def review_set_handling(request, data):
try:
edge_object = EdgeObject.load(data["rootId"])
generic_object = edge_object.to_ApiObject()
generic_object.obj.timestamp = datetime.now(tz.tzutc())
append_handling(generic_object, data["handling"])
ip = InboxProcessorForBuilders(
user=request.user,
)
ip.add(InboxItem(api_object=generic_object, etlp=edge_object.etlp))
ip.run()
return {
'message': '',
'state': 'success',
"success": True
}
except InboxError as e:
log_error(e, 'adapters/review/handling', 'Failed to set Handling')
return {
'message': e.message,
'state': 'error',
"success": False
}
def _update_existing_properties(additional_sightings, additional_file_hashes,
user, tlp_levels):
inbox_processor = InboxProcessorForBuilders(user=user)
for id_, count in additional_sightings.iteritems():
edge_object = EdgeObject.load(id_)
api_object = edge_object.to_ApiObject()
_merge_properties(api_object, id_, count, additional_file_hashes)
inbox_processor.add(
InboxItem(api_object=api_object,
etlp=tlp_levels[id_],
etou=edge_object.etou,
esms=edge_object.esms))
inbox_processor.run()
def _update_existing_objects(ids_to_references, user, tlp_levels):
inbox_processor = InboxProcessorForBuilders(user=user)
for id_, tlp in tlp_levels.iteritems():
edge_object = EdgeObject.load(id_)
api_object = edge_object.to_ApiObject()
if id_ in ids_to_references:
references = ids_to_references[id_]
if edge_object.ty == 'ttp':
_merge_ttps(api_object.obj, references)
elif edge_object.ty == 'tgt':
_merge_tgts(api_object.obj, references)
setattr(api_object.obj, 'timestamp', datetime.datetime.utcnow())
setattr(api_object.obj, 'tlp', tlp)
inbox_processor.add(
InboxItem(api_object=api_object,
etlp=tlp,
etou=edge_object.etou,
esms=edge_object.esms))
inbox_processor.run()
def publish_indicator(self, indicator_data, user):
indicator = DBIndicator(
id_=indicator_data['id'],
title=indicator_data.get('title'),
description=indicator_data.get('description'),
short_description=indicator_data.get('short_description'),
)
indicator.add_indicator_type(indicator_data.get('indicatorType'))
indicator.confidence = indicator_data.get('confidence', '')
indicator.id_ns = indicator_data.get('id_ns', '')
ident = EdgeIdentity(name=indicator_data.get('producer', ''))
indicator.producer = EdgeInformationSource(identity=ident)
indicator.handling = handling_from_draft('ind', indicator_data)
if 'test_mechanisms' in indicator_data:
for test_mechanism in indicator_data['test_mechanisms']:
indicator.test_mechanisms.append(
IndicatorBuilderPatch.test_mechanism_from_draft(
test_mechanism))
api_objects = {}
observable_composition = ObservableComposition(
operator=indicator_data.get('composition_type'))
# If this is an Update rather than a create,
# we only need to copy the id and ns to the composition
reedit_flag = 0
# New Observables via Build or Edit
for data in indicator_data['observables']:
observable_id = data.get('id')
if observable_id is None:
# No id for this observable, therefore it is new and must be created:
object_type = data['objectType']
object_type_info = self.observable_object_generator.get_object_type_information(
object_type)
observable_object = self.observable_object_generator.generate_observable_object_from_data(
object_type, data)
object_container = Object(observable_object)
object_container.id_ = self.generate_id(
object_type_info['id_prefix'])
# Create the observable, and store it in a collection so they can be saved to the database later on:
observable_id = self.generate_id('observable')
observable = Observable(title=data['title'],
description=data.get(
'description', ''),
item=object_container,
id_=observable_id)
observable.id_ns = indicator_data['id_ns']
api_objects[observable.id_] = ApiObject('obs', observable)
elif reedit_flag == 0 and self._is_re_edit_mode(data):
reedit_flag = 1
# Create a reference to the observable, and add it to the observable composition.
# The observable composition will be added to the indicator.
# Adding references to the composition saves duplication of data.
observable_reference = Observable(idref=observable_id,
idref_ns=indicator_data['id_ns'])
observable_composition.add(observable_reference)
# For some reason, the observable composition must be wrapped up in another observable.
# So to clarify, at this point, we have an observable that contains an observable composition. This composition
# contains a collection of references to the actual observables.
# We only want a new ID for the observable composition (obs) if it is first-time Build
# otherwise, get it from...?the database?
if reedit_flag:
user_action_log = logging.getLogger('user_actions')
user_action_log.info(
"%s updated STIX item %s (%s)" %
(user.username, indicator.id_, indicator.title))
# EOIndicator = self.edge_object_loader.load(indicator.id_) # Get the parent indicator
# find_ob_comp = lambda edges: [x.fetch() for x in edges if x.ty == 'obs'][0]
# # Find the observable composition among it's edges and return only the first hit.
# # The call to fetch() resolves the idref into an instance of the object itself
# existing_obs_comp = find_ob_comp(EOIndicator.edges)
# parent_observable = Observable(item=observable_composition, id_=existing_obs_comp.id_)
# else:
parent_observable = Observable(item=observable_composition,
id_=self.generate_id('observable'))
parent_observable.id_ns = indicator.id_ns
parent_observable.timestamp = datetime.utcnow(
) # needed for versioning Observable Composition
# ...and store this observable so we can actually write its contents to the database later...
api_objects[parent_observable.id_] = ApiObject('obs',
parent_observable)
# Add a reference of the 'parent' observable to the indicator
parent_observable_reference = Observable(idref=parent_observable.id_,
idref_ns=indicator.id_ns)
indicator.add_observable(parent_observable_reference)
indicator_api_object = ApiObject('ind', indicator)
# Process related items/correlations
[
relate.correlateIndtoTtp(indicator_api_object, item['idref'])
for item in indicator_data.get('indicated_ttps', [])
]
[
relate.correlateIndtoInd(indicator_api_object, item['idref'])
for item in indicator_data.get('related_indicators', [])
]
[
relate.correlateIndtoCoa(indicator_api_object, item['idref'])
for item in indicator_data.get('suggested_coas', [])
]
# Store the indicator so we can write it to the database later
api_objects[indicator_api_object.id_] = indicator_api_object
# Finally lets add everything to our Mongo collection...
tlp = (indicator_data.get('tlp') or 'NULL').upper()
esms = lines2list(indicator_data.get('markings', ""))
inbox_processor = InboxProcessorForBuilders(
user=user,
trustgroups=indicator_data.get('trustgroups', []),
)
for api_obj in api_objects.itervalues():
inbox_processor.add(
InboxItem(api_object=api_obj, etlp=tlp, esms=esms))
inbox_processor.run()
self.delete_draft(user, indicator_data['id'])