def remove_attribution(id_, identifier=None, user=None, **kwargs):
"""
Remove an attributed identifier.
:param id_: The ObjectId of the Actor.
:param identifier: The Actor Identifier ObjectId.
:type identifier: str
:param user: The user removing this attribution.
:type user: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"""
sources = user_sources(user)
admin = is_admin(user)
actor = Actor.objects(id=id_,
source__name__in=sources).first()
if not actor:
return {'success': False,
'message': "Could not find actor"}
actor.remove_attribution(identifier)
actor.save(username=user)
actor.reload()
actor_identifiers = actor.generate_identifiers_list(user)
html = render_to_string('actor_identifiers_widget.html',
{'actor_identifiers': actor_identifiers,
'admin': admin,
'actor_id': str(actor.id)})
return {'success': True,
'message': html}
def remove_action(request, indicator_id):
"""
Remove an indicator's action. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
analyst = request.user.username
if is_admin(analyst):
date = datetime.datetime.strptime(request.POST['key'],
settings.PY_DATETIME_FORMAT)
date = date.replace(microsecond=date.microsecond / 1000 * 1000)
result = action_remove(indicator_id, date, analyst)
return HttpResponse(json.dumps(result),
mimetype="application/json")
else:
error = "You do not have permission to remove this item."
return render_to_response("error.html", {'error': error},
RequestContext(request))
return HttpResponse({})
def remove_attribution(id_, identifier=None, user=None, **kwargs):
"""
Remove an attributed identifier.
:param id_: The ObjectId of the Actor.
:param identifier: The Actor Identifier ObjectId.
:type identifier: str
:param user: The user removing this attribution.
:type user: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"""
sources = user_sources(user)
admin = is_admin(user)
actor = Actor.objects(id=id_, source__name__in=sources).first()
if not actor:
return {'success': False, 'message': "Could not find actor"}
actor.remove_attribution(identifier)
actor.save(username=user)
actor.reload()
actor_identifiers = actor.generate_identifiers_list(user)
html = render_to_string(
'actor_identifiers_widget.html', {
'actor_identifiers': actor_identifiers,
'admin': admin,
'actor_id': str(actor.id)
})
return {'success': True, 'message': html}
def remove_activity(request, indicator_id):
"""
Remove an indicator's activity. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
analyst = request.user.username
if is_admin(analyst):
date = datetime.datetime.strptime(request.POST['key'],
settings.PY_DATETIME_FORMAT)
date = date.replace(microsecond=date.microsecond/1000*1000)
result = activity_remove(indicator_id, date, analyst)
return HttpResponse(json.dumps(result),
mimetype="application/json")
else:
error = "You do not have permission to remove this item."
return render_to_response("error.html",
{'error': error},
RequestContext(request))
def add_update_action(request, method, indicator_id):
"""
Add/update an indicator's action. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param method: Whether we are adding or updating.
:type method: str ("add", "update")
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
username = request.user.username
form = IndicatorActionsForm(request.POST)
if form.is_valid():
data = form.cleaned_data
add = {
'action_type':
data['action_type'],
'begin_date':
data['begin_date'] if data['begin_date'] else '',
'end_date':
data['end_date'] if data['end_date'] else '',
'performed_date':
data['performed_date'] if data['performed_date'] else '',
'active':
data['active'],
'reason':
data['reason'],
'analyst':
username,
}
if method == "add":
add['date'] = datetime.datetime.now()
result = action_add(indicator_id, add)
else:
date = datetime.datetime.strptime(data['date'],
settings.PY_DATETIME_FORMAT)
date = date.replace(microsecond=date.microsecond / 1000 * 1000)
add['date'] = date
result = action_update(indicator_id, add)
if 'object' in result:
result['html'] = render_to_string(
'indicators_action_row_widget.html', {
'action': result['object'],
'admin': is_admin(username),
'indicator_id': indicator_id
})
return HttpResponse(json.dumps(result, default=json_handler),
mimetype='application/json')
else: #invalid form
return HttpResponse(json.dumps({
'success': False,
'form': form.as_table()
}),
mimetype='application/json')
return HttpResponse({})
def attribute_actor_identifier(id_,
identifier_type,
identifier=None,
confidence="low",
user=None,
**kwargs):
"""
Attribute an Actor Identifier to an Actor in CRITs.
