'): e += Label( 'Description', '<br/>'.join( encode_to_utf8(actor.get('description', '')).split('\n'))) if actor.get('country'): e += Label( 'Country', encode_to_utf8( actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label('Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label( 'Types', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('types') ])) if actor.get('motivations'): e += Label( 'Motivations', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations') ])) if actor.get('intendedEffects'): e += Label( 'Intended Effects', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects') ])) if actor.get('sophistication'): e += Label( 'Sophistication', actor.get('sophistication', dict()).get('displayName')) if actor.get('socialMediaText'): e += Label( 'Social Media', '<br/>'.join( encode_to_utf8(actor.get( 'socialMediaText', '')).split('\n'))) if actor.get('moreInfo'): e += Label( 'More Info', '<br/>'.join( encode_to_utf8(actor.get('moreInfo', '')).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) if i < 1: i += 1 e.linkcolor = "0xf90000" response += e except AttributeError as err: response += UIMessage(err, type='PartialError') continue except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show Actors if len(case.get('actors', list())) is not 0: for actor in case.get('actors'): notes = list() if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 if actor.get('name'): e = Actor(encode_to_utf8(actor.get('name')), weight=weight) e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) elif actor.get('title'): e = Actor(encode_to_utf8(actor.get('title')), weight=weight) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8( actor.get('organization')) if actor.get('aliases'): e.aliases = actor.get('aliases') if actor.get('country'):