def dotransform(request, response, config):
try:
ttps = search_ttp(request.value)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
return response
else:
try:
for ttp in ttps:
if ttp.get('tcScore'):
weight = int(ttp.get('tcScore'))
else:
weight = 1
e = TTP(encode_to_utf8(ttp.get('title')), weight=weight)
e.title = encode_to_utf8(ttp.get('title'))
e.resourceId = ttp.get('id')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
try:
ttps = search_ttp(request.value)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
return response
else:
try:
for ttp in ttps:
if ttp.get('tcScore'):
weight = int(ttp.get('tcScore'))
else:
weight = 1
e = TTP(encode_to_utf8(ttp.get('title')), weight=weight)
e.title = encode_to_utf8(ttp.get('title'))
e.resourceId = ttp.get('id')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
incident = get_incident(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Show linked TTP's
if len(incident.get('tacticsTechniquesAndProcedures',
list())) is not 0:
for ttp in incident.get('tacticsTechniquesAndProcedures'):
if ttp.get('tcScore'):
weight = int(ttp.get('tcScore'))
else:
weight = 1
e = TTP(encode_to_utf8(ttp.get('title')),
weight=weight)
e.title = encode_to_utf8(ttp.get('title'))
e.resourceId = ttp.get('resourceId')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err),
type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
case = get_case(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Show linked TTP's
if len(case.get('tacticsTechniquesAndProcedures', list())) is not 0:
for ttp in case.get('tacticsTechniquesAndProcedures'):
if ttp.get('tcScore'):
weight = int(ttp.get('tcScore'))
else:
weight = 1
e = TTP(encode_to_utf8(ttp.get('title')), weight=weight)
e.title = encode_to_utf8(ttp.get('title'))
e.resourceId = ttp.get('resourceId')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
try:
results = search(request.value, size=10, pages=1)
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
for result in results:
rtype = lower(result.get('type'))
if result.get('tcScore'):
weight = int(result.get('tcScore'))
else:
weight = 1
# Title ID Description
if rtype == 'actor':
# Check Title, if no title get resource > name
# Actor entity can have an empty title field
if result.get('title'):
e = Actor(encode_to_utf8(result.get('title')), weight=weight)
else:
e = Actor(encode_to_utf8(result.get('resource', dict()).get('name')), weight=weight)
e.name = encode_to_utf8(result.get('resource', dict()).get('name'))
e.actor = encode_to_utf8(result.get('resource', dict()).get('name'))
elif rtype == 'case':
e = Case(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'coursesofactions':
e = CoursesOfAction(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'indicator':
e = Indicator(encode_to_utf8(result.get('title')), weight=weight)
elif rtype == 'incident':
e = Incident(encode_to_utf8(result.get('title')), weight=weight)
# elif rtype == 'tacticstechniquesandprocedures':
elif rtype == 'ttp':
e = TTP(encode_to_utf8(result.get('title')), weight=weight)
else:
# To be safe
e = Phrase(encode_to_utf8(result.get('title')), weight=weight)
debug(rtype)
e.title = encode_to_utf8(result.get('title'))
e.resourceId = result.get('id')
if result.get('description'):
e += Label('Description', '<br/>'.join(encode_to_utf8(result.get('description',
'')).split('\n')))
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err), type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response
def dotransform(request, response, config):
if 'ThreatCentral.resourceId' in request.fields:
try:
actor = get_actor(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Update entity?
e = Actor(request.value)
if actor.get('name'):
e.name = encode_to_utf8(actor.get('name'))
e.actor = encode_to_utf8(actor.get('name'))
e.title = encode_to_utf8(actor.get('title'))
e.resourceId = actor.get('resourceId')
if actor.get('organization'):
e.organization = encode_to_utf8(actor.get('organization'))
if actor.get('aliases'):
e.aliases = actor.get('aliases')
if actor.get('country'):
e.country = encode_to_utf8(
actor.get('country', dict()).get('displayName'))
if actor.get('score'):
e.score = actor.get('score')
if actor.get('links'):
e += Label(
'Links', '<br/>'.join([
'<a href="{}">{}</a>'.format(
_.get('href'), _.get('href'))
for _ in actor.get('links')
]))
if actor.get('hyperlinks'):
e += Label(
'Hyperlinks', '<br/>'.join([
'<a href="{}">{}</a>'.format(
_.get('url'), _.get('title'))
for _ in actor.get('hyperlinks')
]))
if actor.get('title'):
e += Label('Title', encode_to_utf8(actor.get('title')))
if actor.get('resourceId'):
e += Label('ResourceID', actor.get('resourceId'))
if actor.get('aliases'):
e += Label(
'Aliases', '<br/>'.join([
encode_to_utf8(_)
for _ in actor.get('aliases', '')
]))
if actor.get('description'):
e += Label(
'Description', '<br/>'.join(
encode_to_utf8(actor.get('description',
'')).split('\n')))
if actor.get('country'):
e += Label(
'Country',
encode_to_utf8(
actor.get('country', dict()).get('displayName')))
if actor.get('organization'):
e += Label('Organization',
encode_to_utf8(actor.get('organization')))
if actor.get('types'):
e += Label(
'Types', '<br/>'.join([
encode_to_utf8(_.get('displayName'))
for _ in actor.get('types')
]))
if actor.get('motivations'):
e += Label(
'Motivations', '<br/>'.join([
encode_to_utf8(_.get('displayName'))
for _ in actor.get('motivations')
]))
if actor.get('intendedEffects'):
e += Label(
'Intended Effects', '<br/>'.join([
encode_to_utf8(_.get('displayName'))
for _ in actor.get('intendedEffects')
]))
if actor.get('sophistication'):
e += Label(
'Sophistication',
encode_to_utf8(
actor.get('sophistication',
dict()).get('displayName')))
if actor.get('socialMediaText'):
e += Label(
'Social Media', '<br/>'.join(
encode_to_utf8(actor.get('socialMediaText',
'')).split('\n')))
if actor.get('moreInfo'):
e += Label(
'More Info', '<br/>'.join(
encode_to_utf8(actor.get('moreInfo',
'')).split('\n')))
if actor.get('score'):
e += Label('Score', actor.get('score'))
response += e
# Add entities
# Show linked TTP's
if len(actor.get('tacticsTechniquesAndProcedures',
list())) is not 0:
for ttp in actor.get('tacticsTechniquesAndProcedures'):
if ttp.get('tcScore'):
weight = int(actor.get('tcScore'))
else:
weight = 1
e = TTP(encode_to_utf8(ttp.get('title')),
weight=weight)
e.title = encode_to_utf8(ttp.get('title'))
e.resourceId = ttp.get('resourceId')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err))
except TypeError:
return response
return response
try:
case = get_case(request.fields['ThreatCentral.resourceId'])
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
else:
try:
# Show linked TTP's
if len(case.get('tacticsTechniquesAndProcedures',
list())) is not 0:
for ttp in case.get('tacticsTechniquesAndProcedures'):
if ttp.get('tcScore'):
weight = int(ttp.get('tcScore'))
else:
weight = 1
e = TTP(encode_to_utf8(ttp.get('title')),
weight=weight)
e.title = encode_to_utf8(ttp.get('title'))
e.resourceId = ttp.get('resourceId')
response += e
except AttributeError as err:
response += UIMessage('Error: {}'.format(err),
type='PartialError')
except ThreatCentralError as err:
response += UIMessage(err.value, type='PartialError')
except TypeError:
return response
return response