def download_stix(request):
request.session.set_expiry(SESSION_EXPIRY)
error_ = check_allow_l1_view(request)
if error_ is not None:
return error_
try:
# Ctirsクラスのインスタンスを作成
ctirs = Ctirs(request)
# package_id取得
package_id = get_l1_package_id(request)
# apiからcontent取得
dict_ = ctirs.get_stix_file_stix(package_id)
stix_package = STIXPackage.from_dict(dict_)
# XML変換した文字列をStringIO化する(その際にUNICODEに変換)
output = io.StringIO()
output.write(stix_package.to_xml())
filename = '%s.xml' % (package_id)
# response作成
response = HttpResponse(output.getvalue(),
content_type='application/xml')
response['Content-Disposition'] = 'attachment; filename=%s' % (
filename)
return response
except Exception:
# エラーページ
return error_page(request)
def get_raw_stix(request):
request.session.set_expiry(SESSION_EXPIRY)
# GET以外はエラー
if request.method != 'GET':
r = {'status': 'NG', 'message': 'Invalid HTTP method'}
return JsonResponse(r, safe=False)
r = check_allow_sharing_view(request)
if r is not None:
return r
try:
# package_id取得
package_id = get_sharing_ajax_get_raw_stix_package_id(request)
# Ctirsクラスのインスタンスを作成
ctirs = Ctirs(request)
# STIXファイルの中身を取得
j = ctirs.get_stix_file_stix(package_id)
# STIX 2.x であるかの判定を行う
v2_flag = _is_stix2_(j)
if v2_flag:
# 返却json
r = {
'status': 'OK',
'message': 'Success.',
'stix_version': '2.0',
'contents': j
}
else:
stix_package = STIXPackage.from_dict(j)
# 返却json
xml = stix_package.to_xml()
if isinstance(xml, bytes):
xml = xml.decode()
r = {
'status': 'OK',
'message': 'Success.',
'stix_version': '1.2',
'contents': xml
}
except Exception as e:
traceback.print_exc()
r = {'status': 'NG', 'message': str(e)}
finally:
return JsonResponse(r, safe=False)
def get_draw_data(request):
request.session.set_expiry(SESSION_EXPIRY)
# GET以外はエラー
if request.method != 'GET':
r = {'status': 'NG', 'message': 'Invalid HTTP method'}
return JsonResponse(r, safe=False)
r = check_allow_sharing_view(request)
if r is not None:
return r
try:
# package_id名取得
package_id = get_sharing_ajax_get_draw_data_package_id(request)
# community名取得
community = get_sharing_ajax_get_draw_data_community(request)
# Ctirsクラスのインスタンスを作成
ctirs = Ctirs(request)
# GetPolicy相当呼び出し
rules = get_policy(community)
# REST_API から STIX の json イメージを取得
dict_ = ctirs.get_stix_file_stix(package_id)
# STIX 2.x であるかの判定を行う
v2_flag = _is_stix2_(dict_)
r = {'status': 'OK', 'rules': rules, 'message': 'Success.'}
if v2_flag:
# STIX 2.x の場合
r['json'] = dict_
r['stix_version'] = '2.0'
else:
# STIX 1.x の場合
# json から XML イメージを返却
xml = STIXPackage.from_dict(dict_).to_xml()
if isinstance(xml, bytes):
xml = xml.decode()
r['xml'] = xml
r['stix_version'] = '1.2'
except Exception as e:
traceback.print_exc()
r = {'status': 'NG', 'message': str(e)}
finally:
return JsonResponse(r, safe=False)
def get_package_info(request):
request.session.set_expiry(SESSION_EXPIRY)
# GET以外はエラー
if request.method != 'GET':
r = {'status': 'NG', 'message': 'Invalid HTTP method'}
return JsonResponse(r, safe=False)
# activeユーザー以外はエラー
if not request.user.is_active:
r = {'status': 'NG', 'message': 'You account is inactive.'}
return JsonResponse(r, safe=False)
try:
# package_id取得
package_id = get_package_id(request)
# l1情報取得
l1_type_list = get_package_l1_info(request, package_id)
# description 取得
try:
# Ctirsクラスのインスタンスを作成
ctirs = Ctirs(request)
# STIXイメージ取得
dict_ = ctirs.get_stix_file_stix(package_id)
stix_package = STIXPackage.from_dict(dict_)
description = stix_package.stix_header.description.value
except BaseException:
# エラー時は空白
description = ''
# 返却データ
r = {'status': 'OK', 'description': description}
# l1情報追加
for l1_type in l1_type_list:
type_, values = l1_type
r[type_] = values
except Exception as e:
print('Excepton:' + str(e))
r = {'status': 'NG', 'message': str(e)}
finally:
return JsonResponse(r, safe=False)
def set_alchemy_nodes(aj, content):
if content['version'].startswith('2.'):