:param id_: The Actor ObjectId.
:type id_: str
:param identifier_type: The Actor Identifier Type.
:type identifier_type: str
:param identifier: The Actor Identifier.
:type identifier: str
:param user: The user attributing this identifier.
:type user: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"""
sources = user_sources(user)
admin = is_admin(user)
actor = Actor.objects(id=id_, source__name__in=sources).first()
if not actor:
return {'success': False, 'message': "Could not find actor"}
c = len(actor.identifiers)
actor.attribute_identifier(identifier_type, identifier, confidence, user)
actor.save(username=user)
actor.reload()
actor_identifiers = actor.generate_identifiers_list(user)
if len(actor.identifiers) <= c:
return {
'success':
False,
'message':
"Invalid data submitted or identifier is already attributed."
}
html = render_to_string(
'actor_identifiers_widget.html', {
'actor_identifiers': actor_identifiers,
'admin': admin,
'actor_id': str(actor.id)
})
return {'success': True, 'message': html}
def add_update_action(request, method, indicator_id):
"""
Add/update an indicator's action. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param method: Whether we are adding or updating.
:type method: str ("add", "update")
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
username = request.user.username
form = IndicatorActionsForm(request.POST)
if form.is_valid():
data = form.cleaned_data
add = {
'action_type': data['action_type'],
'begin_date': data['begin_date'] if data['begin_date'] else '',
'end_date': data['end_date'] if data['end_date'] else '',
'performed_date': data['performed_date'] if data['performed_date'] else '',
'active': data['active'],
'reason': data['reason'],
'analyst': username
}
if method == "add":
add['date'] = datetime.datetime.now()
result = action_add(indicator_id, add)
else:
date = datetime.datetime.strptime(data['date'],
settings.PY_DATETIME_FORMAT)
date = date.replace(microsecond=date.microsecond/1000*1000)
add['date'] = date
result = action_update(indicator_id, add)
if 'object' in result:
result['html'] = render_to_string('indicators_action_row_widget.html',
{'action': result['object'],
'admin': is_admin(username),
'indicator_id':indicator_id})
return HttpResponse(json.dumps(result,
default=json_handler),
mimetype='application/json')
else: #invalid form
return HttpResponse(json.dumps({'success':False,
'form':form.as_table()}),
mimetype='application/json')
return HttpResponse({})
def delete_signature_dependency(_id, username=None):
"""
Delete Signature Dependency from CRITs.
:param _id: The ObjectID of the signature dependency to delete.
:param username: The user deleting this Signature dependency.
:return: bool
"""
if is_admin(username):
signature_dependency = SignatureDependency.objects(id=_id).first()
if signature_dependency:
signature_dependency.delete(username=username)
return {'success': True}
else:
return {'success': False}
else:
return {'success': False}
def delete_signature_dependency(_id, username=None):
"""
Delete Signature Dependency from CRITs.
:param _id: The ObjectID of the signature dependency to delete.
:param username: The user deleting this Signature dependency.
:return: bool
"""
if is_admin(username):
signature_dependency = SignatureDependency.objects(id=_id).first()
if signature_dependency:
signature_dependency.delete(username=username)
return {'success': True}
else:
return {'success': False}
else:
return {'success': False}
def event_remove(_id, username):
"""
Remove an event from CRITs.
:param _id: The ObjectId of the Event to remove.
:type _id: str
:param username: The user removing this Event.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str)
"""
if is_admin(username):
event = Event.objects(id=_id).first()
if event:
event.delete(username=username)
return {'success':True}
else:
return {'success':False,'message': 'Need to be admin'}
def remove_actor(request, id_):
"""
Remove an Actor.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:param id_: The ObjectId of the Actor to remove.
