Merge branch 'release/v0.12.0a'

CHANGELOG.rst

@@ -1,3 +1,18 @@
+v0.11.2a
+----------
+* IoCs DB: now every time that the user uploads/edits a analysis session
+ (weblog/netflow/ another logs),
+the system will update automatically the verdicts of the rows (IoC).
+First it gets all the IoC of the session,
+compares with its IoC DB and update the rows' verdict. This functionality also works for non-save
+session.
+* every time that the user places a verdict, the domain IoC (for now) of given row is updated.
+A history register is created too.
+
+v0.11.1a
+----------
+* Fixing 2 bugs
+
 v0.11.0a
 ----------
 * general JS refactoring, now it uses JS-ES6

README.md

@@ -11,6 +11,7 @@ This project is partially supported by Cisco Systems.
 For more information about the project please go to [Stratosphere Lab](https://www.stratosphereips.org/projects-manati/) page
 
 ## Stable Versions
+- Mon Sep  3 12:24:26 CEST 2018: Version 0.12.0a
 - Sun Aug 12 16:21:19 CEST 2018: Version 0.11.0a
 - Mon Jan 29 00:07:15 CEST 2018: Version 0.9.0a
 - Fri Nov 10 19:16:52 CEST 2017: Version 0.8.0.537a

manati/__init__.py

@@ -1,5 +1,5 @@
 __title__ = 'ManaTI Project'
-__version__ = '0.11.1a'
+__version__ = '0.12.0a'
 __author__ = 'Raul Carmelo Benitez Netto'
 __copyright__ = 'Copyright 2016-2018 CISCO - CTU - FEL'
 __version_info__ = tuple([int(num) if num.isdigit() else num for num in __version__.replace('-', '.', 1).split('.')])

manati/analysis_sessions/migrations/0033_auto_20180831_1707.py

@@ -0,0 +1,86 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.9.7 on 2018-08-31 15:07
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+import model_utils.fields
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('analysis_sessions', '0032_auto_20170926_1740'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='ioc',
+            name='verdict',
+            field=models.CharField(choices=[(b'malicious', b'Malicious'), (b'legitimate', b'Legitimate'), (b'suspicious', b'Suspicious'), (b'undefined', b'Undefined'), (b'falsepositive', b'False Positive'), (b'malicious_legitimate', b'Malicious/Legitimate'), (b'suspicious_legitimate', b'Suspicious/Legitimate'), (b'undefined_legitimate', b'Undefined/Legitimate'), (b'falsepositive_legitimate', b'False Positive/Legitimate'), (b'undefined_malicious', b'Undefined/Malicious'), (b'suspicious_malicious', b'Suspicious/Malicious'), (b'falsepositive_malicious', b'False Positive/Malicious'), (b'falsepositive_suspicious', b'False Positive/Suspicious'), (b'undefined_suspicious', b'Undefined/Suspicious'), (b'undefined_falsepositive', b'Undefined/False Positive')], default=b'undefined', max_length=50, null=True),
+        ),
+        migrations.AlterField(
+            model_name='analysissession',
+            name='status',
+            field=models.CharField(choices=[('open', 'Open'), ('closed', 'Closed'), ('removed', 'Removed')], default='open', max_length=30),
+        ),
+        migrations.AlterField(
+            model_name='analysissession',
+            name='type_file',
+            field=models.CharField(choices=[('bro_http_log', 'BRO weblogs http.log'), ('cisco_file', 'CISCO weblogs Specific File'), ('apache_http_log', 'Apache logs'), ('binetflow', 'Argus bidirectional netflows'), ('uninetflow', 'Argus unidirectional netflows')], default='cisco_file', max_length=50),
+        ),
+        migrations.CreateModel(
+            name='IOCHistory',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_at', model_utils.fields.AutoCreatedField(default=django.utils.timezone.now, editable=False,
+                                                                   verbose_name='created_at')),
+                ('updated_at',
+                 model_utils.fields.AutoLastModifiedField(default=django.utils.timezone.now, editable=False,
+                                                          verbose_name='updated_at')),
+                ('version', models.IntegerField(default=0, editable=False)),
+                ('verdict', models.CharField(choices=[(b'malicious', b'Malicious'), (b'legitimate', b'Legitimate'),
+                                                      (b'suspicious', b'Suspicious'), (b'undefined', b'Undefined'),
+                                                      (b'falsepositive', b'False Positive'),
+                                                      (b'malicious_legitimate', b'Malicious/Legitimate'),
+                                                      (b'suspicious_legitimate', b'Suspicious/Legitimate'),
+                                                      (b'undefined_legitimate', b'Undefined/Legitimate'),
+                                                      (b'falsepositive_legitimate', b'False Positive/Legitimate'),
+                                                      (b'undefined_malicious', b'Undefined/Malicious'),
+                                                      (b'suspicious_malicious', b'Suspicious/Malicious'),
+                                                      (b'falsepositive_malicious', b'False Positive/Malicious'),
+                                                      (b'falsepositive_suspicious', b'False Positive/Suspicious'),
+                                                      (b'undefined_suspicious', b'Undefined/Suspicious'),
+                                                      (b'undefined_falsepositive', b'Undefined/False Positive')],
+                                             default=b'undefined', max_length=50)),
+                ('old_verdict', models.CharField(choices=[(b'malicious', b'Malicious'), (b'legitimate', b'Legitimate'),
+                                                          (b'suspicious', b'Suspicious'), (b'undefined', b'Undefined'),
+                                                          (b'falsepositive', b'False Positive'),
+                                                          (b'malicious_legitimate', b'Malicious/Legitimate'),
+                                                          (b'suspicious_legitimate', b'Suspicious/Legitimate'),
+                                                          (b'undefined_legitimate', b'Undefined/Legitimate'),
+                                                          (b'falsepositive_legitimate', b'False Positive/Legitimate'),
+                                                          (b'undefined_malicious', b'Undefined/Malicious'),
+                                                          (b'suspicious_malicious', b'Suspicious/Malicious'),
+                                                          (b'falsepositive_malicious', b'False Positive/Malicious'),
+                                                          (b'falsepositive_suspicious', b'False Positive/Suspicious'),
+                                                          (b'undefined_suspicious', b'Undefined/Suspicious'),
+                                                          (b'undefined_falsepositive', b'Undefined/False Positive')],
+                                                 default=b'undefined', max_length=50)),
+                ('description', models.CharField(default='', max_length=255, null=True)),
+                ('object_id', models.CharField(max_length=20)),
+                ('content_type',
+                 models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='contenttypes.ContentType')),
+                ('ioc', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='histories',
+                                          to='analysis_sessions.IOC')),
+            ],
+            options={
+                'db_table': 'manati_ioc_history',
+            },
+        ),
+        migrations.AlterUniqueTogether(
+            name='iochistory',
+            unique_together=set([('version', 'ioc')]),
+        ),
+    ]

