def load_user_settings(user): default_settings = get_default_user_settings(user) settings = STORAGE.user_settings.get(user['uname'], as_obj=False) srv_list = [ x for x in STORAGE.list_all_services(as_obj=False, full=True) if x['enabled'] ] if not settings: def_srv_list = None settings = default_settings else: # Make sure all defaults are there for key, item in default_settings.items(): if key not in settings: settings[key] = item # Remove all obsolete keys for key in list(settings.keys()): if key not in default_settings: del settings[key] def_srv_list = settings.get('services', {}).get('selected', None) settings['service_spec'] = get_default_service_spec(srv_list) settings['services'] = get_default_service_list(srv_list, def_srv_list) # Normalize the user's classification settings['classification'] = Classification.normalize_classification( settings['classification']) return settings
def get_or_create_summary(sid, results, user_classification, completed): user_classification = CLASSIFICATION.normalize_classification(user_classification, long_format=False) cache_key = f"{sid}_{user_classification}_with_sections" for illegal_char in [" ", ":", "/"]: cache_key = cache_key.replace(illegal_char, "") summary_cache = STORAGE.submission_summary.get_if_exists(cache_key, as_obj=False) if not summary_cache: summary = STORAGE.get_summary_from_keys( results, cl_engine=CLASSIFICATION, user_classification=user_classification, keep_heuristic_sections=True) expiry = now_as_iso(config.datastore.ilm.days_until_archive * 24 * 60 * 60) partial = not completed or "missing_results" in summary or "missing_files" in summary # Do not cache partial summary if not partial: summary_cache = { "attack_matrix": json.dumps(summary['attack_matrix']), "tags": json.dumps(summary['tags']), "expiry_ts": expiry, "heuristics": json.dumps(summary['heuristics']), "classification": summary['classification'], "filtered": summary["filtered"], "heuristic_sections": json.dumps(summary['heuristic_sections']), "heuristic_name_map": json.dumps(summary['heuristic_name_map']) } STORAGE.submission_summary.save(cache_key, summary_cache) return { "attack_matrix": summary['attack_matrix'], "tags": summary['tags'], "expiry_ts": expiry, "heuristics": summary['heuristics'], "classification": summary['classification'], "filtered": summary["filtered"], "partial": partial, "heuristic_sections": summary['heuristic_sections'], "heuristic_name_map": summary['heuristic_name_map'] } return { "attack_matrix": json.loads(summary_cache['attack_matrix']), "tags": json.loads(summary_cache['tags']), "expiry_ts": summary_cache["expiry_ts"], "heuristics": json.loads(summary_cache['heuristics']), "classification": summary_cache['classification'], "filtered": summary_cache["filtered"], "partial": False, "heuristic_sections": json.loads(summary_cache['heuristic_sections']), "heuristic_name_map": json.loads(summary_cache['heuristic_name_map']) }
def check_for_source_change(delta_list, source): change_list = {} for delta in delta_list: if delta['name'] == source['name']: # Classification update if delta['default_classification'] != source[ 'default_classification']: class_norm = Classification.normalize_classification( delta['default_classification']) change_list[ 'default_classification'] = STORAGE.signature.update_by_query( query=f'source:"{source["name"]}"', operations=[("SET", "classification", class_norm)]) return change_list
def update_signature_source(service, name, **_): """ Update a signature source by name for a given service Variables: service => Service to which we want to update the source name => Name of the source you want update Arguments: None Data Block: { "uri": "http://somesite/file_to_get", # URI to fetch for parsing the rules "name": "signature_file.yar", # Name of the file we will parse the rules as "username": null, # Username used to get to the URI "password": null, # Password used to get to the URI "header": { # Header sent during the request to the URI "X_TOKEN": "SOME RANDOM TOKEN" # Exemple of header }, "private_key": null, # Private key used to get to the URI "pattern": "^*.yar$" # Regex pattern use to get appropriate files from the URI } Result example: {"success": True/False} # if the operation succeeded of not """ data = request.json service_data = STORAGE.get_service_with_delta(service, as_obj=False) current_sources = service_data.get('update_config', {}).get('sources', []) # Ensure private_key (if any) ends with a \n if data.get('private_key', None) and not data['private_key'].endswith("\n"): data['private_key'] += "\n" if name != data['name']: return make_api_response( {"success": False}, err="You are not allowed to change the source name.", status_code=400) if not service_data.get('update_config', {}).get('generates_signatures', False): return make_api_response( {"success": False}, err= "This service does not generate alerts therefor you cannot update its sources.", status_code=400) if len(current_sources) == 0: return make_api_response( {"success": False}, err= "This service does not have any sources therefor you cannot update any source.", status_code=400) new_sources = [] found = False classification_changed = False for source in current_sources: if data['name'] == source['name']: new_sources.append(data) found = True classification_changed = data['default_classification'] != source[ 'default_classification'] else: new_sources.append(source) if not found: return make_api_response( {"success": False}, err=f"Could not found source '{data.name}' in service {service}.", status_code=404) service_delta = STORAGE.service_delta.get(service, as_obj=False) if service_delta.get('update_config') is None: service_delta['update_config'] = {"sources": new_sources} else: service_delta['update_config']['sources'] = new_sources # Has the classification changed? if classification_changed: class_norm = Classification.normalize_classification( data['default_classification']) STORAGE.signature.update_by_query(query=f'source:"{data["name"]}"', operations=[("SET", "classification", class_norm)]) _reset_service_updates(service) # Save the signature success = STORAGE.service_delta.save(service, service_delta) service_event_sender.send(service, { 'operation': Operation.Modified, 'name': service }) return make_api_response({"success": success})