:type id_: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST":
if is_admin(request.user):
actor_remove(id_, request.user.username)
return HttpResponseRedirect(reverse("crits.actors.views.actors_listing"))
error = "You do not have permission to remove this item."
return render_to_response("error.html", {"error": error}, RequestContext(request))
return render_to_response("error.html", {"error": "Expected AJAX/POST"}, RequestContext(request))
def event_remove(_id, username):
"""
Remove an event from CRITs.
:param _id: The ObjectId of the Event to remove.
:type _id: str
:param username: The user removing this Event.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str)
"""
if is_admin(username):
event = Event.objects(id=_id).first()
if event:
event.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': 'Need to be admin'}
def add_update_action(request, method, indicator_id):
"""
Add/update an indicator's action. Should be an AJAX POST.
:param request: Django request object (Required)
:type request: :class:`django.http.HttpRequest`
:param method: Whether we are adding or updating.
:type method: str ("add", "update")
:param indicator_id: The ObjectId of the indicator to update.
:type indicator_id: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
username = request.user.username
form = IndicatorActionsForm(request.POST)
if form.is_valid():
data = form.cleaned_data
add = {
"action_type": data["action_type"],
"begin_date": data["begin_date"] if data["begin_date"] else "",
"end_date": data["end_date"] if data["end_date"] else "",
"performed_date": data["performed_date"] if data["performed_date"] else "",
"active": data["active"],
"reason": data["reason"],
"analyst": username,
}
if method == "add":
add["date"] = datetime.datetime.now()
result = action_add(indicator_id, add)
else:
date = datetime.datetime.strptime(data["date"], settings.PY_DATETIME_FORMAT)
date = date.replace(microsecond=date.microsecond / 1000 * 1000)
add["date"] = date
result = action_update(indicator_id, add)
if "object" in result:
result["html"] = render_to_string(
"indicators_action_row_widget.html",
{"action": result["object"], "admin": is_admin(username), "indicator_id": indicator_id},
)
return HttpResponse(json.dumps(result, default=json_handler), mimetype="application/json")
else: # invalid form
return HttpResponse(json.dumps({"success": False, "form": form.as_table()}), mimetype="application/json")
return HttpResponse({})
def remove_ip(request):
"""
Remove an IP address. Should be an AJAX POST.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
if is_admin(request.user):
result = ip_remove(request.POST['key'], request.user.username)
return HttpResponse(json.dumps(result),
content_type="application/json")
error = 'You do not have permission to remove this item.'
return render_to_response("error.html", {'error': error},
RequestContext(request))
return render_to_response('error.html', {'error': 'Expected AJAX/POST'},
RequestContext(request))
def attribute_actor_identifier(id_, identifier_type, identifier=None,
confidence="low", user=None, **kwargs):
"""
Attribute an Actor Identifier to an Actor in CRITs.
:param id_: The Actor ObjectId.
:type id_: str
:param identifier_type: The Actor Identifier Type.
:type identifier_type: str
:param identifier: The Actor Identifier.
:type identifier: str
:param user: The user attributing this identifier.
:type user: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"""
sources = user_sources(user)
admin = is_admin(user)
actor = Actor.objects(id=id_,
source__name__in=sources).first()
if not actor:
return {'success': False,
'message': "Could not find actor"}
c = len(actor.identifiers)
actor.attribute_identifier(identifier_type, identifier, confidence, user)
actor.save(username=user)
actor.reload()
actor_identifiers = actor.generate_identifiers_list(user)
if len(actor.identifiers) <= c:
return {'success': False,
'message': "Invalid data submitted or identifier is already attributed."}
html = render_to_string('actor_identifiers_widget.html',
{'actor_identifiers': actor_identifiers,
'admin': admin,
'actor_id': str(actor.id)})
return {'success': True,
'message': html}
def exploit_remove(id_, username):
"""
Remove an Exploit from CRITs.
:param id_: The ObjectId of the Exploit to remove.
