def email_address_add_update(address, description=None, source=None, method='', reference='', analyst=None, datasets=None, bucket_list=None, ticket=None, is_validate_only=False, cache={}, related_id=None, related_type=None, relationship_type=None): retVal = {} if not source: return {"success" : False, "message" : "Missing source information."} # Parse out the e-mail address. Return an error if it looks invalid, (aka missing the @, has whitespace, etc) try: if ' ' in address: raise ValueError local_name, domain_part = address.strip().split('@', 1) if len(local_name) == 0 or len(domain_part) == 0: raise ValueError # lowercase the domain name and recreate the e-mail address address = '@'.join([local_name, domain_part.lower()]) except ValueError: return {'success': False, 'message': "Invalid Email Address Format"} is_item_new = False email_object = None cached_results = cache.get(form_consts.EmailAddress.CACHED_RESULTS) if cached_results != None: email_object = cached_results.get(address) else: email_object = EmailAddress.objects(address=address).first() if not email_object: email_object = EmailAddress() email_object.address = address email_object.description = description email_object.local_name = local_name email_object.domain = domain_part.lower() is_item_new = True if cached_results != None: cached_results[address] = email_object if not email_object.description: email_object.description = description or '' elif email_object.description != description: if description: email_object.description += "\n" + (description or '') if isinstance(source, basestring): source = [create_embedded_source(source, reference=reference, method=method, analyst=analyst)] if source: for s in source: email_object.add_source(s) else: return {"success" : False, "message" : "Missing source information."} if bucket_list: email_object.add_bucket_list(bucket_list, analyst) if ticket: email_object.add_ticket(ticket, analyst) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal resp_url = reverse('cripts.email_addresses.views.email_address_detail', args=[email_object.address]) if is_validate_only == False: email_object.save(username=analyst) #set the URL for viewing the new data if is_item_new == True: # Update the email stats counts = mongo_connector(settings.COL_COUNTS) count_stats = counts.find_one({'name': 'counts'}) if not count_stats or ('counts' not in count_stats): count_stats = {'counts':{}} if 'Email Addresses' not in count_stats['counts']: count_stats['counts']['Email Addresses'] = 0 else: count_stats['counts']['Email Addresses'] = count_stats['counts']['Email Addresses'] + 1 counts.update({'name': "counts"}, {'$set': {'counts': count_stats['counts']}}, upsert=True) retVal['message'] = ('Success! Click here to view the new Email: ' '<a href="%s">%s</a>' % (resp_url, email_object.address)) else: message = ('Updated existing Email: ' '<a href="%s">%s</a>' % (resp_url, email_object.address)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message elif is_validate_only == True: if email_object.id != None and is_item_new == False: message = ('Warning: Email already exists: ' '<a href="%s">%s</a>' % (resp_url, email_object.address)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message if related_obj and email_object and relationship_type: relationship_type=RelationshipTypes.inverse(relationship=relationship_type) email_object.add_relationship(related_obj, relationship_type, analyst=analyst, get_rels=False) email_object.save(username=analyst) # run email triage if is_item_new and is_validate_only == False: email_object.reload() run_triage(email_object, analyst) retVal['success'] = True retVal['object'] = email_object return retVal
def add_new_event(title, description, event_type, source, method, reference, date, analyst, bucket_list=None, ticket=None, related_id=None, related_type=None, relationship_type=None): """ Add a new Event to CRIPTs. :param title: Event title. :type title: str :param description: Event description. :type description: str :param event_type: Event type. :type event_type: str :param source: The source which provided this information. :type source: str :param method: THe method of acquiring this information. :type method: str :param reference: Reference to this data. :type reference: str :param date: Date of acquiring this data. :type date: datetime.datetime :param analyst: The user adding this Event. :type analyst: str :param bucket_list: The bucket(s) to associate with this Event. :type: str :param ticket: Ticket to associate with this event. :type ticket: str :param related_id: ID of object to create relationship with :type related_id: str :param related_type: Type of object to create relationship with :type related_type: str :param relationship_type: Type of relationship to create. :type relationship_type: str :returns: dict with keys "success" (boolean) and "message" (str) """ result = dict() if not source: return {'success': False, 'message': "Missing source information."