def refresh_services(request, crits_type, identifier): """ Refresh the Analysis tab with the latest information. """ response = {} obj = class_from_id(crits_type, identifier) if not obj: msg = 'Could not find object to refresh!' response['success'] = False response['html'] = msg return HttpResponse(json.dumps(response), mimetype="application/json") relationship = {'type': crits_type, 'value': identifier} subscription = {'type': crits_type, 'id': identifier} service_list = get_supported_services(crits_type) response['success'] = True response['html'] = render_to_string( "services_analysis_listing.html", { 'relationship': relationship, 'subscription': subscription, 'item': obj, 'crits_type': crits_type, 'identifier': identifier, 'service_list': service_list }, RequestContext(request)) return HttpResponse(json.dumps(response), mimetype="application/json")
def refresh_services(request, crits_type, identifier): """ Refresh the Analysis tab with the latest information. """ response = {} obj = class_from_id(crits_type, identifier) if not obj: msg = 'Could not find object to refresh!' response['success'] = False response['html'] = msg return HttpResponse(json.dumps(response), mimetype="application/json") relationship = {'type': crits_type, 'value': identifier} subscription = {'type': crits_type, 'id': identifier} service_list = get_supported_services(crits_type) response['success'] = True response['html'] = render_to_string("services_analysis_listing.html", {'relationship': relationship, 'subscription': subscription, 'item': obj, 'crits_type': crits_type, 'identifier': identifier, 'service_list': service_list}, RequestContext(request)) return HttpResponse(json.dumps(response), mimetype="application/json")
def refresh_services(request, crits_type, identifier): """ Refresh the Analysis tab with the latest information. """ response = {} # Verify user can see results. sources = user_sources(request.user.username) klass = class_from_type(crits_type) if not klass: msg = 'Could not find object to refresh!' response['success'] = False response['html'] = msg return HttpResponse(json.dumps(response), mimetype="application/json") if hasattr(klass, 'source'): obj = klass.objects(id=identifier, source__name__in=sources).first() else: obj = klass.objects(id=identifier).first() if not obj: msg = 'Could not find object to refresh!' response['success'] = False response['html'] = msg return HttpResponse(json.dumps(response), mimetype="application/json") # Get analysis results. results = AnalysisResult.objects(object_type=crits_type, object_id=identifier) relationship = { 'type': crits_type, 'value': identifier, 'url_key': obj.get_url_key() } subscription = {'type': crits_type, 'id': identifier} service_list = get_supported_services(crits_type) response['success'] = True response['html'] = render_to_string( "services_analysis_listing.html", { 'relationship': relationship, 'subscription': subscription, 'service_results': results, 'crits_type': crits_type, 'identifier': identifier, 'service_list': service_list }, RequestContext(request)) return HttpResponse(json.dumps(response), mimetype="application/json")
def refresh_services(request, crits_type, identifier): """ Refresh the Analysis tab with the latest information. """ response = {} request.user._setup() # Verify user can see results. sources = request.user.get_sources_list() klass = class_from_type(crits_type) if not klass: msg = 'Could not find object to refresh!' response['success'] = False response['html'] = msg return HttpResponse(json.dumps(response), content_type="application/json") if hasattr(klass, 'source'): obj = klass.objects(id=identifier,source__name__in=sources).first() else: obj = klass.objects(id=identifier).first() if not obj: msg = 'Could not find object to refresh!' response['success'] = False response['html'] = msg return HttpResponse(json.dumps(response), content_type="application/json") # Get analysis results. results = AnalysisResult.objects(object_type=crits_type, object_id=identifier) relationship = {'type': crits_type, 'value': identifier} subscription = {'type': crits_type, 'id': identifier} service_list = get_supported_services(crits_type) response['success'] = True response['html'] = render_to_string("services_analysis_listing.html", {'relationship': relationship, 'subscription': subscription, 'service_results': results, 'crits_type': crits_type, 'identifier': identifier, 'service_list': service_list}, request=request) return HttpResponse(json.dumps(response), content_type="application/json")
