def add_actor(request):
"""
Add an Actor. Should be an AJAX POST.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
request.user._setup()
user = request.user
data = request.POST
form = AddActorForm(request.user, data)
if form.is_valid():
if user.has_access_to(ActorACL.WRITE):
cleaned_data = form.cleaned_data
name = cleaned_data['name']
aliases = cleaned_data['aliases']
description = cleaned_data['description']
source = cleaned_data['source_name']
reference = cleaned_data['source_reference']
method = cleaned_data['source_method']
tlp = cleaned_data['source_tlp']
campaign = cleaned_data['campaign']
confidence = cleaned_data['confidence']
bucket_list = cleaned_data.get(
form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
ticket = cleaned_data.get(form_consts.Common.TICKET_VARIABLE_NAME)
related_id = cleaned_data['related_id']
related_type = cleaned_data['related_type']
relationship_type = cleaned_data['relationship_type']
result = add_new_actor(name,
aliases=aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
source_tlp=tlp,
campaign=campaign,
confidence=confidence,
user=user,
bucket_list=bucket_list,
ticket=ticket,
related_id=related_id,
related_type=related_type,
relationship_type=relationship_type)
else:
result = {"success":False,
"message":"User does not have permission to add Actors."}
return HttpResponse(json.dumps(result,
default=json_handler),
content_type="application/json")
return HttpResponse(json.dumps({'success': False,
'form':form.as_table()}),
content_type="application/json")
return render(request, "error.html", {'error': 'Expected AJAX/POST'})
def obj_create(self, bundle, **kwargs):
"""
Handles creating Actors through the API.
:param bundle: Bundle containing the information to create the Actor.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse object.
"""
user = bundle.request.user
data = bundle.data
name = data.get('name', None)
aliases = data.get('aliases', '')
description = data.get('description', None)
source = data.get('source', None)
reference = data.get('reference', None)
method = data.get('method', None)
tlp = data.get('tlp', "amber")
campaign = data.get('campaign', None)
confidence = data.get('confidence', None)
bucket_list = data.get('bucket_list', None)
ticket = data.get('ticket', None)
if user.has_access_to(ActorACL.WRITE):
result = add_new_actor(name,
aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
source_tlp=tlp,
campaign=campaign,
confidence=confidence,
user=user,
bucket_list=bucket_list,
ticket=ticket)
else:
result = {
'success': False,
'message': 'User does not have permission to create Object.'
}
content = {
'return_code': 0,
'type': 'Actor',
'message': result.get('message', ''),
'id': result.get('id', '')
}
if result.get('id'):
url = reverse('api_dispatch_detail',
kwargs={
'resource_name': 'actors',
'api_name': 'v1',
'pk': result.get('id')
})
content['url'] = url
if not result['success']:
content['return_code'] = 1
self.crits_response(content)
def parse_threat_actors(self, threat_actors):
"""
Parse list of Threat Actors.
:param threat_actors: List of STIX ThreatActors.
:type threat_actors: List of STIX ThreatActors.
"""
from stix.threat_actor import ThreatActor
analyst = self.source_instance.analyst
for threat_actor in threat_actors: # for each STIX ThreatActor
try: # create CRITs Actor from ThreatActor
if isinstance(threat_actor, ThreatActor):
name = str(threat_actor.title)
description = str(threat_actor.description)
res = add_new_actor(name=name,
description=description,
source=[self.source],
analyst=analyst)
if res['success']:
sl = ml = tl = il = []
for s in threat_actor.sophistications:
v = get_crits_actor_tags(str(s.value))
if v:
sl.append(v)
update_actor_tags(res['id'], 'ActorSophistication', sl,
analyst)
for m in threat_actor.motivations:
v = get_crits_actor_tags(str(m.value))
if v:
ml.append(v)
update_actor_tags(res['id'], 'ActorMotivation', ml,
analyst)
for t in threat_actor.types:
v = get_crits_actor_tags(str(t.value))
if v:
tl.append(v)
update_actor_tags(res['id'], 'ActorThreatType', tl,
analyst)
for i in threat_actor.intended_effects:
v = get_crits_actor_tags(str(i.value))
if v:
il.append(v)
update_actor_tags(res['id'], 'ActorIntendedEffect', il,
analyst)
obj = Actor.objects(id=res['id']).first()
self.imported[threat_actor.id_] = (
Actor._meta['crits_type'], obj)
else:
self.failed.append(
(res['message'], type(threat_actor).__name__,
"")) # note for display in UI
except Exception, e:
self.failed.append((e.message, type(threat_actor).__name__,
"")) # note for display in UI
def obj_create(self, bundle, **kwargs):
"""
Handles creating Actors through the API.