} event = Event() event.title = title event.description = description event.set_event_type(event_type) s = create_embedded_source(name=source, reference=reference, method=method, analyst=analyst, date=date) event.add_source(s) if bucket_list: event.add_bucket_list(bucket_list, analyst) if ticket: event.add_ticket(ticket, analyst) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal try: event.save(username=analyst) if related_obj and event and relationship_type: relationship_type = RelationshipTypes.inverse( relationship=relationship_type) event.add_relationship(related_obj, relationship_type, analyst=analyst, get_rels=False) event.save(username=analyst) # run event triage event.reload() run_triage(event, analyst) message = ('<div>Success! Click here to view the new event: <a href=' '"%s">%s</a></div>' % (reverse('cripts.events.views.view_event', args=[event.id ]), title)) result = { 'success': True, 'message': message, 'id': str(event.id), 'object': event } except ValidationError, e: result = {'success': False, 'message': e}
def username_add_update(name, description, source=None, method='', reference='', analyst=None, datasets=None, bucket_list=None, ticket=None, is_validate_only=False, cache={}, related_id=None, related_type=None, relationship_type=None): retVal = {} if not source: return {"success" : False, "message" : "Missing source information."} is_item_new = False username_object = None cached_results = cache.get(form_consts.UserName.CACHED_RESULTS) if cached_results != None: username_object = cached_results.get(username) else: username_object = UserName.objects(name=name).first() if not username_object: username_object = UserName() username_object.name = name username_object.description = description is_item_new = True if cached_results != None: cached_results[username] = username_object if not username_object.description: username_object.description = description or '' elif username_object.description != description: username_object.description += "\n" + (description or '') if isinstance(source, basestring): source = [create_embedded_source(source, reference=reference, method=method, analyst=analyst)] if source: for s in source: username_object.add_source(s) else: return {"success" : False, "message" : "Missing source information."} if bucket_list: username_object.add_bucket_list(bucket_list, analyst) if ticket: username_object.add_ticket(ticket, analyst) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal resp_url = reverse('cripts.usernames.views.username_detail', args=[username_object.username_id]) if is_validate_only == False: username_object.save(username=analyst) #set the URL for viewing the new data if is_item_new == True: # Update the username stats counts = mongo_connector(settings.COL_COUNTS) count_stats = counts.find_one({'name': 'counts'}) if not count_stats or ('counts' not in count_stats): count_stats = {'counts':{}} if 'UserNames' not in count_stats['counts']: count_stats['counts']['UserNames'] = 0 else: count_stats['counts']['UserNames'] = count_stats['counts']['UserNames'] + 1 counts.update({'name': "counts"}, {'$set': {'counts': count_stats['counts']}}, upsert=True) retVal['message'] = ('Success! Click here to view the new UserName: '******'<a href="%s">%s</a>' % (resp_url, username_object.name)) else: message = ('Updated existing UserName: '******'<a href="%s">%s</a>' % (resp_url, username_object.name)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message elif is_validate_only == True: if username_object.id != None and is_item_new == False: message = ('Warning: UserName already exists: ' '<a href="%s">%s</a>' % (resp_url, username_object.name)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message if related_obj and username_object and relationship_type: relationship_type=RelationshipTypes.inverse(relationship=relationship_type) username_object.add_relationship(related_obj, relationship_type, analyst=analyst, get_rels=False) username_object.save(username=analyst) # run username triage if is_item_new and is_validate_only == False: username_object.reload() run_triage(username_object, analyst) retVal['success'] = True retVal['object'] = username_object return retVal
