def cybox_observable(request, pk):
try:
observable = Observable.objects.get(pk=pk)
except Observable.DoesNotExist:
return HttpResponseNotFound("Observable not found!")
objects = get_object_for_observable(observable.observable_type, observable)
cybox_xml = None
if observable.observable_type == 'FileObjectType':
cybox_xml = cybox_file(observable, observable.observable_type, objects)
elif observable.observable_type == 'AddressObjectType':
cybox_xml = cybox_address(observable, observable.observable_type, objects)
elif observable.observable_type == 'URIObjectType':
cybox_xml = cybox_uri(observable, observable.observable_type, objects)
elif observable.observable_type == 'HTTPSessionObjectType':
cybox_xml = cybox_http(observable, observable.observable_type, objects)
### MISSING
# MutexObjectType
# CodeObjectType
# WindowsDriverObjectType
# LinkObjectType
# WindowsRegistryKeyObjectType
# EmailMessageObjectType
# DNSQueryObjectType
if cybox_xml:
return HttpResponse(cybox_xml.to_xml(), content_type="text/xml")
return HttpResponseNotFound("Object %s not handled!" % (observable.observable_type))
def observable(request, observable_id="1"):
""" details of a single observable
"""
context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []}
try:
observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related(
Prefetch('indicators'),
)
except Observable.DoesNotExist:
messages.error(request, 'The requested observable does not exist!')
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
if len(observable)<=0:
messages.warning(request, "No observable with the given ID exists in the system.")
else:
context['observable'] = observable[0]
context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace.last().namespace)
context['namespaces'] = Namespace.objects.all()
context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0])
# get related objects
for obj in context['objects']:
context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type))
context['related_observables'].append(obj.observables.all())
if len(context['related_observables'])<=0:
context['related_observables'].append(observable)
# check if observable is in a composition
for obs_comp in observable[0].observablecomposition_set.all():
context['related_observables'].append(obs_comp.observable_set.all())
# check object type specific settings
if observable[0].observable_type == 'FileObjectType':
context['custom'] = []
context['meta'] = []
context['hashes'] = []
context['active_tab'] = 'hashes'
for obj in context['objects']:
for custom in obj.file_custom.all():
context['custom'].append({'name': custom.property_name, 'value': custom.property_value})
context['active_tab'] = 'custom'
for meta in obj.file_meta.all():
if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0:
context['meta'].append({
'name': meta.file_name,
'path': meta.file_path,
'extension': meta.file_extension,
'size': meta.file_size
})
context['active_tab'] = 'meta'
if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256':
context['hashes'] = True
context['active_tab'] = 'hashes'
elif observable[0].observable_type == 'CompositionContainer':
### TODO: currently supports only single composition in observable
for composition in observable[0].compositions.all():
context['composition_id'] = composition.id
elif observable[0].observable_type == 'WindowsExecutableFileObjectType':
context['active_tab'] = 'winexeobj'
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
def observable(request, observable_id="1"):
""" details of a single observable
"""
context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []}
try:
observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related(
Prefetch('indicators'),
)
except Observable.DoesNotExist:
messages.error(request, 'The requested observable does not exist!')
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
if len(observable)<=0:
messages.warning(request, "No observable with the given ID exists in the system.")
else:
context['observable'] = observable[0]
context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace)
context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0])
# get related objects
for obj in context['objects']:
context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type))
context['related_observables'].append(obj.observables.all())
if len(context['related_observables'])<=0:
context['related_observables'].append(observable)
# check object type specific settings
if observable[0].observable_type == 'FileObjectType':
context['custom'] = []
context['meta'] = []
context['hashes'] = []
context['active_tab'] = 'hashes'
for obj in context['objects']:
for custom in obj.file_custom.all():
context['custom'].append({'name': custom.property_name, 'value': custom.property_value})
context['active_tab'] = 'custom'
for meta in obj.file_meta.all():
if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0:
context['meta'].append({
'name': meta.file_name,
'path': meta.file_path,
'extension': meta.file_extension,
'size': meta.file_size
})
context['active_tab'] = 'meta'
if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256':
context['hashes'] = True
context['active_tab'] = 'hashes'
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