:param bundle: Bundle containing the information to create the Actor.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse object.
"""
user = bundle.request.user
data = bundle.data
name = data.get('name', None)
aliases = data.get('aliases', '')
description = data.get('description', None)
source = data.get('source', None)
reference = data.get('reference', None)
method = data.get('method', None)
tlp = data.get('tlp', "amber")
campaign = data.get('campaign', None)
confidence = data.get('confidence', None)
bucket_list = data.get('bucket_list', None)
ticket = data.get('ticket', None)
if user.has_access_to(ActorACL.WRITE):
result = add_new_actor(name,
aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
source_tlp=tlp,
campaign=campaign,
confidence=confidence,
user=user,
bucket_list=bucket_list,
ticket=ticket)
else:
result = {'success':False,
'message':'User does not have permission to create Object.'}
content = {'return_code': 0,
'type': 'Actor',
'message': result.get('message', ''),
'id': result.get('id', '')}
if result.get('id'):
url = reverse('api_dispatch_detail',
kwargs={'resource_name': 'actors',
'api_name': 'v1',
'pk': result.get('id')})
content['url'] = url
if not result['success']:
content['return_code'] = 1
self.crits_response(content)
def parse_threat_actors(self, threat_actors):
"""
Parse list of Threat Actors.
:param threat_actors: List of STIX ThreatActors.
:type threat_actors: List of STIX ThreatActors.
"""
from stix.threat_actor import ThreatActor
analyst = self.source_instance.analyst
for threat_actor in threat_actors: # for each STIX ThreatActor
try: # create CRITs Actor from ThreatActor
if isinstance(threat_actor, ThreatActor):
name = str(threat_actor.title)
description = str(threat_actor.description)
res = add_new_actor(name=name,
description=description,
source=[self.source],
analyst=analyst)
if res['success']:
sl = ml = tl = il = []
for s in threat_actor.sophistications:
sl.append(str(s.value))
update_actor_tags(res['id'],
'ActorSophistication',
sl,
analyst)
for m in threat_actor.motivations:
ml.append(str(m.value))
update_actor_tags(res['id'],
'ActorMotivation',
ml,
analyst)
for t in threat_actor.types:
tl.append(str(t.value))
update_actor_tags(res['id'],
'ActorThreatType',
tl,
analyst)
for i in threat_actor.intended_effects:
il.append(str(i.value))
update_actor_tags(res['id'],
'ActorIntendedEffect',
il,
analyst)
obj = Actor.objects(id=res['id']).first()
self.imported.append((Actor._meta['crits_type'], obj))
else:
self.failed.append((res['message'],
type(threat_actor).__name__,
"")) # note for display in UI
except Exception, e:
self.failed.append((e.message, type(threat_actor).__name__,
"")) # note for display in UI
def add_actor(request):
"""
Add an Actor. Should be an AJAX POST.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
data = request.POST
form = AddActorForm(request.user, data)
if form.is_valid():
cleaned_data = form.cleaned_data
name = cleaned_data['name']
aliases = cleaned_data['aliases']
description = cleaned_data['description']
source = cleaned_data['source']
reference = cleaned_data['source_reference']
method = cleaned_data['source_method']
campaign = cleaned_data['campaign']
confidence = cleaned_data['confidence']
analyst = request.user.username
bucket_list = cleaned_data.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
ticket = cleaned_data.get(form_consts.Common.TICKET_VARIABLE_NAME)
related_id = cleaned_data['related_id']
related_type = cleaned_data['related_type']
relationship_type = cleaned_data['relationship_type']
result = add_new_actor(name,
aliases=aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
campaign=campaign,
confidence=confidence,
analyst=analyst,
bucket_list=bucket_list,
ticket=ticket,
related_id=related_id,
related_type=related_type,
relationship_type=relationship_type)
return HttpResponse(json.dumps(result,
default=json_handler),
content_type="application/json")
return HttpResponse(json.dumps({'success': False,
'form':form.as_table()}),
content_type="application/json")
return render_to_response("error.html",
{'error': 'Expected AJAX/POST'},
RequestContext(request))
def obj_create(self, bundle, **kwargs):
"""
Handles creating Actors through the API.
