add: analyst data event level

righel · righel · commit fc4e58b7f72e · 2025-01-08T14:32:49.000+01:00
diff --git a/src/mispguard.py b/src/mispguard.py
@@ -492,13 +492,16 @@ def check_event_level_rules(self, rules: dict, event: dict) -> None:
         self.check_event_sharing_groups_rules(rules, event)
 
         if "Note" in event["Event"]:
-            self.check_analyst_data_rules(rules, event["Event"]["Note"])
+            for note in event["Event"]["Note"]:
+                self.check_analyst_data_rules(rules, note)
 
         if "Opinion" in event["Event"]:
-            self.check_analyst_data_rules(rules, event["Event"]["Opinion"])
+            for opinion in event["Event"]["Opinion"]:
+                self.check_analyst_data_rules(rules, opinion)
 
         if "Relationship" in event["Event"]:
-            self.check_analyst_relationship_rules(rules, event["Event"]["Relationship"])
+            for relationship in event["Event"]["Relationship"]:
+                self.check_analyst_relationship_rules(rules, relationship)
 
     def check_attribute_level_rules(self, rules: dict, attributes: dict) -> None:
         logger.debug("checking attribute level rules")
diff --git a/src/test/fixtures/test_event_note_blocked_distribution.json b/src/test/fixtures/test_event_note_blocked_distribution.json
@@ -0,0 +1,98 @@
+{
+    "Event": {
+        "id": "1",
+        "orgc_id": "1",
+        "org_id": "1",
+        "date": "2022-08-31",
+        "threat_level_id": "1",
+        "info": "non-blocked",
+        "published": false,
+        "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56",
+        "attribute_count": "4",
+        "analysis": "0",
+        "timestamp": "1661956788",
+        "distribution": "2",
+        "proposal_email_lock": false,
+        "locked": false,
+        "publish_timestamp": "1661956380",
+        "sharing_group_id": "0",
+        "disable_correlation": false,
+        "extends_uuid": "",
+        "protected": null,
+        "event_creator_email": "admin@admin.test",
+        "Org": {
+            "id": "1",
+            "name": "HOST",
+            "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+            "local": true
+        },
+        "Orgc": {
+            "id": "1",
+            "name": "HOST",
+            "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+            "local": true
+        },
+        "Attribute": [
+            {
+                "id": "1",
+                "type": "ip-src",
+                "category": "Network activity",
+                "to_ids": false,
+                "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a",
+                "event_id": "1",
+                "distribution": "5",
+                "timestamp": "1661956302",
+                "comment": "",
+                "sharing_group_id": "0",
+                "deleted": false,
+                "disable_correlation": false,
+                "object_id": "0",
+                "object_relation": null,
+                "first_seen": null,
+                "last_seen": null,
+                "value": "8.8.8.8",
+                "Galaxy": [],
+                "ShadowAttribute": []
+            }
+        ],
+        "ShadowAttribute": [],
+        "RelatedEvent": [],
+        "Galaxy": [],
+        "Object": [],
+        "EventReport": [],
+        "CryptographicKey": [],
+        "Note": [
+            {
+                "id": "1",
+                "uuid": "9c0e3e20-b1ea-4473-81d2-845c4399c36d",
+                "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8",
+                "object_type": "Attribute",
+                "authors": "john.doe@admin.test",
+                "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                "created": "2024-10-04 08:09:39",
+                "modified": "2024-10-04 08:09:39",
+                "distribution": "0",
+                "sharing_group_id": null,
+                "locked": false,
+                "note": "Ceci est une note",
+                "language": "fr-BE",
+                "note_type": 0,
+                "note_type_name": "Note",
+                "Org": {
+                    "id": "1",
+                    "name": "HOST",
+                    "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                    "local": true
+                },
+                "Orgc": {
+                    "id": "1",
+                    "name": "HOST",
+                    "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                    "local": true
+                },
+                "_canEdit": true
+            }
+        ]
+    }
+}
diff --git a/src/test/fixtures/test_event_opinion_blocked_distribution.json b/src/test/fixtures/test_event_opinion_blocked_distribution.json
@@ -0,0 +1,98 @@
+{
+    "Event": {
+        "id": "1",
+        "orgc_id": "1",
+        "org_id": "1",
+        "date": "2022-08-31",
+        "threat_level_id": "1",
+        "info": "non-blocked",
+        "published": false,
+        "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56",
+        "attribute_count": "4",
+        "analysis": "0",
+        "timestamp": "1661956788",
+        "distribution": "2",
+        "proposal_email_lock": false,
+        "locked": false,
+        "publish_timestamp": "1661956380",
+        "sharing_group_id": "0",
+        "disable_correlation": false,
+        "extends_uuid": "",
+        "protected": null,
+        "event_creator_email": "admin@admin.test",
+        "Org": {
+            "id": "1",
+            "name": "HOST",
+            "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+            "local": true
+        },
+        "Orgc": {
+            "id": "1",
+            "name": "HOST",
+            "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+            "local": true
+        },
+        "Attribute": [
+            {
+                "id": "1",
+                "type": "ip-src",
+                "category": "Network activity",
+                "to_ids": false,
+                "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a",
+                "event_id": "1",
+                "distribution": "5",
+                "timestamp": "1661956302",
+                "comment": "",
+                "sharing_group_id": "0",
+                "deleted": false,
+                "disable_correlation": false,
+                "object_id": "0",
+                "object_relation": null,