:type id_: str
:param username: The user removing this Exploit.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
if is_admin(username):
exploit = Exploit.objects(id=id_).first()
if exploit:
exploit.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': 'Could not find Exploit.'}
else:
return {'success': False, 'message': 'Must be an admin to remove'}
def ip_remove(ip_id, username):
"""
Remove an IP from CRITs.
:param ip_id: The ObjectId of the IP to remove.
:type ip_id: str
:param username: The user removing this IP.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
if is_admin(username):
ip = IP.objects(id=ip_id).first()
if ip:
ip.delete(username=username)
return {'success': True}
else:
return {'success':False, 'message':'Could not find IP.'}
else:
return {'success':False, 'message': 'Must be an admin to remove'}
def backdoor_remove(id_, username):
"""
Remove a Backdoor from CRITs.
:param id_: The ObjectId of the Backdoor to remove.
:type id_: str
:param username: The user removing this Backdoor.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
if is_admin(username):
backdoor = Backdoor.objects(id=id_).first()
if backdoor:
backdoor.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': 'Could not find Backdoor.'}
else:
return {'success': False, 'message': 'Must be an admin to remove'}
def ip_remove(ip_id, username):
"""
Remove an IP from CRITs.
:param ip_id: The ObjectId of the IP to remove.
:type ip_id: str
:param username: The user removing this IP.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
if is_admin(username):
ip = IP.objects(id=ip_id).first()
if ip:
ip.delete(username=username)
return {'success': True}
else:
return {'success':False, 'message':'Could not find IP.'}
else:
return {'success':False, 'message': 'Must be an admin to remove'}
def delete_cert(md5, username=None):
"""
Delete a Certificate.
:param md5: The MD5 of the Certificate to delete.
:type md5: str
:param username: The user deleting the certificate.
:type username: str
:returns: True, False
"""
if is_admin(username):
cert = Certificate.objects(md5=md5).first()
if cert:
cert.delete(username=username)
return True
else:
return False
else:
return False
def delete_signature(_id, username=None):
"""
Delete Signature from CRITs.
:param _id: The ObjectId of the Signature to delete.
:type _id: str
:param username: The user deleting this Signature.
:type username: str
:returns: bool
"""
if is_admin(username):
signature = Signature.objects(id=_id).first()
if signature:
signature.delete(username=username)
return True
else:
return False
else:
return False
def delete_raw_data(_id, username=None):
"""
Delete RawData from CRITs.
:param _id: The ObjectId of the RawData to delete.
:type _id: str
:param username: The user deleting this RawData.
:type username: str
:returns: bool
"""
if is_admin(username):
raw_data = RawData.objects(id=_id).first()
if raw_data:
raw_data.delete(username=username)
return True
else:
return False
else:
return False
def exploit_remove(id_, username):
"""
Remove an Exploit from CRITs.
:param id_: The ObjectId of the Exploit to remove.
:type id_: str
:param username: The user removing this Exploit.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
if is_admin(username):
exploit = Exploit.objects(id=id_).first()
if exploit:
exploit.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': 'Could not find Exploit.'}
else:
return {'success': False, 'message': 'Must be an admin to remove'}
def delete_raw_data(_id, username=None):
"""
Delete RawData from CRITs.
:param _id: The ObjectId of the RawData to delete.
:type _id: str
:param username: The user deleting this RawData.
:type username: str
:returns: bool
"""
if is_admin(username):
raw_data = RawData.objects(id=_id).first()
if raw_data:
raw_data.delete(username=username)
return True
else:
return False
else:
return False
def delete_pcap(pcap_md5, username=None):
"""
Delete a PCAP.
:param pcap_md5: The MD5 of the PCAP to delete.
:type pcap_md5: str
:param username: The user deleting the pcap.
:type username: str
:returns: True, False
"""
if is_admin(username):
pcap = PCAP.objects(md5=pcap_md5).first()
if pcap:
pcap.delete(username=username)
return True
else:
return False
else:
return False
def delete_signature(_id, username=None):
"""
Delete Signature from CRITs.
