def __init__(self, community=None, taxii_client=None, taxii2_client=None): if taxii2_client: taxii = taxii2_client elif taxii_client: taxii = taxii_client self._name = taxii.name self._protocol_version = taxii.protocol_version self._username = taxii.login_id self._password = taxii.login_password self._jobs = taxii.jobs self._interval_job = taxii.interval_schedule_job self._can_read = taxii.can_read self._can_write = taxii.can_write if taxii.is_use_cert: self._auth_type = clients.HttpClient.AUTH_CERT_BASIC self._key_file = taxii.key_file self._cert_file = taxii.cert_file else: self._auth_type = clients.HttpClient.AUTH_BASIC if taxii2_client: self._api_root = taxii.api_root self._collection = taxii.collection self._via = Vias.get_via_taxii_poll(taxii2_client=taxii, uploader=taxii.uploader) else: self._address = taxii.address self._port = taxii.port self._path = taxii.path self._collection_name = taxii.collection self._via = Vias.get_via_taxii_poll(taxii_client=taxii, uploader=taxii.uploader) self._client = clients.HttpClient() self._ssl = taxii.ssl self._client.set_use_https(self._ssl) self._client.set_auth_type(self._auth_type) self._proxies = System.get_request_proxies() if self._proxies is not None: p = urlparse(self._address) if p.scheme == 'https': self._client.set_proxy(self._proxies['https']) else: self._client.set_proxy(self._proxies['http']) try: self._community = taxii.community except BaseException: self._community = None self._taxii = taxii self._start = None self._end = None self._schedule = CtirsScheduler()
def get_isight_stix(self, start_time=None, end_time=None): #登録情報を取得 isight_adapter = isightAdapter.get() community = isight_adapter.community uploader = isight_adapter.uploader via = Vias.get_via_adapter_isight(uploader) try: #範囲内のリストを取得する l = self._get_isight_stix_report_list(start_time, end_time) except Exception as e: traceback.print_exc() raise e #last_requested更新 isight_adapter.modify_last_requested() #リストの各要素をSTIXで取得してregistする count = 0 for report_id in l: try: content = self._get_isight_stix_report(report_id) #ファイル登録 #self._regist_isight_stix(content,community,via) _regist_stix(content, community, via) count += 1 except Exception as e: #エラーが発生した場合はログを表示して処理は実行する traceback.print_exc() return count
def __init__(self, taxii_name=None, taxii_id=None, community=None, taxii_client=None): taxii = None if taxii_client is not None: taxii = taxii_client elif taxii_name is not None: taxii = TaxiiClients.objects.get(name=taxii_name) elif taxii_id is not None: taxii = TaxiiClients.objects.get(id=taxii_id) self._address = taxii.address self._port = taxii.port self._path = taxii.path self._collection_name = taxii.collection self._jobs = taxii.jobs self._interval_job = taxii.interval_schedule_job self._protocol_version = taxii.protocol_version # taxii client設定 self._client = clients.HttpClient() if taxii.is_use_cert: self._auth_type = clients.HttpClient.AUTH_CERT_BASIC self._key_file = taxii.key_file self._cert_file = taxii.cert_file else: self._auth_type = clients.HttpClient.AUTH_BASIC self._username = taxii.login_id self._password = taxii.login_password self._ssl = taxii.ssl # proxy 設定があれば設定する self._proxies = System.get_request_proxies() if self._proxies is not None: p = urlparse(self._address) if p.scheme == 'https': self._client.set_proxy(self._proxies['https']) else: self._client.set_proxy(self._proxies['http']) try: self._community = taxii.community except BaseException: self._community = None self._via = Vias.get_via_taxii_poll(taxii, uploader=taxii.uploader) self._taxii = taxii self._start = None self._end = None self._schedule = CtirsScheduler() # _scheduleのstartはschedule単位 # modify/resume/pauseはjob単位 # TAXII Protocol 1.1 なら Authentication 設定を行う if self._protocol_version == '1.1': self.set_taxii_11_authentication()
