#522 Fix Misp synchronisation

TheHive-Project · May 3, 2018 · a8c52eb · a8c52eb
1 parent f9b8673
commit a8c52eb
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 18 deletions.
diff --git a/thehive-backend/app/models/Alert.scala b/thehive-backend/app/models/Alert.scala
@@ -27,23 +27,23 @@ trait AlertAttributes {
   _: AttributeDef ⇒
   val artifactAttributes: Seq[Attribute[_]] = {
     val remoteAttachmentAttributes = Seq(
-      Attribute("alert", "reference", F.stringFmt, Seq(O.readonly), None, ""),
-      Attribute("alert", "filename", OptionalAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "contentType", OptionalAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "size", OptionalAttributeFormat(F.numberFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "hash", MultiAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "type", OptionalAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""))
+      Attribute("alert", "reference", F.stringFmt, Nil, None, ""),
+      Attribute("alert", "filename", OptionalAttributeFormat(F.stringFmt), Nil, None, ""),
+      Attribute("alert", "contentType", OptionalAttributeFormat(F.stringFmt), Nil, None, ""),
+      Attribute("alert", "size", OptionalAttributeFormat(F.numberFmt), Nil, None, ""),
+      Attribute("alert", "hash", MultiAttributeFormat(F.stringFmt), Nil, None, ""),
+      Attribute("alert", "type", OptionalAttributeFormat(F.stringFmt), Nil, None, ""))
 
     Seq(
-      Attribute("alert", "data", OptionalAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "dataType", F.stringFmt, Seq(O.readonly), None, ""),
-      Attribute("alert", "message", OptionalAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "startDate", OptionalAttributeFormat(F.dateFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "attachment", OptionalAttributeFormat(F.attachmentFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "remoteAttachment", OptionalAttributeFormat(F.objectFmt(remoteAttachmentAttributes)), Seq(O.readonly), None, ""),
-      Attribute("alert", "tlp", OptionalAttributeFormat(TlpAttributeFormat), Seq(O.readonly), None, ""),
-      Attribute("alert", "tags", MultiAttributeFormat(F.stringFmt), Seq(O.readonly), None, ""),
-      Attribute("alert", "ioc", OptionalAttributeFormat(F.booleanFmt), Seq(O.readonly), None, ""))
+      Attribute("alert", "data", OptionalAttributeFormat(F.stringFmt), Nil, None, ""),
+      Attribute("alert", "dataType", F.stringFmt, Nil, None, ""),
+      Attribute("alert", "message", OptionalAttributeFormat(F.stringFmt), Nil, None, ""),
+      Attribute("alert", "startDate", OptionalAttributeFormat(F.dateFmt), Nil, None, ""),
+      Attribute("alert", "attachment", OptionalAttributeFormat(F.attachmentFmt), Nil, None, ""),
+      Attribute("alert", "remoteAttachment", OptionalAttributeFormat(F.objectFmt(remoteAttachmentAttributes)), Nil, None, ""),
+      Attribute("alert", "tlp", OptionalAttributeFormat(TlpAttributeFormat), Nil, None, ""),
+      Attribute("alert", "tags", MultiAttributeFormat(F.stringFmt), Nil, None, ""),
+      Attribute("alert", "ioc", OptionalAttributeFormat(F.booleanFmt), Nil, None, ""))
   }
 
   val alertId: A[String] = attribute("_id", F.stringFmt, "Alert id", O.readonly)

diff --git a/thehive-misp/app/connectors/misp/MispSynchro.scala b/thehive-misp/app/connectors/misp/MispSynchro.scala
@@ -1,8 +1,8 @@
 package connectors.misp
 
 import java.util.Date
-import javax.inject.{ Inject, Provider, Singleton }
 
+import javax.inject.{ Inject, Provider, Singleton }
 import scala.collection.immutable
 import scala.concurrent.{ ExecutionContext, Future }
 import scala.concurrent.duration._
@@ -23,6 +23,7 @@ import JsonFormat.mispAlertWrites
 
 import org.elastic4play.controllers.Fields
 import org.elastic4play.services.{ Attachment, AuthContext, MigrationSrv, TempSrv }
+import org.elastic4play.utils.Collection
 
 @Singleton
 class MispSynchro @Inject() (
@@ -171,14 +172,19 @@ class MispSynchro @Inject() (
             case _ ⇒ Future.successful(false)
           }
             .flatMap { updateStatus ⇒
-              val artifacts = JsArray(alert.artifacts() ++ attrs.map(Json.toJson(_)))
+              val artifacts = Collection.distinctBy(alert.artifacts() ++ attrs.map(Json.toJson(_))) { a ⇒
+                (a \ "data").getOrElse(JsNull).toString +
+                  (a \ "dataType").getOrElse(JsNull).toString +
+                  (a \ "attachment").getOrElse(JsNull).toString +
+                  (a \ "remoteAttachment").getOrElse(JsNull).toString
+              }
               val alertJson = Json.toJson(event).as[JsObject] -
                 "type" -
                 "source" -
                 "sourceRef" -
                 "caseTemplate" -
                 "date" +
-                ("artifacts" → artifacts) +
+                ("artifacts" → JsArray(artifacts)) +
                 ("status" → (if (!updateStatus) Json.toJson(alert.status())
                 else alert.status() match {
                   case AlertStatus.New ⇒ Json.toJson(AlertStatus.New)