def get_event_details(event_id, analyst):
"""
Generate the data to render the Event details template.
:param event_id: The ObjectId of the Event to get details for.
:type event_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
event = Event.objects(id=event_id, source__name__in=sources).first()
if not event:
template = "error.html"
args = {'error': "ID does not exist or insufficient privs for source"}
return template, args
event.sanitize("%s" % analyst)
campaign_form = CampaignForm()
download_form = DownloadFileForm(initial={
"obj_type": 'Event',
"obj_id": event_id
})
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, event.id, 'Event')
# subscription
subscription = {
'type': 'Event',
'id': event.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Event', event.id),
}
#objects
objects = event.sort_objects()
#relationships
relationships = event.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'Event', 'value': event.id}
#comments
comments = {'comments': event.get_comments(), 'url_key': event.id}
#screenshots
screenshots = event.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Event', event.id)
# services
service_list = get_supported_services('Event')
# analysis results
service_results = event.get_analysis_results()
args = {
'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'event': event,
'campaign_form': campaign_form,
'service_results': service_results,
'download_form': download_form
}
return template, args
def get_raw_data_details(_id, user):
"""
Generate the data to render the RawData details template.
:param _id: The ObjectId of the RawData to get details for.
:type _id: str
:param user: The user requesting this information.
:type user: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(user)
if not _id:
raw_data = None
else:
raw_data = RawData.objects(id=_id, source__name__in=sources).first()
if not user.check_source_tlp(raw_data):
raw_data = None
if not raw_data:
template = "error.html"
args = {'error': 'raw_data not yet available or you do not have access to view it.'}
else:
raw_data.sanitize("%s" % user)
# remove pending notifications for user
remove_user_from_notification("%s" % user, raw_data.id, 'RawData')
# subscription
subscription = {
'type': 'RawData',
'id': raw_data.id,
'subscribed': is_user_subscribed("%s" % user,
'RawData', raw_data.id),
}
#objects
objects = raw_data.sort_objects()
#relationships
relationships = raw_data.sort_relationships("%s" % user, meta=True)
# relationship
relationship = {
'type': 'RawData',
'value': raw_data.id
}
versions = len(RawData.objects(link_id=raw_data.link_id).only('id'))
#comments
comments = {'comments': raw_data.get_comments(),
'url_key': _id}
#screenshots
screenshots = raw_data.get_screenshots(user)
# favorites
favorite = is_user_favorite("%s" % user, 'RawData', raw_data.id)
# services
service_list = get_supported_services('RawData')
# analysis results
service_results = raw_data.get_analysis_results()
args = {'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
"subscription": subscription,
"screenshots": screenshots,
"versions": versions,
"service_results": service_results,
"raw_data": raw_data,
"RawDataACL": RawDataACL}
return template, args
def get_pcap_details(md5, analyst):
"""
Generate the data to render the PCAP details template.
:param md5: The MD5 of the PCAP to get details for.
:type md5: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
pcap = PCAP.objects(md5=md5, source__name__in=sources).first()
if not pcap:
template = "error.html"
args = {
'error':
'PCAP not yet available or you do not have access to view it.'
}
else:
pcap.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, pcap.id, 'PCAP')
# subscription
subscription = {
'type': 'PCAP',
'id': pcap.id,
'subscribed': is_user_subscribed("%s" % analyst, 'PCAP', pcap.id),
}
#objects
objects = pcap.sort_objects()
#relationships
relationships = pcap.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'PCAP', 'value': pcap.id}
#comments
comments = {'comments': pcap.get_comments(), 'url_key': md5}
#screenshots
screenshots = pcap.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'PCAP', pcap.id)
# services
# Assume all PCAPs have the data available
service_list = get_supported_services('PCAP')
# analysis results
service_results = pcap.get_analysis_results()
args = {
'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
"subscription": subscription,
"screenshots": screenshots,
"service_results": service_results,
"pcap": pcap
}
return template, args
def get_campaign_details(campaign_name, analyst):
"""
Generate the data to render the Campaign details template.
:param campaign_name: The name of the Campaign to get details for.
:type campaign_name: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
campaign_detail = Campaign.objects(name=campaign_name).first()
if not campaign_detail:
template = "error.html"
args = {"error": 'No data exists for this campaign.'}
return template, args
ttp_form = TTPForm()
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, campaign_detail.id,
'Campaign')
# subscription
subscription = {
'type':
'Campaign',
'id':
campaign_detail.id,
'subscribed':
is_user_subscribed("%s" % analyst, 'Campaign', campaign_detail.id),
}
#objects
objects = campaign_detail.sort_objects()
#relationships
relationships = campaign_detail.sort_relationships("%s" % analyst,
meta=True)
# relationship
relationship = {'type': 'Campaign', 'value': campaign_detail.id}
#comments
comments = {
'comments': campaign_detail.get_comments(),
'url_key': campaign_name
}
#screenshots
screenshots = campaign_detail.get_screenshots(analyst)
# Get item counts
formatted_query = {'campaign.name': campaign_name}
counts = {}
for col_obj in [Sample, PCAP, Indicator, Email, Domain, IP, Event]:
counts[col_obj._meta['crits_type']] = col_obj.objects(
source__name__in=sources, __raw__=formatted_query).count()
# Item counts for targets
uniq_addrs = get_campaign_targets(campaign_name, analyst)
counts['Target'] = Target.objects(email_address__in=uniq_addrs).count()
# favorites
favorite = is_user_favorite("%s" % analyst, 'Campaign', campaign_detail.id)
# analysis results
service_results = campaign_detail.get_analysis_results()
args = {
'objects': objects,
'relationships': relationships,
"relationship": relationship,
'comments': comments,
"subscription": subscription,
"campaign_detail": campaign_detail,
"counts": counts,
"favorite": favorite,
"screenshots": screenshots,
'service_results': service_results,
"ttp_form": ttp_form
}
return template, args
def get_indicator_details(indicator_id, analyst):
"""
Generate the data to render the Indicator details template.
:param indicator_id: The ObjectId of the Indicator to get details for.
