def __init__(self, username, item, *args, **kwargs): """ Initialize the form. Populates form fields based on context object (item) and its related items. The way the form fields are populated ensures that only STIXifyable / CybOXable options are provided. """ kwargs.setdefault('label_suffix', ':') super(TAXIIForm, self).__init__(*args, **kwargs) sc = get_config('taxii_service') # Avoid options that cause failure: set recipients to intersection of # user's sources and the sources that have TAXII feeds configured user_srcs = user_sources(username) taxii_srcs = [crtfile.split(',')[0] for crtfile in sc['certfiles']] self.fields['rcpts'].choices = [ (n, n) for n in set(user_srcs).intersection(taxii_srcs) ] # populate all of the multi choice fields with valid options # from the context CRITs object's related items. for _type in get_supported_types( ): # TODO the hardcoded args to collect_objects should be revisited collected = collect_objects(item._meta['crits_type'], item.id, 1, 100, 100, [_type], user_srcs) field = forms.MultipleChoiceField(required=False, label=_type) field.choices = filter_and_format_choices(collected, item, _type) self.fields[_type] = field
def generate_anb_event_data(type_, cid, data, sources, r=0): related_objects = collect_objects(type_, cid, sources, depth=1) # Remove current object from the collected objects. The first time # through this function we will have already put the event in and # each subsequent run we will have just put another object in before # recursing back into this function. del related_objects[str(cid)] for (obj_id, (obj_type, level, obj)) in related_objects.iteritems(): # If we've seen this object before, don't bother dealing with it. if obj_id in data['seen_objects']: continue data['seen_objects'][obj_id] = obj if obj_type == 'Email': data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.isodate, obj.sender, obj.subject, obj.x_originating_ip, obj.x_mailer) elif obj_type == 'Sample': backdoor = obj.backdoor if backdoor: backdoor_name = obj.backdoor.name else: backdoor_name = "None" data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.md5, obj.mimetype, obj.filename, backdoor_name) for inner_obj in obj.obj: data['objects'] += "%s,%s,%s\r\n" % ( obj_id, inner_obj.object_type, inner_obj.value) elif obj_type == 'Indicator': data['indicators'] += "%s,%s,%s,%s\r\n" % (cid, obj_id, obj.ind_type, obj.value) elif obj_type == 'IP': data['ips'] += "%s,%s,%s,%s\r\n" % (cid, obj_id, obj.ip_type, obj.ip) elif obj_type == 'Domain': data['domains'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.record_type, obj.domain) elif obj_type == 'Event': data['events'] += "%s,%s,%s\r\n" % (cid, obj_id, obj.title) # Recurse one more level, but go no further. if r < 1: generate_anb_event_data(obj_type, obj_id, data, sources, r=r + 1) return data
def generate_anb_event_data(type_, cid, data, sources): types = ['Email', 'Sample', 'Indicator', 'IP', 'Domain', 'Event'] related_objects = collect_objects( type_, cid, 1, # Depth limit 250, # Total limit 100, # Rel limit types, sources, need_filedata=False) for (obj_id, (obj_type, obj)) in related_objects.iteritems(): if obj_type == 'Email': data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.isodate, obj.sender, obj.subject, obj.x_originating_ip, obj.x_mailer) elif obj_type == 'Sample': # Walk the relationships on this sample, see if it is related to # a backdoor. Take the first backdoor that comes up, it may or # may not be the versioned one. backdoor_name = "None" for rel in obj.relationships: if rel.rel_type == 'Backdoor': backdoor = Backdoor.objects(id=rel.object_id).first() if backdoor and source_match(backdoor.source, sources): backdoor_name = backdoor.name break data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.md5, obj.mimetype, obj.filename, backdoor_name) for inner_obj in obj.obj: data['objects'] += "%s,%s,%s\r\n" % ( obj_id, inner_obj.object_type, inner_obj.value) elif obj_type == 'Indicator': data['indicators'] += "%s,%s,%s,%s\r\n" % (cid, obj_id, obj.ind_type, obj.value) elif obj_type == 'IP': data['ips'] += "%s,%s,%s,%s\r\n" % (cid, obj_id, obj.ip_type, obj.ip) elif obj_type == 'Domain': data['domains'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.record_type, obj.domain) elif obj_type == 'Event': data['events'] += "%s,%s,%s\r\n" % (cid, obj_id, obj.title) return data