def get_raw_data_details(_id, user): """ Generate the data to render the RawData details template. :param _id: The ObjectId of the RawData to get details for. :type _id: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user) if not _id: raw_data = None else: raw_data = RawData.objects(id=_id, source__name__in=sources).first() if not user.check_source_tlp(raw_data): raw_data = None if not raw_data: template = "error.html" args = {'error': 'raw_data not yet available or you do not have access to view it.'} else: raw_data.sanitize("%s" % user) # remove pending notifications for user remove_user_from_notification("%s" % user, raw_data.id, 'RawData') # subscription subscription = { 'type': 'RawData', 'id': raw_data.id, 'subscribed': is_user_subscribed("%s" % user, 'RawData', raw_data.id), } #objects objects = raw_data.sort_objects() #relationships relationships = raw_data.sort_relationships("%s" % user, meta=True) # relationship relationship = { 'type': 'RawData', 'value': raw_data.id } versions = len(RawData.objects(link_id=raw_data.link_id).only('id')) #comments comments = {'comments': raw_data.get_comments(), 'url_key': _id} #screenshots screenshots = raw_data.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'RawData', raw_data.id) # services service_list = get_supported_services('RawData') # analysis results service_results = raw_data.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "versions": versions, "service_results": service_results, "raw_data": raw_data, "RawDataACL": RawDataACL} return template, args
def get_certificate_details(md5, user): """ Generate the data to render the Certificate details template. :param md5: The MD5 of the Certificate to get details for. :type md5: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user.username) cert = Certificate.objects(md5=md5, source__name__in=sources).first() if not user.check_source_tlp(cert): cert = None if not cert: template = "error.html" args = { 'error': 'Certificate not yet available or you do not have access to view it.' } else: cert.sanitize("%s" % user.username) # remove pending notifications for user remove_user_from_notification("%s" % user.username, cert.id, 'Certificate') # subscription subscription = { 'type': 'Certificate', 'id': cert.id, 'subscribed': is_user_subscribed("%s" % user.username, 'Certificate', cert.id), } #objects objects = cert.sort_objects() #relationships relationships = cert.sort_relationships("%s" % user.username, meta=True) # relationship relationship = {'type': 'Certificate', 'value': cert.id} #comments comments = {'comments': cert.get_comments(), 'url_key': md5} #screenshots screenshots = cert.get_screenshots(user.username) # services service_list = get_supported_services('Certificate') # analysis results service_results = cert.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, 'service_results': service_results, "cert": cert, "CertificateACL": CertificateACL, } return template, args
def get_event_details(event_id, analyst): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) event = Event.objects(id=event_id, source__name__in=sources).first() if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % analyst) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={"obj_type": 'Event', "obj_id": event_id}) # remove pending notifications for user remove_user_from_notification("%s" % analyst, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Event', 'value': event.id } #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form} return template, args
def get_certificate_details(md5, analyst): """ Generate the data to render the Certificate details template. :param md5: The MD5 of the Certificate to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) cert = Certificate.objects(md5=md5, source__name__in=sources).first() if not cert: template = "error.html" args = {'error': 'Certificate not yet available or you do not have access to view it.'} else: cert.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, cert.id, 'Certificate') # subscription subscription = { 'type': 'Certificate', 'id': cert.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Certificate', cert.id), } #objects objects = cert.sort_objects() #relationships relationships = cert.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Certificate', 'value': cert.id } #comments comments = {'comments': cert.get_comments(), 'url_key': md5} #screenshots screenshots = cert.get_screenshots(analyst) # services service_list = get_supported_services('Certificate') args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "cert": cert} return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Domain', 'value': dmain.id } #comments comments = {'comments': dmain.get_comments(), 'url_key':dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services service_list = get_supported_services('Domain') # analysis results service_results = dmain.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'service_list': service_list, 'service_results': service_results} return template, args
def get_indicator_details(indicator_id, analyst): """ Generate the data to render the Indicator details template. :param indicator_id: The ObjectId of the Indicator to get details for. :type indicator_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None users_sources = user_sources(analyst) indicator = Indicator.objects(id=indicator_id, source__name__in=users_sources).first() if not indicator: error = ("Either this indicator does not exist or you do " "not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} forms['new_action'] = IndicatorActionsForm(initial={'analyst': analyst, 'active': "off", 'date': datetime.datetime.now()}) forms['new_activity'] = IndicatorActivityForm(initial={'analyst': analyst, 'date': datetime.datetime.now()}) forms['new_campaign'] = CampaignForm()#'date': datetime.datetime.now(), forms['new_source'] = SourceForm(analyst, initial={'date': datetime.datetime.now()}) forms['download_form'] = DownloadFileForm(initial={"obj_type": 'Indicator', "obj_id": indicator_id}) indicator.