:type indicator_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
users_sources = user_sources(analyst)
indicator = Indicator.objects(id=indicator_id,
source__name__in=users_sources).first()
if not indicator:
error = ("Either this indicator does not exist or you do "
"not have permission to view it.")
template = "error.html"
args = {'error': error}
return template, args
forms = {}
forms['new_action'] = IndicatorActionsForm(initial={'analyst': analyst,
'active': "off",
'date': datetime.datetime.now()})
forms['new_activity'] = IndicatorActivityForm(initial={'analyst': analyst,
'date': datetime.datetime.now()})
forms['new_campaign'] = CampaignForm()#'date': datetime.datetime.now(),
forms['new_source'] = SourceForm(analyst, initial={'date': datetime.datetime.now()})
forms['download_form'] = DownloadFileForm(initial={"obj_type": 'Indicator',
"obj_id": indicator_id})
indicator.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, indicator_id, 'Indicator')
# subscription
subscription = {
'type': 'Indicator',
'id': indicator_id,
'subscribed': is_user_subscribed("%s" % analyst,
'Indicator',
indicator_id),
}
# relationship
relationship = {
'type': 'Indicator',
'value': indicator_id,
}
#objects
objects = indicator.sort_objects()
#relationships
relationships = indicator.sort_relationships("%s" % analyst, meta=True)
#comments
comments = {'comments': indicator.get_comments(),
'url_key': indicator_id}
#screenshots
screenshots = indicator.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Indicator', indicator.id)
# services
service_list = get_supported_services('Indicator')
# analysis results
service_results = indicator.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
'comments': comments,
'relationship': relationship,
'subscription': subscription,
"indicator": indicator,
"forms": forms,
"indicator_id": indicator_id,
'screenshots': screenshots,
'service_list': service_list,
'service_results': service_results,
'favorite': favorite,
'rt_url': settings.RT_URL}
return template, args
def get_domain_details(domain, analyst):
"""
Generate the data to render the Domain details template.
:param domain: The name of the Domain to get details for.
:type domain: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
allowed_sources = user_sources(analyst)
dmain = Domain.objects(domain=domain,
source__name__in=allowed_sources).first()
if not dmain:
error = ("Either no data exists for this domain"
" or you do not have permission to view it.")
template = "error.html"
args = {'error': error}
return template, args
dmain.sanitize_sources(username="******" % analyst,
sources=allowed_sources)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, dmain.id, 'Domain')
# subscription
subscription = {
'type': 'Domain',
'id': dmain.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Domain',
dmain.id),
}
#objects
objects = dmain.sort_objects()
#relationships
relationships = dmain.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'Domain',
'value': dmain.id
}
#comments
comments = {'comments': dmain.get_comments(),
'url_key':dmain.domain}
#screenshots
screenshots = dmain.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id)
# services
service_list = get_supported_services('Domain')
# analysis results
service_results = dmain.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'domain': dmain,
'service_list': service_list,
'service_results': service_results}
return template, args
def get_signature_details(_id, analyst):
"""
Generate the data to render the Signature details template.
:param _id: The ObjectId of the Signature to get details for.
:type _id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
if not _id:
signature = None
else:
signature = Signature.objects(id=_id, source__name__in=sources).first()
if not signature:
template = "error.html"
args = {
'error':
'signature not yet available or you do not have access to view it.'
}
else:
signature.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, signature.id,
'Signature')
# subscription
subscription = {
'type':
'Signature',
'id':
signature.id,
'subscribed':
is_user_subscribed("%s" % analyst, 'Signature', signature.id),
}
#objects
objects = signature.sort_objects()
#relationships
relationships = signature.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'Signature', 'value': signature.id}
versions = len(Signature.objects(link_id=signature.link_id).only('id'))
#comments
comments = {'comments': signature.get_comments(), 'url_key': _id}
#screenshots
screenshots = signature.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Signature', signature.id)
# services
service_list = get_supported_services('Signature')
# analysis results
service_results = signature.get_analysis_results()
args = {
'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
"subscription": subscription,
"screenshots": screenshots,
"versions": versions,
"service_results": service_results,
"signature": signature
}
return template, args
def get_target_details(email_address, analyst):
"""
Generate the data to render the Target details template.
:param email_address: The email address of the target.
:type email_address: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
if not email_address:
template = "error.html"
args = {'error': "Must provide an email address."}
return template, args
# check for exact match first
target = Target.objects(email_address=email_address).first()
if not target: # if no exact match, look for case-insensitive match
target = Target.objects(email_address__iexact=email_address).first()
if not target:
target = Target()
target.email_address = email_address.strip().lower()
form = TargetInfoForm(initial={'email_address': email_address})
email_list = target.find_emails(analyst)
form = TargetInfoForm(initial=target.to_dict())
if form.fields.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) != None:
form.fields.pop(form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
if form.fields.get(form_consts.Common.TICKET_VARIABLE_NAME) != None:
form.fields.pop(form_consts.Common.TICKET_VARIABLE_NAME)
subscription = {
'type': 'Target',
'id': target.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Target',
target.id)
}
#objects
objects = target.sort_objects()
#relationships
relationships = target.sort_relationships("%s" % analyst,
meta=True)
# relationship
relationship = {
'type': 'Target',
'value': target.id
}
#comments
if target.id:
comments = {'comments': target.get_comments(),
'url_key': email_address}
else:
comments = {'comments': [],
'url_key': email_address}
#screenshots
screenshots = target.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Target', target.id)
# analysis results
service_results = target.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
'relationship': relationship,
'comments': comments,
'favorite': favorite,
'subscription': subscription,
'screenshots': screenshots,
'email_list': email_list,
'target_detail': target,
'service_results': service_results,
'form': form}
return template, args
def get_target_details(email_address, analyst):
"""
Generate the data to render the Target details template.
:param email_address: The email address of the target.
:type email_address: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
if not email_address:
template = "error.html"
args = {"error": "Must provide an email address."}
return template, args
target = Target.objects(email_address=email_address).first()
if not target:
target = Target()
target.email_address = email_address
form = TargetInfoForm(initial={"email_address": email_address})
email_list = target.find_emails(analyst)
# initial_data = target.to_dict()
# initial_data['bucket_list'] = target.get_bucket_list_string();
form = TargetInfoForm(initial=target.to_dict())
if form.fields.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) != None:
form.fields.pop(form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
if form.fields.get(form_consts.Common.TICKET_VARIABLE_NAME) != None:
form.fields.pop(form_consts.Common.TICKET_VARIABLE_NAME)
subscription = {
"type": "Target",
"id": target.id,
"subscribed": is_user_subscribed("%s" % analyst, "Target", target.id),
}
# objects
objects = target.sort_objects()
# relationships
relationships = target.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {"type": "Target", "value": target.id}
# comments
if target.id:
comments = {"comments": target.get_comments(), "url_key": email_address}
else:
comments = {"comments": [], "url_key": email_address}
# screenshots
screenshots = target.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, "Target", target.id)
args = {
"objects": objects,
"relationships": relationships,
"relationship": relationship,
"comments": comments,
"favorite": favorite,
"subscription": subscription,
"screenshots": screenshots,
"email_list": email_list,
"target_detail": target,
"form": form,
}
return template, args
def get_ip_details(ip, analyst):
"""
Generate the data to render the IP details template.
