def handle_signature_file(data,
source_name,
user=None,
description=None,
title=None,
data_type=None,
data_type_min_version=None,
data_type_max_version=None,
data_type_dependency=None,
link_id=None,
source_method='',
source_reference='',
source_tlp='',
copy_rels=False,
bucket_list=None,
ticket=None,
related_id=None,
related_type=None,
relationship_type=None):
"""
Add Signature.
:param data: The data of the Signature.
:type data: str
:param source_name: The source which provided this Signature.
:type source_name: str,
:class:`crits.core.crits_mongoengine.EmbeddedSource`,
list of :class:`crits.core.crits_mongoengine.EmbeddedSource`
:param user: The user adding the Signature.
:type user: str
:param description: Description of the Signature.
:type description: str
:param title: Title of the Signature.
:type title: str
:param data_type: Datatype of the Signature.
:type data_type: str
:param data_type: Datatype of the Signature.
:type data_type_min_version: str
:param data_type_min_version: Datatype tool minimum version.
:type data_type_max_version: str
:param data_type_max_version: Datatype tool maximum version.
:type data_type_dependency: list
:param data_type_dependency: Datatype tool dependency to be run
:param link_id: LinkId to tie this to another Signature as a new version.
:type link_id: str
:param method: The method of acquiring this Signature.
:type method: str
:param reference: A reference to the source of this Signature.
:type reference: str
:param copy_rels: Copy relationships from the previous version to this one.
:type copy_rels: bool
:param bucket_list: Bucket(s) to add to this Signature
:type bucket_list: str(comma separated) or list.
:param ticket: Ticket(s) to add to this Signature
:type ticket: str(comma separated) or list.
:param related_id: ID of object to create relationship with
:type related_id: str
:param related_type: Type of object to create relationship with
:type related_type: str
:param relationship_type: Type of relationship to create.
:type relationship_type: str
:returns: dict with keys:
'success' (boolean),
'message' (str),
'_id' (str) if successful.
"""
if not data or not title or not data_type:
status = {
'success': False,
'message': 'No data object, title, or data type passed in'
}
return status
if not source_name:
return {"success": False, "message": "Missing source information."}
rdt = SignatureType.objects(name=data_type).first()
if not rdt:
status = {'success': False, 'message': 'Invalid data type passed in'}
return status
if len(data) <= 0:
status = {'success': False, 'message': 'Data length <= 0'}
return status
# generate md5 and timestamp
md5 = hashlib.md5(data).hexdigest()
timestamp = datetime.datetime.now()
# generate signature
signature = Signature()
signature.created = timestamp
signature.description = description
signature.md5 = md5
signature.data = data
signature.title = title
signature.data_type = data_type
signature.data_type_min_version = data_type_min_version
signature.data_type_max_version = data_type_max_version
if data_type_dependency:
if type(data_type_dependency) == unicode:
data_type_dependency = data_type_dependency.split(",")
for item in data_type_dependency:
if item:
item = item.strip()
signature.data_type_dependency.append(str(item))
else:
data_type_dependency = []
# generate new source information and add to sample
if isinstance(source_name, basestring) and len(source_name) > 0:
if user.check_source_write(source_name):
source = create_embedded_source(source_name,
date=timestamp,
method=source_method,
reference=source_reference,
tlp=source_tlp,
analyst=user.username)
# this will handle adding a new source, or an instance automatically
signature.add_source(source)
else:
return {
"success":
False,
"message":
"User does not have permission to add object using source %s."
% source_name
}
elif isinstance(source_name, EmbeddedSource):
signature.add_source(source_name,
method=source_method,
reference=source_reference,
tlp=source_tlp)
elif isinstance(source_name, list) and len(source_name) > 0:
for s in source_name:
if isinstance(s, EmbeddedSource):
signature.add_source(s,
method=source_method,
reference=source_reference,
source_tlp=source_tlp)
signature.version = len(Signature.objects(link_id=link_id)) + 1
if link_id:
signature.link_id = link_id
if copy_rels:
rd2 = Signature.objects(link_id=link_id).first()
if rd2:
if len(rd2.relationships):
signature.save(username=user.username)
signature.reload()
for rel in rd2.relationships:
