def iocjson(iocid):
# if 'logged_in' in session:
response = ''
# get the IOC
ioc = dbsession.query(XMLIOC).filter_by(id = iocid).first()
if ioc is None:
return Response(status=404, response='This IOC does not exist', content_type='text/plain')
FLAT_MODE = (IOC_MODE == 'flat')
allowedElements = {}
IOCevaluatorList = ioc_modules.flatEvaluatorList if FLAT_MODE else ioc_modules.logicEvaluatorList
HASHevaluatorList = hash_modules.flatEvaluatorList if FLAT_MODE else hash_modules.logicEvaluatorList
evaluatorList = dict(IOCevaluatorList.items() + HASHevaluatorList.items())
for name, classname in evaluatorList.items():
allowedElements[name] = classname.evalList
content = base64.b64decode(ioc.xml_content)
# Parse it, filtering on allowed elements
oip = openiocparser.OpenIOCParser(content, allowedElements, FLAT_MODE, fromString=True)
oip.parse()
# Get the tree
tree = oip.getTree()
return Response(status=200, response=json.dumps(tree.json2(), indent=4), content_type='application/json')
def hostjson(hostid):
# if 'logged_in' in session:
response = ''
# Get the result
task, result = dbsession.query(Task, Result).filter(Result.id==hostid).join(Result, Task.id == Result.tache_id).first()
if task is None or result is None:
return Response(status=404, response='This host does not exist', content_type='text/plain')
# if not reachable, display error on the graph
if not result.smbreachable:
tab = {'name':task.ip, 'infected':True, 'children':[{'name':'This host could not be joined', 'infected': True}]}
return Response(status=200, response=json.dumps(tab), content_type='application/json')
# Get batch
batch = dbsession.query(Batch).filter_by(id = task.batch_id).first()
# Then profile
cp = dbsession.query(ConfigurationProfile).filter_by(id = batch.configuration_profile_id).first()
# The IOC list
if cp.ioc_list == '':
ioc_list = []
else:
ioc_list = [int(e) for e in cp.ioc_list.split(',')]
# And IOC detections
ioc_detections = dbsession.query(IOCDetection).filter_by(result_id = result.id).all()
# list of GUID per IOC
guids = {i:[] for i in ioc_list}
for iocd in ioc_detections:
guids[iocd.xmlioc_id].append(iocd.indicator_id)
tree = {'name':task.ip, 'children':[], 'infected': False}
for iocid in ioc_list:
ioc = dbsession.query(XMLIOC).filter_by(id = iocid).first()
FLAT_MODE = (IOC_MODE == 'flat')
allowedElements = {}
IOCevaluatorList = ioc_modules.flatEvaluatorList if FLAT_MODE else ioc_modules.logicEvaluatorList
HASHevaluatorList = hash_modules.flatEvaluatorList if FLAT_MODE else hash_modules.logicEvaluatorList
evaluatorList = dict(IOCevaluatorList.items() + HASHevaluatorList.items())
for name, classname in evaluatorList.items():
allowedElements[name] = classname.evalList
content = base64.b64decode(ioc.xml_content)
# Parse IOC
oip = openiocparser.OpenIOCParser(content, allowedElements, FLAT_MODE, fromString=True)
oip.parse()
# Build tree and infect it with the IOC detections
tmp = oip.getTree()
tmp.infect(guids[iocid])
tmp = tmp.json2()
tmptree = {'name':ioc.name, 'children': [tmp], 'infected': tmp['infected']}
tree['children'].append(tmptree)
# Get the infection up
tree['infected'] |= tmp['infected']
return Response(status=200, response=json.dumps(tree, indent=4), content_type='application/json')