:param bundle: Bundle containing the information to create the Actor.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse object.
"""
analyst = bundle.request.user.username
data = bundle.data
name = data.get("name", None)
aliases = data.get("aliases", "")
description = data.get("description", None)
source = data.get("source", None)
reference = data.get("reference", None)
method = data.get("method", None)
campaign = data.get("campaign", None)
confidence = data.get("confidence", None)
bucket_list = data.get("bucket_list", None)
ticket = data.get("ticket", None)
result = add_new_actor(
name,
aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
campaign=campaign,
confidence=confidence,
analyst=analyst,
bucket_list=bucket_list,
ticket=ticket,
)
content = {"return_code": 0, "type": "Actor", "message": result.get("message", ""), "id": result.get("id", "")}
if result.get("id"):
url = reverse(
"api_dispatch_detail", kwargs={"resource_name": "actors", "api_name": "v1", "pk": result.get("id")}
)
content["url"] = url
if not result["success"]:
content["return_code"] = 1
self.crits_response(content)
def add_actor(request):
"""
Add an Actor. Should be an AJAX POST.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
data = request.POST
form = AddActorForm(request.user, data)
if form.is_valid():
cleaned_data = form.cleaned_data
name = cleaned_data["name"]
aliases = cleaned_data["aliases"]
description = cleaned_data["description"]
source = cleaned_data["source"]
reference = cleaned_data["source_reference"]
method = cleaned_data["source_method"]
campaign = cleaned_data["campaign"]
confidence = cleaned_data["confidence"]
analyst = request.user.username
bucket_list = cleaned_data.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
ticket = cleaned_data.get(form_consts.Common.TICKET_VARIABLE_NAME)
result = add_new_actor(
name,
aliases=aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
campaign=campaign,
confidence=confidence,
analyst=analyst,
bucket_list=bucket_list,
ticket=ticket,
)
return HttpResponse(json.dumps(result, default=json_handler), mimetype="application/json")
return HttpResponse(json.dumps({"success": False, "form": form.as_table()}), mimetype="application/json")
return render_to_response("error.html", {"error": "Expected AJAX/POST"}, RequestContext(request))
def add_actor(request):
"""
Add an Actor. Should be an AJAX POST.
:param request: Django request.
:type request: :class:`django.http.HttpRequest`
:returns: :class:`django.http.HttpResponse`
"""
if request.method == "POST" and request.is_ajax():
request.user._setup()
user = request.user
data = request.POST
form = AddActorForm(request.user, data)
if form.is_valid():
if user.has_access_to(ActorACL.WRITE):
cleaned_data = form.cleaned_data
name = cleaned_data['name']
aliases = cleaned_data['aliases']
description = cleaned_data['description']
source = cleaned_data['source_name']
reference = cleaned_data['source_reference']
method = cleaned_data['source_method']
tlp = cleaned_data['source_tlp']
campaign = cleaned_data['campaign']
confidence = cleaned_data['confidence']
bucket_list = cleaned_data.get(
form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
ticket = cleaned_data.get(
form_consts.Common.TICKET_VARIABLE_NAME)
related_id = cleaned_data['related_id']
related_type = cleaned_data['related_type']
relationship_type = cleaned_data['relationship_type']
result = add_new_actor(name,
aliases=aliases,
description=description,
source=source,
source_method=method,
source_reference=reference,
source_tlp=tlp,
campaign=campaign,
confidence=confidence,
user=user,
bucket_list=bucket_list,
ticket=ticket,
related_id=related_id,
related_type=related_type,
relationship_type=relationship_type)
else:
result = {
"success": False,
"message": "User does not have permission to add Actors."
}
return HttpResponse(json.dumps(result, default=json_handler),
content_type="application/json")
return HttpResponse(json.dumps({
'success': False,
'form': form.as_table()
}),
content_type="application/json")
return render(request, "error.html", {'error': 'Expected AJAX/POST'})