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, indicator_id, 'Indicator') # subscription subscription = { 'type': 'Indicator', 'id': indicator_id, 'subscribed': is_user_subscribed("%s" % analyst, 'Indicator', indicator_id), } # relationship relationship = { 'type': 'Indicator', 'value': indicator_id, } #objects objects = indicator.sort_objects() #relationships relationships = indicator.sort_relationships("%s" % analyst, meta=True) #comments comments = {'comments': indicator.get_comments(), 'url_key': indicator_id} #screenshots screenshots = indicator.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Indicator', indicator.id) # services service_list = get_supported_services('Indicator') # analysis results service_results = indicator.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'comments': comments, 'relationship': relationship, 'subscription': subscription, "indicator": indicator, "forms": forms, "indicator_id": indicator_id, 'screenshots': screenshots, 'service_list': service_list, 'service_results': service_results, 'favorite': favorite, 'rt_url': settings.RT_URL} return template, args
def get_ip_details(ip, analyst): """ Generate the data to render the IP details template. :param ip: The IP to get details for. :type ip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) ip = IP.objects(ip=ip, source__name__in=allowed_sources).first() template = None args = {} if not ip: template = "error.html" error = "Either no data exists for this IP or you do not have" " permission to view it." args = {"error": error} else: ip.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, ip.id, "IP") # subscription subscription = {"type": "IP", "id": ip.id, "subscribed": is_user_subscribed("%s" % analyst, "IP", ip.id)} # objects objects = ip.sort_objects() # relationships relationships = ip.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "IP", "value": ip.id} # comments comments = {"comments": ip.get_comments(), "url_key": ip.ip} # screenshots screenshots = ip.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "IP", ip.id) # services service_list = get_supported_services("IP") # analysis results service_results = ip.get_analysis_results() args = { "objects": objects, "relationships": relationships, "relationship": relationship, "subscription": subscription, "favorite": favorite, "service_list": service_list, "service_results": service_results, "screenshots": screenshots, "ip": ip, "comments": comments, } return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} #populate whois data into whois form # and create data object (keyed on date) for updating form on date select whois_data = {'':''} #blank info for "Add New" option initial_data = {'data':' '} raw_data = {} whois = getattr(dmain, 'whois', None) if whois: for w in whois: #build data as a display-friendly string w.date = datetime.datetime.strftime(w.date, settings.PY_DATETIME_FORMAT) from whois_parser import WhoisEntry #prettify the whois data w.data = unicode(WhoisEntry.from_dict(w.data)) if 'text' not in w: #whois data was added with old data format w.text = w.data #also save our text blob for easy viewing of the original data whois_data[w.date] = (w.data, w.text) #show most recent entry first initial_data = {'data':whois[-1].data, 'date': whois[-1].date} raw_data = {'data':whois[-1].text, 'date': whois[-1].date} whois_len = len(whois_data)-1 #subtract one to account for blank "Add New" entry whois_data = json.dumps(whois_data) dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) forms['whois'] = UpdateWhoisForm(initial_data, domain=domain) forms['raw_whois'] = UpdateWhoisForm(raw_data, domain=domain, allow_adding=False) forms['diff_whois'] = DiffWhoisForm(domain=domain) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Domain', 'value': dmain.id } #comments comments = {'comments': dmain.get_comments(), 'url_key':dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services service_list = get_supported_services('Domain') args = {'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'forms': forms, 'whois_data': whois_data, 'service_list': service_list, 'whois_len': whois_len} return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} #populate whois data into whois form # and create data object (keyed on date) for updating form on date select whois_data = {'': ''} #blank info for "Add New" option initial_data = {'data': ' '} raw_data = {} whois = getattr(dmain, 'whois', None) if whois: for w in whois: #build data as a display-friendly string w.date = datetime.datetime.strftime(w.date, settings.PY_DATETIME_FORMAT) from whois_parser import WhoisEntry #prettify the whois data w.data = unicode(WhoisEntry.from_dict(w.data)) if 'text' not in w: #whois data was added with old data format w.text = w.data #also save our text blob for easy viewing of the original data whois_data[w.date] = (w.data, w.text) #show most recent entry first initial_data = {'data': whois[-1].data, 'date': whois[-1].date} raw_data = {'data': whois[-1].text, 'date': whois[-1].date} whois_len = len( whois_data) - 1 #subtract one to account for blank "Add New" entry whois_data = json.dumps(whois_data) dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) forms['whois'] = UpdateWhoisForm(initial_data, domain=domain) forms['raw_whois'] = UpdateWhoisForm(raw_data, domain=domain, allow_adding=False) forms['diff_whois'] = DiffWhoisForm(domain=domain) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Domain', 'value': dmain.id} #comments comments = {'comments': dmain.get_comments(), 'url_key': dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services service_list = get_supported_services('Domain') # analysis results service_results = dmain.get_analysis_results() args = { 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'forms': forms, 'whois_data': whois_data, 'service_list': service_list, 'service_results': service_results, 'whois_len': whois_len } return template, args
