def get_event_details(event_id, analyst): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) event = Event.objects(id=event_id, source__name__in=sources).first() if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % analyst) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={ "obj_type": 'Event', "obj_id": event_id }) # remove pending notifications for user remove_user_from_notification("%s" % analyst, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Event', 'value': event.id} #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form } return template, args
def get_raw_data_details(_id, user): """ Generate the data to render the RawData details template. :param _id: The ObjectId of the RawData to get details for. :type _id: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user) if not _id: raw_data = None else: raw_data = RawData.objects(id=_id, source__name__in=sources).first() if not user.check_source_tlp(raw_data): raw_data = None if not raw_data: template = "error.html" args = {'error': 'raw_data not yet available or you do not have access to view it.'} else: raw_data.sanitize("%s" % user) # remove pending notifications for user remove_user_from_notification("%s" % user, raw_data.id, 'RawData') # subscription subscription = { 'type': 'RawData', 'id': raw_data.id, 'subscribed': is_user_subscribed("%s" % user, 'RawData', raw_data.id), } #objects objects = raw_data.sort_objects() #relationships relationships = raw_data.sort_relationships("%s" % user, meta=True) # relationship relationship = { 'type': 'RawData', 'value': raw_data.id } versions = len(RawData.objects(link_id=raw_data.link_id).only('id')) #comments comments = {'comments': raw_data.get_comments(), 'url_key': _id} #screenshots screenshots = raw_data.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'RawData', raw_data.id) # services service_list = get_supported_services('RawData') # analysis results service_results = raw_data.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "versions": versions, "service_results": service_results, "raw_data": raw_data, "RawDataACL": RawDataACL} return template, args
def get_pcap_details(md5, analyst): """ Generate the data to render the PCAP details template. :param md5: The MD5 of the PCAP to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) pcap = PCAP.objects(md5=md5, source__name__in=sources).first() if not pcap: template = "error.html" args = { 'error': 'PCAP not yet available or you do not have access to view it.' } else: pcap.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, pcap.id, 'PCAP') # subscription subscription = { 'type': 'PCAP', 'id': pcap.id, 'subscribed': is_user_subscribed("%s" % analyst, 'PCAP', pcap.id), } #objects objects = pcap.sort_objects() #relationships relationships = pcap.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'PCAP', 'value': pcap.id} #comments comments = {'comments': pcap.get_comments(), 'url_key': md5} #screenshots screenshots = pcap.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'PCAP', pcap.id) # services # Assume all PCAPs have the data available service_list = get_supported_services('PCAP') # analysis results service_results = pcap.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "service_results": service_results, "pcap": pcap } return template, args
def get_campaign_details(campaign_name, analyst): """ Generate the data to render the Campaign details template. :param campaign_name: The name of the Campaign to get details for. :type campaign_name: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) campaign_detail = Campaign.objects(name=campaign_name).first() if not campaign_detail: template = "error.html" args = {"error": 'No data exists for this campaign.'} return template, args ttp_form = TTPForm() # remove pending notifications for user remove_user_from_notification("%s" % analyst, campaign_detail.id, 'Campaign') # subscription subscription = { 'type': 'Campaign', 'id': campaign_detail.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Campaign', campaign_detail.id), } #objects objects = campaign_detail.sort_objects() #relationships relationships = campaign_detail.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Campaign', 'value': campaign_detail.id} #comments comments = { 'comments': campaign_detail.get_comments(), 'url_key': campaign_name } #screenshots screenshots = campaign_detail.get_screenshots(analyst) # Get item counts formatted_query = {'campaign.name': campaign_name} counts = {} for col_obj in [Sample, PCAP, Indicator, Email, Domain, IP, Event]: counts[col_obj._meta['crits_type']] = col_obj.objects( source__name__in=sources, __raw__=formatted_query).count() # Item counts for targets uniq_addrs = get_campaign_targets(campaign_name, analyst) counts['Target'] = Target.objects(email_address__in=uniq_addrs).count() # favorites favorite = is_user_favorite("%s" % analyst, 'Campaign', campaign_detail.id) # analysis results service_results = campaign_detail.get_analysis_results() args = { 'objects': objects, 'relationships': relationships, "relationship": relationship, 'comments': comments, "subscription": subscription, "campaign_detail": campaign_detail, "counts": counts, "favorite": favorite, "screenshots": screenshots, 'service_results': service_results, "ttp_form": ttp_form } return template, args
