def obj_create(self, bundle, **kwargs):
"""
Handles creating Events through the API.
:param bundle: Bundle containing the information to create the Event.
:type bundle: Tastypie Bundle object.
:returns: Bundle object.
:raises BadRequest: If a campaign name is not provided or creation fails.
"""
analyst = bundle.request.user.username
title = bundle.data.get('title', None)
description = bundle.data.get('description', None)
event_type = bundle.data.get('event_type', None)
source = bundle.data.get('source', None)
method = bundle.data.get('method', None)
reference = bundle.data.get('reference', None)
date = bundle.data.get('date', None)
bucket_list = bundle.data.get('bucket_list', None)
ticket = bundle.data.get('ticket', None)
if not title and not event_type and not source:
raise BadRequest('Must provide a title, event_type, and source.')
et = EventType.objects(name=event_type).first()
if not et:
raise BadRequest('Not a valid Event Type.')
result = add_new_event(title, description, event_type, source, method,
reference, date, analyst, bucket_list, ticket)
if result['success']:
return bundle
else:
raise BadRequest(str(result['message']))
def get_event_types(active):
"""
Get a list of available event types.
:param active: Get only active event types.
:type active: bool
:returns: list
"""
if active:
etypes = EventType.objects(active="on")
else:
etypes = EventType.objects()
event_types = []
for etype in etypes:
event_types.append(etype.name)
return event_types
def get_event_types(active):
"""
Get a list of available event types.
:param active: Get only active event types.
:type active: bool
:returns: list
"""
if active:
etypes = EventType.objects(active="on")
else:
etypes = EventType.objects()
event_types = []
for etype in etypes:
event_types.append(etype.name)
return event_types
def obj_create(self, bundle, **kwargs):
"""
Handles creating Events through the API.
:param bundle: Bundle containing the information to create the Event.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse.
"""
analyst = bundle.request.user.username
title = bundle.data.get('title', None)
description = bundle.data.get('description', None)
event_type = bundle.data.get('event_type', None)
source = bundle.data.get('source', None)
method = bundle.data.get('method', None)
reference = bundle.data.get('reference', None)
date = bundle.data.get('date', None)
bucket_list = bundle.data.get('bucket_list', None)
ticket = bundle.data.get('ticket', None)
content = {'return_code': 0,
'type': 'Event'}
if not title or not event_type or not source or not description:
content['message'] = 'Must provide a title, event_type, source, and description.'
self.crits_response(content)
et = EventType.objects(name=event_type).first()
if not et:
content['message'] = 'Not a valid Event Type.'
self.crits_response(content)
result = add_new_event(title,
description,
event_type,
source,
method,
reference,
date,
analyst,
bucket_list,
ticket)
if result.get('message'):
content['message'] = result.get('message')
content['id'] = result.get('id', '')
if result.get('id'):
url = reverse('api_dispatch_detail',
kwargs={'resource_name': 'events',
'api_name': 'v1',
'pk': result.get('id')})
content['url'] = url
if result['success']:
content['return_code'] = 0
self.crits_response(content)
def obj_create(self, bundle, **kwargs):
"""
Handles creating Events through the API.
:param bundle: Bundle containing the information to create the Event.
:type bundle: Tastypie Bundle object.
:returns: HttpResponse.
"""
analyst = bundle.request.user.username
title = bundle.data.get('title', None)
description = bundle.data.get('description', None)
event_type = bundle.data.get('event_type', None)
source = bundle.data.get('source', None)
method = bundle.data.get('method', None)
reference = bundle.data.get('reference', None)
date = bundle.data.get('date', None)
bucket_list = bundle.data.get('bucket_list', None)
ticket = bundle.data.get('ticket', None)
content = {'return_code': 0, 'type': 'Event'}
if not title or not event_type or not source or not description:
content[
'message'] = 'Must provide a title, event_type, source, and description.'
self.crits_response(content)
et = EventType.objects(name=event_type).first()
if not et:
content['message'] = 'Not a valid Event Type.'
self.crits_response(content)
result = add_new_event(title, description, event_type, source, method,
reference, date, analyst, bucket_list, ticket)
if result.get('message'):
content['message'] = result.get('message')
content['id'] = result.get('id', '')
if result.get('id'):
url = reverse('api_dispatch_detail',
kwargs={
'resource_name': 'events',
'api_name': 'v1',
'pk': result.get('id')
})
content['url'] = url
if result['success']:
content['return_code'] = 0
self.crits_response(content)
def add_event_types(drop=False):
"""
Add Event Types to the system.
