def add_new_exploit(name, cve=None, description=None, source=None, source_method=None, source_reference=None, source_tlp=None, campaign=None, confidence=None, user=None, bucket_list=None, ticket=None,related_id=None, related_type=None, relationship_type=None): """ Add an Exploit to CRITs. :param name: The name of the exploit. :type name: str :param cve: CVE for the exploit. :type cve: str :param description: Description of the exploit. :type description: str :param source: Name of the source which provided this information. :type source: str :param source_method: Method of acquiring this data. :type source_method: str :param source_reference: A reference to this data. :type source_reference: str :param source_tlp: TLP value for this source :type source_reference: str :param campaign: A campaign to attribute to this exploit. :type campaign: str :param confidence: Confidence level in the campaign attribution. :type confidence: str ("low", "medium", "high") :param user: The user adding this exploit. :type user: str :param bucket_list: Buckets to assign to this exploit. :type bucket_list: str :param ticket: Ticket to assign to this exploit. :type ticket: str :param related_id: ID of object to create relationship with :type related_id: str :param related_type: Type of object to create relationship with :type related_type: str :param relationship_type: Type of relationship to create. :type relationship_type: str :returns: dict with keys: "success" (boolean), "message" (str), "object" (if successful) :class:`crits.exploits.exploit.Exploit` """ is_item_new = False retVal = {} exploit = Exploit.objects(name=name).first() if not exploit: exploit = Exploit() exploit.name = name if description: exploit.description = description.strip() is_item_new = True username = user.username if isinstance(source, basestring): if user.check_source_write(source): source = [create_embedded_source(source, reference=source_reference, method=source_method, tlp=source_tlp, analyst=username)] else: return {"success": False, "message": "User does not have permission to add object \ using source %s." % source} elif isinstance(source, EmbeddedSource): source = [source] if isinstance(campaign, basestring): c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=username) campaign = [c] if campaign: for camp in campaign: exploit.add_campaign(camp) if source: for s in source: exploit.add_source(s) else: return {"success" : False, "message" : "Missing source information."} exploit.cve = cve.strip() if bucket_list: exploit.add_bucket_list(bucket_list, user) if ticket: exploit.add_ticket(ticket, user) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal exploit.save(username=username) if related_obj and exploit and relationship_type: relationship_type=RelationshipTypes.inverse(relationship=relationship_type) exploit.add_relationship(related_obj, relationship_type, analyst=user, get_rels=False) exploit.save(username=username) # run exploit triage if is_item_new: exploit.reload() run_triage(exploit, username) resp_url = reverse('crits-exploits-views-exploit_detail', args=[exploit.id]) retVal['message'] = ('Success! Click here to view the new Exploit: ' '<a href="%s">%s</a>' % (resp_url, exploit.name)) retVal['success'] = True retVal['object'] = exploit retVal['id'] = str(exploit.id) return retVal
def add_new_exploit(name, cve=None, description=None, source=None, source_method=None, source_reference=None, source_tlp=None, campaign=None, confidence=None, user=None, bucket_list=None, ticket=None, related_id=None, related_type=None, relationship_type=None): """ Add an Exploit to CRITs. :param name: The name of the exploit. :type name: str :param cve: CVE for the exploit. :type cve: str :param description: Description of the exploit. :type description: str :param source: Name of the source which provided this information. :type source: str :param source_method: Method of acquiring this data. :type source_method: str :param source_reference: A reference to this data. :type source_reference: str :param source_tlp: TLP value for this source :type source_reference: str :param campaign: A campaign to attribute to this exploit. :type campaign: str :param confidence: Confidence level in the campaign attribution. :type confidence: str ("low", "medium", "high") :param user: The user adding this exploit. :type user: str :param bucket_list: Buckets to assign to this exploit. :type bucket_list: str :param ticket: Ticket to assign to this exploit. :type ticket: str :param related_id: ID of