Skip to content

Commit

Permalink
add: analyst data event level
Browse files Browse the repository at this point in the history
  • Loading branch information
@righel
righel committed Jan 8, 2025
1 parent 2d11b29 commit fc4e58b
Show file tree
Hide file tree
Showing 5 changed files with 374 additions and 3 deletions.
9 changes: 6 additions & 3 deletions src/mispguard.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -492,13 +492,16 @@ def check_event_level_rules(self, rules: dict, event: dict) -> None:
self.check_event_sharing_groups_rules(rules, event)

if "Note" in event["Event"]:
self.check_analyst_data_rules(rules, event["Event"]["Note"])
for note in event["Event"]["Note"]:
self.check_analyst_data_rules(rules, note)

if "Opinion" in event["Event"]:
self.check_analyst_data_rules(rules, event["Event"]["Opinion"])
for opinion in event["Event"]["Opinion"]:
self.check_analyst_data_rules(rules, opinion)

if "Relationship" in event["Event"]:
self.check_analyst_relationship_rules(rules, event["Event"]["Relationship"])
for relationship in event["Event"]["Relationship"]:
self.check_analyst_relationship_rules(rules, relationship)

def check_attribute_level_rules(self, rules: dict, attributes: dict) -> None:
logger.debug("checking attribute level rules")
Expand Down
98 changes: 98 additions & 0 deletions src/test/fixtures/test_event_note_blocked_distribution.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"Event": {
"id": "1",
"orgc_id": "1",
"org_id": "1",
"date": "2022-08-31",
"threat_level_id": "1",
"info": "non-blocked",
"published": false,
"uuid": "385283a1-b5e0-4e10-a532-dce11c365a56",
"attribute_count": "4",
"analysis": "0",
"timestamp": "1661956788",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1661956380",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"protected": null,
"event_creator_email": "[email protected]",
"Org": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Orgc": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Attribute": [
{
"id": "1",
"type": "ip-src",
"category": "Network activity",
"to_ids": false,
"uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a",
"event_id": "1",
"distribution": "5",
"timestamp": "1661956302",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"first_seen": null,
"last_seen": null,
"value": "8.8.8.8",
"Galaxy": [],
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": [],
"EventReport": [],
"CryptographicKey": [],
"Note": [
{
"id": "1",
"uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d",
"object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8",
"object_type": "Attribute",
"authors": "[email protected]",
"org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"created": "2024-10-04 08:09:39",
"modified": "2024-10-04 08:09:39",
"distribution": "0",
"sharing_group_id": null,
"locked": false,
"note": "Ceci est une note",
"language": "fr-BE",
"note_type": 0,
"note_type_name": "Note",
"Org": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Orgc": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"_canEdit": true
}
]
}
}
98 changes: 98 additions & 0 deletions src/test/fixtures/test_event_opinion_blocked_distribution.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
{
"Event": {
"id": "1",
"orgc_id": "1",
"org_id": "1",
"date": "2022-08-31",
"threat_level_id": "1",
"info": "non-blocked",
"published": false,
"uuid": "385283a1-b5e0-4e10-a532-dce11c365a56",
"attribute_count": "4",
"analysis": "0",
"timestamp": "1661956788",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1661956380",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"protected": null,
"event_creator_email": "[email protected]",
"Org": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Orgc": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Attribute": [
{
"id": "1",
"type": "ip-src",
"category": "Network activity",
"to_ids": false,
"uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a",
"event_id": "1",
"distribution": "5",
"timestamp": "1661956302",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"first_seen": null,
"last_seen": null,
"value": "8.8.8.8",
"Galaxy": [],
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": [],
"EventReport": [],
"CryptographicKey": [],
"Opinion": [
{
"id": "1",
"uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c",
"object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8",
"object_type": "Event",
"authors": "[email protected]",
"org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"created": "2024-10-04 08:09:47",
"modified": "2024-10-04 08:09:47",
"distribution": "0",
"sharing_group_id": null,
"locked": false,
"opinion": "75",
"comment": "This is an opinion",
"note_type": 1,
"note_type_name": "Opinion",
"Org": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Orgc": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"_canEdit": true
}
]
}
}
124 changes: 124 additions & 0 deletions src/test/fixtures/test_event_relationship_blocked_distribution.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
{
"Event": {
"id": "1",
"orgc_id": "1",
"org_id": "1",
"date": "2022-08-31",
"threat_level_id": "1",
"info": "non-blocked",
"published": false,
"uuid": "385283a1-b5e0-4e10-a532-dce11c365a56",
"attribute_count": "4",
"analysis": "0",
"timestamp": "1661956788",
"distribution": "2",
"proposal_email_lock": false,
"locked": false,
"publish_timestamp": "1661956380",
"sharing_group_id": "0",
"disable_correlation": false,
"extends_uuid": "",
"protected": null,
"event_creator_email": "[email protected]",
"Org": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Orgc": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Attribute": [
{
"id": "1",
"type": "ip-src",
"category": "Network activity",
"to_ids": false,
"uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a",
"event_id": "1",
"distribution": "5",
"timestamp": "1661956302",
"comment": "",
"sharing_group_id": "0",
"deleted": false,
"disable_correlation": false,
"object_id": "0",
"object_relation": null,
"first_seen": null,
"last_seen": null,
"value": "8.8.8.8",
"Galaxy": [],
"ShadowAttribute": []
}
],
"ShadowAttribute": [],
"RelatedEvent": [],
"Galaxy": [],
"Object": [],
"EventReport": [],
"CryptographicKey": [],
"Relationship": [
{
"id": "1",
"uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9",
"object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd",
"object_type": "Attribute",
"authors": "[email protected]",
"org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"created": "2024-10-30 11:09:13",
"modified": "2024-10-30 11:09:13",
"distribution": "0",
"sharing_group_id": null,
"locked": false,
"relationship_type": "Acquaintance",
"related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd",
"related_object_type": "Event",
"note_type": 2,
"note_type_name": "Relationship",
"Org": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"Orgc": {
"id": "1",
"name": "HOST",
"uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
"local": true
},
"_canEdit": true,
"related_object": {
"Event": {
"id": "37",
"org_id": "6",
"date": "2022-03-24",
"info": "Test Event",
"user_id": "138",
"uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd",
"published": true,
"analysis": "1",
"attribute_count": "11",
"orgc_id": "2",
"timestamp": "1730278463",
"distribution": "3",
"sharing_group_id": "0",
"proposal_email_lock": false,
"locked": true,
"threat_level_id": "2",
"publish_timestamp": "1730278489",
"sighting_timestamp": "0",
"disable_correlation": false,
"extends_uuid": "",
"protected": null
}
}
}
]
}
}
Loading

0 comments on commit fc4e58b

Please sign in to comment.