def get_misp_stix(self, from_dt=None, to_dt=None, identity=default_identity_name): # identity を更新 self.mc.identity_name = identity # misp アダプタの設定を取得 misp_conf = MispAdapter.get() url = misp_conf.url stix_id_prefix = misp_conf.stix_id_prefix apikey = misp_conf.apikey published_only = misp_conf.published_only # 登録情報を取得 community = misp_conf.community uploader = misp_conf.uploader via = Vias.get_via_adapter_misp(uploader) # mispから取得 try: if url[-1] != '/': url += '/' url = url + 'events/xml/download.json' md = MISPDownloader(url, apikey) text = md.get(from_dt=from_dt, to_dt=to_dt) if text is None: return 0 stix_packages = self.mc.convert(text=text.encode(), published_only=published_only, stix_id_prefix=stix_id_prefix) except Exception as e: traceback.print_exc() raise e # last_requested更新 misp_conf.modify_last_requested() count = 0 # ひとつずつ取得する for stix_package in stix_packages: try: # stix一つごとに登録処理 # 取得したSTIXを登録 try: StixFiles.objects.get(package_id=stix_package.id_) except DoesNotExist: # 存在しない場合は登録する _regist_stix(stix_package.to_xml(), community, via) count += 1 except Exception as e: # エラーが発生した場合はログを表示して処理は実行する traceback.print_exc() # 件数を返却 return count
def upload_stix_file(request): ctirs_auth_user = api_root.authentication(request) if ctirs_auth_user is None: return api_root.error(Exception('You have no permission for this operation.')) try: via = Vias.get_via_rest_api_upload(uploader=ctirs_auth_user.id) upload_common(request, via) return api_root.get_put_normal_status() except Exception as e: import traceback traceback.print_exc() return api_root.error(e)
def get_misp_stix(self, from_dt=None, to_dt=None): # misp アダプタの設定を取得 misp_conf = MispAdapter.get() url = misp_conf.url apikey = misp_conf.apikey published_only = misp_conf.published_only if misp_conf.stix_version.startswith('1.'): stix_version = 'stix' else: stix_version = 'stix2' # 登録情報を取得 community = misp_conf.community uploader = misp_conf.uploader via = Vias.get_via_adapter_misp(uploader) # mispから取得 try: if url[-1] != '/': url += '/' url = url + 'events/restSearch' md = MISPDownloader(url, apikey) stix_packages = md.get(from_dt=from_dt, to_dt=to_dt, published_only=published_only, stix_version=stix_version) except Exception as e: traceback.print_exc() raise e # last_requested更新 misp_conf.modify_last_requested() if stix_packages is None: return 0 count = 0 # ひとつずつ取得する for stix_package in stix_packages: try: if misp_conf.stix_version.startswith('1.'): regist_flag = self._regist_12(stix_package, community, via) elif misp_conf.stix_version.startswith('2.'): regist_flag = self._regist_20(stix_package, community, via) if regist_flag: count += 1 except Exception: # エラーが発生した場合はログを表示して処理は実行する traceback.print_exc() # 件数を返却 return count
def upload(request): # activeユーザー以外はエラー if not request.user.is_active: return error_page_inactive(request) # post以外はエラー if request.method != 'POST': # エラー画面 raise Exception('Invalid HTTP Method') try: # uploaderIDを取得する uploader = int(request.user.id) # viaを取得 via = Vias.get_via_file_upload(uploader=uploader) # upload処理 upload_common(request, via) replace_dict = get_common_replace_dict(request) return render(request, 'success.html', replace_dict) except Exception: return error_page(request)
