def obj_create(self, bundle, **kwargs): """ Handles creating Events through the API. :param bundle: Bundle containing the information to create the Event. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ user = bundle.request.user title = bundle.data.get('title', None) description = bundle.data.get('description', None) event_type = bundle.data.get('event_type', None) source = bundle.data.get('source', None) method = bundle.data.get('method', None) reference = bundle.data.get('reference', None) tlp = bundle.data.get('tlp', 'amber') date = bundle.data.get('date', None) bucket_list = bundle.data.get('bucket_list', None) ticket = bundle.data.get('ticket', None) campaign = bundle.data.get('campaign', None) campaign_confidence = bundle.data.get('campaign_confidence', None) content = {'return_code': 0, 'type': 'Event'} if not title or not event_type or not source or not description: content[ 'message'] = 'Must provide a title, event_type, source, and description.' self.crits_response(content) if event_type not in EventTypes.values(): content['message'] = 'Not a valid Event Type.' self.crits_response(content) if user.has_access_to(EventACL.WRITE): result = add_new_event(title, description, event_type, source, method, reference, tlp, date, user, bucket_list, ticket, campaign, campaign_confidence) else: result = { 'success': False, 'message': 'User does not have permission to create Object.' } if result.get('message'): content['message'] = result.get('message') content['id'] = result.get('id', '') if result.get('id'): url = reverse('api_dispatch_detail', kwargs={ 'resource_name': 'events', 'api_name': 'v1', 'pk': result.get('id') }) content['url'] = url if result['success']: content['return_code'] = 0 else: content['return_code'] = 1 self.crits_response(content)
def obj_create(self, bundle, **kwargs): """ Handles creating Events through the API. :param bundle: Bundle containing the information to create the Event. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ analyst = bundle.request.user.username title = bundle.data.get('title', None) description = bundle.data.get('description', None) event_type = bundle.data.get('event_type', None) source = bundle.data.get('source', None) method = bundle.data.get('method', None) reference = bundle.data.get('reference', None) date = bundle.data.get('date', None) bucket_list = bundle.data.get('bucket_list', None) ticket = bundle.data.get('ticket', None) campaign = bundle.data.get('campaign', None) campaign_confidence = bundle.data.get('campaign_confidence', None) content = {'return_code': 0, 'type': 'Event'} if not title or not event_type or not source or not description: content['message'] = 'Must provide a title, event_type, source, and description.' self.crits_response(content) if event_type not in EventTypes.values(): content['message'] = 'Not a valid Event Type.' self.crits_response(content) result = add_new_event(title, description, event_type, source, method, reference, date, analyst, bucket_list, ticket, campaign, campaign_confidence) if result.get('message'): content['message'] = result.get('message') content['id'] = result.get('id', '') if result.get('id'): url = reverse('api_dispatch_detail', kwargs={'resource_name': 'events', 'api_name': 'v1', 'pk': result.get('id')}) content['url'] = url if result['success']: content['return_code'] = 0 else: content['return_code'] = 1 self.crits_response(content)
def set_event_type(self, event_type): """ Set the Event Type. :param event_type: The event type to set (must exist in DB). :type event_type: str """ if event_type in EventTypes.values(): self.event_type = event_type
def __init__(self, username, *args, **kwargs): super(EventForm, self).__init__(*args, **kwargs) self.fields['source'].choices = [(c.name, c.name) for c in get_source_names(True, True, username)] self.fields['source'].initial = get_user_organization(username) self.fields['event_type'].choices = [ (c,c) for c in EventTypes.values(sort=True) ] add_bucketlist_to_form(self) add_ticket_to_form(self)
def get_event_type_dropdown(request): """ Get a list of available event types. :param request: Django request object (Required) :type request: :class:`django.http.HttpRequest` :returns: :class:`django.http.HttpResponse` """ if request.is_ajax(): e_types = EventTypes.values(sort=True) result = {'types': e_types} return HttpResponse(json.dumps(result), content_type="application/json") else: error = "Expected AJAX" return render(request, "error.html", {"error": error})
def obj_create(self, bundle, **kwargs): """ Handles creating Events through the API. :param bundle: Bundle containing the information to create the Event. :type bundle: Tastypie Bundle object. :returns: HttpResponse. """ analyst = bundle.request.user.username title = bundle.data.get('title', None) description = bundle.data.get('description', None) event_type = bundle.data.get('event_type', None) source = bundle.data.get('source', None) method = bundle.data.get('method', None) reference = bundle.data.get('reference', None) date = bundle.data.get('date', None) bucket_list = bundle.data.get('bucket_list', None) ticket = bundle.data.get('ticket', None) content = {'return_code': 0, 'type': 'Event'} if not title or not event_type or not source or not description: content[ 'message'] = 'Must provide a title, event_type, source, and description.' self.crits_response(content) if event_type not in EventTypes.values(): content['message'] = 'Not a valid Event Type.' self.crits_response(content) result = add_new_event(title, description, event_type, source, method, reference, date, analyst, bucket_list, ticket) if result.get('message'): content['message'] = result.get('message') content['id'] = result.get('id', '') if result.get('id'): url = reverse('api_dispatch_detail', kwargs={ 'resource_name': 'events', 'api_name': 'v1', 'pk': result.get('id') }) content['url'] = url if result['success']: content['return_code'] = 0 self.crits_response(content)