:param ip: The IP to get details for.
:type ip: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
allowed_sources = user_sources(analyst)
ip = IP.objects(ip=ip, source__name__in=allowed_sources).first()
template = None
args = {}
if not ip:
template = "error.html"
error = "Either no data exists for this IP or you do not have" " permission to view it."
args = {"error": error}
else:
ip.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, ip.id, "IP")
# subscription
subscription = {"type": "IP", "id": ip.id, "subscribed": is_user_subscribed("%s" % analyst, "IP", ip.id)}
# objects
objects = ip.sort_objects()
# relationships
relationships = ip.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {"type": "IP", "value": ip.id}
# comments
comments = {"comments": ip.get_comments(), "url_key": ip.ip}
# screenshots
screenshots = ip.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, "IP", ip.id)
# services
service_list = get_supported_services("IP")
# analysis results
service_results = ip.get_analysis_results()
args = {
"objects": objects,
"relationships": relationships,
"relationship": relationship,
"subscription": subscription,
"favorite": favorite,
"service_list": service_list,
"service_results": service_results,
"screenshots": screenshots,
"ip": ip,
"comments": comments,
}
return template, args
def get_domain_details(domain, analyst):
"""
Generate the data to render the Domain details template.
:param domain: The name of the Domain to get details for.
:type domain: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
allowed_sources = user_sources(analyst)
dmain = Domain.objects(domain=domain,
source__name__in=allowed_sources).first()
if not dmain:
error = ("Either no data exists for this domain"
" or you do not have permission to view it.")
template = "error.html"
args = {'error': error}
return template, args
forms = {}
#populate whois data into whois form
# and create data object (keyed on date) for updating form on date select
whois_data = {'':''} #blank info for "Add New" option
initial_data = {'data':' '}
raw_data = {}
whois = getattr(dmain, 'whois', None)
if whois:
for w in whois:
#build data as a display-friendly string
w.date = datetime.datetime.strftime(w.date,
settings.PY_DATETIME_FORMAT)
from whois_parser import WhoisEntry
#prettify the whois data
w.data = unicode(WhoisEntry.from_dict(w.data))
if 'text' not in w: #whois data was added with old data format
w.text = w.data
#also save our text blob for easy viewing of the original data
whois_data[w.date] = (w.data, w.text)
#show most recent entry first
initial_data = {'data':whois[-1].data, 'date': whois[-1].date}
raw_data = {'data':whois[-1].text, 'date': whois[-1].date}
whois_len = len(whois_data)-1 #subtract one to account for blank "Add New" entry
whois_data = json.dumps(whois_data)
dmain.sanitize_sources(username="******" % analyst,
sources=allowed_sources)
forms['whois'] = UpdateWhoisForm(initial_data,
domain=domain)
forms['raw_whois'] = UpdateWhoisForm(raw_data,
domain=domain,
allow_adding=False)
forms['diff_whois'] = DiffWhoisForm(domain=domain)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, dmain.id, 'Domain')
# subscription
subscription = {
'type': 'Domain',
'id': dmain.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Domain',
dmain.id),
}
#objects
objects = dmain.sort_objects()
#relationships
relationships = dmain.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'Domain',
'value': dmain.id
}
#comments
comments = {'comments': dmain.get_comments(),
'url_key':dmain.domain}
#screenshots
screenshots = dmain.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id)
# services
manager = crits.service_env.manager
service_list = manager.get_supported_services('Domain', True)
args = {'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'domain': dmain,
'forms': forms,
'whois_data': whois_data,
'service_list': service_list,
'whois_len': whois_len}
return template, args
def get_pcap_details(md5, analyst):
"""
Generate the data to render the PCAP details template.
:param md5: The MD5 of the PCAP to get details for.
:type md5: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
pcap = PCAP.objects(md5=md5, source__name__in=sources).first()
if not pcap:
template = "error.html"
args = {"error": "PCAP not yet available or you do not have access to view it."}
else:
pcap.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, pcap.id, "PCAP")
# subscription
subscription = {
"type": "PCAP",
"id": pcap.id,
"subscribed": is_user_subscribed("%s" % analyst, "PCAP", pcap.id),
}
# objects
objects = pcap.sort_objects()
# relationships
relationships = pcap.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {"type": "PCAP", "value": pcap.id}
# comments
comments = {"comments": pcap.get_comments(), "url_key": md5}
# screenshots
screenshots = pcap.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, "PCAP", pcap.id)
# services
manager = crits.service_env.manager
# Assume all PCAPs have the data available
service_list = manager.get_supported_services("PCAP", True)
args = {
"service_list": service_list,
"objects": objects,
"relationships": relationships,
"comments": comments,
"favorite": favorite,
"relationship": relationship,
"subscription": subscription,
"screenshots": screenshots,
"pcap": pcap,
}
return template, args
def get_domain_details(domain, analyst):
"""
Generate the data to render the Domain details template.
:param domain: The name of the Domain to get details for.
:type domain: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
allowed_sources = user_sources(analyst)
dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first()
if not dmain:
error = "Either no data exists for this domain" " or you do not have permission to view it."
template = "error.html"
args = {"error": error}
return template, args
dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, dmain.id, "Domain")
# subscription
subscription = {
"type": "Domain",
"id": dmain.id,
"subscribed": is_user_subscribed("%s" % analyst, "Domain", dmain.id),
}
# objects
objects = dmain.sort_objects()
# relationships
relationships = dmain.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {"type": "Domain", "value": dmain.id}
# comments
comments = {"comments": dmain.get_comments(), "url_key": dmain.domain}
# screenshots
screenshots = dmain.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, "Domain", dmain.id)
# services
service_list = get_supported_services("Domain")
# analysis results
service_results = dmain.get_analysis_results()
args = {
"objects": objects,
"relationships": relationships,
"comments": comments,
"favorite": favorite,
"relationship": relationship,
"subscription": subscription,
"screenshots": screenshots,
"domain": dmain,
"service_list": service_list,
"service_results": service_results,
}
return template, args
def get_domain_details(domain, analyst):
"""
Generate the data to render the Domain details template.