def email_address_add_update(address, description=None, source=None, method='', reference='', analyst=None, datasets=None, bucket_list=None, ticket=None, is_validate_only=False, cache={}, related_id=None, related_type=None, relationship_type=None): retVal = {} if not source: return {"success": False, "message": "Missing source information."} # Parse out the e-mail address. Return an error if it looks invalid, (aka missing the @, has whitespace, etc) try: if ' ' in address: raise ValueError local_name, domain_part = address.strip().split('@', 1) if len(local_name) == 0 or len(domain_part) == 0: raise ValueError # lowercase the domain name and recreate the e-mail address address = '@'.join([local_name, domain_part.lower()]) except ValueError: return {'success': False, 'message': "Invalid Email Address Format"} is_item_new = False email_object = None cached_results = cache.get(form_consts.EmailAddress.CACHED_RESULTS) if cached_results != None: email_object = cached_results.get(address) else: email_object = EmailAddress.objects(address=address).first() if not email_object: email_object = EmailAddress() email_object.address = address email_object.description = description email_object.local_name = local_name email_object.domain = domain_part.lower() is_item_new = True if cached_results != None: cached_results[address] = email_object if not email_object.description: email_object.description = description or '' elif email_object.description != description: if description: email_object.description += "\n" + (description or '') if isinstance(source, basestring): source = [ create_embedded_source(source, reference=reference, method=method, analyst=analyst) ] if source: for s in source: email_object.add_source(s) else: return {"success": False, "message": "Missing source information."} if bucket_list: email_object.add_bucket_list(bucket_list, analyst) if ticket: email_object.add_ticket(ticket, analyst) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal resp_url = reverse('cripts.email_addresses.views.email_address_detail', args=[email_object.address]) if is_validate_only == False: email_object.save(username=analyst) #set the URL for viewing the new data if is_item_new == True: # Update the email stats counts = mongo_connector(settings.COL_COUNTS) count_stats = counts.find_one({'name': 'counts'}) if not count_stats or ('counts' not in count_stats): count_stats = {'counts': {}} if 'Email Addresses' not in count_stats['counts']: count_stats['counts']['Email Addresses'] = 0 else: count_stats['counts']['Email Addresses'] = count_stats[ 'counts']['Email Addresses'] + 1 counts.update({'name': "counts"}, {'$set': { 'counts': count_stats['counts'] }}, upsert=True) retVal['message'] = ('Success! Click here to view the new Email: ' '<a href="%s">%s</a>' % (resp_url, email_object.address)) else: message = ('Updated existing Email: ' '<a href="%s">%s</a>' % (resp_url, email_object.address)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message elif is_validate_only == True: if email_object.id != None and is_item_new == False: message = ('Warning: Email already exists: ' '<a href="%s">%s</a>' % (resp_url, email_object.address)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message if related_obj and email_object and relationship_type: relationship_type = RelationshipTypes.inverse( relationship=relationship_type) email_object.add_relationship(related_obj, relationship_type, analyst=analyst, get_rels=False) email_object.save(username=analyst) # run email triage if is_item_new and is_validate_only == False: email_object.reload() run_triage(email_object, analyst) retVal['success'] = True retVal['object'] = email_object return retVal
def add_new_event(title, description, event_type, source, method, reference, date, analyst, bucket_list=None, ticket=None, related_id=None, related_type=None, relationship_type=None): """ Add a new Event to CRIPTs. :param title: Event title. :type title: str :param description: Event description. :type description: str :param event_type: Event type. :type event_type: str :param source: The source which provided this information. :type source: str :param method: THe method of acquiring this information. :type method: str :param reference: Reference to this data. :type reference: str :param date: Date of acquiring this data. :type date: datetime.datetime :param analyst: The user adding this Event. :type analyst: str :param bucket_list: The bucket(s) to associate with this Event. :type: str :param ticket: Ticket to associate with this event. :type ticket: str :param related_id: ID of object to create relationship with :type related_id: str :param related_type: Type of object to create relationship with :type related_type: str :param relationship_type: Type of relationship to create. :type relationship_type: str :returns: dict with keys "success" (boolean) and "message" (str) """ result = dict() if not source: return {'success': False, 'message': "Missing source information."