:param drop: Drop the contents of the collection before adding.
:type drop: boolean
"""
types = [
'Collective Threat Intelligence',
'Threat Report',
'Indicators',
'Indicators - Phishing',
'Indicators - Watchlist',
'Indicators - Malware Artifacts',
'Indicators - Network Activity',
'Indicators - Endpoint Characteristics',
'Campaign Characterization',
'Threat Actor Characterization',
'Exploit Characterization',
'Attack Pattern Characterization',
'Malware Characterization',
'TTP - Infrastructure',
'TTP - Tools',
'Courses of Action',
'Incident',
'Observations',
'Observations - Email',
'Malware Samples',
]
if not drop:
print "Drop protection does not apply to event types"
EventType.drop_collection()
count = 0
for t in types:
et = EventType()
et.name = t
et.active = "on"
et.save()
count += 1
print "Added %s Event Types." % count
def obj_create(self, bundle, **kwargs):
"""
Handles creating Events through the API.
:param bundle: Bundle containing the information to create the Event.
:type bundle: Tastypie Bundle object.
:returns: Bundle object.
:raises BadRequest: If a campaign name is not provided or creation fails.
"""
analyst = bundle.request.user.username
title = bundle.data.get('title', None)
description = bundle.data.get('description', None)
event_type = bundle.data.get('event_type', None)
source = bundle.data.get('source', None)
method = bundle.data.get('method', None)
reference = bundle.data.get('reference', None)
date = bundle.data.get('date', None)
bucket_list = bundle.data.get('bucket_list', None)
ticket = bundle.data.get('ticket', None)
if not title and not event_type and not source:
raise BadRequest('Must provide a title, event_type, and source.')
et = EventType.objects(name=event_type).first()
if not et:
raise BadRequest('Not a valid Event Type.')
result = add_new_event(title,
description,
event_type,
source,
method,
reference,
date,
analyst,
bucket_list,
ticket)
if result['success']:
return bundle
else:
raise BadRequest(str(result['message']))
def add_event_types(drop=False):
"""
Add Event Types to the system.
:param drop: Drop the contents of the collection before adding.
:type drop: boolean
"""
types = [
'Collective Threat Intelligence',
'Threat Report',
'Indicators',
'Indicators - Phishing',
'Indicators - Watchlist',
'Indicators - Malware Artifacts',
'Indicators - Network Activity',
'Indicators - Endpoint Characteristics',
'Campaign Characterization',
'Threat Actor Characterization',
'Exploit Characterization',
'Attack Pattern Characterization',
'Malware Characterization',
'TTP - Infrastructure',
'TTP - Tools',
'Courses of Action',
'Incident',
'Observations',
'Observations - Email',
'Malware Samples',
]
if not drop:
print "Drop protection does not apply to event types"
EventType.drop_collection()
count = 0
for t in types:
et = EventType()
et.name = t
et.active = "on"
et.save()
count += 1
print "Added %s Event Types." % count
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# doing this to avoid circular imports
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.core.crits_mongoengine import RelationshipType
from crits.core.source_access import SourceAccess
from crits.core.user_role import UserRole
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event, EventType
from crits.indicators.indicator import Indicator, IndicatorAction
from crits.ips.ip import IP
from crits.objects.object_type import ObjectType
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData, RawDataType
from crits.samples.backdoor import Backdoor
from crits.samples.exploit import Exploit
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.targets.target import Target
if not _id:
return None
# make sure it's a string
_id = str(_id)
if type_ == 'Backdoor':
return Backdoor.objects(id=_id).first()
if type_ == 'Campaign':
return Campaign.objects(id=_id).first()
elif type_ == 'Certificate':
return Certificate.objects(id=_id).first()
elif type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Domain':
return Domain.objects(id=_id).first()
elif type_ == 'Email':
return Email.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'EventType':
return EventType.objects(id=_id).first()
elif type_ == 'Exploit':
return Exploit.objects(id=_id).first()
elif type_ == 'Indicator':
return Indicator.objects(id=_id).first()
elif type_ == 'IndicatorAction':
return IndicatorAction.objects(id=_id).first()
elif type_ == 'IP':
return IP.objects(id=_id).first()
elif type_ == 'ObjectType':
return ObjectType.objects(id=_id).first()
elif type_ == 'PCAP':
return PCAP.objects(id=_id).first()
elif type_ == 'RawData':
return RawData.objects(id=_id).first()
elif type_ == 'RawDataType':
return RawDataType.objects(id=_id).first()
elif type_ == 'RelationshipType':
return RelationshipType.objects(id=_id).first()
elif type_ == 'Sample':
return Sample.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'Screenshot':
return Screenshot.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
else:
return None
def class_from_id(type_, _id):
"""
Return an instantiated class object.