def get_indicator_details(indicator_id, analyst): """ Generate the data to render the Indicator details template. :param indicator_id: The ObjectId of the Indicator to get details for. :type indicator_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None users_sources = user_sources(analyst) indicator = Indicator.objects(id=indicator_id, source__name__in=users_sources).first() if not indicator: error = ("Either this indicator does not exist or you do " "not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} forms['new_action'] = IndicatorActionsForm(initial={'analyst': analyst, 'active': "off", 'date': datetime.datetime.now()}) forms['new_activity'] = IndicatorActivityForm(initial={'analyst': analyst, 'date': datetime.datetime.now()}) forms['new_campaign'] = CampaignForm()#'date': datetime.datetime.now(), forms['new_source'] = SourceForm(analyst, initial={'date': datetime.datetime.now()}) forms['download_form'] = DownloadFileForm(initial={"obj_type": 'Indicator', "obj_id": indicator_id}) indicator.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, indicator_id, 'Indicator') # subscription subscription = { 'type': 'Indicator', 'id': indicator_id, 'subscribed': is_user_subscribed("%s" % analyst, 'Indicator', indicator_id), } # relationship relationship = { 'type': 'Indicator', 'value': indicator_id, } #objects objects = indicator.sort_objects() #relationships relationships = indicator.sort_relationships("%s" % analyst, meta=True) #comments comments = {'comments': indicator.get_comments(), 'url_key': indicator_id} #screenshots screenshots = indicator.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Indicator', indicator.id) # services service_list = get_supported_services('Indicator') # analysis results service_results = indicator.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'comments': comments, 'relationship': relationship, 'subscription': subscription, "indicator": indicator, "forms": forms, "indicator_id": indicator_id, 'screenshots': screenshots, 'service_list': service_list, 'service_results': service_results, 'favorite': favorite, 'rt_url': settings.RT_URL} return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Domain', 'value': dmain.id } #comments comments = {'comments': dmain.get_comments(), 'url_key':dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services service_list = get_supported_services('Domain') # analysis results service_results = dmain.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'service_list': service_list, 'service_results': service_results} return template, args
def get_signature_details(_id, analyst): """ Generate the data to render the Signature details template. :param _id: The ObjectId of the Signature to get details for. :type _id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) if not _id: signature = None else: signature = Signature.objects(id=_id, source__name__in=sources).first() if not signature: template = "error.html" args = { 'error': 'signature not yet available or you do not have access to view it.' } else: signature.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, signature.id, 'Signature') # subscription subscription = { 'type': 'Signature', 'id': signature.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Signature', signature.id), } #objects objects = signature.sort_objects() #relationships relationships = signature.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Signature', 'value': signature.id} versions = len(Signature.objects(link_id=signature.link_id).only('id')) #comments comments = {'comments': signature.get_comments(), 'url_key': _id} #screenshots screenshots = signature.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Signature', signature.id) # services service_list = get_supported_services('Signature') # analysis results service_results = signature.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "versions": versions, "service_results": service_results, "signature": signature } return template, args
def get_target_details(email_address, analyst): """ Generate the data to render the Target details template. :param email_address: The email address of the target. :type email_address: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None if not email_address: template = "error.html" args = {'error': "Must provide an email address."} return template, args # check for exact match first target = Target.objects(email_address=email_address).first() if not target: # if no exact match, look for case-insensitive match target = Target.objects(email_address__iexact=email_address).first() if not target: target = Target() target.email_address = email_address.strip().lower() form = TargetInfoForm(initial={'email_address': email_address}) email_list = target.find_emails(analyst) form = TargetInfoForm(initial=target.to_dict()) if form.fields.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) != None: form.fields.pop(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) if form.fields.get(form_consts.Common.TICKET_VARIABLE_NAME) != None: form.fields.pop(form_consts.Common.TICKET_VARIABLE_NAME) subscription = { 'type': 'Target', 'id': target.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Target', target.id) } #objects objects = target.sort_objects() #relationships relationships = target.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Target', 'value': target.id } #comments if target.id: comments = {'comments': target.get_comments(), 'url_key': email_address} else: comments = {'comments': [], 'url_key': email_address} #screenshots screenshots = target.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Target', target.id) # analysis results service_results = target.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'comments': comments, 'favorite': favorite, 'subscription': subscription, 'screenshots': screenshots, 'email_list': email_list, 'target_detail': target, 'service_results': service_results, 'form': form} return template, args
def get_target_details(email_address, analyst): """ Generate the data to render the Target details template. :param email_address: The email address of the target. :type email_address: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None if not email_address: template = "error.html" args = {"error": "Must provide an email address."} return template, args target = Target.objects(email_address=email_address).first() if not target: target = Target() target.email_address = email_address form = TargetInfoForm(initial={"email_address": email_address}) email_list = target.find_emails(analyst) # initial_data = target.to_dict() # initial_data['bucket_list'] = target.get_bucket_list_string(); form = TargetInfoForm(initial=target.to_dict()) if form.fields.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) != None: form.fields.pop(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) if form.fields.get(form_consts.Common.TICKET_VARIABLE_NAME) != None: form.fields.pop(form_consts.Common.TICKET_VARIABLE_NAME) subscription = { "type": "Target", "id": target.id, "subscribed": is_user_subscribed("%s" % analyst, "Target", target.id), } # objects objects = target.sort_objects() # relationships relationships = target.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "Target", "value": target.id} # comments if target.id: comments = {"comments": target.get_comments(), "url_key": email_address} else: comments = {"comments": [], "url_key": email_address} # screenshots screenshots = target.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "Target", target.id) args = { "objects": objects, "relationships": relationships, "relationship": relationship, "comments": comments, "favorite": favorite, "subscription": subscription, "screenshots": screenshots, "email_list": email_list, "target_detail": target, "form": form, } return template, args