:param domain: The name of the Domain to get details for.
:type domain: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
allowed_sources = user_sources(analyst)
dmain = Domain.objects(domain=domain, source__name__in=allowed_sources).first()
if not dmain:
error = "Either no data exists for this domain" " or you do not have permission to view it."
template = "error.html"
args = {"error": error}
return template, args
forms = {}
# populate whois data into whois form
# and create data object (keyed on date) for updating form on date select
whois_data = {"": ""} # blank info for "Add New" option
initial_data = {"data": " "}
raw_data = {}
whois = getattr(dmain, "whois", None)
if whois:
for w in whois:
# build data as a display-friendly string
w.date = datetime.datetime.strftime(w.date, settings.PY_DATETIME_FORMAT)
from whois_parser import WhoisEntry
# prettify the whois data
w.data = unicode(WhoisEntry.from_dict(w.data))
if "text" not in w: # whois data was added with old data format
w.text = w.data
# also save our text blob for easy viewing of the original data
whois_data[w.date] = (w.data, w.text)
# show most recent entry first
initial_data = {"data": whois[-1].data, "date": whois[-1].date}
raw_data = {"data": whois[-1].text, "date": whois[-1].date}
whois_len = len(whois_data) - 1 # subtract one to account for blank "Add New" entry
whois_data = json.dumps(whois_data)
dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources)
forms["whois"] = UpdateWhoisForm(initial_data, domain=domain)
forms["raw_whois"] = UpdateWhoisForm(raw_data, domain=domain, allow_adding=False)
forms["diff_whois"] = DiffWhoisForm(domain=domain)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, dmain.id, "Domain")
# subscription
subscription = {
"type": "Domain",
"id": dmain.id,
"subscribed": is_user_subscribed("%s" % analyst, "Domain", dmain.id),
}
# objects
objects = dmain.sort_objects()
# relationships
relationships = dmain.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {"type": "Domain", "value": dmain.id}
# comments
comments = {"comments": dmain.get_comments(), "url_key": dmain.domain}
# screenshots
screenshots = dmain.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, "Domain", dmain.id)
# services
service_list = get_supported_services("Domain")
# analysis results
service_results = dmain.get_analysis_results()
args = {
"objects": objects,
"relationships": relationships,
"comments": comments,
"favorite": favorite,
"relationship": relationship,
"subscription": subscription,
"screenshots": screenshots,
"domain": dmain,
"forms": forms,
"whois_data": whois_data,
"service_list": service_list,
"service_results": service_results,
"whois_len": whois_len,
}
return template, args
def get_campaign_details(campaign_name, analyst):
"""
Generate the data to render the Campaign details template.
:param campaign_name: The name of the Campaign to get details for.
:type campaign_name: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
campaign_detail = Campaign.objects(name=campaign_name).first()
if not campaign_detail:
template = "error.html"
args = {"error": 'No data exists for this campaign.'}
return template, args
campaign_detail.sanitize(username=analyst)
ttp_form = TTPForm()
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, campaign_detail.id, 'Campaign')
# subscription
subscription = {
'type': 'Campaign',
'id': campaign_detail.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Campaign',
campaign_detail.id),
}
#objects
objects = campaign_detail.sort_objects()
#relationships
relationships = campaign_detail.sort_relationships("%s" % analyst,
meta=True)
# relationship
relationship = {'type': 'Campaign', 'value': campaign_detail.id}
#comments
comments = {'comments': campaign_detail.get_comments(),
'url_key': campaign_name}
#screenshots
screenshots = campaign_detail.get_screenshots(analyst)
# Get item counts
formatted_query = {'campaign.name': campaign_name}
counts = {}
for col_obj in [Actor, Backdoor, Exploit, Sample, PCAP, Indicator, Email, Domain, IP, Event]:
counts[col_obj._meta['crits_type']] = col_obj.objects(source__name__in=sources,
__raw__=formatted_query).count()
# Item counts for targets
uniq_addrs = get_campaign_targets(campaign_name, analyst)
counts['Target'] = Target.objects(email_address__in=uniq_addrs).count()
# favorites
favorite = is_user_favorite("%s" % analyst, 'Campaign', campaign_detail.id)
# analysis results
service_results = campaign_detail.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
"relationship": relationship,
'comments': comments,
"subscription": subscription,
"campaign_detail": campaign_detail,
"counts": counts,
"favorite": favorite,
"screenshots": screenshots,
'service_results': service_results,
"ttp_form": ttp_form,
"CampaignACL": CampaignACL}
return template, args
def get_backdoor_details(id_, user):
"""
Generate the data to render the Backdoor details template.
:param id_: The Backdoor ObjectId to get details for.
:type id_: str
:param user: The user requesting this information.
:type user: str
:returns: template (str), arguments (dict)
"""
allowed_sources = user_sources(user)
backdoor = Backdoor.objects(id=id_, source__name__in=allowed_sources).first()
template = None
args = {}
if not backdoor:
template = "error.html"
error = ('Either no data exists for this Backdoor or you do not have'
' permission to view it.')
args = {'error': error}
else:
backdoor.sanitize("%s" % user)
# remove pending notifications for user
remove_user_from_notification("%s" % user, backdoor.id, 'Backdoor')
# subscription
subscription = {
'type': 'Backdoor',
'id': backdoor.id,
'subscribed': is_user_subscribed("%s" % user,
'Backdoor',
backdoor.id),
}
#objects
objects = backdoor.sort_objects()
#relationships
relationships = backdoor.sort_relationships("%s" % user, meta=True)
# relationship
relationship = {
'type': 'Backdoor',
'value': backdoor.id
}
#comments
comments = {'comments': backdoor.get_comments(),
'url_key': backdoor.id}
#screenshots
screenshots = backdoor.get_screenshots(user)
# favorites
favorite = is_user_favorite("%s" % user, 'Backdoor', backdoor.id)
# services
service_list = get_supported_services('Backdoor')
# analysis results
service_results = backdoor.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
'relationship': relationship,
'subscription': subscription,
'favorite': favorite,
'service_list': service_list,
'service_results': service_results,
'screenshots': screenshots,
'backdoor': backdoor,
'backdoor_id': id_,
'comments': comments}
return template, args
def get_ip_details(ip, analyst):
"""
Generate the data to render the IP details template.