def __init__(self, username, item, *args, **kwargs): """ Initialize the form. Populates form fields based on context object (item) and its related items. The way the form fields are populated ensures that only STIXifyable / CybOXable options are provided. """ kwargs.setdefault('label_suffix', ':') super(TAXIISendForm, self).__init__(*args, **kwargs) sc = get_config('taxii_service') user_srcs = user_sources(username) self.fields['rcpts'].choices = get_taxii_feeds(user_srcs) # populate all of the multi choice fields with valid options # from the context CRITs object's related items. for _type in get_supported_types(): collected = collect_objects(item._meta['crits_type'], item.id, 1, sc['max_rels'], sc['max_rels'], [_type], user_srcs, False) field = forms.MultipleChoiceField(required=False, label=_type) field.choices = filter_and_format_choices(collected, item, _type) self.fields[_type] = field
def __init__(self, username, item, *args, **kwargs): """ Initialize the form. Populates form fields based on context object (item) and its related items. The way the form fields are populated ensures that only STIXifyable / CybOXable options are provided. """ super(TAXIIForm, self).__init__(*args, **kwargs) sc = get_config('taxii_service') # Avoid options that cause failure: set recipients to intersection of # user's sources and the sources that have TAXII feeds configured user_srcs = user_sources(username) taxii_srcs = [crtfile.split(',')[0] for crtfile in sc['certfiles']] self.fields['rcpts'].choices = [(n, n) for n in set(user_srcs).intersection(taxii_srcs)] # populate all of the multi choice fields with valid options # from the context CRITs object's related items. for _type in get_supported_types(): # TODO the hardcoded args to collect_objects should be revisited collected = collect_objects(item._meta['crits_type'], item.id, 1, 100, 100, [_type], user_srcs) field = forms.MultipleChoiceField(required=False, label=_type) field.choices = filter_and_format_choices(collected, item, _type) self.fields[_type] = field
def generate_anb_event_data(type_, cid, data, sources): types = ['Email', 'Sample', 'Indicator', 'IP', 'Domain', 'Event'] related_objects = collect_objects(type_, cid, 1, # Depth limit 250, # Total limit 100, # Rel limit types, sources, need_filedata=False) for (obj_id, (obj_type, obj)) in related_objects.iteritems(): if obj_type == 'Email': data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.isodate, obj.sender, obj.subject, obj.x_originating_ip, obj.x_mailer) elif obj_type == 'Sample': # Walk the relationships on this sample, see if it is related to # a backdoor. Take the first backdoor that comes up, it may or # may not be the versioned one. backdoor_name = "None" for rel in obj.relationships: if rel.rel_type == 'Backdoor': backdoor = Backdoor.objects(id=rel.object_id).first() if backdoor and source_match(backdoor.source, sources): backdoor_name = backdoor.name break data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.md5, obj.mimetype, obj.filename, backdoor_name) for inner_obj in obj.obj: data['objects'] += "%s,%s,%s\r\n" % ( obj_id, inner_obj.object_type, inner_obj.value) elif obj_type == 'Indicator': data['indicators'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.ind_type, obj.value) elif obj_type == 'IP': data['ips'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.ip_type, obj.ip) elif obj_type == 'Domain': data['domains'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.record_type, obj.domain) elif obj_type == 'Event': data['events'] += "%s,%s,%s\r\n" % ( cid, obj_id, obj.title) return data
def generate_anb_event_data(type_, cid, data, sources, r=0): related_objects = collect_objects(type_, cid, sources, depth=1) # Remove current object from the collected objects. The first time # through this function we will have already put the event in and # each subsequent run we will have just put another object in before # recursing back into this function. del related_objects[str(cid)] for (obj_id, (obj_type, level, obj)) in related_objects.iteritems(): # If we've seen this object before, don't bother dealing with it. if obj_id in data['seen_objects']: continue data['seen_objects'][obj_id] = obj if obj_type == 'Email': data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.isodate, obj.sender, obj.subject, obj.x_originating_ip, obj.x_mailer) elif obj_type == 'Sample': backdoor = obj.backdoor if backdoor: backdoor_name = obj.backdoor.name else: backdoor_name = "None" data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.md5, obj.mimetype, obj.filename, backdoor_name) for inner_obj in obj.obj: data['objects'] += "%s,%s,%s\r\n" % ( obj_id, inner_obj.object_type, inner_obj.value) elif obj_type == 'Indicator': data['indicators'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.ind_type, obj.value) elif obj_type == 'IP': data['ips'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.ip_type, obj.ip) elif obj_type == 'Domain': data['domains'] += "%s,%s,%s,%s\r\n" % ( cid, obj_id, obj.record_type, obj.domain) elif obj_type == 'Event': data['events'] += "%s,%s,%s\r\n" % ( cid, obj_id, obj.title) # Recurse one more level, but go no further. if r < 1: generate_anb_event_data(obj_type, obj_id, data, sources, r=r + 1) return data