def get_ip_details(ip, analyst): """ Generate the data to render the IP details template. :param ip: The IP to get details for. :type ip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) ip = IP.objects(ip=ip, source__name__in=allowed_sources).first() template = None args = {} if not ip: template = "error.html" error = "Either no data exists for this IP or you do not have" " permission to view it." args = {"error": error} else: ip.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, ip.id, "IP") # subscription subscription = {"type": "IP", "id": ip.id, "subscribed": is_user_subscribed("%s" % analyst, "IP", ip.id)} # objects objects = ip.sort_objects() # relationships relationships = ip.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "IP", "value": ip.id} # comments comments = {"comments": ip.get_comments(), "url_key": ip.ip} # screenshots screenshots = ip.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "IP", ip.id) # services service_list = get_supported_services("IP") # analysis results service_results = ip.get_analysis_results() args = { "objects": objects, "relationships": relationships, "relationship": relationship, "subscription": subscription, "favorite": favorite, "service_list": service_list, "service_results": service_results, "screenshots": screenshots, "ip": ip, "comments": comments, } return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} #populate whois data into whois form # and create data object (keyed on date) for updating form on date select whois_data = {'':''} #blank info for "Add New" option initial_data = {'data':' '} raw_data = {} whois = getattr(dmain, 'whois', None) if whois: for w in whois: #build data as a display-friendly string w.date = datetime.datetime.strftime(w.date, settings.PY_DATETIME_FORMAT) from whois_parser import WhoisEntry #prettify the whois data w.data = unicode(WhoisEntry.from_dict(w.data)) if 'text' not in w: #whois data was added with old data format w.text = w.data #also save our text blob for easy viewing of the original data whois_data[w.date] = (w.data, w.text) #show most recent entry first initial_data = {'data':whois[-1].data, 'date': whois[-1].date} raw_data = {'data':whois[-1].text, 'date': whois[-1].date} whois_len = len(whois_data)-1 #subtract one to account for blank "Add New" entry whois_data = json.dumps(whois_data) dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) forms['whois'] = UpdateWhoisForm(initial_data, domain=domain) forms['raw_whois'] = UpdateWhoisForm(raw_data, domain=domain, allow_adding=False) forms['diff_whois'] = DiffWhoisForm(domain=domain) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Domain', 'value': dmain.id } #comments comments = {'comments': dmain.get_comments(), 'url_key':dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services manager = crits.service_env.manager service_list = manager.get_supported_services('Domain', True) args = {'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'forms': forms, 'whois_data': whois_data, 'service_list': service_list, 'whois_len': whois_len} return template, args
def get_pcap_details(md5, analyst): """ Generate the data to render the PCAP details template. :param md5: The MD5 of the PCAP to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) pcap = PCAP.objects(md5=md5, source__name__in=sources).first() if not pcap: template = "error.html" args = {"error": "PCAP not yet available or you do not have access to view it."} else: pcap.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, pcap.id, "PCAP") # subscription subscription = { "type": "PCAP", "id": pcap.id, "subscribed": is_user_subscribed("%s" % analyst, "PCAP", pcap.id), } # objects objects = pcap.sort_objects() # relationships relationships = pcap.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "PCAP", "value": pcap.id} # comments comments = {"comments": pcap.get_comments(), "url_key": md5} # screenshots screenshots = pcap.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "PCAP", pcap.id) # services manager = crits.service_env.manager # Assume all PCAPs have the data available service_list = manager.get_supported_services("PCAP", True) args = { "service_list": service_list, "objects": objects, "relationships": relationships, "comments": comments, "favorite": favorite, "relationship": relationship, "subscription": subscription, "screenshots": screenshots, "pcap": pcap, } return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = "Either no data exists for this domain" " or you do not have permission to view it." template = "error.html" args = {"error": error} return template, args dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, "Domain") # subscription subscription = { "type": "Domain", "id": dmain.id, "subscribed": is_user_subscribed("%s" % analyst, "Domain", dmain.id), } # objects objects = dmain.sort_objects() # relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "Domain", "value": dmain.id} # comments comments = {"comments": dmain.get_comments(), "url_key": dmain.domain} # screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "Domain", dmain.id) # services service_list = get_supported_services("Domain") # analysis results service_results = dmain.get_analysis_results() args = { "objects": objects, "relationships": relationships, "comments": comments, "favorite": favorite, "relationship": relationship, "subscription": subscription, "screenshots": screenshots, "domain": dmain, "service_list": service_list, "service_results": service_results, } return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = "Either no data exists for this domain" " or you do not have permission to view it." template = "error.html" args = {"error": error} return template, args forms = {} # populate whois data into whois form # and create data object (keyed on date) for updating form on date select whois_data = {"": ""} # blank info for "Add New" option initial_data = {"data": " "} raw_data = {} whois = getattr(dmain, "whois", None) if whois: for w in whois: # build data as a display-friendly string w.date = datetime.datetime.strftime(w.date, settings.PY_DATETIME_FORMAT) from whois_parser import WhoisEntry # prettify the whois data w.data = unicode(WhoisEntry.from_dict(w.data)) if "text" not in w: # whois data was added with old data format w.text = w.data # also save our text blob for easy viewing of the original data whois_data[w.date] = (w.data, w.text) # show most recent entry first initial_data = {"data": whois[-1].data, "date": whois[-1].date} raw_data = {"data": whois[-1].text, "date": whois[-1].date} whois_len = len(whois_data) - 1 # subtract one to account for blank "Add New" entry whois_data = json.dumps(whois_data) dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) forms["whois"] = UpdateWhoisForm(initial_data, domain=domain) forms["raw_whois"] = UpdateWhoisForm(raw_data, domain=domain, allow_adding=False) forms["diff_whois"] = DiffWhoisForm(domain=domain) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, "Domain") # subscription subscription = { "type": "Domain", "id": dmain.id, "subscribed": is_user_subscribed("%s" % analyst, "Domain", dmain.id), } # objects objects = dmain.sort_objects() # relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {"type": "Domain", "value": dmain.id} # comments comments = {"comments": dmain.get_comments(), "url_key": dmain.domain} # screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "Domain", dmain.id) # services service_list = get_supported_services("Domain") # analysis results service_results = dmain.get_analysis_results() args = { "objects": objects, "relationships": relationships, "comments": comments, "favorite": favorite, "relationship": relationship, "subscription": subscription, "screenshots": screenshots, "domain": dmain, "forms": forms, "whois_data": whois_data, "service_list": service_list, "service_results": service_results, "whois_len": whois_len, } return template, args
def get_campaign_details(campaign_name, analyst): """ Generate the data to render the Campaign details template. :param campaign_name: The name of the Campaign to get details for. :type campaign_name: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) campaign_detail = Campaign.objects(name=campaign_name).first() if not campaign_detail: template = "error.html" args = {"error": 'No data exists for this campaign.'} return template, args campaign_detail.sanitize(username=analyst) ttp_form = TTPForm() # remove pending notifications for user remove_user_from_notification("%s" % analyst, campaign_detail.id, 'Campaign') # subscription subscription = { 'type': 'Campaign', 'id': campaign_detail.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Campaign', campaign_detail.id), } #objects objects = campaign_detail.sort_objects() #relationships relationships = campaign_detail.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Campaign', 'value': campaign_detail.id} #comments comments = {'comments': campaign_detail.get_comments(), 'url_key': campaign_name} #screenshots screenshots = campaign_detail.get_screenshots(analyst) # Get item counts formatted_query = {'campaign.name': campaign_name} counts = {} for col_obj in [Actor, Backdoor, Exploit, Sample, PCAP, Indicator, Email, Domain, IP, Event]: counts[col_obj._meta['crits_type']] = col_obj.objects(source__name__in=sources, __raw__=formatted_query).count() # Item counts for targets uniq_addrs = get_campaign_targets(campaign_name, analyst) counts['Target'] = Target.objects(email_address__in=uniq_addrs).count() # favorites favorite = is_user_favorite("%s" % analyst, 'Campaign', campaign_detail.id) # analysis results service_results = campaign_detail.get_analysis_results() args = {'objects': objects, 'relationships': relationships, "relationship": relationship, 'comments': comments, "subscription": subscription, "campaign_detail": campaign_detail, "counts": counts, "favorite": favorite, "screenshots": screenshots, 'service_results': service_results, "ttp_form": ttp_form, "CampaignACL": CampaignACL} return template, args
def get_backdoor_details(id_, user): """ Generate the data to render the Backdoor details template. :param id_: The Backdoor ObjectId to get details for. :type id_: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(user) backdoor = Backdoor.objects(id=id_, source__name__in=allowed_sources).first() template = None args = {} if not backdoor: template = "error.html" error = ('Either no data exists for this Backdoor or you do not have' ' permission to view it.') args = {'error': error} else: backdoor.sanitize("%s" % user) # remove pending notifications for user remove_user_from_notification("%s" % user, backdoor.id, 'Backdoor') # subscription subscription = { 'type': 'Backdoor', 'id': backdoor.id, 'subscribed': is_user_subscribed("%s" % user, 'Backdoor', backdoor.id), } #objects objects = backdoor.sort_objects() #relationships relationships = backdoor.sort_relationships("%s" % user, meta=True) # relationship relationship = { 'type': 'Backdoor', 'value': backdoor.id } #comments comments = {'comments': backdoor.get_comments(), 'url_key': backdoor.id} #screenshots screenshots = backdoor.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'Backdoor', backdoor.id) # services service_list = get_supported_services('Backdoor') # analysis results service_results = backdoor.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'backdoor': backdoor, 'backdoor_id': id_, 'comments': comments} return template, args