:param ip: The IP to get details for.
:type ip: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
allowed_sources = user_sources(analyst)
ip = IP.objects(ip=ip, source__name__in=allowed_sources).first()
template = None
args = {}
if not ip:
template = "error.html"
error = ('Either no data exists for this IP or you do not have'
' permission to view it.')
args = {'error': error}
else:
ip.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, ip.id, 'IP')
# subscription
subscription = {
'type': 'IP',
'id': ip.id,
'subscribed': is_user_subscribed("%s" % analyst, 'IP', ip.id),
}
#objects
objects = ip.sort_objects()
#relationships
relationships = ip.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'IP',
'value': ip.id
}
#comments
comments = {'comments': ip.get_comments(),
'url_key':ip.ip}
#screenshots
screenshots = ip.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'IP', ip.id)
# services
manager = crits.service_env.manager
service_list = manager.get_supported_services('IP', True)
args = {'objects': objects,
'relationships': relationships,
'relationship': relationship,
'subscription': subscription,
'favorite': favorite,
'service_list': service_list,
'screenshots': screenshots,
'ip': ip,
'comments':comments}
return template, args
def get_event_details(event_id, user):
"""
Generate the data to render the Event details template.
:param event_id: The ObjectId of the Event to get details for.
:type event_id: str
:param user: The user requesting this information.
:type user: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(user)
event = Event.objects(id=event_id, source__name__in=sources).first()
if not user.check_source_tlp(event):
event = None
if not event:
template = "error.html"
args = {'error': "ID does not exist or insufficient privs for source"}
return template, args
event.sanitize("%s" % user)
campaign_form = CampaignForm()
download_form = DownloadFileForm(initial={
"obj_type": 'Event',
"obj_id": event_id
})
# remove pending notifications for user
remove_user_from_notification("%s" % user, event.id, 'Event')
# subscription
subscription = {
'type': 'Event',
'id': event.id,
'subscribed': is_user_subscribed("%s" % user, 'Event', event.id),
}
#objects
objects = event.sort_objects()
#relationships
relationships = event.sort_relationships("%s" % user, meta=True)
# Get count of related Events for each related Indicator
for ind in relationships.get('Indicator', []):
count = Event.objects(relationships__object_id=ind['id'],
source__name__in=sources).count()
ind['rel_ind_events'] = count
# Get count of related Events for each related Sample
for smp in relationships.get('Sample', []):
count = Event.objects(relationships__object_id=smp['id'],
source__name__in=sources).count()
smp['rel_smp_events'] = count
# relationship
relationship = {'type': 'Event', 'value': event.id}
#comments
comments = {'comments': event.get_comments(), 'url_key': event.id}
#screenshots
screenshots = event.get_screenshots(user)
# favorites
favorite = is_user_favorite("%s" % user, 'Event', event.id)
# services
service_list = get_supported_services('Event')
# analysis results
service_results = event.get_analysis_results()
args = {
'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'event': event,
'campaign_form': campaign_form,
'service_results': service_results,
'download_form': download_form,
'EventACL': EventACL
}
return template, args
def get_target_details(email_address, analyst):
"""
Generate the data to render the Target details template.
:param email_address: The email address of the target.
:type email_address: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
if not email_address:
template = "error.html"
args = {'error': "Must provide an email address."}
return template, args
# check for exact match first
target = Target.objects(email_address=email_address).first()
if not target: # if no exact match, look for case-insensitive match
target = Target.objects(email_address__iexact=email_address).first()
if not target:
target = Target()
target.email_address = email_address.strip().lower()
form = TargetInfoForm(initial={'email_address': email_address})
email_list = target.find_emails(analyst)
form = TargetInfoForm(initial=target.to_dict())
if form.fields.get(form_consts.Common.BUCKET_LIST_VARIABLE_NAME) != None:
form.fields.pop(form_consts.Common.BUCKET_LIST_VARIABLE_NAME)
if form.fields.get(form_consts.Common.TICKET_VARIABLE_NAME) != None:
form.fields.pop(form_consts.Common.TICKET_VARIABLE_NAME)
subscription = {
'type': 'Target',
'id': target.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Target', target.id)
}
#objects
objects = target.sort_objects()
#relationships
relationships = target.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'Target', 'value': target.id}
#comments
if target.id:
comments = {
'comments': target.get_comments(),
'url_key': email_address
}
else:
comments = {'comments': [], 'url_key': email_address}
#screenshots
screenshots = target.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Target', target.id)
# analysis results
service_results = target.get_analysis_results()
args = {
'objects': objects,
'relationships': relationships,
'relationship': relationship,
'comments': comments,
'favorite': favorite,
'subscription': subscription,
'screenshots': screenshots,
'email_list': email_list,
'target_detail': target,
'service_results': service_results,
'form': form
}
return template, args
def get_pcap_details(md5, analyst):
"""
Generate the data to render the PCAP details template.
:param md5: The MD5 of the PCAP to get details for.
:type md5: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
pcap = PCAP.objects(md5=md5, source__name__in=sources).first()
if not pcap:
template = "error.html"
args = {'error': 'PCAP not yet available or you do not have access to view it.'}
else:
pcap.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, pcap.id, 'PCAP')
# subscription
subscription = {
'type': 'PCAP',
'id': pcap.id,
'subscribed': is_user_subscribed("%s" % analyst,
'PCAP', pcap.id),
}
#objects
objects = pcap.sort_objects()
#relationships
relationships = pcap.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'PCAP',
'value': pcap.id
}
#comments
comments = {'comments': pcap.get_comments(),
'url_key': md5}
#screenshots
screenshots = pcap.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'PCAP', pcap.id)
# services
# Assume all PCAPs have the data available
service_list = get_supported_services('PCAP')
# analysis results
service_results = pcap.get_analysis_results()
args = {'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
"subscription": subscription,
"screenshots": screenshots,
"service_results": service_results,
"pcap": pcap}
return template, args
def get_signature_details(_id, analyst):
"""
Generate the data to render the Signature details template.
:param _id: The ObjectId of the Signature to get details for.
