def get(request):
if request.method != 'GET':
return error_page_free_format(request,'invalid method')
#activeユーザー以外はエラー
if request.user.is_active == False:
return error_page_inactive(request)
try:
start_str = get_adapter_misp_get_start_date(request)
end_str = get_adapter_misp_get_end_date(request)
try:
start_date = _get_datetime_from_str(start_str)
except:
#parse不能時は指定なしと同義
start_date = None
try:
end_date = _get_datetime_from_str(end_str)
except:
#parse不能時は指定なしと同義
end_date = None
count = misp.get_misp_stix(from_dt=start_date,to_dt=end_date,identity=MispAdapter.get().identity)
#レンダリング
replace_dict = get_replace_dict()
replace_dict['info_msg_get'] = 'Get by Misp Adapter successfully!! (Get %d stix files.)' % (count)
return render(request,'misp.html',replace_dict)
except Exception:
#エラーページ
return error_page(request)
def __init__(self):
misp_conf = MispAdapter.get()
url = misp_conf.url
scheme = urlparse.urlparse(url).scheme
host = urlparse.urlparse(url).hostname
url = '%s://%s/%s' % (scheme, host, 'events')
self.py_misp = PyMISP(url=url, key=misp_conf.apikey, ssl=False)
return
def remove_job(self, job_id):
# MispAdapter の jobs から job 削除
misp = MispAdapter.get()
misp.remove_job(job_id)
# スケジューラから job 削除
schedule_job = ScheduleJobs.objects.get(id=job_id)
self._schedule.remove_job(schedule_job)
# mongo の schedule_jobs から schedule_job 削除
schedule_job.remove()
def get_misp_dict(replace_dict):
replace_dict['misp'] = MispAdapter.get()
#communityが削除されている場合はNoneを格納する
try:
if replace_dict['misp'].community is None:
replace_dict['misp'].community = None
except DoesNotExist:
replace_dict['misp'].community = None
return replace_dict
def resume_job(self, job_id):
schedule_job = ScheduleJobs.objects.get(id=job_id)
if schedule_job in MispAdapter.get().jobs:
if schedule_job.status == ScheduleJobs.STATUS_STOP:
pass
else:
print('already working.')
return
else:
raise Exception('invalid job_id')
self._schedule.resume_job(schedule_job)
def get_misp_stix(self,
from_dt=None,
to_dt=None,
identity=default_identity_name):
# identity を更新
self.mc.identity_name = identity
# misp アダプタの設定を取得
misp_conf = MispAdapter.get()
url = misp_conf.url
stix_id_prefix = misp_conf.stix_id_prefix
apikey = misp_conf.apikey
published_only = misp_conf.published_only
# 登録情報を取得
community = misp_conf.community
uploader = misp_conf.uploader
via = Vias.get_via_adapter_misp(uploader)
# mispから取得
try:
if url[-1] != '/':
url += '/'
url = url + 'events/xml/download.json'
md = MISPDownloader(url, apikey)
text = md.get(from_dt=from_dt, to_dt=to_dt)
if text is None:
return 0
stix_packages = self.mc.convert(text=text.encode(),
published_only=published_only,
stix_id_prefix=stix_id_prefix)
except Exception as e:
traceback.print_exc()
raise e
# last_requested更新
misp_conf.modify_last_requested()
count = 0
# ひとつずつ取得する
for stix_package in stix_packages:
try:
# stix一つごとに登録処理
# 取得したSTIXを登録
try:
StixFiles.objects.get(package_id=stix_package.id_)
except DoesNotExist:
# 存在しない場合は登録する
_regist_stix(stix_package.to_xml(), community, via)
count += 1
except Exception as e:
# エラーが発生した場合はログを表示して処理は実行する
traceback.print_exc()
# 件数を返却
return count
def pause_job(self, job_id):
schedule_job = ScheduleJobs.objects.get(id=job_id)
if schedule_job in MispAdapter.get().jobs:
if schedule_job.status == ScheduleJobs.STATUS_IN_OPERATION:
pass
else:
print('not yet start.')
return
else:
raise Exception('invalid job_id')
return
self._schedule.pause_job(schedule_job)
def get_misp_stix(self, from_dt=None, to_dt=None):
# misp アダプタの設定を取得
misp_conf = MispAdapter.get()
url = misp_conf.url
apikey = misp_conf.apikey
published_only = misp_conf.published_only
if misp_conf.stix_version.startswith('1.'):
stix_version = 'stix'
else:
stix_version = 'stix2'
# 登録情報を取得
community = misp_conf.community
uploader = misp_conf.uploader
via = Vias.get_via_adapter_misp(uploader)
# mispから取得
try:
if url[-1] != '/':
url += '/'
url = url + 'events/restSearch'
md = MISPDownloader(url, apikey)
stix_packages = md.get(from_dt=from_dt,
to_dt=to_dt,
published_only=published_only,
stix_version=stix_version)
except Exception as e:
traceback.print_exc()
raise e
# last_requested更新
misp_conf.modify_last_requested()
if stix_packages is None:
return 0
count = 0
# ひとつずつ取得する
for stix_package in stix_packages:
try:
if misp_conf.stix_version.startswith('1.'):
regist_flag = self._regist_12(stix_package, community, via)
elif misp_conf.stix_version.startswith('2.'):
regist_flag = self._regist_20(stix_package, community, via)
if regist_flag:
count += 1
except Exception:
# エラーが発生した場合はログを表示して処理は実行する
traceback.print_exc()
# 件数を返却
return count
def misp_common_render(request, info_msg=None, error_msg=None):
try:
replace_dict = get_common_replace_dict(request)
# mongo から misp 情報を取得
ma = MispAdapter.get()
replace_dict['misp'] = ma
if info_msg is not None:
replace_dict['interval_info_msg'] = info_msg
if error_msg is not None:
replace_dict['interval_error_msg'] = error_msg
# レンダリング
return render(request, 'misp_detail.html', replace_dict)
except Exception:
# エラーページ
return error_page(request)
def __init__(self):
misp_conf = MispAdapter.get()
url = misp_conf.url
scheme = urllib.parse.urlparse(url).scheme
host = urllib.parse.urlparse(url).hostname
port = urllib.parse.urlparse(url).port
if port:
url = '%s://%s:%d/%s' % (scheme, host, port, 'events')
else:
url = '%s://%s/%s' % (scheme, host, 'events')
self.py_misp = PyMISP(url=url,
key=misp_conf.apikey,
ssl=False,
proxies=System.get_request_proxies())
return
def share_misp(request):
try:
if request.method != 'GET':
return HttpResponseNotAllowed(['GET'])
package_id = get_package_id_from_get_argument(request)
mc = MispUploadAdapterControl()
j = mc.upload_misp(package_id)
event_id = j['Event']['id']
misp_conf = MispAdapter.get()
tmp_url = misp_conf.url
if tmp_url[-1] != '/':
tmp_url += '/'
url = '%sevents/view/%s' % (tmp_url, event_id)
r = {}
r['url'] = url
return JsonResponse(r, safe=False)
except Exception as e:
import traceback
traceback.print_exc()
return error(e)