} event = Event() event.title = title event.description = description event.set_event_type(event_type) s = create_embedded_source(name=source, reference=reference, method=method, analyst=analyst, date=date) event.add_source(s) if bucket_list: event.add_bucket_list(bucket_list, analyst) if ticket: event.add_ticket(ticket, analyst) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal try: event.save(username=analyst) if related_obj and event and relationship_type: relationship_type=RelationshipTypes.inverse(relationship=relationship_type) event.add_relationship(related_obj, relationship_type, analyst=analyst, get_rels=False) event.save(username=analyst) # run event triage event.reload() run_triage(event, analyst) message = ('<div>Success! Click here to view the new event: <a href=' '"%s">%s</a></div>' % (reverse('cripts.events.views.view_event', args=[event.id]), title)) result = {'success': True, 'message': message, 'id': str(event.id), 'object': event} except ValidationError, e: result = {'success': False, 'message': e}
def username_add_update(name, description, source=None, method='', reference='', analyst=None, datasets=None, bucket_list=None, ticket=None, is_validate_only=False, cache={}, related_id=None, related_type=None, relationship_type=None): retVal = {} if not source: return {"success": False, "message": "Missing source information."} is_item_new = False username_object = None cached_results = cache.get(form_consts.UserName.CACHED_RESULTS) if cached_results != None: username_object = cached_results.get(username) else: username_object = UserName.objects(name=name).first() if not username_object: username_object = UserName() username_object.name = name username_object.description = description is_item_new = True if cached_results != None: cached_results[username] = username_object if not username_object.description: username_object.description = description or '' elif username_object.description != description: username_object.description += "\n" + (description or '') if isinstance(source, basestring): source = [ create_embedded_source(source, reference=reference, method=method, analyst=analyst) ] if source: for s in source: username_object.add_source(s) else: return {"success": False, "message": "Missing source information."} if bucket_list: username_object.add_bucket_list(bucket_list, analyst) if ticket: username_object.add_ticket(ticket, analyst) related_obj = None if related_id: related_obj = class_from_id(related_type, related_id) if not related_obj: retVal['success'] = False retVal['message'] = 'Related Object not found.' return retVal resp_url = reverse('cripts.usernames.views.username_detail', args=[username_object.username_id]) if is_validate_only == False: username_object.save(username=analyst) #set the URL for viewing the new data if is_item_new == True: # Update the username stats counts = mongo_connector(settings.COL_COUNTS) count_stats = counts.find_one({'name': 'counts'}) if not count_stats or ('counts' not in count_stats): count_stats = {'counts': {}} if 'UserNames' not in count_stats['counts']: count_stats['counts']['UserNames'] = 0 else: count_stats['counts'][ 'UserNames'] = count_stats['counts']['UserNames'] + 1 counts.update({'name': "counts"}, {'$set': { 'counts': count_stats['counts'] }}, upsert=True) retVal['message'] = ( 'Success! Click here to view the new UserName: '******'<a href="%s">%s</a>' % (resp_url, username_object.name)) else: message = ('Updated existing UserName: '******'<a href="%s">%s</a>' % (resp_url, username_object.name)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message elif is_validate_only == True: if username_object.id != None and is_item_new == False: message = ('Warning: UserName already exists: ' '<a href="%s">%s</a>' % (resp_url, username_object.name)) retVal['message'] = message retVal['status'] = form_consts.Status.DUPLICATE retVal['warning'] = message if related_obj and username_object and relationship_type: relationship_type = RelationshipTypes.inverse( relationship=relationship_type) username_object.add_relationship(related_obj, relationship_type, analyst=analyst, get_rels=False) username_object.save(username=analyst) # run username triage if is_item_new and is_validate_only == False: username_object.reload() run_triage(username_object, analyst) retVal['success'] = True retVal['object'] = username_object return retVal