:type _id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
if not _id:
signature = None
else:
signature = Signature.objects(id=_id, source__name__in=sources).first()
if not signature:
template = "error.html"
args = {'error': 'signature not yet available or you do not have access to view it.'}
else:
signature.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, signature.id, 'Signature')
# subscription
subscription = {
'type': 'Signature',
'id': signature.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Signature', signature.id),
}
#objects
objects = signature.sort_objects()
#relationships
relationships = signature.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'Signature',
'value': signature.id
}
versions = len(Signature.objects(link_id=signature.link_id).only('id'))
#comments
comments = {'comments': signature.get_comments(),
'url_key': _id}
#screenshots
screenshots = signature.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Signature', signature.id)
# services
service_list = get_supported_services('Signature')
# analysis results
service_results = signature.get_analysis_results()
args = {'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
"subscription": subscription,
"screenshots": screenshots,
"versions": versions,
"service_results": service_results,
"signature": signature}
return template, args
def get_actor_details(id_, analyst):
"""
Generate the data to render the Actor details template.
:param id_: The Actor ObjectId to get details for.
:type actorip: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
allowed_sources = user_sources(analyst)
actor = Actor.objects(id=id_, source__name__in=allowed_sources).first()
template = None
args = {}
if not actor:
template = "error.html"
error = ('Either no data exists for this Actor or you do not have'
' permission to view it.')
args = {'error': error}
else:
actor.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, actor.id, 'Actor')
download_form = DownloadFileForm(initial={"obj_type": 'Actor',
"obj_id": actor.id})
# generate identifiers
actor_identifiers = actor.generate_identifiers_list(analyst)
# subscription
subscription = {
'type': 'Actor',
'id': actor.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Actor', actor.id),
}
#objects
objects = actor.sort_objects()
#relationships
relationships = actor.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'Actor',
'value': actor.id
}
#comments
comments = {'comments': actor.get_comments(),
'url_key': actor.id}
#screenshots
screenshots = actor.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id)
# services
service_list = get_supported_services('Actor')
# analysis results
service_results = actor.get_analysis_results()
args = {'actor_identifiers': actor_identifiers,
'objects': objects,
'download_form': download_form,
'relationships': relationships,
'relationship': relationship,
'subscription': subscription,
'favorite': favorite,
'service_list': service_list,
'service_results': service_results,
'screenshots': screenshots,
'actor': actor,
'actor_id': id_,
'comments': comments}
return template, args
def get_indicator_details(indicator_id, analyst):
"""
Generate the data to render the Indicator details template.
:param indicator_id: The ObjectId of the Indicator to get details for.
:type indicator_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
users_sources = user_sources(analyst)
indicator = Indicator.objects(id=indicator_id,
source__name__in=users_sources).first()
if not indicator:
error = ("Either this indicator does not exist or you do "
"not have permission to view it.")
template = "error.html"
args = {'error': error}
return template, args
forms = {}
forms['new_action'] = IndicatorActionsForm(initial={
'analyst': analyst,
'active': "off",
'date': datetime.datetime.now()
})
forms['new_activity'] = IndicatorActivityForm(
initial={
'analyst': analyst,
'date': datetime.datetime.now()
})
forms['new_campaign'] = CampaignForm() #'date': datetime.datetime.now(),
forms['new_source'] = SourceForm(analyst,
initial={'date': datetime.datetime.now()})
forms['download_form'] = DownloadFileForm(initial={
"obj_type": 'Indicator',
"obj_id": indicator_id
})
indicator.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, indicator_id, 'Indicator')
# subscription
subscription = {
'type':
'Indicator',
'id':
indicator_id,
'subscribed':
is_user_subscribed("%s" % analyst, 'Indicator', indicator_id),
}
# relationship
relationship = {
'type': 'Indicator',
'value': indicator_id,
}
#objects
objects = indicator.sort_objects()
#relationships
relationships = indicator.sort_relationships("%s" % analyst, meta=True)
#comments
comments = {'comments': indicator.get_comments(), 'url_key': indicator_id}
# favorites
favorite = is_user_favorite("%s" % analyst, 'Indicator', indicator.id)
# services
manager = crits.service_env.manager
service_list = manager.get_supported_services('Indicator', True)
args = {
'objects': objects,
'relationships': relationships,
'comments': comments,
'relationship': relationship,
'subscription': subscription,
"indicator": indicator,
"forms": forms,
"indicator_id": indicator_id,
'service_list': service_list,
'favorite': favorite,
'rt_url': settings.RT_URL
}
return template, args
def get_event_details(event_id, analyst):
"""
Generate the data to render the Event details template.
:param event_id: The ObjectId of the Event to get details for.
:type event_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
event = Event.objects(id=event_id, source__name__in=sources).first()
if not event:
template = "error.html"
args = {'error': "ID does not exist or insufficient privs for source"}
return template, args
event.sanitize("%s" % analyst)
campaign_form = CampaignForm()
download_form = DownloadFileForm(initial={"obj_type": 'Event',
"obj_id": event_id})
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, event.id, 'Event')
# subscription
subscription = {
'type': 'Event',
'id': event.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Event', event.id),
}
#objects
objects = event.sort_objects()
#relationships
relationships = event.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {
'type': 'Event',
'value': event.id
}
#comments
comments = {'comments': event.get_comments(), 'url_key': event.id}
#screenshots
screenshots = event.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Event', event.id)
# services
service_list = get_supported_services('Event')
# analysis results
service_results = event.get_analysis_results()
args = {'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'event': event,
'campaign_form': campaign_form,
'service_results': service_results,
'download_form': download_form}
return template, args
def get_campaign_details(campaign_name, analyst):
"""
Generate the data to render the Campaign details template.
:param campaign_name: The name of the Campaign to get details for.