def get_ip_details(ip, analyst): """ Generate the data to render the IP details template. :param ip: The IP to get details for. :type ip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) ip = IP.objects(ip=ip, source__name__in=allowed_sources).first() template = None args = {} if not ip: template = "error.html" error = ('Either no data exists for this IP or you do not have' ' permission to view it.') args = {'error': error} else: ip.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, ip.id, 'IP') # subscription subscription = { 'type': 'IP', 'id': ip.id, 'subscribed': is_user_subscribed("%s" % analyst, 'IP', ip.id), } #objects objects = ip.sort_objects() #relationships relationships = ip.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'IP', 'value': ip.id } #comments comments = {'comments': ip.get_comments(), 'url_key':ip.ip} #screenshots screenshots = ip.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'IP', ip.id) # services manager = crits.service_env.manager service_list = manager.get_supported_services('IP', True) args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'screenshots': screenshots, 'ip': ip, 'comments':comments} return template, args
def get_event_details(event_id, user): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user) event = Event.objects(id=event_id, source__name__in=sources).first() if not user.check_source_tlp(event): event = None if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % user) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={ "obj_type": 'Event', "obj_id": event_id }) # remove pending notifications for user remove_user_from_notification("%s" % user, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % user, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % user, meta=True) # Get count of related Events for each related Indicator for ind in relationships.get('Indicator', []): count = Event.objects(relationships__object_id=ind['id'], source__name__in=sources).count() ind['rel_ind_events'] = count # Get count of related Events for each related Sample for smp in relationships.get('Sample', []): count = Event.objects(relationships__object_id=smp['id'], source__name__in=sources).count() smp['rel_smp_events'] = count # relationship relationship = {'type': 'Event', 'value': event.id} #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = { 'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form, 'EventACL': EventACL } return template, args
def get_target_details(email_address, analyst): """ Generate the data to render the Target details template. :param email_address: The email address of the target. :type email_address: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None if not email_address: template = "error.html" args = {'error': "Must provide an email address."} return template, args # check for exact match first target = Target.objects(email_address=email_address).first() if not target: # if no exact match, look for case-insensitive match target = Target.objects(email_address__iexact=email_address).first() if not target: target = Target() target.email_address = email_address.strip().lower() form = TargetInfoForm(initial={'email_address': email_address}) email_list = target.find_emails(analyst) form = TargetInfoForm(initial=target.to_dict()) if form.fields.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) != None: form.fields.pop(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) if form.fields.get(form_consts.Common.TICKET_VARIABLE_NAME) != None: form.fields.pop(form_consts.Common.TICKET_VARIABLE_NAME) subscription = { 'type': 'Target', 'id': target.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Target', target.id) } #objects objects = target.sort_objects() #relationships relationships = target.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Target', 'value': target.id} #comments if target.id: comments = { 'comments': target.get_comments(), 'url_key': email_address } else: comments = {'comments': [], 'url_key': email_address} #screenshots screenshots = target.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Target', target.id) # analysis results service_results = target.get_analysis_results() args = { 'objects': objects, 'relationships': relationships, 'relationship': relationship, 'comments': comments, 'favorite': favorite, 'subscription': subscription, 'screenshots': screenshots, 'email_list': email_list, 'target_detail': target, 'service_results': service_results, 'form': form } return template, args
def get_pcap_details(md5, analyst): """ Generate the data to render the PCAP details template. :param md5: The MD5 of the PCAP to get details for. :type md5: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) pcap = PCAP.objects(md5=md5, source__name__in=sources).first() if not pcap: template = "error.html" args = {'error': 'PCAP not yet available or you do not have access to view it.'} else: pcap.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, pcap.id, 'PCAP') # subscription subscription = { 'type': 'PCAP', 'id': pcap.id, 'subscribed': is_user_subscribed("%s" % analyst, 'PCAP', pcap.id), } #objects objects = pcap.sort_objects() #relationships relationships = pcap.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'PCAP', 'value': pcap.id } #comments comments = {'comments': pcap.get_comments(), 'url_key': md5} #screenshots screenshots = pcap.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'PCAP', pcap.id) # services # Assume all PCAPs have the data available service_list = get_supported_services('PCAP') # analysis results service_results = pcap.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "service_results": service_results, "pcap": pcap} return template, args
