def iocjson(iocid): # if 'logged_in' in session: response = '' # get the IOC ioc = dbsession.query(XMLIOC).filter_by(id = iocid).first() if ioc is None: return Response(status=404, response='This IOC does not exist', content_type='text/plain') FLAT_MODE = (IOC_MODE == 'flat') allowedElements = {} IOCevaluatorList = ioc_modules.flatEvaluatorList if FLAT_MODE else ioc_modules.logicEvaluatorList HASHevaluatorList = hash_modules.flatEvaluatorList if FLAT_MODE else hash_modules.logicEvaluatorList evaluatorList = dict(IOCevaluatorList.items() + HASHevaluatorList.items()) for name, classname in evaluatorList.items(): allowedElements[name] = classname.evalList content = base64.b64decode(ioc.xml_content) # Parse it, filtering on allowed elements oip = openiocparser.OpenIOCParser(content, allowedElements, FLAT_MODE, fromString=True) oip.parse() # Get the tree tree = oip.getTree() return Response(status=200, response=json.dumps(tree.json2(), indent=4), content_type='application/json')
def hostjson(hostid): # if 'logged_in' in session: response = '' # Get the result task, result = dbsession.query(Task, Result).filter(Result.id==hostid).join(Result, Task.id == Result.tache_id).first() if task is None or result is None: return Response(status=404, response='This host does not exist', content_type='text/plain') # if not reachable, display error on the graph if not result.smbreachable: tab = {'name':task.ip, 'infected':True, 'children':[{'name':'This host could not be joined', 'infected': True}]} return Response(status=200, response=json.dumps(tab), content_type='application/json') # Get batch batch = dbsession.query(Batch).filter_by(id = task.batch_id).first() # Then profile cp = dbsession.query(ConfigurationProfile).filter_by(id = batch.configuration_profile_id).first() # The IOC list if cp.ioc_list == '': ioc_list = [] else: ioc_list = [int(e) for e in cp.ioc_list.split(',')] # And IOC detections ioc_detections = dbsession.query(IOCDetection).filter_by(result_id = result.id).all() # list of GUID per IOC guids = {i:[] for i in ioc_list} for iocd in ioc_detections: guids[iocd.xmlioc_id].append(iocd.indicator_id) tree = {'name':task.ip, 'children':[], 'infected': False} for iocid in ioc_list: ioc = dbsession.query(XMLIOC).filter_by(id = iocid).first() FLAT_MODE = (IOC_MODE == 'flat') allowedElements = {} IOCevaluatorList = ioc_modules.flatEvaluatorList if FLAT_MODE else ioc_modules.logicEvaluatorList HASHevaluatorList = hash_modules.flatEvaluatorList if FLAT_MODE else hash_modules.logicEvaluatorList evaluatorList = dict(IOCevaluatorList.items() + HASHevaluatorList.items()) for name, classname in evaluatorList.items(): allowedElements[name] = classname.evalList content = base64.b64decode(ioc.xml_content) # Parse IOC oip = openiocparser.OpenIOCParser(content, allowedElements, FLAT_MODE, fromString=True) oip.parse() # Build tree and infect it with the IOC detections tmp = oip.getTree() tmp.infect(guids[iocid]) tmp = tmp.json2() tmptree = {'name':ioc.name, 'children': [tmp], 'infected': tmp['infected']} tree['children'].append(tmptree) # Get the infection up tree['infected'] |= tmp['infected'] return Response(status=200, response=json.dumps(tree, indent=4), content_type='application/json')