def dotransform(request, response, config): try: incidents = get_linked_incidents(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response except KeyError: response += UIMessage("No resourceId!", type='PartialError') return response else: try: for incident in incidents: if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentCategory', list())])) if len(incident.get('affectedAsset', list())) is not 0: e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('affectedAsset', list())])) if len(incident.get('incidentEffect', list())) is not 0: e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentEffect', list())])) if len(incident.get('discoveryMethod', list())) is not 0: e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('discoveryMethod', list())])) if incident.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: incidents = search_incident(request.value) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') return response else: try: for incident in incidents: if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 incident = incident.get('resource') if incident: e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') # e.resourceId = incident.get('id') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label('Incident Category', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentCategory', list())])) if len(incident.get('affectedAsset', list())) is not 0: e += Label('Affected Asset', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('affectedAsset', list())])) if len(incident.get('incidentEffect', list())) is not 0: e += Label('Incident Effect', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('incidentEffect', list())])) if len(incident.get('discoveryMethod', list())) is not 0: e += Label('Discovery Method', '<br/>'.join([encode_to_utf8(_.get('displayName')) for _ in incident.get('discoveryMethod', list())])) if incident.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(incident.get('description') ).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
def dotransform(request, response, config): try: results = search(request.value, size=10, pages=1) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: for result in results: rtype = lower(result.get('type')) if result.get('tcScore'): weight = int(result.get('tcScore')) else: weight = 1 # Title ID Description if rtype == 'actor': # Check Title, if no title get resource > name # Actor entity can have an empty title field if result.get('title'): e = Actor(encode_to_utf8(result.get('title')), weight=weight) else: e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight) e.name = encode_to_utf8(result.get('resource', dict()).get('name')) e.actor = encode_to_utf8(result.get('resource', dict()).get('name')) elif rtype == 'case': e = Case(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'coursesofactions': e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'indicator': e = Indicator(encode_to_utf8(result.get('title')), weight=weight) elif rtype == 'incident': e = Incident(encode_to_utf8(result.get('title')), weight=weight) # elif rtype == 'tacticstechniquesandprocedures': elif rtype == 'ttp': e = TTP(encode_to_utf8(result.get('title')), weight=weight) else: # To be safe e = Phrase(encode_to_utf8(result.get('title')), weight=weight) debug(rtype) e.title = encode_to_utf8(result.get('title')) e.resourceId = result.get('id') if result.get('description'): e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description', '')).split('\n'))) response += e except AttributeError as err: response += UIMessage('Error: {}'.format(err), type='PartialError') except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') except TypeError: return response return response
if 'ThreatCentral.resourceId' in request.fields: try: case = get_case(request.fields['ThreatCentral.resourceId']) except ThreatCentralError as err: response += UIMessage(err.value, type='PartialError') else: try: # Show incidents if len(case.get('incidents', list())) is not 0: for incident in case.get('incidents'): if incident.get('tcScore'): weight = int(incident.get('tcScore')) else: weight = 1 e = Incident(encode_to_utf8(incident.get('title')), weight=weight) e.title = encode_to_utf8(incident.get('title')) e.resourceId = incident.get('resourceId') e.reportedOn = incident.get('reportedOn') e += Label('Reported On', incident.get('reportedOn')) if len(incident.get('incidentCategory', list())) is not 0: e += Label( 'Incident Category', '<br/>'.join([ encode_to_utf8(_.get('displayName')) for _ in incident.get( 'incidentCategory', list()) ])) if len(incident.get('affectedAsset', list())) is not 0: