def dotransform(request, response, config):
try:
incidents = get_linked_incidents(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
return response
except KeyError:
response += UIMessage("No resourceId!", type='PartialError')
return response
else:
try:
for incident in incidents:
if incident.get('tcScore'):
weight = int(incident.get('tcScore'))
else:
weight = 1
e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
e.title = encode_to_utf8(incident.get('title'))
e.resourceId = incident.get('resourceId')
e.reportedOn = incident.get('reportedOn')
e += Label('Reported On', incident.get('reportedOn'))
if len(incident.get('incidentCategory', list())) is not 0:
e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('incidentCategory',
list())]))
if len(incident.get('affectedAsset', list())) is not 0:
e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('affectedAsset', list())]))
if len(incident.get('incidentEffect', list())) is not 0:
e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('incidentEffect', list())]))
if len(incident.get('discoveryMethod', list())) is not 0:
e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('discoveryMethod', list())]))
if incident.get('description'):
e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
try:
incidents = search_incident(request.value)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
return response
else:
try:
for incident in incidents:
if incident.get('tcScore'):
weight = int(incident.get('tcScore'))
else:
weight = 1
incident = incident.get('resource')
if incident:
e = Incident(encode_to_utf8(incident.get('title')), weight=weight)
e.title = encode_to_utf8(incident.get('title'))
e.resourceId = incident.get('resourceId')
# e.resourceId = incident.get('id')
e.reportedOn = incident.get('reportedOn')
e += Label('Reported On', incident.get('reportedOn'))
if len(incident.get('incidentCategory', list())) is not 0:
e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('incidentCategory',
list())]))
if len(incident.get('affectedAsset', list())) is not 0:
e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('affectedAsset', list())]))
if len(incident.get('incidentEffect', list())) is not 0:
e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('incidentEffect', list())]))
if len(incident.get('discoveryMethod', list())) is not 0:
e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName'))
for _ in incident.get('discoveryMethod', list())]))
if incident.get('description'):
e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description')
).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
try:
results = search(request.value, size=10, pages=1)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
for result in results:
rtype = lower(result.get('type'))
if result.get('tcScore'):
weight = int(result.get('tcScore'))
else:
weight = 1
# Title ID Description
if rtype == 'actor':
# Check Title, if no title get resource > name
# Actor entity can have an empty title field
if result.get('title'):
e = Actor(encode_to_utf8(result.get('title')), weight=weight)
else:
e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight)
e.name = encode_to_utf8(result.get('resource', dict()).get('name'))
e.actor = encode_to_utf8(result.get('resource', dict()).get('name'))
elif rtype == 'case':
e = Case(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'coursesofactions':
e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'indicator':
e = Indicator(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'incident':
e = Incident(encode_to_utf8(result.get('title')), weight=weight)
# elif rtype == 'tacticstechniquesandprocedures':
elif rtype == 'ttp':
e = TTP(encode_to_utf8(result.get('title')), weight=weight)
else:
# To be safe
e = Phrase(encode_to_utf8(result.get('title')), weight=weight)
debug(rtype)
e.title = encode_to_utf8(result.get('title'))
e.resourceId = result.get('id')
if result.get('description'):
e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description',
'')).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
if 'ThreatCentral.resourceId' in request.fields:
try:
case = get_case(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Show incidents
if len(case.get('incidents', list())) is not 0:
for incident in case.get('incidents'):
if incident.get('tcScore'):
weight = int(incident.get('tcScore'))
else:
weight = 1
e = Incident(encode_to_utf8(incident.get('title')),
weight=weight)
e.title = encode_to_utf8(incident.get('title'))
e.resourceId = incident.get('resourceId')
e.reportedOn = incident.get('reportedOn')
e += Label('Reported On', incident.get('reportedOn'))
if len(incident.get('incidentCategory',
list())) is not 0:
e += Label(
'Incident Category', '<br/>'.join([
encode_to_utf8(_.get('displayName'))
for _ in incident.get(
'incidentCategory', list())
]))
if len(incident.get('affectedAsset', list())) is not 0:
