def observable(request, observable_id="1"):
""" details of a single observable
"""
context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []}
try:
observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related(
Prefetch('indicators'),
)
except Observable.DoesNotExist:
messages.error(request, 'The requested observable does not exist!')
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
if len(observable)<=0:
messages.warning(request, "No observable with the given ID exists in the system.")
else:
context['observable'] = observable[0]
context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace.last().namespace)
context['namespaces'] = Namespace.objects.all()
context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0])
# get related objects
for obj in context['objects']:
context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type))
context['related_observables'].append(obj.observables.all())
if len(context['related_observables'])<=0:
context['related_observables'].append(observable)
# check if observable is in a composition
for obs_comp in observable[0].observablecomposition_set.all():
context['related_observables'].append(obs_comp.observable_set.all())
# check object type specific settings
if observable[0].observable_type == 'FileObjectType':
context['custom'] = []
context['meta'] = []
context['hashes'] = []
context['active_tab'] = 'hashes'
for obj in context['objects']:
for custom in obj.file_custom.all():
context['custom'].append({'name': custom.property_name, 'value': custom.property_value})
context['active_tab'] = 'custom'
for meta in obj.file_meta.all():
if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0:
context['meta'].append({
'name': meta.file_name,
'path': meta.file_path,
'extension': meta.file_extension,
'size': meta.file_size
})
context['active_tab'] = 'meta'
if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256':
context['hashes'] = True
context['active_tab'] = 'hashes'
elif observable[0].observable_type == 'CompositionContainer':
### TODO: currently supports only single composition in observable
for composition in observable[0].compositions.all():
context['composition_id'] = composition.id
elif observable[0].observable_type == 'WindowsExecutableFileObjectType':
context['active_tab'] = 'winexeobj'
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
def cybox_http(observable, observable_type, objects):
nsname, nsurl = observable.namespace.last().namespace.split(':', 1)
NS = cybox.utils.Namespace(nsurl, nsname)
cybox.utils.set_id_namespace(NS)
observables = Observables()
for obj in objects:
h = cybox_object_http(obj)
# get related objects
related_objects_list = get_related_objects_for_object(obj.id, observable_type)
o = Observable(h)
o.title = observable.name
o.description = observable.description
observables.add(o)
return observables
def cybox_http(observable, observable_type, objects):
nsname, nsurl = observable.namespace.split(':', 1)
NS = cybox.utils.Namespace(nsurl, nsname)
cybox.utils.set_id_namespace(NS)
observables = Observables()
for obj in objects:
h = cybox_object_http(obj)
# get related objects
related_objects_list = get_related_objects_for_object(obj.id, observable_type)
o = Observable(h)
o.title = observable.name
o.description = observable.description
observables.add(o)
return observables
def observable(request, observable_id="1"):
""" details of a single observable
"""
context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []}
try:
observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related(
Prefetch('indicators'),
)
except Observable.DoesNotExist:
messages.error(request, 'The requested observable does not exist!')
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
if len(observable)<=0:
messages.warning(request, "No observable with the given ID exists in the system.")
else:
context['observable'] = observable[0]
context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace)
context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0])
# get related objects
for obj in context['objects']:
context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type))
context['related_observables'].append(obj.observables.all())
if len(context['related_observables'])<=0:
context['related_observables'].append(observable)
# check object type specific settings
if observable[0].observable_type == 'FileObjectType':
context['custom'] = []
context['meta'] = []
context['hashes'] = []
context['active_tab'] = 'hashes'
for obj in context['objects']:
for custom in obj.file_custom.all():
context['custom'].append({'name': custom.property_name, 'value': custom.property_value})
context['active_tab'] = 'custom'
for meta in obj.file_meta.all():
if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0:
context['meta'].append({
'name': meta.file_name,
'path': meta.file_path,
'extension': meta.file_extension,
'size': meta.file_size
})
context['active_tab'] = 'meta'
if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256':
context['hashes'] = True
context['active_tab'] = 'hashes'
return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
def cybox_file(observable, observable_type, objects):
nsname, nsurl = observable.namespace.last().namespace.split(':', 1)
NS = cybox.utils.Namespace(nsurl, nsname)
cybox.utils.set_id_namespace(NS)
observables = Observables()
for obj in objects:
for meta in obj.file_meta.all():
f = cybox_object_file(obj, meta)
# get related objects
related_objects_list = get_related_objects_for_object(obj.id, observable_type)
for rel_obj_dict in related_objects_list:
for rel_obj in rel_obj_dict['objects']:
if isinstance(rel_obj, EmailMessage_Object):
rel_o, attachments_list = cybox_object_email(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
for att in attachments_list:
observables.add(Observable(att))
continue
elif isinstance(rel_obj, File_Object):
for rel_meta in rel_obj.file_meta.all():
rel_o = cybox_object_file(rel_obj, rel_meta)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
elif isinstance(rel_obj, Address_Object):
rel_o = cybox_object_address(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
elif isinstance(rel_obj, URI_Object):
rel_o = cybox_object_uri(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
elif isinstance(rel_obj, HTTPSession_Object):
rel_o = cybox_object_http(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
o = Observable(f)
o.title = observable.name
o.description = observable.description
observables.add(o)
return observables
def cybox_file(observable, observable_type, objects):
nsname, nsurl = observable.namespace.split(':', 1)
NS = cybox.utils.Namespace(nsurl, nsname)
cybox.utils.set_id_namespace(NS)
observables = Observables()
for obj in objects:
for meta in obj.file_meta.all():
f = cybox_object_file(obj, meta)
# get related objects
related_objects_list = get_related_objects_for_object(obj.id, observable_type)
for rel_obj_dict in related_objects_list:
for rel_obj in rel_obj_dict['objects']:
if isinstance(rel_obj, EmailMessage_Object):
rel_o, attachments_list = cybox_object_email(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
for att in attachments_list:
observables.add(Observable(att))
continue
elif isinstance(rel_obj, File_Object):
for rel_meta in rel_obj.file_meta.all():
rel_o = cybox_object_file(rel_obj, rel_meta)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
elif isinstance(rel_obj, Address_Object):
rel_o = cybox_object_address(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
elif isinstance(rel_obj, URI_Object):
rel_o = cybox_object_uri(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
elif isinstance(rel_obj, HTTPSession_Object):
rel_o = cybox_object_http(rel_obj)
f.add_related(rel_o, rel_obj_dict['relation'], True)
continue
o = Observable(f)
o.title = observable.name
o.description = observable.description
observables.add(o)
return observables