:type campaign_name: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(analyst)
campaign_detail = Campaign.objects(name=campaign_name).first()
if not campaign_detail:
template = "error.html"
args = {"error": 'No data exists for this campaign.'}
return template, args
ttp_form = TTPForm()
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, campaign_detail.id, 'Campaign')
# subscription
subscription = {
'type': 'Campaign',
'id': campaign_detail.id,
'subscribed': is_user_subscribed("%s" % analyst,
'Campaign',
campaign_detail.id),
}
#objects
objects = campaign_detail.sort_objects()
#relationships
relationships = campaign_detail.sort_relationships("%s" % analyst,
meta=True)
# relationship
relationship = {'type': 'Campaign', 'value': campaign_detail.id}
#comments
comments = {'comments': campaign_detail.get_comments(),
'url_key': campaign_name}
#screenshots
screenshots = campaign_detail.get_screenshots(analyst)
# Get item counts
formatted_query = {'campaign.name': campaign_name}
counts = {}
for col_obj in [Sample, PCAP, Indicator, Email, Domain, IP, Event]:
counts[col_obj._meta['crits_type']] = col_obj.objects(source__name__in=sources,
__raw__=formatted_query).count()
# Item counts for targets
emails = Email.objects(source__name__in=sources, __raw__=formatted_query)
addresses = {}
for email in emails:
for to in email['to']:
# This might be a slow operation since we're looking up all "to"
# targets, could possibly bulk search this.
target = Target.objects(email_address__iexact=to).first()
if target is not None:
addresses[target.email_address] = 1
else:
addresses[to] = 1
uniq_addrs = addresses.keys()
counts['Target'] = Target.objects(email_address__in=uniq_addrs).count()
# favorites
favorite = is_user_favorite("%s" % analyst, 'Campaign', campaign_detail.id)
# analysis results
service_results = campaign_detail.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
"relationship": relationship,
'comments': comments,
"subscription": subscription,
"campaign_detail": campaign_detail,
"counts": counts,
"favorite": favorite,
"screenshots": screenshots,
'service_results': service_results,
"ttp_form": ttp_form}
return template, args
def get_domain_details(domain, analyst):
"""
Generate the data to render the Domain details template.
:param domain: The name of the Domain to get details for.
:type domain: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
allowed_sources = user_sources(analyst)
dmain = Domain.objects(domain=domain,
source__name__in=allowed_sources).first()
if not dmain:
error = ("Either no data exists for this domain"
" or you do not have permission to view it.")
template = "error.html"
args = {'error': error}
return template, args
forms = {}
#populate whois data into whois form
# and create data object (keyed on date) for updating form on date select
whois_data = {'': ''} #blank info for "Add New" option
initial_data = {'data': ' '}
raw_data = {}
whois = getattr(dmain, 'whois', None)
if whois:
for w in whois:
#build data as a display-friendly string
w.date = datetime.datetime.strftime(w.date,
settings.PY_DATETIME_FORMAT)
from whois_parser import WhoisEntry
#prettify the whois data
w.data = unicode(WhoisEntry.from_dict(w.data))
if 'text' not in w: #whois data was added with old data format
w.text = w.data
#also save our text blob for easy viewing of the original data
whois_data[w.date] = (w.data, w.text)
#show most recent entry first
initial_data = {'data': whois[-1].data, 'date': whois[-1].date}
raw_data = {'data': whois[-1].text, 'date': whois[-1].date}
whois_len = len(
whois_data) - 1 #subtract one to account for blank "Add New" entry
whois_data = json.dumps(whois_data)
dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources)
forms['whois'] = UpdateWhoisForm(initial_data, domain=domain)
forms['raw_whois'] = UpdateWhoisForm(raw_data,
domain=domain,
allow_adding=False)
forms['diff_whois'] = DiffWhoisForm(domain=domain)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, dmain.id, 'Domain')
# subscription
subscription = {
'type': 'Domain',
'id': dmain.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id),
}
#objects
objects = dmain.sort_objects()
#relationships
relationships = dmain.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'Domain', 'value': dmain.id}
#comments
comments = {'comments': dmain.get_comments(), 'url_key': dmain.domain}
#screenshots
screenshots = dmain.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id)
# services
manager = crits.service_env.manager
service_list = manager.get_supported_services('Domain', True)
args = {
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'domain': dmain,
'forms': forms,
'whois_data': whois_data,
'service_list': service_list,
'whois_len': whois_len
}
return template, args
def get_event_details(event_id, user):
"""
Generate the data to render the Event details template.
:param event_id: The ObjectId of the Event to get details for.
:type event_id: str
:param user: The user requesting this information.
:type user: str
:returns: template (str), arguments (dict)
"""
template = None
sources = user_sources(user)
event = Event.objects(id=event_id, source__name__in=sources).first()
if not user.check_source_tlp(event):
event = None
if not event:
template = "error.html"
args = {'error': "ID does not exist or insufficient privs for source"}
return template, args
event.sanitize("%s" % user)
campaign_form = CampaignForm()
download_form = DownloadFileForm(initial={"obj_type": 'Event',
"obj_id": event_id})
# remove pending notifications for user
remove_user_from_notification("%s" % user, event.id, 'Event')
# subscription
subscription = {
'type': 'Event',
'id': event.id,
'subscribed': is_user_subscribed("%s" % user,
'Event', event.id),
}
#objects
objects = event.sort_objects()
#relationships
relationships = event.sort_relationships("%s" % user, meta=True)
# Get count of related Events for each related Indicator
for ind in relationships.get('Indicator', []):
count = Event.objects(relationships__object_id=ind['id'],
source__name__in=sources).count()
ind['rel_ind_events'] = count
# Get count of related Events for each related Sample
for smp in relationships.get('Sample', []):
count = Event.objects(relationships__object_id=smp['id'],
source__name__in=sources).count()
smp['rel_smp_events'] = count
# relationship
relationship = {
'type': 'Event',
'value': event.id
}
#comments
comments = {'comments': event.get_comments(), 'url_key': event.id}
#screenshots
screenshots = event.get_screenshots(user)
# favorites
favorite = is_user_favorite("%s" % user, 'Event', event.id)
# services
service_list = get_supported_services('Event')
# analysis results
service_results = event.get_analysis_results()
args = {'service_list': service_list,
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'event': event,
'campaign_form': campaign_form,
'service_results': service_results,
'download_form': download_form,
'EventACL': EventACL}
return template, args
def get_domain_details(domain, analyst):
"""
Generate the data to render the Domain details template.
:param domain: The name of the Domain to get details for.