def get_signature_details(_id, analyst): """ Generate the data to render the Signature details template. :param _id: The ObjectId of the Signature to get details for. :type _id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) if not _id: signature = None else: signature = Signature.objects(id=_id, source__name__in=sources).first() if not signature: template = "error.html" args = {'error': 'signature not yet available or you do not have access to view it.'} else: signature.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, signature.id, 'Signature') # subscription subscription = { 'type': 'Signature', 'id': signature.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Signature', signature.id), } #objects objects = signature.sort_objects() #relationships relationships = signature.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Signature', 'value': signature.id } versions = len(Signature.objects(link_id=signature.link_id).only('id')) #comments comments = {'comments': signature.get_comments(), 'url_key': _id} #screenshots screenshots = signature.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Signature', signature.id) # services service_list = get_supported_services('Signature') # analysis results service_results = signature.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, "subscription": subscription, "screenshots": screenshots, "versions": versions, "service_results": service_results, "signature": signature} return template, args
def get_actor_details(id_, analyst): """ Generate the data to render the Actor details template. :param id_: The Actor ObjectId to get details for. :type actorip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) actor = Actor.objects(id=id_, source__name__in=allowed_sources).first() template = None args = {} if not actor: template = "error.html" error = ('Either no data exists for this Actor or you do not have' ' permission to view it.') args = {'error': error} else: actor.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, actor.id, 'Actor') download_form = DownloadFileForm(initial={"obj_type": 'Actor', "obj_id": actor.id}) # generate identifiers actor_identifiers = actor.generate_identifiers_list(analyst) # subscription subscription = { 'type': 'Actor', 'id': actor.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Actor', actor.id), } #objects objects = actor.sort_objects() #relationships relationships = actor.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Actor', 'value': actor.id } #comments comments = {'comments': actor.get_comments(), 'url_key': actor.id} #screenshots screenshots = actor.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id) # services service_list = get_supported_services('Actor') # analysis results service_results = actor.get_analysis_results() args = {'actor_identifiers': actor_identifiers, 'objects': objects, 'download_form': download_form, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'actor': actor, 'actor_id': id_, 'comments': comments} return template, args
def get_indicator_details(indicator_id, analyst): """ Generate the data to render the Indicator details template. :param indicator_id: The ObjectId of the Indicator to get details for. :type indicator_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None users_sources = user_sources(analyst) indicator = Indicator.objects(id=indicator_id, source__name__in=users_sources).first() if not indicator: error = ("Either this indicator does not exist or you do " "not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} forms['new_action'] = IndicatorActionsForm(initial={ 'analyst': analyst, 'active': "off", 'date': datetime.datetime.now() }) forms['new_activity'] = IndicatorActivityForm( initial={ 'analyst': analyst, 'date': datetime.datetime.now() }) forms['new_campaign'] = CampaignForm() #'date': datetime.datetime.now(), forms['new_source'] = SourceForm(analyst, initial={'date': datetime.datetime.now()}) forms['download_form'] = DownloadFileForm(initial={ "obj_type": 'Indicator', "obj_id": indicator_id }) indicator.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, indicator_id, 'Indicator') # subscription subscription = { 'type': 'Indicator', 'id': indicator_id, 'subscribed': is_user_subscribed("%s" % analyst, 'Indicator', indicator_id), } # relationship relationship = { 'type': 'Indicator', 'value': indicator_id, } #objects objects = indicator.sort_objects() #relationships relationships = indicator.sort_relationships("%s" % analyst, meta=True) #comments comments = {'comments': indicator.get_comments(), 'url_key': indicator_id} # favorites favorite = is_user_favorite("%s" % analyst, 'Indicator', indicator.id) # services manager = crits.service_env.manager service_list = manager.get_supported_services('Indicator', True) args = { 'objects': objects, 'relationships': relationships, 'comments': comments, 'relationship': relationship, 'subscription': subscription, "indicator": indicator, "forms": forms, "indicator_id": indicator_id, 'service_list': service_list, 'favorite': favorite, 'rt_url': settings.RT_URL } return template, args
def get_event_details(event_id, analyst): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) event = Event.objects(id=event_id, source__name__in=sources).first() if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % analyst) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={"obj_type": 'Event', "obj_id": event_id}) # remove pending notifications for user remove_user_from_notification("%s" % analyst, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % analyst, meta=True) # relationship relationship = { 'type': 'Event', 'value': event.id } #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form} return template, args
def get_campaign_details(campaign_name, analyst): """ Generate the data to render the Campaign details template. :param campaign_name: The name of the Campaign to get details for. :type campaign_name: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(analyst) campaign_detail = Campaign.objects(name=campaign_name).first() if not campaign_detail: template = "error.html" args = {"error": 'No data exists for this campaign.'} return template, args ttp_form = TTPForm() # remove pending notifications for user remove_user_from_notification("%s" % analyst, campaign_detail.id, 'Campaign') # subscription subscription = { 'type': 'Campaign', 'id': campaign_detail.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Campaign', campaign_detail.id), } #objects objects = campaign_detail.sort_objects() #relationships relationships = campaign_detail.