def add_new_exploit(name, cve=None, description=None, source=None,
source_method=None, source_reference=None, source_tlp=None,
campaign=None, confidence=None, user=None,
bucket_list=None, ticket=None,related_id=None,
related_type=None, relationship_type=None):
"""
Add an Exploit to CRITs.
:param name: The name of the exploit.
:type name: str
:param cve: CVE for the exploit.
:type cve: str
:param description: Description of the exploit.
:type description: str
:param source: Name of the source which provided this information.
:type source: str
:param source_method: Method of acquiring this data.
:type source_method: str
:param source_reference: A reference to this data.
:type source_reference: str
:param source_tlp: TLP value for this source
:type source_reference: str
:param campaign: A campaign to attribute to this exploit.
:type campaign: str
:param confidence: Confidence level in the campaign attribution.
:type confidence: str ("low", "medium", "high")
:param user: The user adding this exploit.
:type user: str
:param bucket_list: Buckets to assign to this exploit.
:type bucket_list: str
:param ticket: Ticket to assign to this exploit.
:type ticket: str
:param related_id: ID of object to create relationship with
:type related_id: str
:param related_type: Type of object to create relationship with
:type related_type: str
:param relationship_type: Type of relationship to create.
:type relationship_type: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"object" (if successful) :class:`crits.exploits.exploit.Exploit`
"""
is_item_new = False
retVal = {}
exploit = Exploit.objects(name=name).first()
if not exploit:
exploit = Exploit()
exploit.name = name
if description:
exploit.description = description.strip()
is_item_new = True
username = user.username
if isinstance(source, basestring):
if user.check_source_write(source):
source = [create_embedded_source(source,
reference=source_reference,
method=source_method,
tlp=source_tlp,
analyst=username)]
else:
return {"success": False,
"message": "User does not have permission to add object \
using source %s." % source}
elif isinstance(source, EmbeddedSource):
source = [source]
if isinstance(campaign, basestring):
c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=username)
campaign = [c]
if campaign:
for camp in campaign:
exploit.add_campaign(camp)
if source:
for s in source:
exploit.add_source(s)
else:
return {"success" : False, "message" : "Missing source information."}
exploit.cve = cve.strip()
if bucket_list:
exploit.add_bucket_list(bucket_list, user)
if ticket:
exploit.add_ticket(ticket, user)
related_obj = None
if related_id:
related_obj = class_from_id(related_type, related_id)
if not related_obj:
retVal['success'] = False
retVal['message'] = 'Related Object not found.'
return retVal
exploit.save(username=username)
if related_obj and exploit and relationship_type:
relationship_type=RelationshipTypes.inverse(relationship=relationship_type)
exploit.add_relationship(related_obj,
relationship_type,
analyst=user,
get_rels=False)
exploit.save(username=username)
# run exploit triage
if is_item_new:
exploit.reload()
run_triage(exploit, username)
resp_url = reverse('crits-exploits-views-exploit_detail', args=[exploit.id])
retVal['message'] = ('Success! Click here to view the new Exploit: '
'<a href="%s">%s</a>' % (resp_url, exploit.name))
retVal['success'] = True
retVal['object'] = exploit
retVal['id'] = str(exploit.id)
return retVal
def add_new_exploit(name,
cve=None,
description=None,
source=None,
source_method=None,
source_reference=None,
source_tlp=None,
campaign=None,
confidence=None,
user=None,
bucket_list=None,
ticket=None,
related_id=None,
related_type=None,
relationship_type=None):
"""
Add an Exploit to CRITs.
:param name: The name of the exploit.
:type name: str
:param cve: CVE for the exploit.
:type cve: str
:param description: Description of the exploit.
:type description: str
:param source: Name of the source which provided this information.
:type source: str
:param source_method: Method of acquiring this data.
:type source_method: str
:param source_reference: A reference to this data.
:type source_reference: str
:param source_tlp: TLP value for this source
:type source_reference: str
:param campaign: A campaign to attribute to this exploit.
:type campaign: str
:param confidence: Confidence level in the campaign attribution.
:type confidence: str ("low", "medium", "high")
:param user: The user adding this exploit.
:type user: str
:param bucket_list: Buckets to assign to this exploit.
:type bucket_list: str
:param ticket: Ticket to assign to this exploit.
:type ticket: str
:param related_id: ID of object to create relationship with
:type related_id: str
:param related_type: Type of object to create relationship with
:type related_type: str
:param relationship_type: Type of relationship to create.