def get_certificate_details(md5, analyst): """ Generate the data to render the Certificate details template. :param md5: The MD5 of the Certificate to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) cert = Certificate.objects(md5=md5, source__name__in=sources).first() if not cert: template = "error.html" args = {"error": "Certificate not yet available or you do not have access to view it."} else: cert.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, cert.id, "Certificate") # subscription subscription = { "type": "Certificate", "id": cert.id, "subscribed": is_user_subscribed("%s" % analyst, "Certificate", cert.id), } # objects objects = cert.sort_objects() # relationships relationships = cert.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "Certificate", "value": cert.id} # comments comments = {"comments": cert.get_comments(), "url_key": md5} # screenshots screenshots = cert.get_screenshots(analyst) # services service_list = get_supported_services("Certificate") # analysis results service_results = cert.get_analysis_results() args = { "service_list": service_list, "objects": objects, "relationships": relationships, "comments": comments, "relationship": relationship, "subscription": subscription, "screenshots": screenshots, "service_results": service_results, "cert": cert, } return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = "Either no data exists for this domain" " or you do not have permission to view it." template = "error.html" args = {"error": error} return template, args dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, "Domain") # subscription subscription = { "type": "Domain", "id": dmain.id, "subscribed": is_user_subscribed("%s" % analyst, "Domain", dmain.id), } # objects objects = dmain.sort_objects() # relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "Domain", "value": dmain.id} # comments comments = {"comments": dmain.get_comments(), "url_key": dmain.domain} # screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "Domain", dmain.id) # services service_list = get_supported_services("Domain") # analysis results service_results = dmain.get_analysis_results() args = { "objects": objects, "relationships": relationships, "comments": comments, "favorite": favorite, "relationship": relationship, "subscription": subscription, "screenshots": screenshots, "domain": dmain, "service_list": service_list, "service_results": service_results, } return template, args
def get_signature_details(_id, analyst): """ Generate the data to render the Signature details template. :param _id: The ObjectId of the Signature to get details for. :type _id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) if not _id: signature = None else: signature = Signature.objects(id=_id, source__name__in=sources).first() if not signature: template = "error.html" args = { 'error': 'signature not yet available or you do not have access to view it.' } else: signature.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, signature.id, 'Signature') # subscription subscription = { 'type': 'Signature', 'id': signature.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Signature', signature.id), } #objects objects = signature.sort_objects() #relationships relationships = signature.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Signature', 'value': signature.id} versions = len(Signature.objects(link_id=signature.link_id).only('id')) #comments comments = {'comments': signature.get_comments(), 'url_key': _id} #screenshots screenshots = signature.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Signature', signature.id) # services service_list = get_supported_services('Signature') # analysis results service_results = signature.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "versions": versions, "service_results": service_results, "signature": signature } return template, args
def get_event_details(event_id, user): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user) event = Event.objects(id=event_id, source__name__in=sources).first() if not user.check_source_tlp(event): event = None if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % user) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={ "obj_type": 'Event', "obj_id": event_id }) # remove pending notifications for user remove_user_from_notification("%s" % user, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % user, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % user, meta=True) # Get count of related Events for each related Indicator for ind in relationships.get('Indicator', []): count = Event.objects(relationships__object_id=ind['id'], source__name__in=sources).count() ind['rel_ind_events'] = count # Get count of related Events for each related Sample for smp in relationships.get('Sample', []): count = Event.objects(relationships__object_id=smp['id'], source__name__in=sources).count() smp['rel_smp_events'] = count # relationship relationship = {'type': 'Event', 'value': event.id} #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form, 'EventACL': EventACL } return template, args