object to create relationship with :type related_id: str :param related_type: Type of object to create relationship with :type related_type: str :param relationship_type: Type of relationship to create. :type relationship_type: str :returns: dict with keys: "success" (boolean), "message" (str), "object" (if successful) :class:`crits.exploits.exploit.Exploit` """ is_item_new = False retVal = {} exploit = Exploit.objects(name=name).first() if not exploit: exploit = Exploit() exploit.name = name if description: exploit.description = description.strip() is_item_new = True username = user.username if isinstance(source, basestring): if user.check_source_write(source): source = [ create_embedded_source(source, reference=source_reference, method=source_method, tlp=source_tlp, analyst=username) ] else: return { "success": False, "message": "User does not have permission to add object \ using source %s." % source } elif isinstance(source, EmbeddedSource): source = [source] if isinstance(campaign, basestring): c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=username) campaign = [c] if campaign: for camp in campaign: exploit.add_campaign(camp) if source: for s in source: exploit.add_source(s) else: return {"success": False, "message": "Missing source information."} exploit.cve = cve.strip() if bucket_list: exploit.add_bucket_list(bucket_list, user) if ticket: exploit.add_ticket(ticket, user) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal exploit.save(username=username) if related_obj and exploit and relationship_type: relationship_type = RelationshipTypes.inverse( relationship=relationship_type) exploit.add_relationship(related_obj, relationship_type, analyst=user, get_rels=False) exploit.save(username=username) # run exploit triage if is_item_new: exploit.reload() run_triage(exploit, username) resp_url = reverse('crits.exploits.views.exploit_detail', args=[exploit.id]) retVal['message'] = ('Success! Click here to view the new Exploit: ' '<a href="%s">%s</a>' % (resp_url, exploit.name)) retVal['success'] = True retVal['object'] = exploit retVal['id'] = str(exploit.id) return retVal
def add_new_exploit(name, cve=None, description=None, source=None, source_method=None, source_reference=None, campaign=None, confidence=None, user=None, bucket_list=None, ticket=None): """ Add an Exploit to CRITs. :param name: The name of the exploit. :type name: str :param cve: CVE for the exploit. :type cve: str :param description: Description of the exploit. :type description: str :param source: Name of the source which provided this information. :type source: str :param source_method: Method of acquiring this data. :type source_method: str :param source_reference: A reference to this data. :type source_reference: str :param campaign: A campaign to attribute to this exploit. :type campaign: str :param confidence: Confidence level in the campaign attribution. :type confidence: str ("low", "medium", "high") :param user: The user adding this exploit. :type user: str :param bucket_list: Buckets to assign to this exploit. :type bucket_list: str :param ticket: Ticket to assign to this exploit. :type ticket: str :returns: dict with keys: "success" (boolean), "message" (str), "object" (if successful) :class:`crits.exploits.exploit.Exploit` """ is_item_new = False retVal = {} exploit = Exploit.objects(name=name).first() if not exploit: exploit = Exploit() exploit.name = name if description: exploit.description = description.strip() is_item_new = True if isinstance(source, basestring): source = [create_embedded_source(source, reference=source_reference, method=source_method, analyst=user)] elif isinstance(source, EmbeddedSource): source = [source] if isinstance(campaign, basestring): c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=user) campaign = [c] if campaign: for camp in campaign: exploit.add_campaign(camp) if source: for s in source: exploit.add_source(s) else: return {"success" : False, "message" : "Missing source information."} exploit.cve = cve.strip() if bucket_list: exploit.add_bucket_list(bucket_list, user) if ticket: exploit.add_ticket(ticket, user) exploit.save(username=user) # run exploit triage if is_item_new: exploit.reload() run_triage(exploit, user) resp_url = reverse('crits.exploits.views.exploit_detail', args=[exploit.id]) retVal['message'] = ('Success! Click here to view the new Exploit: ' '<a href="%s">%s</a>' % (resp_url, exploit.name)) retVal['success'] = True retVal['object'] = exploit retVal['id'] = str(exploit.id) return retVal