Exemplo n.º 1
0
def interval(request):
    if request.method != 'GET':
        return error_page_free_format(request, 'invalid method')
    # activeユーザー以外はエラー
    if not request.user.is_active:
        return error_page_inactive(request)
    # is_admin権限なしの場合はエラー
    if not request.user.is_admin:
        return error_page_no_view_permission(request)
    try:
        interval = get_adapter_misp_detail_interval_interval(request)
        # schedular からジョブを削除
        misp.remove_interval_job()
        # mongo 格納の設定からジョブを削除
        MispAdapter.remove_internal_job()
        if interval != 0:
            # Mongo の misp に jobを追加する (設定の保存のみ)
            job = MispAdapter.add_job(type_=ScheduleJobs.JOB_INTERVAL, seconds=interval)
            # job 動作追加
            misp.add_job(job)
            info_msg = 'Set Interval %d sec' % (interval)
        else:
            # ジョブの追加をしない
            info_msg = 'Stop a job by interval'
        return misp_common_render(request, info_msg=info_msg)
    except Exception:
        # エラーページ
        return error_page(request)
Exemplo n.º 2
0
def modify(request):
    if request.method != 'POST':
        return error_page_free_format(request,'invalid method')
    #activeユーザー以外はエラー
    if request.user.is_active == False:
        return error_page_inactive(request)
    try:
        url = get_adapter_misp_modify_url(request)
        apikey = get_adapter_misp_modify_apikey(request)
        stix_id_prefix = get_adapter_misp_modify_stix_id_prefix(request)
        print 'stix_id_prefix'
        identity = get_adapter_misp_modify_identity(request)
        community_id = get_adapter_misp_modify_community_id(request)
        uploader_id = int(get_adapter_misp_modify_uploader_id(request))
        published_only = get_adapter_misp_get_published_only(request)
        #設定更新
        #url は sheme と fqdn 名までなので END_POINT を追加する
        MispAdapter.modify_settings(url,apikey,stix_id_prefix,identity,community_id,uploader_id,published_only)
        #レンダリング
        replace_dict = get_replace_dict()
        replace_dict['info_msg_modify'] = 'Modify Success!!'
        return render(request,'misp.html',replace_dict)
    except Exception:
        #エラーページ
        return error_page(request)
Exemplo n.º 3
0
def create(request):
    if request.method != 'POST':
        return error_page_free_format(request, 'invalid method')
    # activeユーザー以外はエラー
    if not request.user.is_active:
        return error_page_inactive(request)
    # is_admin権限なしの場合はエラー
    if not request.user.is_admin:
        return error_page_no_view_permission(request)
    try:
        time = get_adapter_misp_detail_create_time(request)
        if time is None:
            return error_page_free_format(request, 'Invalid Time format.')
        times = time.split(':')
        if len(times) == 1:
            return error_page_free_format(request, 'Invalid Time format.')
        # 数値変換チェック
        try:
            int(times[0])
            int(times[1])
            int(times[2])
        except ValueError:
            return error_page_free_format(request, 'Invalid Time format.')

        # Cron設定
        # job追加
        job = MispAdapter.add_job(type_=ScheduleJobs.JOB_CRON, hour=times[0], minute=times[1], second=times[2])
        misp.add_job(job)
    except Exception:
        # エラーページ
        return error_page(request)
    return misp_common_render(request)
Exemplo n.º 4
0
def get(request):
    if request.method != 'GET':
        return error_page_free_format(request,'invalid method')
    #activeユーザー以外はエラー
    if request.user.is_active == False:
        return error_page_inactive(request)
    try:
        start_str = get_adapter_misp_get_start_date(request)
        end_str = get_adapter_misp_get_end_date(request)
        try:
            start_date = _get_datetime_from_str(start_str)
        except:
            #parse不能時は指定なしと同義
            start_date = None
        try:
            end_date = _get_datetime_from_str(end_str)
        except:
            #parse不能時は指定なしと同義
            end_date = None
        count = misp.get_misp_stix(from_dt=start_date,to_dt=end_date,identity=MispAdapter.get().identity)
        #レンダリング
        replace_dict = get_replace_dict()
        replace_dict['info_msg_get'] =  'Get by Misp Adapter successfully!! (Get %d stix files.)' % (count)
        return render(request,'misp.html',replace_dict)
    except Exception:
        #エラーページ
        return error_page(request)
Exemplo n.º 5
0
 def __init__(self):
     misp_conf = MispAdapter.get()
     url = misp_conf.url
     scheme = urlparse.urlparse(url).scheme
     host = urlparse.urlparse(url).hostname
     url = '%s://%s/%s' % (scheme, host, 'events')
     self.py_misp = PyMISP(url=url, key=misp_conf.apikey, ssl=False)
     return
Exemplo n.º 6
0
 def remove_job(self, job_id):
     # MispAdapter の jobs から job 削除
     misp = MispAdapter.get()
     misp.remove_job(job_id)
     # スケジューラから job 削除
     schedule_job = ScheduleJobs.objects.get(id=job_id)
     self._schedule.remove_job(schedule_job)
     # mongo の schedule_jobs から schedule_job 削除
     schedule_job.remove()
Exemplo n.º 7
0
def get_misp_dict(replace_dict):
    replace_dict['misp'] = MispAdapter.get()
    #communityが削除されている場合はNoneを格納する
    try:
        if replace_dict['misp'].community is None:
            replace_dict['misp'].community = None
    except DoesNotExist:
            replace_dict['misp'].community = None
    return replace_dict
Exemplo n.º 8
0
 def resume_job(self, job_id):
     schedule_job = ScheduleJobs.objects.get(id=job_id)
     if schedule_job in MispAdapter.get().jobs:
         if schedule_job.status == ScheduleJobs.STATUS_STOP:
             pass
         else:
             print('already working.')
             return
     else:
         raise Exception('invalid job_id')
     self._schedule.resume_job(schedule_job)
Exemplo n.º 9
0
    def get_misp_stix(self,
                      from_dt=None,
                      to_dt=None,
                      identity=default_identity_name):
        # identity を更新
        self.mc.identity_name = identity
        # misp アダプタの設定を取得
        misp_conf = MispAdapter.get()
        url = misp_conf.url
        stix_id_prefix = misp_conf.stix_id_prefix
        apikey = misp_conf.apikey
        published_only = misp_conf.published_only
        # 登録情報を取得
        community = misp_conf.community
        uploader = misp_conf.uploader
        via = Vias.get_via_adapter_misp(uploader)