def get_otx_stix(self, mtimestamp=None): # OTXアダプタの設定を取得 otx_conf = OtxAdapter.get() key = otx_conf.apikey # 登録情報を取得 community = otx_conf.community uploader = otx_conf.uploader via = Vias.get_via_adapter_otx(uploader) # otxから取得 try: proxies = System.get_request_proxies() otx = OTXv2(key, proxies) slices = otx.getsince(mtimestamp) except Exception as e: traceback.print_exc() raise e # last_requested更新 otx_conf.modify_last_requested() count = 0 # ひとつずつ取得する for slice_ in slices: try: # stix一つごとに登録処理 stix = StixExport(slice_) stix.build() content = stix.to_xml() # 取得したSTIXを登録 _regist_stix(content, community, via) count += 1 except Exception as e: # エラーが発生した場合はログを表示して処理は実行する traceback.print_exc() # 件数を返却 return count
def post_language_contents(request, object_ref, ctirs_auth_user): try: j = json.loads(request.body) # S-TIP Identity 作成する stip_identity = _get_stip_identname(request.user) # bundle 作成 bundle = Bundle(stip_identity) # 参照元の obejct を取得 object_ = get_object(object_ref) if object_ is None: return error( Exception('No document. (object_ref=%s)' % (object_ref))) for language_content in j['language_contents']: selector_str = language_content['selector'] content_value = language_content['content'] language = language_content['language'] try: selector_elems = selector_str.split('.') last_elem = object_ # selector の 要素をチェックする if len(selector_elems) == 1: # selector が . でつながられていない場合 last_selector = selector_str last_elem = is_exist_objects(selector_str, last_elem) else: # selector が . でつながられている場合は最後までたどる for selector in selector_elems[:-1]: last_selector = selector last_elem = is_exist_objects(selector, last_elem) if last_elem is None: raise Exception('selector is invalid: ' + str(selector_str)) if isinstance(last_elem, list): # 空要素で初期化し、該当 index の要素だけ上書きする lc_lists = [''] * len(last_elem) lc_lists[get_list_index_from_selector( selector_elems[-1])] = content_value content = lc_lists selector = '.'.join(selector_elems[:-1]) elif isinstance(last_elem, dict): # 空辞書で初期化し、該当 index の要素だけ上書きする content = {} content[selector_elems[-1]] = content_value selector = '.'.join(selector_elems[:-1]) else: # list ではない content = content_value selector = last_selector except Exception as e: traceback.print_exc() raise e contents = {} contents[language] = {selector: content} language_content = LanguageContent( created_by_ref=stip_identity, object_ref=object_ref, object_modified=object_['modified'], contents=contents) bundle.objects.append(language_content) # viaを取得 via = Vias.get_via_rest_api_upload(uploader=ctirs_auth_user.id) community = Communities.get_default_community() # stixファイルを一時ファイルに出力 stix_file_path = tempfile.mktemp(suffix='.json') with open(stix_file_path, 'wb+') as fp: fp.write(bundle.serialize(indent=4, ensure_ascii=False)).encode() # 登録処理 regist(stix_file_path, community, via) resp = get_normal_response_json() bundle_json = json.loads(str(bundle)) resp['data'] = {'bundle': bundle_json} return JsonResponse(resp, status=201, safe=False) except Exception as e: traceback.print_exc() return error(e)
def get_table_info(request): iDisplayLength = int(request.GET['iDisplayLength']) sEcho = request.GET['sEcho'] iDisplayStart = int(request.GET['iDisplayStart']) sSearch = request.GET['sSearch'] sort_col = int(request.GET['iSortCol_0']) sort_dir = request.GET['sSortDir_0'] order_query = None if sort_col == 1: order_query = 'produced' elif sort_col == 2: order_query = 'package_name' elif sort_col == 3: order_query = 'package_id' elif sort_col == 4: order_query = 'version' if order_query is not None: if sort_dir == 'desc': order_query = '-' + order_query s_input_communities = Communities.objects.filter(Q(name__icontains=sSearch)) s_via_choices = Vias.get_search_via_choices(sSearch) s_uploaders = [] for uploader in STIPUser.objects.filter(QQ(screen_name__icontains=sSearch) | QQ(username__icontains=sSearch)): s_uploaders.append(uploader.id) s_vias = Vias.objects.filter(Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders) | Q(adapter_name__icontains=sSearch)) objects = StixFiles.objects \ .filter( Q(package_name__icontains=sSearch) | Q(package_id__icontains=sSearch) | Q(version__icontains=sSearch) | Q(input_community__in=s_input_communities) | Q(via__in=s_vias) )\ .order_by(order_query) aaData = [] count = 0 for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]: l = [] l.append('<input type="checkbox" file_id="%s"/ class="delete-checkbox">' % (d.id)) l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S')) l.append(d.package_name) l.append(d.package_id) l.append(d.version) try: l.append(d.input_community.name) except DoesNotExist: l.append('<deleted>') l.append(d.via.get_via_display()) l.append(d.via.get_uploader_screen_name()) link_str = '' if d.version.startswith('1.'): link_str += '<a href="/list/download?id=%s&version=%s">STIX %s (Original)</a><br/>' % (d.id, d.version, d.version) link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id)) elif d.version == '2.0': link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id)) link_str += ('<a href="/list/download?id=%s&version=2.0">STIX 2.0 (Original)</a><br/>' % (d.id)) link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1</a>' % (d.id)) elif d.version == '2.1': link_str += ('<a href="/list/download?id=%s&version=1.2">STIX 1.2</a><br/>' % (d.id)) link_str += ('<a href="/list/download?id=%s&version=2.1">STIX 2.1 (Original)</a>' % (d.id)) l.append(link_str) if request.user.is_admin: l.append('<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" data-file-id="%s" data-package-name="%s" data-package-id="%s" title="Publish to.."></span></a>' % (d.id, d.package_name, d.package_id)) else: l.append('<span class="glyphicon glyphicon-ban-circle" disabled></span>') link_str = ('<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>' % (d.package_id)) l.append(link_str) aaData.append(l) count += 1 resp = {} all_count = StixFiles.objects.count() resp['iTotalRecords'] = all_count resp['iTotalDisplayRecords'] = objects.count() resp['sEcho'] = sEcho resp['aaData'] = aaData return JsonResponse(resp)
def get_table_info(request): #ajax parameter取得 iDisplayLength = int(request.GET['iDisplayLength']) sEcho = request.GET['sEcho'] iDisplayStart = int(request.GET['iDisplayStart']) sSearch = request.GET['sSearch'] sort_col = int(request.GET['iSortCol_0']) sort_dir = request.GET['sSortDir_0'] order_query = None if sort_col == 1: order_query = 'produced' elif sort_col == 2: order_query = 'package_name' elif sort_col == 3: order_query = 'package_id' elif sort_col == 4: order_query = 'version' if order_query is not None: #descが降順 if sort_dir == 'desc': order_query = '-' + order_query #検索対象のcommunity s_input_communities = Communities.objects.filter( Q(name__icontains=sSearch)) #検索対象のvia_choice s_via_choices = Vias.get_search_via_choices(sSearch) #検索対象のUploader s_uploaders = [] for uploader in STIPUser.objects.filter( QQ(screen_name__icontains=sSearch) | QQ(username__icontains=sSearch)): s_uploaders.append(uploader.id) #検索対象のvias #viaとuploaderとadapter_nameが検索時対象 s_vias = Vias.objects.filter( Q(via__in=s_via_choices) | Q(uploader__in=s_uploaders) | Q(adapter_name__icontains=sSearch)) #検索する objects = StixFiles.objects \ .filter( Q(package_name__icontains=sSearch) | Q(package_id__icontains=sSearch)| Q(version__icontains=sSearch)| Q(input_community__in=s_input_communities) | Q(via__in=s_vias) )\ .order_by(order_query) #検索結果から表示範囲のデータを抽出する aaData = [] count = 0 for d in objects[iDisplayStart:(iDisplayStart + iDisplayLength)]: l = [] l.append( '<input type="checkbox" file_id="%s"/ class="delete-checkbox">' % (d.id)) l.append(d.produced.strftime('%Y/%m/%d %H:%M:%S')) l.append(d.package_name) l.append(d.package_id) l.append(d.version) try: l.append(d.input_community.name) except DoesNotExist: #commmunityが削除されたなどの理由でない場合 l.append('<deleted>') l.append(d.via.get_via_display()) l.append(d.via.get_uploader_screen_name()) link_str = '<a href="/list/download?id=%s&version=%s">Original (%s)</a> ' % ( d.id, d.version, d.version) if d.version != '2.0': link_str += ( '<a href="/list/download?id=%s&version=2.0">Converted (2.0)</a>' % (d.id)) else: link_str += ( '<a href="/list/download?id=%s&version=1.2">Converted (1.2)</a>' % (d.id)) l.append(link_str) l.append( '<a><span class="glyphicon glyphicon-share-alt publish-share-alt-icon" file_id="%s" title="Publish to.."></span></a>' % (d.id)) if d.version.startswith('1.') == True: link_str = ( '<a><span class="glyphicon glyphicon-export misp-import-icon" package_id="%s" title="Import into MISP .."></span></a>' % (d.package_id)) else: link_str = ( '<span class="glyphicon glyphicon-remove-sign"></span>') l.append(link_str) aaData.append(l) count += 1 resp = {} all_count = StixFiles.objects.count() resp['iTotalRecords'] = all_count resp['iTotalDisplayRecords'] = objects.count() resp['sEcho'] = sEcho resp['aaData'] = aaData return JsonResponse(resp)
#oasis:stip_kago HTTP_AUTHORIZATION_VALUE = 'Basic b2FzaXM6c3RpcF9rYWdv' MAX_CONTENT_LENGTH = 10000000 API_ROOT_1 = 'api1' #TXSが登録するコミュニティの名前 _taxii2_community_name = 'taxii2' #TXSが登録するユーザー名 _taxii_publisher = 'admin' try: _community = Communities.objects.get(name=_taxii2_community_name) except: _community = None _via = Vias.get_via_taxii_publish(_taxii_publisher) def get_no_accept_json_data(message, error_id='To be determined', error_code='To be determined'): return { 'title': 'Incorrect Taxii Version', 'description': 'An incorrent Taxii version was used in the post', 'error_id': error_id, 'error_code': error_code, 'http_status': '406', 'external_details': message, 'details': { 'version': '1.0', }
def __init__(self, service_yaml_path, community_name, taxii_publisher, black_account_list, version_path): with open(service_yaml_path, 'r', encoding='utf-8') as fp: services = yaml.load(fp) try: with open(version_path, 'r', encoding='utf-8') as fp: version = fp.readline().strip() except IOError: version = 'No version information.' print('>>>>>: S-TIP TAXII Server Start: ' + str(version)) self.community = Communities.objects.get(name=community_name) self.via = Vias.get_via_taxii_publish(taxii_publisher) # opentaxii.taxii.entities.ServiceEntityのリスト作成 self.services = [] for service in services: id = service['id'] type_ = service['type'] del service['id'] del service['type'] self.services.append(ServiceEntity( type_, service, id=id)) # opentaxii.taxii.entities.CollectionEntityのリスト作成 self.collections = [] # collectionとserviceの連携を記録 self.service_to_collection = [] # account の blacklist を作成 if len(black_account_list) != 0: self.black_account_list = black_account_list.split(',') else: self.black_account_list = [] # print '>>>black_account_list :' +str(self.black_account_list) id = 0 for taxii_server in TaxiiServers.objects.all(): name = taxii_server.collection_name description = None type_ = 'DATA_FEED' volume = None accept_all_content = True supported_content = None available = True ce = CollectionEntity( name, str(id), description=description, type=type_, volume=volume, accept_all_content=accept_all_content, supported_content=supported_content, available=available) self.collections.append(ce) # service_idとcollection_idの関連を検索 service_ids = ['collection_management', 'poll', 'inbox'] for service_id in service_ids: for service in self.services: if service.id == service_id: d = {} d[service_id] = str(id) self.service_to_collection.append(d) id += 1