def newobject(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ip = ip['ip'] ind = Indicator.query.filter_by(object=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(object=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(object=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) if 'inputtype' in records: # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') for newobject in records['inputobject']: if records['inputtype'] == "IPv4": if ipregex: object = Indicator.query.filter_by(object=newobject).first() if object is None: ipv4_indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(ipv4_indicator) db_session.commit() network = Indicator.query.filter(Indicator.type.in_( ('IPv4', 'IPv6', 'Domain', 'Network'))).all() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: errormessage = "Not a valid IP Address." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], confidence=records['confidence'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: object = Indicator.query.filter_by(object=newobject).first() if object is None: indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(indicator) db_session.commit() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network"\ or records['inputtype'] == "IPv6": network = Indicator.query.filter(Indicator.type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('networks.html', network=network) elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == ('Victim')).all() return render_template('victims.html', network=victims) elif records['inputtype'] == "Hash": files = Indicator.query.filter(Indicator.type == ('Hash')).all() return render_template('files.html', network=files) else: threatactors = Indicator.query.filter(Indicator.type == ('Threat Actors')).all() return render_template('threatactors.html', network=threatactors) except Exception as e: return render_template('error.html', error=e)
def newobject(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ind = Indicator.query.filter_by(object=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(object=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(object=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db_session.add(indicator) db_session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) if 'inputtype' in records: # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') for newobject in records['inputobject']: if records['inputtype'] == "IPv4": if ipregex: object = Indicator.query.filter_by(object=newobject).first() if object is None: ipv4_indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(ipv4_indicator) db_session.commit() network = Indicator.query.filter(Indicator.type.in_( ('IPv4', 'IPv6', 'Domain', 'Network'))).all() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: errormessage = "Not a valid IP Address." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], confidence=records['confidence'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) else: object = Indicator.query.filter_by(object=newobject).first() if object is None: indicator = Indicator(newobject.strip(), records['inputtype'], records['inputfirstseen'], records['inputlastseen'], records['diamondmodel'], records['inputcampaign'], records['confidence'], records['comments'], records['tags'], None) db_session.add(indicator) db_session.commit() else: errormessage = "Entry already exists in database." return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network"\ or records['inputtype'] == "IPv6": network = Indicator.query.filter(Indicator.type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('networks.html', network=network) elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == ('Victim')).all() return render_template('victims.html', network=victims) elif records['inputtype'] == "Hash": files = Indicator.query.filter(Indicator.type == ('Hash')).all() return render_template('files.html', network=files) else: threatactors = Indicator.query.filter(Indicator.type == ('Threat Actors')).all() return render_template('threatactors.html', network=threatactors) except Exception as e: return render_template('error.html', error=e)
def newobject(): try: something = request.form imd = ImmutableMultiDict(something) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if "type" in records and "cuckoo" in records["type"]: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records["cuckoo_task_id"]) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ind = Indicator.query.filter_by(object=ip).first() if ind is None: indicator = Indicator( ip.strip(), "IPv4", firstseen, "", "Infrastructure", records["campaign"], "Low", "", records["tags"], "", ) db_session.add(indicator) db_session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(object=dns["request"]).first() if ind is None: indicator = Indicator( dns["request"], "Domain", firstseen, "", "Infrastructure", records["campaign"], "Low", "", records["tags"], "", ) db_session.add(indicator) db_session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(object=sha1).first() if ind is None: indicator = Indicator( sha1, "Hash", firstseen, "", "Capability", records["campaign"], "Low", "", records["tags"], "", ) db_session.add(indicator) db_session.commit() # Redirect to Dashboard after successful import return redirect(url_for("home")) else: errormessage = "Task is not a file analysis" return redirect(url_for("import_indicators")) if "inputtype" in records: # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match(r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", records["inputobject"]) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records["inputobject"] = records["inputobject"].split(",") for