def get_ip_details(ip, analyst): """ Generate the data to render the IP details template. :param ip: The IP to get details for. :type ip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) ip = IP.objects(ip=ip, source__name__in=allowed_sources).first() template = None args = {} if not ip: template = "error.html" error = ('Either no data exists for this IP or you do not have' ' permission to view it.') args = {'error': error} else: ip.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, ip.id, 'IP') # subscription subscription = { 'type': 'IP', 'id': ip.id, 'subscribed': is_user_subscribed("%s" % analyst, 'IP', ip.id), } #objects objects = ip.sort_objects() #relationships relationships = ip.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'IP', 'value': ip.id } #comments comments = {'comments': ip.get_comments(), 'url_key':ip.ip} #screenshots screenshots = ip.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'IP', ip.id) # services service_list = get_supported_services('IP') # analysis results service_results = ip.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'ip': ip, 'comments':comments} return template, args
def get_pcap_details(md5, analyst): """ Generate the data to render the PCAP details template. :param md5: The MD5 of the PCAP to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) pcap = PCAP.objects(md5=md5, source__name__in=sources).first() if not pcap: template = "error.html" args = {'error': 'PCAP not yet available or you do not have access to view it.'} else: pcap.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, pcap.id, 'PCAP') # subscription subscription = { 'type': 'PCAP', 'id': pcap.id, 'subscribed': is_user_subscribed("%s" % analyst, 'PCAP', pcap.id), } #objects objects = pcap.sort_objects() #relationships relationships = pcap.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'PCAP', 'value': pcap.id } #comments comments = {'comments': pcap.get_comments(), 'url_key': md5} #screenshots screenshots = pcap.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'PCAP', pcap.id) # services # Assume all PCAPs have the data available service_list = get_supported_services('PCAP') # analysis results service_results = pcap.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "service_results": service_results, "pcap": pcap} return template, args
def get_actor_details(id_, analyst): """ Generate the data to render the Actor details template. :param id_: The Actor ObjectId to get details for. :type actorip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) actor = Actor.objects(id=id_, source__name__in=allowed_sources).first() template = None args = {} if not actor: template = "error.html" error = ('Either no data exists for this Actor or you do not have' ' permission to view it.') args = {'error': error} else: actor.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, actor.id, 'Actor') download_form = DownloadFileForm(initial={"obj_type": 'Actor', "obj_id": actor.id}) # generate identifiers actor_identifiers = actor.generate_identifiers_list(analyst) # subscription subscription = { 'type': 'Actor', 'id': actor.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Actor', actor.id), } #objects objects = actor.sort_objects() #relationships relationships = actor.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Actor', 'value': actor.id } #comments comments = {'comments': actor.get_comments(), 'url_key': actor.id} #screenshots screenshots = actor.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id) # services service_list = get_supported_services('Actor') # analysis results service_results = actor.get_analysis_results() args = {'actor_identifiers': actor_identifiers, 'objects': objects, 'download_form': download_form, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'actor': actor, 'actor_id': id_, 'comments': comments} return template, args
def get_signature_details(_id, analyst): """ Generate the data to render the Signature details template. :param _id: The ObjectId of the Signature to get details for. :type _id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) if not _id: signature = None else: signature = Signature.objects(id=_id, source__name__in=sources).first() if not signature: template = "error.html" args = {'error': 'signature not yet available or you do not have access to view it.'} else: signature.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, signature.id, 'Signature') # subscription subscription = { 'type': 'Signature', 'id': signature.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Signature', signature.id), } #objects objects = signature.sort_objects() #relationships relationships = signature.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Signature', 'value': signature.id } versions = len(Signature.objects(link_id=signature.link_id).only('id')) #comments comments = {'comments': signature.get_comments(), 'url_key': _id} #screenshots screenshots = signature.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Signature', signature.id) # services service_list = get_supported_services('Signature') # analysis results service_results = signature.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "versions": versions, "service_results": service_results, "signature": signature} return template, args