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Campaign', 'value': campaign_detail.id} #comments comments = {'comments': campaign_detail.get_comments(), 'url_key': campaign_name} #screenshots screenshots = campaign_detail.get_screenshots(analyst) # Get item counts formatted_query = {'campaign.name': campaign_name} counts = {} for col_obj in [Sample, PCAP, Indicator, Email, Domain, IP, Event]: counts[col_obj._meta['crits_type']] = col_obj.objects(source__name__in=sources, __raw__=formatted_query).count() # Item counts for targets emails = Email.objects(source__name__in=sources, __raw__=formatted_query) addresses = {} for email in emails: for to in email['to']: # This might be a slow operation since we're looking up all "to" # targets, could possibly bulk search this. target = Target.objects(email_address__iexact=to).first() if target is not None: addresses[target.email_address] = 1 else: addresses[to] = 1 uniq_addrs = addresses.keys() counts['Target'] = Target.objects(email_address__in=uniq_addrs).count() # favorites favorite = is_user_favorite("%s" % analyst, 'Campaign', campaign_detail.id) # analysis results service_results = campaign_detail.get_analysis_results() args = {'objects': objects, 'relationships': relationships, "relationship": relationship, 'comments': comments, "subscription": subscription, "campaign_detail": campaign_detail, "counts": counts, "favorite": favorite, "screenshots": screenshots, 'service_results': service_results, "ttp_form": ttp_form} return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args forms = {} #populate whois data into whois form # and create data object (keyed on date) for updating form on date select whois_data = {'': ''} #blank info for "Add New" option initial_data = {'data': ' '} raw_data = {} whois = getattr(dmain, 'whois', None) if whois: for w in whois: #build data as a display-friendly string w.date = datetime.datetime.strftime(w.date, settings.PY_DATETIME_FORMAT) from whois_parser import WhoisEntry #prettify the whois data w.data = unicode(WhoisEntry.from_dict(w.data)) if 'text' not in w: #whois data was added with old data format w.text = w.data #also save our text blob for easy viewing of the original data whois_data[w.date] = (w.data, w.text) #show most recent entry first initial_data = {'data': whois[-1].data, 'date': whois[-1].date} raw_data = {'data': whois[-1].text, 'date': whois[-1].date} whois_len = len( whois_data) - 1 #subtract one to account for blank "Add New" entry whois_data = json.dumps(whois_data) dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) forms['whois'] = UpdateWhoisForm(initial_data, domain=domain) forms['raw_whois'] = UpdateWhoisForm(raw_data, domain=domain, allow_adding=False) forms['diff_whois'] = DiffWhoisForm(domain=domain) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Domain', 'value': dmain.id} #comments comments = {'comments': dmain.get_comments(), 'url_key': dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services manager = crits.service_env.manager service_list = manager.get_supported_services('Domain', True) args = { 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'forms': forms, 'whois_data': whois_data, 'service_list': service_list, 'whois_len': whois_len } return template, args
def get_event_details(event_id, user): """ Generate the data to render the Event details template. :param event_id: The ObjectId of the Event to get details for. :type event_id: str :param user: The user requesting this information. :type user: str :returns: template (str), arguments (dict) """ template = None sources = user_sources(user) event = Event.objects(id=event_id, source__name__in=sources).first() if not user.check_source_tlp(event): event = None if not event: template = "error.html" args = {'error': "ID does not exist or insufficient privs for source"} return template, args event.sanitize("%s" % user) campaign_form = CampaignForm() download_form = DownloadFileForm(initial={"obj_type": 'Event', "obj_id": event_id}) # remove pending notifications for user remove_user_from_notification("%s" % user, event.id, 'Event') # subscription subscription = { 'type': 'Event', 'id': event.id, 'subscribed': is_user_subscribed("%s" % user, 'Event', event.id), } #objects objects = event.sort_objects() #relationships relationships = event.sort_relationships("%s" % user, meta=True) # Get count of related Events for each related Indicator for ind in relationships.get('Indicator', []): count = Event.objects(relationships__object_id=ind['id'], source__name__in=sources).count() ind['rel_ind_events'] = count # Get count of related Events for each related Sample for smp in relationships.get('Sample', []): count = Event.objects(relationships__object_id=smp['id'], source__name__in=sources).count() smp['rel_smp_events'] = count # relationship relationship = { 'type': 'Event', 'value': event.id } #comments comments = {'comments': event.get_comments(), 'url_key': event.id} #screenshots screenshots = event.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'Event', event.id) # services service_list = get_supported_services('Event') # analysis results service_results = event.get_analysis_results() args = {'service_list': service_list, 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'event': event, 'campaign_form': campaign_form, 'service_results': service_results, 'download_form': download_form, 'EventACL': EventACL} return template, args
def get_domain_details(domain, analyst): """ Generate the data to render the Domain details template. :param domain: The name of the Domain to get details for. :type domain: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None allowed_sources = user_sources(analyst) dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first() if not dmain: error = ("Either no data exists for this domain" " or you do not have permission to view it.") template = "error.html" args = {'error': error} return template, args dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources) # remove pending notifications for user remove_user_from_notification("%s" % analyst, dmain.id, 'Domain') # subscription subscription = { 'type': 'Domain', 'id': dmain.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id), } #objects objects = dmain.sort_objects() #relationships relationships = dmain.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Domain', 'value': dmain.id} #comments comments = {'comments': dmain.get_comments(), 'url_key': dmain.domain} #screenshots screenshots = dmain.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id) # services service_list = get_supported_services('Domain') # analysis results service_results = dmain.get_analysis_results() args = { 'objects': objects, 'relationships': relationships, 'comments': comments, 'favorite': favorite, 'relationship': relationship, 'subscription': subscription, 'screenshots': screenshots, 'domain': dmain, 'service_list': service_list, 'service_results': service_results } return template, args
