예제 #1
0
def get_event_details(event_id, analyst):
    """
    Generate the data to render the Event details template.

    :param event_id: The ObjectId of the Event to get details for.
    :type event_id: str
    :param analyst: The user requesting this information.
    :type analyst: str
    :returns: template (str), arguments (dict)
    """

    template = None
    sources = user_sources(analyst)
    event = Event.objects(id=event_id, source__name__in=sources).first()
    if not event:
        template = "error.html"
        args = {'error': "ID does not exist or insufficient privs for source"}
        return template, args

    event.sanitize("%s" % analyst)

    campaign_form = CampaignForm()
    download_form = DownloadFileForm(initial={
        "obj_type": 'Event',
        "obj_id": event_id
    })

    # remove pending notifications for user
    remove_user_from_notification("%s" % analyst, event.id, 'Event')

    # subscription
    subscription = {
        'type': 'Event',
        'id': event.id,
        'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id),
    }

    #objects
    objects = event.sort_objects()

    #relationships
    relationships = event.sort_relationships("%s" % analyst, meta=True)

    # relationship
    relationship = {'type': 'Event', 'value': event.id}

    #comments
    comments = {'comments': event.get_comments(), 'url_key': event.id}

    #screenshots
    screenshots = event.get_screenshots(analyst)

    # favorites
    favorite = is_user_favorite("%s" % analyst, 'Event', event.id)

    # services
    service_list = get_supported_services('Event')

    # analysis results
    service_results = event.get_analysis_results()

    args = {
        'service_list': service_list,
        'objects': objects,
        'relationships': relationships,
        'comments': comments,
        'favorite': favorite,
        'relationship': relationship,
        'subscription': subscription,
        'screenshots': screenshots,
        'event': event,
        'campaign_form': campaign_form,
        'service_results': service_results,
        'download_form': download_form
    }

    return template, args
예제 #2
0
def get_actor_details(id_, analyst):
    """
    Generate the data to render the Actor details template.

    :param id_: The Actor ObjectId to get details for.
    :type actorip: str
    :param analyst: The user requesting this information.
    :type analyst: str
    :returns: template (str), arguments (dict)
    """

    allowed_sources = user_sources(analyst)
    actor = Actor.objects(id=id_, source__name__in=allowed_sources).first()
    template = None
    args = {}
    if not actor:
        template = "error.html"
        error = ('Either no data exists for this Actor or you do not have'
                 ' permission to view it.')
        args = {'error': error}
    else:
        actor.sanitize("%s" % analyst)

        # remove pending notifications for user
        remove_user_from_notification("%s" % analyst, actor.id, 'Actor')

        download_form = DownloadFileForm(initial={
            "obj_type": 'Actor',
            "obj_id": actor.id
        })

        # generate identifiers
        actor_identifiers = actor.generate_identifiers_list(analyst)

        # subscription
        subscription = {
            'type': 'Actor',
            'id': actor.id,
            'subscribed': is_user_subscribed("%s" % analyst, 'Actor',
                                             actor.id),
        }

        #objects
        objects = actor.sort_objects()

        #relationships
        relationships = actor.sort_relationships("%s" % analyst, meta=True)

        # relationship
        relationship = {'type': 'Actor', 'value': actor.id}

        #comments
        comments = {'comments': actor.get_comments(), 'url_key': actor.id}

        #screenshots
        screenshots = actor.get_screenshots(analyst)

        # favorites
        favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id)

        # services
        service_list = get_supported_services('Actor')

        # analysis results
        service_results = actor.get_analysis_results()

        args = {
            'actor_identifiers': actor_identifiers,
            'objects': objects,
            'download_form': download_form,
            'relationships': relationships,
            'relationship': relationship,
            'subscription': subscription,
            'favorite': favorite,
            'service_list': service_list,
            'service_results': service_results,
            'screenshots': screenshots,
            'actor': actor,
            'actor_id': id_,
            'comments': comments
        }
    return template, args
예제 #3
0
def get_event_details(event_id, user):
    """
    Generate the data to render the Event details template.

