def match(self):
"""Match observables against Yeti's intelligence repository.
Takes an array of observables, expands them and tries to match them against specific indicators or known observables.
To "expand" an observable means to enrich the query. For instance, if the arrays of observables contains the URL ``http://google.com``,
the "expanded" observable array will also include the hostname ``google.com``.
:<json [string] observables: An array of observables to be analyzed
:>json [Entity] entities: Related ``Entity`` objects
:>json [Observable] known: ``Observable`` objects that are already present in database
:>json [Indicator] matches: ``Indicators`` that matched observables
:>json Observable matches[].observable: The ``Observable`` object that matched the ``Indicator``
:>json string unknown: Array of observable strings that didn't match any ``Indicators`` and are unknown to Yeti
"""
params = request.json
observables = params.pop('observables', [])
fetch_neighbors = params.pop('fetch_neighbors', True)
add_unknown = bool(params.pop('add_unknown', False))
if add_unknown and current_user.has_permission('observable', 'write'):
for o in observables:
Observable.add_text(o)
data = match_observables(observables, save_matches=add_unknown and current_user.has_permission('observable', 'write'), fetch_neighbors=fetch_neighbors)
return render(data)
def match(self):
"""Match observables against Yeti's intelligence repository.
Takes an array of observables, expands them and tries to match them against specific indicators or known observables.
To "expand" an observable means to enrich the query. For instance, if the arrays of observables contains the URL ``http://google.com``,
the "expanded" observable array will also include the hostname ``google.com``.
:<json [string] observables: An array of observables to be analyzed
:>json [Entity] entities: Related ``Entity`` objects
:>json [Observable] known: ``Observable`` objects that are already present in database
:>json [Indicator] matches: ``Indicators`` that matched observables
:>json Observable matches[].observable: The ``Observable`` object that matched the ``Indicator``
:>json string unknown: Array of observable strings that didn't match any ``Indicators`` and are unknown to Yeti
"""
params = request.json
observables = params.pop('observables', [])
add_unknown = bool(params.pop('add_unknown', False))
if add_unknown:
for o in observables:
Observable.add_text(o)
data = match_observables(observables, save_matches=add_unknown)
return render(data)
def index(self):
if request.method == "POST":
lines = []
obs = {}
if request.files.get("bulk-file"): # request files
lines = request.files.get("bulk-file").readlines()
else:
lines = request.form["bulk-text"].split("\n")
invalid_observables = 0
if bool(request.form.get("add", False)) and current_user.has_permission(
"observable", "write"
):
tags = request.form.get("tags", "").split(",")
for l in lines:
try:
txt = l.strip()
if txt:
if (
request.form["force-type"]
and request.form["force-type"] in globals()
and issubclass(
globals()[request.form["force-type"]], Observable
)
):
print(globals()[request.form["force-type"]])
o = globals()[request.form["force-type"]].get_or_create(
value=txt
)
else:
o = Observable.add_text(txt)
o.tag(tags)
obs[o.value] = o
except (ObservableValidationError, ValueError) as e:
logging.error("Error validating {}: {}".format(txt, e))
invalid_observables += 1
continue
else:
for l in lines:
obs[l.strip()] = l, None
if len(obs) > 0:
data = match_observables(obs.keys())
userLogger.info(
"User %s add observable : value=%s", current_user.username, data
)
return render_template("observable/search_results.html", data=data)
else:
if invalid_observables:
flash(
"Type guessing failed for {} observables. Try setting it manually.".format(
invalid_observables
),
"danger",
)
return render_template("observable/search.html")
return render_template("observable/search.html")
def match(self):
params = request.json
observables = params.pop('observables', [])
add_unknown = bool(params.pop('add_unknown', False))
if add_unknown:
for o in observables:
Observable.add_text(o)
data = match_observables(observables, save_matches=add_unknown)
return render(data)
def index(self):
if request.method == "POST":
lines = []
obs = {}
if request.files.get('bulk-file'): # request files
lines = request.files.get('bulk-file').readlines()
else:
lines = request.form['bulk-text'].split('\n')
invalid_observables = 0
if bool(request.form.get(
'add', False)) and current_user.has_permission("observable",
"write"):
tags = request.form.get('tags', "").split(',')
for l in lines:
try:
txt = l.strip()
if txt:
if (request.form['force-type'] and
request.form['force-type'] in globals() and
issubclass(
globals()[request.form['force-type']],
Observable)):
print globals()[request.form['force-type']]
o = globals()[request.form[
'force-type']].get_or_create(value=txt)
else:
o = Observable.add_text(txt)
o.tag(tags)
obs[o.value] = o
except (ObservableValidationError, ValueError) as e:
logging.error("Error validating {}: {}".format(txt, e))
invalid_observables += 1
continue
else:
for l in lines:
obs[l.strip()] = l, None
if len(obs) > 0:
data = match_observables(obs.keys())
return render_template(
"observable/search_results.html", data=data)
else:
if invalid_observables:
flash(
"Type guessing failed for {} observables. Try setting it manually.".
format(invalid_observables), "danger")
return render_template("observable/search.html")
return render_template("observable/search.html")
def index(self):
if request.method == "POST":
lines = []
obs = {}
if request.files.get('bulk-file'): # request files
pass
else:
lines = request.form['bulk-text'].split('\n')
invalid_observables = 0
if bool(request.form.get('add', False)):
tags = request.form.get('tags', "").split(',')
for l in lines:
try:
txt = l.strip()
if txt:
if (request.form['force-type'] and
request.form['force-type'] in globals()
and issubclass(
globals()[request.form['force-type']],
Observable)):
print globals()[request.form['force-type']]
o = globals()[
request.form['force-type']].get_or_create(
value=txt)
else:
o = Observable.add_text(txt)
o.tag(tags)
obs[o.value] = o
except (ObservableValidationError, ValueError) as e:
logging.error("Error validating {}: {}".format(txt, e))
invalid_observables += 1
continue
else:
for l in lines:
obs[l.strip()] = l, None
if len(obs) > 0:
data = match_observables(obs.keys())
return render_template("observable/search_results.html",
data=data)
else:
if invalid_observables:
flash(
"Type guessing failed for {} observables. Try setting it manually."
.format(invalid_observables), "danger")
return render_template("observable/search.html")
return render_template("observable/search.html")