# Get object to relate to.
rel_item = class_from_id(rel.rel_type, rel.object_id)
if rel_item:
signature.add_relationship(
rel_item,
rel.relationship,
rel_date=rel.relationship_date,
analyst=user.username)
if bucket_list:
signature.add_bucket_list(bucket_list, user)
if ticket:
signature.add_ticket(ticket, user)
related_obj = None
if related_id and related_type:
related_obj = class_from_id(related_type, related_id)
if not related_obj:
status = {'success': False, 'message': 'Related Object not found.'}
return status
signature.save(username=user.username)
if related_obj and signature and relationship_type:
relationship_type = RelationshipTypes.inverse(
relationship=relationship_type)
signature.add_relationship(related_obj,
relationship_type,
analyst=user.username,
get_rels=False)
signature.save(username=user.username)
signature.reload()
# save signature
signature.save(username=user.username)
signature.reload()
status = {
'success': True,
'message': 'Uploaded signature',
'_id': signature.id,
'object': signature
}
return status
def handle_signature_file(data, source_name, user=None,
description=None, title=None, data_type=None,
data_type_min_version=None, data_type_max_version=None,
data_type_dependency=None, link_id=None, method='', reference='',
copy_rels=False, bucket_list=None, ticket=None):
"""
Add Signature.
:param data: The data of the Signature.
:type data: str
:param source_name: The source which provided this Signature.
:type source_name: str,
:class:`crits.core.crits_mongoengine.EmbeddedSource`,
list of :class:`crits.core.crits_mongoengine.EmbeddedSource`
:param user: The user adding the Signature.
:type user: str
:param description: Description of the Signature.
:type description: str
:param title: Title of the Signature.
:type title: str
:param data_type: Datatype of the Signature.
:type data_type: str
:param data_type: Datatype of the Signature.
:type data_type_min_version: str
:param data_type_min_version: Datatype tool minimum version.
:type data_type_max_version: str
:param data_type_max_version: Datatype tool maximum version.
:type data_type_dependency: list
:param data_type_dependency: Datatype tool dependency to be run
:param link_id: LinkId to tie this to another Signature as a new version.
:type link_id: str
:param method: The method of acquiring this Signature.
:type method: str
:param reference: A reference to the source of this Signature.
:type reference: str
:param copy_rels: Copy relationships from the previous version to this one.
:type copy_rels: bool
:param bucket_list: Bucket(s) to add to this Signature
:type bucket_list: str(comma separated) or list.
:param ticket: Ticket(s) to add to this Signature
:type ticket: str(comma separated) or list.
:returns: dict with keys:
'success' (boolean),
'message' (str),
'_id' (str) if successful.
"""
if not data or not title or not data_type:
status = {
'success': False,
'message': 'No data object, title, or data type passed in'
}
return status
if not source_name:
return {"success" : False, "message" : "Missing source information."}
rdt = SignatureType.objects(name=data_type).first()
if not rdt:
status = {
'success': False,
'message': 'Invalid data type passed in'
}
return status
if len(data) <= 0:
status = {
'success': False,
'message': 'Data length <= 0'
}
return status
# generate md5 and timestamp
md5 = hashlib.md5(data).hexdigest()
timestamp = datetime.datetime.now()
# generate signature
signature = Signature()
signature.created = timestamp
signature.description = description
signature.md5 = md5
signature.data = data
signature.title = title
signature.data_type = data_type
signature.data_type_min_version = data_type_min_version
signature.data_type_max_version = data_type_max_version
if data_type_dependency:
if type(data_type_dependency) == unicode:
data_type_dependency = data_type_dependency.split(",")
for item in data_type_dependency:
if item:
item = item.strip()
signature.data_type_dependency.append(str(item))
else:
data_type_dependency = []
# generate new source information and add to sample
if isinstance(source_name, basestring) and len(source_name) > 0:
source = create_embedded_source(source_name,
date=timestamp,
method=method,
reference=reference,
analyst=user)
# this will handle adding a new source, or an instance automatically
signature.add_source(source)
elif isinstance(source_name, EmbeddedSource):
signature.add_source(source_name, method=method, reference=reference)
elif isinstance(source_name, list) and len(source_name) > 0:
for s in source_name:
if isinstance(s, EmbeddedSource):
signature.add_source(s, method=method, reference=reference)
signature.version = len(Signature.objects(link_id=link_id)) + 1
if link_id:
signature.link_id = link_id
if copy_rels:
rd2 = Signature.objects(link_id=link_id).first()
if rd2:
if len(rd2.relationships):
signature.save(username=user)
signature.reload()
for rel in rd2.relationships:
# Get object to relate to.
rel_item = class_from_id(rel.rel_type, rel.object_id)
if rel_item:
signature.add_relationship(rel_item,
rel.relationship,
rel_date=rel.relationship_date,
analyst=user)
if bucket_list:
signature.add_bucket_list(bucket_list, user)
if ticket:
signature.add_ticket(ticket, user);
# save signature
signature.save(username=user)
signature.reload()
status = {
'success': True,
'message': 'Uploaded signature',
'_id': signature.id,
'object': signature
}
return status
