def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError')
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show coursesOfAction if len(case.get('coursesOfAction', list())) is not 0: for coa in case.get('coursesOfAction'): if coa.get('tcScore'): weight = int(coa.get('tcScore')) else: weight = 1 e = CoursesOfAction(encode_to_utf8(coa.get('title')), weight=weight) e.title = encode_to_utf8(coa.get('title')) e.resourceId = coa.get('resourceId') if coa.get('text'): e += Label('Text', '<br/>'.join(encode_to_utf8(coa.get('text')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked TTP's if len(case.get('tacticsTechniquesAndProcedures', list())) is not 0: for ttp in case.get('tacticsTechniquesAndProcedures'): if ttp.get('tcScore'): weight = int(ttp.get('tcScore')) else: weight = 1 e = TTP(encode_to_utf8(ttp.get('title')), weight=weight) e.title = encode_to_utf8(ttp.get('title')) e.resourceId = ttp.get('resourceId') response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show linked Indicators if len(case.get('indicators', list())) is not 0: for indicator in case.get('indicators'): if indicator.get('tcScore'): weight = int(indicator.get('tcScore')) else: weight = 1 e = Indicator(encode_to_utf8(indicator.get('title')), weight=weight) e.title = encode_to_utf8(indicator.get('title')) e.resourceId = indicator.get('resourceId') e += Label('Severity', indicator.get('severity', dict()).get('displayName')) e += Label('Confidence', indicator.get('confidence', dict()).get('displayName')) e += Label('Indicator Type', indicator.get('indicatorType', dict()).get('displayName')) if indicator.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(indicator.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show Actors if len(case.get('actors', list())) is not 0: for actor in case.get('actors'): notes = list() if actor.get('tcScore'): weight = int(actor.get('tcScore')) else: weight = 1 if actor.get('name'): e = Actor(encode_to_utf8(actor.get('name')), weight=weight) e.name = encode_to_utf8(actor.get('name')) e.actor = encode_to_utf8(actor.get('name')) elif actor.get('title'): e = Actor(encode_to_utf8(actor.get('title')), weight=weight) e.title = encode_to_utf8(actor.get('title')) e.resourceId = actor.get('resourceId') if actor.get('organization'): e.organization = encode_to_utf8(actor.get('organization')) if actor.get('aliases'): e.aliases = actor.get('aliases') if actor.get('country'): e.country = encode_to_utf8(actor.get('country', dict()).get('displayName')) if actor.get('score'): e.score = actor.get('score') if actor.get('links'): e += Label('Links', '<br/>'.join(['<a href="{}">{}</a>'.format(_.get('href'), _.get('href')) for _ in actor.get('links')])) if actor.get('hyperlinks'): e += Label('Hyperlinks', '<br/>'.join(['<a href="{}">{}</a>'.format(_.get('url'), _.get('title')) for _ in actor.get('hyperlinks')])) if actor.get('title'): e += Label('Title', encode_to_utf8(actor.get('title'))) if actor.get('resourceId'): e += Label('ResourceID', actor.get('resourceId')) if actor.get('aliases'): e += Label('Aliases', '<br/>'.join([encode_to_utf8(_) for _ in actor.get('aliases', '')])) if actor.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(actor.get('description', '') ).split('\n'))) if actor.get('country'): e += Label('Country', encode_to_utf8(actor.get('country', dict()).get('displayName'))) if actor.get('organization'): e += Label('Organization', encode_to_utf8(actor.get('organization'))) if actor.get('types'): e += Label('Types', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('types')])) if actor.get('motivations'): e += Label('Motivations', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('motivations')])) if actor.get('intendedEffects'): e += Label('Intended Effects', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in actor.get('intendedEffects')])) if actor.get('sophistication'): e += Label('Sophistication', actor.get('sophistication', dict()).get('displayName')) if actor.get('socialMediaText'): e += Label('Social Media', '<br/>'.join(encode_to_utf8(actor.get('socialMediaText', '') ).split('\n'))) if actor.get('moreInfo'): e += Label('More Info', '<br/>'.join(encode_to_utf8(actor.get('moreInfo', '')).split('\n'))) if actor.get('score'): e += Label('Score', actor.get('score')) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: case = get_case(request.fields['ThreatCentral.resourceId'])
def dotransform(request, response, config): try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response except KeyError: try: cases = search_case(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: try: for case in cases: if case.get('tcScore'): weight = int(case.get('tcScore')) else: weight = 1 case = case.get('resource') e = Case(encode_to_utf8(case.get('title')), weight=weight) e.title = encode_to_utf8(case.get('title')) e.resourceId = case.get('resourceId') if case.get('importanceScore'): e.importanceScore = case.get('importanceScore') e += Label('Importance Score', case.get('importanceScore')) if case.get('importanceLevel'): e.importanceLevel = case.get('importanceLevel') e += Label('Importance Level', case.get('importanceLevel')) # Show comments if len(case.get('comments', list())) is not 0: e += Label('Comments', '<br/>'.join(['{}<br/>'.format(_.get('text')) for _ in encode_to_utf8(case.get('comments'))])) if case.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(case.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response else: if case: try: # Update entity? e = Case(request.value) if case.get('title'): e.case = encode_to_utf8(case.get('title')) e.title = encode_to_utf8(case.get('title')) e += Label('Title', encode_to_utf8(case.get('title'))) if case.get('resourceId'): e += Label('ResourceID', case.get('resourceId')) if case.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(case.get('description', '')).split('\n'))) if case.get('importanceScore'): e.importanceScore = case.get('importanceScore') e += Label('Importance Score', case.get('importanceScore')) if case.get('importanceLevel'): e.importanceLevel = case.get('importanceLevel') e += Label('Importance Level', case.get('importanceLevel')) # Show comments if len(case.get('comments', list())) is not 0: e += Label('Comments', '<br/>'.join(['{}<br/>'.format(_.get('text')) for _ in encode_to_utf8(case.get('comments'))])) response += e # Show Hyperlinks if len(case.get('hyperlinks', list())) is not 0: for hyperlink in case.get('hyperlinks'): e = Hyperlinks(encode_to_utf8(hyperlink.get('title'))) e.title = encode_to_utf8(hyperlink.get('title')) e.resourceId = hyperlink.get('resourceId') e.url = hyperlink.get('url') e += Label('Title', encode_to_utf8(hyperlink.get('title'))) e += Label('Resource ID', hyperlink.get('resourceId')) e += Label('url', hyperlink.get('url')) response += e # Show Attachments if len(case.get('attachments', list())) is not 0: for attachment in case.get('attachments'): e = Attachments(encode_to_utf8(attachment.get('name'))) e.name = encode_to_utf8(attachment.get('name')) e.resourceId = attachment.get('resourceId') e.atype = attachment.get('type') e.size = attachment.get('size') e.checksum = attachment.get('checksum') e.createDate = attachment.get('createDate') if attachment.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(attachment.get('description') ).split('\n'))) if len(attachment.get('links', list())) is not 0: for att in attachment.get('links', list()): e += Label('Links', '<a href="{}">{}</a><br/>'.format(att.get('href'), att.get('href'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response