def __init__(self, username, item, *args, **kwargs):
"""
Initialize the form.
Populates form fields based on context object (item) and its related items.
The way the form fields are populated ensures that only STIXifyable / CybOXable
options are provided.
"""
kwargs.setdefault('label_suffix', ':')
super(TAXIIForm, self).__init__(*args, **kwargs)
sc = get_config('taxii_service')
# Avoid options that cause failure: set recipients to intersection of
# user's sources and the sources that have TAXII feeds configured
user_srcs = user_sources(username)
taxii_srcs = [crtfile.split(',')[0] for crtfile in sc['certfiles']]
self.fields['rcpts'].choices = [
(n, n) for n in set(user_srcs).intersection(taxii_srcs)
]
# populate all of the multi choice fields with valid options
# from the context CRITs object's related items.
for _type in get_supported_types(
): # TODO the hardcoded args to collect_objects should be revisited
collected = collect_objects(item._meta['crits_type'], item.id, 1,
100, 100, [_type], user_srcs)
field = forms.MultipleChoiceField(required=False, label=_type)
field.choices = filter_and_format_choices(collected, item, _type)
self.fields[_type] = field
def generate_anb_event_data(type_, cid, data, sources, r=0):
related_objects = collect_objects(type_, cid, sources, depth=1)
# Remove current object from the collected objects. The first time
# through this function we will have already put the event in and
# each subsequent run we will have just put another object in before
# recursing back into this function.
del related_objects[str(cid)]
for (obj_id, (obj_type, level, obj)) in related_objects.iteritems():
# If we've seen this object before, don't bother dealing with it.
if obj_id in data['seen_objects']:
continue
data['seen_objects'][obj_id] = obj
if obj_type == 'Email':
data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % (
cid, obj_id, obj.isodate, obj.sender, obj.subject,
obj.x_originating_ip, obj.x_mailer)
elif obj_type == 'Sample':
backdoor = obj.backdoor
if backdoor:
backdoor_name = obj.backdoor.name
else:
backdoor_name = "None"
data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % (
cid, obj_id, obj.md5, obj.mimetype, obj.filename,
backdoor_name)
for inner_obj in obj.obj:
data['objects'] += "%s,%s,%s\r\n" % (
obj_id, inner_obj.object_type, inner_obj.value)
elif obj_type == 'Indicator':
data['indicators'] += "%s,%s,%s,%s\r\n" % (cid, obj_id,
obj.ind_type, obj.value)
elif obj_type == 'IP':
data['ips'] += "%s,%s,%s,%s\r\n" % (cid, obj_id, obj.ip_type,
obj.ip)
elif obj_type == 'Domain':
data['domains'] += "%s,%s,%s,%s\r\n" % (
cid, obj_id, obj.record_type, obj.domain)
elif obj_type == 'Event':
data['events'] += "%s,%s,%s\r\n" % (cid, obj_id, obj.title)
# Recurse one more level, but go no further.
if r < 1:
generate_anb_event_data(obj_type, obj_id, data, sources, r=r + 1)
return data
def generate_anb_event_data(type_, cid, data, sources):
types = ['Email', 'Sample', 'Indicator', 'IP', 'Domain', 'Event']
related_objects = collect_objects(
type_,
cid,
1, # Depth limit
250, # Total limit
100, # Rel limit
types,
sources,
need_filedata=False)
for (obj_id, (obj_type, obj)) in related_objects.iteritems():
if obj_type == 'Email':
data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % (
cid, obj_id, obj.isodate, obj.sender, obj.subject,
obj.x_originating_ip, obj.x_mailer)
elif obj_type == 'Sample':
# Walk the relationships on this sample, see if it is related to
# a backdoor. Take the first backdoor that comes up, it may or
# may not be the versioned one.
backdoor_name = "None"
for rel in obj.relationships:
if rel.rel_type == 'Backdoor':
backdoor = Backdoor.objects(id=rel.object_id).first()
if backdoor and source_match(backdoor.source, sources):
backdoor_name = backdoor.name
break
data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % (
cid, obj_id, obj.md5, obj.mimetype, obj.filename,
backdoor_name)
for inner_obj in obj.obj:
data['objects'] += "%s,%s,%s\r\n" % (
obj_id, inner_obj.object_type, inner_obj.value)
elif obj_type == 'Indicator':
data['indicators'] += "%s,%s,%s,%s\r\n" % (cid, obj_id,
obj.ind_type, obj.value)
elif obj_type == 'IP':
data['ips'] += "%s,%s,%s,%s\r\n" % (cid, obj_id, obj.ip_type,
obj.ip)
elif obj_type == 'Domain':
data['domains'] += "%s,%s,%s,%s\r\n" % (
cid, obj_id, obj.record_type, obj.domain)
elif obj_type == 'Event':
data['events'] += "%s,%s,%s\r\n" % (cid, obj_id, obj.title)
return data
def __init__(self, username, item, *args, **kwargs):
"""
Initialize the form.
Populates form fields based on context object (item) and its related
items. The way the form fields are populated ensures that only
STIXifyable / CybOXable options are provided.
"""
kwargs.setdefault('label_suffix', ':')
super(TAXIISendForm, self).__init__(*args, **kwargs)
sc = get_config('taxii_service')
user_srcs = user_sources(username)
self.fields['rcpts'].choices = get_taxii_feeds(user_srcs)
# populate all of the multi choice fields with valid options
# from the context CRITs object's related items.
for _type in get_supported_types():
collected = collect_objects(item._meta['crits_type'], item.id,
1, sc['max_rels'], sc['max_rels'],
[_type], user_srcs, False)
field = forms.MultipleChoiceField(required=False, label=_type)
field.choices = filter_and_format_choices(collected, item, _type)
self.fields[_type] = field
def __init__(self, username, item, *args, **kwargs):
"""
Initialize the form.