is_stix_v2 = True
else:
is_stix_v2 = False
package_name = content['package_name']
if is_stix_v2:
if isinstance(content, dict):
package = content['dict']
else:
package = json.loads(content['dict'])
else:
package = STIXPackage.from_dict(content['dict'])
if is_stix_v2:
stix_header = None
else:
stix_header = package.stix_header
if is_stix_v2:
an_package_id = package['id']
else:
an_package_id = convert_valid_node_id(package.id_)
an_header_id = an_package_id
if is_stix_v2:
indicators = []
observables = []
campaigns = []
threat_actors = []
coas = []
identies = []
malwares = []
sightings = []
intrusion_sets = []
attack_patterns = []
relationships = []
reports = []
tools = []
vulnerabilities = []
custom_objects = []
locations = []
opinions = []
notes = []
language_contents = []
'''
x_stip_snses = []
'''
ttps = None
ets = None
incidents = None
for o_ in package['objects']:
object_type = o_['type']
if object_type == 'indicator':
indicators.append(o_)
elif object_type == 'identity':
identies.append(o_)
elif object_type == 'observed-data':
observables.append(o_)
elif object_type == 'malware':
malwares.append(o_)
elif object_type == 'sighting':
sightings.append(o_)
elif object_type == 'intrusion-set':
intrusion_sets.append(o_)
elif object_type == 'threat-actor':
threat_actors.append(o_)
elif object_type == 'attack-pattern':
attack_patterns.append(o_)
elif object_type == 'campaign':
campaigns.append(o_)
elif object_type == 'relationship':
relationships.append(o_)
elif object_type == 'course-of-action':
coas.append(o_)
elif object_type == 'report':
reports.append(o_)
elif object_type == 'tool':
tools.append(o_)
elif object_type == 'vulnerability':
vulnerabilities.append(o_)
elif object_type == 'location':
locations.append(o_)
elif object_type == 'opinion':
opinions.append(o_)
elif object_type == 'note':
notes.append(o_)
elif object_type == 'language-content':
language_contents.append(o_)
'''
elif object_type == 'x-stip-sns':
x_stip_snses.append(o_)
'''
if object_type == 'x-stip-sns':
continue
elif object_type.startswith('x-'):
custom_objects.append(o_)
else:
indicators = package.indicators
observables = package.observables
campaigns = package.campaigns
ttps = package.ttps
threat_actors = package.threat_actors
ets = package.exploit_targets
coas = package.courses_of_action
incidents = package.incidents
identies = None
malwares = None
sightings = None
intrusion_sets = None
attack_patterns = None
relationships = None
reports = None
tools = None
vulnerabilities = None
locations = None
opinions = None
notes = None
language_contents = None
custom_objects = None
if not is_stix_v2:
an = AlchemyNode(an_header_id, 'Header', package_name, stix_header.description, cluster=an_package_id)
aj.add_json_node(an)
if indicators is not None:
if not is_stix_v2:
an_indicators_id = an_package_id + '--indicators'
else:
an_indicators_id = None
indicators_values = []
for indicator in indicators:
l = set_alchemy_node_indicator(aj, indicator, an_indicators_id, is_stix_v2, an_package_id)
indicators_values.extend(l)
if not is_stix_v2:
an = AlchemyNode(an_indicators_id, 'Indicators', 'Indicators', '', cluster=an_package_id)
an.set_value(get_observable_value_string_from_list(indicators_values))
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_indicators_id, LABEL_EDGE)
aj.add_json_edge(ae)
if observables is not None:
if not is_stix_v2:
an_observables_id = an_package_id + '--observables'
else:
an_observables_id = None
obsevables_values = []
for observed_data in observables:
l = set_alchemy_node_observable(aj, observed_data, an_observables_id, is_stix_v2, an_package_id)
obsevables_values.extend(l)
if not is_stix_v2:
an = AlchemyNode(an_observables_id, 'Observables', 'Observables', '', cluster=an_package_id)
an.set_value(get_observable_value_string_from_list(obsevables_values))
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_observables_id, LABEL_EDGE)
