def remove_group(self, group):
# Update file
self.remove_from('groups', group)
# Update previous analysis
for analysis_id in self['analysis']:
analysis = Analysis(
store.analysis.find_one({'_id': ObjectId(analysis_id)}))
analysis.remove_from('groups', group)
def add_groups(self, groups):
# Update file
for group in groups:
self.append_to('groups', group)
# Update previous analysis
for analysis_id in self['analysis']:
analysis = Analysis(store.analysis.find_one({'_id': ObjectId(analysis_id)}))
for group in groups:
analysis.append_to('groups', group)
def refresh_iocs(self, id):
"""Refresh IOCs with Threat Intel modules
.. :quickref: Analysis; Refresh IOCs with Threat Intel modules.
:param id: id of the analysis.
"""
analysis = Analysis(get_or_404(current_user.analyses, _id=id))
analysis.refresh_iocs()
return redirect(analysis, url_for('AnalysesView:get', id=analysis["_id"]))
def get_file(self, id, filehash):
analysis = Analysis(get_or_404(current_user.analyses, _id=id))
for file_type in analysis['generated_files']:
for filepath in analysis['generated_files'][file_type]:
filepath = filepath.encode('utf-8')
if filehash == md5(filepath).hexdigest():
return file_download(filehash)
filepath = analysis._file['filepath'].encode('utf-8')
if filehash == md5(filepath).hexdigest():
return file_download(analysis.get_main_file())
return abort(404)
def submit_iocs(self, id, module):
"""Submit observables to a Threat Intelligence module.
.. :quickref: Analysis; Submit observables to a threat intelligence module
If succesful, the response will be ``"ok"``.
:param id: id of the analysis.
:param module: name of the module to submit the file to.
:<jsonarr string value: the value of the observable.
:<jsonarr list tags: a list of tags associated to it.
"""
analysis = Analysis(get_or_404(current_user.analyses, _id=id))
for ti_module in dispatcher.get_threat_intelligence_modules():
if ti_module.name == module:
ti_module.iocs_submission(analysis, request.json)
analysis.update_value(['threat_intelligence', module], True)
return make_response("ok")
def _save_analysis_file(self, id, path):
file = request.files['file']
analysis = Analysis(get_or_404(current_user.analyses, _id=id))
dirpath = os.path.join(path, str(analysis['_id']))
filepath = os.path.join(dirpath, secure_filename(file.filename))
# Create parent dirs if they don't exist
try:
os.makedirs(dirpath)
except:
pass
with open(filepath, "wb") as fd:
copyfileobj(file.stream, fd)
return filepath
def analyze(self, groups, analyst, module_name=None, options={}):
analysis = Analysis({
'file': self['_id'],
'module': module_name,
'options': options,
'groups': list(set(groups + self['groups'])),
'analyst': analyst
})
analysis.save()
self.add_groups(groups)
self.append_to('analysis', analysis['_id'])
analysis.resume()
return analysis
def resume(self, id):
analysis = Analysis(get_or_404(Analysis.get_collection(), _id=id))
analysis.resume()
flash("Resumed analysis {}".format(analysis['_id']))
return redirect({}, url_for('SystemView:index'))