:type domain: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
allowed_sources = user_sources(analyst)
dmain = Domain.objects(domain=domain,
source__name__in=allowed_sources).first()
if not dmain:
error = ("Either no data exists for this domain"
" or you do not have permission to view it.")
template = "error.html"
args = {'error': error}
return template, args
dmain.sanitize_sources(username="******" % analyst, sources=allowed_sources)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, dmain.id, 'Domain')
# subscription
subscription = {
'type': 'Domain',
'id': dmain.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Domain', dmain.id),
}
#objects
objects = dmain.sort_objects()
#relationships
relationships = dmain.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'Domain', 'value': dmain.id}
#comments
comments = {'comments': dmain.get_comments(), 'url_key': dmain.domain}
#screenshots
screenshots = dmain.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Domain', dmain.id)
# services
service_list = get_supported_services('Domain')
# analysis results
service_results = dmain.get_analysis_results()
args = {
'objects': objects,
'relationships': relationships,
'comments': comments,
'favorite': favorite,
'relationship': relationship,
'subscription': subscription,
'screenshots': screenshots,
'domain': dmain,
'service_list': service_list,
'service_results': service_results
}
return template, args
def get_actor_details(id_, analyst):
"""
Generate the data to render the Actor details template.
:param id_: The Actor ObjectId to get details for.
:type actorip: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
allowed_sources = user_sources(analyst)
actor = Actor.objects(id=id_, source__name__in=allowed_sources).first()
template = None
args = {}
if not actor:
template = "error.html"
error = ('Either no data exists for this Actor or you do not have'
' permission to view it.')
args = {'error': error}
else:
actor.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, actor.id, 'Actor')
download_form = DownloadFileForm(initial={
"obj_type": 'Actor',
"obj_id": actor.id
})
# generate identifiers
actor_identifiers = actor.generate_identifiers_list(analyst)
# subscription
subscription = {
'type': 'Actor',
'id': actor.id,
'subscribed': is_user_subscribed("%s" % analyst, 'Actor',
actor.id),
}
#objects
objects = actor.sort_objects()
#relationships
relationships = actor.sort_relationships("%s" % analyst, meta=True)
# relationship
relationship = {'type': 'Actor', 'value': actor.id}
#comments
comments = {'comments': actor.get_comments(), 'url_key': actor.id}
#screenshots
screenshots = actor.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, 'Actor', actor.id)
# services
service_list = get_supported_services('Actor')
# analysis results
service_results = actor.get_analysis_results()
args = {
'actor_identifiers': actor_identifiers,
'objects': objects,
'download_form': download_form,
'relationships': relationships,
'relationship': relationship,
'subscription': subscription,
'favorite': favorite,
'service_list': service_list,
'service_results': service_results,
'screenshots': screenshots,
'actor': actor,
'actor_id': id_,
'comments': comments
}
return template, args
def get_ip_details(ip, user):
"""
Generate the data to render the IP details template.
:param ip: The IP to get details for.
:type ip: str
:param user: The user requesting this information.
:type user: CRITsUser
:returns: template (str), arguments (dict)
"""
allowed_sources = user_sources(user)
ip = IP.objects(ip=ip, source__name__in=allowed_sources).first()
template = None
args = {}
if not user.check_source_tlp(ip):
ip = None
if not ip:
template = "error.html"
error = ('Either no data exists for this IP or you do not have'
' permission to view it.')
args = {'error': error}
else:
ip.sanitize("%s" % user)
# remove pending notifications for user
remove_user_from_notification("%s" % user, ip.id, 'IP')
# subscription
subscription = {
'type': 'IP',
'id': ip.id,
'subscribed': is_user_subscribed("%s" % user, 'IP', ip.id),
}
#objects
objects = ip.sort_objects()
#relationships
relationships = ip.sort_relationships("%s" % user, meta=True)
# relationship
relationship = {
'type': 'IP',
'value': ip.id
}
#comments
comments = {'comments': ip.get_comments(),
'url_key':ip.ip}
#screenshots
screenshots = ip.get_screenshots(user)
# favorites
favorite = is_user_favorite("%s" % user, 'IP', ip.id)
# services
service_list = get_supported_services('IP')
# analysis results
service_results = ip.get_analysis_results()
args = {'objects': objects,
'relationships': relationships,
'relationship': relationship,
'subscription': subscription,
'favorite': favorite,
'service_list': service_list,
'service_results': service_results,
'screenshots': screenshots,
'ip': ip,
'comments':comments,
'IPACL': IPACL}
return template, args
def get_indicator_details(indicator_id, analyst):
"""
Generate the data to render the Indicator details template.
:param indicator_id: The ObjectId of the Indicator to get details for.
:type indicator_id: str
:param analyst: The user requesting this information.
:type analyst: str
:returns: template (str), arguments (dict)
"""
template = None
users_sources = user_sources(analyst)
indicator = Indicator.objects(id=indicator_id, source__name__in=users_sources).first()
if not indicator:
error = "Either this indicator does not exist or you do " "not have permission to view it."
template = "error.html"
args = {"error": error}
return template, args
forms = {}
forms["new_activity"] = IndicatorActivityForm(initial={"analyst": analyst, "date": datetime.datetime.now()})
forms["new_campaign"] = CampaignForm() #'date': datetime.datetime.now(),
forms["new_source"] = SourceForm(analyst, initial={"date": datetime.datetime.now()})
forms["download_form"] = DownloadFileForm(initial={"obj_type": "Indicator", "obj_id": indicator_id})
indicator.sanitize("%s" % analyst)
# remove pending notifications for user
remove_user_from_notification("%s" % analyst, indicator_id, "Indicator")
# subscription
subscription = {
"type": "Indicator",
"id": indicator_id,
"subscribed": is_user_subscribed("%s" % analyst, "Indicator", indicator_id),
}
# relationship
relationship = {"type": "Indicator", "value": indicator_id}
# objects
objects = indicator.sort_objects()
# relationships
relationships = indicator.sort_relationships("%s" % analyst, meta=True)
# comments
comments = {"comments": indicator.get_comments(), "url_key": indicator_id}
# screenshots
screenshots = indicator.get_screenshots(analyst)
# favorites
favorite = is_user_favorite("%s" % analyst, "Indicator", indicator.id)
# services
service_list = get_supported_services("Indicator")
# analysis results
service_results = indicator.get_analysis_results()
args = {
"objects": objects,
"relationships": relationships,
"comments": comments,
"relationship": relationship,
"subscription": subscription,
"indicator": indicator,
"forms": forms,
"indicator_id": indicator_id,
"screenshots": screenshots,
"service_list": service_list,
"service_results": service_results,
"favorite": favorite,
"rt_url": settings.RT_URL,
}
return template, args