def get_pcap_details(md5, analyst): """ Generate the data to render the PCAP details template. :param md5: The MD5 of the PCAP to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) pcap = PCAP.objects(md5=md5, source__name__in=sources).first() if not pcap: template = "error.html" args = { 'error': 'PCAP not yet available or you do not have access to view it.' } else: pcap.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, pcap.id, 'PCAP') # subscription subscription = { 'type': 'PCAP', 'id': pcap.id, 'subscribed': is_user_subscribed("%s" % analyst, 'PCAP', pcap.id), } #objects objects = pcap.sort_objects() #relationships relationships = pcap.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'PCAP', 'value': pcap.id} #comments comments = {'comments': pcap.get_comments(), 'url_key': md5} #screenshots screenshots = pcap.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'PCAP', pcap.id) # services # Assume all PCAPs have the data available service_list = get_supported_services('PCAP') # analysis results service_results = pcap.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "service_results": service_results, "pcap": pcap } return template, args
def get_event_details(event_id, user): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user) event = Event.objects(id=event_id, source__name__in=sources).first() if not user.check_source_tlp(event): event = None if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % user) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={"obj_type": 'Event', "obj_id": event_id}) # remove pending notifications for user remove_user_from_notification("%s" % user, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % user, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % user, meta=True) # Get count of related Events for each related Indicator for ind in relationships.get('Indicator', []): count = Event.objects(relationships__object_id=ind['id'], source__name__in=sources).count() ind['rel_ind_events'] = count # Get count of related Events for each related Sample for smp in relationships.get('Sample', []): count = Event.objects(relationships__object_id=smp['id'], source__name__in=sources).count() smp['rel_smp_events'] = count # relationship relationship = { 'type': 'Event', 'value': event.id } #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form, 'EventACL': EventACL} return template, args
def get_event_details(event_id, analyst): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) event = Event.objects(id=event_id, source__name__in=sources).first() if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % analyst) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={ "obj_type": 'Event', "obj_id": event_id }) # remove pending notifications for user remove_user_from_notification("%s" % analyst, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Event', 'value': event.id} #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form } return template, args
def get_actor_details(id_, analyst): """ Generate the data to render the Actor details template. :param id_: The Actor ObjectId to get details for. :type actorip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) actor = Actor.objects(id=id_, source__name__in=allowed_sources).first() template = None args = {} if not actor: template = "error.html" error = ('Either no data exists for this Actor or you do not have' ' permission to view it.') args = {'error': error} else: actor.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, actor.id, 'Actor') download_form = DownloadFileForm(initial={ "obj_type": 'Actor', "obj_id": actor.id }) # generate identifiers actor_identifiers = actor.generate_identifiers_list(analyst) # subscription subscription = { 'type': 'Actor', 'id': actor.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Actor', actor.id), } #objects objects = actor.sort_objects() #relationships relationships = actor.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Actor', 'value': actor.id} #comments comments = {'comments': actor.get_comments(), 'url_key': actor.id} #screenshots screenshots = actor.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id) # services service_list = get_supported_services('Actor') # analysis results service_results = actor.get_analysis_results() args = { 'actor_identifiers': actor_identifiers, 'objects': objects, 'download_form': download_form, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'actor': actor, 'actor_id': id_, 'comments': comments } return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Domain', 'value': dmain.id} #comments comments = {'comments': dmain.get_comments(), 'url_key': dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services service_list = get_supported_services('Domain') # analysis results service_results = dmain.get_analysis_results() args = { 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'service_list': service_list, 'service_results': service_results } return template, args