newobject in records["inputobject"]: if records["inputtype"] == "IPv4": if ipregex: object = Indicator.query.filter_by(object=newobject).first() if object is None: ipv4_indicator = Indicator( newobject.strip(), records["inputtype"], records["inputfirstseen"], records["inputlastseen"], records["diamondmodel"], records["inputcampaign"], records["confidence"], records["comments"], records["tags"], None, ) db_session.add(ipv4_indicator) db_session.commit() network = Indicator.query.filter( Indicator.type.in_(("IPv4", "IPv6", "Domain", "Network")) ).all() else: errormessage = "Entry already exists in database." return render_template( "newobject.html", errormessage=errormessage, inputtype=records["inputtype"], inputobject=newobject, inputfirstseen=records["inputfirstseen"], inputlastseen=records["inputlastseen"], inputcampaign=records["inputcampaign"], comments=records["comments"], diamondmodel=records["diamondmodel"], tags=records["tags"], ) else: errormessage = "Not a valid IP Address." return render_template( "newobject.html", errormessage=errormessage, inputtype=records["inputtype"], inputobject=newobject, inputfirstseen=records["inputfirstseen"], inputlastseen=records["inputlastseen"], confidence=records["confidence"], inputcampaign=records["inputcampaign"], comments=records["comments"], diamondmodel=records["diamondmodel"], tags=records["tags"], ) else: object = Indicator.query.filter_by(object=newobject).first() if object is None: indicator = Indicator( newobject.strip(), records["inputtype"], records["inputfirstseen"], records["inputlastseen"], records["diamondmodel"], records["inputcampaign"], records["confidence"], records["comments"], records["tags"], None, ) db_session.add(indicator) db_session.commit() else: errormessage = "Entry already exists in database." return render_template( "newobject.html", errormessage=errormessage, inputtype=records["inputtype"], inputobject=newobject, inputfirstseen=records["inputfirstseen"], inputlastseen=records["inputlastseen"], inputcampaign=records["inputcampaign"], comments=records["comments"], diamondmodel=records["diamondmodel"], tags=records["tags"], ) # TODO: Change 'network' to 'object' in HTML templates to standardize on verbiage if ( records["inputtype"] == "IPv4" or records["inputtype"] == "Domain" or records["inputtype"] == "Network" or records["inputtype"] == "IPv6" ): network = Indicator.query.filter(Indicator.type.in_(("IPv4", "IPv6", "Domain", "Network"))).all() return render_template("networks.html", network=network) elif records["diamondmodel"] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == ("Victim")).all() return render_template("victims.html", network=victims) elif records["inputtype"] == "Hash": files = Indicator.query.filter(Indicator.type == ("Hash")).all() return render_template("files.html", network=files) else: threatactors = Indicator.query.filter(Indicator.type == ("Threat Actors")).all() return render_template("threatactors.html", network=threatactors) except Exception as e: return render_template("error.html", error=e)
def newobject(): try: imd = ImmutableMultiDict(request.form) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data(records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ip = ip['ip'] ind = Indicator.query.filter_by(indicator=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by(indicator=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(indicator=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) # Add the Campaign to the database exists = Campaign.query.filter_by(name=records['inputcampaign']).all() is not None camp = Campaign(name=records['inputcampaign'], notes='', tags=records['tags']) if not exists: db.session.add(camp) db.session.commit() if 'inputtype' in records: # Hack for dealing with disabled fields not being sent in request.form # A hidden field is used to send the indicator if 'inputobject' not in records: records['inputobject'] = records['indicator'] # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') errormessage=None for newobject in records['inputobject']: indicator = Indicator.query.filter_by(indicator=newobject).first() if indicator is None: newindicator = Indicator(indicator=newobject.strip(), campaign=camp, indicator_type=records['inputtype'], firstseen=records['inputfirstseen'], lastseen=records['inputlastseen'], diamondmodel=records['diamondmodel'], confidence=records['confidence'], notes=records['comments'], tags=records['tags'], relationships=None) if newindicator: # Validates that the indicator is an IPv4 if not ipregex and records['inputtype'] == "IPv4": errormessage = "Not a valid IP Address." else: db.session.add(newindicator) db.session.commit() else: # Check to see if the app route was Update # preform an update instead of adding a new indicator rule = request.url_rule if 'update' in rule.rule: indicator.campaign.name = records['inputcampaign'] indicator.indicator_type = records['inputtype'] indicator.firstseen = records['inputfirstseen'] indicator.lastseen = records['inputlastseen'] indicator.diamondmodel = records['diamondmodel'] indicator.confidence = records['confidence'] indicator.notes = records['comments'] indicator.tags = records['tags'] db.session.commit() else: errormessage = "Entry already exists in database." if errormessage: return render_template('newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network" \ or records['inputtype'] == "IPv6": network = Indicator.query.filter( Indicator.indicator_type.in_(('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('indicatorlist.html', network=network, title='Network Indicators', links='network') elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter(Indicator.diamondmodel == 'Victim').all() return render_template('indicatorlist.html', network=victims, title='Victims', links='victims') elif records['inputtype'] == "Hash": files = Indicator.query.filter(Indicator.indicator_type == 'Hash').all() return render_template('indicatorlist.html', network=files, title='Files & Hashes', links='files') else: threatactors = Indicator.query.filter(Indicator.indicator_type == 'Threat Actor').all() return render_template( 'indicatorlist.html', network=threatactors, title='Threat Actors', links='threatactors') except Exception as e: return render_template('error.html', error=e)