def get_actor_details(id_, analyst): """ Generate the data to render the Actor details template. :param id_: The Actor ObjectId to get details for. :type actorip: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ allowed_sources = user_sources(analyst) actor = Actor.objects(id=id_, source__name__in=allowed_sources).first() template = None args = {} if not actor: template = "error.html" error = ('Either no data exists for this Actor or you do not have' ' permission to view it.') args = {'error': error} else: actor.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, actor.id, 'Actor') download_form = DownloadFileForm(initial={ "obj_type": 'Actor', "obj_id": actor.id }) # generate identifiers actor_identifiers = actor.generate_identifiers_list(analyst) # subscription subscription = { 'type': 'Actor', 'id': actor.id, 'subscribed': is_user_subscribed("%s" % analyst, 'Actor', actor.id), } #objects objects = actor.sort_objects() #relationships relationships = actor.sort_relationships("%s" % analyst, meta=True) # relationship relationship = {'type': 'Actor', 'value': actor.id} #comments comments = {'comments': actor.get_comments(), 'url_key': actor.id} #screenshots screenshots = actor.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id) # services service_list = get_supported_services('Actor') # analysis results service_results = actor.get_analysis_results() args = { 'actor_identifiers': actor_identifiers, 'objects': objects, 'download_form': download_form, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'actor': actor, 'actor_id': id_, 'comments': comments } return template, args
def get_ip_details(ip, user): """ Generate the data to render the IP details template. :param ip: The IP to get details for. :type ip: str :param user: The user requesting this information. :type user: CRITsUser :returns: template (str), arguments (dict) """ allowed_sources = user_sources(user) ip = IP.objects(ip=ip, source__name__in=allowed_sources).first() template = None args = {} if not user.check_source_tlp(ip): ip = None if not ip: template = "error.html" error = ('Either no data exists for this IP or you do not have' ' permission to view it.') args = {'error': error} else: ip.sanitize("%s" % user) # remove pending notifications for user remove_user_from_notification("%s" % user, ip.id, 'IP') # subscription subscription = { 'type': 'IP', 'id': ip.id, 'subscribed': is_user_subscribed("%s" % user, 'IP', ip.id), } #objects objects = ip.sort_objects() #relationships relationships = ip.sort_relationships("%s" % user, meta=True) # relationship relationship = { 'type': 'IP', 'value': ip.id } #comments comments = {'comments': ip.get_comments(), 'url_key':ip.ip} #screenshots screenshots = ip.get_screenshots(user) # favorites favorite = is_user_favorite("%s" % user, 'IP', ip.id) # services service_list = get_supported_services('IP') # analysis results service_results = ip.get_analysis_results() args = {'objects': objects, 'relationships': relationships, 'relationship': relationship, 'subscription': subscription, 'favorite': favorite, 'service_list': service_list, 'service_results': service_results, 'screenshots': screenshots, 'ip': ip, 'comments':comments, 'IPACL': IPACL} return template, args
def get_indicator_details(indicator_id, analyst): """ Generate the data to render the Indicator details template. :param indicator_id: The ObjectId of the Indicator to get details for. :type indicator_id: str :param analyst: The user requesting this information. :type analyst: str :returns: template (str), arguments (dict) """ template = None users_sources = user_sources(analyst) indicator = Indicator.objects(id=indicator_id, source__name__in=users_sources).first() if not indicator: error = "Either this indicator does not exist or you do " "not have permission to view it." template = "error.html" args = {"error": error} return template, args forms = {} forms["new_activity"] = IndicatorActivityForm(initial={"analyst": analyst, "date": datetime.datetime.now()}) forms["new_campaign"] = CampaignForm() #'date': datetime.datetime.now(), forms["new_source"] = SourceForm(analyst, initial={"date": datetime.datetime.now()}) forms["download_form"] = DownloadFileForm(initial={"obj_type": "Indicator", "obj_id": indicator_id}) indicator.sanitize("%s" % analyst) # remove pending notifications for user remove_user_from_notification("%s" % analyst, indicator_id, "Indicator") # subscription subscription = { "type": "Indicator", "id": indicator_id, "subscribed": is_user_subscribed("%s" % analyst, "Indicator", indicator_id), } # relationship relationship = {"type": "Indicator", "value": indicator_id} # objects objects = indicator.sort_objects() # relationships relationships = indicator.sort_relationships("%s" % analyst, meta=True) # comments comments = {"comments": indicator.get_comments(), "url_key": indicator_id} # screenshots screenshots = indicator.get_screenshots(analyst) # favorites favorite = is_user_favorite("%s" % analyst, "Indicator", indicator.id) # services service_list = get_supported_services("Indicator") # analysis results service_results = indicator.get_analysis_results() args = { "objects": objects, "relationships": relationships, "comments": comments, "relationship": relationship, "subscription": subscription, "indicator": indicator, "forms": forms, "indicator_id": indicator_id, "screenshots": screenshots, "service_list": service_list, "service_results": service_results, "favorite": favorite, "rt_url": settings.RT_URL, } return template, args