manati/analysis_sessions/models/__init__.py

@@ -0,0 +1,12 @@
+# Copyright (C) 2016-2018 Stratosphere Lab
+# This file is part of ManaTI Project - https://stratosphereips.org
+# See the file 'docs/LICENSE' for copying permission.
+# Created by Raul B. Netto <raulbeni@gmail.com> on 8/25/18.
+from .models import get_anonymous_user_instance, MESSAGE_TAGS
+from .base import TimeStampedModel
+from .app_parameter import AppParameter
+from .comment import Comment
+from .consult import VTConsult, WhoisConsult
+from .metric import Metric
+from .models import User, IOC, Weblog, WeblogHistory, ModuleAuxWeblog, AnalysisSession, AnalysisSessionUsers
+from .models import RegisterStatus

manati/analysis_sessions/models/app_parameter.py

@@ -0,0 +1,16 @@
+# Copyright (C) 2016-2018 Stratosphere Lab
+# This file is part of ManaTI Project - https://stratosphereips.org
+# See the file 'docs/LICENSE' for copying permission.
+# Created by Raul B. Netto <raulbeni@gmail.com> on 8/26/18.
+from django.db import models
+from .base import TimeStampedModel
+from model_utils import Choices
+
+
+class AppParameter(TimeStampedModel):
+    KEY_OPTIONS = Choices(('virus_total_key_api', 'Virus Total Key API'))
+    key = models.CharField(choices=KEY_OPTIONS, default='', max_length=20, null=False)
+    value = models.CharField(null=False, default='', max_length=255)
+
+    class Meta:
+        db_table = 'manati_app_parameters'

manati/analysis_sessions/models/base.py

@@ -0,0 +1,20 @@
+# Copyright (C) 2016-2018 Stratosphere Lab
+# This file is part of ManaTI Project - https://stratosphereips.org
+# See the file 'docs/LICENSE' for copying permission.
+# Created by Raul B. Netto <raulbeni@gmail.com> on 8/25/18.
+from django.db import models
+from model_utils.fields import AutoCreatedField, AutoLastModifiedField
+from django.utils.translation import ugettext_lazy as _
+
+
+class TimeStampedModel(models.Model):
+    """
+    An abstract base class model that provides self-updating
+    ``created`` and ``modified`` fields.
+
+    """
+    created_at = AutoCreatedField(_('created_at'))
+    updated_at = AutoLastModifiedField(_('updated_at'))
+
+    class Meta:
+        abstract = True

manati/analysis_sessions/models/comment.py

@@ -0,0 +1,21 @@
+# Copyright (C) 2016-2018 Stratosphere Lab
+# This file is part of ManaTI Project - https://stratosphereips.org
+# See the file 'docs/LICENSE' for copying permission.
+# Created by Raul B. Netto <raulbeni@gmail.com> on 8/26/18.
+
+from django.db import models
+from .base import TimeStampedModel
+from django.contrib.contenttypes.models import ContentType
+from django.contrib.contenttypes.fields import GenericForeignKey
+from django.contrib.auth.models import User
+
+
+class Comment(TimeStampedModel):
+    user = models.ForeignKey(User, on_delete=models.CASCADE, default=1)
+    content_type = models.ForeignKey(ContentType, on_delete=models.CASCADE) # Weblog or AnalysisSession
+    object_id = models.CharField(max_length=20)
+    content_object = GenericForeignKey('content_type', 'object_id')
+    text = models.CharField(max_length=255)
+
+    class Meta:
+        db_table = 'manati_comments'