        # mispから取得
        try:
            if url[-1] != '/':
                url += '/'
            url = url + 'events/xml/download.json'
            md = MISPDownloader(url, apikey)
            text = md.get(from_dt=from_dt, to_dt=to_dt)
            if text is None:
                return 0
            stix_packages = self.mc.convert(text=text.encode(),
                                            published_only=published_only,
                                            stix_id_prefix=stix_id_prefix)
        except Exception as e:
            traceback.print_exc()
            raise e

        # last_requested更新
        misp_conf.modify_last_requested()

        count = 0
        # ひとつずつ取得する
        for stix_package in stix_packages:
            try:
                # stix一つごとに登録処理
                # 取得したSTIXを登録
                try:
                    StixFiles.objects.get(package_id=stix_package.id_)
                except DoesNotExist:
                    # 存在しない場合は登録する
                    _regist_stix(stix_package.to_xml(), community, via)
                    count += 1
            except Exception as e:
                # エラーが発生した場合はログを表示して処理は実行する
                traceback.print_exc()

        # 件数を返却
        return count
Exemplo n.º 10
0
    def pause_job(self, job_id):
        schedule_job = ScheduleJobs.objects.get(id=job_id)
        if schedule_job in MispAdapter.get().jobs:
            if schedule_job.status == ScheduleJobs.STATUS_IN_OPERATION:
                pass
            else:
                print('not yet start.')
                return
        else:
            raise Exception('invalid job_id')

            return
        self._schedule.pause_job(schedule_job)
Exemplo n.º 11
0
    def get_misp_stix(self, from_dt=None, to_dt=None):
        # misp アダプタの設定を取得
        misp_conf = MispAdapter.get()
        url = misp_conf.url
        apikey = misp_conf.apikey
        published_only = misp_conf.published_only
        if misp_conf.stix_version.startswith('1.'):
            stix_version = 'stix'
        else:
            stix_version = 'stix2'
        # 登録情報を取得
        community = misp_conf.community
        uploader = misp_conf.uploader
        via = Vias.get_via_adapter_misp(uploader)

        # mispから取得
        try:
            if url[-1] != '/':
                url += '/'
            url = url + 'events/restSearch'
            md = MISPDownloader(url, apikey)
            stix_packages = md.get(from_dt=from_dt,
                                   to_dt=to_dt,
                                   published_only=published_only,
                                   stix_version=stix_version)
        except Exception as e:
            traceback.print_exc()
            raise e

        # last_requested更新
        misp_conf.modify_last_requested()

        if stix_packages is None:
            return 0

        count = 0
        # ひとつずつ取得する
        for stix_package in stix_packages:
            try:
                if misp_conf.stix_version.startswith('1.'):
                    regist_flag = self._regist_12(stix_package, community, via)
                elif misp_conf.stix_version.startswith('2.'):
                    regist_flag = self._regist_20(stix_package, community, via)
                if regist_flag:
                    count += 1
            except Exception:
                # エラーが発生した場合はログを表示して処理は実行する
                traceback.print_exc()

        # 件数を返却
        return count
Exemplo n.º 12
0
def misp_common_render(request, info_msg=None, error_msg=None):
    try:
        replace_dict = get_common_replace_dict(request)
        # mongo から misp 情報を取得
        ma = MispAdapter.get()
        replace_dict['misp'] = ma
        if info_msg is not None:
            replace_dict['interval_info_msg'] = info_msg
        if error_msg is not None:
            replace_dict['interval_error_msg'] = error_msg
        # レンダリング
        return render(request, 'misp_detail.html', replace_dict)
    except Exception:
        # エラーページ
        return error_page(request)
Exemplo n.º 13
0
 def __init__(self):
     misp_conf = MispAdapter.get()
     url = misp_conf.url
     scheme = urllib.parse.urlparse(url).scheme
     host = urllib.parse.urlparse(url).hostname
     port = urllib.parse.urlparse(url).port
     if port:
         url = '%s://%s:%d/%s' % (scheme, host, port, 'events')
     else:
         url = '%s://%s/%s' % (scheme, host, 'events')
     self.py_misp = PyMISP(url=url,
                           key=misp_conf.apikey,
                           ssl=False,
                           proxies=System.get_request_proxies())
     return
Exemplo n.º 14
0
def share_misp(request):
    try:
        if request.method != 'GET':
            return HttpResponseNotAllowed(['GET'])

        package_id = get_package_id_from_get_argument(request)
        mc = MispUploadAdapterControl()
        j = mc.upload_misp(package_id)
        event_id = j['Event']['id']
        misp_conf = MispAdapter.get()
        tmp_url = misp_conf.url
        if tmp_url[-1] != '/':
            tmp_url += '/'
        url = '%sevents/view/%s' % (tmp_url, event_id)
        r = {}
        r['url'] = url
        return JsonResponse(r, safe=False)
    except Exception as e:
        import traceback
        traceback.print_exc()
        return error(e)