def observable(request, observable_id="1"): """ details of a single observable """ context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []} try: observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related( Prefetch('indicators'), ) except Observable.DoesNotExist: messages.error(request, 'The requested observable does not exist!') return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request)) if len(observable)<=0: messages.warning(request, "No observable with the given ID exists in the system.") else: context['observable'] = observable[0] context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace.last().namespace) context['namespaces'] = Namespace.objects.all() context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0]) # get related objects for obj in context['objects']: context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type)) context['related_observables'].append(obj.observables.all()) if len(context['related_observables'])<=0: context['related_observables'].append(observable) # check if observable is in a composition for obs_comp in observable[0].observablecomposition_set.all(): context['related_observables'].append(obs_comp.observable_set.all()) # check object type specific settings if observable[0].observable_type == 'FileObjectType': context['custom'] = [] context['meta'] = [] context['hashes'] = [] context['active_tab'] = 'hashes' for obj in context['objects']: for custom in obj.file_custom.all(): context['custom'].append({'name': custom.property_name, 'value': custom.property_value}) context['active_tab'] = 'custom' for meta in obj.file_meta.all(): if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0: context['meta'].append({ 'name': meta.file_name, 'path': meta.file_path, 'extension': meta.file_extension, 'size': meta.file_size }) context['active_tab'] = 'meta' if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256': context['hashes'] = True context['active_tab'] = 'hashes' elif observable[0].observable_type == 'CompositionContainer': ### TODO: currently supports only single composition in observable for composition in observable[0].compositions.all(): context['composition_id'] = composition.id elif observable[0].observable_type == 'WindowsExecutableFileObjectType': context['active_tab'] = 'winexeobj' return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
def cybox_http(observable, observable_type, objects): nsname, nsurl = observable.namespace.last().namespace.split(':', 1) NS = cybox.utils.Namespace(nsurl, nsname) cybox.utils.set_id_namespace(NS) observables = Observables() for obj in objects: h = cybox_object_http(obj) # get related objects related_objects_list = get_related_objects_for_object(obj.id, observable_type) o = Observable(h) o.title = observable.name o.description = observable.description observables.add(o) return observables
def cybox_http(observable, observable_type, objects): nsname, nsurl = observable.namespace.split(':', 1) NS = cybox.utils.Namespace(nsurl, nsname) cybox.utils.set_id_namespace(NS) observables = Observables() for obj in objects: h = cybox_object_http(obj) # get related objects related_objects_list = get_related_objects_for_object(obj.id, observable_type) o = Observable(h) o.title = observable.name o.description = observable.description observables.add(o) return observables
def observable(request, observable_id="1"): """ details of a single observable """ context = {'observable_id': observable_id, 'observable': None, 'objects': None, 'related_objects': [], 'related_observables': []} try: observable = Observable.objects.filter(pk=int(observable_id)).prefetch_related( Prefetch('indicators'), ) except Observable.DoesNotExist: messages.error(request, 'The requested observable does not exist!') return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request)) if len(observable)<=0: messages.warning(request, "No observable with the given ID exists in the system.") else: context['observable'] = observable[0] context['namespace_icon'] = get_icon_for_namespace(observable[0].namespace) context['objects'] = get_object_for_observable(observable[0].observable_type, observable[0]) # get related objects for obj in context['objects']: context['related_objects'].append(get_related_objects_for_object(obj.id, observable[0].observable_type)) context['related_observables'].append(obj.observables.all()) if len(context['related_observables'])<=0: context['related_observables'].append(observable) # check object type specific settings if observable[0].observable_type == 'FileObjectType': context['custom'] = [] context['meta'] = [] context['hashes'] = [] context['active_tab'] = 'hashes' for obj in context['objects']: for custom in obj.file_custom.all(): context['custom'].append({'name': custom.property_name, 'value': custom.property_value}) context['active_tab'] = 'custom' for meta in obj.file_meta.all(): if meta.file_name != 'No Name' or meta.file_path != 'No Path' or meta.file_extension != 'No Extension' or meta.file_size != 0: context['meta'].append({ 'name': meta.file_name, 'path': meta.file_path, 'extension': meta.file_extension, 'size': meta.file_size }) context['active_tab'] = 'meta' if obj.md5_hash != 'No MD5' or obj.sha256_hash != 'No SHA256': context['hashes'] = True context['active_tab'] = 'hashes' return render_to_response('kraut_intel/observable_details.html', context, context_instance=RequestContext(request))
def cybox_file(observable, observable_type, objects): nsname, nsurl = observable.namespace.last().namespace.split(':', 1) NS = cybox.utils.Namespace(nsurl, nsname) cybox.utils.set_id_namespace(NS) observables = Observables() for obj in objects: for meta in obj.file_meta.all(): f = cybox_object_file(obj, meta) # get related objects related_objects_list = get_related_objects_for_object(obj.id, observable_type) for rel_obj_dict in related_objects_list: for rel_obj in rel_obj_dict['objects']: if isinstance(rel_obj, EmailMessage_Object): rel_o, attachments_list = cybox_object_email(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) for att in attachments_list: observables.add(Observable(att)) continue elif isinstance(rel_obj, File_Object): for rel_meta in rel_obj.file_meta.all(): rel_o = cybox_object_file(rel_obj, rel_meta) f.add_related(rel_o, rel_obj_dict['relation'], True) continue elif isinstance(rel_obj, Address_Object): rel_o = cybox_object_address(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) continue elif isinstance(rel_obj, URI_Object): rel_o = cybox_object_uri(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) continue elif isinstance(rel_obj, HTTPSession_Object): rel_o = cybox_object_http(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) continue o = Observable(f) o.title = observable.name o.description = observable.description observables.add(o) return observables
def cybox_file(observable, observable_type, objects): nsname, nsurl = observable.namespace.split(':', 1) NS = cybox.utils.Namespace(nsurl, nsname) cybox.utils.set_id_namespace(NS) observables = Observables() for obj in objects: for meta in obj.file_meta.all(): f = cybox_object_file(obj, meta) # get related objects related_objects_list = get_related_objects_for_object(obj.id, observable_type) for rel_obj_dict in related_objects_list: for rel_obj in rel_obj_dict['objects']: if isinstance(rel_obj, EmailMessage_Object): rel_o, attachments_list = cybox_object_email(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) for att in attachments_list: observables.add(Observable(att)) continue elif isinstance(rel_obj, File_Object): for rel_meta in rel_obj.file_meta.all(): rel_o = cybox_object_file(rel_obj, rel_meta) f.add_related(rel_o, rel_obj_dict['relation'], True) continue elif isinstance(rel_obj, Address_Object): rel_o = cybox_object_address(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) continue elif isinstance(rel_obj, URI_Object): rel_o = cybox_object_uri(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) continue elif isinstance(rel_obj, HTTPSession_Object): rel_o = cybox_object_http(rel_obj) f.add_related(rel_o, rel_obj_dict['relation'], True) continue o = Observable(f) o.title = observable.name o.description = observable.description observables.add(o) return observables