def get_backdoor_details(id_, user): """ Generate the data to render the Backdoor details template. :param id_: The Backdoor ObjectId to get details for. :type id_: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(user) backdoor = Backdoor.objects(id=id_, source__name__in=allowed_sources).first() template = None args = {} if not backdoor: template = "error.html" error = ('Either no data exists for this Backdoor or you do not have' ' permission to view it.') args = {'error': error} else: backdoor.sanitize("%s" % user) # remove pending notifications for user remove_user_from_notification("%s" % user, backdoor.id, 'Backdoor') # subscription subscription = { 'type': 'Backdoor', 'id': backdoor.id, 'subscribed': is_user_subscribed("%s" % user, 'Backdoor', backdoor.id), } #objects objects = backdoor.sort_objects() #relationships relationships = backdoor.sort_relationships("%s" % user, meta=True) # relationship relationship = { 'type': 'Backdoor', 'value': backdoor.id } #comments comments = {'comments': backdoor.get_comments(), 'url_key': backdoor.id} #screenshots screenshots = backdoor.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'Backdoor', backdoor.id) # services service_list = get_supported_services('Backdoor') # analysis results service_results = backdoor.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'backdoor': backdoor, 'backdoor_id': id_, 'comments': comments} return template, args
def get_ip_details(ip, user): """ Generate the data to render the IP details template. :param ip: The IP to get details for. :type ip: str :param user: The user requesting this information. :type user: CRITsUser :returns: template (str), arguments (dict) """ allowed_sources = user_sources(user) ip = IP.objects(ip=ip, source__name__in=allowed_sources).first() template = None args = {} if not user.check_source_tlp(ip): ip = None if not ip: template = "error.html" error = ('Either no data exists for this IP or you do not have' ' permission to view it.') args = {'error': error} else: ip.sanitize("%s" % user) # remove pending notifications for user remove_user_from_notification("%s" % user, ip.id, 'IP') # subscription subscription = { 'type': 'IP', 'id': ip.id, 'subscribed': is_user_subscribed("%s" % user, 'IP', ip.id), } #objects objects = ip.sort_objects() #relationships relationships = ip.sort_relationships("%s" % user, meta=True) # relationship relationship = { 'type': 'IP', 'value': ip.id } #comments comments = {'comments': ip.get_comments(), 'url_key':ip.ip} #screenshots screenshots = ip.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'IP', ip.id) # services service_list = get_supported_services('IP') # analysis results service_results = ip.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'ip': ip, 'comments':comments, 'IPACL': IPACL} return template, args
def get_indicator_details(indicator_id, analyst): """ Generate the data to render the Indicator details template. :param indicator_id: The ObjectId of the Indicator to get details for. :type indicator_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None users_sources = user_sources(analyst) indicator = Indicator.objects(id=indicator_id, source__name__in=users_sources).first() if not indicator: error = "Either this indicator does not exist or you do " "not have permission to view it." template = "error.html" args = {"error": error} return template, args forms = {} forms["new_activity"] = IndicatorActivityForm(initial={"analyst": analyst, "date": datetime.datetime.now()}) forms["new_campaign"] = CampaignForm() #'date': datetime.datetime.now(), forms["new_source"] = SourceForm(analyst, initial={"date": datetime.datetime.now()}) forms["download_form"] = DownloadFileForm(initial={"obj_type": "Indicator", "obj_id": indicator_id}) indicator.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, indicator_id, "Indicator") # subscription subscription = { "type": "Indicator", "id": indicator_id, "subscribed": is_user_subscribed("%s" % analyst, "Indicator", indicator_id), } # relationship relationship = {"type": "Indicator", "value": indicator_id} # objects objects = indicator.sort_objects() # relationships relationships = indicator.sort_relationships("%s" % analyst, meta=True) # comments comments = {"comments": indicator.get_comments(), "url_key": indicator_id} # screenshots screenshots = indicator.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "Indicator", indicator.id) # services service_list = get_supported_services("Indicator") # analysis results service_results = indicator.get_analysis_results() args = { "objects": objects, "relationships": relationships, "comments": comments, "relationship": relationship, "subscription": subscription, "indicator": indicator, "forms": forms, "indicator_id": indicator_id, "screenshots": screenshots, "service_list": service_list, "service_results": service_results, "favorite": favorite, "rt_url": settings.RT_URL, } return template, args