:type relationship_type: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"object" (if successful) :class:`crits.exploits.exploit.Exploit`
"""
is_item_new = False
retVal = {}
exploit = Exploit.objects(name=name).first()
if not exploit:
exploit = Exploit()
exploit.name = name
if description:
exploit.description = description.strip()
is_item_new = True
username = user.username
if isinstance(source, basestring):
if user.check_source_write(source):
source = [
create_embedded_source(source,
reference=source_reference,
method=source_method,
tlp=source_tlp,
analyst=username)
]
else:
return {
"success":
False,
"message":
"User does not have permission to add object \
using source %s." % source
}
elif isinstance(source, EmbeddedSource):
source = [source]
if isinstance(campaign, basestring):
c = EmbeddedCampaign(name=campaign,
confidence=confidence,
analyst=username)
campaign = [c]
if campaign:
for camp in campaign:
exploit.add_campaign(camp)
if source:
for s in source:
exploit.add_source(s)
else:
return {"success": False, "message": "Missing source information."}
exploit.cve = cve.strip()
if bucket_list:
exploit.add_bucket_list(bucket_list, user)
if ticket:
exploit.add_ticket(ticket, user)
related_obj = None
if related_id:
related_obj = class_from_id(related_type, related_id)
if not related_obj:
retVal['success'] = False
retVal['message'] = 'Related Object not found.'
return retVal
exploit.save(username=username)
if related_obj and exploit and relationship_type:
relationship_type = RelationshipTypes.inverse(
relationship=relationship_type)
exploit.add_relationship(related_obj,
relationship_type,
analyst=user,
get_rels=False)
exploit.save(username=username)
# run exploit triage
if is_item_new:
exploit.reload()
run_triage(exploit, username)
resp_url = reverse('crits.exploits.views.exploit_detail',
args=[exploit.id])
retVal['message'] = ('Success! Click here to view the new Exploit: '
'<a href="%s">%s</a>' % (resp_url, exploit.name))
retVal['success'] = True
retVal['object'] = exploit
retVal['id'] = str(exploit.id)
return retVal
def add_new_exploit(name, cve=None, description=None, source=None,
source_method=None, source_reference=None, campaign=None,
confidence=None, user=None, bucket_list=None,
ticket=None):
"""
Add an Exploit to CRITs.
:param name: The name of the exploit.
:type name: str
:param cve: CVE for the exploit.
:type cve: str
:param description: Description of the exploit.
:type description: str
:param source: Name of the source which provided this information.
:type source: str
:param source_method: Method of acquiring this data.
:type source_method: str
:param source_reference: A reference to this data.
:type source_reference: str
:param campaign: A campaign to attribute to this exploit.
:type campaign: str
:param confidence: Confidence level in the campaign attribution.
:type confidence: str ("low", "medium", "high")
:param user: The user adding this exploit.
:type user: str
:param bucket_list: Buckets to assign to this exploit.
:type bucket_list: str
:param ticket: Ticket to assign to this exploit.
:type ticket: str
:returns: dict with keys:
"success" (boolean),
"message" (str),
"object" (if successful) :class:`crits.exploits.exploit.Exploit`
"""
is_item_new = False
retVal = {}
exploit = Exploit.objects(name=name).first()
if not exploit:
exploit = Exploit()
exploit.name = name
if description:
exploit.description = description.strip()
is_item_new = True
if isinstance(source, basestring):
source = [create_embedded_source(source,
reference=source_reference,
method=source_method,
analyst=user)]
elif isinstance(source, EmbeddedSource):
source = [source]
if isinstance(campaign, basestring):
c = EmbeddedCampaign(name=campaign, confidence=confidence, analyst=user)
campaign = [c]
if campaign:
for camp in campaign:
exploit.add_campaign(camp)
if source:
for s in source:
exploit.add_source(s)
else:
return {"success" : False, "message" : "Missing source information."}
exploit.cve = cve.strip()
if bucket_list:
exploit.add_bucket_list(bucket_list, user)
if ticket:
exploit.add_ticket(ticket, user)
exploit.save(username=user)
# run exploit triage
if is_item_new:
exploit.reload()
run_triage(exploit, user)
resp_url = reverse('crits.exploits.views.exploit_detail', args=[exploit.id])
retVal['message'] = ('Success! Click here to view the new Exploit: '
'<a href="%s">%s</a>' % (resp_url, exploit.name))
retVal['success'] = True
retVal['object'] = exploit
retVal['id'] = str(exploit.id)
return retVal