:param _id: The ObjectId of the Signature to delete.
:type _id: str
:param username: The user deleting this Signature.
:type username: str
:returns: bool
"""
if is_admin(username):
signature = Signature.objects(id=_id).first()
if signature:
signature.delete(username=username)
return True
else:
return False
else:
return False
def delete_cert(md5, username=None):
"""
Delete a Certificate.
:param md5: The MD5 of the Certificate to delete.
:type md5: str
:param username: The user deleting the certificate.
:type username: str
:returns: True, False
"""
if is_admin(username):
cert = Certificate.objects(md5=md5).first()
if cert:
cert.delete(username=username)
return True
else:
return False
else:
return False
def indicator_remove(_id, username):
"""
Remove an Indicator from CRITs.
:param _id: The ObjectId of the indicator to remove.
:type _id: str
:param username: The user removing the indicator.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (list) if failed.
"""
if is_admin(username):
indicator = Indicator.objects(id=_id).first()
if indicator:
indicator.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': ['Cannot find Indicator']}
else:
return {'success': False, 'message': ['Must be an admin to delete']}
def actor_remove(id_, username):
"""
Remove an Actor from CRITs.
:param id_: The ObjectId of the Actor to remove.
:type id_: str
:param username: The user removing this Actor.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (str) if failed.
"""
if is_admin(username):
actor = Actor.objects(id=id_).first()
if actor:
actor.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': 'Could not find Actor.'}
else:
return {'success': False, 'message': 'Must be an admin to remove'}
def delete_pcap(pcap_md5, username=None):
"""
Delete a PCAP.
:param pcap_md5: The MD5 of the PCAP to delete.
:type pcap_md5: str
:param username: The user deleting the pcap.
:type username: str
:returns: True, False
"""
if is_admin(username):
pcap = PCAP.objects(md5=pcap_md5).first()
if pcap:
pcap.delete(username=username)
return True
else:
return False
else:
return False
def indicator_remove(_id, username):
"""
Remove an Indicator from CRITs.
:param _id: The ObjectId of the indicator to remove.
:type _id: str
:param username: The user removing the indicator.
:type username: str
:returns: dict with keys "success" (boolean) and "message" (list) if failed.
"""
if is_admin(username):
indicator = Indicator.objects(id=_id).first()
if indicator:
indicator.delete(username=username)
return {'success': True}
else:
return {'success': False, 'message': ['Cannot find Indicator']}
else:
return {'success': False, 'message': ['Must be an admin to delete']}
def remove_backdoor(request, id_):
"""
Remove a Backdoor.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:param id_: The ObjectId of the Backdoor to remove.
:type id_: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST":
if is_admin(request.user):
backdoor_remove(id_, request.user.username)
return HttpResponseRedirect(
reverse('crits.backdoors.views.backdoors_listing'))
error = 'You do not have permission to remove this item.'
return render_to_response("error.html", {'error': error},
RequestContext(request))
return render_to_response('error.html', {'error': 'Expected AJAX/POST'},
RequestContext(request))
def remove_ip(request):
"""
Remove an IP address. Should be an AJAX POST.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
if is_admin(request.user):
result = ip_remove(request.POST['key'],
request.user.username)
return HttpResponse(json.dumps(result),
content_type="application/json")
error = 'You do not have permission to remove this item.'
return render_to_response("error.html",
{'error': error},
RequestContext(request))
return render_to_response('error.html',
{'error':'Expected AJAX/POST'},
RequestContext(request))
def remove_exploit(request, id_):
"""
Remove a Exploit.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:param id_: The ObjectId of the Exploit to remove.
:type id_: str
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST":
if is_admin(request.user):
exploit_remove(id_, request.user.username)
return HttpResponseRedirect(reverse('crits.exploits.views.exploits_listing'))
error = 'You do not have permission to remove this item.'
return render_to_response("error.html",
{'error': error},
RequestContext(request))
return render_to_response('error.html',
{'error':'Expected AJAX/POST'},
RequestContext(request))
