def import_object(request, type_, id_): setup_access() if type_ == "Threat Descriptors": obj = ThreatDescriptor(id=id_) obj.details(fields=[ f for f in ThreatDescriptor._default_fields if f not in (td.PRIVACY_MEMBERS, td.SUBMITTER_COUNT, td.METADATA) ]) itype = getattr(IndicatorTypes, obj.get(td.TYPE)) ithreat_type = getattr(IndicatorThreatTypes, obj.get(td.THREAT_TYPE)) results = handle_indicator_ind( obj.get(td.RAW_INDICATOR), "ThreatExchange", itype, ithreat_type, None, request.user.username, method="ThreatExchange Service", reference="id: %s, owner: %s, share_level: %s" % (obj.get( td.ID), obj.get(td.OWNER)['name'], obj.get(td.SHARE_LEVEL)), add_domain=True, add_relationship=True, confidence=build_ci(obj.get(td.CONFIDENCE)), description=obj.get(td.DESCRIPTION)) return results elif type_ == "Malware Analyses": obj = Malware(id=id_) obj.details(fields=[ f for f in Malware._fields if f not in (td.PRIVACY_MEMBERS, td.METADATA) ]) filename = obj.get(m.MD5) try: data = obj.rf except: data = None results = handle_file( filename, data, "ThreatExchange", method="ThreatExchange Service", reference="id: %s, share_level: %s" % (obj.get(td.ID), obj.get(td.SHARE_LEVEL)), user=request.user.username, md5_digest=obj.get(m.MD5), sha1_digest=obj.get(m.SHA1), sha256_digest=obj.get(m.SHA256), size=obj.get(m.SAMPLE_SIZE), mimetype=obj.get(m.SAMPLE_TYPE), ) return {'success': True, 'md5': results} else: return {'success': False, 'message': "Invalid Type"} return {'success': True}
def import_object(request, type_, id_): setup_access() user = request.user if type_ == "Threat Descriptors": obj = ThreatDescriptor(id=id_) obj.details( fields=[f for f in ThreatDescriptor._default_fields if f not in (td.PRIVACY_MEMBERS, td.METADATA)] ) itype = get_mapped_itype(obj.get(td.TYPE)) tags = obj.get(td.TAGS) if itype is None: return {'success': False, 'message': "Descriptor type is not supported by CRITs"} if not user.has_access_to(IndicatorACL.WRITE): return {'success': False, 'message': "User does not have permission to add Indicators to CRITs"} ithreat_type = getattr(IndicatorThreatTypes, obj.get(td.THREAT_TYPE)) results = handle_indicator_ind( obj.get(td.RAW_INDICATOR), "ThreatExchange", itype, IndicatorThreatTypes.UNKNOWN, IndicatorAttackTypes.UNKNOWN, request.user.username, method="ThreatExchange Service", reference="id: %s, owner: %s, share_level: %s" % (obj.get(td.ID), obj.get(td.OWNER)['name'], obj.get(td.SHARE_LEVEL)), add_domain=True, add_relationship=True, confidence=build_ci(obj.get(td.CONFIDENCE)), description=obj.get(td.DESCRIPTION), bucket_list=tags ) return results elif type_ == "Malware Analyses": if not user.has_access_to(SampleACL.WRITE): return {'success': False, 'message': "User does not have permission to add Sample to CRITs"} obj = Malware(id=id_) obj.details( fields=[f for f in Malware._fields if f not in (m.METADATA)] ) filename = obj.get(m.MD5) tags = obj.get(m.TAGS) try: data = obj.rf except: data = None results = handle_file( filename, data, "ThreatExchange", method="ThreatExchange Service", reference="id: %s, share_level: %s" % (obj.get(td.ID), obj.get(td.SHARE_LEVEL)), user=request.user.username, md5_digest = obj.get(m.MD5), sha1_digest = obj.get(m.SHA1), sha256_digest = obj.get(m.SHA256), size = obj.get(m.SAMPLE_SIZE), mimetype = obj.get(m.SAMPLE_TYPE), bucket_list=tags, ) return {'success': True, 'md5': results} else: return {'success': False, 'message': "Invalid Type"} return {'success': True}