aj.add_json_edge(ae)
if campaigns is not None:
if not is_stix_v2:
an_campaigns_id = an_package_id + '--campaigns'
an = AlchemyNode(an_campaigns_id, 'Campaigns', 'Campaigns', '', cluster=an_package_id)
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_campaigns_id, LABEL_EDGE)
aj.add_json_edge(ae)
else:
an_campaigns_id = None
for campaign in campaigns:
set_alchemy_node_campaign(aj, campaign, an_campaigns_id, is_stix_v2, an_package_id)
if threat_actors is not None:
if not is_stix_v2:
an_tas_id = an_package_id + '--tas'
an = AlchemyNode(an_tas_id, 'Threat_Actors', 'Threat_Actors', '', cluster=an_package_id)
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_tas_id, LABEL_EDGE)
aj.add_json_edge(ae)
else:
an_tas_id = None
for threat_actor in threat_actors:
set_alchemy_node_threat_actor(aj, threat_actor, an_tas_id, is_stix_v2, an_package_id)
if coas is not None:
if not is_stix_v2:
an_coas_id = an_package_id + '--coas'
an = AlchemyNode(an_coas_id, 'Courses_Of_Action', 'Courses_Of_Action', '', cluster=an_package_id)
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_coas_id, LABEL_EDGE)
aj.add_json_edge(ae)
else:
an_coas_id = None
for coa in coas:
set_alchemy_node_coa(aj, coa, an_coas_id, is_stix_v2, an_package_id)
if ttps is not None:
an_ttps_id = an_package_id + '--ttps'
an = AlchemyNode(an_ttps_id, 'TTPs', 'TTPs', '', cluster=an_package_id)
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_ttps_id, LABEL_EDGE)
aj.add_json_edge(ae)
for ttp in ttps:
set_alchemy_node_ttp(aj, ttp, an_ttps_id, an_package_id)
if ets is not None:
an_ets_id = an_package_id + '--ets'
an = AlchemyNode(an_ets_id, 'Exploit_Targets', 'Exploit_Targets', '', cluster=an_package_id)
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_ets_id, LABEL_EDGE)
aj.add_json_edge(ae)
for et in ets:
set_alchemy_node_et(aj, et, an_ets_id, an_package_id)
if incidents is not None:
an_incidents_id = an_package_id + '--incidents'
an = AlchemyNode(an_incidents_id, 'Incidents', 'Incidents', '', cluster=an_package_id)
aj.add_json_node(an)
ae = AlchemyEdge(an_header_id, an_incidents_id, LABEL_EDGE)
aj.add_json_edge(ae)
for incident in incidents:
set_alchemy_node_incident(aj, incident, an_incidents_id, an_package_id)
if identies is not None:
for identity in identies:
set_alchemy_node_identity(aj, identity, an_package_id)
if malwares is not None:
for malware in malwares:
set_alchemy_node_malware(aj, malware, an_package_id)
if sightings is not None:
for sighting in sightings:
set_alchemy_node_sighting(aj, sighting, an_package_id)
if intrusion_sets is not None:
for intrusion_set in intrusion_sets:
set_alchemy_node_intrusion_set(aj, intrusion_set, an_package_id)
if attack_patterns is not None:
for attack_pattern in attack_patterns:
set_alchemy_node_attack_pattern(aj, attack_pattern, an_package_id)
if reports is not None:
for report in reports:
set_alchemy_node_report(aj, report, an_package_id)
if tools is not None:
for tool in tools:
set_alchemy_node_tool(aj, tool, an_package_id)
if vulnerabilities is not None:
for vulnerability in vulnerabilities:
set_alchemy_node_vulnerability(aj, vulnerability, an_package_id)
if locations is not None:
for location in locations:
set_alchemy_node_location(aj, location, an_package_id)
if opinions is not None:
for opinion in opinions:
set_alchemy_node_opinion(aj, opinion, an_package_id)
if notes is not None:
for note in notes:
set_alchemy_node_note(aj, note, an_package_id)
if custom_objects is not None:
for custom_object in custom_objects:
set_alchemy_node_custom_object(aj, custom_object, an_package_id)
'''
if x_stip_snses is not None:
for x_stip_sns in x_stip_snses:
set_alchemy_node_x_stip_sns(aj, x_stip_sns, an_package_id)
'''
if relationships is not None:
for relationship in relationships:
set_alchemy_node_relationship(aj, relationship, an_package_id)
return