:param type_: The CRITs top-level object type.
:type type_: str
:param _id: The ObjectId to search for.
:type _id: str
:returns: class which inherits from
:class:`crits.core.crits_mongoengine.CritsBaseAttributes`
"""
# doing this to avoid circular imports
from crits.actors.actor import ActorThreatType, ActorMotivation
from crits.actors.actor import ActorSophistication, ActorIntendedEffect
from crits.actors.actor import ActorThreatIdentifier, Actor
from crits.backdoors.backdoor import Backdoor
from crits.campaigns.campaign import Campaign
from crits.certificates.certificate import Certificate
from crits.comments.comment import Comment
from crits.core.crits_mongoengine import RelationshipType
from crits.core.source_access import SourceAccess
from crits.core.user_role import UserRole
from crits.domains.domain import Domain
from crits.emails.email import Email
from crits.events.event import Event, EventType
from crits.exploits.exploit import Exploit
from crits.indicators.indicator import Indicator, IndicatorAction
from crits.ips.ip import IP
from crits.objects.object_type import ObjectType
from crits.pcaps.pcap import PCAP
from crits.raw_data.raw_data import RawData, RawDataType
from crits.samples.sample import Sample
from crits.screenshots.screenshot import Screenshot
from crits.targets.target import Target
if not _id:
return None
# make sure it's a string
_id = str(_id)
# Use bson.ObjectId to make sure this is a valid ObjectId, otherwise
# the queries below will raise a ValidationError exception.
if not ObjectId.is_valid(_id.decode('utf8')):
return None
if type_ == 'Actor':
return Actor.objects(id=_id).first()
elif type_ == 'Backdoor':
return Backdoor.objects(id=_id).first()
elif type_ == 'ActorThreatIdentifier':
return ActorThreatIdentifier.objects(id=_id).first()
elif type_ == 'ActorThreatType':
return ActorThreatType.objects(id=_id).first()
elif type_ == 'ActorMotivation':
return ActorMotivation.objects(id=_id).first()
elif type_ == 'ActorSophistication':
return ActorSophistication.objects(id=_id).first()
elif type_ == 'ActorIntendedEffect':
return ActorIntendedEffect.objects(id=_id).first()
elif type_ == 'Campaign':
return Campaign.objects(id=_id).first()
elif type_ == 'Certificate':
return Certificate.objects(id=_id).first()
elif type_ == 'Comment':
return Comment.objects(id=_id).first()
elif type_ == 'Domain':
return Domain.objects(id=_id).first()
elif type_ == 'Email':
return Email.objects(id=_id).first()
elif type_ == 'Event':
return Event.objects(id=_id).first()
elif type_ == 'EventType':
return EventType.objects(id=_id).first()
elif type_ == 'Exploit':
return Exploit.objects(id=_id).first()
elif type_ == 'Indicator':
return Indicator.objects(id=_id).first()
elif type_ == 'IndicatorAction':
return IndicatorAction.objects(id=_id).first()
elif type_ == 'IP':
return IP.objects(id=_id).first()
elif type_ == 'ObjectType':
return ObjectType.objects(id=_id).first()
elif type_ == 'PCAP':
return PCAP.objects(id=_id).first()
elif type_ == 'RawData':
return RawData.objects(id=_id).first()
elif type_ == 'RawDataType':
return RawDataType.objects(id=_id).first()
elif type_ == 'RelationshipType':
return RelationshipType.objects(id=_id).first()
elif type_ == 'Sample':
return Sample.objects(id=_id).first()
elif type_ == 'SourceAccess':
return SourceAccess.objects(id=_id).first()
elif type_ == 'Screenshot':
return Screenshot.objects(id=_id).first()
elif type_ == 'Target':
return Target.objects(id=_id).first()
elif type_ == 'UserRole':
return UserRole.objects(id=_id).first()
else:
return None