Populates form fields based on context object (item) and its related
items. The way the form fields are populated ensures that only
STIXifyable / CybOXable options are provided.
"""
kwargs.setdefault('label_suffix', ':')
super(TAXIISendForm, self).__init__(*args, **kwargs)
sc = get_config('taxii_service')
user_srcs = user_sources(username)
self.fields['rcpts'].choices = get_taxii_feeds(user_srcs)
# populate all of the multi choice fields with valid options
# from the context CRITs object's related items.
for _type in get_supported_types():
collected = collect_objects(item._meta['crits_type'], item.id, 1,
sc['max_rels'], sc['max_rels'],
[_type], user_srcs, False)
field = forms.MultipleChoiceField(required=False, label=_type)
field.choices = filter_and_format_choices(collected, item, _type)
self.fields[_type] = field
def __init__(self, username, item, *args, **kwargs):
"""
Initialize the form.
Populates form fields based on context object (item) and its related items.
The way the form fields are populated ensures that only STIXifyable / CybOXable
options are provided.
"""
super(TAXIIForm, self).__init__(*args, **kwargs)
sc = get_config('taxii_service')
# Avoid options that cause failure: set recipients to intersection of
# user's sources and the sources that have TAXII feeds configured
user_srcs = user_sources(username)
taxii_srcs = [crtfile.split(',')[0] for crtfile in sc['certfiles']]
self.fields['rcpts'].choices = [(n, n) for n in set(user_srcs).intersection(taxii_srcs)]
# populate all of the multi choice fields with valid options
# from the context CRITs object's related items.
for _type in get_supported_types(): # TODO the hardcoded args to collect_objects should be revisited
collected = collect_objects(item._meta['crits_type'], item.id, 1, 100, 100, [_type], user_srcs)
field = forms.MultipleChoiceField(required=False, label=_type)
field.choices = filter_and_format_choices(collected, item, _type)
self.fields[_type] = field
def generate_anb_event_data(type_, cid, data, sources):
types = ['Email', 'Sample', 'Indicator', 'IP', 'Domain', 'Event']
related_objects = collect_objects(type_,
cid,
1, # Depth limit
250, # Total limit
100, # Rel limit
types,
sources,
need_filedata=False)
for (obj_id, (obj_type, obj)) in related_objects.iteritems():
if obj_type == 'Email':
data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.isodate,
obj.sender,
obj.subject,
obj.x_originating_ip,
obj.x_mailer)
elif obj_type == 'Sample':
# Walk the relationships on this sample, see if it is related to
# a backdoor. Take the first backdoor that comes up, it may or
# may not be the versioned one.
backdoor_name = "None"
for rel in obj.relationships:
if rel.rel_type == 'Backdoor':
backdoor = Backdoor.objects(id=rel.object_id).first()
if backdoor and source_match(backdoor.source, sources):
backdoor_name = backdoor.name
break
data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.md5,
obj.mimetype,
obj.filename,
backdoor_name)
for inner_obj in obj.obj:
data['objects'] += "%s,%s,%s\r\n" % (
obj_id,
inner_obj.object_type,
inner_obj.value)
elif obj_type == 'Indicator':
data['indicators'] += "%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.ind_type,
obj.value)
elif obj_type == 'IP':
data['ips'] += "%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.ip_type,
obj.ip)
elif obj_type == 'Domain':
data['domains'] += "%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.record_type,
obj.domain)
elif obj_type == 'Event':
data['events'] += "%s,%s,%s\r\n" % (
cid,
obj_id,
obj.title)
return data
def generate_anb_event_data(type_, cid, data, sources, r=0):
related_objects = collect_objects(type_, cid, sources, depth=1)
# Remove current object from the collected objects. The first time
# through this function we will have already put the event in and
# each subsequent run we will have just put another object in before
# recursing back into this function.
del related_objects[str(cid)]
for (obj_id, (obj_type, level, obj)) in related_objects.iteritems():
# If we've seen this object before, don't bother dealing with it.
if obj_id in data['seen_objects']:
continue
data['seen_objects'][obj_id] = obj
if obj_type == 'Email':
data['emails'] += "%s,%s,%s,%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.isodate,
obj.sender,
obj.subject,
obj.x_originating_ip,
obj.x_mailer)
elif obj_type == 'Sample':
backdoor = obj.backdoor
if backdoor:
backdoor_name = obj.backdoor.name
else:
backdoor_name = "None"
data['samples'] += "%s,%s,%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.md5,
obj.mimetype,
obj.filename,
backdoor_name)
for inner_obj in obj.obj:
data['objects'] += "%s,%s,%s\r\n" % (
obj_id,
inner_obj.object_type,
inner_obj.value)
elif obj_type == 'Indicator':
data['indicators'] += "%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.ind_type,
obj.value)
elif obj_type == 'IP':
data['ips'] += "%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.ip_type,
obj.ip)
elif obj_type == 'Domain':
data['domains'] += "%s,%s,%s,%s\r\n" % (
cid,
obj_id,
obj.record_type,
obj.domain)
elif obj_type == 'Event':
data['events'] += "%s,%s,%s\r\n" % (
cid,
obj_id,
obj.title)
# Recurse one more level, but go no further.
if r < 1:
generate_anb_event_data(obj_type, obj_id, data, sources, r=r + 1)
return data