def __init__(self, username, *args, **kwargs): super(EventForm, self).__init__(username, *args, **kwargs) self.fields['event_type'].choices = [ (c,c) for c in EventTypes.values(sort=True) ] self.fields['relationship_type'].choices = relationship_choices self.fields['relationship_type'].initial = RelationshipTypes.RELATED_TO self.fields['campaign'].choices = [("", "")] if username.has_access_to(Common.CAMPAIGN_READ): self.fields['campaign'].choices = [('', '')] + [ (c.name, c.name) for c in get_item_names(Campaign, True)] self.fields['campaign_confidence'].choices = [ ("", ""), ("low", "low"), ("medium", "medium"), ("high", "high")] add_bucketlist_to_form(self) add_ticket_to_form(self)
def __init__(self, username, *args, **kwargs): super(EventForm, self).__init__(*args, **kwargs) self.fields['source'].choices = [ (c.name, c.name) for c in get_source_names(True, True, username) ] self.fields['source'].initial = get_user_organization(username) self.fields['event_type'].choices = [ (c, c) for c in EventTypes.values(sort=True) ] self.fields['relationship_type'].choices = relationship_choices self.fields['relationship_type'].initial = RelationshipTypes.RELATED_TO self.fields['campaign'].choices = [("", "")] self.fields['campaign'].choices += [ (c.name, c.name) for c in get_item_names(Campaign, True) ] self.fields['campaign_confidence'].choices = [("", ""), ("low", "low"), ("medium", "medium"), ("high", "high")] add_bucketlist_to_form(self) add_ticket_to_form(self)
def __init__(self, username, *args, **kwargs): super(EventForm, self).__init__(*args, **kwargs) self.fields['source'].choices = [(c.name, c.name) for c in get_source_names(True, True, username)] self.fields['source'].initial = get_user_organization(username) self.fields['event_type'].choices = [ (c,c) for c in EventTypes.values(sort=True) ] self.fields['relationship_type'].choices = relationship_choices self.fields['relationship_type'].initial = RelationshipTypes.RELATED_TO self.fields['campaign'].choices = [("", "")] self.fields['campaign'].choices += [ (c.name, c.name) for c in get_item_names(Campaign, True)] self.fields['campaign_confidence'].choices = [ ("", ""), ("low", "low"), ("medium", "medium"), ("high", "high")] add_bucketlist_to_form(self) add_ticket_to_form(self)
def parse_stix(self, reference='', make_event=False, source=''): """ Parse the document. :param reference: The reference to the data. :type reference: str :param make_event: Whether or not to create an Event for this document. :type make_event: bool :param source: The source of this document. :type source: str :raises: :class:`taxii_service.parsers.STIXParserException` Until we have a way to map source strings in a STIX document to a source in CRITs, we are being safe and using the source provided as the true source. """ with closing(StringIO(self.data)) as f: try: try: self.package = STIXPackage.from_xml(f) if not self.package: raise STIXParserException("STIX package failure") except UnsupportedVersionError: v = stix.__version__ v = v[0:-2] if len(v.split('.')) > 3 else v updated = ramrod.update(f, to_=v) doc = updated.document.as_stringio() self.package = STIXPackage.from_xml(doc) except Exception as e: msg = "Failed to create STIX/CybOX from XML" self.failed.append((e.message, "STIX Package (%s)" % msg, '')) # note for display in UI return if not self.preview: self.stix_version = self.package.version stix_header = self.package.stix_header if stix_header and stix_header.information_source and stix_header.information_source.identity: self.information_source = stix_header.information_source.identity.name if self.information_source: info_src = "STIX Source: %s" % self.information_source if not reference: reference = '' else: reference += ", " reference += info_src if source: if does_source_exist(source): self.source.name = source else: raise STIXParserException( 'Source "%s" does not exist in CRITs.' % source) elif does_source_exist(self.information_source): self.source.name = self.information_source else: raise STIXParserException("No source to attribute data to.") self.source_instance.reference = reference self.source.instances.append(self.source_instance) if make_event: title = "STIX Document %s" % self.package.id_ event_type = EventTypes.INTEL_SHARING date = datetime.datetime.now() description = str(date) if self.package.incidents: incdnt = self.package.incidents[0] title = incdnt.title if incdnt.description: description = incdnt.description if isinstance(description, StructuredText): try: description = description.to_dict() except: pass if incdnt.short_description in EventTypes.values(): event_type = incdnt.short_description elif incdnt.categories and incdnt.categories[0].value: event_type = get_crits_event_type( incdnt.categories[0].value) else: #package contains no incidents header = self.package.stix_header if isinstance(header, STIXHeader): if header.title: title = header.title if header.package_intents: try: stix_type = str(header.package_intents[0]) event_type = get_crits_event_type(stix_type) except: pass if header.description: description = header.description if isinstance(description, StructuredText): try: description = description.to_dict() except: pass if self.preview: self.imported[self.package.id_] = ('Event', None, title) else: res = add_new_event(title, description, event_type, self.source.name, self.source_instance.method, self.source_instance.reference, date, self.source_instance.analyst) self.parsed.append(self.package.id_) if res['success']: self.event = res['object'] self.imported[self.package.id_] = ('Event', res['object'].id, title or res['object'].id) self.updates[res['object'].id] = res['object'] # Get relationships to the Event if self.package.incidents: incdnts = self.package.incidents for rel in getattr(incdnts[0], 'related_indicators', ()): if rel.relationship or rel.confidence: r = rel.relationship.value or RelationshipTypes.RELATED_TO c = getattr(rel.confidence.value, 'value', 'Unknown') self.event_rels[rel.item.idref] = (r, c) else: self.failed.append((res['message'], "Event (%s)" % title, self.package.id_)) if self.package.indicators: self.parse_indicators(self.package.indicators) if self.package.observables and self.package.observables.observables: self.parse_observables(self.package.observables.observables) if self.package.threat_actors: self.parse_threat_actors(self.package.threat_actors)
def parse_stix(self, reference='', make_event=False, source=''): """ Parse the document. :param reference: The reference to the data. :type reference: str :param make_event: Whether or not to create an Event for this document. :type make_event: bool :param source: The source of this document. :type source: str :raises: :class:`taxii_service.parsers.STIXParserException` Until we have a way to map source strings in a STIX document to a source in CRITs, we are being safe and using the source provided as the true source. """ with closing(StringIO(self.data)) as f: try: try: self.package = STIXPackage.from_xml(f) if not self.package: raise STIXParserException("STIX package failure") except UnsupportedVersionError: v = stix.__version__ v = v[0:-2] if len(v.split('.')) > 3 else v updated = ramrod.update(f, to_=v) doc = updated.document.as_stringio() self.package = STIXPackage.from_xml(doc) except Exception as e: msg = "Failed to create STIX/CybOX from XML" self.failed.append((e.message, "STIX Package (%s)" % msg, '')) # note for display in UI return if not self.preview: self.stix_version = self.package.version stix_header = self.package.stix_header if stix_header and stix_header.information_source and stix_header.information_source.identity: self.information_source = stix_header.information_source.identity.name if self.information_source: info_src = "STIX Source: %s" % self.information_source if not reference: reference = '' else: reference += ", " reference += info_src if source: if does_source_exist(source): self.source.name = source else: raise STIXParserException('Source "%s" does not exist in CRITs.' % source) elif does_source_exist(self.information_source): self.source.name = self.information_source else: raise STIXParserException("No source to attribute data to.") self.source_instance.reference = reference self.source.instances.append(self.source_instance) if make_event: title = "STIX Document %s" % self.package.id_ event_type = EventTypes.INTEL_SHARING date = datetime.datetime.now() description = str(date) if self.package.incidents: incdnt = self.package.incidents[0] title = incdnt.title if incdnt.description: description = incdnt.description if isinstance(description, StructuredText): try: description = description.to_dict() except: pass if incdnt.short_description in EventTypes.values(): event_type = incdnt.short_description elif incdnt.categories and incdnt.categories[0].value: event_type = get_crits_event_type(incdnt.categories[0].value) else: #package contains no incidents header = self.package.stix_header if isinstance(header, STIXHeader): if header.title: title = header.title if header.package_intents: try: stix_type = str(header.package_intents[0]) event_type = get_crits_event_type(stix_type) except: pass if header.description: description = header.description if isinstance(description, StructuredText): try: description = description.to_dict() except: pass if self.preview: self.imported[self.package.id_] = ('Event', None, title) else: res = add_new_event(title, description, event_type, self.source.name, self.source_instance.method, self.source_instance.reference, date, self.source_instance.analyst) self.parsed.append(self.package.id_) if res['success']: self.event = res['object'] self.imported[self.package.id_] = ('Event', res['object'].id, title or res['object'].id) self.updates[res['object'].id] = res['object'] # Get relationships to the Event if self.package.incidents: incdnts = self.package.incidents for rel in getattr(incdnts[0], 'related_indicators', ()): if rel.relationship or rel.confidence: r = rel.relationship.value or RelationshipTypes.RELATED_TO c = getattr(rel.confidence.value, 'value', 'Unknown') self.event_rels[rel.item.idref] = (r, c) else: self.failed.append((res['message'], "Event (%s)" % title, self.package.id_)) if self.package.indicators: self.parse_indicators(self.package.indicators) if self.package.observables and self.package.observables.observables: self.parse_observables(self.package.observables.observables) if self.package.threat_actors: self.parse_threat_actors(self.package.threat_actors)