def newobject(): try: imd = ImmutableMultiDict(request.form) records = helpers.convert(imd) # Import indicators from Cuckoo for the selected analysis task if 'type' in records and 'cuckoo' in records['type']: host_data, dns_data, sha1, firstseen = cuckoo.report_data( records['cuckoo_task_id']) if host_data and dns_data and sha1 and firstseen: # Import IP Indicators from Cuckoo Task for ip in host_data: ip = ip['ip'] ind = Indicator.query.filter_by(indicator=ip).first() if ind is None: indicator = Indicator(ip.strip(), 'IPv4', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import Domain Indicators from Cuckoo Task for dns in dns_data: ind = Indicator.query.filter_by( indicator=dns['request']).first() if ind is None: indicator = Indicator(dns['request'], 'Domain', firstseen, '', 'Infrastructure', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Import File/Hash Indicators from Cuckoo Task ind = Indicator.query.filter_by(indicator=sha1).first() if ind is None: indicator = Indicator(sha1, 'Hash', firstseen, '', 'Capability', records['campaign'], 'Low', '', records['tags'], '') db.session.add(indicator) db.session.commit() # Redirect to Dashboard after successful import return redirect(url_for('home')) else: errormessage = 'Task is not a file analysis' return redirect(url_for('import_indicators')) # Add the Campaign to the database exists = Campaign.query.filter_by( name=records['inputcampaign']).all() is not None camp = Campaign(name=records['inputcampaign'], notes='', tags=records['tags']) if not exists: db.session.add(camp) db.session.commit() if 'inputtype' in records: # Hack for dealing with disabled fields not being sent in request.form # A hidden field is used to send the indicator if 'inputobject' not in records: records['inputobject'] = records['indicator'] # Makes sure if you submit an IPv4 indicator, it's an actual IP # address. ipregex = re.match(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', records['inputobject']) # Convert the inputobject of IP or Domain to a list for Bulk Add functionality. records['inputobject'] = records['inputobject'].split(',') errormessage = None for newobject in records['inputobject']: indicator = Indicator.query.filter_by( indicator=newobject).first() if indicator is None: newindicator = Indicator( indicator=newobject.strip(), campaign=camp, indicator_type=records['inputtype'], firstseen=records['inputfirstseen'], lastseen=records['inputlastseen'], diamondmodel=records['diamondmodel'], confidence=records['confidence'], notes=records['comments'], tags=records['tags'], relationships=None) if newindicator: # Validates that the indicator is an IPv4 if not ipregex and records['inputtype'] == "IPv4": errormessage = "Not a valid IP Address." else: db.session.add(newindicator) db.session.commit() else: # Check to see if the app route was Update # preform an update instead of adding a new indicator rule = request.url_rule if 'update' in rule.rule: indicator.campaign.name = records['inputcampaign'] indicator.indicator_type = records['inputtype'] indicator.firstseen = records['inputfirstseen'] indicator.lastseen = records['inputlastseen'] indicator.diamondmodel = records['diamondmodel'] indicator.confidence = records['confidence'] indicator.notes = records['comments'] indicator.tags = records['tags'] db.session.commit() else: errormessage = "Entry already exists in database." if errormessage: return render_template( 'newobject.html', errormessage=errormessage, inputtype=records['inputtype'], inputobject=newobject, inputfirstseen=records['inputfirstseen'], inputlastseen=records['inputlastseen'], inputcampaign=records['inputcampaign'], comments=records['comments'], diamondmodel=records['diamondmodel'], tags=records['tags']) if records['inputtype'] == "IPv4" or records['inputtype'] == "Domain" or records['inputtype'] == "Network" \ or records['inputtype'] == "IPv6": network = Indicator.query.filter( Indicator.indicator_type.in_( ('IPv4', 'IPv6', 'Domain', 'Network'))).all() return render_template('indicatorlist.html', network=network, title='Network Indicators', links='network') elif records['diamondmodel'] == "Victim": victims = Indicator.query.filter( Indicator.diamondmodel == 'Victim').all() return render_template('indicatorlist.html', network=victims, title='Victims', links='victims') elif records['inputtype'] == "Hash": files = Indicator.query.filter( Indicator.indicator_type == 'Hash').all() return render_template('indicatorlist.html', network=files, title='Files & Hashes', links='files') else: threatactors = Indicator.query.filter( Indicator.indicator_type == 'Threat Actor').all() return render_template('indicatorlist.html', network=threatactors, title='Threat Actors', links='threatactors') except Exception as e: return render_template('error.html', error=e)