+                "first_seen": null,
+                "last_seen": null,
+                "value": "8.8.8.8",
+                "Galaxy": [],
+                "ShadowAttribute": []
+            }
+        ],
+        "ShadowAttribute": [],
+        "RelatedEvent": [],
+        "Galaxy": [],
+        "Object": [],
+        "EventReport": [],
+        "CryptographicKey": [],
+        "Opinion": [
+            {
+                "id": "1",
+                "uuid": "f43b2e9c-93c3-4d1e-a99a-e0996ced962c",
+                "object_uuid": "b3eedfc4-8ffa-41a2-875b-6c3d0e4602b8",
+                "object_type": "Event",
+                "authors": "john.doe@admin.test",
+                "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                "created": "2024-10-04 08:09:47",
+                "modified": "2024-10-04 08:09:47",
+                "distribution": "0",
+                "sharing_group_id": null,
+                "locked": false,
+                "opinion": "75",
+                "comment": "This is an opinion",
+                "note_type": 1,
+                "note_type_name": "Opinion",
+                "Org": {
+                    "id": "1",
+                    "name": "HOST",
+                    "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                    "local": true
+                },
+                "Orgc": {
+                    "id": "1",
+                    "name": "HOST",
+                    "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                    "local": true
+                },
+                "_canEdit": true
+            }
+        ]
+    }
+}
diff --git a/src/test/fixtures/test_event_relationship_blocked_distribution.json b/src/test/fixtures/test_event_relationship_blocked_distribution.json
@@ -0,0 +1,124 @@
+{
+    "Event": {
+        "id": "1",
+        "orgc_id": "1",
+        "org_id": "1",
+        "date": "2022-08-31",
+        "threat_level_id": "1",
+        "info": "non-blocked",
+        "published": false,
+        "uuid": "385283a1-b5e0-4e10-a532-dce11c365a56",
+        "attribute_count": "4",
+        "analysis": "0",
+        "timestamp": "1661956788",
+        "distribution": "2",
+        "proposal_email_lock": false,
+        "locked": false,
+        "publish_timestamp": "1661956380",
+        "sharing_group_id": "0",
+        "disable_correlation": false,
+        "extends_uuid": "",
+        "protected": null,
+        "event_creator_email": "admin@admin.test",
+        "Org": {
+            "id": "1",
+            "name": "HOST",
+            "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+            "local": true
+        },
+        "Orgc": {
+            "id": "1",
+            "name": "HOST",
+            "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+            "local": true
+        },
+        "Attribute": [
+            {
+                "id": "1",
+                "type": "ip-src",
+                "category": "Network activity",
+                "to_ids": false,
+                "uuid": "e37a6c99-c7dc-4e41-8c79-25e35c39df0a",
+                "event_id": "1",
+                "distribution": "5",
+                "timestamp": "1661956302",
+                "comment": "",
+                "sharing_group_id": "0",
+                "deleted": false,
+                "disable_correlation": false,
+                "object_id": "0",
+                "object_relation": null,
+                "first_seen": null,
+                "last_seen": null,
+                "value": "8.8.8.8",
+                "Galaxy": [],
+                "ShadowAttribute": []
+            }
+        ],
+        "ShadowAttribute": [],
+        "RelatedEvent": [],
+        "Galaxy": [],
+        "Object": [],
+        "EventReport": [],
+        "CryptographicKey": [],
+        "Relationship": [
+            {
+                "id": "1",
+                "uuid": "41146bcb-2869-4cf0-8abb-015e8d1350c9",
+                "object_uuid": "a81a9424-a62d-4a3d-b402-917d48b124bd",
+                "object_type": "Attribute",
+                "authors": "admin@admin.test",
+                "org_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                "orgc_uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                "created": "2024-10-30 11:09:13",
+                "modified": "2024-10-30 11:09:13",
+                "distribution": "0",
+                "sharing_group_id": null,
+                "locked": false,
+                "relationship_type": "Acquaintance",
+                "related_object_uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd",
+                "related_object_type": "Event",
+                "note_type": 2,
+                "note_type_name": "Relationship",
+                "Org": {
+                    "id": "1",
+                    "name": "HOST",
+                    "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                    "local": true
+                },
+                "Orgc": {
+                    "id": "1",
+                    "name": "HOST",
+                    "uuid": "10c8f445-888b-4a2d-bac8-4e1e8861d595",
+                    "local": true
+                },
+                "_canEdit": true,
+                "related_object": {
+                    "Event": {
+                        "id": "37",
+                        "org_id": "6",
+                        "date": "2022-03-24",
+                        "info": "Test Event",
+                        "user_id": "138",
+                        "uuid": "bba62eca-8f51-45c9-ad90-5abaca45d6cd",
+                        "published": true,
+                        "analysis": "1",
+                        "attribute_count": "11",
+                        "orgc_id": "2",
+                        "timestamp": "1730278463",
+                        "distribution": "3",
+                        "sharing_group_id": "0",
+                        "proposal_email_lock": false,
+                        "locked": true,
+                        "threat_level_id": "2",
+                        "publish_timestamp": "1730278489",
+                        "sighting_timestamp": "0",
+                        "disable_correlation": false,
+                        "extends_uuid": "",
+                        "protected": null
+                    }
+                }
+            }
+        ]
+    }
+}
diff --git a/src/test/test_push_scenarios.json b/src/test/test_push_scenarios.json
