def import_object(request, type_, id_):
setup_access()
if type_ == "Threat Descriptors":
obj = ThreatDescriptor(id=id_)
obj.details(fields=[
f for f in ThreatDescriptor._default_fields
if f not in (td.PRIVACY_MEMBERS, td.SUBMITTER_COUNT, td.METADATA)
])
itype = getattr(IndicatorTypes, obj.get(td.TYPE))
ithreat_type = getattr(IndicatorThreatTypes, obj.get(td.THREAT_TYPE))
results = handle_indicator_ind(
obj.get(td.RAW_INDICATOR),
"ThreatExchange",
itype,
ithreat_type,
None,
request.user.username,
method="ThreatExchange Service",
reference="id: %s, owner: %s, share_level: %s" % (obj.get(
td.ID), obj.get(td.OWNER)['name'], obj.get(td.SHARE_LEVEL)),
add_domain=True,
add_relationship=True,
confidence=build_ci(obj.get(td.CONFIDENCE)),
description=obj.get(td.DESCRIPTION))
return results
elif type_ == "Malware Analyses":
obj = Malware(id=id_)
obj.details(fields=[
f for f in Malware._fields
if f not in (td.PRIVACY_MEMBERS, td.METADATA)
])
filename = obj.get(m.MD5)
try:
data = obj.rf
except:
data = None
results = handle_file(
filename,
data,
"ThreatExchange",
method="ThreatExchange Service",
reference="id: %s, share_level: %s" %
(obj.get(td.ID), obj.get(td.SHARE_LEVEL)),
user=request.user.username,
md5_digest=obj.get(m.MD5),
sha1_digest=obj.get(m.SHA1),
sha256_digest=obj.get(m.SHA256),
size=obj.get(m.SAMPLE_SIZE),
mimetype=obj.get(m.SAMPLE_TYPE),
)
return {'success': True, 'md5': results}
else:
return {'success': False, 'message': "Invalid Type"}
return {'success': True}
def import_object(request, type_, id_):
setup_access()
user = request.user
if type_ == "Threat Descriptors":
obj = ThreatDescriptor(id=id_)
obj.details(
fields=[f for f in ThreatDescriptor._default_fields if f not in
(td.PRIVACY_MEMBERS, td.METADATA)]
)
itype = get_mapped_itype(obj.get(td.TYPE))
tags = obj.get(td.TAGS)
if itype is None:
return {'success': False,
'message': "Descriptor type is not supported by CRITs"}
if not user.has_access_to(IndicatorACL.WRITE):
return {'success': False,
'message': "User does not have permission to add Indicators to CRITs"}
ithreat_type = getattr(IndicatorThreatTypes, obj.get(td.THREAT_TYPE))
results = handle_indicator_ind(
obj.get(td.RAW_INDICATOR),
"ThreatExchange",
itype,
IndicatorThreatTypes.UNKNOWN,
IndicatorAttackTypes.UNKNOWN,
request.user.username,
method="ThreatExchange Service",
reference="id: %s, owner: %s, share_level: %s" % (obj.get(td.ID),
obj.get(td.OWNER)['name'],
obj.get(td.SHARE_LEVEL)),
add_domain=True,
add_relationship=True,
confidence=build_ci(obj.get(td.CONFIDENCE)),
description=obj.get(td.DESCRIPTION),
bucket_list=tags
)
return results
elif type_ == "Malware Analyses":
if not user.has_access_to(SampleACL.WRITE):
return {'success': False,
'message': "User does not have permission to add Sample to CRITs"}
obj = Malware(id=id_)
obj.details(
fields=[f for f in Malware._fields if f not in
(m.METADATA)]
)
filename = obj.get(m.MD5)
tags = obj.get(m.TAGS)
try:
data = obj.rf
except:
data = None
results = handle_file(
filename,
data,
"ThreatExchange",
method="ThreatExchange Service",
reference="id: %s, share_level: %s" % (obj.get(td.ID),
obj.get(td.SHARE_LEVEL)),
user=request.user.username,
md5_digest = obj.get(m.MD5),
sha1_digest = obj.get(m.SHA1),
sha256_digest = obj.get(m.SHA256),
size = obj.get(m.SAMPLE_SIZE),
mimetype = obj.get(m.SAMPLE_TYPE),
bucket_list=tags,
)
return {'success': True,
'md5': results}
else:
return {'success': False,
'message': "Invalid Type"}
return {'success': True}