    :param event_id: The ObjectId of the Event to get details for.
    :type event_id: str
    :param user: The user requesting this information.
    :type user: str
    :returns: template (str), arguments (dict)
    """

    template = None
    sources = user_sources(user)
    event = Event.objects(id=event_id, source__name__in=sources).first()

    if not user.check_source_tlp(event):
        event = None

    if not event:
        template = "error.html"
        args = {'error': "ID does not exist or insufficient privs for source"}
        return template, args

    event.sanitize("%s" % user)

    campaign_form = CampaignForm()
    download_form = DownloadFileForm(initial={
        "obj_type": 'Event',
        "obj_id": event_id
    })

    # remove pending notifications for user
    remove_user_from_notification("%s" % user, event.id, 'Event')

    # subscription
    subscription = {
        'type': 'Event',
        'id': event.id,
        'subscribed': is_user_subscribed("%s" % user, 'Event', event.id),
    }

    #objects
    objects = event.sort_objects()

    #relationships
    relationships = event.sort_relationships("%s" % user, meta=True)

    # Get count of related Events for each related Indicator
    for ind in relationships.get('Indicator', []):
        count = Event.objects(relationships__object_id=ind['id'],
                              source__name__in=sources).count()
        ind['rel_ind_events'] = count

    # Get count of related Events for each related Sample
    for smp in relationships.get('Sample', []):
        count = Event.objects(relationships__object_id=smp['id'],
                              source__name__in=sources).count()
        smp['rel_smp_events'] = count

    # relationship
    relationship = {'type': 'Event', 'value': event.id}

    #comments
    comments = {'comments': event.get_comments(), 'url_key': event.id}

    #screenshots
    screenshots = event.get_screenshots(user)

    # favorites
    favorite = is_user_favorite("%s" % user, 'Event', event.id)

    # services
    service_list = get_supported_services('Event')

    # analysis results
    service_results = event.get_analysis_results()

    args = {
        'service_list': service_list,
        'objects': objects,
        'relationships': relationships,
        'comments': comments,
        'favorite': favorite,
        'relationship': relationship,
        'subscription': subscription,
        'screenshots': screenshots,
        'event': event,
        'campaign_form': campaign_form,
        'service_results': service_results,
        'download_form': download_form,
        'EventACL': EventACL
    }

    return template, args
예제 #4
0
def get_indicator_details(indicator_id, analyst):
    """
    Generate the data to render the Indicator details template.

    :param indicator_id: The ObjectId of the Indicator to get details for.
    :type indicator_id: str
    :param analyst: The user requesting this information.
    :type analyst: str
    :returns: template (str), arguments (dict)
    """

    template = None
    users_sources = user_sources(analyst)
    indicator = Indicator.objects(id=indicator_id,
                                  source__name__in=users_sources).first()
    if not indicator:
        error = ("Either this indicator does not exist or you do "
                 "not have permission to view it.")
        template = "error.html"
        args = {'error': error}
        return template, args
    forms = {}
    forms['new_action'] = IndicatorActionsForm(initial={
        'analyst': analyst,
        'active': "off",
        'date': datetime.datetime.now()
    })
    forms['new_activity'] = IndicatorActivityForm(
        initial={
            'analyst': analyst,
            'date': datetime.datetime.now()
        })
    forms['new_campaign'] = CampaignForm()  #'date': datetime.datetime.now(),
    forms['new_source'] = SourceForm(analyst,
                                     initial={'date': datetime.datetime.now()})
    forms['download_form'] = DownloadFileForm(initial={
        "obj_type": 'Indicator',
        "obj_id": indicator_id
    })

    indicator.sanitize("%s" % analyst)

    # remove pending notifications for user
    remove_user_from_notification("%s" % analyst, indicator_id, 'Indicator')

    # subscription
    subscription = {
        'type':
        'Indicator',
        'id':
        indicator_id,
        'subscribed':
        is_user_subscribed("%s" % analyst, 'Indicator', indicator_id),
    }

    # relationship
    relationship = {
        'type': 'Indicator',
        'value': indicator_id,
    }

    #objects
    objects = indicator.sort_objects()

    #relationships
    relationships = indicator.sort_relationships("%s" % analyst, meta=True)

    #comments
    comments = {'comments': indicator.get_comments(), 'url_key': indicator_id}

    # favorites
    favorite = is_user_favorite("%s" % analyst, 'Indicator', indicator.id)

    # services
    manager = crits.service_env.manager
    service_list = manager.get_supported_services('Indicator', True)

    args = {
        'objects': objects,
        'relationships': relationships,
        'comments': comments,
        'relationship': relationship,
        'subscription': subscription,
        "indicator": indicator,
        "forms": forms,
        "indicator_id": indicator_id,
        'service_list': service_list,
        'favorite': favorite,
        'rt_url': settings.RT_URL
    }

    return template, args