def match(self): """Match observables against Yeti's intelligence repository. Takes an array of observables, expands them and tries to match them against specific indicators or known observables. To "expand" an observable means to enrich the query. For instance, if the arrays of observables contains the URL ``http://google.com``, the "expanded" observable array will also include the hostname ``google.com``. :<json [string] observables: An array of observables to be analyzed :>json [Entity] entities: Related ``Entity`` objects :>json [Observable] known: ``Observable`` objects that are already present in database :>json [Indicator] matches: ``Indicators`` that matched observables :>json Observable matches[].observable: The ``Observable`` object that matched the ``Indicator`` :>json string unknown: Array of observable strings that didn't match any ``Indicators`` and are unknown to Yeti """ params = request.json observables = params.pop('observables', []) fetch_neighbors = params.pop('fetch_neighbors', True) add_unknown = bool(params.pop('add_unknown', False)) if add_unknown and current_user.has_permission('observable', 'write'): for o in observables: Observable.add_text(o) data = match_observables(observables, save_matches=add_unknown and current_user.has_permission('observable', 'write'), fetch_neighbors=fetch_neighbors) return render(data)
def match(self): """Match observables against Yeti's intelligence repository. Takes an array of observables, expands them and tries to match them against specific indicators or known observables. To "expand" an observable means to enrich the query. For instance, if the arrays of observables contains the URL ``http://google.com``, the "expanded" observable array will also include the hostname ``google.com``. :<json [string] observables: An array of observables to be analyzed :>json [Entity] entities: Related ``Entity`` objects :>json [Observable] known: ``Observable`` objects that are already present in database :>json [Indicator] matches: ``Indicators`` that matched observables :>json Observable matches[].observable: The ``Observable`` object that matched the ``Indicator`` :>json string unknown: Array of observable strings that didn't match any ``Indicators`` and are unknown to Yeti """ params = request.json observables = params.pop('observables', []) add_unknown = bool(params.pop('add_unknown', False)) if add_unknown: for o in observables: Observable.add_text(o) data = match_observables(observables, save_matches=add_unknown) return render(data)
def index(self): if request.method == "POST": lines = [] obs = {} if request.files.get("bulk-file"): # request files lines = request.files.get("bulk-file").readlines() else: lines = request.form["bulk-text"].split("\n") invalid_observables = 0 if bool(request.form.get("add", False)) and current_user.has_permission( "observable", "write" ): tags = request.form.get("tags", "").split(",") for l in lines: try: txt = l.strip() if txt: if ( request.form["force-type"] and request.form["force-type"] in globals() and issubclass( globals()[request.form["force-type"]], Observable ) ): print(globals()[request.form["force-type"]]) o = globals()[request.form["force-type"]].get_or_create( value=txt ) else: o = Observable.add_text(txt) o.tag(tags) obs[o.value] = o except (ObservableValidationError, ValueError) as e: logging.error("Error validating {}: {}".format(txt, e)) invalid_observables += 1 continue else: for l in lines: obs[l.strip()] = l, None if len(obs) > 0: data = match_observables(obs.keys()) userLogger.info( "User %s add observable : value=%s", current_user.username, data ) return render_template("observable/search_results.html", data=data) else: if invalid_observables: flash( "Type guessing failed for {} observables. Try setting it manually.".format( invalid_observables ), "danger", ) return render_template("observable/search.html") return render_template("observable/search.html")
def match(self): params = request.json observables = params.pop('observables', []) add_unknown = bool(params.pop('add_unknown', False)) if add_unknown: for o in observables: Observable.add_text(o) data = match_observables(observables, save_matches=add_unknown) return render(data)
def index(self): if request.method == "POST": lines = [] obs = {} if request.files.get('bulk-file'): # request files lines = request.files.get('bulk-file').readlines() else: lines = request.form['bulk-text'].split('\n') invalid_observables = 0 if bool(request.form.get( 'add', False)) and current_user.has_permission("observable", "write"): tags = request.form.get('tags', "").split(',') for l in lines: try: txt = l.strip() if txt: if (request.form['force-type'] and request.form['force-type'] in globals() and issubclass( globals()[request.form['force-type']], Observable)): print globals()[request.form['force-type']] o = globals()[request.form[ 'force-type']].get_or_create(value=txt) else: o = Observable.add_text(txt) o.tag(tags) obs[o.value] = o except (ObservableValidationError, ValueError) as e: logging.error("Error validating {}: {}".format(txt, e)) invalid_observables += 1 continue else: for l in lines: obs[l.strip()] = l, None if len(obs) > 0: data = match_observables(obs.keys()) return render_template( "observable/search_results.html", data=data) else: if invalid_observables: flash( "Type guessing failed for {} observables. Try setting it manually.". format(invalid_observables), "danger") return render_template("observable/search.html") return render_template("observable/search.html")
def index(self): if request.method == "POST": lines = [] obs = {} if request.files.get('bulk-file'): # request files pass else: lines = request.form['bulk-text'].split('\n') invalid_observables = 0 if bool(request.form.get('add', False)): tags = request.form.get('tags', "").split(',') for l in lines: try: txt = l.strip() if txt: if (request.form['force-type'] and request.form['force-type'] in globals() and issubclass( globals()[request.form['force-type']], Observable)): print globals()[request.form['force-type']] o = globals()[ request.form['force-type']].get_or_create( value=txt) else: o = Observable.add_text(txt) o.tag(tags) obs[o.value] = o except (ObservableValidationError, ValueError) as e: logging.error("Error validating {}: {}".format(txt, e)) invalid_observables += 1 continue else: for l in lines: obs[l.strip()] = l, None if len(obs) > 0: data = match_observables(obs.keys()) return render_template("observable/search_results.html", data=data) else: if invalid_observables: flash( "Type guessing failed for {} observables. Try setting it manually." .format(invalid_observables), "danger") return render_template("observable